12  * Test ml-kem operation.
24  * @brief Consumes an 8-bit unsigned integer from a buffer.
26  * This function extracts an 8-bit unsigned integer from the provided buffer,
31  * @param val  Pointer to store the extracted 8-bit value.
41     *len -= sizeof(uint8_t);  in consume_uint8t()
46  * @brief Selects a key type and size from a buffer.
48  * This function reads a key size value from the buffer, determines the
49  * corresponding key type and length, and updates the buffer pointer
51  * key sizes; otherwise, it includes some invalid sizes for testing.
55  * @param keytype   Pointer to store the selected key type string.
56  * @param keylen    Pointer to store the selected key length.
57  * @param only_valid Flag to restrict selection to valid key sizes.
59  * @return 1 if a key type is successfully selected, 0 on failure.
73     *len -= sizeof(uint16_t);  in select_keytype_and_size()
80      * ML-KEM-512, ML-KEM-768, and ML-KEM-1024  in select_keytype_and_size()
88      * Note, keylens for valid values (cases 0-2)  in select_keytype_and_size()
93         *keytype = "ML-KEM-512";  in select_keytype_and_size()
97         *keytype = "ML-KEM-768";  in select_keytype_and_size()
101         *keytype = "ML-KEM-1024";  in select_keytype_and_size()
106         *keytype = "ML-KEM-13";  in select_keytype_and_size()
111         *keytype = "ML-KEM-1024";  in select_keytype_and_size()
113         *len -= sizeof(uint16_t);  in select_keytype_and_size()
115         *keylen %= 1024; /* size to our key buffer */  in select_keytype_and_size()
126  * @brief Creates an ML-KEM raw key from a buffer.
128  * This function selects a key type and size from the buffer, generates
129  * a random key of the appropriate length, and creates either a public
130  * or private ML-KEM key using OpenSSL's EVP_PKEY interface.
134  * @param key1  Pointer to store the generated EVP_PKEY key (public or private).
137  * @note The generated key is allocated using OpenSSL's EVP_PKEY functions
146     uint8_t key[4096];  in create_mlkem_raw_key()  local
153      * Select public or private key creation based on the low order  in create_mlkem_raw_key()
156      * a public key length, private keys for ML-KEM are always double  in create_mlkem_raw_key()
165      * libfuzzer provides by default up to 4096 bit input  in create_mlkem_raw_key()
169     if (!RAND_bytes(key, keylen))  in create_mlkem_raw_key()
173      * Try to generate either a raw public or private key using random data  in create_mlkem_raw_key()
179         pubkey = EVP_PKEY_new_raw_public_key_ex(NULL, keytype, NULL, key, keylen);  in create_mlkem_raw_key()
181         pubkey = EVP_PKEY_new_raw_private_key_ex(NULL, keytype, NULL, key, keylen);  in create_mlkem_raw_key()
188  * @brief Generates a valid ML-KEM key using OpenSSL.
190  * This function selects a valid ML-KEM key type and size from the buffer,
192  * key accordingly.
196  * @param key1   Pointer to store the generated EVP_PKEY key.
199  * @note The generated key is allocated using OpenSSL's EVP_PKEY functions
208     EVP_PKEY **key;  in keygen_mlkem_real_key()  local
212     key = (EVP_PKEY **)key1;  in keygen_mlkem_real_key()
216      * Only generate valid key types and lengths  in keygen_mlkem_real_key()
235     *key = EVP_PKEY_new();  in keygen_mlkem_real_key()
236     if (*key == NULL)  in keygen_mlkem_real_key()
239     if (!EVP_PKEY_generate(ctx, key)) {  in keygen_mlkem_real_key()
240         fprintf(stderr, "Failed to generate new real key\n");  in keygen_mlkem_real_key()
244     if (key == (EVP_PKEY **)key1) {  in keygen_mlkem_real_key()
246         key = (EVP_PKEY **)key2;  in keygen_mlkem_real_key()
256  * @brief Performs key encapsulation and decapsulation using an EVP_PKEY.
258  * This function generates a random key, encapsulates it using the provided
259  * public key, then decapsulates it to retrieve the original key. It makes
264  * @param[in]  key1  Pointer to an EVP_PKEY structure used for key operations.
272     EVP_PKEY *key = (EVP_PKEY *)key1;  in mlkem_encap_decap()  local
281     ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);  in mlkem_encap_decap()
296         fprintf(stderr, "Failed to encapsulate key\n");  in mlkem_encap_decap()
301     ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);  in mlkem_encap_decap()
314         fprintf(stderr, "Failed to decap key\n");  in mlkem_encap_decap()
326  * @brief Derives a shared secret using the provided key and peer key.
328  * This function performs a key derivation operation using the given
329  * private key and peer public key. The resulting shared secret is
332  * @param[in] key The private key used for derivation.
333  * @param[in] peer The peer's public key.
340 static void do_derive(EVP_PKEY *key, EVP_PKEY *peer, uint8_t **shared, size_t *shared_len)  in do_derive()  argument
347     ctx = EVP_PKEY_CTX_new_from_pkey(NULL, key, NULL);  in do_derive()
388  * @brief Performs a key exchange using ML-KEM.
390  * This function derives shared secrets using the provided key pairs.
396  * @param[in] key1 First key (typically Alice's key).
397  * @param[in] key2 Second key (typically Bob's key).
402  *       shared secrets match. A check should be added when ML-KEM
418      * TODO add check of shared secrets here when ML-KEM supports this  in mlkem_kex()
425  * @brief Exports and imports an ML-KEM key.
427  * This function extracts key material from the given key (`key1`),
429  * key from those parameters. It uses OpenSSL's `EVP_PKEY_todata()`
434  * @param[in] key1 The key to be exported and imported.
435  * @param[in] key2 Unused input key (reserved for future use).
439  * @note If any step in the export-import process fails, the function
440  *       logs an error and cleans up allocated resources.
482  * @param key1  First key, expected to be an `EVP_PKEY *`.
483  * @param key2  Second key, expected to be an `EVP_PKEY *`.
498  * @brief Frees allocated ML-KEM keys.
500  * This function releases memory associated with up to four EVP_PKEY
501  * objects by calling `EVP_PKEY_free()` on each provided key.
503  * @param key1 Pointer to the first key to be freed.
504  * @param key2 Pointer to the second key to be freed.
505  * @param key3 Pointer to the third key to be freed.
506  * @param key4 Pointer to the fourth key to be freed.
508  * @note This function assumes that each key is either a valid EVP_PKEY
525  * setting up, executing, and cleaning up cryptographic operations, along
538      * @brief Function pointer for setting up the operation.
561      * @brief Function pointer for cleaning up after the operation.
563      * @param in1   First input parameter to be cleaned up.
564      * @param in2   Second input parameter to be cleaned up.
565      * @param out1  First output parameter to be cleaned up.
566      * @param out2  Second output parameter to be cleaned up.
573         "Generate ML-KEM raw key",
579         "Generate ML-KEM keypair, using EVP_PKEY_keygen",
580         "Generates a real ML-KEM keypair, should always work",
585         "Do a key encap/decap operation on a key",
586         "Generate key, encap it, decap it and compare, should work",
591         "Do a key exchange operation on two keys",
592         "Gen keys, do a key exchange both ways and compare",
597         "Do an export/import of key data",
626  * @return 0 on successful execution, -1 if the input is too short.
640         return -1;  in FuzzerTestOneInput()
647         return -1;  in FuzzerTestOneInput()