ML_DSA - Fix bug in OSSL_PKEY_PARAM_SECURITY_BITS getter.

Reported by @romen It was off by a factor of 8. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27110)
2025-04-06 20:20:50 +08:00 · 2025-03-21 15:46:52 +11:00 · 2025-03-21 15:46:52 +11:00 · 3c1f50ad6f
commit 3c1f50ad6f
parent 95051052b3
2 changed files with 12 additions and 2 deletions
--- a/providers/implementations/keymgmt/ml_dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_dsa_kmgmt.c
@ -316,7 +316,7 @@ static int ml_dsa_get_params(void *keydata, OSSL_PARAM params[])
            && !OSSL_PARAM_set_int(p, 8 * ossl_ml_dsa_key_get_pub_len(key)))
        return 0;
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
-            && !OSSL_PARAM_set_int(p, 8 * ossl_ml_dsa_key_get_collision_strength_bits(key)))
+            && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_collision_strength_bits(key)))
        return 0;
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
            && !OSSL_PARAM_set_int(p, ossl_ml_dsa_key_get_sig_len(key)))
--- a/test/ml_dsa_test.c
+++ b/test/ml_dsa_test.c
@ -89,6 +89,7 @@ static int ml_dsa_keygen_test(int tst_id)
    EVP_PKEY *pkey = NULL;
    uint8_t priv[5 * 1024], pub[3 * 1024], seed[ML_DSA_SEED_BYTES];
    size_t priv_len, pub_len, seed_len;
+    int bits = 0, sec_bits = 0, sig_len = 0;

    if (!TEST_ptr(pkey = do_gen_key(tst->name, tst->seed, tst->seed_len))
            || !TEST_true(EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ML_DSA_SEED,
@ -99,7 +100,16 @@ static int ml_dsa_keygen_test(int tst_id)
                                                          pub, sizeof(pub), &pub_len))
            || !TEST_mem_eq(pub, pub_len, tst->pub, tst->pub_len)
            || !TEST_mem_eq(priv, priv_len, tst->priv, tst->priv_len)
-            || !TEST_mem_eq(seed, seed_len, tst->seed, tst->seed_len))
+            || !TEST_mem_eq(seed, seed_len, tst->seed, tst->seed_len)
+            /* The following checks assume that algorithm is ML-DSA-65 */
+            || !TEST_true(EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_BITS, &bits))
+            || !TEST_int_eq(bits, 1952 * 8)
+            || !TEST_true(EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_SECURITY_BITS,
+                                                 &sec_bits))
+            || !TEST_int_eq(sec_bits, 192)
+            || !TEST_true(EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_MAX_SIZE,
+                                                 &sig_len))
+            || !TEST_int_ge(sig_len, 3309))
        goto err;
    ret = 1;
 err: