Skip to content

Commit

Permalink
Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87
Browse files Browse the repository at this point in the history 
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
  • Loading branch information
@SparkiDev
SparkiDev committed Jun 19, 2024
1 parent a141041 commit 3e3a00d
Show file tree
Hide file tree
Showing 23 changed files with 13,869 additions and 2,859 deletions.
99 changes: 97 additions & 2 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1172,8 +1172,7 @@ AC_ARG_WITH([liboqs],

# KYBER
# Used:
# - SHA3, Shake128 and Shake256, or
# - SHA256, SHA512, AES-CTR
# - SHA3, Shake128 and Shake256
AC_ARG_ENABLE([kyber],
[AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])],
[ ENABLED_KYBER=$enableval ],
Expand Down Expand Up @@ -1238,6 +1237,100 @@ then
fi
fi

# Dilithium
# - SHA3, Shake128, Shake256 and AES-CTR
AC_ARG_ENABLE([dilithium],
[AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (requires --enable-experimental) (default: disabled)])],
[ ENABLED_DILITHIUM=$enableval ],
[ ENABLED_DILITHIUM=no ]
)

ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM
ENABLED_DILITHIUM_MAKE_KEY=no
ENABLED_DILITHIUM_SIGN=no
ENABLED_DILITHIUM_VERIFY=no
for v in `echo $ENABLED_DILITHIUM_OPTS | tr "," " "`
do
case $v in
yes)
ENABLED_MLDSA44=yes
ENABLED_MLDSA65=yes
ENABLED_MLDSA87=yes
ENABLED_DILITHIUM_MAKE_KEY=yes
ENABLED_DILITHIUM_SIGN=yes
ENABLED_DILITHIUM_VERIFY=yes
;;
no)
;;
all)
ENABLED_DILITHIUM_MAKE_KEY=yes
ENABLED_DILITHIUM_SIGN=yes
ENABLED_DILITHIUM_VERIFY=yes
;;
make)
ENABLED_DILITHIUM_MAKE_KEY=yes
;;
sign)
ENABLED_DILITHIUM_SIGN=yes
;;
verify)
ENABLED_DILITHIUM_VERIFY=yes
;;
verify-only)
ENABLED_DILITHIUM_MAKE_KEY=no
ENABLED_DILITHIUM_SIGN=no
ENABLED_DILITHIUM_VERIFY=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_VERIFY_ONLY"
;;
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_SMALL"
;;
44)
ENABLED_MLDSA44=yes
;;
65)
ENABLED_MLDSA65=yes
;;
87)
ENABLED_MLDSA87=yes
;;
*)
AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
break;;
esac
done

if test "$ENABLED_DILITHIUM" != "no"
then
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ])
AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"

if test "$ENABLED_MLDSA44" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44"
fi
if test "$ENABLED_MLDSA65" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_65"
fi
if test "$ENABLED_MLDSA87" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87"
fi
if test "$ENABLED_DILITHIUM_MAKE_KEY" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_MAKE_KEY"
fi
if test "$ENABLED_DILITHIUM_SIGN" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_SIGN"
fi
if test "$ENABLED_DILITHIUM_VERIFY" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_VERIFY"
fi

if test "$ENABLED_LIBOQS" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_DILITHIUM"
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
fi
fi

# XMSS
AC_ARG_ENABLE([xmss],
Expand Down Expand Up @@ -9519,6 +9612,7 @@ AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes"
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
Expand Down Expand Up @@ -10019,6 +10113,7 @@ echo " * XMSS_ROOT: $XMSS_ROOT"
fi
echo " * KYBER: $ENABLED_KYBER"
echo " * KYBER wolfSSL impl: $ENABLED_WC_KYBER"
echo " * DILITHIUM: $ENABLED_DILITHIUM"
echo " * ECCSI $ENABLED_ECCSI"
echo " * SAKKE $ENABLED_SAKKE"
echo " * ASN: $ENABLED_ASN"
Expand Down
4 changes: 4 additions & 0 deletions src/include.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -980,6 +980,10 @@ endif
endif
endif

if BUILD_DILITHIUM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
endif

if BUILD_WC_LMS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms_impl.c
Expand Down
Loading

0 comments on commit 3e3a00d

Please sign in to comment.