diff --git a/tests/api.c b/tests/api.c index 5b8efa7cfb..3df31dbd1f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35003,10 +35003,20 @@ static int test_wc_dilithium_der(void) * the supplied DER is invalid, this should fail with ASN parsing error */ idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), - WC_NO_ERR_TRACE(ASN_PARSE_E)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WC_NO_ERR_TRACE(BAD_FUNC_ARG) +#else + WC_NO_ERR_TRACE(ASN_PARSE_E) +#endif + ); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), - WC_NO_ERR_TRACE(ASN_PARSE_E)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WC_NO_ERR_TRACE(BAD_FUNC_ARG) +#else + WC_NO_ERR_TRACE(ASN_PARSE_E) +#endif + ); #ifndef WOLFSSL_NO_ML_DSA_44 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index d07a4e4c4f..f4d7d56fe6 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9532,14 +9532,15 @@ static int mapOidToSecLevel(word32 oid) * @param [in, out] inOutIdx On in, index into array of start of DER encoding. * On out, index into array after DER encoding. * @param [in, out] key Dilithium key structure to hold the decoded key. - * If the security level is set in the key structure on - * input, the DER key will be decoded as such and will - * fail if there is a mismatch. If the level and - * parameters are not set in the key structure on + * If the security level is set in the key structure + * on input, the DER key will be decoded as such and + * will fail if there is a mismatch. If the level + * and parameters are not set in the key structure on * input, the level will be detected from the DER * file based on the algorithm OID, appropriately * decoded, then updated in the key structure on - * output. + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 draft mode. * @param [in] inSz Total size of the input DER buffer array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. @@ -9803,10 +9804,12 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, * on input, the DER key will be decoded as such * and will fail if there is a mismatch. If the level * and parameters are not set in the key structure on - * input, the level will be detected from the DER file - * based on the algorithm OID, appropriately decoded, - * then updated in the key structure on output. - * updated in the key structure on output. + * input, the level will be detected from the DER + * file based on the algorithm OID, appropriately + * decoded, then updated in the key structure on + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 + * draft mode. * @param [in] inSz Total size of data in array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index f8ecd0cb59..281053773c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -45952,6 +45952,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, ret = wc_dilithium_init(&key); } +#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Test decoding without setting security level - should auto-detect */ if (ret == 0) { idx = 0; @@ -45974,6 +45975,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, expectedLevel, key.level); ret = WC_TEST_RET_ENC_NC; } +#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ /* Cleanup */ XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);