Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/clu_main.c
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ static const struct option mode_options[] = {
{"ecc", no_argument, 0, WOLFCLU_ECC },
{"ed25519", no_argument, 0, WOLFCLU_ED25519 },
{"dilithium", no_argument, 0, WOLFCLU_DILITHIUM },
{"ml-dsa", no_argument, 0, WOLFCLU_DILITHIUM },
{"xmss", no_argument, 0, WOLFCLU_XMSS },
{"xmssmt", no_argument, 0, WOLFCLU_XMSSMT },
{"dgst", no_argument, 0, WOLFCLU_DGST },
Expand Down
5 changes: 4 additions & 1 deletion src/sign-verify/clu_sign_verify_setup.c
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
else if (wolfCLU_checkForArg("dilithium", 9, argc, argv) > 0) {
algCheck = DILITHIUM_SIG_VER;
}
else if (wolfCLU_checkForArg("ml-dsa", 6, argc, argv) > 0) {
algCheck = DILITHIUM_SIG_VER;
}
else if (wolfCLU_checkForArg("xmss", 4, argc, argv) > 0) {
algCheck = XMSS_SIG_VER;
}
Expand Down Expand Up @@ -227,7 +230,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv)
}
else if (algCheck == DILITHIUM_SIG_VER && verifyCheck == 0) {
WOLFCLU_LOG(WOLFCLU_L0, "Please specify an output file when "
"signing with Dilithium.");
"signing with ML-DSA (Dilithium).");
wolfCLU_signHelp(algCheck);
if (priv)
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Expand Down
50 changes: 49 additions & 1 deletion src/tools/clu_funcs.c
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,10 @@ static const struct option crypt_algo_options[] = {
WOLFCLU_LOG(WOLFCLU_L0, "ecc Ecc signing and signature verification");
WOLFCLU_LOG(WOLFCLU_L0, "ecparam Generate an ECC key and parameters");
WOLFCLU_LOG(WOLFCLU_L0, "ed25519 Ed25519 signing and signature verification");
#ifdef HAVE_DILITHIUM
WOLFCLU_LOG(WOLFCLU_L0, "ml-dsa ML-DSA signing and signature verification");
WOLFCLU_LOG(WOLFCLU_L0, "dilithium Alias for ml-dsa");
#endif
WOLFCLU_LOG(WOLFCLU_L0, "enc / encrypt Encrypt a file or some user input");
WOLFCLU_LOG(WOLFCLU_L0, "hash Hash a file or input");
WOLFCLU_LOG(WOLFCLU_L0, "md5 Creates an MD5 hash");
Expand Down Expand Up @@ -138,6 +142,9 @@ static const struct option crypt_algo_options[] = {
WOLFCLU_LOG(WOLFCLU_L0, "For ED25519 sign/ver: wolfssl -ed25519 -help");
WOLFCLU_LOG(WOLFCLU_L0, "For XMSS sign/ver: wolfssl -xmss -help");
WOLFCLU_LOG(WOLFCLU_L0, "For XMSS^MT sign/ver: wolfssl -xmssmt -help");
#ifdef HAVE_DILITHIUM
WOLFCLU_LOG(WOLFCLU_L0, "For ML-DSA sign/ver: wolfssl -ml-dsa -help (or -dilithium -help)");
#endif
}

/*
Expand Down Expand Up @@ -473,8 +480,8 @@ void wolfCLU_genKeyHelp(void)
,"ecc"
#endif
#ifdef HAVE_DILITHIUM
,"dilithium"
,"ml-dsa"
,"dilithium"
#endif
#ifdef WOLFSSL_HAVE_XMSS
,"xmss"
Expand All @@ -496,8 +503,12 @@ void wolfCLU_genKeyHelp(void)
#ifdef HAVE_DILITHIUM
WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey dilithium -level "
"[2|3|5] -out mykey -outform der -output KEYPAIR");
WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey dilithium -level "
"[2|3|5] -out mykey -outform pem -output KEYPAIR");
WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey ml-dsa -level "
"[2|3|5] -out mykey -outform der -output KEYPAIR");
WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey ml-dsa -level "
"[2|3|5] -out mykey -outform pem -output KEYPAIR");
#endif
#ifdef WOLFSSL_HAVE_XMSS
WOLFCLU_LOG(WOLFCLU_L0, "wolfssl -genkey xmss -height [10|16|20] -out mykey -outform raw"
Expand Down Expand Up @@ -528,6 +539,10 @@ void wolfCLU_signHelp(int keyType)
#ifdef HAVE_ECC
,"ecc"
#endif
#ifdef HAVE_DILITHIUM
,"ml-dsa"
,"dilithium"
#endif
#ifdef WOLFSSL_HAVE_XMSS
,"xmss"
,"xmssmt"
Expand All @@ -548,6 +563,20 @@ void wolfCLU_signHelp(int keyType)
WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************");
break;
#endif
#ifdef HAVE_DILITHIUM
case DILITHIUM_SIG_VER:
WOLFCLU_LOG(WOLFCLU_L0, "ML-DSA (Dilithium) Sign Usage:\n"
"wolfssl -ml-dsa -sign -inkey <priv_key> -inform <pem|der>\n"
" -in <file_to_sign> -out <signature_file>\n");
WOLFCLU_LOG(WOLFCLU_L0, " -level [2|3|5] is set at key generation, not here.\n"
" PEM keys require '-inform pem' (default is der).\n"
" 'dilithium' is accepted as an alias for 'ml-dsa'.\n");
WOLFCLU_LOG(WOLFCLU_L0, "EXAMPLE:\n"
"wolfssl -ml-dsa -sign -inkey ml-dsa-key-A.priv -inform pem\n"
" -in input.txt -out input.sign\n");
WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************");
break;
#endif
#ifdef HAVE_ED25519
case ED25519_SIG_VER:
WOLFCLU_LOG(WOLFCLU_L0, "ED25519 Sign Usage: \nwolfssl -ed25519 -sign -inkey "
Expand Down Expand Up @@ -591,6 +620,10 @@ void wolfCLU_verifyHelp(int keyType) {
#ifdef HAVE_ECC
,"ecc"
#endif
#ifdef HAVE_DILITHIUM
,"ml-dsa"
,"dilithium"
#endif
#ifdef WOLFSSL_HAVE_XMSS
,"xmss"
,"xmssmt"
Expand All @@ -616,6 +649,21 @@ void wolfCLU_verifyHelp(int keyType) {
WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************");
break;
#endif
#ifdef HAVE_DILITHIUM
case DILITHIUM_SIG_VER:
WOLFCLU_LOG(WOLFCLU_L0, "ML-DSA (Dilithium) Verify Usage:\n"
"wolfssl -ml-dsa -verify -inkey <pub_key> -inform <pem|der>\n"
" -in <original_file> -sigfile <signature_file>\n");
WOLFCLU_LOG(WOLFCLU_L0, " Verifies with the public key (.pub).\n"
" PEM keys require '-inform pem' (default is der).\n"
" 'dilithium' is accepted as an alias for 'ml-dsa'.\n"
" (-pubin is not applicable; verification always uses the public key)\n");
WOLFCLU_LOG(WOLFCLU_L0, "EXAMPLE:\n"
"wolfssl -ml-dsa -verify -inkey ml-dsa-key-A.pub -inform pem\n"
" -in input.txt -sigfile input.sign\n");
WOLFCLU_LOG(WOLFCLU_L0, "***************************************************************");
break;
#endif
#ifdef HAVE_ED25519
case ED25519_SIG_VER:
WOLFCLU_LOG(WOLFCLU_L0, "ED25519 Verifiy with Private Key"
Expand Down
32 changes: 32 additions & 0 deletions tests/genkey_sign_ver/genkey-sign-ver-test.py
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,38 @@ def test_sign_corrupted_key_fails(self):
"output file must not be created when signing with "
"corrupted key")

def test_ml_dsa_alias_der(self):
for level in [2, 3, 5]:
with self.subTest(level=level):
self._gen_sign_verify(
"ml-dsa", "mldsakey_alias", "mldsa-alias.sig", "der",
extra_genkey_args=["-level", str(level)],
skip_priv_verify=True, use_output_flag=True)

def test_ml_dsa_alias_pem(self):
for level in [2, 3, 5]:
with self.subTest(level=level):
self._gen_sign_verify(
"ml-dsa", "mldsakey_alias", "mldsa-alias.sig", "pem",
extra_genkey_args=["-level", str(level)],
skip_priv_verify=True, use_output_flag=True)

def test_ml_dsa_cross_alias(self):
"""Keys generated with dilithium sign/verify with ml-dsa and vice-versa."""
for level in [2, 3, 5]:
with self.subTest(level=level):
priv, pub = self._genkey("dilithium", "mldsakey_cross",
"der", ["-level", str(level)],
use_output_flag=True)
self._sign("ml-dsa", priv, "der", "mldsa-cross.sig")
self._verify_pub("ml-dsa", pub, "der", "mldsa-cross.sig")

priv2, pub2 = self._genkey("ml-dsa", "mldsakey_cross2",
"der", ["-level", str(level)],
use_output_flag=True)
self._sign("dilithium", priv2, "der", "dil-cross.sig")
self._verify_pub("dilithium", pub2, "der", "dil-cross.sig")


@unittest.skipUnless(_has_algorithm("xmss"), "xmss not available")
class XmssTest(_GenkeySignVerifyBase):
Expand Down
Loading