/src/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c

Source
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/proverr.h>
#include <openssl/self_test.h>
#include <openssl/proverr.h>
#include "crypto/slh_dsa.h"
#include "internal/fips.h"
#include "internal/param_build_set.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"

#ifdef FIPS_MODULE
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
                                         SLH_DSA_HASH_CTX *ctx);
#endif  /* FIPS_MODULE */

static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;

#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)

#ifdef FIPS_MODULE
static FIPS_DEFERRED_TEST slh_key_gen_deferred_tests[] = {
    {
        "SLH-DSA-SHA2-128f",
        FIPS_DEFERRED_KAT_ASYM_KEYGEN,
        FIPS_DEFERRED_TEST_INIT
    },
    { NULL, 0, 0 },
};
#endif

static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
{
    if (!ossl_prov_is_running())
        return 0;

#ifdef FIPS_MODULE
    return FIPS_deferred_self_tests(libctx, slh_key_gen_deferred_tests);
#else
    return 1;
#endif
}

struct slh_dsa_gen_ctx {
    SLH_DSA_HASH_CTX *ctx;
    OSSL_LIB_CTX *libctx;
    char *propq;
    uint8_t entropy[SLH_DSA_MAX_N * 3];
    size_t entropy_len;
};

static void *slh_dsa_new_key(void *provctx, const char *alg)
{
    if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
        return 0;

    return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
}

static void slh_dsa_free_key(void *keydata)
{
    ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
}

static void *slh_dsa_dup_key(const void *keydata_from, int selection)
{
    if (ossl_prov_is_running())
        return ossl_slh_dsa_key_dup(keydata_from, selection);
    return NULL;
}

static int slh_dsa_has(const void *keydata, int selection)
{
    const SLH_DSA_KEY *key = keydata;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 1; /* the selection is not missing */

    return ossl_slh_dsa_key_has(key, selection);
}

static int slh_dsa_match(const void *keydata1, const void *keydata2, int selection)
{
    const SLH_DSA_KEY *key1 = keydata1;
    const SLH_DSA_KEY *key2 = keydata2;

    if (!ossl_prov_is_running())
        return 0;
    if (key1 == NULL || key2 == NULL)
        return 0;
    return ossl_slh_dsa_key_equal(key1, key2, selection);
}

static int slh_dsa_validate(const void *key_data, int selection, int check_type)
{
    const SLH_DSA_KEY *key = key_data;

    if (!slh_dsa_has(key, selection))
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
        return ossl_slh_dsa_key_pairwise_check(key);
    return 1;
}

static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    int include_priv;
    struct slh_dsa_import_st p;

    if (!ossl_prov_is_running()
            || key == NULL
            || !slh_dsa_import_decoder(params, &p))
        return 0;

    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 0;

    include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
    return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
}

static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
{
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return NULL;
    return slh_dsa_import_list;
}

static const OSSL_PARAM *slh_dsa_gettable_params(void *provctx)
{
    return slh_dsa_get_params_list;
}

static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
                         int selection)
{
    /* Error if there is no key or public key */
    if (key == NULL || ossl_slh_dsa_key_get_pub(key) == NULL)
        return 0;

    if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
        && ossl_slh_dsa_key_get_priv(key) != NULL)
        if (ossl_param_build_set_octet_string(tmpl, NULL,
                                              OSSL_PKEY_PARAM_PRIV_KEY,
                                              ossl_slh_dsa_key_get_priv(key),
                                              ossl_slh_dsa_key_get_priv_len(key)) != 1)
            return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
        return 1;

    return ossl_param_build_set_octet_string(tmpl, NULL,
                                             OSSL_PKEY_PARAM_PUB_KEY,
                                             ossl_slh_dsa_key_get_pub(key),
                                             ossl_slh_dsa_key_get_pub_len(key));
}

static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    struct slh_dsa_get_params_st p;
    const uint8_t *pub, *priv;

    if (key == NULL || !slh_dsa_get_params_decoder(params, &p))
        return 0;

    if (p.bits != NULL
            && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
        return 0;
    if (p.secbits != NULL
            && !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
        return 0;
    if (p.maxsize != NULL
            && !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
        return 0;
    if (p.seccat != NULL
            && !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
        return 0;

    priv = ossl_slh_dsa_key_get_priv(key);
    if (priv != NULL) {
        /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
        if (p.priv != NULL
            && !OSSL_PARAM_set_octet_string(p.priv, priv,
                                            ossl_slh_dsa_key_get_priv_len(key)))
            return 0;
    }
    pub = ossl_slh_dsa_key_get_pub(key);
    if (pub != NULL) {
        if (p.pub != NULL
            && !OSSL_PARAM_set_octet_string(p.pub, pub,
                                            ossl_slh_dsa_key_get_pub_len(key)))
            return 0;
    }
    /*
     * This allows apps to use an empty digest, so that the old API
     * for digest signing can be used.
     */
    if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
        return 0;
    return 1;
}

static int slh_dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
                          void *cbarg)
{
    SLH_DSA_KEY *key = keydata;
    OSSL_PARAM_BLD *tmpl;
    OSSL_PARAM *params = NULL;
    int ret = 0;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
        return 0;

    tmpl = OSSL_PARAM_BLD_new();
    if (tmpl == NULL)
        return 0;

    if (!key_to_params(key, tmpl, selection))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL)
        goto err;

    ret = param_cb(params, cbarg);
    OSSL_PARAM_clear_free(params);
err:
    OSSL_PARAM_BLD_free(tmpl);
    return ret;
}

static void *slh_dsa_load(const void *reference, size_t reference_sz)
{
    SLH_DSA_KEY *key = NULL;

    if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
        /* The contents of the reference is the address to our object */
        key = *(SLH_DSA_KEY **)reference;

        /* We grabbed, so we detach it */
        *(SLH_DSA_KEY **)reference = NULL;
        return key;
    }
    return NULL;
}

static void *slh_dsa_gen_init(void *provctx, int selection,
                              const OSSL_PARAM params[])
{
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
    struct slh_dsa_gen_ctx *gctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;

    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
        gctx->libctx = libctx;
        if (!slh_dsa_gen_set_params(gctx, params)) {
            OPENSSL_free(gctx);
            gctx = NULL;
        }
    }
    return gctx;
}

#ifdef FIPS_MODULE
/*
 * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
 * Perform a pairwise test for SLH_DSA by signing and verifying a signature.
 */
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
                                         SLH_DSA_HASH_CTX *ctx)
{
    int ret = 0;
    OSSL_SELF_TEST *st = NULL;
    OSSL_CALLBACK *cb = NULL;
    void *cb_arg = NULL;
    uint8_t msg[16] = {0};
    size_t msg_len = sizeof(msg);
    uint8_t *sig = NULL;
    size_t sig_len;
    OSSL_LIB_CTX *lib_ctx;
    int alloc_ctx = 0;

    /* During self test, it is a waste to do this test */
    if (ossl_fips_self_testing()
        || slh_key_gen_deferred_tests[0].state == FIPS_DEFERRED_TEST_IN_PROGRESS)
        return 1;

    if (ctx == NULL) {
        ctx = ossl_slh_dsa_hash_ctx_new(key);
        if (ctx == NULL)
            return 0;
        alloc_ctx = 1;
    }
    lib_ctx = ossl_slh_dsa_key_get0_libctx(key);

    OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
    st = OSSL_SELF_TEST_new(cb, cb_arg);
    if (st == NULL)
        goto err;

    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
                           OSSL_SELF_TEST_DESC_PCT_SLH_DSA);

    sig_len = ossl_slh_dsa_key_get_sig_len(key);
    sig = OPENSSL_malloc(sig_len);
    if (sig == NULL)
        goto err;

    if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
                          sig, &sig_len, sig_len) != 1)
        goto err;

    OSSL_SELF_TEST_oncorrupt_byte(st, sig);

    if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
        goto err;

    ret = 1;
err:
    if (alloc_ctx)
        ossl_slh_dsa_hash_ctx_free(ctx);
    OPENSSL_free(sig);
    OSSL_SELF_TEST_onend(st, ret);
    OSSL_SELF_TEST_free(st);
    return ret;
}
#endif /* FIPS_MODULE */

static void *slh_dsa_gen(void *genctx, const char *alg)
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    SLH_DSA_KEY *key = NULL;
    SLH_DSA_HASH_CTX *ctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;
    key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
    if (key == NULL)
        return NULL;
    ctx = ossl_slh_dsa_hash_ctx_new(key);
    if (ctx == NULL)
        goto err;
    if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
                                   gctx->entropy, gctx->entropy_len))
        goto err;
#ifdef FIPS_MODULE
    if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
        goto err;
    }
#endif /* FIPS_MODULE */
    ossl_slh_dsa_hash_ctx_free(ctx);
    return key;
 err:
    ossl_slh_dsa_hash_ctx_free(ctx);
    ossl_slh_dsa_key_free(key);
    return NULL;
}

static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    struct slh_dsa_gen_set_params_st p;

    if (gctx == NULL || !slh_dsa_gen_set_params_decoder(params, &p))
        return 0;

    if (p.seed != NULL) {
        void *vp = gctx->entropy;
        size_t len = sizeof(gctx->entropy);

        if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
            gctx->entropy_len = 0;
            return 0;
        }
    }

    if (p.propq != NULL) {
        if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
            return 0;
        OPENSSL_free(gctx->propq);
        gctx->propq = OPENSSL_strdup(p.propq->data);
        if (gctx->propq == NULL)
            return 0;
    }
    return 1;
}

static const OSSL_PARAM *slh_dsa_gen_settable_params(ossl_unused void *genctx,
                                                     ossl_unused void *provctx)
{
    return slh_dsa_gen_set_params_list;
}

static void slh_dsa_gen_cleanup(void *genctx)
{
    struct slh_dsa_gen_ctx *gctx = genctx;

    if (gctx == NULL)
        return;

    OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
    OPENSSL_free(gctx->propq);
    OPENSSL_free(gctx);
}

#define MAKE_KEYMGMT_FUNCTIONS(alg, fn)                                        \
    static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key;                    \
    static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen;                        \
    static void *slh_dsa_##fn##_new_key(void *provctx)                         \
    {                                                                          \
        return slh_dsa_new_key(provctx, alg);                                  \
    }                                                                          \
    static void *slh_dsa_##fn##_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)\
    {                                                                          \
        return slh_dsa_gen(genctx, alg);                                       \
    }                                                                          \
    const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = {            \
        { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key },     \
        { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key },          \
        { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key },            \
        { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has },                \
        { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match },            \
        { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import },          \
        { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
        { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export },          \
        { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
        { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load },              \
        { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))slh_dsa_get_params }, \
        { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))slh_dsa_gettable_params },\
        { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate },      \
        { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init },      \
        { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen },         \
        { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },\
        { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,                                    \
          (void (*)(void))slh_dsa_gen_set_params },                            \
        { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,                               \
          (void (*)(void))slh_dsa_gen_settable_params },                       \
        OSSL_DISPATCH_END                                                      \
    }

MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

Coverage Report

Created: 2025-11-07 06:58

Line	Count	Source
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/core_dispatch.h>
11		#include <openssl/core_names.h>
12		#include <openssl/param_build.h>
13		#include <openssl/proverr.h>
14		#include <openssl/self_test.h>
15		#include <openssl/proverr.h>
16		#include "crypto/slh_dsa.h"
17		#include "internal/fips.h"
18		#include "internal/param_build_set.h"
19		#include "prov/implementations.h"
20		#include "prov/providercommon.h"
21		#include "prov/provider_ctx.h"
22		#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"
23
24		#ifdef FIPS_MODULE
25		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
26		SLH_DSA_HASH_CTX *ctx);
27		#endif /* FIPS_MODULE */
28
29		static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
30		static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
31		static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
32		static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
33		static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
34		static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
35		static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
36		static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
37		static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
38		static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
39		static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
40		static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
41		static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
42		static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
43		static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
44		static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;
45
46	0	#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
47
48		#ifdef FIPS_MODULE
49		static FIPS_DEFERRED_TEST slh_key_gen_deferred_tests[] = {
50		{
51		"SLH-DSA-SHA2-128f",
52		FIPS_DEFERRED_KAT_ASYM_KEYGEN,
53		FIPS_DEFERRED_TEST_INIT
54		},
55		{ NULL, 0, 0 },
56		};
57		#endif
58
59		static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
60	0	{
61	0	if (!ossl_prov_is_running())
62	0	return 0;
63
64		#ifdef FIPS_MODULE
65		return FIPS_deferred_self_tests(libctx, slh_key_gen_deferred_tests);
66		#else
67	0	return 1;
68	0	#endif
69	0	}
70
71		struct slh_dsa_gen_ctx {
72		SLH_DSA_HASH_CTX *ctx;
73		OSSL_LIB_CTX *libctx;
74		char *propq;
75		uint8_t entropy[SLH_DSA_MAX_N * 3];
76		size_t entropy_len;
77		};
78
79		static void slh_dsa_new_key(void provctx, const char *alg)
80	0	{
81	0	if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
82	0	return 0;
83
84	0	return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
85	0	}
86
87		static void slh_dsa_free_key(void *keydata)
88	0	{
89	0	ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
90	0	}
91
92		static void slh_dsa_dup_key(const void keydata_from, int selection)
93	0	{
94	0	if (ossl_prov_is_running())
95	0	return ossl_slh_dsa_key_dup(keydata_from, selection);
96	0	return NULL;
97	0	}
98
99		static int slh_dsa_has(const void *keydata, int selection)
100	0	{
101	0	const SLH_DSA_KEY *key = keydata;
102
103	0	if (!ossl_prov_is_running() \|\| key == NULL)
104	0	return 0;
105	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
106	0	return 1; /* the selection is not missing */
107
108	0	return ossl_slh_dsa_key_has(key, selection);
109	0	}
110
111		static int slh_dsa_match(const void keydata1, const void keydata2, int selection)
112	0	{
113	0	const SLH_DSA_KEY *key1 = keydata1;
114	0	const SLH_DSA_KEY *key2 = keydata2;
115
116	0	if (!ossl_prov_is_running())
117	0	return 0;
118	0	if (key1 == NULL \|\| key2 == NULL)
119	0	return 0;
120	0	return ossl_slh_dsa_key_equal(key1, key2, selection);
121	0	}
122
123		static int slh_dsa_validate(const void *key_data, int selection, int check_type)
124	0	{
125	0	const SLH_DSA_KEY *key = key_data;
126
127	0	if (!slh_dsa_has(key, selection))
128	0	return 0;
129
130	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
131	0	return ossl_slh_dsa_key_pairwise_check(key);
132	0	return 1;
133	0	}
134
135		static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
136	0	{
137	0	SLH_DSA_KEY *key = keydata;
138	0	int include_priv;
139	0	struct slh_dsa_import_st p;
140
141	0	if (!ossl_prov_is_running()
142	0	\|\| key == NULL
143	0	\|\| !slh_dsa_import_decoder(params, &p))
144	0	return 0;
145
146	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
147	0	return 0;
148
149	0	include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
150	0	return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
151	0	}
152
153		static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
154	0	{
155	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
156	0	return NULL;
157	0	return slh_dsa_import_list;
158	0	}
159
160		static const OSSL_PARAM slh_dsa_gettable_params(void provctx)
161	0	{
162	0	return slh_dsa_get_params_list;
163	0	}
164
165		static int key_to_params(SLH_DSA_KEY key, OSSL_PARAM_BLD tmpl,
166		int selection)
167	0	{
168		/* Error if there is no key or public key */
169	0	if (key == NULL \|\| ossl_slh_dsa_key_get_pub(key) == NULL)
170	0	return 0;
171
172	0	if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
173	0	&& ossl_slh_dsa_key_get_priv(key) != NULL)
174	0	if (ossl_param_build_set_octet_string(tmpl, NULL,
175	0	OSSL_PKEY_PARAM_PRIV_KEY,
176	0	ossl_slh_dsa_key_get_priv(key),
177	0	ossl_slh_dsa_key_get_priv_len(key)) != 1)
178	0	return 0;
179
180	0	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
181	0	return 1;
182
183	0	return ossl_param_build_set_octet_string(tmpl, NULL,
184	0	OSSL_PKEY_PARAM_PUB_KEY,
185	0	ossl_slh_dsa_key_get_pub(key),
186	0	ossl_slh_dsa_key_get_pub_len(key));
187	0	}
188
189		static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
190	0	{
191	0	SLH_DSA_KEY *key = keydata;
192	0	struct slh_dsa_get_params_st p;
193	0	const uint8_t pub, priv;
194
195	0	if (key == NULL \|\| !slh_dsa_get_params_decoder(params, &p))
196	0	return 0;
197
198	0	if (p.bits != NULL
199	0	&& !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
200	0	return 0;
201	0	if (p.secbits != NULL
202	0	&& !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
203	0	return 0;
204	0	if (p.maxsize != NULL
205	0	&& !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
206	0	return 0;
207	0	if (p.seccat != NULL
208	0	&& !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
209	0	return 0;
210
211	0	priv = ossl_slh_dsa_key_get_priv(key);
212	0	if (priv != NULL) {
213		/* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
214	0	if (p.priv != NULL
215	0	&& !OSSL_PARAM_set_octet_string(p.priv, priv,
216	0	ossl_slh_dsa_key_get_priv_len(key)))
217	0	return 0;
218	0	}
219	0	pub = ossl_slh_dsa_key_get_pub(key);
220	0	if (pub != NULL) {
221	0	if (p.pub != NULL
222	0	&& !OSSL_PARAM_set_octet_string(p.pub, pub,
223	0	ossl_slh_dsa_key_get_pub_len(key)))
224	0	return 0;
225	0	}
226		/*
227		* This allows apps to use an empty digest, so that the old API
228		* for digest signing can be used.
229		*/
230	0	if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
231	0	return 0;
232	0	return 1;
233	0	}
234
235		static int slh_dsa_export(void keydata, int selection, OSSL_CALLBACK param_cb,
236		void *cbarg)
237	0	{
238	0	SLH_DSA_KEY *key = keydata;
239	0	OSSL_PARAM_BLD *tmpl;
240	0	OSSL_PARAM *params = NULL;
241	0	int ret = 0;
242
243	0	if (!ossl_prov_is_running() \|\| key == NULL)
244	0	return 0;
245
246	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
247	0	return 0;
248
249	0	tmpl = OSSL_PARAM_BLD_new();
250	0	if (tmpl == NULL)
251	0	return 0;
252
253	0	if (!key_to_params(key, tmpl, selection))
254	0	goto err;
255
256	0	params = OSSL_PARAM_BLD_to_param(tmpl);
257	0	if (params == NULL)
258	0	goto err;
259
260	0	ret = param_cb(params, cbarg);
261	0	OSSL_PARAM_clear_free(params);
262	0	err:
263	0	OSSL_PARAM_BLD_free(tmpl);
264	0	return ret;
265	0	}
266
267		static void slh_dsa_load(const void reference, size_t reference_sz)
268	0	{
269	0	SLH_DSA_KEY *key = NULL;
270
271	0	if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
272		/* The contents of the reference is the address to our object */
273	0	key = (SLH_DSA_KEY *)reference;
274
275		/* We grabbed, so we detach it */
276	0	(SLH_DSA_KEY *)reference = NULL;
277	0	return key;
278	0	}
279	0	return NULL;
280	0	}
281
282		static void slh_dsa_gen_init(void provctx, int selection,
283		const OSSL_PARAM params[])
284	0	{
285	0	OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
286	0	struct slh_dsa_gen_ctx *gctx = NULL;
287
288	0	if (!ossl_prov_is_running())
289	0	return NULL;
290
291	0	if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
292	0	gctx->libctx = libctx;
293	0	if (!slh_dsa_gen_set_params(gctx, params)) {
294	0	OPENSSL_free(gctx);
295	0	gctx = NULL;
296	0	}
297	0	}
298	0	return gctx;
299	0	}
300
301		#ifdef FIPS_MODULE
302		/*
303		* Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
304		* Perform a pairwise test for SLH_DSA by signing and verifying a signature.
305		*/
306		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
307		SLH_DSA_HASH_CTX *ctx)
308		{
309		int ret = 0;
310		OSSL_SELF_TEST *st = NULL;
311		OSSL_CALLBACK *cb = NULL;
312		void *cb_arg = NULL;
313		uint8_t msg[16] = {0};
314		size_t msg_len = sizeof(msg);
315		uint8_t *sig = NULL;
316		size_t sig_len;
317		OSSL_LIB_CTX *lib_ctx;
318		int alloc_ctx = 0;
319
320		/* During self test, it is a waste to do this test */
321		if (ossl_fips_self_testing()
322		\|\| slh_key_gen_deferred_tests[0].state == FIPS_DEFERRED_TEST_IN_PROGRESS)
323		return 1;
324
325		if (ctx == NULL) {
326		ctx = ossl_slh_dsa_hash_ctx_new(key);
327		if (ctx == NULL)
328		return 0;
329		alloc_ctx = 1;
330		}
331		lib_ctx = ossl_slh_dsa_key_get0_libctx(key);
332
333		OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
334		st = OSSL_SELF_TEST_new(cb, cb_arg);
335		if (st == NULL)
336		goto err;
337
338		OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
339		OSSL_SELF_TEST_DESC_PCT_SLH_DSA);
340
341		sig_len = ossl_slh_dsa_key_get_sig_len(key);
342		sig = OPENSSL_malloc(sig_len);
343		if (sig == NULL)
344		goto err;
345
346		if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
347		sig, &sig_len, sig_len) != 1)
348		goto err;
349
350		OSSL_SELF_TEST_oncorrupt_byte(st, sig);
351
352		if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
353		goto err;
354
355		ret = 1;
356		err:
357		if (alloc_ctx)
358		ossl_slh_dsa_hash_ctx_free(ctx);
359		OPENSSL_free(sig);
360		OSSL_SELF_TEST_onend(st, ret);
361		OSSL_SELF_TEST_free(st);
362		return ret;
363		}
364		#endif /* FIPS_MODULE */
365
366		static void slh_dsa_gen(void genctx, const char *alg)
367	0	{
368	0	struct slh_dsa_gen_ctx *gctx = genctx;
369	0	SLH_DSA_KEY *key = NULL;
370	0	SLH_DSA_HASH_CTX *ctx = NULL;
371
372	0	if (!ossl_prov_is_running())
373	0	return NULL;
374	0	key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
375	0	if (key == NULL)
376	0	return NULL;
377	0	ctx = ossl_slh_dsa_hash_ctx_new(key);
378	0	if (ctx == NULL)
379	0	goto err;
380	0	if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
381	0	gctx->entropy, gctx->entropy_len))
382	0	goto err;
383		#ifdef FIPS_MODULE
384		if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
385		ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
386		goto err;
387		}
388		#endif /* FIPS_MODULE */
389	0	ossl_slh_dsa_hash_ctx_free(ctx);
390	0	return key;
391	0	err:
392	0	ossl_slh_dsa_hash_ctx_free(ctx);
393	0	ossl_slh_dsa_key_free(key);
394	0	return NULL;
395	0	}
396
397		static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
398	0	{
399	0	struct slh_dsa_gen_ctx *gctx = genctx;
400	0	struct slh_dsa_gen_set_params_st p;
401
402	0	if (gctx == NULL \|\| !slh_dsa_gen_set_params_decoder(params, &p))
403	0	return 0;
404
405	0	if (p.seed != NULL) {
406	0	void *vp = gctx->entropy;
407	0	size_t len = sizeof(gctx->entropy);
408
409	0	if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
410	0	gctx->entropy_len = 0;
411	0	return 0;
412	0	}
413	0	}
414
415	0	if (p.propq != NULL) {
416	0	if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
417	0	return 0;
418	0	OPENSSL_free(gctx->propq);
419	0	gctx->propq = OPENSSL_strdup(p.propq->data);
420	0	if (gctx->propq == NULL)
421	0	return 0;
422	0	}
423	0	return 1;
424	0	}
425
426		static const OSSL_PARAM slh_dsa_gen_settable_params(ossl_unused void genctx,
427		ossl_unused void *provctx)
428	0	{
429	0	return slh_dsa_gen_set_params_list;
430	0	}
431
432		static void slh_dsa_gen_cleanup(void *genctx)
433	0	{
434	0	struct slh_dsa_gen_ctx *gctx = genctx;
435
436	0	if (gctx == NULL)
437	0	return;
438
439	0	OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
440	0	OPENSSL_free(gctx->propq);
441	0	OPENSSL_free(gctx);
442	0	}
443
444		#define MAKE_KEYMGMT_FUNCTIONS(alg, fn) \
445		static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key; \
446		static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen; \
447		static void slh_dsa_##fn##_new_key(void provctx) \
448	0	{ \
449	0	return slh_dsa_new_key(provctx, alg); \
450	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_new_key
451		static void slh_dsa_##fn##_gen(void genctx, OSSL_CALLBACK osslcb, void cbarg)\
452	0	{ \
453	0	return slh_dsa_gen(genctx, alg); \
454	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_gen
455		const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = { \
456		{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key }, \
457		{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key }, \
458		{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key }, \
459		{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has }, \
460		{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match }, \
461		{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import }, \
462		{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
463		{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export }, \
464		{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },\
465		{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load }, \
466		{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))slh_dsa_get_params }, \
467		{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))slh_dsa_gettable_params },\
468		{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate }, \
469		{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init }, \
470		{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen }, \
471		{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },\
472		{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, \
473		(void (*)(void))slh_dsa_gen_set_params }, \
474		{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \
475		(void (*)(void))slh_dsa_gen_settable_params }, \
476		OSSL_DISPATCH_END \
477		}
478
479		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
480		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
481		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
482		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
483		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
484		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
485		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
486		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
487		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
488		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
489		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
490		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);