Skip to content

Commit

Permalink
Move mldsa and pqdsa out of fipsmodule (#2104)
Browse files Browse the repository at this point in the history
### Issues:
Issues with the delocator is preventing ML-DSA from being added to
`bcm.c`. This PR moves PQDSA and ML-DSA out of the fipsmodule.

### Description of changes: 
- Had to remove uses of delocator (e.g `DEFINE_LOCAL_DATA`) and replaced
with traditional methods.
- Also had to change the number of FIPS methods, and redefine those new
methods without use of the delocator.
- Only essential changes were included in this PR.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
  • Loading branch information
jakemas authored Jan 10, 2025
1 parent 0e78c22 commit e34998e
Show file tree
Hide file tree
Showing 39 changed files with 1,005 additions and 1,007 deletions.
3 changes: 3 additions & 0 deletions crypto/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,10 @@ if(ENABLE_DILITHIUM)
set(
DILITHIUM_SOURCES

evp_extra/p_pqdsa.c
evp_extra/p_pqdsa_asn1.c
ml_dsa/ml_dsa.c
pqdsa/pqdsa.c
)
endif()

Expand Down
2 changes: 1 addition & 1 deletion crypto/evp_extra/evp_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
#include "../bytestring/internal.h"
#include "../internal.h"
#include "internal.h"
#include "../fipsmodule/pqdsa/internal.h"
#include "../pqdsa/internal.h"

// parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
// The OID is then searched against ASN.1 methods for a method with that OID.
Expand Down
5 changes: 4 additions & 1 deletion crypto/evp_extra/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
#include <openssl/base.h>
#include "../fipsmodule/evp/internal.h"

#include "../fipsmodule/ml_dsa/ml_dsa.h"
#include "../ml_dsa/ml_dsa.h"

#define PKCS8_VERSION_ONE 0
#define PKCS8_VERSION_TWO 1
Expand Down Expand Up @@ -39,6 +39,9 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth;
extern const EVP_PKEY_METHOD hmac_pkey_meth;
extern const EVP_PKEY_METHOD dh_pkey_meth;
extern const EVP_PKEY_METHOD dsa_pkey_meth;
#ifdef ENABLE_DILITHIUM
extern const EVP_PKEY_METHOD pqdsa_pkey_meth;
#endif

// evp_pkey_set_method behaves like |EVP_PKEY_set_type|, but takes a pointer to
// a method table. This avoids depending on every |EVP_PKEY_ASN1_METHOD|.
Expand Down
5 changes: 4 additions & 1 deletion crypto/evp_extra/p_methods.c
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@
static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = {
&x25519_pkey_meth,
&dh_pkey_meth,
&dsa_pkey_meth
&dsa_pkey_meth,
#ifdef ENABLE_DILITHIUM
&pqdsa_pkey_meth
#endif
};

const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
Expand Down
54 changes: 28 additions & 26 deletions crypto/fipsmodule/evp/p_pqdsa.c → crypto/evp_extra/p_pqdsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@
#include <openssl/mem.h>

#include "../crypto/evp_extra/internal.h"
#include "../crypto/fipsmodule/ml_dsa/ml_dsa.h"
#include "../crypto/ml_dsa/ml_dsa.h"
#include "../crypto/internal.h"
#include "../delocate.h"
#include "../pqdsa/internal.h"

// PQDSA PKEY functions
Expand Down Expand Up @@ -261,27 +260,30 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t
return NULL;
}

DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_pqdsa_pkey_meth) {
out->pkey_id = EVP_PKEY_PQDSA;
out->init = pkey_pqdsa_init;
out->copy = NULL;
out->cleanup = pkey_pqdsa_cleanup;
out->keygen = pkey_pqdsa_keygen;
out->sign_init = NULL;
out->sign = NULL;
out->sign_message = pkey_pqdsa_sign_message;
out->verify_init = NULL;
out->verify = NULL;
out->verify_message = pkey_pqdsa_verify_signature;
out->verify_recover = NULL;
out->encrypt = NULL;
out->decrypt = NULL;
out->derive = NULL;
out->paramgen = NULL;
out->ctrl = NULL;
out->ctrl_str = NULL;
out->keygen_deterministic = NULL;
out->encapsulate_deterministic = NULL;
out->encapsulate = NULL;
out->decapsulate = NULL;
}
const EVP_PKEY_METHOD pqdsa_pkey_meth = {
EVP_PKEY_PQDSA,
pkey_pqdsa_init,
NULL,
pkey_pqdsa_cleanup,
pkey_pqdsa_keygen,
NULL,
NULL,
pkey_pqdsa_sign_message,
NULL,
NULL,
pkey_pqdsa_verify_signature,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};



4 changes: 2 additions & 2 deletions crypto/evp_extra/p_pqdsa_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
#include <openssl/err.h>
#include <openssl/mem.h>

#include "../crypto/fipsmodule/pqdsa/internal.h"
#include "../crypto/pqdsa/internal.h"
#include "../crypto/internal.h"
#include "../fipsmodule/evp/internal.h"
#include "../fipsmodule/ml_dsa/ml_dsa.h"
#include "../ml_dsa/ml_dsa.h"
#include "internal.h"

static void pqdsa_free(EVP_PKEY *pkey) {
Expand Down
6 changes: 3 additions & 3 deletions crypto/evp_extra/p_pqdsa_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@
#include <vector>
#include "../fipsmodule/evp/internal.h"
#include "../internal.h"
#include "../fipsmodule/pqdsa/internal.h"
#include "../pqdsa/internal.h"

#ifdef ENABLE_DILITHIUM

#include "../fipsmodule/ml_dsa/ml_dsa.h"
#include "../ml_dsa/ml_dsa.h"
#include "../test/file_test.h"
#include "../test/test_util.h"

Expand Down Expand Up @@ -1046,7 +1046,7 @@ INSTANTIATE_TEST_SUITE_P(All, PQDSAParameterTest, testing::ValuesIn(parameterSet
-> std::string { return params.param.name; });

TEST_P(PQDSAParameterTest, KAT) {
std::string kat_filepath = "crypto/fipsmodule/";
std::string kat_filepath = "crypto/";
kat_filepath += GetParam().kat_filename;

FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {
Expand Down
4 changes: 2 additions & 2 deletions crypto/evp_extra/print.c
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@
#include "../fipsmodule/rsa/internal.h"

#ifdef ENABLE_DILITHIUM
#include "../fipsmodule/ml_dsa/ml_dsa.h"
#include "../fipsmodule/pqdsa/internal.h"
#include "../ml_dsa/ml_dsa.h"
#include "../pqdsa/internal.h"
#endif


Expand Down
9 changes: 0 additions & 9 deletions crypto/fipsmodule/bcm.c
Original file line number Diff line number Diff line change
Expand Up @@ -119,9 +119,6 @@
#include "evp/p_hkdf.c"
#include "evp/p_hmac.c"
#include "evp/p_kem.c"
#ifdef ENABLE_DILITHIUM
#include "evp/p_pqdsa.c"
#endif
#include "evp/p_rsa.c"
#include "hkdf/hkdf.c"
#include "hmac/hmac.c"
Expand All @@ -130,9 +127,6 @@
#include "kem/kem.c"
#include "md4/md4.c"
#include "md5/md5.c"
#ifdef ENABLE_DILITHIUM
#include "ml_dsa/ml_dsa.c"
#endif
#include "ml_kem/ml_kem.c"
#include "modes/cbc.c"
#include "modes/cfb.c"
Expand All @@ -143,9 +137,6 @@
#include "modes/xts.c"
#include "modes/polyval.c"
#include "pbkdf/pbkdf.c"
#ifdef ENABLE_DILITHIUM
#include "pqdsa/pqdsa.c"
#endif
#include "rand/ctrdrbg.c"
#include "rand/fork_detect.c"
#include "rand/rand.c"
Expand Down
3 changes: 0 additions & 3 deletions crypto/fipsmodule/evp/evp_ctx.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,6 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
out->methods[4] = EVP_PKEY_hmac_pkey_meth();
out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
out->methods[6] = EVP_PKEY_kem_pkey_meth();
#ifdef ENABLE_DILITHIUM
out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
#endif
}

static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {
Expand Down
4 changes: 2 additions & 2 deletions crypto/fipsmodule/evp/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -383,8 +383,8 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
#define ED25519_PUBLIC_KEY_OFFSET 32

#ifdef ENABLE_DILITHIUM
#define FIPS_EVP_PKEY_METHODS 8
#define NON_FIPS_EVP_PKEY_METHODS 3
#define FIPS_EVP_PKEY_METHODS 7
#define NON_FIPS_EVP_PKEY_METHODS 4
#define ASN1_EVP_PKEY_METHODS 10
#else
#define FIPS_EVP_PKEY_METHODS 7
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
4 changes: 2 additions & 2 deletions crypto/fipsmodule/ml_dsa/ml_dsa.c → crypto/ml_dsa/ml_dsa.c
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC

#include "../../evp_extra/internal.h"
#include "../evp/internal.h"
#include "../evp_extra/internal.h"
#include "../fipsmodule/evp/internal.h"
#include "ml_dsa.h"
#include "ml_dsa_ref/params.h"
#include "ml_dsa_ref/sign.h"
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#include "ntt.h"
#include "reduce.h"
#include "rounding.h"
#include "../../sha/internal.h"
#include "../../fipsmodule/sha/internal.h"

/*************************************************
* Name: ml_dsa_poly_reduce
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#include "sign.h"
#include <stdint.h>
#include "../../../internal.h"
#include "../../internal.h"
#include "openssl/rand.h"
#include "packing.h"
#include "params.h"
Expand Down
Loading

0 comments on commit e34998e

Please sign in to comment.