feature: add support for configuring (but not yet using) ml-dsa certs

[lrstewart]

Release Summary:

Resolved issues:

related to #5257

Description of changes:

I update s2n-tls to successfully parse and load ML-DSA certificates. It's mostly minor changes to the certificate-loading logic, but it touches a lot of different files so I wanted to keep it separate from the actual signing logic PR. I left the signing methods, which are triggered by s2n_pkey_match, as no-ops for now.

Testing:

I added a unit test that successfully loads all combinations of ML-DSA private + public keys.

The version of awslc in our CI is recent enough to support ML-DSA. You can see the "-- feature S2N_AWSLC_SUPPORTS_MLDSA: TRUE" message in awslc builds like this AddressSanitizer one.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[lrstewart]

Changing "type" to "type_hint" isn't strictly necessary, but I think it makes the code much clearer. We're really just guessing at the type.

[lrstewart]

I'm wondering if I should name this "s2n_mldsa_supported" instead, despite the name of this module.

[lrstewart]

I'm avoiding adding any publicly visible values (the S2N_TLS_SIGNATURE_ values are all defined in s2n.h) until this feature is complete.

[lrstewart]

The largest test ML-DSA file was like 11k.

[lrstewart]

I've got a PR out to fix the awslc bug: aws/aws-lc#2348

But even if I fix it, we won't be able to assume that we're building against a fixed version of awslc :/ So I think we're stuck with handling this case. If just ignoring the error isn't acceptable, I could instead skip the method call for the MLDSA nids, since we don't actually need it. That's a pretty ugly check though: I'll need to specifically list the MLDSA nids to skip. And it'll need an if/def since the nids don't exist in awslc before MLDSA support was added.

We could also ask awslc to bump their API version, and then gate MLDSA support on the newer API version. I'm not sure that's any better than just ignoring the bug and failing to load the cert though: in both cases, a customer would build s2n-tls with a version of awslc that they would reasonably expect supports MLDSA, but be unable to load an MLDSA cert. The only difference would be the "S2N_AWSLC_MLDSA_SUPPORT" feature flag printed during the build.

[goatgoose]

I think my only problem with this is that it doesn't seem like we should trust any returned signature_digest_nid if the call to OBJ_find_sigid_algs fails. If we don't actually need this value anyway for ML-DSA, could we just not update info->signature_digest_nid unless the call succeeds?

[lrstewart]

Hmmm so like check for failure, but if the failure occurs, just explicitly set signature_digest_nid to 0 in case OBJ_find_sigid_algs set it to something else? I don't think that's super useful, but I'm probably biased by having looked at the implementation of OBJ_find_sigid_algs :P I can do that.

[lrstewart]

Okay so the current plan:

1. Initially, follow Sam's suggestion and reset signature_digest_nid on failure, but otherwise ignore failures.
2. Update AWSLC's API version: Bump AWSLC_API_VERSION to account for OBJ_find_sigid_algs bug aws-lc#2349
3. Wait for the next AWSLC release (probably later this week)
4. Rebuild our codebuild images
5. Make ML-DSA support depend on the new API version and revert the changes to this logic.

[goatgoose]

I think my only problem with this is that it doesn't seem like we should trust any returned signature_digest_nid if the call to OBJ_find_sigid_algs fails. If we don't actually need this value anyway for ML-DSA, could we just not update info->signature_digest_nid unless the call succeeds?

[jakemas]

Just watching! Feel free to ping me regarding any questions around ML-DSA.