[SP 800-90B]:
<https://csrc.nist.gov/pubs/sp/800/90/b/final>
+[jitterentropy-library]:
+ <https://github.com/smuellerDD/jitterentropy-library>
+
[FIPS 205]:
<https://csrc.nist.gov/pubs/fips/205/final>
* The non compressed versions of the ADRS functions use 32 bytes
* This is only used by SHAKE.
*/
-static void slh_adrs_set_layer_address(SLH_ADRS adrs, uint32_t layer)
+static void slh_adrs_set_layer_address(uint8_t *adrs, uint32_t layer)
{
OPENSSL_store_u32_be(adrs + SLH_ADRS_OFF_LAYER_ADR, layer);
}
-static void slh_adrs_set_tree_address(SLH_ADRS adrs, uint64_t address)
+static void slh_adrs_set_tree_address(uint8_t *adrs, uint64_t address)
{
/*
* There are 12 bytes reserved for this - but the largest number
*/
OPENSSL_store_u64_be(adrs + SLH_ADRS_OFF_TREE_ADR + 4, address);
}
-static void slh_adrs_set_type_and_clear(SLH_ADRS adrs, uint32_t type)
+static void slh_adrs_set_type_and_clear(uint8_t *adrs, uint32_t type)
{
OPENSSL_store_u32_be(adrs + SLH_ADRS_OFF_TYPE, type);
memset(adrs + SLH_ADRS_OFF_TYPE + SLH_ADRS_SIZE_TYPE, 0, SLH_ADRS_SIZE_TYPECLEAR);
}
-static void slh_adrs_set_keypair_address(SLH_ADRS adrs, uint32_t in)
+static void slh_adrs_set_keypair_address(uint8_t *adrs, uint32_t in)
{
OPENSSL_store_u32_be(adrs + SLH_ADRS_OFF_KEYPAIR_ADDR, in);
}
-static void slh_adrs_copy_keypair_address(SLH_ADRS dst, const SLH_ADRS src)
+static void slh_adrs_copy_keypair_address(uint8_t *dst, const uint8_t *src)
{
memcpy(dst + SLH_ADRS_OFF_KEYPAIR_ADDR, src + SLH_ADRS_OFF_KEYPAIR_ADDR,
SLH_ADRS_SIZE_KEYPAIR_ADDR);
}
-static void slh_adrs_set_chain_address(SLH_ADRS adrs, uint32_t in)
+static void slh_adrs_set_chain_address(uint8_t *adrs, uint32_t in)
{
OPENSSL_store_u32_be(adrs + SLH_ADRS_OFF_CHAIN_ADDR, in);
}
-static void slh_adrs_set_hash_address(SLH_ADRS adrs, uint32_t in)
+static void slh_adrs_set_hash_address(uint8_t *adrs, uint32_t in)
{
OPENSSL_store_u32_be(adrs + SLH_ADRS_OFF_HASH_ADDR, in);
}
-static void slh_adrs_zero(SLH_ADRS adrs)
+static void slh_adrs_zero(uint8_t *adrs)
{
memset(adrs, 0, SLH_ADRS_SIZE);
}
-static void slh_adrs_copy(SLH_ADRS dst, const SLH_ADRS src)
+static void slh_adrs_copy(uint8_t *dst, const uint8_t *src)
{
memcpy(dst, src, SLH_ADRS_SIZE);
}
/* Compressed versions of ADRS functions See Table 3 */
-static void slh_adrsc_set_layer_address(SLH_ADRS adrsc, uint32_t layer)
+static void slh_adrsc_set_layer_address(uint8_t *adrsc, uint32_t layer)
{
adrsc[SLH_ADRSC_OFF_LAYER_ADR] = (uint8_t)layer;
}
-static void slh_adrsc_set_tree_address(SLH_ADRS adrsc, uint64_t in)
+static void slh_adrsc_set_tree_address(uint8_t *adrsc, uint64_t in)
{
OPENSSL_store_u64_be(adrsc + SLH_ADRSC_OFF_TREE_ADR, in);
}
-static void slh_adrsc_set_type_and_clear(SLH_ADRS adrsc, uint32_t type)
+static void slh_adrsc_set_type_and_clear(uint8_t *adrsc, uint32_t type)
{
adrsc[SLH_ADRSC_OFF_TYPE] = (uint8_t)type;
memset(adrsc + SLH_ADRSC_OFF_TYPE + SLH_ADRSC_SIZE_TYPE, 0, SLH_ADRSC_SIZE_TYPECLEAR);
}
-static void slh_adrsc_set_keypair_address(SLH_ADRS adrsc, uint32_t in)
+static void slh_adrsc_set_keypair_address(uint8_t *adrsc, uint32_t in)
{
OPENSSL_store_u32_be(adrsc + SLH_ADRSC_OFF_KEYPAIR_ADDR, in);
}
-static void slh_adrsc_copy_keypair_address(SLH_ADRS dst, const SLH_ADRS src)
+static void slh_adrsc_copy_keypair_address(uint8_t *dst, const uint8_t *src)
{
memcpy(dst + SLH_ADRSC_OFF_KEYPAIR_ADDR, src + SLH_ADRSC_OFF_KEYPAIR_ADDR,
SLH_ADRSC_SIZE_KEYPAIR_ADDR);
}
-static void slh_adrsc_set_chain_address(SLH_ADRS adrsc, uint32_t in)
+static void slh_adrsc_set_chain_address(uint8_t *adrsc, uint32_t in)
{
OPENSSL_store_u32_be(adrsc + SLH_ADRSC_OFF_CHAIN_ADDR, in);
}
-static void slh_adrsc_set_hash_address(SLH_ADRS adrsc, uint32_t in)
+static void slh_adrsc_set_hash_address(uint8_t *adrsc, uint32_t in)
{
OPENSSL_store_u32_be(adrsc + SLH_ADRSC_OFF_HASH_ADDR, in);
}
-static void slh_adrsc_zero(SLH_ADRS adrsc)
+static void slh_adrsc_zero(uint8_t *adrsc)
{
memset(adrsc, 0, SLH_ADRSC_SIZE);
}
-static void slh_adrsc_copy(SLH_ADRS dst, const SLH_ADRS src)
+static void slh_adrsc_copy(uint8_t *dst, const uint8_t *src)
{
memcpy(dst, src, SLH_ADRSC_SIZE);
}
#define SLH_ADRS_TYPE_WOTS_PRF 5
#define SLH_ADRS_TYPE_FORS_PRF 6
-typedef uint8_t *SLH_ADRS;
-
#define SLH_ADRS_DECLARE(a) uint8_t a[SLH_ADRS_SIZE_MAX]
#define SLH_ADRS_FUNC_DECLARE(ctx, adrsf) \
const SLH_ADRS_FUNC *adrsf = ctx->adrs_func
#define SLH_ADRS_FN_DECLARE(adrsf, t) OSSL_SLH_ADRS_FUNC_##t *t = adrsf->t
-typedef void (OSSL_SLH_ADRS_FUNC_zero)(SLH_ADRS adrs);
-typedef void (OSSL_SLH_ADRS_FUNC_copy)(SLH_ADRS dst, const SLH_ADRS src);
-typedef void (OSSL_SLH_ADRS_FUNC_copy_keypair_address)(SLH_ADRS dst, const SLH_ADRS src);
+typedef void (OSSL_SLH_ADRS_FUNC_zero)(uint8_t *adrs);
+typedef void (OSSL_SLH_ADRS_FUNC_copy)(uint8_t *dst, const uint8_t *src);
+typedef void (OSSL_SLH_ADRS_FUNC_copy_keypair_address)(uint8_t *dst, const uint8_t *src);
/*
* Note that the tree address is actually 12 bytes in uncompressed format,
* but we only use 8 bytes
*/
-typedef void (OSSL_SLH_ADRS_FUNC_set_tree_address)(SLH_ADRS adrs, uint64_t in);
-typedef void (OSSL_SLH_ADRS_FUNC_set_layer_address)(SLH_ADRS adrs, uint32_t layer);
-typedef void (OSSL_SLH_ADRS_FUNC_set_type_and_clear)(SLH_ADRS adrs, uint32_t type);
-typedef void (OSSL_SLH_ADRS_FUNC_set_keypair_address)(SLH_ADRS adrs, uint32_t in);
-typedef void (OSSL_SLH_ADRS_FUNC_set_chain_address)(SLH_ADRS adrs, uint32_t in);
-typedef void (OSSL_SLH_ADRS_FUNC_set_tree_height)(SLH_ADRS adrs, uint32_t in);
-typedef void (OSSL_SLH_ADRS_FUNC_set_hash_address)(SLH_ADRS adrs, uint32_t in);
-typedef void (OSSL_SLH_ADRS_FUNC_set_tree_index)(SLH_ADRS adrs, uint32_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_tree_address)(uint8_t *adrs, uint64_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_layer_address)(uint8_t *adrs, uint32_t layer);
+typedef void (OSSL_SLH_ADRS_FUNC_set_type_and_clear)(uint8_t *adrs, uint32_t type);
+typedef void (OSSL_SLH_ADRS_FUNC_set_keypair_address)(uint8_t *adrs, uint32_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_chain_address)(uint8_t *adrs, uint32_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_tree_height)(uint8_t *adrs, uint32_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_hash_address)(uint8_t *adrs, uint32_t in);
+typedef void (OSSL_SLH_ADRS_FUNC_set_tree_index)(uint8_t *adrs, uint32_t in);
typedef struct slh_adrs_func_st {
OSSL_SLH_ADRS_FUNC_set_layer_address *set_layer_address;
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <stddef.h>
#include <string.h>
#include <openssl/err.h>
SLH_HASH_FUNC_DECLARE(priv, hashf);
SLH_ADRS_FUNC_DECLARE(priv, adrsf);
- if (sig_len != NULL)
+ if (sig == NULL) {
*sig_len = sig_len_expected;
+ return 1;
+ }
- if (sig == NULL)
- return (sig_len != NULL);
-
- if (sig_size < sig_len_expected)
+ if (sig_size < sig_len_expected) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE,
+ "is %zu, should be at least %zu", sig_size, sig_len_expected);
return 0;
+ }
/* Exit if private key is not set */
if (priv->has_priv == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
/* Generate ht signature and append to the SLH-DSA signature */
&& ossl_slh_ht_sign(hctx, pk_fors, sk_seed, pk_seed, tree_id, leaf_id,
wpkt);
+ *sig_len = sig_len_expected;
ret = 1;
err:
if (!WPACKET_finish(wpkt))
return ret;
}
-/* See FIPS 205 Algorithm 2 toInt(X, n) */
+/*
+ * See FIPS 205 Algorithm 2 toInt(X, n)
+ * OPENSSL_load_u64_be() cant be used here as the |in_len| may be < 8
+ */
static uint64_t bytes_to_u64_be(const uint8_t *in, size_t in_len)
{
* when X = 54 it would be A & (0x3F_FFFF_FFFF_FFFF)
* i.e. A & (0xFFFF_FFFF_FFFF_FFFF >> (64 - X))
*/
- tree_id_mask = ((uint64_t)-1) >> (64 - (params->h - params->hm));
+ tree_id_mask = (~(uint64_t)0) >> (64 - (params->h - params->hm));
leaf_id_mask = (1 << params->hm) - 1; /* max value is 0x1FF when hm = 9 */
*tree_id = bytes_to_u64_be(tree_id_bytes, tree_id_len) & tree_id_mask;
*leaf_id = (uint32_t)(bytes_to_u64_be(leaf_id_bytes, leaf_id_len) & leaf_id_mask);
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <string.h>
+#include <openssl/err.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/rand.h>
+#include <openssl/proverr.h>
#include "slh_dsa_local.h"
#include "slh_dsa_key.h"
#include "internal/encoder.h"
return 1;
}
+#ifndef FIPS_MODULE
int ossl_slh_dsa_key_to_text(BIO *out, const SLH_DSA_KEY *key, int selection)
{
const char *name;
return 1;
}
+#endif /* FIPS_MODULE */
#define SLH_WOTS_LEN(n) (2 * (n) + 3)
/*
- * FIPS 205 SLH_DSA algorithms have many different parameters which includes
+ * FIPS 205 SLH-DSA algorithms have many different parameters which includes
* the following constants that are stored into a |key|:
* - A set of constants (Section 11. contains 12 parameter sets)
* such as tree heights and security parameters associated with a algorithm
};
__owur int ossl_slh_wots_pk_gen(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_seed,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len);
__owur int ossl_slh_wots_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
const uint8_t *sk_seed, const uint8_t *pk_seed,
- SLH_ADRS adrs, WPACKET *sig_wpkt);
+ uint8_t *adrs, WPACKET *sig_wpkt);
__owur int ossl_slh_wots_pk_from_sig(SLH_DSA_HASH_CTX *ctx,
PACKET *sig_rpkt, const uint8_t *msg,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len);
__owur int ossl_slh_xmss_node(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_seed,
uint32_t node_id, uint32_t height,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len);
__owur int ossl_slh_xmss_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
const uint8_t *sk_seed, uint32_t node_id,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
WPACKET *sig_wpkt);
__owur int ossl_slh_xmss_pk_from_sig(SLH_DSA_HASH_CTX *ctx, uint32_t node_id,
PACKET *sig_rpkt, const uint8_t *msg,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len);
__owur int ossl_slh_ht_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
__owur int ossl_slh_fors_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *md,
const uint8_t *sk_seed, const uint8_t *pk_seed,
- SLH_ADRS adrs, WPACKET *sig_wpkt);
+ uint8_t *adrs, WPACKET *sig_wpkt);
__owur int ossl_slh_fors_pk_from_sig(SLH_DSA_HASH_CTX *ctx, PACKET *sig_rpkt,
const uint8_t *md, const uint8_t *pk_seed,
- SLH_ADRS adrs,
+ uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len);
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <string.h>
#include <openssl/crypto.h>
#include "slh_dsa_local.h"
* @returns 1 on success, or 0 on error.
*/
static int slh_fors_sk_gen(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_seed,
- const uint8_t *pk_seed, SLH_ADRS adrs, uint32_t id,
+ const uint8_t *pk_seed, uint8_t *adrs, uint32_t id,
uint8_t *pk_out, size_t pk_out_len)
{
const SLH_DSA_KEY *key = ctx->key;
* @returns 1 on success, or 0 on error.
*/
static int slh_fors_node(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_seed,
- const uint8_t *pk_seed, SLH_ADRS adrs, uint32_t node_id,
+ const uint8_t *pk_seed, uint8_t *adrs, uint32_t node_id,
uint32_t height, uint8_t *node, size_t node_len)
{
int ret = 0;
*/
int ossl_slh_fors_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *md,
const uint8_t *sk_seed, const uint8_t *pk_seed,
- SLH_ADRS adrs, WPACKET *sig_wpkt)
+ uint8_t *adrs, WPACKET *sig_wpkt)
{
const SLH_DSA_KEY *key = ctx->key;
uint32_t tree_id, layer, s, tree_offset;
/*
* Traverse from the bottom of the tree (layer = 0)
* up to the root (layer = a - 1).
- * TODO - This is a really inefficient way of doing this, since at
+ * NOTE: This is a really inefficient way of doing this, since at
* layer a - 1 it calculates most of the hashes of the entire tree as
* well as all the leaf nodes. So it is calculating nodes multiple times.
*/
*/
int ossl_slh_fors_pk_from_sig(SLH_DSA_HASH_CTX *ctx, PACKET *fors_sig_rpkt,
const uint8_t *md, const uint8_t *pk_seed,
- SLH_ADRS adrs, uint8_t *pk_out, size_t pk_out_len)
+ uint8_t *adrs, uint8_t *pk_out, size_t pk_out_len)
{
const SLH_DSA_KEY *key = ctx->key;
int ret = 0;
#include "internal/deprecated.h" /* PKCS1_MGF1() */
-#include <assert.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/core_names.h>
static int
slh_prf_shake(SLH_DSA_HASH_CTX *ctx,
const uint8_t *pk_seed, const uint8_t *sk_seed,
- const SLH_ADRS adrs, uint8_t *out, size_t out_len)
+ const uint8_t *adrs, uint8_t *out, size_t out_len)
{
const SLH_DSA_PARAMS *params = ctx->key->params;
size_t n = params->n;
}
static int
-slh_f_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_f_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *m1, size_t m1_len, uint8_t *out, size_t out_len)
{
const SLH_DSA_PARAMS *params = ctx->key->params;
}
static int
-slh_h_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_h_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *m1, const uint8_t *m2, uint8_t *out, size_t out_len)
{
const SLH_DSA_PARAMS *params = ctx->key->params;
}
static int
-slh_t_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_t_shake(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *ml, size_t ml_len, uint8_t *out, size_t out_len)
{
const SLH_DSA_PARAMS *params = ctx->key->params;
int sz = EVP_MD_get_size(hctx->key->md_big);
size_t seed_len = (size_t)sz + 2 * n;
- assert(m <= out_len);
- assert(sz > 0);
- assert(seed_len <= sizeof(seed));
-
memcpy(seed, r, n);
memcpy(seed + n, pk_seed, n);
return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len,
}
static ossl_inline int
-do_hash(EVP_MD_CTX *ctx, size_t n, const uint8_t *pk_seed, const SLH_ADRS adrs,
+do_hash(EVP_MD_CTX *ctx, size_t n, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *m, size_t m_len, size_t b, uint8_t *out, size_t out_len)
{
int ret;
uint8_t zeros[128] = { 0 };
uint8_t digest[MAX_DIGEST_SIZE];
- assert(n <= out_len);
- assert(b - n < sizeof(zeros));
-
ret = digest_4(ctx, pk_seed, n, zeros, b - n, adrs, SLH_ADRSC_SIZE,
m, m_len, digest);
/* Truncated returned value is n = 16 bytes */
static int
slh_prf_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed,
- const uint8_t *sk_seed, const SLH_ADRS adrs,
+ const uint8_t *sk_seed, const uint8_t *adrs,
uint8_t *out, size_t out_len)
{
size_t n = hctx->key->params->n;
}
static int
-slh_f_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_f_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *m1, size_t m1_len, uint8_t *out, size_t out_len)
{
return do_hash(hctx->md_ctx, hctx->key->params->n, pk_seed, adrs, m1, m1_len,
}
static int
-slh_h_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_h_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *m1, const uint8_t *m2, uint8_t *out, size_t out_len)
{
uint8_t m[SLH_MAX_N * 2];
}
static int
-slh_t_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const SLH_ADRS adrs,
+slh_t_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *pk_seed, const uint8_t *adrs,
const uint8_t *ml, size_t ml_len, uint8_t *out, size_t out_len)
{
const SLH_DSA_PARAMS *prms = hctx->key->params;
uint8_t *out, size_t out_len);
typedef int (OSSL_SLH_HASHFUNC_PRF)(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed,
- const uint8_t *sk_seed, const SLH_ADRS adrs,
+ const uint8_t *sk_seed, const uint8_t *adrs,
uint8_t *out, size_t out_len);
typedef int (OSSL_SLH_HASHFUNC_PRF_MSG)(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_prf,
WPACKET *pkt);
typedef int (OSSL_SLH_HASHFUNC_F)(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed,
- const SLH_ADRS adrs,
+ const uint8_t *adrs,
const uint8_t *m1, size_t m1_len,
uint8_t *out, size_t out_len);
typedef int (OSSL_SLH_HASHFUNC_H)(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed,
- const SLH_ADRS adrs,
+ const uint8_t *adrs,
const uint8_t *m1, const uint8_t *m2,
uint8_t *out, size_t out_len);
typedef int (OSSL_SLH_HASHFUNC_T)(SLH_DSA_HASH_CTX *ctx, const uint8_t *pk_seed,
- const SLH_ADRS adrs,
+ const uint8_t *adrs,
const uint8_t *m1, size_t m1_len,
uint8_t *out, size_t out_len);
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <string.h>
#include "slh_dsa_local.h"
#include "slh_dsa_key.h"
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <string.h>
#include <openssl/crypto.h>
#include "slh_dsa_local.h"
*/
int ossl_slh_wots_pk_gen(SLH_DSA_HASH_CTX *ctx,
const uint8_t *sk_seed, const uint8_t *pk_seed,
- SLH_ADRS adrs, uint8_t *pk_out, size_t pk_out_len)
+ uint8_t *adrs, uint8_t *pk_out, size_t pk_out_len)
{
int ret = 0;
const SLH_DSA_KEY *key = ctx->key;
*/
int ossl_slh_wots_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
const uint8_t *sk_seed, const uint8_t *pk_seed,
- SLH_ADRS adrs, WPACKET *sig_wpkt)
+ uint8_t *adrs, WPACKET *sig_wpkt)
{
int ret = 0;
const SLH_DSA_KEY *key = ctx->key;
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <string.h>
#include "slh_dsa_local.h"
#include "slh_dsa_key.h"
*/
int ossl_slh_xmss_node(SLH_DSA_HASH_CTX *ctx, const uint8_t *sk_seed,
uint32_t node_id, uint32_t h,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len)
{
const SLH_DSA_KEY *key = ctx->key;
*/
int ossl_slh_xmss_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *msg,
const uint8_t *sk_seed, uint32_t node_id,
- const uint8_t *pk_seed, SLH_ADRS adrs, WPACKET *sig_wpkt)
+ const uint8_t *pk_seed, uint8_t *adrs, WPACKET *sig_wpkt)
{
const SLH_DSA_KEY *key = ctx->key;
SLH_ADRS_FUNC_DECLARE(key, adrsf);
*/
int ossl_slh_xmss_pk_from_sig(SLH_DSA_HASH_CTX *ctx, uint32_t node_id,
PACKET *sig_rpkt, const uint8_t *msg,
- const uint8_t *pk_seed, SLH_ADRS adrs,
+ const uint8_t *pk_seed, uint8_t *adrs,
uint8_t *pk_out, size_t pk_out_len)
{
const SLH_DSA_KEY *key = ctx->key;
There are 7 hash functions used. The algorithms using SHAKE have a much simpler
set of 7 functions as they just use SHAKE-256 XOF (Even for the SHAKE-128 names).
-The SHA2 algorithms are much more complex and require HMAC, MGF1, and well as digests.
+The SHA2 algorithms are much more complex and require HMAC, MGF1, as well as digests.
There are 2 sets of functions for the SHA2 case.
Some of the hash functions use an ADRS object. This is 32 bytes for SHAKE algorithms
A SLH_DSA_HASH_CTX object is also created, that references the key, as well as
containing per operation hash context objects.
This SLH_DSA_HASH_CTX is then passed to all functions. This context is allocated in the
-providers SLH_DSA signature context.
+provider's SLH_DSA signature context.
SLH-DSA keys
------------
-SLH-DSA keys have 2 elements of size n for both the public and private keys.
+SLH-DSA keys have 2 elements of size `n` for both the public and private keys.
Since different algorithms have different key sizes, buffers of the maximum size
will be used to hold the keys (since the keys are only a maximum of 64 bytes each)
...
};
-The fields 'key_len' and 'has_priv' are used to determine if a key has loaded
+The fields `key_len` and `has_priv` are used to determine if a key has loaded
the public and private key elements.
-The 'params' field is the parameter set which is resolved via the algorithm name.
+The `params` field is the parameter set which is resolved via the algorithm name.
In FIPS 205 the SLH_DSA private key contains the public key.
In OpenSSL these components are stored separately, so there must always be a
The normal signing process (called Pure SLH-DSA Signature Generation)
encodes the message internally as 0x00 || len(ctx) || ctx || message.
-where B<ctx> is some optional value of size 0x00..0xFF.
+where `ctx` is some optional value of size 0x00..0xFF.
ACVP Testing requires the ability for the message to not be encoded also. This
will be controlled by settable parameters.
Pre Hash SLH-DSA Signature Generation encode the message as
+
+```c
0x01 || len(ctx) || ctx || digest_OID || H(message).
+```
+
The scenario that is stated that this is useful for is when this encoded message
is supplied from an external source.
-Currently I do not support the Pre Hash variant as this does not sit well with the
-OpenSSL API's. The user could do the encoding themselves and then set the settable
-to not encode the passed in message.
+Currently we do not support the Pre Hash variant as this does not sit well with the
+OpenSSL API's.
Signing API
-------------
-As only the one shot implementation is required and the message is not digested
+As only the one-shot implementation is required and the message is not digested
the API's used should be
EVP_PKEY_sign_message_init(), EVP_PKEY_sign(),
Buffers
-------
-There are many functions pass buffers of size |n| Where n is one of 16,24,32
+There are many functions pass buffers of size `n` Where n is one of 16,24,32
depending on the algorithm name. These are used for key elements and hashes, so
PACKETS are not used for these.
Constant Time Considerations
----------------------------
-As the security of SLH-DSA depends only on hash functions, I do not foresee
+As the security of SLH-DSA depends only on hash functions, we do not foresee
there being any constant time issues. Some if statements have been added to
detect failures in hash operations, and these errors are propagated all the way
up the function call stack. These errors should not happen in general so should
Each of the different key types has an associated security parameter B<n>.
This value is one of 16, 24 or 32 for key types B<SLH-DSA*128*>, B<SLH-DSA*192*>
-and B<SLH-DSA*256*> respectively.
+and B<SLH-DSA*256*>, respectively.
Both the public and private key contain 2 elements of size B<n>.
Key generation generates the private key elements and one of the public key
=head2 Common SLH-DSA parameters
In addition to the common parameters that all keytypes should support (see
-L<provider-keymgmt(7)/Common parameters>), the implementation of these key types
-support the following.
+L<provider-keymgmt(7)/Common Information Parameters>), the implementation of
+these key types support the following.
The following parameters are gettable using EVP_PKEY_get_octet_string_param(),
and settable when using EVP_PKEY_fromdata().
The different algorithms names correspond to the parameter sets defined in
FIPS 205 Section 11 Table 2.
-'s' types have smaller signature sizes, and the 'f' variants are faster,
+C<s> types have smaller signature sizes, and the C<f> variants are faster,
(The signatures range from ~8K to ~50K depending on the type chosen). There are
3 different security categories also depending on the type.
L<EVP_SIGNATURE_fetch(3)> can be used to explicitely fetch one of the 12
algorithms which can then be used with L<EVP_PKEY_sign_message_init(3)>,
L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify_message_init(3)>, and
-L<EVP_PKEY_verify(3)> to sign or verify one-shot messages.
+L<EVP_PKEY_verify(3)> to perform one-shot message signing or verification.
The normal signing process (called Pure SLH-DSA Signature Generation)
encodes the message internally as 0x00 || len(ctx) || ctx || message.
=head2 SLH-DSA Signature Parameters
-The following parameter can be used for both signing and verification.
-it may be set by passing an OSSL_PARAM array to L<EVP_PKEY_sign_init_ex2(3)> or
+The C<context-string> parameter, described below, can be used for both signing
+and verification.
+It may be set by passing an OSSL_PARAM array to L<EVP_PKEY_sign_init_ex2(3)> or
L<EVP_PKEY_verify_init_ex2(3)>
=over 4
int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp);
# endif /* OPENSSL_NO_EC */
-# ifndef OPENSSL_NO_SLH_DSA
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_128S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_128F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_192S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_192F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_256S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHA2_256F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_128S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_128F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_192S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_192F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_256S_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-SLH_DSA_KEY *ossl_d2i_SLH_DSA_SHAKE_256F_PUBKEY(SLH_DSA_KEY **a,
- const uint8_t **pp, long length);
-int ossl_i2d_SLH_DSA_SHA2_128S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHA2_128F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHA2_192S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHA2_192F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHA2_256S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHA2_256F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_128S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_128F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_192S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_192F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_256S_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-int ossl_i2d_SLH_DSA_SHAKE_256F_PUBKEY(const SLH_DSA_KEY *a, uint8_t **pp);
-# endif /* OPENSSL_NO_SLH_DSA */
-
EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp,
long length);
int ossl_x509_check_private_key(const EVP_PKEY *k, const EVP_PKEY *pkey);
/*-
* The DER ASN.1 encoding of SLH-DSA public keys prepends 18 bytes to the
- * encoded public key (since the large public key size is 64 bytes):
+ * encoded public key (since the largest public key size is 64 bytes):
*
* - 2 byte outer sequence tag and length
* - 2 byte algorithm sequence tag and length
#ifndef OPENSSL_NO_SLH_DSA
# define prepare_slh_dsa_params NULL
-static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder)
+static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
+ ossl_unused void *ctx)
{
const SLH_DSA_KEY *key = vkey;
uint8_t *key_blob;
return key_len;
}
-static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder)
+static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
+ ossl_unused void *ctx)
{
const SLH_DSA_KEY *key = vkey;
size_t len;
# endif
#endif
#ifndef OPENSSL_NO_SLH_DSA
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, PrivateKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, PrivateKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_128F, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_192F, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHA2_256F, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, SubjectPublicKeyInfo, der);
-MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_128F, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_192F, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256S, SubjectPublicKeyInfo, pem);
-MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EVP_PKEY_SLH_DSA_SHAKE_256F, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, pem);
+MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, pem);
#endif /* OPENSSL_NO_SLH_DSA */
#ifndef OPENSSL_NO_ML_KEM
projects / thirdparty / openssl.git / commitdiff
