From a9209858758bf63058fcfb07033de4c4e4eb96ce Mon Sep 17 00:00:00 2001 From: Bas Westerbaan Date: Wed, 3 Jul 2024 18:15:00 +0200 Subject: [PATCH] tls: add eddilithium2 support and fix eddilithium3 (#176) Closes #175 We didn't move from eddilithium3 to eddilithium2 when dilithium3 was renamed to dilithium3. --- src/crypto/tls/common.go | 1 + src/crypto/tls/tls_cf.go | 2 ++ src/crypto/tls/tls_cf_circl_test.go | 8 ++++---- src/crypto/x509/x509.go | 5 ++++- src/crypto/x509/x509_cf.go | 2 ++ 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index bc0b5b34da0..60c3b2d0883 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -190,6 +190,7 @@ const ( signatureRSAPSS signatureECDSA signatureEd25519 + signatureEdDilithium2 signatureEdDilithium3 ) diff --git a/src/crypto/tls/tls_cf.go b/src/crypto/tls/tls_cf.go index 8160be09879..620615d8527 100644 --- a/src/crypto/tls/tls_cf.go +++ b/src/crypto/tls/tls_cf.go @@ -6,6 +6,7 @@ package tls import ( circlPki "github.com/cloudflare/circl/pki" circlSign "github.com/cloudflare/circl/sign" + "github.com/cloudflare/circl/sign/eddilithium2" "github.com/cloudflare/circl/sign/eddilithium3" ) @@ -20,6 +21,7 @@ var circlSchemes = [...]struct { sigType uint8 scheme circlSign.Scheme }{ + {signatureEdDilithium2, eddilithium2.Scheme()}, {signatureEdDilithium3, eddilithium3.Scheme()}, } diff --git a/src/crypto/tls/tls_cf_circl_test.go b/src/crypto/tls/tls_cf_circl_test.go index e731e8b2f60..f70ee0ad788 100644 --- a/src/crypto/tls/tls_cf_circl_test.go +++ b/src/crypto/tls/tls_cf_circl_test.go @@ -13,11 +13,11 @@ import ( "time" "github.com/cloudflare/circl/sign" - "github.com/cloudflare/circl/sign/eddilithium3" + "github.com/cloudflare/circl/sign/eddilithium2" ) func TestPQSignatureSchemes(t *testing.T) { - pqCert := createPQCert(t, eddilithium3.Scheme()) + pqCert := createPQCert(t, eddilithium2.Scheme()) rsaCert := Certificate{ Certificate: [][]byte{testRSACertificate}, PrivateKey: testRSAPrivateKey, @@ -47,13 +47,13 @@ func TestPQSignatureSchemes(t *testing.T) { clientPQ: true, serverPQ: false, serverCerts: pqAndRsaCerts, - expectedCertSigAlg: x509.PureEdDilithium3, + expectedCertSigAlg: x509.PureEdDilithium2, }, { clientPQ: true, serverPQ: true, serverCerts: pqAndRsaCerts, - expectedCertSigAlg: x509.PureEdDilithium3, + expectedCertSigAlg: x509.PureEdDilithium2, }, { clientPQ: true, diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index a60d9f38c38..194a18c88a0 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -241,6 +241,7 @@ const ( SHA384WithRSAPSS SHA512WithRSAPSS PureEd25519 + PureEdDilithium2 PureEdDilithium3 ) @@ -270,6 +271,7 @@ const ( DSA // Only supported for parsing. ECDSA Ed25519 + EdDilithium2 EdDilithium3 ) @@ -278,7 +280,8 @@ var publicKeyAlgoName = [...]string{ DSA: "DSA", ECDSA: "ECDSA", Ed25519: "Ed25519", - EdDilithium3: "Ed25519-Dilithium3", + EdDilithium2: "Ed25519-Dilithium2", + EdDilithium3: "Ed448-Dilithium3", } func (algo PublicKeyAlgorithm) String() string { diff --git a/src/crypto/x509/x509_cf.go b/src/crypto/x509/x509_cf.go index aab1c6480c0..43446318cb2 100644 --- a/src/crypto/x509/x509_cf.go +++ b/src/crypto/x509/x509_cf.go @@ -7,6 +7,7 @@ import ( circlPki "github.com/cloudflare/circl/pki" circlSign "github.com/cloudflare/circl/sign" "github.com/cloudflare/circl/sign/eddilithium3" + "github.com/cloudflare/circl/sign/eddilithium2" ) // To add a signature scheme from Circl @@ -21,6 +22,7 @@ var circlSchemes = [...]struct { alg PublicKeyAlgorithm scheme circlSign.Scheme }{ + {PureEdDilithium2, EdDilithium2, eddilithium2.Scheme()}, {PureEdDilithium3, EdDilithium3, eddilithium3.Scheme()}, }