Skip to content

Commit

Permalink
Merge pull request wolfSSL#8207 from bigbrett/dilithium-nightly-fixes
Browse files Browse the repository at this point in the history
dilithium fixes for FIPS 204 draft mode
  • Loading branch information
dgarske authored Nov 21, 2024
2 parents 04932dd + cceeb77 commit 39d4832
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 11 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -457,3 +457,7 @@ wrapper/Ada/obj/
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev

# Autogenerated debug trace headers
wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h
16 changes: 14 additions & 2 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -35001,10 +35001,22 @@ static int test_wc_dilithium_der(void)
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
/* When security level is not set, we attempt to parse it from DER. Since
* the supplied DER is invalid, this should fail with ASN parsing error */
idx = 0;
ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
#else
WC_NO_ERR_TRACE(ASN_PARSE_E)
#endif
);
idx = 0;
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
#else
WC_NO_ERR_TRACE(ASN_PARSE_E)
#endif
);

#ifndef WOLFSSL_NO_ML_DSA_44
ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
Expand Down
21 changes: 12 additions & 9 deletions wolfcrypt/src/dilithium.c
Original file line number Diff line number Diff line change
Expand Up @@ -9532,14 +9532,15 @@ static int mapOidToSecLevel(word32 oid)
* @param [in, out] inOutIdx On in, index into array of start of DER encoding.
* On out, index into array after DER encoding.
* @param [in, out] key Dilithium key structure to hold the decoded key.
* If the security level is set in the key structure on
* input, the DER key will be decoded as such and will
* fail if there is a mismatch. If the level and
* parameters are not set in the key structure on
* If the security level is set in the key structure
* on input, the DER key will be decoded as such and
* will fail if there is a mismatch. If the level
* and parameters are not set in the key structure on
* input, the level will be detected from the DER
* file based on the algorithm OID, appropriately
* decoded, then updated in the key structure on
* output.
* output. Auto-detection of the security level is
* not supported if compiled for FIPS 204 draft mode.
* @param [in] inSz Total size of the input DER buffer array.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
Expand Down Expand Up @@ -9803,10 +9804,12 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
* on input, the DER key will be decoded as such
* and will fail if there is a mismatch. If the level
* and parameters are not set in the key structure on
* input, the level will be detected from the DER file
* based on the algorithm OID, appropriately decoded,
* then updated in the key structure on output.
* updated in the key structure on output.
* input, the level will be detected from the DER
* file based on the algorithm OID, appropriately
* decoded, then updated in the key structure on
* output. Auto-detection of the security level is
* not supported if compiled for FIPS 204
* draft mode.
* @param [in] inSz Total size of data in array.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
Expand Down
2 changes: 2 additions & 0 deletions wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -45952,6 +45952,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
ret = wc_dilithium_init(&key);
}

#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
/* Test decoding without setting security level - should auto-detect */
if (ret == 0) {
idx = 0;
Expand All @@ -45974,6 +45975,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
expectedLevel, key.level);
ret = WC_TEST_RET_ENC_NC;
}
#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */

/* Cleanup */
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down

0 comments on commit 39d4832

Please sign in to comment.