diff --git a/.circleci/config.yml b/.circleci/config.yml index e5a9838b..0e224194 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -54,32 +54,6 @@ jobs: command: | git clone --branch master https://github.com/openssl/openssl.git openssl && cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd .. - - run: - name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support) - command: | - oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>" - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" - fi - mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a - fi - - when: - condition: - equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ] - steps: - - run: - name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support) - command: | - oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>" - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" - fi - mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a - fi - run: name: Run tests command: | @@ -88,49 +62,6 @@ jobs: else ./scripts/runtests.sh -V fi - - run: - name: Run tests (with encodings, positive and negative test) - command: | - if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ./scripts/runtests_encodings.sh -V > log - if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then - cat log - ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V - else - cat log - fi - fi - - run: - name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >>) with NOPUBKEY_IN_PRIVKEY and QSC encoding support - command: | - oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>" - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" - fi - rm -rf _build && mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a - fi - - run: - name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON) - command: | - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ - else - ./scripts/runtests.sh -V - fi - - run: - name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON, with encodings, positive and negative test) - command: | - if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ./scripts/runtests_encodings.sh -V - if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then - cat log - ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V - else - cat log - fi - fi macOS: description: A template for running tests on macOS @@ -208,37 +139,6 @@ jobs: else ./scripts/runtests.sh -V fi - - run: - name: Build OQS-OpenSSL provider with QSC encoding support - command: | - oqsprovider_cmake_args="<< parameters.CMAKE_ARGS >>" - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" - fi - rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a - fi - - run: - name: Run tests - command: | - if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ --output-on-failure - else - ./scripts/runtests.sh -V - fi - - run: - name: Run tests (with encodings) - command: | - if ! << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ./scripts/runtests_encodings.sh -V > log - if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then - cat log - ! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V - else - cat log - fi - fi trigger-downstream-ci: docker: diff --git a/ALGORITHMS.md b/ALGORITHMS.md index a3bf0cdd..df2d1fcf 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -283,40 +283,3 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li | p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256 -# Key Encodings - -By setting environment variables, oqs-provider can be configured to encode keys (subjectPublicKey and and privateKey ASN.1 structures) according to the following IETF drafts: - -- https://datatracker.ietf.org/doc/draft-uni-qsckeys-dilithium/00/ -- https://datatracker.ietf.org/doc/draft-uni-qsckeys-falcon/00/ -- https://datatracker.ietf.org/doc/draft-uni-qsckeys-sphincsplus/00/ - - -|Environment Variable | Permissible Values | -| --- | --- | -|`OQS_ENCODING_DILITHIUM2`|`draft-uni-qsckeys-dilithium-00/sk-pk`| -|`OQS_ENCODING_DILITHIUM3`|`draft-uni-qsckeys-dilithium-00/sk-pk`| -|`OQS_ENCODING_DILITHIUM5`|`draft-uni-qsckeys-dilithium-00/sk-pk`| -|`OQS_ENCODING_FALCON512`|`draft-uni-qsckeys-falcon-00/sk-pk`| -|`OQS_ENCODING_FALCONPADDED512`|`draft-uni-qsckeys-falcon-00/sk-pk`| -|`OQS_ENCODING_FALCON1024`|`draft-uni-qsckeys-falcon-00/sk-pk`| -|`OQS_ENCODING_FALCONPADDED1024`|`draft-uni-qsckeys-falcon-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHA2256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE192SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE256FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| -|`OQS_ENCODING_SPHINCSSHAKE256SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| - - -By setting `OQS_ENCODING__ALGNAME` environment variables, the corresponding algorithm names are set. The names are documented in the [`qsc_encoding.h`](https://github.com/Quantum-Safe-Collaboration/qsc-key-encoder/blob/main/include/qsc_encoding.h) header file of the encoder library. - -If no environment variable is set, or if an unknown value is set, the default is 'no' encoding, meaning that key serialization uses the 'raw' keys of the crypto implementations. If unknown values are set as environment variables, a run-time error will be raised. - -The test script `scripts/runtests_encodings.sh` (instead of `scripts/runtests.sh`) can be used for a test run with all supported encodings activated. diff --git a/CMakeLists.txt b/CMakeLists.txt index 364c5f5e..4648c1a4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,13 +38,6 @@ if(${NOPUBKEY_IN_PRIVKEY}) else() message(STATUS "Build will store public keys in PKCS#8 structures") endif() -option(USE_ENCODING_LIB "Build with external encoding library for SPKI/PKCS#8 " OFF) -if(${USE_ENCODING_LIB}) - message(STATUS "Build will include external encoding library for SPKI/PKCS#8") - add_compile_definitions( USE_ENCODING_LIB ) -else() - message(STATUS "Build will not include external encoding library for SPKI/PKCS#8") -endif() option(OQS_PROVIDER_BUILD_STATIC "Build a static library instead of a shared library" OFF) if(OQS_PROVIDER_BUILD_STATIC AND BUILD_SHARED_LIBS) diff --git a/CONFIGURE.md b/CONFIGURE.md index 6fa66003..63dccf97 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -39,13 +39,6 @@ location for the OS. This uses the [`find_package`](https://cmake.org/cmake/help/latest/command/find_package.html) command in `cmake`, which checks for local builds of a package at `_DIR` -### USE_ENCODING_LIB - -By setting `-DUSE_ENCODING_LIB=` at compile-time, oqs-provider can be -compiled with with an an external encoding library `qsc-key-encoder`. -Configuring the encodings is done via environment as described in [ALGORITHMS.md](ALGORITHMS.md). -The default value is `OFF`. - ### NOPUBKEY_IN_PRIVKEY By setting this to "ON", it can be specified to omit explicitly serializing diff --git a/oqs-template/ALGORITHMS.md/encodings.fragment b/oqs-template/ALGORITHMS.md/encodings.fragment deleted file mode 100644 index 7a07ae41..00000000 --- a/oqs-template/ALGORITHMS.md/encodings.fragment +++ /dev/null @@ -1,13 +0,0 @@ - -|Environment Variable | Permissible Values | -| --- | --- | -{% for sig in config['sigs'] -%} - {%- for variant in sig['variants'] -%} - {%- if 'supported_encodings' in variant -%} -|`OQS_ENCODING_{{variant['name']|upper}}`| -{%- for item in variant['supported_encodings'] -%} -`{{item}}`{% if not loop.last %}, {%- endif -%} -{% endfor %}| -{% endif %} -{%- endfor %} -{%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment b/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment deleted file mode 100644 index d63d3f5e..00000000 --- a/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment +++ /dev/null @@ -1,21 +0,0 @@ -{% set cnt = namespace(val=-2) %} -{ const char* envval = NULL; -{%- for sig in config['sigs'] %} - {%- for variant in sig['variants'] %} - {%- set cnt.val = cnt.val + 2 %} - if ((envval = getenv("OQS_ENCODING_{{variant['name']|upper}}"))) oqs_alg_encoding_list[{{ cnt.val }}] = envval; - if ((envval = getenv("OQS_ENCODING_{{variant['name']|upper}}_ALGNAME"))) oqs_alg_encoding_list[{{ cnt.val + 1 }}] = envval; - {%- for classical_alg in variant['mix_with'] %} - {%- set cnt.val = cnt.val + 2 %} - if ((envval = getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}"))) oqs_alg_encoding_list[{{ cnt.val }}] = envval; - if ((envval = getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}_ALGNAME"))) oqs_alg_encoding_list[{{ cnt.val + 1 }}] = envval; - {%- endfor %} - {%- for composite_alg in variant['composite'] %} - {%- set cnt.val = cnt.val + 2 %} - if (getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}")) oqs_alg_encoding_list[{{ cnt.val }}] = getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}"); - if (getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}_ALGNAME")) oqs_alg_encoding_list[{{ cnt.val + 1 }}] = getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}_ALGNAME"); - {%- endfor %} - {%- endfor %} -{%- endfor %} -} - diff --git a/oqsprov/CMakeLists.txt b/oqsprov/CMakeLists.txt index dd116eaf..6b5afe3b 100644 --- a/oqsprov/CMakeLists.txt +++ b/oqsprov/CMakeLists.txt @@ -5,20 +5,6 @@ execute_process( OUTPUT_VARIABLE GIT_COMMIT_HASH OUTPUT_STRIP_TRAILING_WHITESPACE ) -if (USE_ENCODING_LIB) - include(ExternalProject) - set(encoder_LIBRARY ${CMAKE_BINARY_DIR}/install/lib/${CMAKE_STATIC_LIBRARY_PREFIX}qsc_key_encoder${CMAKE_STATIC_LIBRARY_SUFFIX}) - set(encoder_LIBRARY_INCLUDE ${CMAKE_BINARY_DIR}/install/include) - ExternalProject_Add(encoder - GIT_REPOSITORY https://github.com/Quantum-Safe-Collaboration/qsc-key-encoder.git - GIT_TAG main - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/install -DCMAKE_BUILD_TYPE=Release - UPDATE_DISCONNECTED 1 - BUILD_BYPRODUCTS ${encoder_LIBRARY} - ) - add_library(qsc_key_encoder STATIC IMPORTED) - set_target_properties(qsc_key_encoder PROPERTIES IMPORTED_LOCATION ${encoder_LIBRARY}) -endif() add_definitions(-DOQSPROVIDER_VERSION_TEXT="${OQSPROVIDER_VERSION_TEXT}") message(STATUS "Building commit ${GIT_COMMIT_HASH} in ${CMAKE_SOURCE_DIR}") add_definitions(-DOQS_PROVIDER_COMMIT=" \(${GIT_COMMIT_HASH}\)") @@ -38,9 +24,6 @@ if(OQS_PROVIDER_BUILD_STATIC) endif() add_library(oqsprovider ${OQS_LIBRARY_TYPE} ${PROVIDER_SOURCE_FILES}) -if (USE_ENCODING_LIB) - add_dependencies(oqsprovider encoder) -endif() set_target_properties(oqsprovider PROPERTIES PREFIX "" @@ -87,10 +70,6 @@ else() endif() target_link_libraries(oqsprovider PUBLIC OQS::oqs ${OPENSSL_CRYPTO_LIBRARY} ${OQS_ADDL_SOCKET_LIBS}) -if (USE_ENCODING_LIB) - target_link_libraries(oqsprovider PUBLIC qsc_key_encoder) - target_include_directories(oqsprovider PRIVATE ${encoder_LIBRARY_INCLUDE}) -endif() install(TARGETS oqsprovider LIBRARY DESTINATION "${OPENSSL_MODULES_PATH}" diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index c6752248..975f79ce 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -512,40 +512,13 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) return 0; } if (oqsxkey->keytype != KEY_TYPE_CMP_SIG) { -#ifdef USE_ENCODING_LIB - if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL - && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { - unsigned char *buf; - int buflen; - int ret = 0; - const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; - buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; - - buf = OPENSSL_secure_zalloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, - 0, 0, 1); - if (ret != QSC_ENC_OK) - return -1; - - *pder = buf; - return buflen; - } else { -#endif - keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); - if (keyblob == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return 0; - } - *pder = keyblob; - return oqsxkey->pubkeylen; -#ifdef USE_ENCODING_LIB + keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); + if (keyblob == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return 0; } -#endif + *pder = keyblob; + return oqsxkey->pubkeylen; } else { if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -657,47 +630,16 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) privkeylen -= (oqsxkey->evp_info->length_private_key - actualprivkeylen); } -#ifdef USE_ENCODING_LIB - if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL - && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { - const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; - int ret = 0; -# ifdef NOPUBKEY_IN_PRIVKEY - int withoptional = (encoding_ctx->encoding_ctx - ->raw_private_key_encodes_public_key - ? 1 - : 0); -# else - int withoptional = 1; -# endif - buflen = (withoptional - ? encoding_ctx->encoding_impl->crypto_secretkeybytes - : encoding_ctx->encoding_impl - ->crypto_secretkeybytes_nooptional); - buf = OPENSSL_secure_zalloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } - - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, - oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], 0, - oqsxkey->privkey, &buf, withoptional); - if (ret != QSC_ENC_OK) - return -1; - } else { -#endif #ifdef NOPUBKEY_IN_PRIVKEY - buflen = privkeylen; - buf = OPENSSL_secure_malloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } - OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %zu\n", - buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); + buflen = privkeylen; + buf = OPENSSL_secure_malloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %zu\n", + buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); #else buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); buf = OPENSSL_secure_malloc(buflen); @@ -711,9 +653,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], oqsx_key_get_oqs_public_key_len(oqsxkey)); #endif -#ifdef USE_ENCODING_LIB - } -#endif oct.data = buf; oct.length = buflen; diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index c5aa6f7c..a4338d07 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -98,9 +98,6 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx); provctx ? (((PROV_OQS_CTX *)provctx)->libctx) : NULL #include "oqs/oqs.h" -#ifdef USE_ENCODING_LIB -# include -#endif /* helper structure for classic key components in hybrid keys. * Actual tables in oqsprov_keys.c @@ -137,15 +134,6 @@ struct oqsx_provider_ctx_st { typedef struct oqsx_provider_ctx_st OQSX_PROVIDER_CTX; -#ifdef USE_ENCODING_LIB -struct oqsx_provider_encoding_ctx_st { - const qsc_encoding_t *encoding_ctx; - const qsc_encoding_impl_t *encoding_impl; -}; - -typedef struct oqsx_provider_encoding_ctx_st OQSX_ENCODING_CTX; -#endif - enum oqsx_key_type_en { KEY_TYPE_SIG, KEY_TYPE_KEM, @@ -165,9 +153,6 @@ struct oqsx_key_st { char *propq; OQSX_KEY_TYPE keytype; OQSX_PROVIDER_CTX oqsx_provider_ctx; -#ifdef USE_ENCODING_LIB - OQSX_ENCODING_CTX oqsx_encoding_ctx; -#endif EVP_PKEY *classical_pkey; // for hybrid & composite sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 1fced2f5..836a5f9f 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -535,264 +535,6 @@ int oqs_patch_oids(void) return 1; } -#ifdef USE_ENCODING_LIB -const char *oqs_alg_encoding_list[OQS_OID_CNT] = {0}; - -int oqs_patch_encodings(void) -{ - ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START - { - const char *envval = NULL; - if ((envval = getenv("OQS_ENCODING_DILITHIUM2"))) - oqs_alg_encoding_list[0] = envval; - if ((envval = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"))) - oqs_alg_encoding_list[1] = envval; - if ((envval = getenv("OQS_ENCODING_P256_DILITHIUM2"))) - oqs_alg_encoding_list[2] = envval; - if ((envval = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"))) - oqs_alg_encoding_list[3] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"))) - oqs_alg_encoding_list[4] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"))) - oqs_alg_encoding_list[5] = envval; - if ((envval = getenv("OQS_ENCODING_DILITHIUM3"))) - oqs_alg_encoding_list[6] = envval; - if ((envval = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"))) - oqs_alg_encoding_list[7] = envval; - if ((envval = getenv("OQS_ENCODING_P384_DILITHIUM3"))) - oqs_alg_encoding_list[8] = envval; - if ((envval = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"))) - oqs_alg_encoding_list[9] = envval; - if ((envval = getenv("OQS_ENCODING_DILITHIUM5"))) - oqs_alg_encoding_list[10] = envval; - if ((envval = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"))) - oqs_alg_encoding_list[11] = envval; - if ((envval = getenv("OQS_ENCODING_P521_DILITHIUM5"))) - oqs_alg_encoding_list[12] = envval; - if ((envval = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"))) - oqs_alg_encoding_list[13] = envval; - if ((envval = getenv("OQS_ENCODING_MLDSA44"))) - oqs_alg_encoding_list[14] = envval; - if ((envval = getenv("OQS_ENCODING_MLDSA44_ALGNAME"))) - oqs_alg_encoding_list[15] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MLDSA44"))) - oqs_alg_encoding_list[16] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"))) - oqs_alg_encoding_list[17] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_MLDSA44"))) - oqs_alg_encoding_list[18] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME"))) - oqs_alg_encoding_list[19] = envval; - if (getenv("OQS_ENCODING_MLDSA44_PSS2048")) - oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_MLDSA44_PSS2048"); - if (getenv("OQS_ENCODING_MLDSA44_PSS2048_ALGNAME")) - oqs_alg_encoding_list[21] - = getenv("OQS_ENCODING_MLDSA44_PSS2048_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA44_RSA2048")) - oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_MLDSA44_RSA2048"); - if (getenv("OQS_ENCODING_MLDSA44_RSA2048_ALGNAME")) - oqs_alg_encoding_list[23] - = getenv("OQS_ENCODING_MLDSA44_RSA2048_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA44_ED25519")) - oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_MLDSA44_ED25519"); - if (getenv("OQS_ENCODING_MLDSA44_ED25519_ALGNAME")) - oqs_alg_encoding_list[25] - = getenv("OQS_ENCODING_MLDSA44_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA44_P256")) - oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_MLDSA44_P256"); - if (getenv("OQS_ENCODING_MLDSA44_P256_ALGNAME")) - oqs_alg_encoding_list[27] - = getenv("OQS_ENCODING_MLDSA44_P256_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA44_BP256")) - oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_MLDSA44_BP256"); - if (getenv("OQS_ENCODING_MLDSA44_BP256_ALGNAME")) - oqs_alg_encoding_list[29] - = getenv("OQS_ENCODING_MLDSA44_BP256_ALGNAME"); - if ((envval = getenv("OQS_ENCODING_MLDSA65"))) - oqs_alg_encoding_list[30] = envval; - if ((envval = getenv("OQS_ENCODING_MLDSA65_ALGNAME"))) - oqs_alg_encoding_list[31] = envval; - if ((envval = getenv("OQS_ENCODING_P384_MLDSA65"))) - oqs_alg_encoding_list[32] = envval; - if ((envval = getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME"))) - oqs_alg_encoding_list[33] = envval; - if (getenv("OQS_ENCODING_MLDSA65_PSS3072")) - oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_MLDSA65_PSS3072"); - if (getenv("OQS_ENCODING_MLDSA65_PSS3072_ALGNAME")) - oqs_alg_encoding_list[35] - = getenv("OQS_ENCODING_MLDSA65_PSS3072_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA65_RSA3072")) - oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_MLDSA65_RSA3072"); - if (getenv("OQS_ENCODING_MLDSA65_RSA3072_ALGNAME")) - oqs_alg_encoding_list[37] - = getenv("OQS_ENCODING_MLDSA65_RSA3072_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA65_P256")) - oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_MLDSA65_P256"); - if (getenv("OQS_ENCODING_MLDSA65_P256_ALGNAME")) - oqs_alg_encoding_list[39] - = getenv("OQS_ENCODING_MLDSA65_P256_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA65_BP256")) - oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_MLDSA65_BP256"); - if (getenv("OQS_ENCODING_MLDSA65_BP256_ALGNAME")) - oqs_alg_encoding_list[41] - = getenv("OQS_ENCODING_MLDSA65_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA65_ED25519")) - oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_MLDSA65_ED25519"); - if (getenv("OQS_ENCODING_MLDSA65_ED25519_ALGNAME")) - oqs_alg_encoding_list[43] - = getenv("OQS_ENCODING_MLDSA65_ED25519_ALGNAME"); - if ((envval = getenv("OQS_ENCODING_MLDSA87"))) - oqs_alg_encoding_list[44] = envval; - if ((envval = getenv("OQS_ENCODING_MLDSA87_ALGNAME"))) - oqs_alg_encoding_list[45] = envval; - if ((envval = getenv("OQS_ENCODING_P521_MLDSA87"))) - oqs_alg_encoding_list[46] = envval; - if ((envval = getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME"))) - oqs_alg_encoding_list[47] = envval; - if (getenv("OQS_ENCODING_MLDSA87_P384")) - oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_MLDSA87_P384"); - if (getenv("OQS_ENCODING_MLDSA87_P384_ALGNAME")) - oqs_alg_encoding_list[49] - = getenv("OQS_ENCODING_MLDSA87_P384_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA87_BP384")) - oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_MLDSA87_BP384"); - if (getenv("OQS_ENCODING_MLDSA87_BP384_ALGNAME")) - oqs_alg_encoding_list[51] - = getenv("OQS_ENCODING_MLDSA87_BP384_ALGNAME"); - if (getenv("OQS_ENCODING_MLDSA87_ED448")) - oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_MLDSA87_ED448"); - if (getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME")) - oqs_alg_encoding_list[53] - = getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME"); - if ((envval = getenv("OQS_ENCODING_FALCON512"))) - oqs_alg_encoding_list[54] = envval; - if ((envval = getenv("OQS_ENCODING_FALCON512_ALGNAME"))) - oqs_alg_encoding_list[55] = envval; - if ((envval = getenv("OQS_ENCODING_P256_FALCON512"))) - oqs_alg_encoding_list[56] = envval; - if ((envval = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"))) - oqs_alg_encoding_list[57] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_FALCON512"))) - oqs_alg_encoding_list[58] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"))) - oqs_alg_encoding_list[59] = envval; - if ((envval = getenv("OQS_ENCODING_FALCONPADDED512"))) - oqs_alg_encoding_list[60] = envval; - if ((envval = getenv("OQS_ENCODING_FALCONPADDED512_ALGNAME"))) - oqs_alg_encoding_list[61] = envval; - if ((envval = getenv("OQS_ENCODING_P256_FALCONPADDED512"))) - oqs_alg_encoding_list[62] = envval; - if ((envval = getenv("OQS_ENCODING_P256_FALCONPADDED512_ALGNAME"))) - oqs_alg_encoding_list[63] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512"))) - oqs_alg_encoding_list[64] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512_ALGNAME"))) - oqs_alg_encoding_list[65] = envval; - if ((envval = getenv("OQS_ENCODING_FALCON1024"))) - oqs_alg_encoding_list[66] = envval; - if ((envval = getenv("OQS_ENCODING_FALCON1024_ALGNAME"))) - oqs_alg_encoding_list[67] = envval; - if ((envval = getenv("OQS_ENCODING_P521_FALCON1024"))) - oqs_alg_encoding_list[68] = envval; - if ((envval = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"))) - oqs_alg_encoding_list[69] = envval; - if ((envval = getenv("OQS_ENCODING_FALCONPADDED1024"))) - oqs_alg_encoding_list[70] = envval; - if ((envval = getenv("OQS_ENCODING_FALCONPADDED1024_ALGNAME"))) - oqs_alg_encoding_list[71] = envval; - if ((envval = getenv("OQS_ENCODING_P521_FALCONPADDED1024"))) - oqs_alg_encoding_list[72] = envval; - if ((envval = getenv("OQS_ENCODING_P521_FALCONPADDED1024_ALGNAME"))) - oqs_alg_encoding_list[73] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"))) - oqs_alg_encoding_list[74] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[75] = envval; - if ((envval = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"))) - oqs_alg_encoding_list[76] = envval; - if ((envval - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[77] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"))) - oqs_alg_encoding_list[78] = envval; - if ((envval - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[79] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"))) - oqs_alg_encoding_list[80] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[81] = envval; - if ((envval = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"))) - oqs_alg_encoding_list[82] = envval; - if ((envval - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[83] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"))) - oqs_alg_encoding_list[84] = envval; - if ((envval - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[85] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"))) - oqs_alg_encoding_list[86] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[87] = envval; - if ((envval = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"))) - oqs_alg_encoding_list[88] = envval; - if ((envval - = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[89] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"))) - oqs_alg_encoding_list[90] = envval; - if ((envval = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[91] = envval; - if ((envval = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"))) - oqs_alg_encoding_list[92] = envval; - if ((envval - = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[93] = envval; - if ((envval = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"))) - oqs_alg_encoding_list[94] = envval; - if ((envval - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"))) - oqs_alg_encoding_list[95] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO1"))) - oqs_alg_encoding_list[96] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO1_ALGNAME"))) - oqs_alg_encoding_list[97] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MAYO1"))) - oqs_alg_encoding_list[98] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MAYO1_ALGNAME"))) - oqs_alg_encoding_list[99] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO2"))) - oqs_alg_encoding_list[100] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO2_ALGNAME"))) - oqs_alg_encoding_list[101] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MAYO2"))) - oqs_alg_encoding_list[102] = envval; - if ((envval = getenv("OQS_ENCODING_P256_MAYO2_ALGNAME"))) - oqs_alg_encoding_list[103] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO3"))) - oqs_alg_encoding_list[104] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO3_ALGNAME"))) - oqs_alg_encoding_list[105] = envval; - if ((envval = getenv("OQS_ENCODING_P384_MAYO3"))) - oqs_alg_encoding_list[106] = envval; - if ((envval = getenv("OQS_ENCODING_P384_MAYO3_ALGNAME"))) - oqs_alg_encoding_list[107] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO5"))) - oqs_alg_encoding_list[108] = envval; - if ((envval = getenv("OQS_ENCODING_MAYO5_ALGNAME"))) - oqs_alg_encoding_list[109] = envval; - if ((envval = getenv("OQS_ENCODING_P521_MAYO5"))) - oqs_alg_encoding_list[110] = envval; - if ((envval = getenv("OQS_ENCODING_P521_MAYO5_ALGNAME"))) - oqs_alg_encoding_list[111] = envval; - } - ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END - return 1; -} -#endif - #define SIGALG(NAMES, SECBITS, FUNC) \ { \ NAMES, "provider=oqsprovider,oqsprovider.security_bits=" #SECBITS "", \ @@ -1384,11 +1126,6 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle, if (!oqs_patch_oids()) goto end_init; -#ifdef USE_ENCODING_LIB - if (!oqs_patch_encodings()) - goto end_init; -#endif - for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_GETTABLE_PARAMS: diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 31ddfd9c..a6dd4b32 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -630,41 +630,15 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, OQS_KEY_PRINTF2("OQSX KEY: Recreated OQSX key %s\n", key->tls_name); if (op == KEY_OP_PUBLIC) { -#ifdef USE_ENCODING_LIB - if (key->oqsx_encoding_ctx.encoding_ctx - && key->oqsx_encoding_ctx.encoding_impl) { - key->pubkeylen = key->oqsx_encoding_ctx.encoding_ctx - ->raw_crypto_publickeybytes; - if (key->oqsx_encoding_ctx.encoding_impl->crypto_publickeybytes - != plen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - if (qsc_decode(key->oqsx_encoding_ctx.encoding_ctx, - key->oqsx_encoding_ctx.encoding_impl, p, - (unsigned char **)&key->pubkey, 0, 0, 1) - != QSC_ENC_OK) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - } else { -#endif - if (key->pubkeylen != plen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - memcpy(key->pubkey, p, plen); -#ifdef USE_ENCODING_LIB + if (key->pubkeylen != plen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; } -#endif + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + memcpy(key->pubkey, p, plen); } else { uint32_t classical_privatekey_len = 0; // for plain OQS keys, we expect OQS priv||OQS pub key @@ -819,48 +793,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, actualprivkeylen -= (key->evp_info->length_private_key - classical_privatekey_len); } -#ifdef USE_ENCODING_LIB - if (key->oqsx_encoding_ctx.encoding_ctx - && key->oqsx_encoding_ctx.encoding_impl) { - const qsc_encoding_t *encoding_ctx - = key->oqsx_encoding_ctx.encoding_ctx; -# ifdef NOPUBKEY_IN_PRIVKEY - // if the raw private key includes the public key, the optional - // part is needed, otherwise not. - int withoptional - = (encoding_ctx->raw_private_key_encodes_public_key ? 1 - : 0); -# else - int withoptional = 1; -# endif - int pubkey_available = withoptional; - if (oqsx_key_allocate_keymaterial(key, 1)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - if (pubkey_available) { - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - } - - if (qsc_decode( - encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, - (pubkey_available ? (unsigned char **)&key->pubkey : 0), - p, (unsigned char **)&key->privkey, withoptional) - != QSC_ENC_OK) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - - } else { -#endif #ifdef NOPUBKEY_IN_PRIVKEY - if (actualprivkeylen != plen) { - OQS_KEY_PRINTF3( - "OQSX KEY: private key with unexpected length %d vs %d\n", - plen, (int)(actualprivkeylen)); + if (actualprivkeylen != plen) { + OQS_KEY_PRINTF3( + "OQSX KEY: private key with unexpected length %d vs %d\n", + plen, (int)(actualprivkeylen)); #else if (actualprivkeylen + oqsx_key_get_oqs_public_key_len(key) != plen) { @@ -870,42 +807,39 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); #endif - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - if (oqsx_key_allocate_keymaterial(key, 1) + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + if (oqsx_key_allocate_keymaterial(key, 1) #ifndef NOPUBKEY_IN_PRIVKEY - || oqsx_key_allocate_keymaterial(key, 0) + || oqsx_key_allocate_keymaterial(key, 0) #endif - ) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - // first populate private key data - memcpy(key->privkey, p, actualprivkeylen); + ) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + // first populate private key data + memcpy(key->privkey, p, actualprivkeylen); #ifndef NOPUBKEY_IN_PRIVKEY - // only enough data to fill public OQS key component - if (oqsx_key_get_oqs_public_key_len(key) - != plen - actualprivkeylen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - // populate OQS public key structure - if (key->numkeys == 2) { - unsigned char *pubkey = (unsigned char *)key->pubkey; - ENCODE_UINT32(pubkey, key->evp_info->length_public_key); - memcpy(pubkey + SIZE_OF_UINT32 - + key->evp_info->length_public_key, - p + actualprivkeylen, plen - actualprivkeylen); - } else - memcpy(key->pubkey, p + key->privkeylen, - plen - key->privkeylen); -#endif + // only enough data to fill public OQS key component + if (oqsx_key_get_oqs_public_key_len(key) + != plen - actualprivkeylen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; } + // populate OQS public key structure + if (key->numkeys == 2) { + unsigned char *pubkey = (unsigned char *)key->pubkey; + ENCODE_UINT32(pubkey, key->evp_info->length_public_key); + memcpy(pubkey + SIZE_OF_UINT32 + + key->evp_info->length_public_key, + p + actualprivkeylen, plen - actualprivkeylen); + } else + memcpy(key->pubkey, p + key->privkeylen, + plen - key->privkeylen); +#endif } -#ifdef USE_ENCODING_LIB } -#endif if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey(key, op)) goto err_key_op; @@ -1352,9 +1286,6 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *) = {oqshybkem_init_ecp, oqshybkem_init_ecx}; -#ifdef USE_ENCODING_LIB -extern const char *oqs_alg_encoding_list[]; -#endif extern const char *oqs_oid_alg_list[]; OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, @@ -1400,25 +1331,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } -#ifdef USE_ENCODING_LIB - if (alg_idx >= 0 && oqs_alg_encoding_list[2 * alg_idx] != NULL - && oqs_alg_encoding_list[2 * alg_idx + 1] != NULL) { - if (qsc_encoding_by_name_oid(&ret->oqsx_encoding_ctx.encoding_ctx, - &ret->oqsx_encoding_ctx.encoding_impl, - oqs_alg_encoding_list[2 * alg_idx + 1], - oqs_alg_encoding_list[2 * alg_idx]) - != QSC_ENC_OK) { - fprintf( - stderr, - "Could not create OQS signature encoding algorithm %s (%s, %s).\n", - oqs_alg_encoding_list[2 * alg_idx + 1], oqs_name, - oqs_alg_encoding_list[2 * alg_idx]); - ret->oqsx_encoding_ctx.encoding_ctx = NULL; - ret->oqsx_encoding_ctx.encoding_impl = NULL; - goto err; - } - } -#endif ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen diff --git a/scripts/runtests_encodings.sh b/scripts/runtests_encodings.sh deleted file mode 100755 index bf15d562..00000000 --- a/scripts/runtests_encodings.sh +++ /dev/null @@ -1,29 +0,0 @@ -#/bin/bash - -OQS_ENCODING_DILITHIUM2=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_DILITHIUM3=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_DILITHIUM5=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_DILITHIUM2_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_DILITHIUM3_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_DILITHIUM5_AES=draft-uni-qsckeys-dilithium-00/sk-pk \ -OQS_ENCODING_FALCON512=draft-uni-qsckeys-falcon-00/sk-pk \ -OQS_ENCODING_FALCON1024=draft-uni-qsckeys-falcon-00/sk-pk \ -OQS_ENCODING_SPHINCSHARAKA128FROBUST=draft-uni-qsckeys-sphincsplus-00/sk-pk \ -OQS_ENCODING_SPHINCSHARAKA128FSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ -OQS_ENCODING_SPHINCSSHA256128FROBUST=draft-uni-qsckeys-sphincsplus-00/sk-pk \ -OQS_ENCODING_SPHINCSSHA256128SSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ -OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE=draft-uni-qsckeys-sphincsplus-00/sk-pk \ -OQS_ENCODING_DILITHIUM2_ALGNAME=Dilithium2 \ -OQS_ENCODING_DILITHIUM3_ALGNAME=Dilithium3 \ -OQS_ENCODING_DILITHIUM5_ALGNAME=Dilithium5 \ -OQS_ENCODING_DILITHIUM2_AES_ALGNAME=Dilithium2_AES \ -OQS_ENCODING_DILITHIUM3_AES_ALGNAME=Dilithium3_AES \ -OQS_ENCODING_DILITHIUM5_AES_ALGNAME=Dilithium5_AES \ -OQS_ENCODING_FALCON512_ALGNAME=Falcon512 \ -OQS_ENCODING_FALCON1024_ALGNAME=Falcon1024 \ -OQS_ENCODING_SPHINCSHARAKA128FROBUST_ALGNAME=sphincs-haraka-128f-robust \ -OQS_ENCODING_SPHINCSHARAKA128FSIMPLE_ALGNAME=sphincs-haraka-128f-simple \ -OQS_ENCODING_SPHINCSSHA256128FROBUST_ALGNAME=sphincs-sha256-128f-robust \ -OQS_ENCODING_SPHINCSSHA256128SSIMPLE_ALGNAME=sphincs-sha256-128s-simple \ -OQS_ENCODING_SPHINCSSHAKE256128FSIMPLE_ALGNAME=sphincs-shake256-128f-simple \ -scripts/runtests.sh $@ \ No newline at end of file diff --git a/test/oqs_test_evp_pkey_params.c b/test/oqs_test_evp_pkey_params.c index 6cf04994..aadfeca9 100644 --- a/test/oqs_test_evp_pkey_params.c +++ b/test/oqs_test_evp_pkey_params.c @@ -19,32 +19,8 @@ /** \brief List of hybrid signature algorithms. */ const char *kHybridSignatureAlgorithms[] = { - "p256_dilithium2", - "rsa3072_dilithium2", - "p384_dilithium3", - "p521_dilithium5", - "p256_mldsa44", - "rsa3072_mldsa44", - "p384_mldsa65", - "p521_mldsa87", - "p256_falcon512", - "rsa3072_falcon512", - "p256_falconpadded512", - "rsa3072_falconpadded512", - "p521_falcon1024", - "p521_falconpadded1024", - "p256_sphincssha2128fsimple", - "rsa3072_sphincssha2128fsimple", - "p256_sphincssha2128ssimple", - "rsa3072_sphincssha2128ssimple", - "p384_sphincssha2192fsimple", - "p256_sphincsshake128fsimple", - "rsa3072_sphincsshake128fsimple", - "p256_mayo1", - "p256_mayo2", - "p384_mayo3", - "p521_mayo5", - NULL, +"p256_dilithium2","rsa3072_dilithium2","p384_dilithium3","p521_dilithium5","p256_mldsa44","rsa3072_mldsa44","p384_mldsa65","p521_mldsa87","p256_falcon512","rsa3072_falcon512","p256_falconpadded512","rsa3072_falconpadded512","p521_falcon1024","p521_falconpadded1024","p256_sphincssha2128fsimple","rsa3072_sphincssha2128fsimple","p256_sphincssha2128ssimple","rsa3072_sphincssha2128ssimple","p384_sphincssha2192fsimple","p256_sphincsshake128fsimple","rsa3072_sphincsshake128fsimple","p256_mayo1","p256_mayo2","p384_mayo3","p521_mayo5", +NULL, }; ///// OQS_TEMPLATE_FRAGMENT_HYBRID_SIG_ALGS_END @@ -52,19 +28,43 @@ const char *kHybridSignatureAlgorithms[] = { /** \brief List of hybrid KEMs. */ const char *kHybridKEMAlgorithms[] = { - "p256_frodo640aes", "x25519_frodo640aes", "p256_frodo640shake", - "x25519_frodo640shake", "p384_frodo976aes", "x448_frodo976aes", - "p384_frodo976shake", "x448_frodo976shake", "p521_frodo1344aes", - "p521_frodo1344shake", "p256_kyber512", "x25519_kyber512", - "p384_kyber768", "x448_kyber768", "x25519_kyber768", - "p256_kyber768", "p521_kyber1024", "p256_mlkem512", - "x25519_mlkem512", "p384_mlkem768", "x448_mlkem768", - "x25519_mlkem768", "p256_mlkem768", "p521_mlkem1024", - "p384_mlkem1024", "p256_bikel1", "x25519_bikel1", - "p384_bikel3", "x448_bikel3", "p521_bikel5", - "p256_hqc128", "x25519_hqc128", "p384_hqc192", - "x448_hqc192", "p521_hqc256", NULL, -}; ///// OQS_TEMPLATE_FRAGMENT_HYBRID_KEM_ALGS_END + "p256_frodo640aes", + "x25519_frodo640aes", + "p256_frodo640shake", + "x25519_frodo640shake", + "p384_frodo976aes", + "x448_frodo976aes", + "p384_frodo976shake", + "x448_frodo976shake", + "p521_frodo1344aes", + "p521_frodo1344shake", + "p256_kyber512", + "x25519_kyber512", + "p384_kyber768", + "x448_kyber768", + "x25519_kyber768", + "p256_kyber768", + "p521_kyber1024", + "p256_mlkem512", + "x25519_mlkem512", + "p384_mlkem768", + "x448_mlkem768", + "x25519_mlkem768", + "p256_mlkem768", + "p521_mlkem1024", + "p384_mlkem1024", + "p256_bikel1", + "x25519_bikel1", + "p384_bikel3", + "x448_bikel3", + "p521_bikel5", + "p256_hqc128", + "x25519_hqc128", + "p384_hqc192", + "x448_hqc192", + "p521_hqc256", +NULL, +};///// OQS_TEMPLATE_FRAGMENT_HYBRID_KEM_ALGS_END /** \brief Indicates if a string is in a given list of strings. *