Add unstable support for ML-DSA algorithms

Author: djc

.github/workflows/ci.yml

@@ -27,12 +27,15 @@ jobs:
               with:
                   components: clippy, rustfmt
             - run: cargo fmt -- --check
-            - run: cargo clippy --all-features --all-targets
+            # `fips` and `aws_lc_rs_unstable` cannot be used together, so avoid `--all-features`
+            - run: cargo clippy --features ring,pem,x509-parser --all-targets
             # rustls-cert-gen require either aws_lc_rs or ring feature
             - run: cargo clippy -p rcgen --no-default-features --all-targets
             - run: cargo clippy --no-default-features --features ring --all-targets
             - run: cargo clippy --no-default-features --features aws_lc_rs --all-targets
+            - run: cargo clippy --no-default-features --features aws_lc_rs_unstable --all-targets
             - run: cargo clippy --no-default-features --features aws_lc_rs,pem --all-targets
+            - run: cargo clippy --no-default-features --features fips --all-targets
 
     rustdoc:
         name: Documentation
@@ -49,8 +52,16 @@ jobs:
               uses: dtolnay/rust-toolchain@master
               with:
                   toolchain: ${{ matrix.toolchain }}
-            - name: cargo doc (all features)
-              run: cargo doc --all-features --document-private-items
+            - name: cargo doc (ring)
+              run: cargo doc --ring,pem,x509-parser --document-private-items
+              env:
+                  RUSTDOCFLAGS: ${{ matrix.toolchain == 'nightly' && '-Dwarnings --cfg=docsrs' || '-Dwarnings' }}
+            - name: cargo doc (aws_lc_rs_unstable)
+              run: cargo doc --features aws_lc_rs_unstable,pem,x509-parser --document-private-items
+              env:
+                  RUSTDOCFLAGS: ${{ matrix.toolchain == 'nightly' && '-Dwarnings --cfg=docsrs' || '-Dwarnings' }}
+            - name: cargo doc (fips)
+              run: cargo doc --no-default-features --features fips --document-private-items
               env:
                   RUSTDOCFLAGS: ${{ matrix.toolchain == 'nightly' && '-Dwarnings --cfg=docsrs' || '-Dwarnings' }}
 
@@ -70,7 +81,10 @@ jobs:
             - run: cargo install --locked cargo-check-external-types
             - name: run cargo-check-external-types for rcgen/
               working-directory: rcgen/
-              run: cargo check-external-types --all-features
+              run: cargo check-external-types --features ring,pem,x509-parser
+            - name: run cargo-check-external-types for rcgen/
+              working-directory: rcgen/
+              run: cargo check-external-types --features aws_lc_rs_unstable,pem,x509-parser
 
     semver:
         name: Check semver compatibility
@@ -94,7 +108,9 @@ jobs:
             - uses: dtolnay/rust-toolchain@master
               with:
                   toolchain: 1.71.0
-            - run: cargo check --locked --lib --all-features
+            - run: cargo check --locked --lib --features ring,pem,x509-parser
+            - run: cargo check --locked --lib --features aws_lc_rs_unstable
+            - run: cargo check --locked --lib --features fips
 
     build-windows:
         runs-on: windows-latest
@@ -214,7 +230,7 @@ jobs:
               with:
                   components: llvm-tools
             - name: Measure coverage
-              run: cargo llvm-cov --all-features --lcov --output-path ./lcov.info
+              run: cargo llvm-cov --features ring,pem,x509-parser --lcov --output-path ./lcov.info
             - name: Report to codecov.io
               uses: codecov/codecov-action@v5
               with:

Cargo.lock

@@ -3,7 +3,7 @@ members = ["rcgen", "rustls-cert-gen"]
 resolver = "2"
 
 [workspace.dependencies]
-aws-lc-rs = { version = "1.6.0", default-features = false }
+aws-lc-rs = { version = "1.13.3", default-features = false }
 pem = "3.0.2"
 pki-types = { package = "rustls-pki-types", version = "1.4.1" }
 ring = "0.17"

Cargo.toml

@@ -36,6 +36,7 @@ zeroize = { version = "1.2", optional = true }
 default = ["crypto", "pem", "ring"]
 crypto = []
 aws_lc_rs = ["crypto", "dep:aws-lc-rs", "aws-lc-rs/aws-lc-sys"]
+aws_lc_rs_unstable = ["aws_lc_rs", "aws-lc-rs/unstable"]
 ring = ["crypto", "dep:ring"]
 fips = ["crypto", "dep:aws-lc-rs", "aws-lc-rs/fips"]
 
@@ -52,7 +53,7 @@ allowed_external_types = [
 [dev-dependencies]
 pki-types = { package = "rustls-pki-types", version = "1" }
 x509-parser = { workspace = true, features = ["verify"] }
-rustls-webpki = { version = "0.103", features = ["ring", "std"] }
+rustls-webpki = { version = "0.103.4", features = ["aws-lc-rs-unstable", "ring", "std"] }
 botan = { version = "0.11", features = ["vendored"] }
 ring = { workspace = true }
 

rcgen/Cargo.toml

@@ -27,6 +27,8 @@ use crate::sign_algo::{algo::*, SignAlgo};
 #[cfg(feature = "pem")]
 use crate::ENCODE_CONFIG;
 use crate::{sign_algo::SignatureAlgorithm, Error};
+#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+use aws_lc_rs::unstable::signature::PqdsaKeyPair;
 
 /// A key pair variant
 #[allow(clippy::large_enum_variant)]
@@ -36,6 +38,9 @@ pub(crate) enum KeyPairKind {
 	Ec(EcdsaKeyPair),
 	/// A Ed25519 key pair
 	Ed(Ed25519KeyPair),
+	/// A Pqdsa key pair
+	#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+	Pq(PqdsaKeyPair),
 	/// A RSA key pair
 	Rsa(RsaKeyPair, &'static dyn RsaEncoding),
 }
@@ -46,6 +51,8 @@ impl fmt::Debug for KeyPairKind {
 		match self {
 			Self::Ec(key_pair) => write!(f, "{key_pair:?}"),
 			Self::Ed(key_pair) => write!(f, "{key_pair:?}"),
+			#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+			Self::Pq(key_pair) => write!(f, "{key_pair:?}"),
 			Self::Rsa(key_pair, _) => write!(f, "{key_pair:?}"),
 		}
 	}
@@ -117,6 +124,17 @@ impl KeyPair {
 					serialized_der: key_pair_serialized,
 				})
 			},
+			#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+			SignAlgo::PqDsa(sign_alg) => {
+				let key_pair = PqdsaKeyPair::generate(sign_alg)._err()?;
+				let key_pair_serialized = key_pair.to_pkcs8()._err()?.as_ref().to_vec();
+
+				Ok(KeyPair {
+					kind: KeyPairKind::Pq(key_pair),
+					alg,
+					serialized_der: key_pair_serialized,
+				})
+			},
 			#[cfg(feature = "aws_lc_rs")]
 			SignAlgo::Rsa(sign_alg) => Self::generate_rsa_inner(alg, sign_alg, KeySize::Rsa2048),
 			// Ring doesn't have RSA key generation yet:
@@ -436,6 +454,12 @@ impl SigningKey for KeyPair {
 				signature.as_ref().to_owned()
 			},
 			KeyPairKind::Ed(kp) => kp.sign(msg).as_ref().to_owned(),
+			#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+			KeyPairKind::Pq(kp) => {
+				let mut signature = vec![0; kp.algorithm().signature_len()];
+				kp.sign(msg, &mut signature)._err()?;
+				signature
+			},
 			KeyPairKind::Rsa(kp, padding_alg) => {
 				let system_random = SystemRandom::new();
 				let mut signature = vec![0; rsa_key_pair_public_modulus_len(kp)];
@@ -453,6 +477,8 @@ impl PublicKeyData for KeyPair {
 		match &self.kind {
 			KeyPairKind::Ec(kp) => kp.public_key().as_ref(),
 			KeyPairKind::Ed(kp) => kp.public_key().as_ref(),
+			#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+			KeyPairKind::Pq(kp) => kp.public_key().as_ref(),
 			KeyPairKind::Rsa(kp, _) => kp.public_key().as_ref(),
 		}
 	}

rcgen/src/key_pair.rs

@@ -8,12 +8,18 @@ use yasna::Tag;
 #[cfg(feature = "crypto")]
 use crate::ring_like::signature::{self, EcdsaSigningAlgorithm, EdDSAParameters, RsaEncoding};
 use crate::Error;
+#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+use aws_lc_rs::unstable::signature::{
+	PqdsaSigningAlgorithm, ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING,
+};
 
 #[cfg(feature = "crypto")]
 #[derive(Clone, Copy, Debug)]
 pub(crate) enum SignAlgo {
 	EcDsa(&'static EcdsaSigningAlgorithm),
 	EdDsa(&'static EdDSAParameters),
+	#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+	PqDsa(&'static PqdsaSigningAlgorithm),
 	Rsa(&'static dyn RsaEncoding),
 }
 
@@ -209,6 +215,36 @@ pub(crate) mod algo {
 		oid_components: &[1, 3, 101, 112],
 		params: SignatureAlgorithmParams::None,
 	};
+
+	/// ML-DSA-44 signing as per <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>.
+	#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+	pub static PKCS_ML_DSA_44: SignatureAlgorithm = SignatureAlgorithm {
+		oids_sign_alg: &[&[2, 16, 840, 1, 101, 3, 4, 3, 17]],
+		#[cfg(all(feature = "crypto", feature = "aws_lc_rs_unstable"))]
+		sign_alg: SignAlgo::PqDsa(&ML_DSA_44_SIGNING),
+		oid_components: &[2, 16, 840, 1, 101, 3, 4, 3, 17],
+		params: SignatureAlgorithmParams::None,
+	};
+
+	/// ML-DSA-44 signing as per <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>.
+	#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+	pub static PKCS_ML_DSA_65: SignatureAlgorithm = SignatureAlgorithm {
+		oids_sign_alg: &[&[2, 16, 840, 1, 101, 3, 4, 3, 18]],
+		#[cfg(all(feature = "crypto", feature = "aws_lc_rs_unstable"))]
+		sign_alg: SignAlgo::PqDsa(&ML_DSA_65_SIGNING),
+		oid_components: &[2, 16, 840, 1, 101, 3, 4, 3, 18],
+		params: SignatureAlgorithmParams::None,
+	};
+
+	/// ML-DSA-44 signing as per <https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-07.html#name-identifiers>.
+	#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+	pub static PKCS_ML_DSA_87: SignatureAlgorithm = SignatureAlgorithm {
+		oids_sign_alg: &[&[2, 16, 840, 1, 101, 3, 4, 3, 19]],
+		#[cfg(all(feature = "crypto", feature = "aws_lc_rs_unstable"))]
+		sign_alg: SignAlgo::PqDsa(&ML_DSA_87_SIGNING),
+		oid_components: &[2, 16, 840, 1, 101, 3, 4, 3, 19],
+		params: SignatureAlgorithmParams::None,
+	};
 }
 // Signature algorithm IDs as per https://tools.ietf.org/html/rfc4055
 impl SignatureAlgorithm {

rcgen/src/sign_algo.rs

@@ -2,6 +2,10 @@
 
 use std::time::Duration as StdDuration;
 
+#[cfg(feature = "aws_lc_rs_unstable")]
+use aws_lc_rs::unstable::signature::{
+	PqdsaKeyPair, PqdsaSigningAlgorithm, ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING,
+};
 use pki_types::{CertificateDer, ServerName, SignatureVerificationAlgorithm, UnixTime};
 use ring::rand::SystemRandom;
 use ring::signature::{self, EcdsaKeyPair, EcdsaSigningAlgorithm, Ed25519KeyPair, KeyPair as _};
@@ -40,6 +44,15 @@ fn sign_msg_ed25519(key_pair: &KeyPair, msg: &[u8]) -> Vec<u8> {
 	signature.as_ref().to_vec()
 }
 
+#[cfg(feature = "aws_lc_rs_unstable")]
+fn sign_msg_pq(key_pair: &KeyPair, msg: &[u8], alg: &'static PqdsaSigningAlgorithm) -> Vec<u8> {
+	let pk_der = key_pair.serialize_der();
+	let key_pair = PqdsaKeyPair::from_pkcs8(alg, &pk_der).unwrap();
+	let mut sig = vec![0; alg.signature_len()];
+	key_pair.sign(msg, &mut sig).unwrap();
+	sig.to_owned()
+}
+
 #[cfg(feature = "pem")]
 fn sign_msg_rsa(key_pair: &KeyPair, msg: &[u8], encoding: &'static dyn RsaEncoding) -> Vec<u8> {
 	let pk_der = key_pair.serialize_der();
@@ -226,6 +239,43 @@ fn test_webpki_rsa_given() {
 	);
 }
 
+#[cfg(all(feature = "pem", feature = "aws_lc_rs_unstable"))]
+#[test]
+fn test_webpki_ml_dsa() {
+	let (params, _) = util::default_params();
+	for (rcgen_alg, webpki_alg, signing_alg) in ML_DSA_ALGS {
+		let key_pair = KeyPair::generate_for(rcgen_alg).unwrap();
+		let cert = params.self_signed(&key_pair).unwrap();
+
+		// Now verify the certificate.
+		let sign_fn = |cert, msg| sign_msg_pq(cert, msg, signing_alg);
+		check_cert(cert.der(), &cert, &key_pair, *webpki_alg, sign_fn);
+	}
+}
+
+#[cfg(feature = "aws_lc_rs_unstable")]
+const ML_DSA_ALGS: &[(
+	&'static rcgen::SignatureAlgorithm,
+	&'static dyn SignatureVerificationAlgorithm,
+	&'static PqdsaSigningAlgorithm,
+)] = &[
+	(
+		&rcgen::PKCS_ML_DSA_44,
+		webpki::aws_lc_rs::ML_DSA_44,
+		&ML_DSA_44_SIGNING,
+	),
+	(
+		&rcgen::PKCS_ML_DSA_65,
+		webpki::aws_lc_rs::ML_DSA_65,
+		&ML_DSA_65_SIGNING,
+	),
+	(
+		&rcgen::PKCS_ML_DSA_87,
+		webpki::aws_lc_rs::ML_DSA_87,
+		&ML_DSA_87_SIGNING,
+	),
+];
+
 #[cfg(feature = "pem")]
 #[test]
 fn test_webpki_rsa_combinations_given() {