From a2701e72c680a88e01f7b984ef58d72d527cb192 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Fri, 6 Dec 2024 13:51:09 -0700 Subject: [PATCH] server modifications to support ML-DSA --- posix/tcp/wh_server_tcp/user_settings.h | 28 +++++++++++++++++++++++++ posix/tcp/wh_server_tcp/wolfhsm_cfg.h | 6 ++++-- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/posix/tcp/wh_server_tcp/user_settings.h b/posix/tcp/wh_server_tcp/user_settings.h index b842ebf..d13341e 100644 --- a/posix/tcp/wh_server_tcp/user_settings.h +++ b/posix/tcp/wh_server_tcp/user_settings.h @@ -19,7 +19,11 @@ #define HAVE_WC_INTROSPECTION #define WOLFSSL_IGNORE_FILE_WARN +/* Define the following to remove dynamic memory allocation + * Note: This is incompatible with ML-DSA, so OFF by default */ +#if 0 #define WOLFSSL_NO_MALLOC +#endif /* Hardening options */ #define TFM_TIMING_RESISTANT @@ -59,11 +63,35 @@ /* Curve25519 Options */ #define HAVE_CURVE25519 +/* AES options */ #define HAVE_AESGCM #define HAVE_AES_ECB #define WOLFSSL_AES_DIRECT #define WOLFSSL_CMAC +/* Dilithium Options */ +#define HAVE_DILITHIUM +#define WOLFSSL_WC_DILITHIUM /* use wolfCrypt implementation, not libOQS */ +#define WOLFSSL_SHA3 +#define WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE256 + +/* The following options can be individually controlled to customize the + * ML-DSA configuration */ +#if 0 +#define WOLFSSL_DILITHIUM_VERIFY_ONLY +#endif +#if 0 +#define WOLFSSL_DILITHIUM_NO_VERIFY +#endif +#if 0 +#define WOLFSSL_DILITHIUM_NO_SIGN +#endif +#if 0 +#define WOLFSSL_DILITHIUM_NO_MAKE_KEY +#endif + + /* Include to support strcasecmp with POSIX build */ #include diff --git a/posix/tcp/wh_server_tcp/wolfhsm_cfg.h b/posix/tcp/wh_server_tcp/wolfhsm_cfg.h index 44e0db7..6a15885 100644 --- a/posix/tcp/wh_server_tcp/wolfhsm_cfg.h +++ b/posix/tcp/wh_server_tcp/wolfhsm_cfg.h @@ -26,9 +26,11 @@ #define WOLFHSM_CFG_H_ /** wolfHSM settings. Simple overrides to show they work */ -/* #define WOLFHSM_CFG_NO_CRYPTO */ + #define WOLFHSM_CFG_SHE_EXTENSION -#define WOLFHSM_CFG_COMM_DATA_LEN 1280 + +/* Large enough for ML-DSA level 5 key */ + #define WOLFHSM_CFG_COMM_DATA_LEN 5000 #define WOLFHSM_CFG_NVM_OBJECT_COUNT 32 #define WOLFHSM_CFG_SERVER_KEYCACHE_COUNT 10