Support keypair calculation for PQDSA PKEY

crypto/evp_extra/p_pqdsa_asn1.c

@@ -144,12 +144,38 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
-  // set the pqdsa params on the fresh pkey
+
+  // Set the pqdsa params on the fresh pkey
   if (!EVP_PKEY_pqdsa_set_params(out, OBJ_cbs2nid(params))) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
-  return PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key,CBS_data(key));
+
+  // Set the private key
+  if (!PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, CBS_data(key))) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+    return 0;
+  }
+
+  // Create buffers to store public key based on size
+  size_t pk_len = out->pkey.pqdsa_key->pqdsa->public_key_len;
+  uint8_t *public_key = OPENSSL_malloc(pk_len);
+
+  if (public_key == NULL) {
+    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
+    return 0;
+  }
+
+  // Construct the public key from the private key
+  if (!out->pkey.pqdsa_key->pqdsa->method->pqdsa_pack_pk_from_sk(public_key, CBS_data(key))) {
+    OPENSSL_free(public_key);
+    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+    return 0;
+  }
+
+  out->pkey.pqdsa_key->public_key = public_key;
+
+  return 1;
 }
 
 static int pqdsa_priv_encode(CBB *out, const EVP_PKEY *pkey) {

crypto/evp_extra/p_pqdsa_test.cc

@@ -1397,6 +1397,17 @@ TEST_P(PQDSAParameterTest, MarshalParse) {
   ASSERT_TRUE(priv_pkey_from_der);
   EXPECT_EQ(Bytes(priv_pkey_from_der->pkey.pqdsa_key->private_key, GetParam().private_key_len),
             Bytes(pkey->pkey.pqdsa_key->private_key, GetParam().private_key_len));
+
+  // When importing a PQDSA private key, the public key will be calculated and
+  // used to populate the public key. To test the calculated key is correct,
+  // we first check that the public key has been populated, then test for equality
+  // with the expected public key:
+  ASSERT_NE(priv_pkey_from_der, nullptr);
+  EXPECT_NE(priv_pkey_from_der->pkey.pqdsa_key->public_key, nullptr);
+  EXPECT_NE(priv_pkey_from_der->pkey.pqdsa_key->private_key, nullptr);
+
+  EXPECT_EQ(Bytes(priv_pkey_from_der->pkey.pqdsa_key->public_key, GetParam().public_key_len),
+            Bytes(pkey->pkey.pqdsa_key->public_key, GetParam().public_key_len));
 }
 
 TEST_P(PQDSAParameterTest, SIGOperations) {

crypto/pqdsa/internal.h

@@ -42,6 +42,9 @@ typedef struct {
                       size_t sig_len,
                       const uint8_t *digest,
                       size_t digest_len);
+
+  int (*pqdsa_pack_pk_from_sk)(uint8_t *public_key,
+                               const uint8_t *private_key);
 } PQDSA_METHOD;
 
 // PQDSA structure and helper functions.

crypto/pqdsa/pqdsa.c

@@ -89,23 +89,26 @@ static const PQDSA_METHOD sig_ml_dsa_44_method = {
   ml_dsa_44_sign,
   ml_dsa_extmu_44_sign,
   ml_dsa_44_verify,
-  ml_dsa_extmu_44_verify
+  ml_dsa_extmu_44_verify,
+  ml_dsa_44_pack_pk_from_sk
 };
 
 static const PQDSA_METHOD sig_ml_dsa_65_method = {
   ml_dsa_65_keypair,
   ml_dsa_65_sign,
   ml_dsa_extmu_65_sign,
   ml_dsa_65_verify,
-  ml_dsa_extmu_65_verify
+  ml_dsa_extmu_65_verify,
+  ml_dsa_65_pack_pk_from_sk
 };
 
 static const PQDSA_METHOD sig_ml_dsa_87_method = {
   ml_dsa_87_keypair,
   ml_dsa_87_sign,
   ml_dsa_extmu_87_sign,
   ml_dsa_87_verify,
-  ml_dsa_extmu_87_verify
+  ml_dsa_extmu_87_verify,
+  ml_dsa_87_pack_pk_from_sk
 };
 
 static const PQDSA sig_ml_dsa_44 = {