Skip to content

Add support for external contexts in ML-DSA ACVP #2881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
samuel40791765 merged 1 commit into from
Dec 4, 2025
+104 −92
Merged

Add support for external contexts in ML-DSA ACVP #2881

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions util/fipstools/acvp/acvptool/subprocess/ml_dsa.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ func processMlDsaSigGen(vectors json.RawMessage, m Transactable) (interface{}, e

for _, test := range group.Tests {
results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigGen",
1, test.SK, test.Message, test.MU, test.RND, boolToBytes(group.ExternalMu))
1, test.SK, test.Message, test.MU, test.RND, test.Context, boolToBytes(group.ExternalMu))
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -216,7 +216,7 @@ func processMlDsaSigVer(vectors json.RawMessage, m Transactable) (interface{}, e

for _, test := range group.Tests {
results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigVer", 1,
test.Signature, test.PK, test.Message, test.MU, boolToBytes(group.ExternalMu))
test.Signature, test.PK, test.Message, test.MU, test.Context, boolToBytes(group.ExternalMu))
if err != nil {
return nil, err
}
Expand Down
Binary file modified util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2
View file
Open in desktop
Binary file not shown.
Binary file modified util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2
View file
Open in desktop
Binary file not shown.
192 changes: 102 additions & 90 deletions util/fipstools/acvp/modulewrapper/modulewrapper.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1447,7 +1447,10 @@ static bool GetConfig(const Span<const uint8_t> args[],
true,
false
],
"signatureInterfaces": ["internal"]
"signatureInterfaces": [
"internal",
"external"
]
},{
"algorithm": "ML-DSA",
"mode": "sigVer",
Expand All @@ -1473,7 +1476,10 @@ static bool GetConfig(const Span<const uint8_t> args[],
true,
false
],
"signatureInterfaces": ["internal"]
"signatureInterfaces": [
"internal",
"external"
]
}])";
return write_reply({Span<const uint8_t>(
reinterpret_cast<const uint8_t *>(kConfig), sizeof(kConfig) - 1)});
Expand Down Expand Up @@ -3313,60 +3319,60 @@ static bool ML_DSA_SIGGEN(const Span<const uint8_t> args[],
const Span<const uint8_t> msg = args[1];
const Span<const uint8_t> mu = args[2];
const Span<const uint8_t> rnd = args[3];
const Span<const uint8_t> extmu = args[4];

ml_dsa_params params;
const Span<const uint8_t> context = args[4];
const Span<const uint8_t> extmu = args[5];

using SignFunc = int (*)(const uint8_t*, uint8_t*, size_t*,
const uint8_t*, size_t, const uint8_t*, size_t);
using SignInternalFunc = int (*)(const uint8_t*, uint8_t*, size_t*,
const uint8_t*, size_t,
const uint8_t*, size_t, const uint8_t*);

// Group all related functions for each variant
struct MLDSA_functions {
void (*params_init)(ml_dsa_params*);
SignFunc sign;
SignInternalFunc sign_internal;
SignInternalFunc extmu_sign_internal;
};

// Select function set based on NID
MLDSA_functions mldsa_funcs;
if (nid == NID_MLDSA44) {
ml_dsa_44_params_init(&params);
}
else if (nid == NID_MLDSA65) {
ml_dsa_65_params_init(&params);
}
else if (nid == NID_MLDSA87) {
ml_dsa_87_params_init(&params);
mldsa_funcs = {ml_dsa_44_params_init, ml_dsa_44_sign,
ml_dsa_44_sign_internal, ml_dsa_extmu_44_sign_internal};
} else if (nid == NID_MLDSA65) {
mldsa_funcs = {ml_dsa_65_params_init, ml_dsa_65_sign,
ml_dsa_65_sign_internal, ml_dsa_extmu_65_sign_internal};
} else if (nid == NID_MLDSA87) {
mldsa_funcs = {ml_dsa_87_params_init, ml_dsa_87_sign,
ml_dsa_87_sign_internal, ml_dsa_extmu_87_sign_internal};
} else {
return false;
}

ml_dsa_params params;
mldsa_funcs.params_init(&params);

size_t signature_len = params.bytes;
std::vector<uint8_t> signature(signature_len);

// generate the signatures raw sign mode
if (extmu.data()[0] == 0) {
if (nid == NID_MLDSA44) {
if (!ml_dsa_44_sign_internal(sk.data(), signature.data(), &signature_len,
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
return false;
}
}
else if (nid == NID_MLDSA65) {
if (!ml_dsa_65_sign_internal(sk.data(), signature.data(), &signature_len,
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
return false;
}
}
else if (nid == NID_MLDSA87) {
if (!ml_dsa_87_sign_internal(sk.data(), signature.data(), &signature_len,
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
return false;
}
}
}
// generate the signatures digest sign mode (externalmu)
else {
if (nid == NID_MLDSA44) {
if (!ml_dsa_extmu_44_sign_internal(sk.data(), signature.data(), &signature_len,
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
return false;
}
if (!context.empty()) {
if (!mldsa_funcs.sign(sk.data(), signature.data(), &signature_len,
msg.data(), msg.size(), context.data(), context.size())) {
return false;
}
else if (nid == NID_MLDSA65) {
if (!ml_dsa_extmu_65_sign_internal(sk.data(), signature.data(), &signature_len,
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
} else {
if (extmu.data()[0] == 0) {
// generate the signatures raw sign mode
if (!mldsa_funcs.sign_internal(sk.data(), signature.data(), &signature_len,
msg.data(), msg.size(), nullptr, 0, rnd.data())) {
return false;
}
}
else if (nid == NID_MLDSA87) {
if (!ml_dsa_extmu_87_sign_internal(sk.data(), signature.data(), &signature_len,
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
} else {
// generate the signatures digest sign mode (externalmu)
if (!mldsa_funcs.extmu_sign_internal(sk.data(), signature.data(), &signature_len,
mu.data(), mu.size(), nullptr, 0, rnd.data())) {
return false;
}
}
Expand All @@ -3381,52 +3387,58 @@ static bool ML_DSA_SIGVER(const Span<const uint8_t> args[], ReplyCallback write_
const Span<const uint8_t> pk = args[1];
const Span<const uint8_t> msg = args[2];
const Span<const uint8_t> mu = args[3];
const Span<const uint8_t> extmu = args[4];
const Span<const uint8_t> context = args[4];
const Span<const uint8_t> extmu = args[5];

using VerifyFunc = int (*)(const uint8_t*, const uint8_t*, size_t,
const uint8_t*, size_t, const uint8_t*, size_t);
using VerifyInternalFunc = int (*)(const uint8_t*, const uint8_t*, size_t,
const uint8_t*, size_t, const uint8_t*, size_t);

// Group all related functions for each variant
struct MLDSA_functions {
VerifyFunc verify;
VerifyInternalFunc verify_internal;
VerifyInternalFunc extmu_verify_internal;
};

// Select function set based on NID
MLDSA_functions mldsa_funcs;
if (nid == NID_MLDSA44) {
mldsa_funcs = {ml_dsa_44_verify, ml_dsa_44_verify_internal,
ml_dsa_extmu_44_verify_internal};
} else if (nid == NID_MLDSA65) {
mldsa_funcs = {ml_dsa_65_verify, ml_dsa_65_verify_internal,
ml_dsa_extmu_65_verify_internal};
} else if (nid == NID_MLDSA87) {
mldsa_funcs = {ml_dsa_87_verify, ml_dsa_87_verify_internal,
ml_dsa_extmu_87_verify_internal};
} else {
return false;
}

uint8_t reply[1] = {0};

// verify the signatures raw sign mode
if (extmu.data()[0] == 0) {
if (nid == NID_MLDSA44) {
if (ml_dsa_44_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
msg.size(), nullptr, 0)) {
reply[0] = 1;
}
if (!context.empty()) {
if (mldsa_funcs.verify(pk.data(), sig.data(), sig.size(), msg.data(),
msg.size(), context.data(), context.size())) {
reply[0] = 1;
}
else if (nid == NID_MLDSA65) {
if (ml_dsa_65_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
msg.size(), nullptr, 0)) {
reply[0] = 1;
}
}
else if (nid == NID_MLDSA87) {
if (ml_dsa_87_verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
msg.size(), nullptr, 0)) {
reply[0] = 1;
}
}
}
// verify the signatures digest sign mode (externalmu)
else{
if (nid == NID_MLDSA44) {
if (ml_dsa_extmu_44_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
mu.size(), nullptr, 0)) {
} else {
if (extmu.data()[0] == 0) {
// verify the signatures raw sign mode
if (mldsa_funcs.verify_internal(pk.data(), sig.data(), sig.size(), msg.data(),
msg.size(), nullptr, 0)) {
reply[0] = 1;
}
}
else if (nid == NID_MLDSA65) {
if (ml_dsa_extmu_65_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
mu.size(), nullptr, 0)) {
} else {
// verify the signatures digest sign mode (externalmu)
if (mldsa_funcs.extmu_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
mu.size(), nullptr, 0)) {
reply[0] = 1;
}
}
else if (nid == NID_MLDSA87) {
if (ml_dsa_extmu_87_verify_internal(pk.data(), sig.data(), sig.size(), mu.data(),
mu.size(), nullptr, 0)) {
reply[0] = 1;
}
}
}

return write_reply({Span<const uint8_t>(reply)});
}

Expand Down Expand Up @@ -3694,12 +3706,12 @@ static struct {
{"ML-DSA/ML-DSA-44/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA44>},
{"ML-DSA/ML-DSA-65/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA65>},
{"ML-DSA/ML-DSA-87/keyGen", 1, ML_DSA_KEYGEN<NID_MLDSA87>},
{"ML-DSA/ML-DSA-44/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA44>},
{"ML-DSA/ML-DSA-65/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA65>},
{"ML-DSA/ML-DSA-87/sigGen", 5, ML_DSA_SIGGEN<NID_MLDSA87>},
{"ML-DSA/ML-DSA-44/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA44>},
{"ML-DSA/ML-DSA-65/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA65>},
{"ML-DSA/ML-DSA-87/sigVer", 5, ML_DSA_SIGVER<NID_MLDSA87>}};
{"ML-DSA/ML-DSA-44/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA44>},
{"ML-DSA/ML-DSA-65/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA65>},
{"ML-DSA/ML-DSA-87/sigGen", 6, ML_DSA_SIGGEN<NID_MLDSA87>},
{"ML-DSA/ML-DSA-44/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA44>},
{"ML-DSA/ML-DSA-65/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA65>},
{"ML-DSA/ML-DSA-87/sigVer", 6, ML_DSA_SIGVER<NID_MLDSA87>}};

Handler FindHandler(Span<const Span<const uint8_t>> args) {
const bssl::Span<const uint8_t> algorithm = args[0];
Expand Down
Loading