PQC proof-of-concept from SPDM 1.4

.github/workflows/cifuzz.yml

@@ -4,6 +4,8 @@ on:
     paths-ignore:
       - 'doc/**'
       - '**/*.md'
+    branches:
+      - main
 permissions: {}
 jobs:
   Fuzzing:

.gitmodules

@@ -7,3 +7,6 @@
 [submodule "unit_test/cmockalib/cmocka"]
     path = unit_test/cmockalib/cmocka
 	url = https://gitlab.com/cmocka/cmocka.git
+[submodule "os_stub/oqslib/liboqs"]
+	path = os_stub/oqslib/liboqs
+	url = https://github.com/open-quantum-safe/liboqs

CMakeLists.txt

@@ -939,6 +939,10 @@ else()
         add_subdirectory(os_stub/spdm_device_secret_lib_null)
         add_subdirectory(os_stub/spdm_cert_verify_callback_sample)
 
+        add_subdirectory(os_stub/oqslib)
+        add_subdirectory(os_stub/pqccryptlib_oqs)
+        add_subdirectory(os_stub/pqccryptlib_null)
+
         if(NOT DISABLE_TESTS STREQUAL "1")
             add_subdirectory(unit_test/spdm_transport_test_lib)
             add_subdirectory(unit_test/cmockalib)
@@ -955,6 +959,9 @@ else()
             add_subdirectory(unit_test/test_spdm_fips)
             add_subdirectory(unit_test/test_spdm_secured_message)
             add_subdirectory(unit_test/test_spdm_sample)
+
+            add_subdirectory(unit_test/test_crypt_pqc)
+            add_subdirectory(unit_test/gen_pqc_key)
             endif()
 
             if((NOT TOOLCHAIN STREQUAL "ARM_DS2022") AND (NOT TOOLCHAIN STREQUAL "RISCV_XPACK"))

README.md

@@ -6,7 +6,7 @@
 
    The SPDM and secured message libraries follow :
 
-   [DSP0274](https://www.dmtf.org/dsp/DSP0274)  Security Protocol and Data Model (SPDM) Specification (version [1.0.2](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.2.pdf), version [1.1.3](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.1.3.pdf), version [1.2.2](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.2.pdf) and version [1.3.1](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.3.1.pdf))
+   [DSP0274](https://www.dmtf.org/dsp/DSP0274)  Security Protocol and Data Model (SPDM) Specification (version [1.0.2](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.2.pdf), version [1.1.3](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.1.3.pdf), version [1.2.2](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.2.pdf), version [1.3.1](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.3.1.pdf)) and version [1.4.0WIP70](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.4.0WIP70.pdf)
 
    [DSP0277](https://www.dmtf.org/dsp/DSP0277)  Secured Messages using SPDM Specification (version [1.0.1](https://www.dmtf.org/sites/default/files/standards/documents/DSP0277_1.0.1.pdf), version [1.1.1](https://www.dmtf.org/sites/default/files/standards/documents/DSP0277_1.1.1.pdf), version [1.2.0](https://www.dmtf.org/sites/default/files/standards/documents/DSP0277_1.2.0.pdf))
 
@@ -59,6 +59,9 @@
    An [OpenSSL](https://www.openssl.org/) wrapper is included in [cryptlib_openssl](https://github.com/DMTF/libspdm/tree/main/os_stub/openssllib).
    NOTE: SM2-KeyExchange and SM4_GCM are not supported.
 
+   An [OQS](https://github.com/open-quantum-safe/liboqs) wrapper is included in [pqccryptlib_oqs](https://github.com/DMTF/libspdm/tree/main/os_stub/pqccryptlib_oqs).
+   NOTE: SLH-DSA and PQC X.509cert/PEM parsing are not supported.
+
    libspdm provides support for [FIPS 140-3](https://csrc.nist.gov/publications/detail/fips/140/3/final). Refer to [libspdm FIPS](https://github.com/DMTF/libspdm/blob/main/doc/fips.md) for more information.
 
    libspdm implements a raw public key format as defined in [RFC7250](https://www.rfc-editor.org/rfc/rfc7250). Refer to [libspdm raw public key](https://github.com/DMTF/libspdm/blob/main/doc/raw_public_key.md) for more information.
@@ -171,6 +174,8 @@ For other architectures, refer to [build](https://github.com/DMTF/libspdm/blob/m
 
 2) [OpenSSL](https://www.openssl.org) as cryptography library. Version 3.0.14.
 
+3) [OQS](https://github.com/open-quantum-safe/liboqs) as PQC cryptography library. Version 0.12.0. (NOTE: This library is NOT recommended in a production envrionment. It is only for research and prototyping.)
+
 ### Unit Test framework
 
 1) [cmocka](https://cmocka.org/). Version 1.1.7.

include/hal/library/cryptlib.h

@@ -58,6 +58,30 @@
 #define LIBSPDM_CRYPTO_NID_CHACHA20_POLY1305 0x0303
 #define LIBSPDM_CRYPTO_NID_SM4_128_GCM 0x0304
 
+/* ML-KEM */
+#define LIBSPDM_CRYPTO_NID_ML_KEM_512 0x8001
+#define LIBSPDM_CRYPTO_NID_ML_KEM_768 0x8002
+#define LIBSPDM_CRYPTO_NID_ML_KEM_1024 0x8003
+
+/* ML-DSA */
+#define LIBSPDM_CRYPTO_NID_ML_DSA_44 0x8101
+#define LIBSPDM_CRYPTO_NID_ML_DSA_65 0x8102
+#define LIBSPDM_CRYPTO_NID_ML_DSA_87 0x8103
+
+/* SLH-DSA */
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_128S 0x8201
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_128S 0x8202
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_128F 0x8203
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_128F 0x8204
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_192S 0x8205
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_192S 0x8206
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_192F 0x8207
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_192F 0x8208
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_256S 0x8209
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_256S 0x820A
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_256F 0x820B
+#define LIBSPDM_CRYPTO_NID_SLH_DSA_SHAKE_256F 0x820C
+
 /* X.509 v3 key usage extension flags. */
 #define LIBSPDM_CRYPTO_X509_KU_DIGITAL_SIGNATURE 0x80
 #define LIBSPDM_CRYPTO_X509_KU_NON_REPUDIATION 0x40
@@ -105,5 +129,8 @@
 #include "hal/library/cryptlib/cryptlib_ecd.h"
 #include "hal/library/cryptlib/cryptlib_sm2.h"
 #include "hal/library/cryptlib/cryptlib_rng.h"
+#include "hal/library/cryptlib/cryptlib_cert_pqc.h"
+#include "hal/library/cryptlib/cryptlib_mldsa.h"
+#include "hal/library/cryptlib/cryptlib_mlkem.h"
 
 #endif /* CRYPTLIB_H */

include/hal/library/cryptlib/cryptlib_cert_pqc.h

@@ -0,0 +1,31 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2021-2024 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef CRYPTLIB_CERT_PQC_H
+#define CRYPTLIB_CERT_PQC_H
+
+#if LIBSPDM_CERT_PARSE_SUPPORT
+/**
+ * Retrieve the mldsa public key from one DER-encoded X509 certificate.
+ *
+ * @param[in]  cert         Pointer to the DER-encoded X509 certificate.
+ * @param[in]  cert_size    Size of the X509 certificate in bytes.
+ * @param[out] dsa_context  Pointer to newly generated mldsa context which contain the retrieved
+ *                          mldsa public key component. Use mldsa_free() function to free the
+ *                          resource.
+ *
+ * If cert is NULL, then return false.
+ * If dsa_context is NULL, then return false.
+ *
+ * @retval  true   mldsa public key was retrieved successfully.
+ * @retval  false  Fail to retrieve mldsa public key from X509 certificate.
+ *
+ **/
+extern bool libspdm_mldsa_get_public_key_from_x509(const uint8_t *cert, size_t cert_size,
+                                                   void **dsa_context);
+#endif /* LIBSPDM_CERT_PARSE_SUPPORT */
+
+#endif /* CRYPTLIB_CERT_H */

include/hal/library/cryptlib/cryptlib_mldsa.h

@@ -0,0 +1,117 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2024 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef CRYPTLIB_MLDSA_H
+#define CRYPTLIB_MLDSA_H
+
+#if LIBSPDM_ML_DSA_SUPPORT
+
+/**
+ * Allocates and initializes one DSA context for subsequent use.
+ *
+ * @param nid cipher NID
+ *
+ * @return  Pointer to the DSA context that has been initialized.
+ **/
+extern void *libspdm_mldsa_new(size_t nid);
+
+/**
+ * Release the specified DSA context.
+ *
+ * @param[in]  dsa_context  Pointer to the DSA context to be released.
+ **/
+extern void libspdm_mldsa_free(void *dsa_context);
+
+/**
+ * Sets the key component into the established DSA context.
+ *
+ * @param[in, out]  dsa_context  Pointer to DSA context being set.
+ * @param[in]       key_data     Pointer to octet integer buffer.
+ * @param[in]       key_size     Size of big number buffer in bytes.
+ *
+ * @retval  true   DSA key component was set successfully.
+ **/
+extern bool libspdm_mldsa_set_pubkey(void *dsa_context, const uint8_t *key_data, size_t key_size);
+
+/**
+ * Sets the key component into the established DSA context.
+ *
+ * @param[in, out]  dsa_context  Pointer to DSA context being set.
+ * @param[in]       key_data     Pointer to octet integer buffer.
+ * @param[in]       key_size     Size of big number buffer in bytes.
+ *
+ * @retval  true   DSA key component was set successfully.
+ **/
+extern bool libspdm_mldsa_set_privkey(void *dsa_context, const uint8_t *key_data, size_t key_size);
+
+/**
+ * Generates DSA context from DER-encoded public key data.
+ *
+ * The public key is ASN.1 DER-encoded as RFC7250 describes,
+ * namely, the SubjectPublicKeyInfo structure of a X.509 certificate.
+ * 
+ * OID is defined in https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates
+ *
+ * @param[in]  der_data     Pointer to the DER-encoded public key data.
+ * @param[in]  der_size     Size of the DER-encoded public key data in bytes.
+ * @param[out] dsa_context  Pointer to newly generated DSA context which contains the
+ *                          DSA public key component.
+ *                          Use libspdm_mldsa_free() function to free the resource.
+ *
+ * If der_data is NULL, then return false.
+ * If dsa_context is NULL, then return false.
+ *
+ * @retval  true   DSA context was generated successfully.
+ * @retval  false  Invalid DER public key data.
+ *
+ **/
+extern bool libspdm_mldsa_get_public_key_from_der(const uint8_t *der_data,
+                                                  size_t der_size,
+                                                  void **dsa_context);
+
+/**
+ * Carries out the MLDSA signature generation.
+ *
+ * @param[in]      dsa_context   Pointer to DSA context for signature generation.
+ * @param[in]      context       The MLDSA signing context.
+ * @param[in]      context_size  Size of MLDSA signing context.
+ * @param[in]      message       Pointer to octet message to be signed.
+ * @param[in]      message_size  Size of the message in bytes.
+ * @param[out]     signature     Pointer to buffer to receive DSA signature.
+ * @param[in, out] sig_size      On input, the size of signature buffer in bytes.
+ *                               On output, the size of data returned in signature buffer in bytes.
+ *
+ * @retval  true   signature successfully generated.
+ * @retval  false  signature generation failed.
+ * @retval  false  sig_size is too small.
+ * @retval  false  This interface is not supported.
+ **/
+extern bool libspdm_mldsa_sign(void *dsa_context,
+                               const uint8_t *context, size_t context_size,
+                               const uint8_t *message, size_t message_size,
+                               uint8_t *signature, size_t *sig_size);
+
+/**
+ * Verifies the MLDSA signature.
+ *
+ * @param[in]  dsa_context   Pointer to DSA context for signature verification.
+ * @param[in]  context       The MLDSA signing context.
+ * @param[in]  context_size  Size of MLDSA signing context.
+ * @param[in]  message       Pointer to octet message to be checked.
+ * @param[in]  message_size  Size of the message in bytes.
+ * @param[in]  signature     Pointer to DSA signature to be verified.
+ * @param[in]  sig_size      Size of signature in bytes.
+ *
+ * @retval  true   Valid signature encoded.
+ * @retval  false  Invalid signature or invalid DSA context.
+ **/
+extern bool libspdm_mldsa_verify(void *dsa_context,
+                                 const uint8_t *context, size_t context_size,
+                                 const uint8_t *message, size_t message_size,
+                                 const uint8_t *signature, size_t sig_size);
+
+#endif /* LIBSPDM_ML_DSA_SUPPORT */
+#endif /* CRYPTLIB_MLDSA_H */

include/hal/library/cryptlib/cryptlib_mlkem.h

@@ -0,0 +1,85 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2024 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef CRYPTLIB_MLKEM_H
+#define CRYPTLIB_MLKEM_H
+
+#if LIBSPDM_ML_KEM_SUPPORT
+/**
+ * Allocates and initializes one KEM context for subsequent use with the NID.
+ *
+ * @param nid cipher NID
+ *
+ * @return  Pointer to the KEM context that has been initialized.
+ **/
+extern void *libspdm_mlkem_new_by_name(size_t nid);
+
+/**
+ * Release the specified KEM context.
+ *
+ * @param[in]  kem_context  Pointer to the KEM context to be released.
+ **/
+extern void libspdm_mlkem_free(void *kem_context);
+
+/**
+ * Generates KEM public key.
+ *
+ * @param[in, out]  kem_context       Pointer to the KEM context.
+ * @param[out]      encap_key        Pointer to the buffer to receive generated public key.
+ * @param[in, out]  encap_key_size   On input, the size of public_key buffer in bytes.
+ *                                   On output, the size of data returned in public_key buffer in
+ *                                   bytes.
+ *
+ * @retval true   KEM public key generation succeeded.
+ * @retval false  KEM public key generation failed.
+ * @retval false  public_key_size is not large enough.
+ * @retval false  This interface is not supported.
+ **/
+extern bool libspdm_mlkem_generate_key(void *kem_context, uint8_t *encap_key, size_t *encap_key_size);
+
+/**
+ * Computes exchanged common key.
+ *
+ * @param[in, out]  kem_context           Pointer to the KEM context.
+ * @param[in]       peer_encap_key        Pointer to the peer's public key.
+ * @param[in]       peer_encap_key_size   size of peer's public key in bytes.
+ * @param[out]      key                   Pointer to the buffer to receive generated key.
+ * @param[in, out]  key_size              On input, the size of key buffer in bytes.
+ *                                        On output, the size of data returned in key buffer in
+ *                                        bytes.
+ *
+ * @retval true   KEM exchanged key generation succeeded.
+ * @retval false  KEM exchanged key generation failed.
+ * @retval false  key_size is not large enough.
+ * @retval false  This interface is not supported.
+ **/
+extern bool libspdm_mlkem_encapsulate(void *kem_context, const uint8_t *peer_encap_key,
+                                    size_t peer_encap_key_size, uint8_t *cipher_text,
+                                    size_t *cipher_text_size, uint8_t *shared_secret,
+                                    size_t *shared_secret_size);
+
+/**
+ * Computes exchanged common key.
+ *
+ * @param[in, out]  kem_context           Pointer to the KEM context.
+ * @param[in]       peer_encap_key        Pointer to the peer's public key.
+ * @param[in]       peer_encap_key_size   size of peer's public key in bytes.
+ * @param[out]      key                   Pointer to the buffer to receive generated key.
+ * @param[in, out]  key_size              On input, the size of key buffer in bytes.
+ *                                        On output, the size of data returned in key buffer in
+ *                                        bytes.
+ *
+ * @retval true   KEM exchanged key generation succeeded.
+ * @retval false  KEM exchanged key generation failed.
+ * @retval false  key_size is not large enough.
+ * @retval false  This interface is not supported.
+ **/
+extern bool libspdm_mlkem_decapsulate(void *kem_context, const uint8_t *peer_cipher_text,
+                                    size_t peer_cipher_text_size, uint8_t *shared_secret,
+                                    size_t *shared_secret_size);
+
+#endif /* LIBSPDM_ML_KEM_SUPPORT */
+#endif /* CRYPTLIB_MLKEM_H */

include/hal/library/requester/reqasymsignlib.h

@@ -43,6 +43,36 @@ extern bool libspdm_requester_data_sign(
     const uint8_t *message, size_t message_size,
     uint8_t *signature, size_t *sig_size);
 
+/**
+ * Sign an SPDM message data.
+ *
+ * @param  spdm_context      A pointer to the SPDM context.
+ * @param  spdm_version      Indicates the negotiated s version.
+ * @param  req_base_asym_alg Indicates the signing algorithm.
+ * @param  base_hash_algo    Indicates the hash algorithm.
+ * @param  is_data_hash      Indicates the message type.
+ *                           If true, raw message before hash.
+ *                           If false, message hash.
+ * @param  message           A pointer to a message to be signed.
+ * @param  message_size      The size in bytes of the message to be signed.
+ * @param  signature         A pointer to a destination buffer to store the signature.
+ * @param  sig_size          On input, indicates the size, in bytes, of the destination buffer to
+ *                           store the signature.
+ *                           On output, indicates the size, in bytes, of the signature in the
+ *                           buffer.
+ *
+ * @retval true  signing success.
+ * @retval false signing fail.
+ **/
+extern bool libspdm_requester_data_pqc_sign(
+    void *spdm_context,
+    spdm_version_number_t spdm_version,
+    uint8_t op_code,
+    uint32_t req_pqc_asym_alg,
+    uint32_t base_hash_algo, bool is_data_hash,
+    const uint8_t *message, size_t message_size,
+    uint8_t *signature, size_t *sig_size);
+
 #if LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP
 /**
  * This functions returns the opaque data in a CHALLENGE_AUTH response.