remove enable dilithium flag

aws · jakemas · Dec 20, 2024 · Dec 20, 2024 · Dec 20, 2024 · Dec 20, 2024
commit 89d0276308a4939a4ba7750df3e48d730f351907
@@ -324,16 +324,6 @@ else()
   file(COPY ${GENERATE_CODE_ROOT}/err_data.c DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
 endif()
 
-set(DILITHIUM_SOURCES)
-if(ENABLE_DILITHIUM)
-  set(
-    DILITHIUM_SOURCES
-
-    evp_extra/p_pqdsa_asn1.c
-    dilithium/ml_dsa.c
-  )
-endif()
-
 set(CRYPTO_ARCH_OBJECTS "")
 if (ARCH STREQUAL "aarch64" AND CMAKE_GENERATOR MATCHES "Visual Studio")
   msbuild_aarch64_asm(TARGET crypto_objects ASM_FILES ${CRYPTO_ARCH_SOURCES} OUTPUT_OBJECTS CRYPTO_ARCH_OBJECTS)
@@ -411,7 +401,7 @@ add_library(
   dh_extra/params.c
   dh_extra/dh_asn1.c
   digest_extra/digest_extra.c
-  ${DILITHIUM_SOURCES}
+  dilithium/ml_dsa.c
   dsa/dsa.c
   dsa/dsa_asn1.c
   ecdh_extra/ecdh_extra.c
@@ -431,6 +421,7 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
+  evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
   evp_extra/p_x25519_asn1.c

@@ -13,9 +13,6 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
 #include "../fipsmodule/pqdsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
-
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 #include "ml_dsa.h"
@@ -1237,7 +1234,7 @@ TEST_P(PQDSAParameterTest, NewKeyFromBytes) {
   EXPECT_EQ(1, EVP_PKEY_cmp(pkey.get(), new_pkey.get()));
 
   // New raw pkey to store raw secret key
-  bssl::UniquePtr<EVP_PKEY> private_pkey(EVP_PKEY_pqdsa_new_raw_private_key(nid, pkey->pkey.pqdsa_key->private_key, sk_len));
+  bssl::UniquePtr<EVP_PKEY> private_pkey(EVP_PKEY_pqdsa_new_raw_secret_key(nid, pkey->pkey.pqdsa_key->private_key, sk_len));
 
   // check that secret key is present and public key is not present
   ASSERT_NE(private_pkey, nullptr);
@@ -1251,7 +1248,7 @@ TEST_P(PQDSAParameterTest, RawFunctions) {
   // Test EVP_PKEY_get_raw_private_key for extracting private keys
   // Test EVP_PKEY_pqdsa_new_raw_public_key for generating a new PKEY from raw pub
   // Test EVP_parse_public_key can parse the DER to a PKEY
-  // Test EVP_PKEY_pqdsa_new_raw_private_key for generating a new PKEY from raw priv
+  // Test EVP_PKEY_pqdsa_new_raw_secret_key for generating a new PKEY from raw priv
 
   int nid = GetParam().nid;
   size_t pk_len = GetParam().public_key_len;
@@ -1299,7 +1296,7 @@ TEST_P(PQDSAParameterTest, RawFunctions) {
   EXPECT_EQ(priv_len, sk_len);
   ASSERT_TRUE(EVP_PKEY_get_raw_private_key(pkey.get(), priv_buf.data(), &priv_len));
 
-  bssl::UniquePtr<EVP_PKEY> pkey_sk_new(EVP_PKEY_pqdsa_new_raw_private_key(nid, priv_buf.data(), sk_len));
+  bssl::UniquePtr<EVP_PKEY> pkey_sk_new(EVP_PKEY_pqdsa_new_raw_secret_key(nid, priv_buf.data(), sk_len));
   ASSERT_TRUE(pkey_sk_new);
 
   // The private key must encode properly.
@@ -1406,13 +1403,3 @@ TEST_P(PQDSAParameterTest, MarshalParse) {
   bssl::UniquePtr<EVP_PKEY> pkey_from_der(EVP_parse_public_key(&cbs));
   ASSERT_TRUE(pkey_from_der);
 }
-
-#else
-
-TEST(PQDSATest, EvpDisabled) {
-  ASSERT_EQ(nullptr, EVP_PKEY_CTX_new_id(EVP_PKEY_NONE, nullptr));
-  bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
-  ASSERT_FALSE(EVP_PKEY_set_type(pkey.get(), EVP_PKEY_NONE));
-}
-
-#endif
@@ -99,7 +99,7 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
   if (OBJ_cbs2nid(&oid) == NID_rsa) {
     return &rsa_asn1_meth;
   }
-#ifdef ENABLE_DILITHIUM
+
   // The pkey_id for the pqdsa_asn1_meth is EVP_PKEY_PQDSA, as this holds all
   // asn1 functions for pqdsa types. However, the incoming CBS has the OID for
   // the specific algorithm. So we must search explicitly for the algorithm.
@@ -113,7 +113,6 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
       return ret;
     }
   }
-#endif
   return NULL;
 }
 

@@ -697,8 +697,6 @@ static const uint8_t kInvalidPrivateKey[] = {
     0x48, 0x30, 0x01, 0xaa, 0x02, 0x86, 0xc0, 0x30, 0xdf, 0xe9, 0x80,
 };
 
-#ifdef ENABLE_DILITHIUM
-
 // kExampleMLDSA65KeyDER is a ML-DSA private key in ASN.1, DER format.
 // Of course, you should never use this key anywhere but in an example.
 static const uint8_t kExampleMLDSA65KeyDER[] = {
@@ -1015,8 +1013,6 @@ static const uint8_t kExampleMLDSA65KeyDER[] = {
 0xE3, 0x1D, 0xF6, 0xF7, 0xEE, 0x9F, 0xA, 0xC5, 0x91, 0x14, 0x33, 0x4B, 0xDB,
 0xC4, 0xEE, 0xC, 0xFB, 0xE4, 0xD1, 0x43, 0xC2, 0x1B, 0xC3, 0x2, 0x9B, 0x6B };
 
-#endif
-
 static bssl::UniquePtr<EVP_PKEY> LoadExampleRSAKey() {
   bssl::UniquePtr<RSA> rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
                                            sizeof(kExampleRSAKeyDER)));
@@ -1493,12 +1489,8 @@ TEST(EVPExtraTest, d2i_PrivateKey) {
                               sizeof(kExampleRSAPSSKeyPKCS8)));
   EXPECT_TRUE(
       ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));
-
-#ifdef ENABLE_DILITHIUM
   EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_PQDSA, kExampleMLDSA65KeyDER,
                               sizeof(kExampleMLDSA65KeyDER)));
-#endif
-
   EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleBadECKeyDER,
                                sizeof(kExampleBadECKeyDER)));
   ERR_clear_error();

@@ -27,9 +27,7 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
-#ifdef ENABLE_DILITHIUM
 extern const EVP_PKEY_ASN1_METHOD pqdsa_asn1_meth;
-#endif
 extern const EVP_PKEY_ASN1_METHOD kem_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;

@@ -20,9 +20,7 @@ const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
   &dsa_asn1_meth,
   &ed25519_asn1_meth,
   &x25519_asn1_meth,
-#ifdef ENABLE_DILITHIUM
   &pqdsa_asn1_meth,
-#endif
   &kem_asn1_meth,
   &hmac_asn1_meth,
   &dh_asn1_meth

@@ -64,12 +64,8 @@
 #include "../internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
-
-#ifdef ENABLE_DILITHIUM
 #include "../dilithium/ml_dsa.h"
 #include "../fipsmodule/pqdsa/internal.h"
-#endif
-
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
   for (size_t i = 0; i < len; i++) {
@@ -312,8 +308,6 @@ static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
 }
 
-#ifdef ENABLE_DILITHIUM
-
 // MLDSA keys.
 
 static int do_mldsa_65_print(BIO *bp, const EVP_PKEY *pkey, int off, int ptype) {
@@ -357,8 +351,6 @@ static int mldsa_65_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
   return do_mldsa_65_print(bp, pkey, indent, 2);
 }
 
-#endif
-
 typedef struct {
   int type;
   int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
@@ -385,14 +377,12 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
         eckey_priv_print,
         eckey_param_print,
     },
-#ifdef ENABLE_DILITHIUM
     {
         EVP_PKEY_PQDSA,
         mldsa_65_pub_print,
         mldsa_65_priv_print,
         NULL /* param_print */,
     },
-#endif
 };
 
 static size_t kPrintMethodsLen = OPENSSL_ARRAY_SIZE(kPrintMethods);

@@ -119,9 +119,7 @@
 #include "evp/p_hkdf.c"
 #include "evp/p_hmac.c"
 #include "evp/p_kem.c"
-#ifdef ENABLE_DILITHIUM
 #include "evp/p_pqdsa.c"
-#endif
 #include "evp/p_rsa.c"
 #include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
@@ -140,9 +138,7 @@
 #include "modes/xts.c"
 #include "modes/polyval.c"
 #include "pbkdf/pbkdf.c"
-#ifdef ENABLE_DILITHIUM
 #include "pqdsa/pqdsa.c"
-#endif
 #include "rand/ctrdrbg.c"
 #include "rand/fork_detect.c"
 #include "rand/rand.c"

@@ -75,9 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
   out->methods[4] = EVP_PKEY_hmac_pkey_meth();
   out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
   out->methods[6] = EVP_PKEY_kem_pkey_meth();
-#ifdef ENABLE_DILITHIUM
   out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
-#endif
 }
 
 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

@@ -381,16 +381,9 @@ typedef struct {
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
 #define ED25519_PUBLIC_KEY_OFFSET 32
-
-#ifdef ENABLE_DILITHIUM
 #define FIPS_EVP_PKEY_METHODS 8
 #define NON_FIPS_EVP_PKEY_METHODS 3
 #define ASN1_EVP_PKEY_METHODS 10
-#else
-#define FIPS_EVP_PKEY_METHODS 7
-#define NON_FIPS_EVP_PKEY_METHODS 3
-#define ASN1_EVP_PKEY_METHODS 9
-#endif
 
 struct fips_evp_pkey_methods {
   const EVP_PKEY_METHOD * methods[FIPS_EVP_PKEY_METHODS];
@@ -403,9 +396,7 @@ const EVP_PKEY_METHOD *EVP_PKEY_hkdf_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_hmac_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_ed25519_pkey_meth(void);
 const EVP_PKEY_METHOD *EVP_PKEY_kem_pkey_meth(void);
-#ifdef ENABLE_DILITHIUM
 const EVP_PKEY_METHOD *EVP_PKEY_pqdsa_pkey_meth(void);
-#endif
 
 #if defined(__cplusplus)
 }  // extern C

@@ -231,7 +231,7 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t l
   return NULL;
 }
 
-EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t len) {
+EVP_PKEY *EVP_PKEY_pqdsa_new_raw_secret_key(int nid, const uint8_t *in, size_t len) {
   if (in == NULL) {
     OPENSSL_PUT_ERROR(EVP, ERR_R_PASSED_NULL_PARAMETER);
     return NULL;

@@ -98,11 +98,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
     return X509_ALGOR_set0(algor, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
   }
 
-#ifdef ENABLE_DILITHIUM
   if (EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA) {
     return X509_ALGOR_set0(algor, OBJ_nid2obj(pkey->pkey.pqdsa_key->pqdsa->nid), V_ASN1_UNDEF, NULL);
   }
-#endif
 
   // Default behavior: look up the OID for the algorithm/hash pair and encode
   // that.
@@ -143,12 +141,10 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
   // when |sigalg_nid| is |NID_rsassaPss|.
   if (pkey_nid != EVP_PKEY_id(pkey) &&
       !(sigalg_nid == NID_rsassaPss && pkey_nid == NID_rsaEncryption &&
-        EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS)
-#ifdef ENABLE_DILITHIUM
-      && !(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
+        EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS) &&
+      !(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
         EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA)
-#endif
-        ) {
+      ) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
     return 0;
   }
@@ -164,11 +160,7 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
     if (sigalg_nid == NID_rsassaPss) {
       return x509_rsa_pss_to_ctx(ctx, sigalg, pkey);
     }
-#ifdef ENABLE_DILITHIUM
     if (sigalg_nid == NID_ED25519 || sigalg_nid == NID_MLDSA65) {
-#else
-    if (sigalg_nid == NID_ED25519) {
-#endif
       if (sigalg->parameter != NULL) {
         OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
         return 0;

@@ -576,7 +576,6 @@ w1AH9efZBw==
 -----END CERTIFICATE-----
 )";
 
-#ifdef ENABLE_DILITHIUM
 // This certificate is the example certificate provided in section 3 of
 //https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
 static const char kMLDSA65Cert[] = R"(
@@ -946,8 +945,6 @@ DhQcIi8=
 -----END CERTIFICATE-----
 )";
 
-#endif
-
 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
 // contains SANS for example.com, test@example.com, 127.0.0.1, and
 // https://example.com/. (The latter is useless for now since crypto/x509
@@ -2923,8 +2920,6 @@ TEST(X509Test, Ed25519Sign) {
   ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
 }
 
-#ifdef ENABLE_DILITHIUM
-
 TEST(X509Test, MLDSA65SignVerifyCert) {
   // This test generates a MLDSA65 keypair, generates and signs a
   // certificate, then verifies the certificate's signature.
@@ -2995,8 +2990,6 @@ TEST(X509Test, TestBadParamsMLDSA65) {
   ERR_clear_error();
 }
 
-#endif
-
 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
                      const char *pem) {
   bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));

@@ -182,6 +182,8 @@ extern "C" {
 
 #endif
 
+// EXPERIMENTAL header indicates the API may be unstable during development
+#define OPENSSL_EXPERIMENTAL OPENSSL_DEPRECATED
 
 #if defined(__GNUC__) || defined(__clang__)
 // MinGW has two different printf implementations. Ensure the format macro

@@ -198,11 +198,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int
 #define EVP_PKEY_HKDF NID_hkdf
 #define EVP_PKEY_HMAC NID_hmac
 #define EVP_PKEY_DH NID_dhKeyAgreement
-
-#ifdef ENABLE_DILITHIUM
 #define EVP_PKEY_PQDSA NID_PQDSA
-#endif
-
 #define EVP_PKEY_KEM NID_kem
 
 // EVP_PKEY_set_type sets the type of |pkey| to |type|. It returns one if
@@ -944,24 +940,28 @@ OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key);
 
 // PQDSA specific functions.
 
-#ifdef ENABLE_DILITHIUM
 // EVP_PKEY_CTX_pqdsa_set_params sets in |ctx| the parameters associated with
 // the signature scheme defined by the given |nid|. It returns one on success
-// and zero on error.
-OPENSSL_EXPORT int EVP_PKEY_CTX_pqdsa_set_params(EVP_PKEY_CTX *ctx, int nid);
+// and zero on error. This API is marked as EXPERIMENTAL (using the deprecated
+// warning) to indicate that this API may change as the standards around the
+// signature schemes finalize.
+OPENSSL_EXPERIMENTAL OPENSSL_EXPORT int EVP_PKEY_CTX_pqdsa_set_params(EVP_PKEY_CTX *ctx, int nid);
 
 // EVP_PKEY_pqdsa_new_raw_public_key generates a new EVP_PKEY object of type
 // EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
 // public key part of the PQDSA key with the contents of |in|. It returns the
-// pointer to the allocated PKEY on sucess and NULL on error.
-OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t len);
+// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
+// as EXPERIMENTAL (using the deprecated warning) to indicate that this API may
+// change as the standards around the signature schemes finalize.
+OPENSSL_EXPERIMENTAL OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t len);
 
-// EVP_PKEY_pqdsa_new_raw_private_key generates a new EVP_PKEY object of type
+// EVP_PKEY_pqdsa_new_raw_secret_key generates a new EVP_PKEY object of type
 // EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
 // secret key part of the PQDSA key with the contents of |in|. It returns the
-// pointer to the allocated PKEY on sucess and NULL on error.
-OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t len);
-#endif
+// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
+// as EXPERIMENTAL (using the deprecated warning) to indicate that this API may
+// change as the standards around the signature schemes finalize.
+OPENSSL_EXPERIMENTAL OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_secret_key(int nid, const uint8_t *in, size_t len);
 
 // Diffie-Hellman-specific control functions.