Addition of generic NIST-DSA PKEY and ASN1 to support ML-DSA

crypto/CMakeLists.txt

@@ -323,9 +323,10 @@ if(ENABLE_DILITHIUM)
   set(
     DILITHIUM_SOURCES
 
-    dilithium/p_dilithium3.c
-    dilithium/p_dilithium3_asn1.c
-    dilithium/sig_dilithium3.c
+    dilithium/pqdsa.c
+          dilithium/p_pqdsa.c
+          dilithium/p_pqdsa_asn1.c
+          dilithium/ml_dsa.c
   )
 endif()
 
@@ -774,7 +775,7 @@ if(BUILD_TESTING)
     ecdh_extra/ecdh_test.cc
     dh_extra/dh_test.cc
     digest_extra/digest_test.cc
-    dilithium/p_dilithium_test.cc
+          dilithium/p_pqdsa_test.cc
     dsa/dsa_test.cc
     des/des_test.cc
     endian_test.cc

crypto/dilithium/internal.h

@@ -0,0 +1,70 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+#ifndef AWSLC_HEADER_SIG_INTERNAL_H
+#define AWSLC_HEADER_SIG_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+// PQDSA_METHOD structure and helper functions.
+typedef struct {
+  int (*keygen)(uint8_t *public_key,
+                uint8_t *secret_key);
+
+  int (*sign)(const uint8_t *secret_key,
+              uint8_t *sig,
+              size_t *sig_len,
+              const uint8_t *message,
+              size_t message_len,
+              const uint8_t *ctx,
+              size_t ctx_len);
+
+  int (*verify)(const uint8_t *public_key,
+                const uint8_t *sig,
+                size_t sig_len,
+                const uint8_t *message,
+                size_t message_len,
+                const uint8_t *ctx,
+                size_t ctx_len);
+
+} PQDSA_METHOD;
+
+// PQDSA structure and helper functions.
+typedef struct {
+  int nid;
+  const uint8_t *oid;
+  uint8_t oid_len;
+  const char *comment;
+  size_t public_key_len;
+  size_t secret_key_len;
+  size_t signature_len;
+  size_t keygen_seed_len;
+  size_t sign_seed_len;
+  const PQDSA_METHOD *method;
+} PQDSA;
+
+// PQDSA_KEY structure and helper functions.
+struct pqdsa_key_st {
+  const PQDSA *pqdsa;
+  uint8_t *public_key;
+  uint8_t *secret_key;
+};
+
+int PQDSA_KEY_init(PQDSA_KEY *key, const PQDSA *pqdsa);
+const PQDSA * PQDSA_find_dsa_by_nid(int nid);
+const PQDSA *PQDSA_KEY_get0_dsa(PQDSA_KEY* key);
+PQDSA_KEY *PQDSA_KEY_new(void);
+void PQDSA_KEY_free(PQDSA_KEY *key);
+int EVP_PKEY_pqdsa_set_params(EVP_PKEY *pkey, int nid);
+
+int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, const uint8_t *in);
+int PQDSA_KEY_set_raw_secret_key(PQDSA_KEY *key, const uint8_t *in);
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif // AWSLC_HEADER_DSA_TEST_INTERNAL_H

crypto/dilithium/sig_dilithium3.c → crypto/dilithium/ml_dsa.c

@@ -1,8 +1,9 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0 OR ISC
+
 #include "../evp_extra/internal.h"
 #include "../fipsmodule/evp/internal.h"
-#include "sig_dilithium.h"
+#include "ml_dsa.h"
 #include "pqcrystals_dilithium_ref_common/sign.h"
 #include "pqcrystals_dilithium_ref_common/params.h"
 
@@ -25,32 +26,32 @@
 // depending on platform support.
 
 int ml_dsa_65_keypair(uint8_t *public_key  /* OUT */,
-                       uint8_t *secret_key /* OUT */) {
+                      uint8_t *secret_key  /* OUT */) {
   ml_dsa_params params;
   ml_dsa_65_params_init(&params);
-  return crypto_sign_keypair(&params, public_key, secret_key);
+  return (crypto_sign_keypair(&params, public_key, secret_key) == 0);
 }
 
-int ml_dsa_65_sign(uint8_t *sig                /* OUT */,
-                    size_t *sig_len            /* OUT */,
-                    const uint8_t *message     /* IN */,
-                    size_t message_len         /* IN */,
-                    const uint8_t *ctx         /* IN */,
-                    size_t ctx_len             /* IN */,
-                    const uint8_t *secret_key  /* IN */) {
+int ml_dsa_65_sign(const uint8_t *secret_key  /* IN */,
+                   uint8_t *sig               /* OUT */,
+                   size_t *sig_len            /* OUT */,
+                   const uint8_t *message     /* IN */,
+                   size_t message_len         /* IN */,
+                   const uint8_t *ctx         /* IN */,
+                   size_t ctx_len             /* IN */) {
   ml_dsa_params params;
   ml_dsa_65_params_init(&params);
   return crypto_sign_signature(&params, sig, sig_len, message, message_len,
                                              ctx, ctx_len, secret_key);
 }
 
-int ml_dsa_65_verify(const uint8_t *message     /* IN */,
-                      size_t message_len        /* IN */,
-                      const uint8_t *sig        /* IN */,
-                      size_t sig_len            /* IN */,
-                      const uint8_t *ctx        /* IN */,
-                      size_t ctx_len            /* IN */,
-                      const uint8_t *public_key /* IN */) {
+int ml_dsa_65_verify(const uint8_t *public_key /* IN */,
+                     const uint8_t *sig        /* IN */,
+                     size_t sig_len            /* IN */,
+                     const uint8_t *message    /* IN */,
+                     size_t message_len        /* IN */,
+                     const uint8_t *ctx        /* IN */,
+                     size_t ctx_len            /* IN */) {
   ml_dsa_params params;
   ml_dsa_65_params_init(&params);
   return crypto_sign_verify(&params, sig, sig_len, message, message_len,

crypto/dilithium/ml_dsa.h

@@ -0,0 +1,50 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+#ifndef SIG_DILITHIUM_H
+#define SIG_DILITHIUM_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <openssl/base.h>
+#include <openssl/evp.h>
+
+#define MLDSA65_PUBLIC_KEY_BYTES 1952
+#define MLDSA65_PRIVATE_KEY_BYTES 4032
+#define MLDSA65_SIGNATURE_BYTES 3309
+#define MLDSA65_KEYGEN_SEED_BYTES 32
+#define MLDSA65_SIGNATURE_SEED_BYTES 32
+
+// ml_dsa_65_keypair generates an ML-DSA-65 keypair and assigns a public key to
+// |public_key| and a private key to |secret_key|. It returns 0 upon success.
+int ml_dsa_65_keypair(uint8_t *public_key,
+                       uint8_t *secret_key);
+
+// ml_dsa_65_sign generates an ML-DSA-65 signature. Where |secret_key| is a
+// pointer to bit-packed secret key, |sig| is a pointer to output signature,
+// |sig_len| is a pointer to output length of signature, |message| is a pointer
+// to message to be signed, |message_len| is the length of the message, |ctx| is
+// a pointer to the context string, and |ctx_len| is the length of the context
+// string (max length 255 bytes). It returns 0 upon success.
+int ml_dsa_65_sign(const uint8_t *secret_key,
+                   uint8_t *sig,
+                   size_t *sig_len,
+                   const uint8_t *message,
+                   size_t message_len,
+                   const uint8_t *ctx,
+                   size_t ctx_len);
+
+// ml_dsa_65_verify generates an ML-DSA-65 signature. Where |public_key| is a
+// pointer to bit-packed public key, |sig| is a pointer to input signature,
+// |sig_len| is the length of the signature, |message| is a pointer to message,
+// |message_len| is the length of the message, |ctx| is a pointer to the context
+// string, and |ctx_len| is the length of the context string (max length 255
+// bytes). Returns 0 if signature could be verified successfully and -1 otherwise.
+int ml_dsa_65_verify(const uint8_t *public_key,
+                     const uint8_t *sig,
+                     size_t sig_len,
+                     const uint8_t *message,
+                     size_t message_len,
+                     const uint8_t *ctx,
+                     size_t ctx_len);
+#endif