Skip to content

PreHash SLH-DSA #115509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jun 9, 2025
+1,549 −20
Merged

PreHash SLH-DSA #115509

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
61f6164
PreHash SLH-DSA
PranavSenthilnathan May 13, 2025
e096e37
Finish up PreHash impl
PranavSenthilnathan May 16, 2025
3e923be
"data" -> "hash" in xmldoc
PranavSenthilnathan May 16, 2025
0f722e7
fix conflict and merge
PranavSenthilnathan May 16, 2025
362109f
Fix build for platforms without openssl 3.5
PranavSenthilnathan May 16, 2025
7745416
Merge branch 'main' of https://github.com/dotnet/runtime into prehash…
PranavSenthilnathan Jun 4, 2025
7ceaaf8
PR feedback
PranavSenthilnathan Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions ...ies/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.SlhDsa.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,58 @@ internal static bool SlhDsaVerifyPure(
}
}

[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaSignPreEncoded(
SafeEvpPKeyHandle pkey, IntPtr extraHandle,
ReadOnlySpan<byte> msg, int msgLength,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tricky thing here is we want to guess "if OSSL adds primary support for Pre-HashSLH-DSA in the future, what will their API look like?". It's not this.

We can leave the function here as SlhDsaSignPreFormatted if we don't feel that we can adequately anticipate if they'd want a string OID, a binary OID, a string algorithm name, a NID, or whatever... but if we had a sense that they were adding something in OSSL 3.6 then we'd want to go ahead and make the shape be right here so we just needed to patch the body to say "if you know how to call this yourself, do it; otherwise we'll call it the preformatted way".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not really sure what OpenSSL will do for this, but the docs say:

Currently OpenSSL does not support the Pre Hash variant as this does not sit well with the OpenSSL API's. The user could do the encoding themselves and then set the settable to not encode the passed in message.

So SlhDsaSignPreEncoded might be appropriate. Their comment also makes it sound like pre-hash might require API changes on their side so it's hard to predict what the final shape will be.

Span<byte> destination, int destinationLength);

internal static void SlhDsaSignPreEncoded(
SafeEvpPKeyHandle pkey,
ReadOnlySpan<byte> msg,
Span<byte> destination)
{
int ret = CryptoNative_SlhDsaSignPreEncoded(
pkey, GetExtraHandle(pkey),
msg, msg.Length,
destination, destination.Length);

if (ret != 1)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
}

[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaVerifyPreEncoded(
SafeEvpPKeyHandle pkey, IntPtr extraHandle,
ReadOnlySpan<byte> msg, int msgLength,
ReadOnlySpan<byte> signature, int signatureLength);

internal static bool SlhDsaVerifyPreEncoded(
SafeEvpPKeyHandle pkey,
ReadOnlySpan<byte> msg,
ReadOnlySpan<byte> signature)
{
int ret = CryptoNative_SlhDsaVerifyPreEncoded(
pkey, GetExtraHandle(pkey),
msg, msg.Length,
signature, signature.Length);

if (ret == 1)
{
return true;
}
else if (ret == 0)
{
return false;
}
else
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
}

[LibraryImport(Libraries.CryptoNative)]
private static partial int CryptoNative_SlhDsaExportSecretKey(SafeEvpPKeyHandle pkey, Span<byte> destination, int destinationLength);

Expand Down
314 changes: 307 additions & 7 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
throw new PlatformNotSupportedException();

protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
throw new PlatformNotSupportedException();

protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
throw new PlatformNotSupportedException();

protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
throw new PlatformNotSupportedException();

Expand Down
6 changes: 6 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature) =>
throw new PlatformNotSupportedException();

protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
throw new PlatformNotSupportedException();

protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
throw new PlatformNotSupportedException();

protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination) =>
throw new PlatformNotSupportedException();

Expand Down
276 changes: 275 additions & 1 deletion ...tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaContractTests.cs
View file
Open in desktop

Large diffs are not rendered by default.

103 changes: 103 additions & 0 deletions .../System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaMockImplementation.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,17 @@ public SlhDsaMockImplementation(SlhDsaAlgorithm algorithm)
public delegate bool TryExportPkcs8PrivateKeyCoreFunc(Span<byte> destination, out int bytesWritten);
public delegate void SignDataCoreAction(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, Span<byte> s);
public delegate bool VerifyDataCoreFunc(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, ReadOnlySpan<byte> signature);
public delegate void SignPreHashCoreAction(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination);
public delegate bool VerifyPreHashCoreFunc(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature);
public delegate void DisposeAction(bool disposing);

public TryExportPkcs8PrivateKeyCoreFunc BaseTryExportPkcs8PrivateKeyCore =>
base.TryExportPkcs8PrivateKeyCore;

public int VerifyDataCoreCallCount = 0;
public int SignDataCoreCallCount = 0;
public int VerifyPreHashCoreCallCount = 0;
public int SignPreHashCoreCallCount = 0;
public int ExportSlhDsaPublicKeyCoreCallCount = 0;
public int ExportSlhDsaSecretKeyCoreCallCount = 0;
public int TryExportPkcs8PrivateKeyCoreCallCount = 0;
Expand All @@ -47,6 +51,8 @@ public SlhDsaMockImplementation(SlhDsaAlgorithm algorithm)
(_, out bytesWritten) => { Assert.Fail(); bytesWritten = 0; return false; };
public SignDataCoreAction SignDataCoreHook { get; set; } = (_, _, _) => Assert.Fail();
public VerifyDataCoreFunc VerifyDataCoreHook { get; set; } = (_, _, _) => { Assert.Fail(); return false; };
public SignPreHashCoreAction SignPreHashCoreHook { get; set; } = (_, _, _, _) => Assert.Fail();
public VerifyPreHashCoreFunc VerifyPreHashCoreHook { get; set; } = (_, _, _, _) => { Assert.Fail(); return false; };
public DisposeAction DisposeHook { get; set; } = _ => { };

protected override void ExportSlhDsaPublicKeyCore(Span<byte> destination)
Expand Down Expand Up @@ -85,6 +91,18 @@ protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byt
return VerifyDataCoreHook(data, context, signature);
}

protected override void SignPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination)
{
SignPreHashCoreCallCount++;
SignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
}

protected override bool VerifyPreHashCore(ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature)
{
VerifyPreHashCoreCallCount++;
return VerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
}

public void AddLengthAssertion()
{
ExportSlhDsaPublicKeyCoreAction oldExportSlhDsaPublicKeyCoreHook = ExportSlhDsaPublicKeyCoreHook;
Expand Down Expand Up @@ -115,6 +133,21 @@ public void AddLengthAssertion()
Assert.Equal(Algorithm.SignatureSizeInBytes, signature.Length);
return ret;
};

SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignDataCoreHook(hash, context, destination);
Assert.Equal(Algorithm.SignatureSizeInBytes, destination.Length);
};

VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
{
bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
Assert.Equal(Algorithm.SignatureSizeInBytes, signature.Length);
return ret;
};
}

public void AddDestinationBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
Expand All @@ -140,6 +173,13 @@ public void AddDestinationBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
AssertExtensions.Same(buffer.Span, destination);
};

SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
AssertExtensions.Same(buffer.Span, destination);
};

TryExportPkcs8PrivateKeyCoreFunc oldTryExportPkcs8PrivateKeyCoreHook = TryExportPkcs8PrivateKeyCoreHook;
TryExportPkcs8PrivateKeyCoreHook = (Span<byte> destination, out int bytesWritten) =>
{
Expand All @@ -165,6 +205,21 @@ public void AddContextBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
AssertExtensions.Same(buffer.Span, context);
return ret;
};

SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
AssertExtensions.Same(buffer.Span, context);
};

VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
{
bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
AssertExtensions.Same(buffer.Span, context);
return ret;
};
}

public void AddSignatureBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
Expand All @@ -176,6 +231,14 @@ public void AddSignatureBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
AssertExtensions.Same(buffer.Span, signature);
return ret;
};

VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
{
bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
AssertExtensions.Same(buffer.Span, signature);
return ret;
};
}

public void AddDataBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
Expand All @@ -194,6 +257,39 @@ public void AddDataBufferIsSameAssertion(ReadOnlyMemory<byte> buffer)
AssertExtensions.Same(buffer.Span, data);
return ret;
};

SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
AssertExtensions.Same(buffer.Span, hash);
};

VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
{
bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
AssertExtensions.Same(buffer.Span, hash);
return ret;
};
}

public void AddHashAlgorithmIsSameAssertion(ReadOnlyMemory<char> buffer)
{
SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
AssertExtensions.Same(buffer.Span, hashAlgorithmOid);
};

VerifyPreHashCoreFunc oldVerifyPreHashCoreHook = VerifyPreHashCoreHook;
VerifyPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, ReadOnlySpan<byte> signature) =>
{
bool ret = oldVerifyPreHashCoreHook(hash, context, hashAlgorithmOid, signature);
AssertExtensions.Same(buffer.Span, hashAlgorithmOid);
return ret;
};
}

public void AddFillDestination(byte b)
Expand All @@ -219,6 +315,13 @@ public void AddFillDestination(byte b)
destination.Fill(b);
};

SignPreHashCoreAction oldSignPreHashCoreHook = SignPreHashCoreHook;
SignPreHashCoreHook = (ReadOnlySpan<byte> hash, ReadOnlySpan<byte> context, string hashAlgorithmOid, Span<byte> destination) =>
{
oldSignPreHashCoreHook(hash, context, hashAlgorithmOid, destination);
destination.Fill(b);
};

TryExportPkcs8PrivateKeyCoreFunc oldTryExportPkcs8PrivateKeyCoreHook = TryExportPkcs8PrivateKeyCoreHook;
TryExportPkcs8PrivateKeyCoreHook = (Span<byte> destination, out int bytesWritten) =>
{
Expand Down
303 changes: 300 additions & 3 deletions ...mmon/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestData.cs
View file
Open in desktop

Large diffs are not rendered by default.

16 changes: 16 additions & 0 deletions ...n/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestHelpers.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ internal static void VerifyDisposed(SlhDsa slhDsa)
Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyData(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), ReadOnlySpan<byte>.Empty));
Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyData(Array.Empty<byte>(), tempBuffer, Array.Empty<byte>()));

Assert.Throws<ObjectDisposedException>(() => slhDsa.SignPreHash(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), "1.0", ReadOnlySpan<byte>.Empty));
Assert.Throws<ObjectDisposedException>(() => slhDsa.SignPreHash(Array.Empty<byte>(), "1.0"));
Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyPreHash(ReadOnlySpan<byte>.Empty, tempBuffer.AsSpan(), "1.0", ReadOnlySpan<byte>.Empty));
Assert.Throws<ObjectDisposedException>(() => slhDsa.VerifyPreHash(Array.Empty<byte>(), tempBuffer.AsSpan(), "1.0", Array.Empty<byte>()));

Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte>.Empty, pbeParameters));
Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char>.Empty, pbeParameters));
Assert.Throws<ObjectDisposedException>(() => slhDsa.ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte>.Empty, pbeParameters));
Expand Down Expand Up @@ -386,5 +391,16 @@ internal static byte[] DoTryUntilDone(TryExportFunc func)
_ => null,
};
}

internal const string Md5Oid = "1.2.840.113549.2.5";
internal const string Sha1Oid = "1.3.14.3.2.26";
internal const string Sha256Oid = "2.16.840.1.101.3.4.2.1";
internal const string Sha384Oid = "2.16.840.1.101.3.4.2.2";
internal const string Sha512Oid = "2.16.840.1.101.3.4.2.3";
internal const string Sha3_256Oid = "2.16.840.1.101.3.4.2.8";
internal const string Sha3_384Oid = "2.16.840.1.101.3.4.2.9";
internal const string Sha3_512Oid = "2.16.840.1.101.3.4.2.10";
internal const string Shake128Oid = "2.16.840.1.101.3.4.2.11";
internal const string Shake256Oid = "2.16.840.1.101.3.4.2.12";
}
}
Loading
Loading