Move MAX_* def and remove unesesary gateing

Author: aidangarske

src/tpm2_packet.c

@@ -812,7 +812,6 @@ void TPM2_Packet_AppendSignature(TPM2_Packet* packet, TPMT_SIGNATURE* sig)
         TPM2_Packet_AppendBytes(packet, sig->signature.hmac.digest.H, digestSz);
         break;
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     case TPM_ALG_ML_DSA_44:
     case TPM_ALG_ML_DSA_65:
     case TPM_ALG_ML_DSA_87:
@@ -821,7 +820,6 @@ void TPM2_Packet_AppendSignature(TPM2_Packet* packet, TPMT_SIGNATURE* sig)
         TPM2_Packet_AppendBytes(packet, sig->signature.mldsa.signature.buffer,
             sig->signature.mldsa.signature.size);
         break;
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
     default:
         break;
@@ -860,7 +858,6 @@ void TPM2_Packet_ParseSignature(TPM2_Packet* packet, TPMT_SIGNATURE* sig)
         TPM2_Packet_ParseBytes(packet, sig->signature.hmac.digest.H, digestSz);
         break;
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     case TPM_ALG_ML_DSA_44:
     case TPM_ALG_ML_DSA_65:
     case TPM_ALG_ML_DSA_87:
@@ -869,7 +866,6 @@ void TPM2_Packet_ParseSignature(TPM2_Packet* packet, TPMT_SIGNATURE* sig)
         TPM2_Packet_ParseBytes(packet, sig->signature.mldsa.signature.buffer,
             sig->signature.mldsa.signature.size);
         break;
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
     default:
         break;

src/tpm2_wrap.c

@@ -4423,7 +4423,6 @@ int wolfTPM2_SignSequenceComplete(WOLFTPM2_DEV* dev,
             }
         }
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
         else if (signSeqCompleteOut.signature.sigAlg == TPM_ALG_ML_DSA_44 ||
                  signSeqCompleteOut.signature.sigAlg == TPM_ALG_ML_DSA_65 ||
                  signSeqCompleteOut.signature.sigAlg == TPM_ALG_ML_DSA_87) {
@@ -4437,7 +4436,6 @@ int wolfTPM2_SignSequenceComplete(WOLFTPM2_DEV* dev,
                 rc = BUFFER_E;
             }
         }
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
         else {
             /* Unknown algorithm */
@@ -4564,7 +4562,6 @@ int wolfTPM2_VerifySequenceComplete(WOLFTPM2_DEV* dev,
         XMEMCPY(signature.signature.rsassa.sig.buffer, sig, sigSz);
     }
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     else {
         /* For ML-DSA try to detect from signature */
         TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_NULL;
@@ -4615,7 +4612,6 @@ int wolfTPM2_VerifySequenceComplete(WOLFTPM2_DEV* dev,
             return BAD_FUNC_ARG;
         }
     }
-#endif /* HAVE_DILITHIUM */
 #else
     else {
         /* For PQ algorithms or unknown types, return error */
@@ -4694,7 +4690,6 @@ int wolfTPM2_SignDigest(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
             }
         }
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
         else if (signDigestOut.signature.sigAlg == TPM_ALG_ML_DSA_44 ||
                  signDigestOut.signature.sigAlg == TPM_ALG_ML_DSA_65 ||
                  signDigestOut.signature.sigAlg == TPM_ALG_ML_DSA_87) {
@@ -4708,7 +4703,6 @@ int wolfTPM2_SignDigest(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
                 rc = BUFFER_E;
             }
         }
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
         else {
             /* Unknown algorithm */
@@ -4781,7 +4775,6 @@ int wolfTPM2_VerifyDigestSignature(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         XMEMCPY(signature.signature.rsassa.sig.buffer, sig, sigSz);
     }
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     else {
         /* For ML-DSA and other PQ algorithms, try to detect from signature */
         /* ML-DSA signatures are large: ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
@@ -4834,7 +4827,6 @@ int wolfTPM2_VerifyDigestSignature(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
             return BAD_FUNC_ARG;
         }
     }
-#endif /* HAVE_DILITHIUM */
 #else
     else {
         /* For PQ algorithms or unknown types, return error */

tests/unit_tests.c

@@ -428,8 +428,8 @@ static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev,
     word32 rLen, sLen;
     ecc_key wolfKey;
     int curveSize = TPM2_GetCurveSize(curve);
+    int tpmDevId = -2; /* INVALID_DEVID */
 #ifdef WOLF_CRYPTO_CB
-    int tpmDevId = INVALID_DEVID;
     TpmCryptoDevCtx tpmCtx;
 
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
@@ -553,9 +553,11 @@ static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev,
         (flags & FLAGS_USE_CRYPTO_CB) ? "Crypto CB" : "",
         rc == 0 ? "Passed" : "Failed");
 
+#ifdef WOLFTPM_CRYPTOCB
     if (flags & FLAGS_USE_CRYPTO_CB) {
         wolfTPM2_ClearCryptoDevCb(dev, tpmDevId);
     }
+#endif
 }
 
 static void test_wolfTPM2_EccSignVerify_All(WOLFTPM2_DEV* dev,
@@ -884,7 +886,6 @@ static void test_wolfTPM2_KeyBlob(TPM_ALG_ID alg)
 }
 
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
 /* Post-Quantum Cryptography (PQC) Unit Tests - TPM 2.0 v185 */
 
 /* Test ML-DSA Sign Sequence (Start, Update, Complete) */
@@ -1010,7 +1011,6 @@ static void test_wolfTPM2_MLDSA_VerifyDigestSignature(WOLFTPM2_DEV* dev,
     printf("Test TPM Wrapper:\tML-DSA Verify Digest:\t%s\n",
         rc == 0 ? "Passed" : "Failed");
 }
-#endif /* HAVE_DILITHIUM */
 
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && \
     (defined(WOLFSSL_HAVE_MLKEM) || defined(WOLFSSL_KYBER512) || \
@@ -1114,13 +1114,11 @@ static void test_wolfTPM2_PQC(void)
     int rc;
     WOLFTPM2_DEV dev;
     WOLFTPM2_KEY storageKey;
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     WOLFTPM2_KEY mldsaKey;
     byte sig[5000];
     int sigSz = (int)sizeof(sig);
     byte digest[32];
     int digestSz = 32;
-#endif
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && \
     (defined(WOLFSSL_HAVE_MLKEM) || defined(WOLFSSL_KYBER512) || \
      defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024))
@@ -1136,7 +1134,6 @@ static void test_wolfTPM2_PQC(void)
         (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
     AssertIntEQ(rc, 0);
 
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     /* Note: ML-DSA key creation would need proper TPM 2.0 v185 support */
     /* For now, tests will gracefully skip if not supported */
     printf("Testing ML-DSA functions (will skip if not supported by TPM)...\n");
@@ -1166,7 +1163,6 @@ static void test_wolfTPM2_PQC(void)
         test_wolfTPM2_MLDSA_VerifyDigestSignature(&dev, &mldsaKey,
             digest, digestSz, sig, sigSz);
     }
-#endif
 
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && \
     (defined(WOLFSSL_HAVE_MLKEM) || defined(WOLFSSL_KYBER512) || \

wolftpm/tpm2.h

@@ -901,25 +901,16 @@ typedef struct TPM2B_IV {
 
 #ifdef WOLFTPM_V185
 /* Post-Quantum Cryptography (PQC) Types */
-#ifndef MAX_SIGNATURE_CTX_SIZE
-#define MAX_SIGNATURE_CTX_SIZE 1024
-#endif
 typedef struct TPM2B_SIGNATURE_CTX {
     UINT16 size;
     BYTE buffer[MAX_SIGNATURE_CTX_SIZE];
 } TPM2B_SIGNATURE_CTX;
 
-#ifndef MAX_KEM_CIPHERTEXT_SIZE
-#define MAX_KEM_CIPHERTEXT_SIZE 2048
-#endif
 typedef struct TPM2B_KEM_CIPHERTEXT {
     UINT16 size;
     BYTE buffer[MAX_KEM_CIPHERTEXT_SIZE];
 } TPM2B_KEM_CIPHERTEXT;
 
-#ifndef MAX_SHARED_SECRET_SIZE
-#define MAX_SHARED_SECRET_SIZE 64
-#endif
 typedef struct TPM2B_SHARED_SECRET {
     UINT16 size;
     BYTE buffer[MAX_SHARED_SECRET_SIZE];
@@ -1418,14 +1409,11 @@ typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA;
 typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA;
 
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
 /* ML-DSA (Dilithium) Signature Structure */
-/* Only defined if wolfCrypt supports Dilithium (HAVE_DILITHIUM from settings.h) */
 typedef struct TPMS_SIGNATURE_ML_DSA {
     TPMI_ALG_HASH hash;
     TPM2B_MAX_BUFFER signature;  /* ML-DSA signature is variable length */
 } TPMS_SIGNATURE_ML_DSA;
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
 
 typedef union TPMU_SIGNATURE {
@@ -1436,9 +1424,7 @@ typedef union TPMU_SIGNATURE {
     TPMT_HA hmac;
     TPMS_SCHEME_HASH any;
 #ifdef WOLFTPM_V185
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_DILITHIUM)
     TPMS_SIGNATURE_ML_DSA mldsa;
-#endif /* HAVE_DILITHIUM */
 #endif /* WOLFTPM_V185 */
 } TPMU_SIGNATURE;
 

wolftpm/tpm2_types.h

@@ -689,6 +689,18 @@ typedef int64_t  INT64;
 #ifndef MAX_CAP_HANDLES
 #define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE))
 #endif
+#ifdef WOLFTPM_V185
+/* Post-Quantum Cryptography (PQC) Size Definitions */
+#ifndef MAX_SIGNATURE_CTX_SIZE
+#define MAX_SIGNATURE_CTX_SIZE 1024
+#endif
+#ifndef MAX_KEM_CIPHERTEXT_SIZE
+#define MAX_KEM_CIPHERTEXT_SIZE 2048
+#endif
+#ifndef MAX_SHARED_SECRET_SIZE
+#define MAX_SHARED_SECRET_SIZE 64
+#endif
+#endif /* WOLFTPM_V185 */
 #ifndef HASH_COUNT
     #ifndef WOLFTPM2_NO_WOLFCRYPT
         /* Calculate hash count based on wolfCrypt enables */