From: Pauli <ppzgs1@gmail.com>
Date: Thu, 19 Jun 2025 03:45:14 +0000 (+1000)
Subject: ml-dsa: use TRIE & struct based param name decoders
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3bb06ce79806d7e725244dd62212ef935112b82c;p=thirdparty%2Fopenssl.git

ml-dsa: use TRIE & struct based param name decoders

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
---

diff --git a/providers/implementations/signature/ml_dsa_sig.c.in b/providers/implementations/signature/ml_dsa_sig.c.in
index c649110adc2..28d01f0cdd5 100644
--- a/providers/implementations/signature/ml_dsa_sig.c.in
+++ b/providers/implementations/signature/ml_dsa_sig.c.in
@@ -6,6 +6,9 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
 
 #include "internal/deprecated.h"
 
@@ -20,6 +23,7 @@
 #include "prov/provider_ctx.h"
 #include "prov/der_ml_dsa.h"
 #include "crypto/ml_dsa.h"
+#include "internal/common.h"
 #include "internal/packet.h"
 #include "internal/sizes.h"
 
@@ -357,32 +361,57 @@ static int ml_dsa_digest_verify(void *vctx,
     return ml_dsa_verify(vctx, sig, siglen, tbs, tbslen);
 }
 
+/*
+ * Only need the param list for the signing case.  The decoder and structure
+ * are shared between the sign and verify cases.
+ */
+#define ml_dsa_set_ctx_params_st        ml_dsa_verifymsg_set_ctx_params_st
+#define ml_dsa_set_ctx_params_decoder   ml_dsa_verifymsg_set_ctx_params_decoder
+
+{- produce_param_decoder('ml_dsa_set_ctx_params',
+                         (['SIGNATURE_PARAM_CONTEXT_STRING',   'ctx',    'octet_string'],
+                          ['SIGNATURE_PARAM_TEST_ENTROPY',     'ent',    'octet_string'],
+                          ['SIGNATURE_PARAM_DETERMINISTIC',    'det',    'int'],
+                          ['SIGNATURE_PARAM_MESSAGE_ENCODING', 'msgenc', 'int'],
+                          ['SIGNATURE_PARAM_MU',               'mu',     'int'],
+                         )); -}
+
+{- produce_param_decoder('ml_dsa_verifymsg_set_ctx_params',
+                         (['SIGNATURE_PARAM_CONTEXT_STRING',   'ctx',    'octet_string'],
+                          ['SIGNATURE_PARAM_TEST_ENTROPY',     'ent',    'octet_string'],
+                          ['SIGNATURE_PARAM_DETERMINISTIC',    'det',    'int'],
+                          ['SIGNATURE_PARAM_MESSAGE_ENCODING', 'msgenc', 'int'],
+                          ['SIGNATURE_PARAM_MU',               'mu',     'int'],
+                          ['SIGNATURE_PARAM_SIGNATURE',        'sig',    'octet_string'],
+                         )); -}
+
 static int ml_dsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_ML_DSA_CTX *pctx = (PROV_ML_DSA_CTX *)vctx;
-    const OSSL_PARAM *p;
+    struct ml_dsa_verifymsg_set_ctx_params_st p;
 
     if (pctx == NULL)
         return 0;
     if (ossl_param_is_empty(params))
         return 1;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_CONTEXT_STRING);
-    if (p != NULL) {
+    p = ml_dsa_verifymsg_set_ctx_params_decoder(params);
+
+    if (p.ctx != NULL) {
         void *vp = pctx->context_string;
 
-        if (!OSSL_PARAM_get_octet_string(p, &vp, sizeof(pctx->context_string),
+        if (!OSSL_PARAM_get_octet_string(p.ctx, &vp, sizeof(pctx->context_string),
                                          &(pctx->context_string_len))) {
             pctx->context_string_len = 0;
             return 0;
         }
     }
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_TEST_ENTROPY);
-    if (p != NULL) {
+
+    if (p.ent != NULL) {
         void *vp = pctx->test_entropy;
 
         pctx->test_entropy_len = 0;
-        if (!OSSL_PARAM_get_octet_string(p, &vp, sizeof(pctx->test_entropy),
+        if (!OSSL_PARAM_get_octet_string(p.ent, &vp, sizeof(pctx->test_entropy),
                                          &(pctx->test_entropy_len)))
                 return 0;
         if (pctx->test_entropy_len != sizeof(pctx->test_entropy)) {
@@ -391,83 +420,61 @@ static int ml_dsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
         }
     }
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DETERMINISTIC);
-    if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->deterministic))
+
+    if (p.det != NULL && !OSSL_PARAM_get_int(p.det, &pctx->deterministic))
         return 0;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING);
-    if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->msg_encode))
+    if (p.msgenc != NULL && !OSSL_PARAM_get_int(p.msgenc, &pctx->msg_encode))
         return 0;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MU);
-    if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->mu))
+    if (p.mu != NULL && !OSSL_PARAM_get_int(p.mu, &pctx->mu))
         return 0;
 
-    if (pctx->operation == EVP_PKEY_OP_VERIFYMSG) {
-        p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
-        if (p != NULL) {
-            OPENSSL_free(pctx->sig);
-            pctx->sig = NULL;
-            pctx->siglen = 0;
-            if (!OSSL_PARAM_get_octet_string(p, (void **)&pctx->sig,
-                                             0, &pctx->siglen))
-                return 0;
-        }
+    if (p.sig != NULL && pctx->operation == EVP_PKEY_OP_VERIFYMSG) {
+        OPENSSL_free(pctx->sig);
+        pctx->sig = NULL;
+        pctx->siglen = 0;
+        if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&pctx->sig,
+                                         0, &pctx->siglen))
+            return 0;
     }
 
     return 1;
 }
 
-#define MLDSA_COMMON_SETTABLE_CTX_PARAMS                                   \
-    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0), \
-    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_TEST_ENTROPY, NULL, 0),   \
-    OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_DETERMINISTIC, 0),                 \
-    OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_MU, 0),                            \
-    OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING, 0),              \
-    OSSL_PARAM_END
-
 static const OSSL_PARAM *ml_dsa_settable_ctx_params(void *vctx,
                                                     ossl_unused void *provctx)
 {
     PROV_ML_DSA_CTX *pctx = (PROV_ML_DSA_CTX *)vctx;
 
-    static const OSSL_PARAM settable_ctx_params[] = {
-        MLDSA_COMMON_SETTABLE_CTX_PARAMS
-    };
-
-    static const OSSL_PARAM settable_verifymsg_ctx_params[] = {
-        OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
-        MLDSA_COMMON_SETTABLE_CTX_PARAMS
-    };
-
     if (pctx != NULL && pctx->operation == EVP_PKEY_OP_VERIFYMSG)
-        return settable_verifymsg_ctx_params;
+        return ml_dsa_verifymsg_set_ctx_params_list;
     else
-        return settable_ctx_params;
+        return ml_dsa_set_ctx_params_list;
 }
 
-static const OSSL_PARAM known_gettable_ctx_params[] = {
-    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
-    OSSL_PARAM_END
-};
+{- produce_param_decoder('ml_dsa_get_ctx_params',
+                         (['SIGNATURE_PARAM_ALGORITHM_ID', 'id', 'octet_string'],
+                         )); -}
 
 static const OSSL_PARAM *ml_dsa_gettable_ctx_params(ossl_unused void *vctx,
                                                     ossl_unused void *provctx)
 {
-    return known_gettable_ctx_params;
+    return ml_dsa_get_ctx_params_list;
 }
 
 static int ml_dsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
 {
     PROV_ML_DSA_CTX *ctx = (PROV_ML_DSA_CTX *)vctx;
-    OSSL_PARAM *p;
+    struct ml_dsa_get_ctx_params_st p;
 
     if (ctx == NULL)
         return 0;
 
-    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
-    if (p != NULL
-        && !OSSL_PARAM_set_octet_string(p,
+    p = ml_dsa_get_ctx_params_decoder(params);
+
+    if (p.id != NULL
+        && !OSSL_PARAM_set_octet_string(p.id,
                                         ctx->aid_len == 0 ? NULL : ctx->aid_buf,
                                         ctx->aid_len))
         return 0;