Skip to content

Commit 7c02cb3

Browse files
samuel40791765samuel40791765
authored
Add support for external contexts in ML-DSA ACVP (#2880)
1 parent 9f3de9b commit 7c02cb3

File tree

4 files changed

+104
-92
lines changed

4 files changed

+104
-92
lines changed

util/fipstools/acvp/acvptool/subprocess/ml_dsa.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ func processMlDsaSigGen(vectors json.RawMessage, m Transactable) (interface{}, e
150150

151151
for _, test := range group.Tests {
152152
results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigGen",
153-
1, test.SK, test.Message, test.MU, test.RND, boolToBytes(group.ExternalMu))
153+
1, test.SK, test.Message, test.MU, test.RND, test.Context, boolToBytes(group.ExternalMu))
154154
if err != nil {
155155
return nil, err
156156
}
@@ -216,7 +216,7 @@ func processMlDsaSigVer(vectors json.RawMessage, m Transactable) (interface{}, e
216216

217217
for _, test := range group.Tests {
218218
results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigVer", 1,
219-
test.Signature, test.PK, test.Message, test.MU, boolToBytes(group.ExternalMu))
219+
test.Signature, test.PK, test.Message, test.MU, test.Context, boolToBytes(group.ExternalMu))
220220
if err != nil {
221221
return nil, err
222222
}

util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2

84 Bytes
Binary file not shown.

util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2

44.3 KB
Binary file not shown.

util/fipstools/acvp/modulewrapper/modulewrapper.cc

Lines changed: 102 additions & 90 deletions
Original file line numberDiff line numberDiff line change
@@ -1453,7 +1453,10 @@ static bool GetConfig(const Span<const uint8_t> args[],
14531453
true,
14541454
false
14551455
],
1456-
"signatureInterfaces": ["internal"]
1456+
"signatureInterfaces": [
1457+
"internal",
1458+
"external"
1459+
]
14571460
},{
14581461
"algorithm": "ML-DSA",
14591462
"mode": "sigVer",
@@ -1479,7 +1482,10 @@ static bool GetConfig(const Span<const uint8_t> args[],
14791482
true,
14801483
false
14811484
],
1482-
"signatureInterfaces": ["internal"]
1485+
"signatureInterfaces": [
1486+
"internal",
1487+
"external"
1488+
]
14831489
}])";
14841490
return write_reply({Span<const uint8_t>(
14851491
reinterpret_cast<const uint8_t *>(kConfig), sizeof(kConfig) - 1)});
@@ -3371,60 +3377,60 @@ static bool ML_DSA_SIGGEN(const Span<const uint8_t> args[],
33713377
const Span<const uint8_t> msg = args[1];
33723378
const Span<const uint8_t> mu = args[2];
33733379
const Span<const uint8_t> rnd = args[3];
3374-
const Span<const uint8_t> extmu = args[4];
3375-
3376-
ml_dsa_params params;
3380+
const Span<const uint8_t> context = args[4];
3381+
const Span<const uint8_t> extmu = args[5];
3382+
3383+
using SignFunc = int (*)(const uint8_t*, uint8_t*, size_t*,
3384+
const uint8_t*, size_t, const uint8_t*, size_t);
3385+
using SignInternalFunc = int (*)(const uint8_t*, uint8_t*, size_t*,
3386+
const uint8_t*, size_t,
3387+
const uint8_t*, size_t, const uint8_t*);
3388+
3389+
// Group all related functions for each variant
3390+
struct MLDSA_functions {
3391+
void (*params_init)(ml_dsa_params*);
3392+
SignFunc sign;
3393+
SignInternalFunc sign_internal;
3394+
SignInternalFunc extmu_sign_internal;
3395+
};
3396+
3397+
// Select function set based on NID
3398+
MLDSA_functions mldsa_funcs;
33773399
if (nid == NID_MLDSA44) {
3378-
ml_dsa_44_params_init(&params);
3379-
}
3380-
else if (nid == NID_MLDSA65) {
3381-
ml_dsa_65_params_init(&params);
3382-
}
3383-
else if (nid == NID_MLDSA87) {
3384-
ml_dsa_87_params_init(&params);
3400+
mldsa_funcs = {ml_dsa_44_params_init, ml_dsa_44_sign,
3401+
ml_dsa_44_sign_internal, ml_dsa_extmu_44_sign_internal};
3402+
} else if (nid == NID_MLDSA65) {
3403+
mldsa_funcs = {ml_dsa_65_params_init, ml_dsa_65_sign,
3404+
ml_dsa_65_sign_internal, ml_dsa_extmu_65_sign_internal};
3405+
} else if (nid == NID_MLDSA87) {
3406+
mldsa_funcs = {ml_dsa_87_params_init, ml_dsa_87_sign,
3407+
ml_dsa_87_sign_internal, ml_dsa_extmu_87_sign_internal};
3408+
} else {
3409+
return false;
33853410
}
33863411

3412+
ml_dsa_params params;
3413+
mldsa_funcs.params_init(&params);
3414+
33873415
size_t signature_len = params.bytes;
33883416
std::vector<uint8_t> signature(signature_len);
33893417

3390-
// generate the signatures raw sign mode
3391-
if (extmu.data()[0] == 0) {
3392-
if (nid == NID_MLDSA44) {
3393-
if (!ml_dsa_44_sign_internal(sk.data(), signature.data(), &signature_len,
3394-
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
3395-
return false;
3396-
}
3397-
}
3398-
else if (nid == NID_MLDSA65) {
3399-
if (!ml_dsa_65_sign_internal(sk.data(), signature.data(), &signature_len,
3400-
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
3401-
return false;
3402-
}
3403-
}
3404-
else if (nid == NID_MLDSA87) {
3405-
if (!ml_dsa_87_sign_internal(sk.data(), signature.data(), &signature_len,
3406-
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
3407-
return false;
3408-
}
3409-
}
3410-
}
3411-
// generate the signatures digest sign mode (externalmu)
3412-
else {
3413-
if (nid == NID_MLDSA44) {
3414-
if (!ml_dsa_extmu_44_sign_internal(sk.data(), signature.data(), &signature_len,
3415-
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
3416-
return false;
3417-
}
3418+
if (!context.empty()) {
3419+
if (!mldsa_funcs.sign(sk.data(), signature.data(), &signature_len,
3420+
msg.data(), msg.size(), context.data(), context.size())) {
3421+
return false;
34183422
}
3419-
else if (nid == NID_MLDSA65) {
3420-
if (!ml_dsa_extmu_65_sign_internal(sk.data(), signature.data(), &signature_len,
3421-
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
3423+
} else {
3424+
if (extmu.data()[0] == 0) {
3425+
// generate the signatures raw sign mode
3426+
if (!mldsa_funcs.sign_internal(sk.data(), signature.data(), &signature_len,
3427+
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
34223428
return false;
34233429
}
3424-
}
3425-
else if (nid == NID_MLDSA87) {
3426-
if (!ml_dsa_extmu_87_sign_internal(sk.data(), signature.data(), &signature_len,
3427-
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
3430+
} else {
3431+
// generate the signatures digest sign mode (externalmu)
3432+
if (!mldsa_funcs.extmu_sign_internal(sk.data(), signature.data(), &signature_len,
3433+
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
34283434
return false;
34293435
}
34303436
}
@@ -3439,52 +3445,58 @@ static bool ML_DSA_SIGVER(const Span<const uint8_t> args[], ReplyCallback write_
34393445
const Span<const uint8_t> pk = args[1];
34403446
const Span<const uint8_t> msg = args[2];
34413447
const Span<const uint8_t> mu = args[3];
3442-
const Span<const uint8_t> extmu = args[4];
3448+
const Span<const uint8_t> context = args[4];
3449+
const Span<const uint8_t> extmu = args[5];
3450+
3451+
using VerifyFunc = int (*)(const uint8_t*, const uint8_t*, size_t,
3452+
const uint8_t*, size_t, const uint8_t*, size_t);
3453+
using VerifyInternalFunc = int (*)(const uint8_t*, const uint8_t*, size_t,
3454+
const uint8_t*, size_t, const uint8_t*, size_t);
3455+
3456+
// Group all related functions for each variant
3457+
struct MLDSA_functions {
3458+
VerifyFunc verify;
3459+
VerifyInternalFunc verify_internal;
3460+
VerifyInternalFunc extmu_verify_internal;
3461+
};
3462+
3463+
// Select function set based on NID
3464+
MLDSA_functions mldsa_funcs;
3465+
if (nid == NID_MLDSA44) {
3466+
mldsa_funcs = {ml_dsa_44_verify, ml_dsa_44_verify_internal,
3467+
ml_dsa_extmu_44_verify_internal};
3468+
} else if (nid == NID_MLDSA65) {
3469+
mldsa_funcs = {ml_dsa_65_verify, ml_dsa_65_verify_internal,
3470+
ml_dsa_extmu_65_verify_internal};
3471+
} else if (nid == NID_MLDSA87) {
3472+
mldsa_funcs = {ml_dsa_87_verify, ml_dsa_87_verify_internal,
3473+
ml_dsa_extmu_87_verify_internal};
3474+
} else {
3475+
return false;
3476+
}
34433477

34443478
uint8_t reply[1] = {0};
3445-
3446-
// verify the signatures raw sign mode
3447-
if (extmu.data()[0] == 0) {
3448-
if (nid == NID_MLDSA44) {
3449-
if (ml_dsa_44_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
3450-
msg.size(), nullptr, 0)) {
3451-
reply[0] = 1;
3452-
}
3479+
if (!context.empty()) {
3480+
if (mldsa_funcs.verify(pk.data(), sig.data(), sig.size(), msg.data(),
3481+
msg.size(), context.data(), context.size())) {
3482+
reply[0] = 1;
34533483
}
3454-
else if (nid == NID_MLDSA65) {
3455-
if (ml_dsa_65_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
3456-
msg.size(), nullptr, 0)) {
3457-
reply[0] = 1;
3458-
}
3459-
}
3460-
else if (nid == NID_MLDSA87) {
3461-
if (ml_dsa_87_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
3462-
msg.size(), nullptr, 0)) {
3463-
reply[0] = 1;
3464-
}
3465-
}
3466-
}
3467-
// verify the signatures digest sign mode (externalmu)
3468-
else{
3469-
if (nid == NID_MLDSA44) {
3470-
if (ml_dsa_extmu_44_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
3471-
mu.size(), nullptr, 0)) {
3484+
} else {
3485+
if (extmu.data()[0] == 0) {
3486+
// verify the signatures raw sign mode
3487+
if (mldsa_funcs.verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
3488+
msg.size(), nullptr, 0)) {
34723489
reply[0] = 1;
34733490
}
3474-
}
3475-
else if (nid == NID_MLDSA65) {
3476-
if (ml_dsa_extmu_65_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
3477-
mu.size(), nullptr, 0)) {
3491+
} else {
3492+
// verify the signatures digest sign mode (externalmu)
3493+
if (mldsa_funcs.extmu_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
3494+
mu.size(), nullptr, 0)) {
34783495
reply[0] = 1;
34793496
}
34803497
}
3481-
else if (nid == NID_MLDSA87) {
3482-
if (ml_dsa_extmu_87_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
3483-
mu.size(), nullptr, 0)) {
3484-
reply[0] = 1;
3485-
}
3486-
}
34873498
}
3499+
34883500
return write_reply({Span<const uint8_t>(reply)});
34893501
}
34903502

@@ -3754,12 +3766,12 @@ static struct {
37543766
{"ML-DSA/ML-DSA-44/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA44>},
37553767
{"ML-DSA/ML-DSA-65/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA65>},
37563768
{"ML-DSA/ML-DSA-87/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA87>},
3757-
{"ML-DSA/ML-DSA-44/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA44>},
3758-
{"ML-DSA/ML-DSA-65/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA65>},
3759-
{"ML-DSA/ML-DSA-87/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA87>},
3760-
{"ML-DSA/ML-DSA-44/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA44>},
3761-
{"ML-DSA/ML-DSA-65/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA65>},
3762-
{"ML-DSA/ML-DSA-87/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA87>}};
3769+
{"ML-DSA/ML-DSA-44/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA44>},
3770+
{"ML-DSA/ML-DSA-65/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA65>},
3771+
{"ML-DSA/ML-DSA-87/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA87>},
3772+
{"ML-DSA/ML-DSA-44/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA44>},
3773+
{"ML-DSA/ML-DSA-65/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA65>},
3774+
{"ML-DSA/ML-DSA-87/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA87>}};
37633775

37643776
Handler FindHandler(Span<const Span<const uint8_t>> args) {
37653777
const bssl::Span<const uint8_t> algorithm = args[0];

0 commit comments

Comments
 (0)