From ae9922a8193294e757a4f4a0b0469829a13224cf Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Wed, 22 Mar 2023 07:14:29 +0100 Subject: [PATCH] Adds encoding options for subjectPublicKey and privateKey (#123) * Add encoding library - Encodings settable via env variables - Add key encoding options to README.md - Add qsc_encoder version strings Signed-off-by: Felipe Ventura --- .circleci/config.yml | 16 ++ ALGORITHMS.md | 60 ++++++ CMakeLists.txt | 7 + README.md | 6 + RELEASE.md | 1 + oqs-template/ALGORITHMS.md/encodings.fragment | 13 ++ oqs-template/generate.yml | 44 +++++ .../oqs_kmgmt.c/keymgmt_constructors.fragment | 11 +- .../oqsprov.c/assign_sig_oids.fragment | 2 +- .../oqsprov.c/encoding_patching.fragment | 12 ++ oqsprov/CMakeLists.txt | 21 +++ oqsprov/oqs_encode_key2any.c | 76 ++++++-- oqsprov/oqs_kmgmt.c | 154 ++++++++-------- oqsprov/oqs_prov.h | 25 ++- oqsprov/oqsprov.c | 62 ++++++- oqsprov/oqsprov_keys.c | 171 +++++++++++++----- scripts/runtests_encodings.sh | 16 ++ 17 files changed, 540 insertions(+), 157 deletions(-) create mode 100644 oqs-template/ALGORITHMS.md/encodings.fragment create mode 100644 oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment create mode 100755 scripts/runtests_encodings.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 0611003e..0a8757c1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,6 +37,22 @@ jobs: name: Run tests command: | ./scripts/runtests.sh -V + - run: + name: Run tests (with encodings) + command: | + ./scripts/runtests_encodings.sh -V + - run: + name: Build OQS-OpenSSL provider (only STD algs) with NOPUBKEY_IN_PRIVKEY + command: | + rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DNOPUBKEY_IN_PRIVKEY=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja + - run: + name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON) + command: | + ./scripts/runtests.sh -V + - run: + name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON, with encodings) + command: | + ./scripts/runtests_encodings.sh -V workflows: version: 2.1 build: diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 6c901652..679b24bb 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -294,3 +294,63 @@ adapting the OIDs of all supported signature algorithms as per the table below. | p521_sphincsshake256256ssimple | 1.3.9999.6.9.8 |No| OQS_OID_P521_SPHINCSSHAKE256256SSIMPLE +# Key Encodings + +By setting environment variables, oqs-provider can be configured to encode keys (subjectPublicKey and and privateKey ASN.1 structures) according to the following IETF drafts: + +- https://datatracker.ietf.org/doc/draft-uni-qsckeys-dilithium/00/ +- https://datatracker.ietf.org/doc/draft-uni-qsckeys-falcon/00/ +- https://datatracker.ietf.org/doc/draft-uni-qsckeys-sphincsplus/00/ + + +|Environment Variable | Permissible Values | +| --- | --- | +|`OQS_ENCODING_DILITHIUM2`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_DILITHIUM3`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_DILITHIUM5`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_DILITHIUM2_AES`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_DILITHIUM3_AES`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_DILITHIUM5_AES`|`draft-uni-qsckeys-dilithium-00/sk-pk`| +|`OQS_ENCODING_FALCON512`|`draft-uni-qsckeys-falcon-00/sk-pk`| +|`OQS_ENCODING_FALCON1024`|`draft-uni-qsckeys-falcon-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA128FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA128SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA192FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA192SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA256FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA256SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSHARAKA256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256128FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256128SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256192FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256192SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256256FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256256SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHA256256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256128FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256128SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256192FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256192SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256256FROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256256SROBUST`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| +|`OQS_ENCODING_SPHINCSSHAKE256256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| + + +If no environment variable is set, or if an unknown value is set, the default is 'no' encoding, meaning that key serialization uses the 'raw' keys of the crypto implementations. + +The test script `scripts/runtests_encodings.sh` (instead of `scripts/runtests.sh`) can be used for a test run with all supported encodings activated. \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt index 6e34a35d..d8a648d8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -17,6 +17,13 @@ if(${NOPUBKEY_IN_PRIVKEY}) else() message(STATUS "Build will store public keys in PKCS#8 structures") endif() +option(USE_ENCODING_LIB "Build with external encoding library for SPKI/PKCS#8 " ON) +if(${USE_ENCODING_LIB}) + message(STATUS "Build will include external encoding library for SPKI/PKCS#8") + add_compile_definitions( USE_ENCODING_LIB ) +else() + message(STATUS "Build will not include external encoding library for SPKI/PKCS#8") +endif() include(CheckLibraryExists) include(CheckFunctionExists) diff --git a/README.md b/README.md index e1813f5a..fef6d5ad 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,12 @@ excludes all algorithms of the "Sphincs" family. *Note*: By default, interoperability testing with oqs-openssl111 is no longer performed by default but can be manually enabled in the script `scripts/runtests.sh`. +### Key Encoding + +By setting `-DUSE_ENCODING_LIB=` at compile-time, oqs-provider can be compiled with with an an external encoding library `qsc-key-encoder`. Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md). + +By setting `-DNOPUBKEY_IN_PRIVKEY=` at compile-time, it can be further specified to omit explicitly serializing the public key in a `privateKey` structure. The default value is `OFF`. + Building on Windows -------------------- The following steps have been tested on Windows 10 and 11 using MSYS2 MINGW64 and were successful. However, building with Visual Studio 2019 was unsuccessful (see [#47](https://github.com/open-quantum-safe/oqs-provider/issues/47)). Note that the process of building on Windows is considered experimental and may need further adjustments. Please report further issues to [#47](https://github.com/open-quantum-safe/oqs-provider/issues/47). Despite skipping the testing process, setting up a test server and client with post-quantum cryptography algorithms can still be accomplished. diff --git a/RELEASE.md b/RELEASE.md index 836c3bd5..a897859e 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -42,6 +42,7 @@ None. ### Misc updates - Dynamic code point and OID changes via environment variables. See [ALGORITHMS.md](ALGORITHMS.md). +- Dynamic key encoding changes via environment variable using external qsc_key_encoder library. See [ALGORITHMS.md](ALGORITHMS.md). --- diff --git a/oqs-template/ALGORITHMS.md/encodings.fragment b/oqs-template/ALGORITHMS.md/encodings.fragment new file mode 100644 index 00000000..7a07ae41 --- /dev/null +++ b/oqs-template/ALGORITHMS.md/encodings.fragment @@ -0,0 +1,13 @@ + +|Environment Variable | Permissible Values | +| --- | --- | +{% for sig in config['sigs'] -%} + {%- for variant in sig['variants'] -%} + {%- if 'supported_encodings' in variant -%} +|`OQS_ENCODING_{{variant['name']|upper}}`| +{%- for item in variant['supported_encodings'] -%} +`{{item}}`{% if not loop.last %}, {%- endif -%} +{% endfor %}| +{% endif %} +{%- endfor %} +{%- endfor %} diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index a7bacb2f..16a54ac9 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -347,6 +347,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_2' oid: '1.3.6.1.4.1.2.267.7.4.4' code_point: '0xfea0' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -362,6 +363,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_3' oid: '1.3.6.1.4.1.2.267.7.6.5' code_point: '0xfea3' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -373,6 +375,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_5' oid: '1.3.6.1.4.1.2.267.7.8.7' code_point: '0xfea5' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -384,6 +387,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_2_aes' oid: '1.3.6.1.4.1.2.267.11.4.4' code_point: '0xfea7' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -399,6 +403,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_3_aes' oid: '1.3.6.1.4.1.2.267.11.6.5' code_point: '0xfeaa' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -410,6 +415,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_dilithium_5_aes' oid: '1.3.6.1.4.1.2.267.11.8.7' code_point: '0xfeac' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] enable: true mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -428,6 +434,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_falcon_512' oid: '1.3.9999.3.1' code_point: '0xfe0b' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -443,6 +450,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_falcon_1024' oid: '1.3.9999.3.4' code_point: '0xfe0e' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] enable: true mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -457,6 +465,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_robust' oid: '1.3.9999.6.1.1' code_point: '0xfe42' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -472,6 +481,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_simple' oid: '1.3.9999.6.1.4' code_point: '0xfe45' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -487,6 +497,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_robust' oid: '1.3.9999.6.1.7' code_point: '0xfe48' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -502,6 +513,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_simple' oid: '1.3.9999.6.1.10' code_point: '0xfe4b' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -517,6 +529,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_robust' oid: '1.3.9999.6.2.1' code_point: '0xfe4e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -528,6 +541,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_simple' oid: '1.3.9999.6.2.3' code_point: '0xfe50' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -539,6 +553,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_robust' oid: '1.3.9999.6.2.5' code_point: '0xfe52' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -550,6 +565,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_simple' oid: '1.3.9999.6.2.7' code_point: '0xfe54' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -561,6 +577,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_robust' oid: '1.3.9999.6.3.1' code_point: '0xfe56' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -572,6 +589,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_simple' oid: '1.3.9999.6.3.3' code_point: '0xfe58' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -583,6 +601,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_robust' oid: '1.3.9999.6.3.5' code_point: '0xfe5a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -594,6 +613,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_simple' oid: '1.3.9999.6.3.7' code_point: '0xfe5c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -608,6 +628,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_robust' oid: '1.3.9999.6.4.1' code_point: '0xfe5e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -623,6 +644,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_simple' oid: '1.3.9999.6.4.4' code_point: '0xfe61' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -638,6 +660,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_robust' oid: '1.3.9999.6.4.7' code_point: '0xfe64' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -653,6 +676,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_simple' oid: '1.3.9999.6.4.10' code_point: '0xfe67' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -668,6 +692,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_robust' oid: '1.3.9999.6.5.1' code_point: '0xfe6a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -679,6 +704,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_simple' oid: '1.3.9999.6.5.3' code_point: '0xfe6c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -690,6 +716,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_robust' oid: '1.3.9999.6.5.5' code_point: '0xfe6e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -701,6 +728,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_simple' oid: '1.3.9999.6.5.7' code_point: '0xfe70' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -712,6 +740,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_robust' oid: '1.3.9999.6.6.1' code_point: '0xfe72' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -723,6 +752,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_simple' oid: '1.3.9999.6.6.3' code_point: '0xfe74' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -734,6 +764,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_robust' oid: '1.3.9999.6.6.5' code_point: '0xfe76' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -745,6 +776,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_simple' oid: '1.3.9999.6.6.7' code_point: '0xfe78' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -759,6 +791,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_robust' oid: '1.3.9999.6.7.1' code_point: '0xfe7a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -774,6 +807,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_simple' oid: '1.3.9999.6.7.4' code_point: '0xfe7d' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -789,6 +823,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_robust' oid: '1.3.9999.6.7.7' code_point: '0xfe80' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -804,6 +839,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_simple' oid: '1.3.9999.6.7.10' code_point: '0xfe83' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', @@ -819,6 +855,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_robust' oid: '1.3.9999.6.8.1' code_point: '0xfe86' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -830,6 +867,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_simple' oid: '1.3.9999.6.8.3' code_point: '0xfe88' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -841,6 +879,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_robust' oid: '1.3.9999.6.8.5' code_point: '0xfe8a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -852,6 +891,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_simple' oid: '1.3.9999.6.8.7' code_point: '0xfe8c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p384', 'pretty_name': 'ECDSA p384', @@ -863,6 +903,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_robust' oid: '1.3.9999.6.9.1' code_point: '0xfe8e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -874,6 +915,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_simple' oid: '1.3.9999.6.9.3' code_point: '0xfe90' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -885,6 +927,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_robust' oid: '1.3.9999.6.9.5' code_point: '0xfe92' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', @@ -896,6 +939,7 @@ sigs: oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_simple' oid: '1.3.9999.6.9.7' code_point: '0xfe94' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] enable: false mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', diff --git a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment index 21933d52..df892142 100644 --- a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment +++ b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment @@ -1,24 +1,27 @@ +{% set count = namespace(val=-1) -%} {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} + {%- set count.val = count.val + 1 %} static void *{{variant['name']}}_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), {{variant['oqs_meth']}}, "{{variant['name']}}", KEY_TYPE_SIG, NULL, {{variant['security']}}); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), {{variant['oqs_meth']}}, "{{variant['name']}}", KEY_TYPE_SIG, NULL, {{variant['security']}}, {{ count.val }}); } static void *{{variant['name']}}_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{variant['name']}}", 0, {{variant['security']}}); + return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{variant['name']}}", 0, {{variant['security']}}, {{ count.val }}); } {%- for classical_alg in variant['mix_with'] %} + {%- set count.val = count.val + 1 %} static void *{{ classical_alg['name'] }}_{{variant['name']}}_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), {{variant['oqs_meth']}}, "{{ classical_alg['name'] }}_{{variant['name']}}", KEY_TYPE_HYB_SIG, NULL, {{variant['security']}}); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), {{variant['oqs_meth']}}, "{{ classical_alg['name'] }}_{{variant['name']}}", KEY_TYPE_HYB_SIG, NULL, {{variant['security']}}, {{ count.val }}); } static void *{{ classical_alg['name'] }}_{{variant['name']}}_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{ classical_alg['name'] }}_{{variant['name']}}", KEY_TYPE_HYB_SIG, {{variant['security']}}); + return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{ classical_alg['name'] }}_{{variant['name']}}", KEY_TYPE_HYB_SIG, {{variant['security']}}, {{ count.val }}); } {%- endfor -%} diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment index 6d1ad264..f518a130 100644 --- a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment +++ b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment @@ -8,7 +8,7 @@ {%- endfor %} {%- endfor %} #define OQS_OID_CNT {{ count.val*2 }} -static const char* oqs_oid_alg_list[OQS_OID_CNT] = +const char* oqs_oid_alg_list[OQS_OID_CNT] = { {%- for sig in config['sigs'] %} diff --git a/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment b/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment new file mode 100644 index 00000000..b1f72902 --- /dev/null +++ b/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment @@ -0,0 +1,12 @@ +{% set cnt = namespace(val=-1) %} +{%- for sig in config['sigs'] %} + {%- for variant in sig['variants'] %} + {%- set cnt.val = cnt.val + 1 %} + if (getenv("OQS_ENCODING_{{variant['name']|upper}}")) oqs_alg_encoding_list[{{ cnt.val }}] = getenv("OQS_ENCODING_{{variant['name']|upper}}"); + {%- for classical_alg in variant['mix_with'] %} + {%- set cnt.val = cnt.val + 1 %} + if (getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}")) oqs_alg_encoding_list[{{ cnt.val }}] = getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}"); + {%- endfor %} + {%- endfor %} +{%- endfor %} + diff --git a/oqsprov/CMakeLists.txt b/oqsprov/CMakeLists.txt index 18e0ff03..021c52c5 100644 --- a/oqsprov/CMakeLists.txt +++ b/oqsprov/CMakeLists.txt @@ -5,6 +5,20 @@ execute_process( OUTPUT_VARIABLE GIT_COMMIT_HASH OUTPUT_STRIP_TRAILING_WHITESPACE ) +if (USE_ENCODING_LIB) + include(ExternalProject) + set(encoder_LIBRARY ${CMAKE_BINARY_DIR}/install/lib/${CMAKE_STATIC_LIBRARY_PREFIX}qsc_key_encoder${CMAKE_STATIC_LIBRARY_SUFFIX}) + set(encoder_LIBRARY_INCLUDE ${CMAKE_BINARY_DIR}/install/include) + ExternalProject_Add(encoder + GIT_REPOSITORY https://github.com/Quantum-Safe-Collaboration/qsc-key-rfc.git + GIT_TAG main + SOURCE_SUBDIR qsc-key-encoder + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/install -DCMAKE_BUILD_TYPE=Release + BUILD_BYPRODUCTS ${encoder_LIBRARY} + ) + add_library(qsc_key_encoder STATIC IMPORTED) + set_target_properties(qsc_key_encoder PROPERTIES IMPORTED_LOCATION ${encoder_LIBRARY}) +endif() add_definitions(-DOQSPROVIDER_VERSION_TEXT="${OQSPROVIDER_VERSION_TEXT}") message(STATUS "Building commit ${GIT_COMMIT_HASH} in ${CMAKE_SOURCE_DIR}") add_definitions(-DOQS_PROVIDER_COMMIT=" \(${GIT_COMMIT_HASH}\)") @@ -19,6 +33,9 @@ set(PROVIDER_HEADER_FILES oqs_prov.h oqs_endecoder_local.h ) add_library(oqsprovider SHARED ${PROVIDER_SOURCE_FILES}) +if (USE_ENCODING_LIB) + add_dependencies(oqsprovider encoder) +endif() set_target_properties(oqsprovider PROPERTIES PREFIX "" @@ -30,6 +47,10 @@ set_target_properties(oqsprovider # For Windows DLLs RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin") target_link_libraries(oqsprovider OQS::oqs ${OPENSSL_CRYPTO_LIBRARY}) +if (USE_ENCODING_LIB) + target_link_libraries(oqsprovider qsc_key_encoder) + target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE}) +endif() install(TARGETS oqsprovider LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" RUNTIME DESTINATION "${CMAKE_INSTALL_LIBDIR}") diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 27e083dd..4dfb2a24 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -504,22 +504,40 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) { const OQSX_KEY *oqsxkey = vxkey; unsigned char *keyblob; + int ret = 0; OQS_ENC_PRINTF("OQS ENC provider: oqsx_spki_pub_to_der called\n"); - if (oqsxkey == NULL) { + if (oqsxkey == NULL || oqsxkey->pubkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); return 0; } - - keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); - if (keyblob == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return 0; +#ifdef USE_ENCODING_LIB + if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { + unsigned char *buf; + int buflen; + int ret = 0; + const OQSX_ENCODING_CTX* encoding_ctx = &oqsxkey->oqsx_encoding_ctx; + buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; + + buf = OPENSSL_secure_zalloc(buflen); + ret = qsc_encode(encoding_ctx->encoding_ctx, encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, 0, 1); + if (ret != QSC_ENC_OK) return -1; + + *pder = buf; + return buflen; + } else { +#endif + keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); + if (keyblob == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return 0; + } + *pder = keyblob; + return oqsxkey->pubkeylen; +#ifdef USE_ENCODING_LIB } - - *pder = keyblob; - return oqsxkey->pubkeylen; +#endif } static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) @@ -557,17 +575,39 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } privkeylen -= (oqsxkey->evp_info->length_private_key - actualprivkeylen); } +#ifdef USE_ENCODING_LIB + if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { + const OQSX_ENCODING_CTX* encoding_ctx = &oqsxkey->oqsx_encoding_ctx; + int ret = 0; +#ifdef NOPUBKEY_IN_PRIVKEY + int withoptional = (encoding_ctx->encoding_ctx->raw_private_key_encodes_public_key ? 1 : 0); +#else + int withoptional = 1; +#endif + buflen = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes : + encoding_ctx->encoding_impl->crypto_secretkeybytes_nooptional); + buf = OPENSSL_secure_zalloc(buflen); + + ret = qsc_encode(encoding_ctx->encoding_ctx, encoding_ctx->encoding_impl, + oqsxkey->comp_pubkey[oqsxkey->numkeys-1], 0, + oqsxkey->privkey, &buf, withoptional); + if (ret != QSC_ENC_OK) return -1; + } else { +#endif #ifdef NOPUBKEY_IN_PRIVKEY - buflen = privkeylen; - buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); + buflen = privkeylen; + buf = OPENSSL_secure_malloc(buflen); + OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); #else - buflen = privkeylen+oqsx_key_get_oqs_public_key_len(oqsxkey); - buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); - memcpy(buf+privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys-1], oqsx_key_get_oqs_public_key_len(oqsxkey)); + buflen = privkeylen+oqsx_key_get_oqs_public_key_len(oqsxkey); + buf = OPENSSL_secure_malloc(buflen); + OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); + memcpy(buf+privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys-1], oqsx_key_get_oqs_public_key_len(oqsxkey)); +#endif +#ifdef USE_ENCODING_LIB + } #endif oct.data = buf; diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 8b0d4ef5..90fb8862 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -72,6 +72,7 @@ struct oqsx_gen_ctx { int primitive; int selection; int bit_security; + int alg_idx; }; static int oqsx_has(const void *keydata, int selection) @@ -420,7 +421,7 @@ static const OSSL_PARAM *oqsx_settable_params(void *provctx) return oqs_settable_params; } -static void *oqsx_gen_init(void *provctx, int selection, char* oqs_name, char* tls_name, int primitive, int bit_security) +static void *oqsx_gen_init(void *provctx, int selection, char* oqs_name, char* tls_name, int primitive, int bit_security, int alg_idx) { OSSL_LIB_CTX *libctx = PROV_OQS_LIBCTX_OF(provctx); struct oqsx_gen_ctx *gctx = NULL; @@ -434,6 +435,7 @@ static void *oqsx_gen_init(void *provctx, int selection, char* oqs_name, char* t gctx->primitive = primitive; gctx->selection = selection; gctx->bit_security = bit_security; + gctx->alg_idx = alg_idx; } return gctx; } @@ -445,7 +447,7 @@ static void *oqsx_genkey(struct oqsx_gen_ctx *gctx) OQS_KM_PRINTF3("OQSKEYMGMT: gen called for %s (%s)\n", gctx->oqs_name, gctx->tls_name); if (gctx == NULL) return NULL; - if ((key = oqsx_key_new(gctx->libctx, gctx->oqs_name, gctx->tls_name, gctx->primitive, gctx->propq, gctx->bit_security)) == NULL) { + if ((key = oqsx_key_new(gctx->libctx, gctx->oqs_name, gctx->tls_name, gctx->primitive, gctx->propq, gctx->bit_security, gctx->alg_idx)) == NULL) { OQS_KM_PRINTF2("OQSKM: Error generating key for %s\n", gctx->tls_name); ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return NULL; @@ -535,313 +537,313 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_START static void *dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2", KEY_TYPE_SIG, NULL, 128, 0); } static void *dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2", 0, 128, 0); } static void *p256_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 1); } static void *p256_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, 128, 1); } static void *rsa3072_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 2); } static void *rsa3072_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); } static void *dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3", KEY_TYPE_SIG, NULL, 192); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3", KEY_TYPE_SIG, NULL, 192, 3); } static void *dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3", 0, 192); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3", 0, 192, 3); } static void *p384_dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 4); } static void *p384_dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, 192); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 4); } static void *dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5", KEY_TYPE_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5", KEY_TYPE_SIG, NULL, 256, 5); } static void *dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5", 0, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5", 0, 256, 5); } static void *p521_dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 6); } static void *p521_dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 6); } static void *dilithium2_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "dilithium2_aes", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "dilithium2_aes", KEY_TYPE_SIG, NULL, 128, 7); } static void *dilithium2_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "dilithium2_aes", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "dilithium2_aes", 0, 128, 7); } static void *p256_dilithium2_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "p256_dilithium2_aes", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "p256_dilithium2_aes", KEY_TYPE_HYB_SIG, NULL, 128, 8); } static void *p256_dilithium2_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "p256_dilithium2_aes", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "p256_dilithium2_aes", KEY_TYPE_HYB_SIG, 128, 8); } static void *rsa3072_dilithium2_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "rsa3072_dilithium2_aes", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2_aes, "rsa3072_dilithium2_aes", KEY_TYPE_HYB_SIG, NULL, 128, 9); } static void *rsa3072_dilithium2_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "rsa3072_dilithium2_aes", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2_aes, "rsa3072_dilithium2_aes", KEY_TYPE_HYB_SIG, 128, 9); } static void *dilithium3_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3_aes, "dilithium3_aes", KEY_TYPE_SIG, NULL, 192); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3_aes, "dilithium3_aes", KEY_TYPE_SIG, NULL, 192, 10); } static void *dilithium3_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3_aes, "dilithium3_aes", 0, 192); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3_aes, "dilithium3_aes", 0, 192, 10); } static void *p384_dilithium3_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3_aes, "p384_dilithium3_aes", KEY_TYPE_HYB_SIG, NULL, 192); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3_aes, "p384_dilithium3_aes", KEY_TYPE_HYB_SIG, NULL, 192, 11); } static void *p384_dilithium3_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3_aes, "p384_dilithium3_aes", KEY_TYPE_HYB_SIG, 192); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3_aes, "p384_dilithium3_aes", KEY_TYPE_HYB_SIG, 192, 11); } static void *dilithium5_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5_aes, "dilithium5_aes", KEY_TYPE_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5_aes, "dilithium5_aes", KEY_TYPE_SIG, NULL, 256, 12); } static void *dilithium5_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5_aes, "dilithium5_aes", 0, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5_aes, "dilithium5_aes", 0, 256, 12); } static void *p521_dilithium5_aes_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5_aes, "p521_dilithium5_aes", KEY_TYPE_HYB_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5_aes, "p521_dilithium5_aes", KEY_TYPE_HYB_SIG, NULL, 256, 13); } static void *p521_dilithium5_aes_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5_aes, "p521_dilithium5_aes", KEY_TYPE_HYB_SIG, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5_aes, "p521_dilithium5_aes", KEY_TYPE_HYB_SIG, 256, 13); } static void *falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512", KEY_TYPE_SIG, NULL, 128, 14); } static void *falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512", 0, 128, 14); } static void *p256_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 15); } static void *p256_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 15); } static void *rsa3072_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 16); } static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 16); } static void *falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "falcon1024", KEY_TYPE_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "falcon1024", KEY_TYPE_SIG, NULL, 256, 17); } static void *falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "falcon1024", 0, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "falcon1024", 0, 256, 17); } static void *p521_falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 18); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, 256); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 18); } static void *sphincsharaka128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "sphincsharaka128frobust", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "sphincsharaka128frobust", KEY_TYPE_SIG, NULL, 128, 19); } static void *sphincsharaka128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "sphincsharaka128frobust", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "sphincsharaka128frobust", 0, 128, 19); } static void *p256_sphincsharaka128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "p256_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "p256_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, NULL, 128, 20); } static void *p256_sphincsharaka128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "p256_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "p256_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, 128, 20); } static void *rsa3072_sphincsharaka128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "rsa3072_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_robust, "rsa3072_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, NULL, 128, 21); } static void *rsa3072_sphincsharaka128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "rsa3072_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_robust, "rsa3072_sphincsharaka128frobust", KEY_TYPE_HYB_SIG, 128, 21); } static void *sphincsharaka128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "sphincsharaka128fsimple", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "sphincsharaka128fsimple", KEY_TYPE_SIG, NULL, 128, 22); } static void *sphincsharaka128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "sphincsharaka128fsimple", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "sphincsharaka128fsimple", 0, 128, 22); } static void *p256_sphincsharaka128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "p256_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "p256_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 23); } static void *p256_sphincsharaka128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "p256_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "p256_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, 128, 23); } static void *rsa3072_sphincsharaka128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "rsa3072_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_haraka_128f_simple, "rsa3072_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 24); } static void *rsa3072_sphincsharaka128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "rsa3072_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_haraka_128f_simple, "rsa3072_sphincsharaka128fsimple", KEY_TYPE_HYB_SIG, 128, 24); } static void *sphincssha256128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "sphincssha256128frobust", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "sphincssha256128frobust", KEY_TYPE_SIG, NULL, 128, 25); } static void *sphincssha256128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "sphincssha256128frobust", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "sphincssha256128frobust", 0, 128, 25); } static void *p256_sphincssha256128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "p256_sphincssha256128frobust", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "p256_sphincssha256128frobust", KEY_TYPE_HYB_SIG, NULL, 128, 26); } static void *p256_sphincssha256128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "p256_sphincssha256128frobust", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "p256_sphincssha256128frobust", KEY_TYPE_HYB_SIG, 128, 26); } static void *rsa3072_sphincssha256128frobust_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "rsa3072_sphincssha256128frobust", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128f_robust, "rsa3072_sphincssha256128frobust", KEY_TYPE_HYB_SIG, NULL, 128, 27); } static void *rsa3072_sphincssha256128frobust_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "rsa3072_sphincssha256128frobust", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128f_robust, "rsa3072_sphincssha256128frobust", KEY_TYPE_HYB_SIG, 128, 27); } static void *sphincssha256128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "sphincssha256128ssimple", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "sphincssha256128ssimple", KEY_TYPE_SIG, NULL, 128, 28); } static void *sphincssha256128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "sphincssha256128ssimple", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "sphincssha256128ssimple", 0, 128, 28); } static void *p256_sphincssha256128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "p256_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "p256_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *p256_sphincssha256128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "p256_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "p256_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, 128, 29); } static void *rsa3072_sphincssha256128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "rsa3072_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha256_128s_simple, "rsa3072_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); } static void *rsa3072_sphincssha256128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "rsa3072_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha256_128s_simple, "rsa3072_sphincssha256128ssimple", KEY_TYPE_HYB_SIG, 128, 30); } static void *sphincsshake256128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "sphincsshake256128fsimple", KEY_TYPE_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "sphincsshake256128fsimple", KEY_TYPE_SIG, NULL, 128, 31); } static void *sphincsshake256128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "sphincsshake256128fsimple", 0, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "sphincsshake256128fsimple", 0, 128, 31); } static void *p256_sphincsshake256128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "p256_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "p256_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); } static void *p256_sphincsshake256128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "p256_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "p256_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, 128, 32); } static void *rsa3072_sphincsshake256128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "rsa3072_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake256_128f_simple, "rsa3072_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } static void *rsa3072_sphincsshake256128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "rsa3072_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake256_128f_simple, "rsa3072_sphincsshake256128fsimple", KEY_TYPE_HYB_SIG, 128, 33); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -874,12 +876,12 @@ static void *rsa3072_sphincsshake256128fsimple_gen_init(void *provctx, int selec \ static void *tokalg##_new_key(void *provctx) \ { \ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, "" #tokalg "", KEY_TYPE_KEM, NULL, bit_security); \ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, "" #tokalg "", KEY_TYPE_KEM, NULL, bit_security, -1); \ } \ \ static void *tokalg##_gen_init(void *provctx, int selection) \ { \ - return oqsx_gen_init(provctx, selection, tokoqsalg, "" #tokalg "", KEY_TYPE_KEM, bit_security); \ + return oqsx_gen_init(provctx, selection, tokoqsalg, "" #tokalg "", KEY_TYPE_KEM, bit_security, -1); \ } \ \ const OSSL_DISPATCH oqs_##tokalg##_keymgmt_functions[] = { \ @@ -906,12 +908,12 @@ static void *rsa3072_sphincsshake256128fsimple_gen_init(void *provctx, int selec \ static void *ecp_##tokalg##_new_key(void *provctx) \ { \ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, ECP_NAME(bit_security, tokalg), KEY_TYPE_ECP_HYB_KEM, NULL, bit_security); \ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, ECP_NAME(bit_security, tokalg), KEY_TYPE_ECP_HYB_KEM, NULL, bit_security, -1); \ } \ \ static void *ecp_##tokalg##_gen_init(void *provctx, int selection) \ { \ - return oqsx_gen_init(provctx, selection, tokoqsalg, ECP_NAME(bit_security, tokalg), KEY_TYPE_ECP_HYB_KEM, bit_security); \ + return oqsx_gen_init(provctx, selection, tokoqsalg, ECP_NAME(bit_security, tokalg), KEY_TYPE_ECP_HYB_KEM, bit_security, -1); \ } \ \ const OSSL_DISPATCH oqs_ecp_##tokalg##_keymgmt_functions[] = { \ @@ -938,12 +940,12 @@ static void *rsa3072_sphincsshake256128fsimple_gen_init(void *provctx, int selec \ static void *ecx_##tokalg##_new_key(void *provctx) \ { \ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, ECX_NAME(bit_security, tokalg), KEY_TYPE_ECX_HYB_KEM, NULL, bit_security); \ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), tokoqsalg, ECX_NAME(bit_security, tokalg), KEY_TYPE_ECX_HYB_KEM, NULL, bit_security, -1); \ } \ \ static void *ecx_##tokalg##_gen_init(void *provctx, int selection) \ { \ - return oqsx_gen_init(provctx, selection, tokoqsalg, ECX_NAME(bit_security, tokalg), KEY_TYPE_ECX_HYB_KEM, bit_security); \ + return oqsx_gen_init(provctx, selection, tokoqsalg, ECX_NAME(bit_security, tokalg), KEY_TYPE_ECX_HYB_KEM, bit_security, -1); \ } \ \ const OSSL_DISPATCH oqs_ecx_##tokalg##_keymgmt_functions[] = { \ diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 780097d3..e4e2711f 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -22,13 +22,7 @@ # include # include -#define OQS_PROVIDER_BASE_VERSION_STR OQSPROVIDER_VERSION_TEXT - -#ifdef NOPUBKEY_IN_PRIVKEY -#define OQS_PROVIDER_VERSION_STR OQS_PROVIDER_BASE_VERSION_STR "-nopub" -#else -#define OQS_PROVIDER_VERSION_STR OQS_PROVIDER_BASE_VERSION_STR -#endif +#define OQS_PROVIDER_VERSION_STR OQSPROVIDER_VERSION_TEXT /* internal, but useful OSSL define */ # define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) @@ -101,6 +95,9 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx); # define PROV_OQS_LIBCTX_OF(provctx) (((PROV_OQS_CTX *)provctx)->libctx) #include "oqs/oqs.h" +#ifdef USE_ENCODING_LIB +#include +#endif /* helper structure for classic key components in hybrid keys. * Actual tables in oqsprov_keys.c @@ -137,6 +134,15 @@ struct oqsx_provider_ctx_st { typedef struct oqsx_provider_ctx_st OQSX_PROVIDER_CTX; +#ifdef USE_ENCODING_LIB +struct oqsx_provider_encoding_ctx_st { + const qsc_encoding_t* encoding_ctx; + const qsc_encoding_impl_t* encoding_impl; +}; + +typedef struct oqsx_provider_encoding_ctx_st OQSX_ENCODING_CTX; +#endif + enum oqsx_key_type_en { KEY_TYPE_SIG, KEY_TYPE_KEM, KEY_TYPE_ECP_HYB_KEM, KEY_TYPE_ECX_HYB_KEM, KEY_TYPE_HYB_SIG }; @@ -148,6 +154,9 @@ struct oqsx_key_st { char *propq; OQSX_KEY_TYPE keytype; OQSX_PROVIDER_CTX oqsx_provider_ctx; +#ifdef USE_ENCODING_LIB + OQSX_ENCODING_CTX oqsx_encoding_ctx; +#endif EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; @@ -179,7 +188,7 @@ typedef struct oqsx_key_st OQSX_KEY; int oqs_set_nid(char* tlsname, int nid); /* Create OQSX_KEY data structure based on parameters; key material allocated separately */ -OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char* oqs_name, char* tls_name, int is_kem, const char *propq, int bit_security); +OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char* oqs_name, char* tls_name, int is_kem, const char *propq, int bit_security, int alg_idx); /* allocate key material; component pointers need to be set separately */ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private); diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 9f67e859..de117e02 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -42,7 +42,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #define OQS_OID_CNT 68 -static const char* oqs_oid_alg_list[OQS_OID_CNT] = +const char* oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", "1.3.9999.2.7.1" , "p256_dilithium2", @@ -121,6 +121,52 @@ int oqs_patch_oids(void) { return 1; } + +#ifdef USE_ENCODING_LIB +const char* oqs_alg_encoding_list[OQS_OID_CNT/2] = { 0 }; + +int oqs_patch_encodings(void) { +///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START + if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_P256_DILITHIUM2"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); + if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[3] = getenv("OQS_ENCODING_DILITHIUM3"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_P384_DILITHIUM3"); + if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_DILITHIUM5"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_P521_DILITHIUM5"); + if (getenv("OQS_ENCODING_DILITHIUM2_AES")) oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM2_AES"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2_AES")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P256_DILITHIUM2_AES"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_AES")) oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_AES"); + if (getenv("OQS_ENCODING_DILITHIUM3_AES")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM3_AES"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3_AES")) oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_P384_DILITHIUM3_AES"); + if (getenv("OQS_ENCODING_DILITHIUM5_AES")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM5_AES"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5_AES")) oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_P521_DILITHIUM5_AES"); + if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_FALCON512"); + if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_P256_FALCON512"); + if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_FALCON1024"); + if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P521_FALCON1024"); + if (getenv("OQS_ENCODING_SPHINCSHARAKA128FROBUST")) oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_SPHINCSHARAKA128FROBUST"); + if (getenv("OQS_ENCODING_P256_SPHINCSHARAKA128FROBUST")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_P256_SPHINCSHARAKA128FROBUST"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSHARAKA128FROBUST")) oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_RSA3072_SPHINCSHARAKA128FROBUST"); + if (getenv("OQS_ENCODING_SPHINCSHARAKA128FSIMPLE")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_SPHINCSHARAKA128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSHARAKA128FSIMPLE")) oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_P256_SPHINCSHARAKA128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSHARAKA128FSIMPLE")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_RSA3072_SPHINCSHARAKA128FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA256128FROBUST")) oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_SPHINCSSHA256128FROBUST"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA256128FROBUST")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P256_SPHINCSSHA256128FROBUST"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA256128FROBUST")) oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA256128FROBUST"); + if (getenv("OQS_ENCODING_SPHINCSSHA256128SSIMPLE")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_SPHINCSSHA256128SSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA256128SSIMPLE")) oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_P256_SPHINCSSHA256128SSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA256128SSIMPLE")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA256128SSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE")) oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE256128FSIMPLE")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE256128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE256128FSIMPLE")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE256128FSIMPLE"); +///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END + return 1; +} +#endif + + #define ALG(NAMES, FUNC) { NAMES, "provider=oqsprovider", FUNC } #define KEMALG3(NAMES, SECBITS) \ { "" #NAMES "", "provider=oqsprovider", oqs_generic_kem_functions }, \ @@ -419,7 +465,14 @@ static const OSSL_PARAM *oqsprovider_gettable_params(void *provctx) return oqsprovider_param_types; } -#define OQS_PROVIDER_BUILD_INFO_STR "OQS Provider v." OQS_PROVIDER_VERSION_STR OQS_PROVIDER_COMMIT " based on liboqs v." OQS_VERSION_TEXT +#define OQS_PROVIDER_BASE_BUILD_INFO_STR "OQS Provider v." OQS_PROVIDER_VERSION_STR OQS_PROVIDER_COMMIT " based on liboqs v." OQS_VERSION_TEXT + +#ifdef QSC_ENCODING_VERSION_STRING +#define OQS_PROVIDER_BUILD_INFO_STR OQS_PROVIDER_BASE_BUILD_INFO_STR " using qsc-key-encoder v." QSC_ENCODING_VERSION_STRING +#else +#define OQS_PROVIDER_BUILD_INFO_STR OQS_PROVIDER_BASE_BUILD_INFO_STR +#endif + static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[]) { @@ -499,6 +552,11 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, if (!oqs_patch_oids()) return 0; +#ifdef USE_ENCODING_LIB + if (!oqs_patch_encodings()) + return 0; +#endif + for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_GETTABLE_PARAMS: diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 05663733..72147ebb 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -122,6 +122,15 @@ static char* get_oqsname(int nid) { return 0; } +static int get_oqsalg_idx(int nid) { + int i; + for(i=0;ipubkeylen != plen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; +#ifdef USE_ENCODING_LIB + if (key->oqsx_encoding_ctx.encoding_ctx && key->oqsx_encoding_ctx.encoding_impl) { + key->pubkeylen = key->oqsx_encoding_ctx.encoding_ctx->raw_crypto_publickeybytes; + if (key->oqsx_encoding_ctx.encoding_impl->crypto_publickeybytes != plen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (qsc_decode(key->oqsx_encoding_ctx.encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, p, (unsigned char **) &key->pubkey, 0, 0, 1) != QSC_ENC_OK) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + } else { +#endif + if (key->pubkeylen != plen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(key->pubkey, p, plen); +#ifdef USE_ENCODING_LIB } - memcpy(key->pubkey, p, plen); +#endif } else { - int classical_privatekey_len = 0; - // for plain OQS keys, we expect OQS priv||OQS pub key - size_t actualprivkeylen = key->privkeylen; - // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub key - // classic pub key must/can be re-created from classic private key - if (key->numkeys == 2) { - DECODE_UINT32(classical_privatekey_len, p); // actual classic key len - // adjust expected size - if (classical_privatekey_len > key->evp_info->length_private_key) { + int classical_privatekey_len = 0; + // for plain OQS keys, we expect OQS priv||OQS pub key + size_t actualprivkeylen = key->privkeylen; + // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub key + // classic pub key must/can be re-created from classic private key + if (key->numkeys == 2) { + DECODE_UINT32(classical_privatekey_len, p); // actual classic key len + // adjust expected size + if (classical_privatekey_len > key->evp_info->length_private_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + actualprivkeylen -= (key->evp_info->length_private_key - classical_privatekey_len); + } +#ifdef USE_ENCODING_LIB + if (key->oqsx_encoding_ctx.encoding_ctx && key->oqsx_encoding_ctx.encoding_impl) { + const qsc_encoding_t* encoding_ctx = key->oqsx_encoding_ctx.encoding_ctx; +#ifdef NOPUBKEY_IN_PRIVKEY + // if the raw private key includes the public key, the optional part is needed, otherwise not. + int withoptional = (encoding_ctx->raw_private_key_encodes_public_key ? 1 : 0); +#else + int withoptional = 1; +#endif + int pubkey_available = withoptional; + if (oqsx_key_allocate_keymaterial(key, 1)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (pubkey_available) { + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (qsc_decode(encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, + 0, (pubkey_available ? (unsigned char**)&key->pubkey : 0), p, + (unsigned char**)&key->privkey, withoptional) != QSC_ENC_OK) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; - } - actualprivkeylen -= (key->evp_info->length_private_key - classical_privatekey_len); - } + } + } else { +#endif #ifdef NOPUBKEY_IN_PRIVKEY if (actualprivkeylen != plen) { - OQS_KEY_PRINTF3("OQSX KEY: private key with unexpected length %d vs %d\n", plen, (int)(actualprivkeylen)); + OQS_KEY_PRINTF3("OQSX KEY: private key with unexpected length %d vs %d\n", plen, (int)(actualprivkeylen)); #else if (actualprivkeylen + oqsx_key_get_oqs_public_key_len(key) != plen) { - OQS_KEY_PRINTF3("OQSX KEY: private key with unexpected length %d vs %d\n", plen, (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); + OQS_KEY_PRINTF3("OQSX KEY: private key with unexpected length %d vs %d\n", plen, (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); #endif - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; } if (oqsx_key_allocate_keymaterial(key, 1) #ifndef NOPUBKEY_IN_PRIVKEY - || oqsx_key_allocate_keymaterial(key, 0) + || oqsx_key_allocate_keymaterial(key, 0) #endif - ) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - // first populate private key data - memcpy(key->privkey, p, actualprivkeylen); + ) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + // first populate private key data + memcpy(key->privkey, p, actualprivkeylen); #ifndef NOPUBKEY_IN_PRIVKEY - // only enough data to fill public OQS key component - if (oqsx_key_get_oqs_public_key_len(key) != plen - actualprivkeylen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - // populate OQS public key structure - if (key->numkeys == 2) { - unsigned char *pubkey = (unsigned char *)key->pubkey; - ENCODE_UINT32(pubkey,key->evp_info->length_public_key); - memcpy(pubkey+SIZE_OF_UINT32+key->evp_info->length_public_key, p+actualprivkeylen, plen-actualprivkeylen); - } - else - memcpy(key->pubkey, p+key->privkeylen, plen-key->privkeylen); + // only enough data to fill public OQS key component + if (oqsx_key_get_oqs_public_key_len(key) != plen - actualprivkeylen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + // populate OQS public key structure + if (key->numkeys == 2) { + unsigned char *pubkey = (unsigned char *)key->pubkey; + ENCODE_UINT32(pubkey,key->evp_info->length_public_key); + memcpy(pubkey+SIZE_OF_UINT32+key->evp_info->length_public_key, p+actualprivkeylen, plen-actualprivkeylen); + } + else + memcpy(key->pubkey, p+key->privkeylen, plen-key->privkeylen); #endif + } +#ifdef USE_ENCODING_LIB } +#endif ret = oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); if (key->numkeys == 2) { // hybrid key @@ -321,7 +382,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); goto err; } - if (op == KEY_OP_PUBLIC) { + if (op == KEY_OP_PUBLIC) { DECODE_UINT32(classical_pubkey_len, key->pubkey); if (key->evp_info->raw_key_support) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -340,7 +401,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, } } } - if (op == KEY_OP_PRIVATE) { + if (op == KEY_OP_PRIVATE) { DECODE_UINT32(classical_privkey_len, key->privkey); if (key->evp_info->raw_key_support) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -521,8 +582,12 @@ static const int (*init_kex_fun[])(int, OQSX_EVP_CTX *) = { oqshybkem_init_ecp, oqshybkem_init_ecx }; +#ifdef USE_ENCODING_LIB +extern const char* oqs_alg_encoding_list[]; +#endif +extern const char* oqs_oid_alg_list[]; -OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char* oqs_name, char* tls_name, int primitive, const char *propq, int bit_security) +OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char* oqs_name, char* tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; @@ -550,6 +615,16 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char* oqs_name, char* tls_name, int fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?\n", oqs_name); goto err; } + +#ifdef USE_ENCODING_LIB + if (alg_idx >= 0 && oqs_alg_encoding_list[alg_idx] != NULL) { + if (qsc_encoding_by_name_oid(&ret->oqsx_encoding_ctx.encoding_ctx, &ret->oqsx_encoding_ctx.encoding_impl, oqs_oid_alg_list[2*alg_idx], oqs_alg_encoding_list[alg_idx]) != QSC_ENC_OK) { + fprintf(stderr, "Could not create OQS signature encoding algorithm %s (%s, %s). Defaulting to no encoding.\n", oqs_alg_encoding_list[alg_idx], oqs_name, oqs_oid_alg_list[2*alg_idx]); + ret->oqsx_encoding_ctx.encoding_ctx = NULL; + ret->oqsx_encoding_ctx.encoding_impl = NULL; + } + } +#endif ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; ret->keytype = KEY_TYPE_SIG; diff --git a/scripts/runtests_encodings.sh b/scripts/runtests_encodings.sh new file mode 100755 index 00000000..ae041eba --- /dev/null +++ b/scripts/runtests_encodings.sh @@ -0,0 +1,16 @@ +#/bin/bash + +OQS_ENCODING_DILITHIUM2=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_DILITHIUM3=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_DILITHIUM5=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_DILITHIUM2_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_DILITHIUM3_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_DILITHIUM5_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ +OQS_ENCODING_FALCON512=draft-uni-qsckeys-falcon-00/sk-pk \ +OQS_ENCODING_FALCON1024=draft-uni-qsckeys-falcon-00/sk-pk \ +OQS_ENCODING_SPHINCSHARAKA128FROBUST=draft-uni-qsckeys-sphincsplus-00/sk-pk \ +OQS_ENCODING_SPHINCSHARAKA128FSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ +OQS_ENCODING_SPHINCSSHA256128FROBUST=draft-uni-qsckeys-sphincsplus-00/sk-pk \ +OQS_ENCODING_SPHINCSSHA256128SSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ +OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ +scripts/runtests.sh $@ \ No newline at end of file