Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ML-DSA-44 and ML-DSA-87 to PQDSA API #2009

Merged
merged 6 commits into from
Dec 3, 2024
Merged

Conversation

jakemas
Copy link
Contributor

@jakemas jakemas commented Nov 22, 2024

Issues:

Resolves #CryptoAlg-2725

Description of changes:

This PR adds ML-DSA-44 and ML-DSA-87 to AWS-LC. As we already have support for ML-DSA-65 through the PQDSA signature API (see #1963) and already support internal functions and KATs that use these internal APIs (see #1999), this PR consists of:

  • The addition of the 6 pqdsa APIs for ML-DSA-44 and ML-DSA-87: ml_dsa_{44/87}_keypair, ml_dsa_{44/87}_keypair_internal, ml_dsa_{44/87}_sign, ml_dsa_{44/87}_sign_internal, ml_dsa_{44/87}_verify, andml_dsa_{44/87}_verify_internal
  • The function methods: sig_ml_dsa_44_method and sig_ml_dsa_87_method
  • The algorithm data structs: sig_ml_dsa_44 and sig_ml_dsa_87

Call-outs:

I haven't hooked up ML-DSA-44/87 to X.509 in this PR, to keep the PR focused to a single feature addition.

I have hooked up ML-DSA-44/87 to the speed tool; see example output:

Did 33000 MLDSA44 keygen operations in 1000554us (32981.7 ops/sec)
Did 8541 MLDSA44 signing operations in 1061153us (8048.8 ops/sec)
Did 32000 MLDSA44 verify operations in 1016751us (31472.8 ops/sec)
Did 17000 MLDSA65 keygen operations in 1021812us (16637.1 ops/sec)
Did 6000 MLDSA65 signing operations in 1148331us (5225.0 ops/sec)
Did 20000 MLDSA65 verify operations in 1019696us (19613.7 ops/sec)
Did 12000 MLDSA87 keygen operations in 1011438us (11864.3 ops/sec)
Did 4344 MLDSA87 signing operations in 1043422us (4163.2 ops/sec)
Did 12000 MLDSA87 verify operations in 1027267us (11681.5 ops/sec)

Testing:

#1999 provided a test frame work for all pqdsa signature types, as such, ML-DSA-44/87 are added to this test harness by:

static const struct PQDSATestVector parameterSet[] = {
  {"MLDSA44", NID_MLDSA44, 1312, 2560, 2420,  "dilithium/kat/MLDSA_44_hedged_pure.txt", mldsa44kPublicKey, mldsa44kPublicKeySPKI, 1334},
  {"MLDSA65", NID_MLDSA65, 1952, 4032, 3309,  "dilithium/kat/MLDSA_65_hedged_pure.txt", mldsa65kPublicKey, mldsa65kPublicKeySPKI, 1974},
  {"MLDSA87", NID_MLDSA87, 2592, 4896, 4627,  "dilithium/kat/MLDSA_87_hedged_pure.txt", mldsa87kPublicKey, mldsa87kPublicKeySPKI, 2614},
};

This requires the inclusion of test harness raw public keys mldsa{44/87}kPublicKey and encoded public keys mldsa{44/87}kPublicKeySPKI.

The lengths of the encodings are well defined by https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@jakemas jakemas requested a review from a team as a code owner November 22, 2024 21:13
@codecov-commenter
Copy link

codecov-commenter commented Nov 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.69%. Comparing base (80f984e) to head (cc6f8b5).
Report is 18 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2009      +/-   ##
==========================================
- Coverage   78.90%   78.69%   -0.22%     
==========================================
  Files         594      598       +4     
  Lines      102415   103323     +908     
  Branches    14517    14686     +169     
==========================================
+ Hits        80812    81308     +496     
- Misses      20953    21364     +411     
- Partials      650      651       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@@ -403,8 +1023,14 @@ TEST_P(PQDSAParameterTest, KAT) {

// Generate key pair from seed xi and assert that public and private keys
// are equal to expected values from KAT
if (name == "MLDSA65") {
ASSERT_TRUE(ml_dsa_65_keypair_internal(pub.data(), priv.data(), xi.data()));
if (name == "MLDSA44") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the KAT Test use the EVP API like the following tests, or it's intended to use the internal APIs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we would like the KATs to use the EVP APIs, we would need to add new EVP methods for sign_internal and verify_internal. Those new methods would allow the randomness to be supplied as an additional argument, and call the internal functions rather than the external. Given that these internal methods are for testing/validation purposes only, there is no use for them within the EVP APIs.

These internal functions were not designed for any other use-cases than testing, see FIPS 204 page 22 section 6.

Other than for testing purposes, the interfaces for key generation and signature generation specified
in this section should not be made available to applications, as any random values required for key
generation and signature generation shall be generated by the cryptographic module. 

crypto/dilithium/ml_dsa.h Show resolved Hide resolved
out->nid = NID_MLDSA44;
out->oid = kOIDMLDSA44;
out->oid_len = sizeof(kOIDMLDSA44);
out->comment = "MLDSA44 ";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that there's a trailing space here and that it's consistent with ML-DSA-65. Can you confirm that this is intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crypto/dilithium/p_pqdsa_test.cc Outdated Show resolved Hide resolved
crypto/dilithium/p_pqdsa_test.cc Outdated Show resolved Hide resolved
crypto/dilithium/p_pqdsa_test.cc Outdated Show resolved Hide resolved
Comment on lines 160 to 165
case NID_MLDSA44:
return &pqdsa_asn1_meth;
case NID_MLDSA65:
return &pqdsa_asn1_meth;
case NID_MLDSA87:
return &pqdsa_asn1_meth;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
case NID_MLDSA44:
return &pqdsa_asn1_meth;
case NID_MLDSA65:
return &pqdsa_asn1_meth;
case NID_MLDSA87:
return &pqdsa_asn1_meth;
case NID_MLDSA44:
case NID_MLDSA65:
case NID_MLDSA87:
return &pqdsa_asn1_meth;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in cd9467c

@jakemas
Copy link
Contributor Author

jakemas commented Dec 3, 2024

@nebeid @geedo0 any other actions required on this?

@nebeid nebeid merged commit 7c47081 into aws:main Dec 3, 2024
114 of 119 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants