Fixes for WolfSSL ML-DSA implementation

* Update OIDs etc. to match OQS ML-DSA values (old ones were Dilithium
  Round 3 values)
* Make sure private key files/buffers containing both the private and
  the public key are parsed correctly

Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>

Author: Frauschi

src/internal.c

@@ -28443,9 +28443,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
         /* Set start of data to beginning of buffer. */
         idx = 0;
         /* Decode the key assuming it is a Dilithium private key. */
-        ret = wc_dilithium_import_private(ssl->buffers.key->buffer,
-                                          ssl->buffers.key->length,
-                                          (dilithium_key*)ssl->hsKey);
+        ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer,
+                                            &idx,
+                                            (dilithium_key*)ssl->hsKey,
+                                            ssl->buffers.key->length);
         if (ret == 0) {
             WOLFSSL_MSG("Using Dilithium private key");
 
@@ -28870,9 +28871,10 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
         /* Set start of data to beginning of buffer. */
         idx = 0;
         /* Decode the key assuming it is a Dilithium private key. */
-        ret = wc_dilithium_import_private(ssl->buffers.altKey->buffer,
-                                          ssl->buffers.altKey->length,
-                                          (dilithium_key*)ssl->hsAltKey);
+        ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer,
+                                            &idx,
+                                            (dilithium_key*)ssl->hsAltKey,
+                                            ssl->buffers.altKey->length);
         if (ret == 0) {
             WOLFSSL_MSG("Using Dilithium private key");
 

src/ssl_load.c

@@ -962,6 +962,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
 {
     int ret;
+    word32 idx;
     dilithium_key* key;
 
     /* Allocate a Dilithium key to parse into. */
@@ -996,7 +997,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 
     if (ret == 0) {
         /* Decode as a Dilithium private key. */
-        ret = wc_dilithium_import_private(der->buffer, der->length, key);
+        idx = 0;
+        ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
         if (ret == 0) {
             /* Get the minimum Dilithium key size from SSL or SSL context
              * object. */

wolfcrypt/src/asn.c

@@ -4206,17 +4206,17 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FACON */
 #ifdef HAVE_DILITHIUM
-    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
+    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte sigDilithium_Level2Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
 
-    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
+    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
     static const byte sigDilithium_Level3Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};
 
-    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
+    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte sigDilithium_Level5Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
@@ -4280,17 +4280,17 @@ static word32 SetBitString16Bit(word16 val, byte* output)
     static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
 #endif /* HAVE_FALCON */
 #ifdef HAVE_DILITHIUM
-    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
+    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
     static const byte keyDilithium_Level2Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};
 
-    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
+    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
     static const byte keyDilithium_Level3Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};
 
-    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
+    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
     static const byte keyDilithium_Level5Oid[] =
-        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
+        {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
 #endif /* HAVE_DILITHIUM */
 #ifdef HAVE_SPHINCS
     /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */

wolfcrypt/src/dilithium.c

@@ -6702,6 +6702,29 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
         ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen,
             &pubKey, &pubKeyLen, keytype);
     }
+
+    if ((pubKey == NULL) && (pubKeyLen == 0)) {
+        /* Check if the public key is included in the private key. */
+        if ((key->level == 2) &&
+            (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
+        }
+        else if ((key->level == 3) &&
+                 (privKeyLen != DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
+        }
+        else if ((key->level == 5) &&
+                 (privKeyLen != DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
+            pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
+            pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+            privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE;
+        }
+    }
+
     if (ret == 0) {
         /* Check whether public key data was found. */
         if (pubKeyLen == 0) {
@@ -6747,6 +6770,18 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
         ret = BAD_FUNC_ARG;
     }
 
+    if (ret == 0) {
+        /* Try to import the key directly. */
+        ret = wc_dilithium_import_public(input, inSz, key);
+    }
+    if (ret == 0) {
+        return 0;
+    }
+    else {
+        /* Not successful, decode it first. */
+        ret = 0;
+    }
+
     if (ret == 0) {
         /* Get OID sum for level. */
         if (key->level == 2) {

wolfssl/internal.h

@@ -1796,11 +1796,11 @@ enum Misc {
     FALCON_LEVEL5_SA_MINOR = 0xB1,
 
     DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
+    DILITHIUM_LEVEL2_SA_MINOR = 0xD0,
     DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL3_SA_MINOR = 0xA3,
+    DILITHIUM_LEVEL3_SA_MINOR = 0xD1,
     DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
+    DILITHIUM_LEVEL5_SA_MINOR = 0xD2,
 
     MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
     MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */

wolfssl/wolfcrypt/asn.h

@@ -1164,9 +1164,9 @@ enum Key_Sum {
     DHk               = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
     FALCON_LEVEL1k    = 273, /* 1.3.9999.3.6 */
     FALCON_LEVEL5k    = 276, /* 1.3.9999.3.9 */
-    DILITHIUM_LEVEL2k = 213,    /* 1.3.6.1.4.1.2.267.7.4.4 */
-    DILITHIUM_LEVEL3k = 216,    /* 1.3.6.1.4.1.2.267.7.6.5 */
-    DILITHIUM_LEVEL5k = 220,    /* 1.3.6.1.4.1.2.267.7.8.7 */
+    DILITHIUM_LEVEL2k = 218,    /* 1.3.6.1.4.1.2.267.12.4.4 */
+    DILITHIUM_LEVEL3k = 221,    /* 1.3.6.1.4.1.2.267.12.6.5 */
+    DILITHIUM_LEVEL5k = 225,    /* 1.3.6.1.4.1.2.267.12.8.7 */
     SPHINCS_FAST_LEVEL1k   = 281, /* 1 3 9999 6 7 4 */
     SPHINCS_FAST_LEVEL3k   = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
     SPHINCS_FAST_LEVEL5k   = 282, /* 1 3 9999 6 9 3 */

wolfssl/wolfcrypt/asn_public.h

@@ -218,9 +218,9 @@ enum Ctc_SigType {
     CTC_FALCON_LEVEL1 = 273,
     CTC_FALCON_LEVEL5 = 276,
 
-    CTC_DILITHIUM_LEVEL2     = 213,
-    CTC_DILITHIUM_LEVEL3     = 216,
-    CTC_DILITHIUM_LEVEL5     = 220,
+    CTC_DILITHIUM_LEVEL2     = 218,
+    CTC_DILITHIUM_LEVEL3     = 221,
+    CTC_DILITHIUM_LEVEL5     = 225,
 
     CTC_SPHINCS_FAST_LEVEL1  = 281,
     CTC_SPHINCS_FAST_LEVEL3  = 283,