CR fixes, name changes

aws · Nov 7, 2024 · 7e524df · 7e524df
1 parent c72e3e6
commit 7e524df
Show file tree

Hide file tree

Showing 14 changed files with 382 additions and 78 deletions.
diff --git a/crypto/dilithium/p_dilithium3.c b/crypto/dilithium/p_dilithium3.c
@@ -106,7 +106,7 @@ static int pkey_pqdsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
   if (key == NULL ||
       !PQDSA_KEY_init(key, pqdsa) ||
       !pqdsa->method->keygen(key->public_key, key->secret_key) ||
-      !EVP_PKEY_set_type(pkey, EVP_PKEY_NISTDSA)) {
+      !EVP_PKEY_set_type(pkey, EVP_PKEY_PQDSA)) {
     PQDSA_KEY_free(key);
     return 0;
       }
@@ -144,7 +144,7 @@ static int pkey_pqdsa_sign_signature(EVP_PKEY_CTX *ctx, uint8_t *sig,
   // Check that the context is properly configured.
   if (ctx->pkey == NULL ||
       ctx->pkey->pkey.pqdsa_key == NULL ||
-      ctx->pkey->type != EVP_PKEY_NISTDSA) {
+      ctx->pkey->type != EVP_PKEY_PQDSA) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);
     return 0;
   }
@@ -179,7 +179,7 @@ static int pkey_pqdsa_verify_signature(EVP_PKEY_CTX *ctx, const uint8_t *sig,
   // Check that the context is properly configured.
   if (ctx->pkey == NULL ||
     ctx->pkey->pkey.pqdsa_key == NULL ||
-    ctx->pkey->type != EVP_PKEY_NISTDSA) {
+    ctx->pkey->type != EVP_PKEY_PQDSA) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);
     return 0;
   }
@@ -255,7 +255,7 @@ int EVP_PKEY_CTX_pqdsa_set_params(EVP_PKEY_CTX *ctx, int nid) {
 }
 
 const EVP_PKEY_METHOD pqdsa_pkey_meth = {
-  EVP_PKEY_NISTDSA,
+  EVP_PKEY_PQDSA,
   pkey_pqdsa_init /* init */,
   NULL /* copy */,
   pkey_pqdsa_cleanup /* cleanup */,

diff --git a/crypto/dilithium/p_dilithium3_asn1.c b/crypto/dilithium/p_dilithium3_asn1.c
@@ -229,13 +229,13 @@ static int pqdsa_bits(const EVP_PKEY *pkey) {
 
 const EVP_PKEY_ASN1_METHOD pqdsa_asn1_meth = {
   //2.16.840.1.101.3.4.3
-  EVP_PKEY_NISTDSA,
+  EVP_PKEY_PQDSA,
 
   {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03},
   8,
 
-  "NIST DSA",
-  "AWS-LC NIST DSA method",
+  "PQ DSA",
+  "AWS-LC PQ DSA method",
 
   pqdsa_pub_decode,
   pqdsa_pub_encode,

diff --git a/crypto/dilithium/p_dilithium_test.cc b/crypto/dilithium/p_dilithium_test.cc
diff --git a/crypto/evp_extra/evp_extra_test.cc b/crypto/evp_extra/evp_extra_test.cc
@@ -1179,7 +1179,7 @@ TEST(EVPExtraTest, d2i_PrivateKey) {
       ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));
 
 #ifdef ENABLE_DILITHIUM
-  EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_NISTDSA, kExampleMLDSA65KeyDER,
+  EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_PQDSA, kExampleMLDSA65KeyDER,
                               sizeof(kExampleMLDSA65KeyDER)));
 #endif
 

diff --git a/crypto/evp_extra/print.c b/crypto/evp_extra/print.c
@@ -387,7 +387,7 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
     },
 #ifdef ENABLE_DILITHIUM
     {
-        EVP_PKEY_NISTDSA,
+        EVP_PKEY_PQDSA,
         mldsa_65_pub_print,
         mldsa_65_priv_print,
         NULL /* param_print */,

diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h
@@ -7281,7 +7281,7 @@ static const uint8_t kObjectData[] = {
     0x0f,
     0x63,
     0x37,
-    /* NID_NISTDSA */
+    /* NID_PQDSA */
     0x60,
     0x86,
     0x48,
@@ -9000,7 +9000,7 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
      &kObjectData[6315], 0},
     {"SecP256r1MLKEM768", "SecP256r1MLKEM768", NID_SecP256r1MLKEM768, 5,
      &kObjectData[6320], 0},
-    {"NISTDSA", "NISTDSA", NID_NISTDSA, 8, &kObjectData[6325], 0},
+    {"PQDSA", "PQDSA", NID_PQDSA, 8, &kObjectData[6325], 0},
     {"MLDSA44", "MLDSA44", NID_MLDSA44, 9, &kObjectData[6333], 0},
     {"MLDSA65", "MLDSA65", NID_MLDSA65, 9, &kObjectData[6342], 0},
     {"MLDSA87", "MLDSA87", NID_MLDSA87, 9, &kObjectData[6351], 0},
@@ -9144,7 +9144,6 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     989 /* MLKEM768 */,
     986 /* MLKEM768IPD */,
     388 /* Mail */,
-    993 /* NISTDSA */,
     57 /* Netscape */,
     366 /* Nonce */,
     17 /* O */,
@@ -9170,6 +9169,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     69 /* PBKDF2 */,
     162 /* PBMAC1 */,
     127 /* PKIX */,
+    993 /* PQDSA */,
     935 /* PSPECIFIED */,
     98 /* RC2-40-CBC */,
     166 /* RC2-64-CBC */,
@@ -10074,7 +10074,6 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     648 /* Microsoft Smartcardlogin */,
     136 /* Microsoft Trust List Signing */,
     649 /* Microsoft Universal Principal Name */,
-    993 /* NISTDSA */,
     72 /* Netscape Base Url */,
     76 /* Netscape CA Policy Url */,
     74 /* Netscape CA Revocation Url */,
@@ -10099,6 +10098,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     69 /* PBKDF2 */,
     162 /* PBMAC1 */,
     127 /* PKIX */,
+    993 /* PQDSA */,
     858 /* Permanent Identifier */,
     164 /* Policy Qualifier CPS */,
     165 /* Policy Qualifier User Notice */,
@@ -11570,7 +11570,7 @@ static const uint16_t kNIDsInOIDOrder[] = {
     785 /* 1.3.6.1.5.5.7.48.5 (OBJ_caRepository) */,
     780 /* 1.3.6.1.5.5.8.1.1 (OBJ_hmac_md5) */,
     781 /* 1.3.6.1.5.5.8.1.2 (OBJ_hmac_sha1) */,
-    993 /* 2.16.840.1.101.3.4.3 (OBJ_NISTDSA) */,
+    993 /* 2.16.840.1.101.3.4.3 (OBJ_PQDSA) */,
     970 /* 2.16.840.1.101.3.4.4 (OBJ_kem) */,
     58 /* 2.16.840.1.113730.1 (OBJ_netscape_cert_extension) */,
     59 /* 2.16.840.1.113730.2 (OBJ_netscape_data_type) */,

diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num
@@ -980,7 +980,7 @@ MLKEM768		989
 MLKEM1024		990
 X25519MLKEM768		991
 SecP256r1MLKEM768		992
-NISTDSA		993
+PQDSA		993
 MLDSA44		994
 MLDSA65		995
 MLDSA87		996
diff --git a/crypto/obj/obj_xref.c b/crypto/obj/obj_xref.c
@@ -93,7 +93,7 @@ static const nid_triple kTriples[] = {
     // digest "undef" indicates the caller should handle this explicitly.
     {NID_rsassaPss, NID_undef, NID_rsaEncryption},
     {NID_ED25519, NID_undef, NID_ED25519},
-    {NID_NISTDSA, NID_undef, NID_NISTDSA},
+    {NID_PQDSA, NID_undef, NID_PQDSA},
 };
 
 int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid, int *out_pkey_nid) {

diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt
@@ -1405,7 +1405,7 @@ nist_kem 3 : MLKEM1024
 # OIDs for ML-DSA-44, ML-DSA-65, and ML-DSA-87 according to
 # https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 # https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
-nist_dsa : NISTDSA
+nist_dsa : PQDSA
 nist_dsa 17 : MLDSA44
 nist_dsa 18 : MLDSA65
 nist_dsa 19 : MLDSA87
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
@@ -97,8 +97,8 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
   }
 
 #ifdef ENABLE_DILITHIUM
-  if (EVP_PKEY_id(pkey) == EVP_PKEY_NISTDSA) {
-    return X509_ALGOR_set0(algor, OBJ_nid2obj(EVP_PKEY_NISTDSA), V_ASN1_UNDEF, NULL);
+  if (EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA) {
+    return X509_ALGOR_set0(algor, OBJ_nid2obj(EVP_PKEY_PQDSA), V_ASN1_UNDEF, NULL);
   }
 #endif
 
@@ -158,7 +158,7 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
       return x509_rsa_pss_to_ctx(ctx, sigalg, pkey);
     }
 #ifdef ENABLE_DILITHIUM
-    if (sigalg_nid == NID_ED25519 || sigalg_nid == NID_NISTDSA) {
+    if (sigalg_nid == NID_ED25519 || sigalg_nid == NID_PQDSA) {
 #else
     if (sigalg_nid == NID_ED25519) {
 #endif

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
@@ -578,7 +578,7 @@ w1AH9efZBw==
 
 #ifdef ENABLE_DILITHIUM
 
-static const char kDilithium3Cert[] = R"(
+static const char kMLDSA65Cert[] = R"(
 -----BEGIN CERTIFICATE-----
 MIIVKDCCCCagAwIBAgIBADAKBghghkgBZQMEAzAXMRUwEwYDVQQDDAxJbnRlcm1l
 ZGlhdGUwHhcNMTYwOTI2MDAwMDAwWhcNMTYwOTI4MDAwMDAwWjAPMQ0wCwYDVQQD
@@ -696,9 +696,9 @@ gpSap7z7DhchKkdnb3eAtw8eZmrXfb0AAAAAAAAAAAAAAAAAAAAHCxchJig=
 -----END CERTIFICATE-----
 )";
 
-// kDilithium3CertNull is an invalid self-signed Dilithium3 with an explicit
+// kMLDSA65CertNull is an invalid self-signed MLDSA65 with an explicit
 // NULL in the signature algorithm.
-static const char kDilithium3CertNull[] = R"(
+static const char kMLDSA65CertNull[] = R"(
 -----BEGIN CERTIFICATE-----
 MIIVLDCCCCegAwIBAgIBADALBglghkgBZQMEAxIwFzEVMBMGA1UEAwwMSW50ZXJt
 ZWRpYXRlMB4XDTE2MDkyNjAwMDAwMFoXDTE2MDkyODAwMDAwMFowDzENMAsGA1UE
@@ -817,9 +817,9 @@ mKm80BAolbXG4fX4d6cpVZbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACw8RGRsf
 
 )";
 
-// kDilithium3CertParam is an invalid self-signed Dilithium3 with an explicit
+// kMLDSA65CertParam is an invalid self-signed MLDSA65 with an explicit
 // NULL in the AlgorithmIdentifier parameters.
-static const char kDilithium3CertParam[] = R"(
+static const char kMLDSA65CertParam[] = R"(
 -----BEGIN CERTIFICATE-----
 MIIVLjCCCCmgAwIBAgIBADANBglghkgBZQMEAxIFADAXMRUwEwYDVQQDDAxJbnRl
 cm1lZGlhdGUwHhcNMTYwOTI2MDAwMDAwWhcNMTYwOTI4MDAwMDAwWjAPMQ0wCwYD
@@ -2949,12 +2949,12 @@ TEST(X509Test, Ed25519Sign) {
 
 #ifdef ENABLE_DILITHIUM
 
-TEST(X509Test, Dilithium3SignVerifyCert) {
-  // This test generates a Dilithium3 keypair, generates and signs a
+TEST(X509Test, MLDSA65SignVerifyCert) {
+  // This test generates a MLDSA65 keypair, generates and signs a
   // certificate, then verifies the certificate's signature.
 
   // Generate mldsa key
-  bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_NISTDSA, nullptr));
+  bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_PQDSA, nullptr));
   ASSERT_TRUE(ctx);
   ASSERT_TRUE(EVP_PKEY_CTX_pqdsa_set_params(ctx.get(), NID_MLDSA65));
   ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get()));
@@ -2976,12 +2976,12 @@ TEST(X509Test, Dilithium3SignVerifyCert) {
 TEST(X509Test, TestMLDSA65) {
   // This test decodes a MLDSA65 certificate from the PEM encoding,
   // extracts the public key, and then verifies the certificate.
-  bssl::UniquePtr<X509> cert(CertFromPEM(kDilithium3Cert));
+  bssl::UniquePtr<X509> cert(CertFromPEM(kMLDSA65Cert));
   ASSERT_TRUE(cert);
   //extract the asn1 bit string from the cert
   ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert.get());
   // create a new PKEY and set the raw public key as the one from the cert
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_NISTDSA,
+  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_PQDSA,
                                                                nullptr,
                                                                key->data,
                                                                key->length));
@@ -2993,14 +2993,14 @@ TEST(X509Test, TestMLDSA65) {
 
 TEST(X509Test, TestBadSigAlgMLDSA65) {
   // This test generates a MLDSA65 certificate from the PEM encoding
-  // kDilithium3CertNull that has an explicit NULL in the signature algorithm.
+  // kMLDSA65CertNull that has an explicit NULL in the signature algorithm.
   // After extracting the public key, verification should fail.
-  bssl::UniquePtr<X509> cert(CertFromPEM(kDilithium3CertNull));
+  bssl::UniquePtr<X509> cert(CertFromPEM(kMLDSA65CertNull));
   ASSERT_TRUE(cert);
   // extract the asn1 bit string from the cert
   ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert.get());
   // create a new PKEY and set the raw public key as the one from the cert
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_NISTDSA,
+  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_PQDSA,
                                                                nullptr,
                                                                key->data,
                                                                key->length));
@@ -3017,14 +3017,14 @@ TEST(X509Test, TestBadSigAlgMLDSA65) {
 
 TEST(X509Test, TestBadParamsMLDSA65) {
   // This test generates a MLDSA65 certificate from the PEM encoding
-  // kDilithium3CertParam that has an explicit NULL in the signature algorithm.
+  // kMLDSA65CertParam that has an explicit NULL in the signature algorithm.
   // After extracting the public key, verification should fail.
-  bssl::UniquePtr<X509> cert(CertFromPEM(kDilithium3CertParam));
+  bssl::UniquePtr<X509> cert(CertFromPEM(kMLDSA65CertParam));
   ASSERT_TRUE(cert);
   // extract the asn1 bit string from the cert
   ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert.get());
   // create a new PKEY and set the raw public key as the one from the cert
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_NISTDSA,
+  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new_raw_public_key(EVP_PKEY_PQDSA,
                                                                nullptr,
                                                                key->data,
                                                                key->length));

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -204,7 +204,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int
 #define EVP_PKEY_DH NID_dhKeyAgreement
 
 #ifdef ENABLE_DILITHIUM
-#define EVP_PKEY_NISTDSA NID_NISTDSA
+#define EVP_PKEY_PQDSA NID_PQDSA
 #endif
 
 #define EVP_PKEY_KEM NID_kem

diff --git a/include/openssl/nid.h b/include/openssl/nid.h
@@ -4363,9 +4363,9 @@ extern "C" {
 #define NID_SecP256r1MLKEM768 992
 #define OBJ_SecP256r1MLKEM768 1L, 3L, 9999L, 99L, 55L
 
-#define SN_NISTDSA "NISTDSA"
-#define NID_NISTDSA 993
-#define OBJ_NISTDSA 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L
+#define SN_PQDSA "PQDSA"
+#define NID_PQDSA 993
+#define OBJ_PQDSA 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L
 
 #define SN_MLDSA44 "MLDSA44"
 #define NID_MLDSA44 994

diff --git a/tool/speed.cc b/tool/speed.cc
@@ -872,8 +872,8 @@ static bool SpeedDigestSignNID(const std::string &name, int nid,
     return true;
   }
 
-  // Setup CTX for Sign/Verify Operations of type EVP_PKEY_NISTDSA
-  BM_NAMESPACE::UniquePtr<EVP_PKEY_CTX> pkey_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_NISTDSA, nullptr));
+  // Setup CTX for Sign/Verify Operations of type EVP_PKEY_PQDSA
+  BM_NAMESPACE::UniquePtr<EVP_PKEY_CTX> pkey_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_PQDSA, nullptr));
 
   // Setup CTX for specific signature alg NID
   EVP_PKEY_CTX_pqdsa_set_params(pkey_ctx.get(), nid);