From: Viktor Dukhovni Date: Thu, 9 Jan 2025 03:35:03 +0000 (+1100) Subject: Encoders and Decoders for ML-KEM X-Git-Tag: openssl-3.5.0-alpha1~527 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b818a99839ee85984e044bfeb1a3a0ca3307d52f;p=thirdparty%2Fopenssl.git Encoders and Decoders for ML-KEM Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26341) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 35f7480cec3..a796cf48e68 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1174,6 +1174,8 @@ PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256 PROV_R_UNABLE_TO_LOCK_PARENT:201:unable to lock parent PROV_R_UNABLE_TO_RESEED:204:unable to reseed +PROV_R_UNEXPECTED_KEY_OID:249:unexpected key oid +PROV_R_UNEXPECTED_KEY_PARAMETERS:250:unexpected key parameters PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c index 8960bf2f471..a81fe8df5cb 100644 --- a/crypto/ml_kem/ml_kem.c +++ b/crypto/ml_kem/ml_kem.c @@ -188,7 +188,7 @@ static const ML_KEM_VINFO vinfo_map[3] = { CTEXT_BYTES(512), VECTOR_BYTES(512), U_VECTOR_BYTES(512), - ML_KEM_512_VARIANT, + NID_ML_KEM_512, ML_KEM_512_BITS, ML_KEM_512_RANK, ML_KEM_512_DU, @@ -204,7 +204,7 @@ static const ML_KEM_VINFO vinfo_map[3] = { CTEXT_BYTES(768), VECTOR_BYTES(768), U_VECTOR_BYTES(768), - ML_KEM_768_VARIANT, + NID_ML_KEM_768, ML_KEM_768_BITS, ML_KEM_768_RANK, ML_KEM_768_DU, @@ -220,7 +220,7 @@ static const ML_KEM_VINFO vinfo_map[3] = { CTEXT_BYTES(1024), VECTOR_BYTES(1024), U_VECTOR_BYTES(1024), - ML_KEM_1024_VARIANT, + NID_ML_KEM_1024, ML_KEM_1024_BITS, ML_KEM_1024_RANK, ML_KEM_1024_DU, @@ -1182,7 +1182,7 @@ int gencbd_vector_ntt(scalar *out, CBD_FUNC cbd, uint8_t *counter, } /* The |ETA1| value for ML-KEM-512 is 3, the rest and all ETA2 values are 2. */ -static CBD_FUNC const cbd1[ML_KEM_1024_VARIANT + 1] = { cbd_3, cbd_2, cbd_2 }; +#define CBD1(evp_type) ((evp_type) == NID_ML_KEM_512 ? cbd_3 : cbd_2) /* * FIPS 203, Section 5.2, Algorithm 14: K-PKE.Encrypt. @@ -1207,7 +1207,7 @@ int encrypt_cpa(uint8_t out[ML_KEM_SHARED_SECRET_BYTES], EVP_MD_CTX *mdctx, const ML_KEM_KEY *key) { const ML_KEM_VINFO *vinfo = key->vinfo; - CBD_FUNC cbd_1 = cbd1[vinfo->variant]; + CBD_FUNC cbd_1 = CBD1(vinfo->evp_type); int rank = vinfo->rank; /* We can use tmp[0..rank-1] as storage for |y|, then |e1|, ... */ scalar *y = &tmp[0], *e1 = y, *e2 = y; @@ -1395,7 +1395,7 @@ int genkey(const uint8_t d[ML_KEM_RANDOM_BYTES], const uint8_t *const sigma = hashed + ML_KEM_RANDOM_BYTES; uint8_t augmented_seed[ML_KEM_RANDOM_BYTES + 1]; const ML_KEM_VINFO *vinfo = key->vinfo; - CBD_FUNC cbd_1 = cbd1[vinfo->variant]; + CBD_FUNC cbd_1 = CBD1(vinfo->evp_type); int rank = vinfo->rank; uint8_t counter = 0; @@ -1567,17 +1567,23 @@ free_storage(ML_KEM_KEY *key) */ /* Retrieve the parameters of one of the ML-KEM variants */ -const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int variant) +const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type) { - if (variant > ML_KEM_1024_VARIANT) - return NULL; - return &vinfo_map[variant]; + switch (evp_type) { + case NID_ML_KEM_512: + return &vinfo_map[0]; + case NID_ML_KEM_768: + return &vinfo_map[1]; + case NID_ML_KEM_1024: + return &vinfo_map[2]; + } + return NULL; } ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, - int variant) + int evp_type) { - const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(variant); + const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type); ML_KEM_KEY *key; if (vinfo == NULL) @@ -1694,6 +1700,17 @@ int ossl_ml_kem_encode_private_key(uint8_t *out, size_t len, return 1; } +int ossl_ml_kem_encode_key_seed(uint8_t *out, size_t len, + const ML_KEM_KEY *key) +{ + if (key == NULL || key->d == NULL || len != ML_KEM_SEED_BYTES) + return 0; + memcpy(out, key->d, ML_KEM_RANDOM_BYTES); + out += ML_KEM_RANDOM_BYTES; + memcpy(out, key->z, ML_KEM_RANDOM_BYTES); + return 1; +} + /* Parse input as a public key */ int ossl_ml_kem_parse_public_key(const uint8_t *in, size_t len, ML_KEM_KEY *key) { @@ -1834,15 +1851,15 @@ int ossl_ml_kem_encap_seed(uint8_t *ctext, size_t clen, * each) vectors, that are never retained on return from this function. * We stack-allocate these. */ -# define case_encap_seed(bits) \ - case ML_KEM_##bits##_VARIANT: \ - { \ - scalar tmp[2 * ML_KEM_##bits##_RANK]; \ - \ - ret = encap(ctext, shared_secret, entropy, tmp, mdctx, key); \ - break; \ +# define case_encap_seed(bits) \ + case NID_ML_KEM_##bits: \ + { \ + scalar tmp[2 * ML_KEM_##bits##_RANK]; \ + \ + ret = encap(ctext, shared_secret, entropy, tmp, mdctx, key); \ + break; \ } - switch (vinfo->variant) { + switch (vinfo->evp_type) { case_encap_seed(512); case_encap_seed(768); case_encap_seed(1024); @@ -1914,7 +1931,7 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen, * We stack-allocate these. */ # define case_decap(bits) \ - case ML_KEM_##bits##_VARIANT: \ + case NID_ML_KEM_##bits: \ { \ uint8_t cbuf[CTEXT_BYTES(bits)]; \ scalar tmp[2 * ML_KEM_##bits##_RANK]; \ @@ -1922,7 +1939,7 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen, ret = decap(shared_secret, ctext, cbuf, tmp, mdctx, key); \ break; \ } - switch (vinfo->variant) { + switch (vinfo->evp_type) { case_decap(512); case_decap(768); case_decap(1024); diff --git a/doc/man7/EVP_PKEY-ML-KEM.pod b/doc/man7/EVP_PKEY-ML-KEM.pod index 13fc39a5741..7a4cb8f11d6 100644 --- a/doc/man7/EVP_PKEY-ML-KEM.pod +++ b/doc/man7/EVP_PKEY-ML-KEM.pod @@ -56,25 +56,48 @@ The public key value. This parameter is used when importing or exporting the public key value with the EVP_PKEY_fromdata() and EVP_PKEY_todata() functions. The same underlying -FIPS 203 public key format is used for import, import, get and set operations. +FIPS 203 (Algorithm 16: B) B public key format is +used for import, export, get and set operations. =item "priv" (B) -The private key value. +The private key, in seed form when available. This parameter is used when importing or exporting the private key value with the EVP_PKEY_fromdata() and EVP_PKEY_todata() functions. -The key format is that of B in FIPS 203, Algorithm 16: -B. +On import, the private key key length is used to infer the key format. +If the key length is 64 bytes, the key format is assumed to be the 64-byte +input seed of FIPS 203, Algorithm 16: B, with the B +and B values concatenated in that order. +If, on the other hand, the key length is that of the FIPS 203 (Algorithm 16: +B) B private key for the given ML-KEM variant, then +the key is assumed to be in that format. + +Keys originally imported in the B FIPS 203 form cannot be exported in seed +form as the B seed is not available in that case, and the exported key will +then be the FIPS 203 B format in which the key was imported. +Generated keys retain the seed value, and are exported in seed form. =item "encoded-pub-key" (B) Used for getting and setting the encoding of a public key. The key format is that of B in FIPS 203, Algorithm 16: B. +Updates of the public and private key components are only allowed on keys that +are empty. +Once a public or private key component is set, no further changes are allowed. This parameter is gettable and settable. +=item "encoded-priv-key" (B) + +Used for getting the I encoding of a private key. +The key format is that of B in FIPS 203, Algorithm 16: B. +The private key format returned from key export is the B<(d, z)> seed, when +available, but is otherwise the same as the encoded form. + +This parameter is only gettable. + =back =head1 CONFORMING TO diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h index fafaa98b726..d3ea0aba033 100644 --- a/include/crypto/ml_kem.h +++ b/include/crypto/ml_kem.h @@ -85,7 +85,7 @@ * Variant-specific constants and structures * ----------------------------------------- */ -# define ML_KEM_512_VARIANT 0 +# define EVP_PKEY_ML_KEM_512 NID_ML_KEM_512 # define ML_KEM_512_BITS 512 # define ML_KEM_512_RANK 2 # define ML_KEM_512_ETA1 3 @@ -94,7 +94,7 @@ # define ML_KEM_512_DV 4 # define ML_KEM_512_SECBITS 128 -# define ML_KEM_768_VARIANT 1 +# define EVP_PKEY_ML_KEM_768 NID_ML_KEM_768 # define ML_KEM_768_BITS 768 # define ML_KEM_768_RANK 3 # define ML_KEM_768_ETA1 2 @@ -103,7 +103,7 @@ # define ML_KEM_768_DV 4 # define ML_KEM_768_SECBITS 192 -# define ML_KEM_1024_VARIANT 2 +# define EVP_PKEY_ML_KEM_1024 NID_ML_KEM_1024 # define ML_KEM_1024_BITS 1024 # define ML_KEM_1024_RANK 4 # define ML_KEM_1024_ETA1 2 @@ -126,7 +126,7 @@ typedef struct { size_t ctext_bytes; size_t vector_bytes; size_t u_vector_bytes; - int variant; + int evp_type; int bits; int rank; int du; @@ -135,7 +135,7 @@ typedef struct { } ML_KEM_VINFO; /* Retrive global variant-specific parameters */ -const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int variant); +const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type); /* Known as ML_KEM_KEY via crypto/types.h */ typedef struct ossl_ml_kem_key_st { @@ -171,9 +171,10 @@ typedef struct ossl_ml_kem_key_st { } ML_KEM_KEY; /* The public key is always present, when the private is */ -# define ossl_ml_kem_key_vinfo(key) ((key)->vinfo) -# define ossl_ml_kem_have_pubkey(key) ((key)->t != NULL) -# define ossl_ml_kem_have_prvkey(key) ((key)->s != NULL) +# define ossl_ml_kem_key_vinfo(key) ((key)->vinfo) +# define ossl_ml_kem_have_pubkey(key) ((key)->t != NULL) +# define ossl_ml_kem_have_prvkey(key) ((key)->s != NULL) +# define ossl_ml_kem_have_seed(key) ((key)->d != NULL) /* * ----- ML-KEM key lifecycle @@ -185,7 +186,7 @@ typedef struct ossl_ml_kem_key_st { */ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, - int variant); + int evp_type); /* Deallocate the key */ void ossl_ml_kem_key_free(ML_KEM_KEY *key); /* @@ -227,6 +228,9 @@ int ossl_ml_kem_encode_public_key(uint8_t *out, size_t len, __owur int ossl_ml_kem_encode_private_key(uint8_t *out, size_t len, const ML_KEM_KEY *key); +__owur +int ossl_ml_kem_encode_key_seed(uint8_t *out, size_t len, + const ML_KEM_KEY *key); __owur int ossl_ml_kem_encap_seed(uint8_t *ctext, size_t clen, diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h index 1ac4f59f0d4..79c57e3f7ab 100644 --- a/include/openssl/proverr.h +++ b/include/openssl/proverr.h @@ -148,6 +148,8 @@ # define PROV_R_UNABLE_TO_LOAD_SHA256 147 # define PROV_R_UNABLE_TO_LOCK_PARENT 201 # define PROV_R_UNABLE_TO_RESEED 204 +# define PROV_R_UNEXPECTED_KEY_OID 249 +# define PROV_R_UNEXPECTED_KEY_PARAMETERS 250 # define PROV_R_UNSUPPORTED_CEK_ALG 145 # define PROV_R_UNSUPPORTED_KEY_SIZE 153 # define PROV_R_UNSUPPORTED_MAC_TYPE 137 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 301c5707893..54ee700abef 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -219,6 +219,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOCK_PARENT), "unable to lock parent"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_RESEED), "unable to reseed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNEXPECTED_KEY_OID), + "unexpected key oid"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNEXPECTED_KEY_PARAMETERS), + "unexpected key parameters"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG), "unsupported cek alg"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE), diff --git a/providers/decoders.inc b/providers/decoders.inc index 49ac6719427..ae94042b828 100644 --- a/providers/decoders.inc +++ b/providers/decoders.inc @@ -74,6 +74,14 @@ DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no), DECODER_w_structure("SM2", der, type_specific_no_pub, sm2, no), # endif #endif +#ifndef OPENSSL_NO_ML_KEM +DECODER_w_structure("ML-KEM-512", der, PrivateKeyInfo, ml_kem_512, yes), +DECODER_w_structure("ML-KEM-512", der, SubjectPublicKeyInfo, ml_kem_512, yes), +DECODER_w_structure("ML-KEM-768", der, PrivateKeyInfo, ml_kem_768, yes), +DECODER_w_structure("ML-KEM-768", der, SubjectPublicKeyInfo, ml_kem_768, yes), +DECODER_w_structure("ML-KEM-1024", der, PrivateKeyInfo, ml_kem_1024, yes), +DECODER_w_structure("ML-KEM-1024", der, SubjectPublicKeyInfo, ml_kem_1024, yes), +#endif DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes), DECODER_w_structure("RSA", der, SubjectPublicKeyInfo, rsa, yes), DECODER_w_structure("RSA", der, type_specific_keypair, rsa, yes), diff --git a/providers/encoders.inc b/providers/encoders.inc index 76f0b73545a..74931909440 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -67,6 +67,11 @@ ENCODER_TEXT("X448", x448, yes), ENCODER_TEXT("SM2", sm2, no), # endif #endif +#ifndef OPENSSL_NO_ML_KEM +ENCODER_TEXT("ML-KEM-512", ml_kem_512, yes), +ENCODER_TEXT("ML-KEM-768", ml_kem_768, yes), +ENCODER_TEXT("ML-KEM-1024", ml_kem_1024, yes), +#endif # ifndef OPENSSL_NO_ML_DSA ENCODER_TEXT("ML-DSA-44", ml_dsa_44, yes), @@ -189,6 +194,16 @@ ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo), ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo), +# ifndef OPENSSL_NO_SM2 +ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo), +ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo), +# endif +#endif + #ifndef OPENSSL_NO_ECX ENCODER_w_structure("X25519", x25519, yes, der, EncryptedPrivateKeyInfo), ENCODER_w_structure("X25519", x25519, yes, pem, EncryptedPrivateKeyInfo), @@ -217,16 +232,29 @@ ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo), ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo), ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo), -# endif +#endif -# ifndef OPENSSL_NO_SM2 -ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo), -ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo), -# endif +#ifndef OPENSSL_NO_ML_KEM +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, SubjectPublicKeyInfo), + +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, SubjectPublicKeyInfo), + +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, PrivateKeyInfo), +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, SubjectPublicKeyInfo), #endif # ifndef OPENSSL_NO_ML_DSA diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 06e06a89ecf..10ed646d040 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -772,8 +772,8 @@ static EVP_PKEY *self_test_kem_keygen(const ST_KAT_KEM *t, OSSL_SELF_TEST *st, goto err; /* Compare outputs */ - *params = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - buf, s); + *params = OSSL_PARAM_construct_octet_string( + OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, buf, s); if (!EVP_PKEY_get_params(r, params)) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, buf); diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index b77690a7734..4ae31ad18dd 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -13,6 +13,8 @@ */ #include "internal/deprecated.h" +#include +#include #include #include #include @@ -32,12 +34,34 @@ #include "crypto/rsa.h" #include "crypto/ml_dsa.h" #include "crypto/x509.h" +#include "crypto/ml_kem.h" +#include "openssl/obj_mac.h" #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" #include "internal/nelem.h" #include "ml_dsa_codecs.h" +#ifndef OPENSSL_NO_ML_KEM +typedef struct { + ASN1_OBJECT *oid; +} BARE_ALGOR; + +typedef struct { + BARE_ALGOR algor; + ASN1_BIT_STRING *pubkey; +} BARE_PUBKEY; + +ASN1_SEQUENCE(BARE_ALGOR) = { + ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT), +} static_ASN1_SEQUENCE_END(BARE_ALGOR) + +ASN1_SEQUENCE(BARE_PUBKEY) = { + ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR), + ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING) +} static_ASN1_SEQUENCE_END(BARE_PUBKEY) +#endif + struct der2key_ctx_st; /* Forward declaration */ typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); @@ -552,6 +576,234 @@ static void *sm2_d2i_PKCS8(const unsigned char **der, long der_len, (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); } # endif + +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_ML_KEM + +/* For lengths between 256 and 65535 the DER encoding is 4 bytes longer */ +#define ML_KEM_OCTET_STRING_OVERHEAD 4 + +/*- + * The DER ASN.1 encoding of ML-KEM and ML-DSA public keys prepends 22 bytes to + * the encoded public key: + * + * - 4 byte outer sequence tag and length + * - 2 byte algorithm sequence tag and length + * - 2 byte algorithm OID tag and length + * - 9 byte algorithm OID (from NIST CSOR OID arc) + * - 4 byte bit string tag and length + * - 1 bitstring lead byte + */ +#define ML_KEM_SPKI_OVERHEAD 22 + +/* + * The accepted private key format is either the 64-bytes (d, z) seed pair, or + * else the optionally DER wrapped octet-string encoding (one byte tag, three + * byte length) of the FIPS 203 expanded |dk| key, optionally concatenated with + * the public |ek|. We don't need to worry about whether the public key is or + * isn't appended, those are just ignored bytes at the end of an input buffer. + */ +typedef enum { + NONE_FMT, /* Unknown or unsupported format */ + SEED_FMT, /* Just the seed, no DER wrapping */ + LONG_FMT, /* Key(s), no octet-string DER wrapping */ + ASN1_FMT /* Key(s), octet-string DER wrapped */ +} ML_KEM_PRIV_FMT; + +static void * +ml_kem_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx) +{ + const ML_KEM_VINFO *vinfo; + ML_KEM_KEY *key = NULL, *ret = NULL; + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const unsigned char *p; + const X509_ALGOR *alg = NULL; + ML_KEM_PRIV_FMT fmt; + int plen, ptype, privlen, pairlen; + uint16_t keylen; + + /* Extract the key OID and any parameters (we want none of those) */ + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL) + return 0; + if (!PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf)) + goto end; + + /* Bail out early if this is some other key type. */ + if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type) + goto end; + vinfo = ossl_ml_kem_get_vinfo(ctx->desc->evp_type); + + /* Parameters must be absent. */ + X509_ALGOR_get0(NULL, &ptype, NULL, alg); + if (ptype != V_ASN1_UNDEF) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS, + "unexpected parameters with a PKCS#8 %s private key", + vinfo->algorithm_name); + goto end; + } + privlen = (int) vinfo->prvkey_bytes; + pairlen = (int) (vinfo->prvkey_bytes + vinfo->pubkey_bytes); + + if (plen == ML_KEM_SEED_BYTES) + fmt = SEED_FMT; + else if (plen == privlen || plen == pairlen) + fmt = LONG_FMT; + else if (plen == ML_KEM_OCTET_STRING_OVERHEAD + privlen + || plen == ML_KEM_OCTET_STRING_OVERHEAD + pairlen) + fmt = ASN1_FMT; + else + fmt = NONE_FMT; + + switch (fmt) { + case NONE_FMT: + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, + "unexpected PKCS#8 private key length: %d", plen); + break; + case SEED_FMT: + if ((key = ossl_ml_kem_key_new(libctx, ctx->propq, + ctx->desc->evp_type)) != NULL + && ossl_ml_kem_genkey(p, p + ML_KEM_RANDOM_BYTES, NULL, 0, key)) + ret = key; + else + ERR_raise_data(ERR_LIB_PROV, PROV_R_GENERATE_ERROR, + "error generating %s private key from seed", + vinfo->algorithm_name); + break; + case ASN1_FMT: + if (*p++ != V_ASN1_OCTET_STRING || *p++ != 0x82) + break; + p = OPENSSL_load_u16_be(&keylen, p); + if (keylen != (plen -= ML_KEM_OCTET_STRING_OVERHEAD)) + break; + /* fallthrough */ + case LONG_FMT: + /* Check public key consistency if provided? */ + if ((key = ossl_ml_kem_key_new(libctx, ctx->propq, + ctx->desc->evp_type)) != NULL + && ossl_ml_kem_parse_private_key(p, vinfo->prvkey_bytes, key)) + ret = key; + else + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY, + "error parsing %s private key", + vinfo->algorithm_name); + break; + } + + end: + PKCS8_PRIV_KEY_INFO_free(p8inf); + if (ret == NULL) + ossl_ml_kem_key_free(key); + return ret; +} + +static ossl_inline void * +ml_kem_d2i_PUBKEY(const uint8_t **der, long der_len, + struct der2key_ctx_st *ctx) +{ + const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(ctx->desc->evp_type); + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); + ML_KEM_KEY *ret = NULL; + BARE_PUBKEY *spki; + const uint8_t *end = *der; + + /* + * Not our NID! Is there a sensible error to report here? Why was this + * decoder called? + */ + if (vinfo == NULL) + return NULL; + + /* + * Check that we have the right OID, the bit string has no "bits left" and + * that we consume all the input exactly. + */ + if (der_len != ML_KEM_SPKI_OVERHEAD + (long) vinfo->pubkey_bytes) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, + "unexpected %s public key length: %ld != %ld", + vinfo->algorithm_name, der_len, + ML_KEM_SPKI_OVERHEAD + (long) vinfo->pubkey_bytes); + return NULL; + } + + if ((spki = OPENSSL_zalloc(sizeof(*spki))) == NULL) + return NULL; + + /* The spki storage is freed on error */ + if (ASN1_item_d2i_ex((ASN1_VALUE **)&spki, &end, der_len, + ASN1_ITEM_rptr(BARE_PUBKEY), NULL, NULL) == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, + "malformed %s public key ASN.1 encoding", + vinfo->algorithm_name); + return NULL; + } + + /* The spki structure now owns some memory */ + if ((spki->pubkey->flags & 0x7) != 0 || end != *der + der_len) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, + "malformed %s public key ASN.1 encoding", + vinfo->algorithm_name); + goto end; + } + if (OBJ_cmp(OBJ_nid2obj(ctx->desc->evp_type), spki->algor.oid) != 0) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, + "unexpected algorithm OID for an %s public key", + vinfo->algorithm_name); + goto end; + } + + ret = ossl_ml_kem_key_new(libctx, ctx->propq, ctx->desc->evp_type); + if (ret == NULL + || !ossl_ml_kem_parse_public_key(spki->pubkey->data, + spki->pubkey->length, ret)) { + ossl_ml_kem_key_free(ret); + ret = NULL; + ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, + "failed to parse %s public key from the input data", + vinfo->algorithm_name); + } + + end: + ASN1_OBJECT_free(spki->algor.oid); + ASN1_BIT_STRING_free(spki->pubkey); + OPENSSL_free(spki); + return ret; +} + + +# define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512 +# define ml_kem_512_d2i_private_key NULL +# define ml_kem_512_d2i_public_key NULL +# define ml_kem_512_d2i_key_params NULL +# define ml_kem_512_d2i_PUBKEY ml_kem_d2i_PUBKEY +# define ml_kem_512_d2i_PKCS8 ml_kem_d2i_PKCS8 +# define ml_kem_512_free (free_key_fn *)ossl_ml_kem_key_free +# define ml_kem_512_check NULL +# define ml_kem_512_adjust NULL + +# define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768 +# define ml_kem_768_d2i_private_key NULL +# define ml_kem_768_d2i_public_key NULL +# define ml_kem_768_d2i_key_params NULL +# define ml_kem_768_d2i_PUBKEY ml_kem_d2i_PUBKEY +# define ml_kem_768_d2i_PKCS8 ml_kem_d2i_PKCS8 +# define ml_kem_768_free (free_key_fn *)ossl_ml_kem_key_free +# define ml_kem_768_check NULL +# define ml_kem_768_adjust NULL + +# define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024 +# define ml_kem_1024_d2i_private_key NULL +# define ml_kem_1024_d2i_public_key NULL +# define ml_kem_1024_d2i_PUBKEY ml_kem_d2i_PUBKEY +# define ml_kem_1024_d2i_PKCS8 ml_kem_d2i_PKCS8 +# define ml_kem_1024_d2i_key_params NULL +# define ml_kem_1024_free (free_key_fn *)ossl_ml_kem_key_free +# define ml_kem_1024_check NULL +# define ml_kem_1024_adjust NULL + #endif /* ---------------------------------------------------------------------- */ @@ -925,6 +1177,14 @@ MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub); # endif #endif +#ifndef OPENSSL_NO_ML_KEM +MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, PrivateKeyInfo); +MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, SubjectPublicKeyInfo); +MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, PrivateKeyInfo); +MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, SubjectPublicKeyInfo); +MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, PrivateKeyInfo); +MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, SubjectPublicKeyInfo); +#endif MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair); diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 9f43b17f840..837f14626b5 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -29,6 +29,7 @@ #include "internal/passphrase.h" #include "internal/cryptlib.h" #include "crypto/ecx.h" +#include "crypto/ml_kem.h" #include "crypto/rsa.h" #include "crypto/ml_dsa.h" #include "prov/implementations.h" @@ -877,6 +878,83 @@ static int ml_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder, /* ---------------------------------------------------------------------- */ +#ifndef OPENSSL_NO_ML_KEM + +static int ml_kem_spki_pub_to_der(const void *vkey, unsigned char **pder, + ossl_unused void *ctx) +{ + const ML_KEM_KEY *key = vkey; + size_t publen; + + if (!ossl_ml_kem_have_pubkey(key)) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + publen = key->vinfo->pubkey_bytes; + + if (pder != NULL + && ((*pder = OPENSSL_malloc(publen)) == NULL + || !ossl_ml_kem_encode_public_key(*pder, publen, key))) + return 0; + + return publen; +} + +static int ml_kem_pki_priv_to_der(const void *vkey, unsigned char **pder, + ossl_unused void *ctx) +{ + const ML_KEM_KEY *key = vkey; + int len = ML_KEM_SEED_BYTES; + + if (!ossl_ml_kem_have_prvkey(key)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, + "no %s private key data available", + key->vinfo->algorithm_name); + return 0; + } + + /* + * Output the seed bytes directly when available, but otherwise, be + * compatible with Bouncy Castle's non-seed "long" output format, which is + * just the FIPS 203 |dk| private key bytes sans DER octet-string wrapping. + */ + if (ossl_ml_kem_have_seed(key)) + len = ML_KEM_SEED_BYTES; + else + len = key->vinfo->prvkey_bytes; + + if (pder == NULL) + return len; + + if ((*pder = OPENSSL_malloc(len)) == NULL) + return 0; + + if (ossl_ml_kem_have_seed(key)) { + if (ossl_ml_kem_encode_key_seed(*pder, len, key)) + return len; + } else { + if (ossl_ml_kem_encode_private_key(*pder, len, key)) + return len; + } + + OPENSSL_free(*pder); + return 0; +} + +# define ml_kem_epki_priv_to_der ml_kem_pki_priv_to_der +# define prepare_ml_kem_params NULL +# define ml_kem_check_key_type NULL + +# define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512 +# define ml_kem_512_pem_type "ML-KEM-512" +# define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768 +# define ml_kem_768_pem_type "ML-KEM-768" +# define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024 +# define ml_kem_1024_pem_type "ML-KEM-1024" +#endif + +/* ---------------------------------------------------------------------- */ + /* * Helper functions to prepare RSA-PSS params for encoding. We would * have simply written the whole AlgorithmIdentifier, but existing libcrypto @@ -1478,6 +1556,29 @@ MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, pem); # endif #endif +#ifndef OPENSSL_NO_ML_KEM +MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, der); +MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, pem); + +MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, der); +MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, pem); + +MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, der); +MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, pem); +MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, der); +MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, pem); +#endif + /* * Support for key type specific output formats. Not all key types have * this, we only aim to duplicate what is available in 1.1.1 as diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index e50eff4c205..9c7a59f45f3 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -23,6 +23,7 @@ #include "crypto/dsa.h" /* ossl_dsa_get0_params() */ #include "crypto/ec.h" /* ossl_ec_key_get_libctx */ #include "crypto/ecx.h" /* ECX_KEY, etc... */ +#include "crypto/ml_kem.h" /* ML_KEM_KEY, etc... */ #include "crypto/rsa.h" /* RSA_PSS_PARAMS_30, etc... */ #include "crypto/ml_dsa.h" #include "prov/bio.h" @@ -430,7 +431,74 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 1; } +#endif + +/* ---------------------------------------------------------------------- */ + +#ifndef OPENSSL_NO_ML_KEM +static int ml_kem_to_text(BIO *out, const void *vkey, int selection) +{ + const ML_KEM_KEY *key = vkey; + uint8_t seed[ML_KEM_SEED_BYTES], *prvenc = NULL, *pubenc = NULL; + size_t publen, prvlen; + const char *type_label = NULL; + int ret = 0; + + if (out == NULL || key == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + type_label = key->vinfo->algorithm_name; + publen = key->vinfo->pubkey_bytes; + prvlen = key->vinfo->prvkey_bytes; + + if (!ossl_ml_kem_have_pubkey(key)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, + "no %s key material available", + type_label); + return 0; + } + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (!ossl_ml_kem_have_prvkey(key)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY, + "no %s private key material available", + key->vinfo->algorithm_name); + return 0; + } + if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0) + return 0; + + if ((prvenc = OPENSSL_malloc(prvlen)) == NULL) + return 0; + + if (ossl_ml_kem_have_seed(key)) { + if (!ossl_ml_kem_encode_key_seed(seed, sizeof(seed), key)) + goto end; + if (!ossl_bio_print_labeled_buf(out, "seed:", seed, sizeof(seed))) + goto end; + } + + if (!ossl_ml_kem_encode_private_key(prvenc, prvlen, key)) + goto end; + if (!ossl_bio_print_labeled_buf(out, "dk:", prvenc, prvlen)) + goto end; + } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0) + goto end; + } + + pubenc = OPENSSL_malloc(key->vinfo->pubkey_bytes); + if (pubenc != NULL) + ret = ossl_ml_kem_encode_public_key(pubenc, publen, key) + && ossl_bio_print_labeled_buf(out, "ek:", pubenc, publen); + + end: + OPENSSL_free(pubenc); + OPENSSL_free(prvenc); + return ret; +} #endif /* ---------------------------------------------------------------------- */ @@ -689,6 +757,11 @@ MAKE_TEXT_ENCODER(x25519, ecx); MAKE_TEXT_ENCODER(x448, ecx); # endif #endif +#ifndef OPENSSL_NO_ML_KEM +MAKE_TEXT_ENCODER(ml_kem_512, ml_kem); +MAKE_TEXT_ENCODER(ml_kem_768, ml_kem); +MAKE_TEXT_ENCODER(ml_kem_1024, ml_kem); +#endif MAKE_TEXT_ENCODER(rsa, rsa); MAKE_TEXT_ENCODER(rsapss, rsa); diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 79ee0628c9a..06d1b3304a7 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -627,6 +627,38 @@ extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed25519_decoder_func extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed448_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed448_decoder_functions[]; +#ifndef OPENSSL_NO_ML_KEM +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_512_decoder_functions[]; +extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_512_decoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_512_to_text_encoder_functions[]; + +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_768_decoder_functions[]; +extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_768_decoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_768_to_text_encoder_functions[]; + +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_1024_decoder_functions[]; +extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_1024_decoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ml_kem_1024_to_text_encoder_functions[]; +#endif + #ifndef OPENSSL_NO_SM2 extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[]; diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h index 0bd64fe3fe3..9fc31947776 100644 --- a/providers/implementations/include/prov/names.h +++ b/providers/implementations/include/prov/names.h @@ -390,11 +390,11 @@ #define PROV_DESCS_ML_DSA_65 "OpenSSL ML-DSA-65 implementation" #define PROV_NAMES_ML_DSA_87 "ML-DSA-87:2.16.840.1.101.3.4.3.19:id-ml-dsa-87" #define PROV_DESCS_ML_DSA_87 "OpenSSL ML-DSA-87 implementation" -#define PROV_NAMES_ML_KEM_512 "ML-KEM-512:MLKEM512" +#define PROV_NAMES_ML_KEM_512 "ML-KEM-512:MLKEM512:2.16.840.1.101.3.4.4.1" #define PROV_DESCS_ML_KEM_512 "OpenSSL ML-KEM-512 implementation" -#define PROV_NAMES_ML_KEM_768 "ML-KEM-768:MLKEM768" +#define PROV_NAMES_ML_KEM_768 "ML-KEM-768:MLKEM768:2.16.840.1.101.3.4.4.2" #define PROV_DESCS_ML_KEM_768 "OpenSSL ML-KEM-768 implementation" -#define PROV_NAMES_ML_KEM_1024 "ML-KEM-1024:MLKEM1024" +#define PROV_NAMES_ML_KEM_1024 "ML-KEM-1024:MLKEM1024:2.16.840.1.101.3.4.4.3" #define PROV_DESCS_ML_KEM_1024 "OpenSSL ML-KEM-1024 implementation" #define PROV_NAMES_X25519MLKEM768 "X25519MLKEM768" #define PROV_DESCS_X25519MLKEM768 "X25519+ML-KEM-768 TLS hybrid implementation" diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c index 01f76123714..e2782316368 100644 --- a/providers/implementations/keymgmt/ml_kem_kmgmt.c +++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c @@ -32,6 +32,9 @@ static OSSL_FUNC_keymgmt_gen_init_fn ml_kem_1024_gen_init; static OSSL_FUNC_keymgmt_gen_cleanup_fn ml_kem_gen_cleanup; static OSSL_FUNC_keymgmt_gen_set_params_fn ml_kem_gen_set_params; static OSSL_FUNC_keymgmt_gen_settable_params_fn ml_kem_gen_settable_params; +#ifndef FIPS_MODULE +static OSSL_FUNC_keymgmt_load_fn ml_kem_load; +#endif static OSSL_FUNC_keymgmt_get_params_fn ml_kem_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn ml_kem_gettable_params; static OSSL_FUNC_keymgmt_set_params_fn ml_kem_set_params; @@ -51,7 +54,7 @@ typedef struct ml_kem_gen_ctx_st { OSSL_LIB_CTX *libctx; char *propq; int selection; - int variant; + int evp_type; uint8_t seedbuf[ML_KEM_SEED_BYTES]; uint8_t *seed; } PROV_ML_KEM_GEN_CTX; @@ -122,11 +125,11 @@ err: } #endif /* FIPS_MODULE */ -static void *ml_kem_new(OSSL_LIB_CTX *libctx, char *propq, int variant) +static void *ml_kem_new(OSSL_LIB_CTX *libctx, char *propq, int evp_type) { if (!ossl_prov_is_running()) return NULL; - return ossl_ml_kem_key_new(libctx, propq, variant); + return ossl_ml_kem_key_new(libctx, propq, evp_type); } static int ml_kem_has(const void *vkey, int selection) @@ -171,6 +174,7 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb, uint8_t *pubenc = NULL; uint8_t *prvenc = NULL; const ML_KEM_VINFO *v; + size_t prvlen = 0; int ret = 0; if (!ossl_prov_is_running() || key == NULL) @@ -188,7 +192,8 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb, if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { pubenc = OPENSSL_malloc(v->pubkey_bytes); - if (pubenc == NULL) + if (pubenc == NULL + || !ossl_ml_kem_encode_public_key(pubenc, v->pubkey_bytes, key)) goto err; } @@ -199,9 +204,17 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb, * ossl_param_build_set_octet_string(), which will then also use the * secure heap. */ - prvenc = OPENSSL_secure_zalloc(v->prvkey_bytes); - if (prvenc == NULL) - goto err; + if (ossl_ml_kem_have_seed(key)) { + prvlen = ML_KEM_SEED_BYTES; + if ((prvenc = OPENSSL_secure_zalloc(prvlen)) == NULL + || !ossl_ml_kem_encode_key_seed(prvenc, prvlen, key)) + goto err; + } else { + prvlen = v->prvkey_bytes; + if ((prvenc = OPENSSL_secure_zalloc(prvlen)) == NULL + || !ossl_ml_kem_encode_private_key(prvenc, prvlen, key)) + goto err; + } } tmpl = OSSL_PARAM_BLD_new(); @@ -209,19 +222,18 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb, goto err; /* The public key on request; it is always available when either is */ - if (pubenc != NULL) - if (!ossl_ml_kem_encode_public_key(pubenc, v->pubkey_bytes, key) - || !ossl_param_build_set_octet_string( - tmpl, params, OSSL_PKEY_PARAM_PUB_KEY, - pubenc, v->pubkey_bytes)) + if (pubenc != NULL + && !ossl_param_build_set_octet_string( + tmpl, params, OSSL_PKEY_PARAM_PUB_KEY, pubenc, v->pubkey_bytes)) goto err; - /* The private key on request */ - if (prvenc != NULL && ossl_ml_kem_have_prvkey(key)) - if (!ossl_ml_kem_encode_private_key(prvenc, v->prvkey_bytes, key) - || !ossl_param_build_set_octet_string( - tmpl, params, OSSL_PKEY_PARAM_PRIV_KEY, - prvenc, v->prvkey_bytes)) + /*- + * The private key on request, in the (d, z) seed format, when available, + * otherwise in the FIPS 203 |dk| format. + */ + if (prvenc != NULL + && !ossl_param_build_set_octet_string( + tmpl, params, OSSL_PKEY_PARAM_PRIV_KEY, prvenc, prvlen)) goto err; params = OSSL_PARAM_BLD_to_param(tmpl); @@ -233,7 +245,7 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb, err: OSSL_PARAM_BLD_free(tmpl); - OPENSSL_secure_clear_free(prvenc, v->prvkey_bytes); + OPENSSL_secure_clear_free(prvenc, prvlen); OPENSSL_free(pubenc); return ret; } @@ -255,7 +267,8 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *param_prv_key = NULL, *param_pub_key; + const OSSL_PARAM *p = NULL; + const uint8_t *d = NULL, *z = NULL; const void *pubenc = NULL, *prvenc = NULL; size_t publen = 0, prvlen = 0; const ML_KEM_VINFO *v; @@ -266,17 +279,34 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key, v = ossl_ml_kem_key_vinfo(key); /* What does the caller want to set? */ - param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (param_pub_key != NULL && - OSSL_PARAM_get_octet_string_ptr(param_pub_key, &pubenc, &publen) != 1) - return 0; - if (include_private) - param_prv_key = OSSL_PARAM_locate_const(params, - OSSL_PKEY_PARAM_PRIV_KEY); - if (param_prv_key != NULL && - OSSL_PARAM_get_octet_string_ptr(param_prv_key, &prvenc, &prvlen) != 1) + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + if (p != NULL && + OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1) return 0; + /* + * Accept private keys in either expanded or seed form, distinguished by + * length alone. Accept either the "raw" or "encoded" parameters as the + * input source, preferring the raw, which is expected to be the seed if + * the caller supports seeds as a key format. + */ + if (include_private) { + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + if (p == NULL) + p = OSSL_PARAM_locate_const(params, + OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY); + if (p != NULL + && OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1) + return 0; + if (prvlen == ML_KEM_SEED_BYTES) { + d = (uint8_t *)prvenc; + z = d + ML_KEM_RANDOM_BYTES; + } else if (prvlen != 0 && prvlen != v->prvkey_bytes) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + } + /* The caller MUST specify at least one of the public or private keys. */ if (publen == 0 && prvlen == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); @@ -292,15 +322,14 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } - if (prvlen != 0 && prvlen != v->prvkey_bytes) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } /* * If the private key is given, we'll ignore the public key data, taking - * the embedded public key as authoritative. + * the embedded public key as authoritative. For import, the private key + * is in either (d, z) seed format or the FIPS 203 expanded format. */ + if (d != NULL) + return ossl_ml_kem_genkey(d, z, NULL, 0, key); if (prvlen != 0) return ossl_ml_kem_parse_private_key(prvenc, prvlen, key); return ossl_ml_kem_parse_public_key(pubenc, publen, key); @@ -336,13 +365,29 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx) OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, NULL, 0), OSSL_PARAM_END }; return arr; } +#ifndef FIPS_MODULE +void *ml_kem_load(const void *reference, size_t reference_sz) +{ + ML_KEM_KEY *key = NULL; + + if (ossl_prov_is_running() && reference_sz == sizeof(key)) { + /* The contents of the reference is the address to our object */ + key = *(ML_KEM_KEY **)reference; + /* We grabbed, so we detach it */ + *(ML_KEM_KEY **)reference = NULL; + return key; + } + return NULL; +} +#endif + /* * It is assumed the key is guaranteed non-NULL here, and is from this provider */ @@ -380,7 +425,7 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[]) } } - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY); if (p != NULL && ossl_ml_kem_have_prvkey(key)) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; @@ -392,6 +437,7 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[]) return 0; } } + return 1; } @@ -399,6 +445,7 @@ static const OSSL_PARAM *ml_kem_settable_params(void *provctx) { static const OSSL_PARAM arr[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, NULL, 0), OSSL_PARAM_END }; @@ -408,16 +455,32 @@ static const OSSL_PARAM *ml_kem_settable_params(void *provctx) static int ml_kem_set_params(void *vkey, const OSSL_PARAM params[]) { ML_KEM_KEY *key = vkey; - const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key); const OSSL_PARAM *p; - const void *pubenc = NULL; - size_t publen = 0; + const void *pubenc = NULL, *prvenc = NULL; + size_t publen = 0, prvlen = 0; if (ossl_param_is_empty(params)) return 1; - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); - if (p == NULL) + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY); + if (p != NULL + && (OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1 + || prvlen != key->vinfo->prvkey_bytes)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + + if (prvlen == 0) { + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); + if (p != NULL + && (OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1 + || publen != key->vinfo->pubkey_bytes)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + } + + if (publen == 0 && prvlen == 0) return 1; /* Key mutation is reportedly generally not allowed */ @@ -427,16 +490,11 @@ static int ml_kem_set_params(void *vkey, const OSSL_PARAM params[]) "ML-KEM keys cannot be mutated"); return 0; } - /* An unlikely failure mode is the parameter having some unexpected type */ - if (!OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen)) - return 0; - - if (publen != v->pubkey_bytes) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); - return 0; - } - return ossl_ml_kem_parse_public_key(pubenc, publen, key); + if (prvlen) + return ossl_ml_kem_parse_private_key(prvenc, prvlen, key); + else + return ossl_ml_kem_parse_public_key(pubenc, publen, key); } static int ml_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[]) @@ -476,7 +534,7 @@ static int ml_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[]) } static void *ml_kem_gen_init(void *provctx, int selection, - const OSSL_PARAM params[], int variant) + const OSSL_PARAM params[], int evp_type) { PROV_ML_KEM_GEN_CTX *gctx = NULL; @@ -490,7 +548,7 @@ static void *ml_kem_gen_init(void *provctx, int selection, return NULL; gctx->selection = selection; - gctx->variant = variant; + gctx->evp_type = evp_type; if (provctx != NULL) gctx->libctx = PROV_LIBCTX_OF(provctx); if (ml_kem_gen_set_params(gctx, params)) @@ -523,7 +581,7 @@ static void *ml_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx == NULL || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_PUBLIC_KEY - || (key = ml_kem_new(gctx->libctx, gctx->propq, gctx->variant)) == NULL) + || (key = ml_kem_new(gctx->libctx, gctx->propq, gctx->evp_type)) == NULL) return NULL; if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) @@ -571,16 +629,23 @@ static void *ml_kem_dup(const void *vkey, int selection) return ossl_ml_kem_key_dup(key, selection); } +#ifndef FIPS_MODULE +# define DISPATCH_LOAD_FN \ + { OSSL_FUNC_KEYMGMT_LOAD, (OSSL_FUNC) ml_kem_load }, +#else +# define DISPATCH_LOAD_FN /* Non-FIPS only */ +#endif + #define DECLARE_VARIANT(bits) \ static void *ml_kem_##bits##_new(void *provctx) \ { \ return ml_kem_new(provctx == NULL ? NULL : PROV_LIBCTX_OF(provctx), \ - NULL, ML_KEM_##bits##_VARIANT); \ + NULL, NID_ML_KEM_##bits); \ } \ static void *ml_kem_##bits##_gen_init(void *provctx, int selection, \ const OSSL_PARAM params[]) \ { \ - return ml_kem_gen_init(provctx, selection, params, ML_KEM_##bits##_VARIANT); \ + return ml_kem_gen_init(provctx, selection, params, NID_ML_KEM_##bits); \ } \ const OSSL_DISPATCH ossl_ml_kem_##bits##_keymgmt_functions[] = { \ { OSSL_FUNC_KEYMGMT_NEW, (OSSL_FUNC) ml_kem_##bits##_new }, \ @@ -596,6 +661,7 @@ static void *ml_kem_dup(const void *vkey, int selection) { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, (OSSL_FUNC) ml_kem_gen_settable_params }, \ { OSSL_FUNC_KEYMGMT_GEN, (OSSL_FUNC) ml_kem_gen }, \ { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (OSSL_FUNC) ml_kem_gen_cleanup }, \ + DISPATCH_LOAD_FN \ { OSSL_FUNC_KEYMGMT_DUP, (OSSL_FUNC) ml_kem_dup }, \ { OSSL_FUNC_KEYMGMT_IMPORT, (OSSL_FUNC) ml_kem_import }, \ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (OSSL_FUNC) ml_kem_imexport_types }, \ diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c index d0dce6202c5..efd766bb79b 100644 --- a/providers/implementations/keymgmt/mlx_kmgmt.c +++ b/providers/implementations/keymgmt/mlx_kmgmt.c @@ -44,11 +44,11 @@ static const int minimal_selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS /* Must match DECLARE_DISPATCH invocations at the end of the file */ static const ECDH_VINFO hybrid_vtable[] = { - { "EC", "P-256", 65, 32, 32, 1, ML_KEM_768_VARIANT }, - { "EC", "P-384", 97, 48, 48, 1, ML_KEM_1024_VARIANT }, + { "EC", "P-256", 65, 32, 32, 1, NID_ML_KEM_768 }, + { "EC", "P-384", 97, 48, 48, 1, NID_ML_KEM_1024 }, #if !defined(OPENSSL_NO_ECX) - { "X25519", NULL, 32, 32, 32, 0, ML_KEM_768_VARIANT }, - { "X448", NULL, 56, 56, 56, 0, ML_KEM_1024_VARIANT }, + { "X25519", NULL, 32, 32, 32, 0, NID_ML_KEM_768 }, + { "X448", NULL, 56, 56, 56, 0, NID_ML_KEM_1024 }, #endif }; @@ -56,7 +56,7 @@ typedef struct mlx_kem_gen_ctx_st { OSSL_LIB_CTX *libctx; char *propq; int selection; - unsigned int variant; + unsigned int evp_type; } PROV_ML_KEM_GEN_CTX; static void mlx_kem_key_free(void *vkey) @@ -648,8 +648,8 @@ static int mlx_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[]) return 1; } -static void *mlx_kem_gen_init(int v, OSSL_LIB_CTX *libctx, int selection, - const OSSL_PARAM params[]) +static void *mlx_kem_gen_init(int evp_type, OSSL_LIB_CTX *libctx, + int selection, const OSSL_PARAM params[]) { PROV_ML_KEM_GEN_CTX *gctx = NULL; @@ -662,7 +662,7 @@ static void *mlx_kem_gen_init(int v, OSSL_LIB_CTX *libctx, int selection, || (gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) return NULL; - gctx->variant = v; + gctx->evp_type = evp_type; gctx->libctx = libctx; gctx->selection = selection; if (mlx_kem_gen_set_params(gctx, params)) @@ -696,7 +696,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) /* Lose ownership of propq */ gctx->propq = NULL; - if ((key = mlx_kem_key_new(gctx->variant, gctx->libctx, propq)) == NULL) + if ((key = mlx_kem_key_new(gctx->evp_type, gctx->libctx, propq)) == NULL) return NULL; if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) diff --git a/test/endecode_test.c b/test/endecode_test.c index e730ac4ca52..0ec10f5ae6e 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -106,8 +106,11 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) } #endif -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_ML_DSA) +#if !defined(OPENSSL_NO_DH) || \ + !defined(OPENSSL_NO_DSA) || \ + !defined(OPENSSL_NO_EC) || \ + !defined(OPENSSL_NO_ML_DSA) || \ + !defined(OPENSSL_NO_ML_KEM) static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, OSSL_PARAM *genparams) { @@ -1038,6 +1041,12 @@ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") KEYS(SM2); IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) # endif +#endif +#ifndef OPENSSL_NO_ECX +/* + * ED25519, ED448, X25519 and X448 have no support for + * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. + */ KEYS(ED25519); IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); @@ -1046,10 +1055,19 @@ KEYS(X25519); IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) KEYS(X448); IMPLEMENT_TEST_SUITE(X448, "X448", 1) +#endif +#ifndef OPENSSL_NO_ML_KEM /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. + * ML-KEM has no support for PEM_write_bio_PrivateKey_traditional(), so no + * legacy tests. + * TODO(ML-KEM): FIPS */ +KEYS(ML_KEM_512); +IMPLEMENT_TEST_SUITE(ML_KEM_512, "ML-KEM-512", 1) +KEYS(ML_KEM_768); +IMPLEMENT_TEST_SUITE(ML_KEM_768, "ML-KEM-768", 1) +KEYS(ML_KEM_1024); +IMPLEMENT_TEST_SUITE(ML_KEM_1024, "ML-KEM-1024", 1) #endif KEYS(RSA); IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) @@ -1415,6 +1433,8 @@ int setup_tests(void) # ifndef OPENSSL_NO_SM2 MAKE_KEYS(SM2, "SM2", NULL); # endif +#endif +#ifndef OPENSSL_NO_ECX MAKE_KEYS(ED25519, "ED25519", NULL); MAKE_KEYS(ED448, "ED448", NULL); MAKE_KEYS(X25519, "X25519", NULL); @@ -1427,6 +1447,11 @@ int setup_tests(void) MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL); } #endif /* OPENSSL_NO_ML_DSA */ +#ifndef OPENSSL_NO_ML_KEM + MAKE_KEYS(ML_KEM_512, "ML-KEM-512", NULL); + MAKE_KEYS(ML_KEM_768, "ML-KEM-768", NULL); + MAKE_KEYS(ML_KEM_1024, "ML-KEM-1024", NULL); +#endif TEST_info("Loading RSA key..."); ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); @@ -1475,15 +1500,22 @@ int setup_tests(void) ADD_TEST_SUITE(SM2); } # endif +#endif +#ifndef OPENSSL_NO_ECX ADD_TEST_SUITE(ED25519); ADD_TEST_SUITE(ED448); ADD_TEST_SUITE(X25519); ADD_TEST_SUITE(X448); +#endif +#ifndef OPENSSL_NO_ML_KEM + ADD_TEST_SUITE(ML_KEM_512); + ADD_TEST_SUITE(ML_KEM_768); + ADD_TEST_SUITE(ML_KEM_1024); +#endif /* * ED25519, ED448, X25519 and X448 have no support for * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. */ -#endif ADD_TEST_SUITE(RSA); ADD_TEST_SUITE_LEGACY(RSA); ADD_TEST_SUITE(RSA_PSS); @@ -1543,10 +1575,17 @@ void cleanup_tests(void) # ifndef OPENSSL_NO_SM2 FREE_KEYS(SM2); # endif +#endif +#ifndef OPENSSL_NO_ECX FREE_KEYS(ED25519); FREE_KEYS(ED448); FREE_KEYS(X25519); FREE_KEYS(X448); +#endif +#ifndef OPENSSL_NO_ML_KEM + FREE_KEYS(ML_KEM_512); + FREE_KEYS(ML_KEM_768); + FREE_KEYS(ML_KEM_1024); #endif FREE_KEYS(RSA); FREE_KEYS(RSA_PSS); diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 1b5e5495188..20db61826fe 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -2575,6 +2575,14 @@ done: #endif #ifndef OPENSSL_NO_ML_KEM +static const uint8_t ml_kem_prvkey[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4, + 0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79, + 0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, + 0x87, 0x2b, 0xfb, 0x8f +}; static const uint8_t ml_kem_512_pubkey[] = { 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, @@ -2644,144 +2652,6 @@ static const uint8_t ml_kem_512_pubkey[] = { 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 }; -static const uint8_t ml_kem_512_prvkey[] = { - 0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c, 0x10, 0x9b, 0x41, 0x52, - 0x89, 0xf5, 0x6a, 0x9e, 0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a, - 0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04, 0x37, 0xa2, 0x64, 0xb0, - 0xbe, 0x9a, 0x1e, 0x8b, 0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80, - 0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2, 0x08, 0xf1, 0xc9, 0x14, - 0xf9, 0x64, 0xc1, 0xaa, 0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d, - 0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5, 0xcd, 0x15, 0xa3, 0xbc, - 0x7e, 0x74, 0xb6, 0xf2, 0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12, - 0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3, 0x8d, 0x5d, 0x1a, 0xcc, - 0x51, 0x15, 0x46, 0x2a, 0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23, - 0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea, 0x7a, 0x80, 0x37, 0x90, - 0xbc, 0x03, 0x93, 0xf3, 0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f, - 0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23, 0x62, 0x69, 0x30, 0x22, - 0x27, 0x04, 0xc0, 0x8f, 0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70, - 0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1, 0x62, 0xf4, 0x86, 0xbb, - 0xc6, 0x4a, 0x09, 0x71, 0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e, - 0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea, 0x7b, 0xf5, 0xe4, 0x00, - 0x7a, 0x66, 0x35, 0x88, 0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d, - 0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a, 0x95, 0x25, 0x69, 0x36, - 0x73, 0x88, 0x13, 0x0d, 0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c, - 0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6, 0xa5, 0x35, 0xd7, 0x92, - 0xd2, 0x90, 0x54, 0x74, 0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae, - 0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20, 0x66, 0xcd, 0xdb, 0x43, - 0xec, 0x05, 0x98, 0x4f, 0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6, - 0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98, 0x48, 0x87, 0x59, 0x19, - 0xe8, 0x9c, 0xc4, 0x39, 0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41, - 0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c, 0x99, 0x63, 0xb4, 0x7a, - 0x2a, 0x09, 0x92, 0x29, 0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d, - 0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25, 0x62, 0xaf, 0xb0, 0x84, - 0x83, 0x7a, 0xcb, 0x3c, 0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a, - 0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85, 0x29, 0x6e, 0x6b, 0x02, - 0xde, 0x0b, 0x47, 0xb5, 0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a, - 0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43, 0xc2, 0xb9, 0xc8, 0x4d, - 0x9d, 0xa9, 0x1c, 0x6c, 0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84, - 0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6, 0xc2, 0x5e, 0xb2, 0x98, - 0x44, 0xd8, 0x58, 0xba, 0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6, - 0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14, 0x49, 0x4e, 0xba, 0x28, - 0x8a, 0x65, 0x91, 0x51, 0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa, - 0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3, 0x46, 0x0f, 0x0a, 0xa0, - 0x1a, 0x87, 0xa6, 0xa5, 0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc, - 0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4, 0x16, 0x40, 0x50, 0x9d, - 0xbd, 0x0b, 0x40, 0x45, 0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74, - 0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80, 0xa6, 0xd7, 0xe3, 0x8a, - 0x7e, 0x2a, 0x63, 0xe9, 0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d, - 0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96, 0xab, 0x04, 0x85, 0x01, - 0x3e, 0xa9, 0x27, 0xc7, 0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40, - 0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c, 0x3a, 0xa1, 0xc7, 0x4f, - 0x85, 0x81, 0xc3, 0x48, 0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4, - 0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c, 0x5b, 0x44, 0x09, 0xb8, - 0xd0, 0x53, 0x1c, 0x04, 0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f, - 0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77, 0x5a, 0xde, 0xd9, 0x70, - 0xb5, 0x47, 0x18, 0x59, 0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f, - 0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96, 0x10, 0x19, 0xea, 0xae, - 0xa2, 0x37, 0x77, 0xd3, 0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20, - 0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea, 0x64, 0x14, 0xe5, 0x46, - 0xc3, 0xb2, 0x0b, 0xd5, 0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38, - 0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1, 0x00, 0xf8, 0xc5, 0xb3, - 0xd0, 0x3c, 0xa2, 0xc7, 0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26, - 0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6, 0x8c, 0xa5, 0x57, 0x0d, - 0xe6, 0x00, 0xcd, 0x09, 0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01, - 0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81, 0xa4, 0xf6, 0x81, 0x5d, - 0x37, 0x60, 0xb7, 0x64, 0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92, - 0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7, 0x7c, 0xcb, 0x89, 0x17, - 0xc9, 0x3a, 0x29, 0xd6, 0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6, - 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b, - 0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, - 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26, - 0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, - 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19, - 0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, - 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36, - 0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, - 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb, - 0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, - 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3, - 0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, - 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8, - 0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, - 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82, - 0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, - 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b, - 0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, - 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74, - 0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, - 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07, - 0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, - 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92, - 0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, - 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55, - 0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, - 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a, - 0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, - 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f, - 0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, - 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3, - 0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, - 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b, - 0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, - 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a, - 0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, - 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50, - 0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, - 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6, - 0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, - 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13, - 0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, - 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22, - 0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, - 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27, - 0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, - 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06, - 0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, - 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f, - 0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, - 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a, - 0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, - 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a, - 0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, - 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a, - 0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, - 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d, - 0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, - 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77, - 0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, - 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e, - 0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, - 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8, - 0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, - 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae, - 0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, - 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39, 0x50, 0xc8, 0xdd, 0x15, - 0x2a, 0x45, 0x31, 0xaa, 0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a, - 0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d, 0x79, 0xaf, 0xe4, 0xdd, - 0x4d, 0x1e, 0xee, 0x5a, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, - 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67, - 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f -}; static const uint8_t ml_kem_768_pubkey[] = { 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, @@ -2883,208 +2753,6 @@ static const uint8_t ml_kem_768_pubkey[] = { 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 }; -static const uint8_t ml_kem_768_prvkey[] = { - 0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61, 0x3a, 0xa1, 0xf9, 0x80, - 0x38, 0x0c, 0xb3, 0x6d, 0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a, - 0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c, 0x41, 0x42, 0x39, 0x66, - 0x2f, 0x68, 0xbd, 0x44, 0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89, - 0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57, 0x2f, 0x7b, 0x29, 0xa6, - 0xde, 0x12, 0x80, 0x14, 0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71, - 0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40, 0x33, 0x8d, 0x74, 0x35, - 0x16, 0x65, 0x9b, 0xd2, 0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58, - 0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3, 0x0d, 0x8f, 0xac, 0x24, - 0x3b, 0xd2, 0x24, 0x25, 0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90, - 0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45, 0x65, 0xf0, 0x19, 0x23, - 0x4f, 0xf0, 0x4b, 0x34, 0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72, - 0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c, 0x75, 0xac, 0x59, 0x00, - 0xda, 0xe8, 0x30, 0x0d, 0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc, - 0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b, 0x85, 0x18, 0xf1, 0x36, - 0xad, 0x15, 0xb9, 0xf7, 0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75, - 0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59, 0x82, 0x57, 0x53, 0x1b, - 0x2c, 0xfb, 0x6e, 0xe7, 0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83, - 0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda, 0x9e, 0x92, 0x92, 0x0b, - 0xfd, 0x9a, 0x06, 0x9e, 0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77, - 0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10, 0x7c, 0xf3, 0x5a, 0x43, - 0x4d, 0x69, 0xb0, 0x7e, 0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c, - 0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74, 0x7b, 0x28, 0x74, 0x7d, - 0x80, 0xeb, 0x9d, 0x6c, 0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9, - 0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9, 0xa6, 0x58, 0x53, 0x33, - 0x24, 0x86, 0x9c, 0x18, 0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5, - 0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24, 0x9c, 0xe4, 0x04, 0xb4, - 0x9c, 0x0a, 0x8c, 0x3e, 0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d, - 0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3, 0xa8, 0x2e, 0x70, 0x3b, - 0x74, 0xe5, 0xae, 0x61, 0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f, - 0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87, 0x86, 0x48, 0x6a, 0x72, - 0xe4, 0xf2, 0x4d, 0x2d, 0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba, - 0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9, 0x33, 0x07, 0xc0, 0xab, - 0x64, 0x63, 0x9a, 0xea, 0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71, - 0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2, 0xb8, 0x57, 0xfb, 0x88, - 0xf6, 0x00, 0xca, 0xa5, 0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28, - 0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18, 0x53, 0x70, 0x0b, 0x01, - 0xef, 0xf9, 0x45, 0x3f, 0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d, - 0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a, 0x82, 0x76, 0x51, 0x93, - 0xfd, 0xf8, 0x1b, 0x62, 0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42, - 0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec, 0x06, 0xce, 0x77, 0xa3, - 0xc6, 0x44, 0x93, 0xc1, 0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c, - 0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97, 0x1b, 0x2f, 0xfa, 0x93, - 0xb5, 0x2a, 0x46, 0x1e, 0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b, - 0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0, 0x73, 0x5e, 0xa8, 0xa1, - 0x4a, 0xa5, 0x9e, 0x8d, 0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74, - 0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23, 0x04, 0x73, 0x32, 0x3d, - 0x25, 0xc6, 0x6f, 0xe6, 0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21, - 0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b, 0x6b, 0x7b, 0x37, 0x87, - 0x69, 0xa6, 0xb4, 0x70, 0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b, - 0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8, 0xb5, 0xe5, 0x20, 0x1a, - 0xb2, 0x62, 0x74, 0xbb, 0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b, - 0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6, 0x00, 0x99, 0x55, 0x71, - 0xff, 0xc3, 0x8c, 0x59, 0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9, - 0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72, 0x38, 0xff, 0xc0, 0x70, - 0x61, 0xe4, 0x75, 0xd6, 0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3, - 0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3, 0x1d, 0x0a, 0xca, 0xcf, - 0xd5, 0x58, 0x90, 0xa5, 0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13, - 0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6, 0xca, 0x10, 0x26, 0x66, - 0x6a, 0xc6, 0xbc, 0x94, 0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7, - 0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78, 0x13, 0x6d, 0x1a, 0x05, - 0xdb, 0x38, 0xcc, 0x85, 0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2, - 0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11, 0x0d, 0x22, 0x78, 0x1d, - 0xc3, 0x05, 0x0d, 0x8c, 0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06, - 0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52, 0x71, 0xb2, 0x24, 0x86, - 0x75, 0x01, 0x19, 0x68, 0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0, - 0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81, 0xcf, 0x29, 0xc0, 0x12, - 0xc6, 0x62, 0x27, 0xb7, 0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62, - 0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67, 0x27, 0xab, 0xb8, 0x37, - 0x1f, 0xf2, 0xc1, 0x18, 0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16, - 0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3, 0x7d, 0x8f, 0x3b, 0x33, - 0x42, 0xe4, 0x49, 0x0a, 0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02, - 0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0, 0x41, 0x11, 0x48, 0x01, - 0x03, 0x2c, 0x51, 0x9f, 0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b, - 0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5, 0x8c, 0xb1, 0xdc, 0x14, - 0xb4, 0xa9, 0x6c, 0x47, 0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd, - 0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9, 0x5b, 0x3b, 0x4a, 0x4a, - 0x4a, 0x95, 0x8e, 0x47, 0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb, - 0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92, 0x0b, 0x57, 0x11, 0xac, - 0x1f, 0xcb, 0xaf, 0x4b, 0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76, - 0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3, 0xa9, 0xdc, 0x62, 0xc5, - 0xc1, 0x44, 0x52, 0x7a, 0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57, - 0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8, 0xbb, 0xbe, 0x9a, 0xbc, - 0x37, 0x05, 0x09, 0x31, 0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74, - 0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70, 0x1c, 0x8c, 0xc9, 0x8a, - 0x1d, 0x4c, 0xa1, 0x07, 0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0, - 0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22, 0x86, 0x37, 0xcc, 0x9e, - 0xb1, 0x2a, 0xcc, 0x09, 0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97, - 0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60, 0x9b, 0xb2, 0x8c, 0x11, - 0xd5, 0xfa, 0xc5, 0xca, 0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67, - 0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35, 0x4c, 0xd7, 0xa1, 0x96, - 0xdb, 0xd9, 0x80, 0x2f, 0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97, - 0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35, 0x2a, 0x20, 0x79, 0x1f, - 0xd8, 0xb8, 0x7f, 0xe3, 0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30, - 0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2, 0x58, 0x0d, 0x07, 0x1d, - 0x6c, 0x56, 0x20, 0x20, 0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93, - 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f, - 0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, - 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13, - 0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, - 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25, - 0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, - 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce, - 0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, - 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e, - 0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, - 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56, - 0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, - 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba, - 0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, - 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74, - 0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, - 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49, - 0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, - 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74, - 0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, - 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0, - 0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, - 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b, - 0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, - 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf, - 0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, - 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53, - 0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, - 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc, - 0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, - 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19, - 0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, - 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a, - 0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, - 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7, - 0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, - 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5, - 0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, - 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51, - 0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, - 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf, - 0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, - 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48, - 0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, - 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a, - 0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, - 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7, - 0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, - 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28, - 0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, - 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11, - 0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, - 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0, - 0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, - 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f, - 0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, - 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7, - 0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, - 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e, - 0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, - 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68, - 0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, - 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82, - 0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, - 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d, - 0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, - 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e, - 0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, - 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce, - 0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, - 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d, - 0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, - 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48, - 0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, - 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b, - 0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, - 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97, - 0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, - 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac, - 0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, - 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1, - 0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, - 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62, - 0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, - 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f, - 0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, - 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd, - 0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, - 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd, - 0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, - 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63, - 0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, - 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82, - 0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, - 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e, - 0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, - 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb, - 0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, - 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28, 0xf5, 0x72, 0x62, 0x66, - 0x13, 0x58, 0xcd, 0xe8, 0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b, - 0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52, 0x56, 0xb6, 0x8b, 0xbf, - 0x59, 0x43, 0xb1, 0x32, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, - 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67, - 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f -}; static const uint8_t ml_kem_1024_pubkey[] = { 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, @@ -3218,272 +2886,6 @@ static const uint8_t ml_kem_1024_pubkey[] = { 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb }; -static const uint8_t ml_kem_1024_prvkey[] = { - 0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88, 0x2a, 0xcd, 0xd5, 0xa4, - 0x78, 0x20, 0xa6, 0xa8, 0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77, - 0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47, 0x01, 0x49, 0x08, 0x30, - 0x38, 0x66, 0x37, 0xda, 0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f, - 0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b, 0x0c, 0xfd, 0x68, 0x0c, - 0x11, 0x48, 0x2f, 0x33, 0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a, - 0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75, 0x45, 0x98, 0x33, 0x43, - 0xcd, 0x82, 0x94, 0x14, 0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55, - 0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62, 0x95, 0x31, 0x31, 0xb6, - 0x3e, 0xe8, 0x32, 0xad, 0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49, - 0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b, 0x15, 0x98, 0x23, 0x73, - 0xae, 0x73, 0x2e, 0x04, 0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c, - 0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c, 0x85, 0x1d, 0xc9, 0x61, - 0x1f, 0x4b, 0xcf, 0x04, 0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b, - 0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8, 0x1d, 0xb7, 0xfc, 0xcd, - 0xdd, 0x9a, 0x32, 0x4b, 0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40, - 0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94, 0x01, 0x9c, 0x10, 0xbe, - 0x37, 0xa5, 0x3d, 0x5a, 0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f, - 0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71, 0xc9, 0xa1, 0xd2, 0x8a, - 0xed, 0x02, 0x59, 0x7a, 0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3, - 0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75, 0x87, 0x1a, 0x65, 0x27, - 0x5e, 0xb1, 0xc5, 0xb0, 0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf, - 0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9, 0x05, 0x62, 0x2b, 0x83, - 0xfc, 0x51, 0x39, 0x71, 0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67, - 0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab, 0x60, 0x57, 0x93, 0x6d, - 0x19, 0xa4, 0xa2, 0xa2, 0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f, - 0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04, 0x64, 0x2b, 0x0c, 0x20, - 0xda, 0x6c, 0xc0, 0xd9, 0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f, - 0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07, 0x49, 0xcb, 0xc0, 0xc9, - 0x05, 0xd7, 0xb1, 0xff, 0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a, - 0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78, 0x62, 0xe5, 0xf6, 0xba, - 0xc9, 0x87, 0x26, 0xe5, 0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a, - 0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac, 0x03, 0x82, 0x4c, 0x89, - 0x89, 0x7c, 0xb4, 0x90, 0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20, - 0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18, 0x4d, 0x78, 0x72, 0x1a, - 0xf8, 0x36, 0xad, 0x4d, 0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47, - 0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62, 0x75, 0x85, 0xc6, 0x4b, - 0xe3, 0x80, 0x9d, 0x7e, 0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f, - 0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40, 0x7d, 0x3a, 0x61, 0x9a, - 0xd0, 0x95, 0x43, 0xb7, 0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17, - 0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c, 0x7d, 0x0e, 0xd9, 0x4c, - 0xd5, 0x00, 0x47, 0x95, 0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87, - 0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28, 0x17, 0x29, 0x23, 0x24, - 0x96, 0x35, 0xaa, 0xd0, 0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e, - 0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90, 0x3e, 0x47, 0x10, 0x86, - 0xc5, 0xf1, 0x56, 0x7e, 0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25, - 0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42, 0x97, 0x25, 0x80, 0x99, - 0x50, 0x76, 0x1d, 0x84, 0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06, - 0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40, 0xa5, 0x57, 0x01, 0xc2, - 0x8f, 0xf8, 0x44, 0x99, 0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3, - 0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91, 0x39, 0x00, 0xd8, 0x6c, - 0x88, 0x12, 0x62, 0x52, 0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02, - 0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a, 0xaa, 0x9a, 0xf9, 0xbc, - 0x53, 0xd3, 0x72, 0x98, 0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c, - 0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39, 0x82, 0x3b, 0x04, 0x1b, - 0xd0, 0xe2, 0x58, 0x48, 0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5, - 0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c, 0x63, 0x2d, 0x67, 0x4e, - 0xae, 0x88, 0x5a, 0x01, 0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe, - 0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50, 0xc8, 0x6b, 0x21, 0xc3, - 0xc0, 0x90, 0x94, 0x1f, 0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e, - 0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72, 0xb9, 0x8c, 0xa0, 0xa1, - 0x58, 0x91, 0x9a, 0xdb, 0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e, - 0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81, 0x12, 0x32, 0x60, 0x7e, - 0x72, 0x17, 0xbb, 0x03, 0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59, - 0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43, 0x81, 0xbf, 0xd6, 0x27, - 0xa1, 0x05, 0x17, 0xf5, 0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71, - 0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56, 0x14, 0x02, 0x91, 0x97, - 0xe6, 0x58, 0x6f, 0xa8, 0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b, - 0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32, 0xca, 0xc8, 0x9b, 0x76, - 0xc4, 0x2a, 0x5e, 0xde, 0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5, - 0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22, 0x6e, 0xfa, 0xd1, 0x5f, - 0x2a, 0xc7, 0x37, 0x51, 0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22, - 0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab, 0x17, 0x7e, 0x90, 0x3e, - 0xad, 0x6b, 0x4a, 0xc4, 0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf, - 0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7, 0x2c, 0x7d, 0x0b, 0x88, - 0xae, 0xb0, 0xb0, 0x6f, 0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57, - 0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4, 0x3d, 0xff, 0x94, 0x26, - 0x05, 0xaa, 0x56, 0x04, 0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49, - 0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32, 0x7f, 0xee, 0x71, 0x3d, - 0x86, 0xf2, 0x9b, 0x3a, 0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6, - 0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0, 0x68, 0x62, 0x33, 0xc0, - 0xf3, 0xb1, 0xc3, 0x14, 0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99, - 0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec, 0x2c, 0xb6, 0x4a, 0x73, - 0x85, 0xa7, 0x61, 0xd6, 0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43, - 0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05, 0x45, 0x8e, 0x16, 0x20, - 0xf0, 0x29, 0x28, 0x97, 0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2, - 0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c, 0xbc, 0xaf, 0x04, 0x80, - 0x24, 0x16, 0xb3, 0x3c, 0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35, - 0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5, 0xc5, 0x03, 0x1a, 0xc3, - 0x66, 0x71, 0xa0, 0xd0, 0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40, - 0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b, 0x97, 0x1e, 0x30, 0x3f, - 0xa1, 0x37, 0xbe, 0x23, 0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57, - 0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96, 0xc1, 0xc3, 0x65, 0x30, - 0x3a, 0xd2, 0x5d, 0x49, 0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c, - 0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97, 0x91, 0x0f, 0x97, 0x35, - 0xd4, 0xea, 0x4e, 0x44, 0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad, - 0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a, 0x05, 0xd1, 0xb6, 0x16, - 0x7a, 0x26, 0x3e, 0x12, 0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30, - 0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5, 0xa4, 0x51, 0xbc, 0xaf, - 0xc7, 0x47, 0x88, 0xbe, 0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e, - 0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4, 0x9d, 0x13, 0x05, 0x3f, - 0x26, 0x26, 0xa6, 0x27, 0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb, - 0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91, 0x47, 0x2b, 0xa0, 0x05, - 0x1e, 0xf7, 0x41, 0x6e, 0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1, - 0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5, 0xa2, 0xb4, 0xe4, 0xa1, - 0x08, 0xa5, 0x10, 0x93, 0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71, - 0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6, 0x55, 0x7a, 0x40, 0x48, - 0xa5, 0x8a, 0x2c, 0xd7, 0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75, - 0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34, 0x82, 0xdc, 0x13, 0x64, - 0x14, 0x04, 0x8c, 0x11, 0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1, - 0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3, 0x38, 0xdc, 0x21, 0x53, - 0x8a, 0xf3, 0x61, 0x49, 0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5, - 0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b, 0x7f, 0xe3, 0xa1, 0x40, - 0x8a, 0x25, 0x47, 0xe2, 0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2, - 0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3, 0x3e, 0xbd, 0xcb, 0x26, - 0x24, 0xb7, 0x9d, 0x87, 0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f, - 0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c, 0x60, 0x45, 0xca, 0x32, - 0x9f, 0xea, 0x4a, 0x50, 0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6, - 0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb, 0x0d, 0x02, 0x57, 0x65, - 0x08, 0x19, 0x01, 0x8d, 0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40, - 0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1, 0xb6, 0xa4, 0xd3, 0x2f, - 0x76, 0xe5, 0xcc, 0x4d, 0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67, - 0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99, 0x81, 0x58, 0x9a, 0x34, - 0x18, 0x97, 0x68, 0x7b, 0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68, - 0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12, 0x41, 0x33, 0x15, 0xcc, - 0xf4, 0x9b, 0x99, 0x98, 0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6, - 0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3, 0xa7, 0x57, 0x34, 0x69, - 0x90, 0xcc, 0x32, 0xb0, 0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39, - 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58, - 0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, - 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18, - 0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, - 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33, - 0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, - 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45, - 0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, - 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45, - 0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, - 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06, - 0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, - 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d, - 0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, - 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97, - 0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, - 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80, - 0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, - 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d, - 0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, - 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7, - 0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, - 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7, - 0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, - 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc, - 0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, - 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39, - 0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, - 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5, - 0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, - 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89, - 0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, - 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1, - 0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, - 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca, - 0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, - 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b, - 0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, - 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50, - 0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, - 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86, - 0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, - 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c, - 0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, - 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44, - 0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, - 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f, - 0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, - 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65, - 0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, - 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7, - 0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, - 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d, - 0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, - 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e, - 0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, - 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94, - 0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, - 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d, - 0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, - 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f, - 0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, - 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e, - 0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, - 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b, - 0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, - 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe, - 0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, - 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98, - 0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, - 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f, - 0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, - 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4, - 0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, - 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0, - 0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, - 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a, - 0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, - 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a, - 0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, - 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24, - 0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, - 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f, - 0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, - 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33, - 0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, - 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89, - 0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, - 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32, - 0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, - 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37, - 0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, - 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84, - 0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, - 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50, - 0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, - 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25, - 0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, - 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6, - 0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, - 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e, - 0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, - 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b, - 0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, - 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf, - 0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, - 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2, - 0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, - 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03, - 0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, - 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66, - 0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, - 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55, - 0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, - 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e, - 0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, - 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76, - 0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, - 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a, - 0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, - 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86, - 0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, - 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44, - 0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, - 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34, - 0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, - 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d, - 0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, - 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf, - 0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, - 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb, 0xeb, 0xbe, 0x41, 0xcd, - 0x4d, 0xea, 0x48, 0x9d, 0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54, - 0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64, 0xd5, 0x89, 0x2a, 0xd0, - 0x2b, 0x13, 0xf2, 0xe5, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, - 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67, - 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f -}; #endif static struct keys_st { @@ -3544,14 +2946,14 @@ static struct keys_st { #endif #ifndef OPENSSL_NO_ML_KEM { - NID_undef, ml_kem_512_prvkey, ml_kem_512_pubkey, - "ML-KEM-512", sizeof(ml_kem_512_prvkey), sizeof(ml_kem_512_pubkey) + NID_undef, ml_kem_prvkey, ml_kem_512_pubkey, + "ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey) }, { - NID_undef, ml_kem_768_prvkey, ml_kem_768_pubkey, - "ML-KEM-768", sizeof(ml_kem_768_prvkey), sizeof(ml_kem_768_pubkey) + NID_undef, ml_kem_prvkey, ml_kem_768_pubkey, + "ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey) }, { - NID_undef, ml_kem_1024_prvkey, ml_kem_1024_pubkey, - "ML-KEM-1024", sizeof(ml_kem_1024_prvkey), sizeof(ml_kem_1024_pubkey) + NID_undef, ml_kem_prvkey, ml_kem_1024_pubkey, + "ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey) }, #endif }; diff --git a/test/evp_test.c b/test/evp_test.c index 56ae79cd719..05040884066 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -4379,17 +4379,14 @@ static int keygen_test_run(EVP_TEST *t) private_keys = key; rv = 1; } else if (keygen->seed != NULL) { + const char *prvparam = OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY; rv = 0; - if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_PRIV_KEY, - NULL, 0, &priv_len), 1) + if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, prvparam, NULL, + 0, &priv_len), 1) || !TEST_ptr(enc_priv_key = OPENSSL_zalloc(priv_len)) - || !TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_PRIV_KEY, + || !TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, prvparam, enc_priv_key, - priv_len, - NULL), - 1)) + priv_len, NULL), 1)) goto err; if (!TEST_size_t_gt((pub_len = EVP_PKEY_get1_encoded_public_key(pkey, diff --git a/test/ml_kem_evp_extra_test.c b/test/ml_kem_evp_extra_test.c index 1ffeb6fc209..f55e1cf48e1 100644 --- a/test/ml_kem_evp_extra_test.c +++ b/test/ml_kem_evp_extra_test.c @@ -217,7 +217,7 @@ static int test_ml_kem(void) static int test_non_derandomised_ml_kem(void) { - static const char *alg[3] = { "ML-KEM-512", "ML-KEM-768", "ML-KEM-1024" }; + static const int alg[3] = { NID_ML_KEM_512, NID_ML_KEM_768, NID_ML_KEM_1024 }; EVP_RAND_CTX *privctx; EVP_RAND_CTX *pubctx; EVP_MD *sha256; @@ -230,7 +230,7 @@ static int test_non_derandomised_ml_kem(void) if (!TEST_ptr(sha256 = EVP_MD_fetch(NULL, "sha256", NULL))) return 0; - for (i = ML_KEM_512_VARIANT; i < ML_KEM_1024_VARIANT; ++i) { + for (i = 0; i < (int) OSSL_NELEM(alg); ++i) { const ML_KEM_VINFO *v; OSSL_PARAM params[3], *p; uint8_t hash[32]; @@ -244,6 +244,9 @@ static int test_non_derandomised_ml_kem(void) unsigned char c; int res = -1; + if ((v = ossl_ml_kem_get_vinfo(alg[i])) == NULL) + goto done; + /* Configure the private RNG to output just the keygen seed */ p = params; *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, @@ -255,13 +258,10 @@ static int test_non_derandomised_ml_kem(void) res = -2; /* Generate Alice's key */ - akey = EVP_PKEY_Q_keygen(testctx, NULL, alg[i]); + akey = EVP_PKEY_Q_keygen(testctx, NULL, v->algorithm_name); if (!TEST_ptr(akey)) goto done; - if ((v = ossl_ml_kem_get_vinfo(i)) == NULL) - goto done; - /* Check that no more entropy is available! */ if (!TEST_int_le(RAND_priv_bytes(&c, 1), 0)) goto done; diff --git a/test/ml_kem_internal_test.c b/test/ml_kem_internal_test.c index 54440313527..0f847a12d40 100644 --- a/test/ml_kem_internal_test.c +++ b/test/ml_kem_internal_test.c @@ -92,6 +92,7 @@ static uint8_t ml_kem_expected_shared_secret[3][32] = { static int sanity_test(void) { + static const int alg[3] = { NID_ML_KEM_512, NID_ML_KEM_768, NID_ML_KEM_1024 }; EVP_RAND_CTX *privctx; EVP_RAND_CTX *pubctx; EVP_MD *sha256 = EVP_MD_fetch(NULL, "sha256", NULL); @@ -107,7 +108,7 @@ static int sanity_test(void) decap_entropy = ml_kem_public_entropy + ML_KEM_RANDOM_BYTES; - for (i = ML_KEM_512_VARIANT; i < ML_KEM_1024_VARIANT; ++i) { + for (i = 0; i < (int) OSSL_NELEM(alg); ++i) { OSSL_PARAM params[3]; uint8_t hash[32]; uint8_t shared_secret[ML_KEM_SHARED_SECRET_BYTES]; @@ -132,8 +133,8 @@ static int sanity_test(void) if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))) return 0; - public_key = ossl_ml_kem_key_new(NULL, NULL, i); - private_key = ossl_ml_kem_key_new(NULL, NULL, i); + public_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); + private_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); if (private_key == NULL || public_key == NULL || (v = ossl_ml_kem_key_vinfo(public_key)) == NULL) goto done; diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index 92813dea038..3918d80d770 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -299,6 +299,7 @@ my %params = ( 'PKEY_PARAM_MGF1_DIGEST' => "mgf1-digest", 'PKEY_PARAM_MGF1_PROPERTIES' => "mgf1-properties", 'PKEY_PARAM_ENCODED_PUBLIC_KEY' => "encoded-pub-key", + 'PKEY_PARAM_ENCODED_PRIVATE_KEY' => "encoded-priv-key", 'PKEY_PARAM_GROUP_NAME' => "group", 'PKEY_PARAM_DIST_ID' => "distid", 'PKEY_PARAM_PUB_KEY' => "pub",