Skip to content

Commit d60a1e4

Browse files
antoinelochetantoinelochet
committed
Added support for ML-DSA in softhsm2-util
1 parent 1b61bb0 commit d60a1e4

18 files changed

Lines changed: 607 additions & 60 deletions

.github/workflows/ci.yml

Lines changed: 44 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -143,35 +143,70 @@ jobs:
143143
make check || (find . -name test-suite.log -exec cat {} \; && false)
144144
145145
windows:
146-
name: Windows (${{ matrix.arch }}, ${{ matrix.backend }})
146+
name: Windows (${{ matrix.arch }}, ${{ matrix.backend }}, OpenSSL ${{ matrix.ossl-version }})
147147
runs-on: windows-2022
148148
strategy:
149149
fail-fast: false
150150
matrix:
151151
include:
152+
# OpenSSL 1.1.1n variants (+ Botan 2.19.3)
152153
- arch: x64
153154
backend: openssl
154155
target-platform: x64
155-
build-options:
156+
ossl-version: "1.1.1n"
157+
botan-version: ""
158+
build-options: ""
156159
- arch: x64
157160
backend: botan
158161
target-platform: x64
159-
build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
162+
ossl-version: "1.1.1n"
163+
botan-version: "2.19.3"
164+
build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
160165
- arch: x86
161166
backend: openssl
162167
target-platform: Win32
163-
build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
168+
ossl-version: "1.1.1n"
169+
botan-version: ""
170+
build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
171+
# OpenSSL 3.4.1
172+
- arch: x64
173+
backend: openssl
174+
target-platform: x64
175+
ossl-version: "3.4.1"
176+
botan-version: ""
177+
build-options: ""
178+
- arch: x86
179+
backend: openssl
180+
target-platform: Win32
181+
ossl-version: "3.4.1"
182+
botan-version: ""
183+
build-options: "-DENABLE_ECC=OFF -DENABLE_EDDSA=OFF"
184+
# OpenSSL 3.5.4 + ML-DSA (x64 only — 32-bit runner limitation)
185+
- arch: x64
186+
backend: openssl
187+
target-platform: x64
188+
ossl-version: "3.5.4"
189+
botan-version: ""
190+
build-options: "-DENABLE_MLDSA=ON"
164191
steps:
165192
- uses: actions/checkout@v4
166193
- uses: ilammy/msvc-dev-cmd@v1
167194
with:
168195
arch: ${{ matrix.arch }}
169196
- name: Create vcpkg.json
170-
run: >
171-
echo '{ "dependencies": [ "openssl", "botan", "cppunit" ],
172-
"overrides": [ { "name": "openssl", "version-string": "1.1.1n" },
173-
{ "name": "botan", "version-string": "2.19.3" } ],
174-
"builtin-baseline": "38d1652f152d36481f2f4e8a85c0f1e14f3769f7" }' > vcpkg.json
197+
shell: pwsh
198+
run: |
199+
$deps = @("openssl", "cppunit")
200+
$overrides = @(@{ name = "openssl"; "version-string" = "${{ matrix.ossl-version }}" })
201+
if ("${{ matrix.backend }}" -eq "botan") {
202+
$deps += "botan"
203+
$overrides += @{ name = "botan"; "version-string" = "${{ matrix.botan-version }}" }
204+
}
205+
[ordered]@{
206+
dependencies = $deps
207+
overrides = $overrides
208+
"builtin-baseline" = "38d1652f152d36481f2f4e8a85c0f1e14f3769f7"
209+
} | ConvertTo-Json -Depth 5 | Out-File vcpkg.json -Encoding utf8
175210
- uses: seanmiddleditch/vcpkg-action@master
176211
id: vcpkg
177212
with:

.gitignore

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,5 +81,5 @@ src/lib/test/softhsm2-reset-on-fork.conf
8181
src/lib/test/softhsm2-mech.conf
8282
src/lib/test/softhsm2-negative-mech.conf
8383
src/lib/test/softhsm2.conf
84-
src/lib/test/tokens/64d6c3fe-1575-1736-1d26-5ccb28440ea7/
85-
src/lib/test/tokens/dummy
84+
src/lib/test/tokens
85+
src/bin/util/test/tokens

cmake/modules/CompilerOptions.cmake

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -370,6 +370,27 @@ elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl")
370370
message(STATUS "OpenSSL: Support for EDDSA is disabled")
371371
endif(ENABLE_EDDSA)
372372

373+
# acx_openssl_mldsa.m4
374+
if(ENABLE_MLDSA)
375+
# ML-DSA
376+
set(testfile ${CMAKE_SOURCE_DIR}/cmake/modules/tests/test_openssl_mldsa.c)
377+
try_run(RUN_MLDSA COMPILE_RESULT
378+
"${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
379+
LINK_LIBRARIES ${CRYPTO_LIBS}
380+
CMAKE_FLAGS
381+
"-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
382+
)
383+
if(COMPILE_RESULT AND RUN_MLDSA EQUAL 0)
384+
set(WITH_ML_DSA 1)
385+
message(STATUS "OpenSSL: Found ML-DSA")
386+
else()
387+
set(error_msg "OpenSSL: Cannot find ML-DSA! OpenSSL library has no ML-DSA support!")
388+
message(FATAL_ERROR ${error_msg})
389+
endif()
390+
else(ENABLE_MLDSA)
391+
message(STATUS "OpenSSL: Support for ML-DSA is disabled")
392+
endif(ENABLE_MLDSA)
393+
373394
# acx_openssl_gost.m4
374395
if(ENABLE_GOST)
375396
set(testfile ${CMAKE_SOURCE_DIR}/cmake/modules/tests/test_openssl_gost.c)

cmake/modules/tests/test_openssl_mldsa.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#include <openssl/evp.h>
2+
#include <openssl/objects.h>
3+
int main()
4+
{
5+
EVP_PKEY_CTX *ctx;
6+
ctx = EVP_PKEY_CTX_new_from_name(NULL, "ML-DSA-44", NULL);
7+
8+
if (ctx == NULL)
9+
return 1;
10+
return 0;
11+
}

configure.ac

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -232,6 +232,7 @@ AC_CONFIG_FILES([
232232
src/bin/keyconv/Makefile
233233
src/bin/migrate/Makefile
234234
src/bin/util/Makefile
235+
src/bin/util/test/Makefile
235236
])
236237

237238
AC_OUTPUT

src/bin/util/CMakeLists.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,3 +43,7 @@ install(TARGETS ${PROJECT_NAME}
4343
install(FILES ${PROJECT_NAME}.1
4444
DESTINATION ${CMAKE_INSTALL_MANDIR}/man1
4545
)
46+
47+
if(BUILD_TESTS)
48+
add_subdirectory(test)
49+
endif(BUILD_TESTS)

src/bin/util/Makefile.am

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ if WITH_BOTAN
3636
softhsm2_util_SOURCES += softhsm2-util-botan.cpp
3737
endif
3838

39+
SUBDIRS = test
40+
3941
EXTRA_DIST = $(srcdir)/CMakeLists.txt \
4042
$(srcdir)/*.h \
4143
$(srcdir)/*.cpp

0 commit comments

Comments
 (0)