Derive mldsa_native.h configuration from config file

Previously, mldsa_native.h required users to set MLD_CONFIG_API_* macros
before including it, separate from the MLD_CONFIG_* macros used for the
build configuration. This distinction between internal and external
configuration it confusing.

Now, mldsa_native.h derives all API settings from the same
build configuration file used internally.

- The legacy configuration via MLD_CONFIG_API_XXX still works for
  backwards compatibility, but will be removed in v2.

- New Config Options:
  * MLD_CONFIG_MULTILEVEL_BUILD: Explicit flag for multi-level builds

    This makes it simpler to get headers for multi-level builds.

    In the common case, the configs used in a multi-level build are
    identical except for the setting of MLD_CONFIG_PARAMETER_SET and
    MLD_CONFIG_MULTILEVEL_{NO,WITH}_SHARED. However, the latter only
    affect the build, not the API.

    With MLD_CONFIG_MULTILEVEL_BUILD exposed as a separate option,
    mldsa_native.h can use it to determine whether to suffix the
    namespace prefix with the parameter set (44/65/87) or not,
    so no adaptation of MLD_CONFIG_MULTILEVEL_{NO,WITH}_SHARED is
    needed. Instead, a multi-level header simply becomes:

    ```c
    #define MLD_CONFIG_PARAMETER_SET 44
    #include "mldsa_native.h"
    #undef MLD_CONFIG_PARAMETER_SET

    #define MLD_CONFIG_PARAMETER_SET 65
    #include "mldsa_native.h"
    #undef MLD_CONFIG_PARAMETER_SET

    #define MLD_CONFIG_PARAMETER_SET 87
    #include "mldsa_native.h"
    #undef MLD_CONFIG_PARAMETER_SET
    ```

    For backwards compatibility, MLD_CONFIG_MULTILEVEL_BUILD is not
    used in the build, which continues to detect multilevel builds
    via the existing options MLD_CONFIG_MULTILEVEL_{WITH,NO}_SHARED.

  * MLD_CONFIG_NO_SUPERCOP: We had this before in mldsa_native.h as
    MLD_CONFIG_API_NO_SUPERCOP; it's now in the config and documented.

  * MLD_CONFIG_CONSTANTS_ONLY: We had this before in mldsa_native.h as
    MLD_CONFIG_API_CONSTANTS_ONLY; it's now in the config and documented.

- Build-Internal vs API Config Separation: Config file now guards
  build-only options with #if defined(MLD_BUILD_INTERNAL).

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

Author: mkannwischer

examples/custom_backend/mldsa_native/custom_config.h

@@ -47,6 +47,11 @@
  *              - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65
  *              - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87
  *
+ *              If you want to support multiple parameter sets, build the
+ *              library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD.
+ *              See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while
+ *              minimizing code duplication.
+ *
  *              This can also be set using CFLAGS.
  *
  *****************************************************************************/
@@ -80,17 +85,104 @@
  *
  * Description: The prefix to use to namespace global symbols from mldsa/.
  *
- *              In a multi-level build (that is, if either
- *              - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or
- *              - MLD_CONFIG_MULTILEVEL_NO_SHARED,
- *              are set, level-dependent symbols will additionally be prefixed
- *              with the parameter set (44/65/87).
+ *              In a multi-level build, level-dependent symbols will
+ *              additionally be prefixed with the parameter set (44/65/87).
  *
  *              This can also be set using CFLAGS.
  *
  *****************************************************************************/
 #define MLD_CONFIG_NAMESPACE_PREFIX CUSTOM_TINY_SHA3
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_MULTILEVEL_BUILD
+ *
+ * Description: Set this if the build is part of a multi-level build supporting
+ *              multiple parameter sets.
+ *
+ *              If you need only a single parameter set, keep this unset.
+ *
+ *              To build mldsa-native with support for all parameter sets,
+ *              build it three times -- once per parameter set -- and set the
+ *              option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of
+ *              them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others.
+ *              MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them.
+ *
+ *              See examples/multilevel_build for an example.
+ *
+ *              This can also be set using CFLAGS.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_MULTILEVEL_BUILD */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_EXTERNAL_API_QUALIFIER
+ *
+ * Description: If set, this option provides an additional function
+ *              qualifier to be added to declarations of mldsa-native's
+ *              public API.
+ *
+ *              The primary use case for this option are single-CU builds
+ *              where the public API exposed by mldsa-native is wrapped by
+ *              another API in the consuming application. In this case,
+ *              even mldsa-native's public API can be marked `static`.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_NO_RANDOMIZED_API
+ *
+ * Description: If this option is set, mldsa-native will be built without the
+ *              randomized API functions (crypto_sign_keypair,
+ *              crypto_sign, crypto_sign_signature, and
+ *              crypto_sign_signature_extmu).
+ *              This allows users to build mldsa-native without providing a
+ *              randombytes() implementation if they only need the
+ *              internal deterministic API
+ *              (crypto_sign_keypair_internal, crypto_sign_signature_internal).
+ *
+ *              NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT
+ *              as the current PCT implementation requires
+ *              crypto_sign_signature().
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_NO_RANDOMIZED_API */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_NO_SUPERCOP
+ *
+ * Description: By default, mldsa_native.h exposes the mldsa-native API in the
+ *              SUPERCOP naming convention (crypto_sign_xxx). If you don't need
+ *              this, set MLD_CONFIG_NO_SUPERCOP.
+ *
+ *              NOTE: You must set this for a multi-level build as the SUPERCOP
+ *              naming does not disambiguate between the parameter sets.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_NO_SUPERCOP */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_CONSTANTS_ONLY
+ *
+ * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.)
+ *              but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY.
+ *
+ *              This only affects the public header mldsa_native.h, not
+ *              the implementation.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_CONSTANTS_ONLY */
+
+/******************************************************************************
+ *
+ * Build-only configuration options
+ *
+ * The remaining configurations are build-options only.
+ * They do not affect the API described in mldsa_native.h.
+ *
+ *****************************************************************************/
+
+#if defined(MLD_BUILD_INTERNAL)
 /******************************************************************************
  * Name:        MLD_CONFIG_MULTILEVEL_WITH_SHARED
  *
@@ -415,21 +507,6 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */
 
-/******************************************************************************
- * Name:        MLD_CONFIG_EXTERNAL_API_QUALIFIER
- *
- * Description: If set, this option provides an additional function
- *              qualifier to be added to declarations of mldsa-native's
- *              public API.
- *
- *              The primary use case for this option are single-CU builds
- *              where the public API exposed by mldsa-native is wrapped by
- *              another API in the consuming application. In this case,
- *              even mldsa-native's public API can be marked `static`.
- *
- *****************************************************************************/
-/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */
-
 /******************************************************************************
  * Name:        MLD_CONFIG_CT_TESTING_ENABLED
  *
@@ -479,25 +556,6 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */
 
-/******************************************************************************
- * Name:        MLD_CONFIG_NO_RANDOMIZED_API
- *
- * Description: If this option is set, mldsa-native will be built without the
- *              randomized API functions (crypto_sign_keypair,
- *              crypto_sign, crypto_sign_signature, and
- *              crypto_sign_signature_extmu).
- *              This allows users to build mldsa-native without providing a
- *              randombytes() implementation if they only need the
- *              internal deterministic API
- *              (crypto_sign_keypair_internal, crypto_sign_signature_internal).
- *
- *              NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT
- *              as the current PCT implementation requires
- *              crypto_sign_signature().
- *
- *****************************************************************************/
-/* #define MLD_CONFIG_NO_RANDOMIZED_API */
-
 /******************************************************************************
  * Name:        MLD_CONFIG_KEYGEN_PCT
  *
@@ -561,6 +619,8 @@
 
 /*************************  Config internals  ********************************/
 
+#endif /* MLD_BUILD_INTERNAL */
+
 /* Default namespace
  *
  * Don't change this. If you need a different namespace, re-define

examples/monolithic_build/mldsa/config_44.h

@@ -47,6 +47,11 @@
  *              - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65
  *              - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87
  *
+ *              If you want to support multiple parameter sets, build the
+ *              library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD.
+ *              See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while
+ *              minimizing code duplication.
+ *
  *              This can also be set using CFLAGS.
  *
  *****************************************************************************/
@@ -76,17 +81,104 @@
  *
  * Description: The prefix to use to namespace global symbols from mldsa/.
  *
- *              In a multi-level build (that is, if either
- *              - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or
- *              - MLD_CONFIG_MULTILEVEL_NO_SHARED,
- *              are set, level-dependent symbols will additionally be prefixed
- *              with the parameter set (44/65/87).
+ *              In a multi-level build, level-dependent symbols will
+ *              additionally be prefixed with the parameter set (44/65/87).
  *
  *              This can also be set using CFLAGS.
  *
  *****************************************************************************/
 #define MLD_CONFIG_NAMESPACE_PREFIX mldsa
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_MULTILEVEL_BUILD
+ *
+ * Description: Set this if the build is part of a multi-level build supporting
+ *              multiple parameter sets.
+ *
+ *              If you need only a single parameter set, keep this unset.
+ *
+ *              To build mldsa-native with support for all parameter sets,
+ *              build it three times -- once per parameter set -- and set the
+ *              option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of
+ *              them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others.
+ *              MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them.
+ *
+ *              See examples/multilevel_build for an example.
+ *
+ *              This can also be set using CFLAGS.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_MULTILEVEL_BUILD */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_EXTERNAL_API_QUALIFIER
+ *
+ * Description: If set, this option provides an additional function
+ *              qualifier to be added to declarations of mldsa-native's
+ *              public API.
+ *
+ *              The primary use case for this option are single-CU builds
+ *              where the public API exposed by mldsa-native is wrapped by
+ *              another API in the consuming application. In this case,
+ *              even mldsa-native's public API can be marked `static`.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_NO_RANDOMIZED_API
+ *
+ * Description: If this option is set, mldsa-native will be built without the
+ *              randomized API functions (crypto_sign_keypair,
+ *              crypto_sign, crypto_sign_signature, and
+ *              crypto_sign_signature_extmu).
+ *              This allows users to build mldsa-native without providing a
+ *              randombytes() implementation if they only need the
+ *              internal deterministic API
+ *              (crypto_sign_keypair_internal, crypto_sign_signature_internal).
+ *
+ *              NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT
+ *              as the current PCT implementation requires
+ *              crypto_sign_signature().
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_NO_RANDOMIZED_API */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_NO_SUPERCOP
+ *
+ * Description: By default, mldsa_native.h exposes the mldsa-native API in the
+ *              SUPERCOP naming convention (crypto_sign_xxx). If you don't need
+ *              this, set MLD_CONFIG_NO_SUPERCOP.
+ *
+ *              NOTE: You must set this for a multi-level build as the SUPERCOP
+ *              naming does not disambiguate between the parameter sets.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_NO_SUPERCOP */
+
+/******************************************************************************
+ * Name:        MLD_CONFIG_CONSTANTS_ONLY
+ *
+ * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.)
+ *              but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY.
+ *
+ *              This only affects the public header mldsa_native.h, not
+ *              the implementation.
+ *
+ *****************************************************************************/
+/* #define MLD_CONFIG_CONSTANTS_ONLY */
+
+/******************************************************************************
+ *
+ * Build-only configuration options
+ *
+ * The remaining configurations are build-options only.
+ * They do not affect the API described in mldsa_native.h.
+ *
+ *****************************************************************************/
+
+#if defined(MLD_BUILD_INTERNAL)
 /******************************************************************************
  * Name:        MLD_CONFIG_MULTILEVEL_WITH_SHARED
  *
@@ -417,21 +509,6 @@
  *****************************************************************************/
 #define MLD_CONFIG_INTERNAL_API_QUALIFIER static
 
-/******************************************************************************
- * Name:        MLD_CONFIG_EXTERNAL_API_QUALIFIER
- *
- * Description: If set, this option provides an additional function
- *              qualifier to be added to declarations of mldsa-native's
- *              public API.
- *
- *              The primary use case for this option are single-CU builds
- *              where the public API exposed by mldsa-native is wrapped by
- *              another API in the consuming application. In this case,
- *              even mldsa-native's public API can be marked `static`.
- *
- *****************************************************************************/
-/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */
-
 /******************************************************************************
  * Name:        MLD_CONFIG_CT_TESTING_ENABLED
  *
@@ -481,25 +558,6 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */
 
-/******************************************************************************
- * Name:        MLD_CONFIG_NO_RANDOMIZED_API
- *
- * Description: If this option is set, mldsa-native will be built without the
- *              randomized API functions (crypto_sign_keypair,
- *              crypto_sign, crypto_sign_signature, and
- *              crypto_sign_signature_extmu).
- *              This allows users to build mldsa-native without providing a
- *              randombytes() implementation if they only need the
- *              internal deterministic API
- *              (crypto_sign_keypair_internal, crypto_sign_signature_internal).
- *
- *              NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT
- *              as the current PCT implementation requires
- *              crypto_sign_signature().
- *
- *****************************************************************************/
-/* #define MLD_CONFIG_NO_RANDOMIZED_API */
-
 /******************************************************************************
  * Name:        MLD_CONFIG_KEYGEN_PCT
  *
@@ -563,6 +621,8 @@
 
 /*************************  Config internals  ********************************/
 
+#endif /* MLD_BUILD_INTERNAL */
+
 /* Default namespace
  *
  * Don't change this. If you need a different namespace, re-define