@@ -2028,6 +2028,9 @@ def decapsulate(self, ct):
20282028
20292029
20302030if _lib .ML_DSA_ENABLED :
2031+ ML_DSA_SIGNATURE_SEED_LENGTH = 32
2032+ """The length of a signature generation seed."""
2033+
20312034 class MlDsaType (IntEnum ):
20322035 """
20332036 `MlDsaType` specifies supported ML-DSA types.
@@ -2149,9 +2152,7 @@ def verify(self, signature, message):
21492152 return res [0 ] == 1
21502153
21512154 class MlDsaPrivate (_MlDsaBase ):
2152- _SIGNATURE_SEED_LENGTH = 32
2153- """The length of a signature generation seed."""
2154-
2155+
21552156 @classmethod
21562157 def make_key (cls , mldsa_type , rng = Random ()):
21572158 """
@@ -2286,7 +2287,7 @@ def sign_with_seed(self, message, seed, ctx=None):
22862287 :type message: bytes or str
22872288 :param seed: 32-byte seed for deterministic signature generation.
22882289 :type seed: bytes
2289- :param ctx: context (optional)
2290+ :param ctx: context (optional, maximum 255 bytes )
22902291 :type ctx: None for no context, str or bytes otherwise
22912292 :return: signature
22922293 :rtype: bytes
@@ -2297,20 +2298,33 @@ def sign_with_seed(self, message, seed, ctx=None):
22972298 out_size = _ffi .new ("word32 *" )
22982299 out_size [0 ] = in_size
22992300
2300- assert isinstance (seed , bytes ) and len (seed ) == MlDsaPrivate ._SIGNATURE_SEED_LENGTH , \
2301- f"Seed for generating a signature must be { MlDsaPrivate ._SIGNATURE_SEED_LENGTH } bytes."
2301+ try :
2302+ seed_view = memoryview (seed )
2303+ except TypeError as exception :
2304+ raise TypeError (
2305+ "seed must support the buffer protocol, such as `bytes` or `bytearray`"
2306+ ) from exception
2307+ if len (seed_view ) != ML_DSA_SIGNATURE_SEED_LENGTH :
2308+ raise ValueError (
2309+ f"Seed for generating a signature must be { ML_DSA_SIGNATURE_SEED_LENGTH } "
2310+ "bytes."
2311+ )
23022312
23032313 if ctx is not None :
23042314 ctx_bytestype = t2b (ctx )
2315+ if len (ctx_bytestype ) > 255 :
2316+ raise ValueError (
2317+ f"context length { len (ctx_bytestype )} too large: must be 255 or less"
2318+ )
23052319 ret = _lib .wc_dilithium_sign_ctx_msg_with_seed (
23062320 _ffi .from_buffer (ctx_bytestype ),
2307- len (ctx_bytestype ),
2321+ len (ctx_bytestype ), # length must be < 256 bytes
23082322 _ffi .from_buffer (msg_bytestype ),
23092323 len (msg_bytestype ),
23102324 signature ,
23112325 out_size ,
23122326 self .native_object ,
2313- _ffi .from_buffer (seed ),
2327+ _ffi .from_buffer (seed_view ),
23142328 )
23152329 if ret < 0 : # pragma: no cover
23162330 raise WolfCryptError ("wc_dilithium_sign_ctx_msg_with_seed() error (%d)" % ret )
@@ -2321,7 +2335,7 @@ def sign_with_seed(self, message, seed, ctx=None):
23212335 signature ,
23222336 out_size ,
23232337 self .native_object ,
2324- _ffi .from_buffer (seed ),
2338+ _ffi .from_buffer (seed_view ),
23252339 )
23262340 if ret < 0 : # pragma: no cover
23272341 raise WolfCryptError ("wc_dilithium_sign_msg_with_seed() error (%d)" % ret )
0 commit comments