94 Commits

Author SHA1 Message Date
Sean Parkinson a342eba578 Intel x64 ASM: Add new assembly for AES
Support AES-XTS AVX512/VAES
Support AES-GCM AVX512/VAES
Support AES-ECB/CBC/CTR AVX512/VAES/AVX1/AES-NI.
Remove code from aes_asm.S/aes_asm.asm
Add CPU defines for AVX512 and VAES
Updated ASM files with new defines for AVX512.
Added support for printing out the new CPU Id flags in benchmark.
Added new files to Windows projects.
aes.c: Supports ECB/CBC/CTR in assembly. Supports calling AVX512/VAES assembly.
2026-06-23 20:54:59 +10:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
David Garske d692f99631 More peer review fixes (Use ML-DSA naming) 2026-04-13 15:55:31 -07:00
David Garske 5f124a9ae9 Peer review fixes 2026-04-13 15:30:58 -07:00
David Garske 72c57dc127 Improvements to C# PQC 2026-04-13 15:30:57 -07:00
Masaki Iwai 21be3776bd add ML-KEM/ML-DSA support for C# wrapper 2026-04-13 15:29:57 -07:00
David Garske a82583d50b Add HPKE (RFC 9180) C# wrapper and test 2026-04-12 14:50:11 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
David Garske 46251bb401 Fix issue with NO_DES3_TLS_SUITES 2026-01-27 14:42:41 -08:00
JacobBarthelmeh 9debdda1fa fix for C# wrapper Ed25519 import raw key and fix Curve25519 private key decode 2025-10-10 12:32:14 -06:00
JacobBarthelmeh a081a033fd add C# raw public Ed25519 key export/import test 2025-10-10 12:29:05 -06:00
JacobBarthelmeh 459a4be339 add SNI support by default to user_settings.h with C# wrapper 2025-10-07 16:43:30 -06:00
JacobBarthelmeh 5c4801fca1 update mono build README instructions and add test case 2025-10-07 15:51:02 -06:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 4c6279c6c7 Good feedback about adding wolfCrypt error codes to .cs layer. Partially added useful ones. 2025-06-20 09:41:35 -07:00
David Garske 9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
JacobBarthelmeh ecb8cb744e Merge pull request #8799 from dgarske/csharp_wince_unicode
Fix issue with CSharp and Windows CE with conversion of ASCII and Unicode
2025-06-02 10:39:23 -06:00
David Garske 18aab1a883 Further improvements to MultiByte and WideChar conversions. 2025-05-28 15:35:10 -07:00
Takashi Kojo 7b8f30bb25 fix Release build 2025-05-24 14:03:55 +09:00
David Garske db0b0e28d2 Fix issue with CSharp and Windows CE with conversion of ASCII->Unicode and Unicode->ASCII with odd length and extra null terminator. 2025-05-22 16:34:54 -07:00
JacobBarthelmeh 3f9fe491cc adjust C# test and set rng with hpke case 2025-05-07 14:33:15 -06:00
David Garske 42644a55fb Fixes for building with .NET 3.5 (new WindowsCE macro). Fix for build error with NO_WOLFSSL_MSG_EX. Fix for ECC TFM option (only set with TFM). 2025-04-14 16:07:03 -07:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Andras Fekete e14abbdc79 Cleanup spelling 2024-11-01 12:59:01 -04:00
Daniel Pouzzner 996986d0c1 refactor wc_AesDelete, wc_curve25519_delete, wc_ed25519_delete, wc_HashDelete, and wc_DeleteRsaKey to take two arguments, the first a required pointer to the object, the second an optional pointer to the pointer to be zeroed upon successful deletion, for the benefit of calling from C# without unsafe code.
wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs: update for new calling conventions around wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey, and the corresponding delete functions.
2024-10-18 21:13:38 -05:00
Aidan Garske e10c943bf3 wolfCrypt CSharp Wrapper:
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
2024-10-05 11:44:58 -07:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
gasbytes 91cad98d67 1023 <- 1024, changed buffer to textmate 2024-06-27 17:35:43 +02:00
gasbytes 97adb4be6e fixed wolfSSL_SNI_GetFromBuffer 2024-06-27 17:03:05 +02:00
gasbytes 6dd43caae9 wolfSSL_SNI_GetRequest working, fixing up wolfSSL_SNI_GetFromBuffer 2024-06-27 15:05:02 +02:00
gasbytes 453e2fadc1 dh2048Pem -> dhparam 2024-06-05 17:45:34 +02:00
gasbytes 2ab709c89a - Platform specific function to correctly set the path for the certificates;
- Updated all the examples with it;
2024-06-05 13:28:30 +02:00
gasbytes 6cb97a7262 fixed windows build path problem 2024-06-04 23:12:16 +02:00
gasbytes f231c7be03 updated the README & haveSNI function 2024-06-04 23:08:56 +02:00
gasbytes 70fc5c97fb made the workflow to compile & executes easier, updated the readme also 2024-06-04 19:13:51 +02:00
gasbytes 983610ed68 - Applied David's patch to get access to the missing sni callback (arg)
- removed tlsext callback (since it's a compatibility one)
- updated testing examples and wrapper
2024-06-04 18:26:01 +02:00
gasbytes 5d0b7e0d18 updated readme & sni function 2024-06-04 17:54:21 +02:00
gasbytes b2e7707f18 removed sniHostName no longer used 2024-06-03 21:33:55 +02:00
gasbytes c04c7685b1 added callback example: setting sni cb & arg server side, and passing the name client side via -S flag 2024-06-03 21:24:54 +02:00
gasbytes c325de993d removed WOLFSSL_SNI_HOST_NAME_OUTER && minor fix (missing sniHostName got lost during editing) 2024-06-03 20:05:00 +02:00
gasbytes 6f567b58bc completed the examples 2024-06-02 00:01:51 +02:00
gasbytes 15ac366bf9 added missing wrappers for sni setup & frees 2024-06-01 17:46:17 +02:00
gasbytes 52f1caf699 minor changes to the prototypes and actual implementation 2024-05-30 16:44:34 +02:00
gasbytes 095609107d prototypes 2024-05-30 16:14:17 +02:00
gasbytes 23bfb01e54 environment setup, updated the README 2024-05-30 15:41:01 +02:00