1 /* 2 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/e_os2.h> 11 #include "ml_dsa_local.h" 12 #include "ml_dsa_vector.h" 13 14 /* NOTE - any changes to this struct may require updates to ossl_ml_dsa_dup() */ 15 struct ml_dsa_key_st { 16 OSSL_LIB_CTX *libctx; 17 const ML_DSA_PARAMS *params; 18 19 EVP_MD *shake128_md; 20 EVP_MD *shake256_md; 21 22 uint8_t rho[ML_DSA_RHO_BYTES]; /* public random seed */ 23 uint8_t tr[ML_DSA_TR_BYTES]; /* Pre-cached public key Hash */ 24 uint8_t K[ML_DSA_K_BYTES]; /* Private random seed for signing */ 25 26 /* 27 * The encoded public and private keys, these are non NULL if the key 28 * components are generated or loaded. 29 * 30 * For keys that are decoded, but not yet loaded or imported into the 31 * provider, the pub_encoding is NULL, while the seed or priv_encoding 32 * is not NULL. 33 */ 34 uint8_t *pub_encoding; 35 uint8_t *priv_encoding; 36 uint8_t *seed; 37 int prov_flags; 38 39 /* 40 * t1 is the Polynomial encoding of the 10 MSB of each coefficient of the 41 * uncompressed public key polynomial t. This is saved as part of the 42 * public key. It is column vector of K polynomials. 43 * (There are 23 bits in q-modulus.. i.e 10 bits = 23 - 13) 44 * t1->poly is allocated. 45 */ 46 VECTOR t1; 47 /* 48 * t0 is the Polynomial encoding of the 13 LSB of each coefficient of the 49 * uncompressed public key polynomial t. This is saved as part of the 50 * private key. It is column vector of K polynomials. 51 */ 52 VECTOR t0; 53 VECTOR s2; /* private secret of size K with short coefficients (-4..4) or (-2..2) */ 54 VECTOR s1; /* private secret of size L with short coefficients (-4..4) or (-2..2) */ 55 /* The s1->poly block is allocated and has space for s2 and t0 also */ 56 }; 57