Implement SM2 & ML-DSA-65 Hybrid Signature Algorithm

.gitignore

@@ -60,6 +60,7 @@ providers/common/der/der_rsa_gen.c
 providers/common/der/der_wrap_gen.c
 providers/common/der/der_sm2_gen.c
 providers/common/der/der_ml_dsa_gen.c
+providers/common/der/der_sm2_mldsa65_hybrid_gen.c
 providers/common/include/prov/der_dsa.h
 providers/common/include/prov/der_ec.h
 providers/common/include/prov/der_ecx.h
@@ -68,6 +69,7 @@ providers/common/include/prov/der_digests.h
 providers/common/include/prov/der_wrap.h
 providers/common/include/prov/der_sm2.h
 providers/common/include/prov/der_ml_dsa.h
+providers/common/include/prov/der_sm2_mldsa65_hybrid.h
 
 providers/smtc/smtckey.h
 

Configure

@@ -488,6 +488,7 @@ my @disablables = (
     "siv",
     "sm2",
     "sm2_threshold",
+    "sm2-mldsa65-hybrid",
     "sm3",
     "sm4",
     "wbsm4-xiaolai",
@@ -627,6 +628,7 @@ our %disabled = ( # "what"         => "comment"
                   "wbsm4-wsise"         => "default",
                   #"kyber"               => "default",
                   #"sm2dh-mlkem768-hybrid"  => "default",
+                  "sm2-mldsa65-hybrid" => "default",
                 );
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
@@ -654,7 +656,7 @@ my @disable_cascades = (
     "ssl3-method"       => [ "ssl3" ],
     "zlib"              => [ "zlib-dynamic" ],
     "ec"                => [ "ec2m", "ecdsa", "ecdh", "sm2", "sm2dh-mlkem768-hybrid"],
-    "sm2"               => [ "sm2_threshold", "sm2dh-mlkem768-hybrid"],
+    "sm2"               => [ "sm2_threshold", "sm2dh-mlkem768-hybrid","sm2-mldsa65-hybrid"],
     "ec_elgamal"        => [ "twisted_ec_elgamal" ],
     "dgram"             => [ "dtls", "sctp" ],
     "sock"              => [ "dgram" ],
@@ -718,6 +720,7 @@ my @disable_cascades = (
     sub { !$disabled{"smtc"}} => [ "ct", "module" ],
     "sdf-lib"           => [ "sdf-lib-dynamic" ],
     "kyber" => ["sm2dh-mlkem768-hybrid"],
+    "ml_dsa" => ["sm2-mldsa65-hybrid"],
     );
 
 # Avoid protocol support holes.  Also disable all versions below N, if version

crypto/build.info

@@ -6,7 +6,7 @@ SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \
         siphash sm3 des aes rc4 rc5 zuc \
         sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \
         err comp http ocsp cms ts srp cmac ct async ess crmf cmp encode_decode \
-        ffc paillier zkp sdf tsapi kyber sm2dh-mlkem768-hybrid ml_dsa
+        ffc paillier zkp sdf tsapi kyber sm2dh-mlkem768-hybrid ml_dsa sm2_mldsa65_hybrid
 
 LIBS=../libcrypto
 

crypto/evp/evp_lib.c

@@ -1185,7 +1185,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
                && OPENSSL_strcasecmp(type, "ED448") != 0
                && OPENSSL_strcasecmp(type, "X448") != 0
                && OPENSSL_strcasecmp(type, "SM2") != 0
-               && OPENSSL_strcasecmp(type, "ML-DSA-65") != 0) {
+               && OPENSSL_strcasecmp(type, "ML-DSA-65") != 0
+               && OPENSSL_strcasecmp(type, "SM2-MLDSA65-HYBRID") != 0) {
         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
         goto end;
     }

crypto/evp/p_lib.c

@@ -1052,6 +1052,8 @@ static const OSSL_ITEM standard_name2type[] = {
     /* SM2DH-MLKEM768-HYBRID, only for experimental purpose */
     { EVP_PKEY_SM2DH_MLKEM768_HYBRID,   "SM2DH-MLKEM768-HYBRID"},
     { EVP_PKEY_ML_DSA_65,  "ML-DSA-65" },
+    /* SM2-MLDSA65-HYBRID, only for experimental purpose */
+    { EVP_PKEY_SM2_MLDSA65_HYBRID, "SM2-MLDSA65-HYBRID" },
 };
 
 int evp_pkey_name2type(const char *name)

crypto/objects/obj_dat.h

@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[6648] = {
+static const unsigned char so[6669] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   13] OBJ_md5 */
@@ -934,9 +934,11 @@ static const unsigned char so[6648] = {
     0x2A,0x81,0x1C,0xCF,0x55,0x01,0x87,0x69,       /* [ 6627] OBJ_sm2dh_mlkem768_hybrid */
     0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12,  /* [ 6635] OBJ_ML_DSA_65 */
     0x55,0x1D,0x4B,                                /* [ 6644] OBJ_associated_information */
+    0x60,0x86,0x48,0x01,0x86,0xFA,0x6B,0x50,0x09,0x01,  /* [ 6647] OBJ_compsig */
+    0x60,0x86,0x48,0x01,0x86,0xFA,0x6B,0x50,0x09,0x01,0x15,  /* [ 6657] OBJ_sm2_mldsa65_hybrid */
 };
 
-#define NUM_NID 1320
+#define NUM_NID 1322
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2258,9 +2260,11 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     { NULL, NULL, NID_undef },
     { NULL, NULL, NID_undef },
     {"associatedInformation", "X509v3 Associated Information", NID_associated_information, 3, &so[6644]},
+    {"Compsig", "composite ML-DSA signature", NID_compsig, 10, &so[6647]},
+    {"SM2-MLDSA65-HYBRID", "sm2-mldsa65-hybrid", NID_sm2_mldsa65_hybrid, 11, &so[6657]},
 };
 
-#define NUM_SN 1034
+#define NUM_SN 1036
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2313,6 +2317,7 @@ static const unsigned int sn_objs[NUM_SN] = {
      417,    /* "CSPName" */
     1019,    /* "ChaCha20" */
     1018,    /* "ChaCha20-Poly1305" */
+    1320,    /* "Compsig" */
      367,    /* "CrlID" */
      391,    /* "DC" */
       31,    /* "DES-CBC" */
@@ -2434,6 +2439,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1100,    /* "SHAKE128" */
     1101,    /* "SHAKE256" */
     1172,    /* "SM2" */
+    1321,    /* "SM2-MLDSA65-HYBRID" */
     1204,    /* "SM2-SM3" */
     1281,    /* "SM2DH-MLKEM768-HYBRID" */
     1143,    /* "SM3" */
@@ -3298,7 +3304,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1034
+#define NUM_LN 1036
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3590,6 +3596,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      633,    /* "cleartext track 2" */
      894,    /* "cmac" */
       13,    /* "commonName" */
+    1320,    /* "composite ML-DSA signature" */
      513,    /* "content types" */
       50,    /* "contentType" */
       53,    /* "countersignature" */
@@ -4249,6 +4256,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     1062,    /* "siphash" */
     1142,    /* "sm-scheme" */
     1172,    /* "sm2" */
+    1321,    /* "sm2-mldsa65-hybrid" */
     1281,    /* "sm2dh-mlkem768-hybrid" */
     1143,    /* "sm3" */
     1144,    /* "sm3WithRSAEncryption" */
@@ -4336,7 +4344,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     1255,    /* "zuc-128-eia3" */
 };
 
-#define NUM_OBJ 929
+#define NUM_OBJ 931
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5173,6 +5181,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
      953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
      954,    /* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
+    1320,    /* OBJ_compsig                      2 16 840 1 114027 80 9 1 */
     1158,    /* OBJ_dstu4145le                   1 2 804 2 1 1 1 1 3 1 1 */
      196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
      197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
@@ -5255,6 +5264,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
      956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
      957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1321,    /* OBJ_sm2_mldsa65_hybrid           2 16 840 1 114027 80 9 1 21 */
     1259,    /* OBJ_oracle_jdk_trustedkeyusage   2 16 840 1 113894 746875 1 1 */
     1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
     1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */

crypto/objects/obj_mac.num

@@ -1052,3 +1052,5 @@ sm2dh_mlkem768_hybrid		1281
 ML_DSA_65		1282
 delegated_name_constraints		1298
 associated_information		1319
+compsig		1320
+sm2_mldsa65_hybrid		1321

crypto/objects/obj_xref.h

@@ -65,6 +65,7 @@ static const nid_triple sigoid_srt[] = {
     {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
     {NID_SM2_with_SM3, NID_sm3, NID_sm2},
     {NID_ML_DSA_65, NID_undef, NID_ML_DSA_65},
+    {NID_sm2_mldsa65_hybrid, NID_sm3, NID_sm2_mldsa65_hybrid},
 };
 
 static const nid_triple *const sigoid_srt_xref[] = {
@@ -102,4 +103,5 @@ static const nid_triple *const sigoid_srt_xref[] = {
     &sigoid_srt[36],
     &sigoid_srt[37],
     &sigoid_srt[38],
+    &sigoid_srt[40],
 };

crypto/objects/obj_xref.txt

@@ -59,3 +59,5 @@ dhSinglePass_cofactorDH_sha384kdf_scheme	sha384	dh_cofactor_kdf
 dhSinglePass_cofactorDH_sha512kdf_scheme	sha512	dh_cofactor_kdf
 
 SM2_with_SM3		sm3	sm2
+
+sm2_mldsa65_hybrid sm3 sm2_mldsa65_hybrid

crypto/objects/objects.txt

@@ -1453,3 +1453,8 @@ oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)
     : WBSM4-WSISE-CTR             : wbsm4-wsise-ctr
     : WBSM4-WSISE-GCM             : wbsm4-wsise-gcm
     : WBSM4-WSISE-CCM             : wbsm4-wsise-ccm
+
+# sm2 & ml-dsa-65 hybrid signature (testing)
+!Cname compsig
+joint-iso-itu-t 16 840 1 114027 80 9 1  : Compsig               : composite ML-DSA signature
+compsig 21                              : SM2-MLDSA65-HYBRID    : sm2-mldsa65-hybrid

crypto/sm2_mldsa65_hybrid/build.info

@@ -0,0 +1,7 @@
+LIBS = ../../libcrypto
+
+IF[{- !$disabled{"sm2-mldsa65-hybrid"} -}]
+    SOURCE[../../libcrypto] = \
+        sm2_mldsa65_hybrid_key.c \
+        sm2_mldsa65_hybrid_codecs.c
+ENDIF

crypto/sm2_mldsa65_hybrid/sm2_mldsa65_hybrid_codecs.c

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2025 The Tongsuo Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://github.com/Tongsuo-Project/Tongsuo/blob/master/LICENSE.txt
+ */
+
+#include <openssl/e_os2.h>
+#include <openssl/err.h>
+#include <openssl/proverr.h>
+#include "crypto/x509.h"
+#include "crypto/sm2_mldsa65_hybrid.h"
+
+static const uint8_t sm2_mldsa65_hybrid_spkifmt[SM2_MLDSA_HYBRID_SPKI_OVERHEAD] = {
+    0x30, 0x82, 0x07, 0xd5, 0x30, 0x0d, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01,
+    0x86, 0xfa, 0x6b, 0x50, 0x09, 0x01, 0x15, 0x03, 0x82, 0x07, 0xc2, 0x00
+};
+
+SM2_MLDSA65_HYBRID_KEY *ossl_sm2_mldsa65_hybrid_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                             OSSL_LIB_CTX *libctx, const char *propq)
+{
+    SM2_MLDSA65_HYBRID_KEY *key = NULL, *ret = NULL;
+    const uint8_t *buf;
+    int len;
+    const X509_ALGOR *palg;
+
+    if (!PKCS8_pkey_get0(NULL, &buf, &len, &palg, p8inf))
+        goto err;
+
+    if ((key = sm2_mldsa65_hybrid_key_new(libctx, propq)) == NULL)
+        goto err;
+
+    if (!sm2_mldsa65_hybrid_priv_key_deserialize(key, buf, len))
+        goto err;
+
+    ret = key;
+err:
+    if (ret == NULL)
+        sm2_mldsa65_hybrid_key_free(key);
+    return ret;
+}
+
+SM2_MLDSA65_HYBRID_KEY *
+ossl_sm2_mldsa65_hybrid_d2i_PUBKEY(const uint8_t *pk, int pk_len, OSSL_LIB_CTX *libctx)
+{
+    SM2_MLDSA65_HYBRID_KEY *ret;
+
+    if (pk_len != SM2_MLDSA_HYBRID_SPKI_OVERHEAD + (ossl_ssize_t) SM2_MLDSA65_HYBRID_PK_SIZE
+        || memcmp(pk, sm2_mldsa65_hybrid_spkifmt, SM2_MLDSA_HYBRID_SPKI_OVERHEAD) != 0)
+        return NULL;
+    pk_len -= SM2_MLDSA_HYBRID_SPKI_OVERHEAD;
+    pk += SM2_MLDSA_HYBRID_SPKI_OVERHEAD;
+
+    if ((ret = sm2_mldsa65_hybrid_key_new(libctx, NULL)) == NULL)
+        return NULL;
+
+    if (!sm2_mldsa65_hybrid_pub_key_deserialize(ret, pk, (size_t)pk_len)) {
+        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
+                       "error parsing sm2-mldsa65-hybrid public key from input SPKI");
+        sm2_mldsa65_hybrid_key_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}