Skip to content

PreHash SLH-DSA #115509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jun 9, 2025
Merged

PreHash SLH-DSA #115509

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
61f6164
PreHash SLH-DSA
PranavSenthilnathan May 13, 2025
e096e37
Finish up PreHash impl
PranavSenthilnathan May 16, 2025
3e923be
"data" -> "hash" in xmldoc
PranavSenthilnathan May 16, 2025
0f722e7
fix conflict and merge
PranavSenthilnathan May 16, 2025
362109f
Fix build for platforms without openssl 3.5
PranavSenthilnathan May 16, 2025
7745416
Merge branch 'main' of https://github.com/dotnet/runtime into prehash…
PranavSenthilnathan Jun 4, 2025
7ceaaf8
PR feedback
PranavSenthilnathan Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions ...ies/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,59 @@ internal static bool SlhDsaVerifyPure(
}
}

[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaSignPreEncoded(
SafeEvpPKeyHandle pkey, IntPtr extraHandle,
ReadOnlySpan<byte> msg, int msgLength,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tricky thing here is we want to guess "if OSSL adds primary support for Pre-HashSLH-DSA in the future, what will their API look like?". It's not this.

We can leave the function here as SlhDsaSignPreFormatted if we don't feel that we can adequately anticipate if they'd want a string OID, a binary OID, a string algorithm name, a NID, or whatever... but if we had a sense that they were adding something in OSSL 3.6 then we'd want to go ahead and make the shape be right here so we just needed to patch the body to say "if you know how to call this yourself, do it; otherwise we'll call it the preformatted way".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not really sure what OpenSSL will do for this, but the docs say:

Currently OpenSSL does not support the Pre Hash variant as this does not sit well with the OpenSSL API's. The user could do the encoding themselves and then set the settable to not encode the passed in message.

So SlhDsaSignPreEncoded might be appropriate. Their comment also makes it sound like pre-hash might require API changes on their side so it's hard to predict what the final shape will be.

Span<byte> destination, int destinationLength);

internal static void SlhDsaSignPreEncoded(
SafeEvpPKeyHandle pkey,
ReadOnlySpan<byte> msg,
Span<byte> destination)
{
int ret = CryptoNative_SlhDsaSignPreEncoded(
pkey, GetExtraHandle(pkey),
msg, msg.Length,
destination, destination.Length);

if (ret != 1)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
}

[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaVerifyPreEncoded(
SafeEvpPKeyHandle pkey, IntPtr extraHandle,
ReadOnlySpan<byte> msg, int msgLength,
ReadOnlySpan<byte> signature, int signatureLength);

internal static bool SlhDsaVerifyPreEncoded(
SafeEvpPKeyHandle pkey,
ReadOnlySpan<byte> msg,
ReadOnlySpan<byte> signature)
{
int ret = CryptoNative_SlhDsaVerifyPreEncoded(
pkey, GetExtraHandle(pkey),
msg, msg.Length,
signature, signature.Length);

if (ret == 1)
{
return true;
}
else if (ret == 0)
{
return false;
}
else
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
}


[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaExportSecretKey(SafeEvpPKeyHandle pkey, Span<byte> destination, int destinationLength);

Expand Down
2 changes: 2 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/Oids.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ internal static partial class Oids
internal const string Sha3_256 = "2.16.840.1.101.3.4.2.8";
internal const string Sha3_384 = "2.16.840.1.101.3.4.2.9";
internal const string Sha3_512 = "2.16.840.1.101.3.4.2.10";
internal const string Shake128 = "2.16.840.1.101.3.4.2.11";
internal const string Shake256 = "2.16.840.1.101.3.4.2.12";

// DSA CMS uses the combined signature+digest OID
internal const string DsaWithSha1 = "1.2.840.10040.4.3";
Expand Down
Loading