-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Addition of generic NIST-DSA PKEY and ASN1 to support ML-DSA #1963
Changes from 12 commits
6179241
8542649
e2234e3
163b50d
221c533
e47ef83
c72e3e6
7e524df
8d6ff48
91056cb
c0d4e65
bcbb832
7435f9b
297f76b
5a744cf
2e5d891
ad0a24c
739a3be
a1a15fe
c4afe50
2622a60
2c0d95a
c71bbac
13b5886
e419b99
53522b6
369080b
fb8631e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -323,9 +323,10 @@ if(ENABLE_DILITHIUM) | |
set( | ||
DILITHIUM_SOURCES | ||
|
||
dilithium/p_dilithium3.c | ||
dilithium/p_dilithium3_asn1.c | ||
dilithium/sig_dilithium3.c | ||
dilithium/pqdsa.c | ||
dilithium/p_pqdsa.c | ||
dilithium/p_pqdsa_asn1.c | ||
dilithium/ml_dsa.c | ||
) | ||
endif() | ||
|
||
|
@@ -774,7 +775,7 @@ if(BUILD_TESTING) | |
ecdh_extra/ecdh_test.cc | ||
dh_extra/dh_test.cc | ||
digest_extra/digest_test.cc | ||
dilithium/p_dilithium_test.cc | ||
dilithium/p_pqdsa_test.cc | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. np: indent There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fixed in 7435f9b |
||
dsa/dsa_test.cc | ||
des/des_test.cc | ||
endian_test.cc | ||
|
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,70 @@ | ||||||
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. | ||||||
// SPDX-License-Identifier: Apache-2.0 OR ISC | ||||||
|
||||||
#ifndef AWSLC_HEADER_SIG_INTERNAL_H | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fixed in 7435f9b |
||||||
#define AWSLC_HEADER_SIG_INTERNAL_H | ||||||
|
||||||
#include <openssl/base.h> | ||||||
|
||||||
#if defined(__cplusplus) | ||||||
extern "C" { | ||||||
#endif | ||||||
|
||||||
// PQDSA_METHOD structure and helper functions. | ||||||
typedef struct { | ||||||
dkostic marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
int (*keygen)(uint8_t *public_key, | ||||||
dkostic marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
uint8_t *secret_key); | ||||||
|
||||||
int (*sign)(const uint8_t *secret_key, | ||||||
uint8_t *sig, | ||||||
size_t *sig_len, | ||||||
const uint8_t *message, | ||||||
size_t message_len, | ||||||
const uint8_t *pre, | ||||||
size_t pre_len); | ||||||
|
||||||
int (*verify)(const uint8_t *public_key, | ||||||
const uint8_t *sig, | ||||||
size_t sig_len, | ||||||
const uint8_t *message, | ||||||
size_t message_len, | ||||||
const uint8_t *pre, | ||||||
size_t pre_len); | ||||||
|
||||||
} PQDSA_METHOD; | ||||||
|
||||||
// PQDSA structure and helper functions. | ||||||
typedef struct { | ||||||
int nid; | ||||||
const uint8_t *oid; | ||||||
uint8_t oid_len; | ||||||
const char *comment; | ||||||
size_t public_key_len; | ||||||
size_t secret_key_len; | ||||||
size_t signature_len; | ||||||
size_t keygen_seed_len; | ||||||
size_t sign_seed_len; | ||||||
const PQDSA_METHOD *method; | ||||||
} PQDSA; | ||||||
|
||||||
// PQDSA_KEY structure and helper functions. | ||||||
struct pqdsa_key_st { | ||||||
const PQDSA *pqdsa; | ||||||
uint8_t *public_key; | ||||||
uint8_t *secret_key; | ||||||
}; | ||||||
|
||||||
int PQDSA_KEY_init(PQDSA_KEY *key, const PQDSA *pqdsa); | ||||||
const PQDSA * PQDSA_find_dsa_by_nid(int nid); | ||||||
const PQDSA *PQDSA_KEY_get0_dsa(PQDSA_KEY* key); | ||||||
PQDSA_KEY *PQDSA_KEY_new(void); | ||||||
void PQDSA_KEY_free(PQDSA_KEY *key); | ||||||
int EVP_PKEY_pqdsa_set_params(EVP_PKEY *pkey, int nid); | ||||||
|
||||||
int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, const uint8_t *in); | ||||||
int PQDSA_KEY_set_raw_secret_key(PQDSA_KEY *key, const uint8_t *in); | ||||||
#if defined(__cplusplus) | ||||||
} // extern C | ||||||
#endif | ||||||
|
||||||
#endif // AWSLC_HEADER_DSA_TEST_INTERNAL_H |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,9 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 OR ISC | ||
|
||
#include "../evp_extra/internal.h" | ||
#include "../fipsmodule/evp/internal.h" | ||
#include "sig_dilithium.h" | ||
#include "ml_dsa.h" | ||
#include "pqcrystals_dilithium_ref_common/sign.h" | ||
#include "pqcrystals_dilithium_ref_common/params.h" | ||
|
||
|
@@ -25,34 +26,34 @@ | |
// depending on platform support. | ||
|
||
int ml_dsa_65_keypair(uint8_t *public_key /* OUT */, | ||
uint8_t *secret_key /* OUT */) { | ||
uint8_t *secret_key /* OUT */) { | ||
ml_dsa_params params; | ||
ml_dsa_65_params_init(¶ms); | ||
return crypto_sign_keypair(¶ms, public_key, secret_key); | ||
return (crypto_sign_keypair(¶ms, public_key, secret_key) == 0); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. how did this work so far? aren't we checking the return value? because this change inverts the return value There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
} | ||
|
||
int ml_dsa_65_sign(uint8_t *sig /* OUT */, | ||
size_t *sig_len /* OUT */, | ||
const uint8_t *message /* IN */, | ||
size_t message_len /* IN */, | ||
const uint8_t *ctx /* IN */, | ||
size_t ctx_len /* IN */, | ||
const uint8_t *secret_key /* IN */) { | ||
int ml_dsa_65_sign(const uint8_t *secret_key /* IN */, | ||
uint8_t *sig /* OUT */, | ||
size_t *sig_len /* OUT */, | ||
const uint8_t *message /* IN */, | ||
size_t message_len /* IN */, | ||
const uint8_t *pre /* IN */, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. what's |
||
size_t pre_len /* IN */) { | ||
ml_dsa_params params; | ||
ml_dsa_65_params_init(¶ms); | ||
return crypto_sign_signature(¶ms, sig, sig_len, message, message_len, | ||
dkostic marked this conversation as resolved.
Show resolved
Hide resolved
|
||
ctx, ctx_len, secret_key); | ||
pre, pre_len, secret_key); | ||
} | ||
|
||
int ml_dsa_65_verify(const uint8_t *message /* IN */, | ||
size_t message_len /* IN */, | ||
const uint8_t *sig /* IN */, | ||
size_t sig_len /* IN */, | ||
const uint8_t *ctx /* IN */, | ||
size_t ctx_len /* IN */, | ||
const uint8_t *public_key /* IN */) { | ||
int ml_dsa_65_verify(const uint8_t *public_key /* IN */, | ||
const uint8_t *sig /* IN */, | ||
size_t sig_len /* IN */, | ||
const uint8_t *message /* IN */, | ||
size_t message_len /* IN */, | ||
const uint8_t *pre /* IN */, | ||
size_t pre_len /* IN */) { | ||
ml_dsa_params params; | ||
ml_dsa_65_params_init(¶ms); | ||
return crypto_sign_verify(¶ms, sig, sig_len, message, message_len, | ||
ctx, ctx_len, public_key); | ||
pre, pre_len, public_key); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 OR ISC | ||
|
||
#ifndef ML_DSA_H | ||
#define ML_DSA_H | ||
|
||
#include <stddef.h> | ||
#include <stdint.h> | ||
#include <openssl/base.h> | ||
#include <openssl/evp.h> | ||
|
||
#define MLDSA65_PUBLIC_KEY_BYTES 1952 | ||
#define MLDSA65_PRIVATE_KEY_BYTES 4032 | ||
#define MLDSA65_SIGNATURE_BYTES 3309 | ||
#define MLDSA65_KEYGEN_SEED_BYTES 32 | ||
#define MLDSA65_SIGNATURE_SEED_BYTES 32 | ||
|
||
int ml_dsa_65_keypair(uint8_t *public_key, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why were the comments preceding the functions removed? This could be why the rename considered it a new file. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Dusan said they were superfluous earlier on in this review, so I removed them. (#1963 (comment)) |
||
uint8_t *secret_key); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. np: indent There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. missed it in this commit, will hit it next time! |
||
|
||
int ml_dsa_65_sign(const uint8_t *secret_key, | ||
uint8_t *sig, | ||
size_t *sig_len, | ||
const uint8_t *message, | ||
size_t message_len, | ||
const uint8_t *ctx, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can we change this to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fixed in 7435f9b |
||
size_t ctx_len); | ||
|
||
int ml_dsa_65_verify(const uint8_t *public_key, | ||
const uint8_t *sig, | ||
size_t sig_len, | ||
const uint8_t *message, | ||
size_t message_len, | ||
const uint8_t *ctx, | ||
size_t ctx_len); | ||
#endif |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
np: indent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in 7435f9b