algorithms: expose ML-DSA algorithm entries regardless of liboqs

Also this omits mapping between ML-DSA-44 and secparams, as there is
no way to express an algorithm is at security level category 2, which
uses a hash collision search instead of a brute-force key search on
AES. See Appendix B of draft-ietf-lamps-dilithium-certificates for
further details.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/algorithms.h b/lib/algorithms.h
index 3ea9a17741a7e3d1eee17048fafccd7524f96a49..3ce601c92695afe2f3124feea63f9437105e62e9 100644 (file)
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -55,11 +55,13 @@
 #define IS_KEM(x) \
        (((x) == GNUTLS_PK_MLKEM768) || ((x) == GNUTLS_PK_EXP_KYBER768))
 
-#ifdef HAVE_LIBOQS
 #define IS_ML_DSA(x)                                                     \
        (((x) == GNUTLS_PK_ML_DSA_44) || ((x) == GNUTLS_PK_ML_DSA_65) || \
         ((x) == GNUTLS_PK_ML_DSA_87))
-#endif
+
+#define ML_DSA_44_PUBKEY_SIZE 1312
+#define ML_DSA_65_PUBKEY_SIZE 1952
+#define ML_DSA_87_PUBKEY_SIZE 2592
 
 #define IS_GROUP_HYBRID(group) ((group)->ids[0] != GNUTLS_GROUP_INVALID)
 

diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index 23af56ad535cf1c8b6c698d509d9966add7f297f..bda0ce6263e8ab39c3ef58b2d6a23b93d257a7be 100644 (file)
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -213,6 +213,7 @@ static const gnutls_pk_entry pk_algorithms[] = {
          .oid = NULL,
          .id = GNUTLS_PK_EXP_KYBER768,
          .curve = GNUTLS_ECC_CURVE_INVALID },
+#endif
        { .name = "ML-DSA-44",
          .oid = ML_DSA_44_OID,
          .id = GNUTLS_PK_ML_DSA_44,
@@ -228,7 +229,6 @@ static const gnutls_pk_entry pk_algorithms[] = {
          .id = GNUTLS_PK_ML_DSA_87,
          .curve = GNUTLS_ECC_CURVE_INVALID,
          .no_prehashed = 1 },
-#endif
        { .name = "UNKNOWN",
          .oid = NULL,
          .id = GNUTLS_PK_UNKNOWN,

diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index e0bfb8f278638e827f7af6ca04ca942c1bc48220..313530df337b11d4b4ccbdeb1e5d3eb9d2443a98 100644 (file)
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -24,9 +24,6 @@
 #include "algorithms.h"
 #include "errors.h"
 #include "x509/common.h"
-#ifdef HAVE_LIBOQS
-#include "oqs/oqs.h"
-#endif
 
 typedef struct {
        const char *name;
@@ -38,38 +35,16 @@ typedef struct {
                                 */
        unsigned int subgroup_bits; /* subgroup bits */
        unsigned int ecc_bits; /* bits for ECC keys */
-#ifdef HAVE_LIBOQS
        unsigned int ml_dsa_bits;
-#endif
 } gnutls_sec_params_entry;
 
 static const gnutls_sec_params_entry sec_params[] = {
-       { "Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       },
-       { "Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 84, 0,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       },
-       { "Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 128, 0,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       },
-       { "Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       },
+       { "Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0, 0 },
+       { "Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 84, 0, 0 },
+       { "Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 128, 0, 0 },
+       { "Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160, 0 },
 #ifdef ENABLE_FIPS140
-       { "Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       },
+       { "Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160, 0 },
        {
                "Legacy",
                GNUTLS_SEC_PARAM_LEGACY,
@@ -78,57 +53,22 @@ static const gnutls_sec_params_entry sec_params[] = {
                1024,
                192,
                192,
-#ifdef HAVE_LIBOQS
                0,
-#endif
-       },
-       { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 224, 224,
-#ifdef HAVE_LIBOQS
-         OQS_SIG_ml_dsa_44_length_public_key
-#endif
-       },
-       { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
-#ifdef HAVE_LIBOQS
-         0
-#endif
        },
+       { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 224, 224, 0 },
+       { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256, 0 },
 #else
        { "Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160,
-#ifdef HAVE_LIBOQS
-                0
-#endif
-       }, /* ENISA-LEGACY */
-       { "Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192,
-#ifdef HAVE_LIBOQS
-                0
-#endif
-        },
-       { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224,
-#ifdef HAVE_LIBOQS
-                OQS_SIG_ml_dsa_44_length_public_key
-#endif
-                },
-       { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
-#ifdef HAVE_LIBOQS
-                0
-#endif
-       },
+         0 }, /* ENISA-LEGACY */
+       { "Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192, 0 },
+       { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224, 0 },
+       { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256, 0 },
 #endif
        { "Ultra", GNUTLS_SEC_PARAM_ULTRA, 192, 8192, 8192, 384, 384,
-#ifdef HAVE_LIBOQS
-         OQS_SIG_ml_dsa_65_length_public_key
-#endif
-       },
+         ML_DSA_65_PUBKEY_SIZE },
        { "Future", GNUTLS_SEC_PARAM_FUTURE, 256, 15360, 15360, 512, 512,
-#ifdef HAVE_LIBOQS
-         OQS_SIG_ml_dsa_87_length_public_key
-#endif
-       },
-       { NULL, 0, 0, 0, 0, 0, 0,
-#ifdef HAVE_LIBOQS
-         0
-#endif
-       }
+         ML_DSA_87_PUBKEY_SIZE },
+       { NULL, 0, 0, 0, 0, 0, 0, 0 }
 };
 
 /**
@@ -159,10 +99,8 @@ unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
                                ret = p->dsa_bits;
                        else if (IS_EC(algo) || IS_GOSTEC(algo))
                                ret = p->ecc_bits;
-#ifdef HAVE_LIBOQS
                        else if (IS_ML_DSA(algo))
                                ret = p->ml_dsa_bits;
-#endif
                        else
                                ret = p->pk_bits;
                        break;
@@ -292,14 +230,12 @@ gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
                                break;
                        ret = p->sec_param;
                }
-#ifdef HAVE_LIBOQS
        } else if (IS_ML_DSA(algo)) {
                for (p = sec_params; p->name; p++) {
                        if (p->ml_dsa_bits > bits)
                                break;
                        ret = p->sec_param;
                }
-#endif
        } else {
                for (p = sec_params; p->name; p++) {
                        if (p->pk_bits > bits)

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 6bbfe7e8c7d1860480a4a885d1f2bc878219776d..0688f3f83b70953cc0f8fda2e5369db0a61693e7 100644 (file)
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -402,7 +402,6 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = {
          .pk = GNUTLS_PK_DSA,
          .hash = GNUTLS_DIG_SHA512,
          .aid = TLS_SIGN_AID_UNKNOWN },
-#ifdef HAVE_LIBOQS
        { .name = "ML-DSA-44",
          .oid = ML_DSA_44_OID,
          .id = GNUTLS_SIGN_ML_DSA_44,
@@ -421,7 +420,6 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = {
          .pk = GNUTLS_PK_ML_DSA_87,
          .hash = GNUTLS_DIG_SHAKE_256,
          .aid = TLS_SIGN_AID_UNKNOWN },
-#endif
        { .name = 0,
          .oid = 0,
          .id = 0,

diff --git a/lib/privkey.c b/lib/privkey.c
index 262aaf18eeb5e9bf6f44f983d3d67f76aedcb29c..a2975d3aeaaae690468f341f7f89438a3e6e108f 100644 (file)
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -243,11 +243,9 @@ static int privkey_to_pubkey(gnutls_pk_algorithm_t pk,
        case GNUTLS_PK_EDDSA_ED448:
        case GNUTLS_PK_ECDH_X25519:
        case GNUTLS_PK_ECDH_X448:
-#ifdef HAVE_LIBOQS
        case GNUTLS_PK_ML_DSA_44:
        case GNUTLS_PK_ML_DSA_65:
        case GNUTLS_PK_ML_DSA_87:
-#endif
                ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data,
                                        priv->raw_pub.size);
                if (ret < 0)

diff --git a/lib/pubkey.c b/lib/pubkey.c
index 76baa849735124c371d2b7269bce7d8165c9b205..0a1bc1076983e8bab146a7c6f9da34dcad083ee9 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -38,10 +38,6 @@
 #include "urls.h"
 #include "ecc.h"
 
-#ifdef HAVE_LIBOQS
-#include <dlwrap/oqs.h>
-#endif
-
 static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se,
                                     const mac_entry_st *me,
                                     const gnutls_datum_t *hash,
@@ -53,35 +49,6 @@ static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se,
 static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
                               const gnutls_sign_entry_st *se);
 
-#ifdef HAVE_LIBOQS
-struct pq_algorithm_pubkey_bits_st {
-       gnutls_pk_algorithm_t algorithm;
-       int pubkey_bits;
-};
-
-static const struct pq_algorithm_pubkey_bits_st pq_pubkey_bits[] = {
-       { GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_public_key },
-       { GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_public_key },
-       { GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_public_key },
-
-       { GNUTLS_PK_UNKNOWN, 0 }
-};
-
-static int pq_pubkey_to_bits(const gnutls_pk_algorithm_t algo)
-{
-       const struct pq_algorithm_pubkey_bits_st *pubkey_to_bits =
-               pq_pubkey_bits;
-       while (pubkey_to_bits->algorithm != algo &&
-              pubkey_to_bits->algorithm != GNUTLS_PK_UNKNOWN)
-               pubkey_to_bits++;
-
-       if (pubkey_to_bits->algorithm == GNUTLS_PK_UNKNOWN)
-               gnutls_assert();
-
-       return pubkey_to_bits->pubkey_bits;
-}
-#endif
-
 unsigned pubkey_to_bits(const gnutls_pk_params_st *params)
 {
        switch (params->algo) {
@@ -100,12 +67,12 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st *params)
        case GNUTLS_PK_GOST_12_256:
        case GNUTLS_PK_GOST_12_512:
                return gnutls_ecc_curve_get_size(params->curve) * 8;
-#ifdef HAVE_LIBOQS
        case GNUTLS_PK_ML_DSA_44:
+               return ML_DSA_44_PUBKEY_SIZE;
        case GNUTLS_PK_ML_DSA_65:
+               return ML_DSA_65_PUBKEY_SIZE;
        case GNUTLS_PK_ML_DSA_87:
-               return pq_pubkey_to_bits(params->algo);
-#endif
+               return ML_DSA_87_PUBKEY_SIZE;
        default:
                return 0;
        }
@@ -390,7 +357,6 @@ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
                                pubkey_to_bits(&key->params));
                ret = 0;
                break;
-#ifdef HAVE_LIBOQS
        case GNUTLS_PK_ML_DSA_44:
        case GNUTLS_PK_ML_DSA_65:
        case GNUTLS_PK_ML_DSA_87:
@@ -398,7 +364,6 @@ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
                        *hash = GNUTLS_DIG_SHAKE_256;
                ret = 0;
                break;
-#endif
        default:
                gnutls_assert();
                ret = GNUTLS_E_INTERNAL_ERROR;
@@ -2697,11 +2662,9 @@ int pubkey_verify_data(const gnutls_sign_entry_st *se, const mac_entry_st *me,
 
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
-#ifdef HAVE_LIBOQS
        case GNUTLS_PK_ML_DSA_44:
        case GNUTLS_PK_ML_DSA_65:
        case GNUTLS_PK_ML_DSA_87:
-#endif
                if (_gnutls_pk_verify(se->pk, data, signature, params,
                                      sign_params) != 0) {
                        gnutls_assert();

diff --git a/lib/x509/common.h b/lib/x509/common.h
index 3b748b10b71c35a00aeab393344f79906b1039e6..31d6d24e519ff1a3b42a266d4bca95adfdb81763 100644 (file)
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -117,11 +117,9 @@
 #define GOST28147_89_CPC_OID "1.2.643.2.2.31.3"
 #define GOST28147_89_CPD_OID "1.2.643.2.2.31.4"
 
-#ifdef HAVE_LIBOQS
 #define ML_DSA_44_OID "2.16.840.1.101.3.4.3.17"
 #define ML_DSA_65_OID "2.16.840.1.101.3.4.3.18"
 #define ML_DSA_87_OID "2.16.840.1.101.3.4.3.19"
-#endif
 
 #define ASN1_NULL "\x05\x00"
 #define ASN1_NULL_SIZE 2

diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index af457e0455f6393a115e06ea42134445a4616fa0..7d180a9588754e6ac7767feeb3f54cf24bf7319a 100644 (file)
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -133,14 +133,11 @@ int _gnutls_get_asn_mpis(asn1_node asn, const char *root,
            pk_algorithm != GNUTLS_PK_EDDSA_ED25519 &&
            pk_algorithm != GNUTLS_PK_ECDH_X25519 &&
            pk_algorithm != GNUTLS_PK_EDDSA_ED448 &&
-           pk_algorithm != GNUTLS_PK_ECDH_X448
-#ifdef HAVE_LIBOQS
-           && pk_algorithm != GNUTLS_PK_ML_DSA_44 &&
+           pk_algorithm != GNUTLS_PK_ECDH_X448 &&
+           pk_algorithm != GNUTLS_PK_ML_DSA_44 &&
            pk_algorithm != GNUTLS_PK_ML_DSA_65 &&
-           pk_algorithm != GNUTLS_PK_ML_DSA_87
-#endif
-       ) {
-               /* RSA, EdDSA and PQ algorithms do not use parameters */
+           pk_algorithm != GNUTLS_PK_ML_DSA_87) {
+               /* RSA, EdDSA and ML-DSA algorithms do not use parameters */
                result = _gnutls_x509_read_value(asn, name, &tmp);
                if (pk_algorithm == GNUTLS_PK_RSA_PSS &&
                    (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||

diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index b62d7e99c67d43fcad6368603c6d29a1a53617c8..723ebd4b9cc54acb9c4eb793335bf59c9c33df8d 100644 (file)
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -241,16 +241,10 @@ int _gnutls_privkey_decode_ecc_key(asn1_node *pkey_asn,
                                   gnutls_x509_privkey_t pkey,
                                   gnutls_ecc_curve_t curve);
 
-#ifdef HAVE_LIBOQS
-int _gnutls_decode_pqc_keys(asn1_node *pkey_asn, const gnutls_datum_t *raw_key,
-                           gnutls_x509_privkey_t pkey, uint8_t *version);
-
 int _gnutls_privkey_decode_ml_dsa_key(asn1_node *pkey_asn,
                                      const gnutls_datum_t *raw_key,
                                      gnutls_x509_privkey_t pkey);
 
-#endif
-
 int _gnutls_privkey_decode_eddsa_key(asn1_node *pkey_asn,
                                     const gnutls_datum_t *raw_key,
                                     gnutls_x509_privkey_t pkey,

diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c
index a9f62e841af828c302598d1894debda4bf13ddf4..421532534cf8d160e3846723d704041203c89f64 100644 (file)
--- a/tests/gnutls-strcodes.c
+++ b/tests/gnutls-strcodes.c
@@ -96,11 +96,6 @@ void doit(void)
                check_non_null(gnutls_handshake_description_get_name(i));
 
        for (i = GNUTLS_PK_UNKNOWN + 1; i <= GNUTLS_PK_MAX; i++) {
-#ifndef HAVE_LIBOQS
-               if (i == GNUTLS_PK_ML_DSA_44 || i == GNUTLS_PK_ML_DSA_65 ||
-                   i == GNUTLS_PK_ML_DSA_87)
-                       continue;
-#endif
                check_unique_non_null(gnutls_pk_algorithm_get_name(i));
        }
 
@@ -117,11 +112,6 @@ void doit(void)
                    i == GNUTLS_SIGN_DSA_SHA3_384 ||
                    i == GNUTLS_SIGN_DSA_SHA3_512)
                        continue;
-#endif
-#ifndef HAVE_LIBOQS
-               if (i == GNUTLS_SIGN_ML_DSA_44 || i == GNUTLS_SIGN_ML_DSA_65 ||
-                   i == GNUTLS_SIGN_ML_DSA_87)
-                       continue;
 #endif
                check_unique_non_null(gnutls_sign_algorithm_get_name(i));
        }