diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py index 01b3361..a86a0f9 100644 --- a/scripts/build_ffi.py +++ b/scripts/build_ffi.py @@ -1306,6 +1306,7 @@ def build_ffi(local_wolfssl, features): if features["ML_DSA"]: cdef += """ + static const int DILITHIUM_SEED_SZ; static const int WC_ML_DSA_44; static const int WC_ML_DSA_65; static const int WC_ML_DSA_87; diff --git a/tests/test_mldsa.py b/tests/test_mldsa.py index f04c80c..023b734 100644 --- a/tests/test_mldsa.py +++ b/tests/test_mldsa.py @@ -203,3 +203,14 @@ def test_sign_with_seed_and_context(mldsa_type, rng): with pytest.raises(ValueError): _ = mldsa_priv.sign_with_seed(message, signature_seed[:-1], ctx=bytes(1000)) + def test_make_key_from_seed(mldsa_type): + seed = bytes(MlDsaPrivate.ML_DSA_KEYGEN_SEED_LENGTH) + assert MlDsaPrivate.make_key_from_seed(mldsa_type, seed) + + @pytest.mark.parametrize( + "seed_length", [MlDsaPrivate.ML_DSA_KEYGEN_SEED_LENGTH - 1, MlDsaPrivate.ML_DSA_KEYGEN_SEED_LENGTH + 1] + ) + def test_make_key_from_seed_bad_length(mldsa_type, seed_length): + seed = bytes(seed_length) + with pytest.raises(ValueError): + MlDsaPrivate.make_key_from_seed(mldsa_type, seed) diff --git a/wolfcrypt/ciphers.py b/wolfcrypt/ciphers.py index 77ea987..5473ba5 100644 --- a/wolfcrypt/ciphers.py +++ b/wolfcrypt/ciphers.py @@ -2139,6 +2139,7 @@ class MlDsaType(IntEnum): class _MlDsaBase: INVALID_DEVID = _lib.INVALID_DEVID + ML_DSA_KEYGEN_SEED_LENGTH = _lib.DILITHIUM_SEED_SZ def __init__(self, mldsa_type): self._init_done = False @@ -2300,9 +2301,9 @@ def make_key_from_seed(cls, mldsa_type, seed): raise TypeError( "seed must support the buffer protocol, such as `bytes` or `bytearray`" ) from exception - if len(seed_view) != ML_DSA_KEYGEN_SEED_LENGTH: + if len(seed_view) != cls.ML_DSA_KEYGEN_SEED_LENGTH: raise ValueError( - f"Seed for generating ML-DSA key must be {ML_DSA_KEYGEN_SEED_LENGTH} bytes" + f"Seed for generating ML-DSA key must be {cls.ML_DSA_KEYGEN_SEED_LENGTH} bytes" ) ret = _lib.wc_dilithium_make_key_from_seed(mldsa_priv.native_object,