/src/openssl/providers/implementations/signature/slh_dsa_sig.c

Source (jump to first uncovered line)
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/proverr.h>
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "prov/der_slh_dsa.h"
#include "crypto/slh_dsa.h"
#include "internal/sizes.h"

#define SLH_DSA_MAX_ADD_RANDOM_LEN 32

#define SLH_DSA_MESSAGE_ENCODE_RAW  0
#define SLH_DSA_MESSAGE_ENCODE_PURE 1

static OSSL_FUNC_signature_sign_message_init_fn slh_dsa_sign_msg_init;
static OSSL_FUNC_signature_sign_fn slh_dsa_sign;
static OSSL_FUNC_signature_verify_message_init_fn slh_dsa_verify_msg_init;
static OSSL_FUNC_signature_verify_fn slh_dsa_verify;
static OSSL_FUNC_signature_digest_sign_init_fn slh_dsa_digest_signverify_init;
static OSSL_FUNC_signature_digest_sign_fn slh_dsa_digest_sign;
static OSSL_FUNC_signature_digest_verify_fn slh_dsa_digest_verify;
static OSSL_FUNC_signature_freectx_fn slh_dsa_freectx;
static OSSL_FUNC_signature_dupctx_fn slh_dsa_dupctx;
static OSSL_FUNC_signature_set_ctx_params_fn slh_dsa_set_ctx_params;
static OSSL_FUNC_signature_settable_ctx_params_fn slh_dsa_settable_ctx_params;

/*
 * NOTE: Any changes to this structure may require updating slh_dsa_dupctx().
 */
typedef struct {
    SLH_DSA_KEY *key; /* Note that the key is not owned by this object */
    SLH_DSA_HASH_CTX *hash_ctx;
    uint8_t context_string[SLH_DSA_MAX_CONTEXT_STRING_LEN];
    size_t context_string_len;
    uint8_t add_random[SLH_DSA_MAX_ADD_RANDOM_LEN];
    size_t add_random_len;
    int msg_encode;
    int deterministic;
    OSSL_LIB_CTX *libctx;
    char *propq;
    const char *alg;
    /* The Algorithm Identifier of the signature algorithm */
    uint8_t aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
    size_t  aid_len;
} PROV_SLH_DSA_CTX;

static void slh_dsa_freectx(void *vctx)
{
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;

    ossl_slh_dsa_hash_ctx_free(ctx->hash_ctx);
    OPENSSL_free(ctx->propq);
    OPENSSL_cleanse(ctx->add_random, ctx->add_random_len);
    OPENSSL_free(ctx);
}

static void *slh_dsa_newctx(void *provctx, const char *alg, const char *propq)
{
    PROV_SLH_DSA_CTX *ctx;

    if (!ossl_prov_is_running())
        return NULL;

    ctx = OPENSSL_zalloc(sizeof(PROV_SLH_DSA_CTX));
    if (ctx == NULL)
        return NULL;

    ctx->libctx = PROV_LIBCTX_OF(provctx);
    if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)
        goto err;
    ctx->alg = alg;
    ctx->msg_encode = SLH_DSA_MESSAGE_ENCODE_PURE;
    return ctx;
 err:
    slh_dsa_freectx(ctx);
    return NULL;
}

static void *slh_dsa_dupctx(void *vctx)
{
    PROV_SLH_DSA_CTX *src = (PROV_SLH_DSA_CTX *)vctx;
    PROV_SLH_DSA_CTX *ret;

    if (!ossl_prov_is_running())
        return NULL;

    /*
     * Note that the SLH_DSA_KEY is ref counted via EVP_PKEY so we can just copy
     * the key here.
     */
    ret = OPENSSL_memdup(src, sizeof(*src));
    if (ret == NULL)
        return NULL;
    ret->propq = NULL;
    ret->hash_ctx = NULL;
    if (src->propq != NULL && (ret->propq = OPENSSL_strdup(src->propq)) == NULL)
        goto err;
    ret->hash_ctx = ossl_slh_dsa_hash_ctx_dup(src->hash_ctx);
    if (ret->hash_ctx == NULL)
        goto err;

    return ret;
 err:
    slh_dsa_freectx(ret);
    return NULL;
}

static int slh_dsa_set_alg_id_buffer(PROV_SLH_DSA_CTX *ctx)
{
    int ret;
    WPACKET pkt;
    uint8_t *aid = NULL;

    /*
     * We do not care about DER writing errors.
     * All it really means is that for some reason, there's no
     * AlgorithmIdentifier to be had, but the operation itself is
     * still valid, just as long as it's not used to construct
     * anything that needs an AlgorithmIdentifier.
     */
    ctx->aid_len = 0;
    ret = WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf));
    ret = ret && ossl_DER_w_algorithmIdentifier_SLH_DSA(&pkt, -1, ctx->key);
    if (ret && WPACKET_finish(&pkt)) {
        WPACKET_get_total_written(&pkt, &ctx->aid_len);
        aid = WPACKET_get_curr(&pkt);
    }
    WPACKET_cleanup(&pkt);
    if (aid != NULL && ctx->aid_len != 0)
        memmove(ctx->aid_buf, aid, ctx->aid_len);
    return 1;
}

static int slh_dsa_signverify_msg_init(void *vctx, void *vkey,
                                       const OSSL_PARAM params[], int operation,
                                       const char *desc)
{
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;
    SLH_DSA_KEY *key = vkey;

    if (!ossl_prov_is_running()
            || ctx == NULL)
        return 0;

    if (vkey == NULL && ctx->key == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
        return 0;
    }

    if (key != NULL) {
        if (!ossl_slh_dsa_key_type_matches(key, ctx->alg))
            return 0;
        ctx->hash_ctx = ossl_slh_dsa_hash_ctx_new(key);
        if (ctx->hash_ctx == NULL)
            return 0;
        ctx->key = vkey;
    }

    slh_dsa_set_alg_id_buffer(ctx);
    if (!slh_dsa_set_ctx_params(ctx, params))
        return 0;
    return 1;
}

static int slh_dsa_sign_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[])
{
    return slh_dsa_signverify_msg_init(vctx, vkey, params,
                                       EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init");
}

static int slh_dsa_digest_signverify_init(void *vctx, const char *mdname,
                                          void *vkey, const OSSL_PARAM params[])
{
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;

    if (mdname != NULL && mdname[0] != '\0') {
        ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
                       "Explicit digest not supported for SLH-DSA operations");
        return 0;
    }

    if (vkey == NULL && ctx->key != NULL)
        return slh_dsa_set_ctx_params(ctx, params);

    return slh_dsa_signverify_msg_init(vctx, vkey, params,
                                       EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init");
}

static int slh_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
                        size_t sigsize, const unsigned char *msg, size_t msg_len)
{
    int ret = 0;
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;
    uint8_t add_rand[SLH_DSA_MAX_ADD_RANDOM_LEN], *opt_rand = NULL;
    size_t n = 0;

    if (!ossl_prov_is_running())
        return 0;

    if (sig != NULL) {
        if (ctx->add_random_len != 0) {
            opt_rand = ctx->add_random;
        } else if (ctx->deterministic == 0) {
            n = ossl_slh_dsa_key_get_n(ctx->key);
            if (RAND_priv_bytes_ex(ctx->libctx, add_rand, n, 0) <= 0)
                return 0;
            opt_rand = add_rand;
        }
    }
    ret = ossl_slh_dsa_sign(ctx->hash_ctx, msg, msg_len,
                            ctx->context_string, ctx->context_string_len,
                            opt_rand, ctx->msg_encode,
                            sig, siglen, sigsize);
    if (opt_rand != add_rand)
        OPENSSL_cleanse(opt_rand, n);
    return ret;
}

static int slh_dsa_digest_sign(void *vctx, uint8_t *sig, size_t *siglen, size_t sigsize,
                               const uint8_t *tbs, size_t tbslen)
{
    return slh_dsa_sign(vctx, sig, siglen, sigsize, tbs, tbslen);
}

static int slh_dsa_verify_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[])
{
    return slh_dsa_signverify_msg_init(vctx, vkey, params, EVP_PKEY_OP_VERIFY,
                                       "SLH_DSA Verify Init");
}

static int slh_dsa_verify(void *vctx, const uint8_t *sig, size_t siglen,
                          const uint8_t *msg, size_t msg_len)
{
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;

    if (!ossl_prov_is_running())
        return 0;
    return ossl_slh_dsa_verify(ctx->hash_ctx, msg, msg_len,
                               ctx->context_string, ctx->context_string_len,
                               ctx->msg_encode, sig, siglen);
}
static int slh_dsa_digest_verify(void *vctx, const uint8_t *sig, size_t siglen,
                                 const uint8_t *tbs, size_t tbslen)
{
    return slh_dsa_verify(vctx, sig, siglen, tbs, tbslen);
}

static int slh_dsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
    PROV_SLH_DSA_CTX *pctx = (PROV_SLH_DSA_CTX *)vctx;
    const OSSL_PARAM *p;

    if (pctx == NULL)
        return 0;
    if (ossl_param_is_empty(params))
        return 1;

    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_CONTEXT_STRING);
    if (p != NULL) {
        void *vp = pctx->context_string;

        if (!OSSL_PARAM_get_octet_string(p, &vp, sizeof(pctx->context_string),
                                         &(pctx->context_string_len))) {
            pctx->context_string_len = 0;
            return 0;
        }
    }
    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_TEST_ENTROPY);
    if (p != NULL) {
        void *vp = pctx->add_random;
        size_t n = ossl_slh_dsa_key_get_n(pctx->key);

        if (!OSSL_PARAM_get_octet_string(p, &vp, n, &(pctx->add_random_len))
                || pctx->add_random_len != n) {
            pctx->add_random_len = 0;
            return 0;
        }
    }
    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DETERMINISTIC);
    if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->deterministic))
        return 0;

    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING);
    if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->msg_encode))
        return 0;
    return 1;
}

static const OSSL_PARAM *slh_dsa_settable_ctx_params(void *vctx,
                                                     ossl_unused void *provctx)
{
    static const OSSL_PARAM settable_ctx_params[] = {
        OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
        OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_TEST_ENTROPY, NULL, 0),
        OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_DETERMINISTIC, 0),
        OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING, 0),
        OSSL_PARAM_END
    };

    return settable_ctx_params;
}

static const OSSL_PARAM known_gettable_ctx_params[] = {
    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
    OSSL_PARAM_END
};

static const OSSL_PARAM *slh_dsa_gettable_ctx_params(ossl_unused void *vctx,
                                                     ossl_unused void *provctx)
{
    return known_gettable_ctx_params;
}

static int slh_dsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
{
    PROV_SLH_DSA_CTX *ctx = (PROV_SLH_DSA_CTX *)vctx;
    OSSL_PARAM *p;

    if (ctx == NULL)
        return 0;

    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
    if (p != NULL
        && !OSSL_PARAM_set_octet_string(p,
                                        ctx->aid_len == 0 ? NULL : ctx->aid_buf,
                                        ctx->aid_len))
        return 0;

    return 1;
}

#define MAKE_SIGNATURE_FUNCTIONS(alg, fn)                                      \
    static OSSL_FUNC_signature_newctx_fn slh_dsa_##fn##_newctx;                \
    static void *slh_dsa_##fn##_newctx(void *provctx, const char *propq)       \
    {                                                                          \
        return slh_dsa_newctx(provctx, alg, propq);                            \
    }                                                                          \
    const OSSL_DISPATCH ossl_slh_dsa_##fn##_signature_functions[] = {          \
        { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))slh_dsa_##fn##_newctx }, \
        { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT,                               \
          (void (*)(void))slh_dsa_sign_msg_init },                             \
        { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))slh_dsa_sign },            \
        { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT,                             \
          (void (*)(void))slh_dsa_verify_msg_init },                           \
        { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))slh_dsa_verify },        \
        { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,                                \
          (void (*)(void))slh_dsa_digest_signverify_init },                    \
        { OSSL_FUNC_SIGNATURE_DIGEST_SIGN,                                     \
          (void (*)(void))slh_dsa_digest_sign },                               \
        { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,                              \
          (void (*)(void))slh_dsa_digest_signverify_init },                    \
        { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,                                   \
          (void (*)(void))slh_dsa_digest_verify },                             \
        { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))slh_dsa_freectx },      \
        { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))slh_dsa_dupctx },        \
        { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))slh_dsa_set_ctx_params },\
        { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,                             \
          (void (*)(void))slh_dsa_settable_ctx_params },                       \
        { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,                                  \
          (void (*)(void))slh_dsa_get_ctx_params },                            \
        { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,                             \
          (void (*)(void))slh_dsa_gettable_ctx_params },                       \
        OSSL_DISPATCH_END                                                      \
    }

MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

Coverage Report

Created: 2025-06-22 06:56

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/core_names.h>
11		#include <openssl/err.h>
12		#include <openssl/rand.h>
13		#include <openssl/proverr.h>
14		#include "prov/implementations.h"
15		#include "prov/providercommon.h"
16		#include "prov/provider_ctx.h"
17		#include "prov/der_slh_dsa.h"
18		#include "crypto/slh_dsa.h"
19		#include "internal/sizes.h"
20
21		#define SLH_DSA_MAX_ADD_RANDOM_LEN 32
22
23		#define SLH_DSA_MESSAGE_ENCODE_RAW 0
24	0	#define SLH_DSA_MESSAGE_ENCODE_PURE 1
25
26		static OSSL_FUNC_signature_sign_message_init_fn slh_dsa_sign_msg_init;
27		static OSSL_FUNC_signature_sign_fn slh_dsa_sign;
28		static OSSL_FUNC_signature_verify_message_init_fn slh_dsa_verify_msg_init;
29		static OSSL_FUNC_signature_verify_fn slh_dsa_verify;
30		static OSSL_FUNC_signature_digest_sign_init_fn slh_dsa_digest_signverify_init;
31		static OSSL_FUNC_signature_digest_sign_fn slh_dsa_digest_sign;
32		static OSSL_FUNC_signature_digest_verify_fn slh_dsa_digest_verify;
33		static OSSL_FUNC_signature_freectx_fn slh_dsa_freectx;
34		static OSSL_FUNC_signature_dupctx_fn slh_dsa_dupctx;
35		static OSSL_FUNC_signature_set_ctx_params_fn slh_dsa_set_ctx_params;
36		static OSSL_FUNC_signature_settable_ctx_params_fn slh_dsa_settable_ctx_params;
37
38		/*
39		* NOTE: Any changes to this structure may require updating slh_dsa_dupctx().
40		*/
41		typedef struct {
42		SLH_DSA_KEY key; / Note that the key is not owned by this object */
43		SLH_DSA_HASH_CTX *hash_ctx;
44		uint8_t context_string[SLH_DSA_MAX_CONTEXT_STRING_LEN];
45		size_t context_string_len;
46		uint8_t add_random[SLH_DSA_MAX_ADD_RANDOM_LEN];
47		size_t add_random_len;
48		int msg_encode;
49		int deterministic;
50		OSSL_LIB_CTX *libctx;
51		char *propq;
52		const char *alg;
53		/* The Algorithm Identifier of the signature algorithm */
54		uint8_t aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
55		size_t aid_len;
56		} PROV_SLH_DSA_CTX;
57
58		static void slh_dsa_freectx(void *vctx)
59	0	{
60	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
61
62	0	ossl_slh_dsa_hash_ctx_free(ctx->hash_ctx);
63	0	OPENSSL_free(ctx->propq);
64	0	OPENSSL_cleanse(ctx->add_random, ctx->add_random_len);
65	0	OPENSSL_free(ctx);
66	0	}
67
68		static void slh_dsa_newctx(void provctx, const char alg, const char propq)
69	0	{
70	0	PROV_SLH_DSA_CTX *ctx;
71
72	0	if (!ossl_prov_is_running())
73	0	return NULL;
74
75	0	ctx = OPENSSL_zalloc(sizeof(PROV_SLH_DSA_CTX));
76	0	if (ctx == NULL)
77	0	return NULL;
78
79	0	ctx->libctx = PROV_LIBCTX_OF(provctx);
80	0	if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)
81	0	goto err;
82	0	ctx->alg = alg;
83	0	ctx->msg_encode = SLH_DSA_MESSAGE_ENCODE_PURE;
84	0	return ctx;
85	0	err:
86	0	slh_dsa_freectx(ctx);
87	0	return NULL;
88	0	}
89
90		static void slh_dsa_dupctx(void vctx)
91	0	{
92	0	PROV_SLH_DSA_CTX src = (PROV_SLH_DSA_CTX )vctx;
93	0	PROV_SLH_DSA_CTX *ret;
94
95	0	if (!ossl_prov_is_running())
96	0	return NULL;
97
98		/*
99		* Note that the SLH_DSA_KEY is ref counted via EVP_PKEY so we can just copy
100		* the key here.
101		*/
102	0	ret = OPENSSL_memdup(src, sizeof(*src));
103	0	if (ret == NULL)
104	0	return NULL;
105	0	ret->propq = NULL;
106	0	ret->hash_ctx = NULL;
107	0	if (src->propq != NULL && (ret->propq = OPENSSL_strdup(src->propq)) == NULL)
108	0	goto err;
109	0	ret->hash_ctx = ossl_slh_dsa_hash_ctx_dup(src->hash_ctx);
110	0	if (ret->hash_ctx == NULL)
111	0	goto err;
112
113	0	return ret;
114	0	err:
115	0	slh_dsa_freectx(ret);
116	0	return NULL;
117	0	}
118
119		static int slh_dsa_set_alg_id_buffer(PROV_SLH_DSA_CTX *ctx)
120	0	{
121	0	int ret;
122	0	WPACKET pkt;
123	0	uint8_t *aid = NULL;
124
125		/*
126		* We do not care about DER writing errors.
127		* All it really means is that for some reason, there's no
128		* AlgorithmIdentifier to be had, but the operation itself is
129		* still valid, just as long as it's not used to construct
130		* anything that needs an AlgorithmIdentifier.
131		*/
132	0	ctx->aid_len = 0;
133	0	ret = WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf));
134	0	ret = ret && ossl_DER_w_algorithmIdentifier_SLH_DSA(&pkt, -1, ctx->key);
135	0	if (ret && WPACKET_finish(&pkt)) {
136	0	WPACKET_get_total_written(&pkt, &ctx->aid_len);
137	0	aid = WPACKET_get_curr(&pkt);
138	0	}
139	0	WPACKET_cleanup(&pkt);
140	0	if (aid != NULL && ctx->aid_len != 0)
141	0	memmove(ctx->aid_buf, aid, ctx->aid_len);
142	0	return 1;
143	0	}
144
145		static int slh_dsa_signverify_msg_init(void vctx, void vkey,
146		const OSSL_PARAM params[], int operation,
147		const char *desc)
148	0	{
149	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
150	0	SLH_DSA_KEY *key = vkey;
151
152	0	if (!ossl_prov_is_running()
153	0	\|\| ctx == NULL)
154	0	return 0;
155
156	0	if (vkey == NULL && ctx->key == NULL) {
157	0	ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
158	0	return 0;
159	0	}
160
161	0	if (key != NULL) {
162	0	if (!ossl_slh_dsa_key_type_matches(key, ctx->alg))
163	0	return 0;
164	0	ctx->hash_ctx = ossl_slh_dsa_hash_ctx_new(key);
165	0	if (ctx->hash_ctx == NULL)
166	0	return 0;
167	0	ctx->key = vkey;
168	0	}
169
170	0	slh_dsa_set_alg_id_buffer(ctx);
171	0	if (!slh_dsa_set_ctx_params(ctx, params))
172	0	return 0;
173	0	return 1;
174	0	}
175
176		static int slh_dsa_sign_msg_init(void vctx, void vkey, const OSSL_PARAM params[])
177	0	{
178	0	return slh_dsa_signverify_msg_init(vctx, vkey, params,
179	0	EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init");
180	0	}
181
182		static int slh_dsa_digest_signverify_init(void vctx, const char mdname,
183		void *vkey, const OSSL_PARAM params[])
184	0	{
185	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
186
187	0	if (mdname != NULL && mdname[0] != '\0') {
188	0	ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
189	0	"Explicit digest not supported for SLH-DSA operations");
190	0	return 0;
191	0	}
192
193	0	if (vkey == NULL && ctx->key != NULL)
194	0	return slh_dsa_set_ctx_params(ctx, params);
195
196	0	return slh_dsa_signverify_msg_init(vctx, vkey, params,
197	0	EVP_PKEY_OP_SIGN, "SLH_DSA Sign Init");
198	0	}
199
200		static int slh_dsa_sign(void vctx, unsigned char sig, size_t *siglen,
201		size_t sigsize, const unsigned char *msg, size_t msg_len)
202	0	{
203	0	int ret = 0;
204	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
205	0	uint8_t add_rand[SLH_DSA_MAX_ADD_RANDOM_LEN], *opt_rand = NULL;
206	0	size_t n = 0;
207
208	0	if (!ossl_prov_is_running())
209	0	return 0;
210
211	0	if (sig != NULL) {
212	0	if (ctx->add_random_len != 0) {
213	0	opt_rand = ctx->add_random;
214	0	} else if (ctx->deterministic == 0) {
215	0	n = ossl_slh_dsa_key_get_n(ctx->key);
216	0	if (RAND_priv_bytes_ex(ctx->libctx, add_rand, n, 0) <= 0)
217	0	return 0;
218	0	opt_rand = add_rand;
219	0	}
220	0	}
221	0	ret = ossl_slh_dsa_sign(ctx->hash_ctx, msg, msg_len,
222	0	ctx->context_string, ctx->context_string_len,
223	0	opt_rand, ctx->msg_encode,
224	0	sig, siglen, sigsize);
225	0	if (opt_rand != add_rand)
226	0	OPENSSL_cleanse(opt_rand, n);
227	0	return ret;
228	0	}
229
230		static int slh_dsa_digest_sign(void vctx, uint8_t sig, size_t *siglen, size_t sigsize,
231		const uint8_t *tbs, size_t tbslen)
232	0	{
233	0	return slh_dsa_sign(vctx, sig, siglen, sigsize, tbs, tbslen);
234	0	}
235
236		static int slh_dsa_verify_msg_init(void vctx, void vkey, const OSSL_PARAM params[])
237	0	{
238	0	return slh_dsa_signverify_msg_init(vctx, vkey, params, EVP_PKEY_OP_VERIFY,
239	0	"SLH_DSA Verify Init");
240	0	}
241
242		static int slh_dsa_verify(void vctx, const uint8_t sig, size_t siglen,
243		const uint8_t *msg, size_t msg_len)
244	0	{
245	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
246
247	0	if (!ossl_prov_is_running())
248	0	return 0;
249	0	return ossl_slh_dsa_verify(ctx->hash_ctx, msg, msg_len,
250	0	ctx->context_string, ctx->context_string_len,
251	0	ctx->msg_encode, sig, siglen);
252	0	}
253		static int slh_dsa_digest_verify(void vctx, const uint8_t sig, size_t siglen,
254		const uint8_t *tbs, size_t tbslen)
255	0	{
256	0	return slh_dsa_verify(vctx, sig, siglen, tbs, tbslen);
257	0	}
258
259		static int slh_dsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
260	0	{
261	0	PROV_SLH_DSA_CTX pctx = (PROV_SLH_DSA_CTX )vctx;
262	0	const OSSL_PARAM *p;
263
264	0	if (pctx == NULL)
265	0	return 0;
266	0	if (ossl_param_is_empty(params))
267	0	return 1;
268
269	0	p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_CONTEXT_STRING);
270	0	if (p != NULL) {
271	0	void *vp = pctx->context_string;
272
273	0	if (!OSSL_PARAM_get_octet_string(p, &vp, sizeof(pctx->context_string),
274	0	&(pctx->context_string_len))) {
275	0	pctx->context_string_len = 0;
276	0	return 0;
277	0	}
278	0	}
279	0	p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_TEST_ENTROPY);
280	0	if (p != NULL) {
281	0	void *vp = pctx->add_random;
282	0	size_t n = ossl_slh_dsa_key_get_n(pctx->key);
283
284	0	if (!OSSL_PARAM_get_octet_string(p, &vp, n, &(pctx->add_random_len))
285	0	\|\| pctx->add_random_len != n) {
286	0	pctx->add_random_len = 0;
287	0	return 0;
288	0	}
289	0	}
290	0	p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DETERMINISTIC);
291	0	if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->deterministic))
292	0	return 0;
293
294	0	p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING);
295	0	if (p != NULL && !OSSL_PARAM_get_int(p, &pctx->msg_encode))
296	0	return 0;
297	0	return 1;
298	0	}
299
300		static const OSSL_PARAM slh_dsa_settable_ctx_params(void vctx,
301		ossl_unused void *provctx)
302	0	{
303	0	static const OSSL_PARAM settable_ctx_params[] = {
304	0	OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
305	0	OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_TEST_ENTROPY, NULL, 0),
306	0	OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_DETERMINISTIC, 0),
307	0	OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_MESSAGE_ENCODING, 0),
308	0	OSSL_PARAM_END
309	0	};
310
311	0	return settable_ctx_params;
312	0	}
313
314		static const OSSL_PARAM known_gettable_ctx_params[] = {
315		OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
316		OSSL_PARAM_END
317		};
318
319		static const OSSL_PARAM slh_dsa_gettable_ctx_params(ossl_unused void vctx,
320		ossl_unused void *provctx)
321	0	{
322	0	return known_gettable_ctx_params;
323	0	}
324
325		static int slh_dsa_get_ctx_params(void vctx, OSSL_PARAM params)
326	0	{
327	0	PROV_SLH_DSA_CTX ctx = (PROV_SLH_DSA_CTX )vctx;
328	0	OSSL_PARAM *p;
329
330	0	if (ctx == NULL)
331	0	return 0;
332
333	0	p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
334	0	if (p != NULL
335	0	&& !OSSL_PARAM_set_octet_string(p,
336	0	ctx->aid_len == 0 ? NULL : ctx->aid_buf,
337	0	ctx->aid_len))
338	0	return 0;
339
340	0	return 1;
341	0	}
342
343		#define MAKE_SIGNATURE_FUNCTIONS(alg, fn) \
344		static OSSL_FUNC_signature_newctx_fn slh_dsa_##fn##_newctx; \
345		static void slh_dsa_##fn##_newctx(void provctx, const char *propq) \
346	0	{ \
347	0	return slh_dsa_newctx(provctx, alg, propq); \
348	0	} \ Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_128s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_128f_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_192s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_192f_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_256s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_sha2_256f_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_128s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_128f_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_192s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_192f_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_256s_newctx Unexecuted instantiation: slh_dsa_sig.c:slh_dsa_shake_256f_newctx
349		const OSSL_DISPATCH ossl_slh_dsa_##fn##_signature_functions[] = { \
350		{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))slh_dsa_##fn##_newctx }, \
351		{ OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \
352		(void (*)(void))slh_dsa_sign_msg_init }, \
353		{ OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))slh_dsa_sign }, \
354		{ OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \
355		(void (*)(void))slh_dsa_verify_msg_init }, \
356		{ OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))slh_dsa_verify }, \
357		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, \
358		(void (*)(void))slh_dsa_digest_signverify_init }, \
359		{ OSSL_FUNC_SIGNATURE_DIGEST_SIGN, \
360		(void (*)(void))slh_dsa_digest_sign }, \
361		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, \
362		(void (*)(void))slh_dsa_digest_signverify_init }, \
363		{ OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, \
364		(void (*)(void))slh_dsa_digest_verify }, \
365		{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))slh_dsa_freectx }, \
366		{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))slh_dsa_dupctx }, \
367		{ OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))slh_dsa_set_ctx_params },\
368		{ OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \
369		(void (*)(void))slh_dsa_settable_ctx_params }, \
370		{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \
371		(void (*)(void))slh_dsa_get_ctx_params }, \
372		{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \
373		(void (*)(void))slh_dsa_gettable_ctx_params }, \
374		OSSL_DISPATCH_END \
375		}
376
377		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
378		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
379		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
380		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
381		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
382		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
383		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
384		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
385		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
386		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
387		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
388		MAKE_SIGNATURE_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);