Add Module-Lattice-Based Algorithms (ML-*) Support (PR #112)

open-quantum-safe · Mar 4, 2024 · 913c000 · 913c000
2 parents b8d256c + ebe56fa
commit 913c000
Show file tree

Hide file tree

Showing 25 changed files with 580 additions and 197 deletions.
diff --git a/README.md b/README.md
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
@@ -230,6 +230,12 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
       return &dilithium3_asn1_meth;
     case EVP_PKEY_DILITHIUM5:
       return &dilithium5_asn1_meth;
+    case EVP_PKEY_MLDSA44:
+      return &mldsa44_asn1_meth;
+    case EVP_PKEY_MLDSA65:
+      return &mldsa65_asn1_meth;
+    case EVP_PKEY_MLDSA87:
+      return &mldsa87_asn1_meth;
     case EVP_PKEY_FALCON512:
       return &falcon512_asn1_meth;
     case EVP_PKEY_FALCON1024:

diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c
@@ -78,6 +78,9 @@ static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {
     &dilithium2_asn1_meth,
     &dilithium3_asn1_meth,
     &dilithium5_asn1_meth,
+    &mldsa44_asn1_meth,
+    &mldsa65_asn1_meth,
+    &mldsa87_asn1_meth,
     &falcon512_asn1_meth,
     &falcon1024_asn1_meth,
     &sphincssha2128fsimple_asn1_meth,

diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c
@@ -75,6 +75,9 @@ static const EVP_PKEY_METHOD *const evp_methods[] = {
     &dilithium2_pkey_meth,
     &dilithium3_pkey_meth,
     &dilithium5_pkey_meth,
+    &mldsa44_pkey_meth,
+    &mldsa65_pkey_meth,
+    &mldsa87_pkey_meth,
     &falcon512_pkey_meth,
     &falcon1024_pkey_meth,
     &sphincssha2128fsimple_pkey_meth,

diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h
@@ -304,6 +304,9 @@ extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium2_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium3_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dilithium5_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa44_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa65_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD mldsa87_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falcon512_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD falcon1024_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD sphincssha2128fsimple_asn1_meth;
@@ -329,6 +332,9 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium2_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium3_pkey_meth;
 extern const EVP_PKEY_METHOD dilithium5_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa44_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa65_pkey_meth;
+extern const EVP_PKEY_METHOD mldsa87_pkey_meth;
 extern const EVP_PKEY_METHOD falcon512_pkey_meth;
 extern const EVP_PKEY_METHOD falcon1024_pkey_meth;
 extern const EVP_PKEY_METHOD sphincssha2128fsimple_pkey_meth;

diff --git a/crypto/evp/p_oqs.c b/crypto/evp/p_oqs.c
@@ -150,6 +150,9 @@ DEFINE_OQS_PKEY_METHOD(ALG, ALG_PKEY)
 DEFINE_OQS_PKEY_METHODS(dilithium2, OQS_SIG_alg_dilithium_2, EVP_PKEY_DILITHIUM2)
 DEFINE_OQS_PKEY_METHODS(dilithium3, OQS_SIG_alg_dilithium_3, EVP_PKEY_DILITHIUM3)
 DEFINE_OQS_PKEY_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
+DEFINE_OQS_PKEY_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44)
+DEFINE_OQS_PKEY_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
+DEFINE_OQS_PKEY_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
 DEFINE_OQS_PKEY_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_METHODS(falcon1024, OQS_SIG_alg_falcon_1024, EVP_PKEY_FALCON1024)
 DEFINE_OQS_PKEY_METHODS(sphincssha2128fsimple, OQS_SIG_alg_sphincs_sha2_128f_simple, EVP_PKEY_SPHINCSSHA2128FSIMPLE)

diff --git a/crypto/evp/p_oqs_asn1.c b/crypto/evp/p_oqs_asn1.c
@@ -229,6 +229,15 @@ DEFINE_OQS_PKEY_ASN1_METHOD(dilithium3, EVP_PKEY_DILITHIUM3, OID(0x2B, 0x06, 0x0
 DEFINE_OQS_ASN1_METHODS(dilithium5, OQS_SIG_alg_dilithium_5, EVP_PKEY_DILITHIUM5)
 DEFINE_OQS_PKEY_ASN1_METHOD(dilithium5, EVP_PKEY_DILITHIUM5, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x07, 0x08, 0x07))
 
+DEFINE_OQS_ASN1_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa44, EVP_PKEY_MLDSA44, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x04, 0x04))
+
+DEFINE_OQS_ASN1_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa65, EVP_PKEY_MLDSA65, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x06, 0x05))
+
+DEFINE_OQS_ASN1_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87)
+DEFINE_OQS_PKEY_ASN1_METHOD(mldsa87, EVP_PKEY_MLDSA87, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x08, 0x07))
+
 DEFINE_OQS_ASN1_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512)
 DEFINE_OQS_PKEY_ASN1_METHOD(falcon512, EVP_PKEY_FALCON512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x06))
 

diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h
@@ -57,7 +57,7 @@
 /* This file is generated by crypto/obj/objects.go. */
 
 
-#define NUM_NID 1232
+#define NUM_NID 1243
 
 static const uint8_t kObjectData[] = {
     /* NID_rsadsi */
@@ -7269,6 +7269,42 @@ static const uint8_t kObjectData[] = {
     0x06,
     0x09,
     0x0c,
+    /* NID_mldsa44 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x04,
+    0x04,
+    /* NID_mldsa65 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x06,
+    0x05,
+    /* NID_mldsa87 */
+    0x2b,
+    0x06,
+    0x01,
+    0x04,
+    0x01,
+    0x02,
+    0x82,
+    0x0b,
+    0x0c,
+    0x08,
+    0x07,
 };
 
 static const ASN1_OBJECT kObjects[NUM_NID] = {
@@ -9200,6 +9236,17 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
     {"x25519_kyber512", "x25519_kyber512", NID_x25519_kyber512, 0, NULL, 0},
     {"x25519_bikel1", "x25519_bikel1", NID_x25519_bikel1, 0, NULL, 0},
     {"x25519_hqc128", "x25519_hqc128", NID_x25519_hqc128, 0, NULL, 0},
+    {"mlkem512", "mlkem512", NID_mlkem512, 0, NULL, 0},
+    {"p256_mlkem512", "p256_mlkem512", NID_p256_mlkem512, 0, NULL, 0},
+    {"x25519_mlkem512", "x25519_mlkem512", NID_x25519_mlkem512, 0, NULL, 0},
+    {"mlkem768", "mlkem768", NID_mlkem768, 0, NULL, 0},
+    {"p384_mlkem768", "p384_mlkem768", NID_p384_mlkem768, 0, NULL, 0},
+    {"x25519_mlkem768", "x25519_mlkem768", NID_x25519_mlkem768, 0, NULL, 0},
+    {"mlkem1024", "mlkem1024", NID_mlkem1024, 0, NULL, 0},
+    {"p521_mlkem1024", "p521_mlkem1024", NID_p521_mlkem1024, 0, NULL, 0},
+    {"mldsa44", "mldsa44", NID_mldsa44, 11, &kObjectData[6311], 0},
+    {"mldsa65", "mldsa65", NID_mldsa65, 11, &kObjectData[6322], 0},
+    {"mldsa87", "mldsa87", NID_mldsa87, 11, &kObjectData[6333], 0},
 };
 
 static const uint16_t kNIDsInShortNameOrder[] = {
@@ -9855,6 +9902,12 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     504 /* mime-mhs */,
     506 /* mime-mhs-bodies */,
     505 /* mime-mhs-headings */,
+    1240 /* mldsa44 */,
+    1241 /* mldsa65 */,
+    1242 /* mldsa87 */,
+    1238 /* mlkem1024 */,
+    1232 /* mlkem512 */,
+    1235 /* mlkem768 */,
     488 /* mobileTelephoneNumber */,
     136 /* msCTLSign */,
     135 /* msCodeCom */,
@@ -9890,15 +9943,18 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     978 /* p256_frodo640shake */,
     1137 /* p256_hqc128 */,
     998 /* p256_kyber512 */,
+    1233 /* p256_mlkem512 */,
     1214 /* p384_bikel3 */,
     980 /* p384_frodo976aes */,
     982 /* p384_frodo976shake */,
     1139 /* p384_hqc192 */,
     1000 /* p384_kyber768 */,
+    1236 /* p384_mlkem768 */,
     984 /* p521_frodo1344aes */,
     986 /* p521_frodo1344shake */,
     1141 /* p521_hqc256 */,
     1002 /* p521_kyber1024 */,
+    1239 /* p521_mlkem1024 */,
     489 /* pagerTelephoneNumber */,
     374 /* path */,
     112 /* pbeWithMD5AndCast5CBC */,
@@ -10203,6 +10259,8 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     1228 /* x25519_frodo640shake */,
     1231 /* x25519_hqc128 */,
     1229 /* x25519_kyber512 */,
+    1234 /* x25519_mlkem512 */,
+    1237 /* x25519_mlkem768 */,
     503 /* x500UniqueIdentifier */,
     158 /* x509Certificate */,
     160 /* x509Crl */,
@@ -10857,6 +10915,12 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     911 /* mgf1 */,
     506 /* mime-mhs-bodies */,
     505 /* mime-mhs-headings */,
+    1240 /* mldsa44 */,
+    1241 /* mldsa65 */,
+    1242 /* mldsa87 */,
+    1238 /* mlkem1024 */,
+    1232 /* mlkem512 */,
+    1235 /* mlkem768 */,
     488 /* mobileTelephoneNumber */,
     481 /* nSRecord */,
     173 /* name */,
@@ -10872,15 +10936,18 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     978 /* p256_frodo640shake */,
     1137 /* p256_hqc128 */,
     998 /* p256_kyber512 */,
+    1233 /* p256_mlkem512 */,
     1214 /* p384_bikel3 */,
     980 /* p384_frodo976aes */,
     982 /* p384_frodo976shake */,
     1139 /* p384_hqc192 */,
     1000 /* p384_kyber768 */,
+    1236 /* p384_mlkem768 */,
     984 /* p521_frodo1344aes */,
     986 /* p521_frodo1344shake */,
     1141 /* p521_hqc256 */,
     1002 /* p521_kyber1024 */,
+    1239 /* p521_mlkem1024 */,
     935 /* pSpecified */,
     489 /* pagerTelephoneNumber */,
     782 /* password based MAC */,
@@ -11208,6 +11275,8 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     1228 /* x25519_frodo640shake */,
     1231 /* x25519_hqc128 */,
     1229 /* x25519_kyber512 */,
+    1234 /* x25519_mlkem512 */,
+    1237 /* x25519_mlkem768 */,
     503 /* x500UniqueIdentifier */,
     158 /* x509Certificate */,
     160 /* x509Crl */,
@@ -12117,5 +12186,8 @@ static const uint16_t kNIDsInOIDOrder[] = {
     967 /* 1.3.6.1.4.1.2.267.7.4.4 (OBJ_dilithium2) */,
     1143 /* 1.3.6.1.4.1.2.267.7.6.5 (OBJ_dilithium3) */,
     1207 /* 1.3.6.1.4.1.2.267.7.8.7 (OBJ_dilithium5) */,
+    1240 /* 1.3.6.1.4.1.2.267.12.4.4 (OBJ_mldsa44) */,
+    1241 /* 1.3.6.1.4.1.2.267.12.6.5 (OBJ_mldsa65) */,
+    1242 /* 1.3.6.1.4.1.2.267.12.8.7 (OBJ_mldsa87) */,
     34 /* 1.3.6.1.4.1.188.7.1.1.2 (OBJ_idea_cbc) */,
 };
diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num
@@ -1002,3 +1002,14 @@ x25519_frodo640shake		1228
 x25519_kyber512		1229
 x25519_bikel1		1230
 x25519_hqc128		1231
+mlkem512		1232
+p256_mlkem512		1233
+x25519_mlkem512		1234
+mlkem768		1235
+p384_mlkem768		1236
+x25519_mlkem768		1237
+mlkem1024		1238
+p521_mlkem1024		1239
+mldsa44		1240
+mldsa65		1241
+mldsa87		1242
diff --git a/crypto/obj/obj_xref.c b/crypto/obj/obj_xref.c
@@ -93,6 +93,9 @@ static const nid_triple kTriples[] = {
     {NID_dilithium2, NID_sha256, NID_dilithium2},
     {NID_dilithium3, NID_sha384, NID_dilithium3},
     {NID_dilithium5, NID_sha512, NID_dilithium5},
+    {NID_mldsa44, NID_sha256, NID_mldsa44},
+    {NID_mldsa65, NID_sha384, NID_mldsa65},
+    {NID_mldsa87, NID_sha512, NID_mldsa87},
     {NID_falcon512, NID_sha256, NID_falcon512},
     {NID_falcon1024, NID_sha512, NID_falcon1024},
     {NID_sphincssha2128fsimple, NID_sha256, NID_sphincssha2128fsimple},

diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt
@@ -1381,6 +1381,14 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
  : p384_kyber768
  : kyber1024
  : p521_kyber1024
+ : mlkem512
+ : p256_mlkem512
+ : x25519_mlkem512
+ : mlkem768
+ : p384_mlkem768
+ : x25519_mlkem768
+ : mlkem1024
+ : p521_mlkem1024
  : bikel1
  : p256_bikel1
  : x25519_bikel1
@@ -1399,6 +1407,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 1 3 6 1 4 1 2 267 7 4 4 : dilithium2 : dilithium2
 1 3 6 1 4 1 2 267 7 6 5 : dilithium3 : dilithium3
 1 3 6 1 4 1 2 267 7 8 7 : dilithium5 : dilithium5
+1 3 6 1 4 1 2 267 12 4 4 : mldsa44 : mldsa44
+1 3 6 1 4 1 2 267 12 6 5 : mldsa65 : mldsa65
+1 3 6 1 4 1 2 267 12 8 7 : mldsa87 : mldsa87
 1 3 9999 3 6 : falcon512 : falcon512
 1 3 9999 3 9 : falcon1024 : falcon1024
 1 3 9999 6 4 13 : sphincssha2128fsimple : sphincssha2128fsimple

diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
@@ -98,6 +98,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
       pkey_id == EVP_PKEY_DILITHIUM2 ||
       pkey_id == EVP_PKEY_DILITHIUM3 ||
       pkey_id == EVP_PKEY_DILITHIUM5 ||
+      pkey_id == EVP_PKEY_MLDSA44 ||
+      pkey_id == EVP_PKEY_MLDSA65 ||
+      pkey_id == EVP_PKEY_MLDSA87 ||
       pkey_id == EVP_PKEY_FALCON512 ||
       pkey_id == EVP_PKEY_FALCON1024 ||
       pkey_id == EVP_PKEY_SPHINCSSHA2128FSIMPLE ||

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -186,6 +186,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
 #define EVP_PKEY_DILITHIUM2 NID_dilithium2
 #define EVP_PKEY_DILITHIUM3 NID_dilithium3
 #define EVP_PKEY_DILITHIUM5 NID_dilithium5
+#define EVP_PKEY_MLDSA44 NID_mldsa44
+#define EVP_PKEY_MLDSA65 NID_mldsa65
+#define EVP_PKEY_MLDSA87 NID_mldsa87
 #define EVP_PKEY_FALCON512 NID_falcon512
 #define EVP_PKEY_FALCON1024 NID_falcon1024
 #define EVP_PKEY_SPHINCSSHA2128FSIMPLE NID_sphincssha2128fsimple
@@ -205,6 +208,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
    (pkey_id == NID_dilithium2) || \
    (pkey_id == NID_dilithium3) || \
    (pkey_id == NID_dilithium5) || \
+   (pkey_id == NID_mldsa44) || \
+   (pkey_id == NID_mldsa65) || \
+   (pkey_id == NID_mldsa87) || \
    (pkey_id == NID_falcon512) || \
    (pkey_id == NID_falcon1024) || \
    (pkey_id == NID_sphincssha2128fsimple) || \
@@ -228,6 +234,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
    (pkey_id == NID_kyber512) || \
    (pkey_id == NID_kyber768) || \
    (pkey_id == NID_kyber1024) || \
+   (pkey_id == NID_mlkem512) || \
+   (pkey_id == NID_mlkem768) || \
+   (pkey_id == NID_mlkem1024) || \
    (pkey_id == NID_bikel1) || \
    (pkey_id == NID_bikel3) || \
    (pkey_id == NID_hqc128) || \

diff --git a/include/openssl/nid.h b/include/openssl/nid.h
@@ -4439,6 +4439,45 @@ extern "C" {
 #define SN_x25519_hqc128 "x25519_hqc128"
 #define NID_x25519_hqc128 1231
 
+#define SN_mlkem512 "mlkem512"
+#define NID_mlkem512 1232
+
+#define SN_p256_mlkem512 "p256_mlkem512"
+#define NID_p256_mlkem512 1233
+
+#define SN_x25519_mlkem512 "x25519_mlkem512"
+#define NID_x25519_mlkem512 1234
+
+#define SN_mlkem768 "mlkem768"
+#define NID_mlkem768 1235
+
+#define SN_p384_mlkem768 "p384_mlkem768"
+#define NID_p384_mlkem768 1236
+
+#define SN_x25519_mlkem768 "x25519_mlkem768"
+#define NID_x25519_mlkem768 1237
+
+#define SN_mlkem1024 "mlkem1024"
+#define NID_mlkem1024 1238
+
+#define SN_p521_mlkem1024 "p521_mlkem1024"
+#define NID_p521_mlkem1024 1239
+
+#define SN_mldsa44 "mldsa44"
+#define LN_mldsa44 "mldsa44"
+#define NID_mldsa44 1240
+#define OBJ_mldsa44 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 4L, 4L
+
+#define SN_mldsa65 "mldsa65"
+#define LN_mldsa65 "mldsa65"
+#define NID_mldsa65 1241
+#define OBJ_mldsa65 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 6L, 5L
+
+#define SN_mldsa87 "mldsa87"
+#define LN_mldsa87 "mldsa87"
+#define NID_mldsa87 1242
+#define OBJ_mldsa87 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 8L, 7L
+
 
 #if defined(__cplusplus)
 } /* extern C */