From a8c50417be2f3bc756d12e3e8c8b9dd3efce0ab9 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 25 Sep 2024 22:07:08 +1000 Subject: [PATCH] Dilithium: Final and draft available in one build Make draft version of ML-DSA compiled in with final. Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for the level to get the draft implementation. --- tests/api.c | 91 +++++++++++----- wolfcrypt/src/dilithium.c | 190 ++++++++++++++++++++-------------- wolfcrypt/test/test.c | 94 ++++++++++++----- wolfssl/wolfcrypt/dilithium.h | 4 + 4 files changed, 251 insertions(+), 128 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0e8ae3a811..b6bfaf72a0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32875,7 +32875,6 @@ static int test_wc_dilithium_sign_vfy(void) { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) dilithium_key* key; @@ -34089,7 +34088,6 @@ static int test_wc_dilithium_make_key_from_seed(void) #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) dilithium_key* key; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 static const byte seed_44[] = { 0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99, @@ -36294,15 +36292,15 @@ static int test_wc_dilithium_make_key_from_seed(void) 0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7 }; #endif /* WOLFSSL_NO_ML_DSA_87 */ -#else +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 - static const byte seed_44[] = { + static const byte seed_44_draft[] = { 0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47, 0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35, 0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24, 0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69 }; - static const byte pk_44[] = { + static const byte pk_44_draft[] = { 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, @@ -36468,7 +36466,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04, 0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17 }; - static const byte sk_44[] = { + static const byte sk_44_draft[] = { 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, @@ -36792,13 +36790,13 @@ static int test_wc_dilithium_make_key_from_seed(void) }; #endif /* !WOLFSSL_NO_ML_DSA_44 */ #ifndef WOLFSSL_NO_ML_DSA_65 - static const byte seed_65[] = { + static const byte seed_65_draft[] = { 0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F, 0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7, 0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE, 0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B }; - static const byte pk_65[] = { + static const byte pk_65_draft[] = { 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, @@ -37044,7 +37042,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34, 0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18 }; - static const byte sk_65[] = { + static const byte sk_65_draft[] = { 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, @@ -37552,13 +37550,13 @@ static int test_wc_dilithium_make_key_from_seed(void) }; #endif /* WOLFSSL_NO_ML_DSA_65 */ #ifndef WOLFSSL_NO_ML_DSA_87 - static const byte seed_87[] = { + static const byte seed_87_draft[] = { 0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C, 0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B, 0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F, 0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8 }; - static const byte pk_87[] = { + static const byte pk_87_draft[] = { 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, @@ -37884,7 +37882,7 @@ static int test_wc_dilithium_make_key_from_seed(void) 0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E, 0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39 }; - static const byte sk_87[] = { + static const byte sk_87_draft[] = { 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, @@ -38514,18 +38512,36 @@ static int test_wc_dilithium_make_key_from_seed(void) ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0); ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_65 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0); ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_87 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0); ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0); ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0); +#endif #endif wc_dilithium_free(key); @@ -38538,8 +38554,7 @@ static int test_wc_dilithium_sig_kats(void) { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + !defined(WOLFSSL_DILITHIUM_NO_SIGN) dilithium_key* key; #ifndef WOLFSSL_NO_ML_DSA_44 static const byte sk_44[] = { @@ -43356,7 +43371,6 @@ static int test_wc_dilithium_verify_kats(void) !defined(WOLFSSL_DILITHIUM_NO_VERIFY) dilithium_key* key; int res; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 static const byte pk_44[] = { 0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37, @@ -45457,9 +45471,9 @@ static int test_wc_dilithium_verify_kats(void) 0x29, 0x2E, 0x36 }; #endif -#else +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT #ifndef WOLFSSL_NO_ML_DSA_44 - static const byte pk_44[] = { + static const byte pk_44_draft[] = { 0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96, 0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9, 0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C, @@ -45625,7 +45639,7 @@ static int test_wc_dilithium_verify_kats(void) 0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9, 0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4 }; - static const byte msg_44[] = { + static const byte msg_44_draft[] = { 0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B, 0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA, 0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A, @@ -45643,7 +45657,7 @@ static int test_wc_dilithium_verify_kats(void) 0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D, 0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D }; - static const byte sig_44[] = { + static const byte sig_44_draft[] = { 0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1, 0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17, 0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5, @@ -45950,7 +45964,7 @@ static int test_wc_dilithium_verify_kats(void) }; #endif #ifndef WOLFSSL_NO_ML_DSA_65 - static const byte pk_65[] = { + static const byte pk_65_draft[] = { 0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52, 0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83, 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, @@ -46196,7 +46210,7 @@ static int test_wc_dilithium_verify_kats(void) 0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34, 0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6 }; - static const byte msg_65[] = { + static const byte msg_65_draft[] = { 0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F, 0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37, 0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44, @@ -46226,7 +46240,7 @@ static int test_wc_dilithium_verify_kats(void) 0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2, 0x8E, 0x99, 0xBB }; - static const byte sig_65[] = { + static const byte sig_65_draft[] = { 0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30, 0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96, 0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90, @@ -46644,7 +46658,7 @@ static int test_wc_dilithium_verify_kats(void) }; #endif #ifndef WOLFSSL_NO_ML_DSA_87 - static const byte pk_87[] = { + static const byte pk_87_draft[] = { 0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1, 0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D, 0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21, @@ -46970,12 +46984,12 @@ static int test_wc_dilithium_verify_kats(void) 0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12, 0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12 }; - static const byte msg_87[] = { + static const byte msg_87_draft[] = { 0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77, 0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89, 0xC4, 0xC3, 0xED, 0x36 }; - static const byte sig_87[] = { + static const byte sig_87_draft[] = { 0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA, 0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06, 0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB, @@ -47574,6 +47588,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44, (word32)sizeof(msg_44), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44_draft, + (word32)sizeof(pk_44_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft, + (word32)sizeof(sig_44_draft), msg_44_draft, + (word32)sizeof(msg_44_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_65 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); @@ -47582,6 +47605,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65, (word32)sizeof(msg_65), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65_draft, + (word32)sizeof(pk_65_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft, + (word32)sizeof(sig_65_draft), msg_65_draft, + (word32)sizeof(msg_65_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif #ifndef WOLFSSL_NO_ML_DSA_87 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); @@ -47590,6 +47622,15 @@ static int test_wc_dilithium_verify_kats(void) ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87, (word32)sizeof(msg_87), &res, key), 0); ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87_draft, + (word32)sizeof(pk_87_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft, + (word32)sizeof(sig_87_draft), msg_87_draft, + (word32)sizeof(msg_87_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif #endif wc_dilithium_free(key); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index da465efcc3..7fda1d47f8 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -292,6 +292,44 @@ static const wc_dilithium_params dilithium_params[] = { PARAMS_ML_DSA_87_Z_ENC_SIZE, PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, #endif +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +#ifndef WOLFSSL_NO_ML_DSA_44 + { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L, + PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS, + PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA, + PARAMS_ML_DSA_44_LAMBDA, + PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2, + PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE, + PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE, + PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE, + PARAMS_ML_DSA_44_Z_ENC_SIZE, + PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L, + PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS, + PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA, + PARAMS_ML_DSA_65_LAMBDA, + PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2, + PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE, + PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE, + PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE, + PARAMS_ML_DSA_65_Z_ENC_SIZE, + PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L, + PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS, + PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA, + PARAMS_ML_DSA_87_LAMBDA, + PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2, + PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE, + PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE, + PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE, + PARAMS_ML_DSA_87_Z_ENC_SIZE, + PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, +#endif +#endif }; /* Number of ML-DSA parameter sets compiled in. */ #define DILITHIUM_PARAMS_CNT \ @@ -354,9 +392,8 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data, return ret; } -#if !defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) || \ - (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ - !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) /* 256-bit hash using SHAKE-256. * * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) @@ -396,7 +433,6 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1, } #endif -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) /* 256-bit hash of context and message using SHAKE-256. * @@ -586,7 +622,6 @@ static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen) return ret; } #endif -#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ #ifndef WOLFSSL_DILITHIUM_SMALL /* 128-bit hash using SHAKE-128. @@ -2772,8 +2807,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, * @return 0 on success. * @return Negative on hash error. */ -static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, - word32 seedLen, byte tau, sword32* c, byte* block) +static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block) { int ret = 0; unsigned int k; @@ -2786,14 +2821,18 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, XMEMSET(c, 0, DILITHIUM_POLY_SIZE); /* Generate a block of data from seed. */ -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - ret = dilithium_shake256(shake256, seed, seedLen, block, - DILITHIUM_GEN_C_BLOCK_BYTES); -#else - (void)seedLen; - ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, - DILITHIUM_GEN_C_BLOCK_BYTES); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (level >= WC_ML_DSA_DRAFT) { + ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } + else #endif + { + (void)level; + ret = dilithium_shake256(shake256, seed, seedLen, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } } if (ret == 0) { /* Copy first 8 bytes of first hash block as random sign bits. */ @@ -2850,8 +2889,8 @@ static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, - word32 seedLen, byte tau, sword32* c, void* heap) +static int dilithium_sample_in_ball(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap) { int ret = 0; #if defined(WOLFSSL_SMALL_STACK) @@ -2871,8 +2910,8 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, #endif if (ret == 0) { - ret = dilithium_sample_in_ball_ex(shake256, seed, seedLen, tau, c, - block); + ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau, + c, block); } #if defined(WOLFSSL_SMALL_STACK) @@ -5478,9 +5517,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) sword32* s2 = NULL; sword32* t = NULL; byte* pub_seed = key->k; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT byte kl[2]; -#endif /* Allocate memory for large intermediates. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A @@ -5541,19 +5578,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif if (ret == 0) { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - kl[0] = params->k; - kl[1] = params->l; - /* Step 1: Create public seed, private seed and K from seed. - * Step 9; Alg 24, Step 1: Public seed is placed into private key. */ - ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, - pub_seed, DILITHIUM_SEEDS_SZ); -#else - /* Step 2: Create public seed, private seed and K from seed. - * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ - ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, - DILITHIUM_SEEDS_SZ); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else #endif + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } } if (ret == 0) { /* Step 7; Alg 22 Step 1: Copy public seed into public key. */ @@ -5637,9 +5680,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) byte* pub_seed = key->k; unsigned int r; unsigned int s; -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT byte kl[2]; -#endif /* Allocate memory for large intermediates. */ if (ret == 0) { @@ -5668,18 +5709,25 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) } if (ret == 0) { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - kl[0] = params->k; - kl[1] = params->l; - /* Step 1: Create public seed, private seed and K from seed. - * Step 9; Alg 24, Step 1: Public seed is placed into private key. */ - ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, - pub_seed, DILITHIUM_SEEDS_SZ); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else #else - /* Step 2: Create public seed, private seed and K from seed. - * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ - ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, - DILITHIUM_SEEDS_SZ); + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } #endif } if (ret == 0) { @@ -6150,8 +6198,8 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, - params->lambda / 4, params->tau, c, key->heap); + ret = dilithium_sample_in_ball(params->level, &key->shake, + commit, params->lambda / 4, params->tau, c, key->heap); } if (ret == 0) { sword32 hi; @@ -6561,8 +6609,9 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball_ex(&key->shake, commit, - params->lambda / 4, params->tau, c, blocks); + ret = dilithium_sample_in_ball_ex(params->level, + &key->shake, commit, params->lambda / 4, params->tau, c, + blocks); } if (ret == 0) { /* Step 18: NTT(c). */ @@ -6739,7 +6788,6 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, #endif } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a message with the key and a seed. * * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) @@ -6790,7 +6838,6 @@ static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key, return ret; } -#endif /* Sign a message with the key and a seed. * @@ -6840,7 +6887,6 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a message with the key and a random number generator. * * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) @@ -6904,7 +6950,6 @@ static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng, return ret; } -#endif /* Sign a message with the key and a random number generator. * @@ -6967,7 +7012,6 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign a pre-hashed message with the key and a seed. * * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH) @@ -7088,7 +7132,6 @@ static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng, return ret; } -#endif #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ @@ -7268,8 +7311,8 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, } if ((ret == 0) && valid) { /* Step 9: Compute c from commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, params->lambda / 4, - params->tau, c, key->heap); + ret = dilithium_sample_in_ball(params->level, &key->shake, commit, + params->lambda / 4, params->tau, c, key->heap); } if ((ret == 0) && valid) { /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ @@ -7386,10 +7429,10 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, /* Step 9: Compute c from first 256 bits of commit. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_sample_in_ball_ex(&key->shake, commit, + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, params->lambda / 4, params->tau, c, key->block); #else - ret = dilithium_sample_in_ball_ex(&key->shake, commit, + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, params->lambda / 4, params->tau, c, block); #endif } @@ -7553,7 +7596,6 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, #endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify signature of message using public key. * * @param [in, out] key Dilithium key. @@ -7599,7 +7641,6 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx, return ret; } -#endif /* Verify signature of message using public key. * @@ -7644,7 +7685,6 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify signature of message using public key. * * @param [in, out] key Dilithium key. @@ -7699,7 +7739,6 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, return ret; } -#endif #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ #elif defined(HAVE_LIBOQS) @@ -7945,7 +7984,6 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif #ifndef WOLFSSL_DILITHIUM_NO_SIGN -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message using the dilithium private key. * * ctx [in] Context of signature. @@ -8002,7 +8040,6 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, return ret; } -#endif /* Sign the message using the dilithium private key. * @@ -8054,7 +8091,6 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message hash using the dilithium private key. * * ctx [in] Context of signature. @@ -8145,7 +8181,6 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, return ret; } -#endif /* Sign the message using the dilithium private key. * @@ -8183,7 +8218,6 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Sign the message using the dilithium private key. * * ctx [in] Context of signature. @@ -8230,11 +8264,9 @@ int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen, return ret; } -#endif #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -8278,7 +8310,6 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, return ret; } -#endif /* Verify the message using the dilithium public key. * @@ -8330,7 +8361,6 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, return ret; } -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -8377,7 +8407,6 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, return ret; } -#endif #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ /* Initialize the dilithium private/public key. @@ -8498,8 +8527,17 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) if (key == NULL) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) && - (level != WC_ML_DSA_87)) { + if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) || + (level == WC_ML_DSA_87))) { + /* Nothing to do. */ + } +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) || + (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) { + /* Nothing to do. */ + } +#endif + else { ret = BAD_FUNC_ARG; } @@ -8532,7 +8570,7 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) #endif /* WOLFSSL_WC_DILITHIUM */ /* Store level and indicate public and private key are not set. */ - key->level = level; + key->level = level % WC_ML_DSA_DRAFT; key->pubKeySet = 0; key->prvKeySet = 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ca8094ea13..9c9208a2a7 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -42108,13 +42108,17 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT - ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, - (word32)sizeof(msg), &res, key); -#else - ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, - key); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (param >= WC_ML_DSA_DRAFT) { + ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), + &res, key); + } + else #endif + { + ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, + (word32)sizeof(msg), &res, key); + } if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (res != 1) @@ -42129,7 +42133,6 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, static wc_test_ret_t dilithium_param_44_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04, 0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f, 0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc, @@ -42240,7 +42243,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c, 0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5, 0x70, 0x8d, 0x8b, 0x9c -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = { 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, @@ -42373,10 +42378,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77, 0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1, 0xfe, 0x4b -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4, 0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc, 0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68, @@ -42579,7 +42583,9 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f, 0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = { 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, @@ -42822,12 +42828,22 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46 -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig, (word32)sizeof(ml_dsa_44_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT, + ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key), + ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig)); + } +#endif + + return ret; } #endif @@ -42835,7 +42851,6 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void) static wc_test_ret_t dilithium_param_65_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd, 0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6, 0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62, @@ -42999,7 +43014,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8, 0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0, 0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = { 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, @@ -43196,10 +43213,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27, 0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14, 0x1b, 0x10 -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38, 0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52, 0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6, @@ -43476,7 +43492,9 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = { 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, @@ -43808,12 +43826,22 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28 -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig, (word32)sizeof(ml_dsa_65_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT, + ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key), + ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig)); + } +#endif + + return ret; } #endif @@ -43821,7 +43849,6 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void) static wc_test_ret_t dilithium_param_87_vfy_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e, 0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04, 0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87, @@ -44038,7 +44065,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2, 0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50, 0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4 -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = { 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, @@ -44299,10 +44328,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40, 0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95, 0x0a, 0x93 -#endif }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = { -#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT 0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f, 0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b, 0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba, @@ -44689,7 +44717,9 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f -#else + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = { 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, @@ -45153,12 +45183,22 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void) 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f -#endif }; +#endif + wc_test_ret_t ret; - return dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, + ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig, (word32)sizeof(ml_dsa_87_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT, + ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key), + ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig)); + } +#endif + + return ret; } #endif #endif diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index 7f30679e59..46a3652a45 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -760,10 +760,14 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#define WC_ML_DSA_DRAFT 10 #define WC_ML_DSA_44 2 #define WC_ML_DSA_65 3 #define WC_ML_DSA_87 5 +#define WC_ML_DSA_44_DRAFT (2 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_65_DRAFT (3 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_87_DRAFT (5 + WC_ML_DSA_DRAFT) #define DILITHIUM_ML_DSA_44_KEY_SIZE 2560 #define DILITHIUM_ML_DSA_44_SIG_SIZE 2420