From 93ae80d8f9c1e0ac35bd09dfe37a02877c4ad292 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 09:31:17 -0500 Subject: [PATCH] rebase to the open-quantum-safe master branch Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 3 + oqsprov/oqs_kmgmt.c | 88 +++++++++++++++++------ oqsprov/oqs_prov.h | 9 +-- oqsprov/oqs_sig.c | 2 +- oqsprov/oqsencoders.inc | 10 --- oqsprov/oqsprov_keys.c | 135 +++++++++++++---------------------- 6 files changed, 120 insertions(+), 127 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 58b53c4e..100c9704 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -842,6 +842,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # define dilithium3_ed25519_evp_type 0 # define dilithium3_ed25519_input_type "dilithium3_ed25519" # define dilithium3_ed25519_pem_type "dilithium3_ed25519" +# define dilithium3_pss_evp_type 0 +# define dilithium3_pss_input_type "dilithium3_pss" +# define dilithium3_pss_pem_type "dilithium3_pss" # define dilithium5_bp384_evp_type 0 # define dilithium5_bp384_input_type "dilithium5_bp384" # define dilithium5_bp384_pem_type "dilithium5_bp384" diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 2bffaf72..ae25f55b 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -862,112 +862,156 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 23); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 23); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 24); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 24); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 25); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 25); } static void *dilithium5_p384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 26); } static void *dilithium5_p384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, 192); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 26); } static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 27); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 27); } static void *dilithium3_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 28); } static void *dilithium3_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 28); } static void *dilithium5_bp384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 29); } static void *dilithium5_bp384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 29); } static void *dilithium5_ed448_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 30); } static void *dilithium5_ed448_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 30); } static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 256); + return oqsx_gen_init + (provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); } static void *falcon512_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); } static void *falcon512_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } static void *dilithium3_pss_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128, 33); } static void *dilithium3_pss_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_pss", KEY_TYPE_CMP_SIG, 128, 33); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 3fe3516c..490581f0 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -155,11 +155,10 @@ struct oqsx_key_st { #endif char *propq; OQSX_KEY_TYPE keytype; - OQSX_PROVIDER_CTX oqsx_provider_ctx; + OQSX_PROVIDER_CTX *oqsx_provider_ctx; #ifdef USE_ENCODING_LIB OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif - OQSX_PROVIDER_CTX oqsx_provider_ctx_cmp; EVP_PKEY** cmp_classical_pkey; EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; @@ -202,12 +201,6 @@ struct SignatureModel{ typedef struct SignatureModel CompositeSignature; -char* get_oqsname(int nid); -char* get_cmpname(int nid, int index); -int get_qntcmp(int nid); -int get_keytype(int nid); -char* get_oqsname_fromtls(char* oqsname); - /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index e58e13b9..811c485f 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -696,7 +696,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, siglen - classical_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) { + != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index e08fb503..d6f695e9 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -147,7 +147,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, @@ -160,7 +159,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_p256", dilithium3_p256), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, @@ -173,7 +171,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, @@ -198,7 +195,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_pss", dilithium3_pss), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -234,7 +230,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_p384", dilithium5_p384), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, @@ -247,7 +242,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, @@ -279,7 +273,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_falcon512", p256_falcon512), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, @@ -292,7 +285,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, @@ -305,7 +297,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_p256", falcon512_p256), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, @@ -318,7 +309,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_bp256", falcon512_bp256), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index ed73a278..39a51333 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -112,7 +112,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 128}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - 0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, + {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END @@ -462,6 +462,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); + } } // RSA bit length set only during keygen goto err; @@ -474,7 +475,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, return ret; } -sstatic const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) +static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { int ret = 1; int idx = 0; @@ -606,6 +607,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } #endif } else { + int classical_privatekey_len = 0; + // for plain OQS keys, we expect OQS priv||OQS pub key + size_t actualprivkeylen = key->privkeylen; + // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub + // key classic pub key must/can be re-created from classic private key if (key->keytype == KEY_TYPE_CMP_SIG){ size_t privlen = 0; size_t publen = 0; @@ -626,7 +632,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); - } + } if (previous_privlen != plen) { //is ok, PQC pubkey might be in privkey @@ -643,13 +649,34 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } previous_privlen = 0; previous_publen = 0; - - }else{ - int classical_privatekey_len = 0; - // for plain OQS keys, we expect OQS priv||OQS pub key - size_t actualprivkeylen = key->privkeylen; - // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub - // key classic pub key must/can be re-created from classic private key + for (i = 0; i < key->numkeys; i++){ + size_t classic_publen = 0; + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + if (get_oqsname_fromtls(name) == 0){//classical key + publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later + if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(privlen, enc_len); + privlen += 4; + OPENSSL_free(enc_len); + }else + privlen = key->privkeylen_cmp[i]; + }else{//PQC key + privlen = key->privkeylen_cmp[i]; + if (pqc_pub_enc) + publen = key->pubkeylen_cmp[i]; + else + publen = 0; + + } + memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } + }else{ if (key->numkeys == 2) { DECODE_UINT32(classical_privatekey_len, p); // actual classic key len @@ -739,62 +766,8 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, memcpy(key->pubkey, p + key->privkeylen, plen - key->privkeylen); #endif - if (key->keytype == KEY_TYPE_CMP_SIG){ - size_t privlen, publen; - size_t previous_privlen = 0; - size_t previous_publen = 0; - int i; - for (i =0; i < key->numkeys; i++){ - privlen = key->privkeylen_cmp[i]; - publen = key->pubkeylen_cmp[i]; - memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); - previous_privlen += privlen; - previous_publen += publen; - } - for (i =0; i < key->numkeys; i++){ - size_t classic_publen = 0; - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - if (get_oqsname_fromtls(name) == 0){//classical key - publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later - if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); - OPENSSL_cleanse(enc_len, 2); - DECODE_UINT32(privlen, enc_len); - privlen += 4; - OPENSSL_free(enc_len); - }else - privlen = key->privkeylen_cmp[i]; - }else{//PQC key - privlen = key->privkeylen_cmp[i]; - if (pqc_pub_enc) - publen = key->pubkeylen_cmp[i]; - else - publen = 0; - - } - memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); - previous_privlen += privlen; - previous_publen += publen; - OPENSSL_free(name); } - - }else{ - if (key->privkeylen + key->pubkeylen != plen) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; } - if (oqsx_key_allocate_keymaterial(key, 1)) - { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(key->privkey, p, key->privkeylen); - memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); - } - } #ifdef USE_ENCODING_LIB } #endif @@ -869,7 +842,6 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (key->keytype == KEY_TYPE_CMP_SIG){ int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name)); if (op == KEY_OP_PUBLIC){ for (i = 0; i < key->numkeys; i++){ @@ -889,7 +861,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } } OPENSSL_free(name); @@ -910,21 +882,21 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ unsigned char* comp_pubkey = key->comp_pubkey[i]; int pubkeylen = i2d_PublicKey(key->cmp_classical_pkey[i], &comp_pubkey); if (pubkeylen != key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } }else{ size_t pubkeylen = key->pubkeylen_cmp[i]; int ret = EVP_PKEY_get_raw_public_key(key->cmp_classical_pkey[i], key->comp_pubkey[i], &pubkeylen); if (ret <= 0){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } } } @@ -933,11 +905,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } } - return key; + return 1; -err: - oqsx_key_free(key); - return NULL; +rec_err: + return 0; } OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, @@ -1325,9 +1296,9 @@ void oqsx_key_free(OQSX_KEY *key) || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); } else - OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); EVP_PKEY_free(key->classical_pkey); - if (key->oqsx_provider_ctx.oqsx_evp_ctx) { + if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); @@ -1458,15 +1429,7 @@ printf("18\n"); key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1]); else { - if (key->keytype == KEY_TYPE_CMP_SIG) - return -(OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys-2], - key->comp_privkey[key->numkeys-2]) - || OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys-1], - key->comp_privkey[key->numkeys-1])); - - return OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, + return OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1]); } @@ -1687,10 +1650,10 @@ int oqsx_key_get_oqs_public_key_len(OQSX_KEY *k) case KEY_TYPE_KEM: return k->pubkeylen; case KEY_TYPE_HYB_SIG: - return k->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + return k->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - return k->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key; + return k->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key; default: OQS_KEY_PRINTF2("OQSX_KEY: Unknown key type encountered: %d\n", k->keytype);