Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1910 +/- ##
==========================================
- Coverage 78.51% 78.50% -0.02%
==========================================
Files 585 585
Lines 99681 99681
Branches 14271 14271
==========================================
- Hits 78265 78253 -12
- Misses 20782 20792 +10
- Partials 634 636 +2 ☔ View full report in Codecov by Sentry. |
andrewhop
reviewed
Oct 8, 2024
crypto/dilithium/p_dilithium_test.cc
Outdated
| md_ctx.Reset(); | ||
| } | ||
| static const struct ML_DSA parameterSet[] = { | ||
| {"MLDSA67", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, |
Contributor
There was a problem hiding this comment.
Suggested change
| {"MLDSA67", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, | |
| {"MLDSA65", NID_DILITHIUM3_R3, 1952, 4032, 3309, "dilithium/kat/mldsa65.txt"}, |
crypto/dilithium/p_dilithium_test.cc
Outdated
| // constant DILITHIUM3_SIGNATURE_BYTES. | ||
|
|
||
| std::vector<uint8_t> signature(sig_len); | ||
| //uint8_t signature[sig_len]; |
|
|
||
| EXPECT_TRUE(EVP_PKEY_keygen_init(dilithium_pkey_ctx)); | ||
| EXPECT_TRUE(EVP_PKEY_keygen(dilithium_pkey_ctx, &dilithium_pkey)); | ||
| const DILITHIUM3_KEY *dilithium3Key = (DILITHIUM3_KEY *)(dilithium_pkey->pkey.ptr); //called dilithium3 but is generic |
Contributor
There was a problem hiding this comment.
Renaming everything to ML-DSA lingo at some point?
Contributor
Author
There was a problem hiding this comment.
Yes, will be switching over to ML-DSA lingo in subsequent PRs (including real OIDs). It makes more sense to do this when I add the other 2 parameter sets for ML-DSA, to keep this PR focused on just one addition.
crypto/dilithium/p_dilithium_test.cc
Outdated
| EVP_PKEY *dilithium_pkey = EVP_PKEY_new(); | ||
| ASSERT_NE(dilithium_pkey, nullptr); | ||
|
|
||
| EXPECT_TRUE(EVP_PKEY_keygen_init(dilithium_pkey_ctx)); |
Contributor
There was a problem hiding this comment.
This EXPECT_TRUE and line below should prob be ASSERT_TRUE. Any failure is fatal, but EXPECT_TRUE doesn't cancel.
| The source code was imported from a branch of the official repository of the Crystals-Dilithium team: https://github.com/pq-crystals/dilithium. The code was taken at [commit](https://github.com/pq-crystals/dilithium/commit/cbcd8753a43402885c90343cd6335fb54712cda1) as of 10/01/2024. At the moment, only the reference C implementation is imported. | ||
|
|
||
| The `api.h`, `fips202.h` and `params.h` header files were modified to support our [prefixed symbols build](https://github.com/awslabs/aws-lc/blob/main/BUILDING.md#building-with-prefixed-symbols). | ||
| The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions |
Contributor
There was a problem hiding this comment.
Suggested change
| The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions | |
| The code was refactored in [this PR](https://github.com/aws/aws-lc/pull/1910) by parameterizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of `DILITHIUM_MODE`. To do this, in `params.h` we defined a structure that holds those ML-DSA parameters and functions |
I think...
| sk += K*POLYETA_PACKEDBYTES; | ||
| for(i=0; i < params->k; ++i) | ||
| polyeta_unpack(params, &s2->vec[i], sk + i * params->poly_eta_packed_bytes); | ||
| sk += params->k*params->poly_eta_packed_bytes; |
Contributor
There was a problem hiding this comment.
Suggested change
| sk += params->k*params->poly_eta_packed_bytes; | |
| sk += params->k * params->poly_eta_packed_bytes; |
| sk += L*POLYETA_PACKEDBYTES; | ||
| for(i=0; i < params->l; ++i) | ||
| polyeta_unpack(params, &s1->vec[i], sk + i * params->poly_eta_packed_bytes); | ||
| sk += params->l*params->poly_eta_packed_bytes; |
Contributor
There was a problem hiding this comment.
Suggested change
| sk += params->l*params->poly_eta_packed_bytes; | |
| sk += params->l * params->poly_eta_packed_bytes; |
| sig += L*POLYZ_PACKEDBYTES; | ||
| for(i = 0; i < params->l; ++i) | ||
| polyz_pack(params, sig + i * params->poly_z_packed_bytes, &z->vec[i]); | ||
| sig += params->l*params->poly_z_packed_bytes; |
Contributor
There was a problem hiding this comment.
Suggested change
| sig += params->l*params->poly_z_packed_bytes; | |
| sig += params->l * params->poly_z_packed_bytes; |
| sig += L*POLYZ_PACKEDBYTES; | ||
| for(i = 0; i < params->l; ++i) | ||
| polyz_unpack(params, &z->vec[i], sig + i * params->poly_z_packed_bytes); | ||
| sig += params->l*params->poly_z_packed_bytes; |
Contributor
There was a problem hiding this comment.
Suggested change
| sig += params->l*params->poly_z_packed_bytes; | |
| sig += params->l * params->poly_z_packed_bytes; |
dkostic
approved these changes
Oct 11, 2024
andrewhop
approved these changes
Oct 11, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issues:
CryptoAlg-2724
Description of changes:
Parameterization of ML-DSA
Previous to this change, ML-DSA was implemented such that the code for a parameter set was selected by defining the correct C pre-processor flag (for example, if you want to compile the code for ML-DSA-65 parameter set you would
#define DILITHIUM_MODE 3).The consequence of this was that we had to compile the code three times for three ML-DSA parameter sets. We do this by adding a C file for each parameter set where we first define the corresponding
DILITHIUM_MODEvalue and then include all the ML-DSA C files. Besides being an awkward way to handle multiple parameter sets, this will not work for the FIPS module where we bundle all C files insidebcm.cand compile it as a single compilation unit.In this change we refactor ML-DSA by parametrizing all functions that depend on values that are specific to a parameter set, i.e., that directly or indirectly depend on the value of
DILITHIUM_MODE. To do this, inparams.hwe define a structure that holds those ML-DSA parameters and functions that initialize a given structure with values corresponding to a parameter set. This structure can then be passed to every function that requires it. For example,polyvecl_addfunction was previously implemented as:Is now changed to:
Of course, now we have to change all callers of
polyvecl_addto also haveml_dsa_paramsas an input argument, and then callers of the caller, etc. These changes bubble up to the highest level API defined in sign.h where we now have:Then we can easily implement these functions for specific parameter sets, which can be seen in
sig_dilithium3.cfile. For example:As such, files:
dilithium3r3_ref.capi.hconfig.hare no longer required, and have been removed.
Other Changes
Also modified in this PR are the KAT test framework in
p_dilithium_test.cc. This KAT framework has been modified to support multiple levels of ML-DSA (to be added in a later PR).Call-outs:
See similar changes to ML-KEM in #1763
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.