Skip to content

Support SLH-DSA keys in certs #115212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
May 2, 2025
Merged

Support SLH-DSA keys in certs #115212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d4cd860
Support SLH-DSA keys in certs (pkcs#10, x509, pkcs#12)
PranavSenthilnathan May 1, 2025
cc62201
xml tag typo
PranavSenthilnathan May 1, 2025
b1da126
Introduce IsSlhDsaOid, add PublicKey tests, and other PR feedback
PranavSenthilnathan May 1, 2025
713088a
simplify IsSlhDsaOid
PranavSenthilnathan May 1, 2025
dc52a23
use stackalloc instead of creating new array
PranavSenthilnathan May 2, 2025
f54fce9
Use GetAlgorithmFromOid in IsSlhDsaOid
PranavSenthilnathan May 2, 2025
e33aba1
update CheckCopyWithPrivateKey_SlhDsa test to use fewer algos
PranavSenthilnathan May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,7 @@ internal enum EvpAlgorithmFamilyId
DSA = 2,
ECC = 3,
MLKem = 4,
SlhDsa = 5,
}
}
}
2 changes: 1 addition & 1 deletion src/libraries/Common/src/System/Security/Cryptography/SlhDsaAlgorithm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ private SlhDsaAlgorithm(string name, int n, int signatureSizeInBytes, string oid
/// </value>
public static SlhDsaAlgorithm SlhDsaShake256f { get; } = new SlhDsaAlgorithm("SLH-DSA-SHAKE-256f", 32, 49856, Oids.SlhDsaShake256f);

internal static SlhDsaAlgorithm? GetAlgorithmFromOid(string oid)
internal static SlhDsaAlgorithm? GetAlgorithmFromOid(string? oid)
{
return oid switch
{
Expand Down
8 changes: 4 additions & 4 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.NotSupported.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ internal sealed partial class SlhDsaImplementation : SlhDsa
private SlhDsaImplementation(SlhDsaAlgorithm algorithm) : base(algorithm) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa GenerateKeyCore(SlhDsaAlgorithm algorithm) =>
internal static partial SlhDsaImplementation GenerateKeyCore(SlhDsaAlgorithm algorithm) =>
throw new PlatformNotSupportedException();

// The instance override methods are unreachable, as the constructor will always throw.
Expand All @@ -32,13 +32,13 @@ protected override void ExportSlhDsaSecretKeyCore(Span<byte> destination) =>
protected override bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();
}
}
8 changes: 4 additions & 4 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.Windows.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ internal sealed partial class SlhDsaImplementation : SlhDsa
private SlhDsaImplementation(/* CngKey key, */ SlhDsaAlgorithm algorithm) : base(algorithm) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa GenerateKeyCore(SlhDsaAlgorithm algorithm) =>
internal static partial SlhDsaImplementation GenerateKeyCore(SlhDsaAlgorithm algorithm) =>
throw new PlatformNotSupportedException();

protected override void SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte> context, Span<byte> destination) =>
Expand All @@ -32,13 +32,13 @@ protected override void ExportSlhDsaSecretKeyCore(Span<byte> destination) =>
protected override bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();

internal static partial SlhDsa ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
internal static partial SlhDsaImplementation ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
throw new PlatformNotSupportedException();
}
}
29 changes: 25 additions & 4 deletions src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,30 @@ internal sealed partial class SlhDsaImplementation : SlhDsa
{
internal static partial bool SupportsAny();

internal static partial SlhDsa GenerateKeyCore(SlhDsaAlgorithm algorithm);
internal static partial SlhDsa ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);
internal static partial SlhDsa ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);
internal static partial SlhDsa ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);
internal static partial SlhDsaImplementation GenerateKeyCore(SlhDsaAlgorithm algorithm);
internal static partial SlhDsaImplementation ImportPublicKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);
internal static partial SlhDsaImplementation ImportPkcs8PrivateKeyValue(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);
internal static partial SlhDsaImplementation ImportSecretKey(SlhDsaAlgorithm algorithm, ReadOnlySpan<byte> source);

/// <summary>
/// Duplicates an SLH-DSA private key by export/import.
/// Only intended to be used when the key type is unknown.
/// </summary>
internal static SlhDsaImplementation DuplicatePrivateKey(SlhDsa key)
{
Debug.Assert(key is not SlhDsaImplementation);
Debug.Assert(key.Algorithm.SecretKeySizeInBytes <= 128);

Span<byte> secretKey = (stackalloc byte[128])[..key.Algorithm.SecretKeySizeInBytes];
key.ExportSlhDsaSecretKey(secretKey);
try
{
return ImportSecretKey(key.Algorithm, secretKey);
}
finally
{
CryptographicOperations.ZeroMemory(secretKey);
}
}
}
}
Loading
Loading