From: slontis Date: Sun, 10 Nov 2024 23:41:35 +0000 (+1100) Subject: Update SLH-DSAto use EVP_PKEY_sign_message_init() instead of using the X-Git-Tag: openssl-3.5.0-alpha1~188 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed77201a26239509821c4bcd33045e3c417d0ccf;p=thirdparty%2Fopenssl.git Update SLH-DSAto use EVP_PKEY_sign_message_init() instead of using the prehashed variant. Reviewed-by: Paul Dale Reviewed-by: Viktor Dukhovni Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/25882) --- diff --git a/doc/designs/slh-dsa.md b/doc/designs/slh-dsa.md index 537fb1d71db..b1c5d014f74 100644 --- a/doc/designs/slh-dsa.md +++ b/doc/designs/slh-dsa.md @@ -89,6 +89,15 @@ Currently I do not support the Pre Hash variant as this does not sit well with t OpenSSL API's. The user could do the encoding themselves and then set the settable to not encode the passed in message. +Signing API +------------- + +As only the one shot implementation is required and the message is not digested +the API's used should be + +EVP_PKEY_sign_message_init(), EVP_PKEY_sign(), +EVP_PKEY_verify_message_init(), EVP_PKEY_verify(). + Buffers ------- @@ -97,3 +106,12 @@ various sizes which are often updated in loops in parts, all of these sizes are known quantities. Currently there is no attempt to use wpacket to pass around these sizes. asserts are currently done by the child functions to check that the expected size does not exceed the size passed in by the parent. + +Constant Time Considerations +---------------------------- + +As the security of SLH-DSA depends only on hash functions, I do not foresee +there being any constant time issues. Some if statements have been added to +detect failures in hash operations, and these errors are propagated all the way +up the function call stack. These errors should not happen in general so should +not affect the security of the algorithms. diff --git a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod index 7b2bc389715..327980eb39d 100644 --- a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod +++ b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod @@ -29,8 +29,8 @@ FIPS 205 Section 11 Table 2. 3 different security categories also depending on the type. L can be used to explicitely fetch one of the 12 -algorithms which can then be used with L, -L, L, and +algorithms which can then be used with L, +L, L, and L to sign or verify one-shot messages. The normal signing process (called Pure SLH-DSA Signature Generation) @@ -96,7 +96,7 @@ To sign a message using an SLH-DSA EVP_PKEY structure: EVP_PKEY_CTX *sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); EVP_SIGNATURE *sig_alg = EVP_SIGNATURE_fetch(NULL, "SLH-DSA-SHA2-128s", NULL); - EVP_PKEY_sign_init_ex2(sctx, sig_alg, params); + EVP_PKEY_sign_message_init(sctx, sig_alg, params); /* Calculate the required size for the signature by passing a NULL buffer. */ EVP_PKEY_sign(sctx, NULL, &sig_len, msg, msg_len); sig = OPENSSL_zalloc(sig_len); diff --git a/providers/implementations/signature/slh_dsa_sig.c b/providers/implementations/signature/slh_dsa_sig.c index d279f1fbf7d..5e7b3692581 100644 --- a/providers/implementations/signature/slh_dsa_sig.c +++ b/providers/implementations/signature/slh_dsa_sig.c @@ -24,9 +24,9 @@ #define SLH_DSA_MESSAGE_ENCODE_RAW 0 #define SLH_DSA_MESSAGE_ENCODE_PURE 1 -static OSSL_FUNC_signature_sign_init_fn slh_sign_init; +static OSSL_FUNC_signature_sign_message_init_fn slh_sign_msg_init; static OSSL_FUNC_signature_sign_fn slh_sign; -static OSSL_FUNC_signature_verify_init_fn slh_verify_init; +static OSSL_FUNC_signature_verify_message_init_fn slh_verify_msg_init; static OSSL_FUNC_signature_verify_fn slh_verify; static OSSL_FUNC_signature_freectx_fn slh_freectx; static OSSL_FUNC_signature_set_ctx_params_fn slh_set_ctx_params; @@ -81,9 +81,9 @@ static void *slh_newctx(void *provctx, const char *alg, const char *propq) return NULL; } -static int slh_signverify_init(void *vctx, void *vkey, - const OSSL_PARAM params[], int operation, - const char *desc) +static int slh_signverify_msg_init(void *vctx, void *vkey, + const OSSL_PARAM params[], int operation, + const char *desc) { PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx; SLH_DSA_KEY *key = vkey; @@ -111,10 +111,10 @@ static int slh_signverify_init(void *vctx, void *vkey, return 1; } -static int slh_sign_init(void *vctx, void *vkey, const OSSL_PARAM params[]) +static int slh_sign_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[]) { - return slh_signverify_init(vctx, vkey, params, - EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init"); + return slh_signverify_msg_init(vctx, vkey, params, + EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init"); } static int slh_sign(void *vctx, unsigned char *sig, size_t *siglen, @@ -147,11 +147,11 @@ static int slh_sign(void *vctx, unsigned char *sig, size_t *siglen, return ret; } -static int slh_verify_init(void *vctx, void *vkey, +static int slh_verify_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[]) { - return slh_signverify_init(vctx, vkey, params, EVP_PKEY_OP_VERIFY, - "SLH_DSA Verify Init"); + return slh_signverify_msg_init(vctx, vkey, params, EVP_PKEY_OP_VERIFY, + "SLH_DSA Verify Init"); } static int slh_verify(void *vctx, @@ -233,9 +233,11 @@ static void *slh_##fn##_newctx(void *provctx, const char *propq) \ } \ const OSSL_DISPATCH ossl_slh_dsa_##fn##_signature_functions[] = { \ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))slh_##fn##_newctx }, \ - { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))slh_sign_init }, \ + { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ + (void (*)(void))slh_sign_msg_init }, \ { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))slh_sign }, \ - { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))slh_verify_init }, \ + { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ + (void (*)(void))slh_verify_msg_init }, \ { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))slh_verify }, \ { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))slh_freectx }, \ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))slh_set_ctx_params },\ diff --git a/test/slh_dsa_test.c b/test/slh_dsa_test.c index 7e66e3a100a..1926b637a5a 100644 --- a/test/slh_dsa_test.c +++ b/test/slh_dsa_test.c @@ -187,7 +187,7 @@ static int do_slh_dsa_verify(const SLH_DSA_SIG_TEST_DATA *td, goto err; if (!TEST_ptr(sig_alg = EVP_SIGNATURE_fetch(lib_ctx, td->alg, NULL))) goto err; - if (!TEST_int_eq(EVP_PKEY_verify_init_ex2(vctx, sig_alg, params), 1) + if (!TEST_int_eq(EVP_PKEY_verify_message_init(vctx, sig_alg, params), 1) || !TEST_int_eq(EVP_PKEY_verify(vctx, sig, sig_len, td->msg, td->msg_len), 1)) goto err; @@ -233,7 +233,7 @@ static int slh_dsa_sign_verify_test(int tst_id) goto err; if (!TEST_ptr(sig_alg = EVP_SIGNATURE_fetch(lib_ctx, td->alg, NULL))) goto err; - if (!TEST_int_eq(EVP_PKEY_sign_init_ex2(sctx, sig_alg, params), 1) + if (!TEST_int_eq(EVP_PKEY_sign_message_init(sctx, sig_alg, params), 1) || !TEST_int_eq(EVP_PKEY_sign(sctx, NULL, &psig_len, td->msg, td->msg_len), 1) || !TEST_true(EVP_PKEY_get_size_t_param(pkey, OSSL_PKEY_PARAM_MAX_SIZE,