Guard old non-ctx ML-DSA API by default

Author: Frauschi

.github/workflows/pq-all.yml

@@ -34,6 +34,7 @@ jobs:
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

configure.ac

@@ -1819,8 +1819,11 @@ do
   draft|fips204-draft)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
     ;;
+  no-ctx)
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_CTX"
+    ;;
   *)
-    AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
+    AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_DILITHIUM.])
     break;;
   esac
 done

tests/api/test_mldsa.c

@@ -34,6 +34,8 @@ int test_wc_dilithium_public_der_decode(void);
 int test_wc_dilithium_der(void);
 int test_wc_dilithium_make_key_from_seed(void);
 int test_wc_dilithium_sig_kats(void);
+int test_wc_dilithium_sign_ctx_kats(void);
+int test_wc_dilithium_verify_ctx_kats(void);
 int test_wc_dilithium_verify_kats(void);
 int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void);
 int test_mldsa_pkcs8_import_OpenSSL_form(void);
@@ -51,6 +53,8 @@ int test_mldsa_pkcs12(void);
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_der),                           \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed),            \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats),                      \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_ctx_kats),                 \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_ctx_kats),               \
     TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats),                   \
     TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \
     TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form),            \

tests/api/test_mldsa.h

@@ -15557,10 +15557,10 @@ void bench_dilithiumKeySign(byte level)
     do {
         for (i = 0; i < agreeTimes; i++) {
             if (ret == 0) {
-                ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key,
-                                            GLOBAL_RNG);
+                ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg,
+                    DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, GLOBAL_RNG);
                 if (ret != 0) {
-                    printf("wc_dilithium_sign_msg failed\n");
+                    printf("wc_dilithium_sign_ctx_msg failed\n");
                 }
             }
             RECORD_MULTI_VALUE_STATS();
@@ -15631,11 +15631,11 @@ void bench_dilithiumKeySign(byte level)
         for (i = 0; i < agreeTimes; i++) {
             if (ret == 0) {
                 int verify = 0;
-                ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE,
-                                              &verify, key);
+                ret = wc_dilithium_verify_ctx_msg(sig, x, NULL, 0, msg,
+                    DILITHIUM_BENCH_MSG_SIZE, &verify, key);
 
                 if (ret != 0 || verify != 1) {
-                    printf("wc_dilithium_verify_msg failed %d, verify %d\n",
+                    printf("wc_dilithium_verify_ctx_msg failed %d, verify %d\n",
                            ret, verify);
                     ret = -1;
                 }

wolfcrypt/benchmark/benchmark.c

@@ -9038,6 +9038,7 @@ static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
     const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
 {
@@ -9058,6 +9059,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Sign a message with the key and a random number generator.
  *
@@ -9153,6 +9155,7 @@ static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
  * @return  MEMORY_E when memory allocation fails.
  * @return  Other negative when an error occurs.
  */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
     const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
 {
@@ -9183,6 +9186,7 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Sign a pre-hashed message with the key and a seed.
  *
@@ -9825,6 +9829,7 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
     return ret;
 }
 
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 /* Verify signature of message using public key.
  *
  * @param [in, out] key     Dilithium key.
@@ -9867,6 +9872,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Verify signature of message using public key.
  *
@@ -10084,7 +10090,7 @@ static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen,
     }
     return ret;
 }
-#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
+#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
 
 #else
     #error "No dilithium implementation chosen."
@@ -10222,6 +10228,7 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
     return ret;
 }
 
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 /* Sign the message using the dilithium private key.
  *
  *  msg         [in]      Message to sign.
@@ -10233,6 +10240,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
  *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
  *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
  *          0 otherwise.
+ * NOTE: This is a pre-FIPS 204 API without context support. New code should
+ *       use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0 instead.
  */
 int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     word32 *sigLen, dilithium_key* key, WC_RNG* rng)
@@ -10271,6 +10280,7 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Sign the message hash using the dilithium private key.
  *
@@ -10379,6 +10389,7 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
     return ret;
 }
 
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 /* Sign the message using the dilithium private key.
  *
  *  msg         [in]      Message to sign.
@@ -10390,6 +10401,8 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
  *  returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
  *          BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
  *          0 otherwise.
+ * NOTE: This is a pre-FIPS 204 API without context support. New code should
+ *       use wc_dilithium_sign_ctx_msg_with_seed() instead.
  */
 int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
     word32 *sigLen, dilithium_key* key, const byte* seed)
@@ -10414,6 +10427,7 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Sign the message using the dilithium private key.
  *
@@ -10514,16 +10528,14 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
         ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig,
             sigLen, res);
     #elif defined(HAVE_LIBOQS)
-        ret = NOT_COMPILED_IN;
-        (void)sigLen;
-        (void)msgLen;
-        (void)res;
+        ret = oqs_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key);
     #endif
     }
 
     return ret;
 }
 
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 /* Verify the message using the dilithium public key.
  *
  *  sig         [in]  Signature to verify.
@@ -10535,6 +10547,8 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
  *  returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
  *          BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
  *          0 otherwise.
+ * NOTE: This is a pre-FIPS 204 API without context support. New code should
+ *       use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0 instead.
  */
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     word32 msgLen, int* res, dilithium_key* key)
@@ -10573,6 +10587,7 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
 
     return ret;
 }
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 
 /* Verify the message using the dilithium public key.
  *

wolfcrypt/src/dilithium.c

@@ -50246,14 +50246,14 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
     if (sigLen <= 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
-    ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key,
-        rng);
+    ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
+        &sigLen, key, rng);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
-    ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
-        key);
+    ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
+        (word32)sizeof(msg), &res, key);
     if (ret != 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     if (res != 1)

wolfcrypt/test/test.c

@@ -803,6 +803,13 @@ struct dilithium_key {
     #define WC_DILITHIUMKEY_TYPE_DEFINED
 #endif
 
+/* When WOLFSSL_DILITHIUM_FIPS204_DRAFT is enabled the legacy (pre-FIPS 204)
+ * no-context sign/verify API is required to handle draft-format signatures. */
+#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \
+    !defined(WOLFSSL_DILITHIUM_NO_CTX)
+    #define WOLFSSL_DILITHIUM_NO_CTX
+#endif
+
 /* Functions */
 
 #ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
@@ -811,19 +818,30 @@ int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
 
+/* Legacy sign API without context parameter (pre-FIPS 204).
+ * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
+ * New code should use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0
+ * for FIPS 204 compliant signing with an empty context. */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 WOLFSSL_API
 int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
     word32* sigLen, dilithium_key* key, WC_RNG* rng);
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 WOLFSSL_API
 int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
     word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
     const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
     dilithium_key* key, WC_RNG* rng);
+/* Legacy seed-based sign API without context parameter (pre-FIPS 204).
+ * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
+ * New code should use wc_dilithium_sign_ctx_msg_with_seed() instead. */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 WOLFSSL_API
 int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
     word32 *sigLen, dilithium_key* key, const byte* seed);
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 WOLFSSL_API
 int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
     const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
@@ -832,10 +850,16 @@ WOLFSSL_API
 int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
     int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
     dilithium_key* key, const byte* seed);
-#endif
+#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */
+/* Legacy verify API without context parameter (pre-FIPS 204).
+ * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
+ * New code should use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0
+ * for FIPS 204 compliant verification with an empty context. */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
     word32 msgLen, int* res, dilithium_key* key);
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 WOLFSSL_API
 int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
     byte ctxLen, const byte* msg, word32 msgLen, int* res,
@@ -1074,8 +1098,12 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
     wc_dilithium_export_private_only(key, out, outLen)
 #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen)                              \
     wc_dilithium_import_private_only(in, inLen, key)
+/* Legacy no-context sign alias: only available with WOLFSSL_DILITHIUM_NO_CTX.
+ * Prefer wc_MlDsaKey_SignCtx() with empty context for FIPS 204 compliance. */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng)                     \
     wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 #define wc_MlDsaKey_SignCtx(key, ctx, ctxSz, sig, sigSz, msg, msgSz, rng)      \
     wc_dilithium_sign_ctx_msg(ctx, ctxSz, msg, msgSz, sig, sigSz, key, rng)
 #define wc_MlDsaKey_SignCtxHash(key, ctx, ctxSz, sig, sigSz, hash, hashSz,     \
@@ -1088,8 +1116,12 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
     wc_dilithium_export_public(key, out, outLen)
 #define wc_MlDsaKey_ImportPubRaw(key, in, inLen)                               \
     wc_dilithium_import_public(in, inLen, key)
+/* Legacy no-context verify alias: only available with WOLFSSL_DILITHIUM_NO_CTX.
+ * Prefer wc_MlDsaKey_VerifyCtx() with empty context for FIPS 204 compliance. */
+#ifdef WOLFSSL_DILITHIUM_NO_CTX
 #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res)                   \
     wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
+#endif /* WOLFSSL_DILITHIUM_NO_CTX */
 #define wc_MlDsaKey_VerifyCtx(key, sig, sigSz, ctx, ctxSz, msg, msgSz, res)    \
     wc_dilithium_verify_ctx_msg(sig, sigSz, ctx, ctxSz, msg, msgSz, res, key)
 #define wc_MlDsaKey_VerifyCtxHash(key, sig, sigSz, ctx, ctxSz, hash, hashSz,   \

wolfssl/wolfcrypt/dilithium.h

@@ -316,9 +316,9 @@ fn scan_cfg() -> Result<()> {
     check_cfg(&binding, "wc_dilithium_init", "dilithium");
     check_cfg(&binding, "wc_dilithium_make_key", "dilithium_make_key");
     check_cfg(&binding, "wc_dilithium_make_key_from_seed", "dilithium_make_key_from_seed");
-    check_cfg(&binding, "wc_dilithium_sign_msg", "dilithium_sign");
-    check_cfg(&binding, "wc_dilithium_sign_msg_with_seed", "dilithium_sign_with_seed");
-    check_cfg(&binding, "wc_dilithium_verify_msg", "dilithium_verify");
+    check_cfg(&binding, "wc_dilithium_sign_ctx_msg", "dilithium_sign");
+    check_cfg(&binding, "wc_dilithium_sign_ctx_msg_with_seed", "dilithium_sign_with_seed");
+    check_cfg(&binding, "wc_dilithium_verify_ctx_msg", "dilithium_verify");
     check_cfg(&binding, "wc_dilithium_import_public", "dilithium_import");
     check_cfg(&binding, "wc_dilithium_export_public", "dilithium_export");
     check_cfg(&binding, "wc_dilithium_check_key", "dilithium_check_key");

wrapper/rust/wolfssl-wolfcrypt/build.rs

@@ -867,7 +867,8 @@ impl Dilithium {
         let msg_len = msg.len() as u32;
         let mut sig_len = sig.len() as u32;
         let rc = unsafe {
-            sys::wc_dilithium_sign_msg(
+            sys::wc_dilithium_sign_ctx_msg(
+                core::ptr::null(), 0,
                 msg.as_ptr(), msg_len,
                 sig.as_mut_ptr(), &mut sig_len,
                 &mut self.ws_key,
@@ -1038,7 +1039,8 @@ impl Dilithium {
         let msg_len = msg.len() as u32;
         let mut sig_len = sig.len() as u32;
         let rc = unsafe {
-            sys::wc_dilithium_sign_msg_with_seed(
+            sys::wc_dilithium_sign_ctx_msg_with_seed(
+                core::ptr::null(), 0,
                 msg.as_ptr(), msg_len,
                 sig.as_mut_ptr(), &mut sig_len,
                 &mut self.ws_key,
@@ -1184,8 +1186,9 @@ impl Dilithium {
         let msg_len = msg.len() as u32;
         let mut res = 0i32;
         let rc = unsafe {
-            sys::wc_dilithium_verify_msg(
+            sys::wc_dilithium_verify_ctx_msg(
                 sig.as_ptr(), sig_len,
+                core::ptr::null(), 0,
                 msg.as_ptr(), msg_len,
                 &mut res,
                 &mut self.ws_key,