ml-dsa: add security category support

author Pauli <ppzgs1@gmail.com>

Tue, 6 May 2025 01:32:48 +0000 (11:32 +1000)

committer Pauli <ppzgs1@gmail.com>

Tue, 27 May 2025 08:01:44 +0000 (18:01 +1000)
author Pauli <ppzgs1@gmail.com>
Tue, 6 May 2025 01:32:48 +0000 (11:32 +1000)
committer Pauli <ppzgs1@gmail.com>
Tue, 27 May 2025 08:01:44 +0000 (18:01 +1000)
diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c

index 41df1a956fb82139fb87d7c0b30de429cdcfbe5c..d1b07570f38c6068c689eadbbe6f2e795d2363cf 100644 (file)
--- a/crypto/ml_dsa/ml_dsa_key.c
+++ b/crypto/ml_dsa/ml_dsa_key.c
@@ -520,6 +520,11 @@ size_t ossl_ml_dsa_key_get_collision_strength_bits(const ML_DSA_KEY *key)
      return key->params->bit_strength;
  }
  
+int ossl_ml_dsa_key_get_security_category(const ML_DSA_KEY *key)
+{
+    return key->params->security_category;
+}
+
  /* Returns the private key data or NULL if there is no private key */
  const uint8_t *ossl_ml_dsa_key_get_priv(const ML_DSA_KEY *key)
  {
diff --git a/include/crypto/ml_dsa.h b/include/crypto/ml_dsa.h

index 3508993542a45f5932d851b3f080021cc8171c55..b4c3bf385b1d5ccd2bb4f4da2839ab2a1146b689 100644 (file)
--- a/include/crypto/ml_dsa.h
+++ b/include/crypto/ml_dsa.h
@@ -99,6 +99,7 @@ int ossl_ml_dsa_set_prekey(ML_DSA_KEY *key, int flags_set, int flags_clr,
                             const uint8_t *seed, size_t seed_len,
                             const uint8_t *sk, size_t sk_len);
  __owur size_t ossl_ml_dsa_key_get_collision_strength_bits(const ML_DSA_KEY *key);
+__owur int ossl_ml_dsa_key_get_security_category(const ML_DSA_KEY *key);
  __owur size_t ossl_ml_dsa_key_get_sig_len(const ML_DSA_KEY *key);
  __owur int ossl_ml_dsa_key_matches(const ML_DSA_KEY *key, int evp_type);
  __owur const char *ossl_ml_dsa_key_get_name(const ML_DSA_KEY *key);
diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c

index a31a308c9c79f935b33c0c41ed2cae530a58dd72..33b0ab860bed48819cf8858a6c3844f7953eb22a 100644 (file)
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@@ -29,7 +29,6 @@ static OSSL_FUNC_keymgmt_export_fn ml_dsa_export;
  static OSSL_FUNC_keymgmt_import_types_fn ml_dsa_imexport_types;
  static OSSL_FUNC_keymgmt_export_types_fn ml_dsa_imexport_types;
  static OSSL_FUNC_keymgmt_dup_fn ml_dsa_dup_key;
-static OSSL_FUNC_keymgmt_get_params_fn ml_dsa_get_params;
  static OSSL_FUNC_keymgmt_gettable_params_fn ml_dsa_gettable_params;
  static OSSL_FUNC_keymgmt_validate_fn ml_dsa_validate;
  static OSSL_FUNC_keymgmt_gen_init_fn ml_dsa_gen_init;
@@ -299,6 +298,7 @@ static const OSSL_PARAM ml_dsa_params[] = {
      OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
      OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
      OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
      OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
      ML_DSA_IMEXPORTABLE_PARAMETERS,
      OSSL_PARAM_END
@@ -323,6 +323,9 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[])
      if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
              && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_sig_len(key)))
          return 0;
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
+            && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_security_category(key)))
+        return 0;
  
      pub = ossl_ml_dsa_key_get_pub(key);
      priv = ossl_ml_dsa_key_get_priv(key);
author	Pauli <ppzgs1@gmail.com>
	Tue, 6 May 2025 01:32:48 +0000 (11:32 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Tue, 27 May 2025 08:01:44 +0000 (18:01 +1000)
crypto/ml_dsa/ml_dsa_key.c		patch \| blob \| blame \| history
include/crypto/ml_dsa.h		patch \| blob \| blame \| history
providers/implementations/keymgmt/ml_dsa_kmgmt.c		patch \| blob \| blame \| history