wolfSSL
diff --git a/‎certs/mldsa/README.txt‎
Lines changed: 20 additions & 0 deletions b/‎certs/mldsa/README.txt‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎certs/mldsa/include.am‎
Lines changed: 3 additions & 0 deletions b/‎certs/mldsa/include.am‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎certs/mldsa/mldsa44_pub-spki.der‎
1.3 KB b/‎certs/mldsa/mldsa44_pub-spki.der‎
1.3 KB
diff --git a/‎certs/mldsa/mldsa65_pub-spki.der‎
1.93 KB b/‎certs/mldsa/mldsa65_pub-spki.der‎
1.93 KB
diff --git a/‎certs/mldsa/mldsa87_pub-spki.der‎
2.55 KB b/‎certs/mldsa/mldsa87_pub-spki.der‎
2.55 KB
diff --git a/‎gencertbuf.pl‎
Lines changed: 45 additions & 0 deletions b/‎gencertbuf.pl‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎tests/api.c‎
Lines changed: 226 additions & 0 deletions b/‎tests/api.c‎
Lines changed: 226 additions & 0 deletions
@@ -0,0 +1,20 @@
+ML-DSA (FIPS 204) test key material for wolfSSL tests.
+
+File variants, per level N in {44, 65, 87}:
+  mldsa<N>_bare-seed.der    raw 32-byte seed
+  mldsa<N>_seed-only.der    PKCS#8 with seed-only private key
+  mldsa<N>_bare-priv.der    raw expanded private key
+  mldsa<N>_priv-only.der    PKCS#8 with expanded-only private key
+  mldsa<N>_seed-priv.der    PKCS#8 with seed-and-expanded private key
+  mldsa<N>_oqskeypair.der   liboqs concatenated (priv || pub) format
+  mldsa<N>_pub-spki.der     SubjectPublicKeyInfo wrapping the public key
+
+The *_pub-spki.der files were derived from the matching *_priv-only.der files
+using OpenSSL 3.5+:
+
+  openssl pkey -inform DER -in mldsa<N>_priv-only.der \
+      -pubout -outform DER -out mldsa<N>_pub-spki.der
+
+Regenerating the private-key variants requires producing each of the
+PKCS#8 shape options explicitly; OpenSSL's default output is the
+seed-and-expanded form.
@@ -5,18 +5,21 @@
 EXTRA_DIST += \
 		 certs/mldsa/mldsa44_seed-only.der \
 		 certs/mldsa/mldsa44_priv-only.der \
+		 certs/mldsa/mldsa44_pub-spki.der \
 		 certs/mldsa/mldsa44_seed-priv.der \
 		 certs/mldsa/mldsa44_oqskeypair.der \
 		 certs/mldsa/mldsa44_bare-seed.der \
 		 certs/mldsa/mldsa44_bare-priv.der \
 		 certs/mldsa/mldsa65_seed-only.der \
 		 certs/mldsa/mldsa65_priv-only.der \
+		 certs/mldsa/mldsa65_pub-spki.der \
 		 certs/mldsa/mldsa65_seed-priv.der \
 		 certs/mldsa/mldsa65_oqskeypair.der \
 		 certs/mldsa/mldsa65_bare-seed.der \
 		 certs/mldsa/mldsa65_bare-priv.der \
 		 certs/mldsa/mldsa87_seed-only.der \
 		 certs/mldsa/mldsa87_priv-only.der \
+		 certs/mldsa/mldsa87_pub-spki.der \
 		 certs/mldsa/mldsa87_seed-priv.der \
 		 certs/mldsa/mldsa87_oqskeypair.der \
 		 certs/mldsa/mldsa87_bare-seed.der \
 
@@ -2106,6 +2106,51 @@
 
 ";
 
+# ML-DSA test key material encoded per the IETF LAMPS WG profile:
+# SubjectPublicKeyInfo for public keys, PKCS#8 PrivateKeyInfo for
+# private keys, using the NIST id-ml-dsa-N OIDs.
+print OUT_FILE "#if defined(HAVE_DILITHIUM)\n\n";
+
+for my $L ( [44,"WOLFSSL_NO_ML_DSA_44"],
+            [65,"WOLFSSL_NO_ML_DSA_65"],
+            [87,"WOLFSSL_NO_ML_DSA_87"] ) {
+    my ($n, $noLevel) = @$L;
+
+    print OUT_FILE "#if !defined($noLevel)\n\n";
+
+    print OUT_FILE "#ifndef WOLFSSL_DILITHIUM_NO_VERIFY\n";
+    print OUT_FILE "/* ./certs/mldsa/mldsa${n}_pub-spki.der */\n";
+    print OUT_FILE "static const unsigned char mldsa${n}_pub_spki[] =\n{\n";
+    file_to_hex("./certs/mldsa/mldsa${n}_pub-spki.der");
+    print OUT_FILE "};\n";
+    print OUT_FILE "#define sizeof_mldsa${n}_pub_spki (sizeof(mldsa${n}_pub_spki))\n";
+    print OUT_FILE "#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */\n\n";
+
+    print OUT_FILE "#ifndef WOLFSSL_DILITHIUM_NO_SIGN\n";
+    print OUT_FILE "/* ./certs/mldsa/mldsa${n}_priv-only.der */\n";
+    print OUT_FILE "static const unsigned char mldsa${n}_priv_only[] =\n{\n";
+    file_to_hex("./certs/mldsa/mldsa${n}_priv-only.der");
+    print OUT_FILE "};\n";
+    print OUT_FILE "#define sizeof_mldsa${n}_priv_only (sizeof(mldsa${n}_priv_only))\n";
+
+    print OUT_FILE "/* ./certs/mldsa/mldsa${n}_seed-priv.der */\n";
+    print OUT_FILE "static const unsigned char mldsa${n}_seed_priv[] =\n{\n";
+    file_to_hex("./certs/mldsa/mldsa${n}_seed-priv.der");
+    print OUT_FILE "};\n";
+    print OUT_FILE "#define sizeof_mldsa${n}_seed_priv (sizeof(mldsa${n}_seed_priv))\n";
+
+    print OUT_FILE "/* ./certs/mldsa/mldsa${n}_seed-only.der */\n";
+    print OUT_FILE "static const unsigned char mldsa${n}_seed_only[] =\n{\n";
+    file_to_hex("./certs/mldsa/mldsa${n}_seed-only.der");
+    print OUT_FILE "};\n";
+    print OUT_FILE "#define sizeof_mldsa${n}_seed_only (sizeof(mldsa${n}_seed_only))\n";
+    print OUT_FILE "#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */\n\n";
+
+    print OUT_FILE "#endif /* !$noLevel */\n\n";
+}
+
+print OUT_FILE "#endif /* HAVE_DILITHIUM */\n\n";
+
 # convert and print sphincs keys
 print OUT_FILE "#if defined(HAVE_SPHINCS)\n\n";
 for (my $i = 0; $i < $num_sphincs; $i++) {
 
@@ -18645,6 +18645,70 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 #endif /*  USE_CERT_BUFFERS_2048 && !NO_DH &&  && OPENSSL_EXTRA */
 
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+
+#if !defined(WOLFSSL_NO_ML_DSA_44)
+    /* ML-DSA-44 PUBKEY test (raw key bytes) */
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level2_pubkey,
+        sizeof_bench_dilithium_level2_pubkey), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* ML-DSA-44 PUBKEY test (LAMPS SubjectPublicKeyInfo DER) */
+    ExpectIntGT(BIO_write(bio, mldsa44_pub_spki, sizeof_mldsa44_pub_spki), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_65)
+    /* ML-DSA-65 PUBKEY test (raw key bytes) */
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level3_pubkey,
+        sizeof_bench_dilithium_level3_pubkey), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* ML-DSA-65 PUBKEY test (LAMPS SubjectPublicKeyInfo DER) */
+    ExpectIntGT(BIO_write(bio, mldsa65_pub_spki, sizeof_mldsa65_pub_spki), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_87)
+    /* ML-DSA-87 PUBKEY test (raw key bytes) */
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level5_pubkey,
+        sizeof_bench_dilithium_level5_pubkey), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* ML-DSA-87 PUBKEY test (LAMPS SubjectPublicKeyInfo DER) */
+    ExpectIntGT(BIO_write(bio, mldsa87_pub_spki, sizeof_mldsa87_pub_spki), 0);
+    ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+
+#endif /* HAVE_DILITHIUM && WOLFSSL_WC_DILITHIUM && !NO_VERIFY */
+
+    /* Negative test, invalid input must return NULL */
+    {
+        unsigned char garbage[64];
+        XMEMSET(garbage, 0xA5, sizeof(garbage));
+        ExpectIntGT(BIO_write(bio, garbage, (int)sizeof(garbage)), 0);
+        ExpectNull(d2i_PUBKEY_bio(bio, NULL));
+    }
+
     BIO_free(bio);
 
     (void)pkey;
@@ -18731,6 +18795,156 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
     }
 #endif
 
+#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+#if !defined(WOLFSSL_NO_ML_DSA_44)
+    /* ML-DSA-44 PrivateKey test (raw bytes) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level2_key,
+        sizeof_bench_dilithium_level2_key), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-44 PrivateKey test (LAMPS PKCS#8 priv-only DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa44_priv_only,
+        sizeof_mldsa44_priv_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-44 PrivateKey test (LAMPS PKCS#8 seed-priv DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa44_seed_priv,
+        sizeof_mldsa44_seed_priv), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    /* ML-DSA-44 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
+     * requires wc_dilithium_make_key_from_seed to expand the seed. */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa44_seed_only,
+        sizeof_mldsa44_seed_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+#endif
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_65)
+    /* ML-DSA-65 PrivateKey test (raw bytes) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level3_key,
+        sizeof_bench_dilithium_level3_key), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-65 PrivateKey test (LAMPS PKCS#8 priv-only DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa65_priv_only,
+        sizeof_mldsa65_priv_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-65 PrivateKey test (LAMPS PKCS#8 seed-priv DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa65_seed_priv,
+        sizeof_mldsa65_seed_priv), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    /* ML-DSA-65 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
+     * requires wc_dilithium_make_key_from_seed to expand the seed. */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa65_seed_only,
+        sizeof_mldsa65_seed_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+#endif
+#endif
+
+#if !defined(WOLFSSL_NO_ML_DSA_87)
+    /* ML-DSA-87 PrivateKey test (raw bytes) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, bench_dilithium_level5_key,
+        sizeof_bench_dilithium_level5_key), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-87 PrivateKey test (LAMPS PKCS#8 priv-only DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa87_priv_only,
+        sizeof_mldsa87_priv_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+    /* ML-DSA-87 PrivateKey test (LAMPS PKCS#8 seed-priv DER) */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa87_seed_priv,
+        sizeof_mldsa87_seed_priv), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+
+#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
+    /* ML-DSA-87 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
+     * requires wc_dilithium_make_key_from_seed to expand the seed. */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntGT(BIO_write(bio, mldsa87_seed_only,
+        sizeof_mldsa87_seed_only), 0);
+    ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
+    ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
+    EVP_PKEY_free(pkey);
+    pkey = NULL;
+    BIO_free(bio);
+    bio = NULL;
+#endif
+#endif
+#endif /* HAVE_DILITHIUM && WOLFSSL_WC_DILITHIUM && !NO_SIGN */
+
     ExpectNotNull(bio = BIO_new(BIO_s_mem()));
 #ifndef NO_WOLFSSL_SERVER
     ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
@@ -18800,6 +19014,18 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
         RSA_free(rsa);
     }
 #endif /* WOLFSSL_KEY_GEN && !NO_RSA */
+
+    /* Negative test, invalid input must return NULL */
+    {
+        BIO* nbio = NULL;
+        unsigned char garbage[64];
+        XMEMSET(garbage, 0xA5, sizeof(garbage));
+        ExpectNotNull(nbio = BIO_new(BIO_s_mem()));
+        ExpectIntGT(BIO_write(nbio, garbage, (int)sizeof(garbage)), 0);
+        ExpectNull(d2i_PrivateKey_bio(nbio, NULL));
+        BIO_free(nbio);
+    }
+
     SSL_CTX_free(ctx);
     ctx = NULL;
     BIO_free(bio);