diff --git a/doc/man7/EVP_PKEY-SLH-DSA.pod b/doc/man7/EVP_PKEY-SLH-DSA.pod index 31709ec600..bf17d689b3 100644 --- a/doc/man7/EVP_PKEY-SLH-DSA.pod +++ b/doc/man7/EVP_PKEY-SLH-DSA.pod @@ -23,13 +23,38 @@ implemented in OpenSSL's default and FIPS providers. These implementations support the associated key, containing the public key I and the private key I. +SLH-DSA (Stateless Hash-based Digital Signature Standard) uses small keys, +but has relatively large signatures and is relatively slow performing all +operations compared to B. It does however have proven security proofs, +since it relies only on hash functions. + Each of the different key types has an associated security parameter B. This value is one of 16, 24 or 32 for key types B, B and B, respectively. -Both the public and private key contain 2 elements of size B. +Both the public and private key components contain 2 elements of size B. Key generation generates the private key elements and one of the public key -elements randomly, the final public key element is computed from these values. +elements randomly, and the final public key element is computed from these values. + +The public key has relatively small sizes of 32, 48 or 64 bytes, +corresponding to the algorithm names of 128, 192 and 256 respectively. + +The algorithms ending with B produce smaller signatures, but are much slower +than the faster B variants. + +The signature sizes for the B algorithm variants are 7856, 16224 and 29792 +which correspond to the algorithm names of 128s, 192s and 256s respectively. +The signature sizes for the B algorithm variants are 17088, 35664 and 49856 +which correspond to the algorithm names containing 128f, 192f and 256f respectively. + +Internally there are 7 hash related functions that are used for each algorithm. +For algorithms containing B in their name B is used for all +functions. +For the algorithms the functions use , +and . +The remaining algorithms use , , and +. +See FIPS 205 Section 11.1 and 11.2 for more information. =head2 Keygen Parameters @@ -63,11 +88,19 @@ and settable when using EVP_PKEY_fromdata(). =item "pub" (B) -The public key value of size 2 * B +The public key has a size of 2 * B bytes. +i.e. It consists of the concatenation of PK.seed and PK.root +as defined by FIPS 205 Figure 16. =item "priv" (B) -The private key value of size 2 * B. +The private key has a size of 4 * B bytes, which includes the public key components. +i.e. It consists of the concatenation of SK.seed, SK.prf, PK.seed and PF.root +as defined by FIPS 205 Figure 15. + +=item "mandatory-digest" (B) + +The empty string, signifying that no digest may be specified. =back @@ -84,15 +117,15 @@ The private key value of size 2 * B. An B context can be obtained by calling: EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_name(NULL, "SLH-DSA-SHA2-128s", NULL); + EVP_PKEY_CTX_new_from_name(NULL, "SLH-DSA-SHA2-128f", NULL); An B key can be generated like this: - pkey = EVP_PKEY_Q_keygen(NULL, NULL, "SLH-DSA-SHA2-128s"); + pkey = EVP_PKEY_Q_keygen(NULL, NULL, "SLH-DSA-SHA2-128f"); The key pair components can be extracted from a key by calling: - uint8_t priv[64], pub[64]; + uint8_t priv[64], pub[32]; size_t priv_len, pub_len; EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/providers/implementations/keymgmt/slh_dsa_kmgmt.c index f4df2e8813..04fe5d9485 100644 --- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c +++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -185,13 +185,10 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[]) priv = ossl_slh_dsa_key_get_priv(key); if (priv != NULL) { p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); - /* - * ossl_slh_dsa_key_get_priv_len() includes the public key also - * so dividing by 2 returns only the private component. - */ + /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */ if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv, - ossl_slh_dsa_key_get_priv_len(key) / 2)) + ossl_slh_dsa_key_get_priv_len(key))) return 0; } pub = ossl_slh_dsa_key_get_pub(key);