|
@@ -2251,6 +2251,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
|
|
|
|
|
#ifndef NO_CERTS
|
|
|
ctx->privateKeyDevId = INVALID_DEVID;
|
|
|
+#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
|
+ ctx->altPrivateKeyDevId = INVALID_DEVID;
|
|
|
+#endif
|
|
|
#endif
|
|
|
|
|
|
#ifndef NO_DH
|
|
@@ -4333,11 +4336,15 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
|
|
#endif
|
|
|
#ifdef HAVE_PQC
|
|
|
case PQC_SA_MAJOR:
|
|
|
- /* Hash performed as part of sign/verify operation. */
|
|
|
+ /* Hash performed as part of sign/verify operation.
|
|
|
+ * However, if we want a dual alg signature with a
|
|
|
+ * classic algorithm as alternative, we need an explicit
|
|
|
+ * hash algo here.
|
|
|
+ */
|
|
|
#ifdef HAVE_FALCON
|
|
|
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
|
|
|
*hsType = falcon_level1_sa_algo;
|
|
|
- *hashAlgo = sha512_mac;
|
|
|
+ *hashAlgo = sha256_mac;
|
|
|
}
|
|
|
else if (input[1] == FALCON_LEVEL5_SA_MINOR) {
|
|
|
*hsType = falcon_level5_sa_algo;
|
|
@@ -4347,11 +4354,11 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
|
|
#ifdef HAVE_DILITHIUM
|
|
|
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
|
|
|
*hsType = dilithium_level2_sa_algo;
|
|
|
- *hashAlgo = sha512_mac;
|
|
|
+ *hashAlgo = sha256_mac;
|
|
|
}
|
|
|
else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
|
|
|
*hsType = dilithium_level3_sa_algo;
|
|
|
- *hashAlgo = sha512_mac;
|
|
|
+ *hashAlgo = sha384_mac;
|
|
|
}
|
|
|
else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
|
|
|
*hsType = dilithium_level5_sa_algo;
|
|
@@ -6761,9 +6768,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
|
|
ssl->buffers.keySz = ctx->privateKeySz;
|
|
|
ssl->buffers.keyDevId = ctx->privateKeyDevId;
|
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
|
- ssl->buffers.altKey = ctx->altPrivateKey;
|
|
|
- ssl->buffers.altKeySz = ctx->altPrivateKeySz;
|
|
|
- ssl->buffers.altKeyType = ctx->altPrivateKeyType;
|
|
|
+ ssl->buffers.altKey = ctx->altPrivateKey;
|
|
|
+ ssl->buffers.altKeyType = ctx->altPrivateKeyType;
|
|
|
+ ssl->buffers.altKeyId = ctx->altPrivateKeyId;
|
|
|
+ ssl->buffers.altKeyLabel = ctx->altPrivateKeyLabel;
|
|
|
+ ssl->buffers.altKeySz = ctx->altPrivateKeySz;
|
|
|
+ ssl->buffers.altKeyDevId = ctx->altPrivateKeyDevId;
|
|
|
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
|
|
#endif
|
|
|
#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
|
|
@@ -12975,23 +12985,40 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|
|
/* Copy over alternative sig and pubkey. In this case we will allocate new
|
|
|
* buffers for them as we have no knowledge of when the DecodedCert is
|
|
|
* freed. */
|
|
|
- x509->sapkiDer = (byte*)XMALLOC(dCert->sapkiLen, x509->heap,
|
|
|
- DYNAMIC_TYPE_X509_EXT);
|
|
|
- x509->altSigAlgDer = (byte*)XMALLOC(dCert->altSigAlgLen, x509->heap,
|
|
|
+ if (dCert->extSapkiSet) {
|
|
|
+ x509->sapkiDer = (byte*)XMALLOC(dCert->sapkiLen, x509->heap,
|
|
|
DYNAMIC_TYPE_X509_EXT);
|
|
|
- x509->altSigValDer = (byte*)XMALLOC(dCert->altSigValLen, x509->heap,
|
|
|
- DYNAMIC_TYPE_X509_EXT);
|
|
|
- if ((x509->sapkiDer != NULL) && (x509->altSigAlgDer != NULL) &&
|
|
|
- (x509->altSigValDer != NULL)) {
|
|
|
- XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen);
|
|
|
- XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer, dCert->altSigAlgLen);
|
|
|
- XMEMCPY(x509->altSigValDer, dCert->altSigValDer, dCert->altSigValLen);
|
|
|
- x509->sapkiLen = dCert->sapkiLen;
|
|
|
- x509->altSigAlgLen = dCert->altSigAlgLen;
|
|
|
- x509->altSigValLen = dCert->altSigValLen;
|
|
|
+ if (x509->sapkiDer != NULL) {
|
|
|
+ XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen);
|
|
|
+ x509->sapkiLen = dCert->sapkiLen;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ ret = MEMORY_E;
|
|
|
+ }
|
|
|
}
|
|
|
- else {
|
|
|
- ret = MEMORY_E;
|
|
|
+ if (dCert->extAltSigAlgSet) {
|
|
|
+ x509->altSigAlgDer = (byte*)XMALLOC(dCert->altSigAlgLen, x509->heap,
|
|
|
+ DYNAMIC_TYPE_X509_EXT);
|
|
|
+ if (x509->altSigAlgDer != NULL) {
|
|
|
+ XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer,
|
|
|
+ dCert->altSigAlgLen);
|
|
|
+ x509->altSigAlgLen = dCert->altSigAlgLen;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ ret = MEMORY_E;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (dCert->extAltSigValSet) {
|
|
|
+ x509->altSigValDer = (byte*)XMALLOC(dCert->altSigValLen, x509->heap,
|
|
|
+ DYNAMIC_TYPE_X509_EXT);
|
|
|
+ if (x509->altSigValDer != NULL) {
|
|
|
+ XMEMCPY(x509->altSigValDer, dCert->altSigValDer,
|
|
|
+ dCert->altSigValLen);
|
|
|
+ x509->altSigValLen = dCert->altSigValLen;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ ret = MEMORY_E;
|
|
|
+ }
|
|
|
}
|
|
|
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
|
|
|
|
@@ -13942,39 +13969,6 @@ PRAGMA_GCC_DIAG_POP
|
|
|
alreadySigner = AlreadySigner(SSL_CM(ssl), subjectHash);
|
|
|
}
|
|
|
|
|
|
-#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
|
- if ((ret == 0) && (args->dCert->sapkiDer != NULL)) {
|
|
|
-#ifndef WOLFSSL_SMALL_STACK
|
|
|
- byte der[MAX_CERT_VERIFY_SZ];
|
|
|
-#else
|
|
|
- byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, ssl->heap,
|
|
|
- DYNAMIC_TYPE_DCERT);
|
|
|
- if (der == NULL) {
|
|
|
- ret = MEMORY_E;
|
|
|
- }
|
|
|
-#endif /* ! WOLFSSL_SMALL_STACK */
|
|
|
-
|
|
|
- if (ret == 0) {
|
|
|
- ret = wc_GeneratePreTBS(args->dCert, der, MAX_CERT_VERIFY_SZ);
|
|
|
-
|
|
|
- if (ret > 0) {
|
|
|
- ret = wc_ConfirmAltSignature(der, ret,
|
|
|
- args->dCert->sapkiDer, args->dCert->sapkiLen,
|
|
|
- args->dCert->sapkiOID,
|
|
|
- args->dCert->altSigValDer, args->dCert->altSigValLen,
|
|
|
- args->dCert->altSigAlgOID, ssl->heap);
|
|
|
- }
|
|
|
-#ifdef WOLFSSL_SMALL_STACK
|
|
|
- XFREE(der, ssl->heap, DYNAMIC_TYPE_DCERT);
|
|
|
-#endif /* WOLFSSL_SMALL_STACK */
|
|
|
-
|
|
|
- if (ret == 0) {
|
|
|
- WOLFSSL_MSG("Alternative signature has been verified!");
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
|
|
-
|
|
|
#ifdef WOLFSSL_SMALL_CERT_VERIFY
|
|
|
/* get signature check failures from above */
|
|
|
if (ret == 0)
|
|
@@ -27721,9 +27715,12 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ssl->hsType = DYNAMIC_TYPE_RSA;
|
|
|
else if (ssl->buffers.keyType == ecc_dsa_sa_algo)
|
|
|
ssl->hsType = DYNAMIC_TYPE_ECC;
|
|
|
- else if (ssl->buffers.keyType == falcon_level5_sa_algo)
|
|
|
+ else if ((ssl->buffers.keyType == falcon_level1_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == falcon_level5_sa_algo))
|
|
|
ssl->hsType = DYNAMIC_TYPE_FALCON;
|
|
|
- else if (ssl->buffers.keyType == dilithium_level5_sa_algo)
|
|
|
+ else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == dilithium_level3_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == dilithium_level5_sa_algo))
|
|
|
ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
|
|
|
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
|
|
|
if (ret != 0) {
|
|
@@ -27782,7 +27779,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ret = NOT_COMPILED_IN;
|
|
|
#endif
|
|
|
}
|
|
|
- else if (ssl->buffers.keyType == falcon_level5_sa_algo) {
|
|
|
+ else if ((ssl->buffers.keyType == falcon_level1_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == falcon_level5_sa_algo)) {
|
|
|
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
|
|
|
if (ssl->buffers.keyLabel) {
|
|
|
ret = wc_falcon_init_label((falcon_key*)ssl->hsKey,
|
|
@@ -27795,6 +27793,14 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ssl->buffers.key->length, ssl->heap,
|
|
|
ssl->buffers.keyDevId);
|
|
|
}
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.keyType == falcon_level1_sa_algo) {
|
|
|
+ ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 1);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.keyType == falcon_level5_sa_algo) {
|
|
|
+ ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 5);
|
|
|
+ }
|
|
|
+ }
|
|
|
if (ret == 0) {
|
|
|
if (ssl->buffers.keySz < ssl->options.minFalconKeySz) {
|
|
|
WOLFSSL_MSG("Falcon key size too small");
|
|
@@ -27808,7 +27814,9 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ret = NOT_COMPILED_IN;
|
|
|
#endif
|
|
|
}
|
|
|
- else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
|
|
+ else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == dilithium_level3_sa_algo) ||
|
|
|
+ (ssl->buffers.keyType == dilithium_level5_sa_algo)) {
|
|
|
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
|
|
|
if (ssl->buffers.keyLabel) {
|
|
|
ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey,
|
|
@@ -27821,6 +27829,17 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ssl->buffers.key->length, ssl->heap,
|
|
|
ssl->buffers.keyDevId);
|
|
|
}
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
|
|
|
+ }
|
|
|
+ }
|
|
|
if (ret == 0) {
|
|
|
if (ssl->buffers.keySz < ssl->options.minDilithiumKeySz) {
|
|
|
WOLFSSL_MSG("Dilithium key size too small");
|
|
@@ -28116,13 +28135,14 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
WOLFSSL_MSG("Using Falcon private key");
|
|
|
|
|
|
/* Check it meets the minimum Falcon key size requirements. */
|
|
|
- if (FALCON_MAX_KEY_SIZE < ssl->options.minFalconKeySz) {
|
|
|
+ keySz = wc_falcon_size((falcon_key*)ssl->hsKey);
|
|
|
+ if (keySz < ssl->options.minFalconKeySz) {
|
|
|
WOLFSSL_MSG("Falcon key size too small");
|
|
|
ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk);
|
|
|
}
|
|
|
|
|
|
/* Return the maximum signature length. */
|
|
|
- *length = FALCON_MAX_SIG_SIZE;
|
|
|
+ *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey);
|
|
|
|
|
|
goto exit_dpk;
|
|
|
}
|
|
@@ -28187,13 +28207,14 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
WOLFSSL_MSG("Using Dilithium private key");
|
|
|
|
|
|
/* Check it meets the minimum Dilithium key size requirements. */
|
|
|
- if (DILITHIUM_MAX_KEY_SIZE < ssl->options.minDilithiumKeySz) {
|
|
|
+ keySz = wc_dilithium_size((dilithium_key*)ssl->hsKey);
|
|
|
+ if (keySz < ssl->options.minDilithiumKeySz) {
|
|
|
WOLFSSL_MSG("Dilithium key size too small");
|
|
|
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
|
|
|
}
|
|
|
|
|
|
/* Return the maximum signature length. */
|
|
|
- *length = DILITHIUM_MAX_SIG_SIZE;
|
|
|
+ *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsKey);
|
|
|
|
|
|
goto exit_dpk;
|
|
|
}
|
|
@@ -28213,12 +28234,15 @@ exit_dpk:
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
-#if defined(HAVE_PQC) && defined(WOLFSSL_DUAL_ALG_CERTS)
|
|
|
-/* This is just like the above, but only consider Falcon and Dilthium and
|
|
|
- * only for the alternative key; not the native key. */
|
|
|
+#if defined(WOLFSSL_DUAL_ALG_CERTS)
|
|
|
+/* This is just like the above, but only consider RSA, ECC, Falcon and
|
|
|
+ * Dilthium; Furthermore, use the alternative key, not the native key.
|
|
|
+ */
|
|
|
int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
{
|
|
|
int ret = BAD_FUNC_ARG;
|
|
|
+ int keySz;
|
|
|
+ word32 idx;
|
|
|
|
|
|
/* make sure alt private key exists */
|
|
|
if (ssl->buffers.altKey == NULL || ssl->buffers.altKey->buffer == NULL) {
|
|
@@ -28226,8 +28250,280 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ERROR_OUT(NO_PRIVATE_KEY, exit_dapk);
|
|
|
}
|
|
|
|
|
|
+#ifdef WOLF_PRIVATE_KEY_ID
|
|
|
+ if (ssl->buffers.altKeyDevId != INVALID_DEVID &&
|
|
|
+ (ssl->buffers.altKeyId || ssl->buffers.altKeyLabel)) {
|
|
|
+ if (ssl->buffers.altKeyType == rsa_sa_algo)
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_RSA;
|
|
|
+ else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo)
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_ECC;
|
|
|
+ else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == falcon_level5_sa_algo))
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_FALCON;
|
|
|
+ else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == dilithium_level3_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == dilithium_level5_sa_algo))
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM;
|
|
|
+ ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
|
|
|
+ if (ret != 0) {
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ssl->buffers.altKeyType == rsa_sa_algo) {
|
|
|
+ #ifndef NO_RSA
|
|
|
+ if (ssl->buffers.altKeyLabel) {
|
|
|
+ ret = wc_InitRsaKey_Label((RsaKey*)ssl->hsAltKey,
|
|
|
+ (char*)ssl->buffers.altKey->buffer,
|
|
|
+ ssl->heap, ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyId) {
|
|
|
+ ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->buffer,
|
|
|
+ ssl->buffers.altKey->length, ssl->heap,
|
|
|
+ ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeySz < ssl->options.minRsaKeySz) {
|
|
|
+ WOLFSSL_MSG("RSA key size too small");
|
|
|
+ ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)ssl->buffers.altKeySz;
|
|
|
+ }
|
|
|
+ #else
|
|
|
+ ret = NOT_COMPILED_IN;
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo) {
|
|
|
+ #ifdef HAVE_ECC
|
|
|
+ if (ssl->buffers.altKeyLabel) {
|
|
|
+ ret = wc_ecc_init_label((ecc_key*)ssl->hsAltKey,
|
|
|
+ (char*)ssl->buffers.altKey->buffer,
|
|
|
+ ssl->heap, ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyId) {
|
|
|
+ ret = wc_ecc_init_id((ecc_key*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->buffer,
|
|
|
+ ssl->buffers.altKey->length, ssl->heap,
|
|
|
+ ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeySz < ssl->options.minEccKeySz) {
|
|
|
+ WOLFSSL_MSG("ECC key size too small");
|
|
|
+ ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)wc_ecc_sig_size_calc(ssl->buffers.altKeySz);
|
|
|
+ }
|
|
|
+ #else
|
|
|
+ ret = NOT_COMPILED_IN;
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+ else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == falcon_level5_sa_algo)) {
|
|
|
+ #if defined(HAVE_PQC) && defined(HAVE_FALCON)
|
|
|
+ if (ssl->buffers.altKeyLabel) {
|
|
|
+ ret = wc_falcon_init_label((falcon_key*)ssl->hsAltKey,
|
|
|
+ (char*)ssl->buffers.altKey->buffer,
|
|
|
+ ssl->heap, ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyId) {
|
|
|
+ ret = wc_falcon_init_id((falcon_key*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->buffer,
|
|
|
+ ssl->buffers.altKey->length, ssl->heap,
|
|
|
+ ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeyType == falcon_level1_sa_algo) {
|
|
|
+ ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) {
|
|
|
+ ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeySz < ssl->options.minFalconKeySz) {
|
|
|
+ WOLFSSL_MSG("Falcon key size too small");
|
|
|
+ ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)
|
|
|
+ wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
|
|
|
+ }
|
|
|
+ #else
|
|
|
+ ret = NOT_COMPILED_IN;
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+ else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == dilithium_level3_sa_algo) ||
|
|
|
+ (ssl->buffers.altKeyType == dilithium_level5_sa_algo)) {
|
|
|
+ #if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
|
|
|
+ if (ssl->buffers.altKeyLabel) {
|
|
|
+ ret = wc_dilithium_init_label((dilithium_key*)ssl->hsAltKey,
|
|
|
+ (char*)ssl->buffers.altKey->buffer,
|
|
|
+ ssl->heap, ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyId) {
|
|
|
+ ret = wc_dilithium_init_id((dilithium_key*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->buffer,
|
|
|
+ ssl->buffers.altKey->length, ssl->heap,
|
|
|
+ ssl->buffers.altKeyDevId);
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level(
|
|
|
+ (dilithium_key*)ssl->hsAltKey, 2);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level(
|
|
|
+ (dilithium_key*)ssl->hsAltKey, 3);
|
|
|
+ }
|
|
|
+ else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
|
|
+ ret = wc_dilithium_set_level(
|
|
|
+ (dilithium_key*)ssl->hsAltKey, 5);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ if (ssl->buffers.altKeySz < ssl->options.minDilithiumKeySz) {
|
|
|
+ WOLFSSL_MSG("Dilithium key size too small");
|
|
|
+ ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)wc_dilithium_sig_size(
|
|
|
+ (dilithium_key*)ssl->hsAltKey);
|
|
|
+ }
|
|
|
+ #else
|
|
|
+ ret = NOT_COMPILED_IN;
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+#endif /* WOLF_PRIVATE_KEY_ID */
|
|
|
+
|
|
|
+#ifndef NO_RSA
|
|
|
+ if (ssl->buffers.altKeyType == rsa_sa_algo ||
|
|
|
+ ssl->buffers.altKeyType == 0) {
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_RSA;
|
|
|
+ ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
|
|
|
+ if (ret != 0) {
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_MSG("Trying RSA private key");
|
|
|
+
|
|
|
+ /* Set start of data to beginning of buffer. */
|
|
|
+ idx = 0;
|
|
|
+ /* Decode the key assuming it is an RSA private key. */
|
|
|
+ ret = wc_RsaPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx,
|
|
|
+ (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length);
|
|
|
+ #ifdef WOLF_PRIVATE_KEY_ID
|
|
|
+ /* if using external key then allow using a public key */
|
|
|
+ if (ret != 0 && (ssl->devId != INVALID_DEVID
|
|
|
+ #ifdef HAVE_PK_CALLBACKS
|
|
|
+ || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
|
|
|
+ #endif
|
|
|
+ )) {
|
|
|
+ WOLFSSL_MSG("Trying RSA public key with crypto callbacks");
|
|
|
+ idx = 0;
|
|
|
+ ret = wc_RsaPublicKeyDecode(ssl->buffers.altKey->buffer, &idx,
|
|
|
+ (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length);
|
|
|
+ }
|
|
|
+ #endif
|
|
|
+ if (ret == 0) {
|
|
|
+ WOLFSSL_MSG("Using RSA private key");
|
|
|
+
|
|
|
+ /* It worked so check it meets minimum key size requirements. */
|
|
|
+ keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsAltKey);
|
|
|
+ if (keySz < 0) { /* check if keySz has error case */
|
|
|
+ ERROR_OUT(keySz, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (keySz < ssl->options.minRsaKeySz) {
|
|
|
+ WOLFSSL_MSG("RSA key size too small");
|
|
|
+ ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)keySz;
|
|
|
+
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+ }
|
|
|
+#endif /* !NO_RSA */
|
|
|
+
|
|
|
+#ifdef HAVE_ECC
|
|
|
+#ifndef NO_RSA
|
|
|
+ FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
|
|
|
+#endif /* !NO_RSA */
|
|
|
+
|
|
|
+ if (ssl->buffers.altKeyType == ecc_dsa_sa_algo ||
|
|
|
+ ssl->buffers.altKeyType == 0
|
|
|
+ #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
|
|
+ || ssl->buffers.altKeyType == sm2_sa_algo
|
|
|
+ #endif
|
|
|
+ ) {
|
|
|
+ ssl->hsAltType = DYNAMIC_TYPE_ECC;
|
|
|
+ ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
|
|
|
+ if (ret != 0) {
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+
|
|
|
+ #ifndef NO_RSA
|
|
|
+ WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
|
|
|
+ #else
|
|
|
+ WOLFSSL_MSG("Trying ECC private key");
|
|
|
+ #endif
|
|
|
+
|
|
|
+ /* Set start of data to beginning of buffer. */
|
|
|
+ idx = 0;
|
|
|
+ /* Decode the key assuming it is an ECC private key. */
|
|
|
+ ret = wc_EccPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx,
|
|
|
+ (ecc_key*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->length);
|
|
|
+ #ifdef WOLF_PRIVATE_KEY_ID
|
|
|
+ /* if using external key then allow using a public key */
|
|
|
+ if (ret != 0 && (ssl->devId != INVALID_DEVID
|
|
|
+ #ifdef HAVE_PK_CALLBACKS
|
|
|
+ || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
|
|
|
+ #endif
|
|
|
+ )) {
|
|
|
+ WOLFSSL_MSG("Trying ECC public key with crypto callbacks");
|
|
|
+ idx = 0;
|
|
|
+ ret = wc_EccPublicKeyDecode(ssl->buffers.altKey->buffer, &idx,
|
|
|
+ (ecc_key*)ssl->hsAltKey,
|
|
|
+ ssl->buffers.altKey->length);
|
|
|
+ }
|
|
|
+ #endif
|
|
|
+ if (ret == 0) {
|
|
|
+ WOLFSSL_MSG("Using ECC private key");
|
|
|
+
|
|
|
+ /* Check it meets the minimum ECC key size requirements. */
|
|
|
+ keySz = wc_ecc_size((ecc_key*)ssl->hsAltKey);
|
|
|
+ if (keySz < ssl->options.minEccKeySz) {
|
|
|
+ WOLFSSL_MSG("ECC key size too small");
|
|
|
+ ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Return the maximum signature length. */
|
|
|
+ *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsAltKey);
|
|
|
+
|
|
|
+ goto exit_dapk;
|
|
|
+ }
|
|
|
+ }
|
|
|
+#endif
|
|
|
+#if defined(HAVE_PQC)
|
|
|
+#if defined(HAVE_FALCON)
|
|
|
+ #if !defined(NO_RSA) || defined(HAVE_ECC)
|
|
|
+ FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
|
|
|
+ #endif
|
|
|
+
|
|
|
if (ssl->buffers.altKeyType == falcon_level1_sa_algo ||
|
|
|
- ssl->buffers.altKeyType == falcon_level5_sa_algo) {
|
|
|
+ ssl->buffers.altKeyType == falcon_level5_sa_algo ||
|
|
|
+ ssl->buffers.altKeyType == 0) {
|
|
|
|
|
|
ssl->hsAltType = DYNAMIC_TYPE_FALCON;
|
|
|
ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
|
|
@@ -28242,14 +28538,25 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5);
|
|
|
}
|
|
|
else {
|
|
|
+ /* What if ssl->buffers.keyType is 0? We might want to do something
|
|
|
+ * more graceful here. */
|
|
|
ret = ALGO_ID_E;
|
|
|
}
|
|
|
|
|
|
if (ret != 0) {
|
|
|
goto exit_dapk;
|
|
|
}
|
|
|
- WOLFSSL_MSG("Trying Falcon private key");
|
|
|
|
|
|
+ #if defined(HAVE_ECC)
|
|
|
+ WOLFSSL_MSG("Trying Falcon private key, ECC didn't work");
|
|
|
+ #elif !defined(NO_RSA)
|
|
|
+ WOLFSSL_MSG("Trying Falcon private key, RSA didn't work");
|
|
|
+ #else
|
|
|
+ WOLFSSL_MSG("Trying Falcon private key");
|
|
|
+ #endif
|
|
|
+
|
|
|
+ /* Set start of data to beginning of buffer. */
|
|
|
+ idx = 0;
|
|
|
/* Decode the key assuming it is a Falcon private key. */
|
|
|
ret = wc_falcon_import_private_only(ssl->buffers.altKey->buffer,
|
|
|
ssl->buffers.altKey->length,
|
|
@@ -28258,21 +28565,28 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
WOLFSSL_MSG("Using Falcon private key");
|
|
|
|
|
|
/* Check it meets the minimum Falcon key size requirements. */
|
|
|
- if (FALCON_MAX_KEY_SIZE < ssl->options.minFalconKeySz) {
|
|
|
+ keySz = wc_falcon_size((falcon_key*)ssl->hsAltKey);
|
|
|
+ if (keySz < ssl->options.minFalconKeySz) {
|
|
|
WOLFSSL_MSG("Falcon key size too small");
|
|
|
ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk);
|
|
|
}
|
|
|
|
|
|
+ /* Return the maximum signature length. */
|
|
|
*length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey);
|
|
|
|
|
|
goto exit_dapk;
|
|
|
}
|
|
|
}
|
|
|
- FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
|
|
|
+#endif /* HAVE_FALCON */
|
|
|
+#if defined(HAVE_DILITHIUM)
|
|
|
+ #if !defined(NO_RSA) || defined(HAVE_ECC)
|
|
|
+ FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
|
|
|
+ #endif
|
|
|
|
|
|
if (ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
|
|
|
ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
|
|
|
- ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
|
|
+ ssl->buffers.altKeyType == dilithium_level5_sa_algo ||
|
|
|
+ ssl->buffers.altKeyType == 0) {
|
|
|
|
|
|
ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM;
|
|
|
ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey);
|
|
@@ -28290,6 +28604,8 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 5);
|
|
|
}
|
|
|
else {
|
|
|
+ /* What if ssl->buffers.keyType is 0? We might want to do something
|
|
|
+ * more graceful here. */
|
|
|
ret = ALGO_ID_E;
|
|
|
}
|
|
|
|
|
@@ -28297,8 +28613,18 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
goto exit_dapk;
|
|
|
}
|
|
|
|
|
|
- WOLFSSL_MSG("Trying Dilithium private key");
|
|
|
+ #if defined(HAVE_FALCON)
|
|
|
+ WOLFSSL_MSG("Trying Dilithium private key, Falcon didn't work");
|
|
|
+ #elif defined(HAVE_ECC)
|
|
|
+ WOLFSSL_MSG("Trying Dilithium private key, ECC didn't work");
|
|
|
+ #elif !defined(NO_RSA)
|
|
|
+ WOLFSSL_MSG("Trying Dilithium private key, RSA didn't work");
|
|
|
+ #else
|
|
|
+ WOLFSSL_MSG("Trying Dilithium private key");
|
|
|
+ #endif
|
|
|
|
|
|
+ /* Set start of data to beginning of buffer. */
|
|
|
+ idx = 0;
|
|
|
/* Decode the key assuming it is a Dilithium private key. */
|
|
|
ret = wc_dilithium_import_private_only(ssl->buffers.altKey->buffer,
|
|
|
ssl->buffers.altKey->length,
|
|
@@ -28307,16 +28633,24 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word16* length)
|
|
|
WOLFSSL_MSG("Using Dilithium private key");
|
|
|
|
|
|
/* Check it meets the minimum Dilithium key size requirements. */
|
|
|
- if (DILITHIUM_MAX_KEY_SIZE < ssl->options.minDilithiumKeySz) {
|
|
|
+ keySz = wc_dilithium_size((dilithium_key*)ssl->hsAltKey);
|
|
|
+ if (keySz < ssl->options.minDilithiumKeySz) {
|
|
|
WOLFSSL_MSG("Dilithium key size too small");
|
|
|
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk);
|
|
|
}
|
|
|
|
|
|
+ /* Return the maximum signature length. */
|
|
|
*length = wc_dilithium_sig_size((dilithium_key*)ssl->hsAltKey);
|
|
|
|
|
|
goto exit_dapk;
|
|
|
}
|
|
|
}
|
|
|
+#endif /* HAVE_DILITHIUM */
|
|
|
+#endif /* HAVE_PQC */
|
|
|
+
|
|
|
+ (void)idx;
|
|
|
+ (void)keySz;
|
|
|
+ (void)length;
|
|
|
|
|
|
exit_dapk:
|
|
|
if (ret != 0) {
|
|
@@ -28325,7 +28659,7 @@ exit_dapk:
|
|
|
|
|
|
return ret;
|
|
|
}
|
|
|
-#endif /* HAVE_PQC && WOLFSSL_DUAL_ALG_CERTS */
|
|
|
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
|
|
#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */
|
|
|
|
|
|
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
|