From 7a57acf0bc8c837e702930901a3d4f58a5776b37 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 09:29:06 +0800 Subject: [PATCH 1/7] Move mldsa/src/config -> mldsa/mldsa_native_config.h Signed-off-by: Matthias J. Kannwischer --- BIBLIOGRAPHY.md | 38 +- .../custom_no_randomized_config.h | 588 ------------------ .../mldsa_native/mldsa_native_config.h | 1 + .../mldsa_native/src/config.h | 1 - .../mldsa_native/mldsa_native_config.h | 1 + .../mldsa_native/src/config.h | 1 - .../mldsa_native/custom_config.h | 4 +- .../monolithic_build/{ => mldsa}/config_44.h | 4 +- .../monolithic_build/{ => mldsa}/config_65.h | 4 +- .../monolithic_build/{ => mldsa}/config_87.h | 4 +- examples/monolithic_build/mldsa/src/config.h | 1 - .../{ => mldsa}/multilevel_config.h | 4 +- .../monolithic_build_multilevel/mldsa/src | 1 + .../mldsa/src/cbmc.h | 1 - .../mldsa/src/common.h | 1 - .../mldsa/src/config.h | 1 - .../mldsa/src/ct.c | 1 - .../mldsa/src/ct.h | 1 - .../mldsa/src/debug.c | 1 - .../mldsa/src/debug.h | 1 - .../mldsa/src/fips202 | 1 - .../mldsa/src/ntt.c | 1 - .../mldsa/src/ntt.h | 1 - .../mldsa/src/packing.c | 1 - .../mldsa/src/packing.h | 1 - .../mldsa/src/params.h | 1 - .../mldsa/src/poly.c | 1 - .../mldsa/src/poly.h | 1 - .../mldsa/src/poly_kl.c | 1 - .../mldsa/src/poly_kl.h | 1 - .../mldsa/src/polyvec.c | 1 - .../mldsa/src/polyvec.h | 1 - .../mldsa/src/randombytes.h | 1 - .../mldsa/src/reduce.h | 1 - .../mldsa/src/rounding.h | 1 - .../mldsa/src/sign.c | 1 - .../mldsa/src/sign.h | 1 - .../mldsa/src/symmetric.h | 1 - .../mldsa/src/sys.h | 1 - .../mldsa/src/zetas.inc | 1 - .../.gitignore | 4 + .../monolithic_build_multilevel_native/mldsa | 1 - .../mldsa/mldsa_native.S | 1 + .../mldsa/mldsa_native.c | 1 + .../mldsa/mldsa_native.h | 1 + .../{ => mldsa}/multilevel_config.h | 4 +- .../mldsa/src | 1 + examples/monolithic_build_native/mldsa | 1 - .../{ => mldsa}/config_44.h | 4 +- .../{ => mldsa}/config_65.h | 4 +- .../{ => mldsa}/config_87.h | 4 +- .../mldsa/mldsa_native.S | 1 + .../mldsa/mldsa_native.c | 1 + .../mldsa/mldsa_native.h | 1 + examples/monolithic_build_native/mldsa/src | 1 + examples/multilevel_build/Makefile | 3 +- examples/multilevel_build_native/Makefile | 3 +- mldsa/{src/config.h => mldsa_native_config.h} | 0 mldsa/src/common.h | 2 +- proofs/cbmc/Makefile.common | 1 + scripts/autogen | 20 +- test/break_pct_config.h | 4 +- test/configs.yml | 23 +- test/custom_memcpy_config.h | 4 +- test/custom_memset_config.h | 4 +- test/custom_native_capability_config_0.h | 4 +- test/custom_native_capability_config_1.h | 4 +- ...stom_native_capability_config_CPUID_AVX2.h | 4 +- ...native_capability_config_ID_AA64PFR1_EL1.h | 4 +- test/custom_randombytes_config.h | 4 +- test/custom_stdlib_config.h | 4 +- test/custom_zeroize_config.h | 4 +- test/mk/components.mk | 3 + test/no_asm_config.h | 4 +- test/serial_fips202_config.h | 4 +- 75 files changed, 104 insertions(+), 708 deletions(-) delete mode 100644 examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h create mode 120000 examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h delete mode 120000 examples/bring_your_own_fips202/mldsa_native/src/config.h create mode 120000 examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h delete mode 120000 examples/bring_your_own_fips202_static/mldsa_native/src/config.h rename examples/monolithic_build/{ => mldsa}/config_44.h (99%) rename examples/monolithic_build/{ => mldsa}/config_65.h (99%) rename examples/monolithic_build/{ => mldsa}/config_87.h (99%) delete mode 120000 examples/monolithic_build/mldsa/src/config.h rename examples/monolithic_build_multilevel/{ => mldsa}/multilevel_config.h (99%) create mode 120000 examples/monolithic_build_multilevel/mldsa/src delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/cbmc.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/common.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/config.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/ct.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/ct.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/debug.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/debug.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/fips202 delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/ntt.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/ntt.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/packing.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/packing.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/params.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/poly.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/poly.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/poly_kl.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/poly_kl.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/polyvec.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/polyvec.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/randombytes.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/reduce.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/rounding.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/sign.c delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/sign.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/symmetric.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/sys.h delete mode 120000 examples/monolithic_build_multilevel/mldsa/src/zetas.inc create mode 100644 examples/monolithic_build_multilevel_native/.gitignore delete mode 120000 examples/monolithic_build_multilevel_native/mldsa create mode 120000 examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S create mode 120000 examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c create mode 120000 examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h rename examples/monolithic_build_multilevel_native/{ => mldsa}/multilevel_config.h (99%) create mode 120000 examples/monolithic_build_multilevel_native/mldsa/src delete mode 120000 examples/monolithic_build_native/mldsa rename examples/monolithic_build_native/{ => mldsa}/config_44.h (99%) rename examples/monolithic_build_native/{ => mldsa}/config_65.h (99%) rename examples/monolithic_build_native/{ => mldsa}/config_87.h (99%) create mode 120000 examples/monolithic_build_native/mldsa/mldsa_native.S create mode 120000 examples/monolithic_build_native/mldsa/mldsa_native.c create mode 120000 examples/monolithic_build_native/mldsa/mldsa_native.h create mode 120000 examples/monolithic_build_native/mldsa/src rename mldsa/{src/config.h => mldsa_native_config.h} (100%) diff --git a/BIBLIOGRAPHY.md b/BIBLIOGRAPHY.md index 6975da8d5..0e09749b1 100644 --- a/BIBLIOGRAPHY.md +++ b/BIBLIOGRAPHY.md @@ -23,20 +23,19 @@ source code and documentation. - National Institute of Standards and Technology * URL: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements * Referenced from: - - [examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h](examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h) - [examples/custom_backend/mldsa_native/custom_config.h](examples/custom_backend/mldsa_native/custom_config.h) - - [examples/monolithic_build/config_44.h](examples/monolithic_build/config_44.h) - - [examples/monolithic_build/config_65.h](examples/monolithic_build/config_65.h) - - [examples/monolithic_build/config_87.h](examples/monolithic_build/config_87.h) - - [examples/monolithic_build_multilevel/multilevel_config.h](examples/monolithic_build_multilevel/multilevel_config.h) - - [examples/monolithic_build_multilevel_native/multilevel_config.h](examples/monolithic_build_multilevel_native/multilevel_config.h) - - [examples/monolithic_build_native/config_44.h](examples/monolithic_build_native/config_44.h) - - [examples/monolithic_build_native/config_65.h](examples/monolithic_build_native/config_65.h) - - [examples/monolithic_build_native/config_87.h](examples/monolithic_build_native/config_87.h) + - [examples/monolithic_build/mldsa/config_44.h](examples/monolithic_build/mldsa/config_44.h) + - [examples/monolithic_build/mldsa/config_65.h](examples/monolithic_build/mldsa/config_65.h) + - [examples/monolithic_build/mldsa/config_87.h](examples/monolithic_build/mldsa/config_87.h) + - [examples/monolithic_build_multilevel/mldsa/multilevel_config.h](examples/monolithic_build_multilevel/mldsa/multilevel_config.h) + - [examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h](examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h) + - [examples/monolithic_build_native/mldsa/config_44.h](examples/monolithic_build_native/mldsa/config_44.h) + - [examples/monolithic_build_native/mldsa/config_65.h](examples/monolithic_build_native/mldsa/config_65.h) + - [examples/monolithic_build_native/mldsa/config_87.h](examples/monolithic_build_native/mldsa/config_87.h) - [integration/liboqs/config_aarch64.h](integration/liboqs/config_aarch64.h) - [integration/liboqs/config_c.h](integration/liboqs/config_c.h) - [integration/liboqs/config_x86_64.h](integration/liboqs/config_x86_64.h) - - [mldsa/src/config.h](mldsa/src/config.h) + - [mldsa/mldsa_native_config.h](mldsa/mldsa_native_config.h) - [mldsa/src/sign.c](mldsa/src/sign.c) - [test/break_pct_config.h](test/break_pct_config.h) - [test/custom_memcpy_config.h](test/custom_memcpy_config.h) @@ -69,18 +68,17 @@ source code and documentation. * URL: https://csrc.nist.gov/pubs/fips/204/final * Referenced from: - [README.md](README.md) - - [examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h](examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h) - [examples/custom_backend/mldsa_native/custom_config.h](examples/custom_backend/mldsa_native/custom_config.h) - - [examples/monolithic_build/config_44.h](examples/monolithic_build/config_44.h) - - [examples/monolithic_build/config_65.h](examples/monolithic_build/config_65.h) - - [examples/monolithic_build/config_87.h](examples/monolithic_build/config_87.h) - - [examples/monolithic_build_multilevel/multilevel_config.h](examples/monolithic_build_multilevel/multilevel_config.h) - - [examples/monolithic_build_multilevel_native/multilevel_config.h](examples/monolithic_build_multilevel_native/multilevel_config.h) - - [examples/monolithic_build_native/config_44.h](examples/monolithic_build_native/config_44.h) - - [examples/monolithic_build_native/config_65.h](examples/monolithic_build_native/config_65.h) - - [examples/monolithic_build_native/config_87.h](examples/monolithic_build_native/config_87.h) + - [examples/monolithic_build/mldsa/config_44.h](examples/monolithic_build/mldsa/config_44.h) + - [examples/monolithic_build/mldsa/config_65.h](examples/monolithic_build/mldsa/config_65.h) + - [examples/monolithic_build/mldsa/config_87.h](examples/monolithic_build/mldsa/config_87.h) + - [examples/monolithic_build_multilevel/mldsa/multilevel_config.h](examples/monolithic_build_multilevel/mldsa/multilevel_config.h) + - [examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h](examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h) + - [examples/monolithic_build_native/mldsa/config_44.h](examples/monolithic_build_native/mldsa/config_44.h) + - [examples/monolithic_build_native/mldsa/config_65.h](examples/monolithic_build_native/mldsa/config_65.h) + - [examples/monolithic_build_native/mldsa/config_87.h](examples/monolithic_build_native/mldsa/config_87.h) - [mldsa/mldsa_native.h](mldsa/mldsa_native.h) - - [mldsa/src/config.h](mldsa/src/config.h) + - [mldsa/mldsa_native_config.h](mldsa/mldsa_native_config.h) - [mldsa/src/ct.h](mldsa/src/ct.h) - [mldsa/src/fips202/fips202.c](mldsa/src/fips202/fips202.c) - [mldsa/src/fips202/fips202x4.c](mldsa/src/fips202/fips202x4.c) diff --git a/examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h b/examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h deleted file mode 100644 index 116ecf397..000000000 --- a/examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h +++ /dev/null @@ -1,588 +0,0 @@ -/* - * Copyright (c) The mldsa-native project authors - * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT - */ - -/* References - * ========== - * - * - [FIPS140_3_IG] - * Implementation Guidance for FIPS 140-3 and the Cryptographic Module - * Validation Program - * National Institute of Standards and Technology - * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements - * - * - [FIPS204] - * FIPS 204 Module-Lattice-Based Digital Signature Standard - * National Institute of Standards and Technology - * https://csrc.nist.gov/pubs/fips/204/final - */ - -/* - * WARNING: This file is auto-generated from scripts/autogen - * in the mldsa-native repository. - * Do not modify it directly. - */ - -/* - * Test configuration: Config without randomized API - * - * This configuration differs from the default mldsa/src/config.h in the - * following places: - * - MLD_CONFIG_NO_RANDOMIZED_API - */ - - -#ifndef MLD_CONFIG_H -#define MLD_CONFIG_H - -/****************************************************************************** - * Name: MLD_CONFIG_PARAMETER_SET - * - * Description: Specifies the parameter set for ML-DSA - * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 - * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 - * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#ifndef MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_PARAMETER_SET \ - 44 /* Change this for different security strengths */ -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_FILE - * - * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. - * - * When you need to build mldsa-native in multiple configurations, - * using varying MLD_CONFIG_FILE can be more convenient - * then configuring everything through CFLAGS. - * - * To use, MLD_CONFIG_FILE _must_ be defined prior - * to the inclusion of any mldsa-native headers. For example, - * it can be set by passing `-DMLD_CONFIG_FILE="..."` - * on the command line. - * - *****************************************************************************/ -/* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_NAMESPACE_PREFIX - * - * Description: The prefix to use to namespace global symbols from mldsa/. - * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#if !defined(MLD_CONFIG_NAMESPACE_PREFIX) -#define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, all MLD_CONFIG_PARAMETER_SET-independent - * code will be included in the build, including code needed only - * for other parameter sets. - * - * Example: TODO: add example - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code - * will be included in the build. - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS - * - * Description: This is only relevant for single compilation unit (SCU) - * builds of mldsa-native. In this case, it determines whether - * directives defined in parameter-set-independent headers should - * be #undef'ined or not at the of the SCU file. This is needed - * in multilevel builds. - * - * See examples/multilevel_build_native for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - * - * Description: Determines whether an native arithmetic backend should be used. - * - * The arithmetic backend covers performance critical functions - * such as the number-theoretic transform (NTT). - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the arithmetic backend to be use is - * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) -/* #define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH */ -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_ARITH_BACKEND_FILE - * - * Description: The arithmetic backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option - * is ignored. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must - * either be undefined or the filename of an arithmetic backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ - !defined(MLD_CONFIG_ARITH_BACKEND_FILE) -#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - * Description: Determines whether an native FIPS202 backend should be used. - * - * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is - * the performance bottleneck of SHA3 and SHAKE. - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the FIPS202 backend to be use is - * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) -/* #define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 */ -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_BACKEND_FILE - * - * Description: The FIPS-202 backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option - * must either be undefined or the filename of a FIPS202 backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ - !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) -#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202-X4 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202x4.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_ZEROIZE - * - * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, - * zeroizes intermediate stack buffers before returning from - * function calls. - * - * Set this option and define `mld_zeroize_native` if you want to - * use a custom method to zeroize intermediate stack buffers. - * The default implementation uses SecureZeroMemory on Windows - * and a memset + compiler barrier otherwise. If neither of those - * is available on the target platform, compilation will fail, - * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide - * a custom implementation of `mld_zeroize_native()`. - * - * WARNING: - * The explicit stack zeroization conducted by mldsa-native - * reduces the likelihood of data leaking on the stack, but - * does not eliminate it! The C standard makes no guarantee about - * where a compiler allocates structures and whether/where it makes - * copies of them. Also, in addition to entire structures, there - * may also be potentially exploitable leakage of individual values - * on the stack. - * - * If you need bullet-proof zeroization of the stack, you need to - * consider additional measures instead of what this feature - * provides. In this case, you can set mld_zeroize_native to a - * no-op. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_ZEROIZE - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES - * - * Description: mldsa-native does not provide a secure randombytes - * implementation. Such an implementation has to provided by the - * consumer. - * - * If this option is not set, mldsa-native expects a function - * void randombytes(uint8_t *out, size_t outlen). - * - * Set this option and define `mld_randombytes` if you want to - * use a custom method to sample randombytes with a different name - * or signature. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - * - * Description: mldsa-native backends may rely on specific hardware features. - * Those backends will only be included in an mldsa-native build - * if support for the respective features is enabled at - * compile-time. However, when building for a heteroneous set - * of CPUs to run the resulting binary/library on, feature - * detection at _runtime_ is needed to decided whether a backend - * can be used or not. - * - * Set this option and define `mld_sys_check_capability` if you - * want to use a custom method to dispatch between implementations. - * - * If this option is not set, mldsa-native uses compile-time - * feature detection only to decide which backend to use. - * - * If you compile mldsa-native on a system with different - * capabilities than the system that the resulting binary/library - * will be run on, you must use this option. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) - { - ... your implementation ... - } -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMCPY - * - * Description: Set this option and define `mld_memcpy` if you want to - * use a custom method to copy memory instead of the standard - * library memcpy function. - * - * The custom implementation must have the same signature and - * behavior as the standard memcpy function: - * void *mld_memcpy(void *dest, const void *src, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMCPY - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMSET - * - * Description: Set this option and define `mld_memset` if you want to - * use a custom method to set memory instead of the standard - * library memset function. - * - * The custom implementation must have the same signature and - * behavior as the standard memset function: - * void *mld_memset(void *s, int c, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMSET - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memset(void *s, int c, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of internal API. - * - * The primary use case for this option are single-CU builds, - * in which case this option can be set to `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_CT_TESTING_ENABLED - * - * Description: If set, mldsa-native annotates data as secret / public using - * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and - * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- - * dependent control flow of variable time execution (depending - * on the exact version of valgrind installed). - * - *****************************************************************************/ -/* #define MLD_CONFIG_CT_TESTING_ENABLED */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly. - * - * By default, inline assembly is used to implement value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - * Inline assembly is also used to implement a secure zeroization - * function on non-Windows platforms. If this option is set and - * the target platform is not Windows, you MUST set - * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization - * function. - * - * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and - * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no - * native backends will be used. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly for value barriers. - * - * By default, inline assembly (if available) is used to implement - * value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -#define MLD_CONFIG_NO_RANDOMIZED_API - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT - * - * Description: Compliance with @[FIPS140_3_IG, p.87] requires a - * Pairwise Consistency Test (PCT) to be carried out on a freshly - * generated keypair before it can be exported. - * - * Set this option if such a check should be implemented. - * In this case, crypto_sign_keypair_internal and - * crypto_sign_keypair will return a non-zero error code if the - * PCT failed. - * - * NOTE: This feature will drastically lower the performance of - * key generation. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT */ - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - * - * Description: If this option is set, the user must provide a runtime - * function `static inline int mld_break_pct() { ... }` to - * indicate whether the PCT should be made fail. - * - * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - #if !defined(__ASSEMBLER__) - #include "sys.h" - static MLD_INLINE int mld_break_pct(void) - { - ... return 0/1 depending on whether PCT should be broken ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY - * - * Description: Set this to use a FIPS202 implementation with global state - * that supports only one active Keccak computation at a time - * (e.g. some hardware accelerators). - * - * If this option is set, ML-DSA will use FIPS202 operations - * serially, ensuring that only one SHAKE context is active - * at any given time. - * - * This allows offloading Keccak computations to a hardware - * accelerator that holds only a single Keccak state locally, - * rather than requiring support for multiple concurrent - * Keccak states. - * - * NOTE: Depending on the target CPU, this may reduce - * performance when using software FIPS202 implementations. - * Only enable this when you have to. - * - *****************************************************************************/ -/* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */ - -/************************* Config internals ********************************/ - -/* Default namespace - * - * Don't change this. If you need a different namespace, re-define - * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. - * - * The default MLDSA namespace is - * - * PQCP_MLDSA_NATIVE_MLDSA_ - * - * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ - */ - -#if MLD_CONFIG_PARAMETER_SET == 44 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 -#elif MLD_CONFIG_PARAMETER_SET == 65 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 -#elif MLD_CONFIG_PARAMETER_SET == 87 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 -#endif - -#endif /* !MLD_CONFIG_H */ diff --git a/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h new file mode 120000 index 000000000..5d965d706 --- /dev/null +++ b/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native_config.h \ No newline at end of file diff --git a/examples/bring_your_own_fips202/mldsa_native/src/config.h b/examples/bring_your_own_fips202/mldsa_native/src/config.h deleted file mode 120000 index e8185dc91..000000000 --- a/examples/bring_your_own_fips202/mldsa_native/src/config.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/config.h \ No newline at end of file diff --git a/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h new file mode 120000 index 000000000..5d965d706 --- /dev/null +++ b/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native_config.h \ No newline at end of file diff --git a/examples/bring_your_own_fips202_static/mldsa_native/src/config.h b/examples/bring_your_own_fips202_static/mldsa_native/src/config.h deleted file mode 120000 index e8185dc91..000000000 --- a/examples/bring_your_own_fips202_static/mldsa_native/src/config.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/config.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/custom_config.h b/examples/custom_backend/mldsa_native/custom_config.h index 57041ca16..dcdeee2f2 100644 --- a/examples/custom_backend/mldsa_native/custom_config.h +++ b/examples/custom_backend/mldsa_native/custom_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Custom backend config with tiny SHA3 * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 diff --git a/examples/monolithic_build/config_44.h b/examples/monolithic_build/mldsa/config_44.h similarity index 99% rename from examples/monolithic_build/config_44.h rename to examples/monolithic_build/mldsa/config_44.h index 6c2b9c6b3..a365181a4 100644 --- a/examples/monolithic_build/config_44.h +++ b/examples/monolithic_build/mldsa/config_44.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-44 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER diff --git a/examples/monolithic_build/config_65.h b/examples/monolithic_build/mldsa/config_65.h similarity index 99% rename from examples/monolithic_build/config_65.h rename to examples/monolithic_build/mldsa/config_65.h index 1af394d1b..81c22d736 100644 --- a/examples/monolithic_build/config_65.h +++ b/examples/monolithic_build/mldsa/config_65.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-65 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER diff --git a/examples/monolithic_build/config_87.h b/examples/monolithic_build/mldsa/config_87.h similarity index 99% rename from examples/monolithic_build/config_87.h rename to examples/monolithic_build/mldsa/config_87.h index 1ba7f2dc7..43985aa50 100644 --- a/examples/monolithic_build/config_87.h +++ b/examples/monolithic_build/mldsa/config_87.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-87 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER diff --git a/examples/monolithic_build/mldsa/src/config.h b/examples/monolithic_build/mldsa/src/config.h deleted file mode 120000 index e8185dc91..000000000 --- a/examples/monolithic_build/mldsa/src/config.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/config.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/multilevel_config.h b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h similarity index 99% rename from examples/monolithic_build_multilevel/multilevel_config.h rename to examples/monolithic_build_multilevel/mldsa/multilevel_config.h index e3e166317..d8c60056e 100644 --- a/examples/monolithic_build_multilevel/multilevel_config.h +++ b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Multilevel monolithic build config * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER */ diff --git a/examples/monolithic_build_multilevel/mldsa/src b/examples/monolithic_build_multilevel/mldsa/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_multilevel/mldsa/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/cbmc.h b/examples/monolithic_build_multilevel/mldsa/src/cbmc.h deleted file mode 120000 index 9fd253c4c..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/cbmc.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/cbmc.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/common.h b/examples/monolithic_build_multilevel/mldsa/src/common.h deleted file mode 120000 index 7baea8129..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/common.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/common.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/config.h b/examples/monolithic_build_multilevel/mldsa/src/config.h deleted file mode 120000 index e8185dc91..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/config.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/config.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/ct.c b/examples/monolithic_build_multilevel/mldsa/src/ct.c deleted file mode 120000 index 3f32692cc..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/ct.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/ct.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/ct.h b/examples/monolithic_build_multilevel/mldsa/src/ct.h deleted file mode 120000 index d46bb57d3..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/ct.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/ct.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/debug.c b/examples/monolithic_build_multilevel/mldsa/src/debug.c deleted file mode 120000 index e4b0d5d00..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/debug.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/debug.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/debug.h b/examples/monolithic_build_multilevel/mldsa/src/debug.h deleted file mode 120000 index 92949bb27..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/debug.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/debug.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/fips202 b/examples/monolithic_build_multilevel/mldsa/src/fips202 deleted file mode 120000 index 829380ed0..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/fips202 +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/fips202 \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/ntt.c b/examples/monolithic_build_multilevel/mldsa/src/ntt.c deleted file mode 120000 index a8ab8e18c..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/ntt.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/ntt.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/ntt.h b/examples/monolithic_build_multilevel/mldsa/src/ntt.h deleted file mode 120000 index 6cf19a6b3..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/ntt.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/ntt.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/packing.c b/examples/monolithic_build_multilevel/mldsa/src/packing.c deleted file mode 120000 index 0da6e8062..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/packing.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/packing.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/packing.h b/examples/monolithic_build_multilevel/mldsa/src/packing.h deleted file mode 120000 index 3dc7c9dae..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/packing.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/packing.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/params.h b/examples/monolithic_build_multilevel/mldsa/src/params.h deleted file mode 120000 index 0a530a256..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/params.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/params.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/poly.c b/examples/monolithic_build_multilevel/mldsa/src/poly.c deleted file mode 120000 index 2a793df40..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/poly.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/poly.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/poly.h b/examples/monolithic_build_multilevel/mldsa/src/poly.h deleted file mode 120000 index 0cdab9983..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/poly.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/poly.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/poly_kl.c b/examples/monolithic_build_multilevel/mldsa/src/poly_kl.c deleted file mode 120000 index 8a27154af..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/poly_kl.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/poly_kl.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/poly_kl.h b/examples/monolithic_build_multilevel/mldsa/src/poly_kl.h deleted file mode 120000 index f981ad481..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/poly_kl.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/poly_kl.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/polyvec.c b/examples/monolithic_build_multilevel/mldsa/src/polyvec.c deleted file mode 120000 index 33e86a831..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/polyvec.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/polyvec.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/polyvec.h b/examples/monolithic_build_multilevel/mldsa/src/polyvec.h deleted file mode 120000 index 417aa2e0c..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/polyvec.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/polyvec.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/randombytes.h b/examples/monolithic_build_multilevel/mldsa/src/randombytes.h deleted file mode 120000 index d372260e5..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/randombytes.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/randombytes.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/reduce.h b/examples/monolithic_build_multilevel/mldsa/src/reduce.h deleted file mode 120000 index e1405ac0a..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/reduce.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/reduce.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/rounding.h b/examples/monolithic_build_multilevel/mldsa/src/rounding.h deleted file mode 120000 index c58bd9fae..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/rounding.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/rounding.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/sign.c b/examples/monolithic_build_multilevel/mldsa/src/sign.c deleted file mode 120000 index fad774fba..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/sign.c +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/sign.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/sign.h b/examples/monolithic_build_multilevel/mldsa/src/sign.h deleted file mode 120000 index 2ba1e2a0e..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/sign.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/sign.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/symmetric.h b/examples/monolithic_build_multilevel/mldsa/src/symmetric.h deleted file mode 120000 index eb4af39ca..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/symmetric.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/symmetric.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/sys.h b/examples/monolithic_build_multilevel/mldsa/src/sys.h deleted file mode 120000 index 7322c1c94..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/sys.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/sys.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src/zetas.inc b/examples/monolithic_build_multilevel/mldsa/src/zetas.inc deleted file mode 120000 index b9361143a..000000000 --- a/examples/monolithic_build_multilevel/mldsa/src/zetas.inc +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/zetas.inc \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/.gitignore b/examples/monolithic_build_multilevel_native/.gitignore new file mode 100644 index 000000000..834e99720 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/.gitignore @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + +build/ +*.d diff --git a/examples/monolithic_build_multilevel_native/mldsa b/examples/monolithic_build_multilevel_native/mldsa deleted file mode 120000 index 1d724637f..000000000 --- a/examples/monolithic_build_multilevel_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../mldsa/ \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S new file mode 120000 index 000000000..1a7c2694b --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.S \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c new file mode 120000 index 000000000..107fe39e1 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.c \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/multilevel_config.h b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h similarity index 99% rename from examples/monolithic_build_multilevel_native/multilevel_config.h rename to examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h index ab79a9392..4c134a3f6 100644 --- a/examples/monolithic_build_multilevel_native/multilevel_config.h +++ b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Multilevel monolithic build config with native backends * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 diff --git a/examples/monolithic_build_multilevel_native/mldsa/src b/examples/monolithic_build_multilevel_native/mldsa/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa b/examples/monolithic_build_native/mldsa deleted file mode 120000 index 1d724637f..000000000 --- a/examples/monolithic_build_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../mldsa/ \ No newline at end of file diff --git a/examples/monolithic_build_native/config_44.h b/examples/monolithic_build_native/mldsa/config_44.h similarity index 99% rename from examples/monolithic_build_native/config_44.h rename to examples/monolithic_build_native/mldsa/config_44.h index fbb92aef7..61649e11d 100644 --- a/examples/monolithic_build_native/config_44.h +++ b/examples/monolithic_build_native/mldsa/config_44.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-44 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH diff --git a/examples/monolithic_build_native/config_65.h b/examples/monolithic_build_native/mldsa/config_65.h similarity index 99% rename from examples/monolithic_build_native/config_65.h rename to examples/monolithic_build_native/mldsa/config_65.h index d10ea91c1..986c7ae80 100644 --- a/examples/monolithic_build_native/config_65.h +++ b/examples/monolithic_build_native/mldsa/config_65.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-65 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH diff --git a/examples/monolithic_build_native/config_87.h b/examples/monolithic_build_native/mldsa/config_87.h similarity index 99% rename from examples/monolithic_build_native/config_87.h rename to examples/monolithic_build_native/mldsa/config_87.h index a56de344e..e0001c8eb 100644 --- a/examples/monolithic_build_native/config_87.h +++ b/examples/monolithic_build_native/mldsa/config_87.h @@ -28,8 +28,8 @@ * Test configuration: Monolithic build config for ML-DSA-87 (native backends * disabled) * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.S b/examples/monolithic_build_native/mldsa/mldsa_native.S new file mode 120000 index 000000000..1a7c2694b --- /dev/null +++ b/examples/monolithic_build_native/mldsa/mldsa_native.S @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.S \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.c b/examples/monolithic_build_native/mldsa/mldsa_native.c new file mode 120000 index 000000000..107fe39e1 --- /dev/null +++ b/examples/monolithic_build_native/mldsa/mldsa_native.c @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.c \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.h b/examples/monolithic_build_native/mldsa/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/monolithic_build_native/mldsa/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa/src b/examples/monolithic_build_native/mldsa/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_native/mldsa/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/multilevel_build/Makefile b/examples/multilevel_build/Makefile index 73aa88843..4fc3d43ee 100644 --- a/examples/multilevel_build/Makefile +++ b/examples/multilevel_build/Makefile @@ -26,7 +26,8 @@ CFLAGS := \ -Wno-unused-command-line-argument \ -O3 \ -fomit-frame-pointer \ - -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ + -Imldsa_native/mldsa \ + -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ -std=c99 \ -pedantic \ -MMD \ diff --git a/examples/multilevel_build_native/Makefile b/examples/multilevel_build_native/Makefile index 463058927..0ae9181ee 100644 --- a/examples/multilevel_build_native/Makefile +++ b/examples/multilevel_build_native/Makefile @@ -26,7 +26,8 @@ CFLAGS := \ -Wno-unused-command-line-argument \ -O3 \ -fomit-frame-pointer \ - -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ + -Imldsa_native/mldsa \ + -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ -std=c99 \ -pedantic \ -MMD \ diff --git a/mldsa/src/config.h b/mldsa/mldsa_native_config.h similarity index 100% rename from mldsa/src/config.h rename to mldsa/mldsa_native_config.h diff --git a/mldsa/src/common.h b/mldsa/src/common.h index 408ec11dd..a4a42ed31 100644 --- a/mldsa/src/common.h +++ b/mldsa/src/common.h @@ -9,7 +9,7 @@ #if defined(MLD_CONFIG_FILE) #include MLD_CONFIG_FILE #else -#include "config.h" +#include "mldsa_native_config.h" #endif #include "cbmc.h" diff --git a/proofs/cbmc/Makefile.common b/proofs/cbmc/Makefile.common index c2fb7c6ce..867888cfa 100644 --- a/proofs/cbmc/Makefile.common +++ b/proofs/cbmc/Makefile.common @@ -341,6 +341,7 @@ ADD_LIBRARY_FLAG := --add-library INCLUDES ?= INCLUDES += -I$(PROOFDIR) INCLUDES += -I$(SRCDIR)/proofs/cbmc +INCLUDES += -I$(SRCDIR)/mldsa INCLUDES += -I$(SRCDIR)/mldsa/src INCLUDES += -I$(SRCDIR)/mldsa/src/fips202 diff --git a/scripts/autogen b/scripts/autogen index 3a8fad1dc..3d2754590 100755 --- a/scripts/autogen +++ b/scripts/autogen @@ -1355,7 +1355,6 @@ def k_specific(c): k_specific_sources = [ "mldsa_native.h", "params.h", - # Deliberately omit config.h, which is not #undef'ed "common.h", "packing.c", "packing.h", @@ -1374,7 +1373,7 @@ def k_specific(c): def k_generic(c): - return not k_specific(c) and c != "mldsa/src/config.h" + return not k_specific(c) and c != "mldsa/mldsa_native_config.h" def gen_macro_undefs(extra_notes=None): @@ -1638,7 +1637,7 @@ def gen_monolithic_asm_file(): def get_config_options(): - content = read_file("mldsa/src/config.h") + content = read_file("mldsa/mldsa_native_config.h") config_pattern = r"Name:\s*(MLD_CONFIG_\w+)" configs = re.findall(config_pattern, content) @@ -1834,6 +1833,10 @@ def update_via_simpasm( outfile = infile outfile_full = os.path.join(outdir, outfile) + if cflags is None: + cflags = "" + cflags += " -Imldsa" + # Check if we need to use a cross-compiler if "aarch64" in infile_full: source_arch = "aarch64" @@ -2082,7 +2085,10 @@ def adjust_header_guard_for_filename(content, header_file): status_update("header guards", header_file) content = content.split("\n") - exceptions = {"mldsa/mldsa_native.h": "MLD_H"} + exceptions = { + "mldsa/mldsa_native.h": "MLD_H", + "mldsa/mldsa_native_config.h": "MLD_CONFIG_H", + } # Use full filename as the header guard, with '/' and '.' replaced by '_' guard_name = ( @@ -2542,8 +2548,6 @@ def get_oqs_shared_sources(backend): for f in os.listdir(f"{mldsa_dir}/native") if os.path.isfile(f"{mldsa_dir}/native/{f}") ] - # We use a custom config - sources.remove("mldsa/src/config.h") # Add FIPS202 glue code sources += [ "integration/liboqs/fips202_glue.h", @@ -2751,7 +2755,7 @@ def gen_test_config(config_path, config_spec, default_config_content): header.append(f" * Test configuration: {config_spec['description']}") header.append(" *") header.append( - " * This configuration differs from the default mldsa/src/config.h in the following places:" + " * This configuration differs from the default mldsa/mldsa_native_config.h in the following places:" ) def spec_has_value(opt_value): @@ -2838,7 +2842,7 @@ def gen_test_configs(): metadata = yaml.safe_load(read_file("test/configs.yml")) # Load default config - default_config = read_file("mldsa/src/config.h") + default_config = read_file("mldsa/mldsa_native_config.h") # Generate each test config for config_spec in metadata["configs"]: diff --git a/test/break_pct_config.h b/test/break_pct_config.h index 3a5e6c54c..af0bd6398 100644 --- a/test/break_pct_config.h +++ b/test/break_pct_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration for PCT breakage testing * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_KEYGEN_PCT * - MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST */ diff --git a/test/configs.yml b/test/configs.yml index fd0b7f7b6..3408c45ff 100644 --- a/test/configs.yml +++ b/test/configs.yml @@ -282,7 +282,7 @@ configs: #endif /* !__ASSEMBLER__ */ # Example configs - - path: examples/monolithic_build/config_44.h + - path: examples/monolithic_build/mldsa/config_44.h description: "Monolithic build config for ML-DSA-44 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 44 @@ -291,7 +291,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build/config_65.h + - path: examples/monolithic_build/mldsa/config_65.h description: "Monolithic build config for ML-DSA-65 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 65 @@ -300,7 +300,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build/config_87.h + - path: examples/monolithic_build/mldsa/config_87.h description: "Monolithic build config for ML-DSA-87 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 87 @@ -309,7 +309,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/config_44.h + - path: examples/monolithic_build_native/mldsa/config_44.h description: "Monolithic build config for ML-DSA-44 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 44 @@ -320,7 +320,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/config_65.h + - path: examples/monolithic_build_native/mldsa/config_65.h description: "Monolithic build config for ML-DSA-65 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 65 @@ -331,7 +331,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/config_87.h + - path: examples/monolithic_build_native/mldsa/config_87.h description: "Monolithic build config for ML-DSA-87 (native backends disabled)" defines: MLD_CONFIG_PARAMETER_SET: 87 @@ -342,7 +342,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_multilevel/multilevel_config.h + - path: examples/monolithic_build_multilevel/mldsa/multilevel_config.h description: "Multilevel monolithic build config" defines: MLD_CONFIG_NAMESPACE_PREFIX: mldsa @@ -350,7 +350,7 @@ configs: MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_multilevel_native/multilevel_config.h + - path: examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h description: "Multilevel monolithic build config with native backends" defines: MLD_CONFIG_NAMESPACE_PREFIX: mldsa @@ -392,10 +392,3 @@ configs: MLD_CONFIG_FIPS202_BACKEND_FILE: '"fips202/native/custom/custom.h"' MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - - path: examples/basic_deterministic/mldsa_native/custom_no_randomized_config.h - description: "Config without randomized API" - defines: - MLD_CONFIG_NO_RANDOMIZED_API: true - MLD_CONFIG_FILE: - comment: "/* No need to set this -- we _are_ already in a custom config */" diff --git a/test/custom_memcpy_config.h b/test/custom_memcpy_config.h index 9d8ea61dc..6fc786c36 100644 --- a/test/custom_memcpy_config.h +++ b/test/custom_memcpy_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with custom memcpy * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_MEMCPY */ diff --git a/test/custom_memset_config.h b/test/custom_memset_config.h index 85518b2fc..66392ada1 100644 --- a/test/custom_memset_config.h +++ b/test/custom_memset_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with custom memset * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_MEMSET */ diff --git a/test/custom_native_capability_config_0.h b/test/custom_native_capability_config_0.h index d7cd2f4f0..d03c5a1d7 100644 --- a/test/custom_native_capability_config_0.h +++ b/test/custom_native_capability_config_0.h @@ -28,8 +28,8 @@ * Test configuration: Test configuration with custom capability function * returning 0 * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_CAPABILITY_FUNC */ diff --git a/test/custom_native_capability_config_1.h b/test/custom_native_capability_config_1.h index a3411b8dc..fdddb72f3 100644 --- a/test/custom_native_capability_config_1.h +++ b/test/custom_native_capability_config_1.h @@ -28,8 +28,8 @@ * Test configuration: Test configuration with custom capability function * returning 1 * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_CAPABILITY_FUNC */ diff --git a/test/custom_native_capability_config_CPUID_AVX2.h b/test/custom_native_capability_config_CPUID_AVX2.h index 52063025f..902273c82 100644 --- a/test/custom_native_capability_config_CPUID_AVX2.h +++ b/test/custom_native_capability_config_CPUID_AVX2.h @@ -28,8 +28,8 @@ * Test configuration: Test configuration with CPUID-based AVX2 capability * detection * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_CAPABILITY_FUNC */ diff --git a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h index 0d737fc9a..3f2b76fb0 100644 --- a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h +++ b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h @@ -28,8 +28,8 @@ * Test configuration: Test configuration with ARM system register capability * detection * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_CAPABILITY_FUNC */ diff --git a/test/custom_randombytes_config.h b/test/custom_randombytes_config.h index a8cd441fd..b0022b67c 100644 --- a/test/custom_randombytes_config.h +++ b/test/custom_randombytes_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with custom randombytes * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_RANDOMBYTES */ diff --git a/test/custom_stdlib_config.h b/test/custom_stdlib_config.h index 1d0b38203..ae7eb2009 100644 --- a/test/custom_stdlib_config.h +++ b/test/custom_stdlib_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with custom stdlib functions * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_MEMCPY * - MLD_CONFIG_CUSTOM_MEMSET */ diff --git a/test/custom_zeroize_config.h b/test/custom_zeroize_config.h index 497935a81..5d5555244 100644 --- a/test/custom_zeroize_config.h +++ b/test/custom_zeroize_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with custom zeroize * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_CUSTOM_ZEROIZE */ diff --git a/test/mk/components.mk b/test/mk/components.mk index 84ae49bd4..c605815be 100644 --- a/test/mk/components.mk +++ b/test/mk/components.mk @@ -27,6 +27,9 @@ $(MLDSA65_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 MLDSA87_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR),$(SOURCES) $(FIPS202_SRCS)) $(MLDSA87_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 + +CFLAGS += -Imldsa + $(BUILD_DIR)/libmldsa44.a: $(MLDSA44_OBJS) $(BUILD_DIR)/libmldsa65.a: $(MLDSA65_OBJS) $(BUILD_DIR)/libmldsa87.a: $(MLDSA87_OBJS) diff --git a/test/no_asm_config.h b/test/no_asm_config.h index bf90fe241..93668bad5 100644 --- a/test/no_asm_config.h +++ b/test/no_asm_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with no assembly code * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_NO_ASM * - MLD_CONFIG_CUSTOM_ZEROIZE */ diff --git a/test/serial_fips202_config.h b/test/serial_fips202_config.h index 2d5d3b190..18a225224 100644 --- a/test/serial_fips202_config.h +++ b/test/serial_fips202_config.h @@ -27,8 +27,8 @@ /* * Test configuration: Test configuration with serial FIPS202 only * - * This configuration differs from the default mldsa/src/config.h in the - * following places: + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: * - MLD_CONFIG_SERIAL_FIPS202_ONLY */ From 6fe7c1eb36576bd57f1f8326dbcce33ee1c6d562 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 09:44:05 +0800 Subject: [PATCH 2/7] Adjust mentions of config.h->mldsa_native_config.h in comments Signed-off-by: Matthias J. Kannwischer --- examples/custom_backend/mldsa_native/custom_config.h | 4 ++-- examples/monolithic_build/mldsa/config_44.h | 4 ++-- examples/monolithic_build/mldsa/config_65.h | 4 ++-- examples/monolithic_build/mldsa/config_87.h | 4 ++-- .../monolithic_build_multilevel/mldsa/multilevel_config.h | 4 ++-- .../mldsa/multilevel_config.h | 4 ++-- examples/monolithic_build_native/mldsa/config_44.h | 4 ++-- examples/monolithic_build_native/mldsa/config_65.h | 4 ++-- examples/monolithic_build_native/mldsa/config_87.h | 4 ++-- mldsa/mldsa_native_config.h | 4 ++-- mldsa/src/common.h | 2 +- mldsa/src/sys.h | 4 ++-- test/break_pct_config.h | 4 ++-- test/custom_memcpy_config.h | 4 ++-- test/custom_memset_config.h | 4 ++-- test/custom_native_capability_config_0.h | 4 ++-- test/custom_native_capability_config_1.h | 4 ++-- test/custom_native_capability_config_CPUID_AVX2.h | 4 ++-- test/custom_native_capability_config_ID_AA64PFR1_EL1.h | 4 ++-- test/custom_randombytes_config.h | 4 ++-- test/custom_stdlib_config.h | 4 ++-- test/custom_zeroize_config.h | 4 ++-- test/no_asm_config.h | 4 ++-- test/serial_fips202_config.h | 4 ++-- 24 files changed, 47 insertions(+), 47 deletions(-) diff --git a/examples/custom_backend/mldsa_native/custom_config.h b/examples/custom_backend/mldsa_native/custom_config.h index dcdeee2f2..72c0e250b 100644 --- a/examples/custom_backend/mldsa_native/custom_config.h +++ b/examples/custom_backend/mldsa_native/custom_config.h @@ -60,7 +60,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -73,7 +73,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build/mldsa/config_44.h b/examples/monolithic_build/mldsa/config_44.h index a365181a4..b875df524 100644 --- a/examples/monolithic_build/mldsa/config_44.h +++ b/examples/monolithic_build/mldsa/config_44.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build/mldsa/config_65.h b/examples/monolithic_build/mldsa/config_65.h index 81c22d736..c2e43b088 100644 --- a/examples/monolithic_build/mldsa/config_65.h +++ b/examples/monolithic_build/mldsa/config_65.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build/mldsa/config_87.h b/examples/monolithic_build/mldsa/config_87.h index 43985aa50..f59214062 100644 --- a/examples/monolithic_build/mldsa/config_87.h +++ b/examples/monolithic_build/mldsa/config_87.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h index d8c60056e..9e9035f54 100644 --- a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h +++ b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -70,7 +70,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h index 4c134a3f6..27a0c4cab 100644 --- a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h +++ b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h @@ -61,7 +61,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -74,7 +74,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build_native/mldsa/config_44.h b/examples/monolithic_build_native/mldsa/config_44.h index 61649e11d..4940a1511 100644 --- a/examples/monolithic_build_native/mldsa/config_44.h +++ b/examples/monolithic_build_native/mldsa/config_44.h @@ -58,7 +58,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -71,7 +71,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build_native/mldsa/config_65.h b/examples/monolithic_build_native/mldsa/config_65.h index 986c7ae80..d7bd4375d 100644 --- a/examples/monolithic_build_native/mldsa/config_65.h +++ b/examples/monolithic_build_native/mldsa/config_65.h @@ -58,7 +58,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -71,7 +71,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/examples/monolithic_build_native/mldsa/config_87.h b/examples/monolithic_build_native/mldsa/config_87.h index e0001c8eb..ca42456a0 100644 --- a/examples/monolithic_build_native/mldsa/config_87.h +++ b/examples/monolithic_build_native/mldsa/config_87.h @@ -58,7 +58,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -71,7 +71,7 @@ * *****************************************************************************/ /* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/mldsa/mldsa_native_config.h b/mldsa/mldsa_native_config.h index f8534d6ef..93538f9c6 100644 --- a/mldsa/mldsa_native_config.h +++ b/mldsa/mldsa_native_config.h @@ -41,7 +41,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -53,7 +53,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/mldsa/src/common.h b/mldsa/src/common.h index a4a42ed31..95b1860b2 100644 --- a/mldsa/src/common.h +++ b/mldsa/src/common.h @@ -51,7 +51,7 @@ /* Functions are prefixed by MLD_CONFIG_NAMESPACE_PREFIX. * * If multiple parameter sets are used, functions depending on the parameter - * set are additionally prefixed with 44/65/87. See config.h. + * set are additionally prefixed with 44/65/87. See mldsa_native_config.h. * * Example: If MLD_CONFIG_NAMESPACE_PREFIX is PQCP_MLDSA_NATIVE, then * MLD_NAMESPACE_KL(keypair) becomes PQCP_MLDSA_NATIVE44_keypair/ diff --git a/mldsa/src/sys.h b/mldsa/src/sys.h index 815ccfaf4..d3e2eb36d 100644 --- a/mldsa/src/sys.h +++ b/mldsa/src/sys.h @@ -235,8 +235,8 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) * If a feature is enabled at compile-time, we assume it is supported by * the host that the resulting library/binary will be built on. * If this assumption is not true, you MUST overwrite this function. - * See the documentation of MLD_CONFIG_CUSTOM_CAPABILITY_FUNC in config.h - * for more information. */ + * See the documentation of MLD_CONFIG_CUSTOM_CAPABILITY_FUNC in + * mldsa_native_config.h for more information. */ (void)cap; return 1; } diff --git a/test/break_pct_config.h b/test/break_pct_config.h index af0bd6398..593be4ff0 100644 --- a/test/break_pct_config.h +++ b/test/break_pct_config.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_memcpy_config.h b/test/custom_memcpy_config.h index 6fc786c36..f082432da 100644 --- a/test/custom_memcpy_config.h +++ b/test/custom_memcpy_config.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -68,7 +68,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_memset_config.h b/test/custom_memset_config.h index 66392ada1..f8d27dab3 100644 --- a/test/custom_memset_config.h +++ b/test/custom_memset_config.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -68,7 +68,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_native_capability_config_0.h b/test/custom_native_capability_config_0.h index d03c5a1d7..01588d820 100644 --- a/test/custom_native_capability_config_0.h +++ b/test/custom_native_capability_config_0.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_native_capability_config_1.h b/test/custom_native_capability_config_1.h index fdddb72f3..b4e4b57c3 100644 --- a/test/custom_native_capability_config_1.h +++ b/test/custom_native_capability_config_1.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_native_capability_config_CPUID_AVX2.h b/test/custom_native_capability_config_CPUID_AVX2.h index 902273c82..3603ce129 100644 --- a/test/custom_native_capability_config_CPUID_AVX2.h +++ b/test/custom_native_capability_config_CPUID_AVX2.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h index 3f2b76fb0..d346bd09e 100644 --- a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h +++ b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_randombytes_config.h b/test/custom_randombytes_config.h index b0022b67c..791d0149a 100644 --- a/test/custom_randombytes_config.h +++ b/test/custom_randombytes_config.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -68,7 +68,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_stdlib_config.h b/test/custom_stdlib_config.h index ae7eb2009..0b558950f 100644 --- a/test/custom_stdlib_config.h +++ b/test/custom_stdlib_config.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/custom_zeroize_config.h b/test/custom_zeroize_config.h index 5d5555244..4c2a1a8b7 100644 --- a/test/custom_zeroize_config.h +++ b/test/custom_zeroize_config.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -68,7 +68,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/no_asm_config.h b/test/no_asm_config.h index 93668bad5..b7f847ad1 100644 --- a/test/no_asm_config.h +++ b/test/no_asm_config.h @@ -57,7 +57,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -69,7 +69,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX diff --git a/test/serial_fips202_config.h b/test/serial_fips202_config.h index 18a225224..fd887cc38 100644 --- a/test/serial_fips202_config.h +++ b/test/serial_fips202_config.h @@ -56,7 +56,7 @@ * Name: MLD_CONFIG_FILE * * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/src/config.h. + * of the default configuration file mldsa/mldsa_native_config.h. * * When you need to build mldsa-native in multiple configurations, * using varying MLD_CONFIG_FILE can be more convenient @@ -68,7 +68,7 @@ * on the command line. * *****************************************************************************/ -/* #define MLD_CONFIG_FILE "config.h" */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ /****************************************************************************** * Name: MLD_CONFIG_NAMESPACE_PREFIX From 278760c29c8987ce9efff8f49375cdda6a72b1d2 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 09:47:05 +0800 Subject: [PATCH 3/7] config-variations CI: avoid config include via relative path Signed-off-by: Matthias J. Kannwischer --- .github/actions/config-variations/action.yml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/actions/config-variations/action.yml b/.github/actions/config-variations/action.yml index eec28149d..62956a6fe 100644 --- a/.github/actions/config-variations/action.yml +++ b/.github/actions/config-variations/action.yml @@ -37,7 +37,7 @@ runs: shell: bash run: | make clean - CFLAGS='-DMLD_CONFIG_FILE=\"../../test/break_pct_config.h\"' make func -j4 + CFLAGS='-Itest -DMLD_CONFIG_FILE=\"break_pct_config.h\"' make func -j4 # PCT breakage is done at runtime via MLD_BREAK_PCT make run_func # Should be OK MLD_BREAK_PCT=0 make run_func # Should be OK @@ -53,7 +53,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_zeroize_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_zeroize_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -66,7 +66,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_native_capability_config_1.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_native_capability_config_1.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -79,7 +79,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_native_capability_config_0.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_native_capability_config_0.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -92,7 +92,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -march=armv8.4-a+sha3 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_native_capability_config_ID_AA64PFR1_EL1.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -march=armv8.4-a+sha3 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_native_capability_config_ID_AA64PFR1_EL1.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -105,7 +105,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -mavx2 -mbmi2 -mpopcnt -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_native_capability_config_CPUID_AVX2.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -mavx2 -mbmi2 -mpopcnt -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_native_capability_config_CPUID_AVX2.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -118,7 +118,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/no_asm_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"no_asm_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -131,7 +131,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/serial_fips202_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"serial_fips202_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -144,7 +144,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_randombytes_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_randombytes_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -157,7 +157,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_memcpy_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_memcpy_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -170,7 +170,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_memset_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_memset_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true @@ -183,7 +183,7 @@ runs: with: gh_token: ${{ inputs.gh_token }} compile_mode: native - cflags: "-std=c11 -D_GNU_SOURCE -DMLD_CONFIG_FILE=\\\\\\\"../../test/custom_stdlib_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + cflags: "-std=c11 -D_GNU_SOURCE -Itest -DMLD_CONFIG_FILE=\\\\\\\"custom_stdlib_config.h\\\\\\\" -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" ldflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" func: true kat: true From 9a28f6ad5f3bb3c7d506ba364b187690519ca2bd Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 10:32:15 +0800 Subject: [PATCH 4/7] Derive mldsa_native.h configuration from config file Previously, mldsa_native.h required users to set MLD_CONFIG_API_* macros before including it, separate from the MLD_CONFIG_* macros used for the build configuration. This distinction between internal and external configuration it confusing. Now, mldsa_native.h derives all API settings from the same build configuration file used internally. - The legacy configuration via MLD_CONFIG_API_XXX still works for backwards compatibility, but will be removed in v2. - New Config Options: * MLD_CONFIG_MULTILEVEL_BUILD: Explicit flag for multi-level builds This makes it simpler to get headers for multi-level builds. In the common case, the configs used in a multi-level build are identical except for the setting of MLD_CONFIG_PARAMETER_SET and MLD_CONFIG_MULTILEVEL_{NO,WITH}_SHARED. However, the latter only affect the build, not the API. With MLD_CONFIG_MULTILEVEL_BUILD exposed as a separate option, mldsa_native.h can use it to determine whether to suffix the namespace prefix with the parameter set (44/65/87) or not, so no adaptation of MLD_CONFIG_MULTILEVEL_{NO,WITH}_SHARED is needed. Instead, a multi-level header simply becomes: ```c #define MLD_CONFIG_PARAMETER_SET 44 #include "mldsa_native.h" #undef MLD_CONFIG_PARAMETER_SET #define MLD_CONFIG_PARAMETER_SET 65 #include "mldsa_native.h" #undef MLD_CONFIG_PARAMETER_SET #define MLD_CONFIG_PARAMETER_SET 87 #include "mldsa_native.h" #undef MLD_CONFIG_PARAMETER_SET ``` For backwards compatibility, MLD_CONFIG_MULTILEVEL_BUILD is not used in the build, which continues to detect multilevel builds via the existing options MLD_CONFIG_MULTILEVEL_{WITH,NO}_SHARED. * MLD_CONFIG_NO_SUPERCOP: We had this before in mldsa_native.h as MLD_CONFIG_API_NO_SUPERCOP; it's now in the config and documented. * MLD_CONFIG_CONSTANTS_ONLY: We had this before in mldsa_native.h as MLD_CONFIG_API_CONSTANTS_ONLY; it's now in the config and documented. - Build-Internal vs API Config Separation: Config file now guards build-only options with #if defined(MLD_BUILD_INTERNAL). Signed-off-by: Matthias J. Kannwischer --- .../mldsa_native/custom_config.h | 138 +++++++++++++----- examples/monolithic_build/mldsa/config_44.h | 138 +++++++++++++----- examples/monolithic_build/mldsa/config_65.h | 138 +++++++++++++----- examples/monolithic_build/mldsa/config_87.h | 138 +++++++++++++----- .../mldsa/multilevel_config.h | 138 +++++++++++++----- .../mldsa/multilevel_config.h | 138 +++++++++++++----- .../monolithic_build_native/mldsa/config_44.h | 138 +++++++++++++----- .../monolithic_build_native/mldsa/config_65.h | 138 +++++++++++++----- .../monolithic_build_native/mldsa/config_87.h | 138 +++++++++++++----- mldsa/mldsa_native.S | 13 +- mldsa/mldsa_native.c | 13 +- mldsa/mldsa_native.h | 115 +++++++++++---- mldsa/mldsa_native_config.h | 138 +++++++++++++----- mldsa/src/common.h | 2 + mldsa/src/sign.h | 10 +- scripts/autogen | 1 + test/break_pct_config.h | 138 +++++++++++++----- test/custom_memcpy_config.h | 138 +++++++++++++----- test/custom_memset_config.h | 138 +++++++++++++----- test/custom_native_capability_config_0.h | 138 +++++++++++++----- test/custom_native_capability_config_1.h | 138 +++++++++++++----- ...stom_native_capability_config_CPUID_AVX2.h | 138 +++++++++++++----- ...native_capability_config_ID_AA64PFR1_EL1.h | 138 +++++++++++++----- test/custom_randombytes_config.h | 138 +++++++++++++----- test/custom_stdlib_config.h | 138 +++++++++++++----- test/custom_zeroize_config.h | 138 +++++++++++++----- test/no_asm_config.h | 138 +++++++++++++----- test/serial_fips202_config.h | 138 +++++++++++++----- 28 files changed, 2294 insertions(+), 896 deletions(-) diff --git a/examples/custom_backend/mldsa_native/custom_config.h b/examples/custom_backend/mldsa_native/custom_config.h index 72c0e250b..f7f10ff1d 100644 --- a/examples/custom_backend/mldsa_native/custom_config.h +++ b/examples/custom_backend/mldsa_native/custom_config.h @@ -47,6 +47,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -80,17 +85,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX CUSTOM_TINY_SHA3 +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -415,21 +507,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -479,25 +556,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -561,6 +619,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build/mldsa/config_44.h b/examples/monolithic_build/mldsa/config_44.h index b875df524..82570d430 100644 --- a/examples/monolithic_build/mldsa/config_44.h +++ b/examples/monolithic_build/mldsa/config_44.h @@ -47,6 +47,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,17 +81,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -417,21 +509,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -481,25 +558,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -563,6 +621,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build/mldsa/config_65.h b/examples/monolithic_build/mldsa/config_65.h index c2e43b088..ac77b489a 100644 --- a/examples/monolithic_build/mldsa/config_65.h +++ b/examples/monolithic_build/mldsa/config_65.h @@ -47,6 +47,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,17 +81,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -417,21 +509,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -481,25 +558,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -563,6 +621,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build/mldsa/config_87.h b/examples/monolithic_build/mldsa/config_87.h index f59214062..668538dc0 100644 --- a/examples/monolithic_build/mldsa/config_87.h +++ b/examples/monolithic_build/mldsa/config_87.h @@ -47,6 +47,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,17 +81,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -417,21 +509,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -481,25 +558,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -563,6 +621,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h index 9e9035f54..161db14f3 100644 --- a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h +++ b/examples/monolithic_build_multilevel/mldsa/multilevel_config.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -77,17 +82,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -418,21 +510,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -482,25 +559,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -564,6 +622,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h index 27a0c4cab..1b2c2509e 100644 --- a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h +++ b/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h @@ -49,6 +49,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -81,17 +86,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +#define MLD_CONFIG_EXTERNAL_API_QUALIFIER static + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -425,21 +517,6 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -#define MLD_CONFIG_EXTERNAL_API_QUALIFIER static - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -489,25 +566,6 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -571,6 +629,8 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build_native/mldsa/config_44.h b/examples/monolithic_build_native/mldsa/config_44.h index 4940a1511..4f1f05c99 100644 --- a/examples/monolithic_build_native/mldsa/config_44.h +++ b/examples/monolithic_build_native/mldsa/config_44.h @@ -49,6 +49,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -78,17 +83,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -415,21 +507,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -479,25 +556,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -561,6 +619,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build_native/mldsa/config_65.h b/examples/monolithic_build_native/mldsa/config_65.h index d7bd4375d..d891152fd 100644 --- a/examples/monolithic_build_native/mldsa/config_65.h +++ b/examples/monolithic_build_native/mldsa/config_65.h @@ -49,6 +49,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -78,17 +83,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -415,21 +507,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -479,25 +556,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -561,6 +619,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/examples/monolithic_build_native/mldsa/config_87.h b/examples/monolithic_build_native/mldsa/config_87.h index ca42456a0..4fbbc3ed8 100644 --- a/examples/monolithic_build_native/mldsa/config_87.h +++ b/examples/monolithic_build_native/mldsa/config_87.h @@ -49,6 +49,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -78,17 +83,104 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * *****************************************************************************/ #define MLD_CONFIG_NAMESPACE_PREFIX mldsa +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -415,21 +507,6 @@ *****************************************************************************/ #define MLD_CONFIG_INTERNAL_API_QUALIFIER static -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -479,25 +556,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -561,6 +619,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/mldsa/mldsa_native.S b/mldsa/mldsa_native.S index e8c4b9284..1f3a5ef6e 100644 --- a/mldsa/mldsa_native.S +++ b/mldsa/mldsa_native.S @@ -162,8 +162,15 @@ #undef MLD_API_CONCAT #undef MLD_API_CONCAT_ #undef MLD_API_CONCAT_UNDERSCORE +#undef MLD_API_LEGACY_CONFIG #undef MLD_API_MUST_CHECK_RETURN_VALUE #undef MLD_API_NAMESPACE +#undef MLD_API_QUALIFIER +#undef MLD_CONFIG_API_CONSTANTS_ONLY +#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_API_PARAMETER_SET +#undef MLD_CONFIG_API_QUALIFIER #undef MLD_DOMAIN_SEPARATION_MAX_BYTES #undef MLD_H #undef MLD_PREHASH_NONE @@ -188,6 +195,7 @@ #undef MLD_ADD_PARAM_SET #undef MLD_ASM_FN_SYMBOL #undef MLD_ASM_NAMESPACE +#undef MLD_BUILD_INTERNAL #undef MLD_COMMON_H #undef MLD_CONCAT #undef MLD_CONCAT_ @@ -214,9 +222,6 @@ #undef mld_unpack_sig #undef mld_unpack_sk /* mldsa/src/params.h */ -#undef CRYPTO_BYTES -#undef CRYPTO_PUBLICKEYBYTES -#undef CRYPTO_SECRETKEYBYTES #undef MLDSA_BETA #undef MLDSA_CRHBYTES #undef MLDSA_CTILDEBYTES @@ -302,7 +307,7 @@ #undef mld_power2round #undef mld_use_hint /* mldsa/src/sign.h */ -#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_NO_SUPERCOP #undef MLD_DOMAIN_SEPARATION_MAX_BYTES #undef MLD_PREHASH_NONE #undef MLD_PREHASH_SHA2_224 diff --git a/mldsa/mldsa_native.c b/mldsa/mldsa_native.c index 2972ed33d..0e7e0a6a4 100644 --- a/mldsa/mldsa_native.c +++ b/mldsa/mldsa_native.c @@ -159,8 +159,15 @@ #undef MLD_API_CONCAT #undef MLD_API_CONCAT_ #undef MLD_API_CONCAT_UNDERSCORE +#undef MLD_API_LEGACY_CONFIG #undef MLD_API_MUST_CHECK_RETURN_VALUE #undef MLD_API_NAMESPACE +#undef MLD_API_QUALIFIER +#undef MLD_CONFIG_API_CONSTANTS_ONLY +#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_API_PARAMETER_SET +#undef MLD_CONFIG_API_QUALIFIER #undef MLD_DOMAIN_SEPARATION_MAX_BYTES #undef MLD_H #undef MLD_PREHASH_NONE @@ -185,6 +192,7 @@ #undef MLD_ADD_PARAM_SET #undef MLD_ASM_FN_SYMBOL #undef MLD_ASM_NAMESPACE +#undef MLD_BUILD_INTERNAL #undef MLD_COMMON_H #undef MLD_CONCAT #undef MLD_CONCAT_ @@ -211,9 +219,6 @@ #undef mld_unpack_sig #undef mld_unpack_sk /* mldsa/src/params.h */ -#undef CRYPTO_BYTES -#undef CRYPTO_PUBLICKEYBYTES -#undef CRYPTO_SECRETKEYBYTES #undef MLDSA_BETA #undef MLDSA_CRHBYTES #undef MLDSA_CTILDEBYTES @@ -299,7 +304,7 @@ #undef mld_power2round #undef mld_use_hint /* mldsa/src/sign.h */ -#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_NO_SUPERCOP #undef MLD_DOMAIN_SEPARATION_MAX_BYTES #undef MLD_PREHASH_NONE #undef MLD_PREHASH_SHA2_224 diff --git a/mldsa/mldsa_native.h b/mldsa/mldsa_native.h index 342e96faa..b360b7e80 100644 --- a/mldsa/mldsa_native.h +++ b/mldsa/mldsa_native.h @@ -15,19 +15,30 @@ #ifndef MLD_H #define MLD_H -/****************************************************************************** - * +/* * Public API for mldsa-native * * This header defines the public API of a single build of mldsa-native. * - * # Examples + * Make sure the configuration file is in the include path + * (this is "mldsa_native_config.h" by default, or MLD_CONFIG_FILE if defined). * - * See [examples/basic] for examples of how to use this header. + * # Multi-level builds + * + * This header specifies a build of mldsa-native for a fixed security level. + * If you need multiple security levels, leave the security level unspecified + * in the configuration file and include this header multiple times, setting + * MLD_CONFIG_PARAMETER_SET accordingly for each, and #undef'ing the MLD_H + * guard to allow multiple inclusions. * - * # Usage + * # Legacy configuration (deprecated) * - * To use this header, configure the following options: + * Instead of providing the config file used for the build, you can + * alternatively set the following configuration options prior to + * including this header. + * + * This method of configuration is deprecated. + * It will be removed in mldsa-native-v2. * * - MLD_CONFIG_API_PARAMETER_SET [required] * @@ -55,14 +66,9 @@ * MLD_CONFIG_API_PARAMETER_SET or MLD_CONFIG_API_NAMESPACE_PREFIX, * nor include a configuration. * - * # Multi-level builds - * - * This header specifies a build of mldsa-native for a fixed security level. - * If you need multiple builds, e.g. to build a library offering multiple - * security levels, you need multiple instances of this header. + * - MLD_CONFIG_API_QUALIFIER [optional] * - * NOTE: In this case, you must rename or #undef the MLD_H header guard - * prior to subsequent inclusions of this file. + * Qualifier to apply to external API. * ******************************************************************************/ @@ -118,25 +124,50 @@ /****************************** Function API **********************************/ -#if !defined(MLD_CONFIG_API_CONSTANTS_ONLY) +#define MLD_API_CONCAT_(x, y) x##y +#define MLD_API_CONCAT(x, y) MLD_API_CONCAT_(x, y) +#define MLD_API_CONCAT_UNDERSCORE(x, y) MLD_API_CONCAT(MLD_API_CONCAT(x, _), y) #if !defined(MLD_CONFIG_API_PARAMETER_SET) -#error MLD_CONFIG_API_PARAMETER_SET not defined +/* Recommended configuration via same config file as used for the build. */ + +/* For now, we derive the legacy API configuration MLD_CONFIG_API_XXX from + * the config file. In mldsa-native-v2, this will be removed and we will + * exclusively work with MLD_CONFIG_XXX. */ + +/* You need to make sure the config file is in the include path. */ +#if defined(MLD_CONFIG_FILE) +#include MLD_CONFIG_FILE +#else +#include "mldsa_native_config.h" +#endif + +#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET + +#if defined(MLD_CONFIG_MULTILEVEL_BUILD) +#define MLD_CONFIG_API_NAMESPACE_PREFIX \ + MLD_API_CONCAT(MLD_CONFIG_NAMESPACE_PREFIX, MLD_CONFIG_PARAMETER_SET) +#else +#define MLD_CONFIG_API_NAMESPACE_PREFIX MLD_CONFIG_NAMESPACE_PREFIX #endif -#if !defined(MLD_CONFIG_API_NAMESPACE_PREFIX) -#error MLD_CONFIG_API_NAMESPACE_PREFIX not defined + +#if defined(MLD_CONFIG_NO_SUPERCOP) +#define MLD_CONFIG_API_NO_SUPERCOP #endif -/* Validate parameter set */ -#if MLD_CONFIG_API_PARAMETER_SET != 44 && \ - MLD_CONFIG_API_PARAMETER_SET != 65 && MLD_CONFIG_API_PARAMETER_SET != 87 -#error MLD_CONFIG_API_PARAMETER_SET must be 44, 65, or 87 +#if defined(MLD_CONFIG_CONSTANTS_ONLY) +#define MLD_CONFIG_API_CONSTANTS_ONLY #endif -/* Derive namespacing macro */ -#define MLD_API_CONCAT_(x, y) x##y -#define MLD_API_CONCAT(x, y) MLD_API_CONCAT_(x, y) -#define MLD_API_CONCAT_UNDERSCORE(x, y) MLD_API_CONCAT(MLD_API_CONCAT(x, _), y) +#if defined(MLD_CONFIG_EXTERNAL_API_QUALIFIER) +#define MLD_CONFIG_API_QUALIFIER MLD_CONFIG_EXTERNAL_API_QUALIFIER +#endif + +#else /* !MLD_CONFIG_API_PARAMETER_SET */ +#define MLD_API_LEGACY_CONFIG + +#endif /* MLD_CONFIG_API_PARAMETER_SET */ + #define MLD_API_NAMESPACE(sym) \ MLD_API_CONCAT_UNDERSCORE(MLD_CONFIG_API_NAMESPACE_PREFIX, sym) @@ -146,6 +177,14 @@ #define MLD_API_MUST_CHECK_RETURN_VALUE #endif +#if defined(MLD_CONFIG_API_QUALIFIER) +#define MLD_API_QUALIFIER MLD_CONFIG_API_QUALIFIER +#else +#define MLD_API_QUALIFIER +#endif + +#if !defined(MLD_CONFIG_API_CONSTANTS_ONLY) + #include #include @@ -169,6 +208,7 @@ * Specification: Implements @[FIPS204 Algorithm 6 (ML-DSA.KeyGen_internal)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(keypair_internal)( uint8_t pk[MLDSA_PUBLICKEYBYTES(MLD_CONFIG_API_PARAMETER_SET)], @@ -193,6 +233,7 @@ int MLD_API_NAMESPACE(keypair_internal)( * Specification: Implements @[FIPS204 Algorithm 1 (ML-DSA.KeyGen)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(keypair)( uint8_t pk[MLDSA_PUBLICKEYBYTES(MLD_CONFIG_API_PARAMETER_SET)], @@ -226,6 +267,7 @@ int MLD_API_NAMESPACE(keypair)( * in that it adds an explicit check for nonce exhaustion * and can return -1 in that case. **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(signature_internal)( uint8_t sig[MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET)], size_t *siglen, @@ -259,6 +301,7 @@ int MLD_API_NAMESPACE(signature_internal)( * Specification: Implements @[FIPS204 Algorithm 2 (ML-DSA.Sign)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(signature)( uint8_t sig[MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET)], size_t *siglen, @@ -285,6 +328,7 @@ int MLD_API_NAMESPACE(signature)( * variant)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(signature_extmu)( uint8_t sig[MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET)], size_t *siglen, @@ -312,6 +356,7 @@ int MLD_API_NAMESPACE(signature_extmu)( * * Returns 0 (success) or -1 (context string too long OR nonce exhausted) **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(sign)( uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, @@ -339,6 +384,7 @@ int MLD_API_NAMESPACE(sign)( * Specification: Implements @[FIPS204 Algorithm 8 (ML-DSA.Verify_internal)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(verify_internal)( const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, @@ -367,6 +413,7 @@ int MLD_API_NAMESPACE(verify_internal)( * Specification: Implements @[FIPS204 Algorithm 3 (ML-DSA.Verify)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(verify)( const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, @@ -392,6 +439,7 @@ int MLD_API_NAMESPACE(verify)( * variant)] * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(verify_extmu)( const uint8_t *sig, size_t siglen, const uint8_t mu[MLDSA_CRHBYTES], @@ -415,6 +463,7 @@ int MLD_API_NAMESPACE(verify_extmu)( * * Returns 0 if signed message could be verified correctly and -1 otherwise **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(open)( uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, @@ -470,6 +519,7 @@ int MLD_API_NAMESPACE(open)( * Returns 0 (success) or -1 (context string too long OR invalid phlen OR nonce * exhaustion) **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(signature_pre_hash_internal)( uint8_t sig[MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET)], size_t *siglen, @@ -506,6 +556,7 @@ int MLD_API_NAMESPACE(signature_pre_hash_internal)( * * Returns 0 if signature could be verified correctly and -1 otherwise **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(verify_pre_hash_internal)( const uint8_t *sig, size_t siglen, const uint8_t *ph, size_t phlen, @@ -536,6 +587,7 @@ int MLD_API_NAMESPACE(verify_pre_hash_internal)( * * Returns 0 (success) or -1 (context string too long OR nonce exhaustion) **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(signature_pre_hash_shake256)( uint8_t sig[MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET)], size_t *siglen, @@ -563,6 +615,7 @@ int MLD_API_NAMESPACE(signature_pre_hash_shake256)( * * Returns 0 if signature could be verified correctly and -1 otherwise **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(verify_pre_hash_shake256)( const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, @@ -610,6 +663,7 @@ int MLD_API_NAMESPACE(verify_pre_hash_shake256)( * @[FIPS204, Algorithm 3 (ML-DSA.Verify), L5]. * **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE size_t MLD_API_NAMESPACE(prepare_domain_separation_prefix)( uint8_t prefix[MLD_DOMAIN_SEPARATION_MAX_BYTES], const uint8_t *ph, @@ -629,6 +683,7 @@ size_t MLD_API_NAMESPACE(prepare_domain_separation_prefix)( * Note: This function leaks whether the secret key is valid or invalid * through its return value and timing. **************************************************/ +MLD_API_QUALIFIER MLD_API_MUST_CHECK_RETURN_VALUE int MLD_API_NAMESPACE(pk_from_sk)( uint8_t pk[MLDSA_PUBLICKEYBYTES(MLD_CONFIG_API_PARAMETER_SET)], @@ -652,11 +707,21 @@ int MLD_API_NAMESPACE(pk_from_sk)( /* If the SUPERCOP API is not needed, we can undefine the various helper macros * above. Otherwise, they are needed for lazy evaluation of crypto_sign_xxx. */ +#if !defined(MLD_API_LEGACY_CONFIG) +#undef MLD_CONFIG_API_PARAMETER_SET +#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_API_CONSTANTS_ONLY +#undef MLD_CONFIG_API_QUALIFIER +#endif /* !MLD_API_LEGACY_CONFIG */ + #undef MLD_API_CONCAT #undef MLD_API_CONCAT_ #undef MLD_API_CONCAT_UNDERSCORE #undef MLD_API_NAMESPACE #undef MLD_API_MUST_CHECK_RETURN_VALUE +#undef MLD_API_QUALIFIER +#undef MLD_API_LEGACY_CONFIG #endif /* MLD_CONFIG_API_NO_SUPERCOP */ #endif /* !MLD_CONFIG_API_CONSTANTS_ONLY */ diff --git a/mldsa/mldsa_native_config.h b/mldsa/mldsa_native_config.h index 93538f9c6..997bf481d 100644 --- a/mldsa/mldsa_native_config.h +++ b/mldsa/mldsa_native_config.h @@ -29,6 +29,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -60,11 +65,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -73,6 +75,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -403,21 +495,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -467,25 +544,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -549,6 +607,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/mldsa/src/common.h b/mldsa/src/common.h index 95b1860b2..49d264ada 100644 --- a/mldsa/src/common.h +++ b/mldsa/src/common.h @@ -6,6 +6,8 @@ #ifndef MLD_COMMON_H #define MLD_COMMON_H +#define MLD_BUILD_INTERNAL + #if defined(MLD_CONFIG_FILE) #include MLD_CONFIG_FILE #else diff --git a/mldsa/src/sign.h b/mldsa/src/sign.h index 2a803f760..c1dbefb83 100644 --- a/mldsa/src/sign.h +++ b/mldsa/src/sign.h @@ -26,19 +26,19 @@ #if defined(MLD_CHECK_APIS) /* Include to ensure consistency between internal sign.h * and external mldsa_native.h. */ -#define MLD_CONFIG_API_NO_SUPERCOP +#define MLD_CONFIG_NO_SUPERCOP #include "mldsa_native.h" -#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_NO_SUPERCOP -#if CRYPTO_SECRETKEYBYTES != MLDSA_SECRETKEYBYTES(MLD_CONFIG_API_PARAMETER_SET) +#if CRYPTO_SECRETKEYBYTES != MLDSA_SECRETKEYBYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for SECRETKEYBYTES between sign.h and mldsa_native.h #endif -#if CRYPTO_PUBLICKEYBYTES != MLDSA_PUBLICKEYBYTES(MLD_CONFIG_API_PARAMETER_SET) +#if CRYPTO_PUBLICKEYBYTES != MLDSA_PUBLICKEYBYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for PUBLICKEYBYTES between sign.h and mldsa_native.h #endif -#if CRYPTO_BYTES != MLDSA_BYTES(MLD_CONFIG_API_PARAMETER_SET) +#if CRYPTO_BYTES != MLDSA_BYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for CRYPTO_BYTES between sign.h and mldsa_native.h #endif diff --git a/scripts/autogen b/scripts/autogen index 3d2754590..0b795bc73 100755 --- a/scripts/autogen +++ b/scripts/autogen @@ -1655,6 +1655,7 @@ def get_config_options(): "MLD_CHECK_APIS", "MLD_CONFIG_API_XXX", "MLD_USE_NATIVE_XXX", + "MLD_CONFIG_XXX", "MLD_CONFIG_API_CONSTANTS_ONLY", "MLD_PREHASH_", ] diff --git a/test/break_pct_config.h b/test/break_pct_config.h index 593be4ff0..13a10cfd3 100644 --- a/test/break_pct_config.h +++ b/test/break_pct_config.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -419,21 +511,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -483,25 +560,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -569,6 +627,8 @@ static MLD_INLINE int mld_break_pct(void) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_memcpy_config.h b/test/custom_memcpy_config.h index f082432da..9061d7a44 100644 --- a/test/custom_memcpy_config.h +++ b/test/custom_memcpy_config.h @@ -44,6 +44,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -75,11 +80,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -88,6 +90,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -426,21 +518,6 @@ static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -490,25 +567,6 @@ static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -572,6 +630,8 @@ static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_memset_config.h b/test/custom_memset_config.h index f8d27dab3..c973a00a9 100644 --- a/test/custom_memset_config.h +++ b/test/custom_memset_config.h @@ -44,6 +44,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -75,11 +80,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -88,6 +90,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -425,21 +517,6 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -489,25 +566,6 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -571,6 +629,8 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_native_capability_config_0.h b/test/custom_native_capability_config_0.h index 01588d820..034dbcff0 100644 --- a/test/custom_native_capability_config_0.h +++ b/test/custom_native_capability_config_0.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -425,21 +517,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -489,25 +566,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -571,6 +629,8 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_native_capability_config_1.h b/test/custom_native_capability_config_1.h index b4e4b57c3..d98d9b259 100644 --- a/test/custom_native_capability_config_1.h +++ b/test/custom_native_capability_config_1.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -424,21 +516,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -488,25 +565,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -570,6 +628,8 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_native_capability_config_CPUID_AVX2.h b/test/custom_native_capability_config_CPUID_AVX2.h index 3603ce129..2aae50ece 100644 --- a/test/custom_native_capability_config_CPUID_AVX2.h +++ b/test/custom_native_capability_config_CPUID_AVX2.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -456,21 +548,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -520,25 +597,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -602,6 +660,8 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h index d346bd09e..a0cf8dbc2 100644 --- a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h +++ b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -443,21 +535,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -507,25 +584,6 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -589,6 +647,8 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_randombytes_config.h b/test/custom_randombytes_config.h index 791d0149a..2e93a648a 100644 --- a/test/custom_randombytes_config.h +++ b/test/custom_randombytes_config.h @@ -44,6 +44,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -75,11 +80,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -88,6 +90,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -419,21 +511,6 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -483,25 +560,6 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -565,6 +623,8 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_stdlib_config.h b/test/custom_stdlib_config.h index 0b558950f..89c7e6341 100644 --- a/test/custom_stdlib_config.h +++ b/test/custom_stdlib_config.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -434,21 +526,6 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -498,25 +575,6 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -580,6 +638,8 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/custom_zeroize_config.h b/test/custom_zeroize_config.h index 4c2a1a8b7..7d6ae9730 100644 --- a/test/custom_zeroize_config.h +++ b/test/custom_zeroize_config.h @@ -44,6 +44,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -75,11 +80,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -88,6 +90,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -419,21 +511,6 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -483,25 +560,6 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -565,6 +623,8 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/no_asm_config.h b/test/no_asm_config.h index b7f847ad1..aca50bb98 100644 --- a/test/no_asm_config.h +++ b/test/no_asm_config.h @@ -45,6 +45,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -76,11 +81,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -89,6 +91,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -420,21 +512,6 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -484,25 +561,6 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -566,6 +624,8 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define diff --git a/test/serial_fips202_config.h b/test/serial_fips202_config.h index fd887cc38..63ba282be 100644 --- a/test/serial_fips202_config.h +++ b/test/serial_fips202_config.h @@ -44,6 +44,11 @@ * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * * This can also be set using CFLAGS. * *****************************************************************************/ @@ -75,11 +80,8 @@ * * Description: The prefix to use to namespace global symbols from mldsa/. * - * In a multi-level build (that is, if either - * - MLD_CONFIG_MULTILEVEL_WITH_SHARED, or - * - MLD_CONFIG_MULTILEVEL_NO_SHARED, - * are set, level-dependent symbols will additionally be prefixed - * with the parameter set (44/65/87). + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). * * This can also be set using CFLAGS. * @@ -88,6 +90,96 @@ #define MLD_CONFIG_NAMESPACE_PREFIX MLD_DEFAULT_NAMESPACE_PREFIX #endif +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) /****************************************************************************** * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED * @@ -418,21 +510,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED * @@ -482,25 +559,6 @@ *****************************************************************************/ /* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - /****************************************************************************** * Name: MLD_CONFIG_KEYGEN_PCT * @@ -564,6 +622,8 @@ /************************* Config internals ********************************/ +#endif /* MLD_BUILD_INTERNAL */ + /* Default namespace * * Don't change this. If you need a different namespace, re-define From 45c68388de2d22817ed461b4e7a42eac42609d0b Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 11:56:44 +0800 Subject: [PATCH 5/7] Restructure examples - Example Directory Restructuring: All examples refactored with mldsa/ subdirectories renamed to mldsa_native/ and CFLAGS configuration replaced by custom configs. Signed-off-by: Matthias J. Kannwischer --- BIBLIOGRAPHY.md | 36 +- examples/basic/Makefile | 12 +- examples/basic/expected_signatures.h | 8 +- examples/basic/main.c | 2 - examples/basic/mldsa_native/mldsa | 1 - .../mldsa_native}/mldsa_native.h | 0 .../basic/mldsa_native/mldsa_native_config.h | 1 + .../mldsa => basic/mldsa_native}/src | 0 examples/basic_deterministic/Makefile | 21 +- examples/basic_deterministic/main.c | 2 - .../basic_deterministic/mldsa_native/mldsa | 1 - .../mldsa_native}/mldsa_native.h | 0 .../mldsa_native/mldsa_native_config.h | 648 +++++++++++++++++ .../mldsa_native}/src | 0 examples/bring_your_own_fips202/Makefile | 12 - examples/bring_your_own_fips202/main.c | 2 - .../mldsa_native/mldsa_native_config.h | 649 ++++++++++++++++- .../bring_your_own_fips202_static/Makefile | 11 - examples/bring_your_own_fips202_static/main.c | 2 - .../mldsa_native/mldsa_native_config.h | 650 +++++++++++++++++- examples/custom_backend/Makefile | 18 +- examples/custom_backend/main.c | 2 - .../mldsa_native/mldsa/mldsa_native.h | 1 - .../mldsa_native/mldsa/src/cbmc.h | 1 - .../mldsa_native/mldsa/src/common.h | 1 - .../mldsa_native/mldsa/src/config.h | 1 - .../mldsa_native/mldsa/src/ct.c | 1 - .../mldsa_native/mldsa/src/ct.h | 1 - .../mldsa_native/mldsa/src/debug.c | 1 - .../mldsa_native/mldsa/src/debug.h | 1 - .../mldsa_native/mldsa/src/fips202/fips202.c | 1 - .../mldsa_native/mldsa/src/fips202/fips202.h | 1 - .../mldsa/src/fips202/fips202x4.c | 1 - .../mldsa/src/fips202/fips202x4.h | 1 - .../mldsa/src/fips202/keccakf1600.c | 1 - .../mldsa/src/fips202/keccakf1600.h | 1 - .../mldsa/src/fips202/native/api.h | 1 - .../mldsa_native/mldsa/src/ntt.c | 1 - .../mldsa_native/mldsa/src/ntt.h | 1 - .../mldsa_native/mldsa/src/packing.c | 1 - .../mldsa_native/mldsa/src/packing.h | 1 - .../mldsa_native/mldsa/src/params.h | 1 - .../mldsa_native/mldsa/src/poly.c | 1 - .../mldsa_native/mldsa/src/poly.h | 1 - .../mldsa_native/mldsa/src/poly_kl.c | 1 - .../mldsa_native/mldsa/src/poly_kl.h | 1 - .../mldsa_native/mldsa/src/polyvec.c | 1 - .../mldsa_native/mldsa/src/polyvec.h | 1 - .../mldsa_native/mldsa/src/randombytes.h | 1 - .../mldsa_native/mldsa/src/reduce.h | 1 - .../mldsa_native/mldsa/src/rounding.h | 1 - .../mldsa_native/mldsa/src/sign.c | 1 - .../mldsa_native/mldsa/src/sign.h | 1 - .../mldsa_native/mldsa/src/symmetric.h | 1 - .../mldsa_native/mldsa/src/sys.h | 1 - .../mldsa_native/mldsa/src/zetas.inc | 1 - .../mldsa_native}/mldsa_native.h | 0 ...{custom_config.h => mldsa_native_config.h} | 10 +- .../mldsa_native}/src/cbmc.h | 0 .../mldsa_native}/src/common.h | 0 .../mldsa_native}/src/ct.c | 0 .../mldsa_native}/src/ct.h | 0 .../mldsa_native}/src/debug.c | 0 .../mldsa_native}/src/debug.h | 0 .../mldsa_native/src/fips202/fips202.c | 1 + .../mldsa_native/src/fips202/fips202.h | 1 + .../mldsa_native/src/fips202/fips202x4.c | 1 + .../mldsa_native/src/fips202/fips202x4.h | 1 + .../mldsa_native/src/fips202/keccakf1600.c | 1 + .../mldsa_native/src/fips202/keccakf1600.h | 1 + .../mldsa_native/src/fips202/native/api.h | 1 + .../src/fips202/native/custom/custom.h | 0 .../src/fips202/native/custom/src/LICENSE | 0 .../src/fips202/native/custom/src/README.md | 0 .../src/fips202/native/custom/src/sha3.c | 0 .../src/fips202/native/custom/src/sha3.h | 0 .../mldsa_native}/src/ntt.c | 0 .../mldsa_native}/src/ntt.h | 0 .../mldsa_native}/src/packing.c | 0 .../mldsa_native}/src/packing.h | 0 .../mldsa_native}/src/params.h | 0 .../mldsa_native}/src/poly.c | 0 .../mldsa_native}/src/poly.h | 0 .../mldsa_native}/src/poly_kl.c | 0 .../mldsa_native}/src/poly_kl.h | 0 .../mldsa_native}/src/polyvec.c | 0 .../mldsa_native}/src/polyvec.h | 0 .../mldsa_native}/src/randombytes.h | 0 .../mldsa_native}/src/reduce.h | 0 .../mldsa_native}/src/rounding.h | 0 .../mldsa_native}/src/sign.c | 0 .../mldsa_native}/src/sign.h | 0 .../mldsa_native}/src/symmetric.h | 0 .../mldsa_native}/src/sys.h | 0 .../mldsa_native}/src/zetas.inc | 0 examples/monolithic_build/Makefile | 16 +- examples/monolithic_build/main.c | 3 +- examples/monolithic_build/mldsa/src/fips202 | 1 - .../{mldsa => mldsa_native}/mldsa_native.c | 0 .../mldsa_native}/mldsa_native.h | 0 .../mldsa_native/mldsa_native_config.h} | 12 +- .../mldsa_native}/src | 0 examples/monolithic_build_multilevel/Makefile | 2 +- .../mldsa_native}/mldsa_native.S | 0 .../{mldsa => mldsa_native}/mldsa_native.c | 0 .../mldsa_native/mldsa_native.h | 1 + .../mldsa_native/mldsa_native_config.h} | 22 +- .../mldsa_native/src | 1 + .../mldsa_native_all.c | 2 - .../mldsa_native_all.h | 22 +- .../Makefile | 7 +- .../mldsa_native}/mldsa_native.S | 0 .../{mldsa => mldsa_native}/mldsa_native.c | 0 .../mldsa_native/mldsa_native.h | 1 + .../mldsa_native_config.h} | 13 +- .../mldsa_native/src | 1 + .../mldsa_native_all.c | 2 - examples/monolithic_build_native/Makefile | 22 +- examples/monolithic_build_native/main.c | 1 - .../monolithic_build_native/mldsa/config_44.h | 644 ----------------- .../monolithic_build_native/mldsa/config_65.h | 644 ----------------- .../mldsa_native/mldsa_native.S | 1 + .../{mldsa => mldsa_native}/mldsa_native.c | 0 .../mldsa_native/mldsa_native.h | 1 + .../mldsa_native/mldsa_native_config.h} | 19 +- .../monolithic_build_native/mldsa_native/src | 1 + examples/multilevel_build/Makefile | 10 +- examples/multilevel_build/mldsa_native/mldsa | 1 - .../mldsa_native/mldsa_native.h | 1 + .../mldsa_native/mldsa_native_config.h} | 25 +- examples/multilevel_build/mldsa_native/src | 1 + examples/multilevel_build/mldsa_native_all.h | 24 +- examples/multilevel_build_native/Makefile | 28 +- .../mldsa_native/mldsa | 1 - .../mldsa_native/mldsa_native.h | 1 + .../mldsa_native/mldsa_native_config.h} | 25 +- .../multilevel_build_native/mldsa_native/src | 1 + .../mldsa_native_all.h | 24 +- mldsa/mldsa_native_config.h | 10 +- scripts/lint | 2 +- test/break_pct_config.h | 8 +- test/configs.yml | 88 +-- test/custom_memcpy_config.h | 8 +- test/custom_memset_config.h | 8 +- test/custom_native_capability_config_0.h | 10 +- test/custom_native_capability_config_1.h | 10 +- ...stom_native_capability_config_CPUID_AVX2.h | 10 +- ...native_capability_config_ID_AA64PFR1_EL1.h | 10 +- test/custom_randombytes_config.h | 8 +- test/custom_stdlib_config.h | 6 +- test/custom_zeroize_config.h | 8 +- test/no_asm_config.h | 8 +- test/serial_fips202_config.h | 10 +- 153 files changed, 2242 insertions(+), 1672 deletions(-) delete mode 120000 examples/basic/mldsa_native/mldsa rename examples/{monolithic_build/mldsa => basic/mldsa_native}/mldsa_native.h (100%) create mode 120000 examples/basic/mldsa_native/mldsa_native_config.h rename examples/{monolithic_build_multilevel/mldsa => basic/mldsa_native}/src (100%) delete mode 120000 examples/basic_deterministic/mldsa_native/mldsa rename examples/{monolithic_build_multilevel/mldsa => basic_deterministic/mldsa_native}/mldsa_native.h (100%) create mode 100644 examples/basic_deterministic/mldsa_native/mldsa_native_config.h rename examples/{monolithic_build_multilevel_native/mldsa => basic_deterministic/mldsa_native}/src (100%) mode change 120000 => 100644 examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h mode change 120000 => 100644 examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/mldsa_native.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/cbmc.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/common.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/config.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/ct.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/ct.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/debug.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/debug.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/fips202/native/api.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/ntt.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/ntt.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/packing.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/packing.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/params.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/poly.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/poly.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/poly_kl.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/poly_kl.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/polyvec.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/polyvec.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/randombytes.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/reduce.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/rounding.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/sign.c delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/sign.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/symmetric.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/sys.h delete mode 120000 examples/custom_backend/mldsa_native/mldsa/src/zetas.inc rename examples/{monolithic_build_multilevel_native/mldsa => custom_backend/mldsa_native}/mldsa_native.h (100%) rename examples/custom_backend/mldsa_native/{custom_config.h => mldsa_native_config.h} (99%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/cbmc.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/common.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/ct.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/ct.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/debug.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/debug.h (100%) create mode 120000 examples/custom_backend/mldsa_native/src/fips202/fips202.c create mode 120000 examples/custom_backend/mldsa_native/src/fips202/fips202.h create mode 120000 examples/custom_backend/mldsa_native/src/fips202/fips202x4.c create mode 120000 examples/custom_backend/mldsa_native/src/fips202/fips202x4.h create mode 120000 examples/custom_backend/mldsa_native/src/fips202/keccakf1600.c create mode 120000 examples/custom_backend/mldsa_native/src/fips202/keccakf1600.h create mode 120000 examples/custom_backend/mldsa_native/src/fips202/native/api.h rename examples/custom_backend/mldsa_native/{mldsa => }/src/fips202/native/custom/custom.h (100%) rename examples/custom_backend/mldsa_native/{mldsa => }/src/fips202/native/custom/src/LICENSE (100%) rename examples/custom_backend/mldsa_native/{mldsa => }/src/fips202/native/custom/src/README.md (100%) rename examples/custom_backend/mldsa_native/{mldsa => }/src/fips202/native/custom/src/sha3.c (100%) rename examples/custom_backend/mldsa_native/{mldsa => }/src/fips202/native/custom/src/sha3.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/ntt.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/ntt.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/packing.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/packing.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/params.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/poly.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/poly.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/poly_kl.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/poly_kl.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/polyvec.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/polyvec.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/randombytes.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/reduce.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/rounding.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/sign.c (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/sign.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/symmetric.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/sys.h (100%) rename examples/{monolithic_build/mldsa => custom_backend/mldsa_native}/src/zetas.inc (100%) delete mode 120000 examples/monolithic_build/mldsa/src/fips202 rename examples/monolithic_build/{mldsa => mldsa_native}/mldsa_native.c (100%) rename examples/{monolithic_build_native/mldsa => monolithic_build/mldsa_native}/mldsa_native.h (100%) rename examples/{monolithic_build_multilevel/mldsa/multilevel_config.h => monolithic_build/mldsa_native/mldsa_native_config.h} (99%) rename examples/{monolithic_build_native/mldsa => monolithic_build/mldsa_native}/src (100%) rename examples/{monolithic_build_multilevel_native/mldsa => monolithic_build_multilevel/mldsa_native}/mldsa_native.S (100%) rename examples/monolithic_build_multilevel/{mldsa => mldsa_native}/mldsa_native.c (100%) create mode 120000 examples/monolithic_build_multilevel/mldsa_native/mldsa_native.h rename examples/{monolithic_build/mldsa/config_65.h => monolithic_build_multilevel/mldsa_native/mldsa_native_config.h} (98%) create mode 120000 examples/monolithic_build_multilevel/mldsa_native/src rename examples/{monolithic_build_native/mldsa => monolithic_build_multilevel_native/mldsa_native}/mldsa_native.S (100%) rename examples/monolithic_build_multilevel_native/{mldsa => mldsa_native}/mldsa_native.c (100%) create mode 120000 examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.h rename examples/monolithic_build_multilevel_native/{mldsa/multilevel_config.h => mldsa_native/mldsa_native_config.h} (99%) create mode 120000 examples/monolithic_build_multilevel_native/mldsa_native/src delete mode 100644 examples/monolithic_build_native/mldsa/config_44.h delete mode 100644 examples/monolithic_build_native/mldsa/config_65.h create mode 120000 examples/monolithic_build_native/mldsa_native/mldsa_native.S rename examples/monolithic_build_native/{mldsa => mldsa_native}/mldsa_native.c (100%) create mode 120000 examples/monolithic_build_native/mldsa_native/mldsa_native.h rename examples/{monolithic_build/mldsa/config_44.h => monolithic_build_native/mldsa_native/mldsa_native_config.h} (98%) create mode 120000 examples/monolithic_build_native/mldsa_native/src delete mode 120000 examples/multilevel_build/mldsa_native/mldsa create mode 120000 examples/multilevel_build/mldsa_native/mldsa_native.h rename examples/{monolithic_build/mldsa/config_87.h => multilevel_build/mldsa_native/mldsa_native_config.h} (98%) create mode 120000 examples/multilevel_build/mldsa_native/src delete mode 120000 examples/multilevel_build_native/mldsa_native/mldsa create mode 120000 examples/multilevel_build_native/mldsa_native/mldsa_native.h rename examples/{monolithic_build_native/mldsa/config_87.h => multilevel_build_native/mldsa_native/mldsa_native_config.h} (98%) create mode 120000 examples/multilevel_build_native/mldsa_native/src diff --git a/BIBLIOGRAPHY.md b/BIBLIOGRAPHY.md index 0e09749b1..bcbb47ba7 100644 --- a/BIBLIOGRAPHY.md +++ b/BIBLIOGRAPHY.md @@ -23,15 +23,15 @@ source code and documentation. - National Institute of Standards and Technology * URL: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements * Referenced from: - - [examples/custom_backend/mldsa_native/custom_config.h](examples/custom_backend/mldsa_native/custom_config.h) - - [examples/monolithic_build/mldsa/config_44.h](examples/monolithic_build/mldsa/config_44.h) - - [examples/monolithic_build/mldsa/config_65.h](examples/monolithic_build/mldsa/config_65.h) - - [examples/monolithic_build/mldsa/config_87.h](examples/monolithic_build/mldsa/config_87.h) - - [examples/monolithic_build_multilevel/mldsa/multilevel_config.h](examples/monolithic_build_multilevel/mldsa/multilevel_config.h) - - [examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h](examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h) - - [examples/monolithic_build_native/mldsa/config_44.h](examples/monolithic_build_native/mldsa/config_44.h) - - [examples/monolithic_build_native/mldsa/config_65.h](examples/monolithic_build_native/mldsa/config_65.h) - - [examples/monolithic_build_native/mldsa/config_87.h](examples/monolithic_build_native/mldsa/config_87.h) + - [examples/basic_deterministic/mldsa_native/mldsa_native_config.h](examples/basic_deterministic/mldsa_native/mldsa_native_config.h) + - [examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h) + - [examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h) + - [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h) + - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h) + - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h) - [integration/liboqs/config_aarch64.h](integration/liboqs/config_aarch64.h) - [integration/liboqs/config_c.h](integration/liboqs/config_c.h) - [integration/liboqs/config_x86_64.h](integration/liboqs/config_x86_64.h) @@ -68,15 +68,15 @@ source code and documentation. * URL: https://csrc.nist.gov/pubs/fips/204/final * Referenced from: - [README.md](README.md) - - [examples/custom_backend/mldsa_native/custom_config.h](examples/custom_backend/mldsa_native/custom_config.h) - - [examples/monolithic_build/mldsa/config_44.h](examples/monolithic_build/mldsa/config_44.h) - - [examples/monolithic_build/mldsa/config_65.h](examples/monolithic_build/mldsa/config_65.h) - - [examples/monolithic_build/mldsa/config_87.h](examples/monolithic_build/mldsa/config_87.h) - - [examples/monolithic_build_multilevel/mldsa/multilevel_config.h](examples/monolithic_build_multilevel/mldsa/multilevel_config.h) - - [examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h](examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h) - - [examples/monolithic_build_native/mldsa/config_44.h](examples/monolithic_build_native/mldsa/config_44.h) - - [examples/monolithic_build_native/mldsa/config_65.h](examples/monolithic_build_native/mldsa/config_65.h) - - [examples/monolithic_build_native/mldsa/config_87.h](examples/monolithic_build_native/mldsa/config_87.h) + - [examples/basic_deterministic/mldsa_native/mldsa_native_config.h](examples/basic_deterministic/mldsa_native/mldsa_native_config.h) + - [examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h) + - [examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h](examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h) + - [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h) + - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h) + - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h) - [mldsa/mldsa_native.h](mldsa/mldsa_native.h) - [mldsa/mldsa_native_config.h](mldsa/mldsa_native_config.h) - [mldsa/src/ct.h](mldsa/src/ct.h) diff --git a/examples/basic/Makefile b/examples/basic/Makefile index e51566645..274ad8ed3 100644 --- a/examples/basic/Makefile +++ b/examples/basic/Makefile @@ -55,13 +55,13 @@ endif # In this example, we compile the individual mldsa-native source files directly. # Alternatively, you can compile the 'monobuild' source file mldsa_native.c. # See examples/monolithic_build for that. -MLD_SOURCE=$(wildcard \ - mldsa_native/mldsa/src/*.c \ - mldsa_native/mldsa/src/**/*.c \ - mldsa_native/mldsa/src/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/*.c) +MLD_SOURCE=$(wildcard \ + mldsa_native/src/*.c \ + mldsa_native/src/**/*.c \ + mldsa_native/src/**/**/*.c \ + mldsa_native/src/**/**/**/*.c) -INC=-Imldsa_native/mldsa/ +INC=-Imldsa_native # Part B: # diff --git a/examples/basic/expected_signatures.h b/examples/basic/expected_signatures.h index dc714dae4..d52fbe8d5 100644 --- a/examples/basic/expected_signatures.h +++ b/examples/basic/expected_signatures.h @@ -15,7 +15,7 @@ * The PCT modifies the PRNG state, so the KAT tests don't work. * We run KAT tests only for disabled PCT. */ #if !defined(MLD_CONFIG_KEYGEN_PCT) -#if MLD_CONFIG_API_PARAMETER_SET == 44 +#if MLD_CONFIG_PARAMETER_SET == 44 const uint8_t expected_signature[] = { 0x27, 0x5e, 0xbe, 0x2d, 0x23, 0x1a, 0x76, 0xc5, 0xd9, 0x77, 0xcb, 0x62, 0x25, 0x04, 0xdb, 0x23, 0x31, 0xa9, 0xa8, 0xcd, 0xbc, 0xde, 0xf2, 0x20, @@ -219,7 +219,7 @@ const uint8_t expected_signature[] = { 0x1f, 0x24, 0x38, 0x41, 0x45, 0x54, 0x5f, 0x69, 0x85, 0x8d, 0x93, 0x9e, 0xc5, 0xe6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x25, 0x32, 0x42}; -#elif MLD_CONFIG_API_PARAMETER_SET == 65 +#elif MLD_CONFIG_PARAMETER_SET == 65 const uint8_t expected_signature[] = { 0x8b, 0x6f, 0x79, 0x00, 0xcc, 0x79, 0x57, 0xee, 0x16, 0x86, 0x87, 0xd5, 0xcf, 0xb6, 0x90, 0x2c, 0xc6, 0x30, 0xeb, 0x8d, 0x39, 0xae, 0x9b, 0xf1, @@ -497,7 +497,7 @@ const uint8_t expected_signature[] = { 0xdf, 0x0e, 0x1a, 0x20, 0x50, 0xf5, 0x02, 0x21, 0x30, 0x35, 0x3c, 0x60, 0x71, 0xad, 0xd0, 0xe3, 0xed, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x10, 0x17, 0x1d, 0x22, 0x2d}; -#elif MLD_CONFIG_API_PARAMETER_SET == 87 +#elif MLD_CONFIG_PARAMETER_SET == 87 const uint8_t expected_signature[] = { 0xdf, 0xe6, 0xe1, 0xa5, 0x20, 0xc1, 0xac, 0x98, 0x55, 0x2c, 0xf2, 0x13, 0x65, 0x42, 0xe2, 0xb0, 0x77, 0x5f, 0x15, 0x00, 0x8f, 0x14, 0x48, 0xa1, @@ -885,6 +885,6 @@ const uint8_t expected_signature[] = { 0xce, 0xd5, 0x44, 0x49, 0x8b, 0xab, 0xbc, 0xca, 0xd3, 0x1c, 0x34, 0x4a, 0xaa, 0xc7, 0xe5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x17, 0x22, 0x2a, 0x2f, 0x36, 0x3d, 0x43}; -#endif /* MLD_CONFIG_API_PARAMETER_SET == 87 */ +#endif /* MLD_CONFIG_PARAMETER_SET == 87 */ #endif /* !MLD_CONFIG_KEYGEN_PCT */ #endif /* !EXPECTED_SIGNATURES_H */ diff --git a/examples/basic/main.c b/examples/basic/main.c index 640fe23f9..401e62c12 100644 --- a/examples/basic/main.c +++ b/examples/basic/main.c @@ -13,8 +13,6 @@ * This requires specifying the parameter set and namespace prefix * used for the build. */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" diff --git a/examples/basic/mldsa_native/mldsa b/examples/basic/mldsa_native/mldsa deleted file mode 120000 index 10da1bec2..000000000 --- a/examples/basic/mldsa_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa \ No newline at end of file diff --git a/examples/monolithic_build/mldsa/mldsa_native.h b/examples/basic/mldsa_native/mldsa_native.h similarity index 100% rename from examples/monolithic_build/mldsa/mldsa_native.h rename to examples/basic/mldsa_native/mldsa_native.h diff --git a/examples/basic/mldsa_native/mldsa_native_config.h b/examples/basic/mldsa_native/mldsa_native_config.h new file mode 120000 index 000000000..5d965d706 --- /dev/null +++ b/examples/basic/mldsa_native/mldsa_native_config.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native_config.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/src b/examples/basic/mldsa_native/src similarity index 100% rename from examples/monolithic_build_multilevel/mldsa/src rename to examples/basic/mldsa_native/src diff --git a/examples/basic_deterministic/Makefile b/examples/basic_deterministic/Makefile index bc88ab8c4..ad4576e9e 100644 --- a/examples/basic_deterministic/Makefile +++ b/examples/basic_deterministic/Makefile @@ -55,13 +55,13 @@ endif # In this example, we compile the individual mldsa-native source files directly. # Alternatively, you can compile the 'monobuild' source file mldsa_native.c. # See examples/monolithic_build for that. -MLD_SOURCE=$(wildcard \ - mldsa_native/mldsa/src/*.c \ - mldsa_native/mldsa/src/**/*.c \ - mldsa_native/mldsa/src/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/*.c) +MLD_SOURCE=$(wildcard \ + mldsa_native/src/*.c \ + mldsa_native/src/**/*.c \ + mldsa_native/src/**/**/*.c \ + mldsa_native/src/**/**/**/*.c) -INC=-Imldsa_native/mldsa/ +INC=-Imldsa_native # Part B: # @@ -73,15 +73,6 @@ ALL_SOURCE=$(MLD_SOURCE) $(APP_SOURCE) BUILD_DIR=build BIN=test_binary -# -# Configuration adjustments -# - -# Pick prefix -CFLAGS += -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa -# Set configuration option for deterministic build -CFLAGS += -DMLD_CONFIG_NO_RANDOMIZED_API - BINARY_NAME_FULL_44=$(BUILD_DIR)/$(BIN)44 BINARY_NAME_FULL_65=$(BUILD_DIR)/$(BIN)65 BINARY_NAME_FULL_87=$(BUILD_DIR)/$(BIN)87 diff --git a/examples/basic_deterministic/main.c b/examples/basic_deterministic/main.c index f30642dc5..42e805a8a 100644 --- a/examples/basic_deterministic/main.c +++ b/examples/basic_deterministic/main.c @@ -13,8 +13,6 @@ * This requires specifying the parameter set and namespace prefix * used for the build. */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" diff --git a/examples/basic_deterministic/mldsa_native/mldsa b/examples/basic_deterministic/mldsa_native/mldsa deleted file mode 120000 index 10da1bec2..000000000 --- a/examples/basic_deterministic/mldsa_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa/mldsa_native.h b/examples/basic_deterministic/mldsa_native/mldsa_native.h similarity index 100% rename from examples/monolithic_build_multilevel/mldsa/mldsa_native.h rename to examples/basic_deterministic/mldsa_native/mldsa_native.h diff --git a/examples/basic_deterministic/mldsa_native/mldsa_native_config.h b/examples/basic_deterministic/mldsa_native/mldsa_native_config.h new file mode 100644 index 000000000..62139114c --- /dev/null +++ b/examples/basic_deterministic/mldsa_native/mldsa_native_config.h @@ -0,0 +1,648 @@ +/* + * Copyright (c) The mldsa-native project authors + * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + */ + +/* References + * ========== + * + * - [FIPS140_3_IG] + * Implementation Guidance for FIPS 140-3 and the Cryptographic Module + * Validation Program + * National Institute of Standards and Technology + * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements + * + * - [FIPS204] + * FIPS 204 Module-Lattice-Based Digital Signature Standard + * National Institute of Standards and Technology + * https://csrc.nist.gov/pubs/fips/204/final + */ + +/* + * WARNING: This file is auto-generated from scripts/autogen + * in the mldsa-native repository. + * Do not modify it directly. + */ + +/* + * Test configuration: Configuration for deterministic-only build of + * mldsa-native + * + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: + * - MLD_CONFIG_NAMESPACE_PREFIX + * - MLD_CONFIG_NO_RANDOMIZED_API + */ + + +#ifndef MLD_CONFIG_H +#define MLD_CONFIG_H + +/****************************************************************************** + * Name: MLD_CONFIG_PARAMETER_SET + * + * Description: Specifies the parameter set for ML-DSA + * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 + * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 + * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 + * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FILE + * + * Description: If defined, this is a header that will be included instead + * of the default configuration file mldsa/mldsa_native_config.h. + * + * When you need to build mldsa-native in multiple configurations, + * using varying MLD_CONFIG_FILE can be more convenient + * then configuring everything through CFLAGS. + * + * To use, MLD_CONFIG_FILE _must_ be defined prior + * to the inclusion of any mldsa-native headers. For example, + * it can be set by passing `-DMLD_CONFIG_FILE="..."` + * on the command line. + * + *****************************************************************************/ +/* No need to set this -- we _are_ already in a custom config */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ + +/****************************************************************************** + * Name: MLD_CONFIG_NAMESPACE_PREFIX + * + * Description: The prefix to use to namespace global symbols from mldsa/. + * + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#define MLD_CONFIG_NAMESPACE_PREFIX mldsa + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +#define MLD_CONFIG_NO_RANDOMIZED_API + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, all MLD_CONFIG_PARAMETER_SET-independent + * code will be included in the build, including code needed only + * for other parameter sets. + * + * Example: TODO: add example + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code + * will be included in the build. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS + * + * Description: This is only relevant for single compilation unit (SCU) + * builds of mldsa-native. In this case, it determines whether + * directives defined in parameter-set-independent headers should + * be #undef'ined or not at the of the SCU file. This is needed + * in multilevel builds. + * + * See examples/multilevel_build_native for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH + * + * Description: Determines whether an native arithmetic backend should be used. + * + * The arithmetic backend covers performance critical functions + * such as the number-theoretic transform (NTT). + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the arithmetic backend to be use is + * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_ARITH_BACKEND_FILE + * + * Description: The arithmetic backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option + * is ignored. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must + * either be undefined or the filename of an arithmetic backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ + !defined(MLD_CONFIG_ARITH_BACKEND_FILE) +#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 + * + * Description: Determines whether an native FIPS202 backend should be used. + * + * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is + * the performance bottleneck of SHA3 and SHAKE. + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the FIPS202 backend to be use is + * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_BACKEND_FILE + * + * Description: The FIPS-202 backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option + * must either be undefined or the filename of a FIPS202 backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ + !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) +#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +/* #define MLD_CONFIG_FIPS202_CUSTOM_HEADER "SOME_FILE.h" */ + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202-X4 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202x4.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +/* #define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "SOME_FILE.h" */ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_ZEROIZE + * + * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, + * zeroizes intermediate stack buffers before returning from + * function calls. + * + * Set this option and define `mld_zeroize_native` if you want to + * use a custom method to zeroize intermediate stack buffers. + * The default implementation uses SecureZeroMemory on Windows + * and a memset + compiler barrier otherwise. If neither of those + * is available on the target platform, compilation will fail, + * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide + * a custom implementation of `mld_zeroize_native()`. + * + * WARNING: + * The explicit stack zeroization conducted by mldsa-native + * reduces the likelihood of data leaking on the stack, but + * does not eliminate it! The C standard makes no guarantee about + * where a compiler allocates structures and whether/where it makes + * copies of them. Also, in addition to entire structures, there + * may also be potentially exploitable leakage of individual values + * on the stack. + * + * If you need bullet-proof zeroization of the stack, you need to + * consider additional measures instead of what this feature + * provides. In this case, you can set mld_zeroize_native to a + * no-op. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_ZEROIZE + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES + * + * Description: mldsa-native does not provide a secure randombytes + * implementation. Such an implementation has to provided by the + * consumer. + * + * If this option is not set, mldsa-native expects a function + * void randombytes(uint8_t *out, size_t outlen). + * + * Set this option and define `mld_randombytes` if you want to + * use a custom method to sample randombytes with a different name + * or signature. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + * + * Description: mldsa-native backends may rely on specific hardware features. + * Those backends will only be included in an mldsa-native build + * if support for the respective features is enabled at + * compile-time. However, when building for a heteroneous set + * of CPUs to run the resulting binary/library on, feature + * detection at _runtime_ is needed to decided whether a backend + * can be used or not. + * + * Set this option and define `mld_sys_check_capability` if you + * want to use a custom method to dispatch between implementations. + * + * If this option is not set, mldsa-native uses compile-time + * feature detection only to decide which backend to use. + * + * If you compile mldsa-native on a system with different + * capabilities than the system that the resulting binary/library + * will be run on, you must use this option. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) + { + ... your implementation ... + } +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMCPY + * + * Description: Set this option and define `mld_memcpy` if you want to + * use a custom method to copy memory instead of the standard + * library memcpy function. + * + * The custom implementation must have the same signature and + * behavior as the standard memcpy function: + * void *mld_memcpy(void *dest, const void *src, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMCPY + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMSET + * + * Description: Set this option and define `mld_memset` if you want to + * use a custom method to set memory instead of the standard + * library memset function. + * + * The custom implementation must have the same signature and + * behavior as the standard memset function: + * void *mld_memset(void *s, int c, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMSET + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memset(void *s, int c, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of internal API. + * + * The primary use case for this option are single-CU builds, + * in which case this option can be set to `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_CT_TESTING_ENABLED + * + * Description: If set, mldsa-native annotates data as secret / public using + * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and + * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- + * dependent control flow of variable time execution (depending + * on the exact version of valgrind installed). + * + *****************************************************************************/ +/* #define MLD_CONFIG_CT_TESTING_ENABLED */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly. + * + * By default, inline assembly is used to implement value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + * Inline assembly is also used to implement a secure zeroization + * function on non-Windows platforms. If this option is set and + * the target platform is not Windows, you MUST set + * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization + * function. + * + * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and + * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no + * native backends will be used. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly for value barriers. + * + * By default, inline assembly (if available) is used to implement + * value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT + * + * Description: Compliance with @[FIPS140_3_IG, p.87] requires a + * Pairwise Consistency Test (PCT) to be carried out on a freshly + * generated keypair before it can be exported. + * + * Set this option if such a check should be implemented. + * In this case, crypto_sign_keypair_internal and + * crypto_sign_keypair will return a non-zero error code if the + * PCT failed. + * + * NOTE: This feature will drastically lower the performance of + * key generation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + * + * Description: If this option is set, the user must provide a runtime + * function `static inline int mld_break_pct() { ... }` to + * indicate whether the PCT should be made fail. + * + * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + #if !defined(__ASSEMBLER__) + #include "src/src.h" + static MLD_INLINE int mld_break_pct(void) + { + ... return 0/1 depending on whether PCT should be broken ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY + * + * Description: Set this to use a FIPS202 implementation with global state + * that supports only one active Keccak computation at a time + * (e.g. some hardware accelerators). + * + * If this option is set, ML-DSA will use FIPS202 operations + * serially, ensuring that only one SHAKE context is active + * at any given time. + * + * This allows offloading Keccak computations to a hardware + * accelerator that holds only a single Keccak state locally, + * rather than requiring support for multiple concurrent + * Keccak states. + * + * NOTE: Depending on the target CPU, this may reduce + * performance when using software FIPS202 implementations. + * Only enable this when you have to. + * + *****************************************************************************/ +/* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */ + +/************************* Config internals ********************************/ + +#endif /* MLD_BUILD_INTERNAL */ + +/* Default namespace + * + * Don't change this. If you need a different namespace, re-define + * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. + * + * The default MLDSA namespace is + * + * PQCP_MLDSA_NATIVE_MLDSA_ + * + * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ + */ + +#if MLD_CONFIG_PARAMETER_SET == 44 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 +#elif MLD_CONFIG_PARAMETER_SET == 65 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 +#elif MLD_CONFIG_PARAMETER_SET == 87 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 +#endif + +#endif /* !MLD_CONFIG_H */ diff --git a/examples/monolithic_build_multilevel_native/mldsa/src b/examples/basic_deterministic/mldsa_native/src similarity index 100% rename from examples/monolithic_build_multilevel_native/mldsa/src rename to examples/basic_deterministic/mldsa_native/src diff --git a/examples/bring_your_own_fips202/Makefile b/examples/bring_your_own_fips202/Makefile index ea1aa34fe..5784f0dfe 100644 --- a/examples/bring_your_own_fips202/Makefile +++ b/examples/bring_your_own_fips202/Makefile @@ -84,18 +84,6 @@ APP_SOURCE=$(wildcard *.c) ALL_SOURCE=$(MLD_SOURCE) $(FIPS202_SOURCE) $(RNG_SOURCE) $(APP_SOURCE) -# -# Configuration adjustments -# - -# Pick prefix -CFLAGS += -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa -# Tell mldsa-native where to find the header for the custom FIPS202 -# The structure names and function signatures exposed in those headers must -# match those from the standard FIPS202 implementation. See FIPS202.md. -CFLAGS += -DMLD_CONFIG_FIPS202_CUSTOM_HEADER="\"../custom_fips202/fips202.h\"" -CFLAGS += -DMLD_CONFIG_FIPS202X4_CUSTOM_HEADER="\"../custom_fips202/fips202x4.h\"" - BUILD_DIR=build BIN=test_binary diff --git a/examples/bring_your_own_fips202/main.c b/examples/bring_your_own_fips202/main.c index fa353c487..57880555a 100644 --- a/examples/bring_your_own_fips202/main.c +++ b/examples/bring_your_own_fips202/main.c @@ -13,8 +13,6 @@ * This requires specifying the parameter set and namespace prefix * used for the build. */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" diff --git a/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h deleted file mode 120000 index 5d965d706..000000000 --- a/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa/mldsa_native_config.h \ No newline at end of file diff --git a/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h new file mode 100644 index 000000000..9ced3b03d --- /dev/null +++ b/examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h @@ -0,0 +1,648 @@ +/* + * Copyright (c) The mldsa-native project authors + * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + */ + +/* References + * ========== + * + * - [FIPS140_3_IG] + * Implementation Guidance for FIPS 140-3 and the Cryptographic Module + * Validation Program + * National Institute of Standards and Technology + * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements + * + * - [FIPS204] + * FIPS 204 Module-Lattice-Based Digital Signature Standard + * National Institute of Standards and Technology + * https://csrc.nist.gov/pubs/fips/204/final + */ + +/* + * WARNING: This file is auto-generated from scripts/autogen + * in the mldsa-native repository. + * Do not modify it directly. + */ + +/* + * Test configuration: Configuration for custom FIPS202 implementation + * + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: + * - MLD_CONFIG_NAMESPACE_PREFIX + * - MLD_CONFIG_FIPS202_CUSTOM_HEADER + * - MLD_CONFIG_FIPS202X4_CUSTOM_HEADER + */ + + +#ifndef MLD_CONFIG_H +#define MLD_CONFIG_H + +/****************************************************************************** + * Name: MLD_CONFIG_PARAMETER_SET + * + * Description: Specifies the parameter set for ML-DSA + * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 + * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 + * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 + * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FILE + * + * Description: If defined, this is a header that will be included instead + * of the default configuration file mldsa/mldsa_native_config.h. + * + * When you need to build mldsa-native in multiple configurations, + * using varying MLD_CONFIG_FILE can be more convenient + * then configuring everything through CFLAGS. + * + * To use, MLD_CONFIG_FILE _must_ be defined prior + * to the inclusion of any mldsa-native headers. For example, + * it can be set by passing `-DMLD_CONFIG_FILE="..."` + * on the command line. + * + *****************************************************************************/ +/* No need to set this -- we _are_ already in a custom config */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ + +/****************************************************************************** + * Name: MLD_CONFIG_NAMESPACE_PREFIX + * + * Description: The prefix to use to namespace global symbols from mldsa/. + * + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#define MLD_CONFIG_NAMESPACE_PREFIX mldsa + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, all MLD_CONFIG_PARAMETER_SET-independent + * code will be included in the build, including code needed only + * for other parameter sets. + * + * Example: TODO: add example + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code + * will be included in the build. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS + * + * Description: This is only relevant for single compilation unit (SCU) + * builds of mldsa-native. In this case, it determines whether + * directives defined in parameter-set-independent headers should + * be #undef'ined or not at the of the SCU file. This is needed + * in multilevel builds. + * + * See examples/multilevel_build_native for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH + * + * Description: Determines whether an native arithmetic backend should be used. + * + * The arithmetic backend covers performance critical functions + * such as the number-theoretic transform (NTT). + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the arithmetic backend to be use is + * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_ARITH_BACKEND_FILE + * + * Description: The arithmetic backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option + * is ignored. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must + * either be undefined or the filename of an arithmetic backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ + !defined(MLD_CONFIG_ARITH_BACKEND_FILE) +#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 + * + * Description: Determines whether an native FIPS202 backend should be used. + * + * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is + * the performance bottleneck of SHA3 and SHAKE. + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the FIPS202 backend to be use is + * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_BACKEND_FILE + * + * Description: The FIPS-202 backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option + * must either be undefined or the filename of a FIPS202 backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ + !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) +#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +#define MLD_CONFIG_FIPS202_CUSTOM_HEADER "../custom_fips202/fips202.h" + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202-X4 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202x4.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +#define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "../custom_fips202/fips202x4.h" + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_ZEROIZE + * + * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, + * zeroizes intermediate stack buffers before returning from + * function calls. + * + * Set this option and define `mld_zeroize_native` if you want to + * use a custom method to zeroize intermediate stack buffers. + * The default implementation uses SecureZeroMemory on Windows + * and a memset + compiler barrier otherwise. If neither of those + * is available on the target platform, compilation will fail, + * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide + * a custom implementation of `mld_zeroize_native()`. + * + * WARNING: + * The explicit stack zeroization conducted by mldsa-native + * reduces the likelihood of data leaking on the stack, but + * does not eliminate it! The C standard makes no guarantee about + * where a compiler allocates structures and whether/where it makes + * copies of them. Also, in addition to entire structures, there + * may also be potentially exploitable leakage of individual values + * on the stack. + * + * If you need bullet-proof zeroization of the stack, you need to + * consider additional measures instead of what this feature + * provides. In this case, you can set mld_zeroize_native to a + * no-op. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_ZEROIZE + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES + * + * Description: mldsa-native does not provide a secure randombytes + * implementation. Such an implementation has to provided by the + * consumer. + * + * If this option is not set, mldsa-native expects a function + * void randombytes(uint8_t *out, size_t outlen). + * + * Set this option and define `mld_randombytes` if you want to + * use a custom method to sample randombytes with a different name + * or signature. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + * + * Description: mldsa-native backends may rely on specific hardware features. + * Those backends will only be included in an mldsa-native build + * if support for the respective features is enabled at + * compile-time. However, when building for a heteroneous set + * of CPUs to run the resulting binary/library on, feature + * detection at _runtime_ is needed to decided whether a backend + * can be used or not. + * + * Set this option and define `mld_sys_check_capability` if you + * want to use a custom method to dispatch between implementations. + * + * If this option is not set, mldsa-native uses compile-time + * feature detection only to decide which backend to use. + * + * If you compile mldsa-native on a system with different + * capabilities than the system that the resulting binary/library + * will be run on, you must use this option. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) + { + ... your implementation ... + } +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMCPY + * + * Description: Set this option and define `mld_memcpy` if you want to + * use a custom method to copy memory instead of the standard + * library memcpy function. + * + * The custom implementation must have the same signature and + * behavior as the standard memcpy function: + * void *mld_memcpy(void *dest, const void *src, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMCPY + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMSET + * + * Description: Set this option and define `mld_memset` if you want to + * use a custom method to set memory instead of the standard + * library memset function. + * + * The custom implementation must have the same signature and + * behavior as the standard memset function: + * void *mld_memset(void *s, int c, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMSET + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memset(void *s, int c, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of internal API. + * + * The primary use case for this option are single-CU builds, + * in which case this option can be set to `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_CT_TESTING_ENABLED + * + * Description: If set, mldsa-native annotates data as secret / public using + * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and + * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- + * dependent control flow of variable time execution (depending + * on the exact version of valgrind installed). + * + *****************************************************************************/ +/* #define MLD_CONFIG_CT_TESTING_ENABLED */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly. + * + * By default, inline assembly is used to implement value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + * Inline assembly is also used to implement a secure zeroization + * function on non-Windows platforms. If this option is set and + * the target platform is not Windows, you MUST set + * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization + * function. + * + * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and + * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no + * native backends will be used. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly for value barriers. + * + * By default, inline assembly (if available) is used to implement + * value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT + * + * Description: Compliance with @[FIPS140_3_IG, p.87] requires a + * Pairwise Consistency Test (PCT) to be carried out on a freshly + * generated keypair before it can be exported. + * + * Set this option if such a check should be implemented. + * In this case, crypto_sign_keypair_internal and + * crypto_sign_keypair will return a non-zero error code if the + * PCT failed. + * + * NOTE: This feature will drastically lower the performance of + * key generation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + * + * Description: If this option is set, the user must provide a runtime + * function `static inline int mld_break_pct() { ... }` to + * indicate whether the PCT should be made fail. + * + * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + #if !defined(__ASSEMBLER__) + #include "src/src.h" + static MLD_INLINE int mld_break_pct(void) + { + ... return 0/1 depending on whether PCT should be broken ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY + * + * Description: Set this to use a FIPS202 implementation with global state + * that supports only one active Keccak computation at a time + * (e.g. some hardware accelerators). + * + * If this option is set, ML-DSA will use FIPS202 operations + * serially, ensuring that only one SHAKE context is active + * at any given time. + * + * This allows offloading Keccak computations to a hardware + * accelerator that holds only a single Keccak state locally, + * rather than requiring support for multiple concurrent + * Keccak states. + * + * NOTE: Depending on the target CPU, this may reduce + * performance when using software FIPS202 implementations. + * Only enable this when you have to. + * + *****************************************************************************/ +/* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */ + +/************************* Config internals ********************************/ + +#endif /* MLD_BUILD_INTERNAL */ + +/* Default namespace + * + * Don't change this. If you need a different namespace, re-define + * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. + * + * The default MLDSA namespace is + * + * PQCP_MLDSA_NATIVE_MLDSA_ + * + * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ + */ + +#if MLD_CONFIG_PARAMETER_SET == 44 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 +#elif MLD_CONFIG_PARAMETER_SET == 65 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 +#elif MLD_CONFIG_PARAMETER_SET == 87 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 +#endif + +#endif /* !MLD_CONFIG_H */ diff --git a/examples/bring_your_own_fips202_static/Makefile b/examples/bring_your_own_fips202_static/Makefile index da37b9c55..5784f0dfe 100644 --- a/examples/bring_your_own_fips202_static/Makefile +++ b/examples/bring_your_own_fips202_static/Makefile @@ -84,17 +84,6 @@ APP_SOURCE=$(wildcard *.c) ALL_SOURCE=$(MLD_SOURCE) $(FIPS202_SOURCE) $(RNG_SOURCE) $(APP_SOURCE) -# -# Configuration adjustments -# - -# Pick prefix -CFLAGS += -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa -# Tell mldsa-native to use serial-FIPS202 only -CFLAGS += -DMLD_CONFIG_SERIAL_FIPS202_ONLY -# Tell mldsa-native where to find the header for the custom FIPS202 -CFLAGS += -DMLD_CONFIG_FIPS202_CUSTOM_HEADER="\"../custom_fips202/fips202.h\"" - BUILD_DIR=build BIN=test_binary diff --git a/examples/bring_your_own_fips202_static/main.c b/examples/bring_your_own_fips202_static/main.c index 974b9e07c..a96e35c77 100644 --- a/examples/bring_your_own_fips202_static/main.c +++ b/examples/bring_your_own_fips202_static/main.c @@ -13,8 +13,6 @@ * This requires specifying the parameter set and namespace prefix * used for the build. */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" diff --git a/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h deleted file mode 120000 index 5d965d706..000000000 --- a/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa/mldsa_native_config.h \ No newline at end of file diff --git a/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h b/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h new file mode 100644 index 000000000..177814c4d --- /dev/null +++ b/examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h @@ -0,0 +1,649 @@ +/* + * Copyright (c) The mldsa-native project authors + * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + */ + +/* References + * ========== + * + * - [FIPS140_3_IG] + * Implementation Guidance for FIPS 140-3 and the Cryptographic Module + * Validation Program + * National Institute of Standards and Technology + * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements + * + * - [FIPS204] + * FIPS 204 Module-Lattice-Based Digital Signature Standard + * National Institute of Standards and Technology + * https://csrc.nist.gov/pubs/fips/204/final + */ + +/* + * WARNING: This file is auto-generated from scripts/autogen + * in the mldsa-native repository. + * Do not modify it directly. + */ + +/* + * Test configuration: Configuration for custom serial FIPS202 implementation + * + * This configuration differs from the default mldsa/mldsa_native_config.h in + * the following places: + * - MLD_CONFIG_NAMESPACE_PREFIX + * - MLD_CONFIG_SERIAL_FIPS202_ONLY + * - MLD_CONFIG_FIPS202_CUSTOM_HEADER + * - MLD_CONFIG_FIPS202X4_CUSTOM_HEADER + */ + + +#ifndef MLD_CONFIG_H +#define MLD_CONFIG_H + +/****************************************************************************** + * Name: MLD_CONFIG_PARAMETER_SET + * + * Description: Specifies the parameter set for ML-DSA + * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 + * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 + * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 + * + * If you want to support multiple parameter sets, build the + * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. + * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while + * minimizing code duplication. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FILE + * + * Description: If defined, this is a header that will be included instead + * of the default configuration file mldsa/mldsa_native_config.h. + * + * When you need to build mldsa-native in multiple configurations, + * using varying MLD_CONFIG_FILE can be more convenient + * then configuring everything through CFLAGS. + * + * To use, MLD_CONFIG_FILE _must_ be defined prior + * to the inclusion of any mldsa-native headers. For example, + * it can be set by passing `-DMLD_CONFIG_FILE="..."` + * on the command line. + * + *****************************************************************************/ +/* No need to set this -- we _are_ already in a custom config */ +/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ + +/****************************************************************************** + * Name: MLD_CONFIG_NAMESPACE_PREFIX + * + * Description: The prefix to use to namespace global symbols from mldsa/. + * + * In a multi-level build, level-dependent symbols will + * additionally be prefixed with the parameter set (44/65/87). + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#define MLD_CONFIG_NAMESPACE_PREFIX mldsa + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_BUILD + * + * Description: Set this if the build is part of a multi-level build supporting + * multiple parameter sets. + * + * If you need only a single parameter set, keep this unset. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. + * + * See examples/multilevel_build for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_BUILD */ + +/****************************************************************************** + * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of mldsa-native's + * public API. + * + * The primary use case for this option are single-CU builds + * where the public API exposed by mldsa-native is wrapped by + * another API in the consuming application. In this case, + * even mldsa-native's public API can be marked `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_RANDOMIZED_API + * + * Description: If this option is set, mldsa-native will be built without the + * randomized API functions (crypto_sign_keypair, + * crypto_sign, crypto_sign_signature, and + * crypto_sign_signature_extmu). + * This allows users to build mldsa-native without providing a + * randombytes() implementation if they only need the + * internal deterministic API + * (crypto_sign_keypair_internal, crypto_sign_signature_internal). + * + * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT + * as the current PCT implementation requires + * crypto_sign_signature(). + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_RANDOMIZED_API */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_SUPERCOP + * + * Description: By default, mldsa_native.h exposes the mldsa-native API in the + * SUPERCOP naming convention (crypto_sign_xxx). If you don't need + * this, set MLD_CONFIG_NO_SUPERCOP. + * + * NOTE: You must set this for a multi-level build as the SUPERCOP + * naming does not disambiguate between the parameter sets. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_SUPERCOP */ + +/****************************************************************************** + * Name: MLD_CONFIG_CONSTANTS_ONLY + * + * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) + * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. + * + * This only affects the public header mldsa_native.h, not + * the implementation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CONSTANTS_ONLY */ + +/****************************************************************************** + * + * Build-only configuration options + * + * The remaining configurations are build-options only. + * They do not affect the API described in mldsa_native.h. + * + *****************************************************************************/ + +#if defined(MLD_BUILD_INTERNAL) +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, all MLD_CONFIG_PARAMETER_SET-independent + * code will be included in the build, including code needed only + * for other parameter sets. + * + * Example: TODO: add example + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED + * + * Description: This is for multi-level builds of mldsa-native only. If you + * need only a single parameter set, keep this unset. + * + * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code + * will be included in the build. + * + * To build mldsa-native with support for all parameter sets, + * build it three times -- once per parameter set -- and set the + * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of + * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. + * + * See examples/multilevel_build_mldsa for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ + +/****************************************************************************** + * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS + * + * Description: This is only relevant for single compilation unit (SCU) + * builds of mldsa-native. In this case, it determines whether + * directives defined in parameter-set-independent headers should + * be #undef'ined or not at the of the SCU file. This is needed + * in multilevel builds. + * + * See examples/multilevel_build_native for an example. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH + * + * Description: Determines whether an native arithmetic backend should be used. + * + * The arithmetic backend covers performance critical functions + * such as the number-theoretic transform (NTT). + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the arithmetic backend to be use is + * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_ARITH_BACKEND_FILE + * + * Description: The arithmetic backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option + * is ignored. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must + * either be undefined or the filename of an arithmetic backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ + !defined(MLD_CONFIG_ARITH_BACKEND_FILE) +#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 + * + * Description: Determines whether an native FIPS202 backend should be used. + * + * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is + * the performance bottleneck of SHA3 and SHAKE. + * + * If this option is unset, the C backend will be used. + * + * If this option is set, the FIPS202 backend to be use is + * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is + * unset, the default backend for your the target architecture + * will be used. If set, it must be the name of a backend metadata + * file. + * + * This can also be set using CFLAGS. + * + *****************************************************************************/ +#if !defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) +/* #define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 */ +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_BACKEND_FILE + * + * Description: The FIPS-202 backend to use. + * + * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option + * must either be undefined or the filename of a FIPS202 backend. + * If unset, the default backend will be used. + * + * This can be set using CFLAGS. + * + *****************************************************************************/ +#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ + !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) +#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" +#endif + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +#define MLD_CONFIG_FIPS202_CUSTOM_HEADER "../custom_fips202/fips202.h" + +/****************************************************************************** + * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER + * + * Description: Custom header to use for FIPS-202-X4 + * + * This should only be set if you intend to use a custom + * FIPS-202 implementation, different from the one shipped + * with mldsa-native. + * + * If set, it must be the name of a file serving as the + * replacement for mldsa/src/fips202/fips202x4.h, and exposing + * the same API (see FIPS202.md). + * + *****************************************************************************/ +#define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "../custom_fips202/fips202x4.h" + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_ZEROIZE + * + * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, + * zeroizes intermediate stack buffers before returning from + * function calls. + * + * Set this option and define `mld_zeroize_native` if you want to + * use a custom method to zeroize intermediate stack buffers. + * The default implementation uses SecureZeroMemory on Windows + * and a memset + compiler barrier otherwise. If neither of those + * is available on the target platform, compilation will fail, + * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide + * a custom implementation of `mld_zeroize_native()`. + * + * WARNING: + * The explicit stack zeroization conducted by mldsa-native + * reduces the likelihood of data leaking on the stack, but + * does not eliminate it! The C standard makes no guarantee about + * where a compiler allocates structures and whether/where it makes + * copies of them. Also, in addition to entire structures, there + * may also be potentially exploitable leakage of individual values + * on the stack. + * + * If you need bullet-proof zeroization of the stack, you need to + * consider additional measures instead of what this feature + * provides. In this case, you can set mld_zeroize_native to a + * no-op. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_ZEROIZE + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES + * + * Description: mldsa-native does not provide a secure randombytes + * implementation. Such an implementation has to provided by the + * consumer. + * + * If this option is not set, mldsa-native expects a function + * void randombytes(uint8_t *out, size_t outlen). + * + * Set this option and define `mld_randombytes` if you want to + * use a custom method to sample randombytes with a different name + * or signature. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + * + * Description: mldsa-native backends may rely on specific hardware features. + * Those backends will only be included in an mldsa-native build + * if support for the respective features is enabled at + * compile-time. However, when building for a heteroneous set + * of CPUs to run the resulting binary/library on, feature + * detection at _runtime_ is needed to decided whether a backend + * can be used or not. + * + * Set this option and define `mld_sys_check_capability` if you + * want to use a custom method to dispatch between implementations. + * + * If this option is not set, mldsa-native uses compile-time + * feature detection only to decide which backend to use. + * + * If you compile mldsa-native on a system with different + * capabilities than the system that the resulting binary/library + * will be run on, you must use this option. + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC + static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) + { + ... your implementation ... + } +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMCPY + * + * Description: Set this option and define `mld_memcpy` if you want to + * use a custom method to copy memory instead of the standard + * library memcpy function. + * + * The custom implementation must have the same signature and + * behavior as the standard memcpy function: + * void *mld_memcpy(void *dest, const void *src, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMCPY + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_CUSTOM_MEMSET + * + * Description: Set this option and define `mld_memset` if you want to + * use a custom method to set memory instead of the standard + * library memset function. + * + * The custom implementation must have the same signature and + * behavior as the standard memset function: + * void *mld_memset(void *s, int c, size_t n) + * + *****************************************************************************/ +/* #define MLD_CONFIG_CUSTOM_MEMSET + #if !defined(__ASSEMBLER__) + #include + #include "src/src.h" + static MLD_INLINE void *mld_memset(void *s, int c, size_t n) + { + ... your implementation ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER + * + * Description: If set, this option provides an additional function + * qualifier to be added to declarations of internal API. + * + * The primary use case for this option are single-CU builds, + * in which case this option can be set to `static`. + * + *****************************************************************************/ +/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_CT_TESTING_ENABLED + * + * Description: If set, mldsa-native annotates data as secret / public using + * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and + * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- + * dependent control flow of variable time execution (depending + * on the exact version of valgrind installed). + * + *****************************************************************************/ +/* #define MLD_CONFIG_CT_TESTING_ENABLED */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly. + * + * By default, inline assembly is used to implement value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + * Inline assembly is also used to implement a secure zeroization + * function on non-Windows platforms. If this option is set and + * the target platform is not Windows, you MUST set + * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization + * function. + * + * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and + * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no + * native backends will be used. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM */ + +/****************************************************************************** + * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER + * + * Description: If this option is set, mldsa-native will be built without + * use of native code or inline assembly for value barriers. + * + * By default, inline assembly (if available) is used to implement + * value barriers. + * Without inline assembly, mldsa-native will use a global volatile + * 'opt blocker' instead; see ct.h. + * + *****************************************************************************/ +/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT + * + * Description: Compliance with @[FIPS140_3_IG, p.87] requires a + * Pairwise Consistency Test (PCT) to be carried out on a freshly + * generated keypair before it can be exported. + * + * Set this option if such a check should be implemented. + * In this case, crypto_sign_keypair_internal and + * crypto_sign_keypair will return a non-zero error code if the + * PCT failed. + * + * NOTE: This feature will drastically lower the performance of + * key generation. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT */ + +/****************************************************************************** + * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + * + * Description: If this option is set, the user must provide a runtime + * function `static inline int mld_break_pct() { ... }` to + * indicate whether the PCT should be made fail. + * + * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. + * + *****************************************************************************/ +/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST + #if !defined(__ASSEMBLER__) + #include "src/src.h" + static MLD_INLINE int mld_break_pct(void) + { + ... return 0/1 depending on whether PCT should be broken ... + } + #endif +*/ + +/****************************************************************************** + * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY + * + * Description: Set this to use a FIPS202 implementation with global state + * that supports only one active Keccak computation at a time + * (e.g. some hardware accelerators). + * + * If this option is set, ML-DSA will use FIPS202 operations + * serially, ensuring that only one SHAKE context is active + * at any given time. + * + * This allows offloading Keccak computations to a hardware + * accelerator that holds only a single Keccak state locally, + * rather than requiring support for multiple concurrent + * Keccak states. + * + * NOTE: Depending on the target CPU, this may reduce + * performance when using software FIPS202 implementations. + * Only enable this when you have to. + * + *****************************************************************************/ +#define MLD_CONFIG_SERIAL_FIPS202_ONLY + +/************************* Config internals ********************************/ + +#endif /* MLD_BUILD_INTERNAL */ + +/* Default namespace + * + * Don't change this. If you need a different namespace, re-define + * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. + * + * The default MLDSA namespace is + * + * PQCP_MLDSA_NATIVE_MLDSA_ + * + * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ + */ + +#if MLD_CONFIG_PARAMETER_SET == 44 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 +#elif MLD_CONFIG_PARAMETER_SET == 65 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 +#elif MLD_CONFIG_PARAMETER_SET == 87 +#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 +#endif + +#endif /* !MLD_CONFIG_H */ diff --git a/examples/custom_backend/Makefile b/examples/custom_backend/Makefile index 2bf055cea..565e4696c 100644 --- a/examples/custom_backend/Makefile +++ b/examples/custom_backend/Makefile @@ -52,11 +52,11 @@ endif # Alternatively, you can compile the 'monobuild' source file mldsa_native.c. # See examples/monolithic_build for that. MLD_SOURCE=$(wildcard \ - mldsa_native/mldsa/src/*.c \ - mldsa_native/mldsa/src/**/*.c \ - mldsa_native/mldsa/src/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/**/*.c) + mldsa_native/src/*.c \ + mldsa_native/src/**/*.c \ + mldsa_native/src/**/**/*.c \ + mldsa_native/src/**/**/**/*.c \ + mldsa_native/src/**/**/**/**/*.c) INC=-Imldsa_native -Imldsa_native/mldsa @@ -79,14 +79,6 @@ APP_SOURCE=$(wildcard *.c) ALL_SOURCE=$(MLD_SOURCE) $(RNG_SOURCE) $(APP_SOURCE) - -# -# Configuration adjustments -# - -# Pick custom config file -CFLAGS+=-DMLD_CONFIG_FILE="\"custom_config.h\"" - BUILD_DIR=build BIN=test_binary diff --git a/examples/custom_backend/main.c b/examples/custom_backend/main.c index 46a7269f8..b62a3ef48 100644 --- a/examples/custom_backend/main.c +++ b/examples/custom_backend/main.c @@ -13,8 +13,6 @@ * This requires specifying the parameter set and namespace prefix * used for the build. */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX CUSTOM_TINY_SHA3 #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" diff --git a/examples/custom_backend/mldsa_native/mldsa/mldsa_native.h b/examples/custom_backend/mldsa_native/mldsa/mldsa_native.h deleted file mode 120000 index 771223a87..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/mldsa_native.h +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/cbmc.h b/examples/custom_backend/mldsa_native/mldsa/src/cbmc.h deleted file mode 120000 index 3bb0397f4..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/cbmc.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/cbmc.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/common.h b/examples/custom_backend/mldsa_native/mldsa/src/common.h deleted file mode 120000 index 13ce091e1..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/common.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/common.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/config.h b/examples/custom_backend/mldsa_native/mldsa/src/config.h deleted file mode 120000 index 0082048af..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/config.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/config.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/ct.c b/examples/custom_backend/mldsa_native/mldsa/src/ct.c deleted file mode 120000 index de3a51984..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/ct.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/ct.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/ct.h b/examples/custom_backend/mldsa_native/mldsa/src/ct.h deleted file mode 120000 index a0baf328e..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/ct.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/ct.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/debug.c b/examples/custom_backend/mldsa_native/mldsa/src/debug.c deleted file mode 120000 index ff35fcf68..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/debug.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/debug.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/debug.h b/examples/custom_backend/mldsa_native/mldsa/src/debug.h deleted file mode 120000 index cf59a6ce1..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/debug.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/debug.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.c b/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.c deleted file mode 120000 index 06d7b07be..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/fips202.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.h b/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.h deleted file mode 120000 index b564c1828..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/fips202.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.c b/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.c deleted file mode 120000 index 21e6e6a49..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/fips202x4.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.h b/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.h deleted file mode 120000 index 60f666a21..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/fips202x4.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/fips202x4.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.c b/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.c deleted file mode 120000 index 493a4b368..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/keccakf1600.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.h b/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.h deleted file mode 120000 index 9fe1baac4..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/keccakf1600.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../../mldsa/src/fips202/keccakf1600.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/api.h b/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/api.h deleted file mode 120000 index 4aa982866..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/api.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../../../mldsa/src/fips202/native/api.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/ntt.c b/examples/custom_backend/mldsa_native/mldsa/src/ntt.c deleted file mode 120000 index 591aae8f1..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/ntt.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/ntt.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/ntt.h b/examples/custom_backend/mldsa_native/mldsa/src/ntt.h deleted file mode 120000 index 130ce95e9..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/ntt.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/ntt.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/packing.c b/examples/custom_backend/mldsa_native/mldsa/src/packing.c deleted file mode 120000 index f9858bbf7..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/packing.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/packing.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/packing.h b/examples/custom_backend/mldsa_native/mldsa/src/packing.h deleted file mode 120000 index c2c549970..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/packing.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/packing.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/params.h b/examples/custom_backend/mldsa_native/mldsa/src/params.h deleted file mode 120000 index f937b182b..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/params.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/params.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/poly.c b/examples/custom_backend/mldsa_native/mldsa/src/poly.c deleted file mode 120000 index 80d9cddfb..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/poly.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/poly.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/poly.h b/examples/custom_backend/mldsa_native/mldsa/src/poly.h deleted file mode 120000 index d35a25290..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/poly.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/poly.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.c b/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.c deleted file mode 120000 index 3e06c6042..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/poly_kl.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.h b/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.h deleted file mode 120000 index 58915edbd..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/poly_kl.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/poly_kl.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/polyvec.c b/examples/custom_backend/mldsa_native/mldsa/src/polyvec.c deleted file mode 120000 index 811e00ff7..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/polyvec.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/polyvec.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/polyvec.h b/examples/custom_backend/mldsa_native/mldsa/src/polyvec.h deleted file mode 120000 index 21c07b544..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/polyvec.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/polyvec.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/randombytes.h b/examples/custom_backend/mldsa_native/mldsa/src/randombytes.h deleted file mode 120000 index 62f18cd46..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/randombytes.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/randombytes.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/reduce.h b/examples/custom_backend/mldsa_native/mldsa/src/reduce.h deleted file mode 120000 index eff62136f..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/reduce.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/reduce.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/rounding.h b/examples/custom_backend/mldsa_native/mldsa/src/rounding.h deleted file mode 120000 index 245ec8a8b..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/rounding.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/rounding.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/sign.c b/examples/custom_backend/mldsa_native/mldsa/src/sign.c deleted file mode 120000 index 1363c3296..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/sign.c +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/sign.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/sign.h b/examples/custom_backend/mldsa_native/mldsa/src/sign.h deleted file mode 120000 index 1a2f09b39..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/sign.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/sign.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/symmetric.h b/examples/custom_backend/mldsa_native/mldsa/src/symmetric.h deleted file mode 120000 index 5ac08bdb5..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/symmetric.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/symmetric.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/sys.h b/examples/custom_backend/mldsa_native/mldsa/src/sys.h deleted file mode 120000 index 9aeae3de5..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/sys.h +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/sys.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/zetas.inc b/examples/custom_backend/mldsa_native/mldsa/src/zetas.inc deleted file mode 120000 index d1703f74e..000000000 --- a/examples/custom_backend/mldsa_native/mldsa/src/zetas.inc +++ /dev/null @@ -1 +0,0 @@ -../../../../../mldsa/src/zetas.inc \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h b/examples/custom_backend/mldsa_native/mldsa_native.h similarity index 100% rename from examples/monolithic_build_multilevel_native/mldsa/mldsa_native.h rename to examples/custom_backend/mldsa_native/mldsa_native.h diff --git a/examples/custom_backend/mldsa_native/custom_config.h b/examples/custom_backend/mldsa_native/mldsa_native_config.h similarity index 99% rename from examples/custom_backend/mldsa_native/custom_config.h rename to examples/custom_backend/mldsa_native/mldsa_native_config.h index f7f10ff1d..7f6dc45a4 100644 --- a/examples/custom_backend/mldsa_native/custom_config.h +++ b/examples/custom_backend/mldsa_native/mldsa_native_config.h @@ -386,7 +386,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -412,7 +412,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -464,7 +464,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -487,7 +487,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -586,7 +586,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/monolithic_build/mldsa/src/cbmc.h b/examples/custom_backend/mldsa_native/src/cbmc.h similarity index 100% rename from examples/monolithic_build/mldsa/src/cbmc.h rename to examples/custom_backend/mldsa_native/src/cbmc.h diff --git a/examples/monolithic_build/mldsa/src/common.h b/examples/custom_backend/mldsa_native/src/common.h similarity index 100% rename from examples/monolithic_build/mldsa/src/common.h rename to examples/custom_backend/mldsa_native/src/common.h diff --git a/examples/monolithic_build/mldsa/src/ct.c b/examples/custom_backend/mldsa_native/src/ct.c similarity index 100% rename from examples/monolithic_build/mldsa/src/ct.c rename to examples/custom_backend/mldsa_native/src/ct.c diff --git a/examples/monolithic_build/mldsa/src/ct.h b/examples/custom_backend/mldsa_native/src/ct.h similarity index 100% rename from examples/monolithic_build/mldsa/src/ct.h rename to examples/custom_backend/mldsa_native/src/ct.h diff --git a/examples/monolithic_build/mldsa/src/debug.c b/examples/custom_backend/mldsa_native/src/debug.c similarity index 100% rename from examples/monolithic_build/mldsa/src/debug.c rename to examples/custom_backend/mldsa_native/src/debug.c diff --git a/examples/monolithic_build/mldsa/src/debug.h b/examples/custom_backend/mldsa_native/src/debug.h similarity index 100% rename from examples/monolithic_build/mldsa/src/debug.h rename to examples/custom_backend/mldsa_native/src/debug.h diff --git a/examples/custom_backend/mldsa_native/src/fips202/fips202.c b/examples/custom_backend/mldsa_native/src/fips202/fips202.c new file mode 120000 index 000000000..1451c465d --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/fips202.c @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/fips202.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/fips202.h b/examples/custom_backend/mldsa_native/src/fips202/fips202.h new file mode 120000 index 000000000..3df0abdbe --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/fips202.h @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/fips202.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/fips202x4.c b/examples/custom_backend/mldsa_native/src/fips202/fips202x4.c new file mode 120000 index 000000000..150d92719 --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/fips202x4.c @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/fips202x4.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/fips202x4.h b/examples/custom_backend/mldsa_native/src/fips202/fips202x4.h new file mode 120000 index 000000000..be8810e7d --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/fips202x4.h @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/fips202x4.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.c b/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.c new file mode 120000 index 000000000..4cd9bb5e9 --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.c @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/keccakf1600.c \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.h b/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.h new file mode 120000 index 000000000..9cf89bd84 --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/keccakf1600.h @@ -0,0 +1 @@ +../../../../../mldsa/src/fips202/keccakf1600.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/src/fips202/native/api.h b/examples/custom_backend/mldsa_native/src/fips202/native/api.h new file mode 120000 index 000000000..31dc37efe --- /dev/null +++ b/examples/custom_backend/mldsa_native/src/fips202/native/api.h @@ -0,0 +1 @@ +../../../../../../mldsa/src/fips202/native/api.h \ No newline at end of file diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/custom.h b/examples/custom_backend/mldsa_native/src/fips202/native/custom/custom.h similarity index 100% rename from examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/custom.h rename to examples/custom_backend/mldsa_native/src/fips202/native/custom/custom.h diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/LICENSE b/examples/custom_backend/mldsa_native/src/fips202/native/custom/src/LICENSE similarity index 100% rename from examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/LICENSE rename to examples/custom_backend/mldsa_native/src/fips202/native/custom/src/LICENSE diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/README.md b/examples/custom_backend/mldsa_native/src/fips202/native/custom/src/README.md similarity index 100% rename from examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/README.md rename to examples/custom_backend/mldsa_native/src/fips202/native/custom/src/README.md diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/sha3.c b/examples/custom_backend/mldsa_native/src/fips202/native/custom/src/sha3.c similarity index 100% rename from examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/sha3.c rename to examples/custom_backend/mldsa_native/src/fips202/native/custom/src/sha3.c diff --git a/examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/sha3.h b/examples/custom_backend/mldsa_native/src/fips202/native/custom/src/sha3.h similarity index 100% rename from examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/sha3.h rename to examples/custom_backend/mldsa_native/src/fips202/native/custom/src/sha3.h diff --git a/examples/monolithic_build/mldsa/src/ntt.c b/examples/custom_backend/mldsa_native/src/ntt.c similarity index 100% rename from examples/monolithic_build/mldsa/src/ntt.c rename to examples/custom_backend/mldsa_native/src/ntt.c diff --git a/examples/monolithic_build/mldsa/src/ntt.h b/examples/custom_backend/mldsa_native/src/ntt.h similarity index 100% rename from examples/monolithic_build/mldsa/src/ntt.h rename to examples/custom_backend/mldsa_native/src/ntt.h diff --git a/examples/monolithic_build/mldsa/src/packing.c b/examples/custom_backend/mldsa_native/src/packing.c similarity index 100% rename from examples/monolithic_build/mldsa/src/packing.c rename to examples/custom_backend/mldsa_native/src/packing.c diff --git a/examples/monolithic_build/mldsa/src/packing.h b/examples/custom_backend/mldsa_native/src/packing.h similarity index 100% rename from examples/monolithic_build/mldsa/src/packing.h rename to examples/custom_backend/mldsa_native/src/packing.h diff --git a/examples/monolithic_build/mldsa/src/params.h b/examples/custom_backend/mldsa_native/src/params.h similarity index 100% rename from examples/monolithic_build/mldsa/src/params.h rename to examples/custom_backend/mldsa_native/src/params.h diff --git a/examples/monolithic_build/mldsa/src/poly.c b/examples/custom_backend/mldsa_native/src/poly.c similarity index 100% rename from examples/monolithic_build/mldsa/src/poly.c rename to examples/custom_backend/mldsa_native/src/poly.c diff --git a/examples/monolithic_build/mldsa/src/poly.h b/examples/custom_backend/mldsa_native/src/poly.h similarity index 100% rename from examples/monolithic_build/mldsa/src/poly.h rename to examples/custom_backend/mldsa_native/src/poly.h diff --git a/examples/monolithic_build/mldsa/src/poly_kl.c b/examples/custom_backend/mldsa_native/src/poly_kl.c similarity index 100% rename from examples/monolithic_build/mldsa/src/poly_kl.c rename to examples/custom_backend/mldsa_native/src/poly_kl.c diff --git a/examples/monolithic_build/mldsa/src/poly_kl.h b/examples/custom_backend/mldsa_native/src/poly_kl.h similarity index 100% rename from examples/monolithic_build/mldsa/src/poly_kl.h rename to examples/custom_backend/mldsa_native/src/poly_kl.h diff --git a/examples/monolithic_build/mldsa/src/polyvec.c b/examples/custom_backend/mldsa_native/src/polyvec.c similarity index 100% rename from examples/monolithic_build/mldsa/src/polyvec.c rename to examples/custom_backend/mldsa_native/src/polyvec.c diff --git a/examples/monolithic_build/mldsa/src/polyvec.h b/examples/custom_backend/mldsa_native/src/polyvec.h similarity index 100% rename from examples/monolithic_build/mldsa/src/polyvec.h rename to examples/custom_backend/mldsa_native/src/polyvec.h diff --git a/examples/monolithic_build/mldsa/src/randombytes.h b/examples/custom_backend/mldsa_native/src/randombytes.h similarity index 100% rename from examples/monolithic_build/mldsa/src/randombytes.h rename to examples/custom_backend/mldsa_native/src/randombytes.h diff --git a/examples/monolithic_build/mldsa/src/reduce.h b/examples/custom_backend/mldsa_native/src/reduce.h similarity index 100% rename from examples/monolithic_build/mldsa/src/reduce.h rename to examples/custom_backend/mldsa_native/src/reduce.h diff --git a/examples/monolithic_build/mldsa/src/rounding.h b/examples/custom_backend/mldsa_native/src/rounding.h similarity index 100% rename from examples/monolithic_build/mldsa/src/rounding.h rename to examples/custom_backend/mldsa_native/src/rounding.h diff --git a/examples/monolithic_build/mldsa/src/sign.c b/examples/custom_backend/mldsa_native/src/sign.c similarity index 100% rename from examples/monolithic_build/mldsa/src/sign.c rename to examples/custom_backend/mldsa_native/src/sign.c diff --git a/examples/monolithic_build/mldsa/src/sign.h b/examples/custom_backend/mldsa_native/src/sign.h similarity index 100% rename from examples/monolithic_build/mldsa/src/sign.h rename to examples/custom_backend/mldsa_native/src/sign.h diff --git a/examples/monolithic_build/mldsa/src/symmetric.h b/examples/custom_backend/mldsa_native/src/symmetric.h similarity index 100% rename from examples/monolithic_build/mldsa/src/symmetric.h rename to examples/custom_backend/mldsa_native/src/symmetric.h diff --git a/examples/monolithic_build/mldsa/src/sys.h b/examples/custom_backend/mldsa_native/src/sys.h similarity index 100% rename from examples/monolithic_build/mldsa/src/sys.h rename to examples/custom_backend/mldsa_native/src/sys.h diff --git a/examples/monolithic_build/mldsa/src/zetas.inc b/examples/custom_backend/mldsa_native/src/zetas.inc similarity index 100% rename from examples/monolithic_build/mldsa/src/zetas.inc rename to examples/custom_backend/mldsa_native/src/zetas.inc diff --git a/examples/monolithic_build/Makefile b/examples/monolithic_build/Makefile index 52592c5dc..aa2d0da96 100644 --- a/examples/monolithic_build/Makefile +++ b/examples/monolithic_build/Makefile @@ -53,9 +53,9 @@ Q ?= @ # Here, we use just a single monolithic compilation unit to include # multiple instances of mldsa-native. -MLD_SOURCE=mldsa/mldsa_native.c +MLD_SOURCE=mldsa_native/mldsa_native.c -INC=-Imldsa/ -I./ +INC=-Imldsa_native/ -I./ # Part B: # @@ -93,38 +93,38 @@ LIB87_FULL=$(BUILD_DIR)/$(LIB87) $(LIB44_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_44.h\"" $(INC) $^ -o $(BUILD_DIR)/mldsa_native44.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=44 $(INC) $^ -o $(BUILD_DIR)/mldsa_native44.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native44.o $(Q)strip -S $@ $(LIB65_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_65.h\"" $(INC) $^ -o $(BUILD_DIR)/mldsa_native65.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=65 $(INC) $^ -o $(BUILD_DIR)/mldsa_native65.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native65.o $(Q)strip -S $@ $(LIB87_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_87.h\"" $(INC) $^ -o $(BUILD_DIR)/mldsa_native87.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=87 $(INC) $^ -o $(BUILD_DIR)/mldsa_native87.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native87.o $(Q)strip -S $@ $(BIN44_FULL): $(APP_SOURCE) $(LIB44_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=44 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=44 $(INC) $^ -o $@ $(BIN65_FULL): $(APP_SOURCE) $(LIB65_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=65 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=65 $(INC) $^ -o $@ $(BIN87_FULL): $(APP_SOURCE) $(LIB87_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=87 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=87 $(INC) $^ -o $@ all: build diff --git a/examples/monolithic_build/main.c b/examples/monolithic_build/main.c index 57aec5b9e..774602a36 100644 --- a/examples/monolithic_build/main.c +++ b/examples/monolithic_build/main.c @@ -16,7 +16,6 @@ * The parameter set is configured on the command line */ -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" @@ -58,7 +57,7 @@ int main(void) * Normally, you would want to seed a PRNG with trustworthy entropy here. */ randombytes_reset(); - printf("ML-DSA-%d monolithic_build Example\n", MLD_CONFIG_API_PARAMETER_SET); + printf("ML-DSA-%d monolithic_build Example\n", MLD_CONFIG_PARAMETER_SET); printf("======================\n\n"); printf("Message: %s\n", test_msg); diff --git a/examples/monolithic_build/mldsa/src/fips202 b/examples/monolithic_build/mldsa/src/fips202 deleted file mode 120000 index 829380ed0..000000000 --- a/examples/monolithic_build/mldsa/src/fips202 +++ /dev/null @@ -1 +0,0 @@ -../../../../mldsa/src/fips202 \ No newline at end of file diff --git a/examples/monolithic_build/mldsa/mldsa_native.c b/examples/monolithic_build/mldsa_native/mldsa_native.c similarity index 100% rename from examples/monolithic_build/mldsa/mldsa_native.c rename to examples/monolithic_build/mldsa_native/mldsa_native.c diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.h b/examples/monolithic_build/mldsa_native/mldsa_native.h similarity index 100% rename from examples/monolithic_build_native/mldsa/mldsa_native.h rename to examples/monolithic_build/mldsa_native/mldsa_native.h diff --git a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h b/examples/monolithic_build/mldsa_native/mldsa_native_config.h similarity index 99% rename from examples/monolithic_build_multilevel/mldsa/multilevel_config.h rename to examples/monolithic_build/mldsa_native/mldsa_native_config.h index 161db14f3..017951968 100644 --- a/examples/monolithic_build_multilevel/mldsa/multilevel_config.h +++ b/examples/monolithic_build/mldsa_native/mldsa_native_config.h @@ -25,7 +25,7 @@ */ /* - * Test configuration: Multilevel monolithic build config + * Test configuration: Monolithic build config * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: @@ -389,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -415,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -467,7 +467,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -490,7 +490,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -589,7 +589,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/monolithic_build_native/mldsa/src b/examples/monolithic_build/mldsa_native/src similarity index 100% rename from examples/monolithic_build_native/mldsa/src rename to examples/monolithic_build/mldsa_native/src diff --git a/examples/monolithic_build_multilevel/Makefile b/examples/monolithic_build_multilevel/Makefile index dd238cd72..2330847c1 100644 --- a/examples/monolithic_build_multilevel/Makefile +++ b/examples/monolithic_build_multilevel/Makefile @@ -54,7 +54,7 @@ endif MLD_SOURCE=mldsa_native_all.c -INC=-Imldsa/ -I./ +INC=-Imldsa_native/ -I./ # Part B: # diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native.S similarity index 100% rename from examples/monolithic_build_multilevel_native/mldsa/mldsa_native.S rename to examples/monolithic_build_multilevel/mldsa_native/mldsa_native.S diff --git a/examples/monolithic_build_multilevel/mldsa/mldsa_native.c b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native.c similarity index 100% rename from examples/monolithic_build_multilevel/mldsa/mldsa_native.c rename to examples/monolithic_build_multilevel/mldsa_native/mldsa_native.c diff --git a/examples/monolithic_build_multilevel/mldsa_native/mldsa_native.h b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build/mldsa/config_65.h b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h similarity index 98% rename from examples/monolithic_build/mldsa/config_65.h rename to examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h index ac77b489a..0e37d425c 100644 --- a/examples/monolithic_build/mldsa/config_65.h +++ b/examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h @@ -25,12 +25,11 @@ */ /* - * Test configuration: Monolithic build config for ML-DSA-65 (native backends - * disabled) + * Test configuration: Multilevel monolithic build config * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: - * - MLD_CONFIG_PARAMETER_SET + * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER */ @@ -55,7 +54,10 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 65 +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif /****************************************************************************** * Name: MLD_CONFIG_FILE @@ -108,7 +110,7 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ +#define MLD_CONFIG_MULTILEVEL_BUILD /****************************************************************************** * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER @@ -388,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -414,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -466,7 +468,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -489,7 +491,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -588,7 +590,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/monolithic_build_multilevel/mldsa_native/src b/examples/monolithic_build_multilevel/mldsa_native/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_multilevel/mldsa_native/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/monolithic_build_multilevel/mldsa_native_all.c b/examples/monolithic_build_multilevel/mldsa_native_all.c index 7ce972ba3..56a1b1b8d 100644 --- a/examples/monolithic_build_multilevel/mldsa_native_all.c +++ b/examples/monolithic_build_multilevel/mldsa_native_all.c @@ -4,8 +4,6 @@ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT */ -#define MLD_CONFIG_FILE "multilevel_config.h" - /* Three instances of mldsa-native for all security levels */ /* Include level-independent code */ diff --git a/examples/monolithic_build_multilevel/mldsa_native_all.h b/examples/monolithic_build_multilevel/mldsa_native_all.h index 005d49a70..d58748361 100644 --- a/examples/monolithic_build_multilevel/mldsa_native_all.h +++ b/examples/monolithic_build_multilevel/mldsa_native_all.h @@ -7,31 +7,25 @@ #ifndef MLD_ALL_H #define MLD_ALL_H -#define MLD_CONFIG_API_NO_SUPERCOP +#define MLD_CONFIG_NO_SUPERCOP /* API for MLDSA-44 */ -#define MLD_CONFIG_API_PARAMETER_SET 44 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa44 +#define MLD_CONFIG_PARAMETER_SET 44 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-65 */ -#define MLD_CONFIG_API_PARAMETER_SET 65 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa65 +#define MLD_CONFIG_PARAMETER_SET 65 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-87 */ -#define MLD_CONFIG_API_PARAMETER_SET 87 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa87 +#define MLD_CONFIG_PARAMETER_SET 87 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX -#undef MLD_CONFIG_API_NO_SUPERCOP +#undef MLD_CONFIG_PARAMETER_SET +#undef MLD_CONFIG_NO_SUPERCOP #undef MLD_H #endif /* !MLD_ALL_H */ diff --git a/examples/monolithic_build_multilevel_native/Makefile b/examples/monolithic_build_multilevel_native/Makefile index 70b7c2ee8..8e9a6e70a 100644 --- a/examples/monolithic_build_multilevel_native/Makefile +++ b/examples/monolithic_build_multilevel_native/Makefile @@ -57,9 +57,9 @@ endif # # Here, the monolithic C file for mldsa-native is directly included in main.c, # However, we still need to incldue the monolithic assembly file. -MLD_SOURCE_ASM = mldsa/mldsa_native.S +MLD_SOURCE_ASM = mldsa_native/mldsa_native.S -INC=-Imldsa/ -Imldsa/src -I./ +INC=-Imldsa_native/ -I./ # Part B: # @@ -85,8 +85,7 @@ BIN=test_binary # Configuration adjustments # -ASMFLAGS = -DMLD_CONFIG_FILE=\"multilevel_config.h\" -ASMFLAGS += -DMLD_CONFIG_MULTILEVEL_WITH_SHARED +ASMFLAGS = -DMLD_CONFIG_MULTILEVEL_WITH_SHARED BINARY_NAME_FULL=$(BUILD_DIR)/$(BIN) diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.S b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.S similarity index 100% rename from examples/monolithic_build_native/mldsa/mldsa_native.S rename to examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.S diff --git a/examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.c similarity index 100% rename from examples/monolithic_build_multilevel_native/mldsa/mldsa_native.c rename to examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.c diff --git a/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.h b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h similarity index 99% rename from examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h rename to examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h index 1b2c2509e..7b446d346 100644 --- a/examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h +++ b/examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h @@ -29,6 +29,7 @@ * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: + * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 @@ -113,7 +114,7 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ +#define MLD_CONFIG_MULTILEVEL_BUILD /****************************************************************************** * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER @@ -389,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -421,7 +422,7 @@ #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include -#include "sys.h" +#include "src/sys.h" #include "test_only_rng/notrandombytes.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { @@ -474,7 +475,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -497,7 +498,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -596,7 +597,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/monolithic_build_multilevel_native/mldsa_native/src b/examples/monolithic_build_multilevel_native/mldsa_native/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_multilevel_native/mldsa_native/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/monolithic_build_multilevel_native/mldsa_native_all.c b/examples/monolithic_build_multilevel_native/mldsa_native_all.c index 137beccea..397a4da91 100644 --- a/examples/monolithic_build_multilevel_native/mldsa_native_all.c +++ b/examples/monolithic_build_multilevel_native/mldsa_native_all.c @@ -6,8 +6,6 @@ /* Three instances of mldsa-native for all security levels */ -#define MLD_CONFIG_FILE "multilevel_config.h" - /* Include level-independent code */ #define MLD_CONFIG_MULTILEVEL_WITH_SHARED 1 /* Keep level-independent headers at the end of monobuild file */ diff --git a/examples/monolithic_build_native/Makefile b/examples/monolithic_build_native/Makefile index 729195b0e..2c8d32d0b 100644 --- a/examples/monolithic_build_native/Makefile +++ b/examples/monolithic_build_native/Makefile @@ -58,9 +58,9 @@ Q ?= @ # # Here, we use just a single C and assembly unit. -MLD_SOURCE=mldsa/mldsa_native.c mldsa/mldsa_native.S +MLD_SOURCE=mldsa_native/mldsa_native.c mldsa_native/mldsa_native.S -INC=-Imldsa/ -I./ +INC=-Imldsa_native/ -I./ # Part B: # @@ -98,41 +98,41 @@ LIB87_FULL=$(BUILD_DIR)/$(LIB87) $(LIB44_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_44.h\"" $(INC) mldsa/mldsa_native.c -o $(BUILD_DIR)/mldsa_native44.c.o - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_44.h\"" $(INC) mldsa/mldsa_native.S -o $(BUILD_DIR)/mldsa_native44.S.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=44 $(INC) mldsa_native/mldsa_native.c -o $(BUILD_DIR)/mldsa_native44.c.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=44 $(INC) mldsa_native/mldsa_native.S -o $(BUILD_DIR)/mldsa_native44.S.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native44.c.o $(BUILD_DIR)/mldsa_native44.S.o $(Q)strip -S $@ $(LIB65_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_65.h\"" $(INC) mldsa/mldsa_native.c -o $(BUILD_DIR)/mldsa_native65.c.o - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_65.h\"" $(INC) mldsa/mldsa_native.S -o $(BUILD_DIR)/mldsa_native65.S.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=65 $(INC) mldsa_native/mldsa_native.c -o $(BUILD_DIR)/mldsa_native65.c.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=65 $(INC) mldsa_native/mldsa_native.S -o $(BUILD_DIR)/mldsa_native65.S.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native65.c.o $(BUILD_DIR)/mldsa_native65.S.o $(Q)strip -S $@ $(LIB87_FULL): $(MLD_SOURCE) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_87.h\"" $(INC) mldsa/mldsa_native.c -o $(BUILD_DIR)/mldsa_native87.c.o - $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_FILE="\"config_87.h\"" $(INC) mldsa/mldsa_native.S -o $(BUILD_DIR)/mldsa_native87.S.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=87 $(INC) mldsa_native/mldsa_native.c -o $(BUILD_DIR)/mldsa_native87.c.o + $(Q)$(CC) -c $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=87 $(INC) mldsa_native/mldsa_native.S -o $(BUILD_DIR)/mldsa_native87.S.o $(Q)$(AR) rcs $@ $(BUILD_DIR)/mldsa_native87.c.o $(BUILD_DIR)/mldsa_native87.S.o $(Q)strip -S $@ $(BIN44_FULL): $(APP_SOURCE) $(LIB44_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=44 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=44 $(INC) $^ -o $@ $(BIN65_FULL): $(APP_SOURCE) $(LIB65_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=65 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=65 $(INC) $^ -o $@ $(BIN87_FULL): $(APP_SOURCE) $(LIB87_FULL) $(Q)echo "$@" $(Q)[ -d $(@) ] || mkdir -p $(@D) - $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_API_PARAMETER_SET=87 $(INC) $^ -o $@ + $(Q)$(CC) $(CFLAGS) -DMLD_CONFIG_PARAMETER_SET=87 $(INC) $^ -o $@ all: build diff --git a/examples/monolithic_build_native/main.c b/examples/monolithic_build_native/main.c index 1221bbba3..a18341f38 100644 --- a/examples/monolithic_build_native/main.c +++ b/examples/monolithic_build_native/main.c @@ -16,7 +16,6 @@ * The parameter set is configured on the command line */ -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa #include #include "expected_signatures.h" #include "test_only_rng/notrandombytes.h" diff --git a/examples/monolithic_build_native/mldsa/config_44.h b/examples/monolithic_build_native/mldsa/config_44.h deleted file mode 100644 index 4f1f05c99..000000000 --- a/examples/monolithic_build_native/mldsa/config_44.h +++ /dev/null @@ -1,644 +0,0 @@ -/* - * Copyright (c) The mldsa-native project authors - * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT - */ - -/* References - * ========== - * - * - [FIPS140_3_IG] - * Implementation Guidance for FIPS 140-3 and the Cryptographic Module - * Validation Program - * National Institute of Standards and Technology - * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements - * - * - [FIPS204] - * FIPS 204 Module-Lattice-Based Digital Signature Standard - * National Institute of Standards and Technology - * https://csrc.nist.gov/pubs/fips/204/final - */ - -/* - * WARNING: This file is auto-generated from scripts/autogen - * in the mldsa-native repository. - * Do not modify it directly. - */ - -/* - * Test configuration: Monolithic build config for ML-DSA-44 (native backends - * disabled) - * - * This configuration differs from the default mldsa/mldsa_native_config.h in - * the following places: - * - MLD_CONFIG_PARAMETER_SET - * - MLD_CONFIG_NAMESPACE_PREFIX - * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - MLD_CONFIG_INTERNAL_API_QUALIFIER - */ - - -#ifndef MLD_CONFIG_H -#define MLD_CONFIG_H - -/****************************************************************************** - * Name: MLD_CONFIG_PARAMETER_SET - * - * Description: Specifies the parameter set for ML-DSA - * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 - * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 - * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 - * - * If you want to support multiple parameter sets, build the - * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. - * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while - * minimizing code duplication. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 44 - -/****************************************************************************** - * Name: MLD_CONFIG_FILE - * - * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/mldsa_native_config.h. - * - * When you need to build mldsa-native in multiple configurations, - * using varying MLD_CONFIG_FILE can be more convenient - * then configuring everything through CFLAGS. - * - * To use, MLD_CONFIG_FILE _must_ be defined prior - * to the inclusion of any mldsa-native headers. For example, - * it can be set by passing `-DMLD_CONFIG_FILE="..."` - * on the command line. - * - *****************************************************************************/ -/* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_NAMESPACE_PREFIX - * - * Description: The prefix to use to namespace global symbols from mldsa/. - * - * In a multi-level build, level-dependent symbols will - * additionally be prefixed with the parameter set (44/65/87). - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_NAMESPACE_PREFIX mldsa - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_BUILD - * - * Description: Set this if the build is part of a multi-level build supporting - * multiple parameter sets. - * - * If you need only a single parameter set, keep this unset. - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. - * - * See examples/multilevel_build for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ - -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_SUPERCOP - * - * Description: By default, mldsa_native.h exposes the mldsa-native API in the - * SUPERCOP naming convention (crypto_sign_xxx). If you don't need - * this, set MLD_CONFIG_NO_SUPERCOP. - * - * NOTE: You must set this for a multi-level build as the SUPERCOP - * naming does not disambiguate between the parameter sets. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ - -/****************************************************************************** - * Name: MLD_CONFIG_CONSTANTS_ONLY - * - * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) - * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. - * - * This only affects the public header mldsa_native.h, not - * the implementation. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CONSTANTS_ONLY */ - -/****************************************************************************** - * - * Build-only configuration options - * - * The remaining configurations are build-options only. - * They do not affect the API described in mldsa_native.h. - * - *****************************************************************************/ - -#if defined(MLD_BUILD_INTERNAL) -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, all MLD_CONFIG_PARAMETER_SET-independent - * code will be included in the build, including code needed only - * for other parameter sets. - * - * Example: TODO: add example - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code - * will be included in the build. - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS - * - * Description: This is only relevant for single compilation unit (SCU) - * builds of mldsa-native. In this case, it determines whether - * directives defined in parameter-set-independent headers should - * be #undef'ined or not at the of the SCU file. This is needed - * in multilevel builds. - * - * See examples/multilevel_build_native for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - * - * Description: Determines whether an native arithmetic backend should be used. - * - * The arithmetic backend covers performance critical functions - * such as the number-theoretic transform (NTT). - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the arithmetic backend to be use is - * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - -/****************************************************************************** - * Name: MLD_CONFIG_ARITH_BACKEND_FILE - * - * Description: The arithmetic backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option - * is ignored. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must - * either be undefined or the filename of an arithmetic backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ - !defined(MLD_CONFIG_ARITH_BACKEND_FILE) -#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - * Description: Determines whether an native FIPS202 backend should be used. - * - * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is - * the performance bottleneck of SHA3 and SHAKE. - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the FIPS202 backend to be use is - * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_BACKEND_FILE - * - * Description: The FIPS-202 backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option - * must either be undefined or the filename of a FIPS202 backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ - !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) -#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202-X4 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202x4.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_ZEROIZE - * - * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, - * zeroizes intermediate stack buffers before returning from - * function calls. - * - * Set this option and define `mld_zeroize_native` if you want to - * use a custom method to zeroize intermediate stack buffers. - * The default implementation uses SecureZeroMemory on Windows - * and a memset + compiler barrier otherwise. If neither of those - * is available on the target platform, compilation will fail, - * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide - * a custom implementation of `mld_zeroize_native()`. - * - * WARNING: - * The explicit stack zeroization conducted by mldsa-native - * reduces the likelihood of data leaking on the stack, but - * does not eliminate it! The C standard makes no guarantee about - * where a compiler allocates structures and whether/where it makes - * copies of them. Also, in addition to entire structures, there - * may also be potentially exploitable leakage of individual values - * on the stack. - * - * If you need bullet-proof zeroization of the stack, you need to - * consider additional measures instead of what this feature - * provides. In this case, you can set mld_zeroize_native to a - * no-op. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_ZEROIZE - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES - * - * Description: mldsa-native does not provide a secure randombytes - * implementation. Such an implementation has to provided by the - * consumer. - * - * If this option is not set, mldsa-native expects a function - * void randombytes(uint8_t *out, size_t outlen). - * - * Set this option and define `mld_randombytes` if you want to - * use a custom method to sample randombytes with a different name - * or signature. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - * - * Description: mldsa-native backends may rely on specific hardware features. - * Those backends will only be included in an mldsa-native build - * if support for the respective features is enabled at - * compile-time. However, when building for a heteroneous set - * of CPUs to run the resulting binary/library on, feature - * detection at _runtime_ is needed to decided whether a backend - * can be used or not. - * - * Set this option and define `mld_sys_check_capability` if you - * want to use a custom method to dispatch between implementations. - * - * If this option is not set, mldsa-native uses compile-time - * feature detection only to decide which backend to use. - * - * If you compile mldsa-native on a system with different - * capabilities than the system that the resulting binary/library - * will be run on, you must use this option. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) - { - ... your implementation ... - } -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMCPY - * - * Description: Set this option and define `mld_memcpy` if you want to - * use a custom method to copy memory instead of the standard - * library memcpy function. - * - * The custom implementation must have the same signature and - * behavior as the standard memcpy function: - * void *mld_memcpy(void *dest, const void *src, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMCPY - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMSET - * - * Description: Set this option and define `mld_memset` if you want to - * use a custom method to set memory instead of the standard - * library memset function. - * - * The custom implementation must have the same signature and - * behavior as the standard memset function: - * void *mld_memset(void *s, int c, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMSET - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memset(void *s, int c, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of internal API. - * - * The primary use case for this option are single-CU builds, - * in which case this option can be set to `static`. - * - *****************************************************************************/ -#define MLD_CONFIG_INTERNAL_API_QUALIFIER static - -/****************************************************************************** - * Name: MLD_CONFIG_CT_TESTING_ENABLED - * - * Description: If set, mldsa-native annotates data as secret / public using - * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and - * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- - * dependent control flow of variable time execution (depending - * on the exact version of valgrind installed). - * - *****************************************************************************/ -/* #define MLD_CONFIG_CT_TESTING_ENABLED */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly. - * - * By default, inline assembly is used to implement value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - * Inline assembly is also used to implement a secure zeroization - * function on non-Windows platforms. If this option is set and - * the target platform is not Windows, you MUST set - * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization - * function. - * - * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and - * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no - * native backends will be used. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly for value barriers. - * - * By default, inline assembly (if available) is used to implement - * value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT - * - * Description: Compliance with @[FIPS140_3_IG, p.87] requires a - * Pairwise Consistency Test (PCT) to be carried out on a freshly - * generated keypair before it can be exported. - * - * Set this option if such a check should be implemented. - * In this case, crypto_sign_keypair_internal and - * crypto_sign_keypair will return a non-zero error code if the - * PCT failed. - * - * NOTE: This feature will drastically lower the performance of - * key generation. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT */ - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - * - * Description: If this option is set, the user must provide a runtime - * function `static inline int mld_break_pct() { ... }` to - * indicate whether the PCT should be made fail. - * - * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - #if !defined(__ASSEMBLER__) - #include "sys.h" - static MLD_INLINE int mld_break_pct(void) - { - ... return 0/1 depending on whether PCT should be broken ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY - * - * Description: Set this to use a FIPS202 implementation with global state - * that supports only one active Keccak computation at a time - * (e.g. some hardware accelerators). - * - * If this option is set, ML-DSA will use FIPS202 operations - * serially, ensuring that only one SHAKE context is active - * at any given time. - * - * This allows offloading Keccak computations to a hardware - * accelerator that holds only a single Keccak state locally, - * rather than requiring support for multiple concurrent - * Keccak states. - * - * NOTE: Depending on the target CPU, this may reduce - * performance when using software FIPS202 implementations. - * Only enable this when you have to. - * - *****************************************************************************/ -/* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */ - -/************************* Config internals ********************************/ - -#endif /* MLD_BUILD_INTERNAL */ - -/* Default namespace - * - * Don't change this. If you need a different namespace, re-define - * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. - * - * The default MLDSA namespace is - * - * PQCP_MLDSA_NATIVE_MLDSA_ - * - * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ - */ - -#if MLD_CONFIG_PARAMETER_SET == 44 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 -#elif MLD_CONFIG_PARAMETER_SET == 65 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 -#elif MLD_CONFIG_PARAMETER_SET == 87 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 -#endif - -#endif /* !MLD_CONFIG_H */ diff --git a/examples/monolithic_build_native/mldsa/config_65.h b/examples/monolithic_build_native/mldsa/config_65.h deleted file mode 100644 index d891152fd..000000000 --- a/examples/monolithic_build_native/mldsa/config_65.h +++ /dev/null @@ -1,644 +0,0 @@ -/* - * Copyright (c) The mldsa-native project authors - * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT - */ - -/* References - * ========== - * - * - [FIPS140_3_IG] - * Implementation Guidance for FIPS 140-3 and the Cryptographic Module - * Validation Program - * National Institute of Standards and Technology - * https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements - * - * - [FIPS204] - * FIPS 204 Module-Lattice-Based Digital Signature Standard - * National Institute of Standards and Technology - * https://csrc.nist.gov/pubs/fips/204/final - */ - -/* - * WARNING: This file is auto-generated from scripts/autogen - * in the mldsa-native repository. - * Do not modify it directly. - */ - -/* - * Test configuration: Monolithic build config for ML-DSA-65 (native backends - * disabled) - * - * This configuration differs from the default mldsa/mldsa_native_config.h in - * the following places: - * - MLD_CONFIG_PARAMETER_SET - * - MLD_CONFIG_NAMESPACE_PREFIX - * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - MLD_CONFIG_INTERNAL_API_QUALIFIER - */ - - -#ifndef MLD_CONFIG_H -#define MLD_CONFIG_H - -/****************************************************************************** - * Name: MLD_CONFIG_PARAMETER_SET - * - * Description: Specifies the parameter set for ML-DSA - * - MLD_CONFIG_PARAMETER_SET=44 corresponds to ML-DSA-44 - * - MLD_CONFIG_PARAMETER_SET=65 corresponds to ML-DSA-65 - * - MLD_CONFIG_PARAMETER_SET=87 corresponds to ML-DSA-87 - * - * If you want to support multiple parameter sets, build the - * library multiple times and set MLD_CONFIG_MULTILEVEL_BUILD. - * See MLD_CONFIG_MULTILEVEL_BUILD for how to do this while - * minimizing code duplication. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 65 - -/****************************************************************************** - * Name: MLD_CONFIG_FILE - * - * Description: If defined, this is a header that will be included instead - * of the default configuration file mldsa/mldsa_native_config.h. - * - * When you need to build mldsa-native in multiple configurations, - * using varying MLD_CONFIG_FILE can be more convenient - * then configuring everything through CFLAGS. - * - * To use, MLD_CONFIG_FILE _must_ be defined prior - * to the inclusion of any mldsa-native headers. For example, - * it can be set by passing `-DMLD_CONFIG_FILE="..."` - * on the command line. - * - *****************************************************************************/ -/* No need to set this -- we _are_ already in a custom config */ -/* #define MLD_CONFIG_FILE "mldsa_native_config.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_NAMESPACE_PREFIX - * - * Description: The prefix to use to namespace global symbols from mldsa/. - * - * In a multi-level build, level-dependent symbols will - * additionally be prefixed with the parameter set (44/65/87). - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_NAMESPACE_PREFIX mldsa - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_BUILD - * - * Description: Set this if the build is part of a multi-level build supporting - * multiple parameter sets. - * - * If you need only a single parameter set, keep this unset. - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * MLD_CONFIG_MULTILEVEL_BUILD should be set for all of them. - * - * See examples/multilevel_build for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ - -/****************************************************************************** - * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of mldsa-native's - * public API. - * - * The primary use case for this option are single-CU builds - * where the public API exposed by mldsa-native is wrapped by - * another API in the consuming application. In this case, - * even mldsa-native's public API can be marked `static`. - * - *****************************************************************************/ -/* #define MLD_CONFIG_EXTERNAL_API_QUALIFIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_RANDOMIZED_API - * - * Description: If this option is set, mldsa-native will be built without the - * randomized API functions (crypto_sign_keypair, - * crypto_sign, crypto_sign_signature, and - * crypto_sign_signature_extmu). - * This allows users to build mldsa-native without providing a - * randombytes() implementation if they only need the - * internal deterministic API - * (crypto_sign_keypair_internal, crypto_sign_signature_internal). - * - * NOTE: This option is incompatible with MLD_CONFIG_KEYGEN_PCT - * as the current PCT implementation requires - * crypto_sign_signature(). - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_RANDOMIZED_API */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_SUPERCOP - * - * Description: By default, mldsa_native.h exposes the mldsa-native API in the - * SUPERCOP naming convention (crypto_sign_xxx). If you don't need - * this, set MLD_CONFIG_NO_SUPERCOP. - * - * NOTE: You must set this for a multi-level build as the SUPERCOP - * naming does not disambiguate between the parameter sets. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_SUPERCOP */ - -/****************************************************************************** - * Name: MLD_CONFIG_CONSTANTS_ONLY - * - * Description: If you only need the size constants (MLDSA_PUBLICKEYBYTES, etc.) - * but no function declarations, set MLD_CONFIG_CONSTANTS_ONLY. - * - * This only affects the public header mldsa_native.h, not - * the implementation. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CONSTANTS_ONLY */ - -/****************************************************************************** - * - * Build-only configuration options - * - * The remaining configurations are build-options only. - * They do not affect the API described in mldsa_native.h. - * - *****************************************************************************/ - -#if defined(MLD_BUILD_INTERNAL) -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_WITH_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, all MLD_CONFIG_PARAMETER_SET-independent - * code will be included in the build, including code needed only - * for other parameter sets. - * - * Example: TODO: add example - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_WITH_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MULTILEVEL_NO_SHARED - * - * Description: This is for multi-level builds of mldsa-native only. If you - * need only a single parameter set, keep this unset. - * - * If this is set, no MLD_CONFIG_PARAMETER_SET-independent code - * will be included in the build. - * - * To build mldsa-native with support for all parameter sets, - * build it three times -- once per parameter set -- and set the - * option MLD_CONFIG_MULTILEVEL_WITH_SHARED for exactly one of - * them, and MLD_CONFIG_MULTILEVEL_NO_SHARED for the others. - * - * See examples/multilevel_build_mldsa for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_NO_SHARED */ - -/****************************************************************************** - * Name: MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS - * - * Description: This is only relevant for single compilation unit (SCU) - * builds of mldsa-native. In this case, it determines whether - * directives defined in parameter-set-independent headers should - * be #undef'ined or not at the of the SCU file. This is needed - * in multilevel builds. - * - * See examples/multilevel_build_native for an example. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -/* #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */ - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - * - * Description: Determines whether an native arithmetic backend should be used. - * - * The arithmetic backend covers performance critical functions - * such as the number-theoretic transform (NTT). - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the arithmetic backend to be use is - * determined by MLD_CONFIG_ARITH_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_USE_NATIVE_BACKEND_ARITH - -/****************************************************************************** - * Name: MLD_CONFIG_ARITH_BACKEND_FILE - * - * Description: The arithmetic backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is unset, this option - * is ignored. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_ARITH is set, this option must - * either be undefined or the filename of an arithmetic backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_ARITH) && \ - !defined(MLD_CONFIG_ARITH_BACKEND_FILE) -#define MLD_CONFIG_ARITH_BACKEND_FILE "native/meta.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - * Description: Determines whether an native FIPS202 backend should be used. - * - * The FIPS202 backend covers 1x/2x/4x-fold Keccak-f1600, which is - * the performance bottleneck of SHA3 and SHAKE. - * - * If this option is unset, the C backend will be used. - * - * If this option is set, the FIPS202 backend to be use is - * determined by MLD_CONFIG_FIPS202_BACKEND_FILE: If the latter is - * unset, the default backend for your the target architecture - * will be used. If set, it must be the name of a backend metadata - * file. - * - * This can also be set using CFLAGS. - * - *****************************************************************************/ -#define MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_BACKEND_FILE - * - * Description: The FIPS-202 backend to use. - * - * If MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 is set, this option - * must either be undefined or the filename of a FIPS202 backend. - * If unset, the default backend will be used. - * - * This can be set using CFLAGS. - * - *****************************************************************************/ -#if defined(MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202) && \ - !defined(MLD_CONFIG_FIPS202_BACKEND_FILE) -#define MLD_CONFIG_FIPS202_BACKEND_FILE "fips202/native/auto.h" -#endif - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_FIPS202X4_CUSTOM_HEADER - * - * Description: Custom header to use for FIPS-202-X4 - * - * This should only be set if you intend to use a custom - * FIPS-202 implementation, different from the one shipped - * with mldsa-native. - * - * If set, it must be the name of a file serving as the - * replacement for mldsa/src/fips202/fips202x4.h, and exposing - * the same API (see FIPS202.md). - * - *****************************************************************************/ -/* #define MLD_CONFIG_FIPS202X4_CUSTOM_HEADER "SOME_FILE.h" */ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_ZEROIZE - * - * Description: In compliance with @[FIPS204, Section 3.6.3], mldsa-native, - * zeroizes intermediate stack buffers before returning from - * function calls. - * - * Set this option and define `mld_zeroize_native` if you want to - * use a custom method to zeroize intermediate stack buffers. - * The default implementation uses SecureZeroMemory on Windows - * and a memset + compiler barrier otherwise. If neither of those - * is available on the target platform, compilation will fail, - * and you will need to use MLD_CONFIG_CUSTOM_ZEROIZE to provide - * a custom implementation of `mld_zeroize_native()`. - * - * WARNING: - * The explicit stack zeroization conducted by mldsa-native - * reduces the likelihood of data leaking on the stack, but - * does not eliminate it! The C standard makes no guarantee about - * where a compiler allocates structures and whether/where it makes - * copies of them. Also, in addition to entire structures, there - * may also be potentially exploitable leakage of individual values - * on the stack. - * - * If you need bullet-proof zeroization of the stack, you need to - * consider additional measures instead of what this feature - * provides. In this case, you can set mld_zeroize_native to a - * no-op. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_ZEROIZE - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_RANDOMBYTES - * - * Description: mldsa-native does not provide a secure randombytes - * implementation. Such an implementation has to provided by the - * consumer. - * - * If this option is not set, mldsa-native expects a function - * void randombytes(uint8_t *out, size_t outlen). - * - * Set this option and define `mld_randombytes` if you want to - * use a custom method to sample randombytes with a different name - * or signature. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_RANDOMBYTES - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - * - * Description: mldsa-native backends may rely on specific hardware features. - * Those backends will only be included in an mldsa-native build - * if support for the respective features is enabled at - * compile-time. However, when building for a heteroneous set - * of CPUs to run the resulting binary/library on, feature - * detection at _runtime_ is needed to decided whether a backend - * can be used or not. - * - * Set this option and define `mld_sys_check_capability` if you - * want to use a custom method to dispatch between implementations. - * - * If this option is not set, mldsa-native uses compile-time - * feature detection only to decide which backend to use. - * - * If you compile mldsa-native on a system with different - * capabilities than the system that the resulting binary/library - * will be run on, you must use this option. - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_CAPABILITY_FUNC - static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) - { - ... your implementation ... - } -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMCPY - * - * Description: Set this option and define `mld_memcpy` if you want to - * use a custom method to copy memory instead of the standard - * library memcpy function. - * - * The custom implementation must have the same signature and - * behavior as the standard memcpy function: - * void *mld_memcpy(void *dest, const void *src, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMCPY - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_CUSTOM_MEMSET - * - * Description: Set this option and define `mld_memset` if you want to - * use a custom method to set memory instead of the standard - * library memset function. - * - * The custom implementation must have the same signature and - * behavior as the standard memset function: - * void *mld_memset(void *s, int c, size_t n) - * - *****************************************************************************/ -/* #define MLD_CONFIG_CUSTOM_MEMSET - #if !defined(__ASSEMBLER__) - #include - #include "sys.h" - static MLD_INLINE void *mld_memset(void *s, int c, size_t n) - { - ... your implementation ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_INTERNAL_API_QUALIFIER - * - * Description: If set, this option provides an additional function - * qualifier to be added to declarations of internal API. - * - * The primary use case for this option are single-CU builds, - * in which case this option can be set to `static`. - * - *****************************************************************************/ -#define MLD_CONFIG_INTERNAL_API_QUALIFIER static - -/****************************************************************************** - * Name: MLD_CONFIG_CT_TESTING_ENABLED - * - * Description: If set, mldsa-native annotates data as secret / public using - * valgrind's annotations VALGRIND_MAKE_MEM_UNDEFINED and - * VALGRIND_MAKE_MEM_DEFINED, enabling various checks for secret- - * dependent control flow of variable time execution (depending - * on the exact version of valgrind installed). - * - *****************************************************************************/ -/* #define MLD_CONFIG_CT_TESTING_ENABLED */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly. - * - * By default, inline assembly is used to implement value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - * Inline assembly is also used to implement a secure zeroization - * function on non-Windows platforms. If this option is set and - * the target platform is not Windows, you MUST set - * MLD_CONFIG_CUSTOM_ZEROIZE and provide a custom zeroization - * function. - * - * If this option is set, MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 and - * and MLD_CONFIG_USE_NATIVE_BACKEND_ARITH will be ignored, and no - * native backends will be used. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM */ - -/****************************************************************************** - * Name: MLD_CONFIG_NO_ASM_VALUE_BARRIER - * - * Description: If this option is set, mldsa-native will be built without - * use of native code or inline assembly for value barriers. - * - * By default, inline assembly (if available) is used to implement - * value barriers. - * Without inline assembly, mldsa-native will use a global volatile - * 'opt blocker' instead; see ct.h. - * - *****************************************************************************/ -/* #define MLD_CONFIG_NO_ASM_VALUE_BARRIER */ - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT - * - * Description: Compliance with @[FIPS140_3_IG, p.87] requires a - * Pairwise Consistency Test (PCT) to be carried out on a freshly - * generated keypair before it can be exported. - * - * Set this option if such a check should be implemented. - * In this case, crypto_sign_keypair_internal and - * crypto_sign_keypair will return a non-zero error code if the - * PCT failed. - * - * NOTE: This feature will drastically lower the performance of - * key generation. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT */ - -/****************************************************************************** - * Name: MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - * - * Description: If this option is set, the user must provide a runtime - * function `static inline int mld_break_pct() { ... }` to - * indicate whether the PCT should be made fail. - * - * This option only has an effect if MLD_CONFIG_KEYGEN_PCT is set. - * - *****************************************************************************/ -/* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST - #if !defined(__ASSEMBLER__) - #include "sys.h" - static MLD_INLINE int mld_break_pct(void) - { - ... return 0/1 depending on whether PCT should be broken ... - } - #endif -*/ - -/****************************************************************************** - * Name: MLD_CONFIG_SERIAL_FIPS202_ONLY - * - * Description: Set this to use a FIPS202 implementation with global state - * that supports only one active Keccak computation at a time - * (e.g. some hardware accelerators). - * - * If this option is set, ML-DSA will use FIPS202 operations - * serially, ensuring that only one SHAKE context is active - * at any given time. - * - * This allows offloading Keccak computations to a hardware - * accelerator that holds only a single Keccak state locally, - * rather than requiring support for multiple concurrent - * Keccak states. - * - * NOTE: Depending on the target CPU, this may reduce - * performance when using software FIPS202 implementations. - * Only enable this when you have to. - * - *****************************************************************************/ -/* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */ - -/************************* Config internals ********************************/ - -#endif /* MLD_BUILD_INTERNAL */ - -/* Default namespace - * - * Don't change this. If you need a different namespace, re-define - * MLD_CONFIG_NAMESPACE_PREFIX above instead, and remove the following. - * - * The default MLDSA namespace is - * - * PQCP_MLDSA_NATIVE_MLDSA_ - * - * e.g., PQCP_MLDSA_NATIVE_MLDSA44_ - */ - -#if MLD_CONFIG_PARAMETER_SET == 44 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA44 -#elif MLD_CONFIG_PARAMETER_SET == 65 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA65 -#elif MLD_CONFIG_PARAMETER_SET == 87 -#define MLD_DEFAULT_NAMESPACE_PREFIX PQCP_MLDSA_NATIVE_MLDSA87 -#endif - -#endif /* !MLD_CONFIG_H */ diff --git a/examples/monolithic_build_native/mldsa_native/mldsa_native.S b/examples/monolithic_build_native/mldsa_native/mldsa_native.S new file mode 120000 index 000000000..1a7c2694b --- /dev/null +++ b/examples/monolithic_build_native/mldsa_native/mldsa_native.S @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.S \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa/mldsa_native.c b/examples/monolithic_build_native/mldsa_native/mldsa_native.c similarity index 100% rename from examples/monolithic_build_native/mldsa/mldsa_native.c rename to examples/monolithic_build_native/mldsa_native/mldsa_native.c diff --git a/examples/monolithic_build_native/mldsa_native/mldsa_native.h b/examples/monolithic_build_native/mldsa_native/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/monolithic_build_native/mldsa_native/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build/mldsa/config_44.h b/examples/monolithic_build_native/mldsa_native/mldsa_native_config.h similarity index 98% rename from examples/monolithic_build/mldsa/config_44.h rename to examples/monolithic_build_native/mldsa_native/mldsa_native_config.h index 82570d430..dfe74bbec 100644 --- a/examples/monolithic_build/mldsa/config_44.h +++ b/examples/monolithic_build_native/mldsa_native/mldsa_native_config.h @@ -25,12 +25,10 @@ */ /* - * Test configuration: Monolithic build config for ML-DSA-44 (native backends - * disabled) + * Test configuration: Monolithic build config (native backends disabled) * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: - * - MLD_CONFIG_PARAMETER_SET * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_INTERNAL_API_QUALIFIER */ @@ -55,7 +53,10 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 44 +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif /****************************************************************************** * Name: MLD_CONFIG_FILE @@ -388,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -414,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -466,7 +467,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -489,7 +490,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -588,7 +589,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/monolithic_build_native/mldsa_native/src b/examples/monolithic_build_native/mldsa_native/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/monolithic_build_native/mldsa_native/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/multilevel_build/Makefile b/examples/multilevel_build/Makefile index 4fc3d43ee..efe789c31 100644 --- a/examples/multilevel_build/Makefile +++ b/examples/multilevel_build/Makefile @@ -26,7 +26,7 @@ CFLAGS := \ -Wno-unused-command-line-argument \ -O3 \ -fomit-frame-pointer \ - -Imldsa_native/mldsa \ + -Imldsa_native/ \ -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ -std=c99 \ -pedantic \ @@ -56,10 +56,10 @@ endif # Alternatively, you can compile the 'monobuild' source file mldsa_native.c. # See examples/monolithic_build for that. MLD_SOURCE_ALL := $(wildcard \ - mldsa_native/mldsa/src/*.c \ - mldsa_native/mldsa/src/**/*.c \ - mldsa_native/mldsa/src/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/*.c) + mldsa_native/src/*.c \ + mldsa_native/src/**/*.c \ + mldsa_native/src/**/**/*.c \ + mldsa_native/src/**/**/**/*.c) MLD_SOURCE:=$(foreach S,$(MLD_SOURCE_ALL),\ $(if $(findstring /native/,$S),,$S)) diff --git a/examples/multilevel_build/mldsa_native/mldsa b/examples/multilevel_build/mldsa_native/mldsa deleted file mode 120000 index 10da1bec2..000000000 --- a/examples/multilevel_build/mldsa_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa \ No newline at end of file diff --git a/examples/multilevel_build/mldsa_native/mldsa_native.h b/examples/multilevel_build/mldsa_native/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/multilevel_build/mldsa_native/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build/mldsa/config_87.h b/examples/multilevel_build/mldsa_native/mldsa_native_config.h similarity index 98% rename from examples/monolithic_build/mldsa/config_87.h rename to examples/multilevel_build/mldsa_native/mldsa_native_config.h index 668538dc0..1270efa12 100644 --- a/examples/monolithic_build/mldsa/config_87.h +++ b/examples/multilevel_build/mldsa_native/mldsa_native_config.h @@ -25,14 +25,12 @@ */ /* - * Test configuration: Monolithic build config for ML-DSA-87 (native backends - * disabled) + * Test configuration: Multilevel build config * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: - * - MLD_CONFIG_PARAMETER_SET + * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX - * - MLD_CONFIG_INTERNAL_API_QUALIFIER */ @@ -55,7 +53,10 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 87 +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif /****************************************************************************** * Name: MLD_CONFIG_FILE @@ -108,7 +109,7 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ +#define MLD_CONFIG_MULTILEVEL_BUILD /****************************************************************************** * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER @@ -388,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -414,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -466,7 +467,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -489,7 +490,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -507,7 +508,7 @@ * in which case this option can be set to `static`. * *****************************************************************************/ -#define MLD_CONFIG_INTERNAL_API_QUALIFIER static +/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED @@ -588,7 +589,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/multilevel_build/mldsa_native/src b/examples/multilevel_build/mldsa_native/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/multilevel_build/mldsa_native/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/multilevel_build/mldsa_native_all.h b/examples/multilevel_build/mldsa_native_all.h index dfe139a99..adcd5bfd7 100644 --- a/examples/multilevel_build/mldsa_native_all.h +++ b/examples/multilevel_build/mldsa_native_all.h @@ -9,27 +9,21 @@ /* API for MLDSA-44 */ -#define MLD_CONFIG_API_PARAMETER_SET 44 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa44 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 44 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-65 */ -#define MLD_CONFIG_API_PARAMETER_SET 65 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa65 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 65 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-87 */ -#define MLD_CONFIG_API_PARAMETER_SET 87 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa87 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 87 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H #endif /* !MLD_ALL_H */ diff --git a/examples/multilevel_build_native/Makefile b/examples/multilevel_build_native/Makefile index 0ae9181ee..e8e8742be 100644 --- a/examples/multilevel_build_native/Makefile +++ b/examples/multilevel_build_native/Makefile @@ -26,7 +26,7 @@ CFLAGS := \ -Wno-unused-command-line-argument \ -O3 \ -fomit-frame-pointer \ - -Imldsa_native/mldsa \ + -Imldsa_native/ \ -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa \ -std=c99 \ -pedantic \ @@ -56,16 +56,16 @@ endif # Alternatively, you can compile the 'monobuild' source file mldsa_native.c. # See examples/monolithic_build for that. MLD_SOURCE := $(wildcard \ - mldsa_native/mldsa/src/*.c \ - mldsa_native/mldsa/src/**/*.c \ - mldsa_native/mldsa/src/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/*.c \ - mldsa_native/mldsa/src/**/**/**/**/*.c \ - mldsa_native/mldsa/src/*.S \ - mldsa_native/mldsa/src/**/*.S \ - mldsa_native/mldsa/src/**/**/*.S \ - mldsa_native/mldsa/src/**/**/**/*.S \ - mldsa_native/mldsa/src/**/**/**/**/*.S) + mldsa_native/src/*.c \ + mldsa_native/src/**/*.c \ + mldsa_native/src/**/**/*.c \ + mldsa_native/src/**/**/**/*.c \ + mldsa_native/src/**/**/**/**/*.c \ + mldsa_native/src/*.S \ + mldsa_native/src/**/*.S \ + mldsa_native/src/**/**/*.S \ + mldsa_native/src/**/**/**/*.S \ + mldsa_native/src/**/**/**/**/*.S) BUILD_DIR=build MLDSA44_DIR = $(BUILD_DIR)/mldsa44 @@ -79,17 +79,17 @@ MLDSA87_OBJS=$(patsubst %,$(MLDSA87_DIR)/%.o,$(MLD_SOURCE)) $(MLDSA44_OBJS): $(MLDSA44_DIR)/%.o: % $(Q)echo " CC $@" $(Q)[ -d $(@D) ] || mkdir -p $(@D) - $(Q)$(CC) -DMLD_CONFIG_USE_NATIVE_BACKEND_ARITH -DMLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 -DMLD_CONFIG_MULTILEVEL_WITH_SHARED -DMLD_CONFIG_PARAMETER_SET=44 $(CFLAGS) -c $^ -o $@ + $(Q)$(CC) -DMLD_CONFIG_MULTILEVEL_WITH_SHARED -DMLD_CONFIG_PARAMETER_SET=44 $(CFLAGS) -c $^ -o $@ $(MLDSA65_OBJS): $(MLDSA65_DIR)/%.o: % $(Q)echo " CC $@" $(Q)[ -d $(@D) ] || mkdir -p $(@D) - $(Q)$(CC) -DMLD_CONFIG_USE_NATIVE_BACKEND_ARITH -DMLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 -DMLD_CONFIG_MULTILEVEL_NO_SHARED -DMLD_CONFIG_PARAMETER_SET=65 $(CFLAGS) -c $^ -o $@ + $(Q)$(CC) -DMLD_CONFIG_MULTILEVEL_NO_SHARED -DMLD_CONFIG_PARAMETER_SET=65 $(CFLAGS) -c $^ -o $@ $(MLDSA87_OBJS): $(MLDSA87_DIR)/%.o: % $(Q)echo " CC $@" $(Q)[ -d $(@D) ] || mkdir -p $(@D) - $(Q)$(CC) -DMLD_CONFIG_USE_NATIVE_BACKEND_ARITH -DMLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 -DMLD_CONFIG_MULTILEVEL_NO_SHARED -DMLD_CONFIG_PARAMETER_SET=87 $(CFLAGS) -c $^ -o $@ + $(Q)$(CC) -DMLD_CONFIG_MULTILEVEL_NO_SHARED -DMLD_CONFIG_PARAMETER_SET=87 $(CFLAGS) -c $^ -o $@ mldsa44_objs: $(MLDSA44_OBJS) mldsa65_objs: $(MLDSA65_OBJS) diff --git a/examples/multilevel_build_native/mldsa_native/mldsa b/examples/multilevel_build_native/mldsa_native/mldsa deleted file mode 120000 index 10da1bec2..000000000 --- a/examples/multilevel_build_native/mldsa_native/mldsa +++ /dev/null @@ -1 +0,0 @@ -../../../mldsa \ No newline at end of file diff --git a/examples/multilevel_build_native/mldsa_native/mldsa_native.h b/examples/multilevel_build_native/mldsa_native/mldsa_native.h new file mode 120000 index 000000000..f25191336 --- /dev/null +++ b/examples/multilevel_build_native/mldsa_native/mldsa_native.h @@ -0,0 +1 @@ +../../../mldsa/mldsa_native.h \ No newline at end of file diff --git a/examples/monolithic_build_native/mldsa/config_87.h b/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h similarity index 98% rename from examples/monolithic_build_native/mldsa/config_87.h rename to examples/multilevel_build_native/mldsa_native/mldsa_native_config.h index 4fbbc3ed8..9a24cd70e 100644 --- a/examples/monolithic_build_native/mldsa/config_87.h +++ b/examples/multilevel_build_native/mldsa_native/mldsa_native_config.h @@ -25,16 +25,14 @@ */ /* - * Test configuration: Monolithic build config for ML-DSA-87 (native backends - * disabled) + * Test configuration: Multilevel build config * * This configuration differs from the default mldsa/mldsa_native_config.h in * the following places: - * - MLD_CONFIG_PARAMETER_SET + * - MLD_CONFIG_MULTILEVEL_BUILD * - MLD_CONFIG_NAMESPACE_PREFIX * - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH * - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 - * - MLD_CONFIG_INTERNAL_API_QUALIFIER */ @@ -57,7 +55,10 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -#define MLD_CONFIG_PARAMETER_SET 87 +#ifndef MLD_CONFIG_PARAMETER_SET +#define MLD_CONFIG_PARAMETER_SET \ + 44 /* Change this for different security strengths */ +#endif /****************************************************************************** * Name: MLD_CONFIG_FILE @@ -110,7 +111,7 @@ * This can also be set using CFLAGS. * *****************************************************************************/ -/* #define MLD_CONFIG_MULTILEVEL_BUILD */ +#define MLD_CONFIG_MULTILEVEL_BUILD /****************************************************************************** * Name: MLD_CONFIG_EXTERNAL_API_QUALIFIER @@ -386,7 +387,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -412,7 +413,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -464,7 +465,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -487,7 +488,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -505,7 +506,7 @@ * in which case this option can be set to `static`. * *****************************************************************************/ -#define MLD_CONFIG_INTERNAL_API_QUALIFIER static +/* #define MLD_CONFIG_INTERNAL_API_QUALIFIER */ /****************************************************************************** * Name: MLD_CONFIG_CT_TESTING_ENABLED @@ -586,7 +587,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/examples/multilevel_build_native/mldsa_native/src b/examples/multilevel_build_native/mldsa_native/src new file mode 120000 index 000000000..3fd9af3d7 --- /dev/null +++ b/examples/multilevel_build_native/mldsa_native/src @@ -0,0 +1 @@ +../../../mldsa/src/ \ No newline at end of file diff --git a/examples/multilevel_build_native/mldsa_native_all.h b/examples/multilevel_build_native/mldsa_native_all.h index 6295ff046..825618b79 100644 --- a/examples/multilevel_build_native/mldsa_native_all.h +++ b/examples/multilevel_build_native/mldsa_native_all.h @@ -7,27 +7,21 @@ #define MLD_ALL_H /* API for MLDSA-44 */ -#define MLD_CONFIG_API_PARAMETER_SET 44 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa44 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 44 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-65 */ -#define MLD_CONFIG_API_PARAMETER_SET 65 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa65 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 65 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H /* API for MLDSA-87 */ -#define MLD_CONFIG_API_PARAMETER_SET 87 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa87 -#include "mldsa_native/mldsa/mldsa_native.h" -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#define MLD_CONFIG_PARAMETER_SET 87 +#include "mldsa_native/mldsa_native.h" +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H #endif /* !MLD_ALL_H */ diff --git a/mldsa/mldsa_native_config.h b/mldsa/mldsa_native_config.h index 997bf481d..bc01ae764 100644 --- a/mldsa/mldsa_native_config.h +++ b/mldsa/mldsa_native_config.h @@ -374,7 +374,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -400,7 +400,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -452,7 +452,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -475,7 +475,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -574,7 +574,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/scripts/lint b/scripts/lint index 4b749386f..57f8c37d5 100755 --- a/scripts/lint +++ b/scripts/lint @@ -157,7 +157,7 @@ check-spdx() success=false fi done - for file in $(git ls-files -- "*.[chsS]" "*.py" "*.mk" "*.yml" "**/Makefile*" ":/!proofs/cbmc/*.py" ":/!examples/bring_your_own_fips202/custom_fips202/tiny_sha3/*" ":/!examples/custom_backend/mldsa_native/mldsa/src/fips202/native/custom/src/*"); do + for file in $(git ls-files -- "*.[chsS]" "*.py" "*.mk" "*.yml" "**/Makefile*" ":/!proofs/cbmc/*.py" ":/!examples/bring_your_own_fips202/custom_fips202/tiny_sha3/*" ":/!examples/custom_backend/mldsa_native/src/fips202/native/custom/src/*"); do # Ignore symlinks if [[ ! -L $file && $(grep "Copyright (c) The mldsa-native project authors" $file | wc -l) == 0 ]]; then gh_error "$file" "${line:-1}" "Missing copyright header error" "$file is missing copyright header" diff --git a/test/break_pct_config.h b/test/break_pct_config.h index 13a10cfd3..8004a7d77 100644 --- a/test/break_pct_config.h +++ b/test/break_pct_config.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -468,7 +468,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -491,7 +491,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... diff --git a/test/configs.yml b/test/configs.yml index 3408c45ff..c6ef1f93d 100644 --- a/test/configs.yml +++ b/test/configs.yml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT # Metadata for test configuration files -# Each entry describes how a test config differs from mldsa/config.h +# Each entry describes how a test config differs from mldsa/mldsa_native_config.h configs: - path: test/no_asm_config.h @@ -280,79 +280,56 @@ configs: return 0; } #endif /* !__ASSEMBLER__ */ - # Example configs - - path: examples/monolithic_build/mldsa/config_44.h - description: "Monolithic build config for ML-DSA-44 (native backends disabled)" - defines: - MLD_CONFIG_PARAMETER_SET: 44 - MLD_CONFIG_NAMESPACE_PREFIX: mldsa - MLD_CONFIG_INTERNAL_API_QUALIFIER: static - MLD_CONFIG_FILE: - comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build/mldsa/config_65.h - description: "Monolithic build config for ML-DSA-65 (native backends disabled)" + # Example configs + - path: examples/monolithic_build/mldsa_native/mldsa_native_config.h + description: "Monolithic build config" defines: - MLD_CONFIG_PARAMETER_SET: 65 MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_INTERNAL_API_QUALIFIER: static MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build/mldsa/config_87.h - description: "Monolithic build config for ML-DSA-87 (native backends disabled)" + - path: examples/monolithic_build_native/mldsa_native/mldsa_native_config.h + description: "Monolithic build config (native backends disabled)" defines: - MLD_CONFIG_PARAMETER_SET: 87 MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_INTERNAL_API_QUALIFIER: static MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/mldsa/config_44.h - description: "Monolithic build config for ML-DSA-44 (native backends disabled)" + - path: examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h + description: "Multilevel monolithic build config" defines: - MLD_CONFIG_PARAMETER_SET: 44 + MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202: true MLD_CONFIG_INTERNAL_API_QUALIFIER: static MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/mldsa/config_65.h - description: "Monolithic build config for ML-DSA-65 (native backends disabled)" + - path: examples/multilevel_build/mldsa_native/mldsa_native_config.h + description: "Multilevel build config" defines: - MLD_CONFIG_PARAMETER_SET: 65 + MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa - MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true - MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202: true - MLD_CONFIG_INTERNAL_API_QUALIFIER: static MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_native/mldsa/config_87.h - description: "Monolithic build config for ML-DSA-87 (native backends disabled)" + - path: examples/multilevel_build_native/mldsa_native/mldsa_native_config.h + description: "Multilevel build config" defines: - MLD_CONFIG_PARAMETER_SET: 87 + MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202: true - MLD_CONFIG_INTERNAL_API_QUALIFIER: static MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" - - path: examples/monolithic_build_multilevel/mldsa/multilevel_config.h - description: "Multilevel monolithic build config" - defines: - MLD_CONFIG_NAMESPACE_PREFIX: mldsa - MLD_CONFIG_INTERNAL_API_QUALIFIER: static - MLD_CONFIG_FILE: - comment: "/* No need to set this -- we _are_ already in a custom config */" - - - path: examples/monolithic_build_multilevel_native/mldsa/multilevel_config.h + - path: examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h description: "Multilevel monolithic build config with native backends" defines: + MLD_CONFIG_MULTILEVEL_BUILD: true MLD_CONFIG_NAMESPACE_PREFIX: mldsa MLD_CONFIG_USE_NATIVE_BACKEND_ARITH: true MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202: true @@ -371,7 +348,7 @@ configs: #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/sys.h" #include "test_only_rng/notrandombytes.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { @@ -379,7 +356,7 @@ configs: } #endif /* !__ASSEMBLER__ */ - - path: examples/custom_backend/mldsa_native/custom_config.h + - path: examples/custom_backend/mldsa_native/mldsa_native_config.h description: "Custom backend config with tiny SHA3" defines: MLD_CONFIG_PARAMETER_SET: @@ -392,3 +369,30 @@ configs: MLD_CONFIG_FIPS202_BACKEND_FILE: '"fips202/native/custom/custom.h"' MLD_CONFIG_FILE: comment: "/* No need to set this -- we _are_ already in a custom config */" + + - path: examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h + description: "Configuration for custom FIPS202 implementation" + defines: + MLD_CONFIG_NAMESPACE_PREFIX: mldsa + MLD_CONFIG_FIPS202_CUSTOM_HEADER: "\"../custom_fips202/fips202.h\"" + MLD_CONFIG_FIPS202X4_CUSTOM_HEADER: "\"../custom_fips202/fips202x4.h\"" + MLD_CONFIG_FILE: + comment: "/* No need to set this -- we _are_ already in a custom config */" + + - path: examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h + description: "Configuration for custom serial FIPS202 implementation" + defines: + MLD_CONFIG_NAMESPACE_PREFIX: mldsa + MLD_CONFIG_SERIAL_FIPS202_ONLY: true + MLD_CONFIG_FIPS202_CUSTOM_HEADER: "\"../custom_fips202/fips202.h\"" + MLD_CONFIG_FIPS202X4_CUSTOM_HEADER: "\"../custom_fips202/fips202x4.h\"" + MLD_CONFIG_FILE: + comment: "/* No need to set this -- we _are_ already in a custom config */" + + - path: examples/basic_deterministic/mldsa_native/mldsa_native_config.h + description: "Configuration for deterministic-only build of mldsa-native" + defines: + MLD_CONFIG_NAMESPACE_PREFIX: mldsa + MLD_CONFIG_NO_RANDOMIZED_API: true + MLD_CONFIG_FILE: + comment: "/* No need to set this -- we _are_ already in a custom config */" diff --git a/test/custom_memcpy_config.h b/test/custom_memcpy_config.h index 9061d7a44..f9f4fbc4d 100644 --- a/test/custom_memcpy_config.h +++ b/test/custom_memcpy_config.h @@ -389,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -415,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -498,7 +498,7 @@ static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -597,7 +597,7 @@ static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_memset_config.h b/test/custom_memset_config.h index c973a00a9..fdacfdeac 100644 --- a/test/custom_memset_config.h +++ b/test/custom_memset_config.h @@ -389,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -415,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -467,7 +467,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -596,7 +596,7 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_native_capability_config_0.h b/test/custom_native_capability_config_0.h index 034dbcff0..1d113b483 100644 --- a/test/custom_native_capability_config_0.h +++ b/test/custom_native_capability_config_0.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -474,7 +474,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -497,7 +497,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -596,7 +596,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_native_capability_config_1.h b/test/custom_native_capability_config_1.h index d98d9b259..f79124299 100644 --- a/test/custom_native_capability_config_1.h +++ b/test/custom_native_capability_config_1.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -473,7 +473,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -496,7 +496,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -595,7 +595,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_native_capability_config_CPUID_AVX2.h b/test/custom_native_capability_config_CPUID_AVX2.h index 2aae50ece..70ab6057b 100644 --- a/test/custom_native_capability_config_CPUID_AVX2.h +++ b/test/custom_native_capability_config_CPUID_AVX2.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -505,7 +505,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -528,7 +528,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -627,7 +627,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h index a0cf8dbc2..020e8ca2a 100644 --- a/test/custom_native_capability_config_ID_AA64PFR1_EL1.h +++ b/test/custom_native_capability_config_ID_AA64PFR1_EL1.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -492,7 +492,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -515,7 +515,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -614,7 +614,7 @@ static MLD_INLINE int mld_sys_check_capability(mld_sys_cap cap) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_randombytes_config.h b/test/custom_randombytes_config.h index 2e93a648a..7be486237 100644 --- a/test/custom_randombytes_config.h +++ b/test/custom_randombytes_config.h @@ -389,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -468,7 +468,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -491,7 +491,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -590,7 +590,7 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_stdlib_config.h b/test/custom_stdlib_config.h index 89c7e6341..7eb6a6e04 100644 --- a/test/custom_stdlib_config.h +++ b/test/custom_stdlib_config.h @@ -390,7 +390,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -416,7 +416,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -605,7 +605,7 @@ static MLD_INLINE void *mld_memset(void *s, int c, size_t n) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/custom_zeroize_config.h b/test/custom_zeroize_config.h index 7d6ae9730..08206c954 100644 --- a/test/custom_zeroize_config.h +++ b/test/custom_zeroize_config.h @@ -416,7 +416,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -468,7 +468,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -491,7 +491,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -590,7 +590,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/no_asm_config.h b/test/no_asm_config.h index aca50bb98..7fc4428ba 100644 --- a/test/no_asm_config.h +++ b/test/no_asm_config.h @@ -417,7 +417,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -469,7 +469,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -492,7 +492,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -591,7 +591,7 @@ static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... diff --git a/test/serial_fips202_config.h b/test/serial_fips202_config.h index 63ba282be..5fc54797a 100644 --- a/test/serial_fips202_config.h +++ b/test/serial_fips202_config.h @@ -389,7 +389,7 @@ /* #define MLD_CONFIG_CUSTOM_ZEROIZE #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_zeroize_native(void *ptr, size_t len) { ... your implementation ... @@ -415,7 +415,7 @@ /* #define MLD_CONFIG_CUSTOM_RANDOMBYTES #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len) { ... your implementation ... @@ -467,7 +467,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMCPY #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memcpy(void *dest, const void *src, size_t n) { ... your implementation ... @@ -490,7 +490,7 @@ /* #define MLD_CONFIG_CUSTOM_MEMSET #if !defined(__ASSEMBLER__) #include - #include "sys.h" + #include "src/src.h" static MLD_INLINE void *mld_memset(void *s, int c, size_t n) { ... your implementation ... @@ -589,7 +589,7 @@ *****************************************************************************/ /* #define MLD_CONFIG_KEYGEN_PCT_BREAKAGE_TEST #if !defined(__ASSEMBLER__) - #include "sys.h" + #include "src/src.h" static MLD_INLINE int mld_break_pct(void) { ... return 0/1 depending on whether PCT should be broken ... From 9e1ee6abc2df860adbde9e320f2a03f7e0963eba Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 12:35:57 +0800 Subject: [PATCH 6/7] params.h: Rename CRYPTO_XXX to MLDSA_CRYPTO_XXX To avoid clashing with the symbols defined in mldsa_native.h, this commits aligns with mlkem-native, by using different symbol names (MLDSA_CRYPTO_XXX) Signed-off-by: Matthias J. Kannwischer --- BIBLIOGRAPHY.md | 2 + mldsa/mldsa_native.S | 5 +- mldsa/mldsa_native.c | 5 +- mldsa/src/common.h | 4 - mldsa/src/packing.c | 18 +- mldsa/src/packing.h | 34 +-- mldsa/src/params.h | 6 +- mldsa/src/sign.c | 135 ++++++------ mldsa/src/sign.h | 195 +++++++++--------- proofs/cbmc/check_pct/check_pct_harness.c | 4 +- ...pute_t0_t1_tr_from_sk_components_harness.c | 10 +- .../crypto_sign_pk_from_sk_harness.c | 4 +- test/acvp_mldsa.c | 113 +++++----- test/bench_mldsa.c | 6 +- test/gen_KAT.c | 10 +- test/test_mldsa.c | 90 ++++---- test/test_stack.c | 16 +- 17 files changed, 333 insertions(+), 324 deletions(-) diff --git a/BIBLIOGRAPHY.md b/BIBLIOGRAPHY.md index bcbb47ba7..6bba0d344 100644 --- a/BIBLIOGRAPHY.md +++ b/BIBLIOGRAPHY.md @@ -29,6 +29,7 @@ source code and documentation. - [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h) - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h) - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h) @@ -74,6 +75,7 @@ source code and documentation. - [examples/custom_backend/mldsa_native/mldsa_native_config.h](examples/custom_backend/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h) + - [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h) - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h) - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h) - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h) diff --git a/mldsa/mldsa_native.S b/mldsa/mldsa_native.S index 1f3a5ef6e..cfed7a76c 100644 --- a/mldsa/mldsa_native.S +++ b/mldsa/mldsa_native.S @@ -199,8 +199,6 @@ #undef MLD_COMMON_H #undef MLD_CONCAT #undef MLD_CONCAT_ -#undef MLD_CONFIG_API_NAMESPACE_PREFIX -#undef MLD_CONFIG_API_PARAMETER_SET #undef MLD_EMPTY_CU #undef MLD_EXTERNAL_API #undef MLD_FIPS202X4_HEADER_FILE @@ -224,6 +222,9 @@ /* mldsa/src/params.h */ #undef MLDSA_BETA #undef MLDSA_CRHBYTES +#undef MLDSA_CRYPTO_BYTES +#undef MLDSA_CRYPTO_PUBLICKEYBYTES +#undef MLDSA_CRYPTO_SECRETKEYBYTES #undef MLDSA_CTILDEBYTES #undef MLDSA_D #undef MLDSA_ETA diff --git a/mldsa/mldsa_native.c b/mldsa/mldsa_native.c index 0e7e0a6a4..9a5e2f318 100644 --- a/mldsa/mldsa_native.c +++ b/mldsa/mldsa_native.c @@ -196,8 +196,6 @@ #undef MLD_COMMON_H #undef MLD_CONCAT #undef MLD_CONCAT_ -#undef MLD_CONFIG_API_NAMESPACE_PREFIX -#undef MLD_CONFIG_API_PARAMETER_SET #undef MLD_EMPTY_CU #undef MLD_EXTERNAL_API #undef MLD_FIPS202X4_HEADER_FILE @@ -221,6 +219,9 @@ /* mldsa/src/params.h */ #undef MLDSA_BETA #undef MLDSA_CRHBYTES +#undef MLDSA_CRYPTO_BYTES +#undef MLDSA_CRYPTO_PUBLICKEYBYTES +#undef MLDSA_CRYPTO_SECRETKEYBYTES #undef MLDSA_CTILDEBYTES #undef MLDSA_D #undef MLDSA_ETA diff --git a/mldsa/src/common.h b/mldsa/src/common.h index 49d264ada..62c13a50f 100644 --- a/mldsa/src/common.h +++ b/mldsa/src/common.h @@ -169,8 +169,4 @@ #endif /* MLD_CONFIG_API_PARAMETER_SET || MLD_CONFIG_API_NAMESPACE_PREFIX || \ MLD_CONFIG_API_NO_SUPERCOP || MLD_CONFIG_API_CONSTANTS_ONLY */ -#define MLD_CONFIG_API_PARAMETER_SET MLD_CONFIG_PARAMETER_SET -#define MLD_CONFIG_API_NAMESPACE_PREFIX \ - MLD_ADD_PARAM_SET(MLD_CONFIG_NAMESPACE_PREFIX) - #endif /* !MLD_COMMON_H */ diff --git a/mldsa/src/packing.c b/mldsa/src/packing.c index a2bd68555..ab08fb6ea 100644 --- a/mldsa/src/packing.c +++ b/mldsa/src/packing.c @@ -17,7 +17,7 @@ /* End of parameter set namespacing */ MLD_INTERNAL_API -void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], +void mld_pack_pk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], const mld_polyveck *t1) { unsigned int i; @@ -25,7 +25,7 @@ void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], mld_memcpy(pk, rho, MLDSA_SEEDBYTES); for (i = 0; i < MLDSA_K; ++i) __loop__( - assigns(i, memory_slice(pk, CRYPTO_PUBLICKEYBYTES)) + assigns(i, memory_slice(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) invariant(i <= MLDSA_K) ) { @@ -36,7 +36,7 @@ void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], MLD_INTERNAL_API void mld_unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], mld_polyveck *t1, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { unsigned int i; @@ -50,7 +50,7 @@ void mld_unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], mld_polyveck *t1, } MLD_INTERNAL_API -void mld_pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES], +void mld_pack_sk(uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], const uint8_t tr[MLDSA_TRBYTES], const uint8_t key[MLDSA_SEEDBYTES], const mld_polyveck *t0, @@ -78,7 +78,7 @@ MLD_INTERNAL_API void mld_unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES], uint8_t key[MLDSA_SEEDBYTES], mld_polyveck *t0, mld_polyvecl *s1, mld_polyveck *s2, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { mld_memcpy(rho, sk, MLDSA_SEEDBYTES); sk += MLDSA_SEEDBYTES; @@ -99,9 +99,9 @@ void mld_unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES], } MLD_INTERNAL_API -void mld_pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[MLDSA_CTILDEBYTES], - const mld_polyvecl *z, const mld_polyveck *h, - const unsigned int number_of_hints) +void mld_pack_sig(uint8_t sig[MLDSA_CRYPTO_BYTES], + const uint8_t c[MLDSA_CTILDEBYTES], const mld_polyvecl *z, + const mld_polyveck *h, const unsigned int number_of_hints) { unsigned int i, j, k; @@ -261,7 +261,7 @@ __contract__( MLD_INTERNAL_API int mld_unpack_sig(uint8_t c[MLDSA_CTILDEBYTES], mld_polyvecl *z, - mld_polyveck *h, const uint8_t sig[CRYPTO_BYTES]) + mld_polyveck *h, const uint8_t sig[MLDSA_CRYPTO_BYTES]) { mld_memcpy(c, sig, MLDSA_CTILDEBYTES); sig += MLDSA_CTILDEBYTES; diff --git a/mldsa/src/packing.h b/mldsa/src/packing.h index d03706137..b8057bca5 100644 --- a/mldsa/src/packing.h +++ b/mldsa/src/packing.h @@ -19,15 +19,15 @@ * - const mld_polyveck *t1: pointer to vector t1 **************************************************/ MLD_INTERNAL_API -void mld_pack_pk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], +void mld_pack_pk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], const mld_polyveck *t1) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) requires(memory_no_alias(rho, MLDSA_SEEDBYTES)) requires(memory_no_alias(t1, sizeof(mld_polyveck))) requires(forall(k0, 0, MLDSA_K, array_bound(t1->vec[k0].coeffs, 0, MLDSA_N, 0, 1 << 10))) - assigns(memory_slice(pk, CRYPTO_PUBLICKEYBYTES)) + assigns(memory_slice(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ); @@ -46,13 +46,13 @@ __contract__( * - const mld_polyveck *s2: pointer to vector s2 **************************************************/ MLD_INTERNAL_API -void mld_pack_sk(uint8_t sk[CRYPTO_SECRETKEYBYTES], +void mld_pack_sk(uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], const uint8_t tr[MLDSA_TRBYTES], const uint8_t key[MLDSA_SEEDBYTES], const mld_polyveck *t0, const mld_polyvecl *s1, const mld_polyveck *s2) __contract__( - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) requires(memory_no_alias(rho, MLDSA_SEEDBYTES)) requires(memory_no_alias(tr, MLDSA_TRBYTES)) requires(memory_no_alias(key, MLDSA_SEEDBYTES)) @@ -65,7 +65,7 @@ __contract__( array_abs_bound(s1->vec[k1].coeffs, 0, MLDSA_N, MLDSA_ETA + 1))) requires(forall(k2, 0, MLDSA_K, array_abs_bound(s2->vec[k2].coeffs, 0, MLDSA_N, MLDSA_ETA + 1))) - assigns(memory_slice(sk, CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) ); @@ -88,11 +88,11 @@ __contract__( * proof of type safety. **************************************************/ MLD_INTERNAL_API -void mld_pack_sig(uint8_t sig[CRYPTO_BYTES], const uint8_t c[MLDSA_CTILDEBYTES], - const mld_polyvecl *z, const mld_polyveck *h, - const unsigned int number_of_hints) +void mld_pack_sig(uint8_t sig[MLDSA_CRYPTO_BYTES], + const uint8_t c[MLDSA_CTILDEBYTES], const mld_polyvecl *z, + const mld_polyveck *h, const unsigned int number_of_hints) __contract__( - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(c, MLDSA_CTILDEBYTES)) requires(memory_no_alias(z, sizeof(mld_polyvecl))) requires(memory_no_alias(h, sizeof(mld_polyveck))) @@ -101,7 +101,7 @@ __contract__( requires(forall(k1, 0, MLDSA_K, array_bound(h->vec[k1].coeffs, 0, MLDSA_N, 0, 2))) requires(number_of_hints <= MLDSA_OMEGA) - assigns(memory_slice(sig, CRYPTO_BYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) ); #define mld_unpack_pk MLD_NAMESPACE_KL(unpack_pk) @@ -116,9 +116,9 @@ __contract__( **************************************************/ MLD_INTERNAL_API void mld_unpack_pk(uint8_t rho[MLDSA_SEEDBYTES], mld_polyveck *t1, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) requires(memory_no_alias(rho, MLDSA_SEEDBYTES)) requires(memory_no_alias(t1, sizeof(mld_polyveck))) assigns(memory_slice(rho, MLDSA_SEEDBYTES)) @@ -146,7 +146,7 @@ MLD_INTERNAL_API void mld_unpack_sk(uint8_t rho[MLDSA_SEEDBYTES], uint8_t tr[MLDSA_TRBYTES], uint8_t key[MLDSA_SEEDBYTES], mld_polyveck *t0, mld_polyvecl *s1, mld_polyveck *s2, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( requires(memory_no_alias(rho, MLDSA_SEEDBYTES)) requires(memory_no_alias(tr, MLDSA_TRBYTES)) @@ -154,7 +154,7 @@ __contract__( requires(memory_no_alias(t0, sizeof(mld_polyveck))) requires(memory_no_alias(s1, sizeof(mld_polyvecl))) requires(memory_no_alias(s2, sizeof(mld_polyveck))) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) assigns(memory_slice(rho, MLDSA_SEEDBYTES)) assigns(memory_slice(tr, MLDSA_TRBYTES)) assigns(memory_slice(key, MLDSA_SEEDBYTES)) @@ -185,9 +185,9 @@ __contract__( **************************************************/ MLD_INTERNAL_API int mld_unpack_sig(uint8_t c[MLDSA_CTILDEBYTES], mld_polyvecl *z, - mld_polyveck *h, const uint8_t sig[CRYPTO_BYTES]) + mld_polyveck *h, const uint8_t sig[MLDSA_CRYPTO_BYTES]) __contract__( - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(c, MLDSA_CTILDEBYTES)) requires(memory_no_alias(z, sizeof(mld_polyvecl))) requires(memory_no_alias(h, sizeof(mld_polyveck))) diff --git a/mldsa/src/params.h b/mldsa/src/params.h index 7b8a807e0..d056b61db 100644 --- a/mldsa/src/params.h +++ b/mldsa/src/params.h @@ -67,12 +67,12 @@ #define MLDSA_POLYT0_PACKEDBYTES 416 #define MLDSA_POLYVECH_PACKEDBYTES (MLDSA_OMEGA + MLDSA_K) -#define CRYPTO_PUBLICKEYBYTES \ +#define MLDSA_CRYPTO_PUBLICKEYBYTES \ (MLDSA_SEEDBYTES + MLDSA_K * MLDSA_POLYT1_PACKEDBYTES) -#define CRYPTO_SECRETKEYBYTES \ +#define MLDSA_CRYPTO_SECRETKEYBYTES \ (2 * MLDSA_SEEDBYTES + MLDSA_TRBYTES + MLDSA_L * MLDSA_POLYETA_PACKEDBYTES + \ MLDSA_K * MLDSA_POLYETA_PACKEDBYTES + MLDSA_K * MLDSA_POLYT0_PACKEDBYTES) -#define CRYPTO_BYTES \ +#define MLDSA_CRYPTO_BYTES \ (MLDSA_CTILDEBYTES + MLDSA_L * MLDSA_POLYZ_PACKEDBYTES + \ MLDSA_POLYVECH_PACKEDBYTES) diff --git a/mldsa/src/sign.c b/mldsa/src/sign.c index 86e318fb6..87d5f58ac 100644 --- a/mldsa/src/sign.c +++ b/mldsa/src/sign.c @@ -54,11 +54,11 @@ /* End of parameter set namespacing */ -static int mld_check_pct(uint8_t const pk[CRYPTO_PUBLICKEYBYTES], - uint8_t const sk[CRYPTO_SECRETKEYBYTES]) +static int mld_check_pct(uint8_t const pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t const sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -77,17 +77,17 @@ __contract__( * Note: @[FIPS204] requires that public/private key pairs are to be used only * for the calculation and/of verification of digital signatures. **************************************************/ -static int mld_check_pct(uint8_t const pk[CRYPTO_PUBLICKEYBYTES], - uint8_t const sk[CRYPTO_SECRETKEYBYTES]) +static int mld_check_pct(uint8_t const pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t const sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t message[1] = {0}; - MLD_ALIGN uint8_t signature[CRYPTO_BYTES]; - MLD_ALIGN uint8_t pk_test[CRYPTO_PUBLICKEYBYTES]; + MLD_ALIGN uint8_t signature[MLDSA_CRYPTO_BYTES]; + MLD_ALIGN uint8_t pk_test[MLDSA_CRYPTO_PUBLICKEYBYTES]; size_t siglen; int ret; /* Copy public key for testing */ - mld_memcpy(pk_test, pk, CRYPTO_PUBLICKEYBYTES); + mld_memcpy(pk_test, pk, MLDSA_CRYPTO_PUBLICKEYBYTES); /* Sign a test message using the original secret key */ ret = crypto_sign_signature(signature, &siglen, message, sizeof(message), @@ -114,8 +114,8 @@ static int mld_check_pct(uint8_t const pk[CRYPTO_PUBLICKEYBYTES], return ret; } #else /* MLD_CONFIG_KEYGEN_PCT */ -static int mld_check_pct(uint8_t const pk[CRYPTO_PUBLICKEYBYTES], - uint8_t const sk[CRYPTO_SECRETKEYBYTES]) +static int mld_check_pct(uint8_t const pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t const sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { /* Skip PCT */ ((void)pk); @@ -188,20 +188,20 @@ __contract__( * Arguments: - mld_polyveck *t0: output t0 * - mld_polyveck *t1: output t1 * - uint8_t tr[MLDSA_TRBYTES]: output tr - * - uint8_t pk[CRYPTO_PUBLICKEYBYTES]: output public key + * - uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: output public key * - const uint8_t rho[MLDSA_SEEDBYTES]: input rho * - const mld_polyvecl *s1: input s1 * - const mld_polyveck *s2: input s2 **************************************************/ static void mld_compute_t0_t1_tr_from_sk_components( mld_polyveck *t0, mld_polyveck *t1, uint8_t tr[MLDSA_TRBYTES], - uint8_t pk[CRYPTO_PUBLICKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], const mld_polyvecl *s1, const mld_polyveck *s2) __contract__( requires(memory_no_alias(t0, sizeof(mld_polyveck))) requires(memory_no_alias(t1, sizeof(mld_polyveck))) requires(memory_no_alias(tr, MLDSA_TRBYTES)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) requires(memory_no_alias(rho, MLDSA_SEEDBYTES)) requires(memory_no_alias(s1, sizeof(mld_polyvecl))) requires(memory_no_alias(s2, sizeof(mld_polyveck))) @@ -210,7 +210,7 @@ __contract__( assigns(memory_slice(t0, sizeof(mld_polyveck))) assigns(memory_slice(t1, sizeof(mld_polyveck))) assigns(memory_slice(tr, MLDSA_TRBYTES)) - assigns(memory_slice(pk, CRYPTO_PUBLICKEYBYTES)) + assigns(memory_slice(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(forall(k1, 0, MLDSA_K, array_bound(t0->vec[k1].coeffs, 0, MLDSA_N, -(1<<(MLDSA_D-1)) + 1, (1<<(MLDSA_D-1)) + 1))) ensures(forall(k2, 0, MLDSA_K, array_bound(t1->vec[k2].coeffs, 0, MLDSA_N, 0, 1 << 10))) ) @@ -249,7 +249,7 @@ __contract__( /* Pack public key and compute tr */ mld_pack_pk(pk, rho, t1); - mld_shake256(tr, MLDSA_TRBYTES, pk, CRYPTO_PUBLICKEYBYTES); + mld_shake256(tr, MLDSA_TRBYTES, pk, MLDSA_CRYPTO_PUBLICKEYBYTES); /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */ mld_zeroize(&mat, sizeof(mat)); @@ -259,8 +259,8 @@ __contract__( MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_keypair_internal(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - uint8_t sk[CRYPTO_SECRETKEYBYTES], +int crypto_sign_keypair_internal(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], const uint8_t seed[MLDSA_SEEDBYTES]) { MLD_ALIGN uint8_t seedbuf[2 * MLDSA_SEEDBYTES + MLDSA_CRHBYTES]; @@ -302,7 +302,7 @@ int crypto_sign_keypair_internal(uint8_t pk[CRYPTO_PUBLICKEYBYTES], mld_zeroize(&t0, sizeof(t0)); /* Constant time: pk is the public key, inherently public data */ - MLD_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES); + MLD_CT_TESTING_DECLASSIFY(pk, MLDSA_CRYPTO_PUBLICKEYBYTES); /* Pairwise Consistency Test (PCT) @[FIPS140_3_IG, p.87] */ if (mld_check_pct(pk, sk)) @@ -316,8 +316,8 @@ int crypto_sign_keypair_internal(uint8_t pk[CRYPTO_PUBLICKEYBYTES], #if !defined(MLD_CONFIG_NO_RANDOMIZED_API) MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_keypair(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - uint8_t sk[CRYPTO_SECRETKEYBYTES]) +int crypto_sign_keypair(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t seed[MLDSA_SEEDBYTES]; int result; @@ -422,12 +422,12 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE static int mld_attempt_signature_generation( - uint8_t sig[CRYPTO_BYTES], const uint8_t *mu, + uint8_t sig[MLDSA_CRYPTO_BYTES], const uint8_t *mu, const uint8_t rhoprime[MLDSA_CRHBYTES], uint16_t nonce, const mld_polymat *mat, const mld_polyvecl *s1, const mld_polyveck *s2, const mld_polyveck *t0) __contract__( - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(mu, MLDSA_CRHBYTES)) requires(memory_no_alias(rhoprime, MLDSA_CRHBYTES)) requires(memory_no_alias(mat, sizeof(mld_polymat))) @@ -440,7 +440,7 @@ __contract__( requires(forall(k2, 0, MLDSA_K, array_abs_bound(t0->vec[k2].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) requires(forall(k3, 0, MLDSA_L, array_abs_bound(s1->vec[k3].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) requires(forall(k4, 0, MLDSA_K, array_abs_bound(s2->vec[k4].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) - assigns(memory_slice(sig, CRYPTO_BYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) ensures(return_value == 0 || return_value == -1) ) { @@ -574,12 +574,11 @@ __contract__( } MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pre, size_t prelen, - const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES], - int externalmu) +int crypto_sign_signature_internal( + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, + size_t mlen, const uint8_t *pre, size_t prelen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], int externalmu) { int result; MLD_ALIGN uint8_t @@ -633,7 +632,7 @@ int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, /* to implement rejection of invalid signatures. */ while (1) __loop__( - assigns(nonce, result, object_whole(siglen), memory_slice(sig, CRYPTO_BYTES)) + assigns(nonce, result, object_whole(siglen), memory_slice(sig, MLDSA_CRYPTO_BYTES)) invariant(nonce <= NONCE_UB) /* t0, s1, s2, and mat are initialized above and are NOT changed by this */ @@ -644,7 +643,7 @@ int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, invariant(forall(k2, 0, MLDSA_K, array_abs_bound(t0.vec[k2].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) invariant(forall(k3, 0, MLDSA_L, array_abs_bound(s1.vec[k3].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) invariant(forall(k4, 0, MLDSA_K, array_abs_bound(s2.vec[k4].coeffs, 0, MLDSA_N, MLD_NTT_BOUND))) - invariant((result == 0 && *siglen == CRYPTO_BYTES) || + invariant((result == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (result == -1 && *siglen == 0)) ) { @@ -658,7 +657,7 @@ int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, /* To be on the safe-side, we zeroize the signature buffer. * Note that *siglen == 0 and result == -1 by default, so we * don't need to set them here. */ - mld_memset(sig, 0, CRYPTO_BYTES); + mld_memset(sig, 0, MLDSA_CRYPTO_BYTES); break; } @@ -667,7 +666,7 @@ int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, nonce++; if (attempt_result == 0) { - *siglen = CRYPTO_BYTES; + *siglen = MLDSA_CRYPTO_BYTES; result = 0; break; } @@ -685,10 +684,10 @@ int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, #if !defined(MLD_CONFIG_NO_RANDOMIZED_API) MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature(uint8_t sig[CRYPTO_BYTES], size_t *siglen, +int crypto_sign_signature(uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t pre[MLD_DOMAIN_SEPARATION_MAX_BYTES]; MLD_ALIGN uint8_t rnd[MLDSA_RNDBYTES]; @@ -727,9 +726,9 @@ int crypto_sign_signature(uint8_t sig[CRYPTO_BYTES], size_t *siglen, #if !defined(MLD_CONFIG_NO_RANDOMIZED_API) MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature_extmu(uint8_t sig[CRYPTO_BYTES], size_t *siglen, +int crypto_sign_signature_extmu(uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t mu[MLDSA_CRHBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t rnd[MLDSA_RNDBYTES]; int result; @@ -754,7 +753,7 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { int ret; size_t i; @@ -765,10 +764,10 @@ int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, invariant(i <= mlen) ) { - sm[CRYPTO_BYTES + mlen - 1 - i] = m[mlen - 1 - i]; + sm[MLDSA_CRYPTO_BYTES + mlen - 1 - i] = m[mlen - 1 - i]; } - ret = crypto_sign_signature(sm, smlen, sm + CRYPTO_BYTES, mlen, ctx, ctxlen, - sk); + ret = crypto_sign_signature(sm, smlen, sm + MLDSA_CRYPTO_BYTES, mlen, ctx, + ctxlen, sk); *smlen += mlen; return ret; } @@ -779,7 +778,7 @@ MLD_EXTERNAL_API int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pre, size_t prelen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES], + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], int externalmu) { unsigned int i; @@ -794,7 +793,7 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, mld_polyvecl z; mld_polyveck t1, w1, tmp, h; - if (siglen != CRYPTO_BYTES) + if (siglen != MLDSA_CRYPTO_BYTES) { res = -1; goto cleanup; @@ -816,7 +815,8 @@ int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, { /* Compute CRH(H(rho, t1), pre, msg) */ MLD_ALIGN uint8_t hpk[MLDSA_CRHBYTES]; - mld_H(hpk, MLDSA_TRBYTES, pk, CRYPTO_PUBLICKEYBYTES, NULL, 0, NULL, 0); + mld_H(hpk, MLDSA_TRBYTES, pk, MLDSA_CRYPTO_PUBLICKEYBYTES, NULL, 0, NULL, + 0); mld_H(mu, MLDSA_CRHBYTES, hpk, MLDSA_TRBYTES, pre, prelen, m, mlen); /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */ @@ -897,7 +897,7 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { MLD_ALIGN uint8_t pre[MLD_DOMAIN_SEPARATION_MAX_BYTES]; size_t pre_len; @@ -925,7 +925,7 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_extmu(const uint8_t *sig, size_t siglen, const uint8_t mu[MLDSA_CRHBYTES], - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { return crypto_sign_verify_internal(sig, siglen, mu, MLDSA_CRHBYTES, NULL, 0, pk, 1); @@ -935,18 +935,18 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { size_t i; - if (smlen < CRYPTO_BYTES) + if (smlen < MLDSA_CRYPTO_BYTES) { goto badsig; } - *mlen = smlen - CRYPTO_BYTES; - if (crypto_sign_verify(sm, CRYPTO_BYTES, sm + CRYPTO_BYTES, *mlen, ctx, - ctxlen, pk)) + *mlen = smlen - MLDSA_CRYPTO_BYTES; + if (crypto_sign_verify(sm, MLDSA_CRYPTO_BYTES, sm + MLDSA_CRYPTO_BYTES, *mlen, + ctx, ctxlen, pk)) { goto badsig; } @@ -959,7 +959,7 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, invariant(i <= *mlen) ) { - m[i] = sm[CRYPTO_BYTES + i]; + m[i] = sm[MLDSA_CRYPTO_BYTES + i]; } return 0; } @@ -976,9 +976,10 @@ int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_signature_pre_hash_internal( - uint8_t sig[CRYPTO_BYTES], size_t *siglen, const uint8_t *ph, size_t phlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES], int hashalg) + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *ph, + size_t phlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], int hashalg) { MLD_ALIGN uint8_t pre[MLD_DOMAIN_SEPARATION_MAX_BYTES]; size_t pre_len; @@ -1005,8 +1006,8 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_pre_hash_internal( const uint8_t *sig, size_t siglen, const uint8_t *ph, size_t phlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t pk[CRYPTO_PUBLICKEYBYTES], - int hashalg) + const uint8_t *ctx, size_t ctxlen, + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], int hashalg) { MLD_ALIGN uint8_t pre[MLD_DOMAIN_SEPARATION_MAX_BYTES]; size_t pre_len; @@ -1032,9 +1033,10 @@ int crypto_sign_verify_pre_hash_internal( MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_signature_pre_hash_shake256( - uint8_t sig[CRYPTO_BYTES], size_t *siglen, const uint8_t *m, size_t mlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, + size_t mlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t ph[64]; int result; @@ -1050,7 +1052,8 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_pre_hash_shake256( const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t *ctx, size_t ctxlen, + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { MLD_ALIGN uint8_t ph[64]; int result; @@ -1189,8 +1192,8 @@ size_t mld_prepare_domain_separation_prefix( } MLD_EXTERNAL_API -int crypto_sign_pk_from_sk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) +int crypto_sign_pk_from_sk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { MLD_ALIGN uint8_t rho[MLDSA_SEEDBYTES]; MLD_ALIGN uint8_t tr[MLDSA_TRBYTES]; @@ -1216,7 +1219,7 @@ int crypto_sign_pk_from_sk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], MLD_CT_TESTING_DECLASSIFY(&res, sizeof(res)); if (res != 0) { - mld_zeroize(pk, CRYPTO_PUBLICKEYBYTES); + mld_zeroize(pk, MLDSA_CRYPTO_PUBLICKEYBYTES); } /* @[FIPS204, Section 3.6.3] Destruction of intermediate values. */ @@ -1231,7 +1234,7 @@ int crypto_sign_pk_from_sk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], mld_zeroize(&t1, sizeof(t1)); /* Constant time: pk is either the valid public key or zeroed on error */ - MLD_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES); + MLD_CT_TESTING_DECLASSIFY(pk, MLDSA_CRYPTO_PUBLICKEYBYTES); return (res != 0) ? -1 : 0; } diff --git a/mldsa/src/sign.h b/mldsa/src/sign.h index c1dbefb83..c45603a79 100644 --- a/mldsa/src/sign.h +++ b/mldsa/src/sign.h @@ -30,15 +30,17 @@ #include "mldsa_native.h" #undef MLD_CONFIG_NO_SUPERCOP -#if CRYPTO_SECRETKEYBYTES != MLDSA_SECRETKEYBYTES(MLD_CONFIG_PARAMETER_SET) +#if MLDSA_CRYPTO_SECRETKEYBYTES != \ + MLDSA_SECRETKEYBYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for SECRETKEYBYTES between sign.h and mldsa_native.h #endif -#if CRYPTO_PUBLICKEYBYTES != MLDSA_PUBLICKEYBYTES(MLD_CONFIG_PARAMETER_SET) +#if MLDSA_CRYPTO_PUBLICKEYBYTES != \ + MLDSA_PUBLICKEYBYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for PUBLICKEYBYTES between sign.h and mldsa_native.h #endif -#if CRYPTO_BYTES != MLDSA_BYTES(MLD_CONFIG_PARAMETER_SET) +#if MLDSA_CRYPTO_BYTES != MLDSA_BYTES(MLD_CONFIG_PARAMETER_SET) #error Mismatch for CRYPTO_BYTES between sign.h and mldsa_native.h #endif @@ -90,8 +92,8 @@ * When MLD_CONFIG_KEYGEN_PCT is set, performs a Pairwise * Consistency Test (PCT) as required by FIPS 140-3 IG. * - * Arguments: - uint8_t pk[CRYPTO_PUBLICKEYBYTES]: output public key - * - uint8_t sk[CRYPTO_SECRETKEYBYTES]: output private key + * Arguments: - uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: output public key + * - uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: output private key * - const uint8_t seed[MLDSA_SEEDBYTES]: input random seed * * Returns 0 (success) or -1 (PCT failure) @@ -101,12 +103,12 @@ **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_keypair_internal(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - uint8_t sk[CRYPTO_SECRETKEYBYTES], +int crypto_sign_keypair_internal(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], const uint8_t seed[MLDSA_SEEDBYTES]) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) requires(memory_no_alias(seed, MLDSA_SEEDBYTES)) assigns(object_whole(pk)) assigns(object_whole(sk)) @@ -120,8 +122,8 @@ __contract__( * When MLD_CONFIG_KEYGEN_PCT is set, performs a Pairwise * Consistency Test (PCT) as required by FIPS 140-3 IG. * - * Arguments: - uint8_t pk[CRYPTO_PUBLICKEYBYTES]: output public key - * - uint8_t sk[CRYPTO_SECRETKEYBYTES]: output private key + * Arguments: - uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: output public key + * - uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: output private key * * Returns 0 (success) or -1 (PCT failure) * @@ -130,11 +132,11 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_keypair(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - uint8_t sk[CRYPTO_SECRETKEYBYTES]) +int crypto_sign_keypair(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) assigns(object_whole(pk)) assigns(object_whole(sk)) ensures(return_value == 0 || return_value == -1) @@ -145,7 +147,7 @@ __contract__( * * Description: Computes signature. Internal API. * - * Arguments: - uint8_t sig[CRYPTO_BYTES]: output signature + * Arguments: - uint8_t sig[MLDSA_CRYPTO_BYTES]: output signature * - size_t *siglen: pointer to output length of * signature * - const uint8_t *m: pointer to message to be signed @@ -154,7 +156,7 @@ __contract__( * - size_t prelen: length of prefix string * - const uint8_t rnd[MLDSA_RNDBYTES]: * random seed - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * - int externalmu: indicates input message m is * processed as mu @@ -170,25 +172,24 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature_internal(uint8_t sig[CRYPTO_BYTES], size_t *siglen, - const uint8_t *m, size_t mlen, - const uint8_t *pre, size_t prelen, - const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES], - int externalmu) +int crypto_sign_signature_internal( + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, + size_t mlen, const uint8_t *pre, size_t prelen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], int externalmu) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) requires(prelen <= MLD_MAX_BUFFER_SIZE) - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(siglen, sizeof(size_t))) requires(memory_no_alias(m, mlen)) requires(memory_no_alias(rnd, MLDSA_RNDBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) requires((externalmu == 0 && (prelen == 0 || memory_no_alias(pre, prelen))) || (externalmu == 1 && mlen == MLDSA_CRHBYTES)) - assigns(memory_slice(sig, CRYPTO_BYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) assigns(object_whole(siglen)) - ensures((return_value == 0 && *siglen == CRYPTO_BYTES) || + ensures((return_value == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (return_value == -1 && *siglen == 0)) ); @@ -199,7 +200,7 @@ __contract__( * variant of ML-DSA. If you require the deterministic variant, * use crypto_sign_signature_internal directly. * - * Arguments: - uint8_t sig[CRYPTO_BYTES]: output signature + * Arguments: - uint8_t sig[MLDSA_CRYPTO_BYTES]: output signature * - size_t *siglen: pointer to output length of * signature * - const uint8_t *m: pointer to message to be signed @@ -208,7 +209,7 @@ __contract__( * May be NULL if ctxlen == 0. * - size_t ctxlen: length of context string. * Should be <= 255. - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * * Returns 0 (success) or -1 (context string too long OR nonce exhaustion) @@ -218,21 +219,21 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature(uint8_t sig[CRYPTO_BYTES], size_t *siglen, +int crypto_sign_signature(uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(siglen, sizeof(size_t))) requires(memory_no_alias(m, mlen)) requires(ctxlen <= MLD_MAX_BUFFER_SIZE) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) assigns(object_whole(siglen)) - ensures((return_value == 0 && *siglen == CRYPTO_BYTES) || + ensures((return_value == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (return_value == -1 && *siglen == 0)) ); @@ -243,12 +244,12 @@ __contract__( * variant of ML-DSA. If you require the deterministic variant, * use crypto_sign_signature_internal directly. * - * Arguments: - uint8_t sig[CRYPTO_BYTES]: output signature + * Arguments: - uint8_t sig[MLDSA_CRYPTO_BYTES]: output signature * - size_t *siglen: pointer to output length of * signature * - const uint8_t mu[MLDSA_CRHBYTES]: * input mu to be signed - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * * Returns 0 (success) or -1 (context string too long OR nonce exhaustion) @@ -259,17 +260,17 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_signature_extmu(uint8_t sig[CRYPTO_BYTES], size_t *siglen, +int crypto_sign_signature_extmu(uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t mu[MLDSA_CRHBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(siglen, sizeof(size_t))) requires(memory_no_alias(mu, MLDSA_CRHBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) assigns(object_whole(siglen)) - ensures((return_value == 0 && *siglen == CRYPTO_BYTES) || + ensures((return_value == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (return_value == -1 && *siglen == 0)) ); @@ -279,14 +280,14 @@ __contract__( * Description: Compute signed message. * * Arguments: - uint8_t *sm: pointer to output signed message - * (allocated array with CRYPTO_BYTES + mlen - * bytes), can be equal to m + * (allocated array with MLDSA_CRYPTO_BYTES + + *mlen bytes), can be equal to m * - size_t *smlen: pointer to output length of signed message * - const uint8_t *m: pointer to message to be signed * - size_t mlen: length of message * - const uint8_t *ctx: pointer to context string * - size_t ctxlen: length of context string - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * * Returns 0 (success) or -1 (context string too long OR nonce exhausted) @@ -295,18 +296,18 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign(uint8_t *sm, size_t *smlen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) - requires(memory_no_alias(sm, CRYPTO_BYTES + mlen)) + requires(memory_no_alias(sm, MLDSA_CRYPTO_BYTES + mlen)) requires(memory_no_alias(smlen, sizeof(size_t))) requires(m == sm || memory_no_alias(m, mlen)) requires(ctxlen <= MLD_MAX_BUFFER_SIZE) requires(memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(sm, CRYPTO_BYTES + mlen)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sm, MLDSA_CRYPTO_BYTES + mlen)) assigns(object_whole(smlen)) - ensures((return_value == 0 && *smlen == CRYPTO_BYTES + mlen) || + ensures((return_value == 0 && *smlen == MLDSA_CRYPTO_BYTES + mlen) || (return_value == -1)) ); @@ -321,7 +322,7 @@ __contract__( * - size_t mlen: length of message * - const uint8_t *pre: pointer to prefix string * - size_t prelen: length of prefix string - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * - int externalmu: indicates input message m is processed as * mu @@ -336,7 +337,7 @@ MLD_EXTERNAL_API int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pre, size_t prelen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES], + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], int externalmu) __contract__( requires(prelen <= MLD_MAX_BUFFER_SIZE) @@ -346,7 +347,7 @@ __contract__( requires(memory_no_alias(m, mlen)) requires(externalmu == 0 || (externalmu == 1 && mlen == MLDSA_CRHBYTES)) requires(externalmu == 1 || prelen == 0 || memory_no_alias(pre, prelen)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -362,7 +363,7 @@ __contract__( * - const uint8_t *ctx: pointer to context string. * May be NULL if ctxlen == 0. * - size_t ctxlen: length of context string - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise @@ -374,7 +375,7 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) requires(siglen <= MLD_MAX_BUFFER_SIZE) @@ -382,7 +383,7 @@ __contract__( requires(memory_no_alias(sig, siglen)) requires(memory_no_alias(m, mlen)) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -395,7 +396,7 @@ __contract__( * - size_t siglen: length of signature * - const uint8_t mu[MLDSA_CRHBYTES]: * input mu - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise @@ -408,12 +409,12 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_extmu(const uint8_t *sig, size_t siglen, const uint8_t mu[MLDSA_CRHBYTES], - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) __contract__( requires(siglen <= MLD_MAX_BUFFER_SIZE) requires(memory_no_alias(sig, siglen)) requires(memory_no_alias(mu, MLDSA_CRHBYTES)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -429,7 +430,7 @@ __contract__( * - size_t smlen: length of signed message * - const uint8_t *ctx: pointer to context tring * - size_t ctxlen: length of context string - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * * Returns 0 if signed message could be verified correctly and -1 otherwise @@ -438,7 +439,7 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_open(uint8_t *m, size_t *mlen, const uint8_t *sm, size_t smlen, const uint8_t *ctx, size_t ctxlen, - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) __contract__( requires(smlen <= MLD_MAX_BUFFER_SIZE) requires(memory_no_alias(m, smlen)) @@ -446,7 +447,7 @@ __contract__( requires(m == sm || memory_no_alias(sm, smlen)) requires(ctxlen <= MLD_MAX_BUFFER_SIZE) requires(memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) assigns(memory_slice(m, smlen)) assigns(memory_slice(mlen, sizeof(size_t))) ensures(return_value == 0 || return_value == -1) @@ -458,7 +459,7 @@ __contract__( * Description: FIPS 204: Algorithm 4 HashML-DSA.Sign. * Computes signature with pre-hashed message. * - * Arguments: - uint8_t sig[CRYPTO_BYTES]: + * Arguments: - uint8_t sig[MLDSA_CRYPTO_BYTES]: * output signature * - size_t *siglen: pointer to output length of signature * - const uint8_t *ph: pointer to pre-hashed message @@ -467,7 +468,7 @@ __contract__( * - size_t ctxlen: length of context string * - const uint8_t rnd[MLDSA_RNDBYTES]: * random seed - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * - int hashalg: hash algorithm constant (one of * MLD_PREHASH_*) @@ -487,21 +488,22 @@ __contract__( MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_signature_pre_hash_internal( - uint8_t sig[CRYPTO_BYTES], size_t *siglen, const uint8_t *ph, size_t phlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES], int hashalg) + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *ph, + size_t phlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], int hashalg) __contract__( requires(ctxlen <= MLD_MAX_BUFFER_SIZE) requires(phlen <= MLD_MAX_BUFFER_SIZE) - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(siglen, sizeof(size_t))) requires(memory_no_alias(ph, phlen)) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) requires(memory_no_alias(rnd, MLDSA_RNDBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) assigns(object_whole(siglen)) - ensures((return_value == 0 && *siglen == CRYPTO_BYTES) || + ensures((return_value == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (return_value == -1 && *siglen == 0)) ); @@ -517,7 +519,7 @@ __contract__( * - size_t phlen: length of pre-hashed message * - const uint8_t *ctx: pointer to context string * - size_t ctxlen: length of context string - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * - int hashalg: hash algorithm constant (one of * MLD_PREHASH_*) @@ -537,8 +539,8 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_pre_hash_internal( const uint8_t *sig, size_t siglen, const uint8_t *ph, size_t phlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t pk[CRYPTO_PUBLICKEYBYTES], - int hashalg) + const uint8_t *ctx, size_t ctxlen, + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], int hashalg) __contract__( requires(phlen <= MLD_MAX_BUFFER_SIZE) requires(ctxlen <= MLD_MAX_BUFFER_SIZE - 77) @@ -546,7 +548,7 @@ __contract__( requires(memory_no_alias(sig, siglen)) requires(memory_no_alias(ph, phlen)) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -558,7 +560,7 @@ __contract__( * This function computes the SHAKE256 hash of the message *internally. * - * Arguments: - uint8_t sig[CRYPTO_BYTES]: + * Arguments: - uint8_t sig[MLDSA_CRYPTO_BYTES]: * output signature * - size_t *siglen: pointer to output length of signature * - const uint8_t *m: pointer to message to be hashed and signed @@ -567,7 +569,7 @@ __contract__( * - size_t ctxlen: length of context string * - const uint8_t rnd[MLDSA_RNDBYTES]: * random seed - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: * bit-packed secret key * * Returns 0 (success) or -1 (context string too long OR nonce exhaustion) @@ -575,21 +577,22 @@ __contract__( MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_signature_pre_hash_shake256( - uint8_t sig[CRYPTO_BYTES], size_t *siglen, const uint8_t *m, size_t mlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t rnd[MLDSA_RNDBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) + uint8_t sig[MLDSA_CRYPTO_BYTES], size_t *siglen, const uint8_t *m, + size_t mlen, const uint8_t *ctx, size_t ctxlen, + const uint8_t rnd[MLDSA_RNDBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) requires(ctxlen <= MLD_MAX_BUFFER_SIZE) - requires(memory_no_alias(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sig, MLDSA_CRYPTO_BYTES)) requires(memory_no_alias(siglen, sizeof(size_t))) requires(memory_no_alias(m, mlen)) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) requires(memory_no_alias(rnd, MLDSA_RNDBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(sig, CRYPTO_BYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(sig, MLDSA_CRYPTO_BYTES)) assigns(object_whole(siglen)) - ensures((return_value == 0 && *siglen == CRYPTO_BYTES) || + ensures((return_value == 0 && *siglen == MLDSA_CRYPTO_BYTES) || (return_value == -1 && *siglen == 0)) ); @@ -608,7 +611,7 @@ __contract__( * - size_t mlen: length of message * - const uint8_t *ctx: pointer to context string * - size_t ctxlen: length of context string - * - const uint8_t pk[CRYPTO_PUBLICKEYBYTES]: + * - const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: * bit-packed public key * * Returns 0 if signature could be verified correctly and -1 otherwise @@ -617,7 +620,8 @@ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API int crypto_sign_verify_pre_hash_shake256( const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, - const uint8_t *ctx, size_t ctxlen, const uint8_t pk[CRYPTO_PUBLICKEYBYTES]) + const uint8_t *ctx, size_t ctxlen, + const uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) __contract__( requires(mlen <= MLD_MAX_BUFFER_SIZE) requires(ctxlen <= MLD_MAX_BUFFER_SIZE - 77) @@ -625,7 +629,7 @@ __contract__( requires(memory_no_alias(sig, siglen)) requires(memory_no_alias(m, mlen)) requires(ctxlen == 0 || memory_no_alias(ctx, ctxlen)) - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); @@ -693,8 +697,9 @@ __contract__( * Description: Derives public key from secret key with validation. * Checks that t0 and tr stored in sk match recomputed values. * - * Arguments: - uint8_t pk[CRYPTO_PUBLICKEYBYTES]: output public key - * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: input secret key + * Arguments: - uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]: output public key + * - const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]: input secret + *key * * Returns 0 on success, -1 if validation fails (invalid secret key) * @@ -703,12 +708,12 @@ __contract__( **************************************************/ MLD_MUST_CHECK_RETURN_VALUE MLD_EXTERNAL_API -int crypto_sign_pk_from_sk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]) +int crypto_sign_pk_from_sk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]) __contract__( - requires(memory_no_alias(pk, CRYPTO_PUBLICKEYBYTES)) - requires(memory_no_alias(sk, CRYPTO_SECRETKEYBYTES)) - assigns(memory_slice(pk, CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) + requires(memory_no_alias(sk, MLDSA_CRYPTO_SECRETKEYBYTES)) + assigns(memory_slice(pk, MLDSA_CRYPTO_PUBLICKEYBYTES)) ensures(return_value == 0 || return_value == -1) ); #endif /* !MLD_SIGN_H */ diff --git a/proofs/cbmc/check_pct/check_pct_harness.c b/proofs/cbmc/check_pct/check_pct_harness.c index 8d3af4e44..a5085ce73 100644 --- a/proofs/cbmc/check_pct/check_pct_harness.c +++ b/proofs/cbmc/check_pct/check_pct_harness.c @@ -4,8 +4,8 @@ #include "sign.h" -int mld_check_pct(uint8_t const pk[CRYPTO_PUBLICKEYBYTES], - uint8_t const sk[CRYPTO_SECRETKEYBYTES]); +int mld_check_pct(uint8_t const pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t const sk[MLDSA_CRYPTO_SECRETKEYBYTES]); void harness(void) { diff --git a/proofs/cbmc/compute_t0_t1_tr_from_sk_components/compute_t0_t1_tr_from_sk_components_harness.c b/proofs/cbmc/compute_t0_t1_tr_from_sk_components/compute_t0_t1_tr_from_sk_components_harness.c index e2ba0e18f..b38f08f5d 100644 --- a/proofs/cbmc/compute_t0_t1_tr_from_sk_components/compute_t0_t1_tr_from_sk_components_harness.c +++ b/proofs/cbmc/compute_t0_t1_tr_from_sk_components/compute_t0_t1_tr_from_sk_components_harness.c @@ -3,12 +3,10 @@ #include "sign.h" -void mld_compute_t0_t1_tr_from_sk_components(mld_polyveck *t0, mld_polyveck *t1, - uint8_t tr[MLDSA_TRBYTES], - uint8_t pk[CRYPTO_PUBLICKEYBYTES], - const uint8_t rho[MLDSA_SEEDBYTES], - const mld_polyvecl *s1, - const mld_polyveck *s2); +void mld_compute_t0_t1_tr_from_sk_components( + mld_polyveck *t0, mld_polyveck *t1, uint8_t tr[MLDSA_TRBYTES], + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], const uint8_t rho[MLDSA_SEEDBYTES], + const mld_polyvecl *s1, const mld_polyveck *s2); void harness(void) { diff --git a/proofs/cbmc/crypto_sign_pk_from_sk/crypto_sign_pk_from_sk_harness.c b/proofs/cbmc/crypto_sign_pk_from_sk/crypto_sign_pk_from_sk_harness.c index a385543e9..4253d847b 100644 --- a/proofs/cbmc/crypto_sign_pk_from_sk/crypto_sign_pk_from_sk_harness.c +++ b/proofs/cbmc/crypto_sign_pk_from_sk/crypto_sign_pk_from_sk_harness.c @@ -3,8 +3,8 @@ #include "sign.h" -int crypto_sign_pk_from_sk(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - const uint8_t sk[CRYPTO_SECRETKEYBYTES]); +int crypto_sign_pk_from_sk(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + const uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]); void harness(void) { diff --git a/test/acvp_mldsa.c b/test/acvp_mldsa.c index 638514419..9adcd6c3c 100644 --- a/test/acvp_mldsa.c +++ b/test/acvp_mldsa.c @@ -249,8 +249,8 @@ static void print_hex(const char *name, const unsigned char *raw, size_t len) static void acvp_mldsa_keyGen_AFT(const unsigned char seed[MLDSA_RNDBYTES]) { - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; CHECK(crypto_sign_keypair_internal(pk, sk, seed) == 0); @@ -258,12 +258,13 @@ static void acvp_mldsa_keyGen_AFT(const unsigned char seed[MLDSA_RNDBYTES]) print_hex("sk", sk, sizeof(sk)); } -static void acvp_mldsa_sigGen_AFT(const unsigned char *message, size_t mlen, - const unsigned char rnd[MLDSA_SEEDBYTES], - const unsigned char sk[CRYPTO_SECRETKEYBYTES], - const unsigned char *context, size_t ctxlen) +static void acvp_mldsa_sigGen_AFT( + const unsigned char *message, size_t mlen, + const unsigned char rnd[MLDSA_SEEDBYTES], + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], + const unsigned char *context, size_t ctxlen) { - unsigned char sig[CRYPTO_BYTES]; + unsigned char sig[MLDSA_CRYPTO_BYTES]; size_t siglen; unsigned char pre[MAX_CTX_LENGTH + 2]; @@ -281,9 +282,9 @@ static void acvp_mldsa_sigGen_AFT(const unsigned char *message, size_t mlen, static void acvp_mldsa_sigGenInternal_AFT( const unsigned char *message, size_t mlen, const unsigned char rnd[MLDSA_SEEDBYTES], - const unsigned char sk[CRYPTO_SECRETKEYBYTES], int externalMu) + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], int externalMu) { - unsigned char sig[CRYPTO_BYTES]; + unsigned char sig[MLDSA_CRYPTO_BYTES]; size_t siglen; CHECK(crypto_sign_signature_internal(sig, &siglen, message, mlen, NULL, 0, rnd, sk, externalMu) == 0); @@ -294,10 +295,10 @@ static void acvp_mldsa_sigGenInternal_AFT( static void acvp_mldsa_sigGenDeterministic_AFT( const unsigned char *message, size_t mlen, - const unsigned char sk[CRYPTO_SECRETKEYBYTES], const unsigned char *context, - size_t ctxlen) + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], + const unsigned char *context, size_t ctxlen) { - unsigned char sig[CRYPTO_BYTES]; + unsigned char sig[MLDSA_CRYPTO_BYTES]; size_t siglen; unsigned char rnd[MLDSA_SEEDBYTES] = {0}; /* Zero rnd for deterministic */ @@ -316,9 +317,9 @@ static void acvp_mldsa_sigGenDeterministic_AFT( static void acvp_mldsa_sigGenInternalDeterministic_AFT( const unsigned char *message, size_t mlen, - const unsigned char sk[CRYPTO_SECRETKEYBYTES], int externalMu) + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], int externalMu) { - unsigned char sig[CRYPTO_BYTES]; + unsigned char sig[MLDSA_CRYPTO_BYTES]; size_t siglen; unsigned char rnd[MLDSA_SEEDBYTES] = {0}; /* Zero rnd for deterministic */ @@ -328,29 +329,29 @@ static void acvp_mldsa_sigGenInternalDeterministic_AFT( } -static int acvp_mldsa_sigVer_AFT(const unsigned char *message, size_t mlen, - const unsigned char *context, size_t ctxlen, - const unsigned char signature[CRYPTO_BYTES], - const unsigned char pk[CRYPTO_PUBLICKEYBYTES]) +static int acvp_mldsa_sigVer_AFT( + const unsigned char *message, size_t mlen, const unsigned char *context, + size_t ctxlen, const unsigned char signature[MLDSA_CRYPTO_BYTES], + const unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { - return crypto_sign_verify(signature, CRYPTO_BYTES, message, mlen, context, - ctxlen, pk); + return crypto_sign_verify(signature, MLDSA_CRYPTO_BYTES, message, mlen, + context, ctxlen, pk); } static int acvp_mldsa_sigVerInternal_AFT( const unsigned char *message, size_t mlen, - const unsigned char signature[CRYPTO_BYTES], - const unsigned char pk[CRYPTO_PUBLICKEYBYTES], int externalMu) + const unsigned char signature[MLDSA_CRYPTO_BYTES], + const unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES], int externalMu) { if (externalMu) { - return crypto_sign_verify_extmu(signature, CRYPTO_BYTES, message, pk); + return crypto_sign_verify_extmu(signature, MLDSA_CRYPTO_BYTES, message, pk); } else { - return crypto_sign_verify_internal(signature, CRYPTO_BYTES, message, mlen, - NULL, 0, pk, 0); + return crypto_sign_verify_internal(signature, MLDSA_CRYPTO_BYTES, message, + mlen, NULL, 0, pk, 0); } } @@ -412,9 +413,9 @@ static int str_to_hash_alg(const char *hashAlg) static int acvp_mldsa_sigGenPreHash_AFT( const unsigned char *ph, size_t phlen, const unsigned char *context, size_t ctxlen, const unsigned char rng[MLDSA_RNDBYTES], - const unsigned char sk[CRYPTO_SECRETKEYBYTES], const char *hashAlg) + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], const char *hashAlg) { - unsigned char signature[CRYPTO_BYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; size_t siglen; if (crypto_sign_signature_pre_hash_internal(signature, &siglen, ph, phlen, @@ -430,10 +431,10 @@ static int acvp_mldsa_sigGenPreHash_AFT( static int acvp_mldsa_sigVerPreHash_AFT( const unsigned char *ph, size_t phlen, const unsigned char *context, - size_t ctxlen, const unsigned char signature[CRYPTO_BYTES], - const unsigned char pk[CRYPTO_PUBLICKEYBYTES], const char *hashAlg) + size_t ctxlen, const unsigned char signature[MLDSA_CRYPTO_BYTES], + const unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES], const char *hashAlg) { - return crypto_sign_verify_pre_hash_internal(signature, CRYPTO_BYTES, ph, + return crypto_sign_verify_pre_hash_internal(signature, MLDSA_CRYPTO_BYTES, ph, phlen, context, ctxlen, pk, str_to_hash_alg(hashAlg)); } @@ -441,9 +442,9 @@ static int acvp_mldsa_sigVerPreHash_AFT( static int acvp_mldsa_sigGenPreHashShake256_AFT( const unsigned char *message, size_t mlen, const unsigned char *context, size_t ctxlen, const unsigned char rnd[MLDSA_RNDBYTES], - const unsigned char sk[CRYPTO_SECRETKEYBYTES]) + const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { - unsigned char signature[CRYPTO_BYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; size_t siglen; if (crypto_sign_signature_pre_hash_shake256(signature, &siglen, message, mlen, @@ -458,20 +459,20 @@ static int acvp_mldsa_sigGenPreHashShake256_AFT( static int acvp_mldsa_sigVerPreHashShake256_AFT( const unsigned char *message, size_t mlen, const unsigned char *context, - size_t ctxlen, const unsigned char signature[CRYPTO_BYTES], - const unsigned char pk[CRYPTO_PUBLICKEYBYTES]) + size_t ctxlen, const unsigned char signature[MLDSA_CRYPTO_BYTES], + const unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]) { - return crypto_sign_verify_pre_hash_shake256(signature, CRYPTO_BYTES, message, - mlen, context, ctxlen, pk); + return crypto_sign_verify_pre_hash_shake256( + signature, MLDSA_CRYPTO_BYTES, message, mlen, context, ctxlen, pk); } /* Deterministic prehash signing functions */ static int acvp_mldsa_sigGenPreHashDeterministic_AFT( const unsigned char *ph, size_t phlen, const unsigned char *context, - size_t ctxlen, const unsigned char sk[CRYPTO_SECRETKEYBYTES], + size_t ctxlen, const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES], const char *hashAlg) { - unsigned char signature[CRYPTO_BYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; size_t siglen; unsigned char rnd[MLDSA_RNDBYTES] = {0}; /* Zero rnd for deterministic */ @@ -488,9 +489,9 @@ static int acvp_mldsa_sigGenPreHashDeterministic_AFT( static int acvp_mldsa_sigGenPreHashShake256Deterministic_AFT( const unsigned char *message, size_t mlen, const unsigned char *context, - size_t ctxlen, const unsigned char sk[CRYPTO_SECRETKEYBYTES]) + size_t ctxlen, const unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]) { - unsigned char signature[CRYPTO_BYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; size_t siglen; unsigned char rnd[MLDSA_RNDBYTES] = {0}; /* Zero rnd for deterministic */ @@ -600,7 +601,7 @@ int main(int argc, char *argv[]) unsigned char message[MAX_MSG_LENGTH]; unsigned char rnd[MLDSA_RNDBYTES]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; size_t mlen, ctxlen; /* Parse message */ @@ -651,7 +652,7 @@ int main(int argc, char *argv[]) { unsigned char message[MAX_MSG_LENGTH + MAX_CTX_LENGTH + 2]; unsigned char rnd[MLDSA_RNDBYTES]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; int externalMu; size_t mlen; @@ -701,7 +702,7 @@ int main(int argc, char *argv[]) { unsigned char message[MAX_MSG_LENGTH]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; size_t mlen, ctxlen; /* Parse message */ @@ -745,7 +746,7 @@ int main(int argc, char *argv[]) case sigGenInternalDeterministic: { unsigned char message[MAX_MSG_LENGTH + MAX_CTX_LENGTH + 2]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; int externalMu; size_t mlen; @@ -787,8 +788,8 @@ int main(int argc, char *argv[]) { unsigned char message[MAX_MSG_LENGTH]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char signature[CRYPTO_BYTES]; - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; size_t mlen, ctxlen; /* Parse message */ @@ -843,8 +844,8 @@ int main(int argc, char *argv[]) case sigVerInternal: { unsigned char message[MAX_MSG_LENGTH]; - unsigned char signature[CRYPTO_BYTES]; - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; size_t mlen; int externalMu; @@ -898,7 +899,7 @@ int main(int argc, char *argv[]) unsigned char ph[64]; unsigned char context[MAX_CTX_LENGTH]; unsigned char rnd[MLDSA_RNDBYTES]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; char hashAlg[100]; size_t phlen; size_t ctxlen; @@ -959,8 +960,8 @@ int main(int argc, char *argv[]) { unsigned char ph[64]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char signature[CRYPTO_BYTES]; - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; char hashAlg[100]; size_t phlen; size_t ctxlen; @@ -1026,7 +1027,7 @@ int main(int argc, char *argv[]) unsigned char message[MAX_MSG_LENGTH]; unsigned char context[MAX_CTX_LENGTH]; unsigned char rnd[MLDSA_RNDBYTES]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; size_t mlen; size_t ctxlen; @@ -1079,7 +1080,7 @@ int main(int argc, char *argv[]) { unsigned char ph[64]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; char hashAlg[100]; size_t phlen; size_t ctxlen; @@ -1133,7 +1134,7 @@ int main(int argc, char *argv[]) { unsigned char message[MAX_MSG_LENGTH]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; size_t mlen; size_t ctxlen; @@ -1179,8 +1180,8 @@ int main(int argc, char *argv[]) { unsigned char message[MAX_MSG_LENGTH]; unsigned char context[MAX_CTX_LENGTH]; - unsigned char signature[CRYPTO_BYTES]; - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; + unsigned char signature[MLDSA_CRYPTO_BYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; size_t mlen; size_t ctxlen; diff --git a/test/bench_mldsa.c b/test/bench_mldsa.c index e97e343ba..7cb068e09 100644 --- a/test/bench_mldsa.c +++ b/test/bench_mldsa.c @@ -74,9 +74,9 @@ static void print_percentiles(const char *txt, uint64_t cyc[NTESTS]) static int bench(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sig[CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sig[MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; uint8_t ctx[CTXLEN]; unsigned char kg_rand[MLDSA_SEEDBYTES], sig_rand[MLDSA_SEEDBYTES]; diff --git a/test/gen_KAT.c b/test/gen_KAT.c index 5d0d1fdf9..f9b4771e5 100644 --- a/test/gen_KAT.c +++ b/test/gen_KAT.c @@ -47,9 +47,9 @@ int main(void) { unsigned i; int rc; - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t s[CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t s[MLDSA_CRYPTO_BYTES]; uint8_t *m; /* empty ctx */ uint8_t pre[2] = {0, 0}; @@ -85,8 +85,8 @@ int main(void) CHECK(crypto_sign_keypair_internal(pk, sk, coins) == 0); - print_hex(pk, CRYPTO_PUBLICKEYBYTES); - print_hex(sk, CRYPTO_SECRETKEYBYTES); + print_hex(pk, MLDSA_CRYPTO_PUBLICKEYBYTES); + print_hex(sk, MLDSA_CRYPTO_SECRETKEYBYTES); CHECK(crypto_sign_signature_internal(s, &slen, m, i, pre, sizeof(pre), coins + MLDSA_SEEDBYTES, sk, 0) == 0); diff --git a/test/test_mldsa.c b/test/test_mldsa.c index 25ccdba3c..5916e45dd 100644 --- a/test/test_mldsa.c +++ b/test/test_mldsa.c @@ -29,10 +29,12 @@ } while (0) -static int test_sign_core(uint8_t pk[CRYPTO_PUBLICKEYBYTES], - uint8_t sk[CRYPTO_SECRETKEYBYTES], - uint8_t sm[MLEN + CRYPTO_BYTES], uint8_t m[MLEN], - uint8_t m2[MLEN + CRYPTO_BYTES], uint8_t ctx[CTXLEN]) +static int test_sign_core(uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES], + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES], + uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES], + uint8_t m[MLEN], + uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES], + uint8_t ctx[CTXLEN]) { size_t smlen; size_t mlen; @@ -52,7 +54,7 @@ static int test_sign_core(uint8_t pk[CRYPTO_PUBLICKEYBYTES], /* Constant time: Declassify outputs to check them. */ MLD_CT_TESTING_DECLASSIFY(rc, sizeof(int)); MLD_CT_TESTING_DECLASSIFY(m, MLEN); - MLD_CT_TESTING_DECLASSIFY(m2, (MLEN + CRYPTO_BYTES)); + MLD_CT_TESTING_DECLASSIFY(m2, (MLEN + MLDSA_CRYPTO_BYTES)); if (rc) { @@ -66,7 +68,7 @@ static int test_sign_core(uint8_t pk[CRYPTO_PUBLICKEYBYTES], return 1; } - if (smlen != MLEN + CRYPTO_BYTES) + if (smlen != MLEN + MLDSA_CRYPTO_BYTES) { printf("ERROR: crypto_sign_open - wrong smlen\n"); return 1; @@ -83,11 +85,11 @@ static int test_sign_core(uint8_t pk[CRYPTO_PUBLICKEYBYTES], static int test_sign(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sm[MLEN + CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; - uint8_t m2[MLEN + CRYPTO_BYTES]; + uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES]; uint8_t ctx[CTXLEN]; return test_sign_core(pk, sk, sm, m, m2, ctx); @@ -95,11 +97,11 @@ static int test_sign(void) static int test_sign_unaligned(void) { - MLD_ALIGN uint8_t pk[CRYPTO_PUBLICKEYBYTES + 1]; - MLD_ALIGN uint8_t sk[CRYPTO_SECRETKEYBYTES + 1]; - MLD_ALIGN uint8_t sm[MLEN + CRYPTO_BYTES + 1]; + MLD_ALIGN uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES + 1]; + MLD_ALIGN uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES + 1]; + MLD_ALIGN uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES + 1]; MLD_ALIGN uint8_t m[MLEN + 1]; - MLD_ALIGN uint8_t m2[MLEN + CRYPTO_BYTES + 1]; + MLD_ALIGN uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES + 1]; MLD_ALIGN uint8_t ctx[CTXLEN + 1]; return test_sign_core(pk + 1, sk + 1, sm + 1, m + 1, m2 + 1, ctx + 1); @@ -107,9 +109,9 @@ static int test_sign_unaligned(void) static int test_sign_extmu(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sig[CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sig[MLDSA_CRYPTO_BYTES]; uint8_t mu[MLDSA_CRHBYTES]; size_t siglen; @@ -126,9 +128,9 @@ static int test_sign_extmu(void) static int test_sign_pre_hash(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sig[CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sig[MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; uint8_t ctx[CTXLEN]; uint8_t rnd[MLDSA_RNDBYTES]; @@ -153,10 +155,10 @@ static int test_sign_pre_hash(void) static int test_pk_from_sk(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t pk_derived[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sk_corrupted[CRYPTO_SECRETKEYBYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t pk_derived[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sk_corrupted[MLDSA_CRYPTO_SECRETKEYBYTES]; int rc; /* Generate a keypair */ @@ -166,14 +168,14 @@ static int test_pk_from_sk(void) CHECK(crypto_sign_pk_from_sk(pk_derived, sk) == 0); /* Verify derived public key matches original */ - if (memcmp(pk, pk_derived, CRYPTO_PUBLICKEYBYTES) != 0) + if (memcmp(pk, pk_derived, MLDSA_CRYPTO_PUBLICKEYBYTES) != 0) { printf("ERROR: pk_from_sk - derived public key does not match original\n"); return 1; } /* Test with corrupted t0 in secret key - should fail validation */ - memcpy(sk_corrupted, sk, CRYPTO_SECRETKEYBYTES); + memcpy(sk_corrupted, sk, MLDSA_CRYPTO_SECRETKEYBYTES); /* Corrupt a byte in the t0 portion of the secret key */ sk_corrupted[MLDSA_SEEDBYTES + MLDSA_TRBYTES + MLDSA_SEEDBYTES + 10] ^= 1; @@ -189,7 +191,7 @@ static int test_pk_from_sk(void) } /* Test with corrupted tr in secret key - should fail validation */ - memcpy(sk_corrupted, sk, CRYPTO_SECRETKEYBYTES); + memcpy(sk_corrupted, sk, MLDSA_CRYPTO_SECRETKEYBYTES); /* Corrupt a byte in the tr portion of the secret key */ /* tr starts at offset 2 * MLDSA_SEEDBYTES (after rho and key) */ sk_corrupted[2 * MLDSA_SEEDBYTES + 10] ^= 1; @@ -212,11 +214,11 @@ static int test_pk_from_sk(void) static int test_wrong_pk(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sm[MLEN + CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; - uint8_t m2[MLEN + CRYPTO_BYTES] = {0}; + uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES] = {0}; uint8_t ctx[CTXLEN]; size_t smlen; size_t mlen; @@ -234,7 +236,7 @@ static int test_wrong_pk(void) /* flip bit in public key */ randombytes((uint8_t *)&idx, sizeof(size_t)); - idx %= CRYPTO_PUBLICKEYBYTES; + idx %= MLDSA_CRYPTO_PUBLICKEYBYTES; pk[idx] ^= 1; @@ -263,11 +265,11 @@ static int test_wrong_pk(void) static int test_wrong_sig(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sm[MLEN + CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; - uint8_t m2[MLEN + CRYPTO_BYTES] = {0}; + uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES] = {0}; uint8_t ctx[CTXLEN]; size_t smlen; size_t mlen; @@ -285,7 +287,7 @@ static int test_wrong_sig(void) /* flip bit in signed message */ randombytes((uint8_t *)&idx, sizeof(size_t)); - idx %= MLEN + CRYPTO_BYTES; + idx %= MLEN + MLDSA_CRYPTO_BYTES; sm[idx] ^= 1; @@ -315,11 +317,11 @@ static int test_wrong_sig(void) static int test_wrong_ctx(void) { - uint8_t pk[CRYPTO_PUBLICKEYBYTES]; - uint8_t sk[CRYPTO_SECRETKEYBYTES]; - uint8_t sm[MLEN + CRYPTO_BYTES]; + uint8_t pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + uint8_t sk[MLDSA_CRYPTO_SECRETKEYBYTES]; + uint8_t sm[MLEN + MLDSA_CRYPTO_BYTES]; uint8_t m[MLEN]; - uint8_t m2[MLEN + CRYPTO_BYTES] = {0}; + uint8_t m2[MLEN + MLDSA_CRYPTO_BYTES] = {0}; uint8_t ctx[CTXLEN]; size_t smlen; size_t mlen; @@ -389,9 +391,9 @@ int main(void) } } - printf("CRYPTO_SECRETKEYBYTES: %d\n", CRYPTO_SECRETKEYBYTES); - printf("CRYPTO_PUBLICKEYBYTES: %d\n", CRYPTO_PUBLICKEYBYTES); - printf("CRYPTO_BYTES: %d\n", CRYPTO_BYTES); + printf("MLDSA_CRYPTO_SECRETKEYBYTES: %d\n", MLDSA_CRYPTO_SECRETKEYBYTES); + printf("MLDSA_CRYPTO_PUBLICKEYBYTES: %d\n", MLDSA_CRYPTO_PUBLICKEYBYTES); + printf("MLDSA_CRYPTO_BYTES: %d\n", MLDSA_CRYPTO_BYTES); return 0; } diff --git a/test/test_stack.c b/test/test_stack.c index 789b7e80e..3e4cf69e3 100644 --- a/test/test_stack.c +++ b/test/test_stack.c @@ -10,8 +10,8 @@ static void test_keygen_only(void) { - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; - unsigned char sk[CRYPTO_SECRETKEYBYTES]; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES]; /* Only call keypair - this is what we're measuring */ /* Uses the notrandombytes implementation for deterministic randomness */ @@ -21,8 +21,8 @@ static void test_keygen_only(void) static void test_sign_only(void) { - unsigned char sk[CRYPTO_SECRETKEYBYTES] = {0}; - unsigned char sig[CRYPTO_BYTES]; + unsigned char sk[MLDSA_CRYPTO_SECRETKEYBYTES] = {0}; + unsigned char sig[MLDSA_CRYPTO_BYTES]; size_t siglen; const unsigned char msg[] = "test message for stack measurement"; const unsigned char ctx[] = "test context"; @@ -36,15 +36,15 @@ static void test_sign_only(void) static void test_verify_only(void) { - unsigned char pk[CRYPTO_PUBLICKEYBYTES] = {0}; - unsigned char sig[CRYPTO_BYTES] = {0}; + unsigned char pk[MLDSA_CRYPTO_PUBLICKEYBYTES] = {0}; + unsigned char sig[MLDSA_CRYPTO_BYTES] = {0}; const unsigned char msg[] = "test message for stack measurement"; const unsigned char ctx[] = "test context"; /* Only call verify - this is what we're measuring */ /* pk and sig are zero-initialized (invalid, but OK for stack measurement) */ - int ret = crypto_sign_verify(sig, CRYPTO_BYTES, msg, sizeof(msg) - 1, ctx, - sizeof(ctx) - 1, pk); + int ret = crypto_sign_verify(sig, MLDSA_CRYPTO_BYTES, msg, sizeof(msg) - 1, + ctx, sizeof(ctx) - 1, pk); (void)ret; /* Ignore return value - we only care about stack measurement */ } From ae19b9245ae812a50959922479e4a5be0225849c Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 10 Dec 2025 12:18:28 +0800 Subject: [PATCH 7/7] Expand and unify example READMEs Signed-off-by: Matthias J. Kannwischer --- examples/README.md | 54 +++++++++ examples/basic/README.md | 50 ++++----- examples/basic_deterministic/README.md | 41 +++---- examples/bring_your_own_fips202/README.md | 51 +++++---- .../bring_your_own_fips202_static/README.md | 57 ++++++---- examples/custom_backend/README.md | 85 +++++++++----- examples/monolithic_build/README.md | 51 +++++++-- .../monolithic_build_multilevel/README.md | 105 ++++++++++-------- .../README.md | 80 +++++++------ examples/monolithic_build_native/README.md | 48 ++++++-- examples/multilevel_build/README.md | 53 +++++++-- examples/multilevel_build_native/README.md | 61 ++++++++-- 12 files changed, 508 insertions(+), 228 deletions(-) create mode 100644 examples/README.md diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 000000000..afc1758b1 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,54 @@ +[//]: # (SPDX-License-Identifier: CC-BY-4.0) + +# Usage examples + +This directory contains minimal examples demonstrating how you can use mldsa-native. + +## Basic + +See [basic](basic) for a basic example of how to build a single instance of mldsa-native. + +## Basic_deterministic + +See [basic_deterministic](basic_deterministic) for a basic example of how to build a single instance of mldsa-native without `randombytes()` implementation. This allows users to build mldsa-native using only the deterministic API when randomized functions are not required. +## Multi-level build (C only) + +See [multilevel_build](multilevel_build) for an example of how to build one instance of mldsa-native per security level, +in such a way that level-independent code is shared. + +## Multi-level build (with native code) + +See [multilevel_build_native](multilevel_build_native) for an example of how to build one instance of mldsa-native per +security level, in such a way that level-independent code is shared, and leveraging the native backends. + +## Custom FIPS202 implementation + +See [bring_your_own_fips202](bring_your_own_fips202) for an example of how to use mldsa-native with your own FIPS-202 +implementation. + +## Custom FIPS202 implementation (static state variant) + +See [bring_your_own_fips202_static](bring_your_own_fips202_static) for an example of how to use mldsa-native with a +custom FIPS-202 implementation using a static state. This variant demonstrates the serial-only FIPS-202 configuration +(`MLD_CONFIG_SERIAL_FIPS202_ONLY`). + +## Custom config + custom FIPS-202 backend + +See [custom_backend](custom_backend) for an example of how to use mldsa-native with a custom configuration file and a +custom FIPS-202 backend. + +## Monobuild (C only) + +See [monolithic_build](monolithic_build) for an example of how to build mldsa-native (with C backend) from a single +auto-generated compilation unit. + +## Multi-level monobuild (C only) + +See [monolithic_build_multilevel](monolithic_build_multilevel) for an example of how to build all security levels of +mldsa-native (with C backend) inside a single compilation unit, sharing the level-independent code. + +## Multi-level monobuild (with native code) + +See [monolithic_build_multilevel_native](monolithic_build_multilevel_native) for an example of how to build all security +levels of mldsa-native inside a single compilation unit, sharing the level-independent code, while also linking in assembly +from the native backends. diff --git a/examples/basic/README.md b/examples/basic/README.md index 27d275393..46e831070 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -1,40 +1,38 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Building mldsa-native +# Basic build -This directory contains a minimal example for how to build mldsa-native. +This directory contains a minimal example for how to build mldsa-native for a single security level. -## Components - -An application using mldsa-native as-is needs to include the following components: - -1. mldsa-native source tree, including [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202). -2. A secure pseudo random number generator, implementing [`randombytes.h`](../../mldsa/src/randombytes.h). -3. The application source code +## Use Case -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +Use this approach when: +- You need only one ML-DSA parameter set (44, 65, or 87) +- You want to build the mldsa-native C files separately, not as a single compilation unit. +- You're using C only, no native backends. -## Usage +## Components -Build this example with `make build`, run with `make run`. +1. mldsa-native source tree: [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202) +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Your application source code -## What this example demonstrates +## Configuration -This basic example shows how to use the ML-DSA (Module-Lattice-Based Digital Signature Algorithm) for: +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_PARAMETER_SET`: Security level (44, 65, or 87). Default is 65. +- `MLD_CONFIG_NAMESPACE_PREFIX`: Symbol prefix for the API. Set to `mldsa` in this example. -1. **Key Generation**: Generate a public/private key pair -2. **Signing**: Sign a message with a private key and optional context -3. **Signature Verification**: Verify a signature using the public key -4. **Signed Messages**: Create and open signed messages (signature + message combined) +To change the security level, modify `MLD_CONFIG_PARAMETER_SET` in the config file or pass it via CFLAGS. -The example demonstrates both the detached signature API (`crypto_sign_signature`/`crypto_sign_verify`) and the combined signature API (`crypto_sign`/`crypto_sign_open`). +## Usage -## Parameter Sets +```bash +make build # Build the example +make run # Run the example +``` -ML-DSA supports three parameter sets: -- **ML-DSA-44** -- **ML-DSA-65** -- **ML-DSA-87** +## Warning -The example builds and runs all three parameter sets to demonstrate the different security levels and their corresponding key/signature sizes. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/basic_deterministic/README.md b/examples/basic_deterministic/README.md index c4ccaf27c..e5ac1135e 100644 --- a/examples/basic_deterministic/README.md +++ b/examples/basic_deterministic/README.md @@ -1,33 +1,36 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Building mldsa-native -This directory contains a minimal example showing how to build **mldsa-native** for use cases only requiring the deterministic key generation and signing APIs (`crypto_sign_keypair_internal` and `crypto_sign_signature_internal`). In that case, no implementation of `randombytes()` has to be provided. +This directory contains a minimal example for building mldsa-native using only the deterministic API, +without requiring a `randombytes()` implementation. -## Components +## Use Case -An application using mldsa-native as-is needs to include the following components: +Use this approach when: +- Your application manages its own entropy/randomness externally +- You only need `crypto_sign_keypair_internal` and `crypto_sign_signature_internal` (deterministic variants) -1. mldsa-native source tree, including [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202). -2. The application source code +## Components -## Usage +1. mldsa-native source tree: [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202) +2. Your application source code -Build this example with `make build`, run with `make run`. +No `randombytes()` implementation is required. -## What this example demonstrates +## Configuration -This basic_deterministic example shows how to use the ML-DSA (Module-Lattice-Based Digital Signature Algorithm) for: +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_NO_RANDOMIZED_API`: Disables `crypto_sign_keypair`, `crypto_sign_signature`, etc. +- `MLD_CONFIG_PARAMETER_SET`: Security level (default 65) +- `MLD_CONFIG_NAMESPACE_PREFIX`: Symbol prefix (set to `mldsa`) -1. **Key Generation**: Generate a public/private key pair -2. **Signing**: Sign a message with a private key and optional context -3. **Signature Verification**: Verify a signature using the public key +## Notes -## Parameter Sets +- This is incompatible with `MLD_CONFIG_KEYGEN_PCT` (pairwise consistency test) -ML-DSA supports three parameter sets: -- **ML-DSA-44** -- **ML-DSA-65** -- **ML-DSA-87** +## Usage -The example builds and runs all three parameter sets to demonstrate the different security levels and their corresponding key/signature sizes. +```bash +make build # Build the example +make run # Run the example +``` diff --git a/examples/bring_your_own_fips202/README.md b/examples/bring_your_own_fips202/README.md index b7bdfcbb9..6f2c58d88 100644 --- a/examples/bring_your_own_fips202/README.md +++ b/examples/bring_your_own_fips202/README.md @@ -1,40 +1,49 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Bring your own FIPS-202 +# Bring Your Own FIPS-202 -This directory contains a minimal example for how to use mldsa-native as a code package, with a custom FIPS-202 +This directory contains a minimal example for using mldsa-native with a custom FIPS-202 (SHA-3/SHAKE) implementation. We use tiny_sha3[^tiny_sha3] as an example. +## Use Case + +Use this approach when: +- You need only one ML-DSA parameter set (44, 65, or 87) +- Your application already has a FIPS-202 software/hardware implementation you want to reuse + ## Components -An application using mldsa-native with a custom FIPS-202 implementation needs the following: +1. Arithmetic part of mldsa-native: [`mldsa/src/`](../../mldsa/src) (excluding `fips202/`) +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Custom FIPS-202 implementation with headers compatible with: + - [`fips202.h`](../../mldsa/src/fips202/fips202.h) + - [`fips202x4.h`](../../mldsa/src/fips202/fips202x4.h) +4. Your application source code -1. Arithmetic part of the mldsa-native source tree: [`mldsa/src/`](../../mldsa/src) -2. A secure pseudo random number generator, implementing [`randombytes.h`](../../mldsa/src/randombytes.h). -3. A custom FIPS-202 with `fips202.h` and `fips202x4.h` headers compatible with - [`mldsa/src/fips202/fips202.h`](../../mldsa/src/fips202/fips202.h) and [`mldsa/src/fips202/fips202x4.h`](../../mldsa/src/fips202/fips202x4.h). -4. The application source code +## Configuration -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_FIPS202_CUSTOM_HEADER`: Path to your custom `fips202.h` +- `MLD_CONFIG_FIPS202X4_CUSTOM_HEADER`: Path to your custom `fips202x4.h` -## Usage +Your custom FIPS-202 implementation must impelement the API specified in [FIPS202.md](../../FIPS202.md). -Build this example with `make build`, run with `make run`. +## Notes -## Custom FIPS-202 Implementation +- The 4x batched functions (`x4`) can fall back to 4 sequential calls if batching isn't available +- Structure definitions may differ from mldsa-native's defaults (e.g., for incremental hashing) -This example uses tiny_sha3 as the underlying Keccak/SHA3 implementation. The wrapper headers in `custom_fips202/` -adapt the tiny_sha3 API to match the API expected by mldsa-native. +## Usage -Note that the `fips202x4.h` implementation provided here is a simple serial implementation that does not provide -any performance benefits from parallelization. For production use, consider using an optimized parallel implementation. +```bash +make build # Build the example +make run # Run the example +``` -## Verification +## Warning -This example uses the same test vectors as the basic example (via a symlink to `expected_signatures.h`) and verifies -that the custom FIPS-202 implementation produces identical results to the default implementation. This ensures that -the wrapper is correctly implementing the required API. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. [^tiny_sha3]: Markku-Juhani O. Saarinen: tiny_sha3, [https://github.com/mjosaarinen/tiny_sha3](https://github.com/mjosaarinen/tiny_sha3) diff --git a/examples/bring_your_own_fips202_static/README.md b/examples/bring_your_own_fips202_static/README.md index 624a0f01a..73de52484 100644 --- a/examples/bring_your_own_fips202_static/README.md +++ b/examples/bring_your_own_fips202_static/README.md @@ -1,35 +1,54 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Bring your own FIPS-202 (Static State Variant) +# Bring Your Own FIPS-202 (Static State Variant) -This directory contains a minimal example for how to use mldsa-native with external FIPS-202 -HW/SW-implementations that use a single global state (for example, some hardware accelerators). -Specifically, this example demonstrates the use of the serial-only FIPS-202 configuration -`MLD_CONFIG_SERIAL_FIPS202_ONLY`. +This directory contains a minimal example for using mldsa-native with a custom FIPS-202 implementation +that uses a single global state. This is common for hardware accelerators that can only hold one +Keccak state at a time. -**WARNING:** This example is EXPECTED TO PRODUCE INCORRECT RESULTS because ML-DSA requires -multiple independent FIPS-202 contexts to be active simultaneously. This example demonstrates -what happens when only a single global state is available. +## Use Case + +Use this approach when: +- You need only one ML-DSA parameter set (44, 65, or 87) +- Your application already has a FIPS-202 software/hardware implementation you want to reuse +- Your FIPS-202 implementation does not support multiple active SHA3/SHAKE computations. ## Components -An application using mldsa-native with a custom FIPS-202 implementation needs the following: +1. Arithmetic part of mldsa-native: [`mldsa/src/`](../../mldsa/src) (excluding `fips202/`) +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Custom FIPS-202 implementation with headers compatible with [`fips202.h`](../../mldsa/src/fips202/fips202.h) +4. Your application source code + +## Configuration + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_SERIAL_FIPS202_ONLY`: Disables batched Keccak; matrix entries generated one at a time +- `MLD_CONFIG_FIPS202_CUSTOM_HEADER`: Path to your custom `fips202.h` -1. Arithmetic part of the mldsa-native source tree: [`mldsa/src/`](../../mldsa/src) -2. A secure pseudo random number generator, implementing [`randombytes.h`](../../mldsa/src/randombytes.h). -3. A custom FIPS-202 with `fips202.h` header compatible with [`mldsa/fips202/fips202.h`](../../mldsa/src/fips202/fips202.h). - With `MLD_CONFIG_SERIAL_FIPS202_ONLY`, the FIPS-202x4 parallel API is not used. -4. The application source code +Your custom FIPS-202 implementation must provide: +- `mld_shake128_init()`, `mld_shake128_absorb()`, `mld_shake128_finalize()`, `mld_shake128_squeeze()`, `mld_shake128_release()` +- `mld_shake256_init()`, `mld_shake256_absorb()`, `mld_shake256_finalize()`, `mld_shake256_squeeze()`, `mld_shake256_release()` +- `mld_shake256` +- Structure definitions for `mld_shake128ctx` and `mld_shake256ctx` -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +## Notes + +- `MLD_CONFIG_SERIAL_FIPS202_ONLY` may reduce performance on CPUs with SIMD support +- Matrix and vector generation becomes sequential instead of batched (4 entries at a time) +- Only enable this when your hardware requires it ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning -You should see verification failures, which is the expected behavior demonstrating that a single -global FIPS-202 state is insufficient for ML-DSA. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. [^tiny_sha3]: Markku-Juhani O. Saarinen: tiny_sha3, [https://github.com/mjosaarinen/tiny_sha3](https://github.com/mjosaarinen/tiny_sha3) diff --git a/examples/custom_backend/README.md b/examples/custom_backend/README.md index 2e7858f5a..9412dba97 100644 --- a/examples/custom_backend/README.md +++ b/examples/custom_backend/README.md @@ -1,39 +1,70 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Using a custom configuration and FIPS-202 backend +# Custom FIPS-202 Backend -This directory contains a minimal example for how to use mldsa-native as a code package, with a custom FIPS-202 -backend and a custom configuration. We use [^tiny_sha3] as an example. +This directory contains a minimal example for using mldsa-native with a custom FIPS-202 *backend* +(as opposed to a complete custom FIPS-202 implementation). We use tiny_sha3[^tiny_sha3] as an example. + +## Use Case + +Use this approach when: +- You need only one ML-DSA parameter set (44, 65, 87) +- You want to replace the low-level Keccak-f1600 permutation +- You want to keep mldsa-native's FIPS-202 frontend (absorb/squeeze logic) + +This differs from `bring_your_own_fips202` in that you only replace the *backend* (Keccak permutation), +not the entire FIPS-202 implementation. ## Components -An application using mldsa-native with a custom FIPS-202 backend and custom configuration needs the following: - -1. Arithmetic part of the mldsa-native source tree: [`mldsa/src/`](../../mldsa/src). In this example, we disable arithmetic - backends, hence it is safe to remove the entire `native` subfolder. -2. A secure pseudo random number generator, implementing [`randombytes.h`](../../mldsa/src/randombytes.h). **WARNING:** The - `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation outside of testing. -3. FIPS-202 part of the mldsa-native source tree, [`fips202/`](../../mldsa/src/fips202). If you only want to use your backend, - you can remove all existing backends; that's what this example does. -4. A custom FIPS-202 backend. In this example, the backend file is - [custom.h](mldsa_native/mldsa/src/fips202/native/custom/custom.h), wrapping - [sha3.c](mldsa_native/mldsa/src/fips202/native/custom/src/sha3.c) and setting `MLD_USE_FIPS202_X1_NATIVE` to indicate that we - replace 1-fold Keccak-F1600. -5. Either modify the existing [config.h](mldsa_native/mldsa/src/config.h), or register a new config. In this example, we add - a new config [custom_config.h](mldsa_native/custom_config.h) and register it from the command line for - `-DMLD_CONFIG_FILE="custom_config.h"` -- no further changes to the build are needed. For the sake of - demonstration, we set a custom namespace. We set `MLD_CONFIG_FIPS202_BACKEND_FILE` to point to our custom FIPS-202 - backend, but leave `MLD_CONFIG_USE_NATIVE_BACKEND_ARITH` undefined to indicate that we wish to use the C backend. - -## Note - -The tiny_sha3 code uses a byte-reversed presentation of the Keccakf1600 state for big-endian targets. Since -mldsa-native's FIPS202 frontend assumes a standard presentation, the corresponding byte-reversal in -[sha3.c](mldsa_native/mldsa/src/fips202/native/custom/src/sha3.c) is removed. +1. Arithmetic part of mldsa-native: [`mldsa/src/`](../../mldsa/src) +2. FIPS-202 frontend: [`mldsa/src/fips202/`](../../mldsa/src/fips202) (can remove existing backends) +3. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +4. Custom FIPS-202 backend (see below) +5. Your application source code + +## Configuration + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202`: Enables native FIPS-202 backend +- `MLD_CONFIG_FIPS202_BACKEND_FILE`: Path to your custom backend metadata file + +A custom backend consists of: +1. A metadata header (e.g., [custom.h](mldsa_native/src/fips202/native/custom/custom.h)) that: + - Sets `MLD_USE_FIPS202_X1_NATIVE` (and/or `X4`) to indicate which functions are replaced + - Includes the implementation header +2. An implementation providing `mld_keccakf1600_native()` (and/or batched variants) + +Example backend metadata file: +```c +#ifndef CUSTOM_FIPS202_BACKEND_H +#define CUSTOM_FIPS202_BACKEND_H + +/* Indicate we're replacing 1-fold Keccak-f1600 */ +#define MLD_USE_FIPS202_X1_NATIVE + +/* Include the implementation */ +#include "custom/src/keccak_impl.h" + +#endif +``` + +## Notes + +- The tiny_sha3 code uses byte-reversed Keccak state on big-endian targets; this example removes + that reversal since mldsa-native's frontend assumes standard byte order ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning + +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. [^tiny_sha3]: Markku-Juhani O. Saarinen: tiny_sha3, [https://github.com/mjosaarinen/tiny_sha3](https://github.com/mjosaarinen/tiny_sha3) diff --git a/examples/monolithic_build/README.md b/examples/monolithic_build/README.md index df8ceac2f..b7ae9b938 100644 --- a/examples/monolithic_build/README.md +++ b/examples/monolithic_build/README.md @@ -1,17 +1,50 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Single-level mldsa-native in a single compilation unit +# Monolithic Build (C Backend) -This directory contains a minimal example for how to build a single instance of mldsa-native in a single compilation -unit. Only the C-backend is exercised. +This directory contains a minimal example for building mldsa-native for a single +parameter set of ML-DSA as a single compilation unit using the auto-generated +`mldsa_native.c` file. -The auto-generated source file [mldsa_native.c](mldsa/mldsa_native.c) includes all mldsa-native C source -files. Moreover, it clears all `#define`s clauses set by mldsa-native at the end, and is hence amenable to multiple -inclusion in another compilation unit. It exposes the API [../../mldsa/mldsa_native.h](mldsa/mldsa_native.h). +## Use Case + +Use this approach when: +- You want the simplest possible build integration (one `.c` file) +- You're using only C (no native backends) +- You need only one ML-DSA parameter set (44, 65, or 87) + +## Components + +1. Source tree [mldsa_native/*](mldsa_native), including top-level compilation unit + [mldsa_native.c](mldsa_native/mldsa_native.c) (gathering all C sources) + and the mldsa-native API [mldsa_native.h](mldsa_native/mldsa_native.h). +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Your application source code + +## Configuration + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_PARAMETER_SET`: Security level (default 65) +- `MLD_CONFIG_NAMESPACE_PREFIX`: Symbol prefix (set to `mldsa`) +- `MLD_CONFIG_INTERNAL_API_QUALIFIER=static`: Makes internal functions static for single-CU builds + +The auto-generated `mldsa_native.c`: +- Includes all mldsa-native C source files +- Clears all internal `#define`s at the end, allowing multiple inclusion + +## Notes + +- The monolithic `.c` file is auto-generated by `scripts/autogen` +- Internal functions become `static`, enabling better compiler optimization ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/monolithic_build_multilevel/README.md b/examples/monolithic_build_multilevel/README.md index a0b5dd1e4..ff90dc5ba 100644 --- a/examples/monolithic_build_multilevel/README.md +++ b/examples/monolithic_build_multilevel/README.md @@ -1,38 +1,55 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Multi-level mldsa-native in a single compilation unit +# Monolithic Multi-Level Build (C Backend) -This directory contains a minimal example for how to build multiple instances of mldsa-native in a single compilation -unit. Only the C-backend is exercised. +This directory contains a minimal example for building all three ML-DSA security levels in a single +compilation unit, with shared code deduplicated. -The auto-generated source file [mldsa_native.c](mldsa/mldsa_native.c) includes all mldsa-native C source -files. Moreover, it clears all `#define`s clauses set by mldsa-native at the end, and is hence amenable to multiple -inclusion in another compilation unit. +## Use Case -The manually written source file [mldsa_native_all.c](mldsa_native_all.c) includes -[mldsa_native.c](mldsa/mldsa_native.c) three times, each time using the fixed config -[multilevel_config.h](multilevel_config.h), but changing the security level (specified -by `MLD_CONFIG_PARAMETER_SET`) every time. -```C -#define MLD_CONFIG_FILE "multilevel_config.h" +Use this approach when: +- You need all ML-DSA security levels in one application +- You want the simplest possible multi-level integration (one `.c` file) +- You're using only C (no native backend) + +## Components + +An application using mldsa-native as a monolithic multi-level build needs: + +1. Source tree [mldsa_native/*](mldsa_native), including top-level compilation unit + [mldsa_native.c](mldsa_native/mldsa_native.c) (gathering all C sources) + and the mldsa-native API [mldsa_native.h](mldsa_native/mldsa_native.h). +2. Manually provided wrapper file [mldsa_native_all.c](mldsa_native_all.c), + including `mldsa_native.c` three times. +3. Manually provided header file [mldsa_native_all.h](mldsa_native_all.h), + including `mldsa_native.h` three times) +4. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +5. Your application source code + +## Configuration -/* Three instances of mldsa-native for all security levels */ +The configuration file [multilevel_config.h](mldsa_native/multilevel_config.h) sets: +- `MLD_CONFIG_MULTILEVEL_BUILD`: Enables multi-level mode +- `MLD_CONFIG_NAMESPACE_PREFIX=mldsa`: Base prefix +- `MLD_CONFIG_INTERNAL_API_QUALIFIER=static`: Makes internal functions static -/* Include level-independent code */ +The wrapper [mldsa_native_all.c](mldsa_native_all.c) includes `mldsa_native.c` three times: +```c +#define MLD_CONFIG_FILE "multilevel_config.h" + +/* Include level-independent code with first level */ #define MLD_CONFIG_MULTILEVEL_WITH_SHARED -/* Keep level-independent headers at the end of monobuild file */ #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS #define MLD_CONFIG_PARAMETER_SET 44 #include "mldsa_native.c" #undef MLD_CONFIG_PARAMETER_SET #undef MLD_CONFIG_MULTILEVEL_WITH_SHARED -/* Exclude level-independent code */ +/* Exclude level-independent code for subsequent levels */ #define MLD_CONFIG_MULTILEVEL_NO_SHARED #define MLD_CONFIG_PARAMETER_SET 65 #include "mldsa_native.c" #undef MLD_CONFIG_PARAMETER_SET -/* `#undef` all headers at the and of the monobuild file */ #undef MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS #define MLD_CONFIG_PARAMETER_SET 87 @@ -40,48 +57,40 @@ by `MLD_CONFIG_PARAMETER_SET`) every time. #undef MLD_CONFIG_PARAMETER_SET ``` -Note the setting `MLD_CONFIG_MULTILEVEL_WITH_SHARED` which forces the inclusion of all level-independent -code in the MLDSA-44 build, and the setting `MLD_CONFIG_MULTILEVEL_NO_SHARED`, which drops all -level-independent code in the subsequent builds. Finally, `MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS` entails that -`mldsa_native.c` does not `#undefine` the `#define` clauses from level-independent files. - -To make the monolithic multi-level build accessible from the application source [main.c](main.c), we provide -[mldsa_native_all.h](mldsa_native_all.h), which includes [mldsa_native.h](../../mldsa/mldsa_native.h) once per -configuration. Note that we don't refer to the configuration using `MLD_CONFIG_FILE`, but by setting -`MLD_CONFIG_API_XXX` explicitly. Otherwise, [mldsa_native.h](../../mldsa/mldsa_native.h) would include the confg, which -would lead to name-clashes upon multiple use. +The header [mldsa_native_all.h](mldsa_native_all.h) exposes all APIs: +```c +#define MLD_CONFIG_NO_SUPERCOP -```C -#define MLD_CONFIG_API_NO_SUPERCOP - -/* API for MLDSA-44 */ -#define MLD_CONFIG_API_PARAMETER_SET 44 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa44 +#define MLD_CONFIG_PARAMETER_SET 44 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H -/* API for MLDSA-65*/ -#define MLD_CONFIG_API_PARAMETER_SET 65 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa65 +#define MLD_CONFIG_PARAMETER_SET 65 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H -/* API for MLDSA-87 */ -#define MLD_CONFIG_API_PARAMETER_SET 87 -#define MLD_CONFIG_API_NAMESPACE_PREFIX mldsa87 +#define MLD_CONFIG_PARAMETER_SET 87 #include -#undef MLD_CONFIG_API_PARAMETER_SET -#undef MLD_CONFIG_API_NAMESPACE_PREFIX +#undef MLD_CONFIG_PARAMETER_SET #undef MLD_H ``` +## Notes + +- `MLD_CONFIG_MULTILEVEL_WITH_SHARED` must be set for exactly ONE level +- `MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS` prevents cleanup of shared headers between inclusions +- `MLD_CONFIG_NO_SUPERCOP` is required to avoid conflicting `CRYPTO_*` macro definitions + ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/monolithic_build_multilevel_native/README.md b/examples/monolithic_build_multilevel_native/README.md index b211fa217..46193a894 100644 --- a/examples/monolithic_build_multilevel_native/README.md +++ b/examples/monolithic_build_multilevel_native/README.md @@ -1,38 +1,53 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Multi-level mldsa-native in a single compilation unit, with native code +# Monolithic Multi-Level Build (Native Backend) -This directory contains a minimal example for how to build multiple instances of mldsa-native in a single compilation -unit, while additionally linking assembly sources from native code. +This directory contains a minimal example for building all three ML-DSA security levels in a single +compilation unit with native assembly backends, with shared code deduplicated. -The auto-generated source file [mldsa_native.c](mldsa/mldsa_native.c) includes all mldsa-native C source -files. Moreover, it clears all `#define`s clauses set by mldsa-native at the end, and is hence amenable to multiple -inclusion in another compilation unit. +## Use Case -The manually written source file [mldsa_native_all.c](mldsa_native_all.c) includes -[mldsa_native.c](mldsa/mldsa_native.c) three times, each time using the fixed config -[multilevel_config.h](multilevel_config.h), but changing the security level (specified -by `MLD_CONFIG_PARAMETER_SET`) every time. For each inclusion, it sets `MLD_CONFIG_FILE` -appropriately first, and then includes the monobuild: -```C -/* Three instances of mldsa-native for all security levels */ +Use this approach when: +- You need all ML-DSA security levels in one application +- You want optimal performance via native assembly +- You want the simplest possible multi-level native integration +## Components + +1. Source tree [mldsa_native/*](mldsa_native), including top-level compilation unit + [mldsa_native.c](mldsa_native/mldsa_native.c) (gathering all C sources), + [mldsa_native.S](mldsa_native/mldsa_native.S) (gathering all assembly sources), + and the mldsa-native API [mldsa_native.h](mldsa_native/mldsa_native.h). +2. Manually provided wrapper file [mldsa_native_all.c](mldsa_native_all.c), + including `mldsa_native.c` three times (in this example, we don't use a + wrapper header since we directly include `mldsa_native_all.c` into `main.c`). +3. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +4. Your application source code + +## Configuration + +The configuration file [multilevel_config.h](multilevel_config.h) sets: +- `MLD_CONFIG_MULTILEVEL_BUILD`: Enables multi-level mode +- `MLD_CONFIG_NAMESPACE_PREFIX=mldsa`: Base prefix +- `MLD_CONFIG_USE_NATIVE_BACKEND_ARITH`: Enables native arithmetic backend +- `MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202`: Enables native FIPS-202 backend + +The wrapper [mldsa_native_all.c](mldsa_native_all.c) includes `mldsa_native.c` three times: +```c #define MLD_CONFIG_FILE "multilevel_config.h" -/* Include level-independent code */ +/* Include level-independent code with first level */ #define MLD_CONFIG_MULTILEVEL_WITH_SHARED 1 -/* Keep level-independent headers at the end of monobuild file */ #define MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS #define MLD_CONFIG_PARAMETER_SET 44 #include "mldsa_native.c" #undef MLD_CONFIG_MULTILEVEL_WITH_SHARED #undef MLD_CONFIG_PARAMETER_SET -/* Exclude level-independent code */ +/* Exclude level-independent code for subsequent levels */ #define MLD_CONFIG_MULTILEVEL_NO_SHARED #define MLD_CONFIG_PARAMETER_SET 65 #include "mldsa_native.c" -/* `#undef` all headers at the and of the monobuild file */ #undef MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS #undef MLD_CONFIG_PARAMETER_SET @@ -41,26 +56,29 @@ appropriately first, and then includes the monobuild: #undef MLD_CONFIG_PARAMETER_SET ``` -Note the setting `MLD_CONFIG_MULTILEVEL_WITH_SHARED` which forces the inclusion of all level-independent -code in the ML_DSA-44 build, and the setting `MLD_CONFIG_MULTILEVEL_NO_SHARED`, which drops all -level-independent code in the subsequent builds. Finally, `MLD_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS` entails that -[mldsa_native.c](mldsa/mldsa_native.c) does not `#undefine` the `#define` clauses from level-independent files. - -Since we embed [mldsa_native_all.c](mldsa_native_all.c) directly into the application source [main.c](main.c), we don't -need a header for function declarations. However, we still import [mldsa_native.h](../../mldsa/mldsa_native.h) once -with `MLD_CONFIG_API_CONSTANTS_ONLY`, for definitions of the sizes of the key material and signatures. -Excerpt from [main.c](main.c): - +The application [main.c](main.c) embeds the wrapper and imports constants: ```c #include "mldsa_native_all.c" -#define MLD_CONFIG_API_CONSTANTS_ONLY +#define MLD_CONFIG_CONSTANTS_ONLY #include ``` +## Notes + +- Both `mldsa_native_all.c` and `mldsa_native.S` must be compiled and linked +- `MLD_CONFIG_MULTILEVEL_WITH_SHARED` must be set for exactly ONE level +- `MLD_CONFIG_CONSTANTS_ONLY` imports size constants without function declarations +- Native backends are auto-selected based on target architecture + ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/monolithic_build_native/README.md b/examples/monolithic_build_native/README.md index e8d1d4ba5..ba2acb08f 100644 --- a/examples/monolithic_build_native/README.md +++ b/examples/monolithic_build_native/README.md @@ -1,17 +1,47 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Single-level mldsa-native in a single compilation unit, with native code +# Monolithic Build (Native Backend) -This directory contains a minimal example for how to build a single instance of mldsa-native in a single compilation -unit, including the native backends. +This directory contains a minimal example for building mldsa-native as a single compilation unit +with native assembly backends, using the auto-generated `mldsa_native.c` and `mldsa_native.S` files. -The auto-generated source file [mldsa_native.c](mldsa/mldsa_native.c) includes all mldsa-native C source -files. Similarly, [mldsa_native.S](mldsa/mldsa_native.S) includes all assembly files. -It exposes the API [mldsa/mldsa_native.h](mldsa/mldsa_native.h). +## Use Case + +Use this approach when: +- You need only one ML-DSA parameter set (44, 65, or 87) +- You want simple build integration with optimal performance + +## Components + +1. Source tree [mldsa_native/*](mldsa_native), including top-level compilation unit + [mldsa_native.c](mldsa_native/mldsa_native.c) (gathering all C sources), + [mldsa_native.S](mldsa_native/mldsa_native.S) (gathering all assembly sources), + and the mldsa-native API [mldsa_native.h](mldsa_native/mldsa_native.h). +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Your application source code + +## Configuration + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_PARAMETER_SET`: Security level (default 65) +- `MLD_CONFIG_NAMESPACE_PREFIX`: Symbol prefix (set to `mldsa`) +- `MLD_CONFIG_USE_NATIVE_BACKEND_ARITH`: Enables native arithmetic backend +- `MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202`: Enables native FIPS-202 backend + +## Notes + +- Both `mldsa_native.c` and `mldsa_native.S` must be compiled and linked +- Native backends are auto-selected based on target architecture +- On unsupported platforms, the C backend is used automatically ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build the example +make run # Run the example +``` + +## Warning -**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation -outside of testing. +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/multilevel_build/README.md b/examples/multilevel_build/README.md index 306163374..9fd066c76 100644 --- a/examples/multilevel_build/README.md +++ b/examples/multilevel_build/README.md @@ -1,17 +1,50 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Multi-level build +# Multi-Level Build (C Backend) -This directory contains a minimal example for how to build mldsa-native with support for all 3 security levels -ML-DSA-44, ML-DSA-65, and ML-DSA-87, and so that level-independent code is shared. In this example, only the C-backend -of mldsa-native is used. +This directory contains a minimal example for building mldsa-native with support for all three security levels +(ML-DSA-44, ML-DSA-65, ML-DSA-87), with level-independent code shared to reduce binary size. -The library is built 3 times in different build directories `build/mldsa{44,65,87}`. For the ML-DSA-44 build, we set -`MLD_CONFIG_MULTILEVEL_WITH_SHARED` to force the inclusion of all level-independent code in the -ML-DSA-44 build. For ML-DSA-65 and ML-DSA-87, we set `MLD_CONFIG_MULTILEVEL_NO_SHARED` to not include any -level-independent code. Finally, we use the common namespace prefix `mldsa` as `MLD_CONFIG_NAMESPACE_PREFIX` for all three -builds; the suffix 44/65/87 will be added to level-dependent functions automatically. +## Use Case + +Use this approach when: +- You need multiple ML-DSA security levels in the same application +- You want to minimize code duplication across levels +- You want to build the mldsa-native C files separately, not as a single compilation unit. +- You're only using C (no native backends) + +## Components + +1. mldsa-native source tree: [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202) +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Your application source code + +## Configuration + +The library is built 3 times into separate directories (`build/mldsa44`, `build/mldsa65`, `build/mldsa87`). + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_MULTILEVEL_BUILD`: Enables multi-level build mode +- `MLD_CONFIG_NAMESPACE_PREFIX=mldsa`: Base prefix; level suffix added automatically + +Build-time flags passed via CFLAGS: +- `MLD_CONFIG_PARAMETER_SET=44/65/87`: Selects the security level +- `MLD_CONFIG_MULTILEVEL_WITH_SHARED`: Set for ONE build (e.g., 44) to include shared code +- `MLD_CONFIG_MULTILEVEL_NO_SHARED`: Set for OTHER builds to exclude shared code + +The resulting API functions are namespaced as: +- `mldsa44_keypair()`, `mldsa44_signature()`, `mldsa44_verify()`, ... +- `mldsa65_keypair()`, `mldsa65_signature()`, `mldsa65_verify()`, ... +- `mldsa87_keypair()`, `mldsa87_signature()`, `mldsa87_verify()`, ... ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build all three security levels +make run # Run the example +``` + +## Warning + +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use. diff --git a/examples/multilevel_build_native/README.md b/examples/multilevel_build_native/README.md index 0eabb0c0e..8265fe528 100644 --- a/examples/multilevel_build_native/README.md +++ b/examples/multilevel_build_native/README.md @@ -1,16 +1,59 @@ [//]: # (SPDX-License-Identifier: CC-BY-4.0) -# Multi-level build +# Multi-Level Build (Native Backend) -This directory contains a minimal example for how to build mldsa-native with support for all 3 security levels -ML-DSA-44, ML-DSA-65, and ML-DSA-87. All level-independent code is shared, and native backends are in use. +This directory contains a minimal example for building mldsa-native with support for all three security levels +(ML-DSA-44, ML-DSA-65, ML-DSA-87), using native backends for optimal performance, with level-independent +code shared to reduce binary size. -The library is built 3 times in different build directories `build/mldsa{44,65,87}`. For the ML-DSA-44 build, we set -`MLD_CONFIG_MULTILEVEL_WITH_SHARED` to force the inclusion of all level-independent code in the -ML-DSA-44 build. For ML-DSA-65 and ML-DSA-87, we set `MLD_CONFIG_MULTILEVEL_NO_SHARED` to not include any -level-independent code. Finally, we use the common namespace prefix `mldsa` as `MLD_CONFIG_NAMESPACE_PREFIX` for all three -builds; the suffix 44/65/87 will be added to level-dependent functions automatically. +## Use Case + +Use this approach when: +- You need multiple ML-DSA security levels in the same application +- You want optimal performance via native assembly (AArch64/AVX2) +- You want to build the mldsa-native C files separately, not as a single compilation unit. +- You want to minimize code duplication across levels + +## Components + +1. mldsa-native source tree: [`mldsa/src/`](../../mldsa/src), [`mldsa/src/fips202/`](../../mldsa/src/fips202), + and [`mldsa/src/native/`](../../mldsa/src/native) +2. A secure random number generator implementing [`randombytes.h`](../../mldsa/src/randombytes.h) +3. Your application source code + +## Configuration + +The library is built 3 times into separate directories (`build/mldsa44`, `build/mldsa65`, `build/mldsa87`). + +The configuration file [mldsa_native_config.h](mldsa_native/mldsa_native_config.h) sets: +- `MLD_CONFIG_MULTILEVEL_BUILD`: Enables multi-level build mode +- `MLD_CONFIG_NAMESPACE_PREFIX=mldsa`: Base prefix; level suffix added automatically +- `MLD_CONFIG_USE_NATIVE_BACKEND_ARITH`: Enables native arithmetic backend +- `MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202`: Enables native FIPS-202 backend + +Build-time flags passed via CFLAGS: +- `MLD_CONFIG_PARAMETER_SET=44/65/87`: Selects the security level +- `MLD_CONFIG_MULTILEVEL_WITH_SHARED`: Set for ONE build to include shared code +- `MLD_CONFIG_MULTILEVEL_NO_SHARED`: Set for OTHER builds to exclude shared code + +The resulting API functions are namespaced as: +- `mldsa44_keypair()`, `mldsa44_signature()`, `mldsa44_verify()`, ... +- `mldsa65_keypair()`, `mldsa65_signature()`, `mldsa65_verify()`, ... +- `mldsa87_keypair()`, `mldsa87_signature()`, `mldsa87_verify()`, ... + +## Notes + +- Native backends are auto-selected based on the target architecture +- On unsupported platforms, the build falls back to the C backend ## Usage -Build this example with `make build`, run with `make run`. +```bash +make build # Build all three security levels +make run # Run the example +``` + +## Warning + +The `randombytes()` implementation in `test_only_rng/` is for TESTING ONLY. +You MUST provide a cryptographically secure RNG for production use.