Lines Matching +full:- +full:key
2 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
47 { "EC", "P-256", 65, 32, 32, 1, EVP_PKEY_ML_KEM_768 },
48 { "EC", "P-384", 97, 48, 48, 1, EVP_PKEY_ML_KEM_1024 },
64 MLX_KEY *key = vkey; in mlx_kem_key_free() local
66 if (key == NULL) in mlx_kem_key_free()
68 OPENSSL_free(key->propq); in mlx_kem_key_free()
69 EVP_PKEY_free(key->mkey); in mlx_kem_key_free()
70 EVP_PKEY_free(key->xkey); in mlx_kem_key_free()
71 OPENSSL_free(key); in mlx_kem_key_free()
78 MLX_KEY *key = NULL; in mlx_kem_key_new() local
83 || (key = OPENSSL_malloc(sizeof(*key))) == NULL) in mlx_kem_key_new()
87 key->libctx = libctx; in mlx_kem_key_new()
88 key->minfo = ossl_ml_kem_get_vinfo(ml_kem_variant); in mlx_kem_key_new()
89 key->xinfo = &hybrid_vtable[v]; in mlx_kem_key_new()
90 key->xkey = key->mkey = NULL; in mlx_kem_key_new()
91 key->state = MLX_HAVE_NOKEYS; in mlx_kem_key_new()
92 key->propq = propq; in mlx_kem_key_new()
93 return key; in mlx_kem_key_new()
103 const MLX_KEY *key = vkey; in mlx_kem_has() local
105 /* A NULL key MUST fail to have anything */ in mlx_kem_has()
106 if (!ossl_prov_is_running() || key == NULL) in mlx_kem_has()
113 return mlx_kem_have_pubkey(key); in mlx_kem_has()
115 return mlx_kem_have_prvkey(key); in mlx_kem_has()
130 if (key1->xinfo != key2->xinfo) in mlx_kem_match()
139 /* As in other providers, equal when both have no key material. */ in mlx_kem_match()
143 return EVP_PKEY_eq(key1->mkey, key2->mkey) in mlx_kem_match()
144 && EVP_PKEY_eq(key1->xkey, key2->xkey); in mlx_kem_match()
159 /* Copy any exported key material into its storage slot */
168 * some key material was returned, it should have the right (parameter) in export_sub_cb()
173 if (sub_arg->pubenc != NULL in export_sub_cb()
175 void *pub = sub_arg->pubenc + sub_arg->puboff; in export_sub_cb()
177 if (OSSL_PARAM_get_octet_string(p, &pub, sub_arg->publen, &len) != 1) in export_sub_cb()
179 if (len != sub_arg->publen) { in export_sub_cb()
181 "Unexpected %s public key length %lu != %lu", in export_sub_cb()
182 sub_arg->algorithm_name, (unsigned long) len, in export_sub_cb()
183 sub_arg->publen); in export_sub_cb()
186 ++sub_arg->pubcount; in export_sub_cb()
188 if (sub_arg->prvenc != NULL in export_sub_cb()
190 void *prv = sub_arg->prvenc + sub_arg->prvoff; in export_sub_cb()
192 if (OSSL_PARAM_get_octet_string(p, &prv, sub_arg->prvlen, &len) != 1) in export_sub_cb()
194 if (len != sub_arg->prvlen) { in export_sub_cb()
196 "Unexpected %s private key length %lu != %lu", in export_sub_cb()
197 sub_arg->algorithm_name, (unsigned long) len, in export_sub_cb()
198 (unsigned long) sub_arg->publen); in export_sub_cb()
201 ++sub_arg->prvcount; in export_sub_cb()
207 export_sub(EXPORT_CB_ARG *sub_arg, int selection, MLX_KEY *key) in export_sub() argument
215 sub_arg->pubcount = 0; in export_sub()
216 sub_arg->prvcount = 0; in export_sub()
219 int ml_kem_slot = key->xinfo->ml_kem_slot; in export_sub()
224 pkey = key->mkey; in export_sub()
225 sub_arg->algorithm_name = key->minfo->algorithm_name; in export_sub()
226 sub_arg->puboff = slot * key->xinfo->pubkey_bytes; in export_sub()
227 sub_arg->prvoff = slot * key->xinfo->prvkey_bytes; in export_sub()
228 sub_arg->publen = key->minfo->pubkey_bytes; in export_sub()
229 sub_arg->prvlen = key->minfo->prvkey_bytes; in export_sub()
231 pkey = key->xkey; in export_sub()
232 sub_arg->algorithm_name = key->xinfo->algorithm_name; in export_sub()
233 sub_arg->puboff = (1 - ml_kem_slot) * key->minfo->pubkey_bytes; in export_sub()
234 sub_arg->prvoff = (1 - ml_kem_slot) * key->minfo->prvkey_bytes; in export_sub()
235 sub_arg->publen = key->xinfo->pubkey_bytes; in export_sub()
236 sub_arg->prvlen = key->xinfo->prvkey_bytes; in export_sub()
247 MLX_KEY *key = vkey; in mlx_kem_export() local
255 if (!ossl_prov_is_running() || key == NULL) in mlx_kem_export()
261 /* Fail when no key material has yet been provided */ in mlx_kem_export()
262 if (!mlx_kem_have_pubkey(key)) { in mlx_kem_export()
266 publen = key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes; in mlx_kem_export()
267 prvlen = key->minfo->prvkey_bytes + key->xinfo->prvkey_bytes; in mlx_kem_export()
276 if (mlx_kem_have_prvkey(key) in mlx_kem_export()
292 /* Extract sub-component key material */ in mlx_kem_export()
293 if (!export_sub(&sub_arg, selection, key)) in mlx_kem_export()
335 int selection, MLX_KEY *key, int slot, const uint8_t *in, in load_slot() argument
345 int ml_kem_slot = key->xinfo->ml_kem_slot; in load_slot()
349 alg = key->minfo->algorithm_name; in load_slot()
350 ppkey = &key->mkey; in load_slot()
354 alg = key->xinfo->algorithm_name; in load_slot()
355 group = (char *) key->xinfo->group_name; in load_slot()
356 ppkey = &key->xkey; in load_slot()
357 off = (1 - ml_kem_slot) * mbytes; in load_slot()
378 load_keys(MLX_KEY *key, in load_keys() argument
387 if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PRIV_KEY, in load_keys()
388 minimal_selection, key, slot, prvenc, in load_keys()
389 key->minfo->prvkey_bytes, key->xinfo->prvkey_bytes)) in load_keys()
392 /* Absent private key data, import public keys */ in load_keys()
393 if (!load_slot(key->libctx, key->propq, OSSL_PKEY_PARAM_PUB_KEY, in load_keys()
394 minimal_selection, key, slot, pubenc, in load_keys()
395 key->minfo->pubkey_bytes, key->xinfo->pubkey_bytes)) in load_keys()
399 key->state = prvlen ? MLX_HAVE_PRVKEY : MLX_HAVE_PUBKEY; in load_keys()
403 EVP_PKEY_free(key->mkey); in load_keys()
404 EVP_PKEY_free(key->xkey); in load_keys()
405 key->xkey = key->mkey = NULL; in load_keys()
406 key->state = MLX_HAVE_NOKEYS; in load_keys()
410 static int mlx_kem_key_fromdata(MLX_KEY *key, in mlx_kem_key_fromdata() argument
419 /* Invalid attempt to mutate a key, what is the right error to report? */ in mlx_kem_key_fromdata()
420 if (key == NULL || mlx_kem_have_pubkey(key)) in mlx_kem_key_fromdata()
422 pubkey_bytes = key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes; in mlx_kem_key_fromdata()
423 prvkey_bytes = key->minfo->prvkey_bytes + key->xinfo->prvkey_bytes; in mlx_kem_key_fromdata()
444 * When a pubkey is provided, its length MUST be correct, if a private key in mlx_kem_key_fromdata()
445 * is also provided, the public key will be otherwise ignored. We could in mlx_kem_key_fromdata()
457 return load_keys(key, pubenc, publen, prvenc, prvlen); in mlx_kem_key_fromdata()
462 MLX_KEY *key = vkey; in mlx_kem_import() local
465 if (!ossl_prov_is_running() || key == NULL) in mlx_kem_import()
472 return mlx_kem_key_fromdata(key, params, include_private); in mlx_kem_import()
490 * It is assumed the key is guaranteed non-NULL here, and is from this provider
494 MLX_KEY *key = vkey; in mlx_kem_get_params() local
498 size_t publen = key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes; in mlx_kem_get_params()
499 size_t prvlen = key->minfo->prvkey_bytes + key->xinfo->prvkey_bytes; in mlx_kem_get_params()
501 /* The reported "bit" count is those of the ML-KEM key */ in mlx_kem_get_params()
504 if (!OSSL_PARAM_set_int(p, key->minfo->bits)) in mlx_kem_get_params()
507 /* The reported security bits are those of the ML-KEM key */ in mlx_kem_get_params()
510 if (!OSSL_PARAM_set_int(p, key->minfo->secbits)) in mlx_kem_get_params()
516 if (!OSSL_PARAM_set_int(p, key->minfo->ctext_bytes + key->xinfo->pubkey_bytes)) in mlx_kem_get_params()
519 if (!mlx_kem_have_pubkey(key)) in mlx_kem_get_params()
525 if (pub->data_type != OSSL_PARAM_OCTET_STRING) in mlx_kem_get_params()
527 pub->return_size = publen; in mlx_kem_get_params()
528 if (pub->data == NULL) { in mlx_kem_get_params()
530 } else if (pub->data_size < publen) { in mlx_kem_get_params()
532 "public key output buffer too short: %lu < %lu", in mlx_kem_get_params()
533 (unsigned long) pub->data_size, in mlx_kem_get_params()
537 sub_arg.pubenc = pub->data; in mlx_kem_get_params()
540 if (mlx_kem_have_prvkey(key)) { in mlx_kem_get_params()
543 if (prv->data_type != OSSL_PARAM_OCTET_STRING) in mlx_kem_get_params()
545 prv->return_size = prvlen; in mlx_kem_get_params()
546 if (prv->data == NULL) { in mlx_kem_get_params()
548 } else if (prv->data_size < prvlen) { in mlx_kem_get_params()
550 "private key output buffer too short: %lu < %lu", in mlx_kem_get_params()
551 (unsigned long) prv->data_size, in mlx_kem_get_params()
555 sub_arg.prvenc = prv->data; in mlx_kem_get_params()
564 if (key->xinfo->group_name != NULL) in mlx_kem_get_params()
567 /* Extract sub-component key material */ in mlx_kem_get_params()
568 if (!export_sub(&sub_arg, selection, key)) in mlx_kem_get_params()
590 MLX_KEY *key = vkey; in mlx_kem_set_params() local
603 /* Key mutation is reportedly generally not allowed */ in mlx_kem_set_params()
604 if (mlx_kem_have_pubkey(key)) { in mlx_kem_set_params()
616 OPENSSL_free(key->propq); in mlx_kem_set_params()
617 key->propq = NULL; in mlx_kem_set_params()
618 if (!OSSL_PARAM_get_utf8_string(p, &key->propq, 0)) in mlx_kem_set_params()
622 if (publen != key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes) { in mlx_kem_set_params()
627 return load_keys(key, pubenc, publen, NULL, 0); in mlx_kem_set_params()
642 if (p->data_type != OSSL_PARAM_UTF8_STRING) in mlx_kem_gen_set_params()
644 OPENSSL_free(gctx->propq); in mlx_kem_gen_set_params()
645 if ((gctx->propq = OPENSSL_strdup(p->data)) == NULL) in mlx_kem_gen_set_params()
665 gctx->evp_type = evp_type; in mlx_kem_gen_init()
666 gctx->libctx = libctx; in mlx_kem_gen_init()
667 gctx->selection = selection; in mlx_kem_gen_init()
689 MLX_KEY *key; in mlx_kem_gen() local
693 || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == in mlx_kem_gen()
698 propq = gctx->propq; in mlx_kem_gen()
699 gctx->propq = NULL; in mlx_kem_gen()
700 if ((key = mlx_kem_key_new(gctx->evp_type, gctx->libctx, propq)) == NULL) in mlx_kem_gen()
703 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) in mlx_kem_gen()
704 return key; in mlx_kem_gen()
707 key->mkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, in mlx_kem_gen()
708 key->minfo->algorithm_name); in mlx_kem_gen()
709 key->xkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, in mlx_kem_gen()
710 key->xinfo->algorithm_name, in mlx_kem_gen()
711 key->xinfo->group_name); in mlx_kem_gen()
712 if (key->mkey != NULL && key->xkey != NULL) { in mlx_kem_gen()
713 key->state = MLX_HAVE_PRVKEY; in mlx_kem_gen()
714 return key; in mlx_kem_gen()
717 mlx_kem_key_free(key); in mlx_kem_gen()
727 OPENSSL_free(gctx->propq); in mlx_kem_gen_cleanup()
733 const MLX_KEY *key = vkey; in mlx_kem_dup() local
737 || (ret = OPENSSL_memdup(key, sizeof(*ret))) == NULL) in mlx_kem_dup()
740 if (ret->propq != NULL in mlx_kem_dup()
741 && (ret->propq = OPENSSL_strdup(ret->propq)) == NULL) { in mlx_kem_dup()
746 /* Absent key material, nothing left to do */ in mlx_kem_dup()
747 if (ret->mkey == NULL) { in mlx_kem_dup()
748 if (ret->xkey == NULL) in mlx_kem_dup()
750 /* Fail if the source key is an inconsistent state */ in mlx_kem_dup()
757 ret->xkey = ret->mkey = NULL; in mlx_kem_dup()
760 ret->mkey = EVP_PKEY_dup(key->mkey); in mlx_kem_dup()
761 ret->xkey = EVP_PKEY_dup(key->xkey); in mlx_kem_dup()
762 if (ret->xkey != NULL && ret->mkey != NULL) in mlx_kem_dup()
767 "duplication of partial key material not supported"); in mlx_kem_dup()