ML-DSA BCrypt

Author: PranavSenthilnathan

src/libraries/Common/src/Interop/Windows/BCrypt/Cng.cs

@@ -31,6 +31,7 @@ internal static class AlgorithmName
             public const string ECDsaP521 = "ECDSA_P521";       // BCRYPT_ECDSA_P521_ALGORITHM
             public const string RSA = "RSA";                    // BCRYPT_RSA_ALGORITHM
             public const string MD5 = "MD5";                    // BCRYPT_MD5_ALGORITHM
+            public const string MLDsa = "ML-DSA";               // BCRYPT_MLDSA_ALGORITHM
             public const string Sha1 = "SHA1";                  // BCRYPT_SHA1_ALGORITHM
             public const string Sha256 = "SHA256";              // BCRYPT_SHA256_ALGORITHM
             public const string Sha384 = "SHA384";              // BCRYPT_SHA384_ALGORITHM

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.AsymmetricEncryption.Types.cs

@@ -53,5 +53,24 @@ internal struct BCRYPT_PSS_PADDING_INFO
             /// </summary>
             internal int cbSalt;
         }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct BCRYPT_PQDSA_PADDING_INFO
+        {
+            /// <summary>
+            ///     Address of the context buffer.
+            /// </summary>
+            internal IntPtr pbCtx;
+
+            /// <summary>
+            ///     The size, in bytes, of the context buffer.
+            /// </summary>
+            internal int cbCtx;
+
+            /// <summary>
+            ///     Null-terminated Unicode string that identifies the pre-hash algorithm used to create the hash.
+            /// </summary>
+            internal IntPtr pszPreHashAlgId;
+        }
     }
 }

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptGenerateKeyPair.cs

@@ -18,7 +18,7 @@ private static unsafe partial NTSTATUS BCryptGenerateKeyPair(
 
         internal static SafeBCryptKeyHandle BCryptGenerateKeyPair(
             SafeBCryptAlgorithmHandle hAlgorithm,
-            int keyLength)
+            int keyLength = 0)
         {
             NTSTATUS status = BCryptGenerateKeyPair(
                 hAlgorithm,

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptPropertyStrings.cs

@@ -13,6 +13,7 @@ internal static class BCryptPropertyStrings
             internal const string BCRYPT_HASH_LENGTH = "HashDigestLength";
             internal const string BCRYPT_KEY_STRENGTH = "KeyStrength";
             internal const string BCRYPT_MESSAGE_BLOCK_LENGTH = "MessageBlockLength";
+            internal const string BCRYPT_PARAMETER_SET_NAME = "ParameterSetName";
         }
     }
 }

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptSetProperty.cs

@@ -0,0 +1,38 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.InteropServices;
+
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class BCrypt
+    {
+        [LibraryImport(Libraries.BCrypt, StringMarshalling = StringMarshalling.Utf16)]
+        internal static unsafe partial NTSTATUS BCryptSetProperty(
+            SafeBCryptHandle hObject,
+            string pszProperty,
+            void* pbInput,
+            int cbInput,
+            int dwFlags);
+
+        internal static unsafe void BCryptSetSZProperty(SafeBCryptHandle hObject, string pszProperty, string pszValue)
+        {
+            fixed (void* pbInput = pszValue)
+            {
+                NTSTATUS status = BCryptSetProperty(
+                    hObject,
+                    pszProperty,
+                    pbInput,
+                    (pszValue.Length + 1) * 2,
+                    0);
+
+                if (status != NTSTATUS.STATUS_SUCCESS)
+                {
+                    throw CreateCryptographicException(status);
+                }
+            }
+        }
+    }
+}

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptSignHash.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics;
 using System.Runtime.InteropServices;
 using Internal.Cryptography;
 
@@ -74,5 +75,58 @@ internal static unsafe NTSTATUS BCryptSignHashPss(
                     BCryptSignVerifyFlags.BCRYPT_PAD_PSS);
             }
         }
+
+        internal static unsafe void BCryptSignHashPure(
+            SafeBCryptKeyHandle key,
+            ReadOnlySpan<byte> data,
+            ReadOnlySpan<byte> context,
+            Span<byte> destination)
+        {
+            NTSTATUS status;
+            int bytesWritten;
+
+            fixed (byte* pData = &MemoryMarshal.GetReference(data))
+            fixed (byte* pDest = &Helpers.GetNonNullPinnableReference(destination))
+            {
+                if (context.Length == 0)
+                {
+                    status = BCryptSignHash(
+                        key,
+                        pPaddingInfo: null,
+                        pData,
+                        data.Length,
+                        pDest,
+                        destination.Length,
+                        out bytesWritten,
+                        default(BCryptSignVerifyFlags));
+                }
+                else
+                {
+                    fixed (byte* pContext = &MemoryMarshal.GetReference(context))
+                    {
+                        BCRYPT_PQDSA_PADDING_INFO paddingInfo = default;
+                        paddingInfo.pbCtx = (IntPtr)pContext;
+                        paddingInfo.cbCtx = context.Length;
+
+                        status = BCryptSignHash(
+                            key,
+                            &paddingInfo,
+                            pData,
+                            data.Length,
+                            pDest,
+                            destination.Length,
+                            out bytesWritten,
+                            BCryptSignVerifyFlags.BCRYPT_PAD_PQDSA);
+                    }
+                }
+            }
+
+            Debug.Assert(bytesWritten == destination.Length);
+
+            if (status != Interop.BCrypt.NTSTATUS.STATUS_SUCCESS)
+            {
+                throw Interop.BCrypt.CreateCryptographicException(status);
+            }
+        }
     }
 }

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptVerifySignature.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Runtime.InteropServices;
 
+using Internal.Cryptography;
 using Microsoft.Win32.SafeHandles;
 
 internal static partial class Interop
@@ -15,6 +16,7 @@ private enum BCryptSignVerifyFlags : uint
         {
             BCRYPT_PAD_PKCS1 = 2,
             BCRYPT_PAD_PSS = 8,
+            BCRYPT_PAD_PQDSA = 32,
         }
 
         [LibraryImport(Libraries.BCrypt)]
@@ -84,5 +86,50 @@ internal static unsafe bool BCryptVerifySignaturePss(
 
             return status == NTSTATUS.STATUS_SUCCESS;
         }
+
+        internal static unsafe bool BCryptVerifySignaturePure(
+            SafeBCryptKeyHandle key,
+            ReadOnlySpan<byte> data,
+            ReadOnlySpan<byte> context,
+            ReadOnlySpan<byte> signature)
+        {
+            NTSTATUS status;
+
+            fixed (byte* pData = &Helpers.GetNonNullPinnableReference(data))
+            fixed (byte* pSignature = &MemoryMarshal.GetReference(signature))
+            {
+                if (context.Length == 0)
+                {
+                    status = BCryptVerifySignature(
+                        key,
+                        pPaddingInfo: null,
+                        pData,
+                        data.Length,
+                        pSignature,
+                        signature.Length,
+                        default(BCryptSignVerifyFlags));
+                }
+                else
+                {
+                    fixed (byte* pContext = &MemoryMarshal.GetReference(context))
+                    {
+                        BCRYPT_PQDSA_PADDING_INFO paddingInfo = default;
+                        paddingInfo.pbCtx = (IntPtr)pContext;
+                        paddingInfo.cbCtx = context.Length;
+
+                        status = BCryptVerifySignature(
+                            key,
+                            &paddingInfo,
+                            pData,
+                            data.Length,
+                            pSignature,
+                            signature.Length,
+                            BCryptSignVerifyFlags.BCRYPT_PAD_PQDSA);
+                    }
+                }
+            }
+
+            return status == NTSTATUS.STATUS_SUCCESS;
+        }
     }
 }

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.Blobs.cs

@@ -106,6 +106,10 @@ internal enum KeyBlobMagicNumber : int
             BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC = 0x50444345,
             BCRYPT_ECDSA_PRIVATE_GENERIC_MAGIC = 0x56444345,
 
+            BCRYPT_MLDSA_PUBLIC_MAGIC = 0x4B505344,
+            BCRYPT_MLDSA_PRIVATE_MAGIC = 0x4B535344,
+            BCRYPT_MLDSA_PRIVATE_SEED_MAGIC = 0x53535344,
+
             BCRYPT_RSAPUBLIC_MAGIC = 0x31415352,
             BCRYPT_RSAPRIVATE_MAGIC = 0x32415352,
             BCRYPT_RSAFULLPRIVATE_MAGIC = 0x33415352,
@@ -133,6 +137,10 @@ internal static class KeyBlobType
             internal const string BCRYPT_ECCPRIVATE_BLOB = "ECCPRIVATEBLOB";
             internal const string BCRYPT_ECCFULLPUBLIC_BLOB = "ECCFULLPUBLICBLOB";
             internal const string BCRYPT_ECCFULLPRIVATE_BLOB = "ECCFULLPRIVATEBLOB";
+
+            internal const string BCRYPT_PQDSA_PUBLIC_BLOB = "PQDSAPUBLICBLOB";
+            internal const string BCRYPT_PQDSA_PRIVATE_BLOB = "PQDSAPRIVATEBLOB";
+            internal const string BCRYPT_PQDSA_PRIVATE_SEED_BLOB = "PQDSAPRIVATESEEDBLOB";
         }
 
         /// <summary>
@@ -235,6 +243,18 @@ internal struct BCRYPT_ECCFULLKEY_BLOB
             // The rest of the buffer contains the domain parameters
         }
 
+        /// <summary>
+        ///     Used as a header to PQC parameters including the parameters set and key/seed.
+        /// </summary>
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct BCRYPT_PQDSA_KEY_BLOB
+        {
+            internal KeyBlobMagicNumber Magic;
+            internal int cbParameterSet;    // Byte size of parameterSet[]
+            internal int cbKey;             // Byte size of key[]
+            // The rest of the buffer contains the data
+        }
+
         /// <summary>
         ///     NCrypt or BCrypt buffer descriptors
         /// </summary>

src/libraries/Common/src/System/Security/Cryptography/MLDsaImplementation.NotSupported.cs

@@ -8,6 +8,12 @@ namespace System.Security.Cryptography
 {
     internal sealed partial class MLDsaImplementation : MLDsa
     {
+        public MLDsaImplementation(MLDsaAlgorithm algorithm)
+            : base(algorithm)
+        {
+            ThrowIfNotSupported();
+        }
+
         internal static partial bool SupportsAny() => false;
 
         // The instance override methods are unreachable, as the constructor will always throw.
@@ -35,9 +41,6 @@ internal static partial MLDsaImplementation GenerateKeyImpl(MLDsaAlgorithm algor
         internal static partial MLDsaImplementation ImportPublicKey(MLDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
             throw new PlatformNotSupportedException();
 
-        internal static partial MLDsaImplementation ImportPkcs8PrivateKeyValue(MLDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
-            throw new PlatformNotSupportedException();
-
         internal static partial MLDsaImplementation ImportSecretKey(MLDsaAlgorithm algorithm, ReadOnlySpan<byte> source) =>
             throw new PlatformNotSupportedException();