Make memory backing top-level allocations configurable #713
Description
The core APIs allocate a number of large objects on the stack as separate local variables. For example, crypto_sign_verify_internal starts like this:
int crypto_sign_verify_internal(const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen,
const uint8_t *pre, size_t prelen,
const uint8_t pk[CRYPTO_PUBLICKEYBYTES],
int externalmu)
{
unsigned int i;
int res;
MLD_ALIGN uint8_t buf[MLDSA_K * MLDSA_POLYW1_PACKEDBYTES];
MLD_ALIGN uint8_t rho[MLDSA_SEEDBYTES];
MLD_ALIGN uint8_t mu[MLDSA_CRHBYTES];
MLD_ALIGN uint8_t c[MLDSA_CTILDEBYTES];
MLD_ALIGN uint8_t c2[MLDSA_CTILDEBYTES];
mld_poly cp;
mld_polyvecl mat[MLDSA_K], z;
mld_polyveck t1, w1, tmp, h;
...This causes a large amount of stack usage (>100K for ML-DSA-87) which may be unacceptable for some environments. Specifically, some environments might not have enough memory at all, while other may, but require heap rather than stack allocation. At the moment, mldsa-native provides no flexibility to specify the source of allocation.
Task: Provide a means to configure where the 'core objects' in the top-level APIs should be allocated from.
Outline:
- As a first experiment, move all larger objects into a single
struct, one per high-level API; it can be declared inline. The code-motion is straightforward, but CBMC will pose a challenge because we cannot useobject_wholeanymore. - Once 1. works, make minimal experiments moving objects in a
unionif they are not used at the same time. Again, check what CBMC does. - If 1. and 2. pan out, configure the allocation mechanism by providing a configurable macro for the struct allocation. By default, this should be implemented as a stack allocation. There will also need to be a 'free'-macro which for the stack case will be a no-op.
- Implement a new example implementing the allocation via the heap. The allocation macro should call
allocand the free macrofree.