From 09deacbe8fe17ea7600eba74a5837663af3130ce Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Thu, 31 Jul 2025 14:14:51 +0900 Subject: [PATCH] Revert "Merge pull request #9045 from douzzer/20250730-revert-PR9000" This reverts commit 70af2be5ab9d7da0ca4ed44e56623574c4b3b7e7, reversing changes made to 46347173b2cdb6579aa58fb6682d30e5452e6c9d. --- certs/include.am | 1 + certs/mldsa/include.am | 23 +++ certs/mldsa/mldsa44_bare-priv.der | Bin 0 -> 2584 bytes certs/mldsa/mldsa44_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa44_oqskeypair.der | Bin 0 -> 3900 bytes certs/mldsa/mldsa44_priv-only.der | Bin 0 -> 2588 bytes certs/mldsa/mldsa44_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa44_seed-priv.der | Bin 0 -> 2626 bytes certs/mldsa/mldsa65_bare-priv.der | Bin 0 -> 4056 bytes certs/mldsa/mldsa65_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa65_oqskeypair.der | Bin 0 -> 6012 bytes certs/mldsa/mldsa65_priv-only.der | Bin 0 -> 4060 bytes certs/mldsa/mldsa65_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa65_seed-priv.der | Bin 0 -> 4098 bytes certs/mldsa/mldsa87_bare-priv.der | Bin 0 -> 4920 bytes certs/mldsa/mldsa87_bare-seed.der | Bin 0 -> 52 bytes certs/mldsa/mldsa87_oqskeypair.der | Bin 0 -> 7516 bytes certs/mldsa/mldsa87_priv-only.der | Bin 0 -> 4924 bytes certs/mldsa/mldsa87_seed-only.der | Bin 0 -> 54 bytes certs/mldsa/mldsa87_seed-priv.der | Bin 0 -> 4962 bytes tests/api/test_mldsa.c | 287 ++++++++++++++++++++++++----- tests/api/test_mldsa.h | 32 ++-- wolfcrypt/src/asn.c | 139 +++++++++----- wolfcrypt/src/dilithium.c | 112 ++++++----- wolfcrypt/test/test.c | 6 +- wolfssl/wolfcrypt/asn.h | 10 +- 26 files changed, 441 insertions(+), 169 deletions(-) create mode 100644 certs/mldsa/include.am create mode 100644 certs/mldsa/mldsa44_bare-priv.der create mode 100644 certs/mldsa/mldsa44_bare-seed.der create mode 100644 certs/mldsa/mldsa44_oqskeypair.der create mode 100644 certs/mldsa/mldsa44_priv-only.der create mode 100644 certs/mldsa/mldsa44_seed-only.der create mode 100644 certs/mldsa/mldsa44_seed-priv.der create mode 100644 certs/mldsa/mldsa65_bare-priv.der create mode 100644 certs/mldsa/mldsa65_bare-seed.der create mode 100644 certs/mldsa/mldsa65_oqskeypair.der create mode 100644 certs/mldsa/mldsa65_priv-only.der create mode 100644 certs/mldsa/mldsa65_seed-only.der create mode 100644 certs/mldsa/mldsa65_seed-priv.der create mode 100644 certs/mldsa/mldsa87_bare-priv.der create mode 100644 certs/mldsa/mldsa87_bare-seed.der create mode 100644 certs/mldsa/mldsa87_oqskeypair.der create mode 100644 certs/mldsa/mldsa87_priv-only.der create mode 100644 certs/mldsa/mldsa87_seed-only.der create mode 100644 certs/mldsa/mldsa87_seed-priv.der diff --git a/certs/include.am b/certs/include.am index 90e66c997..e4f6a0e6c 100644 --- a/certs/include.am +++ b/certs/include.am @@ -152,4 +152,5 @@ include certs/dilithium/include.am include certs/sphincs/include.am include certs/rpk/include.am include certs/acert/include.am +include certs/mldsa/include.am diff --git a/certs/mldsa/include.am b/certs/mldsa/include.am new file mode 100644 index 000000000..94868dc61 --- /dev/null +++ b/certs/mldsa/include.am @@ -0,0 +1,23 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/mldsa/mldsa44_seed-only.der \ + certs/mldsa/mldsa44_priv-only.der \ + certs/mldsa/mldsa44_seed-priv.der \ + certs/mldsa/mldsa44_oqskeypair.der \ + certs/mldsa/mldsa44_bare-seed.der \ + certs/mldsa/mldsa44_bare-priv.der \ + certs/mldsa/mldsa65_seed-only.der \ + certs/mldsa/mldsa65_priv-only.der \ + certs/mldsa/mldsa65_seed-priv.der \ + certs/mldsa/mldsa65_oqskeypair.der \ + certs/mldsa/mldsa65_bare-seed.der \ + certs/mldsa/mldsa65_bare-priv.der \ + certs/mldsa/mldsa87_seed-only.der \ + certs/mldsa/mldsa87_priv-only.der \ + certs/mldsa/mldsa87_seed-priv.der \ + certs/mldsa/mldsa87_oqskeypair.der \ + certs/mldsa/mldsa87_bare-seed.der \ + certs/mldsa/mldsa87_bare-priv.der diff --git a/certs/mldsa/mldsa44_bare-priv.der b/certs/mldsa/mldsa44_bare-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..56a03bf9c1f6a44c7efdf3cd1fbb9dfe78dc046e GIT binary patch literal 2584 zcmV+z3g`7Of(jG@0RS)y1_@w>NC9O71OpKSf(if_QURx+YmwBlhN9?i-dqR5*ENVM zKVjm0nRH9#$A~^9bEcE&SqE7jn>#o4gkpjcqD<4{Shv5&;yMVefyjFRZPYm|`~aPf zJ0G36C=g=!-@ps{-_Hau@UkvkK|dl~$Esc&LCs~Fpu<5aFYxAj?(H*4@Ma;!EU9Ax zm^txTpd?zb4cnq<;4p?tkYL#qfDtJo;>bbRC}tcFk1 zfd)hjqHGJcaSMq_(lP`9sclLiK-r)q+>lH{n2itwKnfOYz<>~uHYCx&i5wCV!IVhY zAS8oCa08)`k${K@Giuy0Q5-04S&~hND2|FWFw)40 zfQc9-8aN7L0EJT~0UQ@l1R+R7qA{2NVT7h-LKFnyge<~HL{pXsnx=$Os8C}DL}I{b z5s?5$NKxSga9k8X1DGMmpbVKrZXvdS8?#WNA}kw_1W-tf9D#v|Mom)yP0@lxOdygO z$cRWLfg~VC3$-bWq=1`1V3RTgLtEghLc2*~VehD2Pk6ArT~w zTtsOjM~(!uh?9^>;vxhHHU=Xhf>@M=Aw&#ACM_AkY!ZM(LPli(sR4|JU|66e;gEz% zfP~4WNXRse6QYa?muQHvWn4ln;4p+7p#jl=3E+|dTLNqV#fYLX0Tc)@0GT0!f&_`M zMVlfd1O*aEC{SX;3)+;sZc3yLO9;l6mk#ZP()n*1o{T^E*NH^j>{rc(9k>`p6XZN8wD;bnWwm~Q(CJ=l&w)atw65kl*Y1br z6pv*Oj^;A z4?}Hcx|x$gR=fXNALP}~tVC`5m8K)Qmek>rms%Tj@BZp$J8~L5wd-r5buTEIUXDfyvB2IvR8ROCl5Ech^HT73>ij*jnS)2iRzbJCl9mA-+YHb6Bab=*b2O?gkIuWol!4?Eo7tku$#lu7;7O6xjY^=C5uZ7=bqN7~0xHJG7RNAMF91JS^%+>^Z82y4j0IapD0O zt%dAB{HIq3M+~=MG&w$?gi8Kng>&(BfVfEhyM;VuUep`=m}N5lK(GXv;d2p{#3z@` zETpcPOZ;rnmDDlXGC|K%xDb6*Yf#I`6>{gyuNIbF6mVVujCT0ooP`e4nXO$4|S6yJ97S`k8>c3_OR- zvqcpltW0}^(h9b^&fO+TV#WFBSb|rE32a#M+v(p2h&H)&4&~2wc>w=*=tWh$+KVR< z1OH0|W;N)<2U#%A8x1&@DCN9_ps#g}aVHnG`pay-p;Ms|*ViW_|7~NcgW8X9io%C5 zWFMakR@%!ETutUo1k;UNUl&EKfn9+Wh>OtSo_l&?=yL!o3a^cZIIsL&KU_%U z7jYXRhAvAkRYyiRe)!CMB)7u&2&IXy3)SSbzWQ&+FYU**;oVCoP0&{d`}d&7&If&y zFz}*OGe@u1{k&EUvP&yy*UOa^P(vC8ZpEem={oJ-O+Eei|M>@c1w=?_Vr-Q!4myfq zNku*FZHr(_aN5e4xP9RL-mN$IjSOrl@vb?XOaMP!qaIqB_(|qxJBx%vAiv$OVB?g? zm-GmcAEXc_b7(HP^4q(p-n8Y>QpKG72MB|q7r)j~xSGB%jB+kFaN;dUP-k@OmJ&ao zRr5>Sdl1-{1BVOGR6KX$L+VwCJEJ%e0$NfNXs)F$hI3*sA=>vN15_4l1^E0+shQ_% zjvbufw{q{M3y&4}&}myoEXIX5_!xSl-fBtXuB#+5Yd;pfK>3iMSqf@aIwFYnR=j{p zV=PeId3GC|Ml#6W`+oRx+zhZJ1GwaW_E8YF9`6@L<5tkFFxmRV0>;z~WbdOs>rHL% zn@->zMcNXov2$4nDBru9~MExDb2%rCiuj>_}H}v)iJ;0ozjj>RrN7 zL4r&HsHCP^$1figN4}>;VJ^bDkX?OLe5-&N1K{hcm@uRFUrs$2R^&OhqaclUvSv#^ u!iO^(iV?d?)$Sclj7|j(;4v&E`o=zWRL|+ZVbE-m!duXj1g@KeZcfY|O^g@- literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_bare-seed.der b/certs/mldsa/mldsa44_bare-seed.der new file mode 100644 index 0000000000000000000000000000000000000000..809ef71501e7665459d25cf92fdba029f1f6ba44 GIT binary patch literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(WKnSE_^iQlLe)HWTF}yKOZ|gxU8y*;@Va?J!jm+H I;D)3(09sNK2LJ#7 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_oqskeypair.der b/certs/mldsa/mldsa44_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..4669c183e65869ad2d03c71ff6780d63f267869d GIT binary patch literal 3900 zcmV-C55w>NC9O71OpKSf)6AFf)5}+3C3$=F*V<46uZY|vWmx3>bJS4FOR_*68O%Ly9$Wb&ZbHyTE2tmIk{Fetr~ zd%XyiKx7kII0V5&a*#AG&;%)&z-nuz=Y{1|R@3BsXdq zwQL9=N<@ZGSpba_KunT`Ny?;P7%@y+hy>si0vn}h%O(QR$ZZ3VL6pW#fW#pSwgo~Y zD#Er*$s{1zG>#GpWTCbNq%sK61`YutDx9bR3%6_=280|pffBQb6R?e7CMFXhkcogr z8KE&4r6uF0P23PA8x~-LCI|sJN&&(5ASRw)mAd*NRFd!L%S*C={AOyq| zPMf%aq=0dfHc;FKas;N3;1njIC}G+J3ZpbBA{k&q6lL533fRIiAQ+GXGKCujh*5+s z5TPMk7%b72iBJL!0XHcM6ABaoBnyyjk%EwvHinvljFLuZpn!0SKnS8VgyJGmU;>Z` zAVdN{jEaaT!M1RT77D}^fDi~u5<~)IHbk2QAVUC18b>IU7>&}942ULx43kU~f@E93 zAB8lmuV|G%}%tB?vHW1Gq@pKy8x(EF%?UkwRorLSm5skyI35j3Oz( zHcl@x?N@%=gv4Nl5872??&OZs7Hi=~!&)NNL3q;CDT95<+qnKsWTpDW z(f_4g28N#7_;8`vkQMil4-YWq{F|E7l>E9eb7H=z+n5P*Vl*ZBC{aXeCOa34_t4>? zD<@6%lhSB(2h;2g2nT~YC;LHR)1e%1HIU6!J7UQZsy$cv9dJ6p7-F!?Dx|5_{5~%T zwE_KNB1{u%`F~$4KmU)S3^@*0I$;l^fq}NcjjDG9iu=VZ7&f_y#3AtlXks=tA^zLI zx8tFSus~uK+d_RiL`e>id#+`UB)TrwePCHrn8Ur-;U~nzPboKH#a~WTg%`*b9oysH zPCk?kY=B4QvO!u`-3;UOUHelW|UMTisFG8fgWSjrqq7z0zn&A&I{{@OMrc5O&n39Eb9- zFP2AlUV#H#9S4dvofI8x56!*MC@r;l@S8B3ix9RMZ7wiew7s`VQM6C*m2olu4C}rw zR(fBXQIQ5ph2D*pEMB=DF-f=%ED3o;Cl!i1!4D@#2Wg%hQXqDMwPRCHI?@!y;i zR2dA=k&rPDEXid^VabuzKH2wlsWJWuTz(11(+K`whJJ4) zV^(#U<2`8|^?Q$LaN9Gu*s{b%i7q%z;lP8B>(pNeV856IoXlfAOopv|VEg`t`$Q=> zChgEl7|KuLH0mNV?4L_~fr>&mq8Mg8D@1EAfMPd&zb#8nF<(>HdYL#Q8f;nsb5~w< zmlK-8bs+t2F|j=%HzK(#;R%>~@X ze3!it!_zfA(#+yUKbukbX<22n-6#no8NIKV@sHrblKQ*cryE~ZAgRE!9Xz|1CD0Je7|wUY~?hD1YG3z!?Ufj!1S__=14!)$bo zPfVhbH^uD5J(Eo(J{hP)^o?-dax>nf7Y)#K=I;kJ=;w*u&K49NBf^|b5C-|N?4zzC z5P62t5JASTI;Q{*5_mDIX-hIC3GvKwhrKDVxOd}S3I&v0MiV)EL?|k<`~5M11O_o$ z1gD7Ob`Rpc(43ldL84H^TDoT3Xr@LOeFZVq$x`*I0K5=Q)_Dx@YRQV0+t7-vR2QC2 z0+7oLG;z=>qS1-@4BZTntzJ5nL+@f~QS z6kP8SvLgBSjvY5GR!54_^tq>E87)$;Ru5T@tUB+nZ4+Qa6grnt01OR4Kq zoJXK%Ty&JE1=enWI;&B<3zV7YqfDrfasg)s`;(<`gf2-mzY^X1Fg*QWP2=<>E|ERw zXu_xtWypyqaY45fbFvac$}8R2$rgnnX`gn~JAo*lV9T{kdM=K)3ed0LyRUZ1@S&V3C3$= zF*V<46uZY|vWm9dY4#Mo-!h6fq|ROr1H6vso;dOfB0a6K5H2w9J3q5sw6)mU^ksHu;M%7#7aqY zO*59M!j)K!eebhU!`PjmzRHfc1ihr`)dj23WySYke1$rQ?$6{U^F52E3rCQ2Ln`nl zbMTrF3x!Z-o9~<)r3v^B9Mc!?Bwf7UYZF6a-c&5;Gs0UyIBZ$`4~Quj;R|hhpb|I+ zxWu`2DUNuD?8%+|O-btqa@w<}%Z9sTmr{SohQ+5QO`$g@Ts@{lGPa3tHZn@G7<(WY zboE(xCBE`kaU|EP3mb;Lg0^&Q6KMy;Xu!;BfNl z>_7lGja9!TSufOohWu`iob41JI+~uWMOHP(z2#MuAyp4m75cY%?rnAR2%Mcd$m(}i zIEleH0|!BqqZVIj9-F9TlfE#kJx&ss?9!*;gyx0Lmr&MiGfM6XlxO}u+!q;unH`)n z#O7iLwWCK4sX&WW-O(C)?J@uUW3~h+kwn)XafkIIGiWm)CtTV}ETM*}D(r0h!i+FN z^z(bKQT$p6*u9Yj9wfV?G8GvlH1f zEh}gYWvxa_7=$K?G5&zY1U+?{Gw_NTIwzCU1^G>vXySAn4wOaxliV5vEQLs=LH*~n z*m6VFf;5tXgx00#AN3bbqC+G}G`dY9mubi3=N*g(vV@rG&!fqW^zXZ`)?Z%dmRe4~ zof6U+C-(q3+*?xph6ayKE1n4Do}6NbNRo(9 zA1yaq$C%$VF?;1`!NwchaIgA#U)tkMcmFo)ZTu{k)~UqarWofyj6#H=K$Ri~eO(BO KKaYECX+EZDt>yIq literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa44_priv-only.der b/certs/mldsa/mldsa44_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..81fec03b65110013c2cee6dda09e99701c6e6689 GIT binary patch literal 2588 zcmV+%3gh)Kf(jS{0RS)y1_@w>NC9O71OpKSf(ir#f(ifx_j-nIShJy>j@+xQ$tNHZJEhgvBz7kY8RI~33*u+RpTAq;-MVwBqLz}PZ%>THxk@Q{`Ist zFC#(uyI4=yvH?Su5m6Y135SdeqbwvS5+gE3p&$v=K!BMNMI~n3ibNCQ+b9X$nSap_C=$5^7mCN+1X-VlY9G z7LnN)jT{jSqKHJ)f^h^la1bPrqcCEbNK68^fMBLbk)Q}+Gzbicg%g%An>KRb2ohA5 zkzf*L1TX>vg^(Dx4I;roV?<7r27#b9ZA-{NB1a5~1`!DZY?3sH8v~M5h)p0u4iTv- zNkj!A08k7iiR73mTewgF5seZ6CSgEAkQM?7l8{-1DN8U0o3e01B!rMeWLY2xnIb~S z5;2ezWl<<(6o3R^0B&LiMpJ-b;3Q=T1VRLsO#(P7kN^S`5N(5|Nkl|ZA)$#2u|Pzm zjT$F#WVV4=#tjpd03f1Fc z2*QjIB`PEtMq4-zAv6ksl7!r(Z2}~4qK1J4rj0}xDH+2o2tp#sk|m2qCBg`ik|
kOd5gNr{k1ceX;dH~fFf-oMI?+SGS~t{VI)LK zBqm&xETl+9A|+&lG9*;SP=XXF6cCakq>LIz3JIwROEwJxqG6QC34{_v(lme}p&;VM zDOn^jnvx}12rQA5C>h3x36gD;K#5o)VFkOac=q85a=>F@YpN3D`uE z95_hg5^PZjE}0~4A~FEu1OQ>iO_R8Vn!texxiE|<3}A#HS)_4U6b2&@QdtrVOQb-| z2ni!JaSNp^5uj)ap+E=)WMn`r9GN7@h)jz%L0Ym&O1245kU?XVVFD*XK|}>vk!Y8H zgI;+9?_gl2_zq_gUwG4|?*hSMyK6{IM?vSw?*di+XPdORvUSH!W(dO+nr_7Pdm29} z`lP51!|19;%C&DNHVe$wv((x01;mL6^&HUjeuKM3JG&2X5G!R-%$1G-LRd?UVMqv@ z^(r>uVDX1)=U+I$yy6kc)%mKGeIWbk|L#MoiQf0_0O5*Je#`WW={J=d?+Q^7M5t0+ zs4mHaW=lWFx^hGz^Db(lhd<0>@MAXgbbf!BIl05@8Eh&k5UjhtUu?)gw2x_B z!RM}b&F&D3mny0F{;7hA@QKZnl#slD<=moSRX@g}5X#y(G0>Bg&0$iKVb=5D@u^2k zvB~8X)m|pnf$MMg7X4-hh0`&huGkr+K_G@pxf+w4bk#$X(rUJYOBYLC`G@_kSA~}P{SRP&~Cohv|bU>q<6_asy zgdx|>Ow8Pvvj-@bw64xd^S1t~f_Iy#`pgx%KJsk6ef4)it?C5)7i+9vA=gFo1@)X3 zi9OTz!>Bi&QR6EU#n9?oEW&?z=vug9gKBPMhBo% z1@2>-(Y%glf<61&l5r)|LFCf1`usClF7>r{`+&s6k27weomqXXBu(w_l3gcwBpjS^ z!M$Llba}V@Bbdh_7`jJ8c=Hj0jn^|1cFq>Y?H}khZu2Mmq~N2ja9yc2?;oa=pG4Ks zbfQK#7zeyhKR$TeRCH!N>-D&vmgNucDwTAavmQrl>wPqjQz5OUg%Kzf0ZLjtxbe4l zE&J;x6C`C1nwweo>~2(Qm~g2mbf~I%@~%0R({qJZp%;ndGlu~eLr)94qs2+I8tOW{ zbwkGbHO0ZU=elgO=KvN{r0URgC!}`n(#6O;!}-AG|NF`+&Xwr&DHeEXtL1=HK22W^b=`-!an%)(;QTLR9_GyW|h;I7)K5W>gEfP{1~w1B|aPZGDR z5Udeva1tulS}P$ssy|Um_j0zsRs~!;zbd&Hm3KJp1pcp|!gu)|?jRDnwTJ(NpmORD zr9kG1N9P;7wruEpcqFnl%!E?QhP!zT%heydRj ztJci7B#AzU^+aA&w!rWo37>A;3l7S->s{#RyWt1WA6z3ciGB;kbDpXH&$X%ggk~fj zI^2w+tm_b&9sqzZ$=@URQ3D@JtQs+4BX`(QoJ) z&9FL0?68)=$<{EX^&mWX8&P;ob>Jth!F$lr-wD3dFW(=lXW*OaMP?1I*}xpx1kPbR z65tW9<96o5H3JlTt7<+-`1zlofzL*dtE&1{Bca4Cb~rJr+{F!QyI@WnQgYjn@BXRZ z#SnSa^v<`Rx=&jXsED!+$9I7FCAcrKb5Q2^W|Ri_(wBre zl*4(n_(zv_Mn$lwQElw|Pg$#p(WmI3_5q1#8xCDF>*x&<@blc$#5Th2VDn_AI&@a6 z@Tr%VZID56S6m(++JwuPaz1*~T{oo@STmmW^p-(Hd6 zF-~W4ije6j!sp646ccdr{#wX#?|37Y%BIL9#7Zg{3l!JO>Z86Bnx!%157}4Vw6vDK yU|cgWK&svp*~p;7GG*2ENC9O71OpKSf(j}yf(j-CAP1Q?FwyUKK6QD#Kec%J z5GHqdCmA&NXoJoOw!7&D7zBa}0G)egg_^U=-xiH&4@KiN4~?+?LE@nO5E=jNUL9 zX8GA0@y{~Fct`>SvO5+%>8Nah2A}k4cYcO6rQNYfAmA?-E8JrFlU^55I7)&DNCqSb zNMMq*Q4<9y8n}&#v?!3MWDJ2s z5-`I+AtFX$B13WlMv5^UoZOJf&z=VLD#!TT5k=T|n+O}xO#%1FMP+Sxd0z^rhqG(z&kWzp}046X3 zMoiSmNu0Ql#2|_c6%7eDjuJ*i2qPsSp%H+PWs^p7;V5lHmQjHcfCNTLix6!SMp08X zO5vtO;35G?rT`L=a3ixo0;px%LI&UlYU7q+NR(wmB5B+rg`0$lSr}wPupo=5DOfNh z3KxzMK`kV>C5aRu6hV~ArY|z1B6TqBVtg7WmFNgo4PyWhAT44hEJ7x15)&@l7zhy|E{d>m0l_TeL}KHV zC<{1nKon(Sz(Jt~A%dbrl&~xz5RDX;aS{{-5hnx^mu18PZdk-@zz}eRz(tu7Qh=z4 z)3_)B7jOf^5QrEGQ<6Ya#vqfxfuxX-lad7@hzQ64Wbhf!-!~aD$*&4LN{^hgv`Q&l zZPI}dKc7t_7-jAQr|T4%z^iO7tude#fBh1}3xeSW?fq3(+|~VE)-v za{Jj_EuLRpmE-s&Z4_`M_!R^s6cwwbGs)onoU=Vw@ATq_A)C}EK5ly>o>qKk(mCo< zwY_cH0LLB*?rj$Pnl!G9g?nk5nAR008BYnl;0Ae3sn;`r^}7WTQp>!v2^200-9+Rsg@jHC+6y3fVJf+2oP^-( zyOq!}U4xMozbEw`CCSA|sH%+o>R@`!my)Xo$DRvRyg}T5_la^6?u8hJ8{kCYPkVJe zC-;KxIQL=W$)(#_{~!%~xY8`_h+V`32xqi%J6y&Vs~T%^nTLRTT zl7`L@Qq$cP6=kS6!k8yVPO;tvi`h2U5A`!{Oq@x5jt6;n6pHFQhQzP=Opik*zocmN zv**$S#DyHy3K&&U{;^w*dF=;>eY(^Mn3Kz?PchEot2**+I_pm?8f)_Zf%^0`zO_yo z>hchKK9(4;3CiP?oA~SKGQPV(Xtn{3>7Ubo{gL7; zz)tx>TcYg9H4iq~(THWDD(X;~8Bj4K5PMcUgi{d2*^ zh3C6O=V6`z0}2@AVunT7`de{Eh7LN3ZL-%6*JVD;7Ui5R@(x5~6#c0$w&-}GRHH>+ zuoMFKq2Lx+*~3^`=5nVBpELN?7*rmBR31@jQ(#x{`No$^TbSk=!L(uRJ;&%2){;ql zMjkpKwji@5;P^S}$$iT>m;;rXnQ5-n3?5K4ZG~zxFN_0fq#FIKiZlr6h_;})mZw2C zf9Jx{ujOE92L5n?fVBSiZHVl~kT?W1BpbL_hCtF8?4dRh{~|PuF+XFWPtIp^TzFlD z$k;$yK;MWx^KJB-wkf{{-PutmrkApBVecHN0a7c_668Rp>Lq}>fMJKFjechD_84aSsRgS}O$FaCvs z*{P90_RRT+x^f9NpP|Kk>XX#2NUAQ8lP?=)K8Ft7pdJ~GCEvd}g5P?4e3i1jCo4U6 z?*%ygia17X)v7sbsmk@A{ei+yrHm4gqXXvsd1^>$Y{Pgkoq48#r}XL1PMuf*5bZ1{ zE?la}&{yvTrRSfG2dCFa1$%H8tmD*536jK)gadS1VPOs$3?Gb6*=&|Vtdk4W6l~Zh k4x71m4b|O(2=$5EM23yBET{%wyi9W^{xT*!GlSX~$;(=rr~m)} literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_bare-priv.der b/certs/mldsa/mldsa65_bare-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..07d42314eb60fa6697b6b1644b9a430c3c0de975 GIT binary patch literal 4056 zcmWNThg%W|1BaPH=LiG=OAAE-EmM|YSpgzoW(kU5Y01WHARt(dKn3ZpdD$M94NL7h zEiKQ6X=&vuO)bmR^DEP|u4~ymzxxk<&-=XZ^ZddJX7+%9fG}5=8EFn7Pz{EFJs|}% zZ+_{>z4&p4c3DW*FLD1)VvlcTJbix#mdO8;SZjCta^kxqYK|Ol! zT*!&3iS&?7Q)4wT-Q>}RZ%unIFdx~OW^up$H{zYwe=TZ;#wMQ=#F!hOt{Hh?33bCy zmW@|YeCqZ#FWb_1tTypY3YmqMQVXIybw)ZNjSvMfFtZcLcza4ziNinM?pO z(;#($AOS2V*9=#o>68R87OjPW;A9cD7y$H?fJIaEHe z3BgG$qal$XgRwyYx+pZKh$|}=i%3Kq9V0KwMg@v3{&*wZOX0~?cxfq~3OfiUU_;r2 zY(CS^jGDKudbURj_plS`IZSezKm)?09eP_w^*hYi!Er3s+6K!wv` z!;u{;`ri>F0N(og^x7z$C+!%S8z0aWOfMF%mc7KuGj zz~w@qnJ^ASVlgDj*%oQMvk(s}raQU(cu#@DOybi0kP;NcLcwL3X~h~@w1}Y)aR6eP zI*E*<>TMR81y)Q=q}ZVBG&nj83NewSRGp2)(qXY6fW}MW2ji2pOhFO?%`-*YRBDP= z10WNWo;-gByhx7b_+bThDH`A>N`TQdB&IrCWu&s`Hon&Bqy|FR_IR2@3)Z86Ryq%d z3sACT6d_Ya^YhXo0&GZ_z=f(ec-g`PLY<2SR|q#Kle9n$1IQ{O(5V1XB1Z?o@)D8~ z3lr1AvEcADE6-1xL@QQMEP5`&$p-RqGs_GH zDwM~T$2*V&M?!)#AgUlsz(v`)YJ=6k02AosNg>4e0y1AlB#0QMLJ_GDs!=hl5L>oA z9+kz)mKLEv@<2d5#or}Cl0@S|nRYPLiL#sh0f7HD0s}~(B3-x)&on1k^%%Ys5fyF% zk~vmClh`8CAYlGHB%SEO!;$0;862IaCP|8^`b0%on9vZQXR;Jzkdi`nB4my*mN~(O z_VVP2gh(~aXpm!6Y$>HcWw2)z2-CD`SdlEPm?I3gMYDh|)@-~ju!wCS;X(hQBO5?g zFe#HQRH4;oY62MnKojK@tU#1WEbvzsQE6~bk`5*Wu{2yED9THpq)=15Fi2Xokd$qa z73&B*qJu`!;KKh?&QqE#kXw^@SwucmnU$@Sh&ARwMiisSArv!^CNr6@qhz{}oQwjR z;@rKb>5T0wOTanpyshyv2*|cYI#(r&2`zOW@T235$ z1mJjA1IiA8R-bd*+%sSL@9rH%-_JF-7cI^l@!l+=WsKyx|E+%8vz;opr2pGOnKe5< z6~Q*0*`3_pPkHrkU$w`!Ft_8$gM&v(3m*>6kARL%3tkO8UiIYD{2lIV*G==>2kOz~ zIjFXZdNG+EMCm8)ygv&8zBY&NlX@zosLjkA_F0L%o3}fAd)mzbP;ZCZd$#5FWwx+j z4gUM#?a%LC#q$4fMysz*uY8*!OOO0IF(ZU=7#)hc>6S8FsXUH5aVxIDi%ZBnyd~p& z#PRDt9a#JjvZaM{&Jvnem$OV$e}5q+#{FG))wuD(-4?_T_!?gGF|V=Ls&9rrSI@-E z|ChI*FXL&`aW$EL-kRsc^;%s^UzB6|3xVF{*QM1>WgQ?+!%Ri_`a?OXd?gB-Q@Mk1 z`S`~e_qjPIm4n__cT|7PqR&t1a63d!zL#@sxa6e+MA5gd3-a*&_#%zJdT5dR8sDP@ z8%os$G3pxD23peY2X7+)UaO`DHXp0cNEZEC%=l&OZ2fpu0Z_W)PIb>=p&k4iE$d2j zHj>mYa4q`F5V~&gh-z!c!RJ?ZJ^MqwA}6GCOCF9)vL#LUW z9~>>#e<*9Eqk8Yo`1qr0&t+4^_a1cO<*jK~d8f#pq5!vS2_mj z%Eq=*he#;xm%sb^KlXH0YHp!oo8QZk?C-SZRK~pQB^%aHH?2SQ@qe9r-;3UCMLb`a z0)qG^&vX6!t$F;}xX+O>%v4v?qoNxTb?=7MHlM`d$ck*hTFHRxDD*4j#ruw#8u!&v z0u!ZGDQ#(;HAnIBP3Y8GkF=-VC)SnTSmM$hH6?EB#1nne-#=@P4NgtEl|3@D;YSd6 zOaH}v*T#?QTt4Jot!O^-z(f3%4jPHMF?#US{ZQQYRq_a8?rOI+^u|v&k9{mjiay_p zw4D^_b>dW%|i+%Fx83sSN!B!-m+cTOO6XE#BO| zpgV-MV`AOI4Q}P|F#OB@(?Ji`Zdx(B1%imV718o=+XC`qc8GnoF zzTeTNmj##3$#^&3a9TPTb7aZX+2y^D*9NF=_>{B?)ptHm4)%&ZG!Be(X$m3mPE?By zIDuLJ&YOdO>5*gcyM21+$*9qajOZm-qiS^+Q~K?QsaFH1v?kBwIJ*q@Y4T8j;(P7T zGw-laU+k0bi39Ik_5`N{1)cCJX74RX@9%zaea}-`(c>yHAXa!K`J9@dJqmxuq@e`aZXUhjFXT+%ILpxg~j^6`s#nie-`v@0bNzjwL zkA&Pgn6TvSJMPO_vlpJWNjJa8S9^drGWA1$LggRUu77sSHC-OQ<6`N}@^Oo@qU?TT zknSGLw(rK_`0@p_l({Km`Cpo43h%wn2WXIrQ7MDg53`VF6@ceee@X+(Yh@!-}1U=7{E}uf5EgxV@n7 zPKj;trsdyjpI)13?R!!w@lGlE^>A(5+0RvLHi3x;|G9p0_LZh#3_uW$Y`gXl?4md@ zZth-Z^j(|JkJ4#MIa^C-grxp{T(M?XtCbvcIH6DZIS=ZyVY?{S?>D2TwqhgT=wAuX zNwwQ4!w;vo&vo8z{X>_0VD_rg_1`Xs`w}Ld`PohwMscY8^)AKlV}8OfGupR`IdJ_4 zxbN<;NygBj@k4JaHI#jG{p!p1eQre_&C6#Qi6#A0bxg>+@JLxezhC*t(r9llLbQ7B z{l0|%vbWdl?EM?ZpNMh%RTJRq+A^}>V(mueAwB{#x!iRN7j_1oz1tE$sGdch957#nY4J zbsWICt*eU$DHPF-ZDoWd6Ok|COd+R+`-BTq`D(*2tTV}bdIGOpIdpH%C{eVyq~*F4 zR`uoP+ba2|V+fbH#VZbeYKfOuwS8zD>0Ic!=txj~&FK3Y>&lLX{(eHF;(F@N?Zn;@ zA4}uAlW&Z%S5LOrO6dL7$D%X;JL!TwH6Lnz!H-7fT&^z-*5O`sbVmv67o;#s;JFbs zpzBR-Ufa6*a2!Qv!Huu($i*FR2ydEhIH|sut3Q>4pigQ&5Dk`lU-X}(wLS4=^U_@c zVwZmji|Z?Yw{&ReMX@x5Bjuvo|4_$Bc`JSgI(p-yb+W#g5>X9tE)03U(W? xFyF;Xo6qb?8p8CZ5@xJfSh<#-H{JiSf6>JqG5M}_0T06DCu)s2%&gX^{{v3rp2q+H literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_bare-seed.der b/certs/mldsa/mldsa65_bare-seed.der new file mode 100644 index 0000000000000000000000000000000000000000..53011bcfdfbca2c2a699ecaad75d4769740fe9f5 GIT binary patch literal 52 zcmXpoVq#=4;AZ1YX!Br9WoBU(Vo}hJ*I0Uc^}5#|*&S5Bx_mH<&*JUw>@2@){&ya4 I@sEJ*0CDOP$p8QV literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_oqskeypair.der b/certs/mldsa/mldsa65_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..4c43bdfd74aff3836b0a116a0dbb0ba76be206fc GIT binary patch literal 6012 zcmai%`9Bkm@6m8~M7sD=HHp~&l*j26>J4(vzBJXm{m{LLq9j?$xrN~ve zDp7Q(C=^NLK8mP(KmWn^hu6=~U!ITW~yol9ln z^}C|~owrZ9qX(>WU(@b&pW;>CWrW{Skr#u`8|SH;5B)0faie#x%ZmTDTCNJ2N~Oh{ z45iyX>A@qM3Zd6b44q;bJ6ml2?&a2jm|Thr&p$lL)evnRhLakz!=nTkcLy~jSH;BG zGk_{MHpazDiczx+O+t#404YcaFqFYS=0*S!1(yuaXRAnd@V+SXB!HDDK64P zN|dFN%~I02Zfq1G6e1-UC@~0?bCQ%R(nyAg;gVEKsgi2%p-uwOpn7hh;aH)a0vfJH z#3iJXL0~n97-=Y-fnjoeJ$PIf0R&G1LTJ%a0n3#k_K>Op**IL1UqZObzy&BkV0kRK zU5d(z;i6})2;)gzp=i7{7zi_lijBn*nT5oe;N~VUh?dZdFo{AJK1`Cp3S)*_P*qf8 zFbu8_V;SHGB1xhpGt^R$6r+bDCg>-U$#{PwHA6MHnlC$4WCd0NM2R4}h!PV9U^v8} zt&LbbK`6sb31mV6E(SbxA%f&4P$aO#R$zpi2qtk+;52~rP-k;DqEtlyf()4?cbP!~ zQfkhFAnX}>M1sE+R}hv!fpftuUJ8tv2xPd>?1{!Or6B={Wh%vBu0^y1B_$PU9!8=9 z{3tQLa0d^GVHi*B%)q(ORXl;njmXv`aTD#6$@XD_@TjYzCA|`htE-~gp zT39leY%XD)bC8VWYs@r4^XbWQD$~QC z#v_nOQi_K)6Gs42q#}EUf=`mN!CW}OFUHWpil`@-I1Zmz_uGkL!M(@H;?M~qSr$6!)YTn*jPZjxk( zp)$&tOmk-Wa@b++c%qyQhk{^8KWcO;(kdYu1K=8RWMOy|OrI!@RyT(UlEe~)t1k(a zWUun~NAXx-sYF6RvN3OK}tnK8o zP@XDEfmKjku|T1KfN?c4v=FB1xg>%BC=C{dmC68FfyI^}JRYYWBXFg_ct&ukGfL_a zW8o}f3;a1^HGHxQ$xp*yK||p!HSD1rNTP%R6AAr{NlbNsp`{$pmk33ckYsd}B{Vf$ zsW7WE5uT?jV&Qqx{)22NE0-4VJh<(0(3DrE#LbT8ZU?)Zxw^OsXpq z2vQ^BNues3IWN^0NfzoWk?uHip&*GWjTXdEA#NBLGRne|6D|g+3Go0lmCqvsfgnUo zG9^q6Dc57N>?P_-3Q3JIdL-n(O&c6g501Ua&izr%?%GZGxwYcUv2};B+0c7ey$3wCj+Ol*40lxg zJDN|p=htjfpM0#RULkv z+=2))`b>{#IezA0`psW{217E{>TGn;kX7X}#b@6Cl<8Zu{M$8pR{EJ+7RnESTOv(~ zt){!Qzu&&$t*aLDB)(+w-0Xv$npX?0i*6U(?|zbe(8gwgE#TCL0@V(rufCtQw2Dz% z+!4Ox+FpYHWVqL`7bY&nIP#Vm@Z24G@Z~waRD$LuwJnkZY0;afVyT#T*bc-OKzxHAe><10_9(ms+?N4Zi-U5;*_FwmT;nR`+yyUh` zom`xzD2P8W`(tx$+Lh-)AKg+fCNel5%gJi_bohHf0D5BF=;fCCBgA`4h<->i=jmU! z-KG1ozb5>O-2iM`c6nf}uESXnm38Cw$PWgIsN0^mhGm;eY8-OL`XVjgW4&qt8qO03 z^Qos=X$>2Sa@wqW%1IaJwlK-?&66vQ=X1=a8m;cSpUoe5AFj~%J{>l2`p=bwef*;i zQ{K%F%J%rXbRDk!Svfzosb?k>?$p=$?M>JB@_AY)XKlAbwXSJJ`-7aQxrwC`ua!CyCTU(Vcf__CpA ze6^a-HpMno$lZa3zQ(h=ZQ->CJ1jF>!B>NFPiUhq?A;Yt+`X+W+C_J*c`=~AaC_gR zExO?u-O_#jP^+1N99i+(WYo^Tsbki*aq9_6x;FJkStIkE>|>hM#I`2Kz}rKvx%;1{ z_P%Z*_{nOV%0iV{+hI|fMgOt8iX(sNoM}Z5n73vRHTNuC80@S3>eVjT?9{I5cDW|! zd+iEaQKP~H|0mTx!0)^jcls4Iun_#`#MPl@T92(dpbynYOVc2A_&-c{kKKM)K97)}wuMhOzBp^wwFbu2dz|UL z(>35zj3ZTa>wG>u{aKiV?2 z-n@5V%Vg#C@BTe~?{!drbH@WrizaB>PF3UZ+p~MCclO`t(Q;%hom&?;px-lfRK|L> z>#+S|B#9x`DiL4Vvi6F0QU1(|9-s2Iw+4GV|AJ=c0U_}j=I+Y_<%H~+__X#rcWyQg zKJVXS6dA0Ai&zzxuYc2Om*F>jQbPTM#GT<+Nvk*X%=sJD2lr22@{ETH&0%q%4snLm<@c-gP&3 zT9`)N(KYz2`-5QCW7}iXiD$@=%aOyK>-VslQR0N{@n4!^H=nQ2Idf~ix@1{JUDaI> zZhPa)ZbfXa2CP1&PH5ZNC!FE$g;q|$qVz5O=SSB5=nZ6jy#_8GH{R3jcsaBz|%llR8;HYt^gjH%z+{Qvqt_)#D^p z(e?-3eXTc$dFFAvn+~3e{jdqN=8gD7P*%!1O6IO%aWx`NgP7f2?>0f7-8Gl?sJ8RD z3GT@2$T76MZ>KE8T5|8|!t8?^+%CD?a%Re<8T-xB93cBd)$`|&zT6cCH(jAZcXiFCFtpbnZ82*}w5Ksv%Brf|HZ`p_ zf8XBsOg-4rs%S942z6?XIaYYY4d1+o$m}Rwi7OJo)O?H5YZa?`i}Pi#^!_P&_sy&3zEanE8hr|SxU-)8S(ssAiVoX7zvffK z=yk;U=+Vm7Z@Qx^n(;FhO)E!=&QPiW`v_J zwe0%DM{>Ex49*mbYmV`fC9#g0>l~jD?D#jar^gCyfU$L8$Sf*uT~j;GOx(NvQdPrp zfNo_{t8GH+mGl$t`>)E{2Shr>jQjl}YHCTmSaNj)!oFtv=AVAX59eQXnonGMB)=JF zkxb{v5RNzo|3-YEuI2*1@q@k8=Tgwq1F){m2gQ=PIq_Nc$Jx+%7n( zR~uKy$60UJe$rCvu^d;QmXLVorSehQvtPp_b(aF#>8hB)rOE@Y~?taHFMVv*sdi@BN#z zC!hY>Nlm_Ae%Uvo4LjCX`eaq>p)(tx?%sFbZiwu_vZ%{tzi&*ZX@fN!Si5`1_v`)Q zik^E--<>fzhi8<3xXPZlh|H}^L;>T`g7M@yMd&=nV@4ckd z6odLf0m-q$>8Rng>D|wETpnG%xFr?l(Oh_5^vHdV3=iwp8Ywg`_?axPKICCxZLhjD zzia8#@)4JmHSQs#ud8qe8cczYS(WRoF4u$c`LC4qF?kd(;V9d-6#uDxyR2i`{gHka zAse+^;l4M^fE!fAE!01LSkEi};WW^M@M19{+j14sVtp&DQSm;k5Xdx?9Y*`VpX>1n zrCzOe73@c_ZN8vRU+R-oC%7i+;xg!_>t3jSEFAXD=J)k7WnO*e&(^PQn8x#q4UsIxWk=-Zn$6%8`gB3po7*k(7oP+xlYJMjD{SV$HGdr|@@l&~ zi$BzvF8_RSKCWRV2@x{gef`UIv-3>>$tksOXeYmv9_xNxZM5e$L926 z&-LuHip?zbBai*OcKG;UF;f?MSmYqlTLkx5XHxd^Qs`b9tdHboE9bO|bDd9_i1lNm zS0OSrKZp|0QNb3z{DpPgOS{;!ulM;kllzSPuaC}~9d3Ft_Wp+LZeFeK`1gOW<9U&7 zUA6-&`W2;j)~#lo`fXwzvS*$93646+`BQ^tKKFI`8W+CFpTL*@F5Vh(;yf&0&&ZpL zy-|l97CHu=jC_${^oj=ZtYF&Ldm|kzk&p~X3kX$IeCE}Z!CChaFJ#pGtT^TRH-qlHP;B1(lR*iS^2&B0lxeq@deKq?2`9}pI9)_ zD&c&V=TVLHm~$shmZp#W&^vn;{O#NKeR4&vkaroU-8@jN*cWqr-A3!!M!ElyT~4v- zJRKq{)ma}#9<@HPo9Os@GJ9un?qxs5-P!kV-etxWf`m69n%U7A^_vW^v9Ps%JM|j& zlvm%DpS<0*yAUILYX19bjEbC% zzc53wR~JRlF?!0Z!(gMV4$P75-!C?Z^^ZKWOeQFz^6s^v zV`beDlTN(T_C?QiU(FwgG&d{mc<_~(mbqgv>6_DW?#%q%BgZEjaEmZ3GY>wrG4jph z%)5^(Y$u-#XOGPYvq^X^8@2TQ!u$&>xWgoKFQ zf0JAnOV9n8ntC*I8JXni^+Dc7$kZ~4lgysKKdd-}%bOU&6c&|<3ChP6~OdA5o3 z8%AA$_S@z-UxXoQK{=cnV}B@v}SX)rH@~iTtOv_r3ZK>Y z>+%9uzHMm!3yQ+aYL3r`?2p+9T~TppOvLBqE%Qxp$8K+t2Hsb%DQU|!dRa)#vba_k zxjLEPnvtPpG=yX%QeO8RUO;U_8bxPpTi^8KN3Qb> literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa65_priv-only.der b/certs/mldsa/mldsa65_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..bdf04a2cade148ee20c46f6ed8b23c10ef3bdee4 GIT binary patch literal 4060 zcmWNSc{~$}1HgBgk;hI}yw^6ft=leBNxRI@F&nm$n%S5RX1C7S*w%efsP__z@{3ZB zE)<0v>BXybD5+P8r$gmP{oWtnzrX){Kc8=))$0)m2nd`8b(7nLKouAQMnbG!xBlaX z%aO(CXR!l{moMKw5K+#$wLZ$Y*#`nYPpJKsCp^8m^U<=~3g2Z=&nx(Eg``roy?2BG z3K<+;x&0}E9QYa*kx{y&!oGChgzwPLANOA?IxoG0Y4o9MfyP74jR&hFD@I;`VRlgnQ&8Suybp>cVgu}nLUKkjPoXvu zorw|*i{lUi3@CJPm|iM$Rb>TO6&xMJEc1q_R2*0TnDAh{Pyr#*6i7}q7DXUof+5KO zgFiDeM90u!GL!+BLKWLI7CMOo!=-R^ z;jyMfhsdPCg0ln3Y;P73=1qv!EAVE$jUKJ1WN=_wg&N?9203N1gg6KSWPozXHYLKY z%h9)Qf_GEHYR!grjgJ1h~c!pC|{?3N|<+N9ym- z2>=ApDOsWb6Io`#AkZRoG(ltH>q!Ep0vU28S{;i>Ou=CcIazWa2i-|SVo_jAw1}z-`_HCNj#e-TWt zERskTdSktj3U7+l2f%O<+6`(g7e?{+$64h(YCtdy8OOkKk|C_D3`(pK1`tC)s4Ptw z3WqaWsKIQN3x;dU5h0b@BwP|e;S?!>1T!52h)LmDXfau!KqAs&MWMXCNf|j}mJ)2# zfz>p#79sZc0jXVCv5r6qQkDUZ!(@O1%@B@SYJ%z;gTOv6(da}L#X{E_odDOY?ASyIKTBhF04;Ql zKF+44LFF8_LuE&cS>Z}F!cJl#vLQr=nu;_Kgmiy9T7e7jiIcIx404!v92G=BaC?f^ zg*093257SpD^nV#M@$ed|L=A#vBcw;C?H~C@X;^Bc@?=dfSYV~`tJu^`vsDbH;kLw zsx2$e53eum{P)?bik&^4C)H~0yTl`=%#Q#=N)zPSQ1R>nnvz>(_vV`6>`ku>jN?yP|A8V}Z6Od0ao;7q^s_WkQli26VGuXn}q%3eJrw5F^- zT05*nWj2FHcJ&Ip-+f=IOobi~hqC9KTiS0qb!ir3LFeJp)*qzfilc5d_MZEr^Iv~P z9vXA?)m7!1;#s^Xmy7zeFZQdcKBJzy23Gq9KUq3h@IJNj(vcrswab@R$9)>V`efci zA6^hK{Xo!yQ!7h)@}rtEyS+p2(SB{;^HtgtncB+L&RX|@QY|X|qwUr{$jasKz0+g& z|Alb37kS*Qdq-Rx+jaEd>!7=*CykZ6-nL2R_3Z#g9Qgv}Ro^AgpAq$WpyNkSgB{c0 znRV{f%ne!3FIfUJzhF0>+#D+T$X--8zqUTNuW!f56tEc>FIL-bW=UclebRy3FC}@Jk{}*Iv=trh#bcd2({& z!&kBevY~yi|9rxISz1(U`|kRWXJBT{tJcIz`Co2-Uuj#L^Wj+K-yhZ{?74pydS}~( zJj9VVvd)I4rV;!V9nSB3pnrDD+xO_Q!TiPSp2X0LaOvu|j^}VAC@mN^`{1Wyjytu{ zJ}}s61h1fvo(vs;Kwkv`$4j3^rg_a_16ST3Wgy&QIK}TD_})r77c;O4o7E3_@sE1R zImedaVYAm%vs(y(34VTW;^Fq1E3sXOMaLU2fX-a583}8N{Itnu2ZOlqQdOC6Z<5I( z40ld8g<`zhr#&6J_0^L8a#s)WRw@q-B6z}@lplMlZ8&!6f!zPsX{M`~;Dn}i2m3nM!7&NafmogssdmAra$ z?n~@o>E9HrIv0&KBIYdTnkuM0}rn^(r& zI=x%(es*-K9-84&zId=|;03a(!+i~HW*2?#C*MBisudwO-+Go>>&CB1lCKT`34IdJ zY=IoPsN_0y07xB$R%|GmuK$-KnY%0e3aD@VX>rlG$3ocPAY%Y}=4;f#5U=Su^(Wh^ zPDeWDwydales7!+J)ddaT;^xl{nsz$g0nik$g!$(8$aK%w{YuPbZ}DZwUQZBN6qVp z6MXaJ>U|X*+#6f-HVmvnP-wpa<35MRlIGb;F7I{QvE&!y<<;5S%>IS4$SvD<+bS`G ze%Msj*a)2Vk0@W>z!HhAss_Id|*0kQcKq`YQ*-KB~s+1J%~2?yh+Rczk# zN!Uh9-u$!H{v&?DPGa}8eiDAqWOshU&Njc*e#{rcXSa(ze>*m9{Hhr~aIx_H%tbrb zZMlk{t{N4{dJmWPSO;!6#QCRzQ+)=Gq2yBDJ5kYnRQxE+j!T<_)L*0FAWK~@!`Oe(jy!KF^ z_2aFTJ;n>PY26{;@Ur4RFy-;NHETTI^i_O3zN#*>;G;{&N0K3=%Kh;j@6u&g*Q{u9 zySnvjXq&WZ0@}VHmn*)2+dH|fQM+tfm8kpiXOH8f-M(#wM^=5ChbshcugugRSiikN zb7AlBRP8alv(C*8bNY39;mgh~?z%E{R!CcZ??0p#yRvst!`M+jXmjwR`LOR#e`&be zF$^`jtkYEY2Mi*G(~VtwiUW$Cza(DQm}Vsmq{-?GfPa>C&g=j4b8+~+;+lsB{+Yqu z&x^%qyy2a^nM-FuCrQ+OitZ_>-Bh zP1u@yett^$hZvlsdPSl~3FY1J*iXXoFoaWHuHw0c$Ekh3q+D9oo_2`^j*A!@NT9rO(Yx0)4i5nRG-XmYmFV17u7K5&f+8Cp?b_J5df6W*qP|W{<3}ck-Mtoe zzeSmJZ?-K%yQcYYk$ zXW4{-(W{l0yx#KfH->KB`q}zej}<@s4x(R%gH~M~-XA<7%^L{C&eR??+AbYld$bGc zkvD-chps6~6%%q>;T3?G4S57n(h9E+_sQ?5rq_4AsE#*m$AoqFKN7%0o(y`62Kj5I zE>_IWM-uiihr%l&?Ge%wKW^X4m+n~bvX3pz+f%pW+tTMv4TTBHq_ny&%{(N*hVAA* zh8OOR`2E|V1l{l9;5G0&?VVxI>#c_hY_C`SgFau^u`zBzM9EonM|QgEP;zbI&;Rzj z@Nw-jhT!I-o_+Vhr|-Wl8oPbJiBW191olS-yEi%7(T)has=4XFOX}ez0pLR5$+|Nr;j=O5i0ItUB`&_f_YRJqb1JqQd!g1w<#bZ_VzFdo*nkGtfy zr+;>RIFtE(5B+N8;#UXnVlMU?HvSvg*>~jsvZj>3`)l$18$Sy}J?VbMqW#rNo(v2( z?zFy>>`gX5whVd;TcG8iHbmIYWJU~m!G~TwzI;)5&Zz|1xU$Nuq^vTCv81?H)(|PV z(A~ECB(AAq!&pq)HQ(9e=sy&m@IT(oGOWD+y12U1X5RVpX2`G6>!wb4yXe7Sm@5+_ zBo5{D?;Q$wgCPFRvgkFo~`l6@|) zj?aZSjl3W*J&flGXt)GOK$4`+aRZ>TJcdvQgt>`C7t5y8g4_l+MNYTbNYqTffufTH zFu`!F%xO&`GZUc(ua4&plUtl7r-Pp|FJQ}LQ6q4OJX$Q5PjoUIfC#$8?BcL3!f2)4 zuT>aw;}|3y1D|Q&@};gYW+oRa!8mLPJV1}d^E3#S&&iU}lZ2??Tr`60@ZyYU8AlOE z;_=uTq%p-zwHmch6a>O>;lLUQFxIQ}*;GXsoN7x zmc=67Iuwf?N8^%NnIx^3jaN}Lgd`X}*+NG7L?)jiQ;&s7r4bURip2BcTwI-rq|S{c zDo|upFkc&u^#YZ_77GbPgTO4}T)Ir4w^^fg9Ge43lgJ2S8(hv6fFVLRMu~vMc5KvJ{@ zD3#(EQbn{8O(k2=P=FsrROg!D5e#!4lR(AWs3y!jyxR^3_;g4T8V6IOy)Kv<5NCIL zF?Ow)O~mS$OflPmq=Qs(K9iM=juWxbTBVJP1R~HHz8qnLE5UTDm87Q$9RV9LjxHm> zDG_8xbdXsMGa(cNoDR#daD5^ifdG;v0+4pO-mBp9;2MaXO(Uz#8WcyEC~$z0ewSHl z4C4wkatK6D6d{u0I3jplP>vWFB;zM(;5tnZ*`dv3cvN1f6oVkefq4kpJf9|5n<)+> z=W((2c{m)>Dw8ms0WX4N5BB>5a$ribAFnb-;H_wY1gxQWZLnCOg@mNp@v;V+cX?q=1?vl}lX+9A=(Ftig-8(G+p4QjUWFb4(Va zDk&LDw4i1DSQCRO(5Tg5sGgXI_p*UX71f2*k?2CSBaY@UJ5h8f*iKDmb5rJNc{Y^J z4~!Kj!Lb|>iswx-cyt(u*2-rq2(Ew$#1*FC4ICKF2)6qJRsu4G9gcmjkn zNx=oM=*kGQn~Bl8049f7l8fR61=%rr92t)RqJug7h+K+RFH>?oh=3TJNTJzb5*362 zWXN44BOWEs<+8jYw@IC-Leg!PSg{99=DLuclmG@pbXagegVqMnvV&5v!C@Affv)Dj z^me<%kp#5Sq6K;K6u&&v3-mgebREnSq2O6m2#gSdPt?E@6T@V228Ny#kmQANF)}C4 zjRxCXK)VH{%7be;R*ebVz1)0$=kB}t2iBa}txRYGS5+*j?WrpDjJa~RN5t$1IENT)6$-!t0j`iojz+D5eBxb((U-#+FlM%h#r|>Q}x+FL@o}n_oQJ zwYWI7>o7cxoi%XhaOZkjK?3ig``x<}`(;D~5W*?y&nSKVc+hOwH@(XGC*}X|G;d#c zW<>g(FB40j4PEpDI9P$1wT^Ab`&bZI1G(COz`(rbt3$iB+6h=?8gtsod7RYX#v~E+vBjHQ4wXK;}y;#;X zy(tFWhj4m!@_<_^Br)Y^y#ZbMzBUynjo$n-i&>C^m5&t{M^Ew(}B~=#zx(ZpLUQ7;MIS*L)$uiwvPzbj7gf#>@35l zClW^*6tsFK{|SqOW>Z-0K?!@{PdFXiK~eZ2(|Iat@S;RvZuXw zMpezn)Fs#ZNBr!llFn=v?Aqb57qh9)Ra)x!wv(`@3z|O;^cIAl*!}zS(W}d|l*?!n zJEAyGj5DsRO8@duUcXJK&fW5c8o8_sG&8Ltsd&T{P3d9doQhF(fyX=gDki1wO})6~ zYES%*)Q^{Tn-<#Q>*n3MvQ+%<1>vb1T|S- z{k7MZTYeV(PgRIIn#I8YueB8~nUAg+r3wom3y-uBqwOSN>KYuf23>ML|Hrk(h zLBH!EQv<8dVhL;PqJkf{_;E1)S?=Q723bggifoO)-8gpAp@%)c7bupt3rKq>S0&8H zVh?@N%pw&P-OjtvbMx!=Mf+O22BvqUyeBQ3VEQm|c6#K@n*Igt>GUa$8}kFG8%>aV zbNfpF+4yhbT=CG1`Tc10z+zyyV*C44{xAt0f_$uA3tEd=xqjny^y!8L4Qaui;OO#w zgV)wx;jdW{5wtYxQAa`BU+JSo%`xK0=ab4eT`b(w2uL`#_uMr@Hn&Zt!N}_$w3SxAR&7IG*r8wKKTS`RWzzReNeF_Jq&WR32QqA3t|> z$OVYnnthSp`0^JcT=Ay>@nJGA&T;hkf9=mJT9)@1%~#FgueYm5RR>KRakja;Yh+=s zcO#-=rW)lRxnO?dlfAq}vzocu^W+Iv7qxPl=eCtCJ^P3qdH-N7=1k=mgs&67jgVXu zNoC)wZS9eazEzUwrgC5SXnVx34sWg6{9jZ4CXHv!H%PCqkV~1_u#iJAj2ayLd zPfQsy?reVkOV5V$YbVZ#FZils?Or+2R^*wQd;~lWLA&K?RqZ?R+QdKT^nRZbJ^a}_ zV&L(ZY5x-Dv6pun-M`kPY_bi3R)T{bu$a4M{CDu))^mNm>FC+LMulmk~CVqrt2M zR?es{(cbFYQ8D{U8?u3$vapML5B|m}dwVU3x-Q_Uhfo&n4!I$@CWu75%owPhv!%K0 z`iIg71k5A#9FV_q)DG^|&Z5MsfzxA_7JP$sTA$jAsFest+!oh%G$8Fk44sG52`O8+_m>Iii!zOLS!wbnZhNV4ojFVwWM?ZVmhfclk z=($mW@{I=`!xelyTc8|wVECz>FWY0pm*&+sK3_39xuEd&78L6p1zLl~4K7P+be*Sm zKCoPOMJf{>0GF}0zPkgIT!`L(CFCk;+}w`wue+FwdLHcTx#X4FAE1t3YT1~E1LTef zUk&{F>>2D$zVPp@()s-b{~ajlrqWOe*%!L5cl%Sz-*nw|?W0W}Gc43M_wL`_m5W*q z-Pp5GSPi^spA0>rM7`{6F*$HEYJ~2^Y0T;G-%bgwU0fC#USVjM6GBeo*I$~P>RP;E z-4y|@|JOF=zqfwvP9d**RmT8PMeW0ZEr(kQ>fI}M=KLMm%PN0#pb5~G{89S$h<|n? zbPwP~`Do+i*tgq!eTwh64L`--ey$uwt(kVCGiOyxx@^bZ{@$&r$sgj#a=|4Xa0=8;%Zdyp&C09`|x~ zy!~{!??;_=L^cR6g`K}OZRgjqFG9Zkc$s5kWN#enDI7R97H|xDC&)U^J|I1vbNY{P zvt`EJFOtPuF7L^H_9sB0_$=tG>7Wh453BL0z>zigH?=l77z>(y?cr$4K1RMQ?n>;R zn3f^kQVV*rF{@*|`W%8d`l+sHr{KVv$<;gB*pr7Jdq1rwiF%kIk+z&f$q#DBi*CvUrDY`iZ$whz-` zELj)aGb%I{^OGH0lA9BS{gqyf&N5%C>gHyI`U}U8eSYXrJRo%Q+=yVNC9O71OpQUf)gOePy2Jgpq%9F%9y;}TyD7RFbO=c zm*@2LL3TGCSF=XZ74sZWTr^?sC|5CkhM61A9lvbk+`z+r^^jZlOqx4hmF>(Ap({0M zeV75u!t#|+h|e1PUU7r=`m*%o&#K~!-4$t02cpN2x2m#Oq3{#5paXWkQg4n+SZS~9 z1__B7mN6N~WEiz*QZgc#q;1qNLesJlz?3OlmLPx_GD5%wLpUK41X2h=ikb!pSOh>^ zGE9`RNCZhF%rp|v!URGVVgR>ElLmysA}&lc5)20-k~V~p#1J4QArT02Vz^P@Fc2b= z5t_z9qqt;~kWHcpkp!`9K{Q|xsD%;+0+BR8$wDzCA&O9?e2*`yPpk)KZEh2|(Bq2&cL@a?QPQjuuP$Xg! zI4&bWX&{kA1QAW5Kmk-VBpfGhz$Sj0h|PMS$E! z4Z%b#lq3-vlM$jOOo}uH;>HP+5-ORbk=zhUToMc<0fr$2ZXm{KoHk(6#tB0tK!UQ2 zL`V%o0uBP0WE7HM3OS9K0ucZc1&Ra(+eT{OxM6{!1tc&?L2 zN};BW(gIN-020i`WC1uSnV3XkxCA7lgb6f-(E@GbmMI*zA)t~F;y59I5CqW3kw`c& z+k#-k6mk$oDFg{7(U^n;M?eV2K?F%Aixxo;MQuQ|Wr;9ykpw6imMGwqF_VUf5kpb| zm0?6ED9{)%Sbz-CGD1NV35k{@Nk(u2$ZX*vQpmVX5V2$dgKz*6B_x7{RF*9nl#$aI zXjwLLfhLVel!Ou%h)@)7Y77|$qNdyKcBqb?~mMkMeB@sgrWRhXq zlz;*!G0P%GU@#KfkO<6#K*&gllg1$;Fmc)zXjveTV8BSB0)ZR_23w#_0=I=CGXNZf zEW)^m1d=Ubf>4NtkRw42ihyy{v<1jUE+d%{95I3tGfILcZIA+m6rhRWrfHG5EtIf~ zqsT!alq?7aY)D9GfhJ%a#0V2XPE-bH$S85h5KLgmKnz1F05S;^k&GaiL%r%fT&>`g^-F6a2rTYLN!K!cWO;Kn6O7>1%GQ2;>-Bo#;ll|^HsB+&$k zivV%dFaaYY3K9cp5yz2?GJ?|rkwic;VMIYB0tkqb49SE6fVcoc01`uj1z4hS45b0v zNGc>iMhq4)ArKN2p+N)&DN{IRB*_8cmViJQY@XQ@22oq23D8I)(nf&@mLwx4 zg#$q)6hlhLq)9`mw>`3C}D<0Qy@Xvglx>DEYl={5t4Dt zNQDx$klF|(L6QVy1Yu-Ei2x!bWRNM~5CI}Iks|;Q03m7s!ElriBFTV25|=HKI0hRO z5K=O7Be-zdK#U|MY{V#%R3Z*Z7;e-Eg-p0`VIYJNHjoRIMT?jvBcNcD7-UnF3<#%4 zKtKQriI71sOq>LeBc}cIo zWUy)45>R9YCCa7^WDt=MG=v%n3=D#BL_!e@1%X5c5gbS*gCGtN`j|*0r`v&XaUMW) zj}GKUwXT{;XQ%=!Vkx?!>DTKIn$CrZs=Ghct@RI)fny&=8*<*pW&Ss|q$B&Rp~5c| z&45Z@$En{Ftei&5IpfzA|Gb>~A3`5DCTi|?>I%TwC<}}~+7)$TxQANbub1CknIZC? zYeutuR4U|{>yWsvwlnqMXhlo)iDDL% zjkN)~9;w2rSY%Uxr1jsHs`w&W9;ChD55Ygoe-4h%z0+#2Wx|seESLu5xrYXfRu#_z zlYGtL>Fe4z@62u()z`p=hv5n65G|+VDLP*<#GCUhgwx`zUnF<%#@W>Rmttxk2AfFZ zqQgI`KK=_vQ!VI@Q~CONIxbPX^pd>@A-i{o`phL#L^tm#mqo$jGzUTbx+Xl=CD$@U z9h!3o?N=_$g){45GCMF`OqS^f`(v4#UQ8+dHW+0b{|(N+Dzm0QdS9_y=7Ved;pt}n zlOg6r@?8PlHbNrU|7Lrb;0M<}AAnA5Qx@x{8<=bG4p_lPGPlc#jd!vDXEd4FvmugY z=#THtf4kNA9S;N*vl?sz#E;-?yON}Y^Z^V)9uYxHo~hJawvj6nugh2}$;VTn-idG+ zi6RRDO7I>;bEDQC=sLar6w-){8h)*R&mhY7(VnZkf%X~gRE`(u z3XQnfgq32el0K;qG@?}ChS>fAd9a1rxMRM3QnK@+GxT((v#{ILz6E*VljRL&ovcx7n?f~IMx#$e=2t6cP`U2ocy!~ zBf;lhvobpW>k6)hHn7iM6mnf=XuYwrmaOaneR-JlAc<1@ZKKCO@(zb+!e416pNq%y z@4u43CrIQcv$NWM&_)fqLM~)lSxgT&01+jQe`~gCK~uD3tJ4agiuqOuTbFPVWLB6B zAy(LwL|I=y8ubEMpN2fI^fDLdm~*-?K`?o%^pQOA>dmaHoE)nV#Gx4ZP8EBb8cf#W zqmK?o*-Xgv@`HLl!N#5 zP&D?kH!&5;-;AjRJ-fG@`@f#)ZHX)^Bb#8vKV_;~1ah;bB$8=jUa>Z*c`_$Ot1f?C z*S5oqo%j^9Jv+nng>KDkCC8dI`l;`X%oy)9=n9cYmtO2VN9dtTSFdTc(Qe1oCY?G2ur$}%rWpKR*N@fB zmP`QsMmO(B!)JgFGX!kxixVh_!NKsb@sRC`6PkX&OyCQ2@PORO=QxjZDZUHJd)TSW z(m7OU5y-8j`}l`31C;NhEk)R*(eXyL+`dI>@nevt3&w4 zsg*{?$d8}L%jg@?_7DZq!A2;^=&N59dz~MNR>nAKYQYr?2GwjXD)4jx$j=i|3T2lA@wbY&)Qj#@WLZi-C%s0kT z?8tJYAA~UnL7zy^hpm#L^uT7uL&FzYPH0wHX3YetoIdBLPhre9qF_^Xn5|$_r<$2v zb=)^h&OgmW&^4>LYls5(kuX3epnmHF>!G7x)v~I z>Bf1vcR4BW=6nS+B~N)8U?5J%l=M`@CSBgw<>x40;9LZDUX}F?mT3#ain(_uO+_pi^sEq58S|=0H(Ax&&hyA0lpBBR0C^A)GMCBxl>rJ2 ze@9~>C*@k4(OKNDVYN*VC7lbSG_Y>qD|t%s_LODe~3#pU5M zFf%Q1+X70AYy_kwYZKXGB`JDV=9AK!Urmmd=gvza2!Mu(V3E^HS8ytrT_AE1&T6W2o3UFgUn|*TqMVp)t zp{8Hvzt-mzh9LLtrhp-@vT+71KN5!h0bkw|A0KzbG((#<9jQ+M{~<-~Cinm?bLzBO zKZYW8lLC{jMsER^JV6Jj%_kCy9}5*>TCFV1BX#oAsD0xAvO=o75tE$9eX`Gr?L~yP zX62dE#Grn|<%fOxyA+3+#+-o*u?8AQ{hv zZ5}o?bOxxc{9v{`!#7S02>ihttru(dn#NNU{l#IC(i)R-#`gOo*Aw?cAw;u&-7&102~5 z`z+6A_pO574sGPzeoMTPER@5g3odo#W5u}cj0vvsa!@vYfM=F;&e}a_;^B;6;U{z| z&KCju8Kgoy*%vXdH*OHodj6M1Ub0Zc3DXD9L(WhYkJ$UX_Y{GAU-Wd}$OA@}_Jdt=;916Vyekx(^JC|XW1bIoJPlDiX>K;mId zp~qZc?v z0=c$E)a>X0!`~FcbKW^KSxm{>#SR2X>#a{8y=lDAQ?&rd^_Pc90d%Fn7q6br0h`#% zrTdJ1oRo>NsNKDDtbu*0h+4+7$;1tAypzPA*gPt1Pa2j#Q-gdxcPubSKZ74f!tiY zqpq{~5;%sWNzNsTtVy4q$v>tKjLv2k<`Q&SUmsgVkQw{K&u{@Awy?$iV~lG~KKY^q ztkPir_9I*>G;?TJXMH(k{lNbh6r|v9F9#+bU*)*8m7`+x0QW zK#Nol^FEbE?mWu0fm4(Wz%LyeE(1bKTw0ajOHaI>mjTF6tW|(!65~D3HNUPg3A+qz%d(y=m~Li83lcQ{H|JxU2-ilP<-Z#3P553$ zjOUCtAahnf@e=#=Oa2V5!T#IXrldk$rkf^#^vibENdz3kB#}_MRGHuh-z;cyLrCcRZu|L(UVZX1``a~AH(ofmV>0u~ I!q{(W09Eo4TmS$7 literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_oqskeypair.der b/certs/mldsa/mldsa87_oqskeypair.der new file mode 100644 index 0000000000000000000000000000000000000000..d81717730772c5a64627466dec075f3d9fec57d4 GIT binary patch literal 7516 zcmV-i9i!qff*n`_0RS)y1_@w>NC9O71OpQUf*nKzf*n9o)qNX3*_f?m-4gh@&feVnl5x;d z*jaA{Nk6GtNK*dB%IoQ9zu|9sLjpY6qY<%0=pGr-N$C9CxjZbn;rgJ7SdUBn{5eiL zH)@i-e}#7mDN&*zNPq$g6Cp&=qy@+}1tb<|0heGI5oR0&1Y-nh#E>atC;>@CV51U_ z#Ku6>KxhLqW`Q(-7!ZgF5P(vaDAX1NOE?J9v?R$Sa@&|80Tn3VpfO3H5fDjAAthvy z6hQ$Pkwchp%(h4bp=`_$WK2kLV@2xQBEi4;d+Q5FEgKq(LdVNwD}(U<`Y6J_F{0U7~`7{!ptz){cwL7Ai> z1T={pG)_svM8h_Mq8LI97-Eu01`;rYNCsu%vJsMkj0l1NKq4?=NMWO*EdxM+7{iPZ z#BpPg5Sk{8lSVEaGm1gNk>nU=lQ@ci!jK#iWgtX}TPQ)AzyMS3F_Gj3 z2!o^u89*lF04*4%VB{iT5Ew)hl|UkhZIm!Z`6*DVZWoB&kuD z7EFjZViQIJ8A5Pe#6bWDAONH>Nths9#wj2aj*_4$;UG# zXxbPuOco6Rq%eXKO$Ym_ZAuP+J0#A*WFiMk&KaMo|K0 zTOtl*0%+8NM1wX212u_UI4MG)WWW+aTqJ79f(2U0VA!-N5TQ|v03ZMX3L-L)iIyPX zkZ2T$Oo4z97>9AhK!gJ$0-CsmfFLA{Kq?p)BoHZ3Lqbv^r;P#ya#S)A|hfGB~Unslf-O6rZHLqA&8O@%f>NeByxlzhL9v^ zSrkkdLkb!KDH@kd2o`LJ5#=0DwS*6gYx`I0m9fQVJlE z0whL31O*AEFcP_uf`&{}1S|uYZ3-iRnidRFv;|~9avC5gAT?^(h;5QKP)o>Yg8~c+ zH)YB)LfeQ4Q$}SY6%k0XjUclq1GFq68AhBy3e&a>6g5nY#8Dx$5fCPD0;5p_7KvdL zf=Wnk6f#KzCn;e5Gg{z!X#XgkT!7jR*;10tJOch%C$of`UMBNhXdFHc8{MC?OYs z5(aJ=Bmf~65&{)SVHk-(B7tMDQR0Y=m>3NpA&?TZ1PZih5(beR0Ai6aEDIAfhGHF025gWh>lPD+(6JUb~B?+>Gl*Wl2r(W8;&_Y!s zrC?|7zvniI4>I8+SE1L6DKzJHbad^Z$&>RXmg|1Nx8T0a)qhc=ahH+*74?c|yakg^ zmdOG3F8Y3)zeZLgoUbEApv9=fhr116cU_XdqG*d*OBdv{m8Jk+{BsyBU{h(+{GJh( z(6dnm_xh=&j#uHV72+OPS6w32nlx}ml}HVq`+nIyjl8h^wR(9&RHqBla%c=8=+IoI zG_n$bvaEA+mtdFWM67ooHsxLw6~lQRx{9YQQV^U4wDcF^Tn)VPw)zcUd_XXs{ird zV#pWw$CzhD9%9kgx1KLyrY`lMax>2wOc@!brr9Rw6_cRo_O#WE#)Os{x&h&8jre00 zwp#~_+eJ8{M=$FWBjPF4DK%3w0@L!$IUh7To2{zxT5ET62F|Rs48CjWp4-kl0IdG&gd$E&UKDH)r-%1h*INT!cRZ+PuhFfUlcSfFPtmT1^e~J zifV@)8PLh$EYV@qZA{(#DsVZw_GwGIS^fbBYb+hQMJge+J5TqC7V^h&cX_;V!mcLxq)?R9rL6Gn4p zE8)yu0M?}_s<3=;WWak>$wm>5CM4z>J#mm4aqUx`>V%{&eLx|xSQw!fqf;><3JYq> zhrR<|L7NYbM7siB>TKdEeCyo;>hq3yN=^^px zv)8jI3kC2I>5b)}Us0$sP=FRfyHKkxyVd`O9v9CrPmY8`u5r67^jd6|?J9Caq7Rf# z0F>z2H$6ewdxTYZSf=a`g4+VL?c*c&E!#ASPl#Gz)sxjr7-fJ}vKK}H)oxSVU5tL! zI*@jxJH-gfL>6iJ4pl>2AdrHU1xP0A`_kB45}hS1Ns7{sMDNZ6B0WNLeqekuft3*3 z*UYLyeZ*vjw*KcHHF5wk9@C17%@+a6D?7du#{`?nvp#(pNRd-XBarb(`p|w*WQ@vc zX>&$7;#A-)2KjCTTjFcl^`nV2q`YvQlXF{l++1BykAGpA#pQtq!ISWFrpiV3$vOTH zOtvNsw>0fw?q>5wT=pvCRT=OrV<`7k#gmJzb70F+u3Bj}a@ius!W~OI5zE+uZXx-d zU0WrV1O7OLH#`4qduYV><>yMD1&Hy+H#AkU0#qi9q2k)}O7_~dclJ8(>(yD((k2r% zlT2Bo_>*MRz-l-I%2K9UQa=KW!a+j=Zc#;2IwpLwvWnsaE}f2rm!X{{faXd36mHZ0`3md^aki>_#kx;-niCC zdQsk`7G1b2)84vfGD2oSJ_2(~MHnEej@djqeG=l|-M-ysaRPNAqKZ|0$4sL=T|95&ve>ukAyGFr=jhy7K{?VbU(t-EJ~B(-hZq zak%SWe;)w*2HSg-xWj(x(%7LUr|yA@=NLEobuE7jLkkuuhag0Xj*~w+h61$hyD-^$OI_aq6&Flx^}D^A)N+A43U^ zcLFImUh&8vvIvE|P+~_zxYhKXv*T%vC<+IJa)LQPoX)KMVSLccm6>Y&b1W1s5@1xx z2A0fK(Niz=0k?+w32v1Aci*HAYRd&Z{x2R4&|l|*q>aJga#+~nXHx78hD-3+UO;iA zqI0Y6TJNiw^oIrACl=!`o}@cp*3i4RC`#+Ey*{<+`mh`hCQjT$K`WG78FAZZWITGu zeV22_n#$)O&O5BP+`JZH={(81`Azpk2g{iK3FT|~Z0zSXz_+a^>DMe)9#DQcZi^BA zRDP29KX4ld{;KVn}r&<2o z0+rGy%nIyWyM2-Q!>U?XawG3--4dby&&_T4JWiGp5fPuAYeMp^p(sxPcpQI4LaqAr z(o~jtS8X--O7#(1L|0Q#p$|1~v)W6K2tTDmF;WN@LPeD093mJ-pteN0*6=F0UVoJO zww8$bs_J+$Xy8tG$R#D6_48?qhd79*3n9PixGs+2-3&igHK3rEP#vV&5ZRE^6I8?p zWJhNR@=G7T1te^O*`D?oVx|q_b(K2!1%|Zn+(Y!n<4^0g8~1){1KilFLml@Zhg2Em z-79$~lD}z1R^%6g#~>9l%l4%8Z`?yJ<$wL;Yh1;}bYk&l~Z1S+J zT+A^^%Q5O}n=18W4|f0_VZcH2yF*Sj{=@BTs#L3^UAo4XLu08ODO4uf=LFs2eRqF- zUsUcf$?+AE0QjPzx70Zue(zls*;f-d=KCp*M|PIlW6fO|AztCMg(Ss2LQ+$-3ldWq+j#UXn*u-?+~)+0+BdtXqm1N{c|d%_10$MZb=+FG z30=}6uiO^Vs+IfryRKm4fu>Ac(10o6NbSuIVBgOUFGo#yA2ZOO9q)81&5N5*HxrJL##k2LCd)+WTz%vetR31w^zRj3FZet7oqw2^`-?yYNbm>8y zoQk$Cs1xYDdzPR!AoZIhGB~+gZE+3k;>X<}hf_YTi{Xh`4P0%s z^TRa0bmuk6Y*gxS=>K@0j%Kete6m z19L`8*YxHpUZK{R9$^i&pJLWfVML8Fu&Ljg(~#k&P-QjitO)PUH3P2ZMy|sVJ!Y%? z#zDM1G|it6n_J|yRd4@cxyA1M1?rcC?wo>=AXDH)<>0sFE5rrvG+cmt1Sq15@?zC# zr9LPrIPP@}A??lo^6O#L?EKC~jj_&nrXkhSJxQ5%6GA&TUf75P0}^tbVuJQ{y5^JC z5l$QVCB9E(53C|r{e6e>glX>L*}py zKTkbr>L{DQA(iI|00yx&->wy?D5~i8X*Pp!itp1aPH)mXR>H06ig5S81i*j(<+3G* zy*&%n*YYkbZ2u-ug-oJsF(|6%BwKUIXacUpg`lV_!*BK8WMM)pT-lfO_}o@F>86-O zvsDTlIy!cyKTpKd;Ff=$rv-T*&{9=(dYBn{Tt*axYd^tUWcNp*ep;fBDRhn2Vl&~w zGtwg(Pe7i(8hHjY-syn!(i7L<6&N_dff8AZe83oFl*s>kc_B=Z(GFd>&OxdipF)6F zMMAbX97B;SB|45O%L+sl6OpvT^-?gXpRP>MKWTk|KWuq59KdP_*l>DF^32Pk0CHYoT)qNX3*_f?m z-46pof?~xR^w*Z9#&cV#_k@0LpHAw0oLdzmB zU{Ew(cqq$>ttd@gLF~dwO+V<6aebEGL&J`}Q->UN&2RP@9xb1cN8?SqKUOZ1-DPiu z=~>(h(=3N*p%nXraA9eJ%A&}-Q2l~`SpUpLMqQNAy*Cu4NT5DT;#`|bg6Z|F&u&Jg~c$?XD;XewrHxJR#$cO)l^3Wz=5`XPT|Z z$=3ZmOyclL?~G{Uqlmq=z>7eL{*r&Ap6MmHxF0>?2I*nU2J_ya=acIvAR!xn zO#mpnTV~4^s>E<%s3leffv(6n9c1}wH zGUP;5_BN{(c|?Wxq^!vQ=n^~KbRuOvmX&eOzSI=M`oR?%xd!QqvrSSf!?(!E^YgM> zwOCtnE(2tGs$Q1Pku09+QhWuMtS8mi0J~&$@*a+t=iNC$ zjdyd-0p@EEuAq1OZF@@+bR7-!&sAhXb<{w*U3rg@{*&MP0b~NwPVf=CXRmZIS|%uU zDBfNP?;rj-8Qj*mD$C8=4+H~)x=+NfldNNRk{XZ~uIi-Aa zBwx=2$1lvnf{DmpO@n3ycv|oRKXgg23&?neBl)IF^iOqwaaDtn#i9B3}_U#bxeleWeet5nb5SX<3!`;1cQxx0oNse9-XM?XAJ&RyZwe?4I zrKhjMI$&EMG`51y-!PDmQYF=zyr~V<6DVtT(>^?3L$_trX_3Ie+5IFZqrKkrRPnh7 z5C*x!qxd3u(VHcJ1Z z&b^NcKS4#>2h%gBUS-2?)rQ-w#jf%0)m`lG)Rck}5?k-=%>-k_^7fIJ>mGLe{9LH5 zfL&sdQn|%L0>_avQNkuY=l}*+FqMrcebr+DB>W#n{O>s9p%Z6-1!j5ACBvScqhzc% zRi1;v7Pv+0-$9(_1CC2{08P&<4$TnmxY3A+InIekyML;Bke}Z&g5;<`M#=r7*^9gHwS1IcMC=0WW3CBS9$I^PqQYEgq*mV|ojdFg*DMH4sYhX6rYL=^_^G=h}S`ZozjR8ev-na60j?t`#&Et1mb4|WXGrKM2n z^_a%JCQ@AyjrX1GyvZ~V-MCFOv#6119Y(UM8UbBg&n%d#?E!KPO4E4=@qwOKUkqCg zUAGhSbE{N!veDc|e0n)ibz(8KXU`VmsVsdlm_{(-aMY_0|8*XVy$(2|G{p|he1@se zbb61aG8jh=545B!7%7osh4Zg_dBV=gHshFMk*TzW&6=kHZ`4@zJ<%}TC1ah3L^&F@ z>ZGyTvmkloi9o90Oo9Bt{f$=<4bXvPGH4HWZKbfkyNBr_`TRht*V?VGdzVmq8zd0dmzr zPOT0H#@9!c?rlBM5MYaOzK?K0>a~#~^7b!r8K4TTcpHAOb`xuwStgM3#sSJM2B@uj z@~RXCb*9Y{ZDSD5wQD8J;kGx)0lgPKUx~bUNI+{od*Tb@Gt@XchNZCxBjNg*; zy|)hKVLC;c8ZM>6aU|7`<#_^{+Cr@8LGPix)20^0%=N`1c1@+9=bmRE_huCc|F!K*__1RvIdJqkBQm5Ofs7LM#J9uu``e z$b{Y8&fFD=4hl(SVx6xy`aIDHrS1<~80}5-LEZKI&S-15I|M=!>@-qF_3)2783yPv zyQa{uB_)^tPRJR-fxZgAVlW}*c=!NhV=@xM%tto$Jt+KHO#wxx>L=M4SUgc&YH+TE zk*(xv;jHr5IfsB?*k$2rUb{oYt2#S>uwQa`C=2>dk(!;@A2d?D^#of9JN9y@%V-;Z z>)6qffr~0aG6h&;J`^*LGJ-vFVur(i;NLUo0ux^pVfd9-y~&jXCaHB?GCvKO8A&qt zLF1-9((3D;RXn=ScW{W!NdcKrqM;3&>D+W*rS-rG6nKo?zo^TRjnkY%BrRo-bMX;} z3A5c9Z}Qt0Wi5LLUimSG^zeM6uq75x(bMHJnY$+Wh<|uiP$AoT$g+9^Iz^wC_Fd+e m*}5jz)BD=P^Bzk~D&O~8KvKeNez%gb6(SaQ#_9$s<3Z9nWUXKT literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_priv-only.der b/certs/mldsa/mldsa87_priv-only.der new file mode 100644 index 0000000000000000000000000000000000000000..7b94ea37f95867bd0ca08975465326219f74abf0 GIT binary patch literal 4924 zcmV-C6T|ENC9O71OpQUf)gYJf)gP86ZrtIII~=)W2y~^#?22E zHVTF!4xXN_hN1%Gd9>TgvD0F}8QFL#=>;7?k z9MGf;7OzY`C*dlyv{h(>Ny`8-_&iYt^tV3i$%b2T>R<7ZEG+rUTUtaoF%FR4DOO+0 zYD}R-&x;)4LNX*HWeBx_7!VQyHAFhkZ3zK@V+e)JMn(dtL}4}|6vkwnvS|`0L7WzmBM5<- z1R;Qs4T(l%Tm}Rn7%@Z!h2(@K5=eoW07?NfNCdb*(HFHStN=8wqXjP0T@IA#0CxkF%S~BB?&QMRI-5} z5s0Hk3EV^?3MgV5KrO&BFpCf-n*e4BIZo8T0iiaGVuWau6i5K2a3O(&0)T7-1Sk|S zhD#DrBM1$g5RA+?OaU-t&@z#U$PpkUhJmn*${=Y(ridhjLF2F`nSw#k24DiFOv;7_((tGz=idVM?}4g2qJP zL~LTHK!YLx1O*}3NJY#Lfe9yu#1aC4ut@>4k=&#Zfru?(76zEeiG(;{!!`}tFfoEM zhysK`kwRd^CLy4*kYu1xk-}w!$N^av48%BT3AA8QvMdXg42TjAL>Pf12uaa~2%98| z$sle}0D&09WD25%5(Y$@v@P2*YMUfYp_V8MiA@_34%;*?5h5lEkzpd41k)0U%mj^~ zC?whfZ4$Cj0tHfmFp%Ul0ow*5KsJpdhY7?+EJ`pSqeKV`v>=)iK$s?wA($XzppYW7 zkst$76c`8sHij6WNx~9D03l5YHUUf&G6bSYBeiAJ$Vo!PMFWNmkVXO_z<}a7N)vz) z6Eq1Ks6iMuFhRIT3xj}IlxW+?WS9a9Q3#5gf=HM&VHqVP7&D4w7){|eL;(nf$RdgZ zmq8R4QV4}b$w-1?6p&0t4#6N&8bw0Hwk!*nY(WBSBLWEsk{~1$Miek1Tp(-|NCpeE zXc#Dt(*O{VL}?@@Wt0?V%d~9~F^Cfgiqe22iUb6bqEQM*aRH=A*v4^`Mv++}P#6>} z88$9iGzH5h5dkz{(0_L?IMV;37&Qq%k8jE)b*;kRVax zHb~(zhT67e8?;g4#3T?yN}?ELfD%NAC_)>kkr^jai$svZxL^T5Ex;B5Ot_3729X#k zY7(JL7?X)25-rmfQUMi6Q8EyqsAUi(5aSX|0>>}}!VOs{j?=hF&=MwwANa9;0%e>d z5Urp3p=dkfcCbGYps7ZsY|JgAznT9<+?{&>OP^FV;J6pZLI#K&8m4&iMoIDI-5`TI zb?oOJa4W7pz>@*Xn#FH4_)G89#}%uJ3!R@;j{H$NY-Dwzwb8+9U>=FgBT!|8Ez2)f z+;Gi&h_x#FaE7r$Rm{4$Cy4@6e(r4|oB0lMPGGx{O`%S3x8m5A2g5T z=k+*>cDgrKiQi&=q?D_Bca)2siXm-QPmEh{LGp8@)iI+!vZMNrTMX?Xe zGuxmAD%w055xSrm9Us~K6e0&0qLV)4C_A_m_&^94#xa7lkbtp6JH$}S@Iw&T7BmtC zE7LiyhyZQDBt+}!HZwt?nbHM&K$p}Qgxcz`P|6~B{5ubi+8mIj)Z+7EF!0{$(+rv$ zBbA#6ft!~F>pfE`sTsK6xc~)()wTm%Ugor`cx37&%VSB81V*79)xKHQm|>XEHaIX1 z;Tb5V_+Q&Li-bH40O9QA<%x(wOHYkf<}|$S(Koh_w*gJBCRS6HPzd>^M*$YNon_Ed z!;|8h=vB08Nf78QIgaP-&Co!`>7<-AiU}dPrMNr2x15C1>x)EXU0y|4PTz9TWDSU7 zU2EeFgF|_W9Wm7%h!nC4v7jQ!sA|I* zKQpTil@aZ=egr~4gI)Uj;3WWpXMab_@v7Nh9HmZb3{An<$w6XKzrfaO^ZG7sdGv-B zNjtCiRsIjW!BS)M3Qz40-9=9=Fz1ztP@06gb^tU z3Ok*HsBp}H8t1AMdNs?MTm@p#zD;fS5G{Vx9~x**45Cj%&))_r!{Tj|d3G#B-0=jz z2c3QMn0Ws{r9t&iR3CdnciZB!w9!Z#Ia^$Y3y>vXMGxChh_Q~b%Ox#E$FK1DNC7uH zdMt%jZe~!;aszd!jhw%7d*@Wu2IK4tj~7c!AJ(s& zpbxB}WV+b8<51lVV~osFfO-Ko2dFw#VO&GUv*P6g;0 zs|oq~RF~&0jjTZCboGnU{y0xw-zEaY->n3>~YczH#p!O@TNa zIE3t^U8y(~odP+IIdy9J?>j<2yPi_=0^D$>I{W;W!zVbc1h2!yao*I8E0ayaU|_Z> zuvn4{ApR$KyiohU-MT@| z@~QwoMp{%|IS-BaLvgKJg&?7{TjTlNYD_5*HnH+6nSO1=HW%w*m<^}22o5h=pBa6X ztWvPKh;tVs1$4{{vD-~Qrd`T`HpO}4L1BvP%Q>)d6B*oy**!V`AM2^GI%9$5P=GjL zXhsu7yGs&OCbaIsI%VpYzDQ`st_aCDHPPp=UrYZex>P!|s$MqFMa?1w8wp9wpk|%w zCDEanJNl1lYBu`RF~FAJdWW&B1kjdPg?wDBeEyQ(J;0=2$Wl&_j5-OHc~IrulJmS2 z2&BxF>l{QiHC|AL61LaCv$H>g35j5cEkeb;R{kE&^5rhCWv<|GlE zRA}QVIuDQ576_i+pK-S?yz1SOo^*h*_RNcVgk~kPe_jU@NTv4|)_1nwF=M$Y4rNq$ zp!0kWpFb6yDSh0R^u<59p2!TzurL@HHf|8|{rM$H4w?zUrCERZ^X(MC2ul!maJZrE z_YH!ctk&?g7To*0bPi5o6MJ;&yjPreyD9!7u!@XrD!)Q7wkn6e7@j+FEp-N-B&pKP z%UQvg1q#25j_$cEV=^Px{evEy(b6FKJI~{vcvQs=mLuBHR-O8)o`MWe>cF_#(?GNy zI;g%fI^LSp-vJ2n;euxkheS$E!{$>8&@U7Oj*TgML|`R2=1h+iQA6Cl;&sH$`}+e> zw9v8R$))0kMS1# z%|)>hsv*yAY0SOw5I*`^`qgH(orsm^cH2~t@3^aAuHBFYBJmEtWo-_>Fb?KhH@Gbd zU?tE(YL5eF8h+Ed9#3na`FeRa2@t#DGwCfJ-89HnEx#f(E@gaeUC>s;l_{zhtlnyw zaPzu@`iv|Up`b$-a9~I)xS-++QWzTVD)4pc>}r&9>`D+m%l7)}9~cWrYx8t}tT5$C@oZk;x%}S$rrP%u($EUR*b)tVpg)SbfS$w#gJnq;RIIa65Pi9>iXapCqv$!*!+HxAgN`ZBmwnZ@Pa8WB=w zoLeaF-4F2O$0v(K{$QY4^cNB?#T}W&YCpgs9pX)GBTt$90duL~x>JEGgXl2~e*Z*~ zDVFZAYrje)jad%>e35NS$5eb%HIQeThK&Qh5zr8I19QuyWH~*`TAL;#q$cb8QEMXW zWJ8to_pPS9#)CV+_*|yCX5|;+-{IiG-wFGY1}+J3H=ElaP5x%|6)s?qw#|;fEOH{D zi`V)$g?N<7)aNT3U%lD0Rzy{C84Wp363`z!YGYo8PwP^%b>eD;Ipv=uqz#L_46Ig- z{q5*GPH5ML?ABLPwCW9gQ13Fqjx$m`b5+wwd?3G+~)sE&}|Ulx=h~#(pC9_ z4BbIL{uwfDcGil-tT$xr$HlzylN&EGH;}Py78RAQut*xe6*vWMCCQopdPm|eA{^PG zy(1*Y-liX#_+mhP&^#Oy#&^vq$Kl=N(ir!|zx;onk&C(%!|>3yXO5bn04Dy+*+Hr}q`X$b;+$ zmYgZGsK#19s!N{D5#)od!mo#BVo)}5D0d-?CbSav5f;NB%Us#RJM-p z#MFsP#I9{4r*DLMbhHGwVSw?mpO3qW?hw&=g`m6~!*<0oE7Q?#V*RaEJ86a7JMX4& z+*HaLz<8NO=hmUf14+Se#hLr&uA~ONj%`3E)UUe1RqFo5Yc9qO$J?P$P M74R&L%dm%#Pq*w9F8}}l literal 0 HcmV?d00001 diff --git a/certs/mldsa/mldsa87_seed-priv.der b/certs/mldsa/mldsa87_seed-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..9b994e5c579e22756ee2eaffaff50dbed2f6931b GIT binary patch literal 4962 zcmV-o6P@fZf)ic>0RS)y1_@w>NC9O71OpQUf)h$Gf)hprAhKFAk#z_iHho72+q^Kw z6P@mpz${H%Xwn|5Y>yG_LIi>nAexXqrkIfK`!^)NbVxRxaQX8Pyg#Eh#gbaefEMYk z;b26~_g-WJlRGyazY4M54Tg*liFSjouYL>T)GKmhkmd`7r7vHFxm;bn#LjcaMCS{` zsPM2_pxtM@lu#0>7`3U;-r84HEPnh%!_*Mg0V%|y+o@itaOHUbj?=`Ez@h|9 z1T0CmaTBaC%fku$q zB1RY!EX0;5K$wY?!Yml4gaalC5;H&`hY(3XkjtcL0z)Va2m;##X2O;+97bhiHies* zC{U;nNeFHjkq{vwO(GKo+K_Fe1VU0GY|^L!ga85oFb09ZgakQITf|9(0Ez;LV2lz# z5Jdpu0ASbvDd0wkL%3)oMJ*6X1Y8ghAvZ-46>(4)Mk2|Di%1E8C~?UMG8z#k^io3;_emWUI`OcS(#n8bzDI4TQ=36vCI z8mC~|7>F2_NeT%i6B8^$kc|?iXagCHpfEwyCP)z@h0(Bp0-`X;sD+FIU;#xEL&8zy z5((I}ERzIMkN^M#rYXrrg;W4BVhE9&wqX*23?exw86bfY7$$_kga8*H3js(NCL#hQ z0T4z>iV_A$gn&>MX%Z0+^Wy3@fQ4oaV zGLTvbWl1(J3&#OdKxWyZfFUG>!om&WvS|vXk>fT6Nk&Y-w1nUif(rm?fiQ}Qs9}_( z2@$u9loSdS06-G4a1tm)Qh-gM772rtNfDSS38!SqMt~BvaDxCa%9cqGIUov0X(1*q z69Wh%#gQYh5S&B=V1y;2G>jC&NlZuui;yKm#Ay={Z6HP@Ne~VJNFd`vjgpXz7(_rM zLSmCbNyLDR03i|>5owZ!fdn*ilcppbGi{8xWEmET!9Yn;Bv4bRWm}?=5u|JZI1S7c z0TeTc8%azdAW`6`fk8GTjL3q~k1|}dABw!E>l)z~u7irRjZ3sY((ZDbvmLOEX0Rcrwi!wlC zA^=1*VhXtl%mRYg2!@kFEX)9b(h!6UGhq`LG7K~9HmUj0AS=4Fc~vKAgGK{AcjDMG21YZ zVYGz+qJhe?Es8cSQ$i(>0w5FuUp09003e(Bw_+8 zoD`A)I4FV?0YL~3#5f3uHi%l5krWpoloT=ml?78GaEwBTSV$yPkTC)k3PdDr6aWMn zLx!0GkrEI{3IK*1gdqa}0s+KulL7%5gdo_qLDHg$pfXSiIBXQKF(Ec(AeNAUL}j2x zE*da~$T(7vf()Pr5lBXCoDhPFrad-VCV+uJEfNGOOek#=6#^Wza0wM4fG8@FFd`d}fC$8aA|-}e6eMA$gj1x5N)&N| z0wsZx5dt=dfk;3Tmqi321_`u~%(f{Ar;!mz0e3{voa<97a5{546ky3V+|reB1fL_F z^-OXd*We(xvMcyGf*cu;qXHu&b_)87=@v8GF?$9&u4AxhMhzu(zq6{{&G0Y;9dM$u z{W2N#`ROCvK_+XBc~FXy6-xkijl zt*pBF%^?T)#Bw<-kntidA|loQzOQv>-ro)tDOJ2EQHEB4Mi*|wu!=368=u%UuEc5w z-eVa{;0E#$HNhe)dZ~hgOE5_h3``~2g5oIpa;7D{eveBnhtoE3@&?>B1R{!&6h^Jm z*amw9$LQo9hR|pSa{UWReC!W~FBf-7=C^+hzVh9>;w;oY>-M$RnJ9i_)Zw`-+dhLt z$|Wi@o({T86rphx0{=ad)?In;`^2Ci>mQHtoq(&KcV?>D8T8pF4U*E-0JgsPEF=vO z&Yx+3qwK(20_MusTZx2t*OzV1PeM6N(%v%+iOkrAYdyb?qI>@)y2(E*l-mM#JM~3+ETYqJIy3FUKpoU`^))R$?>Zvt&>!wM8~|!BED% z{>G+5_=j~0`-~DuEMAwk$ARHH3&||#68QcqP?OkPC`=nqGB60J8k2-)xq4g*+W&OV zVJ9Ij@&N13yucfkFxyJa779}$K{aGT*bUa<~*!fSb7*Rhoe zTE6$Cm@1@1Q$t6-Jv_!b5e>i1UHcIFcV={eBM+ZDP6?h1I5tRcjXh;ar z=k}^_g6?)j_Sv-@tW9OB@1C)M8Sb1XiXEEZOsaS=n-UO2owz9-_yHq;FU7o~F}x~x z#Wp^cPo84@$7A6rYsM-n4^L--oSGfKG?6h9e~2K=38u89IW`{^_bz10LsZQd>{GW= z=*q`cLy{A|sy2d7a)rm2koE&kak_9!>p4tj+IZ*a@%a~Jlp_*3SAjks#5f6-u#29r zc4ltPehcFn9-7Jy$t6+99|VQ5L1i*$<{3UR$_{5O&PQ@Zd<|V6S@FdO-;A0c@O93u zF@sjW@@3K$NwHLI=UB;rlJHQU>i?UlH=x}XkaDk4A@Ly%7mUQc;>$aMv$lI%zMWg` z^=KA0$G@|E0UCl&?KbrLd0}RW*KhJ_kBY+-iX;k5#b)EkRLn1pP?Pz!YMLS=O1`+_ zQ=O{#P}`Hkkl@&~RAReRJK32;nll^SNHH4(w5H5J1HNc_9PuXl`%02rx*}JNIy5hh zmdL%v^{W2Cmqh4jvUcHROcorr$$dN|-L*LIVitfXLei}(f=euHXScB>O#cho_KBB> zzeZG8_`p`{eK97k)z+8p?zk3Fje5{C_mk{dhwG`5&e$=lDe3m7O*4(u=YAL{d_CoZ zpm~5{c|+rgSJ#yxn>m>ZCko_=$@Zdgm7NJq&b2G{R+3rAip2f5lwl%Qa~`6es-j&7 zrb{-q0{m*x`&$54ygxZ4d~b)21_nM?G2bQ;OyLnM2%P=e1aGyfKHJg|{I2h~?tqs} z?~2QFNQ4R&g%`1go_()o?91@gX(|;|IH>CZx)5x0LNbwWhdyUu z;X^a#LIVy@>@r2g$@rg<@?x9S-u8$8b#!MxOdX}|PsUObrdJl#`1)PL!wv$r>QGsU z^soO$*O3Z;~o;<W<5isU5x17W&nQW|rg3EvG(G+xWD1H8sc29^L`wiGi}@9q-GQWyW8;TJyh)l}t>1 zbv`WU{KoofskF`1j9Q3K2(!7ZV%j=0YDC!Aj28qE_|W{EX{A~G+OM=uPckm@1~!QlZajnp$knOmb`ft zE_|Gy`!y%J?=VmHducZ7uDdxnJUo{nQ#4N1wpgw6JWtyL-R&(`FBWo01DA5EH2Vs?B`3!b7 zm$+25@0FNhjZa0wgakg8bi^1aG($*k-3m$?3YB|7KstC=L9(uo&K{a{VYEVaWITSI zxh(+=@EC#Zk6fs;S7v@;$T}CBeAFsew|DcC+lx7%6bO8Sjny?v&}sI3lZ3Ms%0$?R z_(v_0Gz`kYjXLJV9D{NDO!uy;s5I|GM~?_oJM8918N9szm#wloV#X=V+l$zCK+zQK z>*z_NZLy@ydv-rh-!{fM*w8$szg>ghS>^ZT6UQRc5-N81Orwfr{g@!R|0ZES_sI$f z!=0>N=|s^a@C|?9BF%4FC{R7L@}Y!rDmd6L8HT7^&=E_^jeWRkJn&fI;m37ni`+zEyNyb}9xF)@9`?1?~Y6DH3XN zeA>$*nF;MSRNwRk&3+P9HfB{BR6F8KHa={WH7>elY|}T7u-;b(ZjODxoSb4}lHbskS38(xxvB&kno|?iMwe1sGqVk+`ibhmBIa5r+wDt zn{U=j``Ou59=m3cmUXWMs#-8(H44$3RlY>A6it%kbAkXiO#zw<#rHM~7!*eiuF=8&a0`s~!G;6Dn2tBL2~g`f%1Ly|wn{|Ys0eWZJa ztg|Rfk@G1N7d$&6Ih!M)NhOoi^_@1&%9-&}%fa2;ZSop2t{RiP+RVp43CY)(o~-x+ z|2K4n)}87%tN_<2n0h_dWAsWyvJPN+*ENa#tX{f#2Vfv4`Kzt48!td%Lgb?W4}fGA zk!07+TAdhckT2r!%ifgBy6d4E;Xu(FV@hdQoyjxk>;wxJL2sUm`k;6>c3~fNC4pS7 zxSOBAQv>Nz74pGK#a!D&e$tzPB0e9XB#si31^BcIxBm4s4(5LQ`EW|T)1xjFI(QZ2 zem-G>@zP3kvu|=n9n}-IudTC;bkYfwi>7mFn+(h2{BcoaVV%$|NEU|=Xv(Weo$dIg zd1A)Lf74ebHrJTveQ@DUdVW-bT+Ex^MBr%GCRsqT!IsVLQwso|OQgb!1z)-7Nm_7K g!))siQQ{0JopA9NGzb0m*x&Xbg_$^^RF&(gYPqqw5C8xG literal 0 HcmV?d00001 diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 873a085c9..445412cff 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -3004,8 +3004,13 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + 0 ), BAD_FUNC_ARG); +#else ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, 0 ), 0); +#endif ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, @@ -3015,13 +3020,23 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); +#else ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), privDerLen); +#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, 0 ), + BAD_FUNC_ARG); +#else ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), 0 ); +#endif ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), @@ -3031,8 +3046,13 @@ int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), WC_NO_ERR_TRACE(BUFFER_E)); /* Get length only. */ +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); +#else ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), keyDerLen); +#endif ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); @@ -3081,15 +3101,25 @@ int test_wc_dilithium_der(void) idx = 0; ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); +#else ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), privDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); +#endif +#ifndef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + BAD_FUNC_ARG); +#else ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), keyDerLen); idx = 0; ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); +#endif wc_dilithium_free(key); @@ -3097,6 +3127,8 @@ int test_wc_dilithium_der(void) XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + (void)keyDerLen; #endif return EXPECT_RESULT(); } @@ -16658,7 +16690,219 @@ int test_wc_dilithium_verify_kats(void) return EXPECT_RESULT(); } -int test_mldsa_pkcs8(void) +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) +static struct { + const char* fileName; + byte level; + /* 0: Unsupported, 1: Supported*/ + int p8_lv; /* Support PKCS8 format with specifying level */ + int p8_nolv; /* Support PKCS8 format without specifying level */ + int trad_lv; /* Support traditional format with specifying level */ + int trad_nolv; /* Support traditional format without specifying level */ +} ossl_form[] = { + /* + * Generated test files with the following commands: + * openssl genpkey -outform DER -algorithm ${ALGO} \ + * -provparam ml-dsa.output_formats=${OUT_FORM} -out ${OUT_FILE} + */ + + /* ALGO=ML-DSA-44, OUT_FORM=seed-only, OUT_FILE=mldsa44_seed-only.der */ + {"certs/mldsa/mldsa44_seed-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=priv-only, OUT_FILE=mldsa44_priv-only.der */ + {"certs/mldsa/mldsa44_priv-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=seed-priv, OUT_FILE=mldsa44_seed-priv.der */ + {"certs/mldsa/mldsa44_seed-priv.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=oqskeypair, OUT_FILE=mldsa44_oqskeypair.der */ + {"certs/mldsa/mldsa44_oqskeypair.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-seed, OUT_FILE=mldsa44_bare-seed.der */ + {"certs/mldsa/mldsa44_bare-seed.der", WC_ML_DSA_44, 0, 0, 0, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-priv, OUT_FILE=mldsa44_bare-priv.der */ + {"certs/mldsa/mldsa44_bare-priv.der", WC_ML_DSA_44, 0, 0, 0, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=seed-only, OUT_FILE=mldsa65_seed-only.der */ + {"certs/mldsa/mldsa65_seed-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=priv-only, OUT_FILE=mldsa65_priv-only.der */ + {"certs/mldsa/mldsa65_priv-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=seed-priv, OUT_FILE=mldsa65_seed-priv.der */ + {"certs/mldsa/mldsa65_seed-priv.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=oqskeypair, OUT_FILE=mldsa65_oqskeypair.der */ + {"certs/mldsa/mldsa65_oqskeypair.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-seed, OUT_FILE=mldsa65_bare-seed.der */ + {"certs/mldsa/mldsa65_bare-seed.der", WC_ML_DSA_65, 0, 0, 0, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-priv, OUT_FILE=mldsa65_bare-priv.der */ + {"certs/mldsa/mldsa65_bare-priv.der", WC_ML_DSA_65, 0, 0, 0, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=seed-only, OUT_FILE=mldsa87_seed-only.der */ + {"certs/mldsa/mldsa87_seed-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=priv-only, OUT_FILE=mldsa87_priv-only.der */ + {"certs/mldsa/mldsa87_priv-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=seed-priv, OUT_FILE=mldsa87_seed-priv.der */ + {"certs/mldsa/mldsa87_seed-priv.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=oqskeypair, OUT_FILE=mldsa87_oqskeypair.der */ + {"certs/mldsa/mldsa87_oqskeypair.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-seed, OUT_FILE=mldsa87_bare-seed.der */ + {"certs/mldsa/mldsa87_bare-seed.der", WC_ML_DSA_87, 0, 0, 0, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-priv, OUT_FILE=mldsa87_bare-priv.der */ + {"certs/mldsa/mldsa87_bare-priv.der", WC_ML_DSA_87, 0, 0, 0, 0} +}; +#endif + +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void) +{ + EXPECT_DECLS; + +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + FILE* fp = NULL; + word32 inOutIdx = 0; + word32 inOutIdx2 = 0; + dilithium_key key; + int expect = 0; + int pkeySz = 0; + byte level = 0; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* Specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_lv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_nolv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_lv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_nolv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_import_OpenSSL_form(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + WOLFSSL_CTX* ctx = NULL; + FILE* fp = NULL; +#ifdef WOLFSSL_DER_TO_PEM + byte* pem = NULL; + size_t pemMaxSz = ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE; + size_t pemSz = 0; +#endif /* WOLFSSL_DER_TO_PEM */ + int expect = 0; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#ifdef WOLFSSL_DER_TO_PEM + ExpectNotNull(pem = (byte*) XMALLOC(pemMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#endif /* WOLFSSL_DER_TO_PEM */ + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* DER */ + expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : WOLFSSL_BAD_FILE; + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), expect); + +#ifdef WOLFSSL_DER_TO_PEM + /* PEM */ + ExpectIntGT(pemSz = wc_DerToPem(der, (word32)derSz, pem, + (word32)pemMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + expect = ossl_form[i].p8_nolv ? WOLFSSL_SUCCESS : ASN_PARSE_E; + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, + WOLFSSL_FILETYPE_PEM), expect); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_DER_TO_PEM + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_DER_TO_PEM */ +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_export_import_wolfSSL_form(void) { EXPECT_DECLS; #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ @@ -16666,7 +16910,7 @@ int test_mldsa_pkcs8(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_NO_ASN1) + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) WOLFSSL_CTX* ctx = NULL; size_t i; @@ -16676,10 +16920,8 @@ int test_mldsa_pkcs8(void) byte* temp = NULL; /* Store PEM or intermediate key */ word32 derSz = 0; word32 pemSz = 0; - word32 keySz = 0; dilithium_key mldsa_key; WC_RNG rng; - word32 size; int ret; struct { @@ -16746,43 +16988,6 @@ int test_mldsa_pkcs8(void) ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#ifdef WOLFSSL_DER_TO_PEM - ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, - PKCS8_PRIVATEKEY_TYPE), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - /* Test private + public key (integrated format) */ - for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { - ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), - 0); - ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - - if (EXPECT_FAIL()) - break; - - keySz = 0; - temp[0] = 0x04; /* ASN.1 OCTET STRING */ - temp[1] = 0x82; /* 2 bytes length field */ - temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ - temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ - keySz += 4; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, - &size), 0); - keySz += size; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), - 0); - keySz += size; - derSz = derMaxSz; - ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, - test_variant[i].oidSum, NULL, 0), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_DER_TO_PEM ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h index d1322e571..488c3a2b3 100644 --- a/tests/api/test_mldsa.h +++ b/tests/api/test_mldsa.h @@ -35,22 +35,26 @@ int test_wc_dilithium_der(void); int test_wc_dilithium_make_key_from_seed(void); int test_wc_dilithium_sig_kats(void); int test_wc_dilithium_verify_kats(void); -int test_mldsa_pkcs8(void); +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void); +int test_mldsa_pkcs8_import_OpenSSL_form(void); +int test_mldsa_pkcs8_export_import_wolfSSL_form(void); int test_mldsa_pkcs12(void); -#define TEST_MLDSA_DECLS \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ - TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8), \ +#define TEST_MLDSA_DECLS \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12) #endif /* WOLFCRYPT_TEST_MLDSA_H */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bea0cd351..9700eb510 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -36991,6 +36991,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, /* ASN.1 template for a general asymmetric private key: Ed25519, Ed448, * falcon, dilithium, etc. * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING) + * Check draft-ietf-lamps-dilithium-certificates of draft RFC also. */ static const ASNItem privateKeyASN[] = { /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, @@ -37001,9 +37002,13 @@ static const ASNItem privateKeyASN[] = { /* PKEYALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, /* privateKey */ /* PKEY */ { 1, ASN_OCTET_STRING, 0, 1, 0 }, - /* CurvePrivateKey */ + /* CurvePrivateKey */ /* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 2 }, -/* PKEY_MLDSASEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 }, +/* PKEY_SEED_ONLY */ { 2, ASN_CONTEXT_SPECIFIC | ASN_PKEY_SEED, + 0, 0, 2 }, +/* PKEY_BOTH_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 2 }, +/* PKEY_BOTH_SEED */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, +/* PKEY_BOTH_KEY */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, /* attributes */ /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 }, /* publicKey */ @@ -37016,7 +37021,10 @@ enum { PRIVKEYASN_IDX_PKEYALGO_OID, PRIVKEYASN_IDX_PKEY, PRIVKEYASN_IDX_PKEY_CURVEPKEY, - PRIVKEYASN_IDX_PKEY_MLDSASEQ, + PRIVKEYASN_IDX_PKEY_SEED_ONLY, + PRIVKEYASN_IDX_PKEY_BOTH_SEQ, + PRIVKEYASN_IDX_PKEY_BOTH_SEED, + PRIVKEYASN_IDX_PKEY_BOTH_KEY, PRIVKEYASN_IDX_ATTRS, PRIVKEYASN_IDX_PUBKEY }; @@ -37033,9 +37041,11 @@ enum { int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, + const byte** seed, word32* seedLen, const byte** privKey, word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, int* inOutKeyType) { + int allowSeed = 0; #ifndef WOLFSSL_ASN_TEMPLATE word32 oid; int version, length, endKeyIdx, privSz, pubSz; @@ -37048,14 +37058,27 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, #endif if (input == NULL || inOutIdx == NULL || inSz == 0 || - privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) { + privKey == NULL || privKeyLen == NULL || + pubKey == NULL || pubKeyLen == NULL || + inOutKeyType == NULL) { #ifdef WOLFSSL_ASN_TEMPLATE FREE_ASNGETDATA(dataASN, NULL); #endif return BAD_FUNC_ARG; } + if ((seed == NULL && seedLen != NULL) || + (seed != NULL && seedLen == NULL)) { + return BAD_FUNC_ARG; + } + + allowSeed = (seed != NULL && seedLen != NULL); #ifndef WOLFSSL_ASN_TEMPLATE + /* The seed can't be parsed without WOLFSSL_ASN_TEMPLATE */ + if (allowSeed) { + return ASN_PARSE_E; + } + if (GetSequence(input, inOutIdx, &length, inSz) >= 0) { endKeyIdx = (int)*inOutIdx + length; @@ -37083,13 +37106,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, return ASN_PARSE_E; if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) { - if (oid != ML_DSA_LEVEL2k && oid != ML_DSA_LEVEL3k && - oid != ML_DSA_LEVEL5k) { - return ASN_PARSE_E; - } - if (GetSequence(input, inOutIdx, &privSz, inSz) < 0) { - return ASN_PARSE_E; - } + return ASN_PARSE_E; } priv = input + *inOutIdx; @@ -37150,53 +37167,69 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, } /* Parse full private key. */ - ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, input, - inOutIdx, inSz); - if (ret != 0) { - /* Parse just the OCTET_STRING. */ + ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1, + input, inOutIdx, inSz); + if (ret == 0) { + /* Store detected OID if requested */ + if (ret == 0 && *inOutKeyType == ANONk) { + *inOutKeyType = + (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } + } + /* Parse traditional format (a part of full private key). */ + else if (ret != 0) { ret = GetASN_Items(&privateKeyASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], - &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input, - inOutIdx, inSz); + &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], + PRIVKEYASN_IDX_ATTRS - PRIVKEYASN_IDX_PKEY_CURVEPKEY, 0, + input, inOutIdx, inSz); if (ret != 0) { ret = ASN_PARSE_E; } } - - /* Store detected OID if requested */ - if (ret == 0 && *inOutKeyType == ANONk) { - *inOutKeyType = - (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } + if (ret == 0) { + /* priv-only */ + if (dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { + if (allowSeed) { + *seedLen = 0; + *seed = NULL; + } + *privKeyLen + = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; } - } - if (ret == 0 && dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { - /* Import private value. */ - *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; - } - else if (ret == 0 && - dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { - if (*inOutKeyType != ML_DSA_LEVEL2k && - *inOutKeyType != ML_DSA_LEVEL3k && - *inOutKeyType != ML_DSA_LEVEL5k) { - ret = ASN_PARSE_E; + /* seed-only */ + else if (allowSeed && + dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length != 0) { + *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length; + *seed = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.data; + *privKeyLen = 0; + *privKey = NULL; + } + /* seed-priv */ + else if (allowSeed && + dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEQ].data.ref.length != 0) { + *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.length; + *seed = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.data; + *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.length; + *privKey = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.data; } else { - /* Import private value. */ - *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; - *privKey = dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; + ret = ASN_PARSE_E; } } - if ((ret == 0) && dataASN[PRIVKEYASN_IDX_PUBKEY].tag == 0) { - /* Set public length to 0 as not seen. */ - if (pubKeyLen != NULL) - *pubKeyLen = 0; - } - else if (ret == 0) { - /* Import public value. */ - if (pubKeyLen != NULL) + + if (ret == 0) { + if (dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length != 0) { + /* Import public value. */ *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length; - if (pubKey != NULL && pubKeyLen != NULL) *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data; + } + else { + /* Set public length to 0 as not seen. */ + *pubKeyLen = 0; + *pubKey = NULL; + } } FREE_ASNGETDATA(dataASN, NULL); @@ -37219,8 +37252,8 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, } if (ret == 0) { - ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr, - &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, NULL, NULL, + &privKeyPtr, &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); } if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) { ret = BUFFER_E; @@ -37550,6 +37583,11 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, } #ifndef WOLFSSL_ASN_TEMPLATE + if (privKeyLen >= 128 || pubKeyLen >= 128) { + /* privKeyLen and pubKeyLen are assumed to be less than 128 */ + return BAD_FUNC_ARG; + } + /* calculate size */ if (pubKey) { pubSz = 2 + pubKeyLen; @@ -37606,10 +37644,11 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, oidKeyType); /* Leave space for private key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); + /* Don't write ML-DSA specific things. */ + SetASNItem_NoOut(dataASN, PRIVKEYASN_IDX_PKEY_SEED_ONLY, + PRIVKEYASN_IDX_ATTRS); /* Don't write out attributes. */ dataASN[PRIVKEYASN_IDX_ATTRS].noOut = 1; - /* Don't write sequence. */ - dataASN[PRIVKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; if (pubKey) { /* Leave space for public key. */ SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PUBKEY], NULL, pubKeyLen); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index ac8e5d810..ea0219c48 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9659,31 +9659,6 @@ int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) -/* OCT OCT */ -#define ALT_PRIV_DER_PREFIX (2 + 32 + 4) -/* SEQ [ OCT OCT ] */ -#define ALT_PRIV_DER_PREFIX_SEQ (4 + 2 + 32 + 4) - -/* Get the private only key size for the ML-DSA level/parameter id. - * - * @param [in] level Level of the ML-DSA key. - * @return Private key only encoding size for key level on success. - * @return 0 on failure. - */ -static word32 dilithium_get_priv_size(int level) -{ - switch (level) { - case WC_ML_DSA_44: - return ML_DSA_LEVEL2_KEY_SIZE; - case WC_ML_DSA_65: - return ML_DSA_LEVEL3_KEY_SIZE; - case WC_ML_DSA_87: - return ML_DSA_LEVEL5_KEY_SIZE; - default: - return 0; - } -} - /* Decode the DER encoded Dilithium key. * * @param [in] input Array holding DER encoded data. @@ -9708,11 +9683,14 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz) { int ret = 0; + const byte* seed = NULL; const byte* privKey = NULL; const byte* pubKey = NULL; + word32 seedLen = 0; word32 privKeyLen = 0; word32 pubKeyLen = 0; int keyType = 0; + int autoKeyType = ANONk; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -9756,34 +9734,45 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Decode the asymmetric key and get out private and public key data. */ +#ifndef WOLFSSL_ASN_TEMPLATE ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, + NULL, NULL, &privKey, &privKeyLen, - &pubKey, &pubKeyLen, &keyType); - if (ret == 0 -#ifdef WOLFSSL_WC_DILITHIUM - && key->params == NULL -#endif - ) { + &pubKey, &pubKeyLen, &autoKeyType); +#else + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, + &seed, &seedLen, + &privKey, &privKeyLen, + &pubKey, &pubKeyLen, &autoKeyType); +#endif /* WOLFSSL_ASN_TEMPLATE */ + } + + if (ret == 0) { + if (keyType == ANONk && autoKeyType != ANONk) { /* Set the security level based on the decoded key. */ - ret = mapOidToSecLevel(keyType); + ret = mapOidToSecLevel(autoKeyType); if (ret > 0) { ret = wc_dilithium_set_level(key, (byte)ret); } } - /* If it failed to decode try alternative DER encoding. */ - else if (ret != 0) { - word32 levelSize = dilithium_get_priv_size(key->level); - privKey = input + *inOutIdx; - privKeyLen = inSz - *inOutIdx; - - /* Check for an alternative DER encoding. */ - if (privKeyLen == ALT_PRIV_DER_PREFIX_SEQ + levelSize) { - privKey += ALT_PRIV_DER_PREFIX_SEQ; - privKeyLen -= ALT_PRIV_DER_PREFIX_SEQ; + else if (keyType != ANONk && autoKeyType != ANONk) { + if (keyType == autoKeyType) ret = 0; - } + else + ret = ASN_PARSE_E; + } + else if (keyType != ANONk && autoKeyType == ANONk) { + ret = 0; + } + else { /* keyType == ANONk && autoKeyType == ANONk */ + /* + * When decoding traditional format with not specifying a level will + * cause this error. + */ + ret = ASN_PARSE_E; } } + if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) @@ -9828,32 +9817,39 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; } - else { - word32 levelSize = dilithium_get_priv_size(key->level); - - if (privKeyLen == ALT_PRIV_DER_PREFIX + levelSize) { - privKey += ALT_PRIV_DER_PREFIX; - privKeyLen -= ALT_PRIV_DER_PREFIX; - } - } } if (ret == 0) { - /* Check whether public key data was found. */ -#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) - if (pubKeyLen == 0) + /* Generate a key pair if seed exists and decoded key pair is ignored */ + if (seedLen != 0) { +#if defined(WOLFSSL_WC_DILITHIUM) + if (seedLen == DILITHIUM_SEED_SZ) { + ret = wc_dilithium_make_key_from_seed(key, seed); + } + else { + ret = ASN_PARSE_E; + } +#else + ret = NOT_COMPILED_IN; #endif - { - /* No public key data, only import private key data. */ - ret = wc_dilithium_import_private(privKey, privKeyLen, key); } #if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) - else { + /* Check whether public key data was found. */ + else if (pubKeyLen != 0 && privKeyLen != 0) { /* Import private and public key data. */ ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey, pubKeyLen, key); } #endif + else if (pubKeyLen == 0 && privKeyLen != 0) + { + /* No public key data, only import private key data. */ + ret = wc_dilithium_import_private(privKey, privKeyLen, key); + } + else { + /* Not a problem of ASN.1 structure, but the contents is invalid */ + ret = ASN_PARSE_E; + } } (void)pubKey; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b86ac6f56..3b03179ba 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -46932,7 +46932,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, int isPublicOnlyKey) { int ret = 0; -#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) /* Size the buffer to accommodate the largest encoded key size */ const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE; word32 derSz; @@ -46982,7 +46982,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, #endif } -#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) /* Export raw key as DER */ if (ret == 0) { #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY @@ -47056,7 +47056,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, ret = WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ -#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */ /* Cleanup */ wc_dilithium_free(key); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 2657bbc06..74a849fbc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -204,7 +204,10 @@ enum ASN_Tags { /* OneAsymmetricKey Fields */ ASN_ASYMKEY_ATTRS = 0x00, - ASN_ASYMKEY_PUBKEY = 0x01 + ASN_ASYMKEY_PUBKEY = 0x01, + + /* PKEY Fields */ + ASN_PKEY_SEED = 0x00 }; /* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified @@ -2727,8 +2730,9 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, - word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey, - word32* pubKeyLen, int* inOutKeyType); + word32 inSz, const byte** seed, word32* seedLen, const byte** privKey, + word32* privKeyLen, const byte** pubKey, word32* pubKeyLen, + int* inOutKeyType); WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,