crypto: add ML-DSA algorithm (fixes #26683)

Author: medvednikov

cmd/tools/modules/testing/common.v

@@ -2,6 +2,7 @@ module testing
 
 import os
 import os.cmdline
+import semver
 import time
 import term
 import benchmark
@@ -947,7 +948,28 @@ fn check_openssl_present() bool {
 	}
 }
 
+fn check_modern_openssl_present() bool {
+	if !is_openssl_present {
+		return false
+	}
+	mut version_cmd := 'openssl version'
+	$if openbsd {
+		version_cmd = 'eopenssl35 version'
+	}
+	res := os.execute(version_cmd)
+	if res.exit_code != 0 {
+		return false
+	}
+	line := res.output.trim_space()
+	if !line.starts_with('OpenSSL ') {
+		return false
+	}
+	version := semver.coerce(line) or { return false }
+	return version.satisfies('>=3.5.0')
+}
+
 pub const is_openssl_present = check_openssl_present()
+pub const is_modern_openssl_present = check_modern_openssl_present()
 
 // is_started_mysqld is true, when the test runner determines that there is a running mysql server
 pub const is_started_mysqld = find_started_process('mysqld') or { '' }
@@ -997,6 +1019,9 @@ pub fn (mut ts TestSession) setup_build_environment() {
 	if is_openssl_present {
 		defines << 'present_openssl'
 	}
+	if is_modern_openssl_present {
+		defines << 'has_modern_openssl'
+	}
 
 	// detect the linux distribution as well when possible:
 	if os.is_file('/etc/os-release') {

vlib/x/crypto/mldsa/mldsa.c.v

@@ -0,0 +1,79 @@
+// Copyright (c) V contributors. All rights reserved.
+// Use of this source code is governed by an MIT license
+// that can be found in the LICENSE file.
+module mldsa
+
+// TODO: remove this when OpenSSL 3.5 is more widely available by default.
+#flag linux -I/opt/ssl/include/openssl
+#flag linux -I/opt/ssl/include/crypto
+#flag linux -I/opt/ssl/include
+#flag linux -L/opt/ssl/lib64
+
+// Standard path
+#flag linux -I/usr/local/include/openssl
+#flag linux -I/usr/local/include/crypto
+#flag linux -L/usr/local/lib64
+
+#flag darwin -L /opt/homebrew/opt/openssl/lib -I /opt/homebrew/opt/openssl/include
+
+#flag -I/usr/include/openssl
+#flag -lcrypto
+
+#flag darwin -I/usr/local/opt/openssl/include
+#flag darwin -L/usr/local/opt/openssl/lib
+
+#flag openbsd -I/usr/local/include/eopenssl35
+#flag openbsd -L/usr/local/lib/eopenssl35 -Wl,-rpath,/usr/local/lib/eopenssl35
+
+#include <openssl/obj_mac.h>
+#include <openssl/evp.h>
+#include <openssl/param_build.h>
+
+@[typedef]
+struct C.EVP_PKEY {}
+
+@[typedef]
+struct C.EVP_PKEY_CTX {}
+
+@[typedef]
+struct C.EVP_SIGNATURE {}
+
+@[typedef]
+struct C.OSSL_PARAM {}
+
+@[typedef]
+struct C.OSSL_PARAM_BLD {}
+
+fn C.OpenSSL_version_num() u64
+
+fn C.EVP_PKEY_new() &C.EVP_PKEY
+fn C.EVP_PKEY_Q_keygen(ctx voidptr, propq &char, tipe &char) &C.EVP_PKEY
+fn C.EVP_PKEY_dup(key &C.EVP_PKEY) &C.EVP_PKEY
+fn C.EVP_PKEY_free(key &C.EVP_PKEY)
+fn C.EVP_PKEY_size(key &C.EVP_PKEY) i32
+fn C.EVP_PKEY_get0_type_name(key &C.EVP_PKEY) &char
+fn C.EVP_PKEY_get_octet_string_param(pkey &C.EVP_PKEY, key_name &char, buf &u8, max_buf_sz usize, out_len &usize) i32
+fn C.EVP_PKEY_set_octet_string_param(key &C.EVP_PKEY, key_name &char, buf voidptr, bsize usize) i32
+fn C.EVP_PKEY_keygen_init(ctx &C.EVP_PKEY_CTX) i32
+fn C.EVP_PKEY_keygen(ctx &C.EVP_PKEY_CTX, ppkey &&C.EVP_PKEY) i32
+fn C.EVP_PKEY_CTX_set_params(ctx &C.EVP_PKEY_CTX, params &C.OSSL_PARAM) i32
+fn C.EVP_PKEY_fromdata_init(ctx &C.EVP_PKEY_CTX) i32
+fn C.EVP_PKEY_fromdata(ctx &C.EVP_PKEY_CTX, ppkey &&C.EVP_PKEY, selection i32, params &C.OSSL_PARAM) i32
+fn C.EVP_PKEY_sign_message_init(ctx &C.EVP_PKEY_CTX, algo &C.EVP_SIGNATURE, params &C.OSSL_PARAM) i32
+fn C.EVP_PKEY_sign(ctx &C.EVP_PKEY_CTX, sig &u8, siglen &usize, tbs &u8, tbslen usize) i32
+fn C.EVP_PKEY_verify_message_init(ctx &C.EVP_PKEY_CTX, algo &C.EVP_SIGNATURE, params &C.OSSL_PARAM) i32
+fn C.EVP_PKEY_verify(ctx &C.EVP_PKEY_CTX, sig &u8, siglen usize, tbs &u8, tbslen usize) i32
+
+fn C.EVP_PKEY_CTX_new_from_name(libctx voidptr, name &char, pq voidptr) &C.EVP_PKEY_CTX
+fn C.EVP_PKEY_CTX_new_from_pkey(libctx voidptr, pkey &C.EVP_PKEY, pq voidptr) &C.EVP_PKEY_CTX
+fn C.EVP_PKEY_CTX_free(ctx &C.EVP_PKEY_CTX)
+
+fn C.EVP_SIGNATURE_free(signature &C.EVP_SIGNATURE)
+fn C.EVP_SIGNATURE_fetch(ctx voidptr, algorithm &char, properties voidptr) &C.EVP_SIGNATURE
+
+fn C.OSSL_PARAM_free(params &C.OSSL_PARAM)
+fn C.OSSL_PARAM_BLD_free(param_bld &C.OSSL_PARAM_BLD)
+fn C.OSSL_PARAM_BLD_new() &C.OSSL_PARAM_BLD
+fn C.OSSL_PARAM_BLD_push_int(bld &C.OSSL_PARAM_BLD, key &char, val i32) i32
+fn C.OSSL_PARAM_BLD_push_octet_string(bld &C.OSSL_PARAM_BLD, key &char, buf voidptr, bsize usize) i32
+fn C.OSSL_PARAM_BLD_to_param(bld &C.OSSL_PARAM_BLD) &C.OSSL_PARAM

vlib/x/crypto/mldsa/usage_test.v

@@ -0,0 +1,49 @@
+// vtest build: has_modern_openssl?
+module mldsa_test
+
+import x.crypto.mldsa
+
+fn test_mldsa_basic_sign_and_verify() ! {
+	mut pv := mldsa.PrivateKey.new()!
+	defer {
+		pv.free()
+	}
+	mut pb := pv.public_key()!
+	defer {
+		pb.free()
+	}
+	msg := 'ml-dsa basic roundtrip'.bytes()
+	sig := pv.sign(msg)!
+	assert sig.len > 0
+	assert pv.verify(sig, msg)!
+	assert pb.verify(sig, msg)!
+	assert !pb.verify(sig, 'ml-dsa mismatch'.bytes())!
+}
+
+fn test_mldsa_seed_and_raw_key_roundtrip() ! {
+	kind := mldsa.Kind.ml_dsa_65
+	mut pv := mldsa.PrivateKey.new(kind: kind)!
+	defer {
+		pv.free()
+	}
+	seed := pv.seed()!
+	priv := pv.bytes()!
+	pub_bytes := pv.public_bytes()!
+	assert seed.len == 32
+	assert priv.len == kind.private_key_size()
+	assert pub_bytes.len == kind.public_key_size()
+
+	mut pv_from_seed := mldsa.PrivateKey.from_seed(seed, kind)!
+	defer {
+		pv_from_seed.free()
+	}
+	assert pv_from_seed.bytes()! == priv
+
+	mut pb := mldsa.PublicKey.from_bytes(pub_bytes, kind)!
+	defer {
+		pb.free()
+	}
+	msg := 'ml-dsa imported public key'.bytes()
+	sig := pv.sign(msg, deterministic: 1)!
+	assert pb.verify(sig, msg)!
+}