@@ -4423,9 +4423,8 @@ int wolfTPM2_SignSequenceComplete(WOLFTPM2_DEV* dev,
44234423 }
44244424 }
44254425#ifdef WOLFTPM_V185
4426- else if (signSeqCompleteOut .signature .sigAlg == TPM_ALG_ML_DSA_44 ||
4427- signSeqCompleteOut .signature .sigAlg == TPM_ALG_ML_DSA_65 ||
4428- signSeqCompleteOut .signature .sigAlg == TPM_ALG_ML_DSA_87 ) {
4426+ else if (signSeqCompleteOut .signature .sigAlg == TPM_ALG_MLDSA ||
4427+ signSeqCompleteOut .signature .sigAlg == TPM_ALG_HASH_MLDSA ) {
44294428 /* ML-DSA signature is a variable-length buffer */
44304429 int sigOutSz = signSeqCompleteOut .signature .signature .mldsa .signature .size ;
44314430 if (* sigSz >= sigOutSz ) {
@@ -4565,17 +4564,16 @@ int wolfTPM2_VerifySequenceComplete(WOLFTPM2_DEV* dev,
45654564 else {
45664565 /* For ML-DSA try to detect from signature */
45674566 TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_NULL ;
4568-
4567+
45694568 /* Try to get scheme from key if available */
45704569 if (key -> pub .publicArea .type == TPM_ALG_KEYEDHASH ) {
45714570 /* KEYEDHASH keys may have ML-DSA scheme */
45724571 /* The scheme is in keyedHashDetail.scheme.scheme */
45734572 scheme = key -> pub .publicArea .parameters .keyedHashDetail .scheme .scheme ;
45744573 }
4575-
4574+
45764575 /* Check if it's an ML-DSA algorithm from key scheme */
4577- if (scheme == TPM_ALG_ML_DSA_44 || scheme == TPM_ALG_ML_DSA_65 ||
4578- scheme == TPM_ALG_ML_DSA_87 ) {
4576+ if (scheme == TPM_ALG_MLDSA || scheme == TPM_ALG_HASH_MLDSA ) {
45794577 signature .sigAlg = scheme ;
45804578 /* ML-DSA signatures use SHA3-256, SHA3-384, or SHA3-512 typically */
45814579 /* Default to SHA3-256 if not specified */
@@ -4588,18 +4586,9 @@ int wolfTPM2_VerifySequenceComplete(WOLFTPM2_DEV* dev,
45884586 }
45894587 /* Fallback: detect ML-DSA from signature size if scheme not available */
45904588 else if (sigSz >= 2000 && sigSz <= 5000 ) {
4591- /* Likely ML-DSA signature - determine variant from size */
4589+ /* Likely ML-DSA signature based on size */
45924590 /* ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
4593- if (sigSz <= 3000 ) {
4594- scheme = TPM_ALG_ML_DSA_44 ;
4595- }
4596- else if (sigSz <= 4000 ) {
4597- scheme = TPM_ALG_ML_DSA_65 ;
4598- }
4599- else {
4600- scheme = TPM_ALG_ML_DSA_87 ;
4601- }
4602- signature .sigAlg = scheme ;
4591+ signature .sigAlg = TPM_ALG_MLDSA ;
46034592 signature .signature .mldsa .hash = TPM_ALG_SHA3_256 ;
46044593 if (sigSz > (int )sizeof (signature .signature .mldsa .signature .buffer )) {
46054594 return BUFFER_E ;
@@ -4690,9 +4679,8 @@ int wolfTPM2_SignDigest(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
46904679 }
46914680 }
46924681#ifdef WOLFTPM_V185
4693- else if (signDigestOut .signature .sigAlg == TPM_ALG_ML_DSA_44 ||
4694- signDigestOut .signature .sigAlg == TPM_ALG_ML_DSA_65 ||
4695- signDigestOut .signature .sigAlg == TPM_ALG_ML_DSA_87 ) {
4682+ else if (signDigestOut .signature .sigAlg == TPM_ALG_MLDSA ||
4683+ signDigestOut .signature .sigAlg == TPM_ALG_HASH_MLDSA ) {
46964684 /* ML-DSA signature is a variable-length buffer */
46974685 int sigOutSz = signDigestOut .signature .signature .mldsa .signature .size ;
46984686 if (* sigSz >= sigOutSz ) {
@@ -4780,17 +4768,16 @@ int wolfTPM2_VerifyDigestSignature(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
47804768 /* ML-DSA signatures are large: ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
47814769 /* First, check if key has a scheme that indicates ML-DSA */
47824770 TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_NULL ;
4783-
4771+
47844772 /* Try to get scheme from key if available */
47854773 if (key -> pub .publicArea .type == TPM_ALG_KEYEDHASH ) {
47864774 /* KEYEDHASH keys may have ML-DSA scheme */
47874775 /* The scheme is in keyedHashDetail.scheme.scheme */
47884776 scheme = key -> pub .publicArea .parameters .keyedHashDetail .scheme .scheme ;
47894777 }
4790-
4778+
47914779 /* Check if it's an ML-DSA algorithm from key scheme */
4792- if (scheme == TPM_ALG_ML_DSA_44 || scheme == TPM_ALG_ML_DSA_65 ||
4793- scheme == TPM_ALG_ML_DSA_87 ) {
4780+ if (scheme == TPM_ALG_MLDSA || scheme == TPM_ALG_HASH_MLDSA ) {
47944781 signature .sigAlg = scheme ;
47954782 /* ML-DSA signatures use SHA3-256, SHA3-384, or SHA3-512 typically */
47964783 /* Default to SHA3-256 if not specified */
@@ -4803,18 +4790,9 @@ int wolfTPM2_VerifyDigestSignature(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
48034790 }
48044791 /* Fallback: detect ML-DSA from signature size if scheme not available */
48054792 else if (sigSz >= 2000 && sigSz <= 5000 ) {
4806- /* Likely ML-DSA signature - determine variant from size */
4793+ /* Likely ML-DSA signature based on size */
48074794 /* ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
4808- if (sigSz <= 3000 ) {
4809- scheme = TPM_ALG_ML_DSA_44 ;
4810- }
4811- else if (sigSz <= 4000 ) {
4812- scheme = TPM_ALG_ML_DSA_65 ;
4813- }
4814- else {
4815- scheme = TPM_ALG_ML_DSA_87 ;
4816- }
4817- signature .sigAlg = scheme ;
4795+ signature .sigAlg = TPM_ALG_MLDSA ;
48184796 signature .signature .mldsa .hash = TPM_ALG_SHA3_256 ;
48194797 if (sigSz > (int )sizeof (signature .signature .mldsa .signature .buffer )) {
48204798 return BUFFER_E ;
0 commit comments