Commit Graph

24 Commits

Author SHA1 Message Date
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
Anthony Hu 3737c68797 build dsa in visual studio 2024-11-28 13:11:14 -05:00
Sean Parkinson b87b521044 AES XTS asm x64 MSVC
Use assembly code for AES-XTS with MSVC for x64.
2024-05-10 09:10:36 +10:00
kaleb-himes 73e5303718 Removed duplicate file from project 2024-04-11 12:16:21 -06:00
kaleb-himes 29a41d5ff9 Add new fips-ready dependencies to WIN10 project 2024-04-11 10:56:46 -06:00
David Garske db14914951 Fixes for building wolfSSL in Visual Studio. Adds missing files. Fix for type cast warnings. 2023-12-06 13:20:27 -08:00
David Garske c05aea7c5a Improvements to the wolfCrypt FIPS Visual Studio project link settings to resolve ASLR (Randomized Base Address) issue on some platforms. ZD 16615 2023-10-12 12:05:14 -07:00
Sean Parkinson 397537e691 AES-GCM: MSVC use generated assembly instead of inline
AES-GCM for MSVC was using inline assembly.
Add MSVC version of AES-GCM assembly and use it instead.
Removed inline assembly.
2023-02-28 14:56:29 +10:00
kaleb-himes c25e9d9994 FIPSv2 builds on win10 adjust for new fastmath default in settings.h 2022-10-18 10:50:01 -06:00
tim-weller-wolfssl ba12d72e7a Remove FIPS preprocessor defines from Windows build command-line options (values specified via user_settings.h) 2022-09-12 15:54:36 -05:00
Tim Weller 1d9d8bdefb Removed sp_c64.c due to reliance on 128-bit type, replaced with sp_x86_64.c and _asm.asm. 2022-08-31 07:15:05 -07:00
Tim Weller 69d60f5099 Merge branch 'master' into update-ide-win10-build 2022-08-29 09:13:51 -07:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Tim Weller f98d8c5024 Update Windows 10 Visual Studio FIPS build file to include single-precision (sp) files to resolve missing symbols during link 2022-08-22 08:40:45 -07:00
Marco Oliverio d8ac35579c dtls13: add autotools, cmake build options and vstudio paths 2022-06-15 10:46:42 -07:00
John Safranek 5859b90ad8 Merge pull request #4841 from haydenroche5/vs_resource_file_update
Update Visual Studio resource files.
2022-02-24 15:29:46 -08:00
Hayden Roche 25407e955b Update Visual Studio resource files.
- Add a resource file for the wolfSSL FIPS VS solution.
- Update copyright year in existing wolfssl.rc.
2022-02-23 16:53:26 -08:00
Hayden Roche 6930cc0b21 Clean up Visual Studio output and intermediate directories.
Currently, wolfssl.vcxproj and IDE/WIN10/wolfssl-fips.vcxproj do not use the
same scheme for their output and intermediate directories. Further, across
configuration/platform combinations, wolfssl.vcxproj isn't consistent, either.
For example:

```
Release|x64
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Platform)\$(Configuration)\obj\

Release|Win32
OutDir: $(SolutionDir)$(Configuration)\
IntDir: $(Configuration)\obj\
```

This commit makes every configuration/platform combo for all Visual Studio
projects follow the same pattern:

```
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Configuration)\$(Platform)\$(ProjectName)_obj\
```

The `$(ProjectName)_obj` piece gets rid of a Visual Studio warning about not
mingling the intermediate objects of disparate builds.
2022-02-08 09:23:27 -08:00
John Safranek 9b5f8c84b0 Change the WIN10 project files to build for FIPS v5. 2021-10-26 20:24:29 -05:00
John Safranek b815939c53 Add missing settings for the Windows 10 FIPS build. 2021-10-26 20:24:26 -05:00
John Safranek 52432382a2 Add kdf.c to the Windows builds. 2021-10-26 20:24:25 -05:00
John Safranek a8dbdd6c28 Test Fixes
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
2018-05-16 15:47:13 -04:00