From: slontis Date: Fri, 10 Jan 2025 01:41:12 +0000 (+1100) Subject: Add ML_DSA encoders X-Git-Tag: openssl-3.5.0-alpha1~591 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9ffc11939e6d9b3cb7884f2c082f4c96dceb233;p=thirdparty%2Fopenssl.git Add ML_DSA encoders Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26575) --- diff --git a/crypto/ml_dsa/ml_dsa_key.c b/crypto/ml_dsa/ml_dsa_key.c index 9057f5ec7a2..4f9cd3226cc 100644 --- a/crypto/ml_dsa/ml_dsa_key.c +++ b/crypto/ml_dsa/ml_dsa_key.c @@ -503,3 +503,47 @@ const char *ossl_ml_dsa_key_get_name(const ML_DSA_KEY *key) { return key->params->alg; } + +#ifndef FIPS_MODULE +int ossl_ml_dsa_to_text(BIO *out, ML_DSA_KEY *key, int selection) +{ + const char *name; + + if (out == NULL || key == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + name = ossl_ml_dsa_key_get_name(key); + if (ossl_ml_dsa_key_get_pub(key) == NULL) { + /* Regardless of the |selection|, there must be a public key */ + ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, + "no %s key material available", name); + return 0; + } + + name = ossl_ml_dsa_key_get_name(key); + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (ossl_ml_dsa_key_get_priv(key) == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, + "no %s key material available", name); + return 0; + } + if (BIO_printf(out, "%s Private-Key:\n", name) <= 0) + return 0; + if (!ossl_bio_print_labeled_buf(out, "priv:", + ossl_ml_dsa_key_get_priv(key), + ossl_ml_dsa_key_get_priv_len(key))) + return 0; + } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if (BIO_printf(out, "%s Public-Key:\n", name) <= 0) + return 0; + } + + if (!ossl_bio_print_labeled_buf(out, "pub:", + ossl_ml_dsa_key_get_pub(key), + ossl_ml_dsa_key_get_pub_len(key))) + return 0; + + return 1; +} +#endif /* FIPS_MODULE */ diff --git a/include/crypto/ml_dsa.h b/include/crypto/ml_dsa.h index dadab02bc14..7cf446d7d22 100644 --- a/include/crypto/ml_dsa.h +++ b/include/crypto/ml_dsa.h @@ -27,6 +27,7 @@ void ossl_ml_dsa_key_free(ML_DSA_KEY *key); __owur ML_DSA_KEY *ossl_ml_dsa_key_dup(const ML_DSA_KEY *src, int selection); __owur int ossl_ml_dsa_key_equal(const ML_DSA_KEY *key1, const ML_DSA_KEY *key2, int selection); +__owur int ossl_ml_dsa_to_text(BIO *out, ML_DSA_KEY *key, int selection); __owur int ossl_ml_dsa_key_has(const ML_DSA_KEY *key, int selection); __owur int ossl_ml_dsa_key_pairwise_check(const ML_DSA_KEY *key); __owur int ossl_ml_dsa_key_fromdata(ML_DSA_KEY *key, const OSSL_PARAM *params, @@ -47,6 +48,10 @@ __owur int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key); __owur int ossl_ml_dsa_pk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len); __owur int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len); +__owur int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key); +__owur int ossl_ml_dsa_pk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len); +__owur int ossl_ml_dsa_sk_decode(ML_DSA_KEY *key, const uint8_t *in, size_t in_len); + __owur int ossl_ml_dsa_sign(const ML_DSA_KEY *priv, const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len, diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 85eb94b369d..271cd02b41f 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -652,12 +652,8 @@ ml_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx) goto end; /* Algorithm parameters must be absent */ - if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS, - "unexpected parameters with a PKCS#8 %s private key", - ctx->desc->keytype_name); + if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) goto end; - } if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type) goto end; if ((key = ossl_ml_dsa_key_new(libctx, ctx->propq, diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 4d1881d6c4e..574dad142f7 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -591,47 +591,8 @@ static int rsa_to_text(BIO *out, const void *key, int selection) #ifndef OPENSSL_NO_ML_DSA static int ml_dsa_to_text(BIO *out, const void *key, int selection) { - const char *name; - - if (out == NULL || key == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - name = ossl_ml_dsa_key_get_name(key); - if (ossl_ml_dsa_key_get_pub(key) == NULL) { - /* Regardless of the |selection|, there must be a public key */ - ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, - "no %s key material available", name); - return 0; - } - - name = ossl_ml_dsa_key_get_name(key); - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { - if (ossl_ml_dsa_key_get_priv(key) == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, - "no %s key material available", name); - return 0; - } - if (BIO_printf(out, "%s Private-Key:\n", name) <= 0) - return 0; - if (!ossl_bio_print_labeled_buf(out, "priv:", - ossl_ml_dsa_key_get_priv(key), - ossl_ml_dsa_key_get_priv_len(key))) - return 0; - } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { - if (BIO_printf(out, "%s Public-Key:\n", name) <= 0) - return 0; - } - - if (!ossl_bio_print_labeled_buf(out, "pub:", - ossl_ml_dsa_key_get_pub(key), - ossl_ml_dsa_key_get_pub_len(key))) - return 0; - - return 1; + return ossl_ml_dsa_to_text(out, (ML_DSA_KEY *)key, selection); } -#endif /* OPENSSL_NO_ML_DSA */ - /* ---------------------------------------------------------------------- */ static void *key2text_newctx(void *provctx)