From: Pauli Date: Wed, 18 Jun 2025 00:20:10 +0000 (+1000) Subject: ml-dsa: update to use improved parameter handling X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61d20724a667e22c0ae3e2d2b37844f775cd0e16;p=thirdparty%2Fopenssl.git ml-dsa: update to use improved parameter handling Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/27847) --- diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in index c6b8c6a0918..962e3c2f616 100644 --- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in +++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c.in @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ {- -use OpenSSL::paramnames qw(produce_param_list); +use OpenSSL::paramnames qw(produce_param_decoder); -} #include @@ -19,7 +19,6 @@ use OpenSSL::paramnames qw(produce_param_list); #include "crypto/ml_dsa.h" #include "internal/fips.h" #include "internal/param_build_set.h" -#include "internal/param_names.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" @@ -183,14 +182,11 @@ static int ml_dsa_validate(const void *key_data, int selection, int check_type) return 1; } -/* Machine generated by util/perl/OpenSSL/paramnames.pm */ -{- produce_param_list('static', 'ml_dsa_key_types', - 'static', 'ml_dsa_key_types_find_pidx', - (['PKEY_PARAM_ML_DSA_SEED', 'octet_string'], - ['PKEY_PARAM_PUB_KEY', 'octet_string'], - ['PKEY_PARAM_PRIV_KEY', 'octet_string'], - )); -} -/* End of machine generated */ +{- produce_param_decoder('ml_dsa_key_type_params', + (['PKEY_PARAM_ML_DSA_SEED', 'seed', 'octet_string'], + ['PKEY_PARAM_PUB_KEY', 'pubkey', 'octet_string'], + ['PKEY_PARAM_PRIV_KEY', 'privkey', 'octet_string'], + )); -} /** * @brief Load a ML_DSA key from raw data. @@ -204,54 +200,44 @@ static int ml_dsa_validate(const void *key_data, int selection, int check_type) static int ml_dsa_key_fromdata(ML_DSA_KEY *key, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *p = NULL; const ML_DSA_PARAMS *key_params = ossl_ml_dsa_key_params(key); const uint8_t *pk = NULL, *sk = NULL, *seed = NULL; size_t pk_len = 0, sk_len = 0, seed_len = 0; + struct ml_dsa_key_type_params_st p = ml_dsa_key_type_params_decoder(params); - for (p = params; p->key != NULL; p++) - switch (ml_dsa_key_types_find_pidx(p->key)) { - default: - break; + if (p.pubkey != NULL) { + if (!OSSL_PARAM_get_octet_string_ptr(p.pubkey, (const void **)&pk, &pk_len)) + return 0; + if (pk != NULL && pk_len != key_params->pk_len) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, + "Invalid %s public key length", key_params->alg); + return 0; + } + } - case PIDX_PKEY_PARAM_PUB_KEY: - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pk, &pk_len)) - return 0; - if (pk != NULL && pk_len != key_params->pk_len) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, - "Invalid %s public key length", key_params->alg); - return 0; - } - break; - - /* Private key seed is optional */ - case PIDX_PKEY_PARAM_ML_DSA_SEED: - if (include_private) { - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&seed, - &seed_len)) - return 0; - if (seed != NULL && seed_len != ML_DSA_SEED_BYTES) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH); - return 0; - } - } - break; - - /* Private key is optional */ - case PIDX_PKEY_PARAM_PRIV_KEY: - if (include_private) { - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&sk, - &sk_len)) - return 0; - if (sk != NULL && sk_len != key_params->sk_len) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, - "Invalid %s private key length", - key_params->alg); - return 0; - } - } - break; + /* Private key seed is optional */ + if (p.seed != NULL && include_private) { + if (!OSSL_PARAM_get_octet_string_ptr(p.seed, (const void **)&seed, + &seed_len)) + return 0; + if (seed != NULL && seed_len != ML_DSA_SEED_BYTES) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH); + return 0; } + } + + /* Private key is optional */ + if (p.privkey != NULL && include_private) { + if (!OSSL_PARAM_get_octet_string_ptr(p.privkey, (const void **)&sk, + &sk_len)) + return 0; + if (sk != NULL && sk_len != key_params->sk_len) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, + "Invalid %s private key length", + key_params->alg); + return 0; + } + } /* The caller MUST specify at least one of seed, private or public keys. */ if (seed_len == 0 && pk_len == 0 && sk_len == 0) { @@ -307,93 +293,80 @@ static const OSSL_PARAM *ml_dsa_imexport_types(int selection) { if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) return NULL; - return ml_dsa_key_types; + return ml_dsa_key_type_params_ettable; } -/* Machine generated by util/perl/OpenSSL/paramnames.pm */ -{- produce_param_list('static', 'ml_dsa_params', - 'static', 'ml_dsa_get_params_find_pidx', - (['PKEY_PARAM_BITS', 'int'], - ['PKEY_PARAM_SECURITY_BITS', 'int'], - ['PKEY_PARAM_MAX_SIZE', 'int'], - ['PKEY_PARAM_SECURITY_CATEGORY', 'int'], - ['PKEY_PARAM_MANDATORY_DIGEST', 'utf8_string'], - ['PKEY_PARAM_ML_DSA_SEED', 'octet_string'], - ['PKEY_PARAM_PUB_KEY', 'octet_string'], - ['PKEY_PARAM_PRIV_KEY', 'octet_string'], - )); -} -/* End of machine generated */ +{- produce_param_decoder('ml_dsa_get_params', + (['PKEY_PARAM_BITS', 'bits', 'int'], + ['PKEY_PARAM_SECURITY_BITS', 'secbits', 'int'], + ['PKEY_PARAM_MAX_SIZE', 'maxsize', 'int'], + ['PKEY_PARAM_SECURITY_CATEGORY', 'seccat', 'int'], + ['PKEY_PARAM_MANDATORY_DIGEST', 'dgstp', 'utf8_string'], + ['PKEY_PARAM_ML_DSA_SEED', 'seed', 'octet_string'], + ['PKEY_PARAM_PUB_KEY', 'pubkey', 'octet_string'], + ['PKEY_PARAM_PRIV_KEY', 'privkey', 'octet_string'], + )); -} static const OSSL_PARAM *ml_dsa_gettable_params(void *provctx) { - return ml_dsa_params; + return ml_dsa_get_params_ettable; } static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[]) { ML_DSA_KEY *key = keydata; - OSSL_PARAM *p; const uint8_t *d; size_t len; + struct ml_dsa_get_params_st p = ml_dsa_get_params_decoder(params); - for (p = params; p->key != NULL; p++) - switch (ml_dsa_get_params_find_pidx(p->key)) { - default: - break; + if (p.bits != NULL + && !OSSL_PARAM_set_int(p.bits, 8 * ossl_ml_dsa_key_get_pub_len(key))) + return 0; - case PIDX_PKEY_PARAM_BITS: - if (!OSSL_PARAM_set_int(p, 8 * ossl_ml_dsa_key_get_pub_len(key))) - return 0; - break; + if (p.secbits != NULL + && !OSSL_PARAM_set_int(p.secbits, ossl_ml_dsa_key_get_collision_strength_bits(key))) + return 0; - case PIDX_PKEY_PARAM_SECURITY_BITS: - if (!OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_collision_strength_bits(key))) - return 0; - break; + if (p.maxsize != NULL + && !OSSL_PARAM_set_int(p.maxsize, ossl_ml_dsa_key_get_sig_len(key))) + return 0; - case PIDX_PKEY_PARAM_MAX_SIZE: - if (!OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_sig_len(key))) - return 0; - break; + if (p.seccat != NULL + && !OSSL_PARAM_set_int(p.seccat, ossl_ml_dsa_key_get_security_category(key))) + return 0; - case PIDX_PKEY_PARAM_SECURITY_CATEGORY: - if (!OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_security_category(key))) - return 0; - break; - case PIDX_PKEY_PARAM_ML_DSA_SEED: - d = ossl_ml_dsa_key_get_seed(key); - if (d != NULL && !OSSL_PARAM_set_octet_string(p, d, ML_DSA_SEED_BYTES)) + if (p.seed != NULL) { + d = ossl_ml_dsa_key_get_seed(key); + if (d != NULL && !OSSL_PARAM_set_octet_string(p.seed, d, + ML_DSA_SEED_BYTES)) + return 0; + } + + if (p.privkey != NULL) { + d = ossl_ml_dsa_key_get_priv(key); + if (d != NULL) { + len = ossl_ml_dsa_key_get_priv_len(key); + if (!OSSL_PARAM_set_octet_string(p.privkey, d, len)) return 0; - break; - - case PIDX_PKEY_PARAM_PRIV_KEY: - d = ossl_ml_dsa_key_get_priv(key); - if (d != NULL) { - len = ossl_ml_dsa_key_get_priv_len(key); - if (!OSSL_PARAM_set_octet_string(p, d, len)) - return 0; - } - break; - - case PIDX_PKEY_PARAM_PUB_KEY: - d = ossl_ml_dsa_key_get_pub(key); - if (d != NULL) { - len = ossl_ml_dsa_key_get_pub_len(key); - if (!OSSL_PARAM_set_octet_string(p, d, len)) - return 0; - } - break; - - /* - * This allows apps to use an empty digest, so that the old API - * for digest signing can be used. - */ - case PIDX_PKEY_PARAM_MANDATORY_DIGEST: - if (!OSSL_PARAM_set_utf8_string(p, "")) + } + } + + if (p.pubkey != NULL) { + d = ossl_ml_dsa_key_get_pub(key); + if (d != NULL) { + len = ossl_ml_dsa_key_get_pub_len(key); + if (!OSSL_PARAM_set_octet_string(p.pubkey, d, len)) return 0; - break; } + } + + /* + * This allows apps to use an empty digest, so that the old API + * for digest signing can be used. + */ + if (p.dgstp != NULL && !OSSL_PARAM_set_utf8_string(p.dgstp, "")) + return 0; return 1; } @@ -529,30 +502,37 @@ static void *ml_dsa_gen(void *genctx, int evp_type) return NULL; } +{- produce_param_decoder('ml_dsa_gen_set_params', + (['PKEY_PARAM_ML_DSA_SEED', 'seed', 'octet_string'], + ['PKEY_PARAM_PROPERTIES', 'propq', 'utf8_string'], + )); -} + static int ml_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) { struct ml_dsa_gen_ctx *gctx = genctx; - const OSSL_PARAM *p; + struct ml_dsa_gen_set_params_st p; if (gctx == NULL) return 0; + if (ossl_param_is_empty(params)) + return 1; + + p = ml_dsa_gen_set_params_decoder(params); - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ML_DSA_SEED); - if (p != NULL) { + if (p.seed != NULL) { void *vp = gctx->entropy; size_t len = sizeof(gctx->entropy); - if (!OSSL_PARAM_get_octet_string(p, &vp, len, &(gctx->entropy_len))) { + if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) { gctx->entropy_len = 0; return 0; } } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES); - if (p != NULL) { + if (p.propq != NULL) { OPENSSL_free(gctx->propq); gctx->propq = NULL; - if (!OSSL_PARAM_get_utf8_string(p, &gctx->propq, 0)) + if (!OSSL_PARAM_get_utf8_string(p.propq, &gctx->propq, 0)) return 0; } return 1; @@ -561,12 +541,7 @@ static int ml_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *ml_dsa_gen_settable_params(ossl_unused void *genctx, ossl_unused void *provctx) { - static OSSL_PARAM settable[] = { - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ML_DSA_SEED, NULL, 0), - OSSL_PARAM_END - }; - return settable; + return ml_dsa_gen_set_params_ettable; } static void ml_dsa_gen_cleanup(void *genctx)