mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 08:10:55 +02:00
More ML-DSA renaming
This commit is contained in:
@@ -361,6 +361,7 @@ MICRIUM_MALLOC
|
||||
MICROCHIP_MPLAB_HARMONY
|
||||
MICROCHIP_MPLAB_HARMONY_3
|
||||
MICRO_SESSION_CACHEx
|
||||
MLDSA_USE_HINT_CT
|
||||
MLKEM_NONDETERMINISTIC
|
||||
MODULE_SOCK_TCP
|
||||
MP_31BIT
|
||||
|
||||
@@ -37,6 +37,20 @@ the legacy API.
|
||||
| `wc_dilithium_*` (lifecycle / sizing) | `wc_MlDsaKey_*` |
|
||||
| `wc_Dilithium_*` (DER encode / decode) | `wc_MlDsaKey_*` |
|
||||
| internal lower-case `dilithium_*` helpers | `mldsa_*` |
|
||||
| `DILITHIUM_*` algorithm-parameter macros | `MLDSA_*` (matches `MLKEM_*` in `wc_mlkem.h`) |
|
||||
| `DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`, `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE` | `WC_MLDSA_{44,65,87}_*_SIZE` |
|
||||
| `DEBUG_DILITHIUM` | `DEBUG_MLDSA` |
|
||||
|
||||
The `WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` / `WC_ML_DSA_DRAFT`
|
||||
public level identifiers and the `PARAMS_ML_DSA_{44,65,87}_*`
|
||||
per-parameter-set internal constants intentionally **keep** their
|
||||
underscored `ML_DSA_` spelling — the level identifiers are established
|
||||
public names and the `PARAMS_*` family is internal-only, so neither
|
||||
benefits from a rename.
|
||||
|
||||
The `WOLFSSL_NO_ML_DSA_{44,65,87}` parameter-set disable gates are
|
||||
likewise kept in their underscored form (matching the
|
||||
`WOLFSSL_NO_ML_KEM_{512,768,1024}` spelling in `wc_mlkem.h`).
|
||||
|
||||
The 16 sign / verify / import / DER-decode entry points were also
|
||||
re-ordered to put the `MlDsaKey*` first (matching the FIPS 204 / ML-KEM
|
||||
@@ -165,6 +179,77 @@ wolfSSL-internal infrastructure (an auto-generated cert-buffer data
|
||||
file and the static allocator's default sizing), not consumer-facing
|
||||
API; these changes do not require downstream code changes.
|
||||
|
||||
## Macro / comment cleanup inside `wc_mldsa.{c,h}`
|
||||
|
||||
A follow-on cleanup of the ML-DSA implementation file finished the
|
||||
internal naming migration that the file/symbol rename above started:
|
||||
|
||||
- All algorithm-parameter macros defined in `wolfssl/wolfcrypt/wc_mldsa.h`
|
||||
(`DILITHIUM_Q`, `DILITHIUM_N`, `DILITHIUM_D`, `DILITHIUM_ETA_*`,
|
||||
`DILITHIUM_GAMMA1_*`, `DILITHIUM_K_SZ`, `DILITHIUM_MU_SZ`,
|
||||
`DILITHIUM_MAX_*`, …) were renamed to canonical `MLDSA_*` spellings
|
||||
matching the `MLKEM_*` internal constants in
|
||||
`<wolfssl/wolfcrypt/wc_mlkem.h>`. The `PARAMS_ML_DSA_{44,65,87}_*`
|
||||
per-parameter-set internal constants and the
|
||||
`WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` /
|
||||
`WC_ML_DSA_DRAFT` public level identifiers keep their underscored
|
||||
spelling — the level identifiers are established public names and
|
||||
the `PARAMS_*` family is internal-only.
|
||||
- The per-parameter-set size constants previously existed in **three**
|
||||
redundant spellings — `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
|
||||
`ML_DSA_LEVEL{2,3,5}_*_SIZE`, and
|
||||
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`. They were consolidated to a
|
||||
single canonical family, `WC_MLDSA_{44,65,87}_*_SIZE`. All three
|
||||
legacy spellings remain reachable as aliases through the
|
||||
`<wolfssl/wolfcrypt/dilithium.h>` shim (gated by
|
||||
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`); a duplicate `MLDSA_N`
|
||||
definition in `wc_mldsa.h` was also removed.
|
||||
- All ~20 file-local macros inside `wolfcrypt/src/wc_mldsa.c`
|
||||
(`DILITHIUM_SIGN_BYTES`, `DILITHIUM_GEN_S_*`, `DILITHIUM_HASH_OID_LEN`,
|
||||
`DILITHIUM_PARAMS_CNT`, `DILITHIUM_COEFF_S*`, `DILITHIUM_QINV`,
|
||||
`DILITHIUM_NTT_ZETA_1`, `DILITHIUM_POS_OFFSET`, …) were renamed
|
||||
to `MLDSA_*`. The file-local macros are not user-visible and have no
|
||||
alias in the shim.
|
||||
- The user-tunable knobs documented in the `wc_mldsa.c` file-top
|
||||
comment block — `DEBUG_DILITHIUM` and the five performance-tuning
|
||||
defines `DILITHIUM_MUL_SLOW`, `DILITHIUM_MUL_44_SLOW`,
|
||||
`DILITHIUM_MUL_11_SLOW`, `DILITHIUM_MUL_QINV_SLOW`,
|
||||
`DILITHIUM_MUL_Q_SLOW` — were renamed to `DEBUG_MLDSA` /
|
||||
`MLDSA_MUL_*_SLOW`. These are set from `user_settings.h` or `-D`,
|
||||
so a forward-translation block was added to the legacy-gates arm
|
||||
in `<wolfssl/wolfcrypt/dilithium.h>` (gated by
|
||||
`WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) so consumers using the legacy
|
||||
spelling continue to get the intended code path.
|
||||
- A long-standing typo, `dilitihium_get_der_length()` (5 call sites,
|
||||
`static`-scope), was corrected to `mldsa_get_der_length()`.
|
||||
- All `DILITHIUM_*` legacy macro spellings remain reachable from
|
||||
unmigrated in-tree consumers (`wolfcrypt/src/asn.c`, `src/ssl_load.c`,
|
||||
`src/internal.c`, `src/tls13.c`, `src/ssl.c`, `src/x509.c`,
|
||||
`src/ssl_api_pk.c`, `src/ssl_certman.c`, `wolfssl/internal.h`,
|
||||
`wolfssl/wolfcrypt/asn.h`, `asn_public.h`, `oid_sum.h`,
|
||||
`examples/configs/user_settings_pq.h`,
|
||||
`wolfcrypt/benchmark/benchmark.c`, `wolfcrypt/test/test.c`,
|
||||
`tests/api/test_mldsa.c`) and downstream code through a new
|
||||
reverse-arm macro alias block in `<wolfssl/wolfcrypt/dilithium.h>`,
|
||||
gated by the existing `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` opt-out.
|
||||
- All function and section comments inside `wc_mldsa.c` had their
|
||||
"Dilithium" / "dilithium" prose replaced with "ML-DSA" (the file-top
|
||||
credit retains a parenthetical mention of the historical name).
|
||||
- Every algorithm-step citation was re-numbered against FIPS 204 Final
|
||||
(August 2024). The implementation was previously annotated with the
|
||||
draft (IPD) numbering — e.g. `Algorithm 18 skEncode`, `Algorithm 26
|
||||
ExpandA`, `Algorithm 29 Power2Round`. These were updated to the
|
||||
Final numbering (`Algorithm 24 skEncode`, `Algorithm 32 ExpandA`,
|
||||
`Algorithm 35 Power2Round`, …) and the section references were
|
||||
retargeted from the draft `§8.x` building-blocks group to the Final
|
||||
`§7.x` arrangement. SHAKE128/256 notation references were redirected
|
||||
from the IPD `§8.3` to the Final `§3.7`. Citation punctuation was
|
||||
normalized from `FIPS 204. N.M:` to `FIPS 204 §N.M,`.
|
||||
|
||||
These changes are contained to `wolfcrypt/src/wc_mldsa.c`,
|
||||
`wolfssl/wolfcrypt/wc_mldsa.h`, and the macro-alias block in
|
||||
`wolfssl/wolfcrypt/dilithium.h`. No external consumer is touched.
|
||||
|
||||
### Retained internal symbols
|
||||
|
||||
A few internal-only spellings are intentionally **not** renamed in this
|
||||
|
||||
+1195
-1194
File diff suppressed because it is too large
Load Diff
@@ -224,6 +224,42 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Developer / performance tuning knobs documented at the top of
|
||||
* wolfcrypt/src/wc_mldsa.c. These are user-set in user_settings.h or
|
||||
* via -D on the compiler command line; forward-translate so a
|
||||
* consumer with the legacy DILITHIUM_* spelling still gets the
|
||||
* intended code path. */
|
||||
#ifdef DEBUG_DILITHIUM
|
||||
#ifndef DEBUG_MLDSA
|
||||
#define DEBUG_MLDSA
|
||||
#endif
|
||||
#endif
|
||||
#ifdef DILITHIUM_MUL_SLOW
|
||||
#ifndef MLDSA_MUL_SLOW
|
||||
#define MLDSA_MUL_SLOW
|
||||
#endif
|
||||
#endif
|
||||
#ifdef DILITHIUM_MUL_44_SLOW
|
||||
#ifndef MLDSA_MUL_44_SLOW
|
||||
#define MLDSA_MUL_44_SLOW
|
||||
#endif
|
||||
#endif
|
||||
#ifdef DILITHIUM_MUL_11_SLOW
|
||||
#ifndef MLDSA_MUL_11_SLOW
|
||||
#define MLDSA_MUL_11_SLOW
|
||||
#endif
|
||||
#endif
|
||||
#ifdef DILITHIUM_MUL_QINV_SLOW
|
||||
#ifndef MLDSA_MUL_QINV_SLOW
|
||||
#define MLDSA_MUL_QINV_SLOW
|
||||
#endif
|
||||
#endif
|
||||
#ifdef DILITHIUM_MUL_Q_SLOW
|
||||
#ifndef MLDSA_MUL_Q_SLOW
|
||||
#define MLDSA_MUL_Q_SLOW
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif /* !WOLFSSL_NO_DILITHIUM_LEGACY_GATES */
|
||||
|
||||
/* === wc_mldsa.h is now reachable with canonical gates correctly set === */
|
||||
@@ -445,6 +481,163 @@
|
||||
#define wc_dilithium_encode_w1_88 wc_mldsa_encode_w1_88
|
||||
#define wc_dilithium_encode_w1_32 wc_mldsa_encode_w1_32
|
||||
|
||||
/* Legacy parameter / size macros. wc_mldsa.h now defines the canonical
|
||||
* MLDSA_* spellings; these aliases keep the pre-standardization
|
||||
* DILITHIUM_* names reachable for unmigrated in-tree consumers
|
||||
* (wolfcrypt/src/asn.c, src/ssl_load.c, src/internal.c, src/tls13.c,
|
||||
* src/ssl.c, src/x509.c, src/ssl_api_pk.c, src/ssl_certman.c,
|
||||
* wolfssl/internal.h, wolfssl/wolfcrypt/asn.h, asn_public.h,
|
||||
* oid_sum.h, examples/configs/user_settings_pq.h,
|
||||
* wolfcrypt/benchmark/benchmark.c, wolfcrypt/test/test.c,
|
||||
* tests/api/test_mldsa.c) and for downstream code. The DILITHIUM_ML_DSA_NN_*
|
||||
* spellings collapse to MLDSA_NN_* (the intermediate _ML_DSA_ is
|
||||
* redundant once the outer prefix is MLDSA_; the resulting MLDSA_44 /
|
||||
* _65 / _87 names match the FIPS 204 parameter-set spellings). */
|
||||
|
||||
/* Algorithm parameters (FIPS 204 Section 4) */
|
||||
#define DILITHIUM_Q MLDSA_Q
|
||||
#define DILITHIUM_Q_BITS MLDSA_Q_BITS
|
||||
#define DILITHIUM_N MLDSA_N
|
||||
#define DILITHIUM_D MLDSA_D
|
||||
#define DILITHIUM_D_MAX MLDSA_D_MAX
|
||||
#define DILITHIUM_D_MAX_HALF MLDSA_D_MAX_HALF
|
||||
#define DILITHIUM_U MLDSA_U
|
||||
#define DILITHIUM_GAMMA1_17 MLDSA_GAMMA1_17
|
||||
#define DILITHIUM_GAMMA1_19 MLDSA_GAMMA1_19
|
||||
#define DILITHIUM_GAMMA1_BITS_17 MLDSA_GAMMA1_BITS_17
|
||||
#define DILITHIUM_GAMMA1_BITS_19 MLDSA_GAMMA1_BITS_19
|
||||
#define DILITHIUM_GAMMA1_17_ENC_BITS MLDSA_GAMMA1_17_ENC_BITS
|
||||
#define DILITHIUM_GAMMA1_19_ENC_BITS MLDSA_GAMMA1_19_ENC_BITS
|
||||
#define DILITHIUM_Q_LOW_32 MLDSA_Q_LOW_32
|
||||
#define DILITHIUM_Q_LOW_32_2 MLDSA_Q_LOW_32_2
|
||||
#define DILITHIUM_Q_LOW_88 MLDSA_Q_LOW_88
|
||||
#define DILITHIUM_Q_LOW_88_2 MLDSA_Q_LOW_88_2
|
||||
#define DILITHIUM_Q_HI_32_ENC_BITS MLDSA_Q_HI_32_ENC_BITS
|
||||
#define DILITHIUM_Q_HI_88_ENC_BITS MLDSA_Q_HI_88_ENC_BITS
|
||||
#define DILITHIUM_ETA_2 MLDSA_ETA_2
|
||||
#define DILITHIUM_ETA_2_BITS MLDSA_ETA_2_BITS
|
||||
#define DILITHIUM_ETA_2_MOD MLDSA_ETA_2_MOD
|
||||
#define DILITHIUM_ETA_4 MLDSA_ETA_4
|
||||
#define DILITHIUM_ETA_4_BITS MLDSA_ETA_4_BITS
|
||||
#define DILITHIUM_ETA_4_MOD MLDSA_ETA_4_MOD
|
||||
#define DILITHIUM_POLY_SIZE MLDSA_POLY_SIZE
|
||||
#define DILITHIUM_REJ_NTT_POLY_H_SIZE MLDSA_REJ_NTT_POLY_H_SIZE
|
||||
|
||||
/* Seed / label / hash sizes */
|
||||
#define DILITHIUM_PUB_SEED_SZ MLDSA_PUB_SEED_SZ
|
||||
#define DILITHIUM_PRIV_SEED_SZ MLDSA_PRIV_SEED_SZ
|
||||
#define DILITHIUM_PRIV_RAND_SEED_SZ MLDSA_PRIV_RAND_SEED_SZ
|
||||
#define DILITHIUM_SEED_SZ MLDSA_SEED_SZ
|
||||
#define DILITHIUM_SEEDS_SZ MLDSA_SEEDS_SZ
|
||||
#define DILITHIUM_K_SZ MLDSA_K_SZ
|
||||
#define DILITHIUM_TR_SZ MLDSA_TR_SZ
|
||||
#define DILITHIUM_MU_SZ MLDSA_MU_SZ
|
||||
#define DILITHIUM_RND_SZ MLDSA_RND_SZ
|
||||
|
||||
/* ExpandA / ExpandS sampling block constants (FIPS 204 Section 8.4) */
|
||||
#define DILITHIUM_GEN_A_BLOCK_BYTES MLDSA_GEN_A_BLOCK_BYTES
|
||||
#define DILITHIUM_GEN_A_BYTES MLDSA_GEN_A_BYTES
|
||||
#define DILITHIUM_GEN_A_NBLOCKS MLDSA_GEN_A_NBLOCKS
|
||||
#define DILITHIUM_GEN_C_BLOCK_BYTES MLDSA_GEN_C_BLOCK_BYTES
|
||||
|
||||
/* Per-parameter-set sizes. The canonical spelling in
|
||||
* <wolfssl/wolfcrypt/wc_mldsa.h> is WC_MLDSA_{44,65,87}_*_SIZE. The
|
||||
* aliases below keep three legacy spelling families reachable for
|
||||
* unmigrated consumers:
|
||||
* - "LEVEL2/3/5" forms (`ML_DSA_LEVEL2_KEY_SIZE`,
|
||||
* `DILITHIUM_LEVEL2_KEY_SIZE`) - the three NIST security
|
||||
* categories (2 / 3 / 5).
|
||||
* - The pre-standardization `DILITHIUM_ML_DSA_44_*` form. */
|
||||
|
||||
/* LEVEL2 (= ML-DSA-44) */
|
||||
#define ML_DSA_LEVEL2_KEY_SIZE WC_MLDSA_44_KEY_SIZE
|
||||
#define ML_DSA_LEVEL2_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
|
||||
#define ML_DSA_LEVEL2_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
|
||||
#define ML_DSA_LEVEL2_SIG_SIZE WC_MLDSA_44_SIG_SIZE
|
||||
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
|
||||
#define DILITHIUM_LEVEL2_KEY_SIZE WC_MLDSA_44_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL2_SIG_SIZE WC_MLDSA_44_SIG_SIZE
|
||||
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
|
||||
|
||||
/* LEVEL3 (= ML-DSA-65) */
|
||||
#define ML_DSA_LEVEL3_KEY_SIZE WC_MLDSA_65_KEY_SIZE
|
||||
#define ML_DSA_LEVEL3_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
|
||||
#define ML_DSA_LEVEL3_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
|
||||
#define ML_DSA_LEVEL3_SIG_SIZE WC_MLDSA_65_SIG_SIZE
|
||||
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
|
||||
#define DILITHIUM_LEVEL3_KEY_SIZE WC_MLDSA_65_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL3_SIG_SIZE WC_MLDSA_65_SIG_SIZE
|
||||
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
|
||||
|
||||
/* LEVEL5 (= ML-DSA-87) */
|
||||
#define ML_DSA_LEVEL5_KEY_SIZE WC_MLDSA_87_KEY_SIZE
|
||||
#define ML_DSA_LEVEL5_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
|
||||
#define ML_DSA_LEVEL5_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
|
||||
#define ML_DSA_LEVEL5_SIG_SIZE WC_MLDSA_87_SIG_SIZE
|
||||
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
|
||||
#define DILITHIUM_LEVEL5_KEY_SIZE WC_MLDSA_87_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
|
||||
#define DILITHIUM_LEVEL5_SIG_SIZE WC_MLDSA_87_SIG_SIZE
|
||||
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
|
||||
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
|
||||
|
||||
/* Pre-standardization DILITHIUM_ML_DSA_NN_* spelling. */
|
||||
#define DILITHIUM_ML_DSA_44_KEY_SIZE WC_MLDSA_44_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_44_SIG_SIZE WC_MLDSA_44_SIG_SIZE
|
||||
#define DILITHIUM_ML_DSA_65_KEY_SIZE WC_MLDSA_65_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_65_SIG_SIZE WC_MLDSA_65_SIG_SIZE
|
||||
#define DILITHIUM_ML_DSA_87_KEY_SIZE WC_MLDSA_87_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
|
||||
#define DILITHIUM_ML_DSA_87_SIG_SIZE WC_MLDSA_87_SIG_SIZE
|
||||
|
||||
/* Maxima (largest value across the three parameter sets, used for
|
||||
* stack/heap sizing) */
|
||||
#define DILITHIUM_MAX_KEY_SIZE MLDSA_MAX_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_SIZE MLDSA_MAX_PRV_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PUB_KEY_SIZE MLDSA_MAX_PUB_KEY_SIZE
|
||||
#define DILITHIUM_MAX_SIG_SIZE MLDSA_MAX_SIG_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE MLDSA_MAX_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE MLDSA_MAX_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE MLDSA_MAX_BOTH_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE MLDSA_MAX_BOTH_KEY_PEM_SIZE
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
#define DILITHIUM_MAX_LABEL_LEN MLDSA_MAX_LABEL_LEN
|
||||
#define DILITHIUM_MAX_ID_LEN MLDSA_MAX_ID_LEN
|
||||
#endif
|
||||
#define DILITHIUM_MAX_LAMBDA MLDSA_MAX_LAMBDA
|
||||
#define DILITHIUM_MAX_K_VECTOR_COUNT MLDSA_MAX_K_VECTOR_COUNT
|
||||
#define DILITHIUM_MAX_L_VECTOR_COUNT MLDSA_MAX_L_VECTOR_COUNT
|
||||
#define DILITHIUM_MAX_MATRIX_COUNT MLDSA_MAX_MATRIX_COUNT
|
||||
#define DILITHIUM_MAX_W1_ENC_SZ MLDSA_MAX_W1_ENC_SZ
|
||||
|
||||
|
||||
#endif /* WOLFSSL_HAVE_MLDSA && !WOLFSSL_NO_DILITHIUM_LEGACY_NAMES */
|
||||
|
||||
#endif /* WOLF_CRYPT_DILITHIUM_H */
|
||||
|
||||
+176
-239
@@ -119,145 +119,101 @@
|
||||
#endif
|
||||
#endif /* WOLFSSL_MLDSA_ALIGNMENT */
|
||||
|
||||
#define DILITHIUM_LEVEL2_KEY_SIZE 2560
|
||||
#define DILITHIUM_LEVEL2_SIG_SIZE 2420
|
||||
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE 1312
|
||||
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
|
||||
(DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
|
||||
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
|
||||
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344
|
||||
/* ML-DSA-44 (NIST security category 2). */
|
||||
#define WC_MLDSA_44_KEY_SIZE 2560
|
||||
#define WC_MLDSA_44_SIG_SIZE 2420
|
||||
#define WC_MLDSA_44_PUB_KEY_SIZE 1312
|
||||
#define WC_MLDSA_44_PRV_KEY_SIZE \
|
||||
(WC_MLDSA_44_PUB_KEY_SIZE + WC_MLDSA_44_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER-encoded keys. */
|
||||
#define WC_MLDSA_44_PUB_KEY_DER_SIZE 1334
|
||||
#define WC_MLDSA_44_PRV_KEY_DER_SIZE 2588
|
||||
#define WC_MLDSA_44_BOTH_KEY_DER_SIZE 3904
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and the
|
||||
* footer "-----END PRIVATE KEY-----". */
|
||||
#define WC_MLDSA_44_BOTH_KEY_PEM_SIZE 5344
|
||||
|
||||
#define DILITHIUM_LEVEL3_KEY_SIZE 4032
|
||||
#define DILITHIUM_LEVEL3_SIG_SIZE 3309
|
||||
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE 1952
|
||||
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
|
||||
(DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
|
||||
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
|
||||
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204
|
||||
|
||||
#define DILITHIUM_LEVEL5_KEY_SIZE 4896
|
||||
#define DILITHIUM_LEVEL5_SIG_SIZE 4627
|
||||
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE 2592
|
||||
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
|
||||
(DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
|
||||
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
|
||||
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520
|
||||
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
|
||||
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
|
||||
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10267
|
||||
|
||||
#define ML_DSA_LEVEL2_KEY_SIZE 2560
|
||||
#define ML_DSA_LEVEL2_SIG_SIZE 2420
|
||||
#define ML_DSA_LEVEL2_PUB_KEY_SIZE 1312
|
||||
#define ML_DSA_LEVEL2_PRV_KEY_SIZE \
|
||||
(ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
|
||||
|
||||
#define ML_DSA_LEVEL3_KEY_SIZE 4032
|
||||
#define ML_DSA_LEVEL3_SIG_SIZE 3309
|
||||
#define ML_DSA_LEVEL3_PUB_KEY_SIZE 1952
|
||||
#define ML_DSA_LEVEL3_PRV_KEY_SIZE \
|
||||
(ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
|
||||
|
||||
#define ML_DSA_LEVEL5_KEY_SIZE 4896
|
||||
#define ML_DSA_LEVEL5_SIG_SIZE 4627
|
||||
#define ML_DSA_LEVEL5_PUB_KEY_SIZE 2592
|
||||
#define ML_DSA_LEVEL5_PRV_KEY_SIZE \
|
||||
(ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE)
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
|
||||
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
|
||||
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
|
||||
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
|
||||
/* ML-DSA-65 (NIST security category 3). */
|
||||
#define WC_MLDSA_65_KEY_SIZE 4032
|
||||
#define WC_MLDSA_65_SIG_SIZE 3309
|
||||
#define WC_MLDSA_65_PUB_KEY_SIZE 1952
|
||||
#define WC_MLDSA_65_PRV_KEY_SIZE \
|
||||
(WC_MLDSA_65_PUB_KEY_SIZE + WC_MLDSA_65_KEY_SIZE)
|
||||
#define WC_MLDSA_65_PUB_KEY_DER_SIZE 1974
|
||||
#define WC_MLDSA_65_PRV_KEY_DER_SIZE 4060
|
||||
#define WC_MLDSA_65_BOTH_KEY_DER_SIZE 6016
|
||||
#define WC_MLDSA_65_BOTH_KEY_PEM_SIZE 8204
|
||||
|
||||
/* ML-DSA-87 (NIST security category 5). */
|
||||
#define WC_MLDSA_87_KEY_SIZE 4896
|
||||
#define WC_MLDSA_87_SIG_SIZE 4627
|
||||
#define WC_MLDSA_87_PUB_KEY_SIZE 2592
|
||||
#define WC_MLDSA_87_PRV_KEY_SIZE \
|
||||
(WC_MLDSA_87_PUB_KEY_SIZE + WC_MLDSA_87_KEY_SIZE)
|
||||
#define WC_MLDSA_87_PUB_KEY_DER_SIZE 2614
|
||||
#define WC_MLDSA_87_PRV_KEY_DER_SIZE 4924
|
||||
#define WC_MLDSA_87_BOTH_KEY_DER_SIZE 7520
|
||||
#define WC_MLDSA_87_BOTH_KEY_PEM_SIZE 10267
|
||||
|
||||
|
||||
/* Modulus. */
|
||||
#define DILITHIUM_Q 0x7fe001
|
||||
#define MLDSA_Q 0x7fe001
|
||||
/* Number of bits in modulus. */
|
||||
#define DILITHIUM_Q_BITS 23
|
||||
#define MLDSA_Q_BITS 23
|
||||
/* Number of elements in polynomial. */
|
||||
#define DILITHIUM_N 256
|
||||
#define MLDSA_N 256
|
||||
#define MLDSA_N 256
|
||||
|
||||
/* Number of dropped bits. */
|
||||
#define DILITHIUM_D 13
|
||||
#define MLDSA_D 13
|
||||
/* Maximum value of dropped bits. */
|
||||
#define DILITHIUM_D_MAX ((sword32)1 << DILITHIUM_D)
|
||||
#define MLDSA_D_MAX ((sword32)1 << MLDSA_D)
|
||||
/* Half maximum value. */
|
||||
#define DILITHIUM_D_MAX_HALF ((sword32)1 << (DILITHIUM_D - 1))
|
||||
#define MLDSA_D_MAX_HALF ((sword32)1 << (MLDSA_D - 1))
|
||||
/* Number of undropped bits. */
|
||||
#define DILITHIUM_U (DILITHIUM_Q_BITS - DILITHIUM_D)
|
||||
#define MLDSA_U (MLDSA_Q_BITS - MLDSA_D)
|
||||
|
||||
/* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */
|
||||
#define DILITHIUM_GAMMA1_BITS_17 17
|
||||
#define MLDSA_GAMMA1_BITS_17 17
|
||||
/* Coefficient range of y, GAMMA1, of 2^17. */
|
||||
#define DILITHIUM_GAMMA1_17 ((sword32)1 << 17)
|
||||
#define MLDSA_GAMMA1_17 ((sword32)1 << 17)
|
||||
/* # encoding bits of y is GAMMA1 + 1. */
|
||||
#define DILITHIUM_GAMMA1_17_ENC_BITS 18
|
||||
#define MLDSA_GAMMA1_17_ENC_BITS 18
|
||||
/* Coefficient range of y, GAMMA1, of 2^17. */
|
||||
/* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */
|
||||
#define DILITHIUM_GAMMA1_BITS_19 19
|
||||
#define MLDSA_GAMMA1_BITS_19 19
|
||||
/* Coefficient range of y, GAMMA1, of 2^19. */
|
||||
#define DILITHIUM_GAMMA1_19 ((sword32)1 << 19)
|
||||
#define MLDSA_GAMMA1_19 ((sword32)1 << 19)
|
||||
/* # encoding bits of y is GAMMA1 + 1. */
|
||||
#define DILITHIUM_GAMMA1_19_ENC_BITS 20
|
||||
#define MLDSA_GAMMA1_19_ENC_BITS 20
|
||||
|
||||
/* Low-order rounding range, GAMMA2, is Q divided by 88. */
|
||||
#define DILITHIUM_Q_LOW_88 ((DILITHIUM_Q - 1) / 88)
|
||||
#define MLDSA_Q_LOW_88 ((MLDSA_Q - 1) / 88)
|
||||
/* Absolute low-order rounding range, GAMMA2, is Q divided by 88. */
|
||||
#define DILITHIUM_Q_LOW_88_2 (((DILITHIUM_Q - 1) / 88) * 2)
|
||||
#define MLDSA_Q_LOW_88_2 (((MLDSA_Q - 1) / 88) * 2)
|
||||
/* # encoding bits of w1 when range is 88. */
|
||||
#define DILITHIUM_Q_HI_88_ENC_BITS 6
|
||||
#define MLDSA_Q_HI_88_ENC_BITS 6
|
||||
/* Low-order rounding range, GAMMA2, is Q divided by 32. */
|
||||
#define DILITHIUM_Q_LOW_32 ((DILITHIUM_Q - 1) / 32)
|
||||
#define MLDSA_Q_LOW_32 ((MLDSA_Q - 1) / 32)
|
||||
/* Absolute low-order rounding range, GAMMA2, is Q divided by 32. */
|
||||
#define DILITHIUM_Q_LOW_32_2 (((DILITHIUM_Q - 1) / 32) * 2)
|
||||
#define MLDSA_Q_LOW_32_2 (((MLDSA_Q - 1) / 32) * 2)
|
||||
/* # encoding bits of w1 when range is 32. */
|
||||
#define DILITHIUM_Q_HI_32_ENC_BITS 4
|
||||
#define MLDSA_Q_HI_32_ENC_BITS 4
|
||||
|
||||
/* Private key range, eta, of 2. */
|
||||
#define DILITHIUM_ETA_2 2
|
||||
#define MLDSA_ETA_2 2
|
||||
/* Bits needed to encode values in range -2..2 as a positive number. */
|
||||
#define DILITHIUM_ETA_2_BITS 3
|
||||
#define MLDSA_ETA_2_BITS 3
|
||||
/* Extract count of valid values. */
|
||||
#define DILITHIUM_ETA_2_MOD 15
|
||||
#define MLDSA_ETA_2_MOD 15
|
||||
/* Private key range, eta, of 4. */
|
||||
#define DILITHIUM_ETA_4 4
|
||||
#define MLDSA_ETA_4 4
|
||||
/* Bits needed to encode values in range -4..4 as a positive number. */
|
||||
#define DILITHIUM_ETA_4_BITS 4
|
||||
#define MLDSA_ETA_4_BITS 4
|
||||
/* Extract count of valid values. */
|
||||
#define DILITHIUM_ETA_4_MOD 9
|
||||
#define MLDSA_ETA_4_MOD 9
|
||||
|
||||
/* Number of bytes in a polynomial in memory. */
|
||||
#define DILITHIUM_POLY_SIZE (DILITHIUM_N * sizeof(sword32))
|
||||
#define MLDSA_POLY_SIZE (MLDSA_N * sizeof(sword32))
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
|
||||
@@ -266,9 +222,9 @@
|
||||
/* Second dimension of A, l, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_L 4
|
||||
/* Private key range, ETA, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2
|
||||
#define PARAMS_ML_DSA_44_ETA MLDSA_ETA_2
|
||||
/* Number of bits in private key for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS
|
||||
#define PARAMS_ML_DSA_44_ETA_BITS MLDSA_ETA_2_BITS
|
||||
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_LAMBDA 128
|
||||
/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
|
||||
@@ -279,30 +235,30 @@
|
||||
/* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_OMEGA 80
|
||||
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_17
|
||||
#define PARAMS_ML_DSA_44_GAMMA1_BITS MLDSA_GAMMA1_BITS_17
|
||||
/* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_GAMMA1 \
|
||||
((sword32)1 << PARAMS_ML_DSA_44_GAMMA1_BITS)
|
||||
/* Low-order rounding range, GAMMA2, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_GAMMA2 DILITHIUM_Q_LOW_88
|
||||
#define PARAMS_ML_DSA_44_GAMMA2 MLDSA_Q_LOW_88
|
||||
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_GAMMA2_HI_BITS 6
|
||||
/* Encoding size of w1 in bytes for ML-DSA-44.
|
||||
* K * N / 8 * 6 - 6 bits as max value is 43 in high bits. */
|
||||
#define PARAMS_ML_DSA_44_W1_ENC_SZ \
|
||||
(PARAMS_ML_DSA_44_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
|
||||
(PARAMS_ML_DSA_44_K * MLDSA_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
|
||||
/* Size of memory used for matrix a in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_A_SIZE \
|
||||
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * MLDSA_POLY_SIZE)
|
||||
/* Size of memory used for vector s1 in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_S1_SIZE \
|
||||
(PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_44_L * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s1 in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_S1_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
|
||||
/* Size of memory used for vector s2 in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_S2_SIZE \
|
||||
(PARAMS_ML_DSA_44_K * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_44_K * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s2 in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_S2_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_44_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
|
||||
@@ -312,11 +268,11 @@
|
||||
(PARAMS_ML_DSA_44_GAMMA1_BITS + 1))
|
||||
/* Encoding size of public key in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_PK_SIZE \
|
||||
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
|
||||
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * MLDSA_N * MLDSA_U / 8)
|
||||
/* Encoding size of signature in bytes for ML-DSA-44. */
|
||||
#define PARAMS_ML_DSA_44_SIG_SIZE \
|
||||
((PARAMS_ML_DSA_44_LAMBDA / 4) + \
|
||||
PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_44_L * MLDSA_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
|
||||
|
||||
#endif /* WOLFSSL_NO_ML_DSA_44 */
|
||||
@@ -328,9 +284,9 @@
|
||||
/* Second dimension of A, l, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_L 5
|
||||
/* Private key range, ETA, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4
|
||||
#define PARAMS_ML_DSA_65_ETA MLDSA_ETA_4
|
||||
/* Number of bits in private key for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS
|
||||
#define PARAMS_ML_DSA_65_ETA_BITS MLDSA_ETA_4_BITS
|
||||
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_LAMBDA 192
|
||||
/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
|
||||
@@ -341,30 +297,30 @@
|
||||
/* Max # 1's in the hint h, OMEGA, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_OMEGA 55
|
||||
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
|
||||
#define PARAMS_ML_DSA_65_GAMMA1_BITS MLDSA_GAMMA1_BITS_19
|
||||
/* Coefficient range of y, GAMMA1, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_GAMMA1 \
|
||||
((sword32)1 << PARAMS_ML_DSA_65_GAMMA1_BITS)
|
||||
/* Low-order rounding range, GAMMA2, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_GAMMA2 DILITHIUM_Q_LOW_32
|
||||
#define PARAMS_ML_DSA_65_GAMMA2 MLDSA_Q_LOW_32
|
||||
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_GAMMA2_HI_BITS 4
|
||||
/* Encoding size of w1 in bytes for ML-DSA-65.
|
||||
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
|
||||
#define PARAMS_ML_DSA_65_W1_ENC_SZ \
|
||||
(PARAMS_ML_DSA_65_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
|
||||
(PARAMS_ML_DSA_65_K * MLDSA_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
|
||||
/* Size of memory used for matrix a in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_A_SIZE \
|
||||
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * MLDSA_POLY_SIZE)
|
||||
/* Size of memory used for vector s1 in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_S1_SIZE \
|
||||
(PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_65_L * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s1 in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_S1_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
|
||||
/* Size of memory used for vector s2 in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_S2_SIZE \
|
||||
(PARAMS_ML_DSA_65_K * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_65_K * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s2 in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_S2_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_65_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
|
||||
@@ -374,11 +330,11 @@
|
||||
(PARAMS_ML_DSA_65_GAMMA1_BITS + 1))
|
||||
/* Encoding size of public key in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_PK_SIZE \
|
||||
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
|
||||
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * MLDSA_N * MLDSA_U / 8)
|
||||
/* Encoding size of signature in bytes for ML-DSA-65. */
|
||||
#define PARAMS_ML_DSA_65_SIG_SIZE \
|
||||
((PARAMS_ML_DSA_65_LAMBDA / 4) + \
|
||||
PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_65_L * MLDSA_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
|
||||
|
||||
#endif /* WOLFSSL_NO_ML_DSA_65 */
|
||||
@@ -390,9 +346,9 @@
|
||||
/* Second dimension of A, l, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_L 7
|
||||
/* Private key range, ETA, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2
|
||||
#define PARAMS_ML_DSA_87_ETA MLDSA_ETA_2
|
||||
/* Number of bits in private key for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS
|
||||
#define PARAMS_ML_DSA_87_ETA_BITS MLDSA_ETA_2_BITS
|
||||
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_LAMBDA 256
|
||||
/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
|
||||
@@ -403,31 +359,30 @@
|
||||
/* Max # 1's in the hint h, OMEGA, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_OMEGA 75
|
||||
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
|
||||
#define PARAMS_ML_DSA_87_GAMMA1_BITS MLDSA_GAMMA1_BITS_19
|
||||
/* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_GAMMA1 \
|
||||
((sword32)1 << PARAMS_ML_DSA_87_GAMMA1_BITS)
|
||||
/* Low-order rounding range, GAMMA2, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_GAMMA2 DILITHIUM_Q_LOW_32
|
||||
#define PARAMS_ML_DSA_87_GAMMA2 MLDSA_Q_LOW_32
|
||||
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_GAMMA2_HI_BITS 4
|
||||
/* Encoding size of w1 in bytes for ML-DSA-87.
|
||||
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
|
||||
#define PARAMS_ML_DSA_87_W1_ENC_SZ \
|
||||
(PARAMS_ML_DSA_87_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
|
||||
(PARAMS_ML_DSA_87_K * MLDSA_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
|
||||
/* Size of memory used for matrix A in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_A_SIZE \
|
||||
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
|
||||
#define PARAMS_ML_DSA_87_S_SIZE 4
|
||||
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * MLDSA_POLY_SIZE)
|
||||
/* Size of memory used for vector s1 in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_S1_SIZE \
|
||||
(PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_87_L * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s1 in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_S1_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
|
||||
/* Size of memory used for vector s2 in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_S2_SIZE \
|
||||
(PARAMS_ML_DSA_87_K * DILITHIUM_POLY_SIZE)
|
||||
(PARAMS_ML_DSA_87_K * MLDSA_POLY_SIZE)
|
||||
/* Encoding size of s2 in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_S2_ENC_SIZE \
|
||||
(PARAMS_ML_DSA_87_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
|
||||
@@ -437,11 +392,11 @@
|
||||
(PARAMS_ML_DSA_87_GAMMA1_BITS + 1))
|
||||
/* Encoding size of public key in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_PK_SIZE \
|
||||
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
|
||||
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * MLDSA_N * MLDSA_U / 8)
|
||||
/* Encoding size of signature in bytes for ML-DSA-87. */
|
||||
#define PARAMS_ML_DSA_87_SIG_SIZE \
|
||||
((PARAMS_ML_DSA_87_LAMBDA / 4) + \
|
||||
PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_87_L * MLDSA_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
|
||||
PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
|
||||
|
||||
#endif /* WOLFSSL_NO_ML_DSA_87 */
|
||||
@@ -449,149 +404,149 @@
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
|
||||
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ
|
||||
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ
|
||||
/* Maximum collision strength of c-tilde in bytes. */
|
||||
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA
|
||||
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA
|
||||
|
||||
/* Maximum count of elements of a vector with dimension K. */
|
||||
#define DILITHIUM_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_87_K * DILITHIUM_N)
|
||||
#define MLDSA_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_87_K * MLDSA_N)
|
||||
/* Maximum count of elements of a vector with dimension L. */
|
||||
#define DILITHIUM_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_87_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_87_L * MLDSA_N)
|
||||
/* Maximum count of elements of a matrix with dimension KxL. */
|
||||
#define DILITHIUM_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * MLDSA_N)
|
||||
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
|
||||
/* Maximum w1 encoding size in bytes. */
|
||||
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ
|
||||
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ
|
||||
/* Maximum collision strength of c-tilde in bytes. */
|
||||
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA
|
||||
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA
|
||||
|
||||
/* Maximum count of elements of a vector with dimension K. */
|
||||
#define DILITHIUM_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_65_K * DILITHIUM_N)
|
||||
#define MLDSA_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_65_K * MLDSA_N)
|
||||
/* Maximum count of elements of a vector with dimension L. */
|
||||
#define DILITHIUM_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_65_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_65_L * MLDSA_N)
|
||||
/* Maximum count of elements of a matrix with dimension KxL. */
|
||||
#define DILITHIUM_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * MLDSA_N)
|
||||
|
||||
#else
|
||||
|
||||
/* Maximum w1 encoding size in bytes. */
|
||||
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ
|
||||
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ
|
||||
/* Maximum collision strength of c-tilde in bytes. */
|
||||
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA
|
||||
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA
|
||||
|
||||
/* Maximum count of elements of a vector with dimension K. */
|
||||
#define DILITHIUM_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_44_K * DILITHIUM_N)
|
||||
#define MLDSA_MAX_K_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_44_K * MLDSA_N)
|
||||
/* Maximum count of elements of a vector with dimension L. */
|
||||
#define DILITHIUM_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_44_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_L_VECTOR_COUNT \
|
||||
(PARAMS_ML_DSA_44_L * MLDSA_N)
|
||||
/* Maximum count of elements of a matrix with dimension KxL. */
|
||||
#define DILITHIUM_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N)
|
||||
#define MLDSA_MAX_MATRIX_COUNT \
|
||||
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * MLDSA_N)
|
||||
|
||||
#endif
|
||||
|
||||
/* Length of K in bytes. */
|
||||
#define DILITHIUM_K_SZ 32
|
||||
#define MLDSA_K_SZ 32
|
||||
/* Length of TR in bytes. */
|
||||
#define DILITHIUM_TR_SZ 64
|
||||
#define MLDSA_TR_SZ 64
|
||||
/* Length of public key seed in bytes when expanding a. */
|
||||
#define DILITHIUM_PUB_SEED_SZ 32
|
||||
#define MLDSA_PUB_SEED_SZ 32
|
||||
/* Length of private key seed in bytes when generating a key. */
|
||||
#define DILITHIUM_PRIV_SEED_SZ 64
|
||||
#define MLDSA_PRIV_SEED_SZ 64
|
||||
|
||||
/* Length of seed when creating vector c. */
|
||||
#define DILITHIUM_SEED_SZ 32
|
||||
#define MLDSA_SEED_SZ 32
|
||||
/* Length of seeds created when making a key. */
|
||||
#define DILITHIUM_SEEDS_SZ 128
|
||||
#define MLDSA_SEEDS_SZ 128
|
||||
|
||||
/* Length of MU in bytes. */
|
||||
#define DILITHIUM_MU_SZ 64
|
||||
#define MLDSA_MU_SZ 64
|
||||
/* Length of random in bytes when generating a signature. */
|
||||
#define DILITHIUM_RND_SZ 32
|
||||
#define MLDSA_RND_SZ 32
|
||||
/* Length of private random in bytes when generating a signature. */
|
||||
#define DILITHIUM_PRIV_RAND_SEED_SZ 64
|
||||
#define MLDSA_PRIV_RAND_SEED_SZ 64
|
||||
|
||||
/* 5 blocks, each block 21 * 8 bytes = 840 bytes.
|
||||
* Minimum required is 256 * 3 = 768. */
|
||||
#define DILITHIUM_GEN_A_NBLOCKS 5
|
||||
#define MLDSA_GEN_A_NBLOCKS 5
|
||||
/* Number of bytes to generate with Shake128 when generating A. */
|
||||
#define DILITHIUM_GEN_A_BYTES \
|
||||
(DILITHIUM_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
|
||||
#define MLDSA_GEN_A_BYTES \
|
||||
(MLDSA_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
|
||||
/* Number of bytes to a block of SHAKE-128 when generating A. */
|
||||
#define DILITHIUM_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8)
|
||||
#define MLDSA_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8)
|
||||
|
||||
/* Number of bytes to a block of SHAKE-256 when generating c. */
|
||||
#define DILITHIUM_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8)
|
||||
#define MLDSA_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8)
|
||||
|
||||
|
||||
#ifndef WOLFSSL_MLDSA_SMALL
|
||||
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_MLDSA_ALIGNMENT == 0)
|
||||
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
|
||||
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BYTES + 1)
|
||||
#define MLDSA_REJ_NTT_POLY_H_SIZE (MLDSA_GEN_A_BYTES + 1)
|
||||
#else
|
||||
/* A block SHAKE-128 output. */
|
||||
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BYTES
|
||||
#define MLDSA_REJ_NTT_POLY_H_SIZE MLDSA_GEN_A_BYTES
|
||||
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_MLDSA_ALIGNMENT == 0 */
|
||||
#else
|
||||
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_MLDSA_ALIGNMENT == 0)
|
||||
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
|
||||
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BLOCK_BYTES + 1)
|
||||
#define MLDSA_REJ_NTT_POLY_H_SIZE (MLDSA_GEN_A_BLOCK_BYTES + 1)
|
||||
#else
|
||||
/* A block SHAKE-128 output. */
|
||||
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BLOCK_BYTES
|
||||
#define MLDSA_REJ_NTT_POLY_H_SIZE MLDSA_GEN_A_BLOCK_BYTES
|
||||
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_MLDSA_ALIGNMENT == 0 */
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
|
||||
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE
|
||||
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE
|
||||
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
|
||||
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_87_KEY_SIZE
|
||||
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_87_SIG_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
|
||||
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
|
||||
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
|
||||
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
|
||||
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL3_KEY_SIZE
|
||||
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL3_SIG_SIZE
|
||||
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL3_PUB_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL3_PRV_KEY_SIZE
|
||||
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_65_KEY_SIZE
|
||||
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_65_SIG_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
|
||||
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
|
||||
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL2_KEY_SIZE
|
||||
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL2_SIG_SIZE
|
||||
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL2_PUB_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL2_PRV_KEY_SIZE
|
||||
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_44_KEY_SIZE
|
||||
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_44_SIG_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
|
||||
/* Buffer sizes large enough to store exported DER encoded keys */
|
||||
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
|
||||
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
|
||||
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
|
||||
* the footer "-----END PRIVATE KEY-----" */
|
||||
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
|
||||
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
|
||||
|
||||
#else
|
||||
|
||||
@@ -601,8 +556,8 @@
|
||||
|
||||
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
#define DILITHIUM_MAX_ID_LEN 32
|
||||
#define DILITHIUM_MAX_LABEL_LEN 32
|
||||
#define MLDSA_MAX_ID_LEN 32
|
||||
#define MLDSA_MAX_LABEL_LEN 32
|
||||
#endif
|
||||
|
||||
/* Structs */
|
||||
@@ -649,9 +604,9 @@ struct wc_MlDsaKey {
|
||||
int devId;
|
||||
#endif
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
byte id[DILITHIUM_MAX_ID_LEN];
|
||||
byte id[MLDSA_MAX_ID_LEN];
|
||||
int idLen;
|
||||
char label[DILITHIUM_MAX_LABEL_LEN];
|
||||
char label[MLDSA_MAX_LABEL_LEN];
|
||||
int labelLen;
|
||||
#endif
|
||||
|
||||
@@ -660,14 +615,14 @@ struct wc_MlDsaKey {
|
||||
byte* k; /* heap-allocated, right-sized secret key */
|
||||
#elif !defined(WOLFSSL_MLDSA_ASSIGN_KEY)
|
||||
#ifdef USE_INTEL_SPEEDUP
|
||||
byte p[DILITHIUM_MAX_PUB_KEY_SIZE+8];
|
||||
byte p[MLDSA_MAX_PUB_KEY_SIZE+8];
|
||||
#if !defined(WOLFSSL_MLDSA_VERIFY_ONLY)
|
||||
byte k[DILITHIUM_MAX_KEY_SIZE+8];
|
||||
byte k[MLDSA_MAX_KEY_SIZE+8];
|
||||
#endif
|
||||
#else
|
||||
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
|
||||
byte p[MLDSA_MAX_PUB_KEY_SIZE];
|
||||
#if !defined(WOLFSSL_MLDSA_VERIFY_ONLY)
|
||||
byte k[DILITHIUM_MAX_KEY_SIZE];
|
||||
byte k[MLDSA_MAX_KEY_SIZE];
|
||||
#endif
|
||||
#endif
|
||||
#else
|
||||
@@ -694,32 +649,32 @@ struct wc_MlDsaKey {
|
||||
#endif
|
||||
#else
|
||||
#ifdef WC_MLDSA_CACHE_MATRIX_A
|
||||
sword32 a[DILITHIUM_MAX_MATRIX_COUNT];
|
||||
sword32 a[MLDSA_MAX_MATRIX_COUNT];
|
||||
byte aSet;
|
||||
#endif
|
||||
#ifdef WC_MLDSA_CACHE_PRIV_VECTORS
|
||||
sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT];
|
||||
sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT];
|
||||
sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT];
|
||||
sword32 s1[MLDSA_MAX_L_VECTOR_COUNT];
|
||||
sword32 s2[MLDSA_MAX_K_VECTOR_COUNT];
|
||||
sword32 t0[MLDSA_MAX_K_VECTOR_COUNT];
|
||||
byte privVecsSet;
|
||||
#endif
|
||||
#ifdef WC_MLDSA_CACHE_PUB_VECTORS
|
||||
sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT];
|
||||
sword32 t1[MLDSA_MAX_K_VECTOR_COUNT];
|
||||
byte pubVecSet;
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_MLDSA_VERIFY_NO_MALLOC) && \
|
||||
defined(WOLFSSL_MLDSA_VERIFY_SMALL_MEM)
|
||||
sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT];
|
||||
sword32 c[DILITHIUM_N];
|
||||
sword32 w[DILITHIUM_N];
|
||||
sword32 t1[DILITHIUM_N];
|
||||
byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
|
||||
sword32 z[MLDSA_MAX_L_VECTOR_COUNT];
|
||||
sword32 c[MLDSA_N];
|
||||
sword32 w[MLDSA_N];
|
||||
sword32 t1[MLDSA_N];
|
||||
byte w1e[MLDSA_MAX_W1_ENC_SZ];
|
||||
#ifdef WOLFSSL_MLDSA_SMALL_MEM_POLY64
|
||||
sword64 t64[DILITHIUM_N];
|
||||
sword64 t64[MLDSA_N];
|
||||
#endif
|
||||
byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
|
||||
byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
|
||||
byte h[MLDSA_REJ_NTT_POLY_H_SIZE];
|
||||
byte block[MLDSA_GEN_C_BLOCK_BYTES];
|
||||
#endif /* WOLFSSL_MLDSA_VERIFY_NO_MALLOC &&
|
||||
* WOLFSSL_MLDSA_VERIFY_SMALL_MEM */
|
||||
};
|
||||
@@ -998,24 +953,6 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
|
||||
#define WC_ML_DSA_65_DRAFT (3 + WC_ML_DSA_DRAFT)
|
||||
#define WC_ML_DSA_87_DRAFT (5 + WC_ML_DSA_DRAFT)
|
||||
|
||||
#define DILITHIUM_ML_DSA_44_KEY_SIZE 2560
|
||||
#define DILITHIUM_ML_DSA_44_SIG_SIZE 2420
|
||||
#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE 1312
|
||||
#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE \
|
||||
(DILITHIUM_ML_DSA_44_PUB_KEY_SIZE + DILITHIUM_ML_DSA_44_KEY_SIZE)
|
||||
|
||||
#define DILITHIUM_ML_DSA_65_KEY_SIZE 4032
|
||||
#define DILITHIUM_ML_DSA_65_SIG_SIZE 3309
|
||||
#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE 1952
|
||||
#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE \
|
||||
(DILITHIUM_ML_DSA_65_PUB_KEY_SIZE + DILITHIUM_ML_DSA_65_KEY_SIZE)
|
||||
|
||||
#define DILITHIUM_ML_DSA_87_KEY_SIZE 4896
|
||||
#define DILITHIUM_ML_DSA_87_SIG_SIZE 4627
|
||||
#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE 2592
|
||||
#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE \
|
||||
(DILITHIUM_ML_DSA_87_PUB_KEY_SIZE + DILITHIUM_ML_DSA_87_KEY_SIZE)
|
||||
|
||||
|
||||
WOLFSSL_API int wc_MlDsaKey_GetPrivLen(wc_MlDsaKey* key, int* len);
|
||||
WOLFSSL_API int wc_MlDsaKey_GetPubLen(wc_MlDsaKey* key, int* len);
|
||||
|
||||
Reference in New Issue
Block a user