PQC: CryptoCb support for signature algorithms

Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>

Author: Frauschi

src/internal.c

@@ -7787,13 +7787,13 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
     #if defined(HAVE_PQC)
     #if defined(HAVE_FALCON)
         case DYNAMIC_TYPE_FALCON:
-            wc_falcon_init((falcon_key*)*pKey);
+            wc_falcon_init_ex((falcon_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_FALCON */
     #if defined(HAVE_DILITHIUM)
         case DYNAMIC_TYPE_DILITHIUM:
-            wc_dilithium_init((dilithium_key*)*pKey);
+            wc_dilithium_init_ex((dilithium_key*)*pKey, ssl->heap, ssl->devId);
             ret = 0;
             break;
     #endif /* HAVE_DILITHIUM */
@@ -27451,6 +27451,54 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
         }
 #endif
     }
+    else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
+#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+        dilithium_key* dilithiumKey;
+
+        dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
+                                               DYNAMIC_TYPE_DILITHIUM);
+        if (dilithiumKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_dilithium_init_label(dilithiumKey, (char*)data, heap, devId);
+        }
+        else if (id) {
+            ret = wc_dilithium_init_id(dilithiumKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)dilithiumKey;
+        }
+        else {
+            XFREE(dilithiumKey, heap, DYNAMIC_TYPE_DILITHIUM);
+        }
+#endif
+    }
+    else if (hsType == DYNAMIC_TYPE_FALCON) {
+#if defined(HAVE_PQC) && defined(HAVE_FALCON)
+        falcon_key* falconKey;
+
+        falconKey = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
+                                         DYNAMIC_TYPE_FALCON);
+        if (falconKey == NULL) {
+            return MEMORY_E;
+        }
+
+        if (label) {
+            ret = wc_falcon_init_label(falconKey, (char*)data, heap, devId);
+        }
+        else if (id) {
+            ret = wc_falcon_init_id(falconKey, data, length, heap, devId);
+        }
+        if (ret == 0) {
+            *pkey = (void*)falconKey;
+        }
+        else {
+            XFREE(falconKey, heap, DYNAMIC_TYPE_FALCON);
+        }
+#endif
+    }
 
     return ret;
 }
@@ -27499,6 +27547,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             ssl->hsType = DYNAMIC_TYPE_RSA;
         else if (ssl->buffers.keyType == ecc_dsa_sa_algo)
             ssl->hsType = DYNAMIC_TYPE_ECC;
+        else if (ssl->buffers.keyType == falcon_level5_sa_algo)
+            ssl->hsType = DYNAMIC_TYPE_FALCON;
+        else if (ssl->buffers.keyType == dilithium_level5_sa_algo)
+            ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
         ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
         if (ret != 0) {
             goto exit_dpk;
@@ -27554,6 +27606,58 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
             }
     #else
             ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (ssl->buffers.keyType == falcon_level5_sa_algo) {
+    #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_falcon_init_label((falcon_key*)ssl->hsKey,
+                                           (char*)ssl->buffers.key->buffer,
+                                           ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_falcon_init_id((falcon_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minFalconKeySz) {
+                    WOLFSSL_MSG("Falcon key size too small");
+                    ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = (word16)wc_falcon_sig_size((falcon_key*)ssl->hsKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
+    #endif
+        }
+        else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
+    #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if (ssl->buffers.keyLabel) {
+                ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey,
+                                              (char*)ssl->buffers.key->buffer,
+                                              ssl->heap, ssl->buffers.keyDevId);
+            }
+            else if (ssl->buffers.keyId) {
+                ret = wc_dilithium_init_id((dilithium_key*)ssl->hsKey,
+                                        ssl->buffers.key->buffer,
+                                        ssl->buffers.key->length, ssl->heap,
+                                        ssl->buffers.keyDevId);
+            }
+            if (ret == 0) {
+                if (ssl->buffers.keySz < ssl->options.minDilithiumKeySz) {
+                    WOLFSSL_MSG("Dilithium key size too small");
+                    ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
+                }
+
+                /* Return the maximum signature length. */
+                *length = (word16)wc_dilithium_sig_size((dilithium_key*)ssl->hsKey);
+            }
+    #else
+            ret = NOT_COMPILED_IN;
     #endif
         }
         goto exit_dpk;

src/ssl.c

@@ -7734,6 +7734,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         #if defined(HAVE_FALCON)
             case FALCON_LEVEL1k:
             case FALCON_LEVEL5k:
+            #ifdef WOLF_PRIVATE_KEY_ID
+                keyType = falcon_level5_sa_algo;
+            #endif
                 /* Falcon is fixed key size */
                 keySz = FALCON_MAX_KEY_SIZE;
                 if (ssl && !ssl->options.verifyNone) {
@@ -7756,6 +7759,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             case DILITHIUM_LEVEL2k:
             case DILITHIUM_LEVEL3k:
             case DILITHIUM_LEVEL5k:
+            #ifdef WOLF_PRIVATE_KEY_ID
+                keyType = dilithium_level5_sa_algo;
+            #endif
                 /* Dilithium is fixed key size */
                 keySz = DILITHIUM_MAX_KEY_SIZE;
                 if (ssl && !ssl->options.verifyNone) {
@@ -9090,6 +9096,19 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
             type = DYNAMIC_TYPE_ECC;
         }
     #endif
+    #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+        if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+            (der->keyOID == DILITHIUM_LEVEL3k) ||
+            (der->keyOID == DILITHIUM_LEVEL5k)) {
+            type = DYNAMIC_TYPE_DILITHIUM;
+        }
+    #endif
+    #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+        if ((der->keyOID == FALCON_LEVEL1k) ||
+            (der->keyOID == FALCON_LEVEL5k)) {
+            type = DYNAMIC_TYPE_FALCON;
+        }
+    #endif
 
         ret = CreateDevPrivateKey(&pkey, buff, size, type,
                                   isKeyLabel, isKeyId, heap, devId);
@@ -9111,6 +9130,23 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
                                                der->publicKey, der->pubKeySize);
             }
             #endif
+            #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+                (der->keyOID == DILITHIUM_LEVEL3k) ||
+                (der->keyOID == DILITHIUM_LEVEL5k)) {
+                ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                            WC_PQC_SIG_TYPE_DILITHIUM,
+                                            der->publicKey, der->pubKeySize);
+            }
+            #endif
+            #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if ((der->keyOID == FALCON_LEVEL1k) ||
+                (der->keyOID == FALCON_LEVEL5k)) {
+                ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
+                                            WC_PQC_SIG_TYPE_FALCON,
+                                            der->publicKey, der->pubKeySize);
+            }
+            #endif
         }
         #else
             /* devId was set, don't check, for now */
@@ -9130,6 +9166,19 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
             if (der->keyOID == ECDSAk) {
                 wc_ecc_free((ecc_key*)pkey);
             }
+        #endif
+        #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
+            if ((der->keyOID == DILITHIUM_LEVEL2k) ||
+                (der->keyOID == DILITHIUM_LEVEL3k) ||
+                (der->keyOID == DILITHIUM_LEVEL5k)) {
+                wc_dilithium_free((dilithium_key*)pkey);
+            }
+        #endif
+        #if defined(HAVE_PQC) && defined(HAVE_FALCON)
+            if ((der->keyOID == FALCON_LEVEL1k) ||
+                (der->keyOID == FALCON_LEVEL5k)) {
+                wc_falcon_free((falcon_key*)pkey);
+            }
         #endif
             XFREE(pkey, heap, type);
         }

wolfcrypt/src/asn.c

@@ -16440,7 +16440,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 1))
@@ -16465,7 +16466,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.falcon == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_falcon_init(sigCtx->key.falcon)) < 0) {
+                    if ((ret = wc_falcon_init_ex(sigCtx->key.falcon,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_falcon_set_level(sigCtx->key.falcon, 5))
@@ -16492,7 +16494,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(
@@ -16517,7 +16520,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(
@@ -16542,7 +16546,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     if (sigCtx->key.dilithium == NULL) {
                         ERROR_OUT(MEMORY_E, exit_cs);
                     }
-                    if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
+                    if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium,
+                                            sigCtx->heap, sigCtx->devId)) < 0) {
                         goto exit_cs;
                     }
                     if ((ret = wc_dilithium_set_level(