Added support for ML-DSA in softhsm2-util

Added missing ML-DSA cmake compiler option

Author: antoinelochet

cmake/modules/CompilerOptions.cmake

@@ -370,6 +370,14 @@ elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl")
         message(STATUS "OpenSSL: Support for EDDSA is disabled")
     endif(ENABLE_EDDSA)
 
+    # acx_openssl_mldsa.m4
+    if(ENABLE_MLDSA)
+        set(WITH_ML_DSA 1)
+        message(STATUS "OpenSSL: ML-DSA support enabled")
+    else(ENABLE_MLDSA)
+        message(STATUS "OpenSSL: Support for ML-DSA is disabled")
+    endif(ENABLE_MLDSA)
+
     # acx_openssl_gost.m4
     if(ENABLE_GOST)
         set(testfile ${CMAKE_SOURCE_DIR}/cmake/modules/tests/test_openssl_gost.c)

src/bin/util/softhsm2-util-ossl.cpp

@@ -152,36 +152,66 @@ int crypto_import_key_pair
 #ifdef WITH_EDDSA
 	EVP_PKEY* eddsa = NULL;
 #endif
+#ifdef WITH_ML_DSA
+	EVP_PKEY* mldsa = NULL;
+#endif
 
-	switch (EVP_PKEY_type(EVP_PKEY_id(pkey)))
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	int keyType = EVP_PKEY_get_id(pkey);
+	if (keyType != EVP_PKEY_KEYMGMT) 
 	{
-		case EVP_PKEY_RSA:
-		case EVP_PKEY_RSA_PSS:
-			rsa = EVP_PKEY_get1_RSA(pkey);
-			break;
-		case EVP_PKEY_DSA:
-			dsa = EVP_PKEY_get1_DSA(pkey);
-			break;
-#ifdef WITH_ECC
-		case EVP_PKEY_EC:
-			ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
-			break;
+		switch (keyType)
+#else
+	switch (EVP_PKEY_type(EVP_PKEY_id(pkey)))
 #endif
-#ifdef WITH_EDDSA
-		case NID_X25519:
-		case NID_ED25519:
-		case NID_X448:
-		case NID_ED448:
+	
+		{
+			case EVP_PKEY_RSA:
+			case EVP_PKEY_RSA_PSS:
+				rsa = EVP_PKEY_get1_RSA(pkey);
+				break;
+			case EVP_PKEY_DSA:
+				dsa = EVP_PKEY_get1_DSA(pkey);
+				break;
+	#ifdef WITH_ECC
+			case EVP_PKEY_EC:
+				ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
+				break;
+	#endif
+	#ifdef WITH_EDDSA
+			case NID_X25519:
+			case NID_ED25519:
+			case NID_X448:
+			case NID_ED448:
+				EVP_PKEY_up_ref(pkey);
+				eddsa = pkey;
+				break;
+	#endif
+			default:
+				fprintf(stderr, "ERROR: Cannot handle this algorithm.\n");
+				EVP_PKEY_free(pkey);
+				return 1;
+				break;
+		}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	} else {
+		// Provider Keys management
+		#ifdef WITH_ML_DSA
+			size_t seed_len;
+			int rv = EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ML_DSA_SEED,
+										NULL, 0, &seed_len);
+
+			if(!rv) {
+				fprintf(stderr, "ERROR: Could not get OSSL_PKEY_PARAM_ML_DSA_SEED size, rv: %d\n", rv);
+				EVP_PKEY_free(pkey);
+				return NULL;
+			}
 			EVP_PKEY_up_ref(pkey);
-			eddsa = pkey;
-			break;
-#endif
-		default:
-			fprintf(stderr, "ERROR: Cannot handle this algorithm.\n");
-			EVP_PKEY_free(pkey);
-			return 1;
-			break;
+			mldsa = pkey;
+		#endif
+		
 	}
+#endif
 	EVP_PKEY_free(pkey);
 
 	int result = 0;
@@ -209,6 +239,13 @@ int crypto_import_key_pair
 		result = crypto_save_eddsa(hSession, label, objID, objIDLen, noPublicKey, eddsa);
 		EVP_PKEY_free(eddsa);
 	}
+#endif
+#ifdef WITH_ML_DSA
+	else if (mldsa)
+	{
+		result = crypto_save_mldsa(hSession, label, objID, objIDLen, noPublicKey, mldsa);
+		EVP_PKEY_free(mldsa);
+	}
 #endif
 	else
 	{
@@ -409,7 +446,7 @@ EVP_PKEY* crypto_read_file(char* filePath, char* filePIN)
 		if (!p8inf)
 		{
 			fprintf(stderr, "ERROR: Could not read the PKCS#8 file. "
-					"Maybe it is encypted (--file-pin <PIN>)\n");
+					"Maybe it is encypted (--file-pin <PIN>)\nError code: %");
 			return NULL;
 		}
 	}
@@ -1139,3 +1176,198 @@ void crypto_free_eddsa(eddsa_key_material_t* keyMat)
 }
 
 #endif
+
+#ifdef WITH_ML_DSA
+
+// Save the key data in PKCS#11
+int crypto_save_mldsa
+(
+	CK_SESSION_HANDLE hSession,
+	char* label,
+	char* objID,
+	size_t objIDLen,
+	int noPublicKey,
+	EVP_PKEY* mldsa
+)
+{
+	mldsa_key_material_t* keyMat = crypto_malloc_mldsa(mldsa);
+	if (keyMat == NULL)
+	{
+		fprintf(stderr, "ERROR: Could not convert the key material to binary information.\n");
+		return 1;
+	}
+
+	CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY, privClass = CKO_PRIVATE_KEY;
+	CK_KEY_TYPE keyType = CKK_ML_DSA;
+	CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE, ckToken = CK_TRUE;
+	if (noPublicKey)
+	{
+		ckToken = CK_FALSE;
+	}
+	CK_ATTRIBUTE pubTemplate[] = {
+		{ CKA_CLASS,          &pubClass,               sizeof(pubClass) },
+		{ CKA_KEY_TYPE,       &keyType,                sizeof(keyType) },
+		{ CKA_LABEL,          label,                   strlen(label) },
+		{ CKA_ID,             objID,                   objIDLen },
+		{ CKA_TOKEN,          &ckToken,                sizeof(ckToken) },
+		{ CKA_VERIFY,         &ckTrue,                 sizeof(ckTrue) },
+		{ CKA_ENCRYPT,        &ckFalse,                sizeof(ckFalse) },
+		{ CKA_WRAP,           &ckFalse,                sizeof(ckFalse) },
+		{ CKA_PARAMETER_SET,  &keyMat->parameterSet,    sizeof(CK_ULONG) },
+		{ CKA_VALUE,          keyMat->pubValue,        keyMat->sizePubValue },
+	};
+	CK_ATTRIBUTE privTemplate[] = {
+		{ CKA_CLASS,          &privClass,        sizeof(privClass) },
+		{ CKA_KEY_TYPE,       &keyType,          sizeof(keyType) },
+		{ CKA_LABEL,          label,             strlen(label) },
+		{ CKA_ID,             objID,             objIDLen },
+		{ CKA_SIGN,           &ckTrue,           sizeof(ckTrue) },
+		{ CKA_DECRYPT,        &ckFalse,          sizeof(ckFalse) },
+		{ CKA_UNWRAP,         &ckFalse,          sizeof(ckFalse) },
+		{ CKA_SENSITIVE,      &ckTrue,           sizeof(ckTrue) },
+		{ CKA_TOKEN,          &ckTrue,           sizeof(ckTrue) },
+		{ CKA_PRIVATE,        &ckTrue,           sizeof(ckTrue) },
+		{ CKA_EXTRACTABLE,    &ckFalse,          sizeof(ckFalse) },
+		{ CKA_PARAMETER_SET,  &keyMat->parameterSet,    sizeof(CK_ULONG) },
+		{ CKA_SEED,           keyMat->seed,            keyMat->sizeSeed },
+		{ CKA_VALUE,          keyMat->privValue,       keyMat->sizePrivValue },
+	};
+
+	CK_OBJECT_HANDLE hKey1, hKey2;
+	CK_RV rv = p11->C_CreateObject(hSession, privTemplate, 14, &hKey1);
+	if (rv != CKR_OK)
+	{
+		fprintf(stderr, "ERROR: Could not save the private key in the token. "
+				"Maybe the algorithm is not supported.\n");
+		crypto_free_mldsa(keyMat);
+		return 1;
+	}
+
+	rv = p11->C_CreateObject(hSession, pubTemplate, 10, &hKey2);
+	crypto_free_mldsa(keyMat);
+
+	if (rv != CKR_OK)
+	{
+		p11->C_DestroyObject(hSession, hKey1);
+		fprintf(stderr, "ERROR: Could not save the public key in the token.\n");
+		return 1;
+	}
+
+	printf("The key pair has been imported.\n");
+
+	return 0;
+}
+
+// Convert the OpenSSL key to binary
+#define PUBPREFIXLEN	12
+#define PRIVPREFIXLEN	16
+
+mldsa_key_material_t* crypto_malloc_mldsa(EVP_PKEY* pkey)
+{
+
+	if (pkey == NULL)
+	{
+		return NULL;
+	}
+
+	mldsa_key_material_t* keyMat = (mldsa_key_material_t*)calloc(1, sizeof(mldsa_key_material_t));
+	if (keyMat == NULL)
+	{
+		return NULL;
+	}
+
+	uint8_t seed[32];
+	size_t seed_len;
+	int rv = EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ML_DSA_SEED,
+								seed, sizeof(seed), &seed_len);
+
+	if(!rv) {
+		fprintf(stderr, "ERROR: Could not get ML-DSA seed, rv: %d", rv);
+		memset(seed, 0, sizeof(seed));
+		return NULL;
+	}
+
+	// let's use max priv length
+	uint8_t priv[MLDSAParameters::ML_DSA_87_PRIV_LENGTH];
+	size_t priv_len;
+	rv = EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
+									priv, sizeof(priv), &priv_len);
+	if(!rv) {
+		fprintf(stderr, "ERROR: Could not get ML-DSA private key, rv: %d", rv);
+		memset(seed, 0, sizeof(seed));
+		memset(priv, 0, sizeof(priv));
+		return NULL;
+	}
+
+	if (priv_len != MLDSAParameters::ML_DSA_44_PRIV_LENGTH &&
+	    priv_len != MLDSAParameters::ML_DSA_65_PRIV_LENGTH &&
+	    priv_len != MLDSAParameters::ML_DSA_87_PRIV_LENGTH)
+	{
+		fprintf(stderr, "ERROR: Unsupported ML-DSA private key length: %zu", priv_len);
+		memset(seed, 0, sizeof(seed));
+		memset(priv, 0, sizeof(priv));
+		return NULL;
+	}
+
+	uint8_t pub[MLDSAParameters::ML_DSA_87_PUB_LENGTH];
+    size_t pub_len;
+	rv = EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
+                                    pub, sizeof(pub), &pub_len);
+
+	if(!rv) {
+		fprintf(stderr, "ERROR: Could not get ML-DSA public key, rv: %d", rv);
+		memset(seed, 0, sizeof(seed));
+		memset(priv, 0, sizeof(priv));
+		return NULL;
+	}
+
+	keyMat->sizeSeed = seed_len;
+	keyMat->sizePrivValue = priv_len;
+	keyMat->sizePubValue = pub_len;
+
+	keyMat->seed = (CK_VOID_PTR)malloc(keyMat->sizeSeed);
+	keyMat->privValue = (CK_VOID_PTR)malloc(keyMat->sizePrivValue);
+	keyMat->pubValue = (CK_VOID_PTR)malloc(keyMat->sizePubValue);
+
+	switch (keyMat->sizePrivValue)
+	{
+		case MLDSAParameters::ML_DSA_44_PRIV_LENGTH:
+			keyMat->parameterSet = MLDSAParameters::ML_DSA_44_PARAMETER_SET;
+			break;
+		
+		case MLDSAParameters::ML_DSA_65_PRIV_LENGTH:
+			keyMat->parameterSet = MLDSAParameters::ML_DSA_65_PARAMETER_SET;
+			break;
+		
+		case MLDSAParameters::ML_DSA_87_PRIV_LENGTH:
+			keyMat->parameterSet = MLDSAParameters::ML_DSA_87_PARAMETER_SET;
+			break;
+		
+		default:
+			break;
+	}
+
+	memcpy(keyMat->seed, seed, keyMat->sizeSeed);
+	memcpy(keyMat->privValue, priv, keyMat->sizePrivValue);
+	memcpy(keyMat->pubValue, pub, keyMat->sizePubValue);
+
+	if (!keyMat->parameterSet || !keyMat->seed || !keyMat->privValue || !keyMat->pubValue)
+	{
+		crypto_free_mldsa(keyMat);
+		return NULL;
+	}
+
+	return keyMat;
+}
+
+// Free the memory of the key
+void crypto_free_mldsa(mldsa_key_material_t* keyMat)
+{
+	if (keyMat == NULL) return;
+	if (keyMat->seed) free(keyMat->seed);
+	if (keyMat->privValue) free(keyMat->privValue);
+	if (keyMat->pubValue) free(keyMat->pubValue);
+	free(keyMat);
+}
+
+#endif

src/bin/util/softhsm2-util-ossl.h

@@ -38,9 +38,13 @@
 #ifdef WITH_ECC
 #include <openssl/ec.h>
 #endif
-#ifdef WITH_EDDSA
+#if defined(WITH_EDDSA) || defined(WITH_ML_DSA)
 #include <openssl/evp.h>
 #endif
+#ifdef WITH_ML_DSA
+#include <openssl/core_names.h>
+#include <src/lib/crypto/MLDSAParameters.h>
+#endif
 
 typedef struct rsa_key_material_t {
 	CK_ULONG sizeE;
@@ -142,6 +146,27 @@ typedef struct eddsa_key_material_t {
 } eddsa_key_material_t;
 #endif
 
+#ifdef WITH_ML_DSA
+typedef struct mldsa_key_material_t {
+	CK_ULONG sizeSeed;
+	CK_ULONG sizePrivValue;
+	CK_ULONG sizePubValue;
+	CK_ULONG parameterSet;
+	CK_VOID_PTR seed;
+	CK_VOID_PTR privValue;
+	CK_VOID_PTR pubValue;
+	mldsa_key_material_t() {
+		sizeSeed = 0;
+		sizePrivValue = 0;
+		sizePubValue = 0;
+		parameterSet = 0;
+		seed = NULL_PTR;
+		privValue = NULL_PTR;
+		pubValue = NULL_PTR;
+	}
+} mldsa_key_material_t;
+#endif
+
 EVP_PKEY* crypto_read_file(char* filePath, char* filePIN);
 
 // RSA
@@ -168,4 +193,11 @@ eddsa_key_material_t* crypto_malloc_eddsa(EVP_PKEY* eddsa);
 void crypto_free_eddsa(eddsa_key_material_t* keyMat);
 #endif
 
+#ifdef WITH_ML_DSA
+// MLDSA
+int crypto_save_mldsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, EVP_PKEY* mldsa);
+mldsa_key_material_t* crypto_malloc_mldsa(EVP_PKEY* mldsa);
+void crypto_free_mldsa(mldsa_key_material_t* keyMat);
+#endif
+
 #endif // !_SOFTHSM_V2_SOFTHSM2_UTIL_OSSL_H