From 208d9d2785429f483a5718e8c7d7e27ea7485b32 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 13 Oct 2023 16:31:32 -0500 Subject: [PATCH] added MLDSA44 algs --- oqsprov/oqs_decode_der2key.c | 24 ++++++++++- oqsprov/oqs_encode_key2any.c | 65 +++++++++++++++++++++++----- oqsprov/oqs_kmgmt.c | 84 +++++++++++++++++++++++++++++++++--- oqsprov/oqs_prov.h | 63 +++++++++++++++++++++++---- oqsprov/oqs_sig.c | 14 +++++- oqsprov/oqsdecoders.inc | 48 +++++++++++++++++++-- oqsprov/oqsencoders.inc | 72 ++++++++++++++++++++++++++++--- oqsprov/oqsprov.c | 30 ++++++++++--- oqsprov/oqsprov_keys.c | 45 +++++++++++++------ 9 files changed, 389 insertions(+), 56 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 89fa1569..5ea20a50 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -771,8 +771,28 @@ MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5cfc0948..a4164731 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -966,7 +966,22 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" -# define dilithium3_rsa3072_evp_type 0 +# define dilithium2_pss2048_evp_type 0 +# define dilithium2_pss2048_input_type "dilithium2_pss2048" +# define dilithium2_pss2048_pem_type "dilithium2_pss2048" +# define dilithium2_rsa2048_evp_type 0 +# define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +# define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +# define dilithium2_ed25519_evp_type 0 +# define dilithium2_ed25519_input_type "dilithium2_ed25519" +# define dilithium2_ed25519_pem_type "dilithium2_ed25519" +# define dilithium2_p256_evp_type 0 +# define dilithium2_p256_input_type "dilithium2_p256" +# define dilithium2_p256_pem_type "dilithium2_p256" +# define dilithium2_bp256_evp_type 0 +# define dilithium2_bp256_input_type "dilithium2_bp256" +# define dilithium2_bp256_pem_type "dilithium2_bp256" +# define dilithium3_rsa2048_evp_type 0 # define dilithium3_rsa3072_input_type "dilithium3_rsa3072" # define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" # define dilithium3_p256_evp_type 0 @@ -984,9 +999,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # define dilithium3_ed25519_evp_type 0 # define dilithium3_ed25519_input_type "dilithium3_ed25519" # define dilithium3_ed25519_pem_type "dilithium3_ed25519" -# define dilithium3_pss_evp_type 0 -# define dilithium3_pss_input_type "dilithium3_pss" -# define dilithium3_pss_pem_type "dilithium3_pss" +# define dilithium3_pss3072_evp_type 0 +# define dilithium3_pss3072_input_type "dilithium3_pss3072" +# define dilithium3_pss3072_pem_type "dilithium3_pss3072" # define dilithium5_bp384_evp_type 0 # define dilithium5_bp384_input_type "dilithium5_bp384" # define dilithium5_bp384_pem_type "dilithium5_bp384" @@ -2111,10 +2126,40 @@ MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 6a08fa7d..9f5d5f41 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -1002,20 +1002,89 @@ static void *falcon512_ed25519_gen_init(void *provctx, int selection) "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } -static void *dilithium3_pss_new_key(void *provctx) +static void *dilithium3_pss3072_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128, 33); + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 33); } -static void *dilithium3_pss_gen_init(void *provctx, int selection) +static void *dilithium3_pss3072_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss", KEY_TYPE_CMP_SIG, 128, 33); + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 33); } +static void *dilithium2_pss2048_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 34); +} + +static void *dilithium2_pss2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 34); +} + +static void *dilithium2_rsa2048_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 35); +} + +static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 35); +} + +static void *dilithium2_ed25519_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 36); +} + +static void *dilithium2_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 36); +} + +static void *dilithium2_p256_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 37); +} + +static void *dilithium2_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 37); +} + +static void *dilithium2_bp256_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 38); +} + +static void *dilithium2_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init + (provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 38); +} ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1198,7 +1267,12 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_pss2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_rsa2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_bp256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1fc85e6d..5d402e60 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1485,14 +1485,54 @@ extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_enc extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -1532,7 +1572,12 @@ extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index c84922d2..b6d57726 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -227,7 +227,12 @@ static const char *composite_OID_hash[] = { "69642D4D4C44534138372D45643434382D5348414B45323536", //dilithium5_ed448 "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", //falcon512_bp256 "69642D46616C636F6E3531322D456432353531392D534841353132", //falcon512_ed25519 - "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss + "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss3072 + "69642D4D4C44534134342D525341323034382D5053532D534841323536", //dilithium2_pss2048 + "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", //dilithium2_rsa2048 + "69642D4D4C44534134342D456432353531392D534841353132", //dilithium2_ed25519 + "69642D4D4C44534134342D45434453412D503235362D534841323536", //dilithium2_p256 + "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536," //dilithium2_bp256 }; static const size_t composite_OID_hash_len[] = { @@ -241,7 +246,12 @@ static const size_t composite_OID_hash_len[] = { 50, //dilithium5_ed448 82, //falcon512_bp256 54, //falcon512_ed25519 - 58, //dilithium3_pss + 58, //dilithium3_pss3072 + 58, //dilithium2_pss2048 + 61, //dilithium2_rsa2048 + 50, //dilithium2_ed25519 + 56, //dilithium2_p256 + 79, //dilithium2_bp256 }; /* On entry to this function, data to be signed (tbs) might have been hashed diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 96775d49..e300a86c 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -199,6 +199,46 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_dilithium2), DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, rsa3072_dilithium2), + DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, + dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), @@ -227,10 +267,10 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium3_ed25519), DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), - DECODER_w_structure("dilithium3_pss", der, PrivateKeyInfo, - dilithium3_pss), - DECODER_w_structure("dilithium3_pss", der, SubjectPublicKeyInfo, - dilithium3_pss), + DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, + dilithium3_pss3072), + DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, + dilithium3_pss3072), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index b944c047..52e97f29 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -578,6 +578,66 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + SubjectPublicKeyInfo), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), @@ -648,17 +708,17 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), #endif diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 867b11b1..93fced6a 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,9 +49,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 155 +# define OQS_OID_CNT 165 #else -# define OQS_OID_CNT 68 +# define OQS_OID_CNT 78 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -211,7 +211,17 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "2.16.840.1.114027.80.7.1.16", "falcon512_ed25519", "2.16.840.1.114027.80.7.1.6", - "dilithium3_pss", + "dilithium3_pss3072", + "2.16.840.1.114027.80.7.1.1", + "dilithium2_pss2048", + "2.16.840.1.114027.80.7.1.2", + "dilithium2_rsa2048", + "2.16.840.1.114027.80.7.1.3", + "dilithium2_ed25519", + "2.16.840.1.114027.80.7.1.4", + "dilithium2_p256", + "2.16.840.1.114027.80.7.1.5", + "dilithium2_bp256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -568,6 +578,11 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium2", 128, oqs_signature_functions), SIGALG("p256_dilithium2", 128, oqs_signature_functions), SIGALG("rsa3072_dilithium2", 128, oqs_signature_functions), + SIGALG("dilithium2_pss2048", 128, oqs_signature_functions), + SIGALG("dilithium2_rsa2048", 128, oqs_signature_functions), + SIGALG("dilithium2_ed25519", 128, oqs_signature_functions), + SIGALG("dilithium2_p256", 128, oqs_signature_functions), + SIGALG("dilithium2_bp256", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), @@ -576,7 +591,7 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium3_p256", 192, oqs_signature_functions), SIGALG("dilithium3_bp256", 192, oqs_signature_functions), SIGALG("dilithium3_ed25519", 192, oqs_signature_functions), - SIGALG("dilithium3_pss", 192, oqs_signature_functions), + SIGALG("dilithium3_pss3072", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -707,6 +722,11 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium2", 128, oqs_dilithium2_keymgmt_functions), SIGALG("p256_dilithium2", 128, oqs_p256_dilithium2_keymgmt_functions), SIGALG("rsa3072_dilithium2", 128, oqs_rsa3072_dilithium2_keymgmt_functions), + SIGALG("dilithium2_pss2048", 128, oqs_dilithium2_pss2048_keymgmt_functions), + SIGALG("dilithium2_rsa2048", 128, oqs_dilithium2_rsa2048_keymgmt_functions), + SIGALG("dilithium2_ed25519", 128, oqs_dilithium2_ed25519_keymgmt_functions), + SIGALG("dilithium2_p256", 128, oqs_dilithium2_p256_keymgmt_functions), + SIGALG("dilithium2_bp256", 128, oqs_dilithium2_bp256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), @@ -715,7 +735,7 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), SIGALG("dilithium3_bp256", 192, oqs_dilithium3_bp256_keymgmt_functions), SIGALG("dilithium3_ed25519", 192, oqs_dilithium3_ed25519_keymgmt_functions), - SIGALG("dilithium3_pss", 192, oqs_dilithium3_pss_keymgmt_functions), + SIGALG("dilithium3_pss3072", 192, oqs_dilithium3_pss3072_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 862f1f58..5707ece1 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -57,9 +57,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 76 +# define NID_TABLE_LEN 81 #else -# define NID_TABLE_LEN 34 +# define NID_TABLE_LEN 39 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -173,9 +173,18 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 256}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, + {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - + {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 256}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -449,8 +458,9 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit - {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit - {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit + {EVP_PKEY_RSA, NID_rsaEncryption, 0, 270, 1193, 0, 256}, // 112 bit + {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit + {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit }; // These two array need to stay synced: @@ -476,9 +486,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 5, err); - if (!strncmp(algname, "rsa3072", 7) || !strncmp(algname, "pss", 3)) + if (!strncmp(algname, "rsa", 3) || !strncmp(algname, "pss", 3)){ idx += 5; - else if (algname[0] != 'p' && algname[0] != 'e') + if (bit_security == 112) + idx += 1; + } else if (algname[0] != 'p' && algname[0] != 'e') { if (algname[0] == 'b'){ //bp if (algname[2] == '2') //bp256 @@ -492,11 +504,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } } - ON_ERR_GOTO(idx < 0 || idx > 5, err); + ON_ERR_GOTO(idx < 0 || idx > 6, err); if(algname[0] == 'e') //ED25519 or ED448 { - evp_ctx->evp_info = &nids_sig[idx + 6]; + evp_ctx->evp_info = &nids_sig[idx + 7]; evp_ctx->keyParam = EVP_PKEY_new(); ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); @@ -1095,8 +1107,12 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, memcpy(concat_key + plen - aux, buf, buflen); //if is a RSA key the actual encoding size might be different from max size //we calculate that difference for to facilitate the key reconstruction - if(!strncmp(name, "rsa3072", 7) || !strncmp(name, "pss", 3)) - rsa_diff = nids_sig[5].length_private_key - buflen; + if(!strncmp(name, "rsa", 3) || !strncmp(name, "pss", 3)) { + if (name[3] == '3') //3072 + rsa_diff = nids_sig[5].length_private_key - buflen; + else //2048 + rsa_diff = nids_sig[6].length_private_key - buflen; + } OPENSSL_free(name); } @@ -1559,7 +1575,10 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); if (ctx->evp_info->keytype == EVP_PKEY_RSA) { - ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); + if (ctx->evp_info->length_public_key > 270) + ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); + else + ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 2048); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); }