diff --git a/docs/PQ.md b/docs/PQ.md index ab1c54ab44..88e2f9be7d 100644 --- a/docs/PQ.md +++ b/docs/PQ.md @@ -8,8 +8,7 @@ approved PQ signature algorithms: - LMS/HSS: https://csrc.nist.gov/projects/stateful-hash-based-signatures - XMSS/XMSS^MT: https://csrc.nist.gov/projects/stateful-hash-based-signatures -ML-DSA is a PQ lattice-based algorithm, derived from -CRYSTALS-DILITHIUM (a round three NIST finalist). +ML-DSA is a PQ lattice-based algorithm standardized by NIST (FIPS 204). LMS/HSS and XMSS/XMSS^MT are both PQ stateful hash-based signature (HBS) schemes, recommended in NIST SP 800-208. @@ -82,9 +81,9 @@ IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE?=4840 ``` -Note: The wolfcrypt implementation of ML-DSA (dilithium) builds to the -FIPS 204 final standard by default. If you wish to conform to the older -FIPS 204 draft standard, then build with `WOLFSSL_DILITHIUM_FIPS204_DRAFT` +Note: The wolfcrypt implementation of ML-DSA builds to the FIPS 204 final +standard by default. If you wish to conform to the older FIPS 204 draft +standard, then build with `WOLFSSL_MLDSA_FIPS204_DRAFT` instead. ## Stateful Hash-Based Signature Methods diff --git a/docs/Targets.md b/docs/Targets.md index c295d985ed..4d34c95e43 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -1567,7 +1567,7 @@ FDT: MAC1 = 00:04:A3:5B:22:89 RISC-V 64-bit U54 (RV64GC1) 625 MHz ``` -./configure --enable-riscv-asm --enable-dilithium --enable-mlkem --enable-sp=yes +./configure --enable-riscv-asm --enable-mldsa --enable-mlkem --enable-sp=yes make ./wolfcrypt/benchmark/benchmark ------------------------------------------------------------------------------ diff --git a/hal/sim.c b/hal/sim.c index 702f381070..8da41e06fc 100644 --- a/hal/sim.c +++ b/hal/sim.c @@ -84,7 +84,7 @@ static int sim_cryptocb(int devIdArg, wc_CryptoInfo* info, void* ctx) case WC_PK_TYPE_RSA: name = "RSA"; break; case WC_PK_TYPE_ECDSA_VERIFY: name = "ECDSA-verify"; break; case WC_PK_TYPE_ED25519_VERIFY: name = "ED25519-verify"; break; - #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_HAVE_MLDSA case WC_PK_TYPE_PQC_SIG_VERIFY: name = "ML-DSA-verify"; break; diff --git a/include/user_settings.h b/include/user_settings.h index b54d63d2e0..c510968aae 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -316,27 +316,25 @@ extern int tolower(int c); # define NO_RSA #endif /* RSA */ -/* ML-DSA (dilithium) */ +/* ML-DSA */ #if defined(WOLFBOOT_SIGN_ML_DSA) || defined(WOLFBOOT_SIGN_SECONDARY_ML_DSA) -# define HAVE_DILITHIUM -# define WOLFSSL_WC_DILITHIUM +# define WOLFSSL_HAVE_MLDSA # define WOLFSSL_EXPERIMENTAL_SETTINGS - /* Wolfcrypt builds ML-DSA (dilithium) to the FIPS 204 final - * standard by default. Uncomment this if you want the draft - * version instead. */ + /* Wolfcrypt builds ML-DSA to the FIPS 204 final standard by default. + * Uncomment this if you want the draft version instead. */ # if 0 -# define WOLFSSL_DILITHIUM_FIPS204_DRAFT +# define WOLFSSL_MLDSA_FIPS204_DRAFT # endif -# define WOLFSSL_DILITHIUM_VERIFY_ONLY -# define WOLFSSL_DILITHIUM_NO_LARGE_CODE -# define WOLFSSL_DILITHIUM_SMALL -# define WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -# define WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC +# define WOLFSSL_MLDSA_VERIFY_ONLY +# define WOLFSSL_MLDSA_NO_LARGE_CODE +# define WOLFSSL_MLDSA_SMALL +# define WOLFSSL_MLDSA_VERIFY_SMALL_MEM +# define WOLFSSL_MLDSA_VERIFY_NO_MALLOC # if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) -# define WOLFSSL_DILITHIUM_NO_ASN1 +# define WOLFSSL_MLDSA_NO_ASN1 # endif - /* dilithium needs these sha functions. */ + /* ML-DSA 44/65/87 uses SHAKE */ # define WOLFSSL_SHA3 # define WOLFSSL_SHAKE256 # define WOLFSSL_SHAKE128 diff --git a/options.mk b/options.mk index 45fdedd85f..5fdd9c205e 100644 --- a/options.mk +++ b/options.mk @@ -167,7 +167,7 @@ LMS_OBJS=\ LMS_EXTRA=\ -D"WOLFSSL_HAVE_LMS" \ - -D"WOLFSSL_WC_LMS" -D"WOLFSSL_WC_LMS_SMALL" \ + -D"WOLFSSL_WC_LMS_SMALL" \ -D"WOLFSSL_LMS_MAX_LEVELS=$(LMS_LEVELS)" \ -D"WOLFSSL_LMS_MAX_HEIGHT=$(LMS_HEIGHT)" \ -D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \ @@ -181,7 +181,7 @@ XMSS_OBJS=\ XMSS_EXTRA=\ -D"WOLFSSL_HAVE_XMSS" \ - -D"WOLFSSL_WC_XMSS" -D"WOLFSSL_WC_XMSS_SMALL" \ + -D"WOLFSSL_WC_XMSS_SMALL" \ -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\" \ -D"XMSS_IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \ -D"WOLFSSL_XMSS_VERIFY_ONLY" -D"WOLFSSL_XMSS_MAX_HEIGHT=32" @@ -570,7 +570,7 @@ ifeq ($(SIGN),XMSS) endif ifeq ($(SIGN),ML_DSA) - # Use wolfcrypt ML-DSA dilithium implementation. + # Use wolfcrypt ML-DSA implementation. KEYGEN_OPTIONS+=--ml_dsa SIGN_OPTIONS+=--ml_dsa WOLFCRYPT_OBJS+= $(ML_DSA_OBJS) @@ -1309,11 +1309,11 @@ ifeq ($(WOLFHSM_CLIENT),1) ifeq ($(SIGN),ML_DSA) WOLFCRYPT_OBJS += $(MATH_OBJS) - # Dilithium asn.c decode/encode requires mp_xxx functions + # ML-DSA asn.c decode/encode requires mp_xxx functions WOLFCRYPT_OBJS += \ $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o - # Large enough to handle the largest Dilithium key/signature + # Large enough to handle the largest ML-DSA key/signature CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000 endif @@ -1371,7 +1371,7 @@ ifeq ($(WOLFHSM_SERVER),1) ifeq ($(SIGN),ML_DSA) WOLFCRYPT_OBJS += $(MATH_OBJS) - # Large enough to handle the largest Dilithium key/signature + # Large enough to handle the largest ML-DSA key/signature CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000 endif diff --git a/src/image.c b/src/image.c index f7a0384a3f..126ea34d1a 100644 --- a/src/image.c +++ b/src/image.c @@ -724,13 +724,13 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot, #endif /* WOLFBOOT_SIGN_XMSS */ #ifdef WOLFBOOT_SIGN_ML_DSA -#include +#include static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, struct wolfBoot_image *img, uint8_t *sig) { - int ret = 0; - MlDsaKey ml_dsa; + int ret = 0; + wc_MlDsaKey ml_dsa; #if !defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT || \ (defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID)) diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c index 52dc26cc2e..d52cf02c7f 100644 --- a/tools/keytools/keygen.c +++ b/tools/keytools/keygen.c @@ -77,8 +77,8 @@ #endif #endif -#ifdef WOLFSSL_WC_DILITHIUM - #include +#ifdef WOLFSSL_HAVE_MLDSA + #include #endif #include @@ -1071,19 +1071,19 @@ static void keygen_xmss(const char *priv_fname, uint32_t id_mask) static void keygen_ml_dsa(const char *priv_fname, uint32_t id_mask) { - FILE * fpriv = NULL; - MlDsaKey key; - int ret; - byte * priv = NULL; - byte pub[ML_DSA_L5_PUBKEY_SIZE]; /* max size */ - word32 priv_len = 0; - word32 pub_len = 0; - int ml_dsa_priv_len = 0; - int ml_dsa_pub_len = 0; - int ml_dsa_level = ML_DSA_LEVEL; - int exit_code = 0; - int key_init = 0; - char * env_ml_dsa_level = getenv("ML_DSA_LEVEL"); + FILE * fpriv = NULL; + wc_MlDsaKey key; + int ret; + byte * priv = NULL; + byte pub[ML_DSA_L5_PUBKEY_SIZE]; /* max size */ + word32 priv_len = 0; + word32 pub_len = 0; + int ml_dsa_priv_len = 0; + int ml_dsa_pub_len = 0; + int ml_dsa_level = ML_DSA_LEVEL; + int exit_code = 0; + int key_init = 0; + char * env_ml_dsa_level = getenv("ML_DSA_LEVEL"); if (env_ml_dsa_level != NULL) { ml_dsa_level = atoi(env_ml_dsa_level); } @@ -1232,7 +1232,7 @@ static void keygen_ml_dsa(const char *priv_fname, uint32_t id_mask) /* Export public key in DER format */ - pubOutLen = wc_Dilithium_PublicKeyToDer(&key, pubDer, pubDerSz, + pubOutLen = wc_MlDsaKey_PublicKeyToDer(&key, pubDer, pubDerSz, WITH_ALG_SPKI); if (pubOutLen < 0) { fprintf(stderr, "Unable to export public key to DER, ret=%d\n", @@ -1368,7 +1368,7 @@ static void key_generate(uint32_t ktype, const char *kfilename, uint32_t id_mask break; #endif -#ifdef WOLFSSL_WC_DILITHIUM +#ifdef WOLFSSL_HAVE_MLDSA case AUTH_KEY_ML_DSA: keygen_ml_dsa(kfilename, id_mask); break; @@ -1546,7 +1546,7 @@ int main(int argc, char** argv) keytype = AUTH_KEY_XMSS; } #endif -#if defined(WOLFSSL_WC_DILITHIUM) +#if defined(WOLFSSL_HAVE_MLDSA) else if (strcmp(argv[i], "--ml_dsa") == 0) { keytype = AUTH_KEY_ML_DSA; } diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index b281a33955..bccf8fadd8 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -127,8 +127,8 @@ static inline int fp_truncate(FILE *f, size_t len) #endif #endif -#ifdef WOLFSSL_WC_DILITHIUM - #include +#ifdef WOLFSSL_HAVE_MLDSA + #include #endif #ifdef DEBUG_SIGNTOOL @@ -308,7 +308,7 @@ static struct { RsaKey rsa; LmsKey lms; XmssKey xmss; - MlDsaKey ml_dsa; + wc_MlDsaKey ml_dsa; } key; struct cmd_options { diff --git a/tools/keytools/user_settings.h b/tools/keytools/user_settings.h index 28237d591e..e049f8297e 100644 --- a/tools/keytools/user_settings.h +++ b/tools/keytools/user_settings.h @@ -80,14 +80,12 @@ /* Enable experimental PQ algos */ #define WOLFSSL_EXPERIMENTAL_SETTINGS -/* ML-DSA (dilithium) */ -#define HAVE_DILITHIUM -#define WOLFSSL_WC_DILITHIUM -/* Wolfcrypt builds ML-DSA (dilithium) to the FIPS 204 final -* standard by default. Uncomment this if you want the draft -* version instead. */ +/* ML-DSA */ +#define WOLFSSL_HAVE_MLDSA +/* Wolfcrypt builds ML-DSA to the FIPS 204 final standard by default. + * Uncomment this if you want the draft version instead. */ #if 0 - #define WOLFSSL_DILITHIUM_FIPS204_DRAFT + #define WOLFSSL_MLDSA_FIPS204_DRAFT #endif /* Default the keygen/sign tool to use ML-DSA level 2 */ @@ -95,13 +93,12 @@ #define ML_DSA_LEVEL 2 #endif -/* Dilithium needs SHAKE128 */ +/* ML-DSA needs SHAKE128 */ #define WOLFSSL_SHAKE128 /* LMS */ #define WOLFBOOT_SIGN_LMS #define WOLFSSL_HAVE_LMS -#define WOLFSSL_WC_LMS #ifndef LMS_LEVELS #define LMS_LEVELS 1 #endif @@ -115,7 +112,6 @@ /* XMSS */ #define WOLFBOOT_SIGN_XMSS #define WOLFSSL_HAVE_XMSS -#define WOLFSSL_WC_XMSS #ifndef WOLFBOOT_XMSS_PARAMS #define WOLFBOOT_XMSS_PARAMS "XMSS-SHA2_10_256" #endif