ML-KEM/ML-DSA part 4: ML-DSA

Splitting up #2405 into a few parts as suggest by @alex.

Adapting ML-DSA changes from #2405 to use the OsslParamBuilder changes
over the last few PRs and to juggle lifetimes appropriately

Co-authored-by: Jakub Jelen <[email protected]>
Co-authored-by: Justus Winter <[email protected]>

Author: 3 people

openssl/src/lib.rs

@@ -185,12 +185,16 @@ pub mod pkcs5;
 pub mod pkcs7;
 pub mod pkey;
 pub mod pkey_ctx;
+#[cfg(ossl350)]
+pub mod pkey_ml_dsa;
 #[cfg(ossl300)]
 pub mod provider;
 pub mod rand;
 pub mod rsa;
 pub mod sha;
 pub mod sign;
+#[cfg(ossl300)]
+pub mod signature;
 pub mod srtp;
 pub mod ssl;
 pub mod stack;

openssl/src/pkey_ctx.rs

@@ -68,6 +68,8 @@ use crate::bn::BigNumRef;
 #[cfg(not(any(boringssl, awslc)))]
 use crate::cipher::CipherRef;
 use crate::error::ErrorStack;
+#[cfg(ossl300)]
+use crate::lib_ctx::LibCtxRef;
 use crate::md::MdRef;
 use crate::nid::Nid;
 use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Params, Private};
@@ -84,6 +86,8 @@ use openssl_macros::corresponds;
 use std::convert::TryFrom;
 #[cfg(ossl320)]
 use std::ffi::CStr;
+#[cfg(ossl300)]
+use std::ffi::CString;
 use std::ptr;
 
 /// HKDF modes of operation.
@@ -159,6 +163,26 @@ impl PkeyCtx<()> {
             Ok(PkeyCtx::from_ptr(ptr))
         }
     }
+
+    /// Creates a new pkey context from the algorithm name.
+    #[corresponds(EVP_PKEY_CTX_new_from_name)]
+    #[cfg(ossl300)]
+    pub fn new_from_name(
+        libctx: Option<&LibCtxRef>,
+        name: &str,
+        propquery: Option<&str>,
+    ) -> Result<Self, ErrorStack> {
+        unsafe {
+            let propquery = propquery.map(|s| CString::new(s).unwrap());
+            let name = CString::new(name).unwrap();
+            let ptr = cvt_p(ffi::EVP_PKEY_CTX_new_from_name(
+                libctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
+                name.as_ptr(),
+                propquery.map_or(ptr::null_mut(), |s| s.as_ptr()),
+            ))?;
+            Ok(PkeyCtx::from_ptr(ptr))
+        }
+    }
 }
 
 impl<T> PkeyCtxRef<T>
@@ -187,6 +211,26 @@ where
         Ok(())
     }
 
+    /// Prepares the context for signature verification over a message
+    /// using the public key.
+    #[cfg(ossl340)]
+    #[corresponds(EVP_PKEY_verify_message_init)]
+    #[inline]
+    pub fn verify_message_init(
+        &mut self,
+        algo: &mut crate::signature::Signature,
+    ) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_verify_message_init(
+                self.as_ptr(),
+                algo.as_ptr(),
+                ptr::null(),
+            ))?;
+        }
+
+        Ok(())
+    }
+
     /// Prepares the context for signature recovery using the public key.
     #[corresponds(EVP_PKEY_verify_recover_init)]
     #[inline]
@@ -319,6 +363,25 @@ where
         Ok(())
     }
 
+    /// Prepares the context for signing a message using the private key.
+    #[cfg(ossl340)]
+    #[corresponds(EVP_PKEY_sign_message_init)]
+    #[inline]
+    pub fn sign_message_init(
+        &mut self,
+        algo: &mut crate::signature::Signature,
+    ) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_sign_message_init(
+                self.as_ptr(),
+                algo.as_ptr(),
+                ptr::null(),
+            ))?;
+        }
+
+        Ok(())
+    }
+
     /// Sets the peer key used for secret derivation.
     #[corresponds(EVP_PKEY_derive_set_peer)]
     pub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>
@@ -889,6 +952,20 @@ impl<T> PkeyCtxRef<T> {
         Ok(())
     }
 
+    /// Generates a new public/private keypair.
+    ///
+    /// New OpenSSL 3.0 function that should do the same thing as keygen()
+    #[corresponds(EVP_PKEY_generate)]
+    #[cfg(ossl300)]
+    #[inline]
+    pub fn generate(&mut self) -> Result<PKey<Private>, ErrorStack> {
+        unsafe {
+            let mut key = ptr::null_mut();
+            cvt(ffi::EVP_PKEY_generate(self.as_ptr(), &mut key))?;
+            Ok(PKey::from_ptr(key))
+        }
+    }
+
     /// Gets the nonce type for a private key context.
     ///
     /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).
@@ -913,6 +990,14 @@ impl<T> PkeyCtxRef<T> {
         }
         Ok(NonceType(nonce_type))
     }
+
+    /// Initializes a conversion from `OsslParam` to `PKey` on given `PkeyCtx`.
+    #[corresponds(EVP_PKEY_fromdata_init)]
+    #[cfg(ossl300)]
+    pub fn fromdata_init(&mut self) -> Result<(), ErrorStack> {
+        unsafe { cvt(ffi::EVP_PKEY_fromdata_init(self.as_ptr()))? };
+        Ok(())
+    }
 }
 
 #[cfg(test)]