Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ML-DSA / FIPS 204 final #1919

Merged
merged 52 commits into from
Nov 26, 2024
Merged

Add ML-DSA / FIPS 204 final #1919

merged 52 commits into from
Nov 26, 2024

Conversation

bhess
Copy link
Member

@bhess bhess commented Sep 11, 2024

Adds ML-DSA from FIPS204

Pulls ML-DSA from pq-crystals/dilithium upstream: https://github.com/pq-crystals/dilithium
Removes ML-DSA-ipd alias in favor of ML-DSA.

TODOs:

FIPS 204 further defines a context parameter 'ctx' passed to the sign/verify API. This is currently not supported with the OQS API. It also defines

By default, the context is the empty string, though applications may specify the use of a non-empty context string.

This PR makes only this default case available. Asking for feedback if we should adapt/add to the OQS Sign API to accomodate such a 'ctx' string, or if we restrict support to the default case.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)

Closes #1891

bhess added 18 commits November 5, 2024 13:04
Add wrapper for default ctx recommended in FIPS 204
Update suppression files.

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
@dstebila
Copy link
Member

The remaining tasks have been implemented, and the oqs-provider downstream tests are passing. The new APIs are so far named OQS_SIG_sign_with_ctx_str and OQS_SIG_verify_with_ctx_str. An alternative could be OQS_SIG_sign_with_context or OQS_SIG_sign_with_context_string. Is there a preference?

I avoided OQS_SIG_sign_with_context because the term "context" alone is somewhat overloaded and might be misinterpreted as referring to a state structure. While OQS_SIG_sign_with_context_string is more verbose, it seems to align better with the typical naming in liboqs.

Makes sense to explicitly say context string rather than just context. I don't have a preference between ctx_str and context_string.

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
src/sig/sig.h Outdated Show resolved Hide resolved
src/sig/sig.h Show resolved Hide resolved
tests/test_sig.c Show resolved Hide resolved
tests/vectors_sig.c Show resolved Hide resolved
Co-authored-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
Copy link
Member

@SWilson4 SWilson4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything LGTM now. Thanks to @bhess for the work and to all for the effort in discussing the API changes!

@bhess
Copy link
Member Author

bhess commented Nov 21, 2024

Thanks @SWilson4 for going through all the changes and for the review!

@SWilson4 SWilson4 mentioned this pull request Nov 22, 2024
2 tasks
@dstebila
Copy link
Member

Is this ready to merge?

@bhess
Copy link
Member Author

bhess commented Nov 26, 2024

Yes, this is ready to merge from my side. I will proceed with the merge in about an hour unless there are any objections.

@bhess bhess merged commit d9c214c into main Nov 26, 2024
142 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ML-DSA: integrate final standard
5 participants