Merge pull request #8639 from anhu/cmake_pq

Fix building ML-KEM and LMS with cmake

Author: douzzer

.github/workflows/cmake.yml

@@ -77,6 +77,7 @@ jobs:
             -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
             -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
             -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
+            -DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \
             -DWOLFSSL_X963KDF:BOOL=yes \
             -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
             ..

CMakeLists.txt

@@ -573,10 +573,19 @@ add_option(WOLFSSL_OQS
     "no" "yes;no")
 
 # ML-KEM/Kyber
-add_option(WOLFSSL_MMLKEM
+add_option(WOLFSSL_MLKEM
     "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
     "no" "yes;no")
 
+# LMS
+add_option(WOLFSSL_LMS
+    "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)"
+    "no" "yes;no")
+
+add_option(WOLFSSL_LMSSHA256192
+    "Enable the LMS SHA_256_192 truncated variant (default: disabled)"
+    "no" "yes;no")
+
 # Experimental features
 add_option(WOLFSSL_EXPERIMENTAL
     "Enable experimental features (default: disabled)"
@@ -590,7 +599,7 @@ if (WOLFSSL_EXPERIMENTAL)
     # check if any experimental features are also enabled:
     set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
 
-    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
+    set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT)
 
     # Checking for experimental feature: OQS
     message(STATUS "Looking for WOLFSSL_OQS")
@@ -605,9 +614,9 @@ if (WOLFSSL_EXPERIMENTAL)
             list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
             list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
 
-            set_wolfssl_definitions("HAVE_LIBOQS"          RESUlT)
-            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESUlT)
-            set_wolfssl_definitions("OPENSSL_EXTRA"        RESUlT)
+            set_wolfssl_definitions("HAVE_LIBOQS"          RESULT)
+            set_wolfssl_definitions("HAVE_TLS_EXTENSIONS"  RESULT)
+            set_wolfssl_definitions("OPENSSL_EXTRA"        RESULT)
 
         else()
             message(STATUS "Checking OQS - not found")
@@ -617,20 +626,52 @@ if (WOLFSSL_EXPERIMENTAL)
         message(STATUS "Looking for WOLFSSL_OQS - not found")
     endif()
 
-    # Checking for experimental feature: Kyber
-    message(STATUS "Looking for WOLFSSL_KYBER")
-    if (WOLFSSL_KYBER)
+    # Checking for experimental feature: WOLFSSL_MLKEM
+    message(STATUS "Looking for WOLFSSL_MLKEM")
+    if (WOLFSSL_MLKEM)
         set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
 
-        message(STATUS "Automatically set related requirements for Kyber:")
-        set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESUlT)
-        set_wolfssl_definitions("WOLFSSL_WC_MLKEM"   RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHA3"       RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESUlT)
-        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESUlT)
-        message(STATUS "Looking for WOLFSSL_KYBER - found")
+        message(STATUS "Automatically set related requirements for ML-KEM:")
+        add_definitions("-DWOLFSSL_HAVE_MLKEM")
+        add_definitions("-DWOLFSSL_WC_MLKEM")
+        add_definitions("-DWOLFSSL_SHA3")
+        add_definitions("-DWOLFSSL_SHAKE128")
+        add_definitions("-DWOLFSSL_SHAKE256")
+
+        set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT)
+        set_wolfssl_definitions("WOLFSSL_WC_MLKEM"   RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHA3"       RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE128"   RESULT)
+        set_wolfssl_definitions("WOLFSSL_SHAKE256"   RESULT)
+        message(STATUS "Looking for WOLFSSL_MLKEM - found")
+    else()
+        message(STATUS "Looking for WOLFSSL_MLKEM - not found")
+    endif()
+
+    # Checking for experimental feature: WOLFSSL_LMS
+    message(STATUS "Looking for WOLFSSL_LMS")
+    if (WOLFSSL_LMS)
+        set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 2)
+
+        message(STATUS "Automatically set related requirements for LMS")
+        add_definitions("-DWOLFSSL_HAVE_LMS")
+        add_definitions("-DWOLFSSL_WC_LMS")
+        set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
+        set_wolfssl_definitions("WOLFSSL_WC_LMS"   RESULT)
+        message(STATUS "Looking for WOLFSSL_LMS - found")
+        # Checking for experimental feature: WOLFSSL_LMSSHA256192
+        if (WOLFSSL_LMSSHA256192)
+            message(STATUS "Automatically set related requirements for LMS SHA256-192")
+            add_definitions("-DWOLFSSL_LMS_SHA256_192")
+            add_definitions("-DWOLFSSL_NO_LMS_SHA256_256")
+            set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192"    RESULT)
+            set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT)
+            message(STATUS "Looking for WOLFSSL_LMSSHA256192 - found")
+        else()
+            message(STATUS "Looking for WOLFSSL_LMSSHA256192 - not found")
+        endif()
     else()
-        message(STATUS "Looking for WOLFSSL_KYBER - not found")
+        message(STATUS "Looking for WOLFSSL_LMS - not found")
     endif()
 
     # Other experimental feature detection can be added here...
@@ -643,8 +684,8 @@ if (WOLFSSL_EXPERIMENTAL)
     endif()
 
     # Sanity checks
-    if(WOLFSSL_OQS AND WOLFSSL_KYBER)
-        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
+    if(WOLFSSL_OQS AND WOLFSSL_MLKEM)
+        message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.")
     endif()
 
 else()
@@ -653,8 +694,8 @@ else()
     if (WOLFSSL_OQS)
         message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
-    if(WOLFSSL_KYBER)
-        message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
+    if(WOLFSSL_MLKEM)
+        message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.")
     endif()
 endif()
 

cmake/functions.cmake

@@ -198,14 +198,14 @@ function(generate_build_flags)
     if(WOLFSSL_XCHACHA OR WOLFSSL_USER_SETTINGS)
         set(BUILD_XCHACHA "yes" PARENT_SCOPE)
     endif()
-    if(WOLFSSL_KYBER OR WOLFSSL_USER_SETTINGS)
-        set(BUILD_WC_KYBER "yes" PARENT_SCOPE)
+    if(WOLFSSL_MLKEM OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_WC_MLKEM "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
         set(BUILD_FALCON "yes" PARENT_SCOPE)
         set(BUILD_SPHINCS "yes" PARENT_SCOPE)
         set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
-        set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
+        set(BUILD_EXT_MLKEM "yes" PARENT_SCOPE)
         set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
     endif()
     if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
@@ -811,7 +811,7 @@ function(generate_lib_src_list LIB_SOURCES)
               list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
          endif()
 
-         if(BUILD_WC_KYBER)
+         if(BUILD_WC_MLKEM)
               list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem.c)
               list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_poly.c)
 
@@ -820,7 +820,7 @@ function(generate_lib_src_list LIB_SOURCES)
               endif()
          endif()
 
-         if(BUILD_EXT_KYBER)
+         if(BUILD_EXT_MLKEM)
               list(APPEND LIB_SOURCES wolfcrypt/src/ext_mlkem.c)
          endif()
 

cmake/options.h.in

@@ -386,6 +386,10 @@ extern "C" {
 #cmakedefine WOLFSSL_HAVE_LMS
 #undef WOLFSSL_WC_LMS
 #cmakedefine WOLFSSL_WC_LMS
+#undef  WOLFSSL_LMS_SHA256_192
+#cmakedefine WOLFSSL_LMS_SHA256_192
+#undef  WOLFSSL_NO_LMS_SHA256_256
+#cmakedefine WOLFSSL_NO_LMS_SHA256_256
 #undef WOLFSSL_HAVE_XMSS
 #cmakedefine WOLFSSL_HAVE_XMSS
 #undef WOLFSSL_WC_XMSS