Move PQDSA to FIPSMODULE (#2166)

As part of validating ML-DSA into AWS-LC-FIPS we must include both PQDSA and ML-DSA directories into the fipsmodule.

Author: jakemas

crypto/CMakeLists.txt

@@ -421,7 +421,6 @@ add_library(
   evp_extra/p_ed25519_asn1.c
   evp_extra/p_hmac_asn1.c
   evp_extra/p_kem_asn1.c
-  evp_extra/p_pqdsa.c
   evp_extra/p_pqdsa_asn1.c
   evp_extra/p_rsa_asn1.c
   evp_extra/p_x25519.c
@@ -471,7 +470,6 @@ add_library(
   poly1305/poly1305_arm.c
   poly1305/poly1305_vec.c
   pool/pool.c
-  pqdsa/pqdsa.c
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c

crypto/evp_extra/evp_asn1.c

@@ -68,7 +68,7 @@
 #include "../bytestring/internal.h"
 #include "../internal.h"
 #include "internal.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID.
 // The OID is then searched against ASN.1 methods for a method with that OID.

crypto/evp_extra/p_methods.c

@@ -11,7 +11,6 @@ static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = {
   &x25519_pkey_meth,
   &dh_pkey_meth,
   &dsa_pkey_meth,
-  &pqdsa_pkey_meth
 };
 
 const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = {

crypto/evp_extra/p_pqdsa_asn1.c

@@ -7,7 +7,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
-#include "../crypto/pqdsa/internal.h"
+#include "../crypto/fipsmodule/pqdsa/internal.h"
 #include "../crypto/internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../ml_dsa/ml_dsa.h"

crypto/evp_extra/p_pqdsa_test.cc

@@ -15,7 +15,7 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
 #include "../ml_dsa/ml_dsa.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 

crypto/evp_extra/print.c

@@ -65,7 +65,7 @@
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
 #include "../ml_dsa/ml_dsa.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
   for (size_t i = 0; i < len; i++) {

crypto/fipsmodule/bcm.c

@@ -118,6 +118,7 @@
 #include "evp/p_hkdf.c"
 #include "evp/p_hmac.c"
 #include "evp/p_kem.c"
+#include "evp/p_pqdsa.c"
 #include "evp/p_rsa.c"
 #include "hkdf/hkdf.c"
 #include "hmac/hmac.c"
@@ -136,6 +137,7 @@
 #include "modes/xts.c"
 #include "modes/polyval.c"
 #include "pbkdf/pbkdf.c"
+#include "pqdsa/pqdsa.c"
 #include "rand/ctrdrbg.c"
 #include "rand/fork_detect.c"
 #include "rand/rand.c"

crypto/fipsmodule/evp/digestsign.c

@@ -57,7 +57,7 @@
 
 #include <openssl/err.h>
 
-#include "../../pqdsa/internal.h"
+#include "../pqdsa/internal.h"
 #include "../delocate.h"
 #include "../digest/internal.h"
 #include "internal.h"

crypto/fipsmodule/evp/evp_ctx.c

@@ -75,6 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) {
   out->methods[4] = EVP_PKEY_hmac_pkey_meth();
   out->methods[5] = EVP_PKEY_ed25519_pkey_meth();
   out->methods[6] = EVP_PKEY_kem_pkey_meth();
+  out->methods[7] = EVP_PKEY_pqdsa_pkey_meth();
 }
 
 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {

crypto/fipsmodule/evp/internal.h

@@ -381,8 +381,8 @@ typedef struct {
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 
 #define ED25519_PUBLIC_KEY_OFFSET 32
-#define FIPS_EVP_PKEY_METHODS 7
-#define NON_FIPS_EVP_PKEY_METHODS 4
+#define FIPS_EVP_PKEY_METHODS 8
+#define NON_FIPS_EVP_PKEY_METHODS 3
 #define ASN1_EVP_PKEY_METHODS 10
 
 struct fips_evp_pkey_methods {

crypto/evp_extra/p_pqdsa.c crypto/fipsmodule/evp/p_pqdsa.c

@@ -6,7 +6,8 @@
 #include <openssl/mem.h>
 
 #include "../crypto/evp_extra/internal.h"
-#include "../crypto/ml_dsa/ml_dsa.h"
+#include "../delocate.h"
+#include "../../ml_dsa/ml_dsa.h"
 #include "../crypto/internal.h"
 #include "../pqdsa/internal.h"
 
@@ -336,27 +337,27 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t
   return NULL;
 }
 
-const EVP_PKEY_METHOD pqdsa_pkey_meth = {
-  EVP_PKEY_PQDSA,
-  pkey_pqdsa_init,
-  NULL,
-  pkey_pqdsa_cleanup,
-  pkey_pqdsa_keygen,
-  NULL,
-  pkey_pqdsa_sign,
-  pkey_pqdsa_sign_message,
-  NULL,
-  pkey_pqdsa_verify,
-  pkey_pqdsa_verify_message,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-  NULL,
-};
+DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_pqdsa_pkey_meth) {
+  out->pkey_id = EVP_PKEY_PQDSA;
+  out->init = pkey_pqdsa_init;
+  out->copy = NULL;
+  out->cleanup = pkey_pqdsa_cleanup;
+  out->keygen = pkey_pqdsa_keygen;
+  out->sign_init = NULL;
+  out->sign = pkey_pqdsa_sign;
+  out->sign_message = pkey_pqdsa_sign_message;
+  out->verify_init = NULL;
+  out->verify = pkey_pqdsa_verify;
+  out->verify_message = pkey_pqdsa_verify_message;
+  out->verify_recover = NULL;
+  out->encrypt = NULL;
+  out->decrypt = NULL;
+  out->derive = NULL;
+  out->paramgen = NULL;
+  out->ctrl = NULL;
+  out->ctrl_str = NULL;
+  out->keygen_deterministic = NULL;
+  out->encapsulate_deterministic = NULL;
+  out->encapsulate = NULL;
+  out->decapsulate = NULL;
+}

crypto/pqdsa/internal.h crypto/fipsmodule/pqdsa/internal.h

@@ -2,9 +2,10 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 #include <openssl/evp.h>
 #include <openssl/mem.h>
-
 #include <openssl/base.h>
-#include "../evp_extra/internal.h"
+
+#include "../delocate.h"
+#include "../../evp_extra/internal.h"
 #include "../crypto/ml_dsa/ml_dsa.h"
 #include "internal.h"
 
@@ -146,83 +147,83 @@ int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in) {
   return 1;
 }
 
-static const PQDSA_METHOD sig_ml_dsa_44_method = {
-  ml_dsa_44_keypair,
-  ml_dsa_44_keypair_internal,
-  ml_dsa_44_sign,
-  ml_dsa_extmu_44_sign,
-  ml_dsa_44_verify,
-  ml_dsa_extmu_44_verify,
-  ml_dsa_44_pack_pk_from_sk
-};
-
-static const PQDSA_METHOD sig_ml_dsa_65_method = {
-  ml_dsa_65_keypair,
-  ml_dsa_65_keypair_internal,
-  ml_dsa_65_sign,
-  ml_dsa_extmu_65_sign,
-  ml_dsa_65_verify,
-  ml_dsa_extmu_65_verify,
-  ml_dsa_65_pack_pk_from_sk
-};
-
-static const PQDSA_METHOD sig_ml_dsa_87_method = {
-  ml_dsa_87_keypair,
-  ml_dsa_87_keypair_internal,
-  ml_dsa_87_sign,
-  ml_dsa_extmu_87_sign,
-  ml_dsa_87_verify,
-  ml_dsa_extmu_87_verify,
-  ml_dsa_87_pack_pk_from_sk
-};
-
-static const PQDSA sig_ml_dsa_44 = {
-  NID_MLDSA44,
-  kOIDMLDSA44,
-  sizeof(kOIDMLDSA44),
-  "MLDSA44",
-  MLDSA44_PUBLIC_KEY_BYTES,
-  MLDSA44_PRIVATE_KEY_BYTES,
-  MLDSA44_SIGNATURE_BYTES,
-  MLDSA44_KEYGEN_SEED_BYTES,
-  MLDSA44_SIGNATURE_SEED_BYTES,
-  &sig_ml_dsa_44_method,
-};
-
-static const PQDSA sig_ml_dsa_65 = {
-  NID_MLDSA65,
-  kOIDMLDSA65,
-  sizeof(kOIDMLDSA65),
-  "MLDSA65",
-  MLDSA65_PUBLIC_KEY_BYTES,
-  MLDSA65_PRIVATE_KEY_BYTES,
-  MLDSA65_SIGNATURE_BYTES,
-  MLDSA65_KEYGEN_SEED_BYTES,
-  MLDSA65_SIGNATURE_SEED_BYTES,
-  &sig_ml_dsa_65_method,
-};
-
-static const PQDSA sig_ml_dsa_87 = {
-  NID_MLDSA87,
-  kOIDMLDSA87,
-  sizeof(kOIDMLDSA87),
-  "MLDSA87",
-  MLDSA87_PUBLIC_KEY_BYTES,
-  MLDSA87_PRIVATE_KEY_BYTES,
-  MLDSA87_SIGNATURE_BYTES,
-  MLDSA87_KEYGEN_SEED_BYTES,
-  MLDSA87_SIGNATURE_SEED_BYTES,
-  &sig_ml_dsa_87_method,
-};
+DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_44_method) {
+  out->pqdsa_keygen = ml_dsa_44_keypair;
+  out->pqdsa_keygen_internal = ml_dsa_44_keypair_internal;
+  out->pqdsa_sign_message = ml_dsa_44_sign;
+  out->pqdsa_sign = ml_dsa_extmu_44_sign;
+  out->pqdsa_verify_message = ml_dsa_44_verify;
+  out->pqdsa_verify = ml_dsa_extmu_44_verify;
+  out->pqdsa_pack_pk_from_sk = ml_dsa_44_pack_pk_from_sk;
+}
+
+DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_65_method) {
+  out->pqdsa_keygen = ml_dsa_65_keypair;
+  out->pqdsa_keygen_internal = ml_dsa_65_keypair_internal;
+  out->pqdsa_sign_message = ml_dsa_65_sign;
+  out->pqdsa_sign = ml_dsa_extmu_65_sign;
+  out->pqdsa_verify_message = ml_dsa_65_verify;
+  out->pqdsa_verify = ml_dsa_extmu_65_verify;
+  out->pqdsa_pack_pk_from_sk = ml_dsa_65_pack_pk_from_sk;
+}
+
+DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_87_method) {
+  out->pqdsa_keygen = ml_dsa_87_keypair;
+  out->pqdsa_keygen_internal = ml_dsa_87_keypair_internal;
+  out->pqdsa_sign_message = ml_dsa_87_sign;
+  out->pqdsa_sign = ml_dsa_extmu_87_sign;
+  out->pqdsa_verify_message = ml_dsa_87_verify;
+  out->pqdsa_verify = ml_dsa_extmu_87_verify;
+  out->pqdsa_pack_pk_from_sk = ml_dsa_87_pack_pk_from_sk;
+}
+
+DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_44) {
+  out->nid = NID_MLDSA44;
+  out->oid = kOIDMLDSA44;
+  out->oid_len = sizeof(kOIDMLDSA44);
+  out->comment = "MLDSA44";
+  out->public_key_len = MLDSA44_PUBLIC_KEY_BYTES;
+  out->private_key_len = MLDSA44_PRIVATE_KEY_BYTES;
+  out->signature_len = MLDSA44_SIGNATURE_BYTES;
+  out->keygen_seed_len = MLDSA44_KEYGEN_SEED_BYTES;
+  out->sign_seed_len = MLDSA44_SIGNATURE_SEED_BYTES;
+  out->method = sig_ml_dsa_44_method();
+}
+
+DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_65) {
+  out->nid = NID_MLDSA65;
+  out->oid = kOIDMLDSA65;
+  out->oid_len = sizeof(kOIDMLDSA65);
+  out->comment = "MLDSA65";
+  out->public_key_len = MLDSA65_PUBLIC_KEY_BYTES;
+  out->private_key_len = MLDSA65_PRIVATE_KEY_BYTES;
+  out->signature_len = MLDSA65_SIGNATURE_BYTES;
+  out->keygen_seed_len = MLDSA65_KEYGEN_SEED_BYTES;
+  out->sign_seed_len = MLDSA65_SIGNATURE_SEED_BYTES;
+  out->method = sig_ml_dsa_65_method();
+}
+
+DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_87) {
+  out->nid = NID_MLDSA87;
+  out->oid = kOIDMLDSA87;
+  out->oid_len = sizeof(kOIDMLDSA87);
+  out->comment = "MLDSA87";
+  out->public_key_len = MLDSA87_PUBLIC_KEY_BYTES;
+  out->private_key_len = MLDSA87_PRIVATE_KEY_BYTES;
+  out->signature_len = MLDSA87_SIGNATURE_BYTES;
+  out->keygen_seed_len = MLDSA87_KEYGEN_SEED_BYTES;
+  out->sign_seed_len = MLDSA87_SIGNATURE_SEED_BYTES;
+  out->method = sig_ml_dsa_87_method();
+}
 
 const PQDSA *PQDSA_find_dsa_by_nid(int nid) {
   switch (nid) {
     case NID_MLDSA44:
-      return &sig_ml_dsa_44;
+      return sig_ml_dsa_44();
     case NID_MLDSA65:
-      return &sig_ml_dsa_65;
+      return sig_ml_dsa_65();
     case NID_MLDSA87:
-      return &sig_ml_dsa_87;
+      return sig_ml_dsa_87();
     default:
       return NULL;
   }

crypto/pqdsa/pqdsa.c crypto/fipsmodule/pqdsa/pqdsa.c

@@ -62,7 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/obj.h>
 
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "internal.h"
 

crypto/x509/algorithm.c

@@ -39,7 +39,7 @@
 #include "../evp_extra/internal.h"
 #include "../internal.h"
 #include "../test/test_util.h"
-#include "../pqdsa/internal.h"
+#include "../fipsmodule/pqdsa/internal.h"
 
 #if defined(OPENSSL_THREADS)
 #include <thread>