Commit Graph

42 Commits

Author SHA1 Message Date
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Per Allansson c979f95648 IDE/XCODE: fix file types for asm.S files 2026-01-08 16:47:04 +01:00
JacobBarthelmeh ea058c6e85 xcode set correct file type for assembly files with project 2025-12-08 14:42:19 -07:00
Sean Parkinson 9c1462a9ec Aarch64 asm: convert to generated
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
2025-10-21 17:03:39 +10:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Lealem Amedie 0d53796284 Apply the same changes to FIPS project 2023-10-12 14:07:32 -06:00
Lealem Amedie 20cab7afe3 Remove cyaSSL from XCODE proj and small fix in chacha.c 2023-10-12 13:58:43 -06:00
Lealem Amedie 9bb2ae4884 XCODE project: install all headers 2023-06-06 13:34:22 -06:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Per Allansson 0e4621a794 IDE/XCODE: include armv8-xxx in projects 2022-11-10 09:44:56 +01:00
Per Allansson 364b2ddc8f IDE/XCODE: include dtls.c/dtls13.c/tls13.c/quic.c/kdf.c in projects 2022-11-10 09:44:01 +01:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Jacob Barthelmeh fb7baf28ca fix for xcode build and revert cmake change 2021-10-29 16:55:05 -06:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson 568fc8f5bd Fixes for compiling for ARM64 iOS
Fix bug in ChaCha20 assembly code (was writing one byte too many).
Fix the assembly code to have APPLE format.
Change Poly1305 inline assembly as requested by compiler.
Initialize variables that will be set anyway - compiler complaint.
Change to use the assembly code files for Curve25519 and SHA-512.
Ed25519 not suported with ARM assembly.
2020-07-23 18:08:37 +10:00
David Garske 1af38c5c55 Fixes for building with WOLFSSL_ARMASM when user_settings.h is used. 2020-07-22 10:47:35 -07:00
David Garske d43d75bf81 Updates to xcode projects to add new files.
Ran updated iPhone X benchmarks:

```
RNG                330 MB took 1.010 seconds,  326.879 MB/s
AES-128-CBC-enc    920 MB took 1.005 seconds,  915.507 MB/s
AES-128-CBC-dec   6095 MB took 1.000 seconds, 6092.130 MB/s
AES-192-CBC-enc    820 MB took 1.000 seconds,  819.644 MB/s
AES-192-CBC-dec   4860 MB took 1.001 seconds, 4855.794 MB/s
AES-256-CBC-enc    710 MB took 1.005 seconds,  706.419 MB/s
AES-256-CBC-dec   3935 MB took 1.001 seconds, 3930.830 MB/s
AES-128-GCM-enc   1245 MB took 1.003 seconds, 1241.589 MB/s
AES-128-GCM-dec    575 MB took 1.001 seconds,  574.547 MB/s
AES-192-GCM-enc   1235 MB took 1.001 seconds, 1234.343 MB/s
AES-192-GCM-dec    570 MB took 1.003 seconds,  568.521 MB/s
AES-256-GCM-enc   1230 MB took 1.003 seconds, 1226.034 MB/s
AES-256-GCM-dec    570 MB took 1.001 seconds,  569.199 MB/s
3DES                10 MB took 1.386 seconds,    7.213 MB/s
MD5                 95 MB took 1.037 seconds,   91.629 MB/s
SHA                 80 MB took 1.013 seconds,   78.943 MB/s
SHA-256           1625 MB took 1.000 seconds, 1624.565 MB/s
SHA3-224            60 MB took 1.010 seconds,   59.399 MB/s
SHA3-256            60 MB took 1.073 seconds,   55.921 MB/s
SHA3-384            45 MB took 1.042 seconds,   43.195 MB/s
SHA3-512            35 MB took 1.164 seconds,   30.063 MB/s
HMAC-MD5            95 MB took 1.044 seconds,   91.014 MB/s
HMAC-SHA            80 MB took 1.007 seconds,   79.480 MB/s
HMAC-SHA256       1705 MB took 1.001 seconds, 1703.126 MB/s
RSA     2048 public      32800 ops took 1.003 sec, avg 0.031 ms, 32716.405 ops/sec
RSA     2048 private      1200 ops took 1.041 sec, avg 0.868 ms, /33 ops/sec
DH      2048 key gen      2354 ops took 1.000 sec, avg 0.425 ms, 2353.254 ops/sec
DH      2048 agree        2500 ops took 1.013 sec, avg 0.405 ms, 2467.525 ops/sec
ECC      256 key gen     46503 ops took 1.000 sec, avg 0.022 ms, 46502.069 ops/sec
ECDHE    256 agree       14100 ops took 1.005 sec, avg 0.071 ms, 14034.697 ops/sec
ECDSA    256 sign        29600 ops took 1.003 sec, avg 0.034 ms, 29500.554 ops/sec
ECDSA    256 verify      11000 ops took 1.007 sec, avg 0.092 ms, 10921.516 ops/sec
```
2020-06-12 10:39:26 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
John Safranek 5ab6d58504 Release Fixes
1. Pick up a few new files into the distrubution that were missed.
2019-03-20 15:01:54 -07:00
John Safranek 246c444b93 Updates for v4.0.0
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
John Safranek bca69488b2 Xcode Project Update
1. Disable the tls_bench() test in the Xcode iOS benchmark project. It isn't complete.
2019-03-13 15:11:51 -07:00
John Safranek a42290dd57 Xcode Project Update
1. Removed redundant includes of files.
2. Moved all the files in the viewer into the appropriate directories.
3. Updated the copy rules so the missing include files are copied to the destination for all the three possible targets.
2019-03-13 15:11:38 -07:00
kaleb-himes 764b783317 Add rules to copy wolfio.h, wolfmath.h and mem_track.h as well as fix up settings for clang and iPhone XR 2019-03-12 10:36:12 -06:00
John Safranek 188a15428d Touch Up iOS Project
1. Remove the file async.c from the iOS Benchmark project.
2. Update the organization name in the Benchmark project to "wolfSSL Inc".
3. In the workspace project, change the path to the wolfSSL test to be a local relative path rather than an absolute path.
4. In the workspace project, remove the benchmark project and re-add it. It becomes a local relative reference with the correct name.
2018-12-04 15:29:41 -08:00
John Safranek f74fb84337 Touch Up iOS Project
1. Fix iOS Benchmark reference to the async.c file.
2. Fix iOS Benchmark reference to the sp.c file. Changed to spr_c64.c.
3. Removed misc.c from iOS Benchmark as it is using inlined misc.h.
4. Added define of HAVE___UINT128_T to the user_settings.h so the
benchmark would build.
5. Wrapped the benchmark usage strings in NO_MAIN_DRIVER.
2018-12-03 10:38:56 -08:00
John Safranek af0bb278a1 Touch Up iOS Project
1. Updated a config item regarding the order of searching headers to the current recommendation from Apple.
2. Added the define flag CYASSL_USER_SETTINGS to the FIPS project so the user settings are loaded into the FIPS files.
2018-11-29 12:46:39 -08:00
kaleb-himes 6ed462f564 Provide example of appropriate CFLAGS for exposing registers on i386 required for inline assembly in tfm.c 2018-11-27 15:22:42 -07:00
kaleb-himes 8399a7a517 i386 arch lacks registers to support some tfm assembly, detect and disable 2018-11-15 09:52:20 -07:00
kaleb-himes 689da22799 Refactor and updates for XCODE projects following peer review 2018-08-23 15:41:35 -06:00
David Garske 3e05118995 * Added the tls_bench example to the build output when threading is supported.
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
2018-02-07 11:13:13 -08:00
David Garske bababf115a Moved to IDE/XCODE. Fixed build warnings with xcode. Updated the user_settings.h to support fast math, ECC, timing resistance, single precision math, ARMv8, SHA3, ChaCha20/Poly1305, Ed/Curve25519 and ensure default disables are defined. Added Xcode iOS benchmark example. Runs wolfCrypt test, wolfCrypt benchmark and the new TLS benchmark by cipher suite. 2017-12-07 11:02:19 +01:00