Support for new PQ algorithms in OpenSSL #883
Comments
|
Let me know if you have any issues. |
|
Thank you for the info! And great timing, I was starting to look at this today. Will share any updates here. Andrew |
|
Note that openssl/openssl#26839 is not merged yet for SLH-DSA, but should be merged later today |
|
Note ML-KEM, ML-DSA and SLH-DSA all made it into the OpenSSL-3.5 alpha release and will be in OpenSSL-3.5 itself. |
|
For anyone paying attention to this issue, I have some informational updates. I'm using 2.2.0 with OpenSSL 3.5.0-alpha. I have ML-KEM working for all 3 modes, for all 3 paramSets, using modified code from the built-in tests. I think I've covered all of OpenSSL's capabilities, and I believe all the options in the ACVP spec are accounted for. This looks like a complete implementation. I have ML-DSA working for KeyGen (only) with all 3 ParamSets. There appear to be significant parts missing for SigGen and SigVer, both capabilities and test data handling. I again used modified code from the built-in tests. Looking at the ACVP spec, there is a fair amount of work to do for handling required options. I haven't looked at LMS yet, so nothing to add yet. Is there anyone currently working on ML-DSA? Can I help? Randy |
|
Hi all, I have most of the uplift work done here on the library side and am getting there on the 3.5.0 application side. I should have it all ready in the 2.2.0 branch within a week or two. Some other work required my attention recently but I am prioritizing this work next week. Thank you for your patience! Andrew |
|
Hi all, The ML-DSA functionality uplift is complete for the 2.2.0 throttle branch. The 2.2.0 throttle branch should currently work testing ML-DSA and ML-KEM. I am working on SLH-DSA uplift now. If you see any issues with the capabilities or testing, please let me know. In the meantime, the other item for OpenSSL 3.5.0 support is to check if there are any other registration changes needed and add them. If anyone sees any non-PQC related changes needed to test OpenSSL 3.5.0's full range of capabilities, please open an issue (or a PR). Thank you! Andrew |
The next release of OpenSSL (3.5) will include support for ML-KEM, ML-DSA and SLH-DSA.
The changes are all back in master currently, so they can be tested.
Fixed ACVP testing has been done using evp_test, so there should be relatively straight forward to implement.
evp_test.c has tests for : keygen, and encap/decap or siggen/sigver.
There are files for:
evppkey_ml_kem*.txt
evppkey_ml_dsa*.txt
evppkey_slh_dsa*.txt
e.g.
The documentation can be found in:
Algorithm Names:
doc/man7/OSSL_PROVIDER-FIPS.pod
doc/man7/EVP_PKEY-ML-KEM.pod
doc/man7/EVP_KEM-ML-KEM.pod
doc/man7/EVP_PKEY-ML-DSA.pod
doc/man7/EVP_SIGNATURE-ML-DSA.pod
doc/man7/EVP_PKEY-SLH-DSA.pod
doc/man7/EVP_SIGNATURE-SLH-DSA.pod
The text was updated successfully, but these errors were encountered: