From a95190e7a17c3be41d609e52bc13f9050b4acb3b Mon Sep 17 00:00:00 2001 From: Jake Massimo Date: Thu, 6 Feb 2025 13:29:48 -0800 Subject: [PATCH] Move PQDSA to FIPSMODULE (#2166) As part of validating ML-DSA into AWS-LC-FIPS we must include both PQDSA and ML-DSA directories into the fipsmodule. --- crypto/CMakeLists.txt | 2 - crypto/evp_extra/evp_asn1.c | 2 +- crypto/evp_extra/p_methods.c | 1 - crypto/evp_extra/p_pqdsa_asn1.c | 2 +- crypto/evp_extra/p_pqdsa_test.cc | 2 +- crypto/evp_extra/print.c | 2 +- crypto/fipsmodule/bcm.c | 2 + crypto/fipsmodule/evp/digestsign.c | 2 +- crypto/fipsmodule/evp/evp_ctx.c | 1 + crypto/fipsmodule/evp/internal.h | 4 +- .../{evp_extra => fipsmodule/evp}/p_pqdsa.c | 51 +++--- crypto/{ => fipsmodule}/pqdsa/internal.h | 0 crypto/{ => fipsmodule}/pqdsa/pqdsa.c | 147 +++++++++--------- crypto/x509/algorithm.c | 2 +- crypto/x509/x509_test.cc | 2 +- 15 files changed, 112 insertions(+), 110 deletions(-) rename crypto/{evp_extra => fipsmodule/evp}/p_pqdsa.c (92%) rename crypto/{ => fipsmodule}/pqdsa/internal.h (100%) rename crypto/{ => fipsmodule}/pqdsa/pqdsa.c (62%) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 3aed47cbe9..2ef8051e1a 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -421,7 +421,6 @@ add_library( evp_extra/p_ed25519_asn1.c evp_extra/p_hmac_asn1.c evp_extra/p_kem_asn1.c - evp_extra/p_pqdsa.c evp_extra/p_pqdsa_asn1.c evp_extra/p_rsa_asn1.c evp_extra/p_x25519.c @@ -471,7 +470,6 @@ add_library( poly1305/poly1305_arm.c poly1305/poly1305_vec.c pool/pool.c - pqdsa/pqdsa.c rand_extra/deterministic.c rand_extra/entropy_passive.c rand_extra/forkunsafe.c diff --git a/crypto/evp_extra/evp_asn1.c b/crypto/evp_extra/evp_asn1.c index 69d34a492d..254222a673 100644 --- a/crypto/evp_extra/evp_asn1.c +++ b/crypto/evp_extra/evp_asn1.c @@ -68,7 +68,7 @@ #include "../bytestring/internal.h" #include "../internal.h" #include "internal.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID. // The OID is then searched against ASN.1 methods for a method with that OID. diff --git a/crypto/evp_extra/p_methods.c b/crypto/evp_extra/p_methods.c index 6dce228f19..6e8f591f03 100644 --- a/crypto/evp_extra/p_methods.c +++ b/crypto/evp_extra/p_methods.c @@ -11,7 +11,6 @@ static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = { &x25519_pkey_meth, &dh_pkey_meth, &dsa_pkey_meth, - &pqdsa_pkey_meth }; const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = { diff --git a/crypto/evp_extra/p_pqdsa_asn1.c b/crypto/evp_extra/p_pqdsa_asn1.c index 29a6ba9e7a..263b559357 100644 --- a/crypto/evp_extra/p_pqdsa_asn1.c +++ b/crypto/evp_extra/p_pqdsa_asn1.c @@ -7,7 +7,7 @@ #include #include -#include "../crypto/pqdsa/internal.h" +#include "../crypto/fipsmodule/pqdsa/internal.h" #include "../crypto/internal.h" #include "../fipsmodule/evp/internal.h" #include "../ml_dsa/ml_dsa.h" diff --git a/crypto/evp_extra/p_pqdsa_test.cc b/crypto/evp_extra/p_pqdsa_test.cc index bc1833c9eb..11b9e152e6 100644 --- a/crypto/evp_extra/p_pqdsa_test.cc +++ b/crypto/evp_extra/p_pqdsa_test.cc @@ -15,7 +15,7 @@ #include "../fipsmodule/evp/internal.h" #include "../internal.h" #include "../ml_dsa/ml_dsa.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #include "../test/file_test.h" #include "../test/test_util.h" diff --git a/crypto/evp_extra/print.c b/crypto/evp_extra/print.c index 9163c99edf..0ec9e0c902 100644 --- a/crypto/evp_extra/print.c +++ b/crypto/evp_extra/print.c @@ -65,7 +65,7 @@ #include "../fipsmodule/evp/internal.h" #include "../fipsmodule/rsa/internal.h" #include "../ml_dsa/ml_dsa.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) { for (size_t i = 0; i < len; i++) { diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 31eabded4c..20dd505866 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -118,6 +118,7 @@ #include "evp/p_hkdf.c" #include "evp/p_hmac.c" #include "evp/p_kem.c" +#include "evp/p_pqdsa.c" #include "evp/p_rsa.c" #include "hkdf/hkdf.c" #include "hmac/hmac.c" @@ -136,6 +137,7 @@ #include "modes/xts.c" #include "modes/polyval.c" #include "pbkdf/pbkdf.c" +#include "pqdsa/pqdsa.c" #include "rand/ctrdrbg.c" #include "rand/fork_detect.c" #include "rand/rand.c" diff --git a/crypto/fipsmodule/evp/digestsign.c b/crypto/fipsmodule/evp/digestsign.c index 794e452301..f804f0b272 100644 --- a/crypto/fipsmodule/evp/digestsign.c +++ b/crypto/fipsmodule/evp/digestsign.c @@ -57,7 +57,7 @@ #include -#include "../../pqdsa/internal.h" +#include "../pqdsa/internal.h" #include "../delocate.h" #include "../digest/internal.h" #include "internal.h" diff --git a/crypto/fipsmodule/evp/evp_ctx.c b/crypto/fipsmodule/evp/evp_ctx.c index 6e35a5ba7f..310d7ec674 100644 --- a/crypto/fipsmodule/evp/evp_ctx.c +++ b/crypto/fipsmodule/evp/evp_ctx.c @@ -75,6 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) { out->methods[4] = EVP_PKEY_hmac_pkey_meth(); out->methods[5] = EVP_PKEY_ed25519_pkey_meth(); out->methods[6] = EVP_PKEY_kem_pkey_meth(); + out->methods[7] = EVP_PKEY_pqdsa_pkey_meth(); } static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h index 46ff161ba1..d5186af738 100644 --- a/crypto/fipsmodule/evp/internal.h +++ b/crypto/fipsmodule/evp/internal.h @@ -381,8 +381,8 @@ typedef struct { void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); #define ED25519_PUBLIC_KEY_OFFSET 32 -#define FIPS_EVP_PKEY_METHODS 7 -#define NON_FIPS_EVP_PKEY_METHODS 4 +#define FIPS_EVP_PKEY_METHODS 8 +#define NON_FIPS_EVP_PKEY_METHODS 3 #define ASN1_EVP_PKEY_METHODS 10 struct fips_evp_pkey_methods { diff --git a/crypto/evp_extra/p_pqdsa.c b/crypto/fipsmodule/evp/p_pqdsa.c similarity index 92% rename from crypto/evp_extra/p_pqdsa.c rename to crypto/fipsmodule/evp/p_pqdsa.c index 612ea0e69d..1cb7c9c532 100644 --- a/crypto/evp_extra/p_pqdsa.c +++ b/crypto/fipsmodule/evp/p_pqdsa.c @@ -6,7 +6,8 @@ #include #include "../crypto/evp_extra/internal.h" -#include "../crypto/ml_dsa/ml_dsa.h" +#include "../delocate.h" +#include "../../ml_dsa/ml_dsa.h" #include "../crypto/internal.h" #include "../pqdsa/internal.h" @@ -336,27 +337,27 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t return NULL; } -const EVP_PKEY_METHOD pqdsa_pkey_meth = { - EVP_PKEY_PQDSA, - pkey_pqdsa_init, - NULL, - pkey_pqdsa_cleanup, - pkey_pqdsa_keygen, - NULL, - pkey_pqdsa_sign, - pkey_pqdsa_sign_message, - NULL, - pkey_pqdsa_verify, - pkey_pqdsa_verify_message, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, -}; +DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_pqdsa_pkey_meth) { + out->pkey_id = EVP_PKEY_PQDSA; + out->init = pkey_pqdsa_init; + out->copy = NULL; + out->cleanup = pkey_pqdsa_cleanup; + out->keygen = pkey_pqdsa_keygen; + out->sign_init = NULL; + out->sign = pkey_pqdsa_sign; + out->sign_message = pkey_pqdsa_sign_message; + out->verify_init = NULL; + out->verify = pkey_pqdsa_verify; + out->verify_message = pkey_pqdsa_verify_message; + out->verify_recover = NULL; + out->encrypt = NULL; + out->decrypt = NULL; + out->derive = NULL; + out->paramgen = NULL; + out->ctrl = NULL; + out->ctrl_str = NULL; + out->keygen_deterministic = NULL; + out->encapsulate_deterministic = NULL; + out->encapsulate = NULL; + out->decapsulate = NULL; +} diff --git a/crypto/pqdsa/internal.h b/crypto/fipsmodule/pqdsa/internal.h similarity index 100% rename from crypto/pqdsa/internal.h rename to crypto/fipsmodule/pqdsa/internal.h diff --git a/crypto/pqdsa/pqdsa.c b/crypto/fipsmodule/pqdsa/pqdsa.c similarity index 62% rename from crypto/pqdsa/pqdsa.c rename to crypto/fipsmodule/pqdsa/pqdsa.c index 84e3bb09f9..4b78c4e54c 100644 --- a/crypto/pqdsa/pqdsa.c +++ b/crypto/fipsmodule/pqdsa/pqdsa.c @@ -2,9 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC #include #include - #include -#include "../evp_extra/internal.h" + +#include "../delocate.h" +#include "../../evp_extra/internal.h" #include "../crypto/ml_dsa/ml_dsa.h" #include "internal.h" @@ -146,83 +147,83 @@ int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in) { return 1; } -static const PQDSA_METHOD sig_ml_dsa_44_method = { - ml_dsa_44_keypair, - ml_dsa_44_keypair_internal, - ml_dsa_44_sign, - ml_dsa_extmu_44_sign, - ml_dsa_44_verify, - ml_dsa_extmu_44_verify, - ml_dsa_44_pack_pk_from_sk -}; - -static const PQDSA_METHOD sig_ml_dsa_65_method = { - ml_dsa_65_keypair, - ml_dsa_65_keypair_internal, - ml_dsa_65_sign, - ml_dsa_extmu_65_sign, - ml_dsa_65_verify, - ml_dsa_extmu_65_verify, - ml_dsa_65_pack_pk_from_sk -}; - -static const PQDSA_METHOD sig_ml_dsa_87_method = { - ml_dsa_87_keypair, - ml_dsa_87_keypair_internal, - ml_dsa_87_sign, - ml_dsa_extmu_87_sign, - ml_dsa_87_verify, - ml_dsa_extmu_87_verify, - ml_dsa_87_pack_pk_from_sk -}; - -static const PQDSA sig_ml_dsa_44 = { - NID_MLDSA44, - kOIDMLDSA44, - sizeof(kOIDMLDSA44), - "MLDSA44", - MLDSA44_PUBLIC_KEY_BYTES, - MLDSA44_PRIVATE_KEY_BYTES, - MLDSA44_SIGNATURE_BYTES, - MLDSA44_KEYGEN_SEED_BYTES, - MLDSA44_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_44_method, -}; - -static const PQDSA sig_ml_dsa_65 = { - NID_MLDSA65, - kOIDMLDSA65, - sizeof(kOIDMLDSA65), - "MLDSA65", - MLDSA65_PUBLIC_KEY_BYTES, - MLDSA65_PRIVATE_KEY_BYTES, - MLDSA65_SIGNATURE_BYTES, - MLDSA65_KEYGEN_SEED_BYTES, - MLDSA65_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_65_method, -}; - -static const PQDSA sig_ml_dsa_87 = { - NID_MLDSA87, - kOIDMLDSA87, - sizeof(kOIDMLDSA87), - "MLDSA87", - MLDSA87_PUBLIC_KEY_BYTES, - MLDSA87_PRIVATE_KEY_BYTES, - MLDSA87_SIGNATURE_BYTES, - MLDSA87_KEYGEN_SEED_BYTES, - MLDSA87_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_87_method, -}; +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_44_method) { + out->pqdsa_keygen = ml_dsa_44_keypair; + out->pqdsa_keygen_internal = ml_dsa_44_keypair_internal; + out->pqdsa_sign_message = ml_dsa_44_sign; + out->pqdsa_sign = ml_dsa_extmu_44_sign; + out->pqdsa_verify_message = ml_dsa_44_verify; + out->pqdsa_verify = ml_dsa_extmu_44_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_44_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_65_method) { + out->pqdsa_keygen = ml_dsa_65_keypair; + out->pqdsa_keygen_internal = ml_dsa_65_keypair_internal; + out->pqdsa_sign_message = ml_dsa_65_sign; + out->pqdsa_sign = ml_dsa_extmu_65_sign; + out->pqdsa_verify_message = ml_dsa_65_verify; + out->pqdsa_verify = ml_dsa_extmu_65_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_65_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_87_method) { + out->pqdsa_keygen = ml_dsa_87_keypair; + out->pqdsa_keygen_internal = ml_dsa_87_keypair_internal; + out->pqdsa_sign_message = ml_dsa_87_sign; + out->pqdsa_sign = ml_dsa_extmu_87_sign; + out->pqdsa_verify_message = ml_dsa_87_verify; + out->pqdsa_verify = ml_dsa_extmu_87_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_87_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_44) { + out->nid = NID_MLDSA44; + out->oid = kOIDMLDSA44; + out->oid_len = sizeof(kOIDMLDSA44); + out->comment = "MLDSA44"; + out->public_key_len = MLDSA44_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA44_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA44_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA44_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA44_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_44_method(); +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_65) { + out->nid = NID_MLDSA65; + out->oid = kOIDMLDSA65; + out->oid_len = sizeof(kOIDMLDSA65); + out->comment = "MLDSA65"; + out->public_key_len = MLDSA65_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA65_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA65_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA65_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA65_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_65_method(); +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_87) { + out->nid = NID_MLDSA87; + out->oid = kOIDMLDSA87; + out->oid_len = sizeof(kOIDMLDSA87); + out->comment = "MLDSA87"; + out->public_key_len = MLDSA87_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA87_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA87_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA87_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA87_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_87_method(); +} const PQDSA *PQDSA_find_dsa_by_nid(int nid) { switch (nid) { case NID_MLDSA44: - return &sig_ml_dsa_44; + return sig_ml_dsa_44(); case NID_MLDSA65: - return &sig_ml_dsa_65; + return sig_ml_dsa_65(); case NID_MLDSA87: - return &sig_ml_dsa_87; + return sig_ml_dsa_87(); default: return NULL; } diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index 4b17b6276e..38b919252e 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -62,7 +62,7 @@ #include #include -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #include "../fipsmodule/evp/internal.h" #include "internal.h" diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 6a5b99d74c..7fda8f0c58 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -39,7 +39,7 @@ #include "../evp_extra/internal.h" #include "../internal.h" #include "../test/test_util.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #if defined(OPENSSL_THREADS) #include