[ML-DSA]: Windows MLDsaImplementation throws unclear error for missing private key while signing #117107
Description
If you attempt to do something like this:
using MLDsa full = MLDsa.GenerateKey(MLDsaAlgorithm.MLDsa65);
using MLDsa pub = MLDsa.ImportSubjectPublicKeyInfo(full.ExportSubjectPublicKeyInfo());
pub.SignData(new byte[1], new byte[pub.Algorithm.SignatureSizeInBytes]);It will fail with:
System.Security.Cryptography.CryptographicException : Unknown error (0xc100000d)
Stack Trace:
at Interop.BCrypt.BCryptSignHashPqcPure(SafeBCryptKeyHandle key, ReadOnlySpan`1 data, ReadOnlySpan`1 context, Span`1 destination) in E:\code\runtime\src\libraries\Common\src\Interop\Windows\BCrypt\Interop.BCryptSignHash.cs:line 111
at System.Security.Cryptography.MLDsaImplementation.SignDataCore(ReadOnlySpan`1 data, ReadOnlySpan`1 context, Span`1 destination) in E:\code\runtime\src\libraries\Common\src\System\Security\Cryptography\MLDsaImplementation.Windows.cs:line 38
at System.Security.Cryptography.MLDsa.SignData(ReadOnlySpan`1 data, Span`1 destination, ReadOnlySpan`1 context) in E:\code\runtime\src\libraries\Common\src\System\Security\Cryptography\MLDsa.cs:line 128
"Unknown error (0xc100000d)" is not a helpful error and we occasionally get reports indicating it is not helpful.
Since this is the bcrypt implementation, we should check for the presence of the secret key.
We should add:
if (!_hasSecretKey)
{
throw new CryptographicException(SR.Cryptography_MLDsaNoSecretKey);
}To SignDataCore:
We cannot add the same check to MLDsaCng because we are not guaranteed to know if the secret key is available or not, until we try signing.