ml-kem: add security category support

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27571)

diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c
index 662e7dd622e24879f5d71fa2117a272986ed8aea..9faa80af19e3a538c531d1b5dc28d01f85966957 100644 (file)
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@@ -192,7 +192,8 @@ static const ML_KEM_VINFO vinfo_map[3] = {
         ML_KEM_512_RANK,
         ML_KEM_512_DU,
         ML_KEM_512_DV,
-        ML_KEM_512_SECBITS
+        ML_KEM_512_SECBITS,
+        ML_KEM_512_SECURITY_CATEGORY
     },
     {
         "ML-KEM-768",
@@ -208,7 +209,8 @@ static const ML_KEM_VINFO vinfo_map[3] = {
         ML_KEM_768_RANK,
         ML_KEM_768_DU,
         ML_KEM_768_DV,
-        ML_KEM_768_SECBITS
+        ML_KEM_768_SECBITS,
+        ML_KEM_768_SECURITY_CATEGORY
     },
     {
         "ML-KEM-1024",
@@ -224,7 +226,8 @@ static const ML_KEM_VINFO vinfo_map[3] = {
         ML_KEM_1024_RANK,
         ML_KEM_1024_DU,
         ML_KEM_1024_DV,
-        ML_KEM_1024_SECBITS
+        ML_KEM_1024_SECBITS,
+        ML_KEM_1024_SECURITY_CATEGORY
     }
 };
 

diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h
index 67d55697e9e3dc01cf4e1e969449860609693b4c..be2651992b6fa77bfcc4f61580e4506183daa801 100644 (file)
--- a/include/crypto/ml_kem.h
+++ b/include/crypto/ml_kem.h
@@ -90,32 +90,35 @@
  * Variant-specific constants and structures
  * -----------------------------------------
  */
-# define EVP_PKEY_ML_KEM_512    NID_ML_KEM_512
-# define ML_KEM_512_BITS        512
-# define ML_KEM_512_RANK        2
-# define ML_KEM_512_ETA1        3
-# define ML_KEM_512_ETA2        2
-# define ML_KEM_512_DU          10
-# define ML_KEM_512_DV          4
-# define ML_KEM_512_SECBITS     128
+# define EVP_PKEY_ML_KEM_512            NID_ML_KEM_512
+# define ML_KEM_512_BITS                512
+# define ML_KEM_512_RANK                2
+# define ML_KEM_512_ETA1                3
+# define ML_KEM_512_ETA2                2
+# define ML_KEM_512_DU                  10
+# define ML_KEM_512_DV                  4
+# define ML_KEM_512_SECBITS             128
+# define ML_KEM_512_SECURITY_CATEGORY   1
 
-# define EVP_PKEY_ML_KEM_768    NID_ML_KEM_768
-# define ML_KEM_768_BITS        768
-# define ML_KEM_768_RANK        3
-# define ML_KEM_768_ETA1        2
-# define ML_KEM_768_ETA2        2
-# define ML_KEM_768_DU          10
-# define ML_KEM_768_DV          4
-# define ML_KEM_768_SECBITS     192
+# define EVP_PKEY_ML_KEM_768            NID_ML_KEM_768
+# define ML_KEM_768_BITS                768
+# define ML_KEM_768_RANK                3
+# define ML_KEM_768_ETA1                2
+# define ML_KEM_768_ETA2                2
+# define ML_KEM_768_DU                  10
+# define ML_KEM_768_DV                  4
+# define ML_KEM_768_SECBITS             192
+# define ML_KEM_768_SECURITY_CATEGORY   3
 
-# define EVP_PKEY_ML_KEM_1024   NID_ML_KEM_1024
-# define ML_KEM_1024_BITS       1024
-# define ML_KEM_1024_RANK       4
-# define ML_KEM_1024_ETA1       2
-# define ML_KEM_1024_ETA2       2
-# define ML_KEM_1024_DU         11
-# define ML_KEM_1024_DV         5
-# define ML_KEM_1024_SECBITS    256
+# define EVP_PKEY_ML_KEM_1024           NID_ML_KEM_1024
+# define ML_KEM_1024_BITS               1024
+# define ML_KEM_1024_RANK               4
+# define ML_KEM_1024_ETA1               2
+# define ML_KEM_1024_ETA2               2
+# define ML_KEM_1024_DU                 11
+# define ML_KEM_1024_DV                 5
+# define ML_KEM_1024_SECBITS            256
+# define ML_KEM_1024_SECURITY_CATEGORY  5
 
 # define ML_KEM_KEY_RANDOM_PCT  (1 << 0)
 # define ML_KEM_KEY_FIXED_PCT   (1 << 1)
@@ -148,6 +151,7 @@ typedef struct {
     int du;
     int dv;
     int secbits;
+    int security_category;
 } ML_KEM_VINFO;
 
 /* Retrive global variant-specific parameters */

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c
index ba854c66378482ebd4ff193f2ce6be3b941ba9c8..f96e2d95bf9ec30aa38b1b353f887cb94a301d45 100644 (file)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@@ -489,6 +489,7 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx)
         OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
         /* Exported for import */
         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ML_KEM_SEED, NULL, 0),
         /* Exported to EVP_PKEY_get_raw_private_key() */
@@ -578,6 +579,10 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[])
     if (p != NULL)
         if (!OSSL_PARAM_set_int(p, v->ctext_bytes))
             return 0;
+    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY);
+    if (p != NULL)
+        if (!OSSL_PARAM_set_int(p, v->security_category))
+            return 0;
 
     if (ossl_ml_kem_have_pubkey(key)) {
         uint8_t *pubenc = NULL;
@@ -818,6 +823,8 @@ static void *ml_kem_dup(const void *vkey, int selection)
 #endif
 
 #define DECLARE_VARIANT(bits) \
+    static OSSL_FUNC_keymgmt_new_fn ml_kem_##bits##_new;                    \
+    static OSSL_FUNC_keymgmt_gen_init_fn ml_kem_##bits##_gen_init;          \
     static void *ml_kem_##bits##_new(void *provctx) \
     { \
         return ossl_prov_ml_kem_new(provctx, NULL, EVP_PKEY_ML_KEM_##bits); \