Skip to content

Commit

Permalink
remove enable_dilithium flag
Browse files Browse the repository at this point in the history
  • Loading branch information
jakemas committed Dec 26, 2024
1 parent 88d6602 commit 03dcaf5
Show file tree
Hide file tree
Showing 15 changed files with 17 additions and 96 deletions.
13 changes: 2 additions & 11 deletions crypto/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -324,16 +324,6 @@ else()
file(COPY ${GENERATE_CODE_ROOT}/err_data.c DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
endif()

set(DILITHIUM_SOURCES)
if(ENABLE_DILITHIUM)
set(
DILITHIUM_SOURCES

evp_extra/p_pqdsa_asn1.c
dilithium/ml_dsa.c
)
endif()

set(CRYPTO_ARCH_OBJECTS "")
if (ARCH STREQUAL "aarch64" AND CMAKE_GENERATOR MATCHES "Visual Studio")
msbuild_aarch64_asm(TARGET crypto_objects ASM_FILES ${CRYPTO_ARCH_SOURCES} OUTPUT_OBJECTS CRYPTO_ARCH_OBJECTS)
Expand Down Expand Up @@ -411,7 +401,7 @@ add_library(
dh_extra/params.c
dh_extra/dh_asn1.c
digest_extra/digest_extra.c
${DILITHIUM_SOURCES}
dilithium/ml_dsa.c
dsa/dsa.c
dsa/dsa_asn1.c
ecdh_extra/ecdh_extra.c
Expand All @@ -431,6 +421,7 @@ add_library(
evp_extra/p_ed25519_asn1.c
evp_extra/p_hmac_asn1.c
evp_extra/p_kem_asn1.c
evp_extra/p_pqdsa_asn1.c
evp_extra/p_rsa_asn1.c
evp_extra/p_x25519.c
evp_extra/p_x25519_asn1.c
Expand Down
13 changes: 0 additions & 13 deletions crypto/dilithium/p_pqdsa_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@
#include "../fipsmodule/evp/internal.h"
#include "../internal.h"
#include "../fipsmodule/pqdsa/internal.h"

#ifdef ENABLE_DILITHIUM

#include "../test/file_test.h"
#include "../test/test_util.h"
#include "ml_dsa.h"
Expand Down Expand Up @@ -1518,13 +1515,3 @@ TEST_P(PQDSAParameterTest, ParsePublicKey) {
bssl::UniquePtr<EVP_PKEY> pkey_from_der(EVP_parse_public_key(&cbs));
ASSERT_TRUE(pkey_from_der);
}

#else

TEST(PQDSATest, EvpDisabled) {
ASSERT_EQ(nullptr, EVP_PKEY_CTX_new_id(EVP_PKEY_NONE, nullptr));
bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
ASSERT_FALSE(EVP_PKEY_set_type(pkey.get(), EVP_PKEY_NONE));
}

#endif
3 changes: 1 addition & 2 deletions crypto/evp_extra/evp_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
if (OBJ_cbs2nid(&oid) == NID_rsa) {
return &rsa_asn1_meth;
}
#ifdef ENABLE_DILITHIUM

// The pkey_id for the pqdsa_asn1_meth is EVP_PKEY_PQDSA, as this holds all
// asn1 functions for pqdsa types. However, the incoming CBS has the OID for
// the specific algorithm. So we must search explicitly for the algorithm.
Expand All @@ -113,7 +113,6 @@ static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) {
return ret;
}
}
#endif
return NULL;
}

Expand Down
8 changes: 0 additions & 8 deletions crypto/evp_extra/evp_extra_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -697,8 +697,6 @@ static const uint8_t kInvalidPrivateKey[] = {
0x48, 0x30, 0x01, 0xaa, 0x02, 0x86, 0xc0, 0x30, 0xdf, 0xe9, 0x80,
};

#ifdef ENABLE_DILITHIUM

// kExampleMLDSA65KeyDER is a ML-DSA private key in ASN.1, DER format.
// Of course, you should never use this key anywhere but in an example.
static const uint8_t kExampleMLDSA65KeyDER[] = {
Expand Down Expand Up @@ -1015,8 +1013,6 @@ static const uint8_t kExampleMLDSA65KeyDER[] = {
0xE3, 0x1D, 0xF6, 0xF7, 0xEE, 0x9F, 0xA, 0xC5, 0x91, 0x14, 0x33, 0x4B, 0xDB,
0xC4, 0xEE, 0xC, 0xFB, 0xE4, 0xD1, 0x43, 0xC2, 0x1B, 0xC3, 0x2, 0x9B, 0x6B };

#endif

static bssl::UniquePtr<EVP_PKEY> LoadExampleRSAKey() {
bssl::UniquePtr<RSA> rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
sizeof(kExampleRSAKeyDER)));
Expand Down Expand Up @@ -1493,12 +1489,8 @@ TEST(EVPExtraTest, d2i_PrivateKey) {
sizeof(kExampleRSAPSSKeyPKCS8)));
EXPECT_TRUE(
ParsePrivateKey(EVP_PKEY_EC, kExampleECKeyDER, sizeof(kExampleECKeyDER)));

#ifdef ENABLE_DILITHIUM
EXPECT_TRUE(ParsePrivateKey(EVP_PKEY_PQDSA, kExampleMLDSA65KeyDER,
sizeof(kExampleMLDSA65KeyDER)));
#endif

EXPECT_FALSE(ParsePrivateKey(EVP_PKEY_EC, kExampleBadECKeyDER,
sizeof(kExampleBadECKeyDER)));
ERR_clear_error();
Expand Down
2 changes: 0 additions & 2 deletions crypto/evp_extra/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,7 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
#ifdef ENABLE_DILITHIUM
extern const EVP_PKEY_ASN1_METHOD pqdsa_asn1_meth;
#endif
extern const EVP_PKEY_ASN1_METHOD kem_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
Expand Down
2 changes: 0 additions & 2 deletions crypto/evp_extra/p_methods.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@ const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {
&dsa_asn1_meth,
&ed25519_asn1_meth,
&x25519_asn1_meth,
#ifdef ENABLE_DILITHIUM
&pqdsa_asn1_meth,
#endif
&kem_asn1_meth,
&hmac_asn1_meth,
&dh_asn1_meth
Expand Down
10 changes: 0 additions & 10 deletions crypto/evp_extra/print.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,8 @@
#include "../internal.h"
#include "../fipsmodule/evp/internal.h"
#include "../fipsmodule/rsa/internal.h"

#ifdef ENABLE_DILITHIUM
#include "../dilithium/ml_dsa.h"
#include "../fipsmodule/pqdsa/internal.h"
#endif


static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
for (size_t i = 0; i < len; i++) {
Expand Down Expand Up @@ -312,8 +308,6 @@ static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
return do_EC_KEY_print(bp, EVP_PKEY_get0_EC_KEY(pkey), indent, 2);
}

#ifdef ENABLE_DILITHIUM

// MLDSA keys.

static int do_mldsa_65_print(BIO *bp, const EVP_PKEY *pkey, int off, int ptype) {
Expand Down Expand Up @@ -357,8 +351,6 @@ static int mldsa_65_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
return do_mldsa_65_print(bp, pkey, indent, 2);
}

#endif

typedef struct {
int type;
int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent);
Expand All @@ -385,14 +377,12 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
eckey_priv_print,
eckey_param_print,
},
#ifdef ENABLE_DILITHIUM
{
EVP_PKEY_PQDSA,
mldsa_65_pub_print,
mldsa_65_priv_print,
NULL /* param_print */,
},
#endif
};

static size_t kPrintMethodsLen = OPENSSL_ARRAY_SIZE(kPrintMethods);
Expand Down
4 changes: 0 additions & 4 deletions crypto/fipsmodule/bcm.c
Original file line number Diff line number Diff line change
Expand Up @@ -119,9 +119,7 @@
#include "evp/p_hkdf.c"
#include "evp/p_hmac.c"
#include "evp/p_kem.c"
#ifdef ENABLE_DILITHIUM
#include "evp/p_pqdsa.c"
#endif
#include "evp/p_rsa.c"
#include "hkdf/hkdf.c"
#include "hmac/hmac.c"
Expand All @@ -140,9 +138,7 @@
#include "modes/xts.c"
#include "modes/polyval.c"
#include "pbkdf/pbkdf.c"
#ifdef ENABLE_DILITHIUM
#include "pqdsa/pqdsa.c"
#endif
#include "rand/ctrdrbg.c"
#include "rand/fork_detect.c"
#include "rand/rand.c"
Expand Down
2 changes: 0 additions & 2 deletions crypto/fipsmodule/evp/evp_ctx.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
out->methods[4] = EVP_PKEY_hmac_pkey_meth();
out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
out->methods[6] = EVP_PKEY_kem_pkey_meth();
#ifdef ENABLE_DILITHIUM
out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
#endif
}

static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {
Expand Down
9 changes: 0 additions & 9 deletions crypto/fipsmodule/evp/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -381,16 +381,9 @@ typedef struct {
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);

#define ED25519_PUBLIC_KEY_OFFSET 32

#ifdef ENABLE_DILITHIUM
#define FIPS_EVP_PKEY_METHODS 8
#define NON_FIPS_EVP_PKEY_METHODS 3
#define ASN1_EVP_PKEY_METHODS 10
#else
#define FIPS_EVP_PKEY_METHODS 7
#define NON_FIPS_EVP_PKEY_METHODS 3
#define ASN1_EVP_PKEY_METHODS 9
#endif

struct fips_evp_pkey_methods {
const EVP_PKEY_METHOD * methods[FIPS_EVP_PKEY_METHODS];
Expand All @@ -403,9 +396,7 @@ const EVP_PKEY_METHOD *EVP_PKEY_hkdf_pkey_meth(void);
const EVP_PKEY_METHOD *EVP_PKEY_hmac_pkey_meth(void);
const EVP_PKEY_METHOD *EVP_PKEY_ed25519_pkey_meth(void);
const EVP_PKEY_METHOD *EVP_PKEY_kem_pkey_meth(void);
#ifdef ENABLE_DILITHIUM
const EVP_PKEY_METHOD *EVP_PKEY_pqdsa_pkey_meth(void);
#endif

#if defined(__cplusplus)
} // extern C
Expand Down
14 changes: 3 additions & 11 deletions crypto/x509/algorithm.c
Original file line number Diff line number Diff line change
Expand Up @@ -98,11 +98,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
return X509_ALGOR_set0(algor, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
}

#ifdef ENABLE_DILITHIUM
if (EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA) {
return X509_ALGOR_set0(algor, OBJ_nid2obj(pkey->pkey.pqdsa_key->pqdsa->nid), V_ASN1_UNDEF, NULL);
}
#endif

// Default behavior: look up the OID for the algorithm/hash pair and encode
// that.
Expand Down Expand Up @@ -143,12 +141,10 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
// when |sigalg_nid| is |NID_rsassaPss|.
if (pkey_nid != EVP_PKEY_id(pkey) &&
!(sigalg_nid == NID_rsassaPss && pkey_nid == NID_rsaEncryption &&
EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS)
#ifdef ENABLE_DILITHIUM
&& !(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
EVP_PKEY_id(pkey) == EVP_PKEY_RSA_PSS) &&
!(sigalg_nid == NID_MLDSA65 && pkey_nid == NID_MLDSA65 &&
EVP_PKEY_id(pkey) == EVP_PKEY_PQDSA)
#endif
) {
) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
return 0;
}
Expand All @@ -164,11 +160,7 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
if (sigalg_nid == NID_rsassaPss) {
return x509_rsa_pss_to_ctx(ctx, sigalg, pkey);
}
#ifdef ENABLE_DILITHIUM
if (sigalg_nid == NID_ED25519 || sigalg_nid == NID_MLDSA65) {
#else
if (sigalg_nid == NID_ED25519) {
#endif
if (sigalg->parameter != NULL) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
return 0;
Expand Down
7 changes: 0 additions & 7 deletions crypto/x509/x509_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -576,7 +576,6 @@ w1AH9efZBw==
-----END CERTIFICATE-----
)";

#ifdef ENABLE_DILITHIUM
// This certificate is the example certificate provided in section 3 of
//https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
static const char kMLDSA65Cert[] = R"(
Expand Down Expand Up @@ -946,8 +945,6 @@ DhQcIi8=
-----END CERTIFICATE-----
)";

#endif

// kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
// contains SANS for example.com, [email protected], 127.0.0.1, and
// https://example.com/. (The latter is useless for now since crypto/x509
Expand Down Expand Up @@ -2923,8 +2920,6 @@ TEST(X509Test, Ed25519Sign) {
ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
}

#ifdef ENABLE_DILITHIUM

TEST(X509Test, MLDSA65SignVerifyCert) {
// This test generates a MLDSA65 keypair, generates and signs a
// certificate, then verifies the certificate's signature.
Expand Down Expand Up @@ -2995,8 +2990,6 @@ TEST(X509Test, TestBadParamsMLDSA65) {
ERR_clear_error();
}

#endif

static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
const char *pem) {
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
Expand Down
18 changes: 9 additions & 9 deletions include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -198,11 +198,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int
#define EVP_PKEY_HKDF NID_hkdf
#define EVP_PKEY_HMAC NID_hmac
#define EVP_PKEY_DH NID_dhKeyAgreement

#ifdef ENABLE_DILITHIUM
#define EVP_PKEY_PQDSA NID_PQDSA
#endif

#define EVP_PKEY_KEM NID_kem

// EVP_PKEY_set_type sets the type of |pkey| to |type|. It returns one if
Expand Down Expand Up @@ -944,24 +940,28 @@ OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key);

// PQDSA specific functions.

#ifdef ENABLE_DILITHIUM
// EVP_PKEY_CTX_pqdsa_set_params sets in |ctx| the parameters associated with
// the signature scheme defined by the given |nid|. It returns one on success
// and zero on error.
// and zero on error. This API is marked as EXPERIMENTAL (using the deprecated
// warning) to indicate that this API may change as the standards around the
// signature schemes finalize.
OPENSSL_EXPORT int EVP_PKEY_CTX_pqdsa_set_params(EVP_PKEY_CTX *ctx, int nid);

// EVP_PKEY_pqdsa_new_raw_public_key generates a new EVP_PKEY object of type
// EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
// public key part of the PQDSA key with the contents of |in|. It returns the
// pointer to the allocated PKEY on sucess and NULL on error.
// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
// as EXPERIMENTAL to indicate that this API may change as the standards around
// the signature schemes finalize.
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t len);

// EVP_PKEY_pqdsa_new_raw_private_key generates a new EVP_PKEY object of type
// EVP_PKEY_PQDSA, initializes the PQDSA key based on |nid| and populates the
// secret key part of the PQDSA key with the contents of |in|. It returns the
// pointer to the allocated PKEY on sucess and NULL on error.
// pointer to the allocated PKEY on sucess and NULL on error. This API is marked
// as EXPERIMENTAL to indicate that this API may change as the standards around
// the signature schemes finalize.
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t len);
#endif

// Diffie-Hellman-specific control functions.

Expand Down
4 changes: 0 additions & 4 deletions include/openssl/pem.h
Original file line number Diff line number Diff line change
Expand Up @@ -88,12 +88,8 @@ extern "C" {
#define PEM_STRING_PUBLIC "PUBLIC KEY"
#define PEM_STRING_RSA "RSA PRIVATE KEY"
#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"

#ifdef ENABLE_DILITHIUM
#define PEM_STRING_DILITHIUM3 "DILITHIUM3 PRIVATE KEY"
#define PEM_STRING_DILITHIUM3_PUBLIC "DILITHIUM3 PUBLIC KEY"
#endif

#define PEM_STRING_DSA "DSA PRIVATE KEY"
#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
#define PEM_STRING_EC "EC PRIVATE KEY"
Expand Down
4 changes: 2 additions & 2 deletions tool/speed.cc
Original file line number Diff line number Diff line change
Expand Up @@ -867,7 +867,7 @@ static bool SpeedKEM(std::string selected) {
SpeedSingleKEM("Kyber1024_R3", NID_KYBER1024_R3, selected);
}

#if defined(ENABLE_DILITHIUM) && AWSLC_API_VERSION > 31
#if AWSLC_API_VERSION > 31

static bool SpeedDigestSignNID(const std::string &name, int nid,
const std::string &selected) {
Expand Down Expand Up @@ -2866,7 +2866,7 @@ bool Speed(const std::vector<std::string> &args) {
#if AWSLC_API_VERSION > 16
!SpeedKEM(selected) ||
#endif
#if defined(ENABLE_DILITHIUM) && AWSLC_API_VERSION > 31
#if AWSLC_API_VERSION > 31
!SpeedDigestSign(selected) ||
#endif
!SpeedAEADSeal(EVP_aead_aes_128_gcm(), "AEAD-AES-128-GCM", kTLSADLen, selected) ||
Expand Down

0 comments on commit 03dcaf5

Please sign in to comment.