Build systems improvements

* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes

CMakeLists.txt

@@ -603,6 +603,11 @@ add_option(WOLFSSL_MLKEM
     "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
     "no" "yes;no")
 
+# Dilithium
+add_option(WOLFSSL_DILITHIUM
+    "Enable the wolfSSL PQ Dilithium (ML-DSA) implementation (default: disabled)"
+    "no" "yes;no")
+
 # LMS
 add_option(WOLFSSL_LMS
     "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)"
@@ -700,6 +705,22 @@ if (WOLFSSL_EXPERIMENTAL)
         message(STATUS "Looking for WOLFSSL_LMS - not found")
     endif()
 
+    # Checking for experimental feature: Dilithium
+    message(STATUS "Looking for WOLFSSL_DILITHIUM")
+    if (WOLFSSL_DILITHIUM)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
+
+        message(STATUS "Automatically set related requirements for Dilithium:")
+        set_wolfssl_definitions("HAVE_DILITHIUM"       RESUlT)
+        set_wolfssl_definitions("WOLFSSL_WC_DILITHIUM" RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
+        message(STATUS "Looking for WOLFSSL_DILITHIUM - found")
+    else()
+        message(STATUS "Looking for WOLFSSL_DILITHIUM - not found")
+    endif()
+
     # Other experimental feature detection can be added here...
 
     # Were any experimental features found? Display a message.
@@ -713,7 +734,9 @@ if (WOLFSSL_EXPERIMENTAL)
     if(WOLFSSL_OQS AND WOLFSSL_MLKEM)
         message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.")
     endif()
-
+    if(WOLFSSL_OQS AND WOLFSSL_DILITHIUM)
+        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_DILITHIUM at the same time.")
+    endif()
 else()
     # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
     message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
@@ -723,6 +746,9 @@ else()
     if(WOLFSSL_MLKEM)
         message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
+    if(WOLFSSL_DILITHIUM)
+        message(FATAL_ERROR "Error: WOLFSSL_DILITHIUM requires WOLFSSL_EXPERIMENTAL at this time.")
+    endif()
 endif()
 
 # LMS
@@ -1866,6 +1892,15 @@ if(NOT WOLFSSL_PKCS12)
   list(APPEND WOLFSSL_DEFINITIONS "-DNO_PKCS12")
 endif()
 
+# PKCS#11
+add_option("WOLFSSL_PKCS11"
+    "Enable PKCS#11 (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_PKCS11 AND NOT WIN32)
+    list(APPEND WOLFSSL_LINK_LIBS ${CMAKE_DL_LIBS})
+endif()
+
 
 # PWDBASED has to come after certservice since we want it on w/o explicit on
 # PWDBASED
@@ -1964,7 +1999,6 @@ add_option("WOLFSSL_CRYPT_TESTS_HELP"
     "no" "yes;no")
 
 # TODO: - LIBZ
-#       - PKCS#11
 #       - Cavium
 #       - Cavium V
 #       - Cavium Octeon

cmake/functions.cmake

@@ -201,6 +201,9 @@ function(generate_build_flags)
     if(WOLFSSL_MLKEM OR WOLFSSL_USER_SETTINGS)
         set(BUILD_WC_MLKEM "yes" PARENT_SCOPE)
     endif()
+    if(WOLFSSL_DILITHIUM OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
+    endif()
     if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
@@ -389,6 +392,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
                 if(BUILD_INTELASM)
                     list(APPEND LIB_SOURCES wolfcrypt/src/aes_gcm_asm.S)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+                elseif(BUILD_ARMASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha3-asm_c.c)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha3-asm.S)
                 endif()
             endif()
 
@@ -563,11 +570,13 @@ function(generate_lib_src_list LIB_SOURCES)
                 if(BUILD_ARMASM_INLINE)
                     list(APPEND LIB_SOURCES
                         wolfcrypt/src/port/arm/armv8-sha256.c
-                        wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c)
+                        wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
+                        wolfcrypt/src/port/arm/armv8-sha256-asm_c.c)
                 else()
                     list(APPEND LIB_SOURCES
-                        wolfcrypt/src/port/arm/armv8-sha256-asm.S
-                        wolfcrypt/src/port/arm/armv8-32-sha256-asm.S)
+                        wolfcrypt/src/port/arm/armv8-sha256.c
+                        wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
+                        wolfcrypt/src/port/arm/armv8-sha256-asm.S)
                 endif()
                 if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
                     list(APPEND LIB_SOURCES
@@ -990,6 +999,10 @@ function(generate_lib_src_list LIB_SOURCES)
 
         if(BUILD_DILITHIUM)
             list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
+
+            if(BUILD_INTELASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa_asm.S)
+            endif()
         endif()
 
         if(BUILD_WC_MLKEM)

cmake/options.h.in

@@ -96,6 +96,8 @@ extern "C" {
 #cmakedefine HAVE_CURVE448
 #undef HAVE_DH_DEFAULT_PARAMS
 #cmakedefine HAVE_DH_DEFAULT_PARAMS
+#undef HAVE_DILITHIUM
+#cmakedefine HAVE_DILITHIUM
 #undef HAVE_ECC
 #cmakedefine HAVE_ECC
 #undef HAVE_ECH
@@ -354,6 +356,8 @@ extern "C" {
 #cmakedefine WOLFSSL_TLS13
 #undef WOLFSSL_USE_ALIGN
 #cmakedefine WOLFSSL_USE_ALIGN
+#undef WOLFSSL_USER_SETTINGS
+#cmakedefine WOLFSSL_USER_SETTINGS
 #undef WOLFSSL_USER_SETTINGS_ASM
 #cmakedefine WOLFSSL_USER_SETTINGS_ASM
 #undef WOLFSSL_W64_WRAPPER
@@ -370,6 +374,8 @@ extern "C" {
 #cmakedefine WOLFSSL_HAVE_MLKEM
 #undef WOLFSSL_WC_MLKEM
 #cmakedefine WOLFSSL_WC_MLKEM
+#undef WOLFSSL_WC_DILITHIUM
+#cmakedefine WOLFSSL_WC_DILITHIUM
 #undef NO_WOLFSSL_STUB
 #cmakedefine NO_WOLFSSL_STUB
 #undef HAVE_ECC_SECPR2

wolfcrypt/src/aes_asm.S

@@ -27,6 +27,25 @@
  * by Intel Mobility Group, Israel Development Center, Israel Shay Gueron
  */
 
+#ifdef WOLFSSL_USER_SETTINGS
+#ifdef WOLFSSL_USER_SETTINGS_ASM
+/*
+ * user_settings_asm.h is a file generated by the script user_settings_asm.sh.
+ * The script takes in a user_settings.h and produces user_settings_asm.h, which
+ * is a stripped down version of user_settings.h containing only preprocessor
+ * directives. This makes the header safe to include in assembly (.S) files.
+ */
+#include "user_settings_asm.h"
+#else
+/*
+ * Note: if user_settings.h contains any C code (e.g. a typedef or function
+ * prototype), including it here in an assembly (.S) file will cause an
+ * assembler failure. See user_settings_asm.h above.
+ */
+#include "user_settings.h"
+#endif /* WOLFSSL_USER_SETTINGS_ASM */
+#endif /* WOLFSSL_USER_SETTINGS */
+
 #ifdef WOLFSSL_X86_64_BUILD
 
 /*