Merge pull request #783 from Frauschi/mldsa_rename

Continue the ML-DSA renaming

Author: dgarske

docs/PQ.md

@@ -8,8 +8,7 @@ approved PQ signature algorithms:
 - LMS/HSS: https://csrc.nist.gov/projects/stateful-hash-based-signatures
 - XMSS/XMSS^MT: https://csrc.nist.gov/projects/stateful-hash-based-signatures
 
-ML-DSA is a PQ lattice-based algorithm, derived from
-CRYSTALS-DILITHIUM (a round three NIST finalist).
+ML-DSA is a PQ lattice-based algorithm standardized by NIST (FIPS 204).
 
 LMS/HSS and XMSS/XMSS^MT are both PQ stateful hash-based signature (HBS)
 schemes, recommended in NIST SP 800-208.
@@ -82,9 +81,9 @@ IMAGE_SIGNATURE_SIZE=2420
 IMAGE_HEADER_SIZE?=4840
 ```
 
-Note: The wolfcrypt implementation of ML-DSA (dilithium) builds to the
-FIPS 204 final standard by default. If you wish to conform to the older
-FIPS 204 draft standard, then build with `WOLFSSL_DILITHIUM_FIPS204_DRAFT`
+Note: The wolfcrypt implementation of ML-DSA builds to the FIPS 204 final
+standard by default. If you wish to conform to the older FIPS 204 draft
+standard, then build with `WOLFSSL_MLDSA_FIPS204_DRAFT`
 instead.
 
 ## Stateful Hash-Based Signature Methods

docs/Targets.md

@@ -1567,7 +1567,7 @@ FDT: MAC1 = 00:04:A3:5B:22:89
 RISC-V 64-bit U54 (RV64GC1) 625 MHz
 
 ```
-./configure --enable-riscv-asm --enable-dilithium --enable-mlkem --enable-sp=yes
+./configure --enable-riscv-asm --enable-mldsa --enable-mlkem --enable-sp=yes
 make
 ./wolfcrypt/benchmark/benchmark
 ------------------------------------------------------------------------------

hal/sim.c

@@ -84,7 +84,7 @@ static int sim_cryptocb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             case WC_PK_TYPE_RSA:            name = "RSA";            break;
             case WC_PK_TYPE_ECDSA_VERIFY:   name = "ECDSA-verify";   break;
             case WC_PK_TYPE_ED25519_VERIFY: name = "ED25519-verify"; break;
-        #ifdef HAVE_DILITHIUM
+        #ifdef WOLFSSL_HAVE_MLDSA
             case WC_PK_TYPE_PQC_SIG_VERIFY:
                 name = "ML-DSA-verify";
                 break;

include/user_settings.h

@@ -316,27 +316,25 @@ extern int tolower(int c);
 #   define NO_RSA
 #endif /* RSA */
 
-/* ML-DSA (dilithium) */
+/* ML-DSA */
 #if defined(WOLFBOOT_SIGN_ML_DSA) || defined(WOLFBOOT_SIGN_SECONDARY_ML_DSA)
-#   define HAVE_DILITHIUM
-#   define WOLFSSL_WC_DILITHIUM
+#   define WOLFSSL_HAVE_MLDSA
 #   define WOLFSSL_EXPERIMENTAL_SETTINGS
-    /* Wolfcrypt builds ML-DSA (dilithium) to the FIPS 204 final
-     * standard by default. Uncomment this if you want the draft
-     * version instead. */
+    /* Wolfcrypt builds ML-DSA to the FIPS 204 final standard by default.
+     * Uncomment this if you want the draft version instead. */
 #   if 0
-#      define WOLFSSL_DILITHIUM_FIPS204_DRAFT
+#      define WOLFSSL_MLDSA_FIPS204_DRAFT
 #   endif
-#   define WOLFSSL_DILITHIUM_VERIFY_ONLY
-#   define WOLFSSL_DILITHIUM_NO_LARGE_CODE
-#   define WOLFSSL_DILITHIUM_SMALL
-#   define WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
-#   define WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
+#   define WOLFSSL_MLDSA_VERIFY_ONLY
+#   define WOLFSSL_MLDSA_NO_LARGE_CODE
+#   define WOLFSSL_MLDSA_SMALL
+#   define WOLFSSL_MLDSA_VERIFY_SMALL_MEM
+#   define WOLFSSL_MLDSA_VERIFY_NO_MALLOC
 #   if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
-#      define WOLFSSL_DILITHIUM_NO_ASN1
+#      define WOLFSSL_MLDSA_NO_ASN1
 #   endif
-    /* dilithium needs these sha functions. */
+    /* ML-DSA 44/65/87 uses SHAKE */
 #   define WOLFSSL_SHA3
 #   define WOLFSSL_SHAKE256
 #   define WOLFSSL_SHAKE128

options.mk

@@ -167,7 +167,7 @@ LMS_OBJS=\
 
 LMS_EXTRA=\
     -D"WOLFSSL_HAVE_LMS" \
-    -D"WOLFSSL_WC_LMS" -D"WOLFSSL_WC_LMS_SMALL" \
+    -D"WOLFSSL_WC_LMS_SMALL" \
     -D"WOLFSSL_LMS_MAX_LEVELS=$(LMS_LEVELS)" \
     -D"WOLFSSL_LMS_MAX_HEIGHT=$(LMS_HEIGHT)" \
     -D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
@@ -181,7 +181,7 @@ XMSS_OBJS=\
 
 XMSS_EXTRA=\
     -D"WOLFSSL_HAVE_XMSS" \
-    -D"WOLFSSL_WC_XMSS" -D"WOLFSSL_WC_XMSS_SMALL" \
+    -D"WOLFSSL_WC_XMSS_SMALL" \
     -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"  \
     -D"XMSS_IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
     -D"WOLFSSL_XMSS_VERIFY_ONLY" -D"WOLFSSL_XMSS_MAX_HEIGHT=32"
@@ -570,7 +570,7 @@ ifeq ($(SIGN),XMSS)
 endif
 
 ifeq ($(SIGN),ML_DSA)
-  # Use wolfcrypt ML-DSA dilithium implementation.
+  # Use wolfcrypt ML-DSA implementation.
   KEYGEN_OPTIONS+=--ml_dsa
   SIGN_OPTIONS+=--ml_dsa
   WOLFCRYPT_OBJS+= $(ML_DSA_OBJS)
@@ -1309,11 +1309,11 @@ ifeq ($(WOLFHSM_CLIENT),1)
 
   ifeq ($(SIGN),ML_DSA)
     WOLFCRYPT_OBJS += $(MATH_OBJS)
-    # Dilithium asn.c decode/encode requires mp_xxx functions
+    # ML-DSA asn.c decode/encode requires mp_xxx functions
     WOLFCRYPT_OBJS += \
         $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
 
-    # Large enough to handle the largest Dilithium key/signature
+    # Large enough to handle the largest ML-DSA key/signature
     CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000
   endif
 
@@ -1371,7 +1371,7 @@ ifeq ($(WOLFHSM_SERVER),1)
 
   ifeq ($(SIGN),ML_DSA)
     WOLFCRYPT_OBJS += $(MATH_OBJS)
-    # Large enough to handle the largest Dilithium key/signature
+    # Large enough to handle the largest ML-DSA key/signature
     CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000
   endif
 

src/image.c

@@ -724,13 +724,13 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot,
 #endif /* WOLFBOOT_SIGN_XMSS */
 
 #ifdef WOLFBOOT_SIGN_ML_DSA
-#include <wolfssl/wolfcrypt/dilithium.h>
+#include <wolfssl/wolfcrypt/wc_mldsa.h>
 
 static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot,
         struct wolfBoot_image *img, uint8_t *sig)
 {
-    int       ret = 0;
-    MlDsaKey  ml_dsa;
+    int         ret = 0;
+    wc_MlDsaKey ml_dsa;
 #if !defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT || \
     (defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \
      !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID))

tools/keytools/keygen.c

@@ -77,8 +77,8 @@
     #endif
 #endif
 
-#ifdef WOLFSSL_WC_DILITHIUM
-    #include <wolfssl/wolfcrypt/dilithium.h>
+#ifdef WOLFSSL_HAVE_MLDSA
+    #include <wolfssl/wolfcrypt/wc_mldsa.h>
 #endif
 
 #include <wolfssl/wolfcrypt/random.h>
@@ -1071,19 +1071,19 @@ static void keygen_xmss(const char *priv_fname, uint32_t id_mask)
 
 static void keygen_ml_dsa(const char *priv_fname, uint32_t id_mask)
 {
-    FILE *   fpriv = NULL;
-    MlDsaKey key;
-    int      ret;
-    byte *   priv = NULL;
-    byte     pub[ML_DSA_L5_PUBKEY_SIZE]; /* max size */
-    word32   priv_len = 0;
-    word32   pub_len = 0;
-    int      ml_dsa_priv_len = 0;
-    int      ml_dsa_pub_len = 0;
-    int      ml_dsa_level = ML_DSA_LEVEL;
-    int      exit_code = 0;
-    int      key_init = 0;
-    char *   env_ml_dsa_level = getenv("ML_DSA_LEVEL");
+    FILE *      fpriv = NULL;
+    wc_MlDsaKey key;
+    int         ret;
+    byte *      priv = NULL;
+    byte        pub[ML_DSA_L5_PUBKEY_SIZE]; /* max size */
+    word32      priv_len = 0;
+    word32      pub_len = 0;
+    int         ml_dsa_priv_len = 0;
+    int         ml_dsa_pub_len = 0;
+    int         ml_dsa_level = ML_DSA_LEVEL;
+    int         exit_code = 0;
+    int         key_init = 0;
+    char *      env_ml_dsa_level = getenv("ML_DSA_LEVEL");
     if (env_ml_dsa_level != NULL) {
         ml_dsa_level = atoi(env_ml_dsa_level);
     }
@@ -1232,7 +1232,7 @@ static void keygen_ml_dsa(const char *priv_fname, uint32_t id_mask)
 
             /* Export public key in DER format */
 
-            pubOutLen = wc_Dilithium_PublicKeyToDer(&key, pubDer, pubDerSz,
+            pubOutLen = wc_MlDsaKey_PublicKeyToDer(&key, pubDer, pubDerSz,
                                                     WITH_ALG_SPKI);
             if (pubOutLen < 0) {
                 fprintf(stderr, "Unable to export public key to DER, ret=%d\n",
@@ -1368,7 +1368,7 @@ static void key_generate(uint32_t ktype, const char *kfilename, uint32_t id_mask
             break;
 #endif
 
-#ifdef WOLFSSL_WC_DILITHIUM
+#ifdef WOLFSSL_HAVE_MLDSA
         case AUTH_KEY_ML_DSA:
             keygen_ml_dsa(kfilename, id_mask);
             break;
@@ -1546,7 +1546,7 @@ int main(int argc, char** argv)
             keytype = AUTH_KEY_XMSS;
         }
 #endif
-#if defined(WOLFSSL_WC_DILITHIUM)
+#if defined(WOLFSSL_HAVE_MLDSA)
         else if (strcmp(argv[i], "--ml_dsa") == 0) {
             keytype = AUTH_KEY_ML_DSA;
         }

tools/keytools/sign.c

@@ -127,8 +127,8 @@ static inline int fp_truncate(FILE *f, size_t len)
     #endif
 #endif
 
-#ifdef WOLFSSL_WC_DILITHIUM
-    #include <wolfssl/wolfcrypt/dilithium.h>
+#ifdef WOLFSSL_HAVE_MLDSA
+    #include <wolfssl/wolfcrypt/wc_mldsa.h>
 #endif
 
 #ifdef DEBUG_SIGNTOOL
@@ -308,7 +308,7 @@ static struct {
     RsaKey rsa;
     LmsKey lms;
     XmssKey xmss;
-    MlDsaKey  ml_dsa;
+    wc_MlDsaKey ml_dsa;
 } key;
 
 struct cmd_options {

tools/keytools/user_settings.h

@@ -80,28 +80,25 @@
 /* Enable experimental PQ algos */
 #define WOLFSSL_EXPERIMENTAL_SETTINGS
 
-/* ML-DSA (dilithium) */
-#define HAVE_DILITHIUM
-#define WOLFSSL_WC_DILITHIUM
-/* Wolfcrypt builds ML-DSA (dilithium) to the FIPS 204 final
-* standard by default. Uncomment this if you want the draft
-* version instead. */
+/* ML-DSA */
+#define WOLFSSL_HAVE_MLDSA
+/* Wolfcrypt builds ML-DSA to the FIPS 204 final standard by default.
+ * Uncomment this if you want the draft version instead. */
 #if 0
-    #define WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    #define WOLFSSL_MLDSA_FIPS204_DRAFT
 #endif
 
 /* Default the keygen/sign tool to use ML-DSA level 2 */
 #ifndef ML_DSA_LEVEL
     #define ML_DSA_LEVEL 2
 #endif
 
-/* Dilithium needs SHAKE128 */
+/* ML-DSA needs SHAKE128 */
 #define WOLFSSL_SHAKE128
 
 /* LMS */
 #define WOLFBOOT_SIGN_LMS
 #define WOLFSSL_HAVE_LMS
-#define WOLFSSL_WC_LMS
 #ifndef LMS_LEVELS
     #define LMS_LEVELS 1
 #endif
@@ -115,7 +112,6 @@
 /* XMSS */
 #define WOLFBOOT_SIGN_XMSS
 #define WOLFSSL_HAVE_XMSS
-#define WOLFSSL_WC_XMSS
 #ifndef WOLFBOOT_XMSS_PARAMS
     #define WOLFBOOT_XMSS_PARAMS "XMSS-SHA2_10_256"
 #endif