Configurable import-time PCT for ML-KEM

And related cleanup. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26789)
2025-02-15 04:36:25 +11:00 · 2025-02-15 04:36:25 +11:00 · cab4e7cbd1
commit cab4e7cbd1
parent f31b98fefe
14 changed files with 207 additions and 118 deletions
--- a/include/crypto/ml_dsa.h
+++ b/include/crypto/ml_dsa.h
@ -42,6 +42,12 @@
 # define MAX_ML_DSA_PUB_LEN ML_DSA_87_PUB_LEN
 # define MAX_ML_DSA_SIG_LEN ML_DSA_87_SIG_LEN

+# define ML_DSA_KEY_PREFER_SEED (1 << 0)
+# define ML_DSA_KEY_RETAIN_SEED (1 << 1)
+/* Default provider flags */
+# define ML_DSA_KEY_PROV_FLAGS_DEFAULT \
+    (ML_DSA_KEY_PREFER_SEED | ML_DSA_KEY_RETAIN_SEED)
+
 /*
 * Refer to FIPS 204 Section 4 Parameter sets.
 * Fields that are shared between all algorithms (such as q & d) have been omitted.
@ -86,9 +92,8 @@ __owur size_t ossl_ml_dsa_key_get_pub_len(const ML_DSA_KEY *key);
 __owur const uint8_t *ossl_ml_dsa_key_get_priv(const ML_DSA_KEY *key);
 __owur size_t ossl_ml_dsa_key_get_priv_len(const ML_DSA_KEY *key);
 __owur const uint8_t *ossl_ml_dsa_key_get_seed(const ML_DSA_KEY *key);
-__owur int ossl_ml_dsa_key_prefer_seed(const ML_DSA_KEY *key);
-__owur int ossl_ml_dsa_key_retain_seed(const ML_DSA_KEY *key);
-int ossl_ml_dsa_set_prekey(ML_DSA_KEY *key, int prefer_seed, int retain_seed,
+__owur int ossl_ml_dsa_key_get_prov_flags(const ML_DSA_KEY *key);
+int ossl_ml_dsa_set_prekey(ML_DSA_KEY *key, int flags_set, int flags_clr,
                           const uint8_t *seed, size_t seed_len,
                           const uint8_t *sk, size_t sk_len);
 __owur size_t ossl_ml_dsa_key_get_collision_strength_bits(const ML_DSA_KEY *key);
--- a/include/crypto/ml_kem.h
+++ b/include/crypto/ml_kem.h
@ -117,6 +117,17 @@
 # define ML_KEM_1024_DV         5
 # define ML_KEM_1024_SECBITS    256

+# define ML_KEM_KEY_RANDOM_PCT  (1 << 0)
+# define ML_KEM_KEY_FIXED_PCT   (1 << 1)
+# define ML_KEM_KEY_PREFER_SEED (1 << 2)
+# define ML_KEM_KEY_RETAIN_SEED (1 << 3)
+/* Mask to check whether PCT on import is enabled */
+# define ML_KEM_KEY_PCT_TYPE \
+    (ML_KEM_KEY_RANDOM_PCT | ML_KEM_KEY_FIXED_PCT)
+/* Default provider flags */
+# define ML_KEM_KEY_PROV_FLAGS_DEFAULT \
+    (ML_KEM_KEY_RANDOM_PCT | ML_KEM_KEY_PREFER_SEED | ML_KEM_KEY_RETAIN_SEED)
+
 /*
 * External variant-specific API
 * -----------------------------
@ -171,8 +182,7 @@ typedef struct ossl_ml_kem_key_st {
    struct ossl_ml_kem_scalar_st *s;        /* Private key secret vector */
    uint8_t *z;                             /* Private key FO failure secret */
    uint8_t *d;                             /* Private key seed */
-    int prefer_seed;                        /* Given seed and key use seed? */
-    int retain_seed;                        /* Retain the seed after keygen? */
+    int prov_flags;                         /* prefer/retain seed and PCT flags */

    /*
     * Fixed-size built-in buffer, which holds the |rho| and the public key