Add dynamic key allocation support for Dilithium

Frauschi · Frauschi · commit ca52a560c113 · 2026-04-10T17:09:58.000+02:00
This update introduces the WOLFSSL_DILITHIUM_DYNAMIC_KEYS option, allowing
for dynamic memory allocation of public and private key buffers. This change
reduces memory usage by allocating buffers only when needed.
diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml
@@ -36,6 +36,9 @@ jobs:
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
+          '--enable-intelasm --enable-sp-asm --enable-dilithium=yes CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
+          '--disable-intelasm --enable-dilithium=yes,small CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
+          '--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
@@ -55,6 +55,12 @@
  *   Key data is assigned into Dilithium key rather than copied.
  *   Life of key data passed in is tightly coupled to life of Dilithium key.
  *   Cannot be used when make key is enabled.
+ * WOLFSSL_DILITHIUM_DYNAMIC_KEYS                                Default: OFF
+ *   Key buffers (public and private) are dynamically allocated on the heap
+ *   instead of being static arrays in the key struct. Buffers are right-sized
+ *   for the key's ML-DSA level and only allocated when needed (e.g. no private
+ *   key buffer for verify-only keys). Reduces memory footprint significantly.
+ *   Cannot be used with WOLFSSL_DILITHIUM_ASSIGN_KEY.
  * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM                           Default: OFF
  *   Compiles signature implementation that uses smaller amounts of memory but
  *   is considerably slower.
@@ -218,6 +224,11 @@ void print_data(const char* name, const byte* d, int len)
     #error "Cannot use assign key when making keys"
 #endif
 
+#if defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS) && \
+    defined(WOLFSSL_DILITHIUM_ASSIGN_KEY)
+    #error "Cannot use both WOLFSSL_DILITHIUM_DYNAMIC_KEYS and WOLFSSL_DILITHIUM_ASSIGN_KEY"
+#endif
+
 
 /* Number of bytes from first block to use for sign. */
 #define DILITHIUM_SIGN_BYTES            8
@@ -7654,9 +7665,40 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     sword32* s1 = NULL;
     sword32* s2 = NULL;
     sword32* t = NULL;
-    byte* pub_seed = key->k;
+    byte* pub_seed;
     byte kl[2];
 
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+    if (key->k == NULL) {
+        int secSz = wc_dilithium_size(key);
+    #ifdef USE_INTEL_SPEEDUP
+        key->k = (byte*)XMALLOC((word32)secSz + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->k = (byte*)XMALLOC((word32)secSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->k == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if ((ret == 0) && (key->p == NULL)) {
+        int pubSz = wc_dilithium_pub_size(key);
+    #ifdef USE_INTEL_SPEEDUP
+        key->p = (byte*)XMALLOC((word32)pubSz + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->p = (byte*)XMALLOC((word32)pubSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->p == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    pub_seed = key->k;
+
     /* Allocate memory for large intermediates. */
 #ifdef WC_DILITHIUM_CACHE_MATRIX_A
 #ifndef WC_DILITHIUM_FIXED_ARRAY
@@ -7818,11 +7860,42 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
     sword64* t64 = NULL;
 #endif
     byte* h = NULL;
-    byte* pub_seed = key->k;
+    byte* pub_seed;
     unsigned int r;
     unsigned int s;
     byte kl[2];
 
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+    if (key->k == NULL) {
+        int secSz = wc_dilithium_size(key);
+    #ifdef USE_INTEL_SPEEDUP
+        key->k = (byte*)XMALLOC((word32)secSz + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->k = (byte*)XMALLOC((word32)secSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->k == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if ((ret == 0) && (key->p == NULL)) {
+        int pubSz = wc_dilithium_pub_size(key);
+    #ifdef USE_INTEL_SPEEDUP
+        key->p = (byte*)XMALLOC((word32)pubSz + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->p = (byte*)XMALLOC((word32)pubSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->p == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
+    pub_seed = key->k;
+
     /* Allocate memory for large intermediates. */
     if (ret == 0) {
         unsigned int allocSz;
@@ -10000,6 +10073,26 @@ static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng)
         ret = SIG_TYPE_E;
     }
 
+
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+    if ((ret == 0) && (key->k == NULL)) {
+        int secSz = wc_dilithium_size(key);
+        key->k = (byte*)XMALLOC((word32)secSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->k == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+    if ((ret == 0) && (key->p == NULL)) {
+        int pubSz = wc_dilithium_pub_size(key);
+        key->p = (byte*)XMALLOC((word32)pubSz, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+        if (key->p == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
     if (ret == 0) {
         ret = wolfSSL_liboqsRngMutexLock(rng);
         if (ret == 0) {
@@ -10921,6 +11014,20 @@ int wc_dilithium_set_level(dilithium_key* key, byte level)
 #endif
 #endif /* WOLFSSL_WC_DILITHIUM */
 
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+        if (key->k != NULL) {
+        #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+            ForceZero(key->k, (word32)wc_dilithium_size(key));
+        #endif
+            XFREE(key->k, key->heap, DYNAMIC_TYPE_DILITHIUM);
+            key->k = NULL;
+        }
+        if (key->p != NULL) {
+            XFREE(key->p, key->heap, DYNAMIC_TYPE_DILITHIUM);
+            key->p = NULL;
+        }
+#endif
+
         /* Store level and indicate public and private key are not set. */
         key->level = level % WC_ML_DSA_DRAFT;
         key->pubKeySet = 0;
@@ -10998,6 +11105,17 @@ void wc_dilithium_free(dilithium_key* key)
         /* Free the SHAKE-128/256 object. */
         wc_Shake256_Free(&key->shake);
 #endif
+#endif
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+        if (key->k != NULL) {
+        #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
+            ForceZero(key->k, (word32)wc_dilithium_size(key));
+        #endif
+            XFREE(key->k, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        }
+        if (key->p != NULL) {
+            XFREE(key->p, key->heap, DYNAMIC_TYPE_DILITHIUM);
+        }
 #endif
         /* Ensure all private data is zeroized. */
         ForceZero(key, sizeof(*key));
@@ -11560,12 +11678,28 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
         }
     }
 
+
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+    if ((ret == 0) && (key->p == NULL)) {
+    #ifdef USE_INTEL_SPEEDUP
+        key->p = (byte*)XMALLOC((word32)inLen + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->p = (byte*)XMALLOC((word32)inLen, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->p == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
     if (ret == 0) {
         /* Copy the private key data in or copy pointer. */
-    #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
-        XMEMCPY(key->p, in, inLen);
-    #else
+    #ifdef WOLFSSL_DILITHIUM_ASSIGN_KEY
         key->p = in;
+    #else
+        XMEMCPY(key->p, in, inLen);
     #endif
 
 #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
@@ -11648,12 +11782,27 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz,
         ret = BAD_FUNC_ARG;
     }
 
+
+#ifdef WOLFSSL_DILITHIUM_DYNAMIC_KEYS
+    if ((ret == 0) && (key->k == NULL)) {
+    #ifdef USE_INTEL_SPEEDUP
+        key->k = (byte*)XMALLOC(privSz + 8, key->heap,
+            DYNAMIC_TYPE_DILITHIUM);
+    #else
+        key->k = (byte*)XMALLOC(privSz, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    #endif
+        if (key->k == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+#endif
+
     if (ret == 0) {
         /* Copy the private key data in or copy pointer. */
-    #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
-        XMEMCPY(key->k, priv, privSz);
-    #else
+    #ifdef WOLFSSL_DILITHIUM_ASSIGN_KEY
         key->k = priv;
+    #else
+        XMEMCPY(key->k, priv, privSz);
     #endif
     }
 
diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
@@ -1988,10 +1988,16 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
                         session.func->C_DestroyObject(session.handle, privKey);
                     }
                 }
-            #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
+            #if !defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \
+                !defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
                 if (ret == 0 && clear) {
                     ForceZero(mldsaKey->k, sizeof(mldsaKey->k));
                 }
+            #elif defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
+                if (ret == 0 && clear && mldsaKey->k != NULL) {
+                    ForceZero(mldsaKey->k,
+                        (word32)wc_dilithium_size(mldsaKey));
+                }
             #endif
                 break;
             }
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
@@ -734,7 +734,10 @@ struct dilithium_key {
     int  labelLen;
 #endif
 
-#ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
+#if defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
+    byte* p;    /* heap-allocated, right-sized public key */
+    byte* k;    /* heap-allocated, right-sized secret key */
+#elif !defined(WOLFSSL_DILITHIUM_ASSIGN_KEY)
 #ifdef USE_INTEL_SPEEDUP
     byte p[DILITHIUM_MAX_PUB_KEY_SIZE+8];
     byte k[DILITHIUM_MAX_KEY_SIZE+8];

Original file line number	Diff line number	Diff line change
`@@ -1988,10 +1988,16 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)`
`1988`	`1988`	`session.func->C_DestroyObject(session.handle, privKey);`
`1989`	`1989`	`}`
`1990`	`1990`	`}`
`1991`		`- #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY`
	`1991`	`+ #if !defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \`
	`1992`	`+ !defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)`
`1992`	`1993`	`if (ret == 0 && clear) {`
`1993`	`1994`	`ForceZero(mldsaKey->k, sizeof(mldsaKey->k));`
`1994`	`1995`	`}`
	`1996`	`+ #elif defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)`
	`1997`	`+ if (ret == 0 && clear && mldsaKey->k != NULL) {`
	`1998`	`+ ForceZero(mldsaKey->k,`
	`1999`	`+ (word32)wc_dilithium_size(mldsaKey));`
	`2000`	`+ }`
`1995`	`2001`	`#endif`
`1996`	`2002`	`break;`
`1997`	`2003`	`}`