Add ML_DSA encoders

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26575)

diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c
index 9057f5ec7a209ee6b56c665992754f76aa417a0d..4f9cd3226cc36fd6f7d83e53b0b4d6269eab35d4 100644 (file)
--- a/crypto/ml_dsa/ml_dsa_key.c
+++ b/crypto/ml_dsa/ml_dsa_key.c
@@ -503,3 +503,47 @@ const char *ossl_ml_dsa_key_get_name(const ML_DSA_KEY *key)
 {
     return key->params->alg;
 }
+
+#ifndef FIPS_MODULE
+int ossl_ml_dsa_to_text(BIO *out, ML_DSA_KEY *key, int selection)
+{
+    const char *name;
+
+    if (out == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    name = ossl_ml_dsa_key_get_name(key);
+    if (ossl_ml_dsa_key_get_pub(key) == NULL) {
+        /* Regardless of the |selection|, there must be a public key */
+        ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
+                       "no %s key material available", name);
+        return 0;
+    }
+
+    name = ossl_ml_dsa_key_get_name(key);
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+        if (ossl_ml_dsa_key_get_priv(key) == NULL) {
+            ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
+                           "no %s key material available", name);
+            return 0;
+        }
+        if (BIO_printf(out, "%s Private-Key:\n", name) <= 0)
+            return 0;
+        if (!ossl_bio_print_labeled_buf(out, "priv:",
+                                        ossl_ml_dsa_key_get_priv(key),
+                                        ossl_ml_dsa_key_get_priv_len(key)))
+            return 0;
+    } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+        if (BIO_printf(out, "%s Public-Key:\n", name) <= 0)
+            return 0;
+    }
+
+    if (!ossl_bio_print_labeled_buf(out, "pub:",
+                                    ossl_ml_dsa_key_get_pub(key),
+                                    ossl_ml_dsa_key_get_pub_len(key)))
+        return 0;
+
+    return 1;
+}
+#endif /* FIPS_MODULE */

diff --git a/include/crypto/ml_dsa.h b/include/crypto/ml_dsa.h
index dadab02bc146c83b5258f1132aa30e356980c4af..7cf446d7d22579e78ba9bcbde9d5684b7e4243ce 100644 (file)
--- a/include/crypto/ml_dsa.h
+++ b/include/crypto/ml_dsa.h
@@ -27,6 +27,7 @@ void ossl_ml_dsa_key_free(ML_DSA_KEY *key);
 __owur ML_DSA_KEY *ossl_ml_dsa_key_dup(const ML_DSA_KEY *src, int selection);
 __owur int ossl_ml_dsa_key_equal(const ML_DSA_KEY *key1, const ML_DSA_KEY *key2,
                                  int selection);
+__owur int ossl_ml_dsa_to_text(BIO *out, ML_DSA_KEY *key, int selection);
 __owur int ossl_ml_dsa_key_has(const ML_DSA_KEY *key, int selection);
 __owur int ossl_ml_dsa_key_pairwise_check(const ML_DSA_KEY *key);
 __owur int ossl_ml_dsa_key_fromdata(ML_DSA_KEY *key, const OSSL_PARAM *params,
@@ -47,6 +48,10 @@ __owur int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key);
 __owur int ossl_ml_dsa_pk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len);
 __owur int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len);
 
+__owur int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key);
+__owur int ossl_ml_dsa_pk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len);
+__owur int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len);
+
 __owur int ossl_ml_dsa_sign(const ML_DSA_KEY *priv,
                             const uint8_t *msg, size_t msg_len,
                             const uint8_t *context, size_t context_len,

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 85eb94b369d023ecd1f526b2ab145e64c46f9cee..271cd02b41f0c25421f14fee3ad9583c8e63a5e6 100644 (file)
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -652,12 +652,8 @@ ml_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)
         goto end;
 
     /* Algorithm parameters must be absent */
-    if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) {
-        ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,
-                       "unexpected parameters with a PKCS#8 %s private key",
-                       ctx->desc->keytype_name);
+    if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF))
         goto end;
-    }
     if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)
         goto end;
     if ((key = ossl_ml_dsa_key_new(libctx, ctx->propq,

diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 4d1881d6c4e557e3d2d8394822dd364bc006b816..574dad142f712aaab91299cb232f7dcb6d0a129f 100644 (file)
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -591,47 +591,8 @@ static int rsa_to_text(BIO *out, const void *key, int selection)
 #ifndef OPENSSL_NO_ML_DSA
 static int ml_dsa_to_text(BIO *out, const void *key, int selection)
 {
-    const char *name;
-
-    if (out == NULL || key == NULL) {
-        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    name = ossl_ml_dsa_key_get_name(key);
-    if (ossl_ml_dsa_key_get_pub(key) == NULL) {
-        /* Regardless of the |selection|, there must be a public key */
-        ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
-                       "no %s key material available", name);
-        return 0;
-    }
-
-    name = ossl_ml_dsa_key_get_name(key);
-    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
-        if (ossl_ml_dsa_key_get_priv(key) == NULL) {
-            ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
-                           "no %s key material available", name);
-            return 0;
-        }
-        if (BIO_printf(out, "%s Private-Key:\n", name) <= 0)
-            return 0;
-        if (!ossl_bio_print_labeled_buf(out, "priv:",
-                                        ossl_ml_dsa_key_get_priv(key),
-                                        ossl_ml_dsa_key_get_priv_len(key)))
-            return 0;
-    } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
-        if (BIO_printf(out, "%s Public-Key:\n", name) <= 0)
-            return 0;
-    }
-
-    if (!ossl_bio_print_labeled_buf(out, "pub:",
-                                    ossl_ml_dsa_key_get_pub(key),
-                                    ossl_ml_dsa_key_get_pub_len(key)))
-        return 0;
-
-    return 1;
+    return ossl_ml_dsa_to_text(out, (ML_DSA_KEY *)key, selection);
 }
-#endif /* OPENSSL_NO_ML_DSA */
-
 /* ---------------------------------------------------------------------- */
 
 static void *key2text_newctx(void *provctx)