Support SLH-DSA keys in certs #115212
Support SLH-DSA keys in certs #115212
Conversation
|
Note regarding the |
1 similar comment
|
Note regarding the |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces SLH-DSA key support in certificate-related APIs to mirror previous implementations for ML-KEM and ML-DSA. Key changes include new public methods for SLH-DSA key extraction and conversion in PublicKey, certificate readers/exporters, and certificate request APIs, as well as necessary updates across platform-specific implementations and helper classes.
Reviewed Changes
Copilot reviewed 39 out of 40 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| PublicKey.cs | Added GetSlhDsaPublicKey() to retrieve the SLH-DSA public key. |
| OpenSslX509CertificateReader.cs | Introduced GetSlhDsaPrivateKey() and CopyWithPrivateKey overloads for SLH-DSA. |
| OpenSslExportProvider.cs | Added export path for SLH-DSA cert export. |
| ICertificatePal.cs | Extended interface with SLH-DSA key retrieval and copy methods. |
| CertificateRevocationListBuilder.Build.cs | Handled multiple SLH-DSA OIDs for signature generation. |
| CertificateRequest.cs | Added new constructors for SLH-DSA keys and adjusted self-signed certificate creation. |
| CertificateRequest.Load.cs | Updated signature verification to include SLH-DSA keys. |
| Platform-specific CertificatePal files | Updated implementations to indicate lack of SLH-DSA support where applicable. |
| SlhDsaImplementation.* | Updated internal SLH-DSA implementation signatures and helper methods. |
| Ref/System.Security.Cryptography.cs | Updated public reference to include SLH-DSA related APIs. |
| Common tests and helpers | Added SLH-DSA related test helpers and updated certificate authority tests. |
| SlhDsaAlgorithm.cs & Interop.EvpPkey.cs | Adjusted algorithm lookup and added enum definition for SLH-DSA. |
Files not reviewed (1)
- src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj: Language not supported
...ecurity.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs
Outdated
Show resolved
Hide resolved
...ecurity.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs
Outdated
Show resolved
Hide resolved
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
.../Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestData.cs
Show resolved
Hide resolved
...ty.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs
Outdated
Show resolved
Hide resolved
...ecurity.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs
Outdated
Show resolved
Hide resolved
.../System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
Outdated
Show resolved
Hide resolved
...yptography/src/System/Security/Cryptography/X509Certificates/SlhDsaX509SignatureGenerator.cs
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Outdated
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Outdated
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Outdated
Show resolved
Hide resolved
...ity.Cryptography/src/System/Security/Cryptography/X509Certificates/X509SignatureGenerator.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/tests/SlhDsaOpenSslTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Helpers.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: Kevin Jones <[email protected]>
src/libraries/Common/src/System/Security/Cryptography/SlhDsaImplementation.cs
Outdated
Show resolved
Hide resolved
.../Common/tests/System/Security/Cryptography/AlgorithmImplementations/SlhDsa/SlhDsaTestData.cs
Show resolved
Hide resolved
...s/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Helpers.cs
Outdated
Show resolved
Hide resolved
| @@ -8,7 +8,7 @@ | |||
|
|
|||
| namespace System.Security.Cryptography.SLHDsa.Tests | |||
| { | |||
| public static class SlhDsaTestData | |||
| public static partial class SlhDsaTestData | |||
There was a problem hiding this comment.
GitHub warning that the other partial segment is too big has me wondering if we're over-testing. E.g. perhaps we should check all algorithms in generate, but we can probably get by with a ladder of "do each size, but alternate between SHAKE and SHA-2 as we go up the ladder".
If our test runtime hasn't grown out of control from this, and we think we're done editing that other segment then it's probably fine.
RSA has way too many options, so we spot check. ML-DSA and ML-KEM have "the biggest, the smallest, and (the only) one from the middle". EC-DSA/EC-DH have a lot of curve options, we mostly spot check. But here we have this "it's small enough that 'everything' is feasible, but large enough that it might be a bad idea".
So, no change immediately requested... but just sharing where my feelings are.
There was a problem hiding this comment.
So, no change immediately requested... but just sharing where my feelings are.
Yeah I kind of weighed this in my head. Part of what made me waffle on this is that, unlike ecPublicKey, each and every SLH-DSA algorithm is a distinct algorithm OID.
There was a problem hiding this comment.
I thought about this during an earlier PR and generally I went with testing everything unless it includes signing. When it has signing then we can just test the 'f' and 2 or 3 of the 's' since 's' + 'SHAKE' is the real time consumer.
I'm wary of typos that could sneak in because all the algos need to be enumerated in the source code (as OIDs generally). But if import and export generally works, then that's enough confidence that we went from OID to the SlhDsa implementation and we don't need to check signing on each one (except the basic signing tests on SlhDsa itself).
That's actually another reason that I included the certs as data instead of generating them at runtime - to avoid the self-signing cost.
...curity.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs
Outdated
Show resolved
Hide resolved
|
The tests seem to be failing quite a lot on my CI runs for PRs: https://dev.azure.com/dnceng-public/public/_build/results?buildId=1032891&view=ms.vss-test-web.build-test-results-tab&runId=27745738&resultId=205103&paneView=dotnet-dnceng.dnceng-anon-build-release-tasks.helix-anon-test-information-tab |
|
@filipnavara This is basically #115156 again except for SLH-DSA. The reason it fails is described in #115162. I opened #115270 to unblock Build Analysis. |
Thanks! I suspected that. |
Implementation mirrors ML-KEM (#114743 and #115100) and ML-DSA (#114471).
Note:
SlhDsaTestData.csnow is very large after adding pem and pfx cert raw data for each algorithm (generated from the OpenSsl CLI). The alternative is to generate these certs in the test itself, but the current approach avoids internal dependencies and allows validation against an external implementation.