/src/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c

Source
/*
 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/proverr.h>
#include <openssl/self_test.h>
#include <openssl/proverr.h>
#include "crypto/slh_dsa.h"
#include "internal/fips.h"
#include "internal/param_build_set.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"

#ifdef FIPS_MODULE
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
    SLH_DSA_HASH_CTX *ctx);
#endif /* FIPS_MODULE */

static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;

#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)

static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
{
    if (!ossl_prov_is_running())
        return 0;

#ifdef FIPS_MODULE
    return ossl_deferred_self_test(libctx, ST_ID_ASYM_KEYGEN_SLH_DSA);
#else
    return 1;
#endif
}

struct slh_dsa_gen_ctx {
    SLH_DSA_HASH_CTX *ctx;
    OSSL_LIB_CTX *libctx;
    char *propq;
    uint8_t entropy[SLH_DSA_MAX_N * 3];
    size_t entropy_len;
};

static void *slh_dsa_new_key(void *provctx, const char *alg)
{
    if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
        return 0;

    return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
}

static void slh_dsa_free_key(void *keydata)
{
    ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
}

static void *slh_dsa_dup_key(const void *keydata_from, int selection)
{
    if (ossl_prov_is_running())
        return ossl_slh_dsa_key_dup(keydata_from, selection);
    return NULL;
}

static int slh_dsa_has(const void *keydata, int selection)
{
    const SLH_DSA_KEY *key = keydata;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 1; /* the selection is not missing */

    return ossl_slh_dsa_key_has(key, selection);
}

static int slh_dsa_match(const void *keydata1, const void *keydata2, int selection)
{
    const SLH_DSA_KEY *key1 = keydata1;
    const SLH_DSA_KEY *key2 = keydata2;

    if (!ossl_prov_is_running())
        return 0;
    if (key1 == NULL || key2 == NULL)
        return 0;
    return ossl_slh_dsa_key_equal(key1, key2, selection);
}

static int slh_dsa_validate(const void *key_data, int selection, int check_type)
{
    const SLH_DSA_KEY *key = key_data;

    if (!slh_dsa_has(key, selection))
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
        return ossl_slh_dsa_key_pairwise_check(key);
    return 1;
}

static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    int include_priv;
    struct slh_dsa_import_st p;

    if (!ossl_prov_is_running()
        || key == NULL
        || !slh_dsa_import_decoder(params, &p))
        return 0;

    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return 0;

    include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
    return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
}

static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
{
    if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
        return NULL;
    return slh_dsa_import_list;
}

static const OSSL_PARAM *slh_dsa_gettable_params(void *provctx)
{
    return slh_dsa_get_params_list;
}

static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
    int selection)
{
    /* Error if there is no key or public key */
    if (key == NULL || ossl_slh_dsa_key_get_pub(key) == NULL)
        return 0;

    if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
        && ossl_slh_dsa_key_get_priv(key) != NULL)
        if (ossl_param_build_set_octet_string(tmpl, NULL,
                OSSL_PKEY_PARAM_PRIV_KEY,
                ossl_slh_dsa_key_get_priv(key),
                ossl_slh_dsa_key_get_priv_len(key))
            != 1)
            return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
        return 1;

    return ossl_param_build_set_octet_string(tmpl, NULL,
        OSSL_PKEY_PARAM_PUB_KEY,
        ossl_slh_dsa_key_get_pub(key),
        ossl_slh_dsa_key_get_pub_len(key));
}

static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
{
    SLH_DSA_KEY *key = keydata;
    struct slh_dsa_get_params_st p;
    const uint8_t *pub, *priv;

    if (key == NULL || !slh_dsa_get_params_decoder(params, &p))
        return 0;

    if (p.bits != NULL
        && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
        return 0;
    if (p.secbits != NULL
        && !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
        return 0;
    if (p.maxsize != NULL
        && !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
        return 0;
    if (p.seccat != NULL
        && !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
        return 0;

    priv = ossl_slh_dsa_key_get_priv(key);
    if (priv != NULL) {
        /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
        if (p.priv != NULL
            && !OSSL_PARAM_set_octet_string(p.priv, priv,
                ossl_slh_dsa_key_get_priv_len(key)))
            return 0;
    }
    pub = ossl_slh_dsa_key_get_pub(key);
    if (pub != NULL) {
        if (p.pub != NULL
            && !OSSL_PARAM_set_octet_string(p.pub, pub,
                ossl_slh_dsa_key_get_pub_len(key)))
            return 0;
    }
    /*
     * This allows apps to use an empty digest, so that the old API
     * for digest signing can be used.
     */
    if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
        return 0;
    return 1;
}

static int slh_dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
    void *cbarg)
{
    SLH_DSA_KEY *key = keydata;
    OSSL_PARAM_BLD *tmpl;
    OSSL_PARAM *params = NULL;
    int ret = 0;

    if (!ossl_prov_is_running() || key == NULL)
        return 0;

    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
        return 0;

    tmpl = OSSL_PARAM_BLD_new();
    if (tmpl == NULL)
        return 0;

    if (!key_to_params(key, tmpl, selection))
        goto err;

    params = OSSL_PARAM_BLD_to_param(tmpl);
    if (params == NULL)
        goto err;

    ret = param_cb(params, cbarg);
    OSSL_PARAM_clear_free(params);
err:
    OSSL_PARAM_BLD_free(tmpl);
    return ret;
}

static void *slh_dsa_load(const void *reference, size_t reference_sz)
{
    SLH_DSA_KEY *key = NULL;

    if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
        /* The contents of the reference is the address to our object */
        key = *(SLH_DSA_KEY **)reference;

        /* We grabbed, so we detach it */
        *(SLH_DSA_KEY **)reference = NULL;
        return key;
    }
    return NULL;
}

static void *slh_dsa_gen_init(void *provctx, int selection,
    const OSSL_PARAM params[])
{
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
    struct slh_dsa_gen_ctx *gctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;

    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
        gctx->libctx = libctx;
        if (!slh_dsa_gen_set_params(gctx, params)) {
            OPENSSL_free(gctx);
            gctx = NULL;
        }
    }
    return gctx;
}

#ifdef FIPS_MODULE
/*
 * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
 * Perform a pairwise test for SLH_DSA by signing and verifying a signature.
 */
static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
    SLH_DSA_HASH_CTX *ctx)
{
    int ret = 0;
    OSSL_SELF_TEST *st = NULL;
    OSSL_CALLBACK *cb = NULL;
    void *cb_arg = NULL;
    uint8_t msg[16] = { 0 };
    size_t msg_len = sizeof(msg);
    uint8_t *sig = NULL;
    size_t sig_len;
    OSSL_LIB_CTX *lib_ctx;
    int alloc_ctx = 0;

    /* During self test, it is a waste to do this test */
    if (ossl_fips_self_testing()
        || ossl_self_test_in_progress(ST_ID_ASYM_KEYGEN_SLH_DSA))
        return 1;

    if (ctx == NULL) {
        ctx = ossl_slh_dsa_hash_ctx_new(key);
        if (ctx == NULL)
            return 0;
        alloc_ctx = 1;
    }
    lib_ctx = ossl_slh_dsa_key_get0_libctx(key);

    OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
    st = OSSL_SELF_TEST_new(cb, cb_arg);
    if (st == NULL)
        goto err;

    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
        OSSL_SELF_TEST_DESC_PCT_SLH_DSA);

    sig_len = ossl_slh_dsa_key_get_sig_len(key);
    sig = OPENSSL_malloc(sig_len);
    if (sig == NULL)
        goto err;

    if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
            sig, &sig_len, sig_len)
        != 1)
        goto err;

    OSSL_SELF_TEST_oncorrupt_byte(st, sig);

    if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
        goto err;

    ret = 1;
err:
    if (alloc_ctx)
        ossl_slh_dsa_hash_ctx_free(ctx);
    OPENSSL_free(sig);
    OSSL_SELF_TEST_onend(st, ret);
    OSSL_SELF_TEST_free(st);
    return ret;
}
#endif /* FIPS_MODULE */

static void *slh_dsa_gen(void *genctx, const char *alg)
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    SLH_DSA_KEY *key = NULL;
    SLH_DSA_HASH_CTX *ctx = NULL;

    if (!ossl_prov_is_running())
        return NULL;
    key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
    if (key == NULL)
        return NULL;
    ctx = ossl_slh_dsa_hash_ctx_new(key);
    if (ctx == NULL)
        goto err;
    if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
            gctx->entropy, gctx->entropy_len))
        goto err;
#ifdef FIPS_MODULE
    if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
        goto err;
    }
#endif /* FIPS_MODULE */
    ossl_slh_dsa_hash_ctx_free(ctx);
    return key;
err:
    ossl_slh_dsa_hash_ctx_free(ctx);
    ossl_slh_dsa_key_free(key);
    return NULL;
}

static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
{
    struct slh_dsa_gen_ctx *gctx = genctx;
    struct slh_dsa_gen_set_params_st p;

    if (gctx == NULL || !slh_dsa_gen_set_params_decoder(params, &p))
        return 0;

    if (p.seed != NULL) {
        void *vp = gctx->entropy;
        size_t len = sizeof(gctx->entropy);

        if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
            gctx->entropy_len = 0;
            return 0;
        }
    }

    if (p.propq != NULL) {
        if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
            return 0;
        OPENSSL_free(gctx->propq);
        gctx->propq = OPENSSL_strdup(p.propq->data);
        if (gctx->propq == NULL)
            return 0;
    }
    return 1;
}

static const OSSL_PARAM *slh_dsa_gen_settable_params(ossl_unused void *genctx,
    ossl_unused void *provctx)
{
    return slh_dsa_gen_set_params_list;
}

static void slh_dsa_gen_cleanup(void *genctx)
{
    struct slh_dsa_gen_ctx *gctx = genctx;

    if (gctx == NULL)
        return;

    OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
    OPENSSL_free(gctx->propq);
    OPENSSL_free(gctx);
}

#define MAKE_KEYMGMT_FUNCTIONS(alg, fn)                                                 \
    static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key;                             \
    static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen;                                 \
    static void *slh_dsa_##fn##_new_key(void *provctx)                                  \
    {                                                                                   \
        return slh_dsa_new_key(provctx, alg);                                           \
    }                                                                                   \
    static void *slh_dsa_##fn##_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)   \
    {                                                                                   \
        return slh_dsa_gen(genctx, alg);                                                \
    }                                                                                   \
    const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = {                     \
        { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key },              \
        { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key },                   \
        { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key },                     \
        { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has },                         \
        { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match },                     \
        { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import },                   \
        { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },     \
        { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export },                   \
        { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types },     \
        { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load },                       \
        { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))slh_dsa_get_params },           \
        { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))slh_dsa_gettable_params }, \
        { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate },               \
        { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init },               \
        { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen },                  \
        { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup },         \
        { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,                                             \
            (void (*)(void))slh_dsa_gen_set_params },                                   \
        { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,                                        \
            (void (*)(void))slh_dsa_gen_settable_params },                              \
        OSSL_DISPATCH_END                                                               \
    }

MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);

Coverage Report

Created: 2026-02-22 06:11

Line	Count	Source
1		/*
2		* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/core_dispatch.h>
11		#include <openssl/core_names.h>
12		#include <openssl/param_build.h>
13		#include <openssl/proverr.h>
14		#include <openssl/self_test.h>
15		#include <openssl/proverr.h>
16		#include "crypto/slh_dsa.h"
17		#include "internal/fips.h"
18		#include "internal/param_build_set.h"
19		#include "prov/implementations.h"
20		#include "prov/providercommon.h"
21		#include "prov/provider_ctx.h"
22		#include "providers/implementations/keymgmt/slh_dsa_kmgmt.inc"
23
24		#ifdef FIPS_MODULE
25		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
26		SLH_DSA_HASH_CTX *ctx);
27		#endif /* FIPS_MODULE */
28
29		static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key;
30		static OSSL_FUNC_keymgmt_has_fn slh_dsa_has;
31		static OSSL_FUNC_keymgmt_match_fn slh_dsa_match;
32		static OSSL_FUNC_keymgmt_import_fn slh_dsa_import;
33		static OSSL_FUNC_keymgmt_export_fn slh_dsa_export;
34		static OSSL_FUNC_keymgmt_import_types_fn slh_dsa_imexport_types;
35		static OSSL_FUNC_keymgmt_export_types_fn slh_dsa_imexport_types;
36		static OSSL_FUNC_keymgmt_load_fn slh_dsa_load;
37		static OSSL_FUNC_keymgmt_get_params_fn slh_dsa_get_params;
38		static OSSL_FUNC_keymgmt_gettable_params_fn slh_dsa_gettable_params;
39		static OSSL_FUNC_keymgmt_validate_fn slh_dsa_validate;
40		static OSSL_FUNC_keymgmt_gen_init_fn slh_dsa_gen_init;
41		static OSSL_FUNC_keymgmt_gen_cleanup_fn slh_dsa_gen_cleanup;
42		static OSSL_FUNC_keymgmt_gen_set_params_fn slh_dsa_gen_set_params;
43		static OSSL_FUNC_keymgmt_gen_settable_params_fn slh_dsa_gen_settable_params;
44		static OSSL_FUNC_keymgmt_dup_fn slh_dsa_dup_key;
45
46	0	#define SLH_DSA_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR)
47
48		static int slh_dsa_self_check(OSSL_LIB_CTX *libctx)
49	0	{
50	0	if (!ossl_prov_is_running())
51	0	return 0;
52
53		#ifdef FIPS_MODULE
54		return ossl_deferred_self_test(libctx, ST_ID_ASYM_KEYGEN_SLH_DSA);
55		#else
56	0	return 1;
57	0	#endif
58	0	}
59
60		struct slh_dsa_gen_ctx {
61		SLH_DSA_HASH_CTX *ctx;
62		OSSL_LIB_CTX *libctx;
63		char *propq;
64		uint8_t entropy[SLH_DSA_MAX_N * 3];
65		size_t entropy_len;
66		};
67
68		static void slh_dsa_new_key(void provctx, const char *alg)
69	0	{
70	0	if (!slh_dsa_self_check(PROV_LIBCTX_OF(provctx)))
71	0	return 0;
72
73	0	return ossl_slh_dsa_key_new(PROV_LIBCTX_OF(provctx), NULL, alg);
74	0	}
75
76		static void slh_dsa_free_key(void *keydata)
77	0	{
78	0	ossl_slh_dsa_key_free((SLH_DSA_KEY *)keydata);
79	0	}
80
81		static void slh_dsa_dup_key(const void keydata_from, int selection)
82	0	{
83	0	if (ossl_prov_is_running())
84	0	return ossl_slh_dsa_key_dup(keydata_from, selection);
85	0	return NULL;
86	0	}
87
88		static int slh_dsa_has(const void *keydata, int selection)
89	0	{
90	0	const SLH_DSA_KEY *key = keydata;
91
92	0	if (!ossl_prov_is_running() \|\| key == NULL)
93	0	return 0;
94	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
95	0	return 1; /* the selection is not missing */
96
97	0	return ossl_slh_dsa_key_has(key, selection);
98	0	}
99
100		static int slh_dsa_match(const void keydata1, const void keydata2, int selection)
101	0	{
102	0	const SLH_DSA_KEY *key1 = keydata1;
103	0	const SLH_DSA_KEY *key2 = keydata2;
104
105	0	if (!ossl_prov_is_running())
106	0	return 0;
107	0	if (key1 == NULL \|\| key2 == NULL)
108	0	return 0;
109	0	return ossl_slh_dsa_key_equal(key1, key2, selection);
110	0	}
111
112		static int slh_dsa_validate(const void *key_data, int selection, int check_type)
113	0	{
114	0	const SLH_DSA_KEY *key = key_data;
115
116	0	if (!slh_dsa_has(key, selection))
117	0	return 0;
118
119	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
120	0	return ossl_slh_dsa_key_pairwise_check(key);
121	0	return 1;
122	0	}
123
124		static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
125	0	{
126	0	SLH_DSA_KEY *key = keydata;
127	0	int include_priv;
128	0	struct slh_dsa_import_st p;
129
130	0	if (!ossl_prov_is_running()
131	0	\|\| key == NULL
132	0	\|\| !slh_dsa_import_decoder(params, &p))
133	0	return 0;
134
135	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
136	0	return 0;
137
138	0	include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
139	0	return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
140	0	}
141
142		static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
143	0	{
144	0	if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
145	0	return NULL;
146	0	return slh_dsa_import_list;
147	0	}
148
149		static const OSSL_PARAM slh_dsa_gettable_params(void provctx)
150	0	{
151	0	return slh_dsa_get_params_list;
152	0	}
153
154		static int key_to_params(SLH_DSA_KEY key, OSSL_PARAM_BLD tmpl,
155		int selection)
156	0	{
157		/* Error if there is no key or public key */
158	0	if (key == NULL \|\| ossl_slh_dsa_key_get_pub(key) == NULL)
159	0	return 0;
160
161	0	if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
162	0	&& ossl_slh_dsa_key_get_priv(key) != NULL)
163	0	if (ossl_param_build_set_octet_string(tmpl, NULL,
164	0	OSSL_PKEY_PARAM_PRIV_KEY,
165	0	ossl_slh_dsa_key_get_priv(key),
166	0	ossl_slh_dsa_key_get_priv_len(key))
167	0	!= 1)
168	0	return 0;
169
170	0	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
171	0	return 1;
172
173	0	return ossl_param_build_set_octet_string(tmpl, NULL,
174	0	OSSL_PKEY_PARAM_PUB_KEY,
175	0	ossl_slh_dsa_key_get_pub(key),
176	0	ossl_slh_dsa_key_get_pub_len(key));
177	0	}
178
179		static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
180	0	{
181	0	SLH_DSA_KEY *key = keydata;
182	0	struct slh_dsa_get_params_st p;
183	0	const uint8_t pub, priv;
184
185	0	if (key == NULL \|\| !slh_dsa_get_params_decoder(params, &p))
186	0	return 0;
187
188	0	if (p.bits != NULL
189	0	&& !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
190	0	return 0;
191	0	if (p.secbits != NULL
192	0	&& !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
193	0	return 0;
194	0	if (p.maxsize != NULL
195	0	&& !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
196	0	return 0;
197	0	if (p.seccat != NULL
198	0	&& !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
199	0	return 0;
200
201	0	priv = ossl_slh_dsa_key_get_priv(key);
202	0	if (priv != NULL) {
203		/* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
204	0	if (p.priv != NULL
205	0	&& !OSSL_PARAM_set_octet_string(p.priv, priv,
206	0	ossl_slh_dsa_key_get_priv_len(key)))
207	0	return 0;
208	0	}
209	0	pub = ossl_slh_dsa_key_get_pub(key);
210	0	if (pub != NULL) {
211	0	if (p.pub != NULL
212	0	&& !OSSL_PARAM_set_octet_string(p.pub, pub,
213	0	ossl_slh_dsa_key_get_pub_len(key)))
214	0	return 0;
215	0	}
216		/*
217		* This allows apps to use an empty digest, so that the old API
218		* for digest signing can be used.
219		*/
220	0	if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
221	0	return 0;
222	0	return 1;
223	0	}
224
225		static int slh_dsa_export(void keydata, int selection, OSSL_CALLBACK param_cb,
226		void *cbarg)
227	0	{
228	0	SLH_DSA_KEY *key = keydata;
229	0	OSSL_PARAM_BLD *tmpl;
230	0	OSSL_PARAM *params = NULL;
231	0	int ret = 0;
232
233	0	if (!ossl_prov_is_running() \|\| key == NULL)
234	0	return 0;
235
236	0	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
237	0	return 0;
238
239	0	tmpl = OSSL_PARAM_BLD_new();
240	0	if (tmpl == NULL)
241	0	return 0;
242
243	0	if (!key_to_params(key, tmpl, selection))
244	0	goto err;
245
246	0	params = OSSL_PARAM_BLD_to_param(tmpl);
247	0	if (params == NULL)
248	0	goto err;
249
250	0	ret = param_cb(params, cbarg);
251	0	OSSL_PARAM_clear_free(params);
252	0	err:
253	0	OSSL_PARAM_BLD_free(tmpl);
254	0	return ret;
255	0	}
256
257		static void slh_dsa_load(const void reference, size_t reference_sz)
258	0	{
259	0	SLH_DSA_KEY *key = NULL;
260
261	0	if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
262		/* The contents of the reference is the address to our object */
263	0	key = (SLH_DSA_KEY *)reference;
264
265		/* We grabbed, so we detach it */
266	0	(SLH_DSA_KEY *)reference = NULL;
267	0	return key;
268	0	}
269	0	return NULL;
270	0	}
271
272		static void slh_dsa_gen_init(void provctx, int selection,
273		const OSSL_PARAM params[])
274	0	{
275	0	OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
276	0	struct slh_dsa_gen_ctx *gctx = NULL;
277
278	0	if (!ossl_prov_is_running())
279	0	return NULL;
280
281	0	if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
282	0	gctx->libctx = libctx;
283	0	if (!slh_dsa_gen_set_params(gctx, params)) {
284	0	OPENSSL_free(gctx);
285	0	gctx = NULL;
286	0	}
287	0	}
288	0	return gctx;
289	0	}
290
291		#ifdef FIPS_MODULE
292		/*
293		* Refer to FIPS 140-3 IG 10.3.A Additional Comment 1
294		* Perform a pairwise test for SLH_DSA by signing and verifying a signature.
295		*/
296		static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key,
297		SLH_DSA_HASH_CTX *ctx)
298		{
299		int ret = 0;
300		OSSL_SELF_TEST *st = NULL;
301		OSSL_CALLBACK *cb = NULL;
302		void *cb_arg = NULL;
303		uint8_t msg[16] = { 0 };
304		size_t msg_len = sizeof(msg);
305		uint8_t *sig = NULL;
306		size_t sig_len;
307		OSSL_LIB_CTX *lib_ctx;
308		int alloc_ctx = 0;
309
310		/* During self test, it is a waste to do this test */
311		if (ossl_fips_self_testing()
312		\|\| ossl_self_test_in_progress(ST_ID_ASYM_KEYGEN_SLH_DSA))
313		return 1;
314
315		if (ctx == NULL) {
316		ctx = ossl_slh_dsa_hash_ctx_new(key);
317		if (ctx == NULL)
318		return 0;
319		alloc_ctx = 1;
320		}
321		lib_ctx = ossl_slh_dsa_key_get0_libctx(key);
322
323		OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg);
324		st = OSSL_SELF_TEST_new(cb, cb_arg);
325		if (st == NULL)
326		goto err;
327
328		OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
329		OSSL_SELF_TEST_DESC_PCT_SLH_DSA);
330
331		sig_len = ossl_slh_dsa_key_get_sig_len(key);
332		sig = OPENSSL_malloc(sig_len);
333		if (sig == NULL)
334		goto err;
335
336		if (ossl_slh_dsa_sign(ctx, msg, msg_len, NULL, 0, NULL, 0,
337		sig, &sig_len, sig_len)
338		!= 1)
339		goto err;
340
341		OSSL_SELF_TEST_oncorrupt_byte(st, sig);
342
343		if (ossl_slh_dsa_verify(ctx, msg, msg_len, NULL, 0, 0, sig, sig_len) != 1)
344		goto err;
345
346		ret = 1;
347		err:
348		if (alloc_ctx)
349		ossl_slh_dsa_hash_ctx_free(ctx);
350		OPENSSL_free(sig);
351		OSSL_SELF_TEST_onend(st, ret);
352		OSSL_SELF_TEST_free(st);
353		return ret;
354		}
355		#endif /* FIPS_MODULE */
356
357		static void slh_dsa_gen(void genctx, const char *alg)
358	0	{
359	0	struct slh_dsa_gen_ctx *gctx = genctx;
360	0	SLH_DSA_KEY *key = NULL;
361	0	SLH_DSA_HASH_CTX *ctx = NULL;
362
363	0	if (!ossl_prov_is_running())
364	0	return NULL;
365	0	key = ossl_slh_dsa_key_new(gctx->libctx, gctx->propq, alg);
366	0	if (key == NULL)
367	0	return NULL;
368	0	ctx = ossl_slh_dsa_hash_ctx_new(key);
369	0	if (ctx == NULL)
370	0	goto err;
371	0	if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx,
372	0	gctx->entropy, gctx->entropy_len))
373	0	goto err;
374		#ifdef FIPS_MODULE
375		if (!slh_dsa_fips140_pairwise_test(key, ctx)) {
376		ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
377		goto err;
378		}
379		#endif /* FIPS_MODULE */
380	0	ossl_slh_dsa_hash_ctx_free(ctx);
381	0	return key;
382	0	err:
383	0	ossl_slh_dsa_hash_ctx_free(ctx);
384	0	ossl_slh_dsa_key_free(key);
385	0	return NULL;
386	0	}
387
388		static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
389	0	{
390	0	struct slh_dsa_gen_ctx *gctx = genctx;
391	0	struct slh_dsa_gen_set_params_st p;
392
393	0	if (gctx == NULL \|\| !slh_dsa_gen_set_params_decoder(params, &p))
394	0	return 0;
395
396	0	if (p.seed != NULL) {
397	0	void *vp = gctx->entropy;
398	0	size_t len = sizeof(gctx->entropy);
399
400	0	if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
401	0	gctx->entropy_len = 0;
402	0	return 0;
403	0	}
404	0	}
405
406	0	if (p.propq != NULL) {
407	0	if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
408	0	return 0;
409	0	OPENSSL_free(gctx->propq);
410	0	gctx->propq = OPENSSL_strdup(p.propq->data);
411	0	if (gctx->propq == NULL)
412	0	return 0;
413	0	}
414	0	return 1;
415	0	}
416
417		static const OSSL_PARAM slh_dsa_gen_settable_params(ossl_unused void genctx,
418		ossl_unused void *provctx)
419	0	{
420	0	return slh_dsa_gen_set_params_list;
421	0	}
422
423		static void slh_dsa_gen_cleanup(void *genctx)
424	0	{
425	0	struct slh_dsa_gen_ctx *gctx = genctx;
426
427	0	if (gctx == NULL)
428	0	return;
429
430	0	OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
431	0	OPENSSL_free(gctx->propq);
432	0	OPENSSL_free(gctx);
433	0	}
434
435		#define MAKE_KEYMGMT_FUNCTIONS(alg, fn) \
436		static OSSL_FUNC_keymgmt_new_fn slh_dsa_##fn##_new_key; \
437		static OSSL_FUNC_keymgmt_gen_fn slh_dsa_##fn##_gen; \
438		static void slh_dsa_##fn##_new_key(void provctx) \
439	0	{ \
440	0	return slh_dsa_new_key(provctx, alg); \
441	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_new_key Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_new_key
442		static void slh_dsa_##fn##_gen(void genctx, OSSL_CALLBACK osslcb, void cbarg) \
443	0	{ \
444	0	return slh_dsa_gen(genctx, alg); \
445	0	} \ Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_sha2_256f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_128f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_192f_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256s_gen Unexecuted instantiation: slh_dsa_kmgmt.c:slh_dsa_shake_256f_gen
446		const OSSL_DISPATCH ossl_slh_dsa_##fn##_keymgmt_functions[] = { \
447		{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))slh_dsa_##fn##_new_key }, \
448		{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))slh_dsa_free_key }, \
449		{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))slh_dsa_dup_key }, \
450		{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))slh_dsa_has }, \
451		{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))slh_dsa_match }, \
452		{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))slh_dsa_import }, \
453		{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))slh_dsa_imexport_types }, \
454		{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))slh_dsa_export }, \
455		{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))slh_dsa_imexport_types }, \
456		{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))slh_dsa_load }, \
457		{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))slh_dsa_get_params }, \
458		{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))slh_dsa_gettable_params }, \
459		{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))slh_dsa_validate }, \
460		{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))slh_dsa_gen_init }, \
461		{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))slh_dsa_##fn##_gen }, \
462		{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))slh_dsa_gen_cleanup }, \
463		{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, \
464		(void (*)(void))slh_dsa_gen_set_params }, \
465		{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \
466		(void (*)(void))slh_dsa_gen_settable_params }, \
467		OSSL_DISPATCH_END \
468		}
469
470		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128s", sha2_128s);
471		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-128f", sha2_128f);
472		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192s", sha2_192s);
473		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-192f", sha2_192f);
474		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256s", sha2_256s);
475		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHA2-256f", sha2_256f);
476		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128s", shake_128s);
477		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-128f", shake_128f);
478		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192s", shake_192s);
479		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-192f", shake_192f);
480		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256s", shake_256s);
481		MAKE_KEYMGMT_FUNCTIONS("SLH-DSA-SHAKE-256f", shake_256f);