-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ML-DSA parameter refactor #1910
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1910 +/- ##
==========================================
- Coverage 78.51% 78.50% -0.02%
==========================================
Files 585 585
Lines 99681 99681
Branches 14271 14271
==========================================
- Hits 78265 78253 -12
- Misses 20782 20792 +10
- Partials 634 636 +2 ☔ View full report in Codecov by Sentry. |
crypto/dilithium/p_dilithium_test.cc
Outdated
md_ctx.Reset(); | ||
} | ||
static const struct ML_DSA parameterSet[] = { | ||
{"MLDSA67", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{"MLDSA67", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, | |
{"MLDSA65", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
crypto/dilithium/p_dilithium_test.cc
Outdated
// constant DILITHIUM3_SIGNATURE_BYTES. | ||
|
||
std::vector<uint8_t> signature(sig_len); | ||
//uint8_t signature[sig_len]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
delete
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
|
||
EXPECT_TRUE(EVP_PKEY_keygen_init(dilithium_pkey_ctx)); | ||
EXPECT_TRUE(EVP_PKEY_keygen(dilithium_pkey_ctx, &dilithium_pkey)); | ||
const DILITHIUM3_KEY *dilithium3Key = (DILITHIUM3_KEY *)(dilithium_pkey->pkey.ptr); //called dilithium3 but is generic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renaming everything to ML-DSA lingo at some point?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, will be switching over to ML-DSA lingo in subsequent PRs (including real OIDs). It makes more sense to do this when I add the other 2 parameter sets for ML-DSA, to keep this PR focused on just one addition.
crypto/dilithium/p_dilithium_test.cc
Outdated
EVP_PKEY *dilithium_pkey = EVP_PKEY_new(); | ||
ASSERT_NE(dilithium_pkey, nullptr); | ||
|
||
EXPECT_TRUE(EVP_PKEY_keygen_init(dilithium_pkey_ctx)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This EXPECT_TRUE
and line below should prob be ASSERT_TRUE
. Any failure is fatal, but EXPECT_TRUE
doesn't cancel.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
@@ -6,7 +6,8 @@ The source code in this folder implements ML-DSA as defined in FIPS 204 Module-L | |||
|
|||
The source code was imported from a branch of the official repository of the Crystals-Dilithium team: https://github.com/pq-crystals/dilithium. The code was taken at [commit](https://github.com/pq-crystals/dilithium/commit/cbcd8753a43402885c90343cd6335fb54712cda1) as of 10/01/2024. At the moment, only the reference C implementation is imported. | |||
|
|||
The `api.h`, `fips202.h` and `params.h` header files were modified to support our [prefixed symbols build](https://github.com/awslabs/aws-lc/blob/main/BUILDING.md#building-with-prefixed-symbols). | |||
The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions | |
The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parameterizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions |
I think...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
sk += K*POLYETA_PACKEDBYTES; | ||
for(i=0; i < params->k; ++i) | ||
polyeta_unpack(params, &s2->vec[i], sk + i * params->poly_eta_packed_bytes); | ||
sk += params->k*params->poly_eta_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sk += params->k*params->poly_eta_packed_bytes; | |
sk += params->k * params->poly_eta_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
sk += L*POLYETA_PACKEDBYTES; | ||
for(i=0; i < params->l; ++i) | ||
polyeta_unpack(params, &s1->vec[i], sk + i * params->poly_eta_packed_bytes); | ||
sk += params->l*params->poly_eta_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sk += params->l*params->poly_eta_packed_bytes; | |
sk += params->l * params->poly_eta_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
sig += L*POLYZ_PACKEDBYTES; | ||
for(i = 0; i < params->l; ++i) | ||
polyz_pack(params, sig + i * params->poly_z_packed_bytes, &z->vec[i]); | ||
sig += params->l*params->poly_z_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sig += params->l*params->poly_z_packed_bytes; | |
sig += params->l * params->poly_z_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
sig += L*POLYZ_PACKEDBYTES; | ||
for(i = 0; i < params->l; ++i) | ||
polyz_unpack(params, &z->vec[i], sig + i * params->poly_z_packed_bytes); | ||
sig += params->l*params->poly_z_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sig += params->l*params->poly_z_packed_bytes; | |
sig += params->l * params->poly_z_packed_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, fixed in ea859d1.
Issues:
CryptoAlg-2724
Description of changes:
Parameterization of ML-DSA
Previous to this change, ML-DSA was implemented such that the code for a parameter set was selected by defining the correct C pre-processor flag (for example, if you want to compile the code for ML-DSA-65 parameter set you would
#define DILITHIUM_MODE 3
).The consequence of this was that we had to compile the code three times for three ML-DSA parameter sets. We do this by adding a C file for each parameter set where we first define the corresponding
DILITHIUM_MODE
value and then include all the ML-DSA C files. Besides being an awkward way to handle multiple parameter sets, this will not work for the FIPS module where we bundle all C files insidebcm.c
and compile it as a single compilation unit.In this change we refactor ML-DSA by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of
DILITHIUM_MODE
. To do this, inparams.h
we define a structure that holds those ML-DSA parameters and functions that initialize a given structure with values corresponding to a parameter set. This structure can then be passed to every function that requires it. For example,polyvecl_add
function was previously implemented as:Is now changed to:
Of course, now we have to change all callers of
polyvecl_add
to also haveml_dsa_params
as an input argument, and then callers of the caller, etc. These changes bubble up to the highest level API defined in sign.h where we now have:Then we can easily implement these functions for specific parameter sets, which can be seen in
sig_dilithium3.c
file. For example:As such, files:
dilithium3r3_ref.c
api.h
config.h
are no longer required, and have been removed.
Other Changes
Also modified in this PR are the KAT test framework in
p_dilithium_test.cc
. This KAT framework has been modified to support multiple levels of ML-DSA (to be added in a later PR).Call-outs:
See similar changes to ML-KEM in #1763
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.