RFC: Add bindings for ML-KEM and ML-DSA. #2405
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We discussed that this API is not well suitable for the end users but still, it required for several operations in OpenSSL 3.* so instead of calling to FFI for every use of this API, this introduces simple wrappers that allow building of the params and their usage. Signed-off-by: Jakub Jelen <[email protected]>
Signed-off-by: Jakub Jelen <[email protected]>
The OpenSSL 3.* users now do not have a way to use non-deprecated API by using this rust bindings, which is not sustainable in the long term as either distributions will stop building with the deprecated API or it will be eventually removed. This is partially based on sfackler#2051 which was abandoned. Signed-off-by: Jakub Jelen <[email protected]>
Some imports and private functions are currently only used on newer OpenSSL versions. This may change once more classical algorithms are using the new interfaces. For now, simply silence the warnings. Let me know if you prefer a different solution.
Jakuje
reviewed
May 13, 2025
|
@alex any thoughts regarding to adding the new PQC algorithms? |
|
I have not had a chance to review. For similar reasons to what I noted in #2380, I have incredibly low motivation to do anything involving OpenSSL's new (bad) APIs. |
|
In #2393 you wrote you would be happy for the PR. Does it mean if somebody else would review, this, it would be acceptable? |
Jakuje
reviewed
May 21, 2025
Comment on lines
+200
to
+201
| #[cfg(ossl300)] | ||
| pub mod signature; |
There was a problem hiding this comment.
Should we use #[cfg(ossl350)] here to avoid the need to add the #[allow(unused_imports)] inside? Even though the functions might be available in older versions, they are for no good use as far as I know.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch series adds support for the post-quantum ML-KEM and ML-DSA algorithms. I intend to also add support for SLH-DSA, but didn't get around to that yet, and want to get the conversation going. Once SLH-DSA is added, this will close #2393.
I only added the interfaces required to implement ML-KEM and ML-DSA in Sequoia PGP. And, I'm not too familiar with the OpenSSL API, so I'm happy to add more functions, but I need guidance there. Similarly, I'm not too familiar with how the Rust bindings abstract over the differences between OpenSSL versions and variants, so any advice in that direction is appreciated (and please be concrete ;)).
It builds upon parts of Jakub's patch series #2380 modulo the RSA and ECDSA parts.