Merge pull request #158 from Yu-Ma28051503/dilithium-fix

fix DIlithium pem header and sign-verify without level option
wolfSSL · Dec 5, 2024 · 34cfd3f · 34cfd3f
2 parents 8f9775c + 39925ee
commit 34cfd3f
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 81 deletions.
diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c
@@ -1147,7 +1147,7 @@ int wolfCLU_genKey_Dilithium(WC_RNG* rng, char* fName, int directive, int fmt,
                 /* check if should convert to PEM format */
                 if (ret == WOLFCLU_SUCCESS && fmt == PEM_FORM) {
                     pemBufSz = wolfCLU_KeyDerToPem(derBuf, derBufSz, &pemBuf,
-                            PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER);
+                            PKCS8_PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER);
                     if (pemBufSz <= 0 || pemBuf == NULL) {
                         ret =  WOLFCLU_FAILURE;
                     }

diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c
@@ -85,11 +85,8 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pkeySz, int pubIn) {
 }
 
 int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType,
-                      int inForm, int level)
+                      int inForm)
 {
-#ifndef HAVE_DILITHIUM
-    (void)level;
-#endif
     int ret;
     int fSz;
     XFILE f;
@@ -131,7 +128,7 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType,
 
 #ifdef HAVE_DILITHIUM
     case DILITHIUM_SIG_VER:
-        ret = wolfCLU_sign_data_dilithium(data, out, fSz, privKey, level, inForm);
+        ret = wolfCLU_sign_data_dilithium(data, out, fSz, privKey, inForm);
         break;
 #endif
 
@@ -552,7 +549,7 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey,
 }
 
 int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* privKey,
-                                int level, int inForm)
+                                int inForm)
 {
 #ifdef HAVE_DILITHIUM
     int ret = 0;
@@ -596,27 +593,6 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
         return WOLFCLU_FAILURE;
     }
 
-    /* check and set Dilithium level */
-    if (level != 2 && level != 3 && level != 5) {
-        wolfCLU_LogError("Please specify a level when signing with Dilithium.");
-        wc_FreeRng(&rng);
-    #ifdef WOLFSSL_SMALL_STACK
-        wc_dilithium_free(key);
-    #endif
-        return BAD_FUNC_ARG;
-    }
-    else {
-        ret = wc_dilithium_set_level(key, level);
-        if (ret != 0) {
-            wolfCLU_LogError("Failed to set level.\nRET: %d", ret);
-            wc_FreeRng(&rng);
-        #ifdef WOLFSSL_SMALL_STACK
-            wc_dilithium_free(key);
-        #endif
-            return BAD_FUNC_ARG;
-        }
-    }
-
     /* open and read private key */
     privKeyFile = XFOPEN(privKey, "rb");
     if (privKeyFile == NULL) {
@@ -726,7 +702,6 @@ int wolfCLU_sign_data_dilithium (byte* data, char* out, word32 dataSz, char* pri
     (void)out;
     (void)dataSz;
     (void) privKey;
-    (void)level;
     (void)inForm;
 
     return NOT_COMPILED_IN;

diff --git a/src/sign-verify/clu_sign_verify_setup.c b/src/sign-verify/clu_sign_verify_setup.c
@@ -34,7 +34,6 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
     char*   out  = NULL; /* output variable */
     char*   priv = NULL; /* private key variable */
     char*   sig  = NULL;
-    int     level = 0;   /* security level */
 
     int     algCheck;           /* acceptable algorithm check */
     int     inCheck     = 0;    /* input check */
@@ -89,16 +88,6 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
         return 0;
     }
 
-    ret = wolfCLU_checkForArg("-level", 6, argc, argv);
-    if (ret > 0) {
-        level = atoi(argv[ret+1]);
-
-        if (level <= 0) {
-            WOLFCLU_LOG(WOLFCLU_L0, "Invalid level. Please specify a level > 0.");
-            return WOLFCLU_FATAL_ERROR;
-        }
-    }
-
     ret = wolfCLU_checkForArg("-inkey", 6, argc, argv);
     if (ret > 0) {
         priv = XMALLOC(XSTRLEN(argv[ret+1]) + 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -265,11 +254,10 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
     }
 
     if (signCheck == 1) {
-        ret = wolfCLU_sign_data(in, out, priv, algCheck, inForm, level);
+        ret = wolfCLU_sign_data(in, out, priv, algCheck, inForm);
     }
     else if (verifyCheck == 1) {
-        ret = wolfCLU_verify_signature(sig, in, out, priv, algCheck, pubInCheck, inForm,
-                                        level);
+        ret = wolfCLU_verify_signature(sig, in, out, priv, algCheck, pubInCheck, inForm);
     }
 
     if (priv)

diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c
@@ -134,12 +134,8 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte*
 
 int wolfCLU_verify_signature(char* sig, char* hashFile, char* out,
                              char* keyPath, int keyType, int pubIn,
-                             int inForm, int level)
+                             int inForm)
 {
-#ifndef HAVE_DILITHIUM
-    (void) level;
-#endif
-
     int hSz = 0;
     int fSz;
     int ret = WOLFCLU_FATAL_ERROR;
@@ -262,7 +258,7 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out,
             }
             XFCLOSE(h);
 
-            ret = wolfCLU_verify_signature_dilithium(data, fSz, hash, hSz, keyPath, level, inForm);
+            ret = wolfCLU_verify_signature_dilithium(data, fSz, hash, hSz, keyPath, inForm);
             break;
 #endif
 
@@ -670,7 +666,7 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz,
 }
 
 int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
-                    word32 msgLen, char* keyPath, int level, int inForm)
+                    word32 msgLen, char* keyPath, int inForm)
 {
 #ifdef HAVE_DILITHIUM
     int ret = 0;
@@ -704,25 +700,6 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
     }
     XMEMSET(key, 0, sizeof(dilithium_key));
 
-    /* check and set Dilithium level */
-    if (level != 2 && level != 3 && level != 5) {
-        wolfCLU_LogError("Please specify a level when verifying with Dilithium.");
-    #ifdef WOLFSSL_SMALL_STACK
-        wc_dilithium_free(key);
-    #endif
-        return BAD_FUNC_ARG;
-    }
-    else {
-        ret = wc_dilithium_set_level(key, level);
-        if (ret != 0) {
-            wolfCLU_LogError("Failed to set level.\nRET: %d", ret);
-        #ifdef WOLFSSL_SMALL_STACK
-            wc_dilithium_free(key);
-        #endif
-            return BAD_FUNC_ARG;
-        }
-    }
-
     /* open and read public key */
     keyFile = XFOPEN(keyPath, "rb");
     if (keyFile == NULL) {
@@ -814,7 +791,6 @@ int wolfCLU_verify_signature_dilithium(byte* sig, int sigSz, byte* msg,
     (void)msg;
     (void)msgLen;
     (void)keyPath;
-    (void)level;
     (void)inForm;
 
     return NOT_COMPILED_IN;

diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh
@@ -81,11 +81,7 @@ gen_key_sign_ver_test(){
     printf '%s\n' "--enable-keygen" && exit -1
 
     # test signing with priv key
-    if [ $1 = "dilithium" ]; then
-        ./wolfssl -$1 -sign -level $5 -inkey $2.priv -inform $4 -in sign-this.txt -out $3
-    else
-        ./wolfssl -$1 -sign -inkey $2.priv -inform $4 -in sign-this.txt -out $3
-    fi
+    ./wolfssl -$1 -sign -inkey $2.priv -inform $4 -in sign-this.txt -out $3
     RESULT=$?
     printf '%s\n' "sign RESULT - $RESULT"
     [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 sign" && exit -1
@@ -109,8 +105,6 @@ gen_key_sign_ver_test(){
     if [ "${1}" = "rsa" ]; then
         ./wolfssl -$1 -verify -inkey $2.pub -inform $4 -sigfile $3 -in sign-this.txt \
                   -out $5.public_result -pubin
-    elif [ $1 = "dilithium"  ]; then
-        ./wolfssl -$1 -verify -level $5 -inkey $2.pub -inform $4 -sigfile $3 -in sign-this.txt -pubin
     else
         ./wolfssl -$1 -verify -inkey $2.pub -inform $4 -sigfile $3 -in sign-this.txt -pubin
     fi

diff --git a/wolfclu/sign-verify/clu_sign.h b/wolfclu/sign-verify/clu_sign.h
@@ -43,13 +43,13 @@ enum {
     DILITHIUM_SIG_VER,
 };
 
-int wolfCLU_sign_data(char*, char*, char*, int, int, int);
+int wolfCLU_sign_data(char*, char*, char*, int, int);
 
 
 int wolfCLU_sign_data_rsa(byte*, char*, word32, char*, int);
 int wolfCLU_sign_data_ecc(byte*, char*, word32, char*, int);
 int wolfCLU_sign_data_ed25519(byte*, char*, word32, char*, int);
-int wolfCLU_sign_data_dilithium (byte*, char*, word32, char*, int, int);
+int wolfCLU_sign_data_dilithium (byte*, char*, word32, char*, int);
 
 int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pkeySz, int pubIn);
 
diff --git a/wolfclu/sign-verify/clu_verify.h b/wolfclu/sign-verify/clu_verify.h
@@ -39,9 +39,9 @@
 int wolfCLU_x509Verify(int argc, char** argv);
 int wolfCLU_CRLVerify(int argc, char** argv);
 
-int wolfCLU_verify_signature(char* , char*, char*, char*, int, int, int, int);
+int wolfCLU_verify_signature(char* , char*, char*, char*, int, int, int);
 
 int wolfCLU_verify_signature_rsa(byte* , char*, int, char*, int, int);
 int wolfCLU_verify_signature_ecc(byte*, int, byte*, int, char*, int, int);
 int wolfCLU_verify_signature_ed25519(byte*, int, byte*, int, char*, int, int);
-int wolfCLU_verify_signature_dilithium(byte*, int, byte*, word32, char*, int, int);
+int wolfCLU_verify_signature_dilithium(byte*, int, byte*, word32, char*, int);