/src/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c

Source (jump to first uncovered line)
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/self_test.h>
#include "crypto/slh_dsa.h"
#include "internal/fips.h"
#include "internal/param_build_set.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"

static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;

#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)

struct slh_dsa_gen_ctx {
    SLH_DSA_HASH_CTX *ctx;
    OSSL_LIB_CTX *libctx;
    char *propq;
    uint8_t entropy[SLH_DSA_MAX_N * 3];
    size_t entropy_len;
};

static void *slh_dsa_new_key(void *provctx, const char *alg)
{
    if (!ossl_prov_is_running())
        return 0;

    return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
}

static void slh_dsa_free_key(void *keydata)
{
    ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
}

static void *slh_dsa_dup_key(const void *keydata_from, int selection)
{
    if (ossl_prov_is_running())
        return ossl_slh_dsa_key_dup(keydata_from, selection);
    return NULL;
}

static int slh_dsa_has(const void *keydata, int selection)
{
    const SLH_DSA_KEY *key = keydata;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 1; /* the selection is not missing */

    return ossl_slh_dsa_key_has(key, selection);
}

static int slh_dsa_match(const void *keydata1, const void *keydata2, int selection)
{
    const SLH_DSA_KEY *key1 = keydata1;
    const SLH_DSA_KEY *key2 = keydata2;

    if (!ossl_prov_is_running())
        return 0;
    if (key1 == NULL || key2 == NULL)
        return 0;
    return ossl_slh_dsa_key_equal(key1, key2, selection);
}

static int slh_dsa_validate(const void *key_data, int selection, int check_type)
{
    const SLH_DSA_KEY *key = key_data;

    if (!slh_dsa_has(key, selection))
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
        return ossl_slh_dsa_key_pairwise_check(key);
    return 1;
}

static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    int include_priv;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;

    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 0;

    include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
    return ossl_slh_dsa_key_fromdata(key, params, include_priv);
}

#define SLH_DSA_IMEXPORTABLE_PARAMETERS \
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)

static const OSSL_PARAM slh_dsa_key_types[] = {
    SLH_DSA_IMEXPORTABLE_PARAMETERS,
    OSSL_PARAM_END
};
static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
{
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return NULL;
    return slh_dsa_key_types;
}

static const OSSL_PARAM slh_dsa_params[] = {
    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
    SLH_DSA_IMEXPORTABLE_PARAMETERS,
    OSSL_PARAM_END
};
static const OSSL_PARAM *slh_dsa_gettable_params(void *provctx)
{
    return slh_dsa_params;
}

static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
                         int selection)
{
    /* Error if there is no key or public key */
    if (key == NULL || ossl_slh_dsa_key_get_pub(key) == NULL)
        return 0;

    if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
        && ossl_slh_dsa_key_get_priv(key) != NULL)
        if (ossl_param_build_set_octet_string(tmpl, NULL,
                                              OSSL_PKEY_PARAM_PRIV_KEY,
                                              ossl_slh_dsa_key_get_priv(key),
                                              ossl_slh_dsa_key_get_priv_len(key)) != 1)
            return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
        return 1;

    return ossl_param_build_set_octet_string(tmpl, NULL,
                                             OSSL_PKEY_PARAM_PUB_KEY,
                                             ossl_slh_dsa_key_get_pub(key),
                                             ossl_slh_dsa_key_get_pub_len(key));
}

static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    OSSL_PARAM *p;
    const uint8_t *pub, *priv;

    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
            && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_pub_len(key)))
        return 0;
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
            && !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_n(key)))
        return 0;
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
            && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key)))
        return 0;
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
            && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_security_category(key)))
        return 0;

    priv = ossl_slh_dsa_key_get_priv(key);
    if (priv != NULL) {
        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
        /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
        if (p != NULL
            && !OSSL_PARAM_set_octet_string(p, priv,
                                            ossl_slh_dsa_key_get_priv_len(key)))
            return 0;
    }
    pub = ossl_slh_dsa_key_get_pub(key);
    if (pub != NULL) {
        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
        if (p != NULL
            && !OSSL_PARAM_set_octet_string(p, pub,
                                            ossl_slh_dsa_key_get_pub_len(key)))
            return 0;
    }
    /*
     * This allows apps to use an empty digest, so that the old API
     * for digest signing can be used.
     */
    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MANDATORY_DIGEST);
    if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ""))
        return 0;
    return 1;
}

static int slh_dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
                          void *cbarg)
{
    SLH_DSA_KEY *key = keydata;
    OSSL_PARAM_BLD *tmpl;
    OSSL_PARAM *params = NULL;
    int ret = 0;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
        return 0;

    tmpl = OSSL_PARAM_BLD_new();
    if (tmpl == NULL)
        return 0;

    if (!key_to_params(key, tmpl, selection))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL)
        goto err;

    ret = param_cb(params, cbarg);
    OSSL_PARAM_free(params);
err:
    OSSL_PARAM_BLD_free(tmpl);
    return ret;
}

static void *slh_dsa_load(const void *reference, size_t reference_sz)
{
    SLH_DSA_KEY *key = NULL;

    if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
        /* The contents of the reference is the address to our object */
        key = *(SLH_DSA_KEY **)reference;
        /* We grabbed, so we detach it */
        *(SLH_DSA_KEY **)reference = NULL;
        return key;
    }
    return NULL;
}

static void *slh_dsa_gen_init(void *provctx, int selection,
                              const OSSL_PARAM params[])
{
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
    struct slh_dsa_gen_ctx *gctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;

    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
        gctx->libctx = libctx;
        if (!slh_dsa_gen_set_params(gctx, params)) {
            OPENSSL_free(gctx);
            gctx = NULL;
        }
    }
    return gctx;
}

#ifdef FIPS_MODULE
/*
 * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
 * Perform a pairwise test for SLH_DSA by signing and verifying a signature.
 */
static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx,
                                         const SLH_DSA_KEY *key,
                                         OSSL_LIB_CTX *lib_ctx)
{
    int ret = 0;
    OSSL_SELF_TEST *st = NULL;
    OSSL_CALLBACK *cb = NULL;
    void *cb_arg = NULL;
    uint8_t msg[16] = {0};
    size_t msg_len = sizeof(msg);
    uint8_t *sig = NULL;
    size_t sig_len;

    /* During self test, it is a waste to do this test */
    if (ossl_fips_self_testing())
        return 1;

    OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
    st = OSSL_SELF_TEST_new(cb, cb_arg);
    if (st == NULL)
        return 0;

    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
                           OSSL_SELF_TEST_DESC_PCT_SLH_DSA);

    sig_len = ossl_slh_dsa_key_get_sig_len(key);
    sig = OPENSSL_malloc(sig_len);
    if (sig == NULL)
        goto err;

    if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
                          sig, &sig_len, sig_len) != 1)
        goto err;

    OSSL_SELF_TEST_oncorrupt_byte(st, sig);

    if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
        goto err;

    ret = 1;
err:
    OPENSSL_free(sig);
    OSSL_SELF_TEST_onend(st, ret);
    OSSL_SELF_TEST_free(st);
    return ret;
}
#endif /* FIPS_MODULE */

static void *slh_dsa_gen(void *genctx, const char *alg)
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    SLH_DSA_KEY *key = NULL;
    SLH_DSA_HASH_CTX *ctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;
    key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
    if (key == NULL)
        return NULL;
    ctx = ossl_slh_dsa_hash_ctx_new(key);
    if (ctx == NULL)
        return NULL;
    if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
                                   gctx->entropy, gctx->entropy_len))
        goto err;
#ifdef FIPS_MODULE
    if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) {
        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
        goto err;
    }
#endif /* FIPS_MODULE */
    ossl_slh_dsa_hash_ctx_free(ctx);
    return key;
 err:
    ossl_slh_dsa_hash_ctx_free(ctx);
    ossl_slh_dsa_key_free(key);
    return NULL;
}

static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    const OSSL_PARAM *p;

    if (gctx == NULL)
        return 0;

    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_SLH_DSA_SEED);
    if (p != NULL) {
        void *vp = gctx->entropy;
        size_t len = sizeof(gctx->entropy);

        if (!OSSL_PARAM_get_octet_string(p, &vp, len, &(gctx->entropy_len))) {
            gctx->entropy_len = 0;
            return 0;
        }
    }

    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_UTF8_STRING)
            return 0;
        OPENSSL_free(gctx->propq);
        gctx->propq = OPENSSL_strdup(p->data);
        if (gctx->propq == NULL)
            return 0;
    }
    return 1;
}

static const OSSL_PARAM *slh_dsa_gen_settable_params(ossl_unused void *genctx,
                                                     ossl_unused void *provctx)
{
    static OSSL_PARAM settable[] = {
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0),
        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_SLH_DSA_SEED, NULL, 0),
        OSSL_PARAM_END
    };
    return settable;
}

static void slh_dsa_gen_cleanup(void *genctx)
{
    struct slh_dsa_gen_ctx *gctx = genctx;

    if (gctx == NULL)
        return;

    OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
    OPENSSL_free(gctx->propq);
    OPENSSL_free(gctx);
}

#define MAKE_KEYMGMT_FUNCTIONS(alg, fn)                                        \
    static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key;                    \
    static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen;                        \
    static void *slh_dsa_##fn##_new_key(void *provctx)                         \
    {                                                                          \
        return slh_dsa_new_key(provctx, alg);                                  \
    }                                                                          \
    static void *slh_dsa_##fn##_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)\
    {                                                                          \
        return slh_dsa_gen(genctx, alg);                                       \
    }                                                                          \
    const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = {            \
        { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key },     \
        { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key },          \
        { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key },            \
        { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has },                \
        { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match },            \
        { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import },          \
        { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
        { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export },          \
        { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
        { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load },              \
        { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))slh_dsa_get_params }, \
        { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))slh_dsa_gettable_params },\
        { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate },      \
        { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init },      \
        { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen },         \
        { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },\
        { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,                                    \
          (void (*)(void))slh_dsa_gen_set_params },                            \
        { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,                               \
          (void (*)(void))slh_dsa_gen_settable_params },                       \
        OSSL_DISPATCH_END                                                      \
    }

MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

Coverage Report

Created: 2025-06-13 06:36

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/core_dispatch.h>
11		#include <openssl/core_names.h>
12		#include <openssl/param_build.h>
13		#include <openssl/self_test.h>
14		#include "crypto/slh_dsa.h"
15		#include "internal/fips.h"
16		#include "internal/param_build_set.h"
17		#include "prov/implementations.h"
18		#include "prov/providercommon.h"
19		#include "prov/provider_ctx.h"
20
21		static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
22		static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
23		static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
24		static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
25		static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
26		static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
27		static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
28		static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
29		static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
30		static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
31		static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
32		static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
33		static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
34		static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
35		static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
36		static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;
37
38	0	#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
39
40		struct slh_dsa_gen_ctx {
41		SLH_DSA_HASH_CTX *ctx;
42		OSSL_LIB_CTX *libctx;
43		char *propq;
44		uint8_t entropy[SLH_DSA_MAX_N * 3];
45		size_t entropy_len;
46		};
47
48		static void slh_dsa_new_key(void provctx, const char *alg)
49	0	{
50	0	if (!ossl_prov_is_running())
51	0	return 0;
52
53	0	return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
54	0	}
55
56		static void slh_dsa_free_key(void *keydata)
57	0	{
58	0	ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
59	0	}
60
61		static void slh_dsa_dup_key(const void keydata_from, int selection)
62	0	{
63	0	if (ossl_prov_is_running())
64	0	return ossl_slh_dsa_key_dup(keydata_from, selection);
65	0	return NULL;
66	0	}
67
68		static int slh_dsa_has(const void *keydata, int selection)
69	0	{
70	0	const SLH_DSA_KEY *key = keydata;
71
72	0	if (!ossl_prov_is_running() \|\| key == NULL)
73	0	return 0;
74	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
75	0	return 1; /* the selection is not missing */
76
77	0	return ossl_slh_dsa_key_has(key, selection);
78	0	}
79
80		static int slh_dsa_match(const void keydata1, const void keydata2, int selection)
81	0	{
82	0	const SLH_DSA_KEY *key1 = keydata1;
83	0	const SLH_DSA_KEY *key2 = keydata2;
84
85	0	if (!ossl_prov_is_running())
86	0	return 0;
87	0	if (key1 == NULL \|\| key2 == NULL)
88	0	return 0;
89	0	return ossl_slh_dsa_key_equal(key1, key2, selection);
90	0	}
91
92		static int slh_dsa_validate(const void *key_data, int selection, int check_type)
93	0	{
94	0	const SLH_DSA_KEY *key = key_data;
95
96	0	if (!slh_dsa_has(key, selection))
97	0	return 0;
98
99	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
100	0	return ossl_slh_dsa_key_pairwise_check(key);
101	0	return 1;
102	0	}
103
104		static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
105	0	{
106	0	SLH_DSA_KEY *key = keydata;
107	0	int include_priv;
108
109	0	if (!ossl_prov_is_running() \|\| key == NULL)
110	0	return 0;
111
112	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
113	0	return 0;
114
115	0	include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
116	0	return ossl_slh_dsa_key_fromdata(key, params, include_priv);
117	0	}
118
119		#define SLH_DSA_IMEXPORTABLE_PARAMETERS \
120		OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \
121		OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
122
123		static const OSSL_PARAM slh_dsa_key_types[] = {
124		SLH_DSA_IMEXPORTABLE_PARAMETERS,
125		OSSL_PARAM_END
126		};
127		static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
128	0	{
129	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
130	0	return NULL;
131	0	return slh_dsa_key_types;
132	0	}
133
134		static const OSSL_PARAM slh_dsa_params[] = {
135		OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
136		OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
137		OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
138		OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
139		OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
140		SLH_DSA_IMEXPORTABLE_PARAMETERS,
141		OSSL_PARAM_END
142		};
143		static const OSSL_PARAM slh_dsa_gettable_params(void provctx)
144	0	{
145	0	return slh_dsa_params;
146	0	}
147
148		static int key_to_params(SLH_DSA_KEY key, OSSL_PARAM_BLD tmpl,
149		int selection)
150	0	{
151		/* Error if there is no key or public key */
152	0	if (key == NULL \|\| ossl_slh_dsa_key_get_pub(key) == NULL)
153	0	return 0;
154
155	0	if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
156	0	&& ossl_slh_dsa_key_get_priv(key) != NULL)
157	0	if (ossl_param_build_set_octet_string(tmpl, NULL,
158	0	OSSL_PKEY_PARAM_PRIV_KEY,
159	0	ossl_slh_dsa_key_get_priv(key),
160	0	ossl_slh_dsa_key_get_priv_len(key)) != 1)
161	0	return 0;
162
163	0	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
164	0	return 1;
165
166	0	return ossl_param_build_set_octet_string(tmpl, NULL,
167	0	OSSL_PKEY_PARAM_PUB_KEY,
168	0	ossl_slh_dsa_key_get_pub(key),
169	0	ossl_slh_dsa_key_get_pub_len(key));
170	0	}
171
172		static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
173	0	{
174	0	SLH_DSA_KEY *key = keydata;
175	0	OSSL_PARAM *p;
176	0	const uint8_t pub, priv;
177
178	0	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
179	0	&& !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_pub_len(key)))
180	0	return 0;
181	0	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
182	0	&& !OSSL_PARAM_set_int(p, 8 * ossl_slh_dsa_key_get_n(key)))
183	0	return 0;
184	0	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
185	0	&& !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_sig_len(key)))
186	0	return 0;
187	0	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
188	0	&& !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_security_category(key)))
189	0	return 0;
190
191	0	priv = ossl_slh_dsa_key_get_priv(key);
192	0	if (priv != NULL) {
193	0	p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
194		/* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
195	0	if (p != NULL
196	0	&& !OSSL_PARAM_set_octet_string(p, priv,
197	0	ossl_slh_dsa_key_get_priv_len(key)))
198	0	return 0;
199	0	}
200	0	pub = ossl_slh_dsa_key_get_pub(key);
201	0	if (pub != NULL) {
202	0	p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
203	0	if (p != NULL
204	0	&& !OSSL_PARAM_set_octet_string(p, pub,
205	0	ossl_slh_dsa_key_get_pub_len(key)))
206	0	return 0;
207	0	}
208		/*
209		* This allows apps to use an empty digest, so that the old API
210		* for digest signing can be used.
211		*/
212	0	p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MANDATORY_DIGEST);
213	0	if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ""))
214	0	return 0;
215	0	return 1;
216	0	}
217
218		static int slh_dsa_export(void keydata, int selection, OSSL_CALLBACK param_cb,
219		void *cbarg)
220	0	{
221	0	SLH_DSA_KEY *key = keydata;
222	0	OSSL_PARAM_BLD *tmpl;
223	0	OSSL_PARAM *params = NULL;
224	0	int ret = 0;
225
226	0	if (!ossl_prov_is_running() \|\| key == NULL)
227	0	return 0;
228
229	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
230	0	return 0;
231
232	0	tmpl = OSSL_PARAM_BLD_new();
233	0	if (tmpl == NULL)
234	0	return 0;
235
236	0	if (!key_to_params(key, tmpl, selection))
237	0	goto err;
238
239	0	params = OSSL_PARAM_BLD_to_param(tmpl);
240	0	if (params == NULL)
241	0	goto err;
242
243	0	ret = param_cb(params, cbarg);
244	0	OSSL_PARAM_free(params);
245	0	err:
246	0	OSSL_PARAM_BLD_free(tmpl);
247	0	return ret;
248	0	}
249
250		static void slh_dsa_load(const void reference, size_t reference_sz)
251	0	{
252	0	SLH_DSA_KEY *key = NULL;
253
254	0	if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
255		/* The contents of the reference is the address to our object */
256	0	key = (SLH_DSA_KEY *)reference;
257		/* We grabbed, so we detach it */
258	0	(SLH_DSA_KEY *)reference = NULL;
259	0	return key;
260	0	}
261	0	return NULL;
262	0	}
263
264		static void slh_dsa_gen_init(void provctx, int selection,
265		const OSSL_PARAM params[])
266	0	{
267	0	OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
268	0	struct slh_dsa_gen_ctx *gctx = NULL;
269
270	0	if (!ossl_prov_is_running())
271	0	return NULL;
272
273	0	if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
274	0	gctx->libctx = libctx;
275	0	if (!slh_dsa_gen_set_params(gctx, params)) {
276	0	OPENSSL_free(gctx);
277	0	gctx = NULL;
278	0	}
279	0	}
280	0	return gctx;
281	0	}
282
283		#ifdef FIPS_MODULE
284		/*
285		* Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
286		* Perform a pairwise test for SLH_DSA by signing and verifying a signature.
287		*/
288		static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx,
289		const SLH_DSA_KEY *key,
290		OSSL_LIB_CTX *lib_ctx)
291		{
292		int ret = 0;
293		OSSL_SELF_TEST *st = NULL;
294		OSSL_CALLBACK *cb = NULL;
295		void *cb_arg = NULL;
296		uint8_t msg[16] = {0};
297		size_t msg_len = sizeof(msg);
298		uint8_t *sig = NULL;
299		size_t sig_len;
300
301		/* During self test, it is a waste to do this test */
302		if (ossl_fips_self_testing())
303		return 1;
304
305		OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
306		st = OSSL_SELF_TEST_new(cb, cb_arg);
307		if (st == NULL)
308		return 0;
309
310		OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
311		OSSL_SELF_TEST_DESC_PCT_SLH_DSA);
312
313		sig_len = ossl_slh_dsa_key_get_sig_len(key);
314		sig = OPENSSL_malloc(sig_len);
315		if (sig == NULL)
316		goto err;
317
318		if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
319		sig, &sig_len, sig_len) != 1)
320		goto err;
321
322		OSSL_SELF_TEST_oncorrupt_byte(st, sig);
323
324		if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
325		goto err;
326
327		ret = 1;
328		err:
329		OPENSSL_free(sig);
330		OSSL_SELF_TEST_onend(st, ret);
331		OSSL_SELF_TEST_free(st);
332		return ret;
333		}
334		#endif /* FIPS_MODULE */
335
336		static void slh_dsa_gen(void genctx, const char *alg)
337	0	{
338	0	struct slh_dsa_gen_ctx *gctx = genctx;
339	0	SLH_DSA_KEY *key = NULL;
340	0	SLH_DSA_HASH_CTX *ctx = NULL;
341
342	0	if (!ossl_prov_is_running())
343	0	return NULL;
344	0	key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
345	0	if (key == NULL)
346	0	return NULL;
347	0	ctx = ossl_slh_dsa_hash_ctx_new(key);
348	0	if (ctx == NULL)
349	0	return NULL;
350	0	if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
351	0	gctx->entropy, gctx->entropy_len))
352	0	goto err;
353		#ifdef FIPS_MODULE
354		if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) {
355		ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
356		goto err;
357		}
358		#endif /* FIPS_MODULE */
359	0	ossl_slh_dsa_hash_ctx_free(ctx);
360	0	return key;
361	0	err:
362	0	ossl_slh_dsa_hash_ctx_free(ctx);
363	0	ossl_slh_dsa_key_free(key);
364	0	return NULL;
365	0	}
366
367		static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
368	0	{
369	0	struct slh_dsa_gen_ctx *gctx = genctx;
370	0	const OSSL_PARAM *p;
371
372	0	if (gctx == NULL)
373	0	return 0;
374
375	0	p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_SLH_DSA_SEED);
376	0	if (p != NULL) {
377	0	void *vp = gctx->entropy;
378	0	size_t len = sizeof(gctx->entropy);
379
380	0	if (!OSSL_PARAM_get_octet_string(p, &vp, len, &(gctx->entropy_len))) {
381	0	gctx->entropy_len = 0;
382	0	return 0;
383	0	}
384	0	}
385
386	0	p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES);
387	0	if (p != NULL) {
388	0	if (p->data_type != OSSL_PARAM_UTF8_STRING)
389	0	return 0;
390	0	OPENSSL_free(gctx->propq);
391	0	gctx->propq = OPENSSL_strdup(p->data);
392	0	if (gctx->propq == NULL)
393	0	return 0;
394	0	}
395	0	return 1;
396	0	}
397
398		static const OSSL_PARAM slh_dsa_gen_settable_params(ossl_unused void genctx,
399		ossl_unused void *provctx)
400	0	{
401	0	static OSSL_PARAM settable[] = {
402	0	OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0),
403	0	OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_SLH_DSA_SEED, NULL, 0),
404	0	OSSL_PARAM_END
405	0	};
406	0	return settable;
407	0	}
408
409		static void slh_dsa_gen_cleanup(void *genctx)
410	0	{
411	0	struct slh_dsa_gen_ctx *gctx = genctx;
412
413	0	if (gctx == NULL)
414	0	return;
415
416	0	OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
417	0	OPENSSL_free(gctx->propq);
418	0	OPENSSL_free(gctx);
419	0	}
420
421		#define MAKE_KEYMGMT_FUNCTIONS(alg, fn) \
422		static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key; \
423		static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen; \
424		static void slh_dsa_##fn##_new_key(void provctx) \
425	0	{ \
426	0	return slh_dsa_new_key(provctx, alg); \
427	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_new_key
428		static void slh_dsa_##fn##_gen(void genctx, OSSL_CALLBACK osslcb, void cbarg)\
429	0	{ \
430	0	return slh_dsa_gen(genctx, alg); \
431	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_gen
432		const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = { \
433		{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key }, \
434		{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key }, \
435		{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key }, \
436		{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has }, \
437		{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match }, \
438		{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import }, \
439		{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
440		{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export }, \
441		{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
442		{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load }, \
443		{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))slh_dsa_get_params }, \
444		{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))slh_dsa_gettable_params },\
445		{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate }, \
446		{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init }, \
447		{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen }, \
448		{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },\
449		{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, \
450		(void (*)(void))slh_dsa_gen_set_params }, \
451		{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \
452		(void (*)(void))slh_dsa_gen_settable_params }, \
453		OSSL_DISPATCH_END \
454		}
455
456		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
457		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
458		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
459		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
460		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
461		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
462		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
463		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
464		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
465		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
466		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
467		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);