From: Pauli Date: Wed, 4 Jun 2025 03:45:33 +0000 (+1000) Subject: ml-kem: update to use TRIE decoder X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=60f9c9d804d46d72ef37e6e87b06f25fc7b32a0e;p=thirdparty%2Fopenssl.git ml-kem: update to use TRIE decoder For get params and from data calls. Reviewed-by: Shane Lontis Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/27756) --- diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in index f96e2d95bf9..348a950fbbb 100644 --- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in +++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_list); +-} #include #include @@ -19,6 +22,7 @@ #include "crypto/ml_kem.h" #include "internal/fips.h" #include "internal/param_build_set.h" +#include "internal/param_names.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" @@ -325,17 +329,19 @@ err: return ret; } +/* Machine generated by util/perl/OpenSSL/paramnames.pm */ +{- produce_param_list('static', 'ml_kem_key_types', + 'static', 'ml_kem_key_types_find_pidx', + (['PKEY_PARAM_ML_KEM_SEED', 'octet_string'], + ['PKEY_PARAM_PRIV_KEY', 'octet_string'], + ['PKEY_PARAM_PUB_KEY', 'octet_string'], + )); -} +/* End of machine generated */ + static const OSSL_PARAM *ml_kem_imexport_types(int selection) { - static const OSSL_PARAM key_types[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ML_KEM_SEED, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), - OSSL_PARAM_END - }; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - return key_types; + return ml_kem_key_types; return NULL; } @@ -392,39 +398,48 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key, * When a private key is provided, without a seed, any public key also * provided will be ignored (apart from length), just as with the seed. */ - if (include_private) { - /* - * When a seed is provided, the private and public keys may be ignored, - * after validating just their lengths. Comparing encodings or hashes - * when applicable is possible, but not currently implemented. - */ - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ML_KEM_SEED); - if (p != NULL - && OSSL_PARAM_get_octet_string_ptr(p, &seedenc, &seedlen) != 1) - return 0; - if (seedlen != 0 && seedlen != ML_KEM_SEED_BYTES) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH); - return 0; - } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - if (p != NULL - && OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1) - return 0; - if (prvlen != 0 && prvlen != v->prvkey_bytes) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - } + for (p = params; p->key != NULL; p++) + switch (ml_kem_key_types_find_pidx(p->key)) { + default: + break; + + case PIDX_PKEY_PARAM_ML_KEM_SEED: + if (include_private) { + /* + * When a seed is provided, the private and public keys may be ignored, + * after validating just their lengths. Comparing encodings or hashes + * when applicable is possible, but not currently implemented. + */ + if (OSSL_PARAM_get_octet_string_ptr(p, &seedenc, &seedlen) != 1) + return 0; + if (seedlen != 0 && seedlen != ML_KEM_SEED_BYTES) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SEED_LENGTH); + return 0; + } + } + break; + + case PIDX_PKEY_PARAM_PRIV_KEY: + if (include_private) { + if (OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1) + return 0; + if (prvlen != 0 && prvlen != v->prvkey_bytes) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + } + break; - /* Used only when no seed or private key is provided. */ - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (p != NULL - && OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1) - return 0; - if (publen != 0 && publen != v->pubkey_bytes) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } + /* Used only when no seed or private key is provided. */ + case PIDX_PKEY_PARAM_PUB_KEY: + if (OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1) + return 0; + if (publen != 0 && publen != v->pubkey_bytes) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + break; + } /* The caller MUST specify at least one of seed, private or public keys. */ if (seedlen == 0 && publen == 0 && prvlen == 0) { @@ -483,25 +498,23 @@ static int ml_kem_import(void *vkey, int selection, const OSSL_PARAM params[]) return res; } +/* Machine generated by util/perl/OpenSSL/paramnames.pm */ +{- produce_param_list('static', 'ml_kem_known_gettable_params', + 'static', 'ml_kem_get_params_find_pidx', + (['PKEY_PARAM_BITS', 'int'], + ['PKEY_PARAM_SECURITY_BITS', 'int'], + ['PKEY_PARAM_MAX_SIZE', 'int'], + ['PKEY_PARAM_SECURITY_CATEGORY', 'int'], + ['PKEY_PARAM_ML_KEM_SEED', 'octet_string'], + ['PKEY_PARAM_PRIV_KEY', 'octet_string'], + ['PKEY_PARAM_PUB_KEY', 'octet_string'], + ['PKEY_PARAM_ENCODED_PUBLIC_KEY', 'octet_string'], + )); -} +/* End of machine generated */ + static const OSSL_PARAM *ml_kem_gettable_params(void *provctx) { - static const OSSL_PARAM arr[] = { - OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL), - /* Exported for import */ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ML_KEM_SEED, NULL, 0), - /* Exported to EVP_PKEY_get_raw_private_key() */ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), - /* Exported to EVP_PKEY_get_raw_public_key() */ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), - /* Needed by EVP_PKEY_get1_encoded_public_key() */ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), - OSSL_PARAM_END - }; - - return arr; + return ml_kem_known_gettable_params; } #ifndef FIPS_MODULE @@ -559,81 +572,85 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[]) ML_KEM_KEY *key = vkey; const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key); OSSL_PARAM *p; - const char *pubparams[] = { - OSSL_PKEY_PARAM_PUB_KEY, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY - }; - int i; + uint8_t *pubenc = NULL; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS); - if (p != NULL) - if (!OSSL_PARAM_set_int(p, v->bits)) - return 0; + for (p = params; p->key != NULL; p++) + switch (ml_kem_get_params_find_pidx(p->key)) { + default: + break; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS); - if (p != NULL) - if (!OSSL_PARAM_set_int(p, v->secbits)) - return 0; - - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE); - if (p != NULL) - if (!OSSL_PARAM_set_int(p, v->ctext_bytes)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY); - if (p != NULL) - if (!OSSL_PARAM_set_int(p, v->security_category)) - return 0; + case PIDX_PKEY_PARAM_BITS: + if (!OSSL_PARAM_set_int(p, v->bits)) + return 0; + break; - if (ossl_ml_kem_have_pubkey(key)) { - uint8_t *pubenc = NULL; + case PIDX_PKEY_PARAM_SECURITY_BITS: + if (!OSSL_PARAM_set_int(p, v->secbits)) + return 0; + break; - for (i = 0; i < 2; ++i) { - p = OSSL_PARAM_locate(params, pubparams[i]); - if (p == NULL) - continue; - if (p->data_type != OSSL_PARAM_OCTET_STRING) + case PIDX_PKEY_PARAM_MAX_SIZE: + if (!OSSL_PARAM_set_int(p, v->ctext_bytes)) return 0; - p->return_size = v->pubkey_bytes; - if (p->data == NULL) - continue; - if (p->data_size < p->return_size) + break; + + case PIDX_PKEY_PARAM_SECURITY_CATEGORY: + if (!OSSL_PARAM_set_int(p, v->security_category)) return 0; - if (pubenc != NULL) { - memcpy(p->data, pubenc, p->return_size); - continue; + break; + + /* Exported to EVP_PKEY_get_raw_public_key() */ + case PIDX_PKEY_PARAM_PUB_KEY: + /* Needed by EVP_PKEY_get1_encoded_public_key() */ + case PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY: + if (ossl_ml_kem_have_pubkey(key)) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + p->return_size = v->pubkey_bytes; + if (p->data == NULL) + break; + if (p->data_size < p->return_size) + return 0; + if (pubenc != NULL) { + memcpy(p->data, pubenc, p->return_size); + break; + } + if (!ossl_ml_kem_encode_public_key(p->data, p->return_size, key)) + return 0; + pubenc = p->data; } - if (!ossl_ml_kem_encode_public_key(p->data, p->return_size, key)) - return 0; - pubenc = p->data; - } - } + break; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); - if (p != NULL && ossl_ml_kem_have_prvkey(key)) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) - return 0; - p->return_size = v->prvkey_bytes; - if (p->data != NULL) { - if (p->data_size < p->return_size) - return 0; - if (!ossl_ml_kem_encode_private_key(p->data, p->return_size, key)) - return 0; - } - } + /* Exported to EVP_PKEY_get_raw_private_key() */ + case PIDX_PKEY_PARAM_PRIV_KEY: + if (ossl_ml_kem_have_prvkey(key)) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + p->return_size = v->prvkey_bytes; + if (p->data != NULL) { + if (p->data_size < p->return_size) + return 0; + if (!ossl_ml_kem_encode_private_key(p->data, p->return_size, key)) + return 0; + } + } + break; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ML_KEM_SEED); - if (p != NULL && ossl_ml_kem_have_seed(key)) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) - return 0; - p->return_size = ML_KEM_SEED_BYTES; - if (p->data != NULL) { - if (p->data_size < p->return_size) - return 0; - if (!ossl_ml_kem_encode_seed(p->data, p->return_size, key)) - return 0; + /* Exported for import */ + case PIDX_PKEY_PARAM_ML_KEM_SEED: + if (ossl_ml_kem_have_seed(key)) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + p->return_size = ML_KEM_SEED_BYTES; + if (p->data != NULL) { + if (p->data_size < p->return_size) + return 0; + if (!ossl_ml_kem_encode_seed(p->data, p->return_size, key)) + return 0; + } + } + break; } - } - return 1; }