ML-DSA: Add TLS-SIGALG capability to support ML-DSA signatures

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26654)
2025-04-12 20:30:52 +08:00 · 2025-02-06 18:27:34 +11:00 · 2025-02-06 18:27:34 +11:00 · 36f10925ff
commit 36f10925ff
parent 6797e02907
3 changed files with 59 additions and 3 deletions
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@ -220,11 +220,68 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
    return 1;
 }

+/* --------------------------------------------------------------- */
+
+#if !defined(OPENSSL_NO_ML_DSA)
+
+typedef struct tls_sigalg_constants_st {
+    unsigned int code_point;
+    unsigned int sec_bits;    /* Bits of security */
+    int min_tls;              /* Minimum TLS version, -1 unsupported */
+    int max_tls;              /* Maximum TLS version (or 0 for undefined) */
+} TLS_SIGALG_CONSTANTS;
+
+static const TLS_SIGALG_CONSTANTS sigalg_constants_list[3] = {
+    { 0x0904, 128, TLS1_3_VERSION, 0 },
+    { 0x0905, 192, TLS1_3_VERSION, 0 },
+    { 0x0906, 256, TLS1_3_VERSION, 0 },
+};
+
+# define TLS_SIGALG_ENTRY(tlsname, algorithm, oid, idx)                         \
+    {                                                                           \
+        OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,            \
+                               tlsname, sizeof(tlsname)),                       \
+        OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,                 \
+                               algorithm, sizeof(algorithm)),                   \
+        OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,                  \
+                               oid, sizeof(oid)),                               \
+        OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,                  \
+                        (unsigned int *)&sigalg_constants_list[idx].code_point),\
+        OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,               \
+                        (unsigned int *)&sigalg_constants_list[idx].sec_bits),  \
+        OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,                      \
+                       (unsigned int *)&sigalg_constants_list[idx].min_tls),    \
+        OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,                      \
+                       (unsigned int *)&sigalg_constants_list[idx].max_tls),    \
+        OSSL_PARAM_END                                                          \
+    }
+
+static const OSSL_PARAM param_sigalg_list[][8] = {
+    TLS_SIGALG_ENTRY("mldsa44", "ML-DSA-44", "2.16.840.1.101.3.4.3.17", 0),
+    TLS_SIGALG_ENTRY("mldsa65", "ML-DSA-65", "2.16.840.1.101.3.4.3.18", 1),
+    TLS_SIGALG_ENTRY("mldsa87", "ML-DSA-87", "2.16.840.1.101.3.4.3.19", 2),
+};
+#endif /* OPENSSL_NO_ML_DSA */
+
+static int tls_sigalg_capability(OSSL_CALLBACK *cb, void *arg)
+{
+#if !defined(OPENSSL_NO_ML_DSA)
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(param_sigalg_list); i++)
+        if (!cb(param_sigalg_list[i], arg))
+            return 0;
+#endif
+    return 1;
+}
+
 int ossl_prov_get_capabilities(void *provctx, const char *capability,
                               OSSL_CALLBACK *cb, void *arg)
 {
    if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0)
        return tls_group_capability(cb, arg);
+    if (OPENSSL_strcasecmp(capability, "TLS-SIGALG") == 0)
+        return tls_sigalg_capability(cb, arg);

    /* We don't support this capability */
    return 0;
--- a/providers/implementations/signature/ml_dsa_sig.c
+++ b/providers/implementations/signature/ml_dsa_sig.c
@ -78,7 +78,6 @@ static void *ml_dsa_newctx(void *provctx, int evp_type, const char *propq)
    ctx->libctx = PROV_LIBCTX_OF(provctx);
    ctx->msg_encode = ML_DSA_MESSAGE_ENCODE_PURE;
    ctx->evp_type = evp_type;
-
    return ctx;
 }

--- a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
+++ b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
@ -12,12 +12,12 @@
       {"name" : "test-tls13-certificate-verify.py",
        "arguments" : ["-k", "tests/clientX509Key.pem",
                       "-c", "tests/clientX509Cert.pem",
-                       "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                       "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6",
                       "-p", "@PORT@"]},
       {"name" : "test-tls13-ecdsa-in-certificate-verify.py",
          "arguments" : ["-k", "tests/serverECKey.pem",
                         "-c", "tests/serverECCert.pem",
-                         "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+                         "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6",
                         "-p", "@PORT@"]}
     ]
    },