wolfcrypt-ring-compat 1.16.5

wolfcrypt-ring-compat is a cryptographic library using wolfSSL for its cryptographic operations. This library strives to be API-compatible with the popular Rust library named ring.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

//! ML-DSA (Dilithium) post-quantum digital signature support.
//!
//! This module implements ML-DSA-44, ML-DSA-65, and ML-DSA-87 using
//! wolfCrypt's native Dilithium API (not the OpenSSL compat layer).

pub(crate) mod key_pair;
pub(crate) mod signature;

use crate::error::Unspecified;
use crate::wolfcrypt_rs::{
    wc_dilithium_free, wc_dilithium_import_public, wc_dilithium_init, wc_dilithium_key,
    wc_dilithium_set_level, wc_dilithium_verify_ctx_msg, DILITHIUM_ML_DSA_44_KEY_SIZE,
    DILITHIUM_ML_DSA_44_PUB_KEY_SIZE, DILITHIUM_ML_DSA_44_SIG_SIZE, DILITHIUM_ML_DSA_65_KEY_SIZE,
    DILITHIUM_ML_DSA_65_PUB_KEY_SIZE, DILITHIUM_ML_DSA_65_SIG_SIZE, DILITHIUM_ML_DSA_87_KEY_SIZE,
    DILITHIUM_ML_DSA_87_PUB_KEY_SIZE, DILITHIUM_ML_DSA_87_SIG_SIZE, DILITHIUM_SEED_SIZE,
    WC_ML_DSA_44, WC_ML_DSA_65, WC_ML_DSA_87,
};

/// Identifies which ML-DSA parameter set is in use.
#[derive(Debug, Clone, Copy, Eq, PartialEq)]
#[allow(non_camel_case_types)]
pub(crate) enum AlgorithmID {
    ML_DSA_44,
    ML_DSA_65,
    ML_DSA_87,
}

impl AlgorithmID {
    /// The wolfCrypt security level parameter for `wc_dilithium_set_level`.
    pub(crate) const fn level(&self) -> u8 {
        match self {
            Self::ML_DSA_44 => WC_ML_DSA_44,
            Self::ML_DSA_65 => WC_ML_DSA_65,
            Self::ML_DSA_87 => WC_ML_DSA_87,
        }
    }

    /// The private key size (expanded secret key without public key).
    pub(crate) const fn priv_key_size_bytes(&self) -> usize {
        match self {
            Self::ML_DSA_44 => DILITHIUM_ML_DSA_44_KEY_SIZE,
            Self::ML_DSA_65 => DILITHIUM_ML_DSA_65_KEY_SIZE,
            Self::ML_DSA_87 => DILITHIUM_ML_DSA_87_KEY_SIZE,
        }
    }

    /// Combined key size: private key + public key concatenated.
    /// This is the format used by `from_raw_private_key` and `as_raw_bytes`.
    #[allow(dead_code)]
    pub(crate) const fn combined_key_size_bytes(&self) -> usize {
        self.priv_key_size_bytes() + self.pub_key_size_bytes()
    }

    pub(crate) const fn pub_key_size_bytes(&self) -> usize {
        match self {
            Self::ML_DSA_44 => DILITHIUM_ML_DSA_44_PUB_KEY_SIZE,
            Self::ML_DSA_65 => DILITHIUM_ML_DSA_65_PUB_KEY_SIZE,
            Self::ML_DSA_87 => DILITHIUM_ML_DSA_87_PUB_KEY_SIZE,
        }
    }

    pub(crate) const fn seed_size_bytes(&self) -> usize {
        DILITHIUM_SEED_SIZE
    }

    pub(crate) const fn signature_size_bytes(&self) -> usize {
        match self {
            Self::ML_DSA_44 => DILITHIUM_ML_DSA_44_SIG_SIZE,
            Self::ML_DSA_65 => DILITHIUM_ML_DSA_65_SIG_SIZE,
            Self::ML_DSA_87 => DILITHIUM_ML_DSA_87_SIG_SIZE,
        }
    }
}

/// Verify a signature using the native wolfCrypt Dilithium API.
///
/// This is the core verification routine used by both `verify_sig` (raw bytes)
/// and `parsed_verify_sig` (from `ParsedPublicKey`).
pub(crate) fn verify_pqdsa_sig_native(
    public_key: &[u8],
    id: &'static AlgorithmID,
    msg: &[u8],
    signature: &[u8],
) -> Result<(), Unspecified> {
    // Validate sizes
    if public_key.len() != id.pub_key_size_bytes() {
        return Err(Unspecified);
    }
    if signature.len() != id.signature_size_bytes() {
        return Err(Unspecified);
    }

    // SAFETY: zeroed struct is valid initial state; wolfCrypt key freed after use.
    unsafe {
        let mut key = wc_dilithium_key::zeroed();
        let rc = wc_dilithium_init(&mut key);
        if rc != 0 {
            return Err(Unspecified);
        }

        let rc = wc_dilithium_set_level(&mut key, id.level());
        if rc != 0 {
            wc_dilithium_free(&mut key);
            return Err(Unspecified);
        }

        let rc = wc_dilithium_import_public(public_key.as_ptr(), public_key.len() as u32, &mut key);
        if rc != 0 {
            wc_dilithium_free(&mut key);
            return Err(Unspecified);
        }

        let mut res: core::ffi::c_int = 0;
        // Use FIPS 204 context-aware verification with empty context.
        // ML-DSA.Verify uses M' = 0x00 || 0x00 || msg (empty context).
        let rc = wc_dilithium_verify_ctx_msg(
            signature.as_ptr(),
            signature.len() as u32,
            core::ptr::null(), // empty context
            0,                 // context length = 0
            msg.as_ptr(),
            msg.len() as u32,
            &mut res,
            &mut key,
        );
        wc_dilithium_free(&mut key);

        if rc != 0 || res != 1 {
            return Err(Unspecified);
        }
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_algorithm_id_sizes() {
        // Sanity check that sizes match the header constants
        assert_eq!(AlgorithmID::ML_DSA_44.pub_key_size_bytes(), 1312);
        assert_eq!(AlgorithmID::ML_DSA_44.priv_key_size_bytes(), 2560);
        assert_eq!(AlgorithmID::ML_DSA_44.signature_size_bytes(), 2420);

        assert_eq!(AlgorithmID::ML_DSA_65.pub_key_size_bytes(), 1952);
        assert_eq!(AlgorithmID::ML_DSA_65.priv_key_size_bytes(), 4032);
        assert_eq!(AlgorithmID::ML_DSA_65.signature_size_bytes(), 3309);

        assert_eq!(AlgorithmID::ML_DSA_87.pub_key_size_bytes(), 2592);
        assert_eq!(AlgorithmID::ML_DSA_87.priv_key_size_bytes(), 4896);
        assert_eq!(AlgorithmID::ML_DSA_87.signature_size_bytes(), 4627);
    }
}