mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

ML_DSA Add support for generation of X509 certificates using the openssl

Browse Source 
commandline.

In order to support this gettables are required in both the key and
signature.:

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)
This commit is contained in:
slontis 2025-01-28 19:46:07 +11:00 committed by Tomas Mraz
parent c83e6c0a2c
commit 808fccb721
12 changed files with 262 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -74,6 +74,7 @@ providers/common/der/der_ecx_gen.c
providers/common/der/der_rsa_gen.c
providers/common/der/der_wrap_gen.c
providers/common/der/der_sm2_gen.c
providers/common/der/der_ml_dsa_gen.c
providers/common/include/prov/der_dsa.h
providers/common/include/prov/der_ec.h
providers/common/include/prov/der_ecx.h
@ -81,6 +82,7 @@ providers/common/include/prov/der_rsa.h
providers/common/include/prov/der_digests.h
providers/common/include/prov/der_wrap.h
providers/common/include/prov/der_sm2.h
providers/common/include/prov/der_ml_dsa.h
# error code files
/crypto/err/openssl.txt.old

11
doc/designs/ml-dsa.md
View File

@ -94,6 +94,17 @@ the API's used should be
EVP_PKEY_sign_message_init(), EVP_PKEY_sign(),
EVP_PKEY_verify_message_init(), EVP_PKEY_verify().
OpenSSL command line support
----------------------------
For backwards compatability reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest
passed in `mdname` must be NULL (i.e. It effectively behaves the same as above).
Passing a non NULL digest results in an error.
OSSL_PKEY_PARAM_MANDATORY_DIGEST must return "" in the key manager getter and
OSSL_SIGNATURE_PARAM_ALGORITHM_ID in the signature context getter.
Encoding/Decoding
-----------------

5
doc/man7/EVP_SIGNATURE-ML-DSA.pod
View File

@ -70,6 +70,11 @@ to be set to 32 bytes of zeros. This value is ignored if "test-entropy" is set.
See L<EVP_PKEY-ML-DSA(7)> for information related to B<ML-DSA> keys.
=head1 NOTES
For backwards compatability reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest
passed in |mdname| must be NULL.
=head1 EXAMPLES

15
providers/common/der/ML_DSA.asn1 Normal file
View File

@ -0,0 +1,15 @@
-- Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
--
-- Licensed under the Apache License 2.0 (the "License"). You may not use
-- this file except in compliance with the License. You can obtain a copy
-- in the file LICENSE in the source distribution or at
-- https://www.openssl.org/source/license.html
-- -------------------------------------------------------------------
-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 }
id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 }
id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 }
id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 }

19
providers/common/der/build.info
View File

@ -71,6 +71,21 @@ IF[{- !$disabled{ecx} -}]
DEPEND[$DER_ECX_H]=oids_to_c.pm ECX.asn1
ENDIF
#----- ML-DSA
IF[{- !$disabled{'ml-dsa'} -}]
$DER_ML_DSA_H=$INCDIR/der_ml_dsa.h
$DER_ML_DSA_GEN=der_ml_dsa_gen.c
$DER_ML_DSA_AUX=der_ml_dsa_key.c
GENERATE[$DER_ML_DSA_GEN]=der_ml_dsa_gen.c.in
DEPEND[$DER_ML_DSA_GEN]=oids_to_c.pm ML_DSA.asn1
DEPEND[${DER_ML_DSA_GEN/.c/.o}]=$DER_ML_DSA_H
DEPEND[${DER_ML_DSA_AUX/.c/.o}]=$DER_ML_DSA_H
GENERATE[$DER_ML_DSA_H]=$INCDIR/der_ml_dsa.h.in
DEPEND[$DER_ML_DSA_H]=oids_to_c.pm ML_DSA.asn1
ENDIF
#----- KEY WRAP
$DER_WRAP_H=$INCDIR/der_wrap.h
$DER_WRAP_GEN=der_wrap_gen.c
@ -112,6 +127,10 @@ IF[{- !$disabled{ec} -}]
ENDIF
ENDIF
IF[{- !$disabled{'ml-dsa'} -}]
$COMMON = $COMMON $DER_ML_DSA_GEN $DER_ML_DSA_AUX
ENDIF
IF[{- !$disabled{sm2} -}]
$NONFIPS = $NONFIPS $DER_SM2_GEN $DER_SM2_AUX
ENDIF

19
providers/common/der/der_ml_dsa_gen.c.in Normal file
View File

@ -0,0 +1,19 @@
/*
* {- join("\n * ", @autowarntext) -}
*
* Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ml_dsa.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ML_DSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_C });
-}

41
providers/common/der/der_ml_dsa_key.c Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/packet.h"
#include "prov/der_ml_dsa.h"
int ossl_DER_w_algorithmIdentifier_ML_DSA(WPACKET *pkt, int tag, ML_DSA_KEY *key)
{
const uint8_t *alg;
size_t len;
const char *name = ossl_ml_dsa_key_get_name(key);
if (OPENSSL_strcasecmp(name, "ML-DSA-44") == 0) {
alg = ossl_der_oid_id_ml_dsa_44;
len = sizeof(ossl_der_oid_id_ml_dsa_44);
} else if (OPENSSL_strcasecmp(name, "ML-DSA-65") == 0) {
alg = ossl_der_oid_id_ml_dsa_65;
len = sizeof(ossl_der_oid_id_ml_dsa_65);
} else if (OPENSSL_strcasecmp(name, "ML-DSA-87") == 0) {
alg = ossl_der_oid_id_ml_dsa_87;
len = sizeof(ossl_der_oid_id_ml_dsa_87);
} else {
return 0;
}
return ossl_DER_w_begin_sequence(pkt, tag)
/* No parameters */
&& ossl_DER_w_precompiled(pkt, -1, alg, len)
&& ossl_DER_w_end_sequence(pkt, tag);
}

22
providers/common/include/prov/der_ml_dsa.h.in Normal file
View File

@ -0,0 +1,22 @@
/*
* {- join("\n * ", @autowarntext) -}
*
* Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/der.h"
#include "crypto/ml_dsa.h"
/* Well known OIDs precompiled */
{-
$OUT = oids_to_c::process_leaves('providers/common/der/ML_DSA.asn1',
{ dir => $config{sourcedir},
filter => \&oids_to_c::filter_to_H });
-}
int ossl_DER_w_algorithmIdentifier_ML_DSA(WPACKET *pkt, int tag, ML_DSA_KEY *key);

2
providers/implementations/keymgmt/build.info
View File

@ -46,6 +46,6 @@ SOURCE[$MAC_GOAL]=mac_legacy_kmgmt.c
SOURCE[$TEMPLATE_GOAL]=template_kmgmt.c
IF[{- !$disabled{ml-dsa} -}]
IF[{- !$disabled{'ml-dsa'} -}]
SOURCE[$ML_DSA_GOAL]=ml_dsa_kmgmt.c
ENDIF

9
providers/implementations/keymgmt/ml_dsa_kmgmt.c
View File

@ -132,6 +132,7 @@ static const OSSL_PARAM ml_dsa_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
ML_DSA_IMEXPORTABLE_PARAMETERS,
OSSL_PARAM_END
};
@ -174,6 +175,14 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[])
ossl_ml_dsa_key_get_pub_len(key)))
return 0;
}
/*
* This allows apps to use an empty digest, so that the old API
* for digest signing can be used.
*/
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MANDATORY_DIGEST);
if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ""))
return 0;
return 1;
}

3
providers/implementations/signature/build.info
View File

@ -25,6 +25,7 @@ ENDIF
SOURCE[$RSA_GOAL]=rsa_sig.c
DEPEND[ml_dsa_sig.o]=../../common/include/prov/der_ml_dsa.h
DEPEND[rsa_sig.o]=../../common/include/prov/der_rsa.h
DEPEND[dsa_sig.o]=../../common/include/prov/der_dsa.h
DEPEND[ecdsa_sig.o]=../../common/include/prov/der_ec.h
@ -33,6 +34,6 @@ DEPEND[sm2_sig.o]=../../common/include/prov/der_sm2.h
SOURCE[$MAC_GOAL]=mac_legacy_sig.c
IF[{- !$disabled{ml-dsa} -}]
IF[{- !$disabled{'ml-dsa'} -}]
SOURCE[$DSA_GOAL]=ml_dsa_sig.c
ENDIF

121
providers/implementations/signature/ml_dsa_sig.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -18,7 +18,10 @@
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "prov/der_ml_dsa.h"
#include "crypto/ml_dsa.h"
#include "internal/packet.h"
#include "internal/sizes.h"
#define ML_DSA_ENTROPY_LEN 32
@ -29,9 +32,15 @@ static OSSL_FUNC_signature_sign_message_init_fn ml_dsa_sign_msg_init;
static OSSL_FUNC_signature_sign_fn ml_dsa_sign;
static OSSL_FUNC_signature_verify_message_init_fn ml_dsa_verify_msg_init;
static OSSL_FUNC_signature_verify_fn ml_dsa_verify;
static OSSL_FUNC_signature_digest_sign_init_fn ml_dsa_digest_signverify_init;
static OSSL_FUNC_signature_digest_sign_fn ml_dsa_digest_sign;
static OSSL_FUNC_signature_digest_verify_fn ml_dsa_digest_verify;
static OSSL_FUNC_signature_freectx_fn ml_dsa_freectx;
static OSSL_FUNC_signature_set_ctx_params_fn ml_dsa_set_ctx_params;
static OSSL_FUNC_signature_settable_ctx_params_fn ml_dsa_settable_ctx_params;
static OSSL_FUNC_signature_get_ctx_params_fn ml_dsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn ml_dsa_gettable_ctx_params;
static OSSL_FUNC_signature_dupctx_fn ml_dsa_dupctx;
typedef struct {
@ -44,6 +53,9 @@ typedef struct {
int msg_encode;
int deterministic;
const char *alg;
/* The Algorithm Identifier of the signature algorithm */
uint8_t aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
size_t aid_len;
} PROV_ML_DSA_CTX;
static void ml_dsa_freectx(void *vctx)
@ -86,6 +98,32 @@ static void *ml_dsa_dupctx(void *vctx)
return OPENSSL_memdup(srcctx, sizeof(*srcctx));
}
static int set_alg_id_buffer(PROV_ML_DSA_CTX *ctx)
{
int ret;
WPACKET pkt;
uint8_t *aid = NULL;
/*
* We do not care about DER writing errors.
* All it really means is that for some reason, there's no
* AlgorithmIdentifier to be had, but the operation itself is
* still valid, just as long as it's not used to construct
* anything that needs an AlgorithmIdentifier.
*/
ctx->aid_len = 0;
ret = WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf));
ret = ret && ossl_DER_w_algorithmIdentifier_ML_DSA(&pkt, -1, ctx->key);
if (ret && WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
aid = WPACKET_get_curr(&pkt);
}
WPACKET_cleanup(&pkt);
if (aid != NULL && ctx->aid_len != 0)
memmove(ctx->aid_buf, aid, ctx->aid_len);
return 1;
}
static int ml_dsa_signverify_msg_init(void *vctx, void *vkey,
const OSSL_PARAM params[], int operation,
const char *desc)
@ -107,6 +145,8 @@ static int ml_dsa_signverify_msg_init(void *vctx, void *vkey,
if (!ossl_ml_dsa_key_matches(ctx->key, ctx->alg))
return 0;
set_alg_id_buffer(ctx);
return ml_dsa_set_ctx_params(ctx, params);
}
@ -116,8 +156,26 @@ static int ml_dsa_sign_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[
EVP_PKEY_OP_SIGN, "ML_DSA Sign Init");
}
static int ml_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
size_t sigsize, const unsigned char *msg, size_t msg_len)
static int ml_dsa_digest_signverify_init(void *vctx, const char *mdname,
void *vkey, const OSSL_PARAM params[])
{
PROV_ML_DSA_CTX *ctx = (PROV_ML_DSA_CTX *)vctx;
if (mdname != NULL && mdname[0] != '\0') {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
"Explicit digest not supported for ML-DSA operations");
return 0;
}
if (vkey == NULL && ctx->key != NULL)
return ml_dsa_set_ctx_params(ctx, params);
return ml_dsa_signverify_msg_init(vctx, vkey, params,
EVP_PKEY_OP_SIGN, "ML_DSA Sign Init");
}
static int ml_dsa_sign(void *vctx, uint8_t *sig, size_t *siglen, size_t sigsize,
const uint8_t *msg, size_t msg_len)
{
int ret = 0;
PROV_ML_DSA_CTX *ctx = (PROV_ML_DSA_CTX *)vctx;
@ -147,14 +205,20 @@ static int ml_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
return ret;
}
static int ml_dsa_digest_sign(void *vctx, uint8_t *sig, size_t *siglen, size_t sigsize,
const uint8_t *tbs, size_t tbslen)
{
return ml_dsa_sign(vctx, sig, siglen, sigsize, tbs, tbslen);
}
static int ml_dsa_verify_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[])
{
return ml_dsa_signverify_msg_init(vctx, vkey, params, EVP_PKEY_OP_VERIFY,
"ML_DSA Verify Init");
}
static int ml_dsa_verify(void *vctx, const unsigned char *sig, size_t siglen,
const unsigned char *msg, size_t msg_len)
static int ml_dsa_verify(void *vctx, const uint8_t *sig, size_t siglen,
const uint8_t *msg, size_t msg_len)
{
PROV_ML_DSA_CTX *ctx = (PROV_ML_DSA_CTX *)vctx;
@ -164,6 +228,12 @@ static int ml_dsa_verify(void *vctx, const unsigned char *sig, size_t siglen,
ctx->context_string, ctx->context_string_len,
ctx->msg_encode, sig, siglen);
}
static int ml_dsa_digest_verify(void *vctx,
const uint8_t *sig, size_t siglen,
const uint8_t *tbs, size_t tbslen)
{
return ml_dsa_verify(vctx, sig, siglen, tbs, tbslen);
}
static int ml_dsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
@ -223,6 +293,35 @@ static const OSSL_PARAM *ml_dsa_settable_ctx_params(void *vctx,
return settable_ctx_params;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_END
};
static const OSSL_PARAM *ml_dsa_gettable_ctx_params(ossl_unused void *vctx,
ossl_unused void *provctx)
{
return known_gettable_ctx_params;
}
static int ml_dsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
{
PROV_ML_DSA_CTX *ctx = (PROV_ML_DSA_CTX *)vctx;
OSSL_PARAM *p;
if (ctx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL
&& !OSSL_PARAM_set_octet_string(p,
ctx->aid_len == 0 ? NULL : ctx->aid_buf,
ctx->aid_len))
return 0;
return 1;
}
#define MAKE_SIGNATURE_FUNCTIONS(alg, fn) \
static OSSL_FUNC_signature_newctx_fn ml_dsa_##fn##_newctx; \
static void *ml_dsa_##fn##_newctx(void *provctx, const char *propq) \
@ -237,11 +336,23 @@ static const OSSL_PARAM *ml_dsa_settable_ctx_params(void *vctx,
{ OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \
(void (*)(void))ml_dsa_verify_msg_init }, \
{ OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ml_dsa_verify }, \
{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, \
(void (*)(void))ml_dsa_digest_signverify_init }, \
{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN, \
(void (*)(void))ml_dsa_digest_sign }, \
{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, \
(void (*)(void))ml_dsa_digest_signverify_init }, \
{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, \
(void (*)(void))ml_dsa_digest_verify }, \
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ml_dsa_freectx }, \
{ OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \
(void (*)(void))ml_dsa_set_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \
(void (*)(void))ml_dsa_settable_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \
(void (*)(void))ml_dsa_get_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \
(void (*)(void))ml_dsa_gettable_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ml_dsa_dupctx }, \
OSSL_DISPATCH_END \
}