-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add dilithium for signing and verification
This commit adds dilithium as algorithm for signing and verification. As openssl is not supporting dilithium at the moment, the reference implementation from the NIST PQC is used (see https://github.com/pq-crystals/dilithium/). The crystalls dilithium libraries without avx support are used. The current version of MoCOCrW uses a EVP_PKEY centric implementation for asymmetric cryptographic operations. To avoid changes on the existing classes the relevant classes are cloned for dilithium. Functionality is added or removed wherever necessary. But the changes were done with the plan in mind, to be able to change back to the EVP_PKEY centric implementation once openssl supports dilithium. The new dilithium feature is OPTIONAL. To compile MoCOCrW with dilithium support specify -DDILITHIUM_ENABLED when invoking cmake. You have to make sure, that the static libraries created by libdilithium (https://github.com/pq-crystals/dilithium) can be found the linker. Additionally the compiler needs access to "api.h" from libdilithium. To be compliant to the current implementation an additional function to retrieve the public key from the private key for dilithium is added to libdilithium (pq-crystals/dilithium#68). This one is required for compilation. If you have problems compiling and installing libdillithium there is another PR which enhances cmake for libdilithium (pq-crystals/dilithium#69). The following openssl functions are required for the implementation and were consequently added: * d2i_X509_PUBKEY (reading ASN.1 pubkey structures) * X509_PUBKEY_free (freeing the memory) * ASN1_INTEGER_get_int64 (modern function for ASN1_INTEGER_get) * d2i_PKCS8_PRIV_KEY_INFO (reading RFC 5958 DER data) * PKCS8_PRIV_KEY_INFO_free (free it)
- Loading branch information
Showing
42 changed files
with
2,590 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
FROM buildenv | ||
|
||
ARG LIBP11_URL=https://github.com/OpenSC/libp11/releases/download/libp11-0.4.12/libp11-0.4.12.tar.gz | ||
RUN mkdir /tmp/patches | ||
COPY hsm-patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch \ | ||
dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch \ | ||
dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch \ | ||
dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch \ | ||
dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch \ | ||
dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch \ | ||
dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch \ | ||
dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch \ | ||
dilithium-patches/0008-Add-function-for-pub-key-extraction.patch \ | ||
/tmp/patches/ | ||
|
||
# Install: | ||
# * MoCOCrW dependencies (except OpenSSL) | ||
# * libp11 | ||
# * libdilithium | ||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ | ||
# for pkcs11-tool which we use to create keys in token | ||
opensc \ | ||
# p11-kit-modules allows loading of libp11 engine without having to edit openssl.cnf | ||
p11-kit-modules \ | ||
# softhsm2: includes both softhsm2-util and libsofthsm2 | ||
softhsm2 \ | ||
# libp11 needs this | ||
libtool && \ | ||
rm -rf /var/lib/apt/lists/* && \ | ||
|
||
# Build libp11 | ||
mkdir -p /tmp/libp11 && \ | ||
cd /tmp/libp11 && \ | ||
wget "${LIBP11_URL}" && \ | ||
tar xf libp11-0.4.12.tar.gz && \ | ||
cd libp11-0.4.12 && \ | ||
git apply /tmp/patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch && \ | ||
echo "Successfully patched libp11" && \ | ||
autoreconf --verbose --install --force && \ | ||
./configure --enable-strict && \ | ||
make -j"$(nproc)" && \ | ||
make check && \ | ||
make install && \ | ||
rm -rf /tmp/libp11 && \ | ||
|
||
# Build libdilithium | ||
mkdir /tmp/libdilithium && \ | ||
cd /tmp/libdilithium && \ | ||
git clone https://github.com/pq-crystals/dilithium && \ | ||
cd dilithium && \ | ||
git checkout 3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 && \ | ||
git apply /tmp/patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch && \ | ||
git apply /tmp/patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch && \ | ||
git apply /tmp/patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch && \ | ||
git apply /tmp/patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch && \ | ||
git apply /tmp/patches/0005-CMakeLists.txt-Add-cmake-install-target.patch && \ | ||
git apply /tmp/patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch && \ | ||
git apply /tmp/patches/0007-CMakeLists.txt-Change-target_compile_definition.patch && \ | ||
git apply /tmp/patches/0008-Add-function-for-pub-key-extraction.patch && \ | ||
mkdir build && \ | ||
cd build && \ | ||
cmake -GNinja .. -DBUILD_TESTING=ON&& \ | ||
ninja && \ | ||
ctest -j"$(nproc)" && \ | ||
ninja install && \ | ||
cd / && \ | ||
rm -rf /tmp/libdilithium && \ | ||
rm -rf /tmp/patches | ||
|
194 changes: 194 additions & 0 deletions
194
...eature-support/dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
From 13b5daa777e9ffea85c0b9bb92c6145920a6ced5 Mon Sep 17 00:00:00 2001 | ||
From: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> | ||
Date: Tue, 13 Dec 2022 14:46:35 +0100 | ||
Subject: [PATCH 1/8] CMakeLists.txt: Add BUILD_TESTING compile flag | ||
|
||
Up to now all tests were built automatically when building with cmake. | ||
|
||
As tests are not required when just building the library a new cmake | ||
flag BUILD_TESTING is introduced. Once set the test binaries are build | ||
and can be executed using ctest. | ||
--- | ||
CMakeLists.txt | 7 ++- | ||
ref/CMakeLists.txt | 132 +++++++++++++++++++++++++++++---------------- | ||
2 files changed, 90 insertions(+), 49 deletions(-) | ||
|
||
diff --git a/CMakeLists.txt b/CMakeLists.txt | ||
index 17b9f75..60cb20e 100644 | ||
--- a/CMakeLists.txt | ||
+++ b/CMakeLists.txt | ||
@@ -5,10 +5,13 @@ project(dilithium C ASM) | ||
set(CMAKE_C_STANDARD 99) | ||
set(CMAKE_C_STANDARD_REQUIRED ON) | ||
|
||
-enable_testing() | ||
- | ||
#find_package(OpenSSL REQUIRED) | ||
#include_directories(${OPENSSL_INCLUDE_DIR}) | ||
|
||
+if(BUILD_TESTING) | ||
+ message(STATUS "Testing enabled.") | ||
+ enable_testing() | ||
+endif() | ||
+ | ||
add_subdirectory(ref) | ||
#add_subdirectory(avx2) | ||
diff --git a/ref/CMakeLists.txt b/ref/CMakeLists.txt | ||
index b6f76e0..c246b1e 100644 | ||
--- a/ref/CMakeLists.txt | ||
+++ b/ref/CMakeLists.txt | ||
@@ -26,14 +26,20 @@ target_compile_definitions(dilithium2aes_ref PUBLIC DILITHIUM_MODE=2 DILITHIUM_U | ||
target_link_libraries(dilithium2_ref INTERFACE fips202_ref) | ||
target_link_libraries(dilithium2aes_ref INTERFACE fips202_ref aes256ctr_ref) | ||
|
||
-add_executable(test_dilithium2_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors2_ref ${TEST_VECTORS_SRCS}) | ||
-add_executable(test_dilithium2aes_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors2aes_ref ${TEST_VECTORS_SRCS}) | ||
-target_link_libraries(test_dilithium2_ref dilithium2_ref) | ||
-target_link_libraries(test_vectors2_ref dilithium2_ref) | ||
-target_link_libraries(test_dilithium2aes_ref dilithium2aes_ref) | ||
-target_link_libraries(test_vectors2aes_ref dilithium2aes_ref) | ||
+if(BUILD_TESTING) | ||
+ add_executable(test_dilithium2_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors2_ref ${TEST_VECTORS_SRCS}) | ||
+ add_executable(test_dilithium2aes_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors2aes_ref ${TEST_VECTORS_SRCS}) | ||
+ | ||
+ target_link_libraries(test_dilithium2_ref dilithium2_ref) | ||
+ target_link_libraries(test_vectors2_ref dilithium2_ref) | ||
+ target_link_libraries(test_dilithium2aes_ref dilithium2aes_ref) | ||
+ target_link_libraries(test_vectors2aes_ref dilithium2aes_ref) | ||
+ | ||
+ add_test(NAME dilithium2_ref COMMAND test_dilithium2_ref) | ||
+ add_test(NAME dilithium2aes_ref COMMAND test_dilithium2aes_ref) | ||
+endif() | ||
|
||
# Dilithium 3 | ||
add_library(dilithium3_ref ${DILITHIUM_FIPS202_SRCS}) | ||
@@ -43,14 +49,18 @@ target_compile_definitions(dilithium3aes_ref PUBLIC DILITHIUM_MODE=3 DILITHIUM_U | ||
target_link_libraries(dilithium3_ref INTERFACE fips202_ref) | ||
target_link_libraries(dilithium3aes_ref INTERFACE fips202_ref aes256ctr_ref) | ||
|
||
-add_executable(test_dilithium3_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors3_ref ${TEST_VECTORS_SRCS}) | ||
-add_executable(test_dilithium3aes_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors3aes_ref ${TEST_VECTORS_SRCS}) | ||
-target_link_libraries(test_dilithium3_ref dilithium3_ref) | ||
-target_link_libraries(test_vectors3_ref dilithium3_ref) | ||
-target_link_libraries(test_dilithium3aes_ref dilithium3aes_ref) | ||
-target_link_libraries(test_vectors3aes_ref dilithium3aes_ref) | ||
+if(BUILD_TESTING) | ||
+ add_executable(test_dilithium3_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors3_ref ${TEST_VECTORS_SRCS}) | ||
+ add_executable(test_dilithium3aes_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors3aes_ref ${TEST_VECTORS_SRCS}) | ||
+ target_link_libraries(test_dilithium3_ref dilithium3_ref) | ||
+ target_link_libraries(test_vectors3_ref dilithium3_ref) | ||
+ target_link_libraries(test_dilithium3aes_ref dilithium3aes_ref) | ||
+ target_link_libraries(test_vectors3aes_ref dilithium3aes_ref) | ||
+ add_test(NAME dilithium3_ref COMMAND test_dilithium3_ref) | ||
+ add_test(NAME dilithium3aes_ref COMMAND test_dilithium3aes_ref) | ||
+endif() | ||
|
||
# Dilithium 5 | ||
add_library(dilithium5_ref ${DILITHIUM_FIPS202_SRCS}) | ||
@@ -60,36 +70,64 @@ target_compile_definitions(dilithium5aes_ref PUBLIC DILITHIUM_MODE=5 DILITHIUM_U | ||
target_link_libraries(dilithium5_ref INTERFACE fips202_ref) | ||
target_link_libraries(dilithium5aes_ref INTERFACE fips202_ref aes256ctr_ref) | ||
|
||
-add_executable(test_dilithium5_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors5_ref ${TEST_VECTORS_SRCS}) | ||
-add_executable(test_dilithium5aes_ref ${TEST_DILITHIUM_SRCS}) | ||
-add_executable(test_vectors5aes_ref ${TEST_VECTORS_SRCS}) | ||
-target_link_libraries(test_dilithium5_ref dilithium5_ref) | ||
-target_link_libraries(test_vectors5_ref dilithium5_ref) | ||
-target_link_libraries(test_dilithium5aes_ref dilithium5aes_ref) | ||
-target_link_libraries(test_vectors5aes_ref dilithium5aes_ref) | ||
- | ||
-add_test(NAME dilithium2_ref COMMAND test_dilithium2_ref) | ||
-add_test(NAME dilithium2aes_ref COMMAND test_dilithium2aes_ref) | ||
-add_test(NAME dilithium3_ref COMMAND test_dilithium3_ref) | ||
-add_test(NAME dilithium3aes_ref COMMAND test_dilithium3aes_ref) | ||
-add_test(NAME dilithium5_ref COMMAND test_dilithium5_ref) | ||
-add_test(NAME dilithium5aes_ref COMMAND test_dilithium5aes_ref) | ||
- | ||
-if(WIN32) | ||
- add_test(NAME vectors2_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors2_ref> | dos2unix > tvecs2") | ||
- add_test(NAME vectors2aes_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors2aes_ref> | dos2unix > tvecs2aes") | ||
- add_test(NAME vectors3_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors3_ref> | dos2unix > tvecs3") | ||
- add_test(NAME vectors3aes_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors3aes_ref> | dos2unix > tvecs3aes") | ||
- add_test(NAME vectors5_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors5_ref> | dos2unix > tvecs5") | ||
- add_test(NAME vectors5aes_ref COMMAND PowerShell -Command "$<TARGET_FILE:test_vectors5aes_ref> | dos2unix > tvecs5aes") | ||
-else() | ||
- add_test(NAME vectors2_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors2_ref>\" > tvecs2") | ||
- add_test(NAME vectors2aes_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors2aes_ref>\" > tvecs2aes") | ||
- add_test(NAME vectors3_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors3_ref>\" > tvecs3") | ||
- add_test(NAME vectors3aes_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors3aes_ref>\" > tvecs3aes") | ||
- add_test(NAME vectors5_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors5_ref>\" > tvecs5") | ||
- add_test(NAME vectors5aes_ref COMMAND sh -c "\"$<TARGET_FILE:test_vectors5aes_ref>\" > tvecs5aes") | ||
+ | ||
+if(BUILD_TESTING) | ||
+ add_executable(test_dilithium5_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors5_ref ${TEST_VECTORS_SRCS}) | ||
+ add_executable(test_dilithium5aes_ref ${TEST_DILITHIUM_SRCS}) | ||
+ add_executable(test_vectors5aes_ref ${TEST_VECTORS_SRCS}) | ||
+ target_link_libraries(test_dilithium5_ref dilithium5_ref) | ||
+ target_link_libraries(test_vectors5_ref dilithium5_ref) | ||
+ target_link_libraries(test_dilithium5aes_ref dilithium5aes_ref) | ||
+ target_link_libraries(test_vectors5aes_ref dilithium5aes_ref) | ||
+ | ||
+ add_test(NAME dilithium5_ref COMMAND test_dilithium5_ref) | ||
+ add_test(NAME dilithium5aes_ref COMMAND test_dilithium5aes_ref) | ||
+endif() | ||
+ | ||
+ | ||
+# Vector Tests | ||
+if(BUILD_TESTING) | ||
+ if(WIN32) | ||
+ add_test(NAME vectors2_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors2_ref> | dos2unix > tvecs2") | ||
+ add_test( | ||
+ NAME vectors2aes_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors2aes_ref> | dos2unix > tvecs2aes") | ||
+ add_test(NAME vectors3_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors3_ref> | dos2unix > tvecs3") | ||
+ add_test( | ||
+ NAME vectors3aes_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors3aes_ref> | dos2unix > tvecs3aes") | ||
+ add_test(NAME vectors5_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors5_ref> | dos2unix > tvecs5") | ||
+ add_test( | ||
+ NAME vectors5aes_ref | ||
+ COMMAND PowerShell -Command | ||
+ "$<TARGET_FILE:test_vectors5aes_ref> | dos2unix > tvecs5aes") | ||
+ else() | ||
+ add_test(NAME vectors2_ref | ||
+ COMMAND sh -c "\"$<TARGET_FILE:test_vectors2_ref>\" > tvecs2") | ||
+ add_test(NAME vectors2aes_ref | ||
+ COMMAND sh -c | ||
+ "\"$<TARGET_FILE:test_vectors2aes_ref>\" > tvecs2aes") | ||
+ add_test(NAME vectors3_ref | ||
+ COMMAND sh -c "\"$<TARGET_FILE:test_vectors3_ref>\" > tvecs3") | ||
+ add_test(NAME vectors3aes_ref | ||
+ COMMAND sh -c | ||
+ "\"$<TARGET_FILE:test_vectors3aes_ref>\" > tvecs3aes") | ||
+ add_test(NAME vectors5_ref | ||
+ COMMAND sh -c "\"$<TARGET_FILE:test_vectors5_ref>\" > tvecs5") | ||
+ add_test(NAME vectors5aes_ref | ||
+ COMMAND sh -c | ||
+ "\"$<TARGET_FILE:test_vectors5aes_ref>\" > tvecs5aes") | ||
+ endif() | ||
+ | ||
+ add_test(NAME hashes COMMAND sha256sum -c ../../SHA256SUMS) | ||
endif() | ||
|
||
-add_test(NAME hashes COMMAND sha256sum -c ../../SHA256SUMS) | ||
-- | ||
2.38.1 | ||
|
33 changes: 33 additions & 0 deletions
33
...eature-support/dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
From 8855c95176ccf5086aa21d2eaa9815f4426e3385 Mon Sep 17 00:00:00 2001 | ||
From: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> | ||
Date: Tue, 13 Dec 2022 14:55:26 +0100 | ||
Subject: [PATCH 2/8] CMakeLists.txt: Enable parallel test execution | ||
|
||
The last test depends on the execution of the previos test_vector* | ||
tests as these tests create data, which is hashed and compared to an existing | ||
hash value. | ||
|
||
This change adds a dependency for hashes on the test_vector* tests, so that the | ||
test hashes is executed after all of these test_vector tests have been | ||
successfully executed. | ||
--- | ||
ref/CMakeLists.txt | 4 ++++ | ||
1 file changed, 4 insertions(+) | ||
|
||
diff --git a/ref/CMakeLists.txt b/ref/CMakeLists.txt | ||
index c246b1e..9c30fa4 100644 | ||
--- a/ref/CMakeLists.txt | ||
+++ b/ref/CMakeLists.txt | ||
@@ -129,5 +129,9 @@ if(BUILD_TESTING) | ||
endif() | ||
|
||
add_test(NAME hashes COMMAND sha256sum -c ../../SHA256SUMS) | ||
+ set_tests_properties( | ||
+ vectors2_ref vectors2aes_ref vectors3_ref vectors3aes_ref vectors5_ref | ||
+ vectors5aes_ref PROPERTIES FIXTURES_SETUP createVectorFiles) | ||
+ set_tests_properties(hashes PROPERTIES FIXTURES_REQUIRED createVectorFiles) | ||
endif() | ||
|
||
-- | ||
2.38.1 | ||
|
Oops, something went wrong.