PQC: remove hash algo binding for ML-DSA signatures

Author: larabr

src/crypto/public_key/post_quantum/signature/index.js

@@ -1,2 +1,2 @@
-export { generate, sign, verify, validateParams, getRequiredHashAlgo } from './signature';
+export { generate, sign, verify, validateParams } from './signature';
 export { expandSecretSeed as mldsaExpandSecretSeed } from './ml_dsa';

src/crypto/public_key/post_quantum/signature/signature.js

@@ -15,12 +15,6 @@ export async function generate(algo) {
 }
 
 export async function sign(signatureAlgo, hashAlgo, eccSecretKey, eccPublicKey, mldsaSecretKey, dataDigest) {
-  if (hashAlgo !== getRequiredHashAlgo(signatureAlgo)) {
-    // The signature hash algo MUST be set to the specified algorithm, see
-    // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc#section-5.2.1.
-    throw new Error('Unexpected hash algorithm for PQC signature');
-  }
-
   switch (signatureAlgo) {
     case enums.publicKey.pqc_mldsa_ed25519: {
       const { eccSignature } = await eccdsa.sign(signatureAlgo, hashAlgo, eccSecretKey, eccPublicKey, dataDigest);
@@ -34,12 +28,6 @@ export async function sign(signatureAlgo, hashAlgo, eccSecretKey, eccPublicKey,
 }
 
 export async function verify(signatureAlgo, hashAlgo, eccPublicKey, mldsaPublicKey, dataDigest, { eccSignature, mldsaSignature }) {
-  if (hashAlgo !== getRequiredHashAlgo(signatureAlgo)) {
-    // The signature hash algo MUST be set to the specified algorithm, see
-    // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc#section-5.2.1.
-    throw new Error('Unexpected hash algorithm for PQC signature');
-  }
-
   switch (signatureAlgo) {
     case enums.publicKey.pqc_mldsa_ed25519: {
       const eccVerifiedPromise = eccdsa.verify(signatureAlgo, hashAlgo, eccPublicKey, dataDigest, eccSignature);
@@ -52,16 +40,6 @@ export async function verify(signatureAlgo, hashAlgo, eccPublicKey, mldsaPublicK
   }
 }
 
-export function getRequiredHashAlgo(signatureAlgo) {
-  // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc#section-5.2.1.
-  switch (signatureAlgo) {
-    case enums.publicKey.pqc_mldsa_ed25519:
-      return enums.hash.sha3_256;
-    default:
-      throw new Error('Unsupported signature algorithm');
-  }
-}
-
 export async function validateParams(algo, eccPublicKey, eccSecretKey, mldsaPublicKey, mldsaSeed) {
   const eccValidationPromise = eccdsa.validateParams(algo, eccPublicKey, eccSecretKey);
   const mldsaValidationPromise = mldsa.validateParams(algo, mldsaPublicKey, mldsaSeed);

src/key/helper.js

@@ -9,7 +9,7 @@ import {
   SignaturePacket
 } from '../packet';
 import enums from '../enums';
-import { getPreferredCurveHashAlgo, getHashByteLength, publicKey } from '../crypto';
+import { getPreferredCurveHashAlgo, getHashByteLength } from '../crypto';
 import util from '../util';
 import defaultConfig from '../config';
 
@@ -117,12 +117,6 @@ export async function createBindingSignature(subkey, primaryKey, options, config
  * @async
  */
 export async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {
-  if (signingKeyPacket.algorithm === enums.publicKey.pqc_mldsa_ed25519) {
-    // For PQC, the returned hash algo MUST be set to the specified algorithm, see
-    // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc#section-5.2.1.
-    return publicKey.postQuantum.signature.getRequiredHashAlgo(signingKeyPacket.algorithm);
-  }
-
   /**
    * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the
    * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).