Moved MLDSA key util methods to dedicated class

Author: antoinelochet

src/lib/SoftHSM.cpp

@@ -62,9 +62,12 @@
 #include "DHPrivateKey.h"
 #include "GOSTPublicKey.h"
 #include "GOSTPrivateKey.h"
+#ifdef WITH_ML_DSA
 #include "MLDSAParameters.h"
 #include "MLDSAPublicKey.h"
 #include "MLDSAPrivateKey.h"
+#include "MLDSAUtil.h"
+#endif
 #include "cryptoki.h"
 #include "SoftHSM.h"
 #include "osmutex.h"
@@ -4533,7 +4536,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 			return CKR_HOST_MEMORY;
 		}
 
-		if (getMLDSAPrivateKey((MLDSAPrivateKey*)privateKey, token, key) != CKR_OK)
+		if (MLDSAUtil::getMLDSAPrivateKey((MLDSAPrivateKey*)privateKey, token, key) != CKR_OK)
 		{
 			asymCrypto->recyclePrivateKey(privateKey);
 			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
@@ -5540,7 +5543,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			return CKR_HOST_MEMORY;
 		}
 
-		if (getMLDSAPublicKey((MLDSAPublicKey*)publicKey, token, key) != CKR_OK)
+		if (MLDSAUtil::getMLDSAPublicKey((MLDSAPublicKey*)publicKey, token, key) != CKR_OK)
 		{
 			asymCrypto->recyclePublicKey(publicKey);
 			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
@@ -6934,7 +6937,7 @@ CK_RV SoftHSM::C_WrapKey
 #endif
 #ifdef WITH_ML_DSA
 			case CKK_ML_DSA:
-				rv = getMLDSAPrivateKey((MLDSAPrivateKey*)privateKey, token, key);
+				rv = MLDSAUtil::getMLDSAPrivateKey((MLDSAPrivateKey*)privateKey, token, key);
 				break;
 #endif
 		}
@@ -7616,7 +7619,7 @@ CK_RV SoftHSM::C_UnwrapKey
 #ifdef WITH_ML_DSA
 			else if (keyType == CKK_ML_DSA)
 			{
-				bOK = bOK && setMLDSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
+				bOK = bOK && MLDSAUtil::setMLDSAPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE);
 			}
 #endif
 			else
@@ -12998,65 +13001,7 @@ CK_RV SoftHSM::getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* ke
 	return CKR_OK;
 }
 
-CK_RV SoftHSM::getMLDSAPrivateKey(MLDSAPrivateKey* privateKey, Token* token, OSObject* key)
-{
-	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
-	if (token == NULL) return CKR_ARGUMENTS_BAD;
-	if (key == NULL) return CKR_ARGUMENTS_BAD;
-
-	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
-	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
-
-	// ML-DSA Private Key Attributes
-	ByteString value;
-	ByteString seed;
-	if (isKeyPrivate)
-	{
-		bool bOK = true;
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SEED), seed);
-		if (!bOK)
-			return CKR_GENERAL_ERROR;
-	}
-	else
-	{
-		value = key->getByteStringValue(CKA_VALUE);
-		seed = key->getByteStringValue(CKA_SEED);
-	}
-
-	privateKey->setValue(value);
-	privateKey->setSeed(seed);
-
-	return CKR_OK;
-}
-
-CK_RV SoftHSM::getMLDSAPublicKey(MLDSAPublicKey* publicKey, Token* token, OSObject* key)
-{
-	if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
-	if (token == NULL) return CKR_ARGUMENTS_BAD;
-	if (key == NULL) return CKR_ARGUMENTS_BAD;
 
-	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
-	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
-
-	// EC Public Key Attributes
-	ByteString value;
-	if (isKeyPrivate)
-	{
-		bool bOK = true;
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
-		if (!bOK)
-			return CKR_GENERAL_ERROR;
-	}
-	else
-	{
-		value = key->getByteStringValue(CKA_VALUE);
-	}
-
-	publicKey->setValue(value);
-
-	return CKR_OK;
-}
 
 CK_RV SoftHSM::getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key)
 {
@@ -13515,48 +13460,6 @@ bool SoftHSM::setEDPrivateKey(OSObject* key, const ByteString &ber, Token* token
 	return bOK;
 }
 
-bool SoftHSM::setMLDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
-{
-	AsymmetricAlgorithm* mldsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::MLDSA);
-	if (mldsa == NULL)
-		return false;
-	PrivateKey* priv = mldsa->newPrivateKey();
-	if (priv == NULL)
-	{
-		CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
-		return false;
-	}
-	if (!priv->PKCS8Decode(ber))
-	{
-		mldsa->recyclePrivateKey(priv);
-		CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
-		return false;
-	}
-	// ML-DSA Private Key Attributes
-	ByteString parameterSet;
-	ByteString seed;
-	ByteString value;
-	if (isPrivate)
-	{
-		token->encrypt(((MLDSAPrivateKey*)priv)->getSeed(), seed);
-		token->encrypt(((MLDSAPrivateKey*)priv)->getValue(), value);
-	}
-	else
-	{
-		seed = ((MLDSAPrivateKey*)priv)->getSeed();
-		value = ((MLDSAPrivateKey*)priv)->getValue();
-	}
-	bool bOK = true;
-	bOK = bOK && key->setAttribute(CKA_PARAMETER_SET, ((MLDSAPrivateKey*)priv)->getParameterSet());
-	bOK = bOK && key->setAttribute(CKA_SEED, seed);
-	bOK = bOK && key->setAttribute(CKA_VALUE, value);
-
-	mldsa->recyclePrivateKey(priv);
-	CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
-
-	return bOK;
-}
-
 bool SoftHSM::setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const
 {
 	AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST);

src/lib/SoftHSM.h

@@ -455,10 +455,6 @@ class SoftHSM
 	CK_RV getGOSTPrivateKey(GOSTPrivateKey* privateKey, Token* token, OSObject* key);
 	CK_RV getGOSTPublicKey(GOSTPublicKey* publicKey, Token* token, OSObject* key);
 	CK_RV getSymmetricKey(SymmetricKey* skey, Token* token, OSObject* key);
-#ifdef WITH_ML_DSA
-	CK_RV getMLDSAPrivateKey(MLDSAPrivateKey* privateKey, Token* token, OSObject* key);
-	CK_RV getMLDSAPublicKey(MLDSAPublicKey* publicKey, Token* token, OSObject* key);
-#endif
 
 	ByteString getECDHPubData(ByteString& pubData);
 
@@ -468,9 +464,6 @@ class SoftHSM
 	bool setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const;
 	bool setEDPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const;
 	bool setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const;
-#ifdef WITH_ML_DSA
-	bool setMLDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const;
-#endif
 
 
 	CK_RV WrapKeyAsym

src/lib/crypto/CMakeLists.txt

@@ -31,6 +31,7 @@ set(SOURCES AESKey.cpp
             MLDSAParameters.cpp
             MLDSAPrivateKey.cpp
             MLDSAPublicKey.cpp
+            MLDSAUtil.cpp
             RSAParameters.cpp
             RSAPrivateKey.cpp
             RSAPublicKey.cpp

src/lib/crypto/MLDSAUtil.cpp

@@ -0,0 +1,113 @@
+/*****************************************************************************
+ MLDSAUtil.cpp
+
+ ML-DSA convenience functions
+ *****************************************************************************/
+
+#include "config.h"
+#ifdef WITH_ML_DSA
+#include "MLDSAUtil.h"
+
+/*static*/ CK_RV MLDSAUtil::getMLDSAPrivateKey(MLDSAPrivateKey* privateKey, Token* token, OSObject* key)
+{
+	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+	if (token == NULL) return CKR_ARGUMENTS_BAD;
+	if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+	// ML-DSA Private Key Attributes
+	ByteString value;
+	ByteString seed;
+	if (isKeyPrivate)
+	{
+		bool bOK = true;
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SEED), seed);
+		if (!bOK)
+			return CKR_GENERAL_ERROR;
+	}
+	else
+	{
+		value = key->getByteStringValue(CKA_VALUE);
+		seed = key->getByteStringValue(CKA_SEED);
+	}
+
+	privateKey->setValue(value);
+	privateKey->setSeed(seed);
+
+	return CKR_OK;
+}
+
+/*static*/ CK_RV MLDSAUtil::getMLDSAPublicKey(MLDSAPublicKey* publicKey, Token* token, OSObject* key)
+{
+	if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+	if (token == NULL) return CKR_ARGUMENTS_BAD;
+	if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+	// EC Public Key Attributes
+	ByteString value;
+	if (isKeyPrivate)
+	{
+		bool bOK = true;
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+		if (!bOK)
+			return CKR_GENERAL_ERROR;
+	}
+	else
+	{
+		value = key->getByteStringValue(CKA_VALUE);
+	}
+
+	publicKey->setValue(value);
+
+	return CKR_OK;
+}
+
+/*static*/ bool MLDSAUtil::setMLDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate)
+{
+	AsymmetricAlgorithm* mldsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::MLDSA);
+	if (mldsa == NULL)
+		return false;
+	PrivateKey* priv = mldsa->newPrivateKey();
+	if (priv == NULL)
+	{
+		CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
+		return false;
+	}
+	if (!priv->PKCS8Decode(ber))
+	{
+		mldsa->recyclePrivateKey(priv);
+		CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
+		return false;
+	}
+	// ML-DSA Private Key Attributes
+	ByteString parameterSet;
+	ByteString seed;
+	ByteString value;
+	if (isPrivate)
+	{
+		token->encrypt(((MLDSAPrivateKey*)priv)->getSeed(), seed);
+		token->encrypt(((MLDSAPrivateKey*)priv)->getValue(), value);
+	}
+	else
+	{
+		seed = ((MLDSAPrivateKey*)priv)->getSeed();
+		value = ((MLDSAPrivateKey*)priv)->getValue();
+	}
+	bool bOK = true;
+	bOK = bOK && key->setAttribute(CKA_PARAMETER_SET, ((MLDSAPrivateKey*)priv)->getParameterSet());
+	bOK = bOK && key->setAttribute(CKA_SEED, seed);
+	bOK = bOK && key->setAttribute(CKA_VALUE, value);
+
+	mldsa->recyclePrivateKey(priv);
+	CryptoFactory::i()->recycleAsymmetricAlgorithm(mldsa);
+
+	return bOK;
+}
+
+#endif

src/lib/crypto/MLDSAUtil.h

@@ -0,0 +1,30 @@
+/*****************************************************************************
+ MLDSAUtil.h
+
+ ML-DSA convenience functions
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_MLDSAUTIL_H
+#define _SOFTHSM_V2_MLDSAUTIL_H
+
+#include "config.h"
+#ifdef WITH_ML_DSA
+#include "MLDSAPrivateKey.h"
+#include "MLDSAPublicKey.h"
+#include "AsymmetricAlgorithm.h"
+#include "CryptoFactory.h"
+#include "ByteString.h"
+#include "Token.h"
+#include "OSObject.h"
+
+class MLDSAUtil
+{
+public:
+	static CK_RV getMLDSAPrivateKey(MLDSAPrivateKey* privateKey, Token* token, OSObject* key);
+	static CK_RV getMLDSAPublicKey(MLDSAPublicKey* publicKey, Token* token, OSObject* key);
+
+	static bool setMLDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate);
+};
+
+#endif // !_SOFTHSM_V2_MLDSAUTIL_H
+#endif

src/lib/crypto/Makefile.am

@@ -3,6 +3,8 @@ MAINTAINERCLEANFILES = 		$(srcdir)/Makefile.in
 AM_CPPFLAGS =			-I$(srcdir)/.. \
 				-I$(srcdir)/../common \
 				-I$(srcdir)/../data_mgr \
+				-I$(srcdir)/../slot_mgr \
+				-I$(srcdir)/../object_store \
 				-I$(srcdir)/../pkcs11 \
 				@CRYPTO_INCLUDES@
 
@@ -31,6 +33,7 @@ libsofthsm_crypto_la_SOURCES =	AESKey.cpp \
 				MLDSAParameters.cpp \
                 MLDSAPrivateKey.cpp \
             	MLDSAPublicKey.cpp \
+            	MLDSAUtil.cpp \
 				RSAParameters.cpp \
 				RSAPrivateKey.cpp \
 				RSAPublicKey.cpp \

src/lib/crypto/OSSLComp.cpp

@@ -25,7 +25,7 @@
  */
 
 /*****************************************************************************
- OSSLUtil.cpp
+ OSSLComp.cpp
 
  Adding OpenSSL forward-compatible code as suggested by OpenSSL
  *****************************************************************************/