Files
wolfssl/wrapper/CSharp
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
..
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2024-10-05 11:44:58 -07:00
2024-10-05 11:44:58 -07:00

wolfSSL CSharp Wrappers

This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples.

  • wolfSSL_CSharp: wolfSSL TLS layer wrappers (library).
  • wolfCrypt-Test: wolfCrypt layer wrapper testing.
  • user_settings.h: wolfCrypt wrapper user settings.

Examples:

  • wolfSSL-DTLS-PSK-Server
  • wolfSSL-DTLS-Server
  • wolfSSL-Example-IOCallbacks
  • wolfSSL-TLS-Client
  • wolfSSL-TLS-PSK-Client
  • wolfSSL-TLS-PSK-Server
  • wolfSSL-TLS-Server
  • wolfSSL-TLS-ServerThreaded

Windows

A Visual Studio solution wolfSSL_CSharp.sln is provided. This will allow you to build the wrapper library and examples. It includes the wolfSSL Visual Studio project directly.

To successfully run and build the solution on Windows Visual Studio you will need to open a new solution wolfSSL_CSharp.sln located in wrapper\CSharp\wolfSSL_CSharp.sln.

Select the CPU type, configuration, and target file. select Build and either Rebuild Solution or Build Solution.

Linux (Ubuntu) using mono

Prerequisites for linux:

apt-get update
apt-get upgrade
apt-get install mono-complete

Build wolfSSL and install

System-wide install

./autogen.sh
cp wrapper/CSharp/user_settings.h .
./configure --enable-usersettings
make
make check
sudo make install

Local-only install (no sudo required)

./autogen.sh
cp wrapper/CSharp/user_settings.h .
./configure --enable-usersettings --prefix=$(pwd)/install
make
make install

Build and run the wolfCrypt test wrapper

From the wrapper/CSharp directory (cd wrapper/CSharp):

Compile wolfCrypt test:

mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:wolfcrypttest.exe

Run with system-wide install:

mono wolfcrypttest.exe

Run with local-only install. The compile step above produced wolfcrypttest.exe inside wrapper/CSharp/; this run command is invoked from the wolfSSL project root so the relative paths line up:

LD_LIBRARY_PATH=./install/lib mono wrapper/CSharp/wolfcrypttest.exe

Build and run the wolfSSL client/server test

From the wrapper/CSharp directory (cd wrapper/CSharp):

Compile server:

mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe

Compile client:

mcs wolfSSL_CSharp/wolfCrypt.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:client.exe

Run the example

In one terminal instance run the server:

mono server.exe

And in another terminal instance run the client:

mono client.exe

Enabling SNI

To enable SNI, just pass the -S argument with the specified hostname to the client:

mono client.exe -S hostname

And run the server with the -S flag:

mono server.exe -S