wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7877 from SparkiDev/ml_dsa_ml_kem_final

Browse Source 
Dilithum, Kyber: Update to final specification
This commit is contained in:
Anthony Hu
2024-08-26 16:48:05 -04:00
committed by GitHub
parent bcbb5441ec b17b190695
commit bf074d2bb9
16 changed files with 17701 additions and 11049 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
configure.ac
View File

@@ -1240,8 +1240,8 @@ do
1024)
ENABLED_KYBER1024=yes
;;
ml-kem)
ENABLED_ML_KEM=yes
original)
ENABLED_ORIGINAL=yes
;;
*)
AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
@@ -1251,7 +1251,6 @@ done
if test "$ENABLED_KYBER" != "no"
then
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([KYBER requires --enable-experimental.]) ])
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
# Use liboqs if specified.
if test "$ENABLED_LIBOQS" = "no"; then
@@ -1269,8 +1268,8 @@ then
if test "$ENABLED_KYBER1024" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
fi
if test "$ENABLED_ML_KEM" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ML_KEM"
if test "$ENABLED_ORIGINAL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL"
fi
if test "$ENABLED_WC_KYBER" = "yes"
@@ -1346,7 +1345,6 @@ done
if test "$ENABLED_DILITHIUM" != "no"
then
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ])
AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
if test "$ENABLED_MLDSA44" = ""; then

22032
tests/api.c
View File

File diff suppressed because it is too large Load Diff

9
wolfcrypt/benchmark/benchmark.c
View File

@@ -685,6 +685,11 @@
#define BENCH_KYBER1024 0x00000080
#define BENCH_KYBER (BENCH_KYBER512 | BENCH_KYBER768 | \
BENCH_KYBER1024)
#define BENCH_ML_KEM_512 0x00000020
#define BENCH_ML_KEM_768 0x00000040
#define BENCH_ML_KEM_1024 0x00000080
#define BENCH_ML_KEM (BENCH_ML_KEM_512 | BENCH_ML_KEM_768 | \
BENCH_ML_KEM_1024)
#define BENCH_FALCON_LEVEL1_SIGN 0x00000001
#define BENCH_FALCON_LEVEL5_SIGN 0x00000002
#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000
@@ -1087,6 +1092,10 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
{ "-kyber512", BENCH_KYBER512 },
{ "-kyber768", BENCH_KYBER768 },
{ "-kyber1024", BENCH_KYBER1024 },
{ "-ml-kem", BENCH_ML_KEM },
{ "-ml-kem-512", BENCH_ML_KEM_512 },
{ "-ml-kem-768", BENCH_ML_KEM_768 },
{ "-ml-kem-1024", BENCH_ML_KEM_1024 },
#endif
#if defined(HAVE_FALCON)
{ "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN },

2
wolfcrypt/src/aes_gcm_asm.asm
View File

@@ -1,6 +1,6 @@
; /* aes_gcm_asm.asm */
; /*
; * Copyright (C) 2006-2024 wolfSSL Inc.
; * Copyright (C) 2006-2024 wolfSSL Inc.
; *
; * This file is part of wolfSSL.
; *

2
wolfcrypt/src/aes_xts_asm.asm
View File

@@ -1,6 +1,6 @@
; /* aes_xts_asm.asm */
; /*
; * Copyright (C) 2006-2024 wolfSSL Inc.
; * Copyright (C) 2006-2024 wolfSSL Inc.
; *
; * This file is part of wolfSSL.
; *

2
wolfcrypt/src/chacha_asm.asm
View File

@@ -1,6 +1,6 @@
; /* chacha_asm.asm */
; /*
; * Copyright (C) 2006-2024 wolfSSL Inc.
; * Copyright (C) 2006-2024 wolfSSL Inc.
; *
; * This file is part of wolfSSL.
; *

1168
wolfcrypt/src/dilithium.c
View File

File diff suppressed because it is too large Load Diff

2
wolfcrypt/src/poly1305_asm.asm
View File

@@ -1,6 +1,6 @@
; /* poly1305_asm.asm */
; /*
; * Copyright (C) 2006-2024 wolfSSL Inc.
; * Copyright (C) 2006-2024 wolfSSL Inc.
; *
; * This file is part of wolfSSL.
; *

78
wolfcrypt/src/wc_kyber.c
View File

@@ -47,9 +47,9 @@
/******************************************************************************/
/* Use SHA3-256 to generate 32-bytes of hash. */
#define KYBER_HASH_H wc_Sha3_256Hash
#define KYBER_HASH_H kyber_hash256
/* Use SHA3-512 to generate 64-bytes of hash. */
#define KYBER_HASH_G wc_Sha3_512Hash
#define KYBER_HASH_G kyber_hash512
/* Use SHAKE-256 as a key derivation function (KDF). */
#ifdef USE_INTEL_SPEEDUP
#define KYBER_KDF kyber_kdf
@@ -123,6 +123,10 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId)
key->devId = devId;
#endif
/* Initialize the hash algorithm object. */
ret = kyber_hash_new(&key->hash, heap, devId);
}
if (ret == 0) {
/* Initialize the PRF algorithm object. */
ret = kyber_prf_new(&key->prf, heap, devId);
}
@@ -145,6 +149,8 @@ void wc_KyberKey_Free(KyberKey* key)
if (key != NULL) {
/* Dispose of PRF object. */
kyber_prf_free(&key->prf);
/* Dispose of hash object. */
kyber_hash_free(&key->hash);
/* Ensure all private data is zeroed. */
ForceZero(key, sizeof(*key));
}
@@ -254,18 +260,28 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
}
}
if (ret == 0) {
const byte* d = rand;
/* Error vector allocated at end of a. */
e = a + (kp * kp * KYBER_N);
/* Expand 16 bytes of random to 32. */
ret = KYBER_HASH_G(rand, KYBER_SYM_SZ, buf);
#ifdef WOLFSSL_KYBER_ORIGINAL
/* Expand 32 bytes of random to 32. */
ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf);
#else
buf[0] = kp;
/* Expand 33 bytes of random to 32. */
ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf);
#endif
}
if (ret == 0) {
const byte* z = rand + KYBER_SYM_SZ;
/* Cache the public seed for use in encapsulation and encoding public
* key. */
XMEMCPY(key->pubSeed, pubSeed, KYBER_SYM_SZ);
/* Cache the z value for decapsulation and encoding private key. */
XMEMCPY(key->z, rand + KYBER_SYM_SZ, sizeof(key->z));
XMEMCPY(key->z, z, sizeof(key->z));
/* Generate the matrix A. */
ret = kyber_gen_matrix(&key->prf, a, kp, pubSeed, 0);
@@ -524,10 +540,12 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
unsigned char* ss, const unsigned char* rand, int len)
{
byte msg[2 * KYBER_SYM_SZ];
#ifdef WOLFSSL_KYBER_ORIGINAL
byte msg[KYBER_SYM_SZ];
#endif
byte kr[2 * KYBER_SYM_SZ + 1];
int ret = 0;
#ifndef WOLFSSL_ML_KEM
#ifdef WOLFSSL_KYBER_ORIGINAL
unsigned int ctSz = 0;
#endif
@@ -539,7 +557,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
ret = BUFFER_E;
}
#ifndef WOLFSSL_ML_KEM
#ifdef WOLFSSL_KYBER_ORIGINAL
if (ret == 0) {
/* Establish parameters based on key type. */
switch (key->type) {
@@ -593,31 +611,32 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct,
ret = BAD_STATE_E;
}
#ifdef WOLFSSL_KYBER_ORIGINAL
if (ret == 0) {
#ifndef WOLFSSL_ML_KEM
/* Hash random to anonymize as seed data. */
ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg);
#else
XMEMCPY(msg, rand, KYBER_SYM_SZ);
#endif
ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg);
}
#endif
if (ret == 0) {
/* Copy the hash of the public key into msg. */
XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
/* Hash message into seed buffer. */
ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
#ifdef WOLFSSL_KYBER_ORIGINAL
ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
kr);
#else
ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
kr);
#endif
}
if (ret == 0) {
/* Encapsulate the message using the key and the seed (coins). */
ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct);
ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct);
}
#ifndef WOLFSSL_ML_KEM
#ifdef WOLFSSL_KYBER_ORIGINAL
if (ret == 0) {
/* Hash the cipher text after the seed. */
ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
}
if (ret == 0) {
/* Derive the secret from the seed and hash of cipher text. */
@@ -733,7 +752,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key,
return ret;
}
#ifdef WOLFSSL_ML_KEM
#ifndef WOLFSSL_KYBER_ORIGINAL
/* Derive the secret from z and cipher text.
*
* @param [in] z Implicit rejection value.
@@ -784,7 +803,7 @@ static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz,
int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
const unsigned char* ct, word32 len)
{
byte msg[2 * KYBER_SYM_SZ];
byte msg[KYBER_SYM_SZ];
byte kr[2 * KYBER_SYM_SZ + 1];
int ret = 0;
unsigned int ctSz = 0;
@@ -846,10 +865,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
ret = kyberkey_decapsulate(key, msg, ct);
}
if (ret == 0) {
/* Copy public hash over after the seed. */
XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ);
/* Hash message into seed buffer. */
ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr);
ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ,
kr);
}
if (ret == 0) {
/* Encapsulate the message. */
@@ -859,9 +877,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
/* Compare generated cipher text with that passed in. */
fail = kyber_cmp(ct, cmp, ctSz);
#ifndef WOLFSSL_ML_KEM
#ifdef WOLFSSL_KYBER_ORIGINAL
/* Hash the cipher text after the seed. */
ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ);
ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ);
}
if (ret == 0) {
/* Change seed to z on comparison failure. */
@@ -1048,7 +1066,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in,
key->pubSeed[i] = p[i];
}
/* Calculate public hash. */
ret = KYBER_HASH_H(in, len, key->h);
ret = KYBER_HASH_H(&key->hash, in, len, key->h);
}
if (ret == 0) {
/* Record public key and public hash set. */
@@ -1226,7 +1244,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
}
/* Ensure hash of public key is available. */
if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) {
ret = KYBER_HASH_H(p - pubLen, pubLen, key->h);
ret = KYBER_HASH_H(&key->hash, p - pubLen, pubLen, key->h);
}
if (ret == 0) {
/* Public hash is available. */
@@ -1313,7 +1331,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
/* Make sure public hash is set. */
if ((key->flags & KYBER_FLAG_H_SET) == 0) {
ret = KYBER_HASH_H(out, len, key->h);
ret = KYBER_HASH_H(&key->hash, out, len, key->h);
}
}
if (ret == 0) {

32
wolfcrypt/src/wc_kyber_asm.S
View File

@@ -1581,7 +1581,7 @@ _kyber_keygen_avx2:
#endif /* __APPLE__ */
vmovdqu kyber_q(%rip), %ymm14
vmovdqu kyber_v(%rip), %ymm15
movq %r8, %r9
movslq %r8d, %r9
movq %rdi, %r10
L_kyber_keygen_avx2_priv:
# ntt
@@ -2242,11 +2242,11 @@ L_kyber_keygen_avx2_priv:
subq $0x01, %r9
jg L_kyber_keygen_avx2_priv
vmovdqu kyber_qinv(%rip), %ymm13
movq %r8, %rax
movslq %r8d, %rax
movq %rsi, %r10
L_kyber_keygen_avx2_acc:
# Pointwise acc mont
movq %r8, %r9
movslq %r8d, %r9
# Base mul mont
leaq L_kyber_avx2_zetas_basemul(%rip), %r11
vmovdqu (%rcx), %ymm2
@@ -3417,16 +3417,16 @@ L_pointwise_acc_mont_end_keygen:
vmovdqu %ymm1, 480(%r10)
addq $0x200, %rcx
addq $0x200, %rdi
movq %r8, %r9
movslq %r8d, %r9
shl $9, %r9d
subq %r9, %rdi
addq $0x200, %r10
subq $0x01, %rax
jg L_kyber_keygen_avx2_acc
movq %r8, %rax
movslq %r8d, %rax
vmovdqu kyber_f(%rip), %ymm12
vmovdqu kyber_f_qinv(%rip), %ymm13
movq %r8, %rax
movslq %r8d, %rax
movq %rsi, %r10
L_kyber_keygen_avx2_to_mont:
# To Mont
@@ -3529,7 +3529,7 @@ L_kyber_keygen_avx2_to_mont:
addq $0x200, %r10
subq $0x01, %rax
jg L_kyber_keygen_avx2_to_mont
movq %r8, %rax
movslq %r8d, %rax
L_kyber_keygen_avx2_to_mont_ntt_err:
# ntt
leaq L_kyber_avx2_zetas(%rip), %r11
@@ -4281,7 +4281,7 @@ _kyber_encapsulate_avx2:
subq $48, %rsp
vmovdqu kyber_q(%rip), %ymm14
vmovdqu kyber_v(%rip), %ymm15
movq %r11, %r13
movslq %r11d, %r13
movq %r8, %r14
L_kyber_encapsulate_avx2_trans:
# ntt
@@ -4877,11 +4877,11 @@ L_kyber_encapsulate_avx2_trans:
addq $0x200, %r14
subq $0x01, %r13
jg L_kyber_encapsulate_avx2_trans
movq %r11, %r12
movslq %r11d, %r12
L_kyber_encapsulate_avx2_calc:
vmovdqu kyber_qinv(%rip), %ymm12
# Pointwise acc mont
movq %r11, %r13
movslq %r11d, %r13
# Base mul mont
leaq L_kyber_avx2_zetas_basemul(%rip), %r15
vmovdqu (%rcx), %ymm2
@@ -6052,7 +6052,7 @@ L_pointwise_acc_mont_end_encap_bp:
vmovdqu %ymm1, 480(%rsi)
addq $0x200, %rcx
addq $0x200, %r8
movq %r11, %r13
movslq %r11d, %r13
shl $9, %r13d
subq %r13, %r8
# invntt
@@ -6911,7 +6911,7 @@ L_pointwise_acc_mont_end_encap_bp:
jg L_kyber_encapsulate_avx2_calc
vmovdqu kyber_qinv(%rip), %ymm12
# Pointwise acc mont
movq %r11, %r13
movslq %r11d, %r13
# Base mul mont
leaq L_kyber_avx2_zetas_basemul(%rip), %r15
vmovdqu (%rdi), %ymm2
@@ -8082,7 +8082,7 @@ L_pointwise_acc_mont_end_encap_v:
vmovdqu %ymm1, 480(%rdx)
addq $0x200, %rdi
addq $0x200, %r8
movq %r11, %r13
movslq %r11d, %r13
shl $9, %r13d
subq %r13, %r8
# invntt
@@ -9024,7 +9024,7 @@ _kyber_decapsulate_avx2:
#endif /* __APPLE__ */
vmovdqu kyber_q(%rip), %ymm14
vmovdqu kyber_v(%rip), %ymm15
movq %r8, %rax
movslq %r8d, %rax
movq %rdx, %r9
L_kyber_decapsulate_avx2_trans:
# ntt
@@ -9686,7 +9686,7 @@ L_kyber_decapsulate_avx2_trans:
jg L_kyber_decapsulate_avx2_trans
vmovdqu kyber_qinv(%rip), %ymm12
# Pointwise acc mont
movq %r8, %rax
movslq %r8d, %rax
# Base mul mont
leaq L_kyber_avx2_zetas_basemul(%rip), %r10
vmovdqu (%rdi), %ymm2
@@ -10857,7 +10857,7 @@ L_pointwise_acc_mont_end_decap:
vmovdqu %ymm1, 480(%rsi)
addq $0x200, %rdi
addq $0x200, %rdx
movq %r8, %rax
movslq %r8d, %rax
shl $9, %eax
subq %rax, %rdx
# invntt

49
wolfcrypt/src/wc_kyber_poly.c
View File

@@ -1611,6 +1611,55 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks)
return wc_Shake128_SqueezeBlocks(shake128, out, blocks);
}
/* New/Initialize SHA-3 object.
*
* @param [in, out] hash SHA-3 object.
* @param [in] heap Dynamic memory allocator hint.
* @param [in] devId Device id.
* @return 0 on success always.
*/
int kyber_hash_new(wc_Sha3* hash, void* heap, int devId)
{
return wc_InitSha3_256(hash, heap, devId);
}
/* Free SHA-3 object.
*
* @param [in, out] hash SHA-3 object.
*/
void kyber_hash_free(wc_Sha3* hash)
{
wc_Sha3_256_Free(hash);
}
int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out)
{
int ret;
ret = wc_Sha3_256_Update(hash, data, dataLen);
if (ret == 0) {
ret = wc_Sha3_256_Final(hash, out);
}
return ret;
}
int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
const byte* data2, word32 data2Len, byte* out)
{
int ret;
ret = wc_Sha3_512_Update(hash, data1, data1Len);
if ((ret == 0) && (data2Len > 0)) {
ret = wc_Sha3_512_Update(hash, data2, data2Len);
}
if (ret == 0) {
ret = wc_Sha3_512_Final(hash, out);
}
return ret;
}
/* Initialize SHAKE-256 object.
*
* @param [in, out] shake256 SHAKE-256 object.

5242
wolfcrypt/test/test.c
View File

File diff suppressed because it is too large Load Diff

51
wolfssl/wolfcrypt/dilithium.h
View File

@@ -197,8 +197,8 @@
#define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2
/* Number of bits in private key for ML-DSA-44. */
#define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_LAMBDA 16
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */
#define PARAMS_ML_DSA_44_LAMBDA 128
/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_TAU 39
/* BETA = TAU * ETA for ML-DSA-44. */
@@ -242,7 +242,7 @@
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_SIG_SIZE \
((PARAMS_ML_DSA_44_LAMBDA * 2) + \
((PARAMS_ML_DSA_44_LAMBDA / 4) + \
PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
@@ -258,8 +258,8 @@
#define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4
/* Number of bits in private key for ML-DSA-65. */
#define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_LAMBDA 24
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */
#define PARAMS_ML_DSA_65_LAMBDA 192
/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_TAU 49
/* BETA = TAU * ETA for ML-DSA-65. */
@@ -303,7 +303,7 @@
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_SIG_SIZE \
((PARAMS_ML_DSA_65_LAMBDA * 2) + \
((PARAMS_ML_DSA_65_LAMBDA / 4) + \
PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
@@ -319,8 +319,8 @@
#define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2
/* Number of bits in private key for ML-DSA-87. */
#define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_LAMBDA 32
/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */
#define PARAMS_ML_DSA_87_LAMBDA 256
/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_TAU 60
/* BETA = TAU * ETA for ML-DSA-87. */
@@ -365,7 +365,7 @@
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_SIG_SIZE \
((PARAMS_ML_DSA_87_LAMBDA * 2) + \
((PARAMS_ML_DSA_87_LAMBDA / 4) + \
PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
@@ -520,7 +520,7 @@ typedef struct wc_dilithium_params {
byte tau;
byte beta;
byte omega;
byte lambda;
word16 lambda;
byte gamma1_bits;
word32 gamma2;
word32 w1EncSz;
@@ -626,15 +626,38 @@ WOLFSSL_API
int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
WOLFSSL_API
int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, dilithium_key* key, WC_RNG* rng);
int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
word32* sigLen, dilithium_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_dilithium_sign_msg_with_seed(const byte* in, word32 inLen, byte* out,
word32 *outLen, dilithium_key* key, byte* seed);
int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
dilithium_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
word32 *sigLen, dilithium_key* key, const byte* seed);
WOLFSSL_API
int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
dilithium_key* key, const byte* seed);
WOLFSSL_API
int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
dilithium_key* key, const byte* seed);
#endif
WOLFSSL_API
int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
word32 ctxLen, const byte* msg, word32 msgLen, int* res,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
word32 hashLen, int* res, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_init(dilithium_key* key);

52
wolfssl/wolfcrypt/kyber.h
View File

@@ -213,6 +213,58 @@ WOLFSSL_API int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out,
WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out,
word32 len);
#define WC_ML_KEM_512_K KYBER512_K
#define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE
#define wC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE
#define wC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE
#define WC_ML_KEM_768_K KYBER768_K
#define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE
#define wC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE
#define wC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE
#define WC_ML_KEM_1024_K KYBER1024_K
#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE
#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE
#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE
#define WC_ML_KEM_MAX_K KYBER_MAX_K
#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE
#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE
#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE KYBER_MAX_CIPHER_TEXT_SIZE
#define WC_ML_KEM_512 KYBER512
#define WC_ML_KEM_768 KYBER768
#define WC_ML_KEM_1024 KYBER1024
#define WC_ML_KEM_SYM_SZ KYBER_SYM_SZ
#define WC_ML_KEM_SS_SZ KYBER_SS_SZ
#define WC_ML_KEM_MAKEKEY_RAND_SZ KYBER_MAKEKEY_RAND_SZ
#define WC_ML_KEM_ENC_RAND_SZ KYBER_ENC_RAND_SZ
#define WC_ML_KEM_POLY_SIZE KYBER_POLY_SIZE
#define MlKemKey KyberKey
#define wc_MlKemKey_Init(key, type, heap, devId) \
wc_KyberKey_Init(type, key, heap, devId)
#define wc_MlKemKey_Free wc_KyberKey_Free
#define wc_MlKemKey_MakeKey wc_KyberKey_MakeKey
#define wc_MlKemKey_MakeKeyWithRandom wc_KyberKey_MakeKeyWithRandom
#define wc_MlKemKey_CipherTextSize wc_KyberKey_CipherTextSize
#define wc_MlKemKey_SharedSecretSize wc_KyberKey_SharedSecretSize
#define wc_MlKemKey_Encapsulate wc_KyberKey_Encapsulate
#define wc_MlKemKey_EncapsulateWithRandom wc_KyberKey_EncapsulateWithRandom
#define wc_MlKemKey_Decapsulate wc_KyberKey_Encapsulate
#define wc_MlKemKey_DecodePrivateKey wc_KyberKey_DecodePrivateKey
#define wc_MlKemKey_DecodePublicKey wc_KyberKey_DecodePublicKey
#define wc_MlKemKey_PrivateKeySize wc_KyberKey_PrivateKeySize
#define wc_MlKemKey_PublicKeySize wc_KyberKey_PublicKeySize
#define wc_MlKemKey_EncodePrivateKey wc_KyberKey_EncodePrivateKey
#define wc_MlKemKey_EncodePublicKey wc_KyberKey_EncodePublicKey
#ifdef __cplusplus
} /* extern "C" */
#endif

2
wolfssl/wolfcrypt/settings.h
View File

@@ -3523,8 +3523,6 @@ extern void uITRON4_free(void *p) ;
#endif
#if (defined(HAVE_LIBOQS) || \
defined(WOLFSSL_WC_KYBER) || \
defined(WOLFSSL_WC_DILITHIUM) || \
defined(HAVE_LIBXMSS) || \
defined(HAVE_LIBLMS) || \
defined(WOLFSSL_DUAL_ALG_CERTS)) && \

17
wolfssl/wolfcrypt/wc_kyber.h
View File

@@ -103,6 +103,9 @@ enum {
/* The data type of the hash function. */
#define KYBER_HASH_T wc_Sha3
/* The data type of the pseudo-random function. */
#define KYBER_PRF_T wc_Shake
@@ -119,6 +122,8 @@ struct KyberKey {
/* Flags indicating what is stored in the key. */
int flags;
/* A pseudo-random function object. */
KYBER_HASH_T hash;
/* A pseudo-random function object. */
KYBER_PRF_T prf;
@@ -162,6 +167,18 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2,
WOLFSSL_LOCAL
int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen);
#endif
WOLFSSL_LOCAL
void kyber_hash_init(KYBER_HASH_T* hash);
WOLFSSL_LOCAL
int kyber_hash_new(KYBER_HASH_T* hash, void* heap, int devId);
WOLFSSL_LOCAL
void kyber_hash_free(KYBER_HASH_T* hash);
WOLFSSL_LOCAL
int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out);
WOLFSSL_LOCAL
int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len,
const byte* data2, word32 data2Len, byte* out);
WOLFSSL_LOCAL
void kyber_prf_init(KYBER_PRF_T* prf);
WOLFSSL_LOCAL