mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Encoders and Decoders for ML-KEM

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26341)
This commit is contained in:
Viktor Dukhovni 2025-01-09 14:35:03 +11:00 committed by Tomas Mraz
parent 4a377f04b2
commit b818a99839
22 changed files with 807 additions and 747 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/err/openssl.txt
View File

@ -1174,6 +1174,8 @@ PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers
PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256
PROV_R_UNABLE_TO_LOCK_PARENT:201:unable to lock parent
PROV_R_UNABLE_TO_RESEED:204:unable to reseed
PROV_R_UNEXPECTED_KEY_OID:249:unexpected key oid
PROV_R_UNEXPECTED_KEY_PARAMETERS:250:unexpected key parameters
PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg
PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size
PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type

61
crypto/ml_kem/ml_kem.c
View File

@ -188,7 +188,7 @@ static const ML_KEM_VINFO vinfo_map[3] = {
CTEXT_BYTES(512),
VECTOR_BYTES(512),
U_VECTOR_BYTES(512),
ML_KEM_512_VARIANT,
NID_ML_KEM_512,
ML_KEM_512_BITS,
ML_KEM_512_RANK,
ML_KEM_512_DU,
@ -204,7 +204,7 @@ static const ML_KEM_VINFO vinfo_map[3] = {
CTEXT_BYTES(768),
VECTOR_BYTES(768),
U_VECTOR_BYTES(768),
ML_KEM_768_VARIANT,
NID_ML_KEM_768,
ML_KEM_768_BITS,
ML_KEM_768_RANK,
ML_KEM_768_DU,
@ -220,7 +220,7 @@ static const ML_KEM_VINFO vinfo_map[3] = {
CTEXT_BYTES(1024),
VECTOR_BYTES(1024),
U_VECTOR_BYTES(1024),
ML_KEM_1024_VARIANT,
NID_ML_KEM_1024,
ML_KEM_1024_BITS,
ML_KEM_1024_RANK,
ML_KEM_1024_DU,
@ -1182,7 +1182,7 @@ int gencbd_vector_ntt(scalar *out, CBD_FUNC cbd, uint8_t *counter,
}
/* The |ETA1| value for ML-KEM-512 is 3, the rest and all ETA2 values are 2. */
static CBD_FUNC const cbd1[ML_KEM_1024_VARIANT + 1] = { cbd_3, cbd_2, cbd_2 };
#define CBD1(evp_type) ((evp_type) == NID_ML_KEM_512 ? cbd_3 : cbd_2)
/*
* FIPS 203, Section 5.2, Algorithm 14: K-PKE.Encrypt.
@ -1207,7 +1207,7 @@ int encrypt_cpa(uint8_t out[ML_KEM_SHARED_SECRET_BYTES],
EVP_MD_CTX *mdctx, const ML_KEM_KEY *key)
{
const ML_KEM_VINFO *vinfo = key->vinfo;
CBD_FUNC cbd_1 = cbd1[vinfo->variant];
CBD_FUNC cbd_1 = CBD1(vinfo->evp_type);
int rank = vinfo->rank;
/* We can use tmp[0..rank-1] as storage for |y|, then |e1|, ... */
scalar *y = &tmp[0], *e1 = y, *e2 = y;
@ -1395,7 +1395,7 @@ int genkey(const uint8_t d[ML_KEM_RANDOM_BYTES],
const uint8_t *const sigma = hashed + ML_KEM_RANDOM_BYTES;
uint8_t augmented_seed[ML_KEM_RANDOM_BYTES + 1];
const ML_KEM_VINFO *vinfo = key->vinfo;
CBD_FUNC cbd_1 = cbd1[vinfo->variant];
CBD_FUNC cbd_1 = CBD1(vinfo->evp_type);
int rank = vinfo->rank;
uint8_t counter = 0;
@ -1567,17 +1567,23 @@ free_storage(ML_KEM_KEY *key)
*/
/* Retrieve the parameters of one of the ML-KEM variants */
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int variant)
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type)
{
if (variant > ML_KEM_1024_VARIANT)
return NULL;
return &vinfo_map[variant];
switch (evp_type) {
case NID_ML_KEM_512:
return &vinfo_map[0];
case NID_ML_KEM_768:
return &vinfo_map[1];
case NID_ML_KEM_1024:
return &vinfo_map[2];
}
return NULL;
}
ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
int variant)
int evp_type)
{
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(variant);
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type);
ML_KEM_KEY *key;
if (vinfo == NULL)
@ -1694,6 +1700,17 @@ int ossl_ml_kem_encode_private_key(uint8_t *out, size_t len,
return 1;
}
int ossl_ml_kem_encode_key_seed(uint8_t *out, size_t len,
const ML_KEM_KEY *key)
{
if (key == NULL || key->d == NULL || len != ML_KEM_SEED_BYTES)
return 0;
memcpy(out, key->d, ML_KEM_RANDOM_BYTES);
out += ML_KEM_RANDOM_BYTES;
memcpy(out, key->z, ML_KEM_RANDOM_BYTES);
return 1;
}
/* Parse input as a public key */
int ossl_ml_kem_parse_public_key(const uint8_t *in, size_t len, ML_KEM_KEY *key)
{
@ -1834,15 +1851,15 @@ int ossl_ml_kem_encap_seed(uint8_t *ctext, size_t clen,
* each) vectors, that are never retained on return from this function.
* We stack-allocate these.
*/
# define case_encap_seed(bits) \
case ML_KEM_##bits##_VARIANT: \
{ \
scalar tmp[2 * ML_KEM_##bits##_RANK]; \
\
ret = encap(ctext, shared_secret, entropy, tmp, mdctx, key); \
break; \
# define case_encap_seed(bits) \
case NID_ML_KEM_##bits: \
{ \
scalar tmp[2 * ML_KEM_##bits##_RANK]; \
\
ret = encap(ctext, shared_secret, entropy, tmp, mdctx, key); \
break; \
}
switch (vinfo->variant) {
switch (vinfo->evp_type) {
case_encap_seed(512);
case_encap_seed(768);
case_encap_seed(1024);
@ -1914,7 +1931,7 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen,
* We stack-allocate these.
*/
# define case_decap(bits) \
case ML_KEM_##bits##_VARIANT: \
case NID_ML_KEM_##bits: \
{ \
uint8_t cbuf[CTEXT_BYTES(bits)]; \
scalar tmp[2 * ML_KEM_##bits##_RANK]; \
@ -1922,7 +1939,7 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen,
ret = decap(shared_secret, ctext, cbuf, tmp, mdctx, key); \
break; \
}
switch (vinfo->variant) {
switch (vinfo->evp_type) {
case_decap(512);
case_decap(768);
case_decap(1024);

31
doc/man7/EVP_PKEY-ML-KEM.pod
View File

@ -56,25 +56,48 @@ The public key value.
This parameter is used when importing or exporting the public key value with
the EVP_PKEY_fromdata() and EVP_PKEY_todata() functions. The same underlying
FIPS 203 public key format is used for import, import, get and set operations.
FIPS 203 (Algorithm 16: B<ML-KEM.KeyGen_internal>) B<ek> public key format is
used for import, export, get and set operations.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The private key value.
The private key, in seed form when available.
This parameter is used when importing or exporting the private key value with
the EVP_PKEY_fromdata() and EVP_PKEY_todata() functions.
The key format is that of B<dk> in FIPS 203, Algorithm 16:
B<ML-KEM.KeyGen_internal>.
On import, the private key key length is used to infer the key format.
If the key length is 64 bytes, the key format is assumed to be the 64-byte
input seed of FIPS 203, Algorithm 16: B<ML-KEM.KeyGen_internal>, with the B<d>
and B<z> values concatenated in that order.
If, on the other hand, the key length is that of the FIPS 203 (Algorithm 16:
B<ML-KEM.KeyGen_internal>) B<dk> private key for the given ML-KEM variant, then
the key is assumed to be in that format.
Keys originally imported in the B<dk> FIPS 203 form cannot be exported in seed
form as the B<d> seed is not available in that case, and the exported key will
then be the FIPS 203 B<dk> format in which the key was imported.
Generated keys retain the seed value, and are exported in seed form.
=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
Used for getting and setting the encoding of a public key.
The key format is that of B<ek> in FIPS 203, Algorithm 16:
B<ML-KEM.KeyGen_internal>.
Updates of the public and private key components are only allowed on keys that
are empty.
Once a public or private key component is set, no further changes are allowed.
This parameter is gettable and settable.
=item "encoded-priv-key" (B<PKEY_PARAM_ENCODED_PRIVATE_KEY>) <octet string>
Used for getting the I<expanded> encoding of a private key.
The key format is that of B<dk> in FIPS 203, Algorithm 16: B<ML-KEM.KeyGen_internal>.
The private key format returned from key export is the B<(d, z)> seed, when
available, but is otherwise the same as the encoded form.
This parameter is only gettable.
=back
=head1 CONFORMING TO

22
include/crypto/ml_kem.h
View File

@ -85,7 +85,7 @@
* Variant-specific constants and structures
* -----------------------------------------
*/
# define ML_KEM_512_VARIANT 0
# define EVP_PKEY_ML_KEM_512 NID_ML_KEM_512
# define ML_KEM_512_BITS 512
# define ML_KEM_512_RANK 2
# define ML_KEM_512_ETA1 3
@ -94,7 +94,7 @@
# define ML_KEM_512_DV 4
# define ML_KEM_512_SECBITS 128
# define ML_KEM_768_VARIANT 1
# define EVP_PKEY_ML_KEM_768 NID_ML_KEM_768
# define ML_KEM_768_BITS 768
# define ML_KEM_768_RANK 3
# define ML_KEM_768_ETA1 2
@ -103,7 +103,7 @@
# define ML_KEM_768_DV 4
# define ML_KEM_768_SECBITS 192
# define ML_KEM_1024_VARIANT 2
# define EVP_PKEY_ML_KEM_1024 NID_ML_KEM_1024
# define ML_KEM_1024_BITS 1024
# define ML_KEM_1024_RANK 4
# define ML_KEM_1024_ETA1 2
@ -126,7 +126,7 @@ typedef struct {
size_t ctext_bytes;
size_t vector_bytes;
size_t u_vector_bytes;
int variant;
int evp_type;
int bits;
int rank;
int du;
@ -135,7 +135,7 @@ typedef struct {
} ML_KEM_VINFO;
/* Retrive global variant-specific parameters */
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int variant);
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type);
/* Known as ML_KEM_KEY via crypto/types.h */
typedef struct ossl_ml_kem_key_st {
@ -171,9 +171,10 @@ typedef struct ossl_ml_kem_key_st {
} ML_KEM_KEY;
/* The public key is always present, when the private is */
# define ossl_ml_kem_key_vinfo(key) ((key)->vinfo)
# define ossl_ml_kem_have_pubkey(key) ((key)->t != NULL)
# define ossl_ml_kem_have_prvkey(key) ((key)->s != NULL)
# define ossl_ml_kem_key_vinfo(key) ((key)->vinfo)
# define ossl_ml_kem_have_pubkey(key) ((key)->t != NULL)
# define ossl_ml_kem_have_prvkey(key) ((key)->s != NULL)
# define ossl_ml_kem_have_seed(key) ((key)->d != NULL)
/*
* ----- ML-KEM key lifecycle
@ -185,7 +186,7 @@ typedef struct ossl_ml_kem_key_st {
*/
ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx,
const char *properties,
int variant);
int evp_type);
/* Deallocate the key */
void ossl_ml_kem_key_free(ML_KEM_KEY *key);
/*
@ -227,6 +228,9 @@ int ossl_ml_kem_encode_public_key(uint8_t *out, size_t len,
__owur
int ossl_ml_kem_encode_private_key(uint8_t *out, size_t len,
const ML_KEM_KEY *key);
__owur
int ossl_ml_kem_encode_key_seed(uint8_t *out, size_t len,
const ML_KEM_KEY *key);
__owur
int ossl_ml_kem_encap_seed(uint8_t *ctext, size_t clen,

2
include/openssl/proverr.h
View File

@ -148,6 +148,8 @@
# define PROV_R_UNABLE_TO_LOAD_SHA256 147
# define PROV_R_UNABLE_TO_LOCK_PARENT 201
# define PROV_R_UNABLE_TO_RESEED 204
# define PROV_R_UNEXPECTED_KEY_OID 249
# define PROV_R_UNEXPECTED_KEY_PARAMETERS 250
# define PROV_R_UNSUPPORTED_CEK_ALG 145
# define PROV_R_UNSUPPORTED_KEY_SIZE 153
# define PROV_R_UNSUPPORTED_MAC_TYPE 137

4
providers/common/provider_err.c
View File

@ -219,6 +219,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOCK_PARENT),
"unable to lock parent"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_RESEED), "unable to reseed"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNEXPECTED_KEY_OID),
"unexpected key oid"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNEXPECTED_KEY_PARAMETERS),
"unexpected key parameters"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG),
"unsupported cek alg"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE),

8
providers/decoders.inc
View File

@ -74,6 +74,14 @@ DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no),
DECODER_w_structure("SM2", der, type_specific_no_pub, sm2, no),
# endif
#endif
#ifndef OPENSSL_NO_ML_KEM
DECODER_w_structure("ML-KEM-512", der, PrivateKeyInfo, ml_kem_512, yes),
DECODER_w_structure("ML-KEM-512", der, SubjectPublicKeyInfo, ml_kem_512, yes),
DECODER_w_structure("ML-KEM-768", der, PrivateKeyInfo, ml_kem_768, yes),
DECODER_w_structure("ML-KEM-768", der, SubjectPublicKeyInfo, ml_kem_768, yes),
DECODER_w_structure("ML-KEM-1024", der, PrivateKeyInfo, ml_kem_1024, yes),
DECODER_w_structure("ML-KEM-1024", der, SubjectPublicKeyInfo, ml_kem_1024, yes),
#endif
DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes),
DECODER_w_structure("RSA", der, SubjectPublicKeyInfo, rsa, yes),
DECODER_w_structure("RSA", der, type_specific_keypair, rsa, yes),

46
providers/encoders.inc
View File

@ -67,6 +67,11 @@ ENCODER_TEXT("X448", x448, yes),
ENCODER_TEXT("SM2", sm2, no),
# endif
#endif
#ifndef OPENSSL_NO_ML_KEM
ENCODER_TEXT("ML-KEM-512", ml_kem_512, yes),
ENCODER_TEXT("ML-KEM-768", ml_kem_768, yes),
ENCODER_TEXT("ML-KEM-1024", ml_kem_1024, yes),
#endif
# ifndef OPENSSL_NO_ML_DSA
ENCODER_TEXT("ML-DSA-44", ml_dsa_44, yes),
@ -189,6 +194,16 @@ ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo),
# ifndef OPENSSL_NO_SM2
ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo),
# endif
#endif
#ifndef OPENSSL_NO_ECX
ENCODER_w_structure("X25519", x25519, yes, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("X25519", x25519, yes, pem, EncryptedPrivateKeyInfo),
@ -217,16 +232,29 @@ ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo),
# endif
#endif
# ifndef OPENSSL_NO_SM2
ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo),
ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo),
# endif
#ifndef OPENSSL_NO_ML_KEM
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ML-KEM-512", ml_kem_512, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ML-KEM-768", ml_kem_768, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, EncryptedPrivateKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ML-KEM-1024", ml_kem_1024, yes, pem, SubjectPublicKeyInfo),
#endif
# ifndef OPENSSL_NO_ML_DSA

4
providers/fips/self_test_kats.c
View File

@ -772,8 +772,8 @@ static EVP_PKEY *self_test_kem_keygen(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,
goto err;
/* Compare outputs */
*params = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
buf, s);
*params = OSSL_PARAM_construct_octet_string(
OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, buf, s);
if (!EVP_PKEY_get_params(r, params))
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, buf);

260
providers/implementations/encode_decode/decode_der2key.c
View File

@ -13,6 +13,8 @@
*/
#include "internal/deprecated.h"
#include <openssl/asn1t.h>
#include <openssl/byteorder.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
@ -32,12 +34,34 @@
#include "crypto/rsa.h"
#include "crypto/ml_dsa.h"
#include "crypto/x509.h"
#include "crypto/ml_kem.h"
#include "openssl/obj_mac.h"
#include "prov/bio.h"
#include "prov/implementations.h"
#include "endecoder_local.h"
#include "internal/nelem.h"
#include "ml_dsa_codecs.h"
#ifndef OPENSSL_NO_ML_KEM
typedef struct {
ASN1_OBJECT *oid;
} BARE_ALGOR;
typedef struct {
BARE_ALGOR algor;
ASN1_BIT_STRING *pubkey;
} BARE_PUBKEY;
ASN1_SEQUENCE(BARE_ALGOR) = {
ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT),
} static_ASN1_SEQUENCE_END(BARE_ALGOR)
ASN1_SEQUENCE(BARE_PUBKEY) = {
ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR),
ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END(BARE_PUBKEY)
#endif
struct der2key_ctx_st; /* Forward declaration */
typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
@ -552,6 +576,234 @@ static void *sm2_d2i_PKCS8(const unsigned char **der, long der_len,
(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
}
# endif
#endif
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_ML_KEM
/* For lengths between 256 and 65535 the DER encoding is 4 bytes longer */
#define ML_KEM_OCTET_STRING_OVERHEAD 4
/*-
* The DER ASN.1 encoding of ML-KEM and ML-DSA public keys prepends 22 bytes to
* the encoded public key:
*
* - 4 byte outer sequence tag and length
* - 2 byte algorithm sequence tag and length
* - 2 byte algorithm OID tag and length
* - 9 byte algorithm OID (from NIST CSOR OID arc)
* - 4 byte bit string tag and length
* - 1 bitstring lead byte
*/
#define ML_KEM_SPKI_OVERHEAD 22
/*
* The accepted private key format is either the 64-bytes (d, z) seed pair, or
* else the optionally DER wrapped octet-string encoding (one byte tag, three
* byte length) of the FIPS 203 expanded |dk| key, optionally concatenated with
* the public |ek|. We don't need to worry about whether the public key is or
* isn't appended, those are just ignored bytes at the end of an input buffer.
*/
typedef enum {
NONE_FMT, /* Unknown or unsupported format */
SEED_FMT, /* Just the seed, no DER wrapping */
LONG_FMT, /* Key(s), no octet-string DER wrapping */
ASN1_FMT /* Key(s), octet-string DER wrapped */
} ML_KEM_PRIV_FMT;
static void *
ml_kem_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)
{
const ML_KEM_VINFO *vinfo;
ML_KEM_KEY *key = NULL, *ret = NULL;
OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
const unsigned char *p;
const X509_ALGOR *alg = NULL;
ML_KEM_PRIV_FMT fmt;
int plen, ptype, privlen, pairlen;
uint16_t keylen;
/* Extract the key OID and any parameters (we want none of those) */
if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL)
return 0;
if (!PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf))
goto end;
/* Bail out early if this is some other key type. */
if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)
goto end;
vinfo = ossl_ml_kem_get_vinfo(ctx->desc->evp_type);
/* Parameters must be absent. */
X509_ALGOR_get0(NULL, &ptype, NULL, alg);
if (ptype != V_ASN1_UNDEF) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,
"unexpected parameters with a PKCS#8 %s private key",
vinfo->algorithm_name);
goto end;
}
privlen = (int) vinfo->prvkey_bytes;
pairlen = (int) (vinfo->prvkey_bytes + vinfo->pubkey_bytes);
if (plen == ML_KEM_SEED_BYTES)
fmt = SEED_FMT;
else if (plen == privlen || plen == pairlen)
fmt = LONG_FMT;
else if (plen == ML_KEM_OCTET_STRING_OVERHEAD + privlen
|| plen == ML_KEM_OCTET_STRING_OVERHEAD + pairlen)
fmt = ASN1_FMT;
else
fmt = NONE_FMT;
switch (fmt) {
case NONE_FMT:
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH,
"unexpected PKCS#8 private key length: %d", plen);
break;
case SEED_FMT:
if ((key = ossl_ml_kem_key_new(libctx, ctx->propq,
ctx->desc->evp_type)) != NULL
&& ossl_ml_kem_genkey(p, p + ML_KEM_RANDOM_BYTES, NULL, 0, key))
ret = key;
else
ERR_raise_data(ERR_LIB_PROV, PROV_R_GENERATE_ERROR,
"error generating %s private key from seed",
vinfo->algorithm_name);
break;
case ASN1_FMT:
if (*p++ != V_ASN1_OCTET_STRING || *p++ != 0x82)
break;
p = OPENSSL_load_u16_be(&keylen, p);
if (keylen != (plen -= ML_KEM_OCTET_STRING_OVERHEAD))
break;
/* fallthrough */
case LONG_FMT:
/* Check public key consistency if provided? */
if ((key = ossl_ml_kem_key_new(libctx, ctx->propq,
ctx->desc->evp_type)) != NULL
&& ossl_ml_kem_parse_private_key(p, vinfo->prvkey_bytes, key))
ret = key;
else
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
"error parsing %s private key",
vinfo->algorithm_name);
break;
}
end:
PKCS8_PRIV_KEY_INFO_free(p8inf);
if (ret == NULL)
ossl_ml_kem_key_free(key);
return ret;
}
static ossl_inline void *
ml_kem_d2i_PUBKEY(const uint8_t **der, long der_len,
struct der2key_ctx_st *ctx)
{
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(ctx->desc->evp_type);
OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
ML_KEM_KEY *ret = NULL;
BARE_PUBKEY *spki;
const uint8_t *end = *der;
/*
* Not our NID! Is there a sensible error to report here? Why was this
* decoder called?
*/
if (vinfo == NULL)
return NULL;
/*
* Check that we have the right OID, the bit string has no "bits left" and
* that we consume all the input exactly.
*/
if (der_len != ML_KEM_SPKI_OVERHEAD + (long) vinfo->pubkey_bytes) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"unexpected %s public key length: %ld != %ld",
vinfo->algorithm_name, der_len,
ML_KEM_SPKI_OVERHEAD + (long) vinfo->pubkey_bytes);
return NULL;
}
if ((spki = OPENSSL_zalloc(sizeof(*spki))) == NULL)
return NULL;
/* The spki storage is freed on error */
if (ASN1_item_d2i_ex((ASN1_VALUE **)&spki, &end, der_len,
ASN1_ITEM_rptr(BARE_PUBKEY), NULL, NULL) == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"malformed %s public key ASN.1 encoding",
vinfo->algorithm_name);
return NULL;
}
/* The spki structure now owns some memory */
if ((spki->pubkey->flags & 0x7) != 0 || end != *der + der_len) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"malformed %s public key ASN.1 encoding",
vinfo->algorithm_name);
goto end;
}
if (OBJ_cmp(OBJ_nid2obj(ctx->desc->evp_type), spki->algor.oid) != 0) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"unexpected algorithm OID for an %s public key",
vinfo->algorithm_name);
goto end;
}
ret = ossl_ml_kem_key_new(libctx, ctx->propq, ctx->desc->evp_type);
if (ret == NULL
|| !ossl_ml_kem_parse_public_key(spki->pubkey->data,
spki->pubkey->length, ret)) {
ossl_ml_kem_key_free(ret);
ret = NULL;
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"failed to parse %s public key from the input data",
vinfo->algorithm_name);
}
end:
ASN1_OBJECT_free(spki->algor.oid);
ASN1_BIT_STRING_free(spki->pubkey);
OPENSSL_free(spki);
return ret;
}
# define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512
# define ml_kem_512_d2i_private_key NULL
# define ml_kem_512_d2i_public_key NULL
# define ml_kem_512_d2i_key_params NULL
# define ml_kem_512_d2i_PUBKEY ml_kem_d2i_PUBKEY
# define ml_kem_512_d2i_PKCS8 ml_kem_d2i_PKCS8
# define ml_kem_512_free (free_key_fn *)ossl_ml_kem_key_free
# define ml_kem_512_check NULL
# define ml_kem_512_adjust NULL
# define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768
# define ml_kem_768_d2i_private_key NULL
# define ml_kem_768_d2i_public_key NULL
# define ml_kem_768_d2i_key_params NULL
# define ml_kem_768_d2i_PUBKEY ml_kem_d2i_PUBKEY
# define ml_kem_768_d2i_PKCS8 ml_kem_d2i_PKCS8
# define ml_kem_768_free (free_key_fn *)ossl_ml_kem_key_free
# define ml_kem_768_check NULL
# define ml_kem_768_adjust NULL
# define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024
# define ml_kem_1024_d2i_private_key NULL
# define ml_kem_1024_d2i_public_key NULL
# define ml_kem_1024_d2i_PUBKEY ml_kem_d2i_PUBKEY
# define ml_kem_1024_d2i_PKCS8 ml_kem_d2i_PKCS8
# define ml_kem_1024_d2i_key_params NULL
# define ml_kem_1024_free (free_key_fn *)ossl_ml_kem_key_free
# define ml_kem_1024_check NULL
# define ml_kem_1024_adjust NULL
#endif
/* ---------------------------------------------------------------------- */
@ -925,6 +1177,14 @@ MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);
# endif
#endif
#ifndef OPENSSL_NO_ML_KEM
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, PrivateKeyInfo);
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, SubjectPublicKeyInfo);
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, PrivateKeyInfo);
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, SubjectPublicKeyInfo);
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, PrivateKeyInfo);
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, SubjectPublicKeyInfo);
#endif
MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);

101
providers/implementations/encode_decode/encode_key2any.c
View File

@ -29,6 +29,7 @@
#include "internal/passphrase.h"
#include "internal/cryptlib.h"
#include "crypto/ecx.h"
#include "crypto/ml_kem.h"
#include "crypto/rsa.h"
#include "crypto/ml_dsa.h"
#include "prov/implementations.h"
@ -877,6 +878,83 @@ static int ml_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_ML_KEM
static int ml_kem_spki_pub_to_der(const void *vkey, unsigned char **pder,
ossl_unused void *ctx)
{
const ML_KEM_KEY *key = vkey;
size_t publen;
if (!ossl_ml_kem_have_pubkey(key)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
publen = key->vinfo->pubkey_bytes;
if (pder != NULL
&& ((*pder = OPENSSL_malloc(publen)) == NULL
|| !ossl_ml_kem_encode_public_key(*pder, publen, key)))
return 0;
return publen;
}
static int ml_kem_pki_priv_to_der(const void *vkey, unsigned char **pder,
ossl_unused void *ctx)
{
const ML_KEM_KEY *key = vkey;
int len = ML_KEM_SEED_BYTES;
if (!ossl_ml_kem_have_prvkey(key)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
"no %s private key data available",
key->vinfo->algorithm_name);
return 0;
}
/*
* Output the seed bytes directly when available, but otherwise, be
* compatible with Bouncy Castle's non-seed "long" output format, which is
* just the FIPS 203 |dk| private key bytes sans DER octet-string wrapping.
*/
if (ossl_ml_kem_have_seed(key))
len = ML_KEM_SEED_BYTES;
else
len = key->vinfo->prvkey_bytes;
if (pder == NULL)
return len;
if ((*pder = OPENSSL_malloc(len)) == NULL)
return 0;
if (ossl_ml_kem_have_seed(key)) {
if (ossl_ml_kem_encode_key_seed(*pder, len, key))
return len;
} else {
if (ossl_ml_kem_encode_private_key(*pder, len, key))
return len;
}
OPENSSL_free(*pder);
return 0;
}
# define ml_kem_epki_priv_to_der ml_kem_pki_priv_to_der
# define prepare_ml_kem_params NULL
# define ml_kem_check_key_type NULL
# define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512
# define ml_kem_512_pem_type "ML-KEM-512"
# define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768
# define ml_kem_768_pem_type "ML-KEM-768"
# define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024
# define ml_kem_1024_pem_type "ML-KEM-1024"
#endif
/* ---------------------------------------------------------------------- */
/*
* Helper functions to prepare RSA-PSS params for encoding. We would
* have simply written the whole AlgorithmIdentifier, but existing libcrypto
@ -1478,6 +1556,29 @@ MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, pem);
# endif
#endif
#ifndef OPENSSL_NO_ML_KEM
MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, der);
MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, pem);
MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, pem);
#endif
/*
* Support for key type specific output formats. Not all key types have
* this, we only aim to duplicate what is available in 1.1.1 as

73
providers/implementations/encode_decode/encode_key2text.c
View File

@ -23,6 +23,7 @@
#include "crypto/dsa.h" /* ossl_dsa_get0_params() */
#include "crypto/ec.h" /* ossl_ec_key_get_libctx */
#include "crypto/ecx.h" /* ECX_KEY, etc... */
#include "crypto/ml_kem.h" /* ML_KEM_KEY, etc... */
#include "crypto/rsa.h" /* RSA_PSS_PARAMS_30, etc... */
#include "crypto/ml_dsa.h"
#include "prov/bio.h"
@ -430,7 +431,74 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
return 1;
}
#endif
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_ML_KEM
static int ml_kem_to_text(BIO *out, const void *vkey, int selection)
{
const ML_KEM_KEY *key = vkey;
uint8_t seed[ML_KEM_SEED_BYTES], *prvenc = NULL, *pubenc = NULL;
size_t publen, prvlen;
const char *type_label = NULL;
int ret = 0;
if (out == NULL || key == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
type_label = key->vinfo->algorithm_name;
publen = key->vinfo->pubkey_bytes;
prvlen = key->vinfo->prvkey_bytes;
if (!ossl_ml_kem_have_pubkey(key)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
"no %s key material available",
type_label);
return 0;
}
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
if (!ossl_ml_kem_have_prvkey(key)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_KEY,
"no %s private key material available",
key->vinfo->algorithm_name);
return 0;
}
if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0)
return 0;
if ((prvenc = OPENSSL_malloc(prvlen)) == NULL)
return 0;
if (ossl_ml_kem_have_seed(key)) {
if (!ossl_ml_kem_encode_key_seed(seed, sizeof(seed), key))
goto end;
if (!ossl_bio_print_labeled_buf(out, "seed:", seed, sizeof(seed)))
goto end;
}
if (!ossl_ml_kem_encode_private_key(prvenc, prvlen, key))
goto end;
if (!ossl_bio_print_labeled_buf(out, "dk:", prvenc, prvlen))
goto end;
} else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0)
goto end;
}
pubenc = OPENSSL_malloc(key->vinfo->pubkey_bytes);
if (pubenc != NULL)
ret = ossl_ml_kem_encode_public_key(pubenc, publen, key)
&& ossl_bio_print_labeled_buf(out, "ek:", pubenc, publen);
end:
OPENSSL_free(pubenc);
OPENSSL_free(prvenc);
return ret;
}
#endif
/* ---------------------------------------------------------------------- */
@ -689,6 +757,11 @@ MAKE_TEXT_ENCODER(x25519, ecx);
MAKE_TEXT_ENCODER(x448, ecx);
# endif
#endif
#ifndef OPENSSL_NO_ML_KEM
MAKE_TEXT_ENCODER(ml_kem_512, ml_kem);
MAKE_TEXT_ENCODER(ml_kem_768, ml_kem);
MAKE_TEXT_ENCODER(ml_kem_1024, ml_kem);
#endif
MAKE_TEXT_ENCODER(rsa, rsa);
MAKE_TEXT_ENCODER(rsapss, rsa);

32
providers/implementations/include/prov/implementations.h
View File

@ -627,6 +627,38 @@ extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed25519_decoder_func
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed448_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed448_decoder_functions[];
#ifndef OPENSSL_NO_ML_KEM
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_512_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_512_decoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_512_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_768_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_768_decoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_768_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ml_kem_1024_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ml_kem_1024_decoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ml_kem_1024_to_text_encoder_functions[];
#endif
#ifndef OPENSSL_NO_SM2
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[];

6
providers/implementations/include/prov/names.h
View File

@ -390,11 +390,11 @@
#define PROV_DESCS_ML_DSA_65 "OpenSSL ML-DSA-65 implementation"
#define PROV_NAMES_ML_DSA_87 "ML-DSA-87:2.16.840.1.101.3.4.3.19:id-ml-dsa-87"
#define PROV_DESCS_ML_DSA_87 "OpenSSL ML-DSA-87 implementation"
#define PROV_NAMES_ML_KEM_512 "ML-KEM-512:MLKEM512"
#define PROV_NAMES_ML_KEM_512 "ML-KEM-512:MLKEM512:2.16.840.1.101.3.4.4.1"
#define PROV_DESCS_ML_KEM_512 "OpenSSL ML-KEM-512 implementation"
#define PROV_NAMES_ML_KEM_768 "ML-KEM-768:MLKEM768"
#define PROV_NAMES_ML_KEM_768 "ML-KEM-768:MLKEM768:2.16.840.1.101.3.4.4.2"
#define PROV_DESCS_ML_KEM_768 "OpenSSL ML-KEM-768 implementation"
#define PROV_NAMES_ML_KEM_1024 "ML-KEM-1024:MLKEM1024"
#define PROV_NAMES_ML_KEM_1024 "ML-KEM-1024:MLKEM1024:2.16.840.1.101.3.4.4.3"
#define PROV_DESCS_ML_KEM_1024 "OpenSSL ML-KEM-1024 implementation"
#define PROV_NAMES_X25519MLKEM768 "X25519MLKEM768"
#define PROV_DESCS_X25519MLKEM768 "X25519+ML-KEM-768 TLS hybrid implementation"

176
providers/implementations/keymgmt/ml_kem_kmgmt.c
View File

@ -32,6 +32,9 @@ static OSSL_FUNC_keymgmt_gen_init_fn ml_kem_1024_gen_init;
static OSSL_FUNC_keymgmt_gen_cleanup_fn ml_kem_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn ml_kem_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn ml_kem_gen_settable_params;
#ifndef FIPS_MODULE
static OSSL_FUNC_keymgmt_load_fn ml_kem_load;
#endif
static OSSL_FUNC_keymgmt_get_params_fn ml_kem_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn ml_kem_gettable_params;
static OSSL_FUNC_keymgmt_set_params_fn ml_kem_set_params;
@ -51,7 +54,7 @@ typedef struct ml_kem_gen_ctx_st {
OSSL_LIB_CTX *libctx;
char *propq;
int selection;
int variant;
int evp_type;
uint8_t seedbuf[ML_KEM_SEED_BYTES];
uint8_t *seed;
} PROV_ML_KEM_GEN_CTX;
@ -122,11 +125,11 @@ err:
}
#endif /* FIPS_MODULE */
static void *ml_kem_new(OSSL_LIB_CTX *libctx, char *propq, int variant)
static void *ml_kem_new(OSSL_LIB_CTX *libctx, char *propq, int evp_type)
{
if (!ossl_prov_is_running())
return NULL;
return ossl_ml_kem_key_new(libctx, propq, variant);
return ossl_ml_kem_key_new(libctx, propq, evp_type);
}
static int ml_kem_has(const void *vkey, int selection)
@ -171,6 +174,7 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb,
uint8_t *pubenc = NULL;
uint8_t *prvenc = NULL;
const ML_KEM_VINFO *v;
size_t prvlen = 0;
int ret = 0;
if (!ossl_prov_is_running() || key == NULL)
@ -188,7 +192,8 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb,
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
pubenc = OPENSSL_malloc(v->pubkey_bytes);
if (pubenc == NULL)
if (pubenc == NULL
|| !ossl_ml_kem_encode_public_key(pubenc, v->pubkey_bytes, key))
goto err;
}
@ -199,9 +204,17 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb,
* ossl_param_build_set_octet_string(), which will then also use the
* secure heap.
*/
prvenc = OPENSSL_secure_zalloc(v->prvkey_bytes);
if (prvenc == NULL)
goto err;
if (ossl_ml_kem_have_seed(key)) {
prvlen = ML_KEM_SEED_BYTES;
if ((prvenc = OPENSSL_secure_zalloc(prvlen)) == NULL
|| !ossl_ml_kem_encode_key_seed(prvenc, prvlen, key))
goto err;
} else {
prvlen = v->prvkey_bytes;
if ((prvenc = OPENSSL_secure_zalloc(prvlen)) == NULL
|| !ossl_ml_kem_encode_private_key(prvenc, prvlen, key))
goto err;
}
}
tmpl = OSSL_PARAM_BLD_new();
@ -209,19 +222,18 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb,
goto err;
/* The public key on request; it is always available when either is */
if (pubenc != NULL)
if (!ossl_ml_kem_encode_public_key(pubenc, v->pubkey_bytes, key)
|| !ossl_param_build_set_octet_string(
tmpl, params, OSSL_PKEY_PARAM_PUB_KEY,
pubenc, v->pubkey_bytes))
if (pubenc != NULL
&& !ossl_param_build_set_octet_string(
tmpl, params, OSSL_PKEY_PARAM_PUB_KEY, pubenc, v->pubkey_bytes))
goto err;
/* The private key on request */
if (prvenc != NULL && ossl_ml_kem_have_prvkey(key))
if (!ossl_ml_kem_encode_private_key(prvenc, v->prvkey_bytes, key)
|| !ossl_param_build_set_octet_string(
tmpl, params, OSSL_PKEY_PARAM_PRIV_KEY,
prvenc, v->prvkey_bytes))
/*-
* The private key on request, in the (d, z) seed format, when available,
* otherwise in the FIPS 203 |dk| format.
*/
if (prvenc != NULL
&& !ossl_param_build_set_octet_string(
tmpl, params, OSSL_PKEY_PARAM_PRIV_KEY, prvenc, prvlen))
goto err;
params = OSSL_PARAM_BLD_to_param(tmpl);
@ -233,7 +245,7 @@ static int ml_kem_export(void *vkey, int selection, OSSL_CALLBACK *param_cb,
err:
OSSL_PARAM_BLD_free(tmpl);
OPENSSL_secure_clear_free(prvenc, v->prvkey_bytes);
OPENSSL_secure_clear_free(prvenc, prvlen);
OPENSSL_free(pubenc);
return ret;
}
@ -255,7 +267,8 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key,
const OSSL_PARAM params[],
int include_private)
{
const OSSL_PARAM *param_prv_key = NULL, *param_pub_key;
const OSSL_PARAM *p = NULL;
const uint8_t *d = NULL, *z = NULL;
const void *pubenc = NULL, *prvenc = NULL;
size_t publen = 0, prvlen = 0;
const ML_KEM_VINFO *v;
@ -266,17 +279,34 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key,
v = ossl_ml_kem_key_vinfo(key);
/* What does the caller want to set? */
param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
if (param_pub_key != NULL &&
OSSL_PARAM_get_octet_string_ptr(param_pub_key, &pubenc, &publen) != 1)
return 0;
if (include_private)
param_prv_key = OSSL_PARAM_locate_const(params,
OSSL_PKEY_PARAM_PRIV_KEY);
if (param_prv_key != NULL &&
OSSL_PARAM_get_octet_string_ptr(param_prv_key, &prvenc, &prvlen) != 1)
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
if (p != NULL &&
OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1)
return 0;
/*
* Accept private keys in either expanded or seed form, distinguished by
* length alone. Accept either the "raw" or "encoded" parameters as the
* input source, preferring the raw, which is expected to be the seed if
* the caller supports seeds as a key format.
*/
if (include_private) {
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
if (p == NULL)
p = OSSL_PARAM_locate_const(params,
OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY);
if (p != NULL
&& OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1)
return 0;
if (prvlen == ML_KEM_SEED_BYTES) {
d = (uint8_t *)prvenc;
z = d + ML_KEM_RANDOM_BYTES;
} else if (prvlen != 0 && prvlen != v->prvkey_bytes) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
}
/* The caller MUST specify at least one of the public or private keys. */
if (publen == 0 && prvlen == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
@ -292,15 +322,14 @@ static int ml_kem_key_fromdata(ML_KEM_KEY *key,
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
if (prvlen != 0 && prvlen != v->prvkey_bytes) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
/*
* If the private key is given, we'll ignore the public key data, taking
* the embedded public key as authoritative.
* the embedded public key as authoritative. For import, the private key
* is in either (d, z) seed format or the FIPS 203 expanded format.
*/
if (d != NULL)
return ossl_ml_kem_genkey(d, z, NULL, 0, key);
if (prvlen != 0)
return ossl_ml_kem_parse_private_key(prvenc, prvlen, key);
return ossl_ml_kem_parse_public_key(pubenc, publen, key);
@ -336,13 +365,29 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx)
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, NULL, 0),
OSSL_PARAM_END
};
return arr;
}
#ifndef FIPS_MODULE
void *ml_kem_load(const void *reference, size_t reference_sz)
{
ML_KEM_KEY *key = NULL;
if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
/* The contents of the reference is the address to our object */
key = *(ML_KEM_KEY **)reference;
/* We grabbed, so we detach it */
*(ML_KEM_KEY **)reference = NULL;
return key;
}
return NULL;
}
#endif
/*
* It is assumed the key is guaranteed non-NULL here, and is from this provider
*/
@ -380,7 +425,7 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[])
}
}
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY);
if (p != NULL && ossl_ml_kem_have_prvkey(key)) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
return 0;
@ -392,6 +437,7 @@ static int ml_kem_get_params(void *vkey, OSSL_PARAM params[])
return 0;
}
}
return 1;
}
@ -399,6 +445,7 @@ static const OSSL_PARAM *ml_kem_settable_params(void *provctx)
{
static const OSSL_PARAM arr[] = {
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY, NULL, 0),
OSSL_PARAM_END
};
@ -408,16 +455,32 @@ static const OSSL_PARAM *ml_kem_settable_params(void *provctx)
static int ml_kem_set_params(void *vkey, const OSSL_PARAM params[])
{
ML_KEM_KEY *key = vkey;
const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key);
const OSSL_PARAM *p;
const void *pubenc = NULL;
size_t publen = 0;
const void *pubenc = NULL, *prvenc = NULL;
size_t publen = 0, prvlen = 0;
if (ossl_param_is_empty(params))
return 1;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p == NULL)
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY);
if (p != NULL
&& (OSSL_PARAM_get_octet_string_ptr(p, &prvenc, &prvlen) != 1
|| prvlen != key->vinfo->prvkey_bytes)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
return 0;
}
if (prvlen == 0) {
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL
&& (OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen) != 1
|| publen != key->vinfo->pubkey_bytes)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
return 0;
}
}
if (publen == 0 && prvlen == 0)
return 1;
/* Key mutation is reportedly generally not allowed */
@ -427,16 +490,11 @@ static int ml_kem_set_params(void *vkey, const OSSL_PARAM params[])
"ML-KEM keys cannot be mutated");
return 0;
}
/* An unlikely failure mode is the parameter having some unexpected type */
if (!OSSL_PARAM_get_octet_string_ptr(p, &pubenc, &publen))
return 0;
if (publen != v->pubkey_bytes) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
return 0;
}
return ossl_ml_kem_parse_public_key(pubenc, publen, key);
if (prvlen)
return ossl_ml_kem_parse_private_key(prvenc, prvlen, key);
else
return ossl_ml_kem_parse_public_key(pubenc, publen, key);
}
static int ml_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[])
@ -476,7 +534,7 @@ static int ml_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[])
}
static void *ml_kem_gen_init(void *provctx, int selection,
const OSSL_PARAM params[], int variant)
const OSSL_PARAM params[], int evp_type)
{
PROV_ML_KEM_GEN_CTX *gctx = NULL;
@ -490,7 +548,7 @@ static void *ml_kem_gen_init(void *provctx, int selection,
return NULL;
gctx->selection = selection;
gctx->variant = variant;
gctx->evp_type = evp_type;
if (provctx != NULL)
gctx->libctx = PROV_LIBCTX_OF(provctx);
if (ml_kem_gen_set_params(gctx, params))
@ -523,7 +581,7 @@ static void *ml_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (gctx == NULL
|| (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) ==
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|| (key = ml_kem_new(gctx->libctx, gctx->propq, gctx->variant)) == NULL)
|| (key = ml_kem_new(gctx->libctx, gctx->propq, gctx->evp_type)) == NULL)
return NULL;
if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
@ -571,16 +629,23 @@ static void *ml_kem_dup(const void *vkey, int selection)
return ossl_ml_kem_key_dup(key, selection);
}
#ifndef FIPS_MODULE
# define DISPATCH_LOAD_FN \
{ OSSL_FUNC_KEYMGMT_LOAD, (OSSL_FUNC) ml_kem_load },
#else
# define DISPATCH_LOAD_FN /* Non-FIPS only */
#endif
#define DECLARE_VARIANT(bits) \
static void *ml_kem_##bits##_new(void *provctx) \
{ \
return ml_kem_new(provctx == NULL ? NULL : PROV_LIBCTX_OF(provctx), \
NULL, ML_KEM_##bits##_VARIANT); \
NULL, NID_ML_KEM_##bits); \
} \
static void *ml_kem_##bits##_gen_init(void *provctx, int selection, \
const OSSL_PARAM params[]) \
{ \
return ml_kem_gen_init(provctx, selection, params, ML_KEM_##bits##_VARIANT); \
return ml_kem_gen_init(provctx, selection, params, NID_ML_KEM_##bits); \
} \
const OSSL_DISPATCH ossl_ml_kem_##bits##_keymgmt_functions[] = { \
{ OSSL_FUNC_KEYMGMT_NEW, (OSSL_FUNC) ml_kem_##bits##_new }, \
@ -596,6 +661,7 @@ static void *ml_kem_dup(const void *vkey, int selection)
{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, (OSSL_FUNC) ml_kem_gen_settable_params }, \
{ OSSL_FUNC_KEYMGMT_GEN, (OSSL_FUNC) ml_kem_gen }, \
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (OSSL_FUNC) ml_kem_gen_cleanup }, \
DISPATCH_LOAD_FN \
{ OSSL_FUNC_KEYMGMT_DUP, (OSSL_FUNC) ml_kem_dup }, \
{ OSSL_FUNC_KEYMGMT_IMPORT, (OSSL_FUNC) ml_kem_import }, \
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (OSSL_FUNC) ml_kem_imexport_types }, \

18
providers/implementations/keymgmt/mlx_kmgmt.c
View File

@ -44,11 +44,11 @@ static const int minimal_selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
/* Must match DECLARE_DISPATCH invocations at the end of the file */
static const ECDH_VINFO hybrid_vtable[] = {
{ "EC", "P-256", 65, 32, 32, 1, ML_KEM_768_VARIANT },
{ "EC", "P-384", 97, 48, 48, 1, ML_KEM_1024_VARIANT },
{ "EC", "P-256", 65, 32, 32, 1, NID_ML_KEM_768 },
{ "EC", "P-384", 97, 48, 48, 1, NID_ML_KEM_1024 },
#if !defined(OPENSSL_NO_ECX)
{ "X25519", NULL, 32, 32, 32, 0, ML_KEM_768_VARIANT },
{ "X448", NULL, 56, 56, 56, 0, ML_KEM_1024_VARIANT },
{ "X25519", NULL, 32, 32, 32, 0, NID_ML_KEM_768 },
{ "X448", NULL, 56, 56, 56, 0, NID_ML_KEM_1024 },
#endif
};
@ -56,7 +56,7 @@ typedef struct mlx_kem_gen_ctx_st {
OSSL_LIB_CTX *libctx;
char *propq;
int selection;
unsigned int variant;
unsigned int evp_type;
} PROV_ML_KEM_GEN_CTX;
static void mlx_kem_key_free(void *vkey)
@ -648,8 +648,8 @@ static int mlx_kem_gen_set_params(void *vgctx, const OSSL_PARAM params[])
return 1;
}
static void *mlx_kem_gen_init(int v, OSSL_LIB_CTX *libctx, int selection,
const OSSL_PARAM params[])
static void *mlx_kem_gen_init(int evp_type, OSSL_LIB_CTX *libctx,
int selection, const OSSL_PARAM params[])
{
PROV_ML_KEM_GEN_CTX *gctx = NULL;
@ -662,7 +662,7 @@ static void *mlx_kem_gen_init(int v, OSSL_LIB_CTX *libctx, int selection,
|| (gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL)
return NULL;
gctx->variant = v;
gctx->evp_type = evp_type;
gctx->libctx = libctx;
gctx->selection = selection;
if (mlx_kem_gen_set_params(gctx, params))
@ -696,7 +696,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
/* Lose ownership of propq */
gctx->propq = NULL;
if ((key = mlx_kem_key_new(gctx->variant, gctx->libctx, propq)) == NULL)
if ((key = mlx_kem_key_new(gctx->evp_type, gctx->libctx, propq)) == NULL)
return NULL;
if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)

49
test/endecode_test.c
View File

@ -106,8 +106,11 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
}
#endif
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_ML_DSA)
#if !defined(OPENSSL_NO_DH) || \
!defined(OPENSSL_NO_DSA) || \
!defined(OPENSSL_NO_EC) || \
!defined(OPENSSL_NO_ML_DSA) || \
!defined(OPENSSL_NO_ML_KEM)
static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
OSSL_PARAM *genparams)
{
@ -1038,6 +1041,12 @@ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
KEYS(SM2);
IMPLEMENT_TEST_SUITE(SM2, "SM2", 0)
# endif
#endif
#ifndef OPENSSL_NO_ECX
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
*/
KEYS(ED25519);
IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
KEYS(ED448);
@ -1046,10 +1055,19 @@ KEYS(X25519);
IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
KEYS(X448);
IMPLEMENT_TEST_SUITE(X448, "X448", 1)
#endif
#ifndef OPENSSL_NO_ML_KEM
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
* ML-KEM has no support for PEM_write_bio_PrivateKey_traditional(), so no
* legacy tests.
* TODO(ML-KEM): FIPS
*/
KEYS(ML_KEM_512);
IMPLEMENT_TEST_SUITE(ML_KEM_512, "ML-KEM-512", 1)
KEYS(ML_KEM_768);
IMPLEMENT_TEST_SUITE(ML_KEM_768, "ML-KEM-768", 1)
KEYS(ML_KEM_1024);
IMPLEMENT_TEST_SUITE(ML_KEM_1024, "ML-KEM-1024", 1)
#endif
KEYS(RSA);
IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
@ -1415,6 +1433,8 @@ int setup_tests(void)
# ifndef OPENSSL_NO_SM2
MAKE_KEYS(SM2, "SM2", NULL);
# endif
#endif
#ifndef OPENSSL_NO_ECX
MAKE_KEYS(ED25519, "ED25519", NULL);
MAKE_KEYS(ED448, "ED448", NULL);
MAKE_KEYS(X25519, "X25519", NULL);
@ -1427,6 +1447,11 @@ int setup_tests(void)
MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL);
}
#endif /* OPENSSL_NO_ML_DSA */
#ifndef OPENSSL_NO_ML_KEM
MAKE_KEYS(ML_KEM_512, "ML-KEM-512", NULL);
MAKE_KEYS(ML_KEM_768, "ML-KEM-768", NULL);
MAKE_KEYS(ML_KEM_1024, "ML-KEM-1024", NULL);
#endif
TEST_info("Loading RSA key...");
ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
@ -1475,15 +1500,22 @@ int setup_tests(void)
ADD_TEST_SUITE(SM2);
}
# endif
#endif
#ifndef OPENSSL_NO_ECX
ADD_TEST_SUITE(ED25519);
ADD_TEST_SUITE(ED448);
ADD_TEST_SUITE(X25519);
ADD_TEST_SUITE(X448);
#endif
#ifndef OPENSSL_NO_ML_KEM
ADD_TEST_SUITE(ML_KEM_512);
ADD_TEST_SUITE(ML_KEM_768);
ADD_TEST_SUITE(ML_KEM_1024);
#endif
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
*/
#endif
ADD_TEST_SUITE(RSA);
ADD_TEST_SUITE_LEGACY(RSA);
ADD_TEST_SUITE(RSA_PSS);
@ -1543,10 +1575,17 @@ void cleanup_tests(void)
# ifndef OPENSSL_NO_SM2
FREE_KEYS(SM2);
# endif
#endif
#ifndef OPENSSL_NO_ECX
FREE_KEYS(ED25519);
FREE_KEYS(ED448);
FREE_KEYS(X25519);
FREE_KEYS(X448);
#endif
#ifndef OPENSSL_NO_ML_KEM
FREE_KEYS(ML_KEM_512);
FREE_KEYS(ML_KEM_768);
FREE_KEYS(ML_KEM_1024);
#endif
FREE_KEYS(RSA);
FREE_KEYS(RSA_PSS);

626
test/evp_extra_test.c
View File

@ -2575,6 +2575,14 @@ done:
#endif
#ifndef OPENSSL_NO_ML_KEM
static const uint8_t ml_kem_prvkey[] = {
0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, 0x0c, 0x6d, 0x10, 0xe4,
0xdb, 0x6b, 0x1a, 0xdd, 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, 0x86, 0x26, 0xed, 0x79,
0xd4, 0x51, 0x14, 0x08, 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b,
0x87, 0x2b, 0xfb, 0x8f
};
static const uint8_t ml_kem_512_pubkey[] = {
0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
@ -2644,144 +2652,6 @@ static const uint8_t ml_kem_512_pubkey[] = {
0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
};
static const uint8_t ml_kem_512_prvkey[] = {
0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c, 0x10, 0x9b, 0x41, 0x52,
0x89, 0xf5, 0x6a, 0x9e, 0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04, 0x37, 0xa2, 0x64, 0xb0,
0xbe, 0x9a, 0x1e, 0x8b, 0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80,
0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2, 0x08, 0xf1, 0xc9, 0x14,
0xf9, 0x64, 0xc1, 0xaa, 0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d,
0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5, 0xcd, 0x15, 0xa3, 0xbc,
0x7e, 0x74, 0xb6, 0xf2, 0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12,
0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3, 0x8d, 0x5d, 0x1a, 0xcc,
0x51, 0x15, 0x46, 0x2a, 0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23,
0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea, 0x7a, 0x80, 0x37, 0x90,
0xbc, 0x03, 0x93, 0xf3, 0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f,
0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23, 0x62, 0x69, 0x30, 0x22,
0x27, 0x04, 0xc0, 0x8f, 0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70,
0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1, 0x62, 0xf4, 0x86, 0xbb,
0xc6, 0x4a, 0x09, 0x71, 0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e,
0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea, 0x7b, 0xf5, 0xe4, 0x00,
0x7a, 0x66, 0x35, 0x88, 0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d,
0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a, 0x95, 0x25, 0x69, 0x36,
0x73, 0x88, 0x13, 0x0d, 0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c,
0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6, 0xa5, 0x35, 0xd7, 0x92,
0xd2, 0x90, 0x54, 0x74, 0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae,
0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20, 0x66, 0xcd, 0xdb, 0x43,
0xec, 0x05, 0x98, 0x4f, 0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6,
0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98, 0x48, 0x87, 0x59, 0x19,
0xe8, 0x9c, 0xc4, 0x39, 0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41,
0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c, 0x99, 0x63, 0xb4, 0x7a,
0x2a, 0x09, 0x92, 0x29, 0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d,
0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25, 0x62, 0xaf, 0xb0, 0x84,
0x83, 0x7a, 0xcb, 0x3c, 0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a,
0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85, 0x29, 0x6e, 0x6b, 0x02,
0xde, 0x0b, 0x47, 0xb5, 0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a,
0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43, 0xc2, 0xb9, 0xc8, 0x4d,
0x9d, 0xa9, 0x1c, 0x6c, 0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84,
0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6, 0xc2, 0x5e, 0xb2, 0x98,
0x44, 0xd8, 0x58, 0xba, 0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6,
0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14, 0x49, 0x4e, 0xba, 0x28,
0x8a, 0x65, 0x91, 0x51, 0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa,
0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3, 0x46, 0x0f, 0x0a, 0xa0,
0x1a, 0x87, 0xa6, 0xa5, 0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc,
0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4, 0x16, 0x40, 0x50, 0x9d,
0xbd, 0x0b, 0x40, 0x45, 0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74,
0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80, 0xa6, 0xd7, 0xe3, 0x8a,
0x7e, 0x2a, 0x63, 0xe9, 0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d,
0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96, 0xab, 0x04, 0x85, 0x01,
0x3e, 0xa9, 0x27, 0xc7, 0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40,
0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c, 0x3a, 0xa1, 0xc7, 0x4f,
0x85, 0x81, 0xc3, 0x48, 0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4,
0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c, 0x5b, 0x44, 0x09, 0xb8,
0xd0, 0x53, 0x1c, 0x04, 0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f,
0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77, 0x5a, 0xde, 0xd9, 0x70,
0xb5, 0x47, 0x18, 0x59, 0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f,
0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96, 0x10, 0x19, 0xea, 0xae,
0xa2, 0x37, 0x77, 0xd3, 0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20,
0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea, 0x64, 0x14, 0xe5, 0x46,
0xc3, 0xb2, 0x0b, 0xd5, 0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38,
0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1, 0x00, 0xf8, 0xc5, 0xb3,
0xd0, 0x3c, 0xa2, 0xc7, 0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26,
0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6, 0x8c, 0xa5, 0x57, 0x0d,
0xe6, 0x00, 0xcd, 0x09, 0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01,
0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81, 0xa4, 0xf6, 0x81, 0x5d,
0x37, 0x60, 0xb7, 0x64, 0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92,
0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7, 0x7c, 0xcb, 0x89, 0x17,
0xc9, 0x3a, 0x29, 0xd6, 0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6,
0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, 0x58, 0x11, 0x13, 0x9b,
0xc0, 0x86, 0x82, 0x57, 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, 0x96, 0xac, 0xf1, 0x26,
0x2c, 0x81, 0x35, 0x10, 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, 0x0b, 0x9b, 0x58, 0x19,
0x92, 0x63, 0x8c, 0xb7, 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, 0x88, 0x72, 0x2c, 0x36,
0x35, 0x42, 0x3e, 0x27, 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, 0x5c, 0x90, 0x35, 0xbb,
0x0a, 0xf2, 0xc9, 0x92, 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, 0x9e, 0x91, 0x36, 0xb3,
0x9f, 0x95, 0x6c, 0x93, 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, 0x6b, 0xbf, 0x92, 0xc8,
0x05, 0x45, 0x66, 0x68, 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, 0x6e, 0xb9, 0x77, 0x82,
0xe2, 0x7a, 0x3c, 0x78, 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, 0xa9, 0xe1, 0x59, 0x9b,
0x17, 0xb3, 0x0d, 0xcc, 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, 0xc2, 0xb9, 0xc9, 0x74,
0x43, 0x94, 0xc6, 0xab, 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, 0x2e, 0xe3, 0x2a, 0x07,
0x65, 0x4a, 0x07, 0x0c, 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, 0x3f, 0x97, 0x51, 0x92,
0x3e, 0x44, 0x27, 0x4f, 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, 0x97, 0xca, 0xd9, 0x55,
0x3f, 0x5a, 0x26, 0x3f, 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, 0xa3, 0x15, 0x3c, 0x0a,
0x5e, 0x0a, 0x1c, 0xcd, 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, 0x08, 0xca, 0xc3, 0x7f,
0x7d, 0xa6, 0xb1, 0x6f, 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, 0x86, 0xcc, 0xc7, 0xc3,
0x74, 0x9c, 0x63, 0xc7, 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, 0x1e, 0xc1, 0x41, 0x2b,
0xda, 0xe3, 0x42, 0x08, 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, 0xcb, 0x2a, 0x15, 0x5a,
0x10, 0x03, 0x09, 0xd1, 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, 0xc1, 0x08, 0xf8, 0x50,
0x30, 0x95, 0x04, 0xd7, 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, 0x25, 0x5e, 0xe7, 0xa6,
0xa0, 0xa7, 0x53, 0xbd, 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, 0x11, 0x3c, 0xc0, 0x13,
0xff, 0x74, 0x94, 0xba, 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, 0x9d, 0x57, 0xe3, 0x22,
0xfe, 0xfa, 0x41, 0x00, 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, 0x9c, 0xb1, 0x0b, 0x27,
0x1a, 0xa0, 0x5d, 0x99, 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, 0x88, 0x3d, 0xa2, 0x06,
0x4f, 0x79, 0x5e, 0x0e, 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, 0xa8, 0x01, 0xe5, 0x9f,
0xd7, 0x52, 0xca, 0x6e, 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, 0x26, 0x0c, 0x92, 0x9a,
0x13, 0x44, 0xa8, 0x49, 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, 0x44, 0x64, 0x03, 0x1a,
0x78, 0x43, 0x92, 0x87, 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, 0xca, 0x90, 0x1b, 0x2a,
0xea, 0x12, 0x98, 0x17, 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, 0x46, 0x71, 0x86, 0x2d,
0x90, 0x47, 0x0b, 0x1e, 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, 0xcc, 0xe1, 0xdb, 0x77,
0x02, 0xea, 0x9d, 0xd6, 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, 0x11, 0xf6, 0x6c, 0x3e,
0x0b, 0x92, 0x8d, 0xb8, 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, 0xb2, 0x75, 0x91, 0xc8,
0x21, 0x92, 0x90, 0x76, 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, 0x43, 0x29, 0x86, 0xae,
0x4b, 0xc1, 0xa2, 0x42, 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39, 0x50, 0xc8, 0xdd, 0x15,
0x2a, 0x45, 0x31, 0xaa, 0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a,
0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d, 0x79, 0xaf, 0xe4, 0xdd,
0x4d, 0x1e, 0xee, 0x5a, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67,
0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
static const uint8_t ml_kem_768_pubkey[] = {
0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
@ -2883,208 +2753,6 @@ static const uint8_t ml_kem_768_pubkey[] = {
0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
};
static const uint8_t ml_kem_768_prvkey[] = {
0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61, 0x3a, 0xa1, 0xf9, 0x80,
0x38, 0x0c, 0xb3, 0x6d, 0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c, 0x41, 0x42, 0x39, 0x66,
0x2f, 0x68, 0xbd, 0x44, 0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89,
0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57, 0x2f, 0x7b, 0x29, 0xa6,
0xde, 0x12, 0x80, 0x14, 0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71,
0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40, 0x33, 0x8d, 0x74, 0x35,
0x16, 0x65, 0x9b, 0xd2, 0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58,
0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3, 0x0d, 0x8f, 0xac, 0x24,
0x3b, 0xd2, 0x24, 0x25, 0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90,
0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45, 0x65, 0xf0, 0x19, 0x23,
0x4f, 0xf0, 0x4b, 0x34, 0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72,
0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c, 0x75, 0xac, 0x59, 0x00,
0xda, 0xe8, 0x30, 0x0d, 0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc,
0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b, 0x85, 0x18, 0xf1, 0x36,
0xad, 0x15, 0xb9, 0xf7, 0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75,
0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59, 0x82, 0x57, 0x53, 0x1b,
0x2c, 0xfb, 0x6e, 0xe7, 0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83,
0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda, 0x9e, 0x92, 0x92, 0x0b,
0xfd, 0x9a, 0x06, 0x9e, 0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77,
0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10, 0x7c, 0xf3, 0x5a, 0x43,
0x4d, 0x69, 0xb0, 0x7e, 0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c,
0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74, 0x7b, 0x28, 0x74, 0x7d,
0x80, 0xeb, 0x9d, 0x6c, 0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9,
0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9, 0xa6, 0x58, 0x53, 0x33,
0x24, 0x86, 0x9c, 0x18, 0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5,
0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24, 0x9c, 0xe4, 0x04, 0xb4,
0x9c, 0x0a, 0x8c, 0x3e, 0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d,
0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3, 0xa8, 0x2e, 0x70, 0x3b,
0x74, 0xe5, 0xae, 0x61, 0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f,
0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87, 0x86, 0x48, 0x6a, 0x72,
0xe4, 0xf2, 0x4d, 0x2d, 0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba,
0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9, 0x33, 0x07, 0xc0, 0xab,
0x64, 0x63, 0x9a, 0xea, 0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71,
0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2, 0xb8, 0x57, 0xfb, 0x88,
0xf6, 0x00, 0xca, 0xa5, 0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28,
0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18, 0x53, 0x70, 0x0b, 0x01,
0xef, 0xf9, 0x45, 0x3f, 0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d,
0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a, 0x82, 0x76, 0x51, 0x93,
0xfd, 0xf8, 0x1b, 0x62, 0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42,
0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec, 0x06, 0xce, 0x77, 0xa3,
0xc6, 0x44, 0x93, 0xc1, 0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c,
0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97, 0x1b, 0x2f, 0xfa, 0x93,
0xb5, 0x2a, 0x46, 0x1e, 0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b,
0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0, 0x73, 0x5e, 0xa8, 0xa1,
0x4a, 0xa5, 0x9e, 0x8d, 0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74,
0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23, 0x04, 0x73, 0x32, 0x3d,
0x25, 0xc6, 0x6f, 0xe6, 0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21,
0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b, 0x6b, 0x7b, 0x37, 0x87,
0x69, 0xa6, 0xb4, 0x70, 0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b,
0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8, 0xb5, 0xe5, 0x20, 0x1a,
0xb2, 0x62, 0x74, 0xbb, 0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b,
0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6, 0x00, 0x99, 0x55, 0x71,
0xff, 0xc3, 0x8c, 0x59, 0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9,
0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72, 0x38, 0xff, 0xc0, 0x70,
0x61, 0xe4, 0x75, 0xd6, 0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3,
0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3, 0x1d, 0x0a, 0xca, 0xcf,
0xd5, 0x58, 0x90, 0xa5, 0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13,
0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6, 0xca, 0x10, 0x26, 0x66,
0x6a, 0xc6, 0xbc, 0x94, 0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7,
0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78, 0x13, 0x6d, 0x1a, 0x05,
0xdb, 0x38, 0xcc, 0x85, 0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2,
0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11, 0x0d, 0x22, 0x78, 0x1d,
0xc3, 0x05, 0x0d, 0x8c, 0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06,
0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52, 0x71, 0xb2, 0x24, 0x86,
0x75, 0x01, 0x19, 0x68, 0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0,
0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81, 0xcf, 0x29, 0xc0, 0x12,
0xc6, 0x62, 0x27, 0xb7, 0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62,
0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67, 0x27, 0xab, 0xb8, 0x37,
0x1f, 0xf2, 0xc1, 0x18, 0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16,
0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3, 0x7d, 0x8f, 0x3b, 0x33,
0x42, 0xe4, 0x49, 0x0a, 0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02,
0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0, 0x41, 0x11, 0x48, 0x01,
0x03, 0x2c, 0x51, 0x9f, 0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b,
0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5, 0x8c, 0xb1, 0xdc, 0x14,
0xb4, 0xa9, 0x6c, 0x47, 0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd,
0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9, 0x5b, 0x3b, 0x4a, 0x4a,
0x4a, 0x95, 0x8e, 0x47, 0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb,
0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92, 0x0b, 0x57, 0x11, 0xac,
0x1f, 0xcb, 0xaf, 0x4b, 0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76,
0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3, 0xa9, 0xdc, 0x62, 0xc5,
0xc1, 0x44, 0x52, 0x7a, 0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57,
0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8, 0xbb, 0xbe, 0x9a, 0xbc,
0x37, 0x05, 0x09, 0x31, 0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74,
0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70, 0x1c, 0x8c, 0xc9, 0x8a,
0x1d, 0x4c, 0xa1, 0x07, 0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0,
0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22, 0x86, 0x37, 0xcc, 0x9e,
0xb1, 0x2a, 0xcc, 0x09, 0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97,
0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60, 0x9b, 0xb2, 0x8c, 0x11,
0xd5, 0xfa, 0xc5, 0xca, 0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67,
0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35, 0x4c, 0xd7, 0xa1, 0x96,
0xdb, 0xd9, 0x80, 0x2f, 0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97,
0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35, 0x2a, 0x20, 0x79, 0x1f,
0xd8, 0xb8, 0x7f, 0xe3, 0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30,
0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2, 0x58, 0x0d, 0x07, 0x1d,
0x6c, 0x56, 0x20, 0x20, 0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93,
0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, 0x78, 0xa8, 0x95, 0x4f,
0x00, 0x7b, 0xc7, 0x71, 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, 0x67, 0x53, 0x29, 0x13,
0xa8, 0xd5, 0x3d, 0xfd, 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, 0xa3, 0xf1, 0x63, 0x25,
0xc4, 0x0c, 0x29, 0x52, 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, 0xb8, 0x99, 0x42, 0xce,
0xb1, 0x95, 0x53, 0x1c, 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, 0xca, 0xc5, 0x20, 0x7e,
0x53, 0x5b, 0x26, 0x0a, 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, 0x68, 0xbb, 0x34, 0x56,
0xc7, 0x3a, 0x01, 0xb7, 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, 0x2f, 0x56, 0x02, 0xba,
0x65, 0xf0, 0x7e, 0xa9, 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, 0x8a, 0xfe, 0xcb, 0x74,
0x8e, 0xe3, 0x91, 0xe9, 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, 0xc3, 0x7b, 0xc6, 0x49,
0xb8, 0x26, 0x34, 0xce, 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, 0xb4, 0x5e, 0xb6, 0x74,
0x65, 0xe1, 0x6d, 0xe4, 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, 0x3c, 0xea, 0x88, 0xb0,
0x2a, 0x4c, 0x03, 0xd0, 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, 0x6c, 0xdc, 0x25, 0x4b,
0xa2, 0x21, 0x29, 0xf4, 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, 0x2c, 0xa4, 0x80, 0xcf,
0x35, 0x04, 0x09, 0xb2, 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, 0x90, 0x1e, 0xa2, 0x53,
0xc8, 0x41, 0x5b, 0xd7, 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, 0xaf, 0x16, 0xd3, 0xbc,
0x69, 0xf7, 0x0c, 0x2e, 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, 0x1f, 0xa0, 0x4c, 0x19,
0x17, 0xb2, 0x78, 0xc3, 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, 0xb1, 0xd9, 0x64, 0x4a,
0x61, 0x29, 0x48, 0xa3, 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, 0x60, 0x9c, 0x76, 0xc7,
0xea, 0x6b, 0x5d, 0xe0, 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, 0xce, 0xae, 0x1b, 0xa5,
0xcc, 0x72, 0xc7, 0x4a, 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, 0x6c, 0x7c, 0x61, 0x51,
0xa1, 0x9c, 0x6c, 0xd7, 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, 0x9d, 0xe3, 0xda, 0xbf,
0xa6, 0x29, 0xa7, 0xc0, 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, 0x2c, 0xa7, 0xa8, 0x48,
0xcd, 0x36, 0x68, 0x01, 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, 0x02, 0xba, 0xe9, 0x0a,
0xf6, 0x5c, 0x48, 0x06, 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, 0x35, 0x94, 0xe6, 0xa7,
0x02, 0x76, 0x1f, 0xc9, 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, 0x88, 0x09, 0xd9, 0x28,
0xc7, 0xf4, 0xcb, 0xbf, 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, 0x92, 0x10, 0xc7, 0x11,
0x3b, 0xc3, 0x7b, 0x3e, 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, 0xcb, 0x7c, 0x70, 0xc0,
0x23, 0x36, 0x6d, 0x78, 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, 0x5a, 0x94, 0x11, 0x4f,
0xfa, 0xf6, 0x0d, 0x9a, 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, 0x59, 0x9e, 0x37, 0xc7,
0x68, 0xc7, 0xbc, 0x10, 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, 0x90, 0xd7, 0x89, 0x2e,
0xa8, 0x54, 0x64, 0xee, 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, 0x8a, 0x95, 0x9a, 0x68,
0x09, 0x65, 0x47, 0xf6, 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, 0x65, 0x6c, 0x28, 0x82,
0x8b, 0xeb, 0x91, 0x26, 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, 0x95, 0x07, 0x26, 0x9d,
0xda, 0xf8, 0xc9, 0x5c, 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, 0x1e, 0xee, 0xb3, 0x3e,
0xcd, 0xa7, 0x6a, 0xe9, 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, 0x4c, 0x2c, 0x77, 0xce,
0x87, 0xc4, 0x1f, 0x98, 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, 0x8e, 0x65, 0xda, 0x4d,
0x8e, 0xe6, 0x4f, 0x68, 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, 0x00, 0x43, 0x33, 0x48,
0x93, 0x93, 0xa0, 0x74, 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, 0x71, 0xc0, 0xb2, 0x7b,
0x2d, 0xba, 0xa0, 0x0d, 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, 0x99, 0x12, 0x2c, 0x97,
0x96, 0xb4, 0xb0, 0x18, 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, 0x0b, 0xce, 0x8c, 0xac,
0x78, 0x64, 0xcb, 0xb3, 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, 0xac, 0xc9, 0xc5, 0xa1,
0x88, 0x40, 0x72, 0xd8, 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, 0x12, 0x61, 0xf9, 0x62,
0xb1, 0x7a, 0x72, 0x15, 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, 0x95, 0xa8, 0x5b, 0x4f,
0x98, 0xa1, 0xb5, 0x74, 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, 0x48, 0xd9, 0xb5, 0xcd,
0x6c, 0x17, 0xb9, 0xb3, 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, 0x78, 0x2a, 0x71, 0xcd,
0xee, 0xe7, 0x92, 0xba, 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, 0xad, 0x98, 0xb4, 0x63,
0x4f, 0x64, 0xab, 0xa8, 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, 0xaa, 0xc4, 0x1c, 0x82,
0x88, 0x87, 0x93, 0x18, 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, 0x11, 0xd8, 0x55, 0x1e,
0x54, 0x66, 0xc5, 0x76, 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, 0xd8, 0xfa, 0xbb, 0xfb,
0x3f, 0xe8, 0xcb, 0x1d, 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28, 0xf5, 0x72, 0x62, 0x66,
0x13, 0x58, 0xcd, 0xe8, 0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b,
0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52, 0x56, 0xb6, 0x8b, 0xbf,
0x59, 0x43, 0xb1, 0x32, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67,
0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
static const uint8_t ml_kem_1024_pubkey[] = {
0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
@ -3218,272 +2886,6 @@ static const uint8_t ml_kem_1024_pubkey[] = {
0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
};
static const uint8_t ml_kem_1024_prvkey[] = {
0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88, 0x2a, 0xcd, 0xd5, 0xa4,
0x78, 0x20, 0xa6, 0xa8, 0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47, 0x01, 0x49, 0x08, 0x30,
0x38, 0x66, 0x37, 0xda, 0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f,
0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b, 0x0c, 0xfd, 0x68, 0x0c,
0x11, 0x48, 0x2f, 0x33, 0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a,
0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75, 0x45, 0x98, 0x33, 0x43,
0xcd, 0x82, 0x94, 0x14, 0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55,
0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62, 0x95, 0x31, 0x31, 0xb6,
0x3e, 0xe8, 0x32, 0xad, 0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49,
0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b, 0x15, 0x98, 0x23, 0x73,
0xae, 0x73, 0x2e, 0x04, 0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c,
0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c, 0x85, 0x1d, 0xc9, 0x61,
0x1f, 0x4b, 0xcf, 0x04, 0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b,
0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8, 0x1d, 0xb7, 0xfc, 0xcd,
0xdd, 0x9a, 0x32, 0x4b, 0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40,
0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94, 0x01, 0x9c, 0x10, 0xbe,
0x37, 0xa5, 0x3d, 0x5a, 0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f,
0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71, 0xc9, 0xa1, 0xd2, 0x8a,
0xed, 0x02, 0x59, 0x7a, 0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3,
0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75, 0x87, 0x1a, 0x65, 0x27,
0x5e, 0xb1, 0xc5, 0xb0, 0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf,
0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9, 0x05, 0x62, 0x2b, 0x83,
0xfc, 0x51, 0x39, 0x71, 0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67,
0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab, 0x60, 0x57, 0x93, 0x6d,
0x19, 0xa4, 0xa2, 0xa2, 0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f,
0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04, 0x64, 0x2b, 0x0c, 0x20,
0xda, 0x6c, 0xc0, 0xd9, 0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f,
0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07, 0x49, 0xcb, 0xc0, 0xc9,
0x05, 0xd7, 0xb1, 0xff, 0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a,
0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78, 0x62, 0xe5, 0xf6, 0xba,
0xc9, 0x87, 0x26, 0xe5, 0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a,
0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac, 0x03, 0x82, 0x4c, 0x89,
0x89, 0x7c, 0xb4, 0x90, 0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20,
0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18, 0x4d, 0x78, 0x72, 0x1a,
0xf8, 0x36, 0xad, 0x4d, 0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47,
0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62, 0x75, 0x85, 0xc6, 0x4b,
0xe3, 0x80, 0x9d, 0x7e, 0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f,
0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40, 0x7d, 0x3a, 0x61, 0x9a,
0xd0, 0x95, 0x43, 0xb7, 0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17,
0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c, 0x7d, 0x0e, 0xd9, 0x4c,
0xd5, 0x00, 0x47, 0x95, 0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87,
0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28, 0x17, 0x29, 0x23, 0x24,
0x96, 0x35, 0xaa, 0xd0, 0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e,
0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90, 0x3e, 0x47, 0x10, 0x86,
0xc5, 0xf1, 0x56, 0x7e, 0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25,
0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42, 0x97, 0x25, 0x80, 0x99,
0x50, 0x76, 0x1d, 0x84, 0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06,
0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40, 0xa5, 0x57, 0x01, 0xc2,
0x8f, 0xf8, 0x44, 0x99, 0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3,
0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91, 0x39, 0x00, 0xd8, 0x6c,
0x88, 0x12, 0x62, 0x52, 0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02,
0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a, 0xaa, 0x9a, 0xf9, 0xbc,
0x53, 0xd3, 0x72, 0x98, 0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c,
0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39, 0x82, 0x3b, 0x04, 0x1b,
0xd0, 0xe2, 0x58, 0x48, 0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5,
0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c, 0x63, 0x2d, 0x67, 0x4e,
0xae, 0x88, 0x5a, 0x01, 0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe,
0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50, 0xc8, 0x6b, 0x21, 0xc3,
0xc0, 0x90, 0x94, 0x1f, 0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e,
0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72, 0xb9, 0x8c, 0xa0, 0xa1,
0x58, 0x91, 0x9a, 0xdb, 0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e,
0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81, 0x12, 0x32, 0x60, 0x7e,
0x72, 0x17, 0xbb, 0x03, 0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59,
0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43, 0x81, 0xbf, 0xd6, 0x27,
0xa1, 0x05, 0x17, 0xf5, 0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71,
0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56, 0x14, 0x02, 0x91, 0x97,
0xe6, 0x58, 0x6f, 0xa8, 0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b,
0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32, 0xca, 0xc8, 0x9b, 0x76,
0xc4, 0x2a, 0x5e, 0xde, 0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5,
0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22, 0x6e, 0xfa, 0xd1, 0x5f,
0x2a, 0xc7, 0x37, 0x51, 0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22,
0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab, 0x17, 0x7e, 0x90, 0x3e,
0xad, 0x6b, 0x4a, 0xc4, 0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf,
0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7, 0x2c, 0x7d, 0x0b, 0x88,
0xae, 0xb0, 0xb0, 0x6f, 0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57,
0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4, 0x3d, 0xff, 0x94, 0x26,
0x05, 0xaa, 0x56, 0x04, 0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49,
0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32, 0x7f, 0xee, 0x71, 0x3d,
0x86, 0xf2, 0x9b, 0x3a, 0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6,
0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0, 0x68, 0x62, 0x33, 0xc0,
0xf3, 0xb1, 0xc3, 0x14, 0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99,
0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec, 0x2c, 0xb6, 0x4a, 0x73,
0x85, 0xa7, 0x61, 0xd6, 0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43,
0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05, 0x45, 0x8e, 0x16, 0x20,
0xf0, 0x29, 0x28, 0x97, 0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2,
0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c, 0xbc, 0xaf, 0x04, 0x80,
0x24, 0x16, 0xb3, 0x3c, 0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35,
0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5, 0xc5, 0x03, 0x1a, 0xc3,
0x66, 0x71, 0xa0, 0xd0, 0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40,
0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b, 0x97, 0x1e, 0x30, 0x3f,
0xa1, 0x37, 0xbe, 0x23, 0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57,
0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96, 0xc1, 0xc3, 0x65, 0x30,
0x3a, 0xd2, 0x5d, 0x49, 0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c,
0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97, 0x91, 0x0f, 0x97, 0x35,
0xd4, 0xea, 0x4e, 0x44, 0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad,
0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a, 0x05, 0xd1, 0xb6, 0x16,
0x7a, 0x26, 0x3e, 0x12, 0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30,
0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5, 0xa4, 0x51, 0xbc, 0xaf,
0xc7, 0x47, 0x88, 0xbe, 0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e,
0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4, 0x9d, 0x13, 0x05, 0x3f,
0x26, 0x26, 0xa6, 0x27, 0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb,
0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91, 0x47, 0x2b, 0xa0, 0x05,
0x1e, 0xf7, 0x41, 0x6e, 0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1,
0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5, 0xa2, 0xb4, 0xe4, 0xa1,
0x08, 0xa5, 0x10, 0x93, 0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71,
0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6, 0x55, 0x7a, 0x40, 0x48,
0xa5, 0x8a, 0x2c, 0xd7, 0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75,
0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34, 0x82, 0xdc, 0x13, 0x64,
0x14, 0x04, 0x8c, 0x11, 0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1,
0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3, 0x38, 0xdc, 0x21, 0x53,
0x8a, 0xf3, 0x61, 0x49, 0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5,
0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b, 0x7f, 0xe3, 0xa1, 0x40,
0x8a, 0x25, 0x47, 0xe2, 0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2,
0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3, 0x3e, 0xbd, 0xcb, 0x26,
0x24, 0xb7, 0x9d, 0x87, 0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f,
0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c, 0x60, 0x45, 0xca, 0x32,
0x9f, 0xea, 0x4a, 0x50, 0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6,
0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb, 0x0d, 0x02, 0x57, 0x65,
0x08, 0x19, 0x01, 0x8d, 0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40,
0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1, 0xb6, 0xa4, 0xd3, 0x2f,
0x76, 0xe5, 0xcc, 0x4d, 0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67,
0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99, 0x81, 0x58, 0x9a, 0x34,
0x18, 0x97, 0x68, 0x7b, 0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68,
0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12, 0x41, 0x33, 0x15, 0xcc,
0xf4, 0x9b, 0x99, 0x98, 0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6,
0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3, 0xa7, 0x57, 0x34, 0x69,
0x90, 0xcc, 0x32, 0xb0, 0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39,
0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, 0xa8, 0x7f, 0x41, 0x58,
0x9c, 0xb2, 0x22, 0xd0, 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, 0x64, 0x60, 0xc3, 0x18,
0x3d, 0x2b, 0xcd, 0x6d, 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, 0x3a, 0x3e, 0x8c, 0x33,
0x0d, 0x74, 0x21, 0x59, 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, 0x34, 0x99, 0xc0, 0x45,
0x2e, 0x45, 0x38, 0x15, 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, 0xb3, 0x8c, 0x67, 0x45,
0xf2, 0x94, 0x40, 0x16, 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, 0x0f, 0xfa, 0x8a, 0x06,
0xfa, 0x15, 0x4a, 0x49, 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, 0xc4, 0xb6, 0x20, 0x1d,
0xda, 0x80, 0xc9, 0xab, 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, 0x69, 0x3f, 0x31, 0x97,
0x39, 0xf4, 0x0c, 0x4f, 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, 0x6a, 0xc7, 0x46, 0x80,
0x1a, 0xcc, 0xcc, 0x84, 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, 0x50, 0x48, 0x2c, 0x8d,
0x9d, 0x95, 0x87, 0xbc, 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, 0x3a, 0x48, 0xd4, 0xb7,
0x44, 0x25, 0xc2, 0x6e, 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, 0x17, 0xd8, 0x68, 0xc7,
0xf5, 0x00, 0x2a, 0xbe, 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, 0x0e, 0x08, 0xec, 0xcc,
0xed, 0x3c, 0x1f, 0x7d, 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, 0x70, 0x58, 0x5c, 0x39,
0xd5, 0x58, 0x9a, 0x50, 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, 0x1b, 0x63, 0x37, 0xb5,
0x7d, 0xa3, 0xc3, 0x76, 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, 0x89, 0x6f, 0xf5, 0x89,
0xd4, 0xb8, 0x93, 0xe7, 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, 0x74, 0x69, 0x80, 0xc1,
0x2a, 0xa6, 0xb9, 0x5e, 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, 0x31, 0x23, 0x82, 0xca,
0x36, 0x5c, 0x5f, 0x35, 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, 0x1e, 0x8a, 0x17, 0x6b,
0x79, 0x49, 0x95, 0x8f, 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, 0xc8, 0x26, 0xcb, 0x50,
0x82, 0x08, 0x60, 0x77, 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, 0x9b, 0x14, 0xb0, 0x86,
0xd6, 0xe9, 0x23, 0xc5, 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, 0x2c, 0x9f, 0xda, 0x1c,
0xb3, 0xfb, 0x9b, 0xa0, 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, 0x47, 0x8a, 0xc0, 0x44,
0xef, 0x34, 0x56, 0x37, 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, 0x05, 0xd2, 0xd3, 0x2f,
0xfc, 0x62, 0xbf, 0x0c, 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, 0x62, 0x58, 0x38, 0x65,
0x38, 0x1c, 0x74, 0xdd, 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, 0x52, 0xa8, 0xf4, 0xb7,
0x88, 0xb4, 0xaf, 0xd1, 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, 0x9a, 0x75, 0x58, 0x0d,
0x04, 0x96, 0x39, 0x85, 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, 0xa5, 0xd6, 0x7c, 0x7e,
0xb5, 0x24, 0x10, 0xeb, 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, 0x93, 0x8d, 0x34, 0x94,
0x3c, 0x38, 0x08, 0xc7, 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, 0x34, 0x0b, 0xaa, 0x8d,
0x2e, 0x65, 0x34, 0x4f, 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, 0x27, 0xf9, 0x18, 0x9f,
0x7e, 0x10, 0x85, 0x6b, 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, 0x18, 0x50, 0xb2, 0x2e,
0x04, 0x59, 0x28, 0x27, 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, 0x2d, 0xc5, 0xf2, 0x0b,
0xd5, 0xd2, 0xab, 0x5b, 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, 0x0d, 0x80, 0x23, 0xbe,
0xd1, 0xf5, 0xca, 0xe8, 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, 0x6a, 0xa0, 0x48, 0x98,
0x92, 0x33, 0x07, 0x9a, 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, 0x75, 0x36, 0xe4, 0x6f,
0x3a, 0x6a, 0x97, 0xe7, 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, 0x1f, 0x5e, 0xf9, 0xb4,
0x35, 0x50, 0x73, 0xb5, 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, 0xb3, 0x55, 0x07, 0xb0,
0xdf, 0x57, 0x8c, 0xe2, 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, 0xaf, 0x92, 0xf6, 0x9a,
0x75, 0x16, 0x14, 0x06, 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, 0x9a, 0x81, 0x66, 0x1a,
0xa6, 0x5a, 0xc0, 0x9b, 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, 0xbf, 0x0f, 0x84, 0x24,
0xa1, 0x9b, 0x74, 0x08, 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, 0x98, 0x61, 0x1a, 0x7f,
0x5f, 0x60, 0x92, 0x2b, 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, 0x8b, 0x50, 0x77, 0x33,
0x45, 0xc9, 0x97, 0x46, 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, 0x09, 0x8b, 0xd4, 0x89,
0xd6, 0x96, 0xa0, 0xf7, 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, 0x72, 0x05, 0x63, 0x32,
0x12, 0x31, 0x0e, 0xe9, 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, 0x2e, 0xab, 0xe2, 0x37,
0x31, 0xe3, 0x4a, 0xf7, 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, 0xc8, 0x37, 0x57, 0x84,
0x47, 0xaa, 0xcf, 0xae, 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, 0x99, 0x77, 0x98, 0x50,
0x29, 0x5c, 0xa7, 0x2d, 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, 0x08, 0x17, 0xba, 0x25,
0x5c, 0x74, 0x74, 0xc9, 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, 0x5c, 0x04, 0x83, 0xa6,
0x5c, 0xa4, 0x51, 0x4e, 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, 0xb2, 0x10, 0x35, 0x3e,
0xfa, 0x1a, 0xa8, 0x66, 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, 0x5f, 0xf6, 0x0b, 0x3b,
0x80, 0x19, 0x84, 0xa9, 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, 0x82, 0x58, 0xb4, 0xaf,
0x71, 0x22, 0x1c, 0xd1, 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, 0xca, 0x70, 0x29, 0xa2,
0x30, 0xd6, 0x39, 0xdc, 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, 0xbb, 0x10, 0xe3, 0x03,
0x01, 0xa6, 0x5c, 0xae, 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, 0xa0, 0x6c, 0x81, 0x66,
0xd0, 0xb0, 0xb8, 0x12, 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, 0x68, 0x53, 0x68, 0x55,
0x23, 0x43, 0xbb, 0x60, 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, 0xba, 0x0a, 0x55, 0x1e,
0x18, 0x46, 0x20, 0xfe, 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, 0x71, 0xa1, 0x53, 0x76,
0xe5, 0xa6, 0x74, 0x7a, 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, 0x78, 0x70, 0xa6, 0x0a,
0x7a, 0x18, 0x96, 0x83, 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, 0xc4, 0x2d, 0xd2, 0x86,
0x33, 0x56, 0x94, 0x72, 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, 0x6f, 0xa7, 0x22, 0x44,
0x61, 0xa5, 0xcc, 0x27, 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, 0xce, 0x91, 0xc1, 0x34,
0xa6, 0x38, 0x6f, 0x86, 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, 0x53, 0xd2, 0x29, 0x3d,
0xf3, 0xe9, 0xa8, 0x22, 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, 0x41, 0x86, 0x9a, 0xbf,
0xba, 0xd1, 0x07, 0x38, 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb, 0xeb, 0xbe, 0x41, 0xcd,
0x4d, 0xea, 0x48, 0x9d, 0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54,
0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64, 0xd5, 0x89, 0x2a, 0xd0,
0x2b, 0x13, 0xf2, 0xe5, 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, 0x0e, 0x55, 0x60, 0x67,
0x40, 0x7d, 0x13, 0xdc, 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
#endif
static struct keys_st {
@ -3544,14 +2946,14 @@ static struct keys_st {
#endif
#ifndef OPENSSL_NO_ML_KEM
{
NID_undef, ml_kem_512_prvkey, ml_kem_512_pubkey,
"ML-KEM-512", sizeof(ml_kem_512_prvkey), sizeof(ml_kem_512_pubkey)
NID_undef, ml_kem_prvkey, ml_kem_512_pubkey,
"ML-KEM-512", ML_KEM_SEED_BYTES, sizeof(ml_kem_512_pubkey)
}, {
NID_undef, ml_kem_768_prvkey, ml_kem_768_pubkey,
"ML-KEM-768", sizeof(ml_kem_768_prvkey), sizeof(ml_kem_768_pubkey)
NID_undef, ml_kem_prvkey, ml_kem_768_pubkey,
"ML-KEM-768", ML_KEM_SEED_BYTES, sizeof(ml_kem_768_pubkey)
}, {
NID_undef, ml_kem_1024_prvkey, ml_kem_1024_pubkey,
"ML-KEM-1024", sizeof(ml_kem_1024_prvkey), sizeof(ml_kem_1024_pubkey)
NID_undef, ml_kem_prvkey, ml_kem_1024_pubkey,
"ML-KEM-1024", ML_KEM_SEED_BYTES, sizeof(ml_kem_1024_pubkey)
},
#endif
};

13
test/evp_test.c
View File

@ -4379,17 +4379,14 @@ static int keygen_test_run(EVP_TEST *t)
private_keys = key;
rv = 1;
} else if (keygen->seed != NULL) {
const char *prvparam = OSSL_PKEY_PARAM_ENCODED_PRIVATE_KEY;
rv = 0;
if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey,
OSSL_PKEY_PARAM_PRIV_KEY,
NULL, 0, &priv_len), 1)
if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, prvparam, NULL,
0, &priv_len), 1)
|| !TEST_ptr(enc_priv_key = OPENSSL_zalloc(priv_len))
|| !TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey,
OSSL_PKEY_PARAM_PRIV_KEY,
|| !TEST_int_eq(EVP_PKEY_get_octet_string_param(pkey, prvparam,
enc_priv_key,
priv_len,
NULL),
1))
priv_len, NULL), 1))
goto err;
if (!TEST_size_t_gt((pub_len = EVP_PKEY_get1_encoded_public_key(pkey,

12
test/ml_kem_evp_extra_test.c
View File

@ -217,7 +217,7 @@ static int test_ml_kem(void)
static int test_non_derandomised_ml_kem(void)
{
static const char *alg[3] = { "ML-KEM-512", "ML-KEM-768", "ML-KEM-1024" };
static const int alg[3] = { NID_ML_KEM_512, NID_ML_KEM_768, NID_ML_KEM_1024 };
EVP_RAND_CTX *privctx;
EVP_RAND_CTX *pubctx;
EVP_MD *sha256;
@ -230,7 +230,7 @@ static int test_non_derandomised_ml_kem(void)
if (!TEST_ptr(sha256 = EVP_MD_fetch(NULL, "sha256", NULL)))
return 0;
for (i = ML_KEM_512_VARIANT; i < ML_KEM_1024_VARIANT; ++i) {
for (i = 0; i < (int) OSSL_NELEM(alg); ++i) {
const ML_KEM_VINFO *v;
OSSL_PARAM params[3], *p;
uint8_t hash[32];
@ -244,6 +244,9 @@ static int test_non_derandomised_ml_kem(void)
unsigned char c;
int res = -1;
if ((v = ossl_ml_kem_get_vinfo(alg[i])) == NULL)
goto done;
/* Configure the private RNG to output just the keygen seed */
p = params;
*p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
@ -255,13 +258,10 @@ static int test_non_derandomised_ml_kem(void)
res = -2;
/* Generate Alice's key */
akey = EVP_PKEY_Q_keygen(testctx, NULL, alg[i]);
akey = EVP_PKEY_Q_keygen(testctx, NULL, v->algorithm_name);
if (!TEST_ptr(akey))
goto done;
if ((v = ossl_ml_kem_get_vinfo(i)) == NULL)
goto done;
/* Check that no more entropy is available! */
if (!TEST_int_le(RAND_priv_bytes(&c, 1), 0))
goto done;

7
test/ml_kem_internal_test.c
View File

@ -92,6 +92,7 @@ static uint8_t ml_kem_expected_shared_secret[3][32] = {
static int sanity_test(void)
{
static const int alg[3] = { NID_ML_KEM_512, NID_ML_KEM_768, NID_ML_KEM_1024 };
EVP_RAND_CTX *privctx;
EVP_RAND_CTX *pubctx;
EVP_MD *sha256 = EVP_MD_fetch(NULL, "sha256", NULL);
@ -107,7 +108,7 @@ static int sanity_test(void)
decap_entropy = ml_kem_public_entropy + ML_KEM_RANDOM_BYTES;
for (i = ML_KEM_512_VARIANT; i < ML_KEM_1024_VARIANT; ++i) {
for (i = 0; i < (int) OSSL_NELEM(alg); ++i) {
OSSL_PARAM params[3];
uint8_t hash[32];
uint8_t shared_secret[ML_KEM_SHARED_SECRET_BYTES];
@ -132,8 +133,8 @@ static int sanity_test(void)
if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params)))
return 0;
public_key = ossl_ml_kem_key_new(NULL, NULL, i);
private_key = ossl_ml_kem_key_new(NULL, NULL, i);
public_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]);
private_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]);
if (private_key == NULL || public_key == NULL
|| (v = ossl_ml_kem_key_vinfo(public_key)) == NULL)
goto done;

1
util/perl/OpenSSL/paramnames.pm
View File

@ -299,6 +299,7 @@ my %params = (
'PKEY_PARAM_MGF1_DIGEST' => "mgf1-digest",
'PKEY_PARAM_MGF1_PROPERTIES' => "mgf1-properties",
'PKEY_PARAM_ENCODED_PUBLIC_KEY' => "encoded-pub-key",
'PKEY_PARAM_ENCODED_PRIVATE_KEY' => "encoded-priv-key",
'PKEY_PARAM_GROUP_NAME' => "group",
'PKEY_PARAM_DIST_ID' => "distid",
'PKEY_PARAM_PUB_KEY' => "pub",