Support for ML-DSA in PKCS#11

Offload ML-DSA operations onto a PKCS#11 token via the cryptoCb
interface:
* Key generation
* Signature generation
* Signature verification
* Key import

Both the pure and pre-hash versions are supported. Not yet supported are
the pre-hash versions that also offload the hashing onto the token.

This also fixes casting errors introduced in #9780 due to usage of
uintptr_t, which is unavailable without including stdint.h on some
platforms. Use the wolfssl own wc_ptr_t instead.

Author: Frauschi

.wolfssl_known_macro_extras

@@ -418,6 +418,7 @@ NO_PKCS11_ECC
 NO_PKCS11_ECDH
 NO_PKCS11_EC_KEYGEN
 NO_PKCS11_HMAC
+NO_PKCS11_MLDSA
 NO_PKCS11_RNG
 NO_PKCS11_RSA
 NO_PKCS11_RSA_PKCS

wolfcrypt/src/aes.c

@@ -13601,7 +13601,7 @@ void wc_AesFree(Aes* aes)
     #endif
     {
         int ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
-                                   WC_CIPHER_AES, aes);
+                                   WC_CIPHER_AES, 0, aes);
     #ifdef WOLF_CRYPTO_CB_AES_SETKEY
         aes->devCtx = NULL;  /* Clear device context handle */
     #endif

wolfcrypt/src/cryptocb.c

@@ -2120,11 +2120,13 @@ int wc_CryptoCb_Copy(int devId, int algo, int type, void* src, void* dst)
  *       WC_ALGO_TYPE_CIPHER, etc
  * type: Specific type - for HASH: enum wc_HashType, for CIPHER:
  *       enum wc_CipherType
+ * subType: Specific subtype - for PQC: enum wc_PqcKemType,
+ *       enum wc_PqcSignatureType
  * obj: Pointer to object structure to free
  * Returns: 0 on success, negative on error, CRYPTOCB_UNAVAILABLE if not
  *          handled
  */
-int wc_CryptoCb_Free(int devId, int algo, int type, void* obj)
+int wc_CryptoCb_Free(int devId, int algo, int type, int subType, void* obj)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
@@ -2137,6 +2139,7 @@ int wc_CryptoCb_Free(int devId, int algo, int type, void* obj)
         cryptoInfo.algo_type = WC_ALGO_TYPE_FREE;
         cryptoInfo.free.algo = algo;
         cryptoInfo.free.type = type;
+        cryptoInfo.free.subType = subType;
         cryptoInfo.free.obj = obj;
 
         ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);

wolfcrypt/src/dilithium.c

@@ -10834,6 +10834,14 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level)
 void wc_dilithium_free(dilithium_key* key)
 {
     if (key != NULL) {
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
+        if (key->devId != INVALID_DEVID) {
+            wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
+                             WC_PK_TYPE_PQC_SIG_KEYGEN,
+                             WC_PQC_SIG_TYPE_DILITHIUM,
+                             (void*)key);
+        }
+#endif
 #ifdef WOLFSSL_WC_DILITHIUM
 #ifndef WC_DILITHIUM_FIXED_ARRAY
         /* Dispose of cached items. */

wolfcrypt/src/ecc.c

@@ -7894,7 +7894,7 @@ int wc_ecc_free(ecc_key* key)
 #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
     if (key->devId != INVALID_DEVID) {
         wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK,
-                         WC_PK_TYPE_EC_KEYGEN, key);
+                         WC_PK_TYPE_EC_KEYGEN, 0, key);
     }
 #endif
 

wolfcrypt/src/sha.c

@@ -1062,7 +1062,7 @@ void wc_ShaFree(wc_Sha* sha)
     #endif
     {
         ret = wc_CryptoCb_Free(sha->devId, WC_ALGO_TYPE_HASH,
-                         WC_HASH_TYPE_SHA, (void*)sha);
+                         WC_HASH_TYPE_SHA, 0, (void*)sha);
         /* If they want the standard free, they can call it themselves */
         /* via their callback setting devId to INVALID_DEVID */
         /* otherwise assume the callback handled it */

wolfcrypt/src/sha256.c

@@ -2305,7 +2305,7 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
     #endif
         {
             ret = wc_CryptoCb_Free(sha224->devId, WC_ALGO_TYPE_HASH,
-                             WC_HASH_TYPE_SHA224, (void*)sha224);
+                             WC_HASH_TYPE_SHA224, 0, (void*)sha224);
             /* If they want the standard free, they can call it themselves */
             /* via their callback setting devId to INVALID_DEVID */
             /* otherwise assume the callback handled it */
@@ -2382,7 +2382,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
     #endif
     {
         ret = wc_CryptoCb_Free(sha256->devId, WC_ALGO_TYPE_HASH,
-                         WC_HASH_TYPE_SHA256, (void*)sha256);
+                         WC_HASH_TYPE_SHA256, 0, (void*)sha256);
         /* If they want the standard free, they can call it themselves */
         /* via their callback setting devId to INVALID_DEVID */
         /* otherwise assume the callback handled it */

wolfcrypt/src/sha3.c

@@ -1252,7 +1252,7 @@ static void wc_Sha3Free(wc_Sha3* sha3)
     #endif
     {
         ret = wc_CryptoCb_Free(sha3->devId, WC_ALGO_TYPE_HASH,
-                         sha3->hashType, (void*)sha3);
+                         sha3->hashType, 0, (void*)sha3);
         /* If they want the standard free, they can call it themselves */
         /* via their callback setting devId to INVALID_DEVID */
         /* otherwise assume the callback handled it */

wolfcrypt/src/sha512.c

@@ -1635,7 +1635,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
     #endif
     {
         ret = wc_CryptoCb_Free(sha512->devId, WC_ALGO_TYPE_HASH,
-                         WC_HASH_TYPE_SHA512, (void*)sha512);
+                         WC_HASH_TYPE_SHA512, 0, (void*)sha512);
         /* If they want the standard free, they can call it themselves */
         /* via their callback setting devId to INVALID_DEVID */
         /* otherwise assume the callback handled it */
@@ -2117,7 +2117,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
     #endif
     {
         ret = wc_CryptoCb_Free(sha384->devId, WC_ALGO_TYPE_HASH,
-                         WC_HASH_TYPE_SHA384, (void*)sha384);
+                         WC_HASH_TYPE_SHA384, 0, (void*)sha384);
         /* If they want the standard free, they can call it themselves */
         /* via their callback setting devId to INVALID_DEVID */
         /* otherwise assume the callback handled it */