Update Composite ML-DSA import/export APIs (#118600)

Author: PranavSenthilnathan

src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsa.cs

@@ -13,11 +13,11 @@ protected override int SignDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byte>
             throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(CompositeMLDsa)));
 
         /// <inheritdoc/>
-        protected override bool TryExportCompositeMLDsaPrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPrivateKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(CompositeMLDsa)));
 
         /// <inheritdoc/>
-        protected override bool TryExportCompositeMLDsaPublicKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(CompositeMLDsa)));
 
         /// <inheritdoc/>

src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaAlgorithm.cs

@@ -37,10 +37,10 @@ protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byt
         protected override bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
             throw new PlatformNotSupportedException();
 
-        protected override bool TryExportCompositeMLDsaPublicKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
 
-        protected override bool TryExportCompositeMLDsaPrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPrivateKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
     }
 }

src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaCng.Windows.cs

@@ -72,10 +72,10 @@ protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byt
         protected override bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
             throw new PlatformNotSupportedException();
 
-        protected override bool TryExportCompositeMLDsaPublicKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPublicKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
 
-        protected override bool TryExportCompositeMLDsaPrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
+        protected override int ExportCompositeMLDsaPrivateKeyCore(Span<byte> destination) =>
             throw new PlatformNotSupportedException();
     }
 }

src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaImplementation.NotSupported.cs

@@ -370,26 +370,29 @@ protected override bool VerifyDataCore(ReadOnlySpan<byte> data, ReadOnlySpan<byt
         protected override bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten) =>
             throw new PlatformNotSupportedException();
 
-        protected override bool TryExportCompositeMLDsaPublicKeyCore(Span<byte> destination, out int bytesWritten)
+        protected override int ExportCompositeMLDsaPublicKeyCore(Span<byte> destination)
         {
             // draft-ietf-lamps-pq-composite-sigs-latest (June 20, 2025), 5.1
             //  1.  Combine and output the encoded public key
             //
             //      output mldsaPK || tradPK
 
+            int bytesWritten = 0;
+
             _mldsa.ExportMLDsaPublicKey(destination.Slice(0, AlgorithmDetails.MLDsaAlgorithm.PublicKeySizeInBytes));
+            bytesWritten += AlgorithmDetails.MLDsaAlgorithm.PublicKeySizeInBytes;
 
-            if (_componentAlgorithm.TryExportPublicKey(destination.Slice(AlgorithmDetails.MLDsaAlgorithm.PublicKeySizeInBytes), out int componentBytesWritten))
+            if (!_componentAlgorithm.TryExportPublicKey(destination.Slice(AlgorithmDetails.MLDsaAlgorithm.PublicKeySizeInBytes), out int componentBytesWritten))
             {
-                bytesWritten = AlgorithmDetails.MLDsaAlgorithm.PublicKeySizeInBytes + componentBytesWritten;
-                return true;
+                throw new CryptographicException();
             }
 
-            bytesWritten = 0;
-            return false;
+            bytesWritten += componentBytesWritten;
+
+            return bytesWritten;
         }
 
-        protected override bool TryExportCompositeMLDsaPrivateKeyCore(Span<byte> destination, out int bytesWritten)
+        protected override int ExportCompositeMLDsaPrivateKeyCore(Span<byte> destination)
         {
             // draft-ietf-lamps-pq-composite-sigs-latest (June 20, 2025), 5.2
             //  1.  Combine and output the encoded private key
@@ -398,16 +401,19 @@ protected override bool TryExportCompositeMLDsaPrivateKeyCore(Span<byte> destina
 
             try
             {
+                int bytesWritten = 0;
+
                 _mldsa.ExportMLDsaPrivateSeed(destination.Slice(0, AlgorithmDetails.MLDsaAlgorithm.PrivateSeedSizeInBytes));
+                bytesWritten += AlgorithmDetails.MLDsaAlgorithm.PrivateSeedSizeInBytes;
 
-                if (_componentAlgorithm.TryExportPrivateKey(destination.Slice(AlgorithmDetails.MLDsaAlgorithm.PrivateSeedSizeInBytes), out int componentBytesWritten))
+                if (!_componentAlgorithm.TryExportPrivateKey(destination.Slice(AlgorithmDetails.MLDsaAlgorithm.PrivateSeedSizeInBytes), out int componentBytesWritten))
                 {
-                    bytesWritten = AlgorithmDetails.MLDsaAlgorithm.PrivateSeedSizeInBytes + componentBytesWritten;
-                    return true;
+                    throw new CryptographicException();
                 }
 
-                bytesWritten = 0;
-                return false;
+                bytesWritten += componentBytesWritten;
+
+                return bytesWritten;
             }
             catch (CryptographicException)
             {

src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaImplementation.Windows.cs

@@ -45,6 +45,8 @@ internal static void Return(byte[] array, int clearSize = ClearAll)
 
         internal Span<byte> Span { get; private set; }
 
+        internal readonly bool IsRented => _rented is not null;
+
         public void Dispose()
         {
             Return();