-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #372: expose hybrid_classical_
and hybrid_pq_
OSSL_PARAMS
for EVP_PKEY
.
#374
Conversation
e97f2d4
to
a6eda7f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for adding this feature, which will help promote the promotion of hybrid digital signature certificates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically, looks like a good solution for #372, thanks @thb-sb ! Beyond the single PR comments regarding (algorithm-mutation) automation as well as constants-naming and -location this currently is an undocumented/"hidden feature": What about adding a section on "Supported parameters" to USAGE.md, documenting at least these 4 new params, possibly also all (other) retrievable OSSL_ params pointing to their documentations, e.g. OSSL_SIGNATURE_PARAM_DIGEST?
d65d315
to
3b69bbe
Compare
I've added a section to USAGE.md! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the new test keep working if new hybrids or new algs are introduced? I'm not sure. Other question: Any chance the test output could be red/green coded like all other ctest
runs?
b4cf702
to
8b278d4
Compare
…or `EVP_PKEY`. This commit is an attempt to fix #372, by adding four new [`OSSL_PARAM`] to [`EVP_PKEY`]. The following [`OSSL_PARAM`] are added by this commit: - `hybrid_classical_pub`: an octet string to the classical public key. - `hybrid_classical_priv`: an octet string to the classical private key. - `hybrid_pq_pub`: an octet string to the quantum-resistant public key. - `hybrid_pq_priv`: an octet string to the quantum-resistant private key. Using [`EVP_PKEY_get_params`], OpenSSL users should be able to extract the specific subkey they want from an hybrid key. A test called `test_evp_pkey_params` has been added to ensure that it works with all hybrid algorithms, to also ensure that the output of these parameters are consistent between each other. [`OSSL_PARAM`]: https://www.openssl.org/docs/man3.2/man3/OSSL_PARAM.html [`EVP_PKEY`]: https://www.openssl.org/docs/man3.2/man7/evp.html [`EVP_PKEY_get_params`]: https://www.openssl.org/docs/man3.2/man3/EVP_PKEY_get_params.html Signed-off-by: thb-sb <[email protected]>
Fix #372: expose
hybrid_classical_
andhybrid_pq_
OSSL_PARAMS
forEVP_PKEY
.This commit is an attempt to fix #372, by adding four new
OSSL_PARAM
toEVP_PKEY
.The following
OSSL_PARAM
are added by this commit:hybrid_classical_pub
: an octet string to the classical public key.hybrid_classical_priv
: an octet string to the classical private key.hybrid_pq_pub
: an octet string to the quantum-resistant public key.hybrid_pq_priv
: an octet string to the quantum-resistant private key.Using
EVP_PKEY_get_params
, OpenSSL users should be able to extract thespecific subkey they want from an hybrid key.
A test called
test_evp_pkey_params
has been added to ensure that it workswith all hybrid algorithms, to also ensure that the output of these parameters
are consistent between each other.
Signed-off-by: thb-sb [email protected]