Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
Deconstruct the functions into 2 parts:
- mu computation (if needed)
- actual signing/verification
Adds helper to compute mu that is split in 3 parts
(init/update/finalize) where the update part can be used to feed the message
to be signed or verified in chunks of any size.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27342)
The μ value replaces the message and avoids some of the preliminary
processes. This is part of FIPS 204.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26637)
- Same UX as ML-KEM. The main ASN.1 private key syntax is the one from
Russ Housley's post on the LAMPS list, subsequently amended to tag the
seed instead of the key (each of the three parameter sets will have a
fixed size for the `expandedKey`):
ML-DSA-PrivateKey ::= CHOICE {
seed [0] IMPLICIT OCTET STRING SIZE (32),
expandedKey OCTET STRING SIZE (2560 | 4032 | 4896)
both SEQUENCE {
seed OCTET STRING SIZE (32),
expandedKey OCTET STRING SIZE (2560 | 4032 | 4896) } }
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26638)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
- Make data encoding work on big-endian systems.
- Fix some ML-DSA-44 specific bugs related to w1-vector bits
per-coefficient, overall size and high-bits rounding.
- Use "do { ... } while (pointer < end)" style consistently.
- Drop redundant reference counting of provided keys.
- Add parameter blocks for ML-DSA-44 and ML-DSA-87 and turn on
associated provider glue. These now pass both keygen and
siggen tests (to be added separately).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
A DSA_KEY when created will alloc enough space to hold its k & l
vectors and then just set the vectors to point to the allocated blob.
Local Vectors and Matricies can then be initialised in a similar way by
passing them an array of Polnomials that are on the local stack.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26127)
Tomas Mraz
Simo Sorce
openssl-machine
Pauli
Viktor Dukhovni
slontis