Merge pull request #8659 from kojiws/improve_mldsa_priv_key_import

Improve ML-DSA private key import and the test

Author: SparkiDev

src/ssl_load.c

@@ -946,6 +946,9 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     int ret;
     word32 idx;
     dilithium_key* key;
+    int keyFormatTemp = 0;
+    int keyTypeTemp;
+    int keySizeTemp;
 
     /* Allocate a Dilithium key to parse into. */
     key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
@@ -956,105 +959,74 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 
     /* Initialize Dilithium key. */
     ret = wc_dilithium_init(key);
-    if (ret == 0) {
-        /* Set up key to parse the format specified. */
-        if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) &&
-            ((der->length == ML_DSA_LEVEL2_KEY_SIZE) ||
-             (der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_44);
-        }
-        else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) &&
-            ((der->length == ML_DSA_LEVEL3_KEY_SIZE) ||
-             (der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_65);
-        }
-        else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) &&
-            ((der->length == ML_DSA_LEVEL5_KEY_SIZE) ||
-             (der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_87);
-        }
-        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-        else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
-            ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
-             (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT);
-        }
-        else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
-            ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
-             (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT);
-        }
-        else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
-            ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
-             (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
-            ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT);
-        }
-        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
-        else {
-            wc_dilithium_free(key);
-            ret = ALGO_ID_E;
-        }
-    }
-
     if (ret == 0) {
         /* Decode as a Dilithium private key. */
         idx = 0;
         ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
         if (ret == 0) {
-            /* Get the minimum Dilithium key size from SSL or SSL context
-             * object. */
-            int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
-                                 ctx->minDilithiumKeySz;
-
-            /* Format is known. */
-            if (*keyFormat == ML_DSA_LEVEL2k) {
-                *keyType = dilithium_level2_sa_algo;
-                *keySize = ML_DSA_LEVEL2_KEY_SIZE;
-            }
-            else if (*keyFormat == ML_DSA_LEVEL3k) {
-                *keyType = dilithium_level3_sa_algo;
-                *keySize = ML_DSA_LEVEL3_KEY_SIZE;
-            }
-            else if (*keyFormat == ML_DSA_LEVEL5k) {
-                *keyType = dilithium_level5_sa_algo;
-                *keySize = ML_DSA_LEVEL5_KEY_SIZE;
-            }
-            #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-            else if (*keyFormat == DILITHIUM_LEVEL2k) {
-                *keyType = dilithium_level2_sa_algo;
-                *keySize = DILITHIUM_LEVEL2_KEY_SIZE;
-            }
-            else if (*keyFormat == DILITHIUM_LEVEL3k) {
-                *keyType = dilithium_level3_sa_algo;
-                *keySize = DILITHIUM_LEVEL3_KEY_SIZE;
+            ret = dilithium_get_oid_sum(key, &keyFormatTemp);
+            if (ret == 0) {
+                /* Format is known. */
+                #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
+                if (keyFormatTemp == DILITHIUM_LEVEL2k) {
+                    keyTypeTemp = dilithium_level2_sa_algo;
+                    keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE;
+                }
+                else if (keyFormatTemp == DILITHIUM_LEVEL3k) {
+                    keyTypeTemp = dilithium_level3_sa_algo;
+                    keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE;
+                }
+                else if (keyFormatTemp == DILITHIUM_LEVEL5k) {
+                    keyTypeTemp = dilithium_level5_sa_algo;
+                    keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE;
+                }
+                else
+                #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
+                if (keyFormatTemp == ML_DSA_LEVEL2k) {
+                    keyTypeTemp = dilithium_level2_sa_algo;
+                    keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE;
+                }
+                else if (keyFormatTemp == ML_DSA_LEVEL3k) {
+                    keyTypeTemp = dilithium_level3_sa_algo;
+                    keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE;
+                }
+                else if (keyFormatTemp == ML_DSA_LEVEL5k) {
+                    keyTypeTemp = dilithium_level5_sa_algo;
+                    keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE;
+                }
+                else {
+                    ret = ALGO_ID_E;
+                }
             }
-            else if (*keyFormat == DILITHIUM_LEVEL5k) {
-                *keyType = dilithium_level5_sa_algo;
-                *keySize = DILITHIUM_LEVEL5_KEY_SIZE;
+
+            if (ret == 0) {
+                /* Get the minimum Dilithium key size from SSL or SSL context
+                 * object. */
+                int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
+                                     ctx->minDilithiumKeySz;
+
+                /* Check that the size of the Dilithium key is enough. */
+                if (keySizeTemp < minKeySz) {
+                    WOLFSSL_MSG("Dilithium private key too small");
+                    ret = DILITHIUM_KEY_SIZE_E;
+                }
             }
-            #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
 
-            /* Check that the size of the Dilithium key is enough. */
-            if (*keySize < minKeySz) {
-                WOLFSSL_MSG("Dilithium private key too small");
-                ret = DILITHIUM_KEY_SIZE_E;
+            if (ret == 0) {
+                *keyFormat = keyFormatTemp;
+                *keyType = keyTypeTemp;
+                *keySize = keySizeTemp;
             }
         }
-        /* Not a Dilithium key but check whether we know what it is. */
         else if (*keyFormat == 0) {
             WOLFSSL_MSG("Not a Dilithium key");
-            /* Format unknown so keep trying. */
+            /* Unknown format wasn't dilithium, so keep trying other formats. */
             ret = 0;
         }
 
         /* Free dynamically allocated data in key. */
         wc_dilithium_free(key);
     }
-    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
-        WOLFSSL_MSG("Not a Dilithium key");
-        /* Format unknown so keep trying. */
-        ret = 0;
-    }
 
     /* Dispose of allocated key. */
     XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);

tests/api/test_mldsa.c

@@ -2959,7 +2959,7 @@ int test_wc_dilithium_der(void)
     idx = 0;
 #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
-                WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                WC_NO_ERR_TRACE(ASN_PARSE_E));
 #else
     ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
                 WC_NO_ERR_TRACE(ASN_PARSE_E));
@@ -16658,3 +16658,130 @@ int test_wc_dilithium_verify_kats(void)
     return EXPECT_RESULT();
 }
 
+int test_mldsa_pkcs8(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+
+    WOLFSSL_CTX* ctx = NULL;
+    size_t i;
+    const int derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE;
+    const int tempMaxSz = DILITHIUM_MAX_BOTH_KEY_PEM_SIZE;
+    byte* der = NULL;
+    byte* temp = NULL;  /* Store PEM or intermediate key */
+    word32 derSz = 0;
+    word32 pemSz = 0;
+    word32 keySz = 0;
+    dilithium_key mldsa_key;
+    WC_RNG rng;
+    word32 size;
+
+    struct {
+        int wcId;
+        int oidSum;
+        int keySz;
+    } test_variant[] = {
+        {WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE},
+        {WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE},
+        {WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}
+    };
+
+    (void) pemSz;
+
+    ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+
+#ifndef NO_WOLFSSL_SERVER
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif /* NO_WOLFSSL_SERVER */
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0);
+
+    /* Test private + public key (separated format) */
+    for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
+        ExpectIntEQ(wc_dilithium_set_level(&mldsa_key,
+            test_variant[i].wcId), 0);
+        ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
+
+        ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz),
+            0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+            WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+#ifdef WOLFSSL_DER_TO_PEM
+        ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
+            PKCS8_PRIVATEKEY_TYPE), 0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif /* WOLFSSL_DER_TO_PEM */
+    }
+
+    /* Test private key only */
+    for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
+        ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId),
+            0);
+        ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
+
+        ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der,
+            derMaxSz), 0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+            WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+#ifdef WOLFSSL_DER_TO_PEM
+        ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
+            PKCS8_PRIVATEKEY_TYPE), 0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif /* WOLFSSL_DER_TO_PEM */
+    }
+
+    /* Test private + public key (integrated format) */
+    for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
+        ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId),
+            0);
+        ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
+
+        keySz = 0;
+        temp[0] = 0x04;  /* ASN.1 OCTET STRING */
+        temp[1] = 0x82;  /* 2 bytes length field */
+        temp[2] = (test_variant[i].keySz >> 8) & 0xff;  /* MSB of the length */
+        temp[3] = test_variant[i].keySz & 0xff;         /* LSB of the length */
+        keySz += 4;
+        size = tempMaxSz - keySz;
+        ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz,
+            &size), 0);
+        keySz += size;
+        size = tempMaxSz - keySz;
+        ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size),
+            0);
+        keySz += size;
+        derSz = derMaxSz;
+        ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz,
+            test_variant[i].oidSum, NULL, 0), 0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+            WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+#ifdef WOLFSSL_DER_TO_PEM
+        ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
+            PKCS8_PRIVATEKEY_TYPE), 0);
+        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
+            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+#endif /* WOLFSSL_DER_TO_PEM */
+    }
+
+    wc_dilithium_free(&mldsa_key);
+    ExpectIntEQ(wc_FreeRng(&rng), 0);
+    wolfSSL_CTX_free(ctx);
+    XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_mldsa.h

@@ -35,6 +35,7 @@ int test_wc_dilithium_der(void);
 int test_wc_dilithium_make_key_from_seed(void);
 int test_wc_dilithium_sig_kats(void);
 int test_wc_dilithium_verify_kats(void);
+int test_mldsa_pkcs8(void);
 
 #define TEST_MLDSA_DECLS                                            \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium),                    \
@@ -47,6 +48,7 @@ int test_wc_dilithium_verify_kats(void);
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_der),                \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats),           \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats)
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats),        \
+    TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8)
 
 #endif /* WOLFCRYPT_TEST_MLDSA_H */