/src/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c

Source
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/proverr.h>
#include <openssl/self_test.h>
#include <openssl/proverr.h>
#include "crypto/slh_dsa.h"
#include "internal/fips.h"
#include "internal/param_build_set.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"

#ifdef FIPS_MODULE
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
    SLH_DSA_HASH_CTX *ctx);
#endif /* FIPS_MODULE */

static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;

#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)

#ifdef FIPS_MODULE
static FIPS_DEFERRED_TEST slh_key_gen_deferred_tests[] = {
    { "SLH-DSA-SHA2-128f",
        FIPS_DEFERRED_KAT_ASYM_KEYGEN,
        FIPS_DEFERRED_TEST_INIT },
    { NULL, 0, 0 },
};
#endif

static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
{
    if (!ossl_prov_is_running())
        return 0;

#ifdef FIPS_MODULE
    return FIPS_deferred_self_tests(libctx, slh_key_gen_deferred_tests);
#else
    return 1;
#endif
}

struct slh_dsa_gen_ctx {
    SLH_DSA_HASH_CTX *ctx;
    OSSL_LIB_CTX *libctx;
    char *propq;
    uint8_t entropy[SLH_DSA_MAX_N * 3];
    size_t entropy_len;
};

static void *slh_dsa_new_key(void *provctx, const char *alg)
{
    if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
        return 0;

    return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
}

static void slh_dsa_free_key(void *keydata)
{
    ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
}

static void *slh_dsa_dup_key(const void *keydata_from, int selection)
{
    if (ossl_prov_is_running())
        return ossl_slh_dsa_key_dup(keydata_from, selection);
    return NULL;
}

static int slh_dsa_has(const void *keydata, int selection)
{
    const SLH_DSA_KEY *key = keydata;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 1; /* the selection is not missing */

    return ossl_slh_dsa_key_has(key, selection);
}

static int slh_dsa_match(const void *keydata1, const void *keydata2, int selection)
{
    const SLH_DSA_KEY *key1 = keydata1;
    const SLH_DSA_KEY *key2 = keydata2;

    if (!ossl_prov_is_running())
        return 0;
    if (key1 == NULL || key2 == NULL)
        return 0;
    return ossl_slh_dsa_key_equal(key1, key2, selection);
}

static int slh_dsa_validate(const void *key_data, int selection, int check_type)
{
    const SLH_DSA_KEY *key = key_data;

    if (!slh_dsa_has(key, selection))
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
        return ossl_slh_dsa_key_pairwise_check(key);
    return 1;
}

static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    int include_priv;
    struct slh_dsa_import_st p;

    if (!ossl_prov_is_running()
        || key == NULL
        || !slh_dsa_import_decoder(params, &p))
        return 0;

    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 0;

    include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
    return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
}

static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
{
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return NULL;
    return slh_dsa_import_list;
}

static const OSSL_PARAM *slh_dsa_gettable_params(void *provctx)
{
    return slh_dsa_get_params_list;
}

static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
    int selection)
{
    /* Error if there is no key or public key */
    if (key == NULL || ossl_slh_dsa_key_get_pub(key) == NULL)
        return 0;

    if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
        && ossl_slh_dsa_key_get_priv(key) != NULL)
        if (ossl_param_build_set_octet_string(tmpl, NULL,
                OSSL_PKEY_PARAM_PRIV_KEY,
                ossl_slh_dsa_key_get_priv(key),
                ossl_slh_dsa_key_get_priv_len(key))
            != 1)
            return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
        return 1;

    return ossl_param_build_set_octet_string(tmpl, NULL,
        OSSL_PKEY_PARAM_PUB_KEY,
        ossl_slh_dsa_key_get_pub(key),
        ossl_slh_dsa_key_get_pub_len(key));
}

static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    struct slh_dsa_get_params_st p;
    const uint8_t *pub, *priv;

    if (key == NULL || !slh_dsa_get_params_decoder(params, &p))
        return 0;

    if (p.bits != NULL
        && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
        return 0;
    if (p.secbits != NULL
        && !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
        return 0;
    if (p.maxsize != NULL
        && !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
        return 0;
    if (p.seccat != NULL
        && !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
        return 0;

    priv = ossl_slh_dsa_key_get_priv(key);
    if (priv != NULL) {
        /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
        if (p.priv != NULL
            && !OSSL_PARAM_set_octet_string(p.priv, priv,
                ossl_slh_dsa_key_get_priv_len(key)))
            return 0;
    }
    pub = ossl_slh_dsa_key_get_pub(key);
    if (pub != NULL) {
        if (p.pub != NULL
            && !OSSL_PARAM_set_octet_string(p.pub, pub,
                ossl_slh_dsa_key_get_pub_len(key)))
            return 0;
    }
    /*
     * This allows apps to use an empty digest, so that the old API
     * for digest signing can be used.
     */
    if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
        return 0;
    return 1;
}

static int slh_dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
    void *cbarg)
{
    SLH_DSA_KEY *key = keydata;
    OSSL_PARAM_BLD *tmpl;
    OSSL_PARAM *params = NULL;
    int ret = 0;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
        return 0;

    tmpl = OSSL_PARAM_BLD_new();
    if (tmpl == NULL)
        return 0;

    if (!key_to_params(key, tmpl, selection))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL)
        goto err;

    ret = param_cb(params, cbarg);
    OSSL_PARAM_clear_free(params);
err:
    OSSL_PARAM_BLD_free(tmpl);
    return ret;
}

static void *slh_dsa_load(const void *reference, size_t reference_sz)
{
    SLH_DSA_KEY *key = NULL;

    if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
        /* The contents of the reference is the address to our object */
        key = *(SLH_DSA_KEY **)reference;

        /* We grabbed, so we detach it */
        *(SLH_DSA_KEY **)reference = NULL;
        return key;
    }
    return NULL;
}

static void *slh_dsa_gen_init(void *provctx, int selection,
    const OSSL_PARAM params[])
{
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
    struct slh_dsa_gen_ctx *gctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;

    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
        gctx->libctx = libctx;
        if (!slh_dsa_gen_set_params(gctx, params)) {
            OPENSSL_free(gctx);
            gctx = NULL;
        }
    }
    return gctx;
}

#ifdef FIPS_MODULE
/*
 * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
 * Perform a pairwise test for SLH_DSA by signing and verifying a signature.
 */
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
    SLH_DSA_HASH_CTX *ctx)
{
    int ret = 0;
    OSSL_SELF_TEST *st = NULL;
    OSSL_CALLBACK *cb = NULL;
    void *cb_arg = NULL;
    uint8_t msg[16] = { 0 };
    size_t msg_len = sizeof(msg);
    uint8_t *sig = NULL;
    size_t sig_len;
    OSSL_LIB_CTX *lib_ctx;
    int alloc_ctx = 0;

    /* During self test, it is a waste to do this test */
    if (ossl_fips_self_testing()
        || slh_key_gen_deferred_tests[0].state == FIPS_DEFERRED_TEST_IN_PROGRESS)
        return 1;

    if (ctx == NULL) {
        ctx = ossl_slh_dsa_hash_ctx_new(key);
        if (ctx == NULL)
            return 0;
        alloc_ctx = 1;
    }
    lib_ctx = ossl_slh_dsa_key_get0_libctx(key);

    OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
    st = OSSL_SELF_TEST_new(cb, cb_arg);
    if (st == NULL)
        goto err;

    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
        OSSL_SELF_TEST_DESC_PCT_SLH_DSA);

    sig_len = ossl_slh_dsa_key_get_sig_len(key);
    sig = OPENSSL_malloc(sig_len);
    if (sig == NULL)
        goto err;

    if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
            sig, &sig_len, sig_len)
        != 1)
        goto err;

    OSSL_SELF_TEST_oncorrupt_byte(st, sig);

    if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
        goto err;

    ret = 1;
err:
    if (alloc_ctx)
        ossl_slh_dsa_hash_ctx_free(ctx);
    OPENSSL_free(sig);
    OSSL_SELF_TEST_onend(st, ret);
    OSSL_SELF_TEST_free(st);
    return ret;
}
#endif /* FIPS_MODULE */

static void *slh_dsa_gen(void *genctx, const char *alg)
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    SLH_DSA_KEY *key = NULL;
    SLH_DSA_HASH_CTX *ctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;
    key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
    if (key == NULL)
        return NULL;
    ctx = ossl_slh_dsa_hash_ctx_new(key);
    if (ctx == NULL)
        goto err;
    if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
            gctx->entropy, gctx->entropy_len))
        goto err;
#ifdef FIPS_MODULE
    if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
        goto err;
    }
#endif /* FIPS_MODULE */
    ossl_slh_dsa_hash_ctx_free(ctx);
    return key;
err:
    ossl_slh_dsa_hash_ctx_free(ctx);
    ossl_slh_dsa_key_free(key);
    return NULL;
}

static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    struct slh_dsa_gen_set_params_st p;

    if (gctx == NULL || !slh_dsa_gen_set_params_decoder(params, &p))
        return 0;

    if (p.seed != NULL) {
        void *vp = gctx->entropy;
        size_t len = sizeof(gctx->entropy);

        if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
            gctx->entropy_len = 0;
            return 0;
        }
    }

    if (p.propq != NULL) {
        if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
            return 0;
        OPENSSL_free(gctx->propq);
        gctx->propq = OPENSSL_strdup(p.propq->data);
        if (gctx->propq == NULL)
            return 0;
    }
    return 1;
}

static const OSSL_PARAM *slh_dsa_gen_settable_params(ossl_unused void *genctx,
    ossl_unused void *provctx)
{
    return slh_dsa_gen_set_params_list;
}

static void slh_dsa_gen_cleanup(void *genctx)
{
    struct slh_dsa_gen_ctx *gctx = genctx;

    if (gctx == NULL)
        return;

    OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
    OPENSSL_free(gctx->propq);
    OPENSSL_free(gctx);
}

#define MAKE_KEYMGMT_FUNCTIONS(alg, fn)                                                 \
    static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key;                             \
    static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen;                                 \
    static void *slh_dsa_##fn##_new_key(void *provctx)                                  \
    {                                                                                   \
        return slh_dsa_new_key(provctx, alg);                                           \
    }                                                                                   \
    static void *slh_dsa_##fn##_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)   \
    {                                                                                   \
        return slh_dsa_gen(genctx, alg);                                                \
    }                                                                                   \
    const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = {                     \
        { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key },              \
        { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key },                   \
        { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key },                     \
        { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has },                         \
        { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match },                     \
        { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import },                   \
        { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },     \
        { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export },                   \
        { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },     \
        { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load },                       \
        { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))slh_dsa_get_params },           \
        { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))slh_dsa_gettable_params }, \
        { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate },               \
        { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init },               \
        { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen },                  \
        { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },         \
        { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,                                             \
            (void (*)(void))slh_dsa_gen_set_params },                                   \
        { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,                                        \
            (void (*)(void))slh_dsa_gen_settable_params },                              \
        OSSL_DISPATCH_END                                                               \
    }

MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

Coverage Report

Created: 2025-12-10 06:24

Line	Count	Source
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/core_dispatch.h>
11		#include <openssl/core_names.h>
12		#include <openssl/param_build.h>
13		#include <openssl/proverr.h>
14		#include <openssl/self_test.h>
15		#include <openssl/proverr.h>
16		#include "crypto/slh_dsa.h"
17		#include "internal/fips.h"
18		#include "internal/param_build_set.h"
19		#include "prov/implementations.h"
20		#include "prov/providercommon.h"
21		#include "prov/provider_ctx.h"
22		#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"
23
24		#ifdef FIPS_MODULE
25		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
26		SLH_DSA_HASH_CTX *ctx);
27		#endif /* FIPS_MODULE */
28
29		static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
30		static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
31		static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
32		static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
33		static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
34		static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
35		static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
36		static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
37		static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
38		static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
39		static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
40		static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
41		static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
42		static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
43		static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
44		static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;
45
46	0	#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
47
48		#ifdef FIPS_MODULE
49		static FIPS_DEFERRED_TEST slh_key_gen_deferred_tests[] = {
50		{ "SLH-DSA-SHA2-128f",
51		FIPS_DEFERRED_KAT_ASYM_KEYGEN,
52		FIPS_DEFERRED_TEST_INIT },
53		{ NULL, 0, 0 },
54		};
55		#endif
56
57		static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
58	0	{
59	0	if (!ossl_prov_is_running())
60	0	return 0;
61
62		#ifdef FIPS_MODULE
63		return FIPS_deferred_self_tests(libctx, slh_key_gen_deferred_tests);
64		#else
65	0	return 1;
66	0	#endif
67	0	}
68
69		struct slh_dsa_gen_ctx {
70		SLH_DSA_HASH_CTX *ctx;
71		OSSL_LIB_CTX *libctx;
72		char *propq;
73		uint8_t entropy[SLH_DSA_MAX_N * 3];
74		size_t entropy_len;
75		};
76
77		static void slh_dsa_new_key(void provctx, const char *alg)
78	0	{
79	0	if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
80	0	return 0;
81
82	0	return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
83	0	}
84
85		static void slh_dsa_free_key(void *keydata)
86	0	{
87	0	ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
88	0	}
89
90		static void slh_dsa_dup_key(const void keydata_from, int selection)
91	0	{
92	0	if (ossl_prov_is_running())
93	0	return ossl_slh_dsa_key_dup(keydata_from, selection);
94	0	return NULL;
95	0	}
96
97		static int slh_dsa_has(const void *keydata, int selection)
98	0	{
99	0	const SLH_DSA_KEY *key = keydata;
100
101	0	if (!ossl_prov_is_running() \|\| key == NULL)
102	0	return 0;
103	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
104	0	return 1; /* the selection is not missing */
105
106	0	return ossl_slh_dsa_key_has(key, selection);
107	0	}
108
109		static int slh_dsa_match(const void keydata1, const void keydata2, int selection)
110	0	{
111	0	const SLH_DSA_KEY *key1 = keydata1;
112	0	const SLH_DSA_KEY *key2 = keydata2;
113
114	0	if (!ossl_prov_is_running())
115	0	return 0;
116	0	if (key1 == NULL \|\| key2 == NULL)
117	0	return 0;
118	0	return ossl_slh_dsa_key_equal(key1, key2, selection);
119	0	}
120
121		static int slh_dsa_validate(const void *key_data, int selection, int check_type)
122	0	{
123	0	const SLH_DSA_KEY *key = key_data;
124
125	0	if (!slh_dsa_has(key, selection))
126	0	return 0;
127
128	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
129	0	return ossl_slh_dsa_key_pairwise_check(key);
130	0	return 1;
131	0	}
132
133		static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
134	0	{
135	0	SLH_DSA_KEY *key = keydata;
136	0	int include_priv;
137	0	struct slh_dsa_import_st p;
138
139	0	if (!ossl_prov_is_running()
140	0	\|\| key == NULL
141	0	\|\| !slh_dsa_import_decoder(params, &p))
142	0	return 0;
143
144	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
145	0	return 0;
146
147	0	include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
148	0	return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
149	0	}
150
151		static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
152	0	{
153	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
154	0	return NULL;
155	0	return slh_dsa_import_list;
156	0	}
157
158		static const OSSL_PARAM slh_dsa_gettable_params(void provctx)
159	0	{
160	0	return slh_dsa_get_params_list;
161	0	}
162
163		static int key_to_params(SLH_DSA_KEY key, OSSL_PARAM_BLD tmpl,
164		int selection)
165	0	{
166		/* Error if there is no key or public key */
167	0	if (key == NULL \|\| ossl_slh_dsa_key_get_pub(key) == NULL)
168	0	return 0;
169
170	0	if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
171	0	&& ossl_slh_dsa_key_get_priv(key) != NULL)
172	0	if (ossl_param_build_set_octet_string(tmpl, NULL,
173	0	OSSL_PKEY_PARAM_PRIV_KEY,
174	0	ossl_slh_dsa_key_get_priv(key),
175	0	ossl_slh_dsa_key_get_priv_len(key))
176	0	!= 1)
177	0	return 0;
178
179	0	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
180	0	return 1;
181
182	0	return ossl_param_build_set_octet_string(tmpl, NULL,
183	0	OSSL_PKEY_PARAM_PUB_KEY,
184	0	ossl_slh_dsa_key_get_pub(key),
185	0	ossl_slh_dsa_key_get_pub_len(key));
186	0	}
187
188		static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
189	0	{
190	0	SLH_DSA_KEY *key = keydata;
191	0	struct slh_dsa_get_params_st p;
192	0	const uint8_t pub, priv;
193
194	0	if (key == NULL \|\| !slh_dsa_get_params_decoder(params, &p))
195	0	return 0;
196
197	0	if (p.bits != NULL
198	0	&& !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
199	0	return 0;
200	0	if (p.secbits != NULL
201	0	&& !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
202	0	return 0;
203	0	if (p.maxsize != NULL
204	0	&& !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
205	0	return 0;
206	0	if (p.seccat != NULL
207	0	&& !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
208	0	return 0;
209
210	0	priv = ossl_slh_dsa_key_get_priv(key);
211	0	if (priv != NULL) {
212		/* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
213	0	if (p.priv != NULL
214	0	&& !OSSL_PARAM_set_octet_string(p.priv, priv,
215	0	ossl_slh_dsa_key_get_priv_len(key)))
216	0	return 0;
217	0	}
218	0	pub = ossl_slh_dsa_key_get_pub(key);
219	0	if (pub != NULL) {
220	0	if (p.pub != NULL
221	0	&& !OSSL_PARAM_set_octet_string(p.pub, pub,
222	0	ossl_slh_dsa_key_get_pub_len(key)))
223	0	return 0;
224	0	}
225		/*
226		* This allows apps to use an empty digest, so that the old API
227		* for digest signing can be used.
228		*/
229	0	if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
230	0	return 0;
231	0	return 1;
232	0	}
233
234		static int slh_dsa_export(void keydata, int selection, OSSL_CALLBACK param_cb,
235		void *cbarg)
236	0	{
237	0	SLH_DSA_KEY *key = keydata;
238	0	OSSL_PARAM_BLD *tmpl;
239	0	OSSL_PARAM *params = NULL;
240	0	int ret = 0;
241
242	0	if (!ossl_prov_is_running() \|\| key == NULL)
243	0	return 0;
244
245	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
246	0	return 0;
247
248	0	tmpl = OSSL_PARAM_BLD_new();
249	0	if (tmpl == NULL)
250	0	return 0;
251
252	0	if (!key_to_params(key, tmpl, selection))
253	0	goto err;
254
255	0	params = OSSL_PARAM_BLD_to_param(tmpl);
256	0	if (params == NULL)
257	0	goto err;
258
259	0	ret = param_cb(params, cbarg);
260	0	OSSL_PARAM_clear_free(params);
261	0	err:
262	0	OSSL_PARAM_BLD_free(tmpl);
263	0	return ret;
264	0	}
265
266		static void slh_dsa_load(const void reference, size_t reference_sz)
267	0	{
268	0	SLH_DSA_KEY *key = NULL;
269
270	0	if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
271		/* The contents of the reference is the address to our object */
272	0	key = (SLH_DSA_KEY *)reference;
273
274		/* We grabbed, so we detach it */
275	0	(SLH_DSA_KEY *)reference = NULL;
276	0	return key;
277	0	}
278	0	return NULL;
279	0	}
280
281		static void slh_dsa_gen_init(void provctx, int selection,
282		const OSSL_PARAM params[])
283	0	{
284	0	OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
285	0	struct slh_dsa_gen_ctx *gctx = NULL;
286
287	0	if (!ossl_prov_is_running())
288	0	return NULL;
289
290	0	if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
291	0	gctx->libctx = libctx;
292	0	if (!slh_dsa_gen_set_params(gctx, params)) {
293	0	OPENSSL_free(gctx);
294	0	gctx = NULL;
295	0	}
296	0	}
297	0	return gctx;
298	0	}
299
300		#ifdef FIPS_MODULE
301		/*
302		* Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
303		* Perform a pairwise test for SLH_DSA by signing and verifying a signature.
304		*/
305		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
306		SLH_DSA_HASH_CTX *ctx)
307		{
308		int ret = 0;
309		OSSL_SELF_TEST *st = NULL;
310		OSSL_CALLBACK *cb = NULL;
311		void *cb_arg = NULL;
312		uint8_t msg[16] = { 0 };
313		size_t msg_len = sizeof(msg);
314		uint8_t *sig = NULL;
315		size_t sig_len;
316		OSSL_LIB_CTX *lib_ctx;
317		int alloc_ctx = 0;
318
319		/* During self test, it is a waste to do this test */
320		if (ossl_fips_self_testing()
321		\|\| slh_key_gen_deferred_tests[0].state == FIPS_DEFERRED_TEST_IN_PROGRESS)
322		return 1;
323
324		if (ctx == NULL) {
325		ctx = ossl_slh_dsa_hash_ctx_new(key);
326		if (ctx == NULL)
327		return 0;
328		alloc_ctx = 1;
329		}
330		lib_ctx = ossl_slh_dsa_key_get0_libctx(key);
331
332		OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
333		st = OSSL_SELF_TEST_new(cb, cb_arg);
334		if (st == NULL)
335		goto err;
336
337		OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
338		OSSL_SELF_TEST_DESC_PCT_SLH_DSA);
339
340		sig_len = ossl_slh_dsa_key_get_sig_len(key);
341		sig = OPENSSL_malloc(sig_len);
342		if (sig == NULL)
343		goto err;
344
345		if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
346		sig, &sig_len, sig_len)
347		!= 1)
348		goto err;
349
350		OSSL_SELF_TEST_oncorrupt_byte(st, sig);
351
352		if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
353		goto err;
354
355		ret = 1;
356		err:
357		if (alloc_ctx)
358		ossl_slh_dsa_hash_ctx_free(ctx);
359		OPENSSL_free(sig);
360		OSSL_SELF_TEST_onend(st, ret);
361		OSSL_SELF_TEST_free(st);
362		return ret;
363		}
364		#endif /* FIPS_MODULE */
365
366		static void slh_dsa_gen(void genctx, const char *alg)
367	0	{
368	0	struct slh_dsa_gen_ctx *gctx = genctx;
369	0	SLH_DSA_KEY *key = NULL;
370	0	SLH_DSA_HASH_CTX *ctx = NULL;
371
372	0	if (!ossl_prov_is_running())
373	0	return NULL;
374	0	key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
375	0	if (key == NULL)
376	0	return NULL;
377	0	ctx = ossl_slh_dsa_hash_ctx_new(key);
378	0	if (ctx == NULL)
379	0	goto err;
380	0	if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
381	0	gctx->entropy, gctx->entropy_len))
382	0	goto err;
383		#ifdef FIPS_MODULE
384		if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
385		ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
386		goto err;
387		}
388		#endif /* FIPS_MODULE */
389	0	ossl_slh_dsa_hash_ctx_free(ctx);
390	0	return key;
391	0	err:
392	0	ossl_slh_dsa_hash_ctx_free(ctx);
393	0	ossl_slh_dsa_key_free(key);
394	0	return NULL;
395	0	}
396
397		static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
398	0	{
399	0	struct slh_dsa_gen_ctx *gctx = genctx;
400	0	struct slh_dsa_gen_set_params_st p;
401
402	0	if (gctx == NULL \|\| !slh_dsa_gen_set_params_decoder(params, &p))
403	0	return 0;
404
405	0	if (p.seed != NULL) {
406	0	void *vp = gctx->entropy;
407	0	size_t len = sizeof(gctx->entropy);
408
409	0	if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
410	0	gctx->entropy_len = 0;
411	0	return 0;
412	0	}
413	0	}
414
415	0	if (p.propq != NULL) {
416	0	if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
417	0	return 0;
418	0	OPENSSL_free(gctx->propq);
419	0	gctx->propq = OPENSSL_strdup(p.propq->data);
420	0	if (gctx->propq == NULL)
421	0	return 0;
422	0	}
423	0	return 1;
424	0	}
425
426		static const OSSL_PARAM slh_dsa_gen_settable_params(ossl_unused void genctx,
427		ossl_unused void *provctx)
428	0	{
429	0	return slh_dsa_gen_set_params_list;
430	0	}
431
432		static void slh_dsa_gen_cleanup(void *genctx)
433	0	{
434	0	struct slh_dsa_gen_ctx *gctx = genctx;
435
436	0	if (gctx == NULL)
437	0	return;
438
439	0	OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
440	0	OPENSSL_free(gctx->propq);
441	0	OPENSSL_free(gctx);
442	0	}
443
444		#define MAKE_KEYMGMT_FUNCTIONS(alg, fn) \
445		static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key; \
446		static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen; \
447		static void slh_dsa_##fn##_new_key(void provctx) \
448	0	{ \
449	0	return slh_dsa_new_key(provctx, alg); \
450	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_new_key
451		static void slh_dsa_##fn##_gen(void genctx, OSSL_CALLBACK osslcb, void cbarg) \
452	0	{ \
453	0	return slh_dsa_gen(genctx, alg); \
454	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_gen
455		const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = { \
456		{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key }, \
457		{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key }, \
458		{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key }, \
459		{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has }, \
460		{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match }, \
461		{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import }, \
462		{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types }, \
463		{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export }, \
464		{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types }, \
465		{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load }, \
466		{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))slh_dsa_get_params }, \
467		{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))slh_dsa_gettable_params }, \
468		{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate }, \
469		{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init }, \
470		{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen }, \
471		{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup }, \
472		{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, \
473		(void (*)(void))slh_dsa_gen_set_params }, \
474		{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \
475		(void (*)(void))slh_dsa_gen_settable_params }, \
476		OSSL_DISPATCH_END \
477		}
478
479		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
480		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
481		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
482		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
483		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
484		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
485		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
486		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
487		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
488		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
489		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
490		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);