From 64328438f6c8ac4440167d89cbdacd8f8e02d7d0 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 6 May 2025 11:32:48 +1000 Subject: [PATCH] ml-dsa: add security category support Reviewed-by: Shane Lontis Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/27571) --- crypto/ml_dsa/ml_dsa_key.c | 5 +++++ include/crypto/ml_dsa.h | 1 + providers/implementations/keymgmt/ml_dsa_kmgmt.c | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c index 41df1a956fb..d1b07570f38 100644 --- a/crypto/ml_dsa/ml_dsa_key.c +++ b/crypto/ml_dsa/ml_dsa_key.c @@ -520,6 +520,11 @@ size_t ossl_ml_dsa_key_get_collision_strength_bits(const ML_DSA_KEY *key) return key->params->bit_strength; } +int ossl_ml_dsa_key_get_security_category(const ML_DSA_KEY *key) +{ + return key->params->security_category; +} + /* Returns the private key data or NULL if there is no private key */ const uint8_t *ossl_ml_dsa_key_get_priv(const ML_DSA_KEY *key) { diff --git a/include/crypto/ml_dsa.h b/include/crypto/ml_dsa.h index 3508993542a..b4c3bf385b1 100644 --- a/include/crypto/ml_dsa.h +++ b/include/crypto/ml_dsa.h @@ -99,6 +99,7 @@ int ossl_ml_dsa_set_prekey(ML_DSA_KEY *key, int flags_set, int flags_clr, const uint8_t *seed, size_t seed_len, const uint8_t *sk, size_t sk_len); __owur size_t ossl_ml_dsa_key_get_collision_strength_bits(const ML_DSA_KEY *key); +__owur int ossl_ml_dsa_key_get_security_category(const ML_DSA_KEY *key); __owur size_t ossl_ml_dsa_key_get_sig_len(const ML_DSA_KEY *key); __owur int ossl_ml_dsa_key_matches(const ML_DSA_KEY *key, int evp_type); __owur const char *ossl_ml_dsa_key_get_name(const ML_DSA_KEY *key); diff --git a/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/providers/implementations/keymgmt/ml_dsa_kmgmt.c index a31a308c9c7..33b0ab860be 100644 --- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c +++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c @@ -29,7 +29,6 @@ static OSSL_FUNC_keymgmt_export_fn ml_dsa_export; static OSSL_FUNC_keymgmt_import_types_fn ml_dsa_imexport_types; static OSSL_FUNC_keymgmt_export_types_fn ml_dsa_imexport_types; static OSSL_FUNC_keymgmt_dup_fn ml_dsa_dup_key; -static OSSL_FUNC_keymgmt_get_params_fn ml_dsa_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn ml_dsa_gettable_params; static OSSL_FUNC_keymgmt_validate_fn ml_dsa_validate; static OSSL_FUNC_keymgmt_gen_init_fn ml_dsa_gen_init; @@ -299,6 +298,7 @@ static const OSSL_PARAM ml_dsa_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), ML_DSA_IMEXPORTABLE_PARAMETERS, OSSL_PARAM_END @@ -323,6 +323,9 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_sig_len(key))) return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL + && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_security_category(key))) + return 0; pub = ossl_ml_dsa_key_get_pub(key); priv = ossl_ml_dsa_key_get_priv(key); -- 2.47.2