certtool: enable ML-DSA private key generation

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/src/certtool-common.c b/src/certtool-common.c
index 45f2ad8e30000fde34bd725708dc391dc5c002ea..efeb92b65c35bd671d589d16e4e41233c3e5fe40 100644 (file)
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1663,6 +1663,12 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type)
                return GNUTLS_PK_GOST_12_256;
        else if (strcasecmp(key_type, "gost12-512") == 0)
                return GNUTLS_PK_GOST_12_512;
+       else if (strcasecmp(key_type, "mldsa44") == 0)
+               return GNUTLS_PK_ML_DSA_44;
+       else if (strcasecmp(key_type, "mldsa65") == 0)
+               return GNUTLS_PK_ML_DSA_65;
+       else if (strcasecmp(key_type, "mldsa87") == 0)
+               return GNUTLS_PK_ML_DSA_87;
        else {
                fprintf(stderr, "unknown key type: %s\n", key_type);
                return GNUTLS_PK_UNKNOWN;

diff --git a/src/certtool-common.h b/src/certtool-common.h
index 07b7ae09ccf972d6065cc514acfa99938a865371..334079ac2970c785f041565d6bb9d74c67083739 100644 (file)
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -100,7 +100,10 @@ static inline void switch_to_pkcs8_when_needed(common_info_st *cinfo,
            key_type == GNUTLS_PK_ECDH_X25519 ||
            key_type == GNUTLS_PK_ECDH_X448 || key_type == GNUTLS_PK_GOST_01 ||
            key_type == GNUTLS_PK_GOST_12_256 ||
-           key_type == GNUTLS_PK_GOST_12_512) {
+           key_type == GNUTLS_PK_GOST_12_512 ||
+           key_type == GNUTLS_PK_ML_DSA_44 ||
+           key_type == GNUTLS_PK_ML_DSA_65 ||
+           key_type == GNUTLS_PK_ML_DSA_87) {
                if (cinfo->verbose)
                        fprintf(stderr,
                                "Assuming --pkcs8 is given; %s private keys can only be exported in PKCS#8 format\n",