More ML-DSA renaming

This commit is contained in:
Tobias Frauenschläger
2026-05-18 16:59:53 -07:00
parent dc56e87522
commit 44074fd1df
5 changed files with 1650 additions and 1433 deletions
+1
View File
@@ -361,6 +361,7 @@ MICRIUM_MALLOC
MICROCHIP_MPLAB_HARMONY
MICROCHIP_MPLAB_HARMONY_3
MICRO_SESSION_CACHEx
MLDSA_USE_HINT_CT
MLKEM_NONDETERMINISTIC
MODULE_SOCK_TCP
MP_31BIT
+85
View File
@@ -37,6 +37,20 @@ the legacy API.
| `wc_dilithium_*` (lifecycle / sizing) | `wc_MlDsaKey_*` |
| `wc_Dilithium_*` (DER encode / decode) | `wc_MlDsaKey_*` |
| internal lower-case `dilithium_*` helpers | `mldsa_*` |
| `DILITHIUM_*` algorithm-parameter macros | `MLDSA_*` (matches `MLKEM_*` in `wc_mlkem.h`) |
| `DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`, `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE` | `WC_MLDSA_{44,65,87}_*_SIZE` |
| `DEBUG_DILITHIUM` | `DEBUG_MLDSA` |
The `WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` / `WC_ML_DSA_DRAFT`
public level identifiers and the `PARAMS_ML_DSA_{44,65,87}_*`
per-parameter-set internal constants intentionally **keep** their
underscored `ML_DSA_` spelling — the level identifiers are established
public names and the `PARAMS_*` family is internal-only, so neither
benefits from a rename.
The `WOLFSSL_NO_ML_DSA_{44,65,87}` parameter-set disable gates are
likewise kept in their underscored form (matching the
`WOLFSSL_NO_ML_KEM_{512,768,1024}` spelling in `wc_mlkem.h`).
The 16 sign / verify / import / DER-decode entry points were also
re-ordered to put the `MlDsaKey*` first (matching the FIPS 204 / ML-KEM
@@ -165,6 +179,77 @@ wolfSSL-internal infrastructure (an auto-generated cert-buffer data
file and the static allocator's default sizing), not consumer-facing
API; these changes do not require downstream code changes.
## Macro / comment cleanup inside `wc_mldsa.{c,h}`
A follow-on cleanup of the ML-DSA implementation file finished the
internal naming migration that the file/symbol rename above started:
- All algorithm-parameter macros defined in `wolfssl/wolfcrypt/wc_mldsa.h`
(`DILITHIUM_Q`, `DILITHIUM_N`, `DILITHIUM_D`, `DILITHIUM_ETA_*`,
`DILITHIUM_GAMMA1_*`, `DILITHIUM_K_SZ`, `DILITHIUM_MU_SZ`,
`DILITHIUM_MAX_*`, …) were renamed to canonical `MLDSA_*` spellings
matching the `MLKEM_*` internal constants in
`<wolfssl/wolfcrypt/wc_mlkem.h>`. The `PARAMS_ML_DSA_{44,65,87}_*`
per-parameter-set internal constants and the
`WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` /
`WC_ML_DSA_DRAFT` public level identifiers keep their underscored
spelling — the level identifiers are established public names and
the `PARAMS_*` family is internal-only.
- The per-parameter-set size constants previously existed in **three**
redundant spellings — `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
`ML_DSA_LEVEL{2,3,5}_*_SIZE`, and
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`. They were consolidated to a
single canonical family, `WC_MLDSA_{44,65,87}_*_SIZE`. All three
legacy spellings remain reachable as aliases through the
`<wolfssl/wolfcrypt/dilithium.h>` shim (gated by
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`); a duplicate `MLDSA_N`
definition in `wc_mldsa.h` was also removed.
- All ~20 file-local macros inside `wolfcrypt/src/wc_mldsa.c`
(`DILITHIUM_SIGN_BYTES`, `DILITHIUM_GEN_S_*`, `DILITHIUM_HASH_OID_LEN`,
`DILITHIUM_PARAMS_CNT`, `DILITHIUM_COEFF_S*`, `DILITHIUM_QINV`,
`DILITHIUM_NTT_ZETA_1`, `DILITHIUM_POS_OFFSET`, …) were renamed
to `MLDSA_*`. The file-local macros are not user-visible and have no
alias in the shim.
- The user-tunable knobs documented in the `wc_mldsa.c` file-top
comment block — `DEBUG_DILITHIUM` and the five performance-tuning
defines `DILITHIUM_MUL_SLOW`, `DILITHIUM_MUL_44_SLOW`,
`DILITHIUM_MUL_11_SLOW`, `DILITHIUM_MUL_QINV_SLOW`,
`DILITHIUM_MUL_Q_SLOW` — were renamed to `DEBUG_MLDSA` /
`MLDSA_MUL_*_SLOW`. These are set from `user_settings.h` or `-D`,
so a forward-translation block was added to the legacy-gates arm
in `<wolfssl/wolfcrypt/dilithium.h>` (gated by
`WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) so consumers using the legacy
spelling continue to get the intended code path.
- A long-standing typo, `dilitihium_get_der_length()` (5 call sites,
`static`-scope), was corrected to `mldsa_get_der_length()`.
- All `DILITHIUM_*` legacy macro spellings remain reachable from
unmigrated in-tree consumers (`wolfcrypt/src/asn.c`, `src/ssl_load.c`,
`src/internal.c`, `src/tls13.c`, `src/ssl.c`, `src/x509.c`,
`src/ssl_api_pk.c`, `src/ssl_certman.c`, `wolfssl/internal.h`,
`wolfssl/wolfcrypt/asn.h`, `asn_public.h`, `oid_sum.h`,
`examples/configs/user_settings_pq.h`,
`wolfcrypt/benchmark/benchmark.c`, `wolfcrypt/test/test.c`,
`tests/api/test_mldsa.c`) and downstream code through a new
reverse-arm macro alias block in `<wolfssl/wolfcrypt/dilithium.h>`,
gated by the existing `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` opt-out.
- All function and section comments inside `wc_mldsa.c` had their
"Dilithium" / "dilithium" prose replaced with "ML-DSA" (the file-top
credit retains a parenthetical mention of the historical name).
- Every algorithm-step citation was re-numbered against FIPS 204 Final
(August 2024). The implementation was previously annotated with the
draft (IPD) numbering — e.g. `Algorithm 18 skEncode`, `Algorithm 26
ExpandA`, `Algorithm 29 Power2Round`. These were updated to the
Final numbering (`Algorithm 24 skEncode`, `Algorithm 32 ExpandA`,
`Algorithm 35 Power2Round`, …) and the section references were
retargeted from the draft `§8.x` building-blocks group to the Final
`§7.x` arrangement. SHAKE128/256 notation references were redirected
from the IPD `§8.3` to the Final `§3.7`. Citation punctuation was
normalized from `FIPS 204. N.M:` to `FIPS 204 §N.M,`.
These changes are contained to `wolfcrypt/src/wc_mldsa.c`,
`wolfssl/wolfcrypt/wc_mldsa.h`, and the macro-alias block in
`wolfssl/wolfcrypt/dilithium.h`. No external consumer is touched.
### Retained internal symbols
A few internal-only spellings are intentionally **not** renamed in this
+1195 -1194
View File
File diff suppressed because it is too large Load Diff
+193
View File
@@ -224,6 +224,42 @@
#endif
#endif
/* Developer / performance tuning knobs documented at the top of
* wolfcrypt/src/wc_mldsa.c. These are user-set in user_settings.h or
* via -D on the compiler command line; forward-translate so a
* consumer with the legacy DILITHIUM_* spelling still gets the
* intended code path. */
#ifdef DEBUG_DILITHIUM
#ifndef DEBUG_MLDSA
#define DEBUG_MLDSA
#endif
#endif
#ifdef DILITHIUM_MUL_SLOW
#ifndef MLDSA_MUL_SLOW
#define MLDSA_MUL_SLOW
#endif
#endif
#ifdef DILITHIUM_MUL_44_SLOW
#ifndef MLDSA_MUL_44_SLOW
#define MLDSA_MUL_44_SLOW
#endif
#endif
#ifdef DILITHIUM_MUL_11_SLOW
#ifndef MLDSA_MUL_11_SLOW
#define MLDSA_MUL_11_SLOW
#endif
#endif
#ifdef DILITHIUM_MUL_QINV_SLOW
#ifndef MLDSA_MUL_QINV_SLOW
#define MLDSA_MUL_QINV_SLOW
#endif
#endif
#ifdef DILITHIUM_MUL_Q_SLOW
#ifndef MLDSA_MUL_Q_SLOW
#define MLDSA_MUL_Q_SLOW
#endif
#endif
#endif /* !WOLFSSL_NO_DILITHIUM_LEGACY_GATES */
/* === wc_mldsa.h is now reachable with canonical gates correctly set === */
@@ -445,6 +481,163 @@
#define wc_dilithium_encode_w1_88 wc_mldsa_encode_w1_88
#define wc_dilithium_encode_w1_32 wc_mldsa_encode_w1_32
/* Legacy parameter / size macros. wc_mldsa.h now defines the canonical
* MLDSA_* spellings; these aliases keep the pre-standardization
* DILITHIUM_* names reachable for unmigrated in-tree consumers
* (wolfcrypt/src/asn.c, src/ssl_load.c, src/internal.c, src/tls13.c,
* src/ssl.c, src/x509.c, src/ssl_api_pk.c, src/ssl_certman.c,
* wolfssl/internal.h, wolfssl/wolfcrypt/asn.h, asn_public.h,
* oid_sum.h, examples/configs/user_settings_pq.h,
* wolfcrypt/benchmark/benchmark.c, wolfcrypt/test/test.c,
* tests/api/test_mldsa.c) and for downstream code. The DILITHIUM_ML_DSA_NN_*
* spellings collapse to MLDSA_NN_* (the intermediate _ML_DSA_ is
* redundant once the outer prefix is MLDSA_; the resulting MLDSA_44 /
* _65 / _87 names match the FIPS 204 parameter-set spellings). */
/* Algorithm parameters (FIPS 204 Section 4) */
#define DILITHIUM_Q MLDSA_Q
#define DILITHIUM_Q_BITS MLDSA_Q_BITS
#define DILITHIUM_N MLDSA_N
#define DILITHIUM_D MLDSA_D
#define DILITHIUM_D_MAX MLDSA_D_MAX
#define DILITHIUM_D_MAX_HALF MLDSA_D_MAX_HALF
#define DILITHIUM_U MLDSA_U
#define DILITHIUM_GAMMA1_17 MLDSA_GAMMA1_17
#define DILITHIUM_GAMMA1_19 MLDSA_GAMMA1_19
#define DILITHIUM_GAMMA1_BITS_17 MLDSA_GAMMA1_BITS_17
#define DILITHIUM_GAMMA1_BITS_19 MLDSA_GAMMA1_BITS_19
#define DILITHIUM_GAMMA1_17_ENC_BITS MLDSA_GAMMA1_17_ENC_BITS
#define DILITHIUM_GAMMA1_19_ENC_BITS MLDSA_GAMMA1_19_ENC_BITS
#define DILITHIUM_Q_LOW_32 MLDSA_Q_LOW_32
#define DILITHIUM_Q_LOW_32_2 MLDSA_Q_LOW_32_2
#define DILITHIUM_Q_LOW_88 MLDSA_Q_LOW_88
#define DILITHIUM_Q_LOW_88_2 MLDSA_Q_LOW_88_2
#define DILITHIUM_Q_HI_32_ENC_BITS MLDSA_Q_HI_32_ENC_BITS
#define DILITHIUM_Q_HI_88_ENC_BITS MLDSA_Q_HI_88_ENC_BITS
#define DILITHIUM_ETA_2 MLDSA_ETA_2
#define DILITHIUM_ETA_2_BITS MLDSA_ETA_2_BITS
#define DILITHIUM_ETA_2_MOD MLDSA_ETA_2_MOD
#define DILITHIUM_ETA_4 MLDSA_ETA_4
#define DILITHIUM_ETA_4_BITS MLDSA_ETA_4_BITS
#define DILITHIUM_ETA_4_MOD MLDSA_ETA_4_MOD
#define DILITHIUM_POLY_SIZE MLDSA_POLY_SIZE
#define DILITHIUM_REJ_NTT_POLY_H_SIZE MLDSA_REJ_NTT_POLY_H_SIZE
/* Seed / label / hash sizes */
#define DILITHIUM_PUB_SEED_SZ MLDSA_PUB_SEED_SZ
#define DILITHIUM_PRIV_SEED_SZ MLDSA_PRIV_SEED_SZ
#define DILITHIUM_PRIV_RAND_SEED_SZ MLDSA_PRIV_RAND_SEED_SZ
#define DILITHIUM_SEED_SZ MLDSA_SEED_SZ
#define DILITHIUM_SEEDS_SZ MLDSA_SEEDS_SZ
#define DILITHIUM_K_SZ MLDSA_K_SZ
#define DILITHIUM_TR_SZ MLDSA_TR_SZ
#define DILITHIUM_MU_SZ MLDSA_MU_SZ
#define DILITHIUM_RND_SZ MLDSA_RND_SZ
/* ExpandA / ExpandS sampling block constants (FIPS 204 Section 8.4) */
#define DILITHIUM_GEN_A_BLOCK_BYTES MLDSA_GEN_A_BLOCK_BYTES
#define DILITHIUM_GEN_A_BYTES MLDSA_GEN_A_BYTES
#define DILITHIUM_GEN_A_NBLOCKS MLDSA_GEN_A_NBLOCKS
#define DILITHIUM_GEN_C_BLOCK_BYTES MLDSA_GEN_C_BLOCK_BYTES
/* Per-parameter-set sizes. The canonical spelling in
* <wolfssl/wolfcrypt/wc_mldsa.h> is WC_MLDSA_{44,65,87}_*_SIZE. The
* aliases below keep three legacy spelling families reachable for
* unmigrated consumers:
* - "LEVEL2/3/5" forms (`ML_DSA_LEVEL2_KEY_SIZE`,
* `DILITHIUM_LEVEL2_KEY_SIZE`) - the three NIST security
* categories (2 / 3 / 5).
* - The pre-standardization `DILITHIUM_ML_DSA_44_*` form. */
/* LEVEL2 (= ML-DSA-44) */
#define ML_DSA_LEVEL2_KEY_SIZE WC_MLDSA_44_KEY_SIZE
#define ML_DSA_LEVEL2_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
#define ML_DSA_LEVEL2_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
#define ML_DSA_LEVEL2_SIG_SIZE WC_MLDSA_44_SIG_SIZE
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
#define DILITHIUM_LEVEL2_KEY_SIZE WC_MLDSA_44_KEY_SIZE
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
#define DILITHIUM_LEVEL2_SIG_SIZE WC_MLDSA_44_SIG_SIZE
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
/* LEVEL3 (= ML-DSA-65) */
#define ML_DSA_LEVEL3_KEY_SIZE WC_MLDSA_65_KEY_SIZE
#define ML_DSA_LEVEL3_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
#define ML_DSA_LEVEL3_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
#define ML_DSA_LEVEL3_SIG_SIZE WC_MLDSA_65_SIG_SIZE
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
#define DILITHIUM_LEVEL3_KEY_SIZE WC_MLDSA_65_KEY_SIZE
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
#define DILITHIUM_LEVEL3_SIG_SIZE WC_MLDSA_65_SIG_SIZE
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
/* LEVEL5 (= ML-DSA-87) */
#define ML_DSA_LEVEL5_KEY_SIZE WC_MLDSA_87_KEY_SIZE
#define ML_DSA_LEVEL5_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
#define ML_DSA_LEVEL5_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
#define ML_DSA_LEVEL5_SIG_SIZE WC_MLDSA_87_SIG_SIZE
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
#define DILITHIUM_LEVEL5_KEY_SIZE WC_MLDSA_87_KEY_SIZE
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
#define DILITHIUM_LEVEL5_SIG_SIZE WC_MLDSA_87_SIG_SIZE
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
/* Pre-standardization DILITHIUM_ML_DSA_NN_* spelling. */
#define DILITHIUM_ML_DSA_44_KEY_SIZE WC_MLDSA_44_KEY_SIZE
#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
#define DILITHIUM_ML_DSA_44_SIG_SIZE WC_MLDSA_44_SIG_SIZE
#define DILITHIUM_ML_DSA_65_KEY_SIZE WC_MLDSA_65_KEY_SIZE
#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
#define DILITHIUM_ML_DSA_65_SIG_SIZE WC_MLDSA_65_SIG_SIZE
#define DILITHIUM_ML_DSA_87_KEY_SIZE WC_MLDSA_87_KEY_SIZE
#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
#define DILITHIUM_ML_DSA_87_SIG_SIZE WC_MLDSA_87_SIG_SIZE
/* Maxima (largest value across the three parameter sets, used for
* stack/heap sizing) */
#define DILITHIUM_MAX_KEY_SIZE MLDSA_MAX_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE MLDSA_MAX_PRV_KEY_SIZE
#define DILITHIUM_MAX_PUB_KEY_SIZE MLDSA_MAX_PUB_KEY_SIZE
#define DILITHIUM_MAX_SIG_SIZE MLDSA_MAX_SIG_SIZE
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE MLDSA_MAX_PRV_KEY_DER_SIZE
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE MLDSA_MAX_PUB_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE MLDSA_MAX_BOTH_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE MLDSA_MAX_BOTH_KEY_PEM_SIZE
#ifdef WOLF_PRIVATE_KEY_ID
#define DILITHIUM_MAX_LABEL_LEN MLDSA_MAX_LABEL_LEN
#define DILITHIUM_MAX_ID_LEN MLDSA_MAX_ID_LEN
#endif
#define DILITHIUM_MAX_LAMBDA MLDSA_MAX_LAMBDA
#define DILITHIUM_MAX_K_VECTOR_COUNT MLDSA_MAX_K_VECTOR_COUNT
#define DILITHIUM_MAX_L_VECTOR_COUNT MLDSA_MAX_L_VECTOR_COUNT
#define DILITHIUM_MAX_MATRIX_COUNT MLDSA_MAX_MATRIX_COUNT
#define DILITHIUM_MAX_W1_ENC_SZ MLDSA_MAX_W1_ENC_SZ
#endif /* WOLFSSL_HAVE_MLDSA && !WOLFSSL_NO_DILITHIUM_LEGACY_NAMES */
#endif /* WOLF_CRYPT_DILITHIUM_H */
+176 -239
View File
@@ -119,145 +119,101 @@
#endif
#endif /* WOLFSSL_MLDSA_ALIGNMENT */
#define DILITHIUM_LEVEL2_KEY_SIZE 2560
#define DILITHIUM_LEVEL2_SIG_SIZE 2420
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE 1312
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
(DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344
/* ML-DSA-44 (NIST security category 2). */
#define WC_MLDSA_44_KEY_SIZE 2560
#define WC_MLDSA_44_SIG_SIZE 2420
#define WC_MLDSA_44_PUB_KEY_SIZE 1312
#define WC_MLDSA_44_PRV_KEY_SIZE \
(WC_MLDSA_44_PUB_KEY_SIZE + WC_MLDSA_44_KEY_SIZE)
/* Buffer sizes large enough to store exported DER-encoded keys. */
#define WC_MLDSA_44_PUB_KEY_DER_SIZE 1334
#define WC_MLDSA_44_PRV_KEY_DER_SIZE 2588
#define WC_MLDSA_44_BOTH_KEY_DER_SIZE 3904
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and the
* footer "-----END PRIVATE KEY-----". */
#define WC_MLDSA_44_BOTH_KEY_PEM_SIZE 5344
#define DILITHIUM_LEVEL3_KEY_SIZE 4032
#define DILITHIUM_LEVEL3_SIG_SIZE 3309
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE 1952
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
(DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204
#define DILITHIUM_LEVEL5_KEY_SIZE 4896
#define DILITHIUM_LEVEL5_SIG_SIZE 4627
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE 2592
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
(DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10267
#define ML_DSA_LEVEL2_KEY_SIZE 2560
#define ML_DSA_LEVEL2_SIG_SIZE 2420
#define ML_DSA_LEVEL2_PUB_KEY_SIZE 1312
#define ML_DSA_LEVEL2_PRV_KEY_SIZE \
(ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL3_KEY_SIZE 4032
#define ML_DSA_LEVEL3_SIG_SIZE 3309
#define ML_DSA_LEVEL3_PUB_KEY_SIZE 1952
#define ML_DSA_LEVEL3_PRV_KEY_SIZE \
(ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL5_KEY_SIZE 4896
#define ML_DSA_LEVEL5_SIG_SIZE 4627
#define ML_DSA_LEVEL5_PUB_KEY_SIZE 2592
#define ML_DSA_LEVEL5_PRV_KEY_SIZE \
(ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE)
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
/* ML-DSA-65 (NIST security category 3). */
#define WC_MLDSA_65_KEY_SIZE 4032
#define WC_MLDSA_65_SIG_SIZE 3309
#define WC_MLDSA_65_PUB_KEY_SIZE 1952
#define WC_MLDSA_65_PRV_KEY_SIZE \
(WC_MLDSA_65_PUB_KEY_SIZE + WC_MLDSA_65_KEY_SIZE)
#define WC_MLDSA_65_PUB_KEY_DER_SIZE 1974
#define WC_MLDSA_65_PRV_KEY_DER_SIZE 4060
#define WC_MLDSA_65_BOTH_KEY_DER_SIZE 6016
#define WC_MLDSA_65_BOTH_KEY_PEM_SIZE 8204
/* ML-DSA-87 (NIST security category 5). */
#define WC_MLDSA_87_KEY_SIZE 4896
#define WC_MLDSA_87_SIG_SIZE 4627
#define WC_MLDSA_87_PUB_KEY_SIZE 2592
#define WC_MLDSA_87_PRV_KEY_SIZE \
(WC_MLDSA_87_PUB_KEY_SIZE + WC_MLDSA_87_KEY_SIZE)
#define WC_MLDSA_87_PUB_KEY_DER_SIZE 2614
#define WC_MLDSA_87_PRV_KEY_DER_SIZE 4924
#define WC_MLDSA_87_BOTH_KEY_DER_SIZE 7520
#define WC_MLDSA_87_BOTH_KEY_PEM_SIZE 10267
/* Modulus. */
#define DILITHIUM_Q 0x7fe001
#define MLDSA_Q 0x7fe001
/* Number of bits in modulus. */
#define DILITHIUM_Q_BITS 23
#define MLDSA_Q_BITS 23
/* Number of elements in polynomial. */
#define DILITHIUM_N 256
#define MLDSA_N 256
#define MLDSA_N 256
/* Number of dropped bits. */
#define DILITHIUM_D 13
#define MLDSA_D 13
/* Maximum value of dropped bits. */
#define DILITHIUM_D_MAX ((sword32)1 << DILITHIUM_D)
#define MLDSA_D_MAX ((sword32)1 << MLDSA_D)
/* Half maximum value. */
#define DILITHIUM_D_MAX_HALF ((sword32)1 << (DILITHIUM_D - 1))
#define MLDSA_D_MAX_HALF ((sword32)1 << (MLDSA_D - 1))
/* Number of undropped bits. */
#define DILITHIUM_U (DILITHIUM_Q_BITS - DILITHIUM_D)
#define MLDSA_U (MLDSA_Q_BITS - MLDSA_D)
/* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */
#define DILITHIUM_GAMMA1_BITS_17 17
#define MLDSA_GAMMA1_BITS_17 17
/* Coefficient range of y, GAMMA1, of 2^17. */
#define DILITHIUM_GAMMA1_17 ((sword32)1 << 17)
#define MLDSA_GAMMA1_17 ((sword32)1 << 17)
/* # encoding bits of y is GAMMA1 + 1. */
#define DILITHIUM_GAMMA1_17_ENC_BITS 18
#define MLDSA_GAMMA1_17_ENC_BITS 18
/* Coefficient range of y, GAMMA1, of 2^17. */
/* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */
#define DILITHIUM_GAMMA1_BITS_19 19
#define MLDSA_GAMMA1_BITS_19 19
/* Coefficient range of y, GAMMA1, of 2^19. */
#define DILITHIUM_GAMMA1_19 ((sword32)1 << 19)
#define MLDSA_GAMMA1_19 ((sword32)1 << 19)
/* # encoding bits of y is GAMMA1 + 1. */
#define DILITHIUM_GAMMA1_19_ENC_BITS 20
#define MLDSA_GAMMA1_19_ENC_BITS 20
/* Low-order rounding range, GAMMA2, is Q divided by 88. */
#define DILITHIUM_Q_LOW_88 ((DILITHIUM_Q - 1) / 88)
#define MLDSA_Q_LOW_88 ((MLDSA_Q - 1) / 88)
/* Absolute low-order rounding range, GAMMA2, is Q divided by 88. */
#define DILITHIUM_Q_LOW_88_2 (((DILITHIUM_Q - 1) / 88) * 2)
#define MLDSA_Q_LOW_88_2 (((MLDSA_Q - 1) / 88) * 2)
/* # encoding bits of w1 when range is 88. */
#define DILITHIUM_Q_HI_88_ENC_BITS 6
#define MLDSA_Q_HI_88_ENC_BITS 6
/* Low-order rounding range, GAMMA2, is Q divided by 32. */
#define DILITHIUM_Q_LOW_32 ((DILITHIUM_Q - 1) / 32)
#define MLDSA_Q_LOW_32 ((MLDSA_Q - 1) / 32)
/* Absolute low-order rounding range, GAMMA2, is Q divided by 32. */
#define DILITHIUM_Q_LOW_32_2 (((DILITHIUM_Q - 1) / 32) * 2)
#define MLDSA_Q_LOW_32_2 (((MLDSA_Q - 1) / 32) * 2)
/* # encoding bits of w1 when range is 32. */
#define DILITHIUM_Q_HI_32_ENC_BITS 4
#define MLDSA_Q_HI_32_ENC_BITS 4
/* Private key range, eta, of 2. */
#define DILITHIUM_ETA_2 2
#define MLDSA_ETA_2 2
/* Bits needed to encode values in range -2..2 as a positive number. */
#define DILITHIUM_ETA_2_BITS 3
#define MLDSA_ETA_2_BITS 3
/* Extract count of valid values. */
#define DILITHIUM_ETA_2_MOD 15
#define MLDSA_ETA_2_MOD 15
/* Private key range, eta, of 4. */
#define DILITHIUM_ETA_4 4
#define MLDSA_ETA_4 4
/* Bits needed to encode values in range -4..4 as a positive number. */
#define DILITHIUM_ETA_4_BITS 4
#define MLDSA_ETA_4_BITS 4
/* Extract count of valid values. */
#define DILITHIUM_ETA_4_MOD 9
#define MLDSA_ETA_4_MOD 9
/* Number of bytes in a polynomial in memory. */
#define DILITHIUM_POLY_SIZE (DILITHIUM_N * sizeof(sword32))
#define MLDSA_POLY_SIZE (MLDSA_N * sizeof(sword32))
#ifndef WOLFSSL_NO_ML_DSA_44
@@ -266,9 +222,9 @@
/* Second dimension of A, l, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_L 4
/* Private key range, ETA, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2
#define PARAMS_ML_DSA_44_ETA MLDSA_ETA_2
/* Number of bits in private key for ML-DSA-44. */
#define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS
#define PARAMS_ML_DSA_44_ETA_BITS MLDSA_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
#define PARAMS_ML_DSA_44_LAMBDA 128
/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
@@ -279,30 +235,30 @@
/* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_OMEGA 80
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_17
#define PARAMS_ML_DSA_44_GAMMA1_BITS MLDSA_GAMMA1_BITS_17
/* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA1 \
((sword32)1 << PARAMS_ML_DSA_44_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA2 DILITHIUM_Q_LOW_88
#define PARAMS_ML_DSA_44_GAMMA2 MLDSA_Q_LOW_88
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA2_HI_BITS 6
/* Encoding size of w1 in bytes for ML-DSA-44.
* K * N / 8 * 6 - 6 bits as max value is 43 in high bits. */
#define PARAMS_ML_DSA_44_W1_ENC_SZ \
(PARAMS_ML_DSA_44_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
(PARAMS_ML_DSA_44_K * MLDSA_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
/* Size of memory used for matrix a in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_A_SIZE \
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * MLDSA_POLY_SIZE)
/* Size of memory used for vector s1 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S1_SIZE \
(PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_44_L * MLDSA_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S1_ENC_SIZE \
(PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S2_SIZE \
(PARAMS_ML_DSA_44_K * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_44_K * MLDSA_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S2_ENC_SIZE \
(PARAMS_ML_DSA_44_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
@@ -312,11 +268,11 @@
(PARAMS_ML_DSA_44_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * MLDSA_N * MLDSA_U / 8)
/* Encoding size of signature in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_SIG_SIZE \
((PARAMS_ML_DSA_44_LAMBDA / 4) + \
PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_44_L * MLDSA_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
#endif /* WOLFSSL_NO_ML_DSA_44 */
@@ -328,9 +284,9 @@
/* Second dimension of A, l, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_L 5
/* Private key range, ETA, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4
#define PARAMS_ML_DSA_65_ETA MLDSA_ETA_4
/* Number of bits in private key for ML-DSA-65. */
#define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS
#define PARAMS_ML_DSA_65_ETA_BITS MLDSA_ETA_4_BITS
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
#define PARAMS_ML_DSA_65_LAMBDA 192
/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
@@ -341,30 +297,30 @@
/* Max # 1's in the hint h, OMEGA, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_OMEGA 55
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
#define PARAMS_ML_DSA_65_GAMMA1_BITS MLDSA_GAMMA1_BITS_19
/* Coefficient range of y, GAMMA1, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA1 \
((sword32)1 << PARAMS_ML_DSA_65_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA2 DILITHIUM_Q_LOW_32
#define PARAMS_ML_DSA_65_GAMMA2 MLDSA_Q_LOW_32
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA2_HI_BITS 4
/* Encoding size of w1 in bytes for ML-DSA-65.
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
#define PARAMS_ML_DSA_65_W1_ENC_SZ \
(PARAMS_ML_DSA_65_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
(PARAMS_ML_DSA_65_K * MLDSA_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
/* Size of memory used for matrix a in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_A_SIZE \
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * MLDSA_POLY_SIZE)
/* Size of memory used for vector s1 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S1_SIZE \
(PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_65_L * MLDSA_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S1_ENC_SIZE \
(PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S2_SIZE \
(PARAMS_ML_DSA_65_K * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_65_K * MLDSA_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S2_ENC_SIZE \
(PARAMS_ML_DSA_65_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
@@ -374,11 +330,11 @@
(PARAMS_ML_DSA_65_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * MLDSA_N * MLDSA_U / 8)
/* Encoding size of signature in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_SIG_SIZE \
((PARAMS_ML_DSA_65_LAMBDA / 4) + \
PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_65_L * MLDSA_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
#endif /* WOLFSSL_NO_ML_DSA_65 */
@@ -390,9 +346,9 @@
/* Second dimension of A, l, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_L 7
/* Private key range, ETA, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2
#define PARAMS_ML_DSA_87_ETA MLDSA_ETA_2
/* Number of bits in private key for ML-DSA-87. */
#define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS
#define PARAMS_ML_DSA_87_ETA_BITS MLDSA_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
#define PARAMS_ML_DSA_87_LAMBDA 256
/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
@@ -403,31 +359,30 @@
/* Max # 1's in the hint h, OMEGA, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_OMEGA 75
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
#define PARAMS_ML_DSA_87_GAMMA1_BITS MLDSA_GAMMA1_BITS_19
/* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA1 \
((sword32)1 << PARAMS_ML_DSA_87_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA2 DILITHIUM_Q_LOW_32
#define PARAMS_ML_DSA_87_GAMMA2 MLDSA_Q_LOW_32
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA2_HI_BITS 4
/* Encoding size of w1 in bytes for ML-DSA-87.
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
#define PARAMS_ML_DSA_87_W1_ENC_SZ \
(PARAMS_ML_DSA_87_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
(PARAMS_ML_DSA_87_K * MLDSA_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
/* Size of memory used for matrix A in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_A_SIZE \
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
#define PARAMS_ML_DSA_87_S_SIZE 4
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * MLDSA_POLY_SIZE)
/* Size of memory used for vector s1 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S1_SIZE \
(PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_87_L * MLDSA_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S1_ENC_SIZE \
(PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S2_SIZE \
(PARAMS_ML_DSA_87_K * DILITHIUM_POLY_SIZE)
(PARAMS_ML_DSA_87_K * MLDSA_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S2_ENC_SIZE \
(PARAMS_ML_DSA_87_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
@@ -437,11 +392,11 @@
(PARAMS_ML_DSA_87_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
(MLDSA_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * MLDSA_N * MLDSA_U / 8)
/* Encoding size of signature in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_SIG_SIZE \
((PARAMS_ML_DSA_87_LAMBDA / 4) + \
PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_87_L * MLDSA_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
#endif /* WOLFSSL_NO_ML_DSA_87 */
@@ -449,149 +404,149 @@
#ifndef WOLFSSL_NO_ML_DSA_87
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_87_K * DILITHIUM_N)
#define MLDSA_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_87_K * MLDSA_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_87_L * DILITHIUM_N)
#define MLDSA_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_87_L * MLDSA_N)
/* Maximum count of elements of a matrix with dimension KxL. */
#define DILITHIUM_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N)
#define MLDSA_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * MLDSA_N)
#elif !defined(WOLFSSL_NO_ML_DSA_65)
/* Maximum w1 encoding size in bytes. */
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_65_K * DILITHIUM_N)
#define MLDSA_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_65_K * MLDSA_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_65_L * DILITHIUM_N)
#define MLDSA_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_65_L * MLDSA_N)
/* Maximum count of elements of a matrix with dimension KxL. */
#define DILITHIUM_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N)
#define MLDSA_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * MLDSA_N)
#else
/* Maximum w1 encoding size in bytes. */
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ
#define MLDSA_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA
#define MLDSA_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_44_K * DILITHIUM_N)
#define MLDSA_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_44_K * MLDSA_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_44_L * DILITHIUM_N)
#define MLDSA_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_44_L * MLDSA_N)
/* Maximum count of elements of a matrix with dimension KxL. */
#define DILITHIUM_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N)
#define MLDSA_MAX_MATRIX_COUNT \
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * MLDSA_N)
#endif
/* Length of K in bytes. */
#define DILITHIUM_K_SZ 32
#define MLDSA_K_SZ 32
/* Length of TR in bytes. */
#define DILITHIUM_TR_SZ 64
#define MLDSA_TR_SZ 64
/* Length of public key seed in bytes when expanding a. */
#define DILITHIUM_PUB_SEED_SZ 32
#define MLDSA_PUB_SEED_SZ 32
/* Length of private key seed in bytes when generating a key. */
#define DILITHIUM_PRIV_SEED_SZ 64
#define MLDSA_PRIV_SEED_SZ 64
/* Length of seed when creating vector c. */
#define DILITHIUM_SEED_SZ 32
#define MLDSA_SEED_SZ 32
/* Length of seeds created when making a key. */
#define DILITHIUM_SEEDS_SZ 128
#define MLDSA_SEEDS_SZ 128
/* Length of MU in bytes. */
#define DILITHIUM_MU_SZ 64
#define MLDSA_MU_SZ 64
/* Length of random in bytes when generating a signature. */
#define DILITHIUM_RND_SZ 32
#define MLDSA_RND_SZ 32
/* Length of private random in bytes when generating a signature. */
#define DILITHIUM_PRIV_RAND_SEED_SZ 64
#define MLDSA_PRIV_RAND_SEED_SZ 64
/* 5 blocks, each block 21 * 8 bytes = 840 bytes.
* Minimum required is 256 * 3 = 768. */
#define DILITHIUM_GEN_A_NBLOCKS 5
#define MLDSA_GEN_A_NBLOCKS 5
/* Number of bytes to generate with Shake128 when generating A. */
#define DILITHIUM_GEN_A_BYTES \
(DILITHIUM_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
#define MLDSA_GEN_A_BYTES \
(MLDSA_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
/* Number of bytes to a block of SHAKE-128 when generating A. */
#define DILITHIUM_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8)
#define MLDSA_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8)
/* Number of bytes to a block of SHAKE-256 when generating c. */
#define DILITHIUM_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8)
#define MLDSA_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8)
#ifndef WOLFSSL_MLDSA_SMALL
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_MLDSA_ALIGNMENT == 0)
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BYTES + 1)
#define MLDSA_REJ_NTT_POLY_H_SIZE (MLDSA_GEN_A_BYTES + 1)
#else
/* A block SHAKE-128 output. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BYTES
#define MLDSA_REJ_NTT_POLY_H_SIZE MLDSA_GEN_A_BYTES
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_MLDSA_ALIGNMENT == 0 */
#else
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_MLDSA_ALIGNMENT == 0)
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BLOCK_BYTES + 1)
#define MLDSA_REJ_NTT_POLY_H_SIZE (MLDSA_GEN_A_BLOCK_BYTES + 1)
#else
/* A block SHAKE-128 output. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BLOCK_BYTES
#define MLDSA_REJ_NTT_POLY_H_SIZE MLDSA_GEN_A_BLOCK_BYTES
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_MLDSA_ALIGNMENT == 0 */
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_87_KEY_SIZE
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_87_SIG_SIZE
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_87_PUB_KEY_SIZE
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_87_PRV_KEY_SIZE
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_87_PUB_KEY_DER_SIZE
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_87_PRV_KEY_DER_SIZE
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_87_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and
* the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_87_BOTH_KEY_PEM_SIZE
#elif !defined(WOLFSSL_NO_ML_DSA_65)
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL3_KEY_SIZE
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL3_SIG_SIZE
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL3_PUB_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL3_PRV_KEY_SIZE
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_65_KEY_SIZE
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_65_SIG_SIZE
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_65_PUB_KEY_SIZE
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_65_PRV_KEY_SIZE
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_65_PUB_KEY_DER_SIZE
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_65_PRV_KEY_DER_SIZE
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_65_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_65_BOTH_KEY_PEM_SIZE
#elif !defined(WOLFSSL_NO_ML_DSA_44)
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL2_KEY_SIZE
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL2_SIG_SIZE
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL2_PUB_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL2_PRV_KEY_SIZE
#define MLDSA_MAX_KEY_SIZE WC_MLDSA_44_KEY_SIZE
#define MLDSA_MAX_SIG_SIZE WC_MLDSA_44_SIG_SIZE
#define MLDSA_MAX_PUB_KEY_SIZE WC_MLDSA_44_PUB_KEY_SIZE
#define MLDSA_MAX_PRV_KEY_SIZE WC_MLDSA_44_PRV_KEY_SIZE
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
#define MLDSA_MAX_PUB_KEY_DER_SIZE WC_MLDSA_44_PUB_KEY_DER_SIZE
#define MLDSA_MAX_PRV_KEY_DER_SIZE WC_MLDSA_44_PRV_KEY_DER_SIZE
#define MLDSA_MAX_BOTH_KEY_DER_SIZE WC_MLDSA_44_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
#define MLDSA_MAX_BOTH_KEY_PEM_SIZE WC_MLDSA_44_BOTH_KEY_PEM_SIZE
#else
@@ -601,8 +556,8 @@
#ifdef WOLF_PRIVATE_KEY_ID
#define DILITHIUM_MAX_ID_LEN 32
#define DILITHIUM_MAX_LABEL_LEN 32
#define MLDSA_MAX_ID_LEN 32
#define MLDSA_MAX_LABEL_LEN 32
#endif
/* Structs */
@@ -649,9 +604,9 @@ struct wc_MlDsaKey {
int devId;
#endif
#ifdef WOLF_PRIVATE_KEY_ID
byte id[DILITHIUM_MAX_ID_LEN];
byte id[MLDSA_MAX_ID_LEN];
int idLen;
char label[DILITHIUM_MAX_LABEL_LEN];
char label[MLDSA_MAX_LABEL_LEN];
int labelLen;
#endif
@@ -660,14 +615,14 @@ struct wc_MlDsaKey {
byte* k; /* heap-allocated, right-sized secret key */
#elif !defined(WOLFSSL_MLDSA_ASSIGN_KEY)
#ifdef USE_INTEL_SPEEDUP
byte p[DILITHIUM_MAX_PUB_KEY_SIZE+8];
byte p[MLDSA_MAX_PUB_KEY_SIZE+8];
#if !defined(WOLFSSL_MLDSA_VERIFY_ONLY)
byte k[DILITHIUM_MAX_KEY_SIZE+8];
byte k[MLDSA_MAX_KEY_SIZE+8];
#endif
#else
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
byte p[MLDSA_MAX_PUB_KEY_SIZE];
#if !defined(WOLFSSL_MLDSA_VERIFY_ONLY)
byte k[DILITHIUM_MAX_KEY_SIZE];
byte k[MLDSA_MAX_KEY_SIZE];
#endif
#endif
#else
@@ -694,32 +649,32 @@ struct wc_MlDsaKey {
#endif
#else
#ifdef WC_MLDSA_CACHE_MATRIX_A
sword32 a[DILITHIUM_MAX_MATRIX_COUNT];
sword32 a[MLDSA_MAX_MATRIX_COUNT];
byte aSet;
#endif
#ifdef WC_MLDSA_CACHE_PRIV_VECTORS
sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT];
sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT];
sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT];
sword32 s1[MLDSA_MAX_L_VECTOR_COUNT];
sword32 s2[MLDSA_MAX_K_VECTOR_COUNT];
sword32 t0[MLDSA_MAX_K_VECTOR_COUNT];
byte privVecsSet;
#endif
#ifdef WC_MLDSA_CACHE_PUB_VECTORS
sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT];
sword32 t1[MLDSA_MAX_K_VECTOR_COUNT];
byte pubVecSet;
#endif
#endif
#if defined(WOLFSSL_MLDSA_VERIFY_NO_MALLOC) && \
defined(WOLFSSL_MLDSA_VERIFY_SMALL_MEM)
sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT];
sword32 c[DILITHIUM_N];
sword32 w[DILITHIUM_N];
sword32 t1[DILITHIUM_N];
byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
sword32 z[MLDSA_MAX_L_VECTOR_COUNT];
sword32 c[MLDSA_N];
sword32 w[MLDSA_N];
sword32 t1[MLDSA_N];
byte w1e[MLDSA_MAX_W1_ENC_SZ];
#ifdef WOLFSSL_MLDSA_SMALL_MEM_POLY64
sword64 t64[DILITHIUM_N];
sword64 t64[MLDSA_N];
#endif
byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
byte h[MLDSA_REJ_NTT_POLY_H_SIZE];
byte block[MLDSA_GEN_C_BLOCK_BYTES];
#endif /* WOLFSSL_MLDSA_VERIFY_NO_MALLOC &&
* WOLFSSL_MLDSA_VERIFY_SMALL_MEM */
};
@@ -998,24 +953,6 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
#define WC_ML_DSA_65_DRAFT (3 + WC_ML_DSA_DRAFT)
#define WC_ML_DSA_87_DRAFT (5 + WC_ML_DSA_DRAFT)
#define DILITHIUM_ML_DSA_44_KEY_SIZE 2560
#define DILITHIUM_ML_DSA_44_SIG_SIZE 2420
#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE 1312
#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_44_PUB_KEY_SIZE + DILITHIUM_ML_DSA_44_KEY_SIZE)
#define DILITHIUM_ML_DSA_65_KEY_SIZE 4032
#define DILITHIUM_ML_DSA_65_SIG_SIZE 3309
#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE 1952
#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_65_PUB_KEY_SIZE + DILITHIUM_ML_DSA_65_KEY_SIZE)
#define DILITHIUM_ML_DSA_87_KEY_SIZE 4896
#define DILITHIUM_ML_DSA_87_SIG_SIZE 4627
#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE 2592
#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_87_PUB_KEY_SIZE + DILITHIUM_ML_DSA_87_KEY_SIZE)
WOLFSSL_API int wc_MlDsaKey_GetPrivLen(wc_MlDsaKey* key, int* len);
WOLFSSL_API int wc_MlDsaKey_GetPubLen(wc_MlDsaKey* key, int* len);