Merge pull request #89 from mjdemilliano/ml-dsa-generate-from-seed

dgarske · web-flow · commit e5242a8aa188 · 2026-04-15T14:58:44.000-07:00
ML-DSA: Support (re-)generating MlDsaPrivate from seed
diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py
@@ -1027,6 +1027,7 @@ def build_ffi(local_wolfssl, features):
         int wc_dilithium_set_level(dilithium_key* key, byte level);
         void wc_dilithium_free(dilithium_key* key);
         int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng);
+        int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
         int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
         int wc_dilithium_import_private(const byte* priv, word32 privSz, dilithium_key* key);
         int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
diff --git a/tests/test_mldsa.py b/tests/test_mldsa.py
@@ -24,7 +24,6 @@
 
 if _lib.ML_DSA_ENABLED:
     import pytest
-
     from wolfcrypt.ciphers import MlDsaPrivate, MlDsaPublic, MlDsaType, ML_DSA_SIGNATURE_SEED_LENGTH
     from wolfcrypt.random import Random
 
diff --git a/wolfcrypt/ciphers.py b/wolfcrypt/ciphers.py
@@ -2173,6 +2173,36 @@ def make_key(cls, mldsa_type, rng=Random()):
 
             return mldsa_priv
 
+        @classmethod
+        def make_key_from_seed(cls, mldsa_type, seed):
+            """
+            Deterministically generate the key from a seed.
+
+            :param mldsa_type: ML-DSA type
+            :type mldsa_type: MlDsaType
+            :param seed: the (32 byte) seed from which to deterministically create the key
+            :type seed: bytes
+            """
+            mldsa_priv = cls(mldsa_type)
+            try:
+                seed_view = memoryview(seed)
+            except TypeError as exception:
+                raise TypeError(
+                    "seed must support the buffer protocol, such as `bytes` or `bytearray`"
+                ) from exception
+            if len(seed_view) != ML_DSA_KEYGEN_SEED_LENGTH:
+                raise ValueError(
+                    f"Seed for generating ML-DSA key must be {ML_DSA_KEYGEN_SEED_LENGTH} bytes"
+                )
+
+            ret = _lib.wc_dilithium_make_key_from_seed(mldsa_priv.native_object,
+                    _ffi.from_buffer(seed_view))
+
+            if ret < 0:  # pragma: no cover
+                raise WolfCryptError("wc_dilithium_make_key_from_seed() error (%d)" % ret)
+
+            return mldsa_priv
+
         @property
         def pub_key_size(self):
             """
