liboqs: add RNG support for dilithium

Added a RNG argument to the wc_dilithium_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>

Author: Frauschi

src/tls13.c

@@ -8896,7 +8896,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
                                          args->verify + HASH_SIG_SIZE +
                                          VERIFY_HEADER, (word32*)&sig->length,
-                                         (dilithium_key*)ssl->hsKey);
+                                         (dilithium_key*)ssl->hsKey, ssl->rng);
                 args->length = (word16)sig->length;
             }
             #endif

wolfcrypt/benchmark/benchmark.c

@@ -11909,7 +11909,7 @@ void bench_dilithiumKeySign(byte level)
                     x = DILITHIUM_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_dilithium_sign_msg failed\n");
                 }

wolfcrypt/src/asn.c

@@ -28906,7 +28906,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             dilithiumKey) {
             word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey);
+            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
             if (ret == 0)
                 ret = outSz;
         }

wolfcrypt/src/dilithium.c

@@ -59,7 +59,7 @@
  */
 int wc_dilithium_sign_msg(const byte* in, word32 inLen,
                           byte* out, word32 *outLen,
-                          dilithium_key* key)
+                          dilithium_key* key, WC_RNG* rng)
 {
     int ret = 0;
 #ifdef HAVE_LIBOQS
@@ -107,6 +107,10 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -117,6 +121,8 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }

wolfssl/wolfcrypt/dilithium.h

@@ -35,6 +35,7 @@
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -84,7 +85,7 @@ struct dilithium_key {
 
 WOLFSSL_API
 int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       dilithium_key* key);
+                       dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, dilithium_key* key);