Commit Graph

33 Commits

Author SHA1 Message Date
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
night1rider 0442918391 Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample. Replace removed Kconfig options (PTHREAD_IPC, POSIX_CLOCK, NET_SOCKETS_POSIX_NAMES) with version-conditional config fragments and fix min/max macro collision with Zephyr's sys/util.h. 2026-03-10 14:23:47 -06:00
Sean Parkinson 9c1462a9ec Aarch64 asm: convert to generated
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
2025-10-21 17:03:39 +10:00
night1rider 229141fd51 updating kyber to mlkem arm file for zephyr 2025-05-15 21:55:36 -06:00
David Garske 2c36ae268f Merge pull request #8536 from SparkiDev/kyber_to_mlkem
Update Kyber APIs to ML-KEM APIs
2025-03-20 11:07:53 -07:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
msi-debian 3587e28966 Adding missing files for zephyr compile for ASM 2025-03-07 14:16:02 -07:00
Tobias Frauenschläger af4017132d LMS fixes
* Add support for CMake
* Add support for Zephyr
* Make sure the internal key state is properly handled in case a public
  key is imported into a reloaded private key.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Tobias Frauenschläger e2b642d4ab WolfSSL Kyber and CMake fixes
* Make sure wc_kyber implementation is compiled using CMake (also for
  Zephyr)
* Fix compilation issue when Liboqs is also enabled
* Fix WOLFSSL_INTEL_ASM and WOLFSSL_ARM_ASM CMake options

Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-07-24 09:55:29 +02:00
Colton Willey 4ec07bb5a8 Changes needed for default TLS support in zephyr kernel 2024-07-09 12:00:34 -07:00
Juliusz Sosinowicz 7ed5e0b3ba zephyr no malloc
- cert gen
- csr gen
- pkcs12
- Compiles for Zephyr 3.4.0 and 2.7.4
- Add support for CONFIG_POSIX_API
2024-05-07 10:38:01 +02:00
David Garske b8bebd6196 Fixes for ARM/Intel ASM support. 2024-03-20 13:14:05 -07:00
David Garske face8b6e43 Experimental support for Intel and ARM ASM with Zephyr. Related to issue #7116. 2024-03-18 13:40:10 -07:00
David Garske 03e306a98f Add include for project for cases when a custom user_settings.h file is used. Tested support with PSA. 2024-03-18 08:14:40 -07:00
David Garske 737fa53636 Improve Zephyr support. Cleanup user_settings.h mess. Add FIPS support. 2024-03-18 08:14:40 -07:00
Tobias Frauenschläger 755c385b1f Liboqs: use WolfSSL RNG
Improve the interface to liboqs by properly configuring and using the
RNG provided by WolfSSL from within liboqs.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-16 12:40:25 +01:00
Tobias Frauenschläger d31e2c3581 Added PQC support for the Zephyr port using liboqs
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-16 12:40:25 +01:00
Juliusz Sosinowicz 470e839b26 Misc zephyr fixes
- Need to call fs_file_t_init() before calling fs_open()
- 0 is a valid POSIX socket number
- Include stdio.h when needed to simplify macro logic
- Define Zephyr specific macros in CMakeLists.txt to make for a better user experience
2023-09-22 12:19:06 +02:00
Juliusz Sosinowicz 62db14e676 Small fixes to build wolfSSL without warnings 2023-05-12 13:24:21 +02:00
Anthony Hu b3b26dd266 Add in instructions for compiling with zephyr on STM32. 2023-04-18 16:19:32 -04:00
John Bland b146830fe8 move the zephyr folder back to it's correct location 2023-03-02 23:40:12 -05:00
John Bland e9aeb1a857 Add nuttx integration (#6043) 2023-02-08 16:04:53 -08:00
Chris Conlon c66a21c40a Add Zephyr support for nRF5340 with CryptoCell-312, PSA Crypto fixes (#5418)
* PSA: set AES key bits, define PSA_ALG_NONE/PSA_KEY_ID_NULL if needed
* Zephyr: add TimeNowInMilliseconds() for tls13.c, clock_settime() for test.c, update CMakeLists.txt
* Skip including unistd.h for Zephyr in benchmark.c
* Zephyr: update README, add nRF5340dk support to wolfssl_test sample app
* Zephyr: add wolfCrypt benchmark sample app
* Zephyr: add nRF5340 support to tls_thread sample app
* PSA: use specific hash algo with psa_sign/verify_hash()
* Zephyr: add support for PSA Crypto API with PK callbacks to wolfssl_tls_threaded sample app
* Zephyr: add new files to zephyr/include.am
2022-08-11 17:42:05 -07:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Sean Parkinson 623a84ed7b Fixes for Zephyr OS
time is not available.
Must include clock module
kdf.c missing from file list
2021-10-28 15:57:46 +10:00
Maxime Vincent 77895ac964 Rename leftover CONFIG_WOLFSSL_OPTIONS_FILE to CONFIG_WOLFSSL_SETTINGS_FILE
Signed-off-by: Maxime Vincent <maxime@veemax.be>
2021-10-16 15:43:21 +02:00
Maxime Vincent 7acbf61e53 zephyr: fix CMakeLists.txt 2021-07-29 12:36:34 +02:00
Maxime Vincent 9d562a59bc wolfSSL as a Zephyr module 2021-07-29 11:58:13 +02:00