From 6d3ed8806d0c8e012c571b22f9138e3162995059 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 21 Sep 2023 15:48:42 +0200 Subject: [PATCH 001/164] Create CODE_OF_CONDUCT.md (#258) Further improvement of Community standards Signed-off-by: Felipe Ventura --- CODE_OF_CONDUCT.md | 128 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..dd0ce2b5 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +conduct@openquantumsafe.org. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. From 659abf81bc5e9a39a77909b9f41e2b059b4cf943 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 22 Sep 2023 07:51:25 +0200 Subject: [PATCH 002/164] adding contributing guideline (#259) * adding contributing guideline * adding further dev support information Signed-off-by: Felipe Ventura --- CONTRIBUTING.md | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ DEVELOPMENT.md | 58 ++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 CONTRIBUTING.md create mode 100644 DEVELOPMENT.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..bcd1793f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,78 @@ +# Contributing + +The OQS core team welcomes all proposals to improve this project. This may take +the form of [a discussion](https://github.com/open-quantum-safe/oqs-provider/discussions) +for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/oqs-provider/issues) +as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/oqs-provider/pulls). + +## Review and Feedback + +We aim to provide timely feedback to any input. If you are uncertain as to whether +a particular contribution is welcome, needed or timely, please first open an [issue](https://github.com/open-quantum-safe/oqs-provider/issues) +particularly in case of possible bugs or new feature requests or create a +[discussion](https://github.com/open-quantum-safe/oqs-provider/discussions). + +## Pull requests + +Pull requests should clearly state their purpose, possibly referencing an existing +[issue](https://github.com/open-quantum-safe/oqs-provider/issues) when resolving it. + +All PRs should move to "Ready for Review" stage only if all CI tests pass (are green). + +The OQS core team is happy to provide feedback also to Draft PRs in order to improve +them before the final "Review" stage. + +### Coding style + +This project has adopted the [OpenSSL coding style](https://www.openssl.org/policies/technical/coding-style.html). +To check adherence of any new code to this, it therefore is highly recommended to +run the following command in the project main directory prior to finishing a PR: + + find oqsprov -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format --dry-run --Werror + +### Running CI locally + +#### CircleCI + +If encountering CI errors in CircleCI, it may be helpful to execute the test jobs +locally to debug. This can be facilitated by executing the command + + circleci local execute --job some-test-job + +assuming "some-test-job" is the name of the test to be executed and the CircleCI +[command line tools have been installed](https://circleci.com/docs/local-cli). + +#### Github CI + +[Act](https://github.com/nektos/act) is a tool facilitating local execution of +github CI jobs. When executed in the main `oqsprovider` directory, + + act -l Displays all github CI jobs + act -j some-job Executes "some-job" + +When installing `act` as a github extension, prefix the commands with `gh `. + +### New features + +Any PR introducing a new feature is expected to contain a test of this feature +and this test should be part of the CI pipeline, preferably using Github CI. + +## Background knowledge + +New contributors are recommended to first check out documentation of the +[OpenSSL provider concept](https://www.openssl.org/docs/man3.0/man7/provider.html) +as well as the baseline API of [liboqs](https://github.com/open-quantum-safe/liboqs) +which are the two core foundations for this project. + +## Failsafe + +If you feel your contribution is not getting proper attention, please be sure to +add a tag to one or more of our [most active contributors](https://github.com/open-quantum-safe/oqs-provider/graphs/contributors). + +## Issues to start working on + +If you feel like contributing but don't know what specific topic to work on, +please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/oqs-provider/issues). + + + diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 00000000..8be3fb56 --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,58 @@ +# Development guidelines + +## Basics + +Every developer has their own coding style and diversity in general is good and welcome. + +We nevertheless do try to follow some basic goals in this project: + +- All pieces should be readable / understandable without having to comprehend all parts first. +- Therefore, comments (incl. cross references where sensible) are encouraged. +- For syntactical legibility the project adopted the [OpenSSL coding convention](https://www.openssl.org/policies/technical/coding-style.html) +- Tooling exists to validate the coding convention: Simply execute `clang-format --dry-run --Werror file-to-test` +- Platform-specific code should be avoided to the greatest extent possible as the project aims to run correctly at least on Linux, MacOS and Windows (x64 and aarch64 architectures). + +## Generated code + +Significant parts of the code are generated via the script `oqs-template/generate.py`. +This script serves to import a specific version of [liboqs](https://github.com/open-quantum-safe/liboqs) +into `oqsprovider`. Most notably the control file `oqs-template/generate.yml` has to be +in sync with the specific `liboqs` version: algorithm IDs, e.g., signature algorithm +OIDs need to be aligned with the specific algorithm code version. +Therefore, no code within the generator brackets must be changed: + +``` +///// OQS_TEMPLATE_FRAGMENT_..._START +... +///// OQS_TEMPLATE_FRAGMENT_..._END +``` + +If such code changes are required they have to be implemented in the generator code +fragments located in the `oqs-template` directory. + +During normal code development it is very unlikely any of these files need to be touched. + +## Plain build + +If the prerequisites for `oqsprovider` are met on a development machine, i.e. +presence of `liboqs` and `openssl` (v.3) the build can simply be executed by +running `scripts/fullbuild.sh`. Various parameters exist and are documented +in the script to adapt to a specific build environment and in [the documentation](CONFIGURE.md#convenience-build-script-options). +The script can also be used to build a specific `openssl` and a specific `liboqs` +version as well as debug versions of all components. + +## Plain test + +All tests meant for local feature testing are integrated/made available for +execution in the script `scripts/runtest.sh`. PRs should only be considered +if all tests pass locally as the CI system uses them too. + +## Debugging + +Project-specific debugging facilities are documented in [the wiki](https://github.com/open-quantum-safe/oqs-provider/wiki/Debugging). + +For "classic" `gdb` style debugging, be certain to set "-DCMAKE_BUILD_TYPE=Debug" +when building `oqsprovider` and `-d` when configuring `openssl` (see +"scripts/fullbuild.sh" for further information where best to do this). + + From 07d5ebd9eea3c3b1cface02e256e602f8ac4285a Mon Sep 17 00:00:00 2001 From: qnfm <104289862+qnfm@users.noreply.github.com> Date: Sun, 24 Sep 2023 13:29:16 +0100 Subject: [PATCH 003/164] CI & cmake changes for Windows (#263) * Fix OQS_ADDL_SOCKET_LIBS setting for cmake * Test Windows 2019 with VS 16 2019 * Add path for VS * Avoid openssl cache conflict * Add build type into matrix --------- Co-authored-by: a Signed-off-by: Felipe Ventura --- .github/workflows/windows.yml | 104 ++++++++++++++++++++++++++++++++++ CMakeLists.txt | 2 +- test/CMakeLists.txt | 4 ++ 3 files changed, 109 insertions(+), 1 deletion(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index e18da010..a5b187a6 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -199,3 +199,107 @@ jobs: name: oqs-provider-msvc path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll + msvc_native: +# Run a job for each of the specified target architectures: + strategy: + matrix: + os: + - windows-2019 + - windows-2022 + platform: + - arch: win64 + oqsconfig: -DOQS_ALGS_ENABLED=STD + osslconfig: no-shared no-fips VC-WIN64A + toolchain: + - .CMake/toolchain_windows_amd64.cmake + msarch: + - x64 + type: + - Debug + - Release + runs-on: ${{matrix.os}} + steps: + - name: Restore native OpenSSL32 cache + id: cache-openssl32n + uses: actions/cache@v3 + with: + path: c:\openssl32n + key: ${{ runner.os }}-msvcopenssl32n + - uses: actions/checkout@v3 + - name: Checkout OpenSSL master + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + uses: actions/checkout@v3 + with: + set-safe-directory: true + repository: openssl/openssl + path: openssl + - uses: actions/checkout@v3 + with: + set-safe-directory: true + repository: open-quantum-safe/liboqs + path: liboqs + - uses: ilammy/msvc-dev-cmd@v1 + with: + arch: ${{ matrix.platform.arch }} + - name: Add msbuild to PATH + uses: microsoft/setup-msbuild@v1 + with: + msbuild-architecture: ${{matrix.msarch}} + vs-version: '[16.10,]' + - name: Setup nasm for OpenSSL build + uses: ilammy/setup-nasm@v1 + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + with: + platform: ${{ matrix.platform.arch }} + - name: Setup perl for OpenSSL build + uses: shogo82148/actions-setup-perl@v1 + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + - name: build liboqs + run: | + cmake --version + cmake -B build --toolchain ${{ matrix.toolchain }} . + cmake --build build + cmake --build build --target INSTALL + working-directory: liboqs + - name: prepare the OpenSSL build directory + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + run: mkdir _build + working-directory: openssl + - name: OpenSSL config + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + working-directory: openssl\_build + run: | + perl ..\Configure --banner=Configured --prefix=c:\openssl32n no-makedepend ${{ matrix.platform.osslconfig }} + perl configdata.pm --dump + - name: OpenSSL build + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + working-directory: openssl\_build + run: nmake /S + - name: OpenSSL install +# Run on 64 bit only as 32 bit is slow enough already + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + run: | + mkdir c:\openssl32n + nmake install_sw + working-directory: openssl\_build + - name: Save OpenSSL + id: cache-openssl-save + if: steps.cache-openssl32n.outputs.cache-hit != 'true' + uses: actions/cache/save@v3 + with: + path: | + c:\openssl32n + key: ${{ runner.os }}-msvcopenssl32n + - name: build oqs-provider + run: | + cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build + cmake --build _build --config=${{ matrix.type }} + - name: Run tests + run: | + ctest --test-dir _build -C ${{ matrix.type }} + - name: Retain oqsprovider.dll + uses: actions/upload-artifact@v3 + with: + name: oqs-provider-msvc + path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll + diff --git a/CMakeLists.txt b/CMakeLists.txt index cbabf462..002a4e9c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,7 +19,7 @@ if(MSVC) "${CMAKE_EXE_LINKER_FLAGS} /NODEFAULTLIB:LIBCMT") add_definitions(-DOQS_PROVIDER_NOATOMIC) add_definitions(-D_CRT_SECURE_NO_WARNINGS) - set(OQS_ADDL_SOCKET_LIBS "ws2_32.lib gdi32.lib crypt32.lib") + set(OQS_ADDL_SOCKET_LIBS ws2_32.lib gdi32.lib crypt32.lib) else() add_compile_options(-Wunused-function) set(OQS_ADDL_SOCKET_LIBS "") diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index b39796ec..1c5fd96a 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,5 +1,9 @@ include(GNUInstallDirs) +if (CMAKE_GENERATOR MATCHES "Visual Studio") +set(OQS_PROV_BINARY_DIR ${CMAKE_BINARY_DIR}/lib/${CMAKE_BUILD_TYPE}) +else() set(OQS_PROV_BINARY_DIR ${CMAKE_BINARY_DIR}/lib) +endif() add_test( NAME oqs_signatures From 914844b1d1bd45619554e291932f23eca527c63d Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 22 Jul 2022 13:05:14 -0400 Subject: [PATCH 004/164] Attempt to add Dilithium5+Falcon1024 as Composite Method Signed-off-by: Felipe Ventura --- oqsprov/oqs_kmgmt.c | 1 + oqsprov/oqs_prov.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 39c2b673..b94dbfbe 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -855,6 +855,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 22); } + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1a8a74f4..e1ddc14d 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -142,7 +142,8 @@ enum oqsx_key_type_en { KEY_TYPE_KEM, KEY_TYPE_ECP_HYB_KEM, KEY_TYPE_ECX_HYB_KEM, - KEY_TYPE_HYB_SIG + KEY_TYPE_HYB_SIG, + KEY_TYPE_CMP_SIG }; typedef enum oqsx_key_type_en OQSX_KEY_TYPE; From cc374ca15b1b328aa16ead344bc6c855d503ed19 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 22 Jul 2022 13:11:13 -0400 Subject: [PATCH 005/164] Added notes with usefull commands Signed-off-by: Felipe Ventura --- notes.txt | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 notes.txt diff --git a/notes.txt b/notes.txt new file mode 100644 index 00000000..f38caa07 --- /dev/null +++ b/notes.txt @@ -0,0 +1,33 @@ +###CREATE QUANTUM SAFE KEY PAIR + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl req -x509 -new -newkey p521_dilithium5 -keyout qsc.key -out qsc.crt -nodes -subj "/CN=oqstest" -days 365 -config /home/feventura/Documents/openssl/apps/openssl.cnf -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default + +###SIGN DATA + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -in test.txt -sign -signer qsc.crt -inkey qsc.key -nodetach -outform pem -binary -out signedfile -md sha512 -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider default -provider oqsprovider + +##VERIFY DATA + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -verify -CAfile qsc.crt -inform pem -in signedfile -crlfeol -out outputfile -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default + +##CREATE TEST SIGNATURE (from oqsprov/test) + +gcc oqs_test_signatures.c test_common.o -L ../openssl -lcrypto -o output_signatures + +##RUN TEST SIGNARURE (from oqsprov/test) + +./output_signatures oqsprovider /home/feventura/Documents/oqs-provider/test/oqs.cnf + +##IMPLEMENT CHANGES TO oqs_sig.c TO PROVIDER (from oqsprov/test) + +cd .. && cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && cd test/ + +##IMPLEMENT CHANGES THEN COMPILE AND RUN TEST (generic version, from oqsprov) + +cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf + +##IMPLEMENT CHANGES THEN BUILD DEPENDENCY LIBRARY THEN COMPILE AND RUN TEST (generic version, from oqsprov) + +cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc -Wall -c ./test/test_common.c && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf + + From f091743a7dfdb80076554aedfb80f471a134f424 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 1 Aug 2022 19:36:33 -0400 Subject: [PATCH 006/164] Composite mechanisms added Signed-off-by: Felipe Ventura --- oqsprov/oqs_kmgmt.c | 15 +++++++++++- oqsprov/oqs_prov.h | 1 + oqsprov/oqsprov_keys.c | 53 ++++++++++++++++++++++++++++++++++++++---- 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index b94dbfbe..5c02760f 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -73,6 +73,7 @@ struct oqsx_gen_ctx { OSSL_LIB_CTX *libctx; char *propq; char *oqs_name; + char *cmp_name; char *tls_name; int primitive; int selection; @@ -462,11 +463,23 @@ static void *oqsx_gen_init(void *provctx, int selection, char *oqs_name, OSSL_LIB_CTX *libctx = PROV_OQS_LIBCTX_OF(provctx); struct oqsx_gen_ctx *gctx = NULL; + OQS_KM_PRINTF2("OQSKEYMGMT: gen_init called for key %s \n", oqs_name); + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; - gctx->oqs_name = OPENSSL_strdup(oqs_name); + gctx->cmp_name = NULL; + if (primitive != KEY_TYPE_CMP_SIG) + gctx->oqs_name = OPENSSL_strdup(oqs_name); + else { + char* cmp_name = malloc(sizeof(oqs_name) + 1); + strcpy(cmp_name,oqs_name); + cmp_name = strtok(cmp_name, "_"); + gctx->oqs_name = OPENSSL_strdup(cmp_name); + cmp_name = strtok (NULL, "_"); + gctx->cmp_name = OPENSSL_strdup(cmp_name); + } gctx->tls_name = OPENSSL_strdup(tls_name); gctx->primitive = primitive; gctx->selection = selection; diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index e1ddc14d..1db46c00 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -159,6 +159,7 @@ struct oqsx_key_st { #ifdef USE_ENCODING_LIB OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif + OQSX_PROVIDER_CTX oqsx_provider_ctx_cmp; EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index d240c300..1069d355 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -43,8 +43,9 @@ typedef enum { typedef struct { int nid; - char *tlsname; - char *oqsname; + char* tlsname; + char* oqsname; + char* cmpname; int keytype; int secbits; } oqs_nid_name_t; @@ -134,6 +135,15 @@ static char *get_oqsname(int nid) return 0; } +static char* get_cmpname(int nid) { + int i; + for(i=0;ilibctx = libctx; } @@ -255,6 +266,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int plen, oqsx_key_op_t op, OSSL_LIB_CTX *libctx, const char *propq) { + printf("7"); OQSX_KEY *key = NULL; void **privkey, **pubkey; int nid = NID_undef; @@ -493,6 +505,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, const char *propq) { + printf("8"); const unsigned char *p; int plen; X509_ALGOR *palg; @@ -508,6 +521,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { + printf("9"); OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; @@ -559,6 +573,7 @@ static const OQSX_EVP_INFO nids_ecx[] = { static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, char *algname) { + printf("-10-"); int ret = 1; int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 2, err); @@ -602,6 +617,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { + printf("-11-"); int ret = 1; int idx = 0; while (idx < sizeof(OQSX_ECP_NAMES)) { @@ -632,6 +648,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { + printf("-12-"); int ret = 1; int idx = 0; @@ -668,6 +685,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { + printf("-13-"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; int ret2 = 0; @@ -809,8 +827,29 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, + evp_ctx->evp_info->length_public_key; ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; - ret->evp_info = evp_ctx->evp_info; - break; + ret->evp_info = evp_ctx->evp_info; + break; + case KEY_TYPE_CMP_SIG: + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { + fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", oqs_name); + goto err; + } + + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); + if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) { + fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?B\n", cmp_name); + goto err; + } + + ret->numkeys = 2; + ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + ret->keytype = primitive; + + break; default: OQS_KEY_PRINTF2("OQSX_KEY: Unknown key type encountered: %d\n", primitive); @@ -839,6 +878,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, void oqsx_key_free(OQSX_KEY *key) { + printf("-14-"); int refcnt; if (key == NULL) @@ -888,6 +928,7 @@ void oqsx_key_free(OQSX_KEY *key) int oqsx_key_up_ref(OQSX_KEY *key) { + printf("-15-"); int refcnt; #ifndef OQS_PROVIDER_NOATOMIC @@ -907,6 +948,7 @@ int oqsx_key_up_ref(OQSX_KEY *key) int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) { + printf("-16-"); int ret = 0; if (!key->privkey && include_private) { @@ -924,6 +966,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { + printf("-17-"); const OSSL_PARAM *p; OQS_KEY_PRINTF("OQSX Key from data called\n"); @@ -989,6 +1032,7 @@ static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *privkey) { + printf("-19-"); int ret = 0, ret2 = 0; // Free at errhyb: @@ -1066,6 +1110,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, * OQSX_KEY */ int oqsx_key_gen(OQSX_KEY *key) { + printf("-20-"); int ret = 0; EVP_PKEY *pkey = NULL; From c0aaed3f5983fee978a1bb18fcf4f8ba5c54929b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Wed, 3 Aug 2022 17:25:22 -0400 Subject: [PATCH 007/164] Composite Dilithium5+Falcon1024 working in test case Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 2 +- oqsprov/oqs_sig.c | 84 ++++++++++++++++++++++++++++++++++-------- oqsprov/oqsprov_keys.c | 74 +++++++++++++++++++++++-------------- 3 files changed, 115 insertions(+), 45 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1db46c00..f47b761b 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -176,7 +176,7 @@ struct oqsx_key_st { #endif int references; - /* point to actual priv key material -- classic key, if present, first + /* point to actual priv key material -- classic key, if present, first, unless is composite * i.e., OQS key always at comp_*key[numkeys-1] */ void **comp_privkey; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 69e4ff04..efb569dc 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -210,16 +210,19 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; + printf("OQS SIG provider: sign called for %ld bytes\n", tbslen); OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); int is_hybrid = evpkey != NULL; + int is_composite = cmp_key != NULL; size_t max_sig_len = oqs_key->length_signature; - size_t classical_sig_len = 0, oqs_sig_len = 0; - size_t actual_classical_sig_len = 0; + size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; + size_t actual_classical_sig_len = 0, actual_oqs_sig_len = 0; size_t index = 0; int rv = 0; @@ -231,6 +234,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, actual_classical_sig_len = oqsxkey->evp_info->length_signature; max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); } + if (is_composite) + max_sig_len += (SIZE_OF_UINT32 + cmp_key->length_signature); + if (sig == NULL) { *siglen = max_sig_len; @@ -316,21 +322,44 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, index += classical_sig_len; } - if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, - oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) - != OQS_SUCCESS) { + if (is_composite){ + printf("A\n"); + if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; - } - *siglen = classical_sig_len + oqs_sig_len; - OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", - *siglen); + } + + printf("B\n" ); + + ENCODE_UINT32(sig, actual_oqs_sig_len); + oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; + index += oqs_sig_len; + + printf("C\n" ); + + if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } + printf("D\n" ); + } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, + oqsxkey->comp_privkey[oqsxkey->numkeys-1]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } + + + *siglen = classical_sig_len + oqs_sig_len + cmp_sig_len; + printf("OQS SIG provider: signing completes with size %ld\n", *siglen); + OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", *siglen); rv = 1; /* success */ endsign: if (classical_ctx_sign) { EVP_PKEY_CTX_free(classical_ctx_sign); } + printf("rv %i\n", rv); return rv; } @@ -341,12 +370,14 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; EVP_PKEY_CTX *ctx_verify = NULL; int is_hybrid = evpkey != NULL; - size_t classical_sig_len = 0; + int is_composite = cmp_key != NULL; + size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; int rv = 0; @@ -426,18 +457,39 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, classical_sig_len = SIZE_OF_UINT32 + actual_classical_sig_len; index += classical_sig_len; } + if(is_composite){ + size_t actual_oqs_sig_len = 0; + DECODE_UINT32(actual_oqs_sig_len, sig); + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + SIZE_OF_UINT32, actual_oqs_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + + oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; + index += oqs_sig_len; + + if (OQS_SIG_verify(cmp_key, tbs, tbslen, sig + index, + siglen - oqs_sig_len, + oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } - if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) { + + } else { + if (!oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); goto endverify; - } - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, - siglen - classical_sig_len, - oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) + } + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, + siglen - classical_sig_len, + oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; - } + } + } rv = 1; endverify: diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 1069d355..919e54f7 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -211,7 +211,7 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx) void oqsx_key_set0_libctx(OQSX_KEY *key, OSSL_LIB_CTX *libctx) { - printf("4"); + printf("4\n"); key->libctx = libctx; } @@ -266,7 +266,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int plen, oqsx_key_op_t op, OSSL_LIB_CTX *libctx, const char *propq) { - printf("7"); + printf("7\n"); OQSX_KEY *key = NULL; void **privkey, **pubkey; int nid = NID_undef; @@ -505,7 +505,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, const char *propq) { - printf("8"); + printf("8\n"); const unsigned char *p; int plen; X509_ALGOR *palg; @@ -521,7 +521,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { - printf("9"); + printf("9\n"); OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; @@ -573,7 +573,7 @@ static const OQSX_EVP_INFO nids_ecx[] = { static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, char *algname) { - printf("-10-"); + printf("10\n"); int ret = 1; int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 2, err); @@ -617,7 +617,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("-11-"); + printf("11\n"); int ret = 1; int idx = 0; while (idx < sizeof(OQSX_ECP_NAMES)) { @@ -648,7 +648,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("-12-"); + printf("12\n"); int ret = 1; int idx = 0; @@ -685,7 +685,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { - printf("-13-"); + printf("13\n"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; int ret2 = 0; @@ -845,8 +845,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + ret->privkeylen = (ret->numkeys-1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen = (ret->numkeys-1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; ret->keytype = primitive; break; @@ -861,6 +861,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->tls_name = OPENSSL_strdup(tls_name); ret->bit_security = bit_security; + if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); @@ -878,9 +879,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, void oqsx_key_free(OQSX_KEY *key) { - printf("-14-"); + printf("14\n"); int refcnt; - if (key == NULL) return; @@ -919,6 +919,10 @@ void oqsx_key_free(OQSX_KEY *key) EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); + } + if(key->keytype == KEY_TYPE_CMP_SIG){ + OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); } #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); @@ -928,7 +932,7 @@ void oqsx_key_free(OQSX_KEY *key) int oqsx_key_up_ref(OQSX_KEY *key) { - printf("-15-"); + printf("15\n"); int refcnt; #ifndef OQS_PROVIDER_NOATOMIC @@ -948,7 +952,7 @@ int oqsx_key_up_ref(OQSX_KEY *key) int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) { - printf("-16-"); + printf("16\n"); int ret = 0; if (!key->privkey && include_private) { @@ -966,7 +970,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { - printf("-17-"); + printf("17\n"); const OSSL_PARAM *p; OQS_KEY_PRINTF("OQSX Key from data called\n"); @@ -1014,16 +1018,25 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], } // OQS key always the last of the numkeys comp keys -static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) -{ - if (gen_kem) - return OQS_KEM_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.kem, - key->comp_pubkey[key->numkeys - 1], - key->comp_privkey[key->numkeys - 1]); - else - return OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys - 1], - key->comp_privkey[key->numkeys - 1]); +static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { +printf("18\n"); + if (gen_kem) + return OQS_KEM_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.kem, + key->comp_pubkey[key->numkeys-1], + key->comp_privkey[key->numkeys-1]); + else { + if (key->keytype == KEY_TYPE_CMP_SIG) + return -(OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, + key->comp_pubkey[key->numkeys-2], + key->comp_privkey[key->numkeys-2]) + || OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, + key->comp_pubkey[key->numkeys-1], + key->comp_privkey[key->numkeys-1])); + + return OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, + key->comp_pubkey[key->numkeys-1], + key->comp_privkey[key->numkeys-1]); + } } /* Generate classic keys, store length in leading SIZE_OF_UINT32 bytes of @@ -1032,7 +1045,7 @@ static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *privkey) { - printf("-19-"); + printf("19\n"); int ret = 0, ret2 = 0; // Free at errhyb: @@ -1110,7 +1123,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, * OQSX_KEY */ int oqsx_key_gen(OQSX_KEY *key) { - printf("-20-"); + printf("20\n"); int ret = 0; EVP_PKEY *pkey = NULL; @@ -1143,7 +1156,8 @@ int oqsx_key_gen(OQSX_KEY *key) pkey = NULL; ret = oqsx_key_gen_oqs(key, 1); } - } else if (key->keytype == KEY_TYPE_SIG) { + } else if (key->keytype == KEY_TYPE_SIG + || key->keytype == KEY_TYPE_CMP_SIG) { ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); @@ -1178,6 +1192,10 @@ int oqsx_key_maxsize(OQSX_KEY *key) return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; + case KEY_TYPE_CMP_SIG: + return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature + + key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature + + SIZE_OF_UINT32; default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; From 68f3aee5a6c2069f661323288256502539516756 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 20 Sep 2022 18:20:56 -0400 Subject: [PATCH 008/164] working falcon+dilithium Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 22 ++++++++++++++++++++-- oqsprov/oqs_kmgmt.c | 11 ++--------- oqsprov/oqs_sig.c | 8 -------- oqsprov/oqsprov_keys.c | 5 +++-- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index ca545dd8..ed95d5aa 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -78,6 +78,7 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, void *params, int params_type, i2d_of_void *k2d) { + printf("e2\n" ); /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; int derlen; @@ -105,6 +106,7 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, struct key2any_ctx_st *ctx) { + printf("e3\n" ); X509_SIG *p8 = NULL; char kstr[PEM_BUFSIZE]; size_t klen = 0; @@ -149,6 +151,7 @@ static X509_PUBKEY *oqsx_key_to_pubkey(const void *key, int key_nid, void *params, int params_type, i2d_of_void k2d) { + printf("e5\n" ); /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; int derlen; @@ -197,6 +200,7 @@ static int key_to_epki_der_priv_bio(BIO *out, const void *key, int key_nid, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e6\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -225,6 +229,7 @@ static int key_to_epki_pem_priv_bio(BIO *out, const void *key, int key_nid, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e7\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -252,6 +257,7 @@ static int key_to_pki_der_priv_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e8\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -283,6 +289,7 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e9\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -314,6 +321,7 @@ static int key_to_spki_der_pub_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e10\n" ); int ret = 0; OQSX_KEY *okey = (OQSX_KEY *)key; X509_PUBKEY *xpk = NULL; @@ -339,6 +347,7 @@ static int key_to_spki_pem_pub_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { + printf("e11\n" ); int ret = 0; X509_PUBKEY *xpk = NULL; void *str = NULL; @@ -461,6 +470,7 @@ called\n"); static int prepare_oqsx_params(const void *oqsxkey, int nid, int save, void **pstr, int *pstrtype) { + printf("e12\n" ); ASN1_OBJECT *params = NULL; OQSX_KEY *k = (OQSX_KEY *)oqsxkey; @@ -728,6 +738,7 @@ static OSSL_FUNC_decoder_freectx_fn key2any_freectx; static void *key2any_newctx(void *provctx) { + printf("e15\n" ); struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); OQS_ENC_PRINTF("OQS ENC provider: key2any_newctx called\n"); @@ -742,6 +753,7 @@ static void *key2any_newctx(void *provctx) static void key2any_freectx(void *vctx) { + printf("e16\n" ); struct key2any_ctx_st *ctx = vctx; OQS_ENC_PRINTF("OQS ENC provider: key2any_freectx called\n"); @@ -752,6 +764,7 @@ static void key2any_freectx(void *vctx) static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) { + printf("e17\n" ); static const OSSL_PARAM settables[] = { OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), @@ -765,6 +778,7 @@ static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { + printf("e18\n" ); struct key2any_ctx_st *ctx = vctx; OSSL_LIB_CTX *libctx = ctx->provctx->libctx; const OSSL_PARAM *cipherp @@ -801,12 +815,13 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; } } - OQS_ENC_PRINTF2(" cipher set to %p: \n", ctx->cipher); + printf(" cipher set to %p: \n", ctx->cipher); return 1; } static int key2any_check_selection(int selection, int selection_mask) { + printf("e19\n" ); /* * The selections are kinda sorta "levels", i.e. each selection given * here is assumed to include those following. @@ -851,6 +866,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, key_to_paramstring_fn *key2paramstring, i2d_of_void *key2der) { + printf("e20\n" ); int ret = 0; int type = OBJ_sn2nid(typestr); OQSX_KEY *oqsk = (OQSX_KEY *)key; @@ -863,6 +879,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, if (key == NULL || type <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); + printf("HERE\n" ); } else if (writer != NULL) { // Is ref counting really needed? For now, do it as per // https://beta.openssl.org/docs/manmaster/man3/BIO_new_from_core_bio.html: @@ -880,7 +897,8 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, } else { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); } - OQS_ENC_PRINTF2(" encode result: %d\n", ret); + printf(" encode result: %d\n", ret); +// OQS_ENC_PRINTF2(" encode result: %d\n", ret); return ret; } diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 5c02760f..7dbb842c 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -470,16 +470,9 @@ static void *oqsx_gen_init(void *provctx, int selection, char *oqs_name, if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; gctx->cmp_name = NULL; - if (primitive != KEY_TYPE_CMP_SIG) - gctx->oqs_name = OPENSSL_strdup(oqs_name); - else { - char* cmp_name = malloc(sizeof(oqs_name) + 1); - strcpy(cmp_name,oqs_name); - cmp_name = strtok(cmp_name, "_"); - gctx->oqs_name = OPENSSL_strdup(cmp_name); - cmp_name = strtok (NULL, "_"); + gctx->oqs_name = OPENSSL_strdup(oqs_name); + if (primitive == KEY_TYPE_CMP_SIG) gctx->cmp_name = OPENSSL_strdup(cmp_name); - } gctx->tls_name = OPENSSL_strdup(tls_name); gctx->primitive = primitive; gctx->selection = selection; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index efb569dc..25af0a15 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -215,7 +215,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; - printf("OQS SIG provider: sign called for %ld bytes\n", tbslen); OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); int is_hybrid = evpkey != NULL; @@ -323,25 +322,19 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_composite){ - printf("A\n"); if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } - printf("B\n" ); - ENCODE_UINT32(sig, actual_oqs_sig_len); oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; index += oqs_sig_len; - printf("C\n" ); - if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } - printf("D\n" ); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { @@ -351,7 +344,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, *siglen = classical_sig_len + oqs_sig_len + cmp_sig_len; - printf("OQS SIG provider: signing completes with size %ld\n", *siglen); OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", *siglen); rv = 1; /* success */ diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 919e54f7..649a7dfe 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -869,7 +869,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } - OQS_KEY_PRINTF2("OQSX_KEY: new key created: %p\n", ret); + printf("OQSX_KEY: new key created: %p\n", ret); return ret; err: ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); @@ -1160,7 +1160,8 @@ int oqsx_key_gen(OQSX_KEY *key) || key->keytype == KEY_TYPE_CMP_SIG) { ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); - ret = oqsx_key_gen_oqs(key, 0); + ret = oqsx_key_gen_oqs(key, 0); // 18 + printf("ret = %i\n", ret); } else { ret = 1; } From 0349f68f2f1c5ae93642552ccdad42466c3b6ebe Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 30 Sep 2022 11:02:46 -0400 Subject: [PATCH 009/164] Composite ASN1 structure Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 199 ++++++++++++++++++++++------------- oqsprov/oqs_prov.h | 7 +- oqsprov/oqsprov_keys.c | 13 ++- 3 files changed, 144 insertions(+), 75 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index ed95d5aa..38c57315 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -21,6 +21,7 @@ #include #include #include +#include "oqs_prov.h" #ifdef NDEBUG # define OQS_ENC_PRINTF(a) @@ -290,10 +291,11 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, struct key2any_ctx_st *ctx) { printf("e9\n" ); - int ret = 0; - void *str = NULL; + int ret = 0, cmp_len = 0; + void *str = NULL, *strc = NULL; int strtype = V_ASN1_UNDEF; - PKCS8_PRIV_KEY_INFO *p8info; + int strtypec = V_ASN1_UNDEF; + PKCS8_PRIV_KEY_INFO *p8info, *p8infoc; OQS_ENC_PRINTF("OQS ENC provider: key_to_pki_pem_priv_bio called\n"); @@ -304,12 +306,11 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; - p8info = key_to_p8info(key, key_nid, str, strtype, k2d); - - if (p8info != NULL) - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); - else - free_asn1_data(strtype, str); + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); + if (p8info != NULL) + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + else + free_asn1_data(strtype, str); PKCS8_PRIV_KEY_INFO_free(p8info); @@ -483,6 +484,9 @@ static int prepare_oqsx_params(const void *oqsxkey, int nid, int save, return 0; } + if (k->keytype == KEY_TYPE_CMP_SIG) + printf("AAAAAAAAAAAA\n" ); //oqsx_provider_ctx_cmp + if (nid != NID_undef) { params = OBJ_nid2obj(nid); if (params == NULL) @@ -553,7 +557,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) unsigned char *buf = NULL; int buflen = 0, privkeylen; ASN1_OCTET_STRING oct; - int keybloblen; + int keybloblen, keybloblenc; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -572,76 +576,125 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) // only concatenate private classic key (if any) and OQS private and public // key NOT saving public classic key component (if any) - privkeylen = oqsxkey->privkeylen; - if (oqsxkey->numkeys > 1) { // hybrid - int actualprivkeylen; - DECODE_UINT32(actualprivkeylen, oqsxkey->privkey); - if (actualprivkeylen > oqsxkey->evp_info->length_private_key) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - return 0; + if (oqsxkey->keytype != KEY_TYPE_CMP_SIG){ + privkeylen = oqsxkey->privkeylen; + if (oqsxkey->numkeys > 1) { // hybrid + int actualprivkeylen; + DECODE_UINT32(actualprivkeylen, oqsxkey->privkey); + if (actualprivkeylen > oqsxkey->evp_info->length_private_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return 0; + } + privkeylen + -= (oqsxkey->evp_info->length_private_key - actualprivkeylen); } - privkeylen - -= (oqsxkey->evp_info->length_private_key - actualprivkeylen); - } -#ifdef USE_ENCODING_LIB - if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL - && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { - const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; - int ret = 0; -# ifdef NOPUBKEY_IN_PRIVKEY - int withoptional - = (encoding_ctx->encoding_ctx->raw_private_key_encodes_public_key - ? 1 - : 0); -# else - int withoptional = 1; -# endif - buflen - = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes - : encoding_ctx->encoding_impl - ->crypto_secretkeybytes_nooptional); - buf = OPENSSL_secure_zalloc(buflen); - - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, - oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], 0, - oqsxkey->privkey, &buf, withoptional); - if (ret != QSC_ENC_OK) - return -1; - } else { -#endif -#ifdef NOPUBKEY_IN_PRIVKEY - buflen = privkeylen; + #ifdef USE_ENCODING_LIB + if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL + && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { + const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; + int ret = 0; + # ifdef NOPUBKEY_IN_PRIVKEY + int withoptional + = (encoding_ctx->encoding_ctx->raw_private_key_encodes_public_key + ? 1 + : 0); + # else + int withoptional = 1; + # endif + buflen + = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes + : encoding_ctx->encoding_impl + ->crypto_secretkeybytes_nooptional); + buf = OPENSSL_secure_zalloc(buflen); + + ret = qsc_encode(encoding_ctx->encoding_ctx, + encoding_ctx->encoding_impl, + oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], 0, + oqsxkey->privkey, &buf, withoptional); + if (ret != QSC_ENC_OK) + return -1; + } else { + #endif + #ifdef NOPUBKEY_IN_PRIVKEY + buflen = privkeylen; + buf = OPENSSL_secure_malloc(buflen); + OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", + buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); + #else + buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", + OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", buflen); memcpy(buf, oqsxkey->privkey, privkeylen); -#else - buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); - buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", - buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); - memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], - oqsx_key_get_oqs_public_key_len(oqsxkey)); -#endif -#ifdef USE_ENCODING_LIB - } -#endif + memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], + oqsx_key_get_oqs_public_key_len(oqsxkey)); + #endif + #ifdef USE_ENCODING_LIB + } + #endif - oct.data = buf; - oct.length = buflen; - // more logical: - // oct.data = oqsxkey->privkey; - // oct.length = oqsxkey->privkeylen; - oct.flags = 0; + oct.data = buf; + oct.length = buflen; + // more logical: + // oct.data = oqsxkey->privkey; + // oct.length = oqsxkey->privkeylen; + oct.flags = 0; - keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } + keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } + }else{ + STACK_OF(ASN1_TYPE) *sk = sk_ASN1_TYPE_new_null(); + ASN1_TYPE *aType = ASN1_TYPE_new(); + unsigned char *temp = NULL; + + + buflen = oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key+oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + buf = OPENSSL_secure_malloc(buflen); + memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key); + memcpy(buf+oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key, oqsxkey->comp_pubkey[0], oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key); + + oct.data = buf; + oct.length = buflen; + oct.flags = 0; + + keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, pder); + + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; + + temp = NULL; + aType = ASN1_TYPE_new(); + + buflen = oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key+oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + buf = OPENSSL_secure_malloc(buflen); + memcpy(buf, oqsxkey->comp_privkey[1], oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key); + memcpy(buf+oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key, oqsxkey->comp_pubkey[1], oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key); + + oct.data = buf; + oct.length = buflen; + oct.flags = 0; + + keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, pder); + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; + + keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); + } OPENSSL_secure_clear_free(buf, buflen); return keybloblen; } diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index f47b761b..6f5af4aa 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -94,7 +94,7 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx); #endif /* helper structure for classic key components in hybrid keys. - * Actual tables in oqsprov_keys.c + * Actual tables in oqsprov_keys.ce */ struct oqsx_evp_info_st { int keytype; @@ -191,6 +191,11 @@ struct oqsx_key_st { typedef struct oqsx_key_st OQSX_KEY; +char* get_oqsname(int nid); +char* get_cmpname(int nid); +int get_keytype(int nid); +char* get_tlsname_fromoqs(char* oqsname); + /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 649a7dfe..7b8c63a8 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -125,6 +125,17 @@ static int get_keytype(int nid) return 0; } +char* get_tlsname_fromoqs(char* oqsname) { + int i; + for(i=0;i Date: Thu, 6 Oct 2022 15:24:07 -0400 Subject: [PATCH 010/164] Composite ASN1 structure Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 39 ++++++++++++++++++------------------ oqsprov/oqsprov_keys.c | 6 ++++-- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 38c57315..a11036dc 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -558,6 +558,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) int buflen = 0, privkeylen; ASN1_OCTET_STRING oct; int keybloblen, keybloblenc; + STACK_OF(ASN1_TYPE) *sk = NULL; + ASN1_TYPE *aType = NULL; + unsigned char *temp = NULL; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -647,48 +650,46 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } }else{ - STACK_OF(ASN1_TYPE) *sk = sk_ASN1_TYPE_new_null(); - ASN1_TYPE *aType = ASN1_TYPE_new(); - unsigned char *temp = NULL; - + if((sk = sk_ASN1_TYPE_new_null()) == NULL) + return -1; + + aType = ASN1_TYPE_new(); - buflen = oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key+oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + buflen = oqsxkey->pubkeylen; buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key); - memcpy(buf+oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key, oqsxkey->comp_pubkey[0], oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key); - + memcpy(buf, oqsxkey->pubkey, buflen); + oct.data = buf; oct.length = buflen; - oct.flags = 0; - keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + keybloblen = i2d_ASN1_OCTET_STRING(&oct, &temp); if (keybloblen < 0) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, pder); + + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, &temp); if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - temp = NULL; aType = ASN1_TYPE_new(); + temp = NULL; - buflen = oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key+oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + buflen = oqsxkey->pubkeylen; buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[1], oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key); - memcpy(buf+oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key, oqsxkey->comp_pubkey[1], oqsxkey->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key); - + memcpy(buf, oqsxkey->pubkey, buflen); + oct.data = buf; oct.length = buflen; - oct.flags = 0; - keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); + keybloblen = i2d_ASN1_OCTET_STRING(&oct, &temp); if (keybloblen < 0) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, pder); + + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, &temp); if (!sk_ASN1_TYPE_push(sk, aType)) return -1; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 7b8c63a8..69c8492c 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -856,8 +856,10 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->privkeylen = (ret->numkeys-1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen = (ret->numkeys-1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; ret->keytype = primitive; break; From bd0c4ac488b63a42edb6c3435e3114100a2e9a3f Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 6 Oct 2022 15:24:56 -0400 Subject: [PATCH 011/164] ec_rsa Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 6f5af4aa..2b18fb55 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -169,6 +169,8 @@ struct oqsx_key_st { */ size_t privkeylen; size_t pubkeylen; + size_t privkeylen_cmp; + size_t pubkeylen_cmp; size_t bit_security; char *tls_name; #ifndef OQS_PROVIDER_NOATOMIC From f5756d4f46725212bbab1970c10dedaa7585a528 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 11 Oct 2022 21:08:25 -0400 Subject: [PATCH 012/164] composite key generation with the right format Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index a11036dc..474e2ff7 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -557,10 +557,12 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) unsigned char *buf = NULL; int buflen = 0, privkeylen; ASN1_OCTET_STRING oct; - int keybloblen, keybloblenc; + int keybloblen; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; + ASN1_STRING *aString = NULL; unsigned char *temp = NULL; + PKCS8_PRIV_KEY_INFO *p8info_internal = NULL; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -653,43 +655,59 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; + p8info_internal = PKCS8_PRIV_KEY_INFO_new(); aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); - buflen = oqsxkey->pubkeylen; + buflen = oqsxkey->privkeylen + oqsxkey->pubkeylen; buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->pubkey, buflen); + memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->privkeylen); + memcpy(buf + oqsxkey->privkeylen, oqsxkey->comp_pubkey[0], oqsxkey->pubkeylen); oct.data = buf; oct.length = buflen; + oct.flags = 0; - keybloblen = i2d_ASN1_OCTET_STRING(&oct, &temp); + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); if (keybloblen < 0) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, &temp); + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); + + if (!sk_ASN1_TYPE_push(sk, aType)) return -1; aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); + p8info_internal = PKCS8_PRIV_KEY_INFO_new(); temp = NULL; - buflen = oqsxkey->pubkeylen; + buflen = oqsxkey->privkeylen_cmp + oqsxkey->pubkeylen_cmp; buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->pubkey, buflen); + memcpy(buf, oqsxkey->comp_privkey[1], oqsxkey->privkeylen_cmp); + memcpy(buf + oqsxkey->privkeylen_cmp, oqsxkey->comp_pubkey[1], oqsxkey->pubkeylen_cmp); oct.data = buf; oct.length = buflen; + oct.flags = 0; - keybloblen = i2d_ASN1_OCTET_STRING(&oct, &temp); + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); if (keybloblen < 0) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, &temp); + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); if (!sk_ASN1_TYPE_push(sk, aType)) return -1; From 24d09c71be7251807af416a81e656b5300bc1a4a Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 21 Oct 2022 11:09:59 -0400 Subject: [PATCH 013/164] add non PQC keys to Composite Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 1 - oqsprov/oqsprov_keys.c | 102 ++++++++++++++++++++++++++--------- 2 files changed, 76 insertions(+), 27 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 474e2ff7..14064030 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -667,7 +667,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oct.data = buf; oct.length = buflen; oct.flags = 0; - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) keybloblen = 0; // signal error keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 69c8492c..fe0b1be4 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -589,7 +589,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 2, err); - if (!strncmp(algname, "rsa3072_", 8)) + if (!strncmp(algname, "rsa3072", 7)) idx += 3; else if (algname[0] != 'p') { OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); @@ -699,7 +699,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, printf("13\n"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; - int ret2 = 0; + int ret2 = 0, ret3 = 0; if (ret == NULL) goto err; @@ -838,28 +838,57 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, + evp_ctx->evp_info->length_public_key; ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; - ret->evp_info = evp_ctx->evp_info; + ret->evp_info = evp_ctx->evp_info; break; case KEY_TYPE_CMP_SIG: - ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { - fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", oqs_name); - goto err; + if (get_tlsname_fromoqs(oqs_name) != 0){ + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { + fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", oqs_name); + goto err; + } + }else{ + evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); + ON_ERR_GOTO(!evp_ctx, err); + + ret2 = oqsx_hybsig_init(bit_security, evp_ctx, oqs_name); + ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); + ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; } - ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); - if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) { - fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?B\n", cmp_name); - goto err; + if (get_tlsname_fromoqs(cmp_name) != 0){ + ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); + if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) { + fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?B\n", cmp_name); + goto err; + } + }else{ + evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); + ON_ERR_GOTO(!evp_ctx, err); + + ret3 = oqsx_hybsig_init(bit_security, evp_ctx, cmp_name); + ON_ERR_GOTO(ret3 <= 0 || !evp_ctx->ctx, err); + ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx = evp_ctx; } ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; - ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + if (ret2) { + ret->privkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_private_key; + ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_public_key; + + }else{ + ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + } + if (ret3){ + ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key; + ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key; + }else{ + ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; + } ret->keytype = primitive; break; @@ -969,7 +998,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int ret = 0; if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen); + key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); } if (!key->pubkey && !include_private) { @@ -1056,7 +1085,7 @@ printf("18\n"); * pubkey/privkey buffers; returned EVP_PKEY must be freed if not used */ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, - unsigned char *privkey) + unsigned char *privkey, int encode) { printf("19\n"); int ret = 0, ret2 = 0; @@ -1115,11 +1144,11 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(!ck2, ret, -14, errhyb); EVP_PKEY_free(ck2); } - ENCODE_UINT32(pubkey, pubkeylen); - ENCODE_UINT32(privkey, privkeylen); - OQS_KEY_PRINTF3( - "OQSKM: Storing classical privkeylen: %ld & pubkeylen: %ld\n", - privkeylen, pubkeylen); + if (encode){ + ENCODE_UINT32(pubkey, pubkeylen); + ENCODE_UINT32(privkey, privkeylen); + } + OQS_KEY_PRINTF3("OQSKM: Storing classical privkeylen: %ld & pubkeylen: %ld\n", privkeylen, pubkeylen); EVP_PKEY_CTX_free(kgctx); OPENSSL_free(pubkey_encoded); @@ -1154,7 +1183,7 @@ int oqsx_key_gen(OQSX_KEY *key) || key->keytype == KEY_TYPE_ECX_HYB_KEM || key->keytype == KEY_TYPE_HYB_SIG) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, - key->pubkey, key->privkey); + key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey == NULL, err); ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); @@ -1169,12 +1198,33 @@ int oqsx_key_gen(OQSX_KEY *key) pkey = NULL; ret = oqsx_key_gen_oqs(key, 1); } - } else if (key->keytype == KEY_TYPE_SIG - || key->keytype == KEY_TYPE_CMP_SIG) { + } else if(key->keytype == KEY_TYPE_CMP_SIG){ + if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 1); + ON_ERR_GOTO(pkey==NULL, err); + pkey = NULL; + ret = oqsx_key_set_composites(key); + ON_ERR_GOTO(ret, err); + }else{ + ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->pubkey, key->privkey); + ON_ERR_GOTO(ret, err); + key->comp_privkey[0] = key->privkey; + key->comp_pubkey[0] = key->pubkey; + } + + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1], 0); + ON_ERR_GOTO(pkey==NULL, err); + }else{ + ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen, key->pubkey + key->pubkeylen); + key->comp_pubkey[1] = key->pubkey + key->pubkeylen; + key->comp_privkey[1] = key->privkey + key->privkeylen; + } + +}else if (key->keytype == KEY_TYPE_SIG) { ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); // 18 - printf("ret = %i\n", ret); } else { ret = 1; } From 1527996c83194d8916fec8a3c133d3cca584be9a Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 28 Oct 2022 10:46:41 -0400 Subject: [PATCH 014/164] p521_rsa3072 Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index fe0b1be4..d339f878 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -998,7 +998,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int ret = 0; if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp); + key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp + SIZE_OF_UINT32); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); } if (!key->pubkey && !include_private) { @@ -1257,9 +1257,16 @@ int oqsx_key_maxsize(OQSX_KEY *key) + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; case KEY_TYPE_CMP_SIG: - return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature - + key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature - + SIZE_OF_UINT32; + int aux = 0; + if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0) + aux += key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; + else + aux += key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) + aux += key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + else + aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; + return aux; default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; From 17d0740cf60366a880b34dae1ea2f3a1eda69b9a Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 3 Nov 2022 16:05:51 -0400 Subject: [PATCH 015/164] Fixed execution error for the non-PQC key Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 40 ++++++++++++--------- oqsprov/oqs_sig.c | 67 +++++++++++++++++++++++++----------- oqsprov/oqsprov_keys.c | 1 + 3 files changed, 71 insertions(+), 37 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 14064030..7b6072eb 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -667,19 +667,22 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oct.data = buf; oct.length = buflen; oct.flags = 0; - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } + if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0){ + temp = buf; + keybloblen = buflen; + }else{ + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } + } ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) return -1; @@ -697,14 +700,19 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oct.length = buflen; oct.flags = 0; - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error + if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0){ + temp = buf; + keybloblen = buflen; + }else{ + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } } - + ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 25af0a15..c0d29321 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -209,33 +209,52 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite + OQS_SIG *oqs_key = NULL; + OQS_SIG *cmp_key = NULL; EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - int is_hybrid = evpkey != NULL; - int is_composite = cmp_key != NULL; - size_t max_sig_len = oqs_key->length_signature; + int is_hybrid = evpkey!=NULL; + int is_composite = (poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig != NULL || poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_evp_ctx->keyParam != NULL); + size_t max_sig_len = 0; size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; size_t actual_classical_sig_len = 0, actual_oqs_sig_len = 0; - size_t index = 0; + size_t index = 0, oqs = 0, cmp = 0; int rv = 0; + if(!is_composite){ + max_sig_len = oqs_key->length_signature; + oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + }else{ + if (poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig != NULL) + cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; + else{ + cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_evp_ctx->keyParam; + cmp = 1; + } + + if (poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig != NULL) + oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + else{ + oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_evp_ctx->keyParam; + oqs = 1; + } + } + if (!oqsxkey || !oqs_key || !oqsxkey->privkey) { ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); return rv; } + if (is_hybrid) { actual_classical_sig_len = oqsxkey->evp_info->length_signature; max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); } - if (is_composite) - max_sig_len += (SIZE_OF_UINT32 + cmp_key->length_signature); + if (sig == NULL) { *siglen = max_sig_len; @@ -322,25 +341,31 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_composite){ - if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } + if (!oqs){ + if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } - ENCODE_UINT32(sig, actual_oqs_sig_len); - oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; - index += oqs_sig_len; + ENCODE_UINT32(sig, actual_oqs_sig_len); + oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; + index += oqs_sig_len; + }else{ //sign non PQC key on oqs_key - if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; } - } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, - oqsxkey->comp_privkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) { + + if(!cmp) + if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } + else{ //sign non PQC key on cmp_key + + } + } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } *siglen = classical_sig_len + oqs_sig_len + cmp_sig_len; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index d339f878..a48ee284 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1267,6 +1267,7 @@ int oqsx_key_maxsize(OQSX_KEY *key) else aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; return aux; + } default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; From e4cacbb86d7a020fc338dffea60723ae8b828149 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 8 Nov 2022 15:15:25 -0500 Subject: [PATCH 016/164] Setup for the classical encoding on composite keys Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 2 +- oqsprov/oqs_prov.h | 1 + oqsprov/oqs_sig.c | 65 ++++++++++++++++++++---------------- oqsprov/oqsprov_keys.c | 7 +++- 4 files changed, 44 insertions(+), 31 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 7b6072eb..e4715dea 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -712,7 +712,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } } - + ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 2b18fb55..37d3f7a3 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -160,6 +160,7 @@ struct oqsx_key_st { OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif OQSX_PROVIDER_CTX oqsx_provider_ctx_cmp; + EVP_PKEY** cmp_classical_pkey; EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index c0d29321..02276599 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -208,45 +208,39 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen) { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = NULL; - OQS_SIG *cmp_key = NULL; - EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, - // we're running hybrid + OQSX_KEY* oqsxkey = poqs_sigctx->sig; + OQS_SIG* oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + EVP_PKEY* oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; // if this value is not NULL, the first key is Classic + OQS_SIG* cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite with PQC as second key + EVP_PKEY* cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; // if this value is not NULL, we're running composite with Classic as second key + EVP_PKEY* evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); int is_hybrid = evpkey!=NULL; - int is_composite = (poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig != NULL || poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_evp_ctx->keyParam != NULL); + int is_composite = (cmp_key != NULL || cmp_key_classic != NULL); size_t max_sig_len = 0; size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; size_t actual_classical_sig_len = 0, actual_oqs_sig_len = 0; - size_t index = 0, oqs = 0, cmp = 0; + size_t index = 0; int rv = 0; - if(!is_composite){ - max_sig_len = oqs_key->length_signature; - oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - }else{ - if (poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig != NULL) - cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; - else{ - cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_evp_ctx->keyParam; - cmp = 1; - } - - if (poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig != NULL) - oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - else{ - oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_evp_ctx->keyParam; - oqs = 1; - } + if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); + return rv; } - if (!oqsxkey || !oqs_key || !oqsxkey->privkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); - return rv; + if(oqs_key_classic != NULL) + max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; + else + max_sig_len += oqs_key->length_signature; + + if (is_composite){ + if(cmp_key_classic != NULL) + max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + else + max_sig_len += cmp_key->length_signature; } if (is_hybrid) { @@ -341,7 +335,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_composite){ - if (!oqs){ + if (oqs_key_classic == NULL){ if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; @@ -351,10 +345,23 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; index += oqs_sig_len; }else{ //sign non PQC key on oqs_key + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + + if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + } + } - if(!cmp) + if(cmp_key_classic == NULL) if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index a48ee284..580592c7 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -839,6 +839,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; ret->evp_info = evp_ctx->evp_info; + + ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); break; case KEY_TYPE_CMP_SIG: if (get_tlsname_fromoqs(oqs_name) != 0){ @@ -874,6 +876,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); if (ret2) { ret->privkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_private_key; ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_public_key; @@ -1202,7 +1205,7 @@ int oqsx_key_gen(OQSX_KEY *key) if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey==NULL, err); - pkey = NULL; + key->cmp_classical_pkey[0] = pkey; ret = oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); }else{ @@ -1214,9 +1217,11 @@ int oqsx_key_gen(OQSX_KEY *key) if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1], 0); + key->cmp_classical_pkey[key->numkeys-1] = pkey; ON_ERR_GOTO(pkey==NULL, err); }else{ ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen, key->pubkey + key->pubkeylen); + ON_ERR_GOTO(ret, err); key->comp_pubkey[1] = key->pubkey + key->pubkeylen; key->comp_privkey[1] = key->privkey + key->privkeylen; } From bec88fd56bc4a65de1a3000f1952baeb874d1022 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Wed, 9 Nov 2022 19:08:00 -0500 Subject: [PATCH 017/164] Working classical (ec, rsa) in composite structure Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 47 +++++++------- oqsprov/oqs_sig.c | 118 +++++++++++++++++++++++++++++++---- 2 files changed, 130 insertions(+), 35 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index e4715dea..3ce99d1a 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -557,7 +557,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) unsigned char *buf = NULL; int buflen = 0, privkeylen; ASN1_OCTET_STRING oct; - int keybloblen; + int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; ASN1_STRING *aString = NULL; @@ -667,18 +667,17 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oct.data = buf; oct.length = buflen; oct.flags = 0; - if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0){ - temp = buf; - keybloblen = buflen; - }else{ - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } - } + if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) + nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)))); + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); @@ -700,18 +699,18 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oct.length = buflen; oct.flags = 0; - if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0){ - temp = buf; - keybloblen = buflen; - }else{ - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))))), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } + if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) + nid = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)))); + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error } + ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 02276599..cec370ed 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -222,7 +222,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, int is_composite = (cmp_key != NULL || cmp_key_classic != NULL); size_t max_sig_len = 0; size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; - size_t actual_classical_sig_len = 0, actual_oqs_sig_len = 0; + size_t actual_classical_sig_len = 0; size_t index = 0; int rv = 0; @@ -231,16 +231,24 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, return rv; } - if(oqs_key_classic != NULL) + if(oqs_key_classic != NULL){ max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - else + oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; + } + else{ max_sig_len += oqs_key->length_signature; + oqs_sig_len = oqs_key->length_signature; + } if (is_composite){ - if(cmp_key_classic != NULL) - max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - else + if(cmp_key_classic != NULL){ + max_sig_len += SIZE_OF_UINT32 + oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + cmp_sig_len = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + } + else{ max_sig_len += cmp_key->length_signature; + cmp_sig_len = cmp_key->length_signature; + } } if (is_hybrid) { @@ -336,15 +344,19 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite){ if (oqs_key_classic == NULL){ - if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &actual_oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } - ENCODE_UINT32(sig, actual_oqs_sig_len); - oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; + ENCODE_UINT32(sig, oqs_sig_len); + oqs_sig_len = SIZE_OF_UINT32 + oqs_sig_len; index += oqs_sig_len; }else{ //sign non PQC key on oqs_key + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); @@ -357,17 +369,101 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } + unsigned char* name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p'){ + if(name[1] == '2'){//p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char*) &digest); + } + if(name[1] == '3'){//p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char*) &digest); + } + if(name[1] == '5'){//p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char*) &digest); + } + }else{//rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char*) &digest); + } + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, sig + SIZE_OF_UINT32, &oqs_sig_len, digest, digest_len) <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + if (oqs_sig_len > oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature) { + /* sig is bigger than expected */ + ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + goto endsign; + } + ENCODE_UINT32(sig, oqs_sig_len); + oqs_sig_len = SIZE_OF_UINT32 + oqs_sig_len; + index += oqs_sig_len; } - if(cmp_key_classic == NULL) + if(cmp_key_classic == NULL){ if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } - else{ //sign non PQC key on cmp_key + }else{ //sign non PQC key on cmp_key + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + if ((classical_ctx_sign = EVP_PKEY_CTX_new(cmp_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + + if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + } + unsigned char* name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p'){ + if(name[1] == '2'){//p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char*) &digest); + } + if(name[1] == '3'){//p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char*) &digest); + } + if(name[1] == '5'){//p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char*) &digest); + } + }else{//rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char*) &digest); + } + + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, sig + index, &cmp_sig_len, digest, digest_len) <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + + if (cmp_sig_len > oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature) { + /* sig is bigger than expected */ + ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + goto endsign; + } } } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); From 4fc939de40eecb194760f10975be7f1b18a8a9fe Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 17 Nov 2022 17:03:35 -0500 Subject: [PATCH 018/164] Illegal instruction error Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 580592c7..464de915 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -966,8 +966,14 @@ void oqsx_key_free(OQSX_KEY *key) OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); } if(key->keytype == KEY_TYPE_CMP_SIG){ - OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); - OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); + if (key->oqsx_provider_ctx.oqsx_qs_ctx.sig == NULL) + OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); + else + OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + if (key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig == NULL) + OPENSSL_free(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx); + else + OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); } #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); @@ -1272,7 +1278,7 @@ int oqsx_key_maxsize(OQSX_KEY *key) else aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; return aux; - } + default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; From f6e7e6f836907fca8731110855606633bdcee2f1 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 22 Nov 2022 17:10:47 -0500 Subject: [PATCH 019/164] starting the certificate structures Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 7 - oqsprov/oqs_sig.c | 12 +- oqsprov/oqsprov_keys.c | 329 +++++++++++++++++++++++------------ 3 files changed, 225 insertions(+), 123 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 3ce99d1a..2a652142 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -664,9 +664,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->privkeylen); memcpy(buf + oqsxkey->privkeylen, oqsxkey->comp_pubkey[0], oqsxkey->pubkeylen); - oct.data = buf; - oct.length = buflen; - oct.flags = 0; if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; else @@ -695,10 +692,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf, oqsxkey->comp_privkey[1], oqsxkey->privkeylen_cmp); memcpy(buf + oqsxkey->privkeylen_cmp, oqsxkey->comp_pubkey[1], oqsxkey->pubkeylen_cmp); - oct.data = buf; - oct.length = buflen; - oct.flags = 0; - if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) nid = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid; else diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index cec370ed..4b891fb9 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -344,14 +344,10 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite){ if (oqs_key_classic == NULL){ - if (OQS_SIG_sign(oqs_key, sig + SIZE_OF_UINT32, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + if (OQS_SIG_sign(oqs_key, sig, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } - - ENCODE_UINT32(sig, oqs_sig_len); - oqs_sig_len = SIZE_OF_UINT32 + oqs_sig_len; - index += oqs_sig_len; }else{ //sign non PQC key on oqs_key const EVP_MD *classical_md; int digest_len; @@ -393,7 +389,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, sig + SIZE_OF_UINT32, &oqs_sig_len, digest, digest_len) <= 0)) { + (EVP_PKEY_sign(classical_ctx_sign, sig, &oqs_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } @@ -402,11 +398,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); goto endsign; + } } - ENCODE_UINT32(sig, oqs_sig_len); - oqs_sig_len = SIZE_OF_UINT32 + oqs_sig_len; index += oqs_sig_len; - } if(cmp_key_classic == NULL){ if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 464de915..99165052 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -33,7 +33,8 @@ printf(a, b, c) #endif // NDEBUG -typedef enum { +typedef enum +{ KEY_OP_PUBLIC, KEY_OP_PRIVATE, KEY_OP_KEYGEN @@ -41,11 +42,12 @@ typedef enum { /// NID/name table -typedef struct { +typedef struct +{ int nid; - char* tlsname; - char* oqsname; - char* cmpname; + char *tlsname; + char *oqsname; + char *cmpname; int keytype; int secbits; } oqs_nid_name_t; @@ -125,15 +127,18 @@ static int get_keytype(int nid) return 0; } -char* get_tlsname_fromoqs(char* oqsname) { - int i; - for(i=0;icomp_privkey[0] = key->privkey; key->comp_pubkey[0] = key->pubkey; } else { // TBD: extend for more than 1 classic key: - int classic_pubkey_len, classic_privkey_len; - - if (key->privkey) { - key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_privkey_len, key->privkey); - key->comp_privkey[1] - = (char *)key->privkey + classic_privkey_len + SIZE_OF_UINT32; - } else { - key->comp_privkey[0] = NULL; - key->comp_privkey[1] = NULL; - } - if (key->pubkey) { - key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_pubkey_len, key->pubkey); - key->comp_pubkey[1] - = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; - } else { + if (key->keytype != KEY_TYPE_CMP_SIG){ + int classic_pubkey_len, classic_privkey_len; + + if (key->privkey) + { + key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_privkey_len, key->privkey); + key->comp_privkey[1] + = (char *)key->privkey + classic_privkey_len + SIZE_OF_UINT32; + } + else + { + key->comp_privkey[0] = NULL; + key->comp_privkey[1] = NULL; + } + if (key->pubkey) + { + key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_pubkey_len, key->pubkey); + key->comp_pubkey[1] + = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; + } + else + { + key->comp_pubkey[0] = NULL; + key->comp_pubkey[1] = NULL; + } + }else{ + int classic_pubkey_len, classic_privkey_len; - key->comp_pubkey[0] = NULL; - key->comp_pubkey[1] = NULL; + if (key->privkey) + { + key->comp_privkey[0] = (char *)key->privkey; + key->comp_privkey[1] = (char *)key->privkey + key->privkeylen; + } + else + { + key->comp_privkey[0] = NULL; + key->comp_privkey[1] = NULL; + } + if (key->pubkey) + { + key->comp_pubkey[0] = (char *)key->pubkey; + key->comp_pubkey[1] = (char *)key->pubkey + key->pubkeylen; + } + else + { + key->comp_pubkey[0] = NULL; + key->comp_pubkey[1] = NULL; + } } } +err: return ret; } @@ -222,7 +260,7 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx) void oqsx_key_set0_libctx(OQSX_KEY *key, OSSL_LIB_CTX *libctx) { - printf("4\n"); + printf("4\n"); key->libctx = libctx; } @@ -277,32 +315,36 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int plen, oqsx_key_op_t op, OSSL_LIB_CTX *libctx, const char *propq) { - printf("7\n"); + printf("7\n"); OQSX_KEY *key = NULL; void **privkey, **pubkey; int nid = NID_undef; int ret = 0; OQS_KEY_PRINTF2("OQSX KEY: key_op called with data of len %d\n", plen); - if (palg != NULL) { + if (palg != NULL) + { int ptype; /* Algorithm parameters must be absent */ X509_ALGOR_get0(NULL, &ptype, NULL, palg); - if (ptype != V_ASN1_UNDEF || !palg || !palg->algorithm) { + if (ptype != V_ASN1_UNDEF || !palg || !palg->algorithm) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } nid = OBJ_obj2nid(palg->algorithm); } - if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) { + if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } key = oqsx_key_new_from_nid(libctx, propq, nid); - if (key == NULL) { + if (key == NULL) + { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } @@ -455,15 +497,17 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, /* Recreate EVP data structure after import. RetVal 0 is error. */ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) { - if (key->numkeys == 2) { // hybrid key + if (key->keytype == KEY_TYPE_HYB_SIG) { // hybrid key int classical_pubkey_len, classical_privkey_len; - if (!key->evp_info) { + if (!key->evp_info) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); goto rec_err; } if (op == KEY_OP_PUBLIC) { DECODE_UINT32(classical_pubkey_len, key->pubkey); - if (key->evp_info->raw_key_support) { + if (key->evp_info->raw_key_support) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } else { @@ -484,7 +528,8 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (op == KEY_OP_PRIVATE) { DECODE_UINT32(classical_privkey_len, key->privkey); - if (key->evp_info->raw_key_support) { + if (key->evp_info->raw_key_support) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } else { @@ -508,21 +553,49 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } } } - return 1; -rec_err: - return 0; + if (key->keytype == KEY_TYPE_CMP_SIG){ + if (op == KEY_OP_PUBLIC){ + memcpy(key->pubkey, p + plen, key->pubkeylen_cmp); + if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ + const unsigned char *enc_pubkey = key->comp_pubkey[0]; + key->classical_pkey = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey, plen); + } + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ + const unsigned char *enc_pubkey_comp = key->comp_pubkey[1]; + key->cmp_classical_pkey = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); + } + } + if (op == KEY_OP_PRIVATE){ + memcpy(key->pubkey, p + plen, key->privkeylen_cmp); + if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ + const unsigned char *enc_privkey = key->comp_pubkey[0]; + key->classical_pkey = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); + } + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ + const unsigned char *enc_privkey_comp = key->comp_pubkey[1]; + key->cmp_classical_pkey = d2i_PrivateKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key); + } + } + } + + return key; + +err: + oqsx_key_free(key); + return NULL; } OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, const char *propq) { - printf("8\n"); + printf("8\n"); const unsigned char *p; int plen; X509_ALGOR *palg; OQSX_KEY *oqsx = NULL; - if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { + if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) + { return NULL; } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); @@ -532,7 +605,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { - printf("9\n"); + printf("9\n"); OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; @@ -543,10 +616,13 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, return 0; oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) { + if (oct == NULL) + { p = NULL; plen = 0; - } else { + } + else + { p = ASN1_STRING_get0_data(oct); plen = ASN1_STRING_length(oct); } @@ -584,7 +660,7 @@ static const OQSX_EVP_INFO nids_ecx[] = { static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, char *algname) { - printf("10\n"); + printf("10\n"); int ret = 1; int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 2, err); @@ -628,7 +704,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("11\n"); + printf("11\n"); int ret = 1; int idx = 0; while (idx < sizeof(OQSX_ECP_NAMES)) { @@ -659,7 +735,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("12\n"); + printf("12\n"); int ret = 1; int idx = 0; @@ -696,7 +772,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { - printf("13\n"); + printf("13\n"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; int ret2 = 0, ret3 = 0; @@ -712,12 +788,14 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } #endif - if (oqs_name == NULL) { + if (oqs_name == NULL) + { OQS_KEY_PRINTF("OQSX_KEY: Fatal error: No OQS key name provided:\n"); goto err; } - if (tls_name == NULL) { + if (tls_name == NULL) + { OQS_KEY_PRINTF("OQSX_KEY: Fatal error: No TLS key name provided:\n"); goto err; } @@ -838,37 +916,45 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, + evp_ctx->evp_info->length_public_key; ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; - ret->evp_info = evp_ctx->evp_info; + ret->evp_info = evp_ctx->evp_info; ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - break; + break; case KEY_TYPE_CMP_SIG: - if (get_tlsname_fromoqs(oqs_name) != 0){ + if (get_tlsname_fromoqs(oqs_name) != 0) + { ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) + { fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", oqs_name); goto err; } - }else{ + } + else + { evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); - ret2 = oqsx_hybsig_init(bit_security, evp_ctx, oqs_name); + ret2 = oqsx_hybsig_init(bit_security, evp_ctx, oqs_name); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; } - if (get_tlsname_fromoqs(cmp_name) != 0){ + if (get_tlsname_fromoqs(cmp_name) != 0) + { ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); - if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) { + if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) + { fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?B\n", cmp_name); goto err; } - }else{ + } + else + { evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); - ret3 = oqsx_hybsig_init(bit_security, evp_ctx, cmp_name); + ret3 = oqsx_hybsig_init(bit_security, evp_ctx, cmp_name); ON_ERR_GOTO(ret3 <= 0 || !evp_ctx->ctx, err); ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx = evp_ctx; } @@ -877,24 +963,29 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - if (ret2) { + if (ret2) + { ret->privkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_private_key; ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_public_key; - - }else{ + } + else + { ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; } - if (ret3){ + if (ret3) + { ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key; ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key; - }else{ + } + else + { ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; } ret->keytype = primitive; - break; + break; default: OQS_KEY_PRINTF2("OQSX_KEY: Unknown key type encountered: %d\n", primitive); @@ -906,8 +997,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->tls_name = OPENSSL_strdup(tls_name); ret->bit_security = bit_security; - - if (propq != NULL) { + if (propq != NULL) + { ret->propq = OPENSSL_strdup(propq); ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); if (ret->propq == NULL) @@ -924,7 +1015,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, void oqsx_key_free(OQSX_KEY *key) { - printf("14\n"); + printf("14\n"); int refcnt; if (key == NULL) return; @@ -974,16 +1065,20 @@ void oqsx_key_free(OQSX_KEY *key) OPENSSL_free(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx); else OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); - } + }else + OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif + OPENSSL_free(key->classical_pkey); + OPENSSL_free(key->cmp_classical_pkey); OPENSSL_free(key); } int oqsx_key_up_ref(OQSX_KEY *key) { - printf("15\n"); + printf("15\n"); int refcnt; #ifndef OQS_PROVIDER_NOATOMIC @@ -1003,11 +1098,15 @@ int oqsx_key_up_ref(OQSX_KEY *key) int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) { - printf("16\n"); - int ret = 0; + printf("16\n"); + int ret = 0, aux = 0; + + if (key->keytype != KEY_TYPE_CMP_SIG) + aux = SIZE_OF_UINT32; - if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp + SIZE_OF_UINT32); + if (!key->privkey && include_private) + { + key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp + aux); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); } if (!key->pubkey && !include_private) { @@ -1021,41 +1120,49 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { - printf("17\n"); + printf("17\n"); const OSSL_PARAM *p; OQS_KEY_PRINTF("OQSX Key from data called\n"); p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { + if (p != NULL) + { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } - if (key->privkeylen != p->data_size) { + if (key->privkeylen != p->data_size) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } OPENSSL_secure_clear_free(key->privkey, p->data_size); key->privkey = OPENSSL_secure_malloc(p->data_size); - if (key->privkey == NULL) { + if (key->privkey == NULL) + { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } memcpy(key->privkey, p->data, p->data_size); } p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { + if (p != NULL) + { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + { OQS_KEY_PRINTF("invalid data type\n"); return 0; } - if (key->pubkeylen != p->data_size) { + if (key->pubkeylen != p->data_size) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } OPENSSL_secure_clear_free(key->pubkey, p->data_size); key->pubkey = OPENSSL_secure_malloc(p->data_size); - if (key->pubkey == NULL) { + if (key->pubkey == NULL) + { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1096,7 +1203,7 @@ printf("18\n"); static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *privkey, int encode) { - printf("19\n"); + printf("19\n"); int ret = 0, ret2 = 0; // Free at errhyb: @@ -1121,7 +1228,8 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); - if (ctx->evp_info->raw_key_support) { + if (ctx->evp_info->raw_key_support) + { // TODO: If available, use preallocated memory pubkeylen = EVP_PKEY_get1_encoded_public_key(pkey, &pubkey_encoded); ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key @@ -1174,7 +1282,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, * OQSX_KEY */ int oqsx_key_gen(OQSX_KEY *key) { - printf("20\n"); + printf("20\n"); int ret = 0; EVP_PKEY *pkey = NULL; @@ -1210,22 +1318,27 @@ int oqsx_key_gen(OQSX_KEY *key) } else if(key->keytype == KEY_TYPE_CMP_SIG){ if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 1); - ON_ERR_GOTO(pkey==NULL, err); + ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[0] = pkey; ret = oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); - }else{ + } + else + { ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->pubkey, key->privkey); ON_ERR_GOTO(ret, err); key->comp_privkey[0] = key->privkey; key->comp_pubkey[0] = key->pubkey; } - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1], 0); - key->cmp_classical_pkey[key->numkeys-1] = pkey; - ON_ERR_GOTO(pkey==NULL, err); - }else{ + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) + { + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1], 0); + key->cmp_classical_pkey[key->numkeys - 1] = pkey; + ON_ERR_GOTO(pkey == NULL, err); + } + else + { ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen, key->pubkey + key->pubkeylen); ON_ERR_GOTO(ret, err); key->comp_pubkey[1] = key->pubkey + key->pubkeylen; @@ -1236,7 +1349,9 @@ int oqsx_key_gen(OQSX_KEY *key) ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); // 18 - } else { + } + else + { ret = 1; } err: From 115e9ced2476938575d97dc4c19b70e9bc7cad96 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 1 Dec 2022 17:54:52 -0500 Subject: [PATCH 020/164] added: dilithium3_rsa3072, dilithium3_p256 and falcon512_p256 Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 9 +++++++ oqsprov/oqs_encode_key2any.c | 30 ++++++++++++++++++++++ oqsprov/oqs_kmgmt.c | 33 ++++++++++++++++++++++++ oqsprov/oqs_prov.h | 30 ++++++++++++++++++++++ oqsprov/oqsdecoders.inc | 7 +++++ oqsprov/oqsencoders.inc | 39 ++++++++++++++++++++++++++++ oqsprov/oqsprov.c | 14 +++++++++- oqsprov/oqsprov_keys.c | 50 ++++++++++++++++++++---------------- 8 files changed, 189 insertions(+), 23 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index da4d666b..48800944 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -605,4 +605,13 @@ MAKE_DECODER("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); MAKE_DECODER("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 2a652142..8908c3ca 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -800,6 +800,18 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" + +# define dilithium3_rsa3072_evp_type 0 +# define dilithium3_rsa3072_input_type "dilithium3_rsa3072" +# define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" + +# define dilithium3_p256_evp_type 0 +# define dilithium3_p256_input_type "dilithium3_p256" +# define dilithium3_p256_pem_type "dilithium3_p256" + +# define falcon512_p256_evp_type 0 +# define falcon512_p256_input_type "falcon512_p256" +# define falcon512_p256_pem_type "falcon512_p256" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -1529,4 +1541,22 @@ MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(rsa3072_sphincsshake128fsimple); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 7dbb842c..cbcc7a31 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -862,6 +862,36 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, } +static void *dilithium3_rsa3072_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3,"rsa3072", "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3,"rsa3072", "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128); +} + +static void *dilithium3_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3,"p256", "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *dilithium3_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3,"p256", "dilithium3_p256", KEY_TYPE_CMP_SIG, 128); +} + +static void *falcon512_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256", "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *falcon512_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512,"p256", "falcon512_p256", KEY_TYPE_CMP_SIG, 128); +} + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1034,6 +1064,9 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(p384_sphincssha2192fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincsshake128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_sphincsshake128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincsshake128fsimple) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_rsa3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_p256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 37d3f7a3..268dbbf2 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -697,6 +697,33 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions []; + +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; + +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; + +extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -726,6 +753,9 @@ extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 73c04631..581823b0 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -53,6 +53,11 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), p384_dilithium3), DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, p384_dilithium3), + DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, + dilithium3_rsa3072), + DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, + dilithium3_p256), + #endif #ifdef OQS_ENABLE_SIG_dilithium_5 DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), @@ -72,6 +77,8 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), rsa3072_falcon512), DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512), + DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, + falcon512_p256), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 7e61e711..7a4b1fce 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -135,6 +135,32 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p384_dilithium3", p384_dilithium3), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_p256", dilithium3_p256), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), @@ -190,6 +216,19 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_p256", falcon512_p256), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index cd32a5a3..b681c1eb 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -47,7 +47,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; * List of all algorithms with given OIDs */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START -#define OQS_OID_CNT 46 +#define OQS_OID_CNT 52 const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", @@ -95,6 +95,12 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_sphincsshake128fsimple", "1.3.9999.6.7.15", "rsa3072_sphincsshake128fsimple", + "2.16.840.1.114027.80.5.2", + "dilithium3_rsa3072", + "2.16.840.1.114027.80.5.1", + "dilithium3_p256", + "2.16.840.1.114027.80.5.3", + "falcon512_p256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -330,6 +336,8 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), SIGALG("p384_dilithium3", 192, oqs_signature_functions), + SIGALG("dilithium3_rsa3072", 192, oqs_signature_functions), + SIGALG("dilithium3_p256", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), @@ -339,6 +347,7 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("falcon512", 128, oqs_signature_functions), SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), + SIGALG("falcon512_p256", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), @@ -457,6 +466,8 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), SIGALG("p384_dilithium3", 192, oqs_p384_dilithium3_keymgmt_functions), + SIGALG("dilithium3_rsa3072", 192, oqs_dilithium3_rsa3072_keymgmt_functions), + SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), @@ -466,6 +477,7 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), + SIGALG("falcon512_p256", 128, oqs_falcon512_p256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 99165052..34127529 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -55,7 +55,7 @@ typedef struct static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START -#define NID_TABLE_LEN 23 +#define NID_TABLE_LEN 26 static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, @@ -92,6 +92,12 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128}, + {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, "rsa3072", + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, "p256", + KEY_TYPE_CMP_SIG, 128}, + {0, "falcon512_p256", OQS_SIG_alg_falcon_512, "p256", + KEY_TYPE_CMP_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -188,10 +194,9 @@ static int oqsx_key_set_composites(OQSX_KEY *key) if (key->privkey) { - key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_privkey_len, key->privkey); + key->comp_privkey[0] = (char *)key->privkey; key->comp_privkey[1] - = (char *)key->privkey + classic_privkey_len + SIZE_OF_UINT32; + = (char *)key->privkey + key->privkeylen; } else { @@ -200,10 +205,9 @@ static int oqsx_key_set_composites(OQSX_KEY *key) } if (key->pubkey) { - key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_pubkey_len, key->pubkey); + key->comp_pubkey[0] = (char *)key->pubkey; key->comp_pubkey[1] - = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; + = (char *)key->pubkey + key->privkeylen; } else { @@ -558,22 +562,22 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) memcpy(key->pubkey, p + plen, key->pubkeylen_cmp); if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_pubkey = key->comp_pubkey[0]; - key->classical_pkey = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey, plen); + key->cmp_classical_pkey[key->numkeys - 2] = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey, plen); } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_pubkey_comp = key->comp_pubkey[1]; - key->cmp_classical_pkey = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); + key->cmp_classical_pkey[key->numkeys - 1] = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); } } if (op == KEY_OP_PRIVATE){ memcpy(key->pubkey, p + plen, key->privkeylen_cmp); if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_privkey = key->comp_pubkey[0]; - key->classical_pkey = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); + key->cmp_classical_pkey[key->numkeys - 2] = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_privkey_comp = key->comp_pubkey[1]; - key->cmp_classical_pkey = d2i_PrivateKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key); + key->cmp_classical_pkey[key->numkeys - 1] = d2i_PrivateKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key); } } } @@ -1204,7 +1208,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *privkey, int encode) { printf("19\n"); - int ret = 0, ret2 = 0; + int ret = 0, ret2 = 0, aux = 0; // Free at errhyb: EVP_PKEY_CTX *kgctx = NULL; @@ -1213,6 +1217,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, size_t pubkeylen = 0, privkeylen = 0; + if (encode) + aux = SIZE_OF_UINT32; + if (ctx->keyParam) kgctx = EVP_PKEY_CTX_new(ctx->keyParam, NULL); else @@ -1235,22 +1242,22 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key || !pubkey_encoded, ret, -3, errhyb); - memcpy(pubkey + SIZE_OF_UINT32, pubkey_encoded, pubkeylen); + memcpy(pubkey + aux, pubkey_encoded, pubkeylen); privkeylen = ctx->evp_info->length_private_key; - ret2 = EVP_PKEY_get_raw_private_key(pkey, privkey + SIZE_OF_UINT32, + ret2 = EVP_PKEY_get_raw_private_key(pkey, privkey + aux, &privkeylen); ON_ERR_SET_GOTO(ret2 <= 0 || privkeylen != ctx->evp_info->length_private_key, ret, -4, errhyb); } else { - unsigned char *pubkey_enc = pubkey + SIZE_OF_UINT32; - const unsigned char *pubkey_enc2 = pubkey + SIZE_OF_UINT32; + unsigned char *pubkey_enc = pubkey + aux; + const unsigned char *pubkey_enc2 = pubkey + aux; pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); ON_ERR_SET_GOTO( !pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, ret, -11, errhyb); - unsigned char *privkey_enc = privkey + SIZE_OF_UINT32; - const unsigned char *privkey_enc2 = privkey + SIZE_OF_UINT32; + unsigned char *privkey_enc = privkey + aux; + const unsigned char *privkey_enc2 = privkey + aux; privkeylen = i2d_PrivateKey(pkey, &privkey_enc); ON_ERR_SET_GOTO( !privkey_enc || privkeylen > (int)ctx->evp_info->length_private_key, @@ -1317,20 +1324,19 @@ int oqsx_key_gen(OQSX_KEY *key) } } else if(key->keytype == KEY_TYPE_CMP_SIG){ if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 1); + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 0); ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[0] = pkey; - ret = oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); } else { ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->pubkey, key->privkey); ON_ERR_GOTO(ret, err); - key->comp_privkey[0] = key->privkey; - key->comp_pubkey[0] = key->pubkey; } + ret = oqsx_key_set_composites(key); + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1], 0); From 106845008fc052d9c2c89f2b358ff11cab24f0a2 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Wed, 4 Jan 2023 17:41:14 -0500 Subject: [PATCH 021/164] Decode singarures Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 6 +- oqsprov/oqs_sig.c | 26 ++--- oqsprov/oqsdecoders.inc | 12 +++ oqsprov/oqsprov_keys.c | 180 ++++++++++++++++++++++++----------- 4 files changed, 152 insertions(+), 72 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 8908c3ca..32cbcfb1 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -659,10 +659,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) aType = ASN1_TYPE_new(); aString = ASN1_OCTET_STRING_new(); - buflen = oqsxkey->privkeylen + oqsxkey->pubkeylen; + buflen = oqsxkey->privkeylen + oqsxkey->pubkeylen - oqsxkey->privkeylen_cmp - oqsxkey->pubkeylen_cmp; buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->privkeylen); - memcpy(buf + oqsxkey->privkeylen, oqsxkey->comp_pubkey[0], oqsxkey->pubkeylen); + memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->privkeylen - oqsxkey->privkeylen_cmp); + memcpy(buf + oqsxkey->privkeylen - oqsxkey->privkeylen_cmp, oqsxkey->comp_pubkey[0], oqsxkey->pubkeylen - oqsxkey->pubkeylen_cmp); if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 4b891fb9..366f3ba5 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -210,16 +210,18 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY* oqsxkey = poqs_sigctx->sig; OQS_SIG* oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - EVP_PKEY* oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; // if this value is not NULL, the first key is Classic + EVP_PKEY* oqs_key_classic = NULL; OQS_SIG* cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite with PQC as second key - EVP_PKEY* cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; // if this value is not NULL, we're running composite with Classic as second key + EVP_PKEY* cmp_key_classic = NULL; EVP_PKEY* evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; - + OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); + int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); + int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); int is_hybrid = evpkey!=NULL; - int is_composite = (cmp_key != NULL || cmp_key_classic != NULL); + int is_composite = (cmp_key != NULL || is_composite_second_classic); size_t max_sig_len = 0; size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; size_t actual_classical_sig_len = 0; @@ -231,7 +233,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, return rv; } - if(oqs_key_classic != NULL){ + if(is_composite_first_classic){ max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; } @@ -241,8 +243,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_composite){ - if(cmp_key_classic != NULL){ - max_sig_len += SIZE_OF_UINT32 + oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + if(is_composite_second_classic){ + max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; cmp_sig_len = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; } else{ @@ -343,12 +345,13 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_composite){ - if (oqs_key_classic == NULL){ + if (!is_composite_first_classic){ if (OQS_SIG_sign(oqs_key, sig, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } }else{ //sign non PQC key on oqs_key + oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; const EVP_MD *classical_md; int digest_len; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ @@ -402,12 +405,13 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } index += oqs_sig_len; - if(cmp_key_classic == NULL){ + if(!is_composite_second_classic){ if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; } }else{ //sign non PQC key on cmp_key + cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; const EVP_MD *classical_md; int digest_len; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ @@ -574,12 +578,12 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if(is_composite){ size_t actual_oqs_sig_len = 0; DECODE_UINT32(actual_oqs_sig_len, sig); - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + SIZE_OF_UINT32, actual_oqs_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig , actual_oqs_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - oqs_sig_len = SIZE_OF_UINT32 + actual_oqs_sig_len; + oqs_sig_len = actual_oqs_sig_len; index += oqs_sig_len; if (OQS_SIG_verify(cmp_key, tbs, tbslen, sig + index, diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 581823b0..f3bfcc28 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -57,6 +57,14 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), dilithium3_rsa3072), DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, dilithium3_p256), + DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, + dilithium3_rsa3072), + DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, + dilithium3_rsa3072), + DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, + dilithium3_p256), + DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, + dilithium3_p256), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -79,6 +87,10 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), rsa3072_falcon512), DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256), + DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, + falcon512_p256), + DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, + falcon512_p256), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 34127529..010b6d3d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -188,15 +188,16 @@ static int oqsx_key_set_composites(OQSX_KEY *key) if (key->numkeys == 1) { key->comp_privkey[0] = key->privkey; key->comp_pubkey[0] = key->pubkey; - } else { // TBD: extend for more than 1 classic key: - if (key->keytype != KEY_TYPE_CMP_SIG){ - int classic_pubkey_len, classic_privkey_len; + } + else + { // TBD: extend for more than 1 classic key or first OQS for composite: + if (key->keytype == KEY_TYPE_CMP_SIG){ if (key->privkey) { key->comp_privkey[0] = (char *)key->privkey; key->comp_privkey[1] - = (char *)key->privkey + key->privkeylen; + = (char *)key->privkey + key->privkeylen - key->privkeylen_cmp; } else { @@ -207,7 +208,7 @@ static int oqsx_key_set_composites(OQSX_KEY *key) { key->comp_pubkey[0] = (char *)key->pubkey; key->comp_pubkey[1] - = (char *)key->pubkey + key->privkeylen; + = (char *)key->pubkey + key->pubkeylen - key->pubkeylen_cmp; } else { @@ -215,28 +216,28 @@ static int oqsx_key_set_composites(OQSX_KEY *key) key->comp_pubkey[1] = NULL; } }else{ - int classic_pubkey_len, classic_privkey_len; - - if (key->privkey) - { - key->comp_privkey[0] = (char *)key->privkey; - key->comp_privkey[1] = (char *)key->privkey + key->privkeylen; - } - else - { - key->comp_privkey[0] = NULL; - key->comp_privkey[1] = NULL; - } - if (key->pubkey) - { - key->comp_pubkey[0] = (char *)key->pubkey; - key->comp_pubkey[1] = (char *)key->pubkey + key->pubkeylen; - } - else - { - key->comp_pubkey[0] = NULL; - key->comp_pubkey[1] = NULL; - } + int classic_pubkey_len, classic_privkey_len; + + if (key->privkey) { + key->comp_privkey[0] = key->privkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_privkey_len, key->privkey); + key->comp_privkey[1] + = key->privkey + classic_privkey_len + SIZE_OF_UINT32; + } + else { + key->comp_privkey[0] = NULL; + key->comp_privkey[1] = NULL; + } + if (key->pubkey) { + key->comp_pubkey[0] = key->pubkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_pubkey_len, key->pubkey); + key->comp_pubkey[1] + = key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; + } + else { + key->comp_pubkey[0] = NULL; + key->comp_pubkey[1] = NULL; + } } } err: @@ -559,25 +560,53 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (key->keytype == KEY_TYPE_CMP_SIG){ if (op == KEY_OP_PUBLIC){ - memcpy(key->pubkey, p + plen, key->pubkeylen_cmp); if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_pubkey = key->comp_pubkey[0]; - key->cmp_classical_pkey[key->numkeys - 2] = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey, plen); + EVP_PKEY *npk = EVP_PKEY_new(); + if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) + { + npk = setECParams(npk, key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid); + } + const unsigned char *enc_pubkey = key->comp_pubkey[key->numkeys - 2]; + key->cmp_classical_pkey[key->numkeys - 2] = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, plen); + if (!key->cmp_classical_pkey[key->numkeys - 2]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_pubkey_comp = key->comp_pubkey[1]; - key->cmp_classical_pkey[key->numkeys - 1] = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); + EVP_PKEY *npk = EVP_PKEY_new(); + if (key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) + { + npk = setECParams(npk, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid); + } + const unsigned char *enc_pubkey_comp = key->comp_pubkey[key->numkeys - 1]; + key->cmp_classical_pkey[key->numkeys - 1] = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); + if (!key->cmp_classical_pkey[key->numkeys - 1]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } } if (op == KEY_OP_PRIVATE){ - memcpy(key->pubkey, p + plen, key->privkeylen_cmp); if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_privkey = key->comp_pubkey[0]; + const unsigned char *enc_privkey = key->comp_privkey[key->numkeys - 2]; key->cmp_classical_pkey[key->numkeys - 2] = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); + if (!key->cmp_classical_pkey[key->numkeys - 2]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_privkey_comp = key->comp_pubkey[1]; + const unsigned char *enc_privkey_comp = key->comp_privkey[key->numkeys - 1]; key->cmp_classical_pkey[key->numkeys - 1] = d2i_PrivateKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key); + if (!key->cmp_classical_pkey[key->numkeys - 1]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } } } @@ -609,26 +638,58 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { - printf("9\n"); + printf("9\n"); //IMPLEMENT DECODE STACK OF HERE OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; ASN1_OCTET_STRING *oct = NULL; const X509_ALGOR *palg; + STACK_OF(ASN1_TYPE) *sk = NULL; + ASN1_TYPE *aType = NULL; if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; - oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) - { - p = NULL; - plen = 0; - } - else - { - p = ASN1_STRING_get0_data(oct); - plen = ASN1_STRING_length(oct); + if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG){ + oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); + if (oct == NULL) + { + p = NULL; + plen = 0; + } + else + { + p = ASN1_STRING_get0_data(oct); + plen = ASN1_STRING_length(oct); + } + }else{ + sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); + if (sk == NULL){ + p = NULL; + plen = 0; + }else{ + unsigned char *buf, *temp; + int buflen, templen; + PKCS8_PRIV_KEY_INFO *p8info = PKCS8_PRIV_KEY_INFO_new(); + + aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm + temp = aType->value.sequence->data; + templen = aType->value.sequence->length; + + p8info = d2i_PKCS8_PRIV_KEY_INFO(&p8info, &temp, templen); + PKCS8_pkey_get0(NULL, &temp, &templen, NULL, p8info); + + aType = sk_ASN1_TYPE_pop(sk); //pop the first crypt algorithm + buf = aType->value.sequence->data; + buflen = aType->value.sequence->length; + + p8info = d2i_PKCS8_PRIV_KEY_INFO(&p8info, &buf, buflen); + PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info); + + memcpy(buf + buflen, temp, templen); + p = buf; + plen = templen + buflen; + } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PRIVATE, libctx, propq); @@ -987,6 +1048,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; } + ret->privkeylen += ret->privkeylen_cmp; + ret->pubkeylen += ret->pubkeylen_cmp; ret->keytype = primitive; break; @@ -1110,7 +1173,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen + key->privkeylen_cmp + aux); + key->privkey = OPENSSL_secure_zalloc(key->privkeylen + aux); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); } if (!key->pubkey && !include_private) { @@ -1389,17 +1452,18 @@ int oqsx_key_maxsize(OQSX_KEY *key) + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; case KEY_TYPE_CMP_SIG: - int aux = 0; - if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0) - aux += key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; - else - aux += key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) - aux += key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - else - aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; - return aux; - + { + int aux = 0; + if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0) + aux += key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; + else + aux += key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) + aux += key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + else + aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; + return aux; + } default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; From a28941569eab93d3f3841cdcf820ac4ba444732f Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 6 Jan 2023 11:00:55 -0500 Subject: [PATCH 022/164] allocate memory Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 010b6d3d..1a20ab73 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -668,7 +668,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, p = NULL; plen = 0; }else{ - unsigned char *buf, *temp; + unsigned char *buf, *temp, *concat_key; int buflen, templen; PKCS8_PRIV_KEY_INFO *p8info = PKCS8_PRIV_KEY_INFO_new(); @@ -686,8 +686,11 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, p8info = d2i_PKCS8_PRIV_KEY_INFO(&p8info, &buf, buflen); PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info); - memcpy(buf + buflen, temp, templen); - p = buf; + concat_key = OPENSSL_secure_malloc(buflen + templen); + + memcpy(concat_key, buf, buflen); + memcpy(concat_key + buflen, temp, templen); + p = concat_key; plen = templen + buflen; } } From 91f12a82a4cc1c8fabf4194d15144316d3236cc8 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 12 Jan 2023 16:41:32 -0500 Subject: [PATCH 023/164] working raw signatures Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 1a20ab73..ea3fcc7e 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -485,6 +485,20 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, memcpy(key->pubkey, p + key->privkeylen, plen - key->privkeylen); #endif + if (key->keytype == KEY_TYPE_CMP_SIG){ + size_t first_privkeylen = key->privkeylen - key->privkeylen_cmp; + size_t first_pubkeylen = key->pubkeylen - key->pubkeylen_cmp; + + memcpy(key->privkey, p, first_privkeylen); + memcpy(key->privkey + first_privkeylen, p + first_privkeylen + first_pubkeylen, key->privkeylen_cmp); + + memcpy(key->pubkey, p + first_privkeylen, first_pubkeylen); + memcpy(key->pubkey + first_pubkeylen, p + key->privkeylen + first_pubkeylen, key->pubkeylen_cmp); + + }else{ + memcpy(key->privkey, p, key->privkeylen); + memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); + } } #ifdef USE_ENCODING_LIB } @@ -573,6 +587,8 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + }else{ + key->cmp_classical_pkey[key->numkeys - 2] = NULL; } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); @@ -587,6 +603,8 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + }else{ + key->cmp_classical_pkey[key->numkeys - 1] = NULL; } } if (op == KEY_OP_PRIVATE){ @@ -598,6 +616,8 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + }else{ + key->cmp_classical_pkey[key->numkeys - 2] = NULL; } if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_privkey_comp = key->comp_privkey[key->numkeys - 1]; @@ -607,6 +627,8 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + }else{ + key->cmp_classical_pkey[key->numkeys - 1] = NULL; } } } @@ -638,7 +660,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { - printf("9\n"); //IMPLEMENT DECODE STACK OF HERE + printf("9\n"); OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; @@ -670,21 +692,22 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, }else{ unsigned char *buf, *temp, *concat_key; int buflen, templen; - PKCS8_PRIV_KEY_INFO *p8info = PKCS8_PRIV_KEY_INFO_new(); + PKCS8_PRIV_KEY_INFO *p8info_temp = PKCS8_PRIV_KEY_INFO_new(); + PKCS8_PRIV_KEY_INFO *p8info_buf = PKCS8_PRIV_KEY_INFO_new(); aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm temp = aType->value.sequence->data; templen = aType->value.sequence->length; - p8info = d2i_PKCS8_PRIV_KEY_INFO(&p8info, &temp, templen); - PKCS8_pkey_get0(NULL, &temp, &templen, NULL, p8info); + p8info_temp = d2i_PKCS8_PRIV_KEY_INFO(&p8info_temp, &temp, templen); + PKCS8_pkey_get0(NULL, &temp, &templen, NULL, p8info_temp); aType = sk_ASN1_TYPE_pop(sk); //pop the first crypt algorithm buf = aType->value.sequence->data; buflen = aType->value.sequence->length; - p8info = d2i_PKCS8_PRIV_KEY_INFO(&p8info, &buf, buflen); - PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info); + p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); + PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf); concat_key = OPENSSL_secure_malloc(buflen + templen); @@ -1413,8 +1436,6 @@ int oqsx_key_gen(OQSX_KEY *key) { ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen, key->pubkey + key->pubkeylen); ON_ERR_GOTO(ret, err); - key->comp_pubkey[1] = key->pubkey + key->pubkeylen; - key->comp_privkey[1] = key->privkey + key->privkeylen; } }else if (key->keytype == KEY_TYPE_SIG) { From 67895039f26f2d7b6dc916c2192a56e50b03bc7c Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 24 Jan 2023 16:17:42 -0500 Subject: [PATCH 024/164] ASN1 format for raw signatures Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 616 ++++++++++++++++++++++++++-------------------- oqsprov/oqsprov.c | 6 +- 2 files changed, 349 insertions(+), 273 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 366f3ba5..5e67d946 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -20,6 +20,10 @@ #include #include #include +#include "oqs_prov.h" + +#include +#include // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 @@ -80,24 +84,42 @@ static int get_aid(unsigned char **oidbuf, const char *tls_name) return (aidlen); } +//composite signature +struct SignatureModel{ + ASN1_BIT_STRING *sig1; + ASN1_BIT_STRING *sig2; +}; + +typedef struct SignatureModel CompositeSignature; + +DECLARE_ASN1_FUNCTIONS(CompositeSignature) + +ASN1_NDEF_SEQUENCE(CompositeSignature) = { + ASN1_SIMPLE(CompositeSignature, sig1, ASN1_BIT_STRING), + ASN1_SIMPLE(CompositeSignature, sig2, ASN1_BIT_STRING) +} ASN1_NDEF_SEQUENCE_END(CompositeSignature) + +IMPLEMENT_ASN1_FUNCTIONS(CompositeSignature) + /* * What's passed as an actual key is defined by the KEYMGMT interface. */ -typedef struct { - OSSL_LIB_CTX *libctx; - char *propq; - OQSX_KEY *sig; +typedef struct +{ + OSSL_LIB_CTX *libctx; + char *propq; + OQSX_KEY *sig; - /* - * Flag to determine if the hash function can be changed (1) or not (0) - * Because it's dangerous to change during a DigestSign or DigestVerify - * operation, this flag is cleared by their Init function, and set again - * by their Final function. - */ - unsigned int flag_allow_md : 1; + /* + * Flag to determine if the hash function can be changed (1) or not (0) + * Because it's dangerous to change during a DigestSign or DigestVerify + * operation, this flag is cleared by their Init function, and set again + * by their Final function. + */ + unsigned int flag_allow_md : 1; - char mdname[OSSL_MAX_NAME_SIZE]; + char mdname[OSSL_MAX_NAME_SIZE]; /* The Algorithm Identifier of the combined signature algorithm */ unsigned char *aid; @@ -112,15 +134,17 @@ typedef struct { int operation; } PROV_OQSSIG_CTX; + + static void *oqs_sig_newctx(void *provctx, const char *propq) { - PROV_OQSSIG_CTX *poqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx; OQS_SIG_PRINTF2("OQS SIG provider: newctx called with propq %s\n", propq); - poqs_sigctx = OPENSSL_zalloc(sizeof(PROV_OQSSIG_CTX)); - if (poqs_sigctx == NULL) - return NULL; + poqs_sigctx = OPENSSL_zalloc(sizeof(PROV_OQSSIG_CTX)); + if (poqs_sigctx == NULL) + return NULL; poqs_sigctx->libctx = ((PROV_OQS_CTX *)provctx)->libctx; if (propq != NULL && (poqs_sigctx->propq = OPENSSL_strdup(propq)) == NULL) { @@ -139,8 +163,9 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, if (mdprops == NULL) mdprops = ctx->propq; - if (mdname != NULL) { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + if (mdname != NULL) + { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); if ((md == NULL) || (EVP_MD_nid(md) == NID_undef)) { if (md == NULL) @@ -155,10 +180,10 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, EVP_MD_free(ctx->md); ctx->md = NULL; - if (ctx->aid) - OPENSSL_free(ctx->aid); - ctx->aid = NULL; // ensure next function allocates memory - ctx->aid_len = get_aid(&(ctx->aid), ctx->sig->tls_name); + if (ctx->aid) + OPENSSL_free(ctx->aid); + ctx->aid = NULL; // ensure next function allocates memory + ctx->aid_len = get_aid(&(ctx->aid), ctx->sig->tls_name); ctx->md = md; OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); @@ -169,7 +194,7 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, static int oqs_sig_signverify_init(void *vpoqs_sigctx, void *voqssig, int operation) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF("OQS SIG provider: signverify_init called\n"); if (poqs_sigctx == NULL || voqssig == NULL || !oqsx_key_up_ref(voqssig)) @@ -189,15 +214,15 @@ static int oqs_sig_signverify_init(void *vpoqs_sigctx, void *voqssig, static int oqs_sig_sign_init(void *vpoqs_sigctx, void *voqssig, const OSSL_PARAM params[]) { - OQS_SIG_PRINTF("OQS SIG provider: sign_init called\n"); - return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_SIGN); + OQS_SIG_PRINTF("OQS SIG provider: sign_init called\n"); + return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_SIGN); } static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, const OSSL_PARAM params[]) { - OQS_SIG_PRINTF("OQS SIG provider: verify_init called\n"); - return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); + OQS_SIG_PRINTF("OQS SIG provider: verify_init called\n"); + return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } /* On entry to this function, data to be signed (tbs) might have been hashed @@ -207,51 +232,59 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQSX_KEY* oqsxkey = poqs_sigctx->sig; - OQS_SIG* oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - EVP_PKEY* oqs_key_classic = NULL; - OQS_SIG* cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite with PQC as second key - EVP_PKEY* cmp_key_classic = NULL; - EVP_PKEY* evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid - EVP_PKEY_CTX *classical_ctx_sign = NULL; - - OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - - int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); - int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); - int is_hybrid = evpkey!=NULL; - int is_composite = (cmp_key != NULL || is_composite_second_classic); - size_t max_sig_len = 0; - size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; - size_t actual_classical_sig_len = 0; - size_t index = 0; - int rv = 0; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + OQSX_KEY *oqsxkey = poqs_sigctx->sig; + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + EVP_PKEY *oqs_key_classic = NULL; + OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite with PQC as second key + EVP_PKEY *cmp_key_classic = NULL; + EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid + EVP_PKEY_CTX *classical_ctx_sign = NULL; + + OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); + + int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); + int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); + int is_hybrid = evpkey != NULL; + int is_composite = (cmp_key != NULL || is_composite_second_classic); + size_t max_sig_len = 0; + size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; + size_t actual_classical_sig_len = 0; + size_t index = 0; + int rv = 0; + + if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); + return rv; + } - if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); - return rv; - } + if (is_composite_first_classic) + { + max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; + oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; + } + else + { + max_sig_len += oqs_key->length_signature; + oqs_sig_len = oqs_key->length_signature; + } - if(is_composite_first_classic){ - max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - } - else{ - max_sig_len += oqs_key->length_signature; - oqs_sig_len = oqs_key->length_signature; + if (is_composite) + { + max_sig_len += sizeof(ASN1_TYPE); // ASN1 enclosing for composite + max_sig_len += 2 * sizeof(ASN1_OCTET_STRING); // octet for each signature + if (is_composite_second_classic) + { + max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; + cmp_sig_len = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; } - - if (is_composite){ - if(is_composite_second_classic){ - max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - cmp_sig_len = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - } - else{ - max_sig_len += cmp_key->length_signature; - cmp_sig_len = cmp_key->length_signature; - } + else + { + max_sig_len += cmp_key->length_signature; + cmp_sig_len = cmp_key->length_signature; } + } if (is_hybrid) { actual_classical_sig_len = oqsxkey->evp_info->length_signature; @@ -344,134 +377,178 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, index += classical_sig_len; } - if (is_composite){ - if (!is_composite_first_classic){ - if (OQS_SIG_sign(oqs_key, sig, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } - }else{ //sign non PQC key on oqs_key - oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; - const EVP_MD *classical_md; - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { + if (is_composite) + { + unsigned char *buf = OPENSSL_malloc(oqs_sig_len); + unsigned char *temp = OPENSSL_malloc(cmp_sig_len); + CompositeSignature *compsig = CompositeSignature_new(); + + if (!is_composite_first_classic) + { + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 2]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } + } + else + { // sign non PQC key on oqs_key + oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + + if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; - } - - if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - } - unsigned char* name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p'){ - if(name[1] == '2'){//p256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char*) &digest); - } - if(name[1] == '3'){//p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char*) &digest); - } - if(name[1] == '5'){//p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char*) &digest); - } - }else{//rsa3072 + } + } + unsigned char *name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p') + { + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char*) &digest); + SHA512(tbs, tbslen, (unsigned char *)&digest); } + } + else + { // rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, sig, &oqs_sig_len, digest, digest_len) <= 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } - if (oqs_sig_len > oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature) { + if (oqs_sig_len > oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature) + { /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); goto endsign; - } + } + } + + compsig->sig1->data = buf; + compsig->sig1->length = oqs_sig_len; + + + if (!is_composite_second_classic) + { + if (OQS_SIG_sign(cmp_key, buf, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } + } + else + { // sign non PQC key on cmp_key + cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if ((classical_ctx_sign = EVP_PKEY_CTX_new(cmp_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; } - index += oqs_sig_len; - if(!is_composite_second_classic){ - if (OQS_SIG_sign(cmp_key, sig + index, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } - }else{ //sign non PQC key on cmp_key - cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; - const EVP_MD *classical_md; - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if ((classical_ctx_sign = EVP_PKEY_CTX_new(cmp_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { + if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; - } - - if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - } - unsigned char* name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p'){ - if(name[1] == '2'){//p256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char*) &digest); - } - if(name[1] == '3'){//p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char*) &digest); - } - if(name[1] == '5'){//p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char*) &digest); - } - }else{//rsa3072 + } + } + unsigned char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p') + { + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char*) &digest); + SHA512(tbs, tbslen, (unsigned char *)&digest); } + } + else + { // rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, sig + index, &cmp_sig_len, digest, digest_len) <= 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, buf, &cmp_sig_len, digest, digest_len) <= 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } - if (cmp_sig_len > oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature) { + if (cmp_sig_len > oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature) + { /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); goto endsign; } - } - } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys-1]) != OQS_SUCCESS) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } + } + + compsig->sig2->data = buf; + compsig->sig2->length = cmp_sig_len; + oqs_sig_len = i2d_CompositeSignature(compsig, &sig); + } + else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } - *siglen = classical_sig_len + oqs_sig_len + cmp_sig_len; - OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", *siglen); - rv = 1; /* success */ + *siglen = classical_sig_len + oqs_sig_len; + OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", *siglen); + rv = 1; /* success */ endsign: if (classical_ctx_sign) { @@ -583,8 +660,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } - oqs_sig_len = actual_oqs_sig_len; - index += oqs_sig_len; + oqs_sig_len = actual_oqs_sig_len; + index += oqs_sig_len; if (OQS_SIG_verify(cmp_key, tbs, tbslen, sig + index, siglen - oqs_sig_len, @@ -608,7 +685,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - rv = 1; + rv = 1; endverify: if (ctx_verify) { @@ -622,7 +699,7 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, const char *mdname, void *voqssig, int operation) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF2( "OQS SIG provider: digest_signverify_init called for mdname %s\n", @@ -632,8 +709,8 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, if (!oqs_sig_signverify_init(vpoqs_sigctx, voqssig, operation)) return 0; - if (!oqs_sig_setup_md(poqs_sigctx, mdname, NULL)) - return 0; + if (!oqs_sig_setup_md(poqs_sigctx, mdname, NULL)) + return 0; if (mdname != NULL) { poqs_sigctx->mdctx = EVP_MD_CTX_new(); @@ -644,7 +721,7 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, goto error; } - return 1; + return 1; error: EVP_MD_CTX_free(poqs_sigctx->mdctx); @@ -674,9 +751,9 @@ static int oqs_sig_digest_verify_init(void *vpoqs_sigctx, const char *mdname, int oqs_sig_digest_signverify_update(void *vpoqs_sigctx, const unsigned char *data, size_t datalen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: digest_signverify_update called\n"); + OQS_SIG_PRINTF("OQS SIG provider: digest_signverify_update called\n"); if (poqs_sigctx == NULL) return 0; @@ -712,13 +789,13 @@ int oqs_sig_digest_signverify_update(void *vpoqs_sigctx, int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t sigsize) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; - OQS_SIG_PRINTF("OQS SIG provider: digest_sign_final called\n"); - if (poqs_sigctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: digest_sign_final called\n"); + if (poqs_sigctx == NULL) + return 0; /* * If sig is NULL then we're just finding out the sig size. Other fields @@ -735,7 +812,7 @@ int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, return 0; } - poqs_sigctx->flag_allow_md = 1; + poqs_sigctx->flag_allow_md = 1; if (poqs_sigctx->mdctx != NULL) return oqs_sig_sign(vpoqs_sigctx, sig, siglen, sigsize, digest, @@ -748,13 +825,13 @@ int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, int oqs_sig_digest_verify_final(void *vpoqs_sigctx, const unsigned char *sig, size_t siglen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; - OQS_SIG_PRINTF("OQS SIG provider: digest_verify_final called\n"); - if (poqs_sigctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: digest_verify_final called\n"); + if (poqs_sigctx == NULL) + return 0; // TBC for hybrids: if (poqs_sigctx->mdctx) { @@ -771,7 +848,7 @@ int oqs_sig_digest_verify_final(void *vpoqs_sigctx, const unsigned char *sig, static void oqs_sig_freectx(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *ctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *ctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF("OQS SIG provider: freectx called\n"); OPENSSL_free(ctx->propq); @@ -792,27 +869,27 @@ static void oqs_sig_freectx(void *vpoqs_sigctx) static void *oqs_sig_dupctx(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *srcctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - PROV_OQSSIG_CTX *dstctx; + PROV_OQSSIG_CTX *srcctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *dstctx; - OQS_SIG_PRINTF("OQS SIG provider: dupctx called\n"); + OQS_SIG_PRINTF("OQS SIG provider: dupctx called\n"); - dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) - return NULL; + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; - *dstctx = *srcctx; - dstctx->sig = NULL; - dstctx->md = NULL; - dstctx->mdctx = NULL; + *dstctx = *srcctx; + dstctx->sig = NULL; + dstctx->md = NULL; + dstctx->mdctx = NULL; - if (srcctx->sig != NULL && !oqsx_key_up_ref(srcctx->sig)) - goto err; - dstctx->sig = srcctx->sig; + if (srcctx->sig != NULL && !oqsx_key_up_ref(srcctx->sig)) + goto err; + dstctx->sig = srcctx->sig; - if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) - goto err; - dstctx->md = srcctx->md; + if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) + goto err; + dstctx->md = srcctx->md; if (srcctx->mdctx != NULL) { dstctx->mdctx = EVP_MD_CTX_new(); @@ -849,14 +926,14 @@ static void *oqs_sig_dupctx(void *vpoqs_sigctx) static int oqs_sig_get_ctx_params(void *vpoqs_sigctx, OSSL_PARAM *params) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OSSL_PARAM *p; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + OSSL_PARAM *p; - OQS_SIG_PRINTF("OQS SIG provider: get_ctx_params called\n"); - if (poqs_sigctx == NULL || params == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: get_ctx_params called\n"); + if (poqs_sigctx == NULL || params == NULL) + return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); if (poqs_sigctx->aid == NULL) { poqs_sigctx->aid_len @@ -868,11 +945,11 @@ static int oqs_sig_get_ctx_params(void *vpoqs_sigctx, OSSL_PARAM *params) poqs_sigctx->aid_len)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, poqs_sigctx->mdname)) - return 0; + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, poqs_sigctx->mdname)) + return 0; - return 1; + return 1; } static const OSSL_PARAM known_gettable_ctx_params[] @@ -884,17 +961,17 @@ static const OSSL_PARAM * oqs_sig_gettable_ctx_params(ossl_unused void *vpoqs_sigctx, ossl_unused void *vctx) { - OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_params called\n"); - return known_gettable_ctx_params; + OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_params called\n"); + return known_gettable_ctx_params; } static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - const OSSL_PARAM *p; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + const OSSL_PARAM *p; - OQS_SIG_PRINTF("OQS SIG provider: set_ctx_params called\n"); - if (poqs_sigctx == NULL || params == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: set_ctx_params called\n"); + if (poqs_sigctx == NULL || params == NULL) + return 0; p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); /* Not allowed during certain operations */ @@ -906,16 +983,15 @@ static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PROPERTIES); - if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) - return 0; - if (propsp != NULL - && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) - return 0; - if (!oqs_sig_setup_md(poqs_sigctx, mdname, mdprops)) - return 0; - } + if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + return 0; + if (propsp != NULL && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + return 0; + if (!oqs_sig_setup_md(poqs_sigctx, mdname, mdprops)) + return 0; + } - return 1; + return 1; } static const OSSL_PARAM known_settable_ctx_params[] @@ -926,65 +1002,65 @@ static const OSSL_PARAM known_settable_ctx_params[] static const OSSL_PARAM *oqs_sig_settable_ctx_params(ossl_unused void *vpsm2ctx, ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - * NOTE: Ideally we would check poqs_sigctx->flag_allow_md, but this is - * problematic because there is no nice way of passing the - * PROV_OQSSIG_CTX down to this function... - * Because we have API's that dont know about their parent.. - * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). - * We could pass NULL for that case (but then how useful is the check?). - */ - OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_params called\n"); - return known_settable_ctx_params; + /* + * TODO(3.0): Should this function return a different set of settable ctx + * params if the ctx is being used for a DigestSign/DigestVerify? In that + * case it is not allowed to set the digest size/digest name because the + * digest is explicitly set as part of the init. + * NOTE: Ideally we would check poqs_sigctx->flag_allow_md, but this is + * problematic because there is no nice way of passing the + * PROV_OQSSIG_CTX down to this function... + * Because we have API's that dont know about their parent.. + * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). + * We could pass NULL for that case (but then how useful is the check?). + */ + OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_params called\n"); + return known_settable_ctx_params; } static int oqs_sig_get_ctx_md_params(void *vpoqs_sigctx, OSSL_PARAM *params) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: get_ctx_md_params called\n"); - if (poqs_sigctx->mdctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: get_ctx_md_params called\n"); + if (poqs_sigctx->mdctx == NULL) + return 0; - return EVP_MD_CTX_get_params(poqs_sigctx->mdctx, params); + return EVP_MD_CTX_get_params(poqs_sigctx->mdctx, params); } static const OSSL_PARAM *oqs_sig_gettable_ctx_md_params(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_md_params called\n"); - if (poqs_sigctx->md == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_md_params called\n"); + if (poqs_sigctx->md == NULL) + return 0; - return EVP_MD_gettable_ctx_params(poqs_sigctx->md); + return EVP_MD_gettable_ctx_params(poqs_sigctx->md); } static int oqs_sig_set_ctx_md_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: set_ctx_md_params called\n"); - if (poqs_sigctx->mdctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: set_ctx_md_params called\n"); + if (poqs_sigctx->mdctx == NULL) + return 0; - return EVP_MD_CTX_set_params(poqs_sigctx->mdctx, params); + return EVP_MD_CTX_set_params(poqs_sigctx->mdctx, params); } static const OSSL_PARAM *oqs_sig_settable_ctx_md_params(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - if (poqs_sigctx->md == NULL) - return 0; + if (poqs_sigctx->md == NULL) + return 0; - OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_md_params called\n"); - return EVP_MD_settable_ctx_params(poqs_sigctx->md); + OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_md_params called\n"); + return EVP_MD_settable_ctx_params(poqs_sigctx->md); } const OSSL_DISPATCH oqs_signature_functions[] diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b681c1eb..763d409b 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -95,11 +95,11 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_sphincsshake128fsimple", "1.3.9999.6.7.15", "rsa3072_sphincsshake128fsimple", - "2.16.840.1.114027.80.5.2", + "2.16.840.1.114027.80.5.1.1", "dilithium3_rsa3072", - "2.16.840.1.114027.80.5.1", + "2.16.840.1.114027.80.5.1.2", "dilithium3_p256", - "2.16.840.1.114027.80.5.3", + "2.16.840.1.114027.80.5.1.8", "falcon512_p256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; From 8ebc7c169897a44fa2873da145d2eeda4258f658 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 31 Jan 2023 15:54:15 -0500 Subject: [PATCH 025/164] public key extraction working Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 120 +++++++++++++++++++++++++++-------- oqsprov/oqsprov_keys.c | 40 +++++++++++- 2 files changed, 134 insertions(+), 26 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 32cbcfb1..5d81b9bb 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -510,7 +510,13 @@ static int prepare_oqsx_params(const void *oqsxkey, int nid, int save, static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) { const OQSX_KEY *oqsxkey = vxkey; - unsigned char *keyblob; + unsigned char *keyblob, *buf; + int keybloblen, nid; + STACK_OF(ASN1_TYPE) *sk = NULL; + ASN1_TYPE *aType = NULL; + ASN1_STRING *aString = NULL; + unsigned char *temp = NULL; + X509_PUBKEY *p8info_internal = NULL; int ret = 0; OQS_ENC_PRINTF("OQS ENC provider: oqsx_spki_pub_to_der called\n"); @@ -519,36 +525,100 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (oqsxkey->keytype != KEY_TYPE_CMP_SIG){ #ifdef USE_ENCODING_LIB - if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL - && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { - unsigned char *buf; - int buflen; - int ret = 0; - const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; - buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; - - buf = OPENSSL_secure_zalloc(buflen); - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, - 0, 1); - if (ret != QSC_ENC_OK) - return -1; + if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL + && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { + unsigned char *buf; + int buflen; + int ret = 0; + const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; + buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; - *pder = buf; - return buflen; - } else { + buf = OPENSSL_secure_zalloc(buflen); + ret = qsc_encode(encoding_ctx->encoding_ctx, + encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, + 0, 1); + if (ret != QSC_ENC_OK) + return -1; + + *pder = buf; + return buflen; + } else { #endif - keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); - if (keyblob == NULL) { + keyblob = OPENSSL_memdup(oqsxkey->pubkey, oqsxkey->pubkeylen); + if (keyblob == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return 0; + } + *pder = keyblob; + return oqsxkey->pubkeylen; + #ifdef USE_ENCODING_LIB + } + #endif + }else{ + int len, len2; + if((sk = sk_ASN1_TYPE_new_null()) == NULL) + return -1; + + p8info_internal = X509_PUBKEY_new(); + aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); + + len = oqsxkey->pubkeylen - oqsxkey->pubkeylen_cmp;; + buf = OPENSSL_memdup(oqsxkey->pubkey, len); + + if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) + nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)))); + if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) + keybloblen = 0; // signal error + keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); + if (keybloblen < 0) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return 0; + keybloblen = 0; // signal error + } + + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); + + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; + + aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); + p8info_internal = X509_PUBKEY_new(); + temp = NULL; + + len2 = oqsxkey->pubkeylen_cmp; + buf = OPENSSL_memdup(oqsxkey->pubkey + len, len2); + + if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) + nid = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)))); + if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len2)) + keybloblen = 0; // signal error + keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error } - *pder = keyblob; - return oqsxkey->pubkeylen; -#ifdef USE_ENCODING_LIB + + + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); + + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; + + keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); + + return keybloblen; } -#endif + + } static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index ea3fcc7e..fc6e893d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -648,11 +648,47 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, int plen; X509_ALGOR *palg; OQSX_KEY *oqsx = NULL; + STACK_OF(ASN1_TYPE) *sk = NULL; + ASN1_TYPE *aType = NULL; + ASN1_OCTET_STRING *oct = NULL; if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { return NULL; } + if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG){ + sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); + if (sk == NULL){ + p = NULL; + plen = 0; + }else{ + unsigned char *buf, *temp, *concat_key; + int buflen, templen; + X509_PUBKEY *p8info_temp = X509_PUBKEY_new(); + X509_PUBKEY *p8info_buf = X509_PUBKEY_new(); + + aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm + temp = aType->value.sequence->data; + templen = aType->value.sequence->length; + + p8info_temp = d2i_X509_PUBKEY(&p8info_temp, &temp, templen); + X509_PUBKEY_get0_param(NULL, &temp, &templen, NULL, p8info_temp); + + aType = sk_ASN1_TYPE_pop(sk); //pop the first crypt algorithm + buf = aType->value.sequence->data; + buflen = aType->value.sequence->length; + + p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); + X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf); + + concat_key = OPENSSL_secure_malloc(buflen + templen); + + memcpy(concat_key, buf, buflen); + memcpy(concat_key + buflen, temp, templen); + p = concat_key; + plen = templen + buflen; + } + } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); return oqsx; } @@ -1430,11 +1466,13 @@ int oqsx_key_gen(OQSX_KEY *key) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1], 0); key->cmp_classical_pkey[key->numkeys - 1] = pkey; + const unsigned char *pubkey = key->comp_pubkey[key->numkeys - 1]; ON_ERR_GOTO(pkey == NULL, err); + } else { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen, key->pubkey + key->pubkeylen); + ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen - key->privkeylen_cmp, key->pubkey + key->pubkeylen - key->pubkeylen_cmp); ON_ERR_GOTO(ret, err); } From 32dd8d763255a7a329c3b15866b74eeab9e6760a Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 7 Feb 2023 16:40:03 -0500 Subject: [PATCH 026/164] raw signature verification Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 8 ++ oqsprov/oqs_sig.c | 170 +++++++++++++++++++++++++++++++++-------- oqsprov/oqsprov_keys.c | 3 +- 3 files changed, 147 insertions(+), 34 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 268dbbf2..2490513b 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -194,6 +194,14 @@ struct oqsx_key_st { typedef struct oqsx_key_st OQSX_KEY; +//composite signature +struct SignatureModel{ + ASN1_BIT_STRING *sig1; + ASN1_BIT_STRING *sig2; +}; + +typedef struct SignatureModel CompositeSignature; + char* get_oqsname(int nid); char* get_cmpname(int nid); int get_keytype(int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 5e67d946..cb29e8dd 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -84,14 +84,6 @@ static int get_aid(unsigned char **oidbuf, const char *tls_name) return (aidlen); } -//composite signature -struct SignatureModel{ - ASN1_BIT_STRING *sig1; - ASN1_BIT_STRING *sig2; -}; - -typedef struct SignatureModel CompositeSignature; - DECLARE_ASN1_FUNCTIONS(CompositeSignature) ASN1_NDEF_SEQUENCE(CompositeSignature) = { @@ -272,8 +264,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite) { - max_sig_len += sizeof(ASN1_TYPE); // ASN1 enclosing for composite - max_sig_len += 2 * sizeof(ASN1_OCTET_STRING); // octet for each signature + max_sig_len += sizeof(CompositeSignature); if (is_composite_second_classic) { max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; @@ -393,7 +384,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } else { // sign non PQC key on oqs_key - oqs_key_classic = oqsxkey->cmp_classical_pkey[0]; + oqs_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 2]; const EVP_MD *classical_md; int digest_len; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ @@ -463,7 +454,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (!is_composite_second_classic) { - if (OQS_SIG_sign(cmp_key, buf, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) + if (OQS_SIG_sign(cmp_key, temp, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; @@ -521,7 +512,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, buf, &cmp_sig_len, digest, digest_len) <= 0)) + (EVP_PKEY_sign(classical_ctx_sign, temp, &cmp_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -535,7 +526,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } - compsig->sig2->data = buf; + compsig->sig2->data = temp; compsig->sig2->length = cmp_sig_len; oqs_sig_len = i2d_CompositeSignature(compsig, &sig); @@ -570,8 +561,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; EVP_PKEY_CTX *ctx_verify = NULL; + int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); + int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); int is_hybrid = evpkey != NULL; - int is_composite = cmp_key != NULL; + int is_composite = (cmp_key != NULL || is_composite_second_classic); size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; int rv = 0; @@ -653,37 +646,148 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, index += classical_sig_len; } if(is_composite){ - size_t actual_oqs_sig_len = 0; - DECODE_UINT32(actual_oqs_sig_len, sig); - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig , actual_oqs_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-2]) != OQS_SUCCESS) { + CompositeSignature* compsig = CompositeSignature_new(); + if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) + goto endverify; + if (!is_composite_first_classic) + { + if (OQS_SIG_verify(oqs_key, tbs, tbslen, compsig->sig1->data, compsig->sig1->length, oqsxkey->comp_pubkey[oqsxkey->numkeys - 2]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + }else{//first key is classic + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 2], NULL)) == NULL + || EVP_PKEY_verify_init(ctx_verify) <= 0) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - - oqs_sig_len = actual_oqs_sig_len; - index += oqs_sig_len; - - if (OQS_SIG_verify(cmp_key, tbs, tbslen, sig + index, - siglen - oqs_sig_len, - oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) { + if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + } + unsigned char *name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p') + { + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + } + else + { // rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || + (EVP_PKEY_verify(ctx_verify, compsig->sig1->data, compsig->sig1->length, digest, digest_len) <= 0)) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } + } + if (!is_composite_second_classic) + { + if (OQS_SIG_verify(cmp_key, tbs, tbslen, compsig->sig2->data, compsig->sig2->length, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + }else{//second key is classic + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - } else { - if (!oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1], NULL)) == NULL || + EVP_PKEY_verify_init(ctx_verify) <= 0) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, - siglen - classical_sig_len, - oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) { + if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + } + unsigned char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); + if (name[0] == 'p') + { + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + } + else + { // rsa3072 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || + (EVP_PKEY_verify(ctx_verify, compsig->sig2->data, compsig->sig2->length, digest, digest_len) <= 0)) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } + } + } + else + { + if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, + siglen - classical_sig_len, + oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) + != OQS_SUCCESS) { + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } } rv = 1; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index fc6e893d..8a81922f 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -17,6 +17,7 @@ #include #include + #ifdef NDEBUG # define OQS_KEY_PRINTF(a) # define OQS_KEY_PRINTF2(a, b) @@ -1515,7 +1516,7 @@ int oqsx_key_maxsize(OQSX_KEY *key) + SIZE_OF_UINT32; case KEY_TYPE_CMP_SIG: { - int aux = 0; + int aux = sizeof(CompositeSignature); if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0) aux += key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; else From 381f98ab042fe3e3fb65bab2ff1f077984468e39 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 10 Feb 2023 10:43:53 -0500 Subject: [PATCH 027/164] change sha512 to sha256 for dgst RSA Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index cb29e8dd..a3918dd7 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -428,9 +428,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } else { // rsa3072 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || @@ -506,9 +506,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } else { // rsa3072 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || @@ -699,9 +699,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } else { // rsa3072 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); } if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || (EVP_PKEY_verify(ctx_verify, compsig->sig1->data, compsig->sig1->length, digest, digest_len) <= 0)) @@ -761,9 +761,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } else { // rsa3072 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); } if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || (EVP_PKEY_verify(ctx_verify, compsig->sig2->data, compsig->sig2->length, digest, digest_len) <= 0)) From f43a600599576a2885c22e3d15dc25604bf4c509 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 23 Feb 2023 09:32:29 -0500 Subject: [PATCH 028/164] Certificate working Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5d81b9bb..d0f30760 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -23,6 +23,9 @@ #include #include "oqs_prov.h" +#include +#include + #ifdef NDEBUG # define OQS_ENC_PRINTF(a) # define OQS_ENC_PRINTF2(a, b) @@ -54,6 +57,7 @@ struct key2any_ctx_st { void *pwcbarg; }; + typedef int check_key_type_fn(const void *key, int nid); typedef int key_to_paramstring_fn(const void *key, int nid, int save, void **str, int *strtype); @@ -295,7 +299,7 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, void *str = NULL, *strc = NULL; int strtype = V_ASN1_UNDEF; int strtypec = V_ASN1_UNDEF; - PKCS8_PRIV_KEY_INFO *p8info, *p8infoc; + PKCS8_PRIV_KEY_INFO *p8info; OQS_ENC_PRINTF("OQS ENC provider: key_to_pki_pem_priv_bio called\n"); @@ -334,8 +338,10 @@ static int key_to_spki_der_pub_bio(BIO *out, const void *key, int key_nid, if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; + xpk = oqsx_key_to_pubkey(key, key_nid, str, strtype, k2d); + if (xpk != NULL) ret = i2d_X509_PUBKEY_bio(out, xpk); @@ -484,9 +490,6 @@ static int prepare_oqsx_params(const void *oqsxkey, int nid, int save, return 0; } - if (k->keytype == KEY_TYPE_CMP_SIG) - printf("AAAAAAAAAAAA\n" ); //oqsx_provider_ctx_cmp - if (nid != NID_undef) { params = OBJ_nid2obj(nid); if (params == NULL) From bf222f308b1ed813176094203e04f7d5ce594aa1 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 21 Mar 2023 11:25:32 -0400 Subject: [PATCH 029/164] 2+ composite keys Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 132 +++++----- oqsprov/oqs_kem.c | 12 +- oqsprov/oqs_kmgmt.c | 14 +- oqsprov/oqs_prov.h | 7 +- oqsprov/oqs_sig.c | 426 +++++++++++-------------------- oqsprov/oqsprov_keys.c | 482 +++++++++++++++++++++++------------ 6 files changed, 560 insertions(+), 513 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index d0f30760..0033f00a 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -560,14 +560,44 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } #endif }else{ - int len, len2; + int len, i; + size_t previouslen = 0; + char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; - p8info_internal = X509_PUBKEY_new(); - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); + for (i = 0; i < oqsxkey->numkeys; i++){ + p8info_internal = X509_PUBKEY_new(); + aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); + temp = NULL; + get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + + len = oqsxkey->pubkeylen_cmp[i]; + buf = OPENSSL_memdup(oqsxkey->pubkey + previouslen, len); + + if(get_tlsname_fromoqs(name) == 0) + nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(name)); + if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) + keybloblen = 0; // signal error + keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); + + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; + + previouslen += len; + } + +/* len = oqsxkey->pubkeylen - oqsxkey->pubkeylen_cmp;; buf = OPENSSL_memdup(oqsxkey->pubkey, len); @@ -615,9 +645,9 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - + */ keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - + OPENSSL_free(name); return keybloblen; } @@ -635,6 +665,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_TYPE *aType = NULL; ASN1_STRING *aString = NULL; unsigned char *temp = NULL; + char* name; PKCS8_PRIV_KEY_INFO *p8info_internal = NULL; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -725,68 +756,53 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } }else{ + int i; + size_t previouslen = 0; + name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; - p8info_internal = PKCS8_PRIV_KEY_INFO_new(); - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); - - buflen = oqsxkey->privkeylen + oqsxkey->pubkeylen - oqsxkey->privkeylen_cmp - oqsxkey->pubkeylen_cmp; - buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[0], oqsxkey->privkeylen - oqsxkey->privkeylen_cmp); - memcpy(buf + oqsxkey->privkeylen - oqsxkey->privkeylen_cmp, oqsxkey->comp_pubkey[0], oqsxkey->pubkeylen - oqsxkey->pubkeylen_cmp); - - if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) - nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)))); - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } - - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) - return -1; + for (i = 0; i < oqsxkey->numkeys; i++){ + p8info_internal = PKCS8_PRIV_KEY_INFO_new(); + aType = ASN1_TYPE_new(); + aString = ASN1_OCTET_STRING_new(); + temp = NULL; + get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + + buflen = oqsxkey->privkeylen_cmp[i]; + buf = OPENSSL_memdup(oqsxkey->privkey + previouslen, buflen); + + if(get_tlsname_fromoqs(name) == 0) + nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; + else + nid = OBJ_sn2nid(get_tlsname_fromoqs(name)); + if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) + keybloblen = 0; // signal error + keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); + if (keybloblen < 0) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + keybloblen = 0; // signal error + } - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); - p8info_internal = PKCS8_PRIV_KEY_INFO_new(); - temp = NULL; + ASN1_STRING_set0(aString, temp, keybloblen); + ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - buflen = oqsxkey->privkeylen_cmp + oqsxkey->pubkeylen_cmp; - buf = OPENSSL_secure_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[1], oqsxkey->privkeylen_cmp); - memcpy(buf + oqsxkey->privkeylen_cmp, oqsxkey->comp_pubkey[1], oqsxkey->pubkeylen_cmp); + if (!sk_ASN1_TYPE_push(sk, aType)) + return -1; - if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) - nid = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)))); - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error + previouslen += buflen; } - - - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) - return -1; - keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); + OPENSSL_free(name); + OPENSSL_free(temp); + OPENSSL_free(p8info_internal); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(sk); } OPENSSL_secure_clear_free(buf, buflen); + + return keybloblen; } diff --git a/oqsprov/oqs_kem.c b/oqsprov/oqs_kem.c index 76780a16..fee636bb 100644 --- a/oqsprov/oqs_kem.c +++ b/oqsprov/oqs_kem.c @@ -109,7 +109,7 @@ static int oqs_qs_kem_encaps_keyslot(void *vpkemctx, unsigned char *out, size_t *secretlen, int keyslot) { const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; + const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; OQS_KEM_PRINTF("OQS KEM provider called: encaps\n"); if (pkemctx->kem == NULL) { @@ -133,7 +133,7 @@ static int oqs_qs_kem_decaps_keyslot(void *vpkemctx, unsigned char *out, size_t inlen, int keyslot) { const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; + const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; OQS_KEM_PRINTF("OQS KEM provider called: decaps\n"); if (pkemctx->kem == NULL) { @@ -171,7 +171,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; size_t pubkey_kexlen = 0; size_t kexDeriveLen = 0, pkeylen = 0; @@ -249,7 +249,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; size_t pubkey_kexlen = evp_ctx->evp_info->length_public_key; size_t kexDeriveLen = evp_ctx->evp_info->kex_length_secret; @@ -351,8 +351,8 @@ static int oqs_hyb_kem_decaps(void *vpkemctx, unsigned char *secret, { int ret = OQS_SUCCESS; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; - const OQS_KEM *qs_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQS_KEM *qs_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; size_t secretLen0 = 0, secretLen1 = 0; size_t ctLen0 = 0, ctLen1 = 0; diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index cbcc7a31..6d57c4aa 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -471,8 +471,6 @@ static void *oqsx_gen_init(void *provctx, int selection, char *oqs_name, gctx->libctx = libctx; gctx->cmp_name = NULL; gctx->oqs_name = OPENSSL_strdup(oqs_name); - if (primitive == KEY_TYPE_CMP_SIG) - gctx->cmp_name = OPENSSL_strdup(cmp_name); gctx->tls_name = OPENSSL_strdup(tls_name); gctx->primitive = primitive; gctx->selection = selection; @@ -864,32 +862,32 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3,"rsa3072", "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3,"rsa3072", "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3,"p256", "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3,"p256", "dilithium3_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, 128); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256", "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512,"p256", "falcon512_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 2490513b..00eaadf5 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -170,8 +170,8 @@ struct oqsx_key_st { */ size_t privkeylen; size_t pubkeylen; - size_t privkeylen_cmp; - size_t pubkeylen_cmp; + size_t *privkeylen_cmp; + size_t *pubkeylen_cmp; size_t bit_security; char *tls_name; #ifndef OQS_PROVIDER_NOATOMIC @@ -203,7 +203,8 @@ struct SignatureModel{ typedef struct SignatureModel CompositeSignature; char* get_oqsname(int nid); -char* get_cmpname(int nid); +int get_cmpname(int nid, int index, char *out); +int get_qntcmp(int nid); int get_keytype(int nid); char* get_tlsname_fromoqs(char* oqsname); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index a3918dd7..d77cc06c 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -226,21 +226,18 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; EVP_PKEY *oqs_key_classic = NULL; - OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite with PQC as second key EVP_PKEY *cmp_key_classic = NULL; EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); - int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); int is_hybrid = evpkey != NULL; - int is_composite = (cmp_key != NULL || is_composite_second_classic); + int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); size_t max_sig_len = 0; - size_t classical_sig_len = 0, oqs_sig_len = 0, cmp_sig_len = 0; + size_t classical_sig_len = 0, oqs_sig_len = 0; size_t actual_classical_sig_len = 0; size_t index = 0; int rv = 0; @@ -251,20 +248,15 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, return rv; } - if (is_composite_first_classic) - { - max_sig_len += oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - } - else - { - max_sig_len += oqs_key->length_signature; - oqs_sig_len = oqs_key->length_signature; - } + + if (is_composite) { - max_sig_len += sizeof(CompositeSignature); + max_sig_len = oqsx_key_maxsize(oqsxkey); +/* +max_sig_len += sizeof(CompositeSignature); + if (is_composite_second_classic) { max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; @@ -275,12 +267,18 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, max_sig_len += cmp_key->length_signature; cmp_sig_len = cmp_key->length_signature; } +*/ + }else + { + max_sig_len += oqs_key->length_signature; + oqs_sig_len = oqs_key->length_signature; } - if (is_hybrid) { - actual_classical_sig_len = oqsxkey->evp_info->length_signature; - max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); - } + if (is_hybrid) + { + actual_classical_sig_len = oqsxkey->evp_info->length_signature; + max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); + } @@ -370,166 +368,98 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite) { - unsigned char *buf = OPENSSL_malloc(oqs_sig_len); - unsigned char *temp = OPENSSL_malloc(cmp_sig_len); + unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); + int i; + char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); + for (i = 0; i < oqsxkey->numkeys; i++){ + get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + + if (get_tlsname_fromoqs(name)){ + oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; + buf = OPENSSL_malloc(oqs_sig_len); + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; + } + }else + { // sign non PQC key on oqs_key + oqs_key_classic = oqsxkey->cmp_classical_pkey[i]; + oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; + buf = OPENSSL_malloc(oqs_sig_len); + const EVP_MD *classical_md; + int digest_len; + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if (!is_composite_first_classic) - { - if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 2]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } - } - else - { // sign non PQC key on oqs_key - oqs_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 2]; - const EVP_MD *classical_md; - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - - if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } - } - unsigned char *name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p') - { - if (name[1] == '2') - { // p256 + + if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + } + if (name[0] == 'p') + { + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + } + else + { // rsa3072 classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if (name[1] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); - } - } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - - if (oqs_sig_len > oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature) - { - /* sig is bigger than expected */ - ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); - goto endsign; - } - } - - compsig->sig1->data = buf; - compsig->sig1->length = oqs_sig_len; - - - if (!is_composite_second_classic) - { - if (OQS_SIG_sign(cmp_key, temp, &cmp_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } - } - else - { // sign non PQC key on cmp_key - cmp_key_classic = oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1]; - const EVP_MD *classical_md; - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if ((classical_ctx_sign = EVP_PKEY_CTX_new(cmp_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } - } - unsigned char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p') - { - if (name[1] == '2') - { // p256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); - } - } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, temp, &cmp_sig_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; + if (oqs_sig_len > oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature) + { + /* sig is bigger than expected */ + ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + goto endsign; + } } - - if (cmp_sig_len > oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature) - { - /* sig is bigger than expected */ - ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); - goto endsign; + if (i == 0){ //temporary condition + compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig1->length = oqs_sig_len; + }else{ + compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig2->length = oqs_sig_len; } + } - - compsig->sig2->data = temp; - compsig->sig2->length = cmp_sig_len; - oqs_sig_len = i2d_CompositeSignature(compsig, &sig); + OPENSSL_free(name); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { @@ -555,16 +485,13 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; - OQS_SIG *cmp_key = poqs_sigctx->sig->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig; // if this value is not NULL, we're running composite + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, // we're running hybrid EVP_PKEY_CTX *classical_ctx_sign = NULL; EVP_PKEY_CTX *ctx_verify = NULL; - int is_composite_first_classic = (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); - int is_composite_second_classic = (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0); int is_hybrid = evpkey != NULL; - int is_composite = (cmp_key != NULL || is_composite_second_classic); + int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; int rv = 0; @@ -647,133 +574,88 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } if(is_composite){ CompositeSignature* compsig = CompositeSignature_new(); - if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) - goto endverify; - if (!is_composite_first_classic) - { - if (OQS_SIG_verify(oqs_key, tbs, tbslen, compsig->sig1->data, compsig->sig1->length, oqsxkey->comp_pubkey[oqsxkey->numkeys - 2]) != OQS_SUCCESS) + int i; + char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); + ASN1_STRING *buf; + size_t buf_len; + if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) + goto endverify; + + for(i = 0; i < oqsxkey->numkeys; i++){ + get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + + if (i == 0){ //temporary condition + buf = compsig->sig1->data; + buf_len = compsig->sig1->length; + }else{ + buf = compsig->sig2->data; + buf_len = compsig->sig2->length; + } + + if (get_tlsname_fromoqs(name)){ + if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - }else{//first key is classic + }else{ const EVP_MD *classical_md; int digest_len; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 2], NULL)) == NULL - || EVP_PKEY_verify_init(ctx_verify) <= 0) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || + EVP_PKEY_verify_init(ctx_verify) <= 0) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - } - unsigned char *name = get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p') - { - if (name[1] == '2') - { // p256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } } - } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || - (EVP_PKEY_verify(ctx_verify, compsig->sig1->data, compsig->sig1->length, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - } - - if (!is_composite_second_classic) - { - if (OQS_SIG_verify(cmp_key, tbs, tbslen, compsig->sig2->data, compsig->sig2->length, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - }else{//second key is classic - const EVP_MD *classical_md; - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[oqsxkey->numkeys - 1], NULL)) == NULL || - EVP_PKEY_verify_init(ctx_verify) <= 0) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - if (oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + if (name[0] == 'p') { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - goto endverify; + if (name[1] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[1] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } } - } - unsigned char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)); - if (name[0] == 'p') - { - if (name[1] == '2') - { // p256 + else + { // rsa3072 classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if (name[1] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || + (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; } + } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || - (EVP_PKEY_verify(ctx_verify, compsig->sig2->data, compsig->sig2->length, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } + } - } - else + OPENSSL_free(name); + }else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 8a81922f..25fbadd5 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -48,7 +48,6 @@ typedef struct int nid; char *tlsname; char *oqsname; - char *cmpname; int keytype; int secbits; } oqs_nid_name_t; @@ -134,14 +133,16 @@ static int get_keytype(int nid) return 0; } -char *get_tlsname_fromoqs(char *oqsname) +//get the OQS name without captalization +//return 0 if is classical +char *get_tlsname_fromoqs(char *oqsname) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { if (nid_names[i].keytype == KEY_TYPE_SIG) { - if (!strcmp(nid_names[i].oqsname, oqsname)) + if (!strcmp(nid_names[i].oqsname, oqsname) || !strcmp(nid_names[i].tlsname, oqsname)) return nid_names[i].tlsname; } } @@ -158,17 +159,62 @@ static char *get_oqsname(int nid) return 0; } -char *get_cmpname(int nid) +int get_cmpname(int nid, int index, char* name) { - int i; + int i, j; for (i = 0; i < NID_TABLE_LEN; i++) { - if (nid_names[i].nid == nid) - return nid_names[i].cmpname; + if (nid_names[i].nid == nid){ + char* s = OPENSSL_strdup(nid_names[i].tlsname); + char* token = strtok(s, "_"); + for (j = 0; j < index; j ++) + token = strtok(NULL, "_"); + OPENSSL_strlcpy(name, token, strlen(token) + 1); + OPENSSL_free(s); + return 1; + } } return 0; } +//count the amount of keys in composite structure +int get_qntcmp(int nid) +{ + int i, index = 0; + for (i = 0; i < NID_TABLE_LEN; i++) + { + if (nid_names[i].nid == nid && nid_names[i].keytype == KEY_TYPE_CMP_SIG){ + char* s = OPENSSL_strdup(nid_names[i].tlsname); + s = strtok(s, "_"); + while (s != NULL){ + s = strtok(NULL, "_"); + index++; + } + OPENSSL_free(s); + } + } + return index; +} + +//count the amount of keys in composite structure +int get_qntcmp(int nid) +{ + int i, index = 0; + for (i = 0; i < NID_TABLE_LEN; i++) + { + if (nid_names[i].nid == nid && nid_names[i].keytype == KEY_TYPE_CMP_SIG){ + char* s = OPENSSL_strdup(nid_names[i].tlsname); + s = strtok(s, "_"); + while (s != NULL){ + s = strtok(NULL, "_"); + index++; + } + OPENSSL_free(s); + } + } + return index; +} + static int get_oqsalg_idx(int nid) { int i; @@ -193,28 +239,28 @@ static int oqsx_key_set_composites(OQSX_KEY *key) else { // TBD: extend for more than 1 classic key or first OQS for composite: if (key->keytype == KEY_TYPE_CMP_SIG){ - - if (key->privkey) - { - key->comp_privkey[0] = (char *)key->privkey; - key->comp_privkey[1] - = (char *)key->privkey + key->privkeylen - key->privkeylen_cmp; - } - else - { - key->comp_privkey[0] = NULL; - key->comp_privkey[1] = NULL; - } - if (key->pubkey) - { - key->comp_pubkey[0] = (char *)key->pubkey; - key->comp_pubkey[1] - = (char *)key->pubkey + key->pubkeylen - key->pubkeylen_cmp; - } - else - { - key->comp_pubkey[0] = NULL; - key->comp_pubkey[1] = NULL; + int i; + int privlen = 0; + int publen = 0; + for (i = 0; i < key->numkeys; i++){ + if (key->privkey) + { + key->comp_privkey[i] = key->privkey + privlen; + privlen += key->privkeylen_cmp[i]; + } + else + { + key->comp_privkey[i] = NULL; + } + if (key->pubkey) + { + key->comp_pubkey[i] = key->pubkey + publen; + publen += key->pubkeylen_cmp[i]; + } + else + { + key->comp_pubkey[i] = NULL; + } } }else{ int classic_pubkey_len, classic_privkey_len; @@ -487,15 +533,29 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, plen - key->privkeylen); #endif if (key->keytype == KEY_TYPE_CMP_SIG){ - size_t first_privkeylen = key->privkeylen - key->privkeylen_cmp; + size_t privlen, publen; + size_t previous_privlen = 0; + size_t previous_publen = 0; + int i; + for (i =0; i < key->numkeys; i++){ + privlen = key->privkeylen_cmp[i]; + publen = key->pubkeylen_cmp[i]; + memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); + previous_privlen += privlen; + previous_publen += publen; + } + +/* + size_t first_privkeylen = key->privkeylen - key->privkeylen_cmp; size_t first_pubkeylen = key->pubkeylen - key->pubkeylen_cmp; memcpy(key->privkey, p, first_privkeylen); memcpy(key->privkey + first_privkeylen, p + first_privkeylen + first_pubkeylen, key->privkeylen_cmp); - memcpy(key->pubkey, p + first_privkeylen, first_pubkeylen); - memcpy(key->pubkey + first_pubkeylen, p + key->privkeylen + first_pubkeylen, key->pubkeylen_cmp); - + memcpy(key->pubkey, p + first_privkeylen, first_pubkeylen); + memcpy(key->pubkey + first_pubkeylen, p + key->privkeylen + first_pubkeylen, key->pubkeylen_cmp); + */ }else{ memcpy(key->privkey, p, key->privkeylen); memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); @@ -574,7 +634,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } } if (key->keytype == KEY_TYPE_CMP_SIG){ + int i; + char *name = OPENSSL_malloc(strlen(key->tls_name)); if (op == KEY_OP_PUBLIC){ +/* if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) @@ -591,24 +654,29 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) }else{ key->cmp_classical_pkey[key->numkeys - 2] = NULL; } - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ - EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) - { - npk = setECParams(npk, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid); - } - const unsigned char *enc_pubkey_comp = key->comp_pubkey[key->numkeys - 1]; - key->cmp_classical_pkey[key->numkeys - 1] = d2i_PublicKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key); - if (!key->cmp_classical_pkey[key->numkeys - 1]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; +*/ + for (i = 0; i < key->numkeys; i++){ + get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + if (get_tlsname_fromoqs(name) == 0){ + EVP_PKEY *npk = EVP_PKEY_new(); + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) + { + npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); + } + const unsigned char *enc_pubkey = key->comp_pubkey[i]; + key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); + if (!key->cmp_classical_pkey[i]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } - }else{ - key->cmp_classical_pkey[key->numkeys - 1] = NULL; + } } + if (op == KEY_OP_PRIVATE){ +/* if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ const unsigned char *enc_privkey = key->comp_privkey[key->numkeys - 2]; key->cmp_classical_pkey[key->numkeys - 2] = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); @@ -620,18 +688,22 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) }else{ key->cmp_classical_pkey[key->numkeys - 2] = NULL; } - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_privkey_comp = key->comp_privkey[key->numkeys - 1]; - key->cmp_classical_pkey[key->numkeys - 1] = d2i_PrivateKey(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey_comp, key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key); - if (!key->cmp_classical_pkey[key->numkeys - 1]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + */ + for (i = 0; i < key->numkeys; i++){ + get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + if (get_tlsname_fromoqs(name) == 0){ + const unsigned char *enc_privkey = key->comp_privkey[i]; + key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); + if (!key->cmp_classical_pkey[i]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } } - }else{ - key->cmp_classical_pkey[key->numkeys - 1] = NULL; + } } + OPENSSL_free(name); } return key; @@ -652,6 +724,10 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; ASN1_OCTET_STRING *oct = NULL; + X509_PUBKEY *p8info_buf = X509_PUBKEY_new(); + const unsigned char *buf; + unsigned char *concat_key; + int count, aux, i, buflen; if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { @@ -663,11 +739,26 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, p = NULL; plen = 0; }else{ - unsigned char *buf, *temp, *concat_key; - int buflen, templen; - X509_PUBKEY *p8info_temp = X509_PUBKEY_new(); - X509_PUBKEY *p8info_buf = X509_PUBKEY_new(); + count = sk_ASN1_TYPE_num(sk); + concat_key = OPENSSL_secure_malloc(plen); + + aux = 0; + for (i = 0; i < count; i++){ + aType = sk_ASN1_TYPE_pop(sk); + buf = aType->value.sequence->data; + buflen = aType->value.sequence->length; + + p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); + if (!X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf)) + return NULL; + + aux += buflen; + memcpy(concat_key + plen - aux, buf, buflen); + } + p = concat_key + plen - aux; + plen = aux; +/* aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm temp = aType->value.sequence->data; templen = aType->value.sequence->length; @@ -687,10 +778,14 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, memcpy(concat_key, buf, buflen); memcpy(concat_key + buflen, temp, templen); p = concat_key; - plen = templen + buflen; + plen = templen + buflen; +*/ + // OPENSSL_free(buf); + // OPENSSL_free(buflen); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); + return oqsx; } @@ -705,6 +800,10 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, const X509_ALGOR *palg; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; + const unsigned char *buf; + unsigned char *concat_key; + int count, aux, i, buflen; + PKCS8_PRIV_KEY_INFO *p8info_buf = PKCS8_PRIV_KEY_INFO_new(); if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; @@ -727,31 +826,25 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, p = NULL; plen = 0; }else{ - unsigned char *buf, *temp, *concat_key; - int buflen, templen; - PKCS8_PRIV_KEY_INFO *p8info_temp = PKCS8_PRIV_KEY_INFO_new(); - PKCS8_PRIV_KEY_INFO *p8info_buf = PKCS8_PRIV_KEY_INFO_new(); - - aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm - temp = aType->value.sequence->data; - templen = aType->value.sequence->length; - - p8info_temp = d2i_PKCS8_PRIV_KEY_INFO(&p8info_temp, &temp, templen); - PKCS8_pkey_get0(NULL, &temp, &templen, NULL, p8info_temp); - - aType = sk_ASN1_TYPE_pop(sk); //pop the first crypt algorithm - buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; - - p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); - PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf); - - concat_key = OPENSSL_secure_malloc(buflen + templen); + count = sk_ASN1_TYPE_num(sk); + concat_key = OPENSSL_secure_malloc(plen); + + aux = 0; + for (i = 0; i < count; i++){ + aType = sk_ASN1_TYPE_pop(sk); + buf = aType->value.sequence->data; + buflen = aType->value.sequence->length; + + p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); + if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf)) + return NULL; + + aux += buflen; + memcpy(concat_key + plen - aux, buf, buflen); + } - memcpy(concat_key, buf, buflen); - memcpy(concat_key + buflen, temp, templen); - p = concat_key; - plen = templen + buflen; + p = concat_key + plen - aux; + plen = aux; } } @@ -903,7 +996,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, printf("13\n"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; - int ret2 = 0, ret3 = 0; + int ret2 = 0; if (ret == NULL) goto err; @@ -933,8 +1026,9 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { fprintf( stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?\n", @@ -962,17 +1056,17 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } #endif ret->privkeylen - = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; + = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen - = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key; ret->keytype = KEY_TYPE_SIG; break; case KEY_TYPE_KEM: ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); + if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( stderr, "Could not create OQS KEM algorithm %s. Enabled in liboqs?\n", @@ -980,15 +1074,15 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } ret->privkeylen - = ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key; + = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_secret_key; ret->pubkeylen - = ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key; + = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key; ret->keytype = KEY_TYPE_KEM; break; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); + if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( stderr, "Could not create OQS KEM algorithm %s. Enabled in liboqs?\n", @@ -1007,18 +1101,18 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key + + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_secret_key + evp_ctx->evp_info->length_private_key; ret->pubkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key + + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key + evp_ctx->evp_info->length_public_key; - ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; + ret->oqsx_provider_ctx[0].oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; break; case KEY_TYPE_HYB_SIG: - ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { fprintf( stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?\n", @@ -1036,38 +1130,59 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_secret_key + evp_ctx->evp_info->length_private_key; ret->pubkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key + evp_ctx->evp_info->length_public_key; - ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; + ret->oqsx_provider_ctx[0].oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; ret->evp_info = evp_ctx->evp_info; ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); break; case KEY_TYPE_CMP_SIG: - if (get_tlsname_fromoqs(oqs_name) != 0) - { - ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) + int i; + char* name = OPENSSL_malloc(strlen(tls_name)); + ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); + ret->privkeylen = 0; + ret->pubkeylen = 0; + ret->oqsx_provider_ctx = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + + for (i = 0; i < ret->numkeys; i++){ + get_cmpname(OBJ_sn2nid(tls_name), i, name); + if (get_tlsname_fromoqs(name) != 0) { - fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", oqs_name); - goto err; + ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(name); + if (!ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig) + { + fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", name); + goto err; + } + ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_public_key; } + else + { + evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); + ON_ERR_GOTO(!evp_ctx, err); + + ret2 = oqsx_hybsig_init(bit_security, evp_ctx, name); + ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); + ret->oqsx_provider_ctx[i].oqsx_evp_ctx = evp_ctx; + ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_private_key; + ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key; + } + ret->privkeylen += ret->privkeylen_cmp[i]; + ret->pubkeylen += ret->pubkeylen_cmp[i]; } - else - { - evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); - ON_ERR_GOTO(!evp_ctx, err); - - ret2 = oqsx_hybsig_init(bit_security, evp_ctx, oqs_name); - ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); - ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; - } - +/* if (get_tlsname_fromoqs(cmp_name) != 0) { ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); @@ -1085,12 +1200,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret3 = oqsx_hybsig_init(bit_security, evp_ctx, cmp_name); ON_ERR_GOTO(ret3 <= 0 || !evp_ctx->ctx, err); ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx = evp_ctx; - } + } - ret->numkeys = 2; - ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); if (ret2) { ret->privkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_private_key; @@ -1113,6 +1224,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } ret->privkeylen += ret->privkeylen_cmp; ret->pubkeylen += ret->pubkeylen_cmp; +*/ ret->keytype = primitive; break; @@ -1174,29 +1286,38 @@ void oqsx_key_free(OQSX_KEY *key) OPENSSL_free(key->comp_pubkey); OPENSSL_free(key->comp_privkey); if (key->keytype == KEY_TYPE_KEM) - OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); + OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { - OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); + OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); } else OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); EVP_PKEY_free(key->classical_pkey); if (key->oqsx_provider_ctx.oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); + EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); } if(key->keytype == KEY_TYPE_CMP_SIG){ - if (key->oqsx_provider_ctx.oqsx_qs_ctx.sig == NULL) - OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); - else - OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + int i; + char *name = OPENSSL_malloc(strlen(key->tls_name));; + for (i = 0; i < key->numkeys; i ++){ + get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + if (get_tlsname_fromoqs(name)) + OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); + else + OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); + + } + OPENSSL_free(name); +/* if (key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig == NULL) OPENSSL_free(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx); else OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); + */ }else - OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); @@ -1309,12 +1430,12 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { printf("18\n"); if (gen_kem) - return OQS_KEM_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.kem, + return OQS_KEM_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1]); else { if (key->keytype == KEY_TYPE_CMP_SIG) - return -(OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, + return -(OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, key->comp_pubkey[key->numkeys-2], key->comp_privkey[key->numkeys-2]) || OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, @@ -1432,7 +1553,7 @@ int oqsx_key_gen(OQSX_KEY *key) } else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM || key->keytype == KEY_TYPE_HYB_SIG) { - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[0].oqsx_evp_ctx, key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey == NULL, err); ret = !oqsx_key_set_composites(key); @@ -1448,22 +1569,39 @@ int oqsx_key_gen(OQSX_KEY *key) pkey = NULL; ret = oqsx_key_gen_oqs(key, 1); } - } else if(key->keytype == KEY_TYPE_CMP_SIG){ - if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 0); - ON_ERR_GOTO(pkey == NULL, err); - key->cmp_classical_pkey[0] = pkey; - ON_ERR_GOTO(ret, err); - } - else - { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->pubkey, key->privkey); - ON_ERR_GOTO(ret, err); - } - + } + else if (key->keytype == KEY_TYPE_CMP_SIG) + { + int i; + char* name = OPENSSL_malloc(strlen(key->tls_name)); ret = oqsx_key_set_composites(key); + for (i = 0; i < key->numkeys; i++){ + get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + if (get_tlsname_fromoqs(name) == 0) + { +// if (i == 0) +// pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->pubkey, key->privkey, 0); +// else + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); + ON_ERR_GOTO(pkey == NULL, err); + key->cmp_classical_pkey[i] = pkey; + ON_ERR_GOTO(ret, err); + } + else + { +// if (i == 0) +// ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->pubkey, key->privkey); +// else + ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); + ON_ERR_GOTO(ret, err); + } +// if (i == 0) +// ret = oqsx_key_set_composites(key); + + } - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) +/* + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name), key->numkeys - 1)) == 0) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1], 0); key->cmp_classical_pkey[key->numkeys - 1] = pkey; @@ -1475,10 +1613,13 @@ int oqsx_key_gen(OQSX_KEY *key) { ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen - key->privkeylen_cmp, key->pubkey + key->pubkeylen - key->pubkeylen_cmp); ON_ERR_GOTO(ret, err); - } + } +*/ -}else if (key->keytype == KEY_TYPE_SIG) { - ret = !oqsx_key_set_composites(key); + } + else if (key->keytype == KEY_TYPE_SIG) + { + ret = !oqsx_key_set_composites(key); // 1 ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); // 18 } @@ -1503,28 +1644,37 @@ int oqsx_key_maxsize(OQSX_KEY *key) { switch (key->keytype) { case KEY_TYPE_KEM: - return key->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_shared_secret; + return key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_ECP_HYB_KEM: case KEY_TYPE_ECX_HYB_KEM: - return key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->kex_length_secret - + key->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_shared_secret; + return key->oqsx_provider_ctx[0].oqsx_evp_ctx->evp_info->kex_length_secret + + key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_SIG: - return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; + return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature; case KEY_TYPE_HYB_SIG: - return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature - + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature + + key->oqsx_provider_ctx[0].oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; case KEY_TYPE_CMP_SIG: { int aux = sizeof(CompositeSignature); - if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0) - aux += key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - else - aux += key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name))) == 0) + int i; + char *name = OPENSSL_malloc(strlen(key->tls_name));; + for (i = 0; i < key->numkeys; i ++){ + get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + if (get_tlsname_fromoqs(name) == 0) + aux += key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; + else + aux += key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; + + } + OPENSSL_free(name); +/* + if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name), key->numkeys - 1)) == 0) aux += key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; else aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; + */ return aux; } default: From 323538fa085161a2a4e221fb71891b81dbb1e5e7 Mon Sep 17 00:00:00 2001 From: felipe Date: Tue, 21 Mar 2023 14:13:02 -0400 Subject: [PATCH 030/164] bugfix Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 12 +++++------- oqsprov/oqsprov_keys.c | 6 +++--- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 0033f00a..cfa9a401 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -561,7 +561,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) #endif }else{ int len, i; - size_t previouslen = 0; char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -574,7 +573,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); len = oqsxkey->pubkeylen_cmp[i]; - buf = OPENSSL_memdup(oqsxkey->pubkey + previouslen, len); + buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); if(get_tlsname_fromoqs(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; @@ -594,7 +593,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - previouslen += len; } /* @@ -757,7 +755,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } }else{ int i; - size_t previouslen = 0; name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -769,8 +766,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) temp = NULL; get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); - buflen = oqsxkey->privkeylen_cmp[i]; - buf = OPENSSL_memdup(oqsxkey->privkey + previouslen, buflen); + buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; + buf = OPENSSL_malloc(buflen); + memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); + memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); if(get_tlsname_fromoqs(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; @@ -790,7 +789,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - previouslen += buflen; } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(name); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 25fbadd5..4ec2ca11 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -92,11 +92,11 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128}, - {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, "rsa3072", + {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, "p256", + {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "falcon512_p256", OQS_SIG_alg_falcon_512, "p256", + {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; From e0521a3c3f4b870b1133ebda2683e4089d5b2e23 Mon Sep 17 00:00:00 2001 From: Felipe Date: Tue, 21 Mar 2023 15:32:52 -0400 Subject: [PATCH 031/164] removed prints and old commented code Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 79 +------------ oqsprov/oqs_prov.h | 2 +- oqsprov/oqs_sig.c | 18 +-- oqsprov/oqsprov_keys.c | 210 ++++------------------------------- 4 files changed, 30 insertions(+), 279 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index cfa9a401..5aaec4fd 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -83,7 +83,6 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, void *params, int params_type, i2d_of_void *k2d) { - printf("e2\n" ); /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; int derlen; @@ -111,7 +110,6 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, struct key2any_ctx_st *ctx) { - printf("e3\n" ); X509_SIG *p8 = NULL; char kstr[PEM_BUFSIZE]; size_t klen = 0; @@ -156,7 +154,6 @@ static X509_PUBKEY *oqsx_key_to_pubkey(const void *key, int key_nid, void *params, int params_type, i2d_of_void k2d) { - printf("e5\n" ); /* der, derlen store the key DER output and its length */ unsigned char *der = NULL; int derlen; @@ -205,7 +202,6 @@ static int key_to_epki_der_priv_bio(BIO *out, const void *key, int key_nid, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e6\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -234,7 +230,6 @@ static int key_to_epki_pem_priv_bio(BIO *out, const void *key, int key_nid, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e7\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -262,7 +257,6 @@ static int key_to_pki_der_priv_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e8\n" ); int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; @@ -294,7 +288,6 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e9\n" ); int ret = 0, cmp_len = 0; void *str = NULL, *strc = NULL; int strtype = V_ASN1_UNDEF; @@ -326,7 +319,6 @@ static int key_to_spki_der_pub_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e10\n" ); int ret = 0; OQSX_KEY *okey = (OQSX_KEY *)key; X509_PUBKEY *xpk = NULL; @@ -354,7 +346,6 @@ static int key_to_spki_pem_pub_bio(BIO *out, const void *key, int key_nid, key_to_paramstring_fn *p2s, i2d_of_void *k2d, struct key2any_ctx_st *ctx) { - printf("e11\n" ); int ret = 0; X509_PUBKEY *xpk = NULL; void *str = NULL; @@ -477,7 +468,6 @@ called\n"); static int prepare_oqsx_params(const void *oqsxkey, int nid, int save, void **pstr, int *pstrtype) { - printf("e12\n" ); ASN1_OBJECT *params = NULL; OQSX_KEY *k = (OQSX_KEY *)oqsxkey; @@ -575,10 +565,10 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) len = oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - if(get_tlsname_fromoqs(name) == 0) + if(get_oqsname_fromtls(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else - nid = OBJ_sn2nid(get_tlsname_fromoqs(name)); + nid = OBJ_sn2nid(name); if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) keybloblen = 0; // signal error keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); @@ -594,56 +584,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) return -1; } - -/* - len = oqsxkey->pubkeylen - oqsxkey->pubkeylen_cmp;; - buf = OPENSSL_memdup(oqsxkey->pubkey, len); - - if(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) - nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(oqsxkey->tls_name)))); - if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) - keybloblen = 0; // signal error - keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } - - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) - return -1; - - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); - p8info_internal = X509_PUBKEY_new(); - temp = NULL; - - len2 = oqsxkey->pubkeylen_cmp; - buf = OPENSSL_memdup(oqsxkey->pubkey + len, len2); - - if(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name))) == 0) - nid = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(oqsxkey->tls_name)))); - if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len2)) - keybloblen = 0; // signal error - keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } - - - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) - return -1; - */ keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(name); return keybloblen; @@ -771,10 +711,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - if(get_tlsname_fromoqs(name) == 0) + if(get_oqsname_fromtls(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else - nid = OBJ_sn2nid(get_tlsname_fromoqs(name)); + nid = OBJ_sn2nid(name); if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) keybloblen = 0; // signal error keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); @@ -908,7 +848,6 @@ static OSSL_FUNC_decoder_freectx_fn key2any_freectx; static void *key2any_newctx(void *provctx) { - printf("e15\n" ); struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); OQS_ENC_PRINTF("OQS ENC provider: key2any_newctx called\n"); @@ -923,7 +862,6 @@ static void *key2any_newctx(void *provctx) static void key2any_freectx(void *vctx) { - printf("e16\n" ); struct key2any_ctx_st *ctx = vctx; OQS_ENC_PRINTF("OQS ENC provider: key2any_freectx called\n"); @@ -934,7 +872,6 @@ static void key2any_freectx(void *vctx) static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) { - printf("e17\n" ); static const OSSL_PARAM settables[] = { OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), @@ -948,7 +885,6 @@ static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { - printf("e18\n" ); struct key2any_ctx_st *ctx = vctx; OSSL_LIB_CTX *libctx = ctx->provctx->libctx; const OSSL_PARAM *cipherp @@ -985,13 +921,12 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; } } - printf(" cipher set to %p: \n", ctx->cipher); + OQS_ENC_PRINTF2(" cipher set to %p: \n", ctx->cipher); return 1; } static int key2any_check_selection(int selection, int selection_mask) { - printf("e19\n" ); /* * The selections are kinda sorta "levels", i.e. each selection given * here is assumed to include those following. @@ -1036,7 +971,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, key_to_paramstring_fn *key2paramstring, i2d_of_void *key2der) { - printf("e20\n" ); int ret = 0; int type = OBJ_sn2nid(typestr); OQSX_KEY *oqsk = (OQSX_KEY *)key; @@ -1049,7 +983,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, if (key == NULL || type <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); - printf("HERE\n" ); } else if (writer != NULL) { // Is ref counting really needed? For now, do it as per // https://beta.openssl.org/docs/manmaster/man3/BIO_new_from_core_bio.html: @@ -1067,7 +1000,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, } else { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); } - printf(" encode result: %d\n", ret); + OQS_ENC_PRINTF2(" encode result: %d\n", ret); // OQS_ENC_PRINTF2(" encode result: %d\n", ret); return ret; } diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 00eaadf5..0fa8c78a 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -206,7 +206,7 @@ char* get_oqsname(int nid); int get_cmpname(int nid, int index, char *out); int get_qntcmp(int nid); int get_keytype(int nid); -char* get_tlsname_fromoqs(char* oqsname); +char* get_oqsname_fromtls(char* oqsname); /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index d77cc06c..448b2d00 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -254,20 +254,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite) { max_sig_len = oqsx_key_maxsize(oqsxkey); -/* -max_sig_len += sizeof(CompositeSignature); - - if (is_composite_second_classic) - { - max_sig_len += oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - cmp_sig_len = oqsxkey->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - } - else - { - max_sig_len += cmp_key->length_signature; - cmp_sig_len = cmp_key->length_signature; - } -*/ }else { max_sig_len += oqs_key->length_signature; @@ -375,7 +361,7 @@ max_sig_len += sizeof(CompositeSignature); for (i = 0; i < oqsxkey->numkeys; i++){ get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); - if (get_tlsname_fromoqs(name)){ + if (get_oqsname_fromtls(name)){ oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; buf = OPENSSL_malloc(oqs_sig_len); if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) @@ -592,7 +578,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, buf_len = compsig->sig2->length; } - if (get_tlsname_fromoqs(name)){ + if (get_oqsname_fromtls(name)){ if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4ec2ca11..b956936a 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -133,20 +133,19 @@ static int get_keytype(int nid) return 0; } -//get the OQS name without captalization -//return 0 if is classical -char *get_tlsname_fromoqs(char *oqsname) + +char *get_oqsname_fromtls(char *tlsname) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { if (nid_names[i].keytype == KEY_TYPE_SIG) { - if (!strcmp(nid_names[i].oqsname, oqsname) || !strcmp(nid_names[i].tlsname, oqsname)) - return nid_names[i].tlsname; + if (!strcmp(nid_names[i].oqsname, tlsname) || !strcmp(nid_names[i].tlsname, tlsname)) + return nid_names[i].oqsname; } } - return 0; + return 0; //classical } static char *get_oqsname(int nid) @@ -196,25 +195,6 @@ int get_qntcmp(int nid) return index; } -//count the amount of keys in composite structure -int get_qntcmp(int nid) -{ - int i, index = 0; - for (i = 0; i < NID_TABLE_LEN; i++) - { - if (nid_names[i].nid == nid && nid_names[i].keytype == KEY_TYPE_CMP_SIG){ - char* s = OPENSSL_strdup(nid_names[i].tlsname); - s = strtok(s, "_"); - while (s != NULL){ - s = strtok(NULL, "_"); - index++; - } - OPENSSL_free(s); - } - } - return index; -} - static int get_oqsalg_idx(int nid) { int i; @@ -312,7 +292,6 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx) void oqsx_key_set0_libctx(OQSX_KEY *key, OSSL_LIB_CTX *libctx) { - printf("4\n"); key->libctx = libctx; } @@ -367,7 +346,6 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int plen, oqsx_key_op_t op, OSSL_LIB_CTX *libctx, const char *propq) { - printf("7\n"); OQSX_KEY *key = NULL; void **privkey, **pubkey; int nid = NID_undef; @@ -546,16 +524,6 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_publen += publen; } -/* - size_t first_privkeylen = key->privkeylen - key->privkeylen_cmp; - size_t first_pubkeylen = key->pubkeylen - key->pubkeylen_cmp; - - memcpy(key->privkey, p, first_privkeylen); - memcpy(key->privkey + first_privkeylen, p + first_privkeylen + first_pubkeylen, key->privkeylen_cmp); - - memcpy(key->pubkey, p + first_privkeylen, first_pubkeylen); - memcpy(key->pubkey + first_pubkeylen, p + key->privkeylen + first_pubkeylen, key->pubkeylen_cmp); - */ }else{ memcpy(key->privkey, p, key->privkeylen); memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); @@ -637,27 +605,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) int i; char *name = OPENSSL_malloc(strlen(key->tls_name)); if (op == KEY_OP_PUBLIC){ -/* - if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) - { - npk = setECParams(npk, key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid); - } - const unsigned char *enc_pubkey = key->comp_pubkey[key->numkeys - 2]; - key->cmp_classical_pkey[key->numkeys - 2] = d2i_PublicKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, plen); - if (!key->cmp_classical_pkey[key->numkeys - 2]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - }else{ - key->cmp_classical_pkey[key->numkeys - 2] = NULL; - } -*/ + for (i = 0; i < key->numkeys; i++){ get_cmpname(OBJ_sn2nid(key->tls_name), i, name); - if (get_tlsname_fromoqs(name) == 0){ + if (get_oqsname_fromtls(name) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) { @@ -676,22 +627,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (op == KEY_OP_PRIVATE){ -/* - if (get_tlsname_fromoqs(get_oqsname(OBJ_sn2nid(key->tls_name))) == 0){ - const unsigned char *enc_privkey = key->comp_privkey[key->numkeys - 2]; - key->cmp_classical_pkey[key->numkeys - 2] = d2i_PrivateKey(key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, plen); - if (!key->cmp_classical_pkey[key->numkeys - 2]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - }else{ - key->cmp_classical_pkey[key->numkeys - 2] = NULL; - } - */ + for (i = 0; i < key->numkeys; i++){ get_cmpname(OBJ_sn2nid(key->tls_name), i, name); - if (get_tlsname_fromoqs(name) == 0){ + if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); if (!key->cmp_classical_pkey[i]) @@ -716,7 +655,6 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, const char *propq) { - printf("8\n"); const unsigned char *p; int plen; X509_ALGOR *palg; @@ -758,30 +696,6 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, p = concat_key + plen - aux; plen = aux; -/* - aType = sk_ASN1_TYPE_pop(sk); //pop the second crypt algorithm - temp = aType->value.sequence->data; - templen = aType->value.sequence->length; - - p8info_temp = d2i_X509_PUBKEY(&p8info_temp, &temp, templen); - X509_PUBKEY_get0_param(NULL, &temp, &templen, NULL, p8info_temp); - - aType = sk_ASN1_TYPE_pop(sk); //pop the first crypt algorithm - buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; - - p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); - X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf); - - concat_key = OPENSSL_secure_malloc(buflen + templen); - - memcpy(concat_key, buf, buflen); - memcpy(concat_key + buflen, temp, templen); - p = concat_key; - plen = templen + buflen; -*/ - // OPENSSL_free(buf); - // OPENSSL_free(buflen); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); @@ -792,7 +706,6 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) { - printf("9\n"); OQSX_KEY *oqsx = NULL; const unsigned char *p; int plen; @@ -881,7 +794,6 @@ static const OQSX_EVP_INFO nids_ecx[] = { static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, char *algname) { - printf("10\n"); int ret = 1; int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 2, err); @@ -925,7 +837,6 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("11\n"); int ret = 1; int idx = 0; while (idx < sizeof(OQSX_ECP_NAMES)) { @@ -956,7 +867,6 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { - printf("12\n"); int ret = 1; int idx = 0; @@ -993,7 +903,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { - printf("13\n"); OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; int ret2 = 0; @@ -1157,9 +1066,9 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, for (i = 0; i < ret->numkeys; i++){ get_cmpname(OBJ_sn2nid(tls_name), i, name); - if (get_tlsname_fromoqs(name) != 0) + if (get_oqsname_fromtls(name) != 0) { - ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(name); + ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(get_oqsname_fromtls(name)); if (!ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig) { fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", name); @@ -1182,49 +1091,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->privkeylen += ret->privkeylen_cmp[i]; ret->pubkeylen += ret->pubkeylen_cmp[i]; } -/* - if (get_tlsname_fromoqs(cmp_name) != 0) - { - ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig = OQS_SIG_new(cmp_name); - if (!ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig) - { - fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?B\n", cmp_name); - goto err; - } - } - else - { - evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); - ON_ERR_GOTO(!evp_ctx, err); - - ret3 = oqsx_hybsig_init(bit_security, evp_ctx, cmp_name); - ON_ERR_GOTO(ret3 <= 0 || !evp_ctx->ctx, err); - ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx = evp_ctx; - } - - if (ret2) - { - ret->privkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_private_key; - ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_public_key; - } - else - { - ret->privkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; - } - if (ret3) - { - ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_private_key; - ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_public_key; - } - else - { - ret->privkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen_cmp = ret->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_public_key; - } - ret->privkeylen += ret->privkeylen_cmp; - ret->pubkeylen += ret->pubkeylen_cmp; -*/ ret->keytype = primitive; break; @@ -1247,7 +1113,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } - printf("OQSX_KEY: new key created: %p\n", ret); + OQS_KEY_PRINTF2("OQSX_KEY: new key created: %p\n", ret); return ret; err: ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); @@ -1257,7 +1123,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, void oqsx_key_free(OQSX_KEY *key) { - printf("14\n"); int refcnt; if (key == NULL) return; @@ -1303,20 +1168,16 @@ void oqsx_key_free(OQSX_KEY *key) char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ get_cmpname(OBJ_sn2nid(key->tls_name), i, name); - if (get_tlsname_fromoqs(name)) + if (get_oqsname_fromtls(name)) OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); else OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); } OPENSSL_free(name); -/* - if (key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig == NULL) - OPENSSL_free(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx); - else - OQS_SIG_free(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig); - */ - }else + + } + else OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); #ifdef OQS_PROVIDER_NOATOMIC @@ -1329,7 +1190,6 @@ void oqsx_key_free(OQSX_KEY *key) int oqsx_key_up_ref(OQSX_KEY *key) { - printf("15\n"); int refcnt; #ifndef OQS_PROVIDER_NOATOMIC @@ -1349,7 +1209,6 @@ int oqsx_key_up_ref(OQSX_KEY *key) int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) { - printf("16\n"); int ret = 0, aux = 0; if (key->keytype != KEY_TYPE_CMP_SIG) @@ -1371,7 +1230,6 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { - printf("17\n"); const OSSL_PARAM *p; OQS_KEY_PRINTF("OQSX Key from data called\n"); @@ -1454,7 +1312,6 @@ printf("18\n"); static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *privkey, int encode) { - printf("19\n"); int ret = 0, ret2 = 0, aux = 0; // Free at errhyb: @@ -1536,7 +1393,6 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, * OQSX_KEY */ int oqsx_key_gen(OQSX_KEY *key) { - printf("20\n"); int ret = 0; EVP_PKEY *pkey = NULL; @@ -1577,7 +1433,7 @@ int oqsx_key_gen(OQSX_KEY *key) ret = oqsx_key_set_composites(key); for (i = 0; i < key->numkeys; i++){ get_cmpname(OBJ_sn2nid(key->tls_name), i, name); - if (get_tlsname_fromoqs(name) == 0) + if (get_oqsname_fromtls(name) == 0) { // if (i == 0) // pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->pubkey, key->privkey, 0); @@ -1589,32 +1445,14 @@ int oqsx_key_gen(OQSX_KEY *key) } else { -// if (i == 0) -// ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->pubkey, key->privkey); -// else - ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); + ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); ON_ERR_GOTO(ret, err); } -// if (i == 0) -// ret = oqsx_key_set_composites(key); + } -/* - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name), key->numkeys - 1)) == 0) - { - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx_cmp.oqsx_evp_ctx, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1], 0); - key->cmp_classical_pkey[key->numkeys - 1] = pkey; - const unsigned char *pubkey = key->comp_pubkey[key->numkeys - 1]; - ON_ERR_GOTO(pkey == NULL, err); - } - else - { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, key->privkey + key->privkeylen - key->privkeylen_cmp, key->pubkey + key->pubkeylen - key->pubkeylen_cmp); - ON_ERR_GOTO(ret, err); - } -*/ } else if (key->keytype == KEY_TYPE_SIG) @@ -1662,19 +1500,13 @@ int oqsx_key_maxsize(OQSX_KEY *key) char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ get_cmpname(OBJ_sn2nid(key->tls_name), i, name); - if (get_tlsname_fromoqs(name) == 0) + if (get_oqsname_fromtls(name) == 0) aux += key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; else aux += key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; } - OPENSSL_free(name); -/* - if (get_tlsname_fromoqs(get_cmpname(OBJ_sn2nid(key->tls_name), key->numkeys - 1)) == 0) - aux += key->oqsx_provider_ctx_cmp.oqsx_evp_ctx->evp_info->length_signature; - else - aux += key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig->length_signature; - */ + OPENSSL_free(name); return aux; } default: From 2985284bd9e0e668a6402b77f716480d94e7be00 Mon Sep 17 00:00:00 2001 From: Felipe Date: Tue, 21 Mar 2023 15:34:40 -0400 Subject: [PATCH 032/164] remove notes.txt Signed-off-by: Felipe Ventura --- notes.txt | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 notes.txt diff --git a/notes.txt b/notes.txt deleted file mode 100644 index f38caa07..00000000 --- a/notes.txt +++ /dev/null @@ -1,33 +0,0 @@ -###CREATE QUANTUM SAFE KEY PAIR - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl req -x509 -new -newkey p521_dilithium5 -keyout qsc.key -out qsc.crt -nodes -subj "/CN=oqstest" -days 365 -config /home/feventura/Documents/openssl/apps/openssl.cnf -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default - -###SIGN DATA - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -in test.txt -sign -signer qsc.crt -inkey qsc.key -nodetach -outform pem -binary -out signedfile -md sha512 -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider default -provider oqsprovider - -##VERIFY DATA - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -verify -CAfile qsc.crt -inform pem -in signedfile -crlfeol -out outputfile -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default - -##CREATE TEST SIGNATURE (from oqsprov/test) - -gcc oqs_test_signatures.c test_common.o -L ../openssl -lcrypto -o output_signatures - -##RUN TEST SIGNARURE (from oqsprov/test) - -./output_signatures oqsprovider /home/feventura/Documents/oqs-provider/test/oqs.cnf - -##IMPLEMENT CHANGES TO oqs_sig.c TO PROVIDER (from oqsprov/test) - -cd .. && cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && cd test/ - -##IMPLEMENT CHANGES THEN COMPILE AND RUN TEST (generic version, from oqsprov) - -cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf - -##IMPLEMENT CHANGES THEN BUILD DEPENDENCY LIBRARY THEN COMPILE AND RUN TEST (generic version, from oqsprov) - -cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc -Wall -c ./test/test_common.c && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf - - From e45b82260b5101d95919426e44bcb30ac3670bb9 Mon Sep 17 00:00:00 2001 From: Felipe Date: Tue, 28 Mar 2023 13:52:00 -0400 Subject: [PATCH 033/164] signature ASN1 structure for 2+ keys Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 3 +-- oqsprov/oqs_sig.c | 51 ++++++++++++++++++++++++++++++++-------------- 2 files changed, 37 insertions(+), 17 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 0fa8c78a..e38b8d60 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -196,8 +196,7 @@ typedef struct oqsx_key_st OQSX_KEY; //composite signature struct SignatureModel{ - ASN1_BIT_STRING *sig1; - ASN1_BIT_STRING *sig2; + STACK_OF(ASN1_BIT_STRING) *sig; }; typedef struct SignatureModel CompositeSignature; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 448b2d00..482cd67f 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -87,8 +87,7 @@ static int get_aid(unsigned char **oidbuf, const char *tls_name) DECLARE_ASN1_FUNCTIONS(CompositeSignature) ASN1_NDEF_SEQUENCE(CompositeSignature) = { - ASN1_SIMPLE(CompositeSignature, sig1, ASN1_BIT_STRING), - ASN1_SIMPLE(CompositeSignature, sig2, ASN1_BIT_STRING) + ASN1_SET_OF(CompositeSignature, sig, ASN1_BIT_STRING), } ASN1_NDEF_SEQUENCE_END(CompositeSignature) IMPLEMENT_ASN1_FUNCTIONS(CompositeSignature) @@ -241,6 +240,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t actual_classical_sig_len = 0; size_t index = 0; int rv = 0; + ASN1_BIT_STRING *comp_sig; if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) { @@ -358,6 +358,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, CompositeSignature *compsig = CompositeSignature_new(); int i; char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); + if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) + goto endsign; for (i = 0; i < oqsxkey->numkeys; i++){ get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); @@ -435,17 +437,27 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } - if (i == 0){ //temporary condition + comp_sig = ASN1_BIT_STRING_new(); + comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); + comp_sig->length = oqs_sig_len; + if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) + goto endsign; + + + /* if (i == 0){ //temporary condition compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig1->length = oqs_sig_len; }else{ compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig2->length = oqs_sig_len; - } + } +*/ } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); OPENSSL_free(name); + OPENSSL_free(compsig->sig); + OPENSSL_free(comp_sig); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { @@ -481,6 +493,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; int rv = 0; + ASN1_BIT_STRING *comp_sig; OQS_SIG_PRINTF3( "OQS SIG provider: verify called with siglen %ld bytes and tbslen %ld\n", @@ -566,17 +579,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t buf_len; if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) goto endverify; - + if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) + goto endverify; for(i = 0; i < oqsxkey->numkeys; i++){ get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); - - if (i == 0){ //temporary condition - buf = compsig->sig1->data; - buf_len = compsig->sig1->length; - }else{ - buf = compsig->sig2->data; - buf_len = compsig->sig2->length; - } if (get_oqsname_fromtls(name)){ if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) @@ -635,12 +641,27 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; - } - + } } + comp_sig = ASN1_BIT_STRING_new(); + comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); + comp_sig->length = oqs_sig_len; + if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) + goto endverify; + + /* if (i == 0){ //temporary condition + compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig1->length = oqs_sig_len; + }else{ + compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig2->length = oqs_sig_len; + } +*/ } OPENSSL_free(name); + OPENSSL_free(compsig->sig); + OPENSSL_free(comp_sig); }else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) From 2de1505146219519761487d16558416631522193 Mon Sep 17 00:00:00 2001 From: Felipe Date: Fri, 11 Aug 2023 16:02:02 -0400 Subject: [PATCH 034/164] Revert "remove notes.txt" This reverts commit 3d5bccc3f0f0fc2e8f24823582de2263fdd7e991. Signed-off-by: Felipe Ventura --- notes.txt | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 notes.txt diff --git a/notes.txt b/notes.txt new file mode 100644 index 00000000..f38caa07 --- /dev/null +++ b/notes.txt @@ -0,0 +1,33 @@ +###CREATE QUANTUM SAFE KEY PAIR + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl req -x509 -new -newkey p521_dilithium5 -keyout qsc.key -out qsc.crt -nodes -subj "/CN=oqstest" -days 365 -config /home/feventura/Documents/openssl/apps/openssl.cnf -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default + +###SIGN DATA + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -in test.txt -sign -signer qsc.crt -inkey qsc.key -nodetach -outform pem -binary -out signedfile -md sha512 -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider default -provider oqsprovider + +##VERIFY DATA + +LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -verify -CAfile qsc.crt -inform pem -in signedfile -crlfeol -out outputfile -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default + +##CREATE TEST SIGNATURE (from oqsprov/test) + +gcc oqs_test_signatures.c test_common.o -L ../openssl -lcrypto -o output_signatures + +##RUN TEST SIGNARURE (from oqsprov/test) + +./output_signatures oqsprovider /home/feventura/Documents/oqs-provider/test/oqs.cnf + +##IMPLEMENT CHANGES TO oqs_sig.c TO PROVIDER (from oqsprov/test) + +cd .. && cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && cd test/ + +##IMPLEMENT CHANGES THEN COMPILE AND RUN TEST (generic version, from oqsprov) + +cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf + +##IMPLEMENT CHANGES THEN BUILD DEPENDENCY LIBRARY THEN COMPILE AND RUN TEST (generic version, from oqsprov) + +cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc -Wall -c ./test/test_common.c && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf + + From 43c90cc48f60bb500d6e46ee5a73d9db12561c99 Mon Sep 17 00:00:00 2001 From: eve Date: Mon, 21 Aug 2023 15:11:13 -0500 Subject: [PATCH 035/164] working 2keys and cert Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 15 ++++----- oqsprov/oqs_prov.h | 5 +-- oqsprov/oqs_sig.c | 63 ++++++++++++++++-------------------- oqsprov/oqsprov_keys.c | 51 +++++++++++++++-------------- 4 files changed, 65 insertions(+), 69 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5aaec4fd..6d106122 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -551,7 +551,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) #endif }else{ int len, i; - char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); +// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -560,7 +560,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) aType = ASN1_TYPE_new(); aString = ASN1_OCTET_STRING_new(); temp = NULL; - get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); len = oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); @@ -582,10 +582,10 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - + OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - OPENSSL_free(name); + return keybloblen; } @@ -695,7 +695,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } }else{ int i; - name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; +// name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -704,7 +704,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) aType = ASN1_TYPE_new(); aString = ASN1_OCTET_STRING_new(); temp = NULL; - get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); @@ -728,10 +728,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - + OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - OPENSSL_free(name); OPENSSL_free(temp); OPENSSL_free(p8info_internal); OPENSSL_free(aType); diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index e38b8d60..6866e8e9 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -196,13 +196,14 @@ typedef struct oqsx_key_st OQSX_KEY; //composite signature struct SignatureModel{ - STACK_OF(ASN1_BIT_STRING) *sig; + ASN1_BIT_STRING *sig1; + ASN1_BIT_STRING *sig2; }; typedef struct SignatureModel CompositeSignature; char* get_oqsname(int nid); -int get_cmpname(int nid, int index, char *out); +char* get_cmpname(int nid, int index); int get_qntcmp(int nid); int get_keytype(int nid); char* get_oqsname_fromtls(char* oqsname); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 482cd67f..8dbd17fa 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -87,7 +87,8 @@ static int get_aid(unsigned char **oidbuf, const char *tls_name) DECLARE_ASN1_FUNCTIONS(CompositeSignature) ASN1_NDEF_SEQUENCE(CompositeSignature) = { - ASN1_SET_OF(CompositeSignature, sig, ASN1_BIT_STRING), + ASN1_SIMPLE(CompositeSignature, sig1, ASN1_BIT_STRING), + ASN1_SIMPLE(CompositeSignature, sig2, ASN1_BIT_STRING), } ASN1_NDEF_SEQUENCE_END(CompositeSignature) IMPLEMENT_ASN1_FUNCTIONS(CompositeSignature) @@ -240,7 +241,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t actual_classical_sig_len = 0; size_t index = 0; int rv = 0; - ASN1_BIT_STRING *comp_sig; if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) { @@ -357,11 +357,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; - char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); - if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) - goto endsign; +// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); +// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) +// goto endsign; for (i = 0; i < oqsxkey->numkeys; i++){ - get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); if (get_oqsname_fromtls(name)){ oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; @@ -437,27 +437,27 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } - comp_sig = ASN1_BIT_STRING_new(); +/* comp_sig = ASN1_BIT_STRING_new(); comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); comp_sig->length = oqs_sig_len; if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) goto endsign; - +*/ - /* if (i == 0){ //temporary condition + if (i == 0){ compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig1->length = oqs_sig_len; }else{ compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig2->length = oqs_sig_len; } -*/ - + + OPENSSL_free(name); } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); - OPENSSL_free(name); - OPENSSL_free(compsig->sig); - OPENSSL_free(comp_sig); + +// OPENSSL_free(compsig->sig); + OPENSSL_free(compsig); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { @@ -574,15 +574,22 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if(is_composite){ CompositeSignature* compsig = CompositeSignature_new(); int i; - char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); +// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); ASN1_STRING *buf; size_t buf_len; if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) goto endverify; - if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) - goto endverify; +// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) +// goto endverify; for(i = 0; i < oqsxkey->numkeys; i++){ - get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i, name); + if (i == 0){ + buf = compsig->sig1->data; + buf_len = compsig->sig1->length; + }else{ + buf = compsig->sig2->data; + buf_len = compsig->sig2->length; + } + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); if (get_oqsname_fromtls(name)){ if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) @@ -643,25 +650,11 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - comp_sig = ASN1_BIT_STRING_new(); - comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); - comp_sig->length = oqs_sig_len; - if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) - goto endverify; - - /* if (i == 0){ //temporary condition - compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); - compsig->sig1->length = oqs_sig_len; - }else{ - compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); - compsig->sig2->length = oqs_sig_len; - } -*/ - } OPENSSL_free(name); - OPENSSL_free(compsig->sig); - OPENSSL_free(comp_sig); + } +// OPENSSL_free(compsig->sig); + OPENSSL_free(compsig); }else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index b956936a..a14a0a35 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -158,9 +158,10 @@ static char *get_oqsname(int nid) return 0; } -int get_cmpname(int nid, int index, char* name) +char* get_cmpname(int nid, int index) { int i, j; + char* name; for (i = 0; i < NID_TABLE_LEN; i++) { if (nid_names[i].nid == nid){ @@ -168,9 +169,10 @@ int get_cmpname(int nid, int index, char* name) char* token = strtok(s, "_"); for (j = 0; j < index; j ++) token = strtok(NULL, "_"); - OPENSSL_strlcpy(name, token, strlen(token) + 1); + name = OPENSSL_strdup(token); +// OPENSSL_strlcpy(name, token, strlen(token) + 1); OPENSSL_free(s); - return 1; + return name; } } return 0; @@ -603,11 +605,11 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (key->keytype == KEY_TYPE_CMP_SIG){ int i; - char *name = OPENSSL_malloc(strlen(key->tls_name)); +// char *name = OPENSSL_malloc(strlen(key->tls_name)); if (op == KEY_OP_PUBLIC){ for (i = 0; i < key->numkeys; i++){ - get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) @@ -622,6 +624,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) goto err; } } + OPENSSL_free(name); } } @@ -629,7 +632,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (op == KEY_OP_PRIVATE){ for (i = 0; i < key->numkeys; i++){ - get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); @@ -639,10 +642,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) goto err; } } - + OPENSSL_free(name); } } - OPENSSL_free(name); } return key; @@ -1053,11 +1055,11 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, break; case KEY_TYPE_CMP_SIG: int i; - char* name = OPENSSL_malloc(strlen(tls_name)); +// char* name = OPENSSL_malloc(strlen(tls_name)); ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); ret->privkeylen = 0; ret->pubkeylen = 0; - ret->oqsx_provider_ctx = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(ret->numkeys * sizeof(OQSX_PROVIDER_CTX)); ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); @@ -1065,7 +1067,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); for (i = 0; i < ret->numkeys; i++){ - get_cmpname(OBJ_sn2nid(tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(tls_name), i); if (get_oqsname_fromtls(name) != 0) { ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(get_oqsname_fromtls(name)); @@ -1090,8 +1092,11 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } ret->privkeylen += ret->privkeylen_cmp[i]; ret->pubkeylen += ret->pubkeylen_cmp[i]; + OPENSSL_free(name); } ret->keytype = primitive; + + break; default: @@ -1165,16 +1170,14 @@ void oqsx_key_free(OQSX_KEY *key) } if(key->keytype == KEY_TYPE_CMP_SIG){ int i; - char *name = OPENSSL_malloc(strlen(key->tls_name));; +// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ - get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); - else - OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); - + OPENSSL_free(name); } - OPENSSL_free(name); + } else @@ -1429,10 +1432,10 @@ int oqsx_key_gen(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_CMP_SIG) { int i; - char* name = OPENSSL_malloc(strlen(key->tls_name)); +// char* name = OPENSSL_malloc(strlen(key->tls_name)); ret = oqsx_key_set_composites(key); for (i = 0; i < key->numkeys; i++){ - get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) { // if (i == 0) @@ -1448,7 +1451,7 @@ int oqsx_key_gen(OQSX_KEY *key) ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); ON_ERR_GOTO(ret, err); } - + OPENSSL_free(name); } @@ -1497,16 +1500,16 @@ int oqsx_key_maxsize(OQSX_KEY *key) { int aux = sizeof(CompositeSignature); int i; - char *name = OPENSSL_malloc(strlen(key->tls_name));; +// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ - get_cmpname(OBJ_sn2nid(key->tls_name), i, name); + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) aux += key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; else aux += key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; - + OPENSSL_free(name); } - OPENSSL_free(name); + return aux; } default: From 2dcaa80726818f579a3e663eeca4d832f7ebc202 Mon Sep 17 00:00:00 2001 From: eve Date: Fri, 25 Aug 2023 10:33:22 -0500 Subject: [PATCH 036/164] added composite draft keys pairs Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 16 ++++- oqsprov/oqs_encode_key2any.c | 66 ++++++++++++++++++- oqsprov/oqs_kmgmt.c | 77 ++++++++++++++++++++++ oqsprov/oqs_prov.h | 65 +++++++++++++++++- oqsprov/oqs_sig.c | 124 +++++++++++++++++++++-------------- oqsprov/oqsdecoders.inc | 30 ++++++++- oqsprov/oqsencoders.inc | 90 ++++++++++++++++++++++++- oqsprov/oqsprov.c | 34 +++++++++- oqsprov/oqsprov_keys.c | 101 +++++++++++++++++++++------- 9 files changed, 518 insertions(+), 85 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 48800944..21b8234c 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -608,10 +608,22 @@ MAKE_DECODER("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo); - MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); - MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium3_bp256", dilithium3_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium3_ed25519", dilithium3_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium5_bp384", dilithium5_bp384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium5_ed448", dilithium5_ed448, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 6d106122..5cc0c920 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -826,18 +826,36 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" - # define dilithium3_rsa3072_evp_type 0 # define dilithium3_rsa3072_input_type "dilithium3_rsa3072" # define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" - # define dilithium3_p256_evp_type 0 # define dilithium3_p256_input_type "dilithium3_p256" # define dilithium3_p256_pem_type "dilithium3_p256" - # define falcon512_p256_evp_type 0 # define falcon512_p256_input_type "falcon512_p256" # define falcon512_p256_pem_type "falcon512_p256" +# define dilithium5_p384_evp_type 0 +# define dilithium5_p384_input_type "dilithium5_p384" +# define dilithium5_p384_pem_type "dilithium5_p384" +# define dilithium3_bp256_evp_type 0 +# define dilithium3_bp256_input_type "dilithium3_bp256" +# define dilithium3_bp256_pem_type "dilithium3_bp256" +# define dilithium3_ed25519_evp_type 0 +# define dilithium3_ed25519_input_type "dilithium3_ed25519" +# define dilithium3_ed25519_pem_type "dilithium3_ed25519" +# define dilithium5_bp384_evp_type 0 +# define dilithium5_bp384_input_type "dilithium5_bp384" +# define dilithium5_bp384_pem_type "dilithium5_bp384" +# define dilithium5_ed448_evp_type 0 +# define dilithium5_ed448_input_type "dilithium5_ed448" +# define dilithium5_ed448_pem_type "dilithium5_ed448" +# define falcon512_bp256_evp_type 0 +# define falcon512_bp256_input_type "falcon512_bp256" +# define falcon512_bp256_pem_type "falcon512_bp256" +# define falcon512_ed25519_evp_type 0 +# define falcon512_ed25519_input_type "falcon512_ed25519" +# define falcon512_ed25519_pem_type "falcon512_ed25519" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -1578,4 +1596,46 @@ MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_p384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_p384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_bp384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_bp384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_ed448, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium5_ed448, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(falcon512_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 6d57c4aa..4d2e8d4c 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -890,6 +890,76 @@ static void *falcon512_p256_gen_init(void *provctx, int selection) return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128); } +static void *dilithium5_p384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192); +} + +static void *dilithium5_p384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, 192); +} + +static void *dilithium3_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *dilithium3_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 128); +} + +static void *dilithium3_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *dilithium3_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128); +} + +static void *dilithium5_bp384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384); +} + +static void *dilithium5_bp384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384); +} + +static void *dilithium5_ed448_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192); +} + +static void *dilithium5_ed448_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192); +} + +static void *falcon512_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *falcon512_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 128); +} + +static void *falcon512_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *falcon512_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128); +} + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1065,6 +1135,13 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincsshake128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_rsa3072) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_p256) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_p384) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_bp256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 6866e8e9..41a24cc9 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -715,7 +715,6 @@ extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_en extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; - extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; @@ -724,7 +723,6 @@ extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encod extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; - extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; @@ -733,6 +731,62 @@ extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encode extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -765,6 +819,13 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 8dbd17fa..70b1af61 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -377,64 +377,77 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; buf = OPENSSL_malloc(oqs_sig_len); const EVP_MD *classical_md; + EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); int digest_len; + int aux; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } - - if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + if (name[0] == 'e'){ //ed25519 or ed448 + if (EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 || + EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, tbs, tbslen) <= 0){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + }else { + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || + EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } - } - if (name[0] == 'p') - { - if (name[1] == '2') - { // p256 + + if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + } + if (name[0] == 'p' || name[0] == 'b') + { + if(name[0] == 'p') + aux = 1; + else aux = 2; + if (name[aux] == '2') + { // p256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[aux] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[aux] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + } + else + { // rsa3072 classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if (name[1] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[1] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); - } - } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || + (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } - if (oqs_sig_len > oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature) - { - /* sig is bigger than expected */ - ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); - goto endsign; + if (oqs_sig_len > oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature) + { + /* sig is bigger than expected */ + ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + goto endsign; + } } } /* comp_sig = ASN1_BIT_STRING_new(); @@ -600,6 +613,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, }else{ const EVP_MD *classical_md; int digest_len; + int aux; + EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || @@ -616,21 +631,24 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - if (name[0] == 'p') + if (name[0] == 'p' || name[0] == 'b') { - if (name[1] == '2') + if (name[0] == 'p') + aux = 1; + else aux = 2; + if (name[aux] == '2') { // p256 classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if (name[1] == '3') + if (name[aux] == '3') { // p384 classical_md = EVP_sha384(); digest_len = SHA384_DIGEST_LENGTH; SHA384(tbs, tbslen, (unsigned char *)&digest); } - if (name[1] == '5') + if (name[aux] == '5') { // p521 classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; @@ -643,7 +661,13 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || + if(name[0] == 'e'){ //ed25519 or ed448 + if((!EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) || + !EVP_DigestVerify(evp_ctx, buf, buf_len, tbs, tbslen) != 1)){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + } else if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index f3bfcc28..ef2f945b 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -65,6 +65,14 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), dilithium3_p256), DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, dilithium3_p256), + DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, + dilithium3_bp256), + DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, + dilithium3_bp256), + DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, + dilithium3_ed25519), + DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, + dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -74,6 +82,18 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), p521_dilithium5), DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, p521_dilithium5), + DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, + dilithium5_p384), + DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, + dilithium5_p384), + DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, + dilithium5_bp384), + DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, + dilithium5_bp384), + DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, + dilithium5_ed448), + DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, + dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), @@ -91,6 +111,14 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), falcon512_p256), DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256), + DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, + falcon512_bp256), + DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, + falcon512_bp256), + DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, + falcon512_ed25519), + DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, + falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), @@ -152,4 +180,4 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), #endif - ///// OQS_TEMPLATE_FRAGMENT_MAKE_END +///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 7a4b1fce..fa777a51 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -161,6 +161,31 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_p256", dilithium3_p256), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + SubjectPublicKeyInfo), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), @@ -183,6 +208,44 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_dilithium5", p521_dilithium5), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_p384", dilithium5_p384), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + SubjectPublicKeyInfo), #endif #ifdef OQS_ENABLE_SIG_falcon_512 ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), @@ -229,6 +292,31 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("falcon512_p256", falcon512_p256), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_bp256", falcon512_bp256), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + SubjectPublicKeyInfo), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), @@ -426,4 +514,4 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_TEXT("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple), #endif - ///// OQS_TEMPLATE_FRAGMENT_MAKE_END +///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 763d409b..f27b3953 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -47,7 +47,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; * List of all algorithms with given OIDs */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START -#define OQS_OID_CNT 52 +#define OQS_OID_CNT 59 const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", @@ -99,8 +99,22 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "dilithium3_rsa3072", "2.16.840.1.114027.80.5.1.2", "dilithium3_p256", - "2.16.840.1.114027.80.5.1.8", - "falcon512_p256", + "2.16.840.1.114027.80.5.1.3", + "dilithium3_bp256", + "2.16.840.1.114027.80.5.1.4", + "dilithium3_ed25519", + "2.16.840.1.114027.80.5.1.5", + "dilithium5_p384", + "2.16.840.1.114027.80.5.1.6", + "dilithium5_bp384", + "2.16.840.1.114027.80.5.1.7", + "dilithium5_ed448", + "2.16.840.1.114027.80.5.1.8", + "falcon512_p256", + "2.16.840.1.114027.80.5.1.9", + "falcon512_bp256", + "2.16.840.1.114027.80.5.1.10", + "falcon512_ed25519", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -338,16 +352,23 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("p384_dilithium3", 192, oqs_signature_functions), SIGALG("dilithium3_rsa3072", 192, oqs_signature_functions), SIGALG("dilithium3_p256", 192, oqs_signature_functions), + SIGALG("dilithium3_bp256", 192, oqs_signature_functions), + SIGALG("dilithium3_ed25519", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), SIGALG("p521_dilithium5", 256, oqs_signature_functions), + SIGALG("dilithium5_p384", 256, oqs_signature_functions), + SIGALG("dilithium5_bp384", 256, oqs_signature_functions), + SIGALG("dilithium5_ed448", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_signature_functions), SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), SIGALG("falcon512_p256", 128, oqs_signature_functions), + SIGALG("falcon512_bp256", 128, oqs_signature_functions), + SIGALG("falcon512_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), @@ -468,16 +489,23 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("p384_dilithium3", 192, oqs_p384_dilithium3_keymgmt_functions), SIGALG("dilithium3_rsa3072", 192, oqs_dilithium3_rsa3072_keymgmt_functions), SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), + SIGALG("dilithium3_bp256", 192, oqs_dilithium3_bp256_keymgmt_functions), + SIGALG("dilithium3_ed25519", 192, oqs_dilithium3_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), SIGALG("p521_dilithium5", 256, oqs_p521_dilithium5_keymgmt_functions), + SIGALG("dilithium5_p384", 256, oqs_dilithium5_p384_keymgmt_functions), + SIGALG("dilithium5_bp384", 256, oqs_dilithium5_bp384_keymgmt_functions), + SIGALG("dilithium5_ed448", 256, oqs_dilithium5_ed448_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), SIGALG("falcon512_p256", 128, oqs_falcon512_p256_keymgmt_functions), + SIGALG("falcon512_bp256", 128, oqs_falcon512_bp256_keymgmt_functions), + SIGALG("falcon512_ed25519", 128, oqs_falcon512_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index a14a0a35..9cb01752 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -55,7 +55,7 @@ typedef struct static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START -#define NID_TABLE_LEN 26 +#define NID_TABLE_LEN 34 static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, @@ -98,6 +98,20 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 128}, {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, + KEY_TYPE_CMP_SIG, 192}, + {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, + KEY_TYPE_CMP_SIG, 384}, + {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, + KEY_TYPE_CMP_SIG, 192}, + {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, + KEY_TYPE_CMP_SIG, 128}, + {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, + KEY_TYPE_CMP_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -617,7 +631,12 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); } const unsigned char *enc_pubkey = key->comp_pubkey[i]; - key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X25519 && + key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X448) + key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); + else + key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_pubkey, key->pubkeylen_cmp[i]); + if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -635,7 +654,11 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; - key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X25519 && + key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X448) + key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); + else + key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_privkey, key->pubkeylen_cmp[i]); if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -772,9 +795,14 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - p384 {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit + {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit + {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit + {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit + {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit +// {EVP_PKEY_RSA_PSS, NID_pss,} }; // These two array need to stay synced: @@ -798,26 +826,48 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, { int ret = 1; int idx = (bit_security - 128) / 64; - ON_ERR_GOTO(idx < 0 || idx > 2, err); + ON_ERR_GOTO(idx < 0 || idx > 5, err); if (!strncmp(algname, "rsa3072", 7)) - idx += 3; - else if (algname[0] != 'p') { - OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); - ret = 0; - goto err; + idx += 5; + else if (algname[0] != 'p' && algname[0] != 'e') + { + if (algname[0] == 'b'){ //bp + if (algname[2] == '2') //bp256 + idx += 1; + } + else + { + OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); + ret = 0; + goto err; + } } - ON_ERR_GOTO(idx < 0 || idx > 3, err); + ON_ERR_GOTO(idx < 0 || idx > 5, err); - evp_ctx->evp_info = &nids_sig[idx]; + if(algname[0] == 'e') //ED25519 or ED448 + { + evp_ctx->evp_info = &nids_sig[idx + 6]; - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err); + evp_ctx->keyParam = EVP_PKEY_new(); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); - if (idx < 3) { // EC - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, free_evp_ctx); + ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); + + evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); + } else { + evp_ctx->evp_info = &nids_sig[idx]; + + evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + ON_ERR_GOTO(!evp_ctx->ctx, err); + + if (idx < 5) + { // EC + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, err); ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, evp_ctx->evp_info->nid); @@ -1339,17 +1389,23 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } + ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); + if (ctx->evp_info->raw_key_support) { // TODO: If available, use preallocated memory - pubkeylen = EVP_PKEY_get1_encoded_public_key(pkey, &pubkey_encoded); - ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key - || !pubkey_encoded, - ret, -3, errhyb); - memcpy(pubkey + aux, pubkey_encoded, pubkeylen); + if (ctx->evp_info->nid != NID_ED25519 && ctx->evp_info->nid != NID_ED448){ + pubkeylen = EVP_PKEY_get1_encoded_public_key(pkey, &pubkey_encoded); + ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key || !pubkey_encoded, ret, -3, errhyb); + memcpy(pubkey + aux, pubkey_encoded, pubkeylen); + }else{ + pubkeylen = ctx->evp_info->length_public_key; + ret2 = EVP_PKEY_get_raw_public_key(pkey, pubkey + aux, &pubkeylen); + ON_ERR_SET_GOTO(ret2 <= 0 || pubkeylen != ctx->evp_info->length_public_key, ret, -3, errhyb); + } privkeylen = ctx->evp_info->length_private_key; ret2 = EVP_PKEY_get_raw_private_key(pkey, privkey + aux, &privkeylen); @@ -1444,7 +1500,6 @@ int oqsx_key_gen(OQSX_KEY *key) pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[i] = pkey; - ON_ERR_GOTO(ret, err); } else { From c7f82f5423b21adbaab16bc26ab87d01d3d04f25 Mon Sep 17 00:00:00 2001 From: eve Date: Mon, 11 Sep 2023 15:39:55 -0500 Subject: [PATCH 037/164] working PSS key and cert gen Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 2 ++ oqsprov/oqs_encode_key2any.c | 6 ++++++ oqsprov/oqs_kmgmt.c | 11 +++++++++++ oqsprov/oqs_prov.h | 9 +++++++++ oqsprov/oqs_sig.c | 4 ++-- oqsprov/oqsdecoders.inc | 4 ++++ oqsprov/oqsencoders.inc | 14 ++++++++++++++ oqsprov/oqsprov.c | 8 +++++++- oqsprov/oqsprov_keys.c | 34 +++++++++++++++++++++++++--------- 9 files changed, 80 insertions(+), 12 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 21b8234c..13991d6c 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -626,4 +626,6 @@ MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER("dilithium3_pss", dilithium3_pss, oqsx, PrivateKeyInfo); +MAKE_DECODER("dilithium3_pss", dilithium3_pss, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5cc0c920..beb09575 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1638,4 +1638,10 @@ MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_pss, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(dilithium3_pss, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(dilithium3_pss, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(dilithium3_pss, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 4d2e8d4c..79aa3a02 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -960,6 +960,16 @@ static void *falcon512_ed25519_gen_init(void *provctx, int selection) return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128); } +static void *dilithium3_pss_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128); +} + +static void *dilithium3_pss_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, 128); +} + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1142,6 +1152,7 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 41a24cc9..3fe3516c 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -787,6 +787,14 @@ extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_enc extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -826,6 +834,7 @@ extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 70b1af61..1827d12a 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -409,8 +409,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if(name[0] == 'p') aux = 1; else aux = 2; - if (name[aux] == '2') - { // p256 + if (name[aux] == '2' || name[aux] == 's') + { // p256 && pss classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index ef2f945b..2c1a9c12 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -73,6 +73,10 @@ DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), dilithium3_ed25519), DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), + DECODER_w_structure("dilithium3_pss", der, PrivateKeyInfo, + dilithium3_pss), + DECODER_w_structure("dilithium3_pss", der, SubjectPublicKeyInfo, + dilithium3_pss), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index fa777a51..e08fb503 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -186,6 +186,20 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_pss", dilithium3_pss), + #endif #ifdef OQS_ENABLE_SIG_dilithium_5 ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index f27b3953..b8d9132e 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -47,7 +47,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; * List of all algorithms with given OIDs */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START -#define OQS_OID_CNT 59 +#define OQS_OID_CNT 68 const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", @@ -115,6 +115,8 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "falcon512_bp256", "2.16.840.1.114027.80.5.1.10", "falcon512_ed25519", + "2.16.840.1.114027.80.5.1.14", + "dilithium3_pss", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -354,6 +356,8 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium3_p256", 192, oqs_signature_functions), SIGALG("dilithium3_bp256", 192, oqs_signature_functions), SIGALG("dilithium3_ed25519", 192, oqs_signature_functions), + SIGALG("dilithium3_pss", 192, oqs_signature_functions), + #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), @@ -491,6 +495,8 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), SIGALG("dilithium3_bp256", 192, oqs_dilithium3_bp256_keymgmt_functions), SIGALG("dilithium3_ed25519", 192, oqs_dilithium3_ed25519_keymgmt_functions), + SIGALG("dilithium3_pss", 192, oqs_dilithium3_pss_keymgmt_functions), + #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 9cb01752..12be4049 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -55,7 +55,7 @@ typedef struct static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START -#define NID_TABLE_LEN 34 +#define NID_TABLE_LEN 35 static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, @@ -112,6 +112,9 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 128}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + 0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, + KEY_TYPE_CMP_SIG, 128}, + ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -800,9 +803,10 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit + {EVP_PKEY_RSA_PSS, NID_rsassaPss, 0, 398, 1269, 0, 384}, {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit -// {EVP_PKEY_RSA_PSS, NID_pss,} + }; // These two array need to stay synced: @@ -830,7 +834,9 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, if (!strncmp(algname, "rsa3072", 7)) idx += 5; - else if (algname[0] != 'p' && algname[0] != 'e') + else if (!strncmp(algname, "pss", 3)) + idx += 6; + else if (algname[0] != 'p' || algname[0] != 'e') { if (algname[0] == 'b'){ //bp if (algname[2] == '2') //bp256 @@ -844,11 +850,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } } - ON_ERR_GOTO(idx < 0 || idx > 5, err); + ON_ERR_GOTO(idx < 0 || idx > 6, err); if(algname[0] == 'e') //ED25519 or ED448 { - evp_ctx->evp_info = &nids_sig[idx + 6]; + evp_ctx->evp_info = &nids_sig[idx + 7]; evp_ctx->keyParam = EVP_PKEY_new(); ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); @@ -1389,6 +1395,15 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } + if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) + { + ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(kgctx, EVP_sha256()); + ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); + ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_md(kgctx, EVP_sha256()); + ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); + ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(kgctx, 64); + ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); + } ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); @@ -1415,10 +1430,11 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, } else { unsigned char *pubkey_enc = pubkey + aux; const unsigned char *pubkey_enc2 = pubkey + aux; - pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); - ON_ERR_SET_GOTO( - !pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, - ret, -11, errhyb); + if(ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) + pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); + else + pubkeylen = i2d_PUBKEY(pkey, &pubkey_enc); + ON_ERR_SET_GOTO(!pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, ret, -11, errhyb); unsigned char *privkey_enc = privkey + aux; const unsigned char *privkey_enc2 = privkey + aux; privkeylen = i2d_PrivateKey(pkey, &privkey_enc); From 6e3775946404137a7fd674c0a80ac8e44fadfa58 Mon Sep 17 00:00:00 2001 From: eve Date: Tue, 12 Sep 2023 09:14:59 -0500 Subject: [PATCH 038/164] adding padding for pss signing & fix param bug Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 9 +++++++++ oqsprov/oqsprov_keys.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 1827d12a..2b83d210 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -404,6 +404,15 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } + if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) + { + if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || + (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + } if (name[0] == 'p' || name[0] == 'b') { if(name[0] == 'p') diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 12be4049..0b11323b 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -836,7 +836,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, idx += 5; else if (!strncmp(algname, "pss", 3)) idx += 6; - else if (algname[0] != 'p' || algname[0] != 'e') + else if (algname[0] != 'p' && algname[0] != 'e') { if (algname[0] == 'b'){ //bp if (algname[2] == '2') //bp256 From d1d1d26467b2bb7dc28f5139e9af009199d47e4c Mon Sep 17 00:00:00 2001 From: eve Date: Wed, 13 Sep 2023 14:54:56 -0500 Subject: [PATCH 039/164] removed internal OIDS Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 15 ++++++++---- oqsprov/oqs_kmgmt.c | 8 +++--- oqsprov/oqsprov_keys.c | 47 +++++++++++++++++++++++++++++------- 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index beb09575..ea28d2ea 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -601,7 +601,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; - ASN1_STRING *aString = NULL; + ASN1_STRING *aString = NULL, *tempOct = NULL; unsigned char *temp = NULL; char* name; PKCS8_PRIV_KEY_INFO *p8info_internal = NULL; @@ -703,15 +703,16 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) p8info_internal = PKCS8_PRIV_KEY_INFO_new(); aType = ASN1_TYPE_new(); aString = ASN1_OCTET_STRING_new(); + tempOct = ASN1_OCTET_STRING_new(); temp = NULL; name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; + buflen = oqsxkey->privkeylen_cmp[i];// + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); - memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); +// memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - if(get_oqsname_fromtls(name) == 0) +/* if(get_oqsname_fromtls(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else nid = OBJ_sn2nid(name); @@ -722,7 +723,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - +*/ + + ASN1_STRING_set0(tempOct, buf, buflen); + keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); @@ -735,6 +739,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(p8info_internal); OPENSSL_free(aType); OPENSSL_free(aString); + OPENSSL_free(tempOct); OPENSSL_free(sk); } OPENSSL_secure_clear_free(buf, buflen); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 79aa3a02..2bffaf72 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -902,12 +902,12 @@ static void *dilithium5_p384_gen_init(void *provctx, int selection) static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256); } static void *dilithium3_ed25519_new_key(void *provctx) @@ -942,12 +942,12 @@ static void *dilithium5_ed448_gen_init(void *provctx, int selection) static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 256); } static void *falcon512_ed25519_new_key(void *provctx) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 0b11323b..faefebb5 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -343,6 +343,14 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22}; const unsigned char p521params[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; + const char ed25519params[] + = {0x06, 0x03, 0x2b, 0x65, 0x70}; + const char ed448params[] + = {0x06, 0x03, 0x2b, 0x65, 0x71}; + const char bp256params[] + = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}; + const char bp384params[] + = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b}; const unsigned char *params; switch (nid) { @@ -355,11 +363,24 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) case NID_secp521r1: params = p521params; return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(p521params)); + case NID_brainpoolP256r1: + params = bp256params; + return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(bp256params)); + case NID_brainpoolP384r1: + params = bp384params; + return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(bp384params)); + case NID_ED25519: + params = ed25519params; + return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(ed25519params)); + case NID_ED448: + params = ed448params; + return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(ed448params)); default: return NULL; } } + /* Re-create OQSX_KEY from encoding(s): Same end-state as after ken-gen */ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int plen, oqsx_key_op_t op, OSSL_LIB_CTX *libctx, @@ -629,15 +650,19 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA) + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA && + key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) { npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); } const unsigned char *enc_pubkey = key->comp_pubkey[i]; - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X25519 && - key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X448) - key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); - else + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0){ + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) + key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); + else + key->cmp_classical_pkey[i] = d2i_PUBKEY(&npk, &enc_pubkey, key->pubkeylen_cmp[i]); + + }else key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_pubkey, key->pubkeylen_cmp[i]); if (!key->cmp_classical_pkey[i]) @@ -657,8 +682,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X25519 && - key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_X448) + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0) key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); else key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_privkey, key->pubkeylen_cmp[i]); @@ -803,7 +827,7 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit - {EVP_PKEY_RSA_PSS, NID_rsassaPss, 0, 398, 1269, 0, 384}, + {EVP_PKEY_RSA_PSS, NID_rsassaPss, 0, 474, 1847, 0, 384}, {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit @@ -1032,6 +1056,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( @@ -1048,6 +1073,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, break; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( @@ -1078,6 +1104,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->keytype = primitive; break; case KEY_TYPE_HYB_SIG: + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { fprintf( @@ -1396,7 +1423,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) - { + { + ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); + ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(kgctx, EVP_sha256()); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_md(kgctx, EVP_sha256()); From a5be140f53d96736b228b5decfb7e055a03e9456 Mon Sep 17 00:00:00 2001 From: eve Date: Fri, 15 Sep 2023 15:34:59 -0500 Subject: [PATCH 040/164] pss format fix, removed publickey copy from the end of privatekey Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 30 ++++++++++++++++-------------- oqsprov/oqsprov_keys.c | 31 +++++++++++-------------------- 2 files changed, 27 insertions(+), 34 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 2b83d210..1150a259 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -396,23 +396,24 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } - if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + if (!strncmp(name, "pss", 3)) { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) + if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || + (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) || + (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } - } - if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) + } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { - if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || - (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0)) + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } } + if (name[0] == 'p' || name[0] == 'b') { if(name[0] == 'p') @@ -438,18 +439,19 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); + {// rsa3072 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - goto endsign; - } + { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } if (oqs_sig_len > oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index faefebb5..00cad24b 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -650,18 +650,13 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA && - key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) + if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA ) { npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); } const unsigned char *enc_pubkey = key->comp_pubkey[i]; if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0){ - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) - key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); - else - key->cmp_classical_pkey[i] = d2i_PUBKEY(&npk, &enc_pubkey, key->pubkeylen_cmp[i]); - + key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); }else key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_pubkey, key->pubkeylen_cmp[i]); @@ -827,7 +822,7 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit - {EVP_PKEY_RSA_PSS, NID_rsassaPss, 0, 474, 1847, 0, 384}, +// {EVP_PKEY_RSA_PSS, NID_rsaEncryption, 0, 398, 1770, 0, 384}, {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit @@ -856,10 +851,8 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 5, err); - if (!strncmp(algname, "rsa3072", 7)) + if (!strncmp(algname, "rsa3072", 7) || !strncmp(algname, "pss", 3)) idx += 5; - else if (!strncmp(algname, "pss", 3)) - idx += 6; else if (algname[0] != 'p' && algname[0] != 'e') { if (algname[0] == 'b'){ //bp @@ -874,11 +867,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } } - ON_ERR_GOTO(idx < 0 || idx > 6, err); + ON_ERR_GOTO(idx < 0 || idx > 5, err); if(algname[0] == 'e') //ED25519 or ED448 { - evp_ctx->evp_info = &nids_sig[idx + 7]; + evp_ctx->evp_info = &nids_sig[idx + 6]; evp_ctx->keyParam = EVP_PKEY_new(); ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); @@ -1418,11 +1411,12 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen_init(kgctx); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - if (ctx->evp_info->keytype == EVP_PKEY_RSA) { + if (ctx->evp_info->nid == NID_rsaEncryption) + { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } - if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) +/* if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); @@ -1433,7 +1427,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(kgctx, 64); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } - +*/ ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); @@ -1459,10 +1453,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, } else { unsigned char *pubkey_enc = pubkey + aux; const unsigned char *pubkey_enc2 = pubkey + aux; - if(ctx->evp_info->keytype != EVP_PKEY_RSA_PSS) - pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); - else - pubkeylen = i2d_PUBKEY(pkey, &pubkey_enc); + pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); ON_ERR_SET_GOTO(!pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, ret, -11, errhyb); unsigned char *privkey_enc = privkey + aux; const unsigned char *privkey_enc2 = privkey + aux; From 3dded681f89ec4a462ed7c7b4bb9c3d39b4ddc34 Mon Sep 17 00:00:00 2001 From: eve Date: Thu, 21 Sep 2023 15:51:06 -0500 Subject: [PATCH 041/164] fixed unused bits check for encoding sigs Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 3 +-- oqsprov/oqs_sig.c | 2 ++ oqsprov/oqsprov_keys.c | 4 +++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index ea28d2ea..1ebd0af9 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -724,7 +724,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } */ - ASN1_STRING_set0(tempOct, buf, buflen); keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); @@ -732,7 +731,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - OPENSSL_free(name); + OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 1150a259..6cef6b33 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -471,9 +471,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (i == 0){ compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig1->length = oqs_sig_len; + compsig->sig1->flags = 8; //set as 8 to not check for unused bits }else{ compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); compsig->sig2->length = oqs_sig_len; + compsig->sig2->flags = 8; //set as 8 to not check for unused bits } OPENSSL_free(name); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 00cad24b..2f415960 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -654,6 +654,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) { npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); } + const unsigned char *enc_pubkey = key->comp_pubkey[i]; if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0){ key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); @@ -1411,11 +1412,12 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen_init(kgctx); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - if (ctx->evp_info->nid == NID_rsaEncryption) + if (ctx->evp_info->keytype == EVP_PKEY_RSA) { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } + /* if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); From 3b7bca09575c4aa615b40efd73f5d6de75624df5 Mon Sep 17 00:00:00 2001 From: eve Date: Mon, 25 Sep 2023 09:46:19 -0500 Subject: [PATCH 042/164] RSA encoding fixed Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 1ebd0af9..3a8c297a 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -706,10 +706,19 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) tempOct = ASN1_OCTET_STRING_new(); temp = NULL; name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - - buflen = oqsxkey->privkeylen_cmp[i];// + oqsxkey->pubkeylen_cmp[i]; + + if(get_oqsname_fromtls(name) == 0 && + oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(buflen, enc_len); + buflen += 4; + OPENSSL_free(enc_len); + //RSA needs it, maybe others classical also needs? + }else + buflen = oqsxkey->privkeylen_cmp[i];// + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); + memcpy(buf, oqsxkey->comp_privkey[i], buflen); // memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); /* if(get_oqsname_fromtls(name) == 0) From 0e5535c65f0203848c881e123063805c3752fc0a Mon Sep 17 00:00:00 2001 From: eve Date: Tue, 26 Sep 2023 15:22:28 -0500 Subject: [PATCH 043/164] removed internal OID from pubkey & fixed key reconstruction to not look for internal OIDs Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 14 ++++++++------ oqsprov/oqsprov_keys.c | 8 ++++---- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 3a8c297a..b5b4408c 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -507,7 +507,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; - ASN1_STRING *aString = NULL; + ASN1_STRING *aString = NULL, *tempOct = NULL; unsigned char *temp = NULL; X509_PUBKEY *p8info_internal = NULL; int ret = 0; @@ -559,13 +559,14 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) p8info_internal = X509_PUBKEY_new(); aType = ASN1_TYPE_new(); aString = ASN1_OCTET_STRING_new(); + tempOct = ASN1_OCTET_STRING_new(); temp = NULL; - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); +// char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); len = oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - if(get_oqsname_fromtls(name) == 0) +/* if(get_oqsname_fromtls(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else nid = OBJ_sn2nid(name); @@ -576,13 +577,15 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - +*/ + ASN1_STRING_set0(tempOct, buf, len); + keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); if (!sk_ASN1_TYPE_push(sk, aType)) return -1; - OPENSSL_free(name); +// OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); @@ -714,7 +717,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) DECODE_UINT32(buflen, enc_len); buflen += 4; OPENSSL_free(enc_len); - //RSA needs it, maybe others classical also needs? }else buflen = oqsxkey->privkeylen_cmp[i];// + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 2f415960..91ed02b9 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -733,11 +733,11 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, aType = sk_ASN1_TYPE_pop(sk); buf = aType->value.sequence->data; buflen = aType->value.sequence->length; - +/* p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); if (!X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf)) return NULL; - +*/ aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); } @@ -796,10 +796,10 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, buf = aType->value.sequence->data; buflen = aType->value.sequence->length; - p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); +/* p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf)) return NULL; - +*/ aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); } From 97844d8020d49c10d90bd47d4e8d51408dc61948 Mon Sep 17 00:00:00 2001 From: eve Date: Tue, 26 Sep 2023 15:33:46 -0500 Subject: [PATCH 044/164] free memory Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index b5b4408c..26a7f4bb 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -588,6 +588,11 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) // OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); + OPENSSL_free(temp); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(tempOct); + OPENSSL_free(sk); return keybloblen; } @@ -746,7 +751,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); - OPENSSL_free(p8info_internal); +// OPENSSL_free(p8info_internal); OPENSSL_free(aType); OPENSSL_free(aString); OPENSSL_free(tempOct); From d772d970d71055eec6befedd77469f1d393463d8 Mon Sep 17 00:00:00 2001 From: eve Date: Thu, 28 Sep 2023 12:12:25 -0500 Subject: [PATCH 045/164] CMS sign and verification Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 21 +- oqsprov/oqs_sig.c | 107 +++++---- oqsprov/oqsprov_keys.c | 421 +++++++++++++++++++++-------------- 3 files changed, 331 insertions(+), 218 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 26a7f4bb..9dc62d57 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -715,18 +715,21 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) temp = NULL; name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - if(get_oqsname_fromtls(name) == 0 && - oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); - OPENSSL_cleanse(enc_len, 2); - DECODE_UINT32(buflen, enc_len); - buflen += 4; - OPENSSL_free(enc_len); + if(get_oqsname_fromtls(name) == 0){ + if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(buflen, enc_len); + buflen += 4; + OPENSSL_free(enc_len); + }else + buflen = oqsxkey->privkeylen_cmp[i]; }else - buflen = oqsxkey->privkeylen_cmp[i];// + oqsxkey->pubkeylen_cmp[i]; + buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); memcpy(buf, oqsxkey->comp_privkey[i], buflen); -// memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); + if(get_oqsname_fromtls(name) != 0) + memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); /* if(get_oqsname_fromtls(name) == 0) nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 6cef6b33..7ba93281 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -601,7 +601,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, CompositeSignature* compsig = CompositeSignature_new(); int i; // char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); - ASN1_STRING *buf; + unsigned char *buf; size_t buf_len; if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) goto endverify; @@ -630,62 +630,73 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || - EVP_PKEY_verify_init(ctx_verify) <= 0) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + if(name[0] == 'e'){ //ed25519 or ed448 + if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) || + (EVP_DigestVerify(evp_ctx, buf, buf_len, tbs, tbslen) <= 0)){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + } else { + if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || + EVP_PKEY_verify_init(ctx_verify) <= 0) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - } - if (name[0] == 'p' || name[0] == 'b') - { - if (name[0] == 'p') - aux = 1; - else aux = 2; - if (name[aux] == '2') - { // p256 + if (!strncmp(name, "pss", 3)) + { + if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) || + (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) || + (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) + { + if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + } + if (name[0] == 'p' || name[0] == 'b') + { + if(name[0] == 'p') + aux = 1; + else aux = 2; + if (name[aux] == '2' || name[aux] == 's') + { // p256 && pss + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(tbs, tbslen, (unsigned char *)&digest); + } + if (name[aux] == '3') + { // p384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(tbs, tbslen, (unsigned char *)&digest); + } + if (name[aux] == '5') + { // p521 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + } + } + else + { // rsa3072 classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; SHA256(tbs, tbslen, (unsigned char *)&digest); } - if (name[aux] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); - } - } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if(name[0] == 'e'){ //ed25519 or ed448 - if((!EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) || - !EVP_DigestVerify(evp_ctx, buf, buf_len, tbs, tbslen) != 1)){ + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || + (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) + { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; - } - } else if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || - (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } + } + } } OPENSSL_free(name); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 91ed02b9..d5dfe321 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -380,6 +380,157 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) } } +/* Key codes */ + +static const OQSX_EVP_INFO nids_sig[] = { + {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - p384 + {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit + {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit + {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit + {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit + {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit + {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit + +}; +// These two array need to stay synced: +static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; +static const OQSX_EVP_INFO nids_ecp[] = { + {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 0}, // 192 bit + {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 0} // 256 bit +}; + +// These two array need to stay synced: +static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; +static const OQSX_EVP_INFO nids_ecx[] = { + {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit + {EVP_PKEY_X448, 0, 1, 56, 56, 56, 0}, // 192 bit + {0, 0, 0, 0, 0, 0, 0} // 256 bit +}; + +static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, + char *algname) +{ + int ret = 1; + int idx = (bit_security - 128) / 64; + ON_ERR_GOTO(idx < 0 || idx > 5, err); + + if (!strncmp(algname, "rsa3072", 7) || !strncmp(algname, "pss", 3)) + idx += 5; + else if (algname[0] != 'p' && algname[0] != 'e') + { + if (algname[0] == 'b'){ //bp + if (algname[2] == '2') //bp256 + idx += 1; + } + else + { + OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); + ret = 0; + goto err; + } + } + + ON_ERR_GOTO(idx < 0 || idx > 5, err); + + if(algname[0] == 'e') //ED25519 or ED448 + { + evp_ctx->evp_info = &nids_sig[idx + 6]; + + evp_ctx->keyParam = EVP_PKEY_new(); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); + + ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); + + evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); + } else { + evp_ctx->evp_info = &nids_sig[idx]; + + evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + ON_ERR_GOTO(!evp_ctx->ctx, err); + + if (idx < 5) + { // EC + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, err); + + ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, + evp_ctx->evp_info->nid); + ON_ERR_GOTO(ret <= 0, free_evp_ctx); + + ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); + } + // RSA bit length set only during keygen + goto err; + +free_evp_ctx: + EVP_PKEY_CTX_free(evp_ctx->ctx); + evp_ctx->ctx = NULL; + +err: + return ret; +} + +sstatic const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) +{ + int ret = 1; + int idx = 0; + while (idx < sizeof(OQSX_ECP_NAMES)) { + if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) + break; + idx++; + } + ON_ERR_GOTO(idx < 0 || idx > 2, err); + + evp_ctx->evp_info = &nids_ecp[idx]; + + evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + ON_ERR_GOTO(!evp_ctx->ctx, err); + + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, err); + + ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, + evp_ctx->evp_info->nid); + ON_ERR_GOTO(ret <= 0, err); + + ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err); + +err: + return ret; +} + +static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) +{ + int ret = 1; + int idx = 0; + + while (idx < sizeof(OQSX_ECX_NAMES)) { + if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) + break; + idx++; + } + ON_ERR_GOTO(idx < 0 || idx > 2, err); + + evp_ctx->evp_info = &nids_ecx[idx]; + + evp_ctx->keyParam = EVP_PKEY_new(); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); + + ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); + + evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); + +err: + return ret; +} /* Re-create OQSX_KEY from encoding(s): Same end-state as after ken-gen */ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, @@ -456,6 +607,45 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } #endif } else { + if (key->keytype == KEY_TYPE_CMP_SIG){ + size_t privlen = 0; + size_t publen = 0; + size_t previous_privlen = 0; + size_t previous_publen = 0; + int pqc_pub_enc = 0; + int i; + + //check if key is the right size + for (i = 0; i < key->numkeys; i++){ + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + privlen = key->privkeylen_cmp[i]; + if (get_oqsname_fromtls(name) == 0)//classical key + publen = 0; + else//PQC key + publen = key->pubkeylen_cmp[i]; //pubkey in PQC privkey is OPTIONAL + + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } + if (previous_privlen != plen) + { + //is ok, PQC pubkey might be in privkey + pqc_pub_enc = 1; + if (previous_privlen + previous_publen != plen){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + } + if (oqsx_key_allocate_keymaterial(key, 1)) + { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + previous_privlen = 0; + previous_publen = 0; + + }else{ int classical_privatekey_len = 0; // for plain OQS keys, we expect OQS priv||OQS pub key size_t actualprivkeylen = key->privkeylen; @@ -563,8 +753,45 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_privlen += privlen; previous_publen += publen; } + for (i =0; i < key->numkeys; i++){ + size_t classic_publen = 0; + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + if (get_oqsname_fromtls(name) == 0){//classical key + publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later + if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(privlen, enc_len); + privlen += 4; + OPENSSL_free(enc_len); + }else + privlen = key->privkeylen_cmp[i]; + }else{//PQC key + privlen = key->privkeylen_cmp[i]; + if (pqc_pub_enc) + publen = key->pubkeylen_cmp[i]; + else + publen = 0; + + } + memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } }else{ + if (key->privkeylen + key->pubkeylen != plen) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + if (oqsx_key_allocate_keymaterial(key, 1)) + { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } memcpy(key->privkey, p, key->privkeylen); memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); } @@ -656,11 +883,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } const unsigned char *enc_pubkey = key->comp_pubkey[i]; - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0){ + if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); }else - key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_pubkey, key->pubkeylen_cmp[i]); - + key->cmp_classical_pkey[i] = EVP_PKEY_new_raw_public_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, enc_pubkey, key->pubkeylen_cmp[i]); if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -678,15 +904,30 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support == 0) + if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support) key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); else - key->cmp_classical_pkey[i] = OPENSSL_memdup(enc_privkey, key->pubkeylen_cmp[i]); + key->cmp_classical_pkey[i] = EVP_PKEY_new_raw_private_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, enc_privkey, key->privkeylen_cmp[i]); if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ + unsigned char* comp_pubkey = key->comp_pubkey[i]; + int pubkeylen = i2d_PublicKey(key->cmp_classical_pkey[i], &comp_pubkey); + if (pubkeylen != key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + }else{ + size_t pubkeylen = key->pubkeylen_cmp[i]; + int ret = EVP_PKEY_get_raw_public_key(key->cmp_classical_pkey[i], key->comp_pubkey[i], &pubkeylen); + if (ret <= 0){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + } } OPENSSL_free(name); } @@ -763,7 +1004,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, ASN1_TYPE *aType = NULL; const unsigned char *buf; unsigned char *concat_key; - int count, aux, i, buflen; + int count, aux, i, buflen, rsa_diff = 0; PKCS8_PRIV_KEY_INFO *p8info_buf = PKCS8_PRIV_KEY_INFO_new(); if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) @@ -793,6 +1034,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, aux = 0; for (i = 0; i < count; i++){ aType = sk_ASN1_TYPE_pop(sk); + char *name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i); buf = aType->value.sequence->data; buflen = aType->value.sequence->length; @@ -802,172 +1044,29 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, */ aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); + //if is a RSA key the actual encoding size might be different from max size + //we calculate that difference for to facilitate the key reconstruction + if(!strncmp(name, "rsa3072", 7) || !strncmp(name, "pss", 3)) + rsa_diff = nids_sig[5].length_private_key - buflen; + OPENSSL_free(name); } p = concat_key + plen - aux; plen = aux; } } + if (rsa_diff > 4){//diff is too big, this means an decoding error + ASN1_OCTET_STRING_free(oct); + return NULL; + } + - oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PRIVATE, libctx, propq); + oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, + libctx, propq); ASN1_OCTET_STRING_free(oct); return oqsx; } -/* Key codes */ - -static const OQSX_EVP_INFO nids_sig[] = { - {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - p384 - {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit - {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit - {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit - {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit -// {EVP_PKEY_RSA_PSS, NID_rsaEncryption, 0, 398, 1770, 0, 384}, - {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit - {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit - -}; - -// These two array need to stay synced: -static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; -static const OQSX_EVP_INFO nids_ecp[] = { - {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 0}, // 192 bit - {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 0} // 256 bit -}; - -// These two array need to stay synced: -static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; -static const OQSX_EVP_INFO nids_ecx[] = { - {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit - {EVP_PKEY_X448, 0, 1, 56, 56, 56, 0}, // 192 bit - {0, 0, 0, 0, 0, 0, 0} // 256 bit -}; - -static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, - char *algname) -{ - int ret = 1; - int idx = (bit_security - 128) / 64; - ON_ERR_GOTO(idx < 0 || idx > 5, err); - - if (!strncmp(algname, "rsa3072", 7) || !strncmp(algname, "pss", 3)) - idx += 5; - else if (algname[0] != 'p' && algname[0] != 'e') - { - if (algname[0] == 'b'){ //bp - if (algname[2] == '2') //bp256 - idx += 1; - } - else - { - OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); - ret = 0; - goto err; - } - } - - ON_ERR_GOTO(idx < 0 || idx > 5, err); - - if(algname[0] == 'e') //ED25519 or ED448 - { - evp_ctx->evp_info = &nids_sig[idx + 6]; - - evp_ctx->keyParam = EVP_PKEY_new(); - ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); - - ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); - ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); - - evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); - ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); - } else { - evp_ctx->evp_info = &nids_sig[idx]; - - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err); - - if (idx < 5) - { // EC - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err); - - ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, - evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, free_evp_ctx); - - ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); - } - // RSA bit length set only during keygen - goto err; - -free_evp_ctx: - EVP_PKEY_CTX_free(evp_ctx->ctx); - evp_ctx->ctx = NULL; - -err: - return ret; -} - -static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) -{ - int ret = 1; - int idx = 0; - while (idx < sizeof(OQSX_ECP_NAMES)) { - if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) - break; - idx++; - } - ON_ERR_GOTO(idx < 0 || idx > 2, err); - - evp_ctx->evp_info = &nids_ecp[idx]; - - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err); - - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err); - - ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, - evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, err); - - ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err); - -err: - return ret; -} - -static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) -{ - int ret = 1; - int idx = 0; - - while (idx < sizeof(OQSX_ECX_NAMES)) { - if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) - break; - idx++; - } - ON_ERR_GOTO(idx < 0 || idx > 2, err); - - evp_ctx->evp_info = &nids_ecx[idx]; - - evp_ctx->keyParam = EVP_PKEY_new(); - ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); - - ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); - ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); - - evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); - ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); - -err: - return ret; -} - static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *) = {oqshybkem_init_ecp, oqshybkem_init_ecx}; #ifdef USE_ENCODING_LIB From 71fc8a283086455d1b1867f0c8c140bbe442a8ec Mon Sep 17 00:00:00 2001 From: eve Date: Thu, 28 Sep 2023 13:07:30 -0500 Subject: [PATCH 046/164] Removed unused comments Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 37 +++++------------------------------- oqsprov/oqs_sig.c | 17 ----------------- oqsprov/oqsprov_keys.c | 36 +++-------------------------------- 3 files changed, 8 insertions(+), 82 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 9dc62d57..2f0b9cc2 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -561,23 +561,9 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) aString = ASN1_OCTET_STRING_new(); tempOct = ASN1_OCTET_STRING_new(); temp = NULL; -// char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); len = oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - -/* if(get_oqsname_fromtls(name) == 0) - nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; - else - nid = OBJ_sn2nid(name); - if (!X509_PUBKEY_set0_param(p8info_internal, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL, buf, len)) - keybloblen = 0; // signal error - keybloblen = i2d_X509_PUBKEY(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } -*/ ASN1_STRING_set0(tempOct, buf, len); keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); @@ -585,7 +571,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType)) return -1; -// OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); @@ -703,7 +688,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } }else{ int i; -// name = OPENSSL_malloc(strlen(oqsxkey->tls_name));; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -726,23 +710,14 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen = oqsxkey->privkeylen_cmp[i]; }else buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; + buf = OPENSSL_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[i], buflen); - if(get_oqsname_fromtls(name) != 0) + + if(get_oqsname_fromtls(name) != 0)//include pubkey in privkey for PQC memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - -/* if(get_oqsname_fromtls(name) == 0) - nid = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid; else - nid = OBJ_sn2nid(name); - if (!PKCS8_pkey_set0(p8info_internal, OBJ_nid2obj(nid), 0, V_ASN1_UNDEF, NULL, buf, buflen)) - keybloblen = 0; // signal error - keybloblen = i2d_PKCS8_PRIV_KEY_INFO(p8info_internal, &temp); - if (keybloblen < 0) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - keybloblen = 0; // signal error - } -*/ + memcpy(buf, oqsxkey->comp_privkey[i], buflen); + ASN1_STRING_set0(tempOct, buf, buflen); keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); ASN1_STRING_set0(aString, temp, keybloblen); @@ -754,7 +729,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); OPENSSL_free(temp); -// OPENSSL_free(p8info_internal); OPENSSL_free(aType); OPENSSL_free(aString); OPENSSL_free(tempOct); @@ -1041,7 +1015,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); } OQS_ENC_PRINTF2(" encode result: %d\n", ret); -// OQS_ENC_PRINTF2(" encode result: %d\n", ret); return ret; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 7ba93281..e58e13b9 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -248,9 +248,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, return rv; } - - - if (is_composite) { max_sig_len = oqsx_key_maxsize(oqsxkey); @@ -357,9 +354,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; -// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); -// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) -// goto endsign; for (i = 0; i < oqsxkey->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); @@ -461,12 +455,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } } -/* comp_sig = ASN1_BIT_STRING_new(); - comp_sig->data = OPENSSL_memdup(buf, oqs_sig_len); - comp_sig->length = oqs_sig_len; - if (!sk_ASN1_TYPE_push(compsig->sig, comp_sig)) - goto endsign; -*/ if (i == 0){ compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); @@ -482,7 +470,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); -// OPENSSL_free(compsig->sig); OPENSSL_free(compsig); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) @@ -600,13 +587,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if(is_composite){ CompositeSignature* compsig = CompositeSignature_new(); int i; -// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); unsigned char *buf; size_t buf_len; if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) goto endverify; -// if((compsig->sig = sk_ASN1_TYPE_new_null()) == NULL) -// goto endverify; for(i = 0; i < oqsxkey->numkeys; i++){ if (i == 0){ buf = compsig->sig1->data; @@ -701,7 +685,6 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } -// OPENSSL_free(compsig->sig); OPENSSL_free(compsig); }else { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index d5dfe321..ed73a278 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -187,7 +187,6 @@ char* get_cmpname(int nid, int index) for (j = 0; j < index; j ++) token = strtok(NULL, "_"); name = OPENSSL_strdup(token); -// OPENSSL_strlcpy(name, token, strlen(token) + 1); OPENSSL_free(s); return name; } @@ -973,12 +972,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, for (i = 0; i < count; i++){ aType = sk_ASN1_TYPE_pop(sk); buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; -/* - p8info_buf = d2i_X509_PUBKEY(&p8info_buf, &buf, buflen); - if (!X509_PUBKEY_get0_param(NULL, &buf, &buflen, NULL, p8info_buf)) - return NULL; -*/ + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); } @@ -1036,12 +1030,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, aType = sk_ASN1_TYPE_pop(sk); char *name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i); buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; - -/* p8info_buf = d2i_PKCS8_PRIV_KEY_INFO(&p8info_buf, &buf, buflen); - if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, p8info_buf)) - return NULL; -*/ + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); //if is a RSA key the actual encoding size might be different from max size @@ -1231,7 +1220,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, break; case KEY_TYPE_CMP_SIG: int i; -// char* name = OPENSSL_malloc(strlen(tls_name)); ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); ret->privkeylen = 0; ret->pubkeylen = 0; @@ -1346,7 +1334,6 @@ void oqsx_key_free(OQSX_KEY *key) } if(key->keytype == KEY_TYPE_CMP_SIG){ int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) @@ -1517,18 +1504,6 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } -/* if (ctx->evp_info->keytype == EVP_PKEY_RSA_PSS) - { - ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(kgctx, EVP_sha256()); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_md(kgctx, EVP_sha256()); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - ret2 = EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(kgctx, 64); - ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - } -*/ ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); @@ -1625,16 +1600,12 @@ int oqsx_key_gen(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_CMP_SIG) { int i; -// char* name = OPENSSL_malloc(strlen(key->tls_name)); ret = oqsx_key_set_composites(key); for (i = 0; i < key->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) { -// if (i == 0) -// pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->pubkey, key->privkey, 0); -// else - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[i] = pkey; } @@ -1692,7 +1663,6 @@ int oqsx_key_maxsize(OQSX_KEY *key) { int aux = sizeof(CompositeSignature); int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name));; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) From f111eb4e527493d6095464b90bdd7a89ec4465f6 Mon Sep 17 00:00:00 2001 From: eve Date: Thu, 28 Sep 2023 13:25:12 -0500 Subject: [PATCH 047/164] fixed bug from last commit Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 2f0b9cc2..58b53c4e 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -712,10 +712,11 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; buf = OPENSSL_malloc(buflen); - - if(get_oqsname_fromtls(name) != 0)//include pubkey in privkey for PQC + memcpy(buf, oqsxkey->comp_privkey[i], buflen); + if(get_oqsname_fromtls(name) != 0){//include pubkey in privkey for PQC + memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - else + }else memcpy(buf, oqsxkey->comp_privkey[i], buflen); ASN1_STRING_set0(tempOct, buf, buflen); From 38d77f772b2186677e58552452cad02492712420 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 09:31:17 -0500 Subject: [PATCH 048/164] rebase to the open-quantum-safe master branch Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 3 + oqsprov/oqs_kmgmt.c | 88 +++++++++++++++++------ oqsprov/oqs_prov.h | 9 +-- oqsprov/oqs_sig.c | 2 +- oqsprov/oqsencoders.inc | 10 --- oqsprov/oqsprov_keys.c | 135 +++++++++++++---------------------- 6 files changed, 120 insertions(+), 127 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 58b53c4e..100c9704 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -842,6 +842,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # define dilithium3_ed25519_evp_type 0 # define dilithium3_ed25519_input_type "dilithium3_ed25519" # define dilithium3_ed25519_pem_type "dilithium3_ed25519" +# define dilithium3_pss_evp_type 0 +# define dilithium3_pss_input_type "dilithium3_pss" +# define dilithium3_pss_pem_type "dilithium3_pss" # define dilithium5_bp384_evp_type 0 # define dilithium5_bp384_input_type "dilithium5_bp384" # define dilithium5_bp384_pem_type "dilithium5_bp384" diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 2bffaf72..ae25f55b 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -862,112 +862,156 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 23); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 23); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 24); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 24); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 25); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 25); } static void *dilithium5_p384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 26); } static void *dilithium5_p384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, 192); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 26); } static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 27); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 27); } static void *dilithium3_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 28); } static void *dilithium3_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 28); } static void *dilithium5_bp384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 29); } static void *dilithium5_bp384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 29); } static void *dilithium5_ed448_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 30); } static void *dilithium5_ed448_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 30); } static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 256); + return oqsx_gen_init + (provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); } static void *falcon512_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); } static void *falcon512_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } static void *dilithium3_pss_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128, 33); } static void *dilithium3_pss_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_pss", KEY_TYPE_CMP_SIG, 128); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_pss", KEY_TYPE_CMP_SIG, 128, 33); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 3fe3516c..490581f0 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -155,11 +155,10 @@ struct oqsx_key_st { #endif char *propq; OQSX_KEY_TYPE keytype; - OQSX_PROVIDER_CTX oqsx_provider_ctx; + OQSX_PROVIDER_CTX *oqsx_provider_ctx; #ifdef USE_ENCODING_LIB OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif - OQSX_PROVIDER_CTX oqsx_provider_ctx_cmp; EVP_PKEY** cmp_classical_pkey; EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; @@ -202,12 +201,6 @@ struct SignatureModel{ typedef struct SignatureModel CompositeSignature; -char* get_oqsname(int nid); -char* get_cmpname(int nid, int index); -int get_qntcmp(int nid); -int get_keytype(int nid); -char* get_oqsname_fromtls(char* oqsname); - /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index e58e13b9..811c485f 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -696,7 +696,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, siglen - classical_sig_len, oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) { + != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index e08fb503..d6f695e9 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -147,7 +147,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, @@ -160,7 +159,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_p256", dilithium3_p256), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, @@ -173,7 +171,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, @@ -198,7 +195,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_pss", dilithium3_pss), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -234,7 +230,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_p384", dilithium5_p384), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, @@ -247,7 +242,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, @@ -279,7 +273,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_falcon512", p256_falcon512), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, @@ -292,7 +285,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, @@ -305,7 +297,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_p256", falcon512_p256), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, @@ -318,7 +309,6 @@ ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_bp256", falcon512_bp256), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index ed73a278..39a51333 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -112,7 +112,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 128}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - 0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, + {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END @@ -462,6 +462,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); + } } // RSA bit length set only during keygen goto err; @@ -474,7 +475,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, return ret; } -sstatic const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) +static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { int ret = 1; int idx = 0; @@ -606,6 +607,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } #endif } else { + int classical_privatekey_len = 0; + // for plain OQS keys, we expect OQS priv||OQS pub key + size_t actualprivkeylen = key->privkeylen; + // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub + // key classic pub key must/can be re-created from classic private key if (key->keytype == KEY_TYPE_CMP_SIG){ size_t privlen = 0; size_t publen = 0; @@ -626,7 +632,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); - } + } if (previous_privlen != plen) { //is ok, PQC pubkey might be in privkey @@ -643,13 +649,34 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } previous_privlen = 0; previous_publen = 0; - - }else{ - int classical_privatekey_len = 0; - // for plain OQS keys, we expect OQS priv||OQS pub key - size_t actualprivkeylen = key->privkeylen; - // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub - // key classic pub key must/can be re-created from classic private key + for (i = 0; i < key->numkeys; i++){ + size_t classic_publen = 0; + char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + if (get_oqsname_fromtls(name) == 0){//classical key + publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later + if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(privlen, enc_len); + privlen += 4; + OPENSSL_free(enc_len); + }else + privlen = key->privkeylen_cmp[i]; + }else{//PQC key + privlen = key->privkeylen_cmp[i]; + if (pqc_pub_enc) + publen = key->pubkeylen_cmp[i]; + else + publen = 0; + + } + memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } + }else{ if (key->numkeys == 2) { DECODE_UINT32(classical_privatekey_len, p); // actual classic key len @@ -739,62 +766,8 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, memcpy(key->pubkey, p + key->privkeylen, plen - key->privkeylen); #endif - if (key->keytype == KEY_TYPE_CMP_SIG){ - size_t privlen, publen; - size_t previous_privlen = 0; - size_t previous_publen = 0; - int i; - for (i =0; i < key->numkeys; i++){ - privlen = key->privkeylen_cmp[i]; - publen = key->pubkeylen_cmp[i]; - memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); - previous_privlen += privlen; - previous_publen += publen; - } - for (i =0; i < key->numkeys; i++){ - size_t classic_publen = 0; - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - if (get_oqsname_fromtls(name) == 0){//classical key - publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later - if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); - OPENSSL_cleanse(enc_len, 2); - DECODE_UINT32(privlen, enc_len); - privlen += 4; - OPENSSL_free(enc_len); - }else - privlen = key->privkeylen_cmp[i]; - }else{//PQC key - privlen = key->privkeylen_cmp[i]; - if (pqc_pub_enc) - publen = key->pubkeylen_cmp[i]; - else - publen = 0; - - } - memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); - previous_privlen += privlen; - previous_publen += publen; - OPENSSL_free(name); } - - }else{ - if (key->privkeylen + key->pubkeylen != plen) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; } - if (oqsx_key_allocate_keymaterial(key, 1)) - { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(key->privkey, p, key->privkeylen); - memcpy(key->pubkey, p + key->privkeylen, key->pubkeylen); - } - } #ifdef USE_ENCODING_LIB } #endif @@ -869,7 +842,6 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (key->keytype == KEY_TYPE_CMP_SIG){ int i; -// char *name = OPENSSL_malloc(strlen(key->tls_name)); if (op == KEY_OP_PUBLIC){ for (i = 0; i < key->numkeys; i++){ @@ -889,7 +861,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } } OPENSSL_free(name); @@ -910,21 +882,21 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ unsigned char* comp_pubkey = key->comp_pubkey[i]; int pubkeylen = i2d_PublicKey(key->cmp_classical_pkey[i], &comp_pubkey); if (pubkeylen != key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } }else{ size_t pubkeylen = key->pubkeylen_cmp[i]; int ret = EVP_PKEY_get_raw_public_key(key->cmp_classical_pkey[i], key->comp_pubkey[i], &pubkeylen); if (ret <= 0){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto rec_err; } } } @@ -933,11 +905,10 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } } - return key; + return 1; -err: - oqsx_key_free(key); - return NULL; +rec_err: + return 0; } OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, @@ -1325,9 +1296,9 @@ void oqsx_key_free(OQSX_KEY *key) || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); } else - OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); EVP_PKEY_free(key->classical_pkey); - if (key->oqsx_provider_ctx.oqsx_evp_ctx) { + if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); @@ -1458,15 +1429,7 @@ printf("18\n"); key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1]); else { - if (key->keytype == KEY_TYPE_CMP_SIG) - return -(OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys-2], - key->comp_privkey[key->numkeys-2]) - || OQS_SIG_keypair(key->oqsx_provider_ctx_cmp.oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys-1], - key->comp_privkey[key->numkeys-1])); - - return OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, + return OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, key->comp_pubkey[key->numkeys-1], key->comp_privkey[key->numkeys-1]); } @@ -1687,10 +1650,10 @@ int oqsx_key_get_oqs_public_key_len(OQSX_KEY *k) case KEY_TYPE_KEM: return k->pubkeylen; case KEY_TYPE_HYB_SIG: - return k->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; + return k->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - return k->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key; + return k->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key; default: OQS_KEY_PRINTF2("OQSX_KEY: Unknown key type encountered: %d\n", k->keytype); From 207fae88082f6d881a0e2adc9017171fa1959be4 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Tue, 3 Oct 2023 06:36:47 +0200 Subject: [PATCH 049/164] fix for txt output length of plain PQ key material (#268) * fix for txt output length of plain PQ key material * clarify use of hybrids in txt encoder * add txt/DER/PEM test and make key output dependent on tool availability Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 77 +++++++++++++++++++--------------- scripts/oqsprovider-certgen.sh | 10 +++++ 2 files changed, 54 insertions(+), 33 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 100c9704..5c136819 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1241,7 +1241,6 @@ static int print_labeled_buf(BIO *out, const char *label, static int oqsx_to_text(BIO *out, const void *key, int selection) { OQSX_KEY *okey = (OQSX_KEY *)key; - int is_hybrid = 0; if (out == NULL || okey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); @@ -1263,7 +1262,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) case KEY_TYPE_ECP_HYB_KEM: case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_HYB_SIG: - is_hybrid = 1; if (BIO_printf(out, "%s hybrid private key:\n", okey->tls_name) <= 0) return 0; @@ -1287,7 +1285,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) case KEY_TYPE_ECP_HYB_KEM: case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_HYB_SIG: - is_hybrid = 1; if (BIO_printf(out, "%s hybrid public key:\n", okey->tls_name) <= 0) return 0; break; @@ -1298,40 +1295,54 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) } if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { - int classic_key_len = 0; - - if (okey->numkeys > 1) { - char classic_label[200]; - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); - DECODE_UINT32(classic_key_len, okey->privkey); - if (!print_labeled_buf(out, classic_label, okey->comp_privkey[0], - classic_key_len)) - return 0; + if (okey->privkey) { + if (okey->numkeys > 1) { // hybrid key + char classic_label[200]; + int classic_key_len = 0; + sprintf(classic_label, + "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); + DECODE_UINT32(classic_key_len, okey->privkey); + if (!print_labeled_buf(out, classic_label, + okey->comp_privkey[0], classic_key_len)) + return 0; + /* finally print pure PQ key */ + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen - classic_key_len + - SIZE_OF_UINT32)) + return 0; + } else { // plain PQ key + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen)) + return 0; + } } - /* finally print pure PQ key */ - if (!print_labeled_buf( - out, "PQ key material:", okey->comp_privkey[okey->numkeys - 1], - okey->privkeylen - classic_key_len - SIZE_OF_UINT32)) - return 0; } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { - int classic_key_len = 0; - - if (okey->numkeys > 1) { - char classic_label[200]; - DECODE_UINT32(classic_key_len, okey->pubkey); - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); - if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0], - classic_key_len)) - return 0; + if (okey->pubkey) { + if (okey->numkeys > 1) { // hybrid key + char classic_label[200]; + int classic_key_len = 0; + DECODE_UINT32(classic_key_len, okey->pubkey); + sprintf(classic_label, + "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); + if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0], + classic_key_len)) + return 0; + /* finally print pure PQ key */ + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen - classic_key_len + - SIZE_OF_UINT32)) + return 0; + } else { // PQ key only + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen)) + return 0; + } } - /* finally print pure PQ key */ - if (!print_labeled_buf( - out, "PQ key material:", okey->comp_pubkey[okey->numkeys - 1], - okey->pubkeylen - classic_key_len - SIZE_OF_UINT32)) - return 0; } return 1; diff --git a/scripts/oqsprovider-certgen.sh b/scripts/oqsprovider-certgen.sh index e642bedd..6f607bd1 100755 --- a/scripts/oqsprovider-certgen.sh +++ b/scripts/oqsprovider-certgen.sh @@ -1,6 +1,10 @@ #!/bin/bash +set -e +set -x + # Use newly built oqsprovider to generate certs for alg $1 +# Tests use of openssl req genpkey x509 verify pkey commands if [ $# -ne 1 ]; then echo "Usage: $0 . Exiting." @@ -31,6 +35,12 @@ $OPENSSL_APP genpkey -algorithm $1 -out tmp/$1_srv.key && \ $OPENSSL_APP req -new -newkey $1 -keyout tmp/$1_srv.key -out tmp/$1_srv.csr -nodes -subj "/CN=oqstest server" && \ $OPENSSL_APP x509 -req -in tmp/$1_srv.csr -out tmp/$1_srv.crt -CA tmp/$1_CA.crt -CAkey tmp/$1_CA.key -CAcreateserial -days 365 && \ $OPENSSL_APP verify -CAfile tmp/$1_CA.crt tmp/$1_srv.crt +# test PEM/DER/TEXT encoder/decoder logic: +$OPENSSL_APP pkey -text -in tmp/$1_CA.key +$OPENSSL_APP pkey -in tmp/$1_CA.key -outform DER -out tmp/$1_CA.der +if command -v xxd &> /dev/null; then +xxd -i tmp/$1_CA.der +fi #fails: #$OPENSSL_APP verify -CAfile tmp/$1_CA.crt tmp/$1_srv.crt -provider oqsprovider -provider default From 2a34ee445fdd57630d4180e8fcab9bd5190ad493 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 5 Oct 2023 07:44:19 +0200 Subject: [PATCH 050/164] KEM en/decoders (#266) * KEM algorithms' encoding & decoding added: permits generating and persisting KEM algorithm key pairs via the openssl genpkey command Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 20 + ALGORITHMS.md | 47 + CMakeLists.txt | 6 + CONFIGURE.md | 12 + oqs-template/ALGORITHMS.md/oids.fragment | 12 + oqs-template/generate.py | 13 + oqs-template/generate.yml | 5 + .../decoder_make.fragment | 21 +- .../encoder_defines.fragment | 11 + .../encoder_make.fragment | 50 +- .../oqs_prov.h/endecoder_functions.fragment | 28 + .../oqsprov/oqsdecoders.inc/make.fragment | 15 + .../oqsprov/oqsencoders.inc/make.fragment | 26 + .../oqsprov.c/assign_sig_oids.fragment | 25 +- .../oqsprov/oqsprov.c/oid_patching.fragment | 22 +- .../oqsprov/oqsprov_keys.c/oqsnames.fragment | 25 + oqsprov/oqs_decode_der2key.c | 273 ++++-- oqsprov/oqs_encode_key2any.c | 866 +++++++++++++----- oqsprov/oqs_kmgmt.c | 10 +- oqsprov/oqs_prov.h | 702 +++++++++++++- oqsprov/oqsdecoders.inc | 156 +++- oqsprov/oqsencoders.inc | 467 +++++++++- oqsprov/oqsprov.c | 268 +++++- oqsprov/oqsprov_keys.c | 162 ++-- scripts/fullbuild.sh | 5 +- test/oqs_test_endecode.c | 68 +- 26 files changed, 2873 insertions(+), 442 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 7c249698..2324be25 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -8,6 +8,26 @@ on: jobs: + linux_baseline: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + cmake-params: [ "", "-DOQS_KEM_ENCODERS=ON" ] + container: + image: openquantumsafe/ci-ubuntu-jammy:latest + env: + MAKE_PARAMS: "-j 18" + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Full build + run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh + - name: Enable sibling oqsprovider for testing + run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so + - name: Test + run: ./scripts/runtests.sh -V + linux_intel: runs-on: ubuntu-latest strategy: diff --git a/ALGORITHMS.md b/ALGORITHMS.md index ef208b76..a76bcb59 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -159,6 +159,53 @@ adapting the OIDs of all supported signature algorithms as per the table below. | p521_sphincsshake256fsimple | 1.3.9999.6.9.11 |No| OQS_OID_P521_SPHINCSSHAKE256FSIMPLE | sphincsshake256ssimple | 1.3.9999.6.9.12 |No| OQS_OID_SPHINCSSHAKE256SSIMPLE | p521_sphincsshake256ssimple | 1.3.9999.6.9.13 |No| OQS_OID_P521_SPHINCSSHAKE256SSIMPLE + +If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following list is also available: + +|Algorithm name | default OID | environment variable | +|---------------|:-----------------:|----------------------| +| frodo640aes | 1.3.9999.99.50 | OQS_OID_FRODO640AES +| p256_frodo640aes | 1.3.9999.99.49 | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | 1.3.9999.99.38 | OQS_OID_X25519_FRODO640AES +| frodo640shake | 1.3.9999.99.52 | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | 1.3.9999.99.51 | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | 1.3.9999.99.39 | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | 1.3.9999.99.54 | OQS_OID_FRODO976AES +| p384_frodo976aes | 1.3.9999.99.53 | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | 1.3.9999.99.40 | OQS_OID_X448_FRODO976AES +| frodo976shake | 1.3.9999.99.56 | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | 1.3.9999.99.55 | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | 1.3.9999.99.41 | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | 1.3.9999.99.58 | OQS_OID_FRODO1344AES +| p521_frodo1344aes | 1.3.9999.99.57 | OQS_OID_P521_FRODO1344AES +| frodo1344shake | 1.3.9999.99.60 | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | 1.3.9999.99.59 | OQS_OID_P521_FRODO1344SHAKE +| kyber512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_KYBER512 +| p256_kyber512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_KYBER512 +| x25519_kyber512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_KYBER512 +| kyber768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_KYBER768 +| p384_kyber768 | 1.3.9999.99.61 | OQS_OID_P384_KYBER768 +| x448_kyber768 | 1.3.9999.99.42 | OQS_OID_X448_KYBER768 +| x25519_kyber768 | 1.3.9999.99.43 | OQS_OID_X25519_KYBER768 +| p256_kyber768 | 1.3.9999.99.44 | OQS_OID_P256_KYBER768 +| kyber1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_KYBER1024 +| p521_kyber1024 | 1.3.9999.99.62 | OQS_OID_P521_KYBER1024 +| bikel1 | 1.3.9999.99.64 | OQS_OID_BIKEL1 +| p256_bikel1 | 1.3.9999.99.63 | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | 1.3.9999.99.45 | OQS_OID_X25519_BIKEL1 +| bikel3 | 1.3.9999.99.66 | OQS_OID_BIKEL3 +| p384_bikel3 | 1.3.9999.99.65 | OQS_OID_P384_BIKEL3 +| x448_bikel3 | 1.3.9999.99.46 | OQS_OID_X448_BIKEL3 +| bikel5 | 1.3.9999.99.68 | OQS_OID_BIKEL5 +| p521_bikel5 | 1.3.9999.99.67 | OQS_OID_P521_BIKEL5 +| hqc128 | 1.3.9999.99.70 | OQS_OID_HQC128 +| p256_hqc128 | 1.3.9999.99.69 | OQS_OID_P256_HQC128 +| x25519_hqc128 | 1.3.9999.99.47 | OQS_OID_X25519_HQC128 +| hqc192 | 1.3.9999.99.72 | OQS_OID_HQC192 +| p384_hqc192 | 1.3.9999.99.71 | OQS_OID_P384_HQC192 +| x448_hqc192 | 1.3.9999.99.48 | OQS_OID_X448_HQC192 +| hqc256 | 1.3.9999.99.74 | OQS_OID_HQC256 +| p521_hqc256 | 1.3.9999.99.73 | OQS_OID_P521_HQC256 # Key Encodings diff --git a/CMakeLists.txt b/CMakeLists.txt index 002a4e9c..977b7437 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,6 +25,12 @@ else() set(OQS_ADDL_SOCKET_LIBS "") endif() +option(OQS_KEM_ENCODERS "Provide encoders (and decoders) for KEM algorithms " OFF) +if(${OQS_KEM_ENCODERS}) + message(STATUS "Build provides support for encoding KEMs") + add_compile_definitions( OQS_KEM_ENCODERS ) +endif() + option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " OFF) if(${NOPUBKEY_IN_PRIVKEY}) message(STATUS "Build will not store public keys alongside private keys in PKCS#8 structures") diff --git a/CONFIGURE.md b/CONFIGURE.md index c6b6c4a8..b1718b9b 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -50,6 +50,13 @@ By setting this to "ON", it can be specified to omit explicitly serializing the public key in a `privateKey` structure, e.g., for interoperability testing. The default value is `OFF`. +### OQS_KEM_ENCODERS + +By setting this to "ON", `oqsprovider` is configured to provide encoders and decoders for +KEM algorithms both for public and private key file formats. This increases the size of +the provider but enables further use cases. +The default value is `OFF`. + ### OQS_PROVIDER_BUILD_STATIC By setting `-DOQS_PROVIDER_BUILD_STATIC=ON` at compile-time, oqs-provider can be @@ -125,6 +132,11 @@ command used to build `openssl`, e.g., "-j 8" to activate 8-fold parallel builds to reduce the compilation time on a suitable multicore machine. +### OQSPROV_CMAKE_PARAMS + +This environment variable permits passing parameters to the `cmake` +command used to build `oqsprovider`. + ### OQS_SKIP_TESTS By setting this tests environment variable, testing of specific diff --git a/oqs-template/ALGORITHMS.md/oids.fragment b/oqs-template/ALGORITHMS.md/oids.fragment index 57d8acd8..cea8c3c3 100644 --- a/oqs-template/ALGORITHMS.md/oids.fragment +++ b/oqs-template/ALGORITHMS.md/oids.fragment @@ -11,3 +11,15 @@ {%- endfor %} {%- endfor %} +If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following list is also available: + +|Algorithm name | default OID | environment variable | +|---------------|:-----------------:|----------------------| + +{%- for kem in config['kems'] %} +| {{kem['name_group']}} | {{ kem['oid'] }} | OQS_OID_{{ kem['name_group']|upper }} +{%- for hybrid in kem['hybrids'] %} +| {{ hybrid['hybrid_group'] }}_{{kem['name_group']}} | {{hybrid['hybrid_oid']}} | OQS_OID_{{ hybrid['hybrid_group']|upper }}_{{ kem['name_group']|upper }} +{%- endfor -%} +{%- endfor %} + diff --git a/oqs-template/generate.py b/oqs-template/generate.py index f72509e6..e25fe300 100644 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -9,6 +9,8 @@ import subprocess import yaml +kemoidcnt=0 + # For files generated, the copyright message can be adapted # see https://github.com/open-quantum-safe/oqs-provider/issues/2#issuecomment-920904048 # SPDX message to be leading, OpenSSL Copyright notice to be deleted @@ -90,6 +92,11 @@ def nist_to_bits(nistlevel): else: return None +def get_tmp_kem_oid(): + global kemoidcnt + kemoidcnt = kemoidcnt+1 + return "1.3.9999.99."+str(kemoidcnt) + def complete_config(config): for kem in config['kems']: bits_level = nist_to_bits(get_kem_nistlevel(kem)) @@ -111,7 +118,11 @@ def complete_config(config): exit(1) phyb['bit_security']=bits_level phyb['nid']=kem['nid_hybrid'] + if 'hybrid_oid' in kem: phyb['hybrid_oid']=kem['hybrid_oid'] + else: phyb['hybrid_oid'] = get_tmp_kem_oid() kem['hybrids'].insert(0, phyb) + if not 'oid' in kem: + kem['oid'] = get_tmp_kem_oid() for famsig in config['sigs']: for sig in famsig['variants']: @@ -203,6 +214,8 @@ def load_config(include_disabled_sigs=False): extra_hybrid['bit_security'] = 192 if extra_hybrid['hybrid_group'] == "p521": extra_hybrid['bit_security'] = 256 + if not 'hybrid_oid' in extra_hybrid: + extra_hybrid['hybrid_oid'] = get_tmp_kem_oid() kem['hybrids'].append(extra_hybrid) if 'hybrid_group' in extra_hybrid: extra_hybrid_nid = extra_hybrid['nid'] diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 4865eb79..269388a9 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -85,11 +85,14 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber512' nid: '0x023A' + oid: '1.3.6.1.4.1.22554.5.6.1' nid_hybrid: '0x2F3A' + hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' oqs_alg: 'OQS_KEM_alg_kyber_512' extra_nids: current: - hybrid_group: "x25519" + hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' nid: '0x2F39' old: - implementation_version: NIST Round 2 submission @@ -107,6 +110,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber768' nid: '0x023C' + oid: '1.3.6.1.4.1.22554.5.6.2' nid_hybrid: '0x2F3C' extra_nids: current: @@ -129,6 +133,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber1024' nid: '0x023D' + oid: '1.3.6.1.4.1.22554.5.6.3' nid_hybrid: '0x2F3D' extra_nids: old: diff --git a/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment b/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment index b43617a6..be39a93e 100644 --- a/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment +++ b/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment @@ -1,10 +1,23 @@ + +#ifdef OQS_KEM_ENCODERS + +{% for kem in config['kems'] %} +MAKE_DECODER(, "{{ kem['name_group'] }}", {{ kem['name_group'] }}, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "{{ kem['name_group'] }}", {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo); +{% for hybrid in kem['hybrids'] %} +MAKE_DECODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo); +MAKE_DECODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo); +{%- endfor %} +{%- endfor %} +#endif /* OQS_KEM_ENCODERS */ + {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} -MAKE_DECODER("{{ variant['name'] }}", {{ variant['name'] }}, oqsx, PrivateKeyInfo); -MAKE_DECODER("{{ variant['name'] }}", {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "{{ variant['name'] }}", {{ variant['name'] }}, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "{{ variant['name'] }}", {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo); {%- for classical_alg in variant['mix_with'] %} -MAKE_DECODER("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo); -MAKE_DECODER("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo); {%- endfor -%} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment index 92c8546c..e5caab63 100644 --- a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment +++ b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment @@ -1,3 +1,14 @@ +{% for kem in config['kems'] %} +# define {{ kem['name_group'] }}_evp_type 0 +# define {{ kem['name_group'] }}_input_type "{{ kem['name_group'] }}" +# define {{ kem['name_group'] }}_pem_type "{{ kem['name_group'] }}" +{% for hybrid in kem['hybrids'] %} +# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_evp_type 0 +# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_input_type "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}" +# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_pem_type "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}" +{%- endfor %} +{%- endfor %} + {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} # define {{ variant['name'] }}_evp_type 0 diff --git a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment index f21b9d5d..edc87530 100644 --- a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment +++ b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment @@ -1,20 +1,42 @@ + +#ifdef OQS_KEM_ENCODERS + +{% for kem in config['kems'] %} +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, {{ kem['name_group'] }}); +{% for hybrid in kem['hybrids'] %} +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}); +{%- endfor %} +{%- endfor %} +#endif /* OQS_KEM_ENCODERS */ {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} -MAKE_ENCODER({{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER({{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER({{ variant['name'] }}, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER({{ variant['name'] }}, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER({{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER({{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER({{ variant['name'] }}); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, {{ variant['name'] }}); {%- for classical_alg in variant['mix_with'] %} -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}); {%- endfor -%} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment b/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment index 98916dbf..43f1c3b0 100644 --- a/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment +++ b/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment @@ -1,3 +1,31 @@ + +#ifdef OQS_KEM_ENCODERS + +{% for kem in config['kems'] %} +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{ kem['name_group'] }}_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{ kem['name_group'] }}_decoder_functions[]; + {%- for hybrid in kem['hybrids'] -%} +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_decoder_functions[]; + {%- endfor -%} +{%- endfor %} + +#endif /* OQS_KEM_ENCODERS */ + {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_to_PrivateKeyInfo_der_encoder_functions[]; diff --git a/oqs-template/oqsprov/oqsdecoders.inc/make.fragment b/oqs-template/oqsprov/oqsdecoders.inc/make.fragment index 95669631..a2d28c45 100644 --- a/oqs-template/oqsprov/oqsdecoders.inc/make.fragment +++ b/oqs-template/oqsprov/oqsdecoders.inc/make.fragment @@ -1,3 +1,18 @@ + +#ifdef OQS_KEM_ENCODERS +{% for kem in config['kems'] %} +#ifdef OQS_ENABLE_KEM_{{ kem['oqs_alg']|replace("OQS_KEM_alg_","") }} +DECODER_w_structure("{{ kem['name_group'] }}", der, PrivateKeyInfo, {{ kem['name_group'] }}), +DECODER_w_structure("{{ kem['name_group'] }}", der, SubjectPublicKeyInfo, {{ kem['name_group'] }}), +{% for hybrid in kem['hybrids'] -%} +DECODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", der, PrivateKeyInfo, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}), +DECODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", der, SubjectPublicKeyInfo, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}), +{%- endfor %} +#endif +{%- endfor %} + +#endif /* OQS_KEM_ENCODERS */ + {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} #ifdef OQS_ENABLE_SIG_{{ variant['oqs_meth']|replace("OQS_SIG_alg_","") }} diff --git a/oqs-template/oqsprov/oqsencoders.inc/make.fragment b/oqs-template/oqsprov/oqsencoders.inc/make.fragment index 53e1831a..90464d6d 100644 --- a/oqs-template/oqsprov/oqsencoders.inc/make.fragment +++ b/oqs-template/oqsprov/oqsencoders.inc/make.fragment @@ -1,3 +1,29 @@ + +#ifdef OQS_KEM_ENCODERS + +{% for kem in config['kems'] %} +#ifdef OQS_ENABLE_KEM_{{ kem['oqs_alg']|replace("OQS_KEM_alg_","") }} +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, der, PrivateKeyInfo), +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, pem, PrivateKeyInfo), +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, der, SubjectPublicKeyInfo), +ENCODER_w_structure("{{ kem['name_group'] }}", {{ kem['name_group'] }}, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("{{ kem['name_group'] }}", {{ kem['name_group'] }}), +{% for hybrid in kem['hybrids'] -%} +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, der, PrivateKeyInfo), +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, pem, PrivateKeyInfo), +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, der, SubjectPublicKeyInfo), +ENCODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}), +{% endfor -%} +#endif +{%- endfor %} + +#endif /* OQS_KEM_ENCODERS */ + {% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} #ifdef OQS_ENABLE_SIG_{{ variant['oqs_meth']|replace("OQS_SIG_alg_","") }} diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment index 9f063c69..bb0c6e00 100644 --- a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment +++ b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment @@ -1,3 +1,11 @@ +{% set kemcount = namespace(val=0) %} +{% for kem in config['kems'] %} +{%- set kemcount.val = kemcount.val + 1 -%} +{% for hybrid in kem['hybrids'] %} +{%- set kemcount.val = kemcount.val + 1 -%} +{%- endfor -%} +{%- endfor -%} + {% set count = namespace(val=0) %} {%- for sig in config['sigs'] %} {%- for variant in sig['variants'] %} @@ -7,11 +15,26 @@ {%- endfor %} {%- endfor %} {%- endfor %} + +#ifdef OQS_KEM_ENCODERS +#define OQS_OID_CNT {{ count.val*2 + kemcount.val*2 }} +#else #define OQS_OID_CNT {{ count.val*2 }} +#endif const char* oqs_oid_alg_list[OQS_OID_CNT] = { -{%- for sig in config['sigs'] %} +#ifdef OQS_KEM_ENCODERS +{% for kem in config['kems'] %} +"{{ kem['oid'] }}", "{{ kem['name_group'] }}", +{%- for hybrid in kem['hybrids'] %} +"{{hybrid['hybrid_oid']}}", "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", +{%- endfor -%} +{%- endfor %} + +#endif /* OQS_KEM_ENCODERS */ + +{% for sig in config['sigs'] %} {%- for variant in sig['variants'] %} "{{ variant['oid'] }}", "{{ variant['name'] }}", {%- for classical_alg in variant['mix_with'] %} diff --git a/oqs-template/oqsprov/oqsprov.c/oid_patching.fragment b/oqs-template/oqsprov/oqsprov.c/oid_patching.fragment index 824bf15a..35d21571 100644 --- a/oqs-template/oqsprov/oqsprov.c/oid_patching.fragment +++ b/oqs-template/oqsprov/oqsprov.c/oid_patching.fragment @@ -1,11 +1,29 @@ {% set cnt = namespace(val=-2) %} + +#ifdef OQS_KEM_ENCODERS + +{% set kemcount = namespace(val=-2) %} +{% for kem in config['kems'] %} +{% set kemcount.val = kemcount.val + 2 -%} + if (getenv("OQS_OID_{{kem['name_group']|upper}}")) oqs_oid_alg_list[{{ kemcount.val }}] = getenv("OQS_OID_{{kem['name_group']|upper}}"); +{% for hybrid in kem['hybrids'] %} +{% set kemcount.val = kemcount.val + 2 -%} + if (getenv("OQS_OID_{{ hybrid['hybrid_group']|upper }}_{{kem['name_group']|upper}}")) oqs_oid_alg_list[{{ kemcount.val }}] = getenv("OQS_OID_{{ hybrid['hybrid_group']|upper }}_{{kem['name_group']|upper}}"); +{%- endfor -%} +{%- endfor %} + +#define OQS_KEMOID_CNT {{ kemcount.val }}+2 +#else +#define OQS_KEMOID_CNT 0 +#endif /* OQS_KEM_ENCODERS */ + {%- for sig in config['sigs'] %} {%- for variant in sig['variants'] %} {%- set cnt.val = cnt.val + 2 %} - if (getenv("OQS_OID_{{variant['name']|upper}}")) oqs_oid_alg_list[{{ cnt.val }}] = getenv("OQS_OID_{{variant['name']|upper}}"); + if (getenv("OQS_OID_{{variant['name']|upper}}")) oqs_oid_alg_list[{{ cnt.val }}+OQS_KEMOID_CNT] = getenv("OQS_OID_{{variant['name']|upper}}"); {%- for classical_alg in variant['mix_with'] %} {%- set cnt.val = cnt.val + 2 %} - if (getenv("OQS_OID_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}")) oqs_oid_alg_list[{{ cnt.val }}] = getenv("OQS_OID_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}"); + if (getenv("OQS_OID_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}")) oqs_oid_alg_list[{{ cnt.val }}+OQS_KEMOID_CNT] = getenv("OQS_OID_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}"); {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment b/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment index b9d12afd..c452b649 100644 --- a/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment +++ b/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment @@ -1,4 +1,14 @@ + {% set count = namespace(val=0) %} +{% set kemcount = namespace(val=0) %} + +{% for kem in config['kems'] %} +{%- set kemcount.val = kemcount.val + 1 -%} +{% for hybrid in kem['hybrids'] %} +{%- set kemcount.val = kemcount.val + 1 -%} +{%- endfor -%} +{%- endfor -%} + {%- for sig in config['sigs'] %} {%- for variant in sig['variants'] -%} {%- set count.val = count.val + 1 -%} @@ -7,9 +17,24 @@ {%- endfor -%} {%- endfor -%} {%- endfor %} + +#ifdef OQS_KEM_ENCODERS +#define NID_TABLE_LEN {{ count.val + kemcount.val }} +#else #define NID_TABLE_LEN {{ count.val }} +#endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { +#ifdef OQS_KEM_ENCODERS +{% for kem in config['kems'] %} + { 0, "{{ kem['name_group'] }}", {{ kem['oqs_alg'] }}, KEY_TYPE_KEM, {{ kem['bit_security'] }} }, +{%- for hybrid in kem['hybrids'] %} + { 0, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{ kem['oqs_alg'] }}, {% if hybrid['hybrid_group'].startswith('p') -%} KEY_TYPE_ECP_HYB_KEM {% else %} KEY_TYPE_ECX_HYB_KEM {% endif %}, {{ kem['bit_security'] }} }, +{%- endfor -%} +{%- endfor %} + +#endif /* OQS_KEM_ENCODERS */ + {%- for sig in config['sigs'] -%} {%- for variant in sig['variants'] %} { 0, "{{variant['name']}}", {{variant['oqs_meth']}}, KEY_TYPE_SIG, {{variant['security']}} }, diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 13991d6c..6bd71b71 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -491,10 +491,11 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. * It takes the following arguments: * + * oqskemhyb Possible prefix for OQS KEM hybrids; typically empty * keytype_name The implementation key type as a string. * keytype The implementation key type. This must correspond exactly * to our existing keymgmt keytype names... in other words, - * there must exist an ossl_##keytype##_keymgmt_functions. + * there must exist an oqs_##keytype##_keymgmt_functions. * type The type name for the set of functions that implement the * decoder for the key type. This isn't necessarily the same * as keytype. For example, the key types ed25519, ed448, @@ -505,105 +506,229 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) * structure. */ // reverted const to be able to change NID/evp_type after assignment -#define MAKE_DECODER(keytype_name, keytype, type, kind) \ - static struct keytype_desc_st kind##_##keytype##_desc = { \ - keytype_name, oqs_##keytype##_keymgmt_functions, DO_##kind(keytype)}; \ - \ - static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ - \ - static void *kind##_der2##keytype##_newctx(void *provctx) \ - { \ - OQS_DEC_PRINTF("OQS DEC provider: _newctx called.\n"); \ - return der2key_newctx(provctx, &kind##_##keytype##_desc, \ - keytype_name); \ - } \ - static int kind##_der2##keytype##_does_selection(void *provctx, \ - int selection) \ - { \ - OQS_DEC_PRINTF("OQS DEC provider: _does_selection called.\n"); \ - return der2key_check_selection(selection, &kind##_##keytype##_desc); \ - } \ - const OSSL_DISPATCH oqs_##kind##_der_to_##keytype##_decoder_functions[] \ - = {{OSSL_FUNC_DECODER_NEWCTX, \ - (void (*)(void))kind##_der2##keytype##_newctx}, \ - {OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2key_freectx}, \ - {OSSL_FUNC_DECODER_DOES_SELECTION, \ - (void (*)(void))kind##_der2##keytype##_does_selection}, \ - {OSSL_FUNC_DECODER_DECODE, (void (*)(void))oqs_der2key_decode}, \ - {OSSL_FUNC_DECODER_EXPORT_OBJECT, \ - (void (*)(void))der2key_export_object}, \ +#define MAKE_DECODER(oqskemhyb, keytype_name, keytype, type, kind) \ + static struct keytype_desc_st kind##_##keytype##_desc \ + = {keytype_name, oqs##oqskemhyb##_##keytype##_keymgmt_functions, \ + DO_##kind(keytype)}; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + OQS_DEC_PRINTF("OQS DEC provider: _newctx called.\n"); \ + return der2key_newctx(provctx, &kind##_##keytype##_desc, \ + keytype_name); \ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + OQS_DEC_PRINTF("OQS DEC provider: _does_selection called.\n"); \ + return der2key_check_selection(selection, &kind##_##keytype##_desc); \ + } \ + const OSSL_DISPATCH oqs_##kind##_der_to_##keytype##_decoder_functions[] \ + = {{OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx}, \ + {OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2key_freectx}, \ + {OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection}, \ + {OSSL_FUNC_DECODER_DECODE, (void (*)(void))oqs_der2key_decode}, \ + {OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object}, \ {0, NULL}} ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_START -MAKE_DECODER("dilithium2", dilithium2, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium2", dilithium2, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p256_dilithium2", p256_dilithium2, oqsx, PrivateKeyInfo); -MAKE_DECODER("p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); -MAKE_DECODER("rsa3072_dilithium2", rsa3072_dilithium2, oqsx, +#ifdef OQS_KEM_ENCODERS + +MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "kyber512", kyber512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "kyber512", kyber512, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "kyber768", kyber768, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "kyber768", kyber768, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_kyber768", p384_kyber768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_kyber768", p384_kyber768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "kyber1024", kyber1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "kyber1024", kyber1024, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_bikel1", p256_bikel1, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_bikel1", p256_bikel1, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_bikel1", x25519_bikel1, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_bikel1", x25519_bikel1, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "bikel3", bikel3, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "bikel3", bikel3, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_bikel3", p384_bikel3, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_bikel3", p384_bikel3, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_bikel3", x448_bikel3, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_bikel3", x448_bikel3, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "bikel5", bikel5, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "bikel5", bikel5, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_bikel5", p521_bikel5, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_bikel5", p521_bikel5, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "hqc128", hqc128, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "hqc128", hqc128, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_hqc128", p256_hqc128, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_hqc128", p256_hqc128, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_hqc128", x25519_hqc128, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_hqc128", x25519_hqc128, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "hqc192", hqc192, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "hqc192", hqc192, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_hqc192", p384_hqc192, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_hqc192", p384_hqc192, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_hqc192", x448_hqc192, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_hqc192", x448_hqc192, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "hqc256", hqc256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "hqc256", hqc256, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, SubjectPublicKeyInfo); +#endif /* OQS_KEM_ENCODERS */ + +MAKE_DECODER(, "dilithium2", dilithium2, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2", dilithium2, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3", dilithium3, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); -MAKE_DECODER("p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium5", dilithium5, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); -MAKE_DECODER("p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("falcon512", falcon512, oqsx, PrivateKeyInfo); -MAKE_DECODER("falcon512", falcon512, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); -MAKE_DECODER("p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); -MAKE_DECODER("rsa3072_falcon512", rsa3072_falcon512, oqsx, +MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("falcon1024", falcon1024, oqsx, PrivateKeyInfo); -MAKE_DECODER("falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); -MAKE_DECODER("p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("sphincssha2128fsimple", sphincssha2128fsimple, oqsx, +MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("sphincssha2128fsimple", sphincssha2128fsimple, oqsx, +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("sphincssha2128ssimple", sphincssha2128ssimple, oqsx, +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("sphincssha2128ssimple", sphincssha2128ssimple, oqsx, +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("sphincssha2192fsimple", sphincssha2192fsimple, oqsx, +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("sphincssha2192fsimple", sphincssha2192fsimple, oqsx, +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("sphincsshake128fsimple", sphincsshake128fsimple, oqsx, +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("sphincsshake128fsimple", sphincsshake128fsimple, oqsx, +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5c136819..40c71da1 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -754,6 +754,148 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) // OQS provider uses NIDs generated at load time as EVP_type identifiers // so initially this must be 0 and set to a real value by OBJ_sn2nid later ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_START +#define frodo640aes_evp_type 0 +#define frodo640aes_input_type "frodo640aes" +#define frodo640aes_pem_type "frodo640aes" + +#define p256_frodo640aes_evp_type 0 +#define p256_frodo640aes_input_type "p256_frodo640aes" +#define p256_frodo640aes_pem_type "p256_frodo640aes" +#define x25519_frodo640aes_evp_type 0 +#define x25519_frodo640aes_input_type "x25519_frodo640aes" +#define x25519_frodo640aes_pem_type "x25519_frodo640aes" +#define frodo640shake_evp_type 0 +#define frodo640shake_input_type "frodo640shake" +#define frodo640shake_pem_type "frodo640shake" + +#define p256_frodo640shake_evp_type 0 +#define p256_frodo640shake_input_type "p256_frodo640shake" +#define p256_frodo640shake_pem_type "p256_frodo640shake" +#define x25519_frodo640shake_evp_type 0 +#define x25519_frodo640shake_input_type "x25519_frodo640shake" +#define x25519_frodo640shake_pem_type "x25519_frodo640shake" +#define frodo976aes_evp_type 0 +#define frodo976aes_input_type "frodo976aes" +#define frodo976aes_pem_type "frodo976aes" + +#define p384_frodo976aes_evp_type 0 +#define p384_frodo976aes_input_type "p384_frodo976aes" +#define p384_frodo976aes_pem_type "p384_frodo976aes" +#define x448_frodo976aes_evp_type 0 +#define x448_frodo976aes_input_type "x448_frodo976aes" +#define x448_frodo976aes_pem_type "x448_frodo976aes" +#define frodo976shake_evp_type 0 +#define frodo976shake_input_type "frodo976shake" +#define frodo976shake_pem_type "frodo976shake" + +#define p384_frodo976shake_evp_type 0 +#define p384_frodo976shake_input_type "p384_frodo976shake" +#define p384_frodo976shake_pem_type "p384_frodo976shake" +#define x448_frodo976shake_evp_type 0 +#define x448_frodo976shake_input_type "x448_frodo976shake" +#define x448_frodo976shake_pem_type "x448_frodo976shake" +#define frodo1344aes_evp_type 0 +#define frodo1344aes_input_type "frodo1344aes" +#define frodo1344aes_pem_type "frodo1344aes" + +#define p521_frodo1344aes_evp_type 0 +#define p521_frodo1344aes_input_type "p521_frodo1344aes" +#define p521_frodo1344aes_pem_type "p521_frodo1344aes" +#define frodo1344shake_evp_type 0 +#define frodo1344shake_input_type "frodo1344shake" +#define frodo1344shake_pem_type "frodo1344shake" + +#define p521_frodo1344shake_evp_type 0 +#define p521_frodo1344shake_input_type "p521_frodo1344shake" +#define p521_frodo1344shake_pem_type "p521_frodo1344shake" +#define kyber512_evp_type 0 +#define kyber512_input_type "kyber512" +#define kyber512_pem_type "kyber512" + +#define p256_kyber512_evp_type 0 +#define p256_kyber512_input_type "p256_kyber512" +#define p256_kyber512_pem_type "p256_kyber512" +#define x25519_kyber512_evp_type 0 +#define x25519_kyber512_input_type "x25519_kyber512" +#define x25519_kyber512_pem_type "x25519_kyber512" +#define kyber768_evp_type 0 +#define kyber768_input_type "kyber768" +#define kyber768_pem_type "kyber768" + +#define p384_kyber768_evp_type 0 +#define p384_kyber768_input_type "p384_kyber768" +#define p384_kyber768_pem_type "p384_kyber768" +#define x448_kyber768_evp_type 0 +#define x448_kyber768_input_type "x448_kyber768" +#define x448_kyber768_pem_type "x448_kyber768" +#define x25519_kyber768_evp_type 0 +#define x25519_kyber768_input_type "x25519_kyber768" +#define x25519_kyber768_pem_type "x25519_kyber768" +#define p256_kyber768_evp_type 0 +#define p256_kyber768_input_type "p256_kyber768" +#define p256_kyber768_pem_type "p256_kyber768" +#define kyber1024_evp_type 0 +#define kyber1024_input_type "kyber1024" +#define kyber1024_pem_type "kyber1024" + +#define p521_kyber1024_evp_type 0 +#define p521_kyber1024_input_type "p521_kyber1024" +#define p521_kyber1024_pem_type "p521_kyber1024" +#define bikel1_evp_type 0 +#define bikel1_input_type "bikel1" +#define bikel1_pem_type "bikel1" + +#define p256_bikel1_evp_type 0 +#define p256_bikel1_input_type "p256_bikel1" +#define p256_bikel1_pem_type "p256_bikel1" +#define x25519_bikel1_evp_type 0 +#define x25519_bikel1_input_type "x25519_bikel1" +#define x25519_bikel1_pem_type "x25519_bikel1" +#define bikel3_evp_type 0 +#define bikel3_input_type "bikel3" +#define bikel3_pem_type "bikel3" + +#define p384_bikel3_evp_type 0 +#define p384_bikel3_input_type "p384_bikel3" +#define p384_bikel3_pem_type "p384_bikel3" +#define x448_bikel3_evp_type 0 +#define x448_bikel3_input_type "x448_bikel3" +#define x448_bikel3_pem_type "x448_bikel3" +#define bikel5_evp_type 0 +#define bikel5_input_type "bikel5" +#define bikel5_pem_type "bikel5" + +#define p521_bikel5_evp_type 0 +#define p521_bikel5_input_type "p521_bikel5" +#define p521_bikel5_pem_type "p521_bikel5" +#define hqc128_evp_type 0 +#define hqc128_input_type "hqc128" +#define hqc128_pem_type "hqc128" + +#define p256_hqc128_evp_type 0 +#define p256_hqc128_input_type "p256_hqc128" +#define p256_hqc128_pem_type "p256_hqc128" +#define x25519_hqc128_evp_type 0 +#define x25519_hqc128_input_type "x25519_hqc128" +#define x25519_hqc128_pem_type "x25519_hqc128" +#define hqc192_evp_type 0 +#define hqc192_input_type "hqc192" +#define hqc192_pem_type "hqc192" + +#define p384_hqc192_evp_type 0 +#define p384_hqc192_input_type "p384_hqc192" +#define p384_hqc192_pem_type "p384_hqc192" +#define x448_hqc192_evp_type 0 +#define x448_hqc192_input_type "x448_hqc192" +#define x448_hqc192_pem_type "x448_hqc192" +#define hqc256_evp_type 0 +#define hqc256_input_type "hqc256" +#define hqc256_pem_type "hqc256" + +#define p521_hqc256_evp_type 0 +#define p521_hqc256_input_type "p521_hqc256" +#define p521_hqc256_pem_type "p521_hqc256" + #define dilithium2_evp_type 0 #define dilithium2_input_type "dilithium2" #define dilithium2_pem_type "dilithium2" @@ -1131,6 +1273,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. * It takes the following arguments: * + * oqskemhyb OQS KEM hybrid prefix; possibly empty * impl This is the key type name that's being implemented. * type This is the type name for the set of functions that implement * the key type. For example, ed25519, ed448, x25519 and x448 @@ -1144,7 +1287,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * * oqs_##impl##_to_##kind##_##output##_encoder_functions */ -#define MAKE_ENCODER(impl, type, kind, output) \ +#define MAKE_ENCODER(oqskemhyb, impl, type, kind, output) \ static OSSL_FUNC_encoder_import_object_fn \ impl##_to_##kind##_##output##_import_object; \ static OSSL_FUNC_encoder_free_object_fn \ @@ -1157,13 +1300,14 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, struct key2any_ctx_st *ctx = vctx; \ \ OQS_ENC_PRINTF("OQS ENC provider: _import_object called\n"); \ - return oqs_prov_import_key(oqs_##impl##_keymgmt_functions, \ - ctx->provctx, selection, params); \ + return oqs_prov_import_key( \ + oqs##oqskemhyb##_##impl##_keymgmt_functions, ctx->provctx, \ + selection, params); \ } \ static void impl##_to_##kind##_##output##_free_object(void *key) \ { \ OQS_ENC_PRINTF("OQS ENC provider: _free_object called\n"); \ - oqs_prov_free_key(oqs_##impl##_keymgmt_functions, key); \ + oqs_prov_free_key(oqs##oqskemhyb##_##impl##_keymgmt_functions, key); \ } \ static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ int selection) \ @@ -1374,7 +1518,7 @@ key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, return ret; } -#define MAKE_TEXT_ENCODER(impl) \ +#define MAKE_TEXT_ENCODER(oqskemhyb, impl) \ static OSSL_FUNC_encoder_import_object_fn impl##2text_import_object; \ static OSSL_FUNC_encoder_free_object_fn impl##2text_free_object; \ static OSSL_FUNC_encoder_encode_fn impl##2text_encode; \ @@ -1382,12 +1526,13 @@ key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, static void *impl##2text_import_object(void *ctx, int selection, \ const OSSL_PARAM params[]) \ { \ - return oqs_prov_import_key(oqs_##impl##_keymgmt_functions, ctx, \ - selection, params); \ + return oqs_prov_import_key( \ + oqs##oqskemhyb##_##impl##_keymgmt_functions, ctx, selection, \ + params); \ } \ static void impl##2text_free_object(void *key) \ { \ - oqs_prov_free_key(oqs_##impl##_keymgmt_functions, key); \ + oqs_prov_free_key(oqs##oqskemhyb##_##impl##_keymgmt_functions, key); \ } \ static int impl##2text_encode( \ void *vctx, OSSL_CORE_BIO *cout, const void *key, \ @@ -1426,233 +1571,484 @@ key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). */ ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_START -MAKE_ENCODER(dilithium2, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium2, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium2, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium2, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium2, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(dilithium2); -MAKE_ENCODER(p256_dilithium2, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p256_dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p256_dilithium2, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p256_dilithium2, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p256_dilithium2, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p256_dilithium2, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p256_dilithium2); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(rsa3072_dilithium2); -MAKE_ENCODER(dilithium3, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(dilithium3); -MAKE_ENCODER(p384_dilithium3, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p384_dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p384_dilithium3, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p384_dilithium3, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p384_dilithium3, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p384_dilithium3, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p384_dilithium3); -MAKE_ENCODER(dilithium5, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium5, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium5, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(dilithium5); -MAKE_ENCODER(p521_dilithium5, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p521_dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p521_dilithium5, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p521_dilithium5, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p521_dilithium5, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p521_dilithium5, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p521_dilithium5); -MAKE_ENCODER(falcon512, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(falcon512, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(falcon512, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(falcon512, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(falcon512, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(falcon512, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(falcon512); -MAKE_ENCODER(p256_falcon512, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p256_falcon512, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p256_falcon512, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p256_falcon512, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p256_falcon512, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p256_falcon512, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p256_falcon512); -MAKE_ENCODER(rsa3072_falcon512, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_falcon512, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_falcon512, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_falcon512, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(rsa3072_falcon512); -MAKE_ENCODER(falcon1024, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(falcon1024, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(falcon1024, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(falcon1024, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(falcon1024, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(falcon1024); -MAKE_ENCODER(p521_falcon1024, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p521_falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p521_falcon1024, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p521_falcon1024, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p521_falcon1024, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p521_falcon1024, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p521_falcon1024); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(sphincssha2128fsimple); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p256_sphincssha2128fsimple); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(rsa3072_sphincssha2128fsimple); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(sphincssha2128ssimple); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p256_sphincssha2128ssimple); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(rsa3072_sphincssha2128ssimple); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(sphincssha2192fsimple); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p384_sphincssha2192fsimple); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(sphincsshake128fsimple); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(p256_sphincsshake128fsimple); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, +#ifdef OQS_KEM_ENCODERS + +MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo640aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo640aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo640aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo640aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo640aes); + +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_frodo640aes); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_frodo640aes); +MAKE_ENCODER(, frodo640shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo640shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo640shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo640shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo640shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo640shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo640shake); + +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_frodo640shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_frodo640shake); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_frodo640shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_frodo640shake); +MAKE_ENCODER(, frodo976aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo976aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo976aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo976aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo976aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo976aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo976aes); + +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_frodo976aes); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_frodo976aes); +MAKE_ENCODER(, frodo976shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo976shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo976shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo976shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo976shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo976shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo976shake); + +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_frodo976shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_frodo976shake); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_frodo976shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_frodo976shake); +MAKE_ENCODER(, frodo1344aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo1344aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo1344aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo1344aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo1344aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo1344aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo1344aes); + +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344aes, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_frodo1344aes); +MAKE_ENCODER(, frodo1344shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, frodo1344shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, frodo1344shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, frodo1344shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, frodo1344shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, frodo1344shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, frodo1344shake); + +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_frodo1344shake, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_frodo1344shake); +MAKE_ENCODER(, kyber512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, kyber512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, kyber512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, kyber512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, kyber512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, kyber512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, kyber512); + +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_kyber512); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_kyber512); +MAKE_ENCODER(, kyber768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, kyber768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, kyber768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, kyber768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, kyber768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, kyber768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, kyber768); + +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_kyber768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_kyber768); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_kyber768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_kyber768); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_kyber768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_kyber768); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_kyber768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_kyber768); +MAKE_ENCODER(, kyber1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, kyber1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, kyber1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, kyber1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, kyber1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, kyber1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, kyber1024); + +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_kyber1024); +MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, bikel1, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, bikel1, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, bikel1, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, bikel1, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, bikel1); + +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_bikel1, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_bikel1); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_bikel1, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_bikel1); +MAKE_ENCODER(, bikel3, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, bikel3, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, bikel3, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, bikel3, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, bikel3, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, bikel3, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, bikel3); + +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_bikel3, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_bikel3); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_bikel3, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_bikel3); +MAKE_ENCODER(, bikel5, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, bikel5, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, bikel5, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, bikel5, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, bikel5, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, bikel5, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, bikel5); + +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_bikel5, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_bikel5); +MAKE_ENCODER(, hqc128, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, hqc128, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, hqc128, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, hqc128, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, hqc128, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, hqc128, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, hqc128); + +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_hqc128, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_hqc128); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_hqc128, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_hqc128); +MAKE_ENCODER(, hqc192, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, hqc192, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, hqc192, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, hqc192, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, hqc192, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, hqc192, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, hqc192); + +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_hqc192, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_hqc192); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_hqc192, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_hqc192); +MAKE_ENCODER(, hqc256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, hqc256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, hqc256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, hqc256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, hqc256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, hqc256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, hqc256); + +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_hqc256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_hqc256); +#endif /* OQS_KEM_ENCODERS */ + +MAKE_ENCODER(, dilithium2, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2); +MAKE_ENCODER(, p256_dilithium2, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_dilithium2, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_dilithium2, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_dilithium2, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_dilithium2, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_dilithium2); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_dilithium2); +MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3); +MAKE_ENCODER(, p384_dilithium3, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p384_dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p384_dilithium3, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p384_dilithium3, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p384_dilithium3); +MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5); +MAKE_ENCODER(, p521_dilithium5, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p521_dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p521_dilithium5, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p521_dilithium5, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p521_dilithium5); +MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512); +MAKE_ENCODER(, p256_falcon512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_falcon512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_falcon512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_falcon512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_falcon512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_falcon512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_falcon512); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_falcon512); +MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon1024); +MAKE_ENCODER(, p521_falcon1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p521_falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p521_falcon1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p521_falcon1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p521_falcon1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p521_falcon1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p521_falcon1024); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, sphincssha2128fsimple); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_sphincssha2128fsimple); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, + der); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, + pem); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_sphincssha2128fsimple); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, sphincssha2128ssimple); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_sphincssha2128ssimple); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, + der); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, + pem); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_sphincssha2128ssimple); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, sphincssha2192fsimple); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p384_sphincssha2192fsimple); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, sphincsshake128fsimple); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_sphincsshake128fsimple); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(rsa3072_sphincsshake128fsimple); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(falcon512_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_p384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_p384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_bp384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_bp384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_ed448, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium5_ed448, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(falcon512_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(falcon512_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_pss, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(dilithium3_pss, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(dilithium3_pss, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(dilithium3_pss, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_sphincsshake128fsimple); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index ae25f55b..6a08fa7d 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -159,21 +159,22 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) if ((key1->privkey == NULL && key2->privkey != NULL) || (key1->privkey != NULL && key2->privkey == NULL) || ((key1->tls_name != NULL && key2->tls_name != NULL) - && strcmp(key1->tls_name, key2->tls_name))) + && strcmp(key1->tls_name, key2->tls_name))) { ok = 0; - else + } else { ok = ((key1->privkey == NULL && key2->privkey == NULL) || ((key1->privkey != NULL) && CRYPTO_memcmp(key1->privkey, key2->privkey, key1->privkeylen) == 0)); + } } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { if ((key1->pubkey == NULL && key2->pubkey != NULL) || (key1->pubkey != NULL && key2->pubkey == NULL) || ((key1->tls_name != NULL && key2->tls_name != NULL) - && strcmp(key1->tls_name, key2->tls_name))) + && strcmp(key1->tls_name, key2->tls_name))) { // special case now: If domain parameter matching requested, // consider private key match sufficient: ok = ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) @@ -181,13 +182,14 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) && (CRYPTO_memcmp(key1->privkey, key2->privkey, key1->privkeylen) == 0); - else + } else { ok = ok && ((key1->pubkey == NULL && key2->pubkey == NULL) || ((key1->pubkey != NULL) && CRYPTO_memcmp(key1->pubkey, key2->pubkey, key1->pubkeylen) == 0)); + } } if (!ok) OQS_KM_PRINTF("OQSKEYMGMT: match failed!\n"); diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 490581f0..2a06202b 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -8,7 +8,6 @@ */ /* Internal OQS functions for other submodules: not for application use */ - #ifndef OQSX_H #define OQSX_H @@ -251,6 +250,707 @@ extern const OSSL_DISPATCH oqs_hybrid_kem_functions[]; extern const OSSL_DISPATCH oqs_signature_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_START +#ifdef OQS_KEM_ENCODERS + +extern const OSSL_DISPATCH + oqs_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_hqc256_decoder_functions[]; + +#endif /* OQS_KEM_ENCODERS */ + extern const OSSL_DISPATCH oqs_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 2c1a9c12..96775d49 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -34,8 +34,162 @@ } ///// OQS_TEMPLATE_FRAGMENT_MAKE_START +#ifdef OQS_KEM_ENCODERS + +# ifdef OQS_ENABLE_KEM_frodokem_640_aes +DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), + DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), + DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, + p256_frodo640aes), + DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, + p256_frodo640aes), + DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, + x25519_frodo640aes), + DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, + x25519_frodo640aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_640_shake + DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), + DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, + frodo640shake), + DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, + p256_frodo640shake), + DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, + p256_frodo640shake), + DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, + x25519_frodo640shake), + DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, + x25519_frodo640shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_aes + DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), + DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), + DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, + p384_frodo976aes), + DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, + p384_frodo976aes), + DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, + x448_frodo976aes), + DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, + x448_frodo976aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_shake + DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), + DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, + frodo976shake), + DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, + p384_frodo976shake), + DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, + p384_frodo976shake), + DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, + x448_frodo976shake), + DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, + x448_frodo976shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_aes + DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), + DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, + frodo1344aes), + DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, + p521_frodo1344aes), + DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, + p521_frodo1344aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_shake + DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), + DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, + frodo1344shake), + DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, + p521_frodo1344shake), + DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, + p521_frodo1344shake), +# endif +# ifdef OQS_ENABLE_KEM_kyber_512 + DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), + DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), + DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), + DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, + p256_kyber512), + DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, + x25519_kyber512), + DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, + x25519_kyber512), +# endif +# ifdef OQS_ENABLE_KEM_kyber_768 + DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), + DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), + DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), + DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, + p384_kyber768), + DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), + DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, + x448_kyber768), + DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, + x25519_kyber768), + DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, + x25519_kyber768), + DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), + DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, + p256_kyber768), +# endif +# ifdef OQS_ENABLE_KEM_kyber_1024 + DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), + DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), + DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), + DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, + p521_kyber1024), +# endif +# ifdef OQS_ENABLE_KEM_bike_l1 + DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), + DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), + DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), + DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1), + DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), + DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, + x25519_bikel1), +# endif +# ifdef OQS_ENABLE_KEM_bike_l3 + DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), + DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), + DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), + DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3), + DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), + DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), +# endif +# ifdef OQS_ENABLE_KEM_bike_l5 + DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), + DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), + DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), + DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), +# endif +# ifdef OQS_ENABLE_KEM_hqc_128 + DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), + DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), + DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), + DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128), + DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), + DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, + x25519_hqc128), +# endif +# ifdef OQS_ENABLE_KEM_hqc_192 + DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), + DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), + DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), + DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192), + DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), + DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), +# endif +# ifdef OQS_ENABLE_KEM_hqc_256 + DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), + DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), + DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), + DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), +# endif + +#endif /* OQS_KEM_ENCODERS */ + #ifdef OQS_ENABLE_SIG_dilithium_2 -DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), + DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2), DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, p256_dilithium2), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index d6f695e9..b944c047 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -79,8 +79,473 @@ */ ///// OQS_TEMPLATE_FRAGMENT_MAKE_START +#ifdef OQS_KEM_ENCODERS + +# ifdef OQS_ENABLE_KEM_frodokem_640_aes +ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("frodo640aes", frodo640aes), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_640_shake + ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo640shake", frodo640shake), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_aes + ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("frodo976aes", frodo976aes), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_shake + ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo976shake", frodo976shake), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_aes + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo1344aes", frodo1344aes), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_shake + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo1344shake", frodo1344shake), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), +# endif +# ifdef OQS_ENABLE_KEM_kyber_512 + ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber512", kyber512), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_kyber512", p256_kyber512), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_kyber512", x25519_kyber512), +# endif +# ifdef OQS_ENABLE_KEM_kyber_768 + ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber768", kyber768), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_kyber768", p384_kyber768), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_kyber768", x448_kyber768), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_kyber768", x25519_kyber768), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_kyber768", p256_kyber768), +# endif +# ifdef OQS_ENABLE_KEM_kyber_1024 + ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber1024", kyber1024), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_kyber1024", p521_kyber1024), +# endif +# ifdef OQS_ENABLE_KEM_bike_l1 + ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel1", bikel1), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_bikel1", p256_bikel1), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_bikel1", x25519_bikel1), +# endif +# ifdef OQS_ENABLE_KEM_bike_l3 + ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel3", bikel3), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p384_bikel3", p384_bikel3), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("x448_bikel3", x448_bikel3), +# endif +# ifdef OQS_ENABLE_KEM_bike_l5 + ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel5", bikel5), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p521_bikel5", p521_bikel5), +# endif +# ifdef OQS_ENABLE_KEM_hqc_128 + ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc128", hqc128), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_hqc128", p256_hqc128), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_hqc128", x25519_hqc128), +# endif +# ifdef OQS_ENABLE_KEM_hqc_192 + ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc192", hqc192), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p384_hqc192", p384_hqc192), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("x448_hqc192", x448_hqc192), +# endif +# ifdef OQS_ENABLE_KEM_hqc_256 + ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc256", hqc256), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p521_hqc256", p521_hqc256), +# endif + +#endif /* OQS_KEM_ENCODERS */ + #ifdef OQS_ENABLE_SIG_dilithium_2 -ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, pem, EncryptedPrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b8d9132e..7a7e5474 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -47,8 +47,103 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; * List of all algorithms with given OIDs */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START -#define OQS_OID_CNT 68 + +#ifdef OQS_KEM_ENCODERS +# define OQS_OID_CNT 130 +#else +# define OQS_OID_CNT 46 +#endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { + +#ifdef OQS_KEM_ENCODERS + + "1.3.9999.99.13", + "frodo640aes", + "1.3.9999.99.12", + "p256_frodo640aes", + "1.3.9999.99.1", + "x25519_frodo640aes", + "1.3.9999.99.15", + "frodo640shake", + "1.3.9999.99.14", + "p256_frodo640shake", + "1.3.9999.99.2", + "x25519_frodo640shake", + "1.3.9999.99.17", + "frodo976aes", + "1.3.9999.99.16", + "p384_frodo976aes", + "1.3.9999.99.3", + "x448_frodo976aes", + "1.3.9999.99.19", + "frodo976shake", + "1.3.9999.99.18", + "p384_frodo976shake", + "1.3.9999.99.4", + "x448_frodo976shake", + "1.3.9999.99.21", + "frodo1344aes", + "1.3.9999.99.20", + "p521_frodo1344aes", + "1.3.9999.99.23", + "frodo1344shake", + "1.3.9999.99.22", + "p521_frodo1344shake", + "1.3.6.1.4.1.22554.5.6.1", + "kyber512", + "1.3.6.1.4.1.22554.5.7.1", + "p256_kyber512", + "1.3.6.1.4.1.22554.5.8.1", + "x25519_kyber512", + "1.3.6.1.4.1.22554.5.6.2", + "kyber768", + "1.3.9999.99.24", + "p384_kyber768", + "1.3.9999.99.5", + "x448_kyber768", + "1.3.9999.99.6", + "x25519_kyber768", + "1.3.9999.99.7", + "p256_kyber768", + "1.3.6.1.4.1.22554.5.6.3", + "kyber1024", + "1.3.9999.99.25", + "p521_kyber1024", + "1.3.9999.99.27", + "bikel1", + "1.3.9999.99.26", + "p256_bikel1", + "1.3.9999.99.8", + "x25519_bikel1", + "1.3.9999.99.29", + "bikel3", + "1.3.9999.99.28", + "p384_bikel3", + "1.3.9999.99.9", + "x448_bikel3", + "1.3.9999.99.31", + "bikel5", + "1.3.9999.99.30", + "p521_bikel5", + "1.3.9999.99.33", + "hqc128", + "1.3.9999.99.32", + "p256_hqc128", + "1.3.9999.99.10", + "x25519_hqc128", + "1.3.9999.99.35", + "hqc192", + "1.3.9999.99.34", + "p384_hqc192", + "1.3.9999.99.11", + "x448_hqc192", + "1.3.9999.99.37", + "hqc256", + "1.3.9999.99.36", + "p521_hqc256", + +#endif /* OQS_KEM_ENCODERS */ + "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", "1.3.9999.2.7.1", @@ -123,52 +218,177 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { int oqs_patch_oids(void) { ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_START + +#ifdef OQS_KEM_ENCODERS + + if (getenv("OQS_OID_FRODO640AES")) + oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); + + if (getenv("OQS_OID_P256_FRODO640AES")) + oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); + if (getenv("OQS_OID_X25519_FRODO640AES")) + oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); + if (getenv("OQS_OID_FRODO640SHAKE")) + oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); + + if (getenv("OQS_OID_P256_FRODO640SHAKE")) + oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); + if (getenv("OQS_OID_X25519_FRODO640SHAKE")) + oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); + if (getenv("OQS_OID_FRODO976AES")) + oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); + + if (getenv("OQS_OID_P384_FRODO976AES")) + oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); + if (getenv("OQS_OID_X448_FRODO976AES")) + oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); + if (getenv("OQS_OID_FRODO976SHAKE")) + oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); + + if (getenv("OQS_OID_P384_FRODO976SHAKE")) + oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); + if (getenv("OQS_OID_X448_FRODO976SHAKE")) + oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); + if (getenv("OQS_OID_FRODO1344AES")) + oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); + + if (getenv("OQS_OID_P521_FRODO1344AES")) + oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); + if (getenv("OQS_OID_FRODO1344SHAKE")) + oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); + + if (getenv("OQS_OID_P521_FRODO1344SHAKE")) + oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); + if (getenv("OQS_OID_KYBER512")) + oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); + + if (getenv("OQS_OID_P256_KYBER512")) + oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); + if (getenv("OQS_OID_X25519_KYBER512")) + oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); + if (getenv("OQS_OID_KYBER768")) + oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); + + if (getenv("OQS_OID_P384_KYBER768")) + oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); + if (getenv("OQS_OID_X448_KYBER768")) + oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); + if (getenv("OQS_OID_X25519_KYBER768")) + oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); + if (getenv("OQS_OID_P256_KYBER768")) + oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); + if (getenv("OQS_OID_KYBER1024")) + oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); + + if (getenv("OQS_OID_P521_KYBER1024")) + oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); + if (getenv("OQS_OID_BIKEL1")) + oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); + + if (getenv("OQS_OID_P256_BIKEL1")) + oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); + if (getenv("OQS_OID_X25519_BIKEL1")) + oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); + if (getenv("OQS_OID_BIKEL3")) + oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); + + if (getenv("OQS_OID_P384_BIKEL3")) + oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); + if (getenv("OQS_OID_X448_BIKEL3")) + oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); + if (getenv("OQS_OID_BIKEL5")) + oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); + + if (getenv("OQS_OID_P521_BIKEL5")) + oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); + if (getenv("OQS_OID_HQC128")) + oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); + + if (getenv("OQS_OID_P256_HQC128")) + oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); + if (getenv("OQS_OID_X25519_HQC128")) + oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); + if (getenv("OQS_OID_HQC192")) + oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); + + if (getenv("OQS_OID_P384_HQC192")) + oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); + if (getenv("OQS_OID_X448_HQC192")) + oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); + if (getenv("OQS_OID_HQC256")) + oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); + + if (getenv("OQS_OID_P521_HQC256")) + oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); + +# define OQS_KEMOID_CNT 82 + 2 +#else +# define OQS_KEMOID_CNT 0 +#endif /* OQS_KEM_ENCODERS */ if (getenv("OQS_OID_DILITHIUM2")) - oqs_oid_alg_list[0] = getenv("OQS_OID_DILITHIUM2"); + oqs_oid_alg_list[0 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); if (getenv("OQS_OID_P256_DILITHIUM2")) - oqs_oid_alg_list[2] = getenv("OQS_OID_P256_DILITHIUM2"); + oqs_oid_alg_list[2 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_DILITHIUM2"); if (getenv("OQS_OID_RSA3072_DILITHIUM2")) - oqs_oid_alg_list[4] = getenv("OQS_OID_RSA3072_DILITHIUM2"); + oqs_oid_alg_list[4 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_DILITHIUM2"); if (getenv("OQS_OID_DILITHIUM3")) - oqs_oid_alg_list[6] = getenv("OQS_OID_DILITHIUM3"); + oqs_oid_alg_list[6 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); if (getenv("OQS_OID_P384_DILITHIUM3")) - oqs_oid_alg_list[8] = getenv("OQS_OID_P384_DILITHIUM3"); + oqs_oid_alg_list[8 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P384_DILITHIUM3"); if (getenv("OQS_OID_DILITHIUM5")) - oqs_oid_alg_list[10] = getenv("OQS_OID_DILITHIUM5"); + oqs_oid_alg_list[10 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); if (getenv("OQS_OID_P521_DILITHIUM5")) - oqs_oid_alg_list[12] = getenv("OQS_OID_P521_DILITHIUM5"); + oqs_oid_alg_list[12 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P521_DILITHIUM5"); if (getenv("OQS_OID_FALCON512")) - oqs_oid_alg_list[14] = getenv("OQS_OID_FALCON512"); + oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); if (getenv("OQS_OID_P256_FALCON512")) - oqs_oid_alg_list[16] = getenv("OQS_OID_P256_FALCON512"); + oqs_oid_alg_list[16 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_FALCON512"); if (getenv("OQS_OID_RSA3072_FALCON512")) - oqs_oid_alg_list[18] = getenv("OQS_OID_RSA3072_FALCON512"); + oqs_oid_alg_list[18 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_FALCON512"); if (getenv("OQS_OID_FALCON1024")) - oqs_oid_alg_list[20] = getenv("OQS_OID_FALCON1024"); + oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); if (getenv("OQS_OID_P521_FALCON1024")) - oqs_oid_alg_list[22] = getenv("OQS_OID_P521_FALCON1024"); + oqs_oid_alg_list[22 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P521_FALCON1024"); if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[24] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); + oqs_oid_alg_list[24 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[26] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); + oqs_oid_alg_list[26 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[28] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); + oqs_oid_alg_list[28 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[30] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); + oqs_oid_alg_list[30 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[32] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); + oqs_oid_alg_list[32 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[34] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); + oqs_oid_alg_list[34 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[36] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); + oqs_oid_alg_list[36 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[38] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); + oqs_oid_alg_list[38 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[40] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); + oqs_oid_alg_list[40 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[42] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); + oqs_oid_alg_list[42 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[44] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); + oqs_oid_alg_list[44 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 39a51333..bb3bfd9d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -55,9 +55,70 @@ typedef struct static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START -#define NID_TABLE_LEN 35 + +#ifdef OQS_KEM_ENCODERS +# define NID_TABLE_LEN 65 +#else +# define NID_TABLE_LEN 23 +#endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { +#ifdef OQS_KEM_ENCODERS + + {0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128}, + {0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM, + 128}, + {0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, + KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128}, + {0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, + KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, + KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192}, + {0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM, + 192}, + {0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM, + 192}, + {0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192}, + {0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, + KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, + KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256}, + {0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, + KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256}, + {0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, + KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128}, + {0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192}, + {0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256}, + {0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, + {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192}, + {0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256}, + {0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128}, + {0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192}, + {0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256}, + {0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM, 256}, + +#endif /* OQS_KEM_ENCODERS */ {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, @@ -569,6 +630,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } + OQS_KEY_PRINTF2("OQSX KEY: Recreated OQSX key %s\n", key->tls_name); if (op == KEY_OP_PUBLIC) { #ifdef USE_ENCODING_LIB @@ -792,13 +854,17 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) goto rec_err; } if (op == KEY_OP_PUBLIC) { + const unsigned char *enc_pubkey = key->comp_pubkey[0]; DECODE_UINT32(classical_pubkey_len, key->pubkey); - if (key->evp_info->raw_key_support) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; + if (key->evp_info->raw_key_support) { + key->classical_pkey = EVP_PKEY_new_raw_public_key( + key->evp_info->keytype, NULL, enc_pubkey, + classical_pubkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } } else { - const unsigned char *enc_pubkey = key->comp_pubkey[0]; EVP_PKEY *npk = EVP_PKEY_new(); if (key->evp_info->keytype != EVP_PKEY_RSA) { npk = setECParams(npk, key->evp_info->nid); @@ -815,13 +881,31 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (op == KEY_OP_PRIVATE) { DECODE_UINT32(classical_privkey_len, key->privkey); - if (key->evp_info->raw_key_support) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; + const unsigned char *enc_privkey = key->comp_privkey[0]; + unsigned char *enc_pubkey = key->comp_pubkey[0]; + if (key->evp_info->raw_key_support) { + key->classical_pkey = EVP_PKEY_new_raw_private_key( + key->evp_info->keytype, NULL, enc_privkey, + classical_privkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#ifndef NOPUBKEY_IN_PRIVKEY + // re-create classic public key part from private key: + size_t pubkeylen; + + EVP_PKEY_get_raw_public_key(key->classical_pkey, NULL, + &pubkeylen); + if (pubkeylen != key->evp_info->length_public_key + || EVP_PKEY_get_raw_public_key(key->classical_pkey, + enc_pubkey, &pubkeylen) + != 1) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#endif } else { - const unsigned char *enc_privkey = key->comp_privkey[0]; - unsigned char *enc_pubkey = key->comp_pubkey[0]; key->classical_pkey = d2i_PrivateKey(key->evp_info->keytype, NULL, &enc_privkey, classical_privkey_len); @@ -1155,6 +1239,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, + evp_ctx->evp_info->length_public_key; ret->oqsx_provider_ctx[0].oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; + ret->evp_info = evp_ctx->evp_info; break; case KEY_TYPE_HYB_SIG: ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); @@ -1253,7 +1338,9 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } - OQS_KEY_PRINTF2("OQSX_KEY: new key created: %p\n", ret); + OQS_KEY_PRINTF2("OQSX_KEY: new key created: %s\n", ret->tls_name); + OQS_KEY_PRINTF3("OQSX_KEY: new key created: %p (type: %d)\n", ret, + ret->keytype); return ret; err: ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); @@ -1523,8 +1610,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, return NULL; } -/* allocates OQS and classical keys; retains EVP_PKEY on success for sig - * OQSX_KEY */ +/* allocates OQS and classical keys */ int oqsx_key_gen(OQSX_KEY *key) { int ret = 0; @@ -1551,47 +1637,13 @@ int oqsx_key_gen(OQSX_KEY *key) OQS_KEY_PRINTF3("OQSKM: OQSX_KEY privkeylen %ld & pubkeylen: %ld\n", key->privkeylen, key->pubkeylen); - if (key->keytype == KEY_TYPE_HYB_SIG) { - key->classical_pkey = pkey; - ret = oqsx_key_gen_oqs(key, 0); - } else { - EVP_PKEY_free(pkey); - pkey = NULL; - ret = oqsx_key_gen_oqs(key, 1); - } - } - else if (key->keytype == KEY_TYPE_CMP_SIG) - { - int i; - ret = oqsx_key_set_composites(key); - for (i = 0; i < key->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - if (get_oqsname_fromtls(name) == 0) - { - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); - ON_ERR_GOTO(pkey == NULL, err); - key->cmp_classical_pkey[i] = pkey; - } - else - { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); - ON_ERR_GOTO(ret, err); - } - OPENSSL_free(name); - - } - - - - } - else if (key->keytype == KEY_TYPE_SIG) - { - ret = !oqsx_key_set_composites(key); // 1 + key->classical_pkey = pkey; + ret = oqsx_key_gen_oqs(key, key->keytype != KEY_TYPE_HYB_SIG); + } else if (key->keytype == KEY_TYPE_SIG) { + ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); - ret = oqsx_key_gen_oqs(key, 0); // 18 - } - else - { + ret = oqsx_key_gen_oqs(key, 0); + } else { ret = 1; } err: diff --git a/scripts/fullbuild.sh b/scripts/fullbuild.sh index abe0c495..a411d901 100755 --- a/scripts/fullbuild.sh +++ b/scripts/fullbuild.sh @@ -4,6 +4,7 @@ # Argument -f: Soft clean, ensuring re-build of oqs-provider binary # Argument -F: Hard clean, ensuring checkout and build of all dependencies # EnvVar MAKE_PARAMS: passed to invocations of make; sample value: "-j" +# EnvVar OQSPROV_CMAKE_PARAMS: passed to invocations of oqsprovider cmake # EnvVar LIBOQS_BRANCH: Defines branch/release of liboqs; default value "main" # EnvVar OQS_ALGS_ENABLED: If set, defines OQS algs to be enabled, e.g., "STD" # EnvVar OPENSSL_INSTALL: If set, defines (binary) OpenSSL installation to use @@ -123,9 +124,9 @@ if [ ! -f "_build/lib/oqsprovider.$SHLIBEXT" ]; then BUILD_TYPE="" # for omitting public key in private keys add -DNOPUBKEY_IN_PRIVKEY=ON if [ -z "$OPENSSL_INSTALL" ]; then - cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE -S . -B _build && cmake --build _build + cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build else - cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE -S . -B _build && cmake --build _build + cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build fi if [ $? -ne 0 ]; then echo "provider build failed. Exiting." diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c index 220f7d0b..1427d121 100644 --- a/test/oqs_test_endecode.c +++ b/test/oqs_test_endecode.c @@ -165,7 +165,7 @@ static int decode_EVP_PKEY_prov(const char *input_type, const char *structure, return ok; } -static int test_oqs_encdec(const char *sigalg_name) +static int test_oqs_encdec(const char *alg_name) { EVP_PKEY *pkey = NULL; EVP_PKEY *decoded_pkey = NULL; @@ -174,7 +174,7 @@ static int test_oqs_encdec(const char *sigalg_name) int ok = 0; for (i = 0; i < nelem(test_params_list); i++) { - pkey = oqstest_make_key(sigalg_name, NULL, NULL); + pkey = oqstest_make_key(alg_name, NULL, NULL); if (pkey == NULL) goto end; @@ -182,7 +182,7 @@ static int test_oqs_encdec(const char *sigalg_name) test_params_list[i].structure, test_params_list[i].pass, test_params_list[i].selection, &encoded)) { - printf("Failed encoding %s", sigalg_name); + printf("Failed encoding %s", alg_name); goto end; } if (!decode_EVP_PKEY_prov( @@ -190,12 +190,14 @@ static int test_oqs_encdec(const char *sigalg_name) test_params_list[i].pass, test_params_list[i].keytype, test_params_list[i].selection, &decoded_pkey, encoded->data, encoded->length)) { - printf("Failed decoding %s", sigalg_name); + printf("Failed decoding %s", alg_name); goto end; } - if (EVP_PKEY_eq(pkey, decoded_pkey) != 1) + if (EVP_PKEY_eq(pkey, decoded_pkey) != 1) { + printf("Key equality failed for %s", alg_name); goto end; + } EVP_PKEY_free(pkey); pkey = NULL; EVP_PKEY_free(decoded_pkey); @@ -211,12 +213,31 @@ static int test_oqs_encdec(const char *sigalg_name) return ok; } +static int test_algs(const OSSL_ALGORITHM *algs) +{ + int errcnt = 0; + for (; algs->algorithm_names != NULL; algs++) { + if (test_oqs_encdec(algs->algorithm_names)) { + fprintf(stderr, + cGREEN " Encoding/Decoding test succeeded: %s" cNORM "\n", + algs->algorithm_names); + } else { + fprintf(stderr, + cRED " Encoding/Decoding test failed: %s" cNORM "\n", + algs->algorithm_names); + ERR_print_errors_fp(stderr); + errcnt++; + } + } + return errcnt; +} + int main(int argc, char *argv[]) { size_t i; int errcnt = 0, test = 0, query_nocache; OSSL_PROVIDER *oqsprov = NULL; - const OSSL_ALGORITHM *sigalgs; + const OSSL_ALGORITHM *algs; T((libctx = OSSL_LIB_CTX_new()) != NULL); T(argc == 3); @@ -233,30 +254,29 @@ int main(int argc, char *argv[]) keyprov = OSSL_PROVIDER_load(keyctx, modulename); oqsprov = OSSL_PROVIDER_load(libctx, modulename); - sigalgs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE, - &query_nocache); - - if (sigalgs) { - for (; sigalgs->algorithm_names != NULL; sigalgs++) { - if (test_oqs_encdec(sigalgs->algorithm_names)) { - fprintf(stderr, - cGREEN " Encoding/Decoding test succeeded: %s" cNORM - "\n", - sigalgs->algorithm_names); - } else { - fprintf(stderr, - cRED " Encoding/Decoding test failed: %s" cNORM "\n", - sigalgs->algorithm_names); - ERR_print_errors_fp(stderr); - errcnt++; - } - } + algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_SIGNATURE, + &query_nocache); + + if (algs) { + errcnt += test_algs(algs); } else { fprintf(stderr, cRED " No signature algorithms found" cNORM "\n"); ERR_print_errors_fp(stderr); errcnt++; } +#ifdef OQS_KEM_ENCODERS + algs = OSSL_PROVIDER_query_operation(oqsprov, OSSL_OP_KEM, &query_nocache); + + if (algs) { + errcnt += test_algs(algs); + } else { + fprintf(stderr, cRED " No KEM algorithms found" cNORM "\n"); + ERR_print_errors_fp(stderr); + errcnt++; + } +#endif /* OQS_KEM_ENCODERS */ + OSSL_PROVIDER_unload(dfltprov); OSSL_PROVIDER_unload(keyprov); if (OPENSSL_VERSION_PREREQ(3, 1)) From 83937ce0c7844529ddbedff5c9870c47d2c371b9 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 09:57:51 -0500 Subject: [PATCH 051/164] getting up-to-date with oqsprov upstream Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 66 ++++++++++++++++++++++++------------ oqsprov/oqs_encode_key2any.c | 66 ++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 22 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 6bd71b71..89fa1569 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -731,26 +731,48 @@ MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3_rsa3072", dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER("falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3_bp256", dilithium3_bp256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3_ed25519", dilithium3_ed25519, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium5_bp384", dilithium5_bp384, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium5_ed448", dilithium5_ed448, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER("falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER("falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER("dilithium3_pss", dilithium3_pss, oqsx, PrivateKeyInfo); -MAKE_DECODER("dilithium3_pss", dilithium3_pss, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, + oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 40c71da1..5cfc0948 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -2051,4 +2051,70 @@ MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_sphincsshake128fsimple); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END From 70729a4e835d97f9b27c0502fe2bf880e7d9059d Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 11:12:38 -0500 Subject: [PATCH 052/164] fixed oid list len Signed-off-by: Felipe Ventura --- oqsprov/oqsprov.c | 2 +- oqsprov/oqsprov_keys.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 7a7e5474..557e66c0 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 130 +# define OQS_OID_CNT 155 #else # define OQS_OID_CNT 46 #endif diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index bb3bfd9d..4241f0d1 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -57,9 +57,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 65 +# define NID_TABLE_LEN 76 #else -# define NID_TABLE_LEN 23 +# define NID_TABLE_LEN 34 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { From ccf553651fab756e2a7394950e8b27781eb616b2 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 12:52:13 -0500 Subject: [PATCH 053/164] removed notes.txt Signed-off-by: Felipe Ventura --- notes.txt | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 notes.txt diff --git a/notes.txt b/notes.txt deleted file mode 100644 index f38caa07..00000000 --- a/notes.txt +++ /dev/null @@ -1,33 +0,0 @@ -###CREATE QUANTUM SAFE KEY PAIR - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl req -x509 -new -newkey p521_dilithium5 -keyout qsc.key -out qsc.crt -nodes -subj "/CN=oqstest" -days 365 -config /home/feventura/Documents/openssl/apps/openssl.cnf -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default - -###SIGN DATA - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -in test.txt -sign -signer qsc.crt -inkey qsc.key -nodetach -outform pem -binary -out signedfile -md sha512 -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider default -provider oqsprovider - -##VERIFY DATA - -LD_LIBRARY_PATH=/home/feventura/Documents/openssl ../../bin/openssl cms -verify -CAfile qsc.crt -inform pem -in signedfile -crlfeol -out outputfile -provider-path /home/feventura/Documents/oqs-provider/_build/oqsprov -provider oqsprovider -provider default - -##CREATE TEST SIGNATURE (from oqsprov/test) - -gcc oqs_test_signatures.c test_common.o -L ../openssl -lcrypto -o output_signatures - -##RUN TEST SIGNARURE (from oqsprov/test) - -./output_signatures oqsprovider /home/feventura/Documents/oqs-provider/test/oqs.cnf - -##IMPLEMENT CHANGES TO oqs_sig.c TO PROVIDER (from oqsprov/test) - -cd .. && cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && cd test/ - -##IMPLEMENT CHANGES THEN COMPILE AND RUN TEST (generic version, from oqsprov) - -cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf - -##IMPLEMENT CHANGES THEN BUILD DEPENDENCY LIBRARY THEN COMPILE AND RUN TEST (generic version, from oqsprov) - -cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local -DCMAKE_PREFIX_PATH=$(pwd)/.local -S . -B _build && cmake --build _build && gcc -Wall -c ./test/test_common.c && gcc ./test/oqs_test_signatures.c ./test/test_common.o -L ./openssl -lcrypto -o ./test/output_signatures && ./test/output_signatures oqsprovider $(pwd)/test/oqs.cnf - - From d5902d1d61333d66b35ca4c92bbdd24e9809071d Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 15:06:02 -0500 Subject: [PATCH 054/164] comments for pre-hash Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 811c485f..2a28b548 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -357,7 +357,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, for (i = 0; i < oqsxkey->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - if (get_oqsname_fromtls(name)){ + //pre-hash and concat of oids + + if (get_oqsname_fromtls(name)){ //PQC signing oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; buf = OPENSSL_malloc(oqs_sig_len); if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) From faff483a13af1178c08ac41b5326c653cecf7ab0 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 15:24:04 -0500 Subject: [PATCH 055/164] comments for pre-hash on verification Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 2a28b548..12c709f0 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -601,6 +601,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, buf = compsig->sig2->data; buf_len = compsig->sig2->length; } + + //pre-hash and concat of oids + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); if (get_oqsname_fromtls(name)){ From 42a1f855dfe446b827c069a3fcbf22e690191ccb Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 5 Oct 2023 15:41:45 -0500 Subject: [PATCH 056/164] test commit Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 12c709f0..a97e3053 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -602,7 +602,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, buf_len = compsig->sig2->length; } - //pre-hash and concat of oids + //pre-hash and concat of oids test char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); From 828771cf0ab677985805de0b3502571c035f2670 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 12 Oct 2023 14:55:09 -0500 Subject: [PATCH 057/164] Version 10 pre-hash added Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 5 + oqsprov/oqs_sig.c | 308 ++++++++++++++++++++++++++++++----------- oqsprov/oqsprov.c | 22 +-- oqsprov/oqsprov_keys.c | 49 ++++--- 4 files changed, 272 insertions(+), 112 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 2a06202b..1fc85e6d 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -200,6 +200,11 @@ struct SignatureModel{ typedef struct SignatureModel CompositeSignature; +char *get_oqsname_fromtls(char *tlsname); +char *get_oqsname(int nid); +char* get_cmpname(int nid, int index); +int get_oqsalg_idx(int nid); + /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index a97e3053..141016d2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -20,7 +20,6 @@ #include #include #include -#include "oqs_prov.h" #include #include @@ -217,6 +216,34 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } +static const char *composite_OID_hash[] = { + "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", //dilithium3_rsa3072 + "69642D4D4C44534136352D45434453412D503235362D534841323536", //dilithium3_p256 + "69642D46616C6F6E3531322D45434453412D503235362D534841323536", //falcon512_p256 + "69642D4D4C44534138372D45434453412D503338342D534841333834", //dilithium5_p384 + "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", //dilithium3_bp256 + "69642D4D4C44534136352D456432353531392D534841353132", //dilithium3_ed25519 + "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", //dilithium5_bp384 + "69642D4D4C44534138372D45643434382D5348414B45323536", //dilithium5_ed448 + "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", //falcon512_bp256 + "69642D46616C636F6E3531322D456432353531392D534841353132", //falcon512_ed25519 + "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss +}; + +static const size_t composite_OID_hash_len[] = { + 64, //dilithium3_rsa3072 + 56, //dilithium3_p256 + 58, //falcon512_p256 + 56, //dilithium5_p384 + 78, //dilithium3_bp256 + 50, //dilithium3_ed25519 + 78, //dilithium5_bp384 + 50, //dilithium5_ed448 + 82, //falcon512_bp256 + 54, //falcon512_ed25519 + 58, //dilithium3_pss +}; + /* On entry to this function, data to be signed (tbs) might have been hashed * already: this would be the case if poqs_sigctx->mdctx != NULL; if that is * NULL, we have to hash in case of hybrid signatures @@ -354,15 +381,71 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; + const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + char *final_tbs; + size_t final_tbslen = oid_hash_len; + + //prepare the pre hash + for (i = 0; i < oqsxkey->numkeys; i++){ + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)){ + if (name[0] == 'e'){//ed25519 or ed448 + if(name[2] == '2'){//ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + }else{//ed4448 + unsigned int tbs_hash_len; + tbs_hash = OPENSSL_malloc(64); + if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + final_tbslen += tbs_hash_len; + } + }else if (name[0] == 'p' || name[0] == 'b' || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3'://p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + }else{ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_hash, oid_hash_len); + memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); + } + for (i = 0; i < oqsxkey->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - - //pre-hash and concat of oids if (get_oqsname_fromtls(name)){ //PQC signing oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; buf = OPENSSL_malloc(oqs_sig_len); - if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; @@ -375,18 +458,17 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, const EVP_MD *classical_md; EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); int digest_len; - int aux; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if (name[0] == 'e'){ //ed25519 or ed448 - if (EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 || - EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, tbs, tbslen) <= 0){ + if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 ) + || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs, final_tbslen) <= 0)){ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } }else { - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL + || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -394,9 +476,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (!strncmp(name, "pss", 3)) { - if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || - (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) || - (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) + if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -410,40 +492,40 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } - if (name[0] == 'p' || name[0] == 'b') + if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')) { - if(name[0] == 'p') + int aux; + if(name[0] == 'b') + aux = 2; + else aux = 1; - else aux = 2; - if (name[aux] == '2' || name[aux] == 's') - { // p256 && pss - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '3'://p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '5'://p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; } } - else - {// rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - - } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) + || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -473,6 +555,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, oqs_sig_len = i2d_CompositeSignature(compsig, &sig); OPENSSL_free(compsig); + OPENSSL_free(final_tbs); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { @@ -488,7 +571,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (classical_ctx_sign) { EVP_PKEY_CTX_free(classical_ctx_sign); } - printf("rv %i\n", rv); return rv; } @@ -591,8 +673,72 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, int i; unsigned char *buf; size_t buf_len; + const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + char *final_tbs; + size_t final_tbslen = oid_hash_len; + if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; + } + + //prepare the pre-hash + for (i = 0; i < oqsxkey->numkeys; i++){ + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)){ + if (name[0] == 'e'){//ed25519 or ed448 + if(name[2] == '2'){//ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + }else{//ed4448 + unsigned int tbs_hash_len; + tbs_hash = OPENSSL_malloc(64); + if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endverify; + } + final_tbslen += tbs_hash_len; + } + }else if (name[0] == 'p' + || name[0] == 'b' + || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3'://p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + }else{ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_hash, oid_hash_len); + memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); + } + for(i = 0; i < oqsxkey->numkeys; i++){ if (i == 0){ buf = compsig->sig1->data; @@ -602,12 +748,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, buf_len = compsig->sig2->length; } - //pre-hash and concat of oids test - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); if (get_oqsname_fromtls(name)){ - if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) + if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; @@ -620,23 +764,23 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if(name[0] == 'e'){ //ed25519 or ed448 - if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) || - (EVP_DigestVerify(evp_ctx, buf, buf_len, tbs, tbslen) <= 0)){ + if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) + || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)){ ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } } else { - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || - EVP_PKEY_verify_init(ctx_verify) <= 0) + if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL) + || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } if (!strncmp(name, "pss", 3)) { - if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) || - (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) || - (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) + if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); goto endverify; @@ -649,38 +793,39 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - if (name[0] == 'p' || name[0] == 'b') + if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')) { - if(name[0] == 'p') - aux = 1; - else aux = 2; - if (name[aux] == '2' || name[aux] == 's') - { // p256 && pss - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + int aux; + if(name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '3'://p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '5'://p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; } } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || - (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) + || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; @@ -691,6 +836,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } OPENSSL_free(compsig); + OPENSSL_free(final_tbs); }else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 557e66c0..89862e92 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -190,27 +190,27 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_sphincsshake128fsimple", "1.3.9999.6.7.15", "rsa3072_sphincsshake128fsimple", - "2.16.840.1.114027.80.5.1.1", + "2.16.840.1.114027.80.7.1.7", "dilithium3_rsa3072", - "2.16.840.1.114027.80.5.1.2", + "2.16.840.1.114027.80.7.1.8", "dilithium3_p256", - "2.16.840.1.114027.80.5.1.3", + "2.16.840.1.114027.80.7.1.9", "dilithium3_bp256", - "2.16.840.1.114027.80.5.1.4", + "2.16.840.1.114027.80.7.1.10", "dilithium3_ed25519", - "2.16.840.1.114027.80.5.1.5", + "2.16.840.1.114027.80.7.1.11", "dilithium5_p384", - "2.16.840.1.114027.80.5.1.6", + "2.16.840.1.114027.80.7.1.12", "dilithium5_bp384", - "2.16.840.1.114027.80.5.1.7", + "2.16.840.1.114027.80.7.1.13", "dilithium5_ed448", - "2.16.840.1.114027.80.5.1.8", + "2.16.840.1.114027.80.7.1.14", "falcon512_p256", - "2.16.840.1.114027.80.5.1.9", + "2.16.840.1.114027.80.7.1.15", "falcon512_bp256", - "2.16.840.1.114027.80.5.1.10", + "2.16.840.1.114027.80.7.1.16", "falcon512_ed25519", - "2.16.840.1.114027.80.5.1.14", + "2.16.840.1.114027.80.7.1.6", "dilithium3_pss", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4241f0d1..674d9fdf 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -162,7 +162,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, + KEY_TYPE_CMP_SIG, 256}, {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, @@ -170,7 +170,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, - KEY_TYPE_CMP_SIG, 128}, + KEY_TYPE_CMP_SIG, 256}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, @@ -226,7 +226,7 @@ char *get_oqsname_fromtls(char *tlsname) return 0; //classical } -static char *get_oqsname(int nid) +char *get_oqsname(int nid) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { @@ -274,7 +274,7 @@ int get_qntcmp(int nid) return index; } -static int get_oqsalg_idx(int nid) +int get_oqsalg_idx(int nid) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { @@ -444,7 +444,7 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - p384 + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit @@ -694,7 +694,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); - } + } if (previous_privlen != plen) { //is ok, PQC pubkey might be in privkey @@ -703,6 +703,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + if (oqsx_key_allocate_keymaterial(key, 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } } if (oqsx_key_allocate_keymaterial(key, 1)) { @@ -1372,7 +1377,6 @@ void oqsx_key_free(OQSX_KEY *key) #endif OPENSSL_free(key->propq); - OPENSSL_free(key->tls_name); OPENSSL_secure_clear_free(key->privkey, key->privkeylen); OPENSSL_secure_clear_free(key->pubkey, key->pubkeylen); OPENSSL_free(key->comp_pubkey); @@ -1382,27 +1386,32 @@ void oqsx_key_free(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); - } else - OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); - EVP_PKEY_free(key->classical_pkey); - if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); } - if(key->keytype == KEY_TYPE_CMP_SIG){ + else if(key->keytype == KEY_TYPE_CMP_SIG){ int i; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); + else{ + EVP_PKEY_free(key->classical_pkey); + EVP_PKEY_CTX_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); + } OPENSSL_free(name); - } - - - } - else + } + }else{ OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); + EVP_PKEY_free(key->classical_pkey); + if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { + EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); + } + } + OPENSSL_free(key->tls_name); + #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); From 68c63eb5d10856caed80aa3b720fb37bc9e66c00 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 13 Oct 2023 12:26:22 -0500 Subject: [PATCH 058/164] set up SHAKE256 size to 512bits Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 141016d2..c84922d2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -397,15 +397,22 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, SHA512(tbs, tbslen, tbs_hash); final_tbslen += SHA512_DIGEST_LENGTH; }else{//ed4448 - unsigned int tbs_hash_len; - tbs_hash = OPENSSL_malloc(64); - if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ + EVP_MD_CTX *shake = EVP_MD_CTX_new(); + unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; + tbs_hash = OPENSSL_malloc(tbs_hash_len); + + if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) + || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) + || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } final_tbslen += tbs_hash_len; + EVP_MD_CTX_free(shake); } - }else if (name[0] == 'p' || name[0] == 'b' || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + }else if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 int aux; if (name[0] == 'b') aux = 2; @@ -695,17 +702,22 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, SHA512(tbs, tbslen, tbs_hash); final_tbslen += SHA512_DIGEST_LENGTH; }else{//ed4448 - unsigned int tbs_hash_len; - tbs_hash = OPENSSL_malloc(64); - if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + EVP_MD_CTX *shake = EVP_MD_CTX_new(); + unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; + tbs_hash = OPENSSL_malloc(tbs_hash_len); + + if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) + || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) + || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } final_tbslen += tbs_hash_len; + EVP_MD_CTX_free(shake); } - }else if (name[0] == 'p' - || name[0] == 'b' - || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + }else if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 int aux; if (name[0] == 'b') aux = 2; From 6af1bf8ad6c2af25127c8719dfd7f64320ec6d5c Mon Sep 17 00:00:00 2001 From: Paul Schweigert Date: Fri, 6 Oct 2023 00:57:10 -0400 Subject: [PATCH 059/164] remove duplicate LIBOQS_BRANCH option in config doc (#274) Signed-off-by: Paul S. Schweigert There were two entries for LIBOQS_BRANCH in the CONFIGURE doc. This change drops the second one and makes a slight tweak to the wording of the first. Signed-off-by: Felipe Ventura --- CONFIGURE.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/CONFIGURE.md b/CONFIGURE.md index b1718b9b..416bfb88 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -110,8 +110,8 @@ code deficiencies related to providers in such old OpenSSL branches. This defines the branch of `liboqs` against which `oqs-provider` is built. This can be used, for example, to facilitate a release of `oqsprovider` -to track an old/stable `liboqs` release. -Default is "main" (most current code). +to track an old/stable `liboqs` release. If this variable is not set, the +"main" branch is built. ### liboqs_DIR @@ -120,11 +120,6 @@ used from the directory specified in this variable: Both `include` and `lib` directories must be present in that location. By not setting this variable, `liboqs` is build from source. -### LIBOQS_BRANCH - -If set, this environment variable designates the `liboqs` branch to -be built. If this variable is not set, the "main" branch is built. - ### MAKE_PARAMS This environment variable permits passing parameters to the `make` From a0492924b4b3b1bcd30e3dfa1bfb3ffecc079b7a Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Tue, 10 Oct 2023 19:20:30 +0200 Subject: [PATCH 060/164] add cloudflare interop tests (#278) Signed-off-by: Felipe Ventura --- scripts/oqsprovider-externalinterop.sh | 26 ++++++++++++++++++++++++++ scripts/runtests.sh | 4 ++++ 2 files changed, 30 insertions(+) create mode 100755 scripts/oqsprovider-externalinterop.sh diff --git a/scripts/oqsprovider-externalinterop.sh b/scripts/oqsprovider-externalinterop.sh new file mode 100755 index 00000000..d90dff68 --- /dev/null +++ b/scripts/oqsprovider-externalinterop.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -e + +# Use newly built oqsprovider to test interop with external sites + +if [ -z "$OPENSSL_APP" ]; then + echo "OPENSSL_APP env var not set. Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_MODULES" ]; then + echo "Warning: OPENSSL_MODULES env var not set." +fi + +# Set OSX DYLD_LIBRARY_PATH if not already externally set +if [ -z "$DYLD_LIBRARY_PATH" ]; then + export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH +fi + +echo " Cloudflare:" +export OQS_CODEPOINT_X25519_KYBER512=65072 +(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | $OPENSSL_APP s_client -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 +(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | $OPENSSL_APP s_client -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 + + diff --git a/scripts/runtests.sh b/scripts/runtests.sh index 8d7d02d5..79762205 100755 --- a/scripts/runtests.sh +++ b/scripts/runtests.sh @@ -180,6 +180,10 @@ fi echo +# Run interop tests with external sites +echo "External interop tests commencing" +${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-externalinterop.sh + # Run built-in tests: # Without removing OPENSSL_CONF ctest hangs... ??? unset OPENSSL_CONF From 74eb302960f52ee843aac1701473ee7891a1958b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 13 Oct 2023 16:31:32 -0500 Subject: [PATCH 061/164] added MLDSA44 algs Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 24 ++++++++++- oqsprov/oqs_encode_key2any.c | 65 +++++++++++++++++++++++----- oqsprov/oqs_kmgmt.c | 84 +++++++++++++++++++++++++++++++++--- oqsprov/oqs_prov.h | 63 +++++++++++++++++++++++---- oqsprov/oqs_sig.c | 14 +++++- oqsprov/oqsdecoders.inc | 48 +++++++++++++++++++-- oqsprov/oqsencoders.inc | 72 ++++++++++++++++++++++++++++--- oqsprov/oqsprov.c | 30 ++++++++++--- oqsprov/oqsprov_keys.c | 45 +++++++++++++------ 9 files changed, 389 insertions(+), 56 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 89fa1569..5ea20a50 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -771,8 +771,28 @@ MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss", dilithium3_pss, +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5cfc0948..a4164731 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -966,7 +966,22 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" -# define dilithium3_rsa3072_evp_type 0 +# define dilithium2_pss2048_evp_type 0 +# define dilithium2_pss2048_input_type "dilithium2_pss2048" +# define dilithium2_pss2048_pem_type "dilithium2_pss2048" +# define dilithium2_rsa2048_evp_type 0 +# define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +# define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +# define dilithium2_ed25519_evp_type 0 +# define dilithium2_ed25519_input_type "dilithium2_ed25519" +# define dilithium2_ed25519_pem_type "dilithium2_ed25519" +# define dilithium2_p256_evp_type 0 +# define dilithium2_p256_input_type "dilithium2_p256" +# define dilithium2_p256_pem_type "dilithium2_p256" +# define dilithium2_bp256_evp_type 0 +# define dilithium2_bp256_input_type "dilithium2_bp256" +# define dilithium2_bp256_pem_type "dilithium2_bp256" +# define dilithium3_rsa2048_evp_type 0 # define dilithium3_rsa3072_input_type "dilithium3_rsa3072" # define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" # define dilithium3_p256_evp_type 0 @@ -984,9 +999,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # define dilithium3_ed25519_evp_type 0 # define dilithium3_ed25519_input_type "dilithium3_ed25519" # define dilithium3_ed25519_pem_type "dilithium3_ed25519" -# define dilithium3_pss_evp_type 0 -# define dilithium3_pss_input_type "dilithium3_pss" -# define dilithium3_pss_pem_type "dilithium3_pss" +# define dilithium3_pss3072_evp_type 0 +# define dilithium3_pss3072_input_type "dilithium3_pss3072" +# define dilithium3_pss3072_pem_type "dilithium3_pss3072" # define dilithium5_bp384_evp_type 0 # define dilithium5_bp384_input_type "dilithium5_bp384" # define dilithium5_bp384_pem_type "dilithium5_bp384" @@ -2111,10 +2126,40 @@ MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 6a08fa7d..9f5d5f41 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -1002,20 +1002,89 @@ static void *falcon512_ed25519_gen_init(void *provctx, int selection) "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } -static void *dilithium3_pss_new_key(void *provctx) +static void *dilithium3_pss3072_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss", KEY_TYPE_CMP_SIG, NULL, 128, 33); + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 33); } -static void *dilithium3_pss_gen_init(void *provctx, int selection) +static void *dilithium3_pss3072_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss", KEY_TYPE_CMP_SIG, 128, 33); + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 33); } +static void *dilithium2_pss2048_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 34); +} + +static void *dilithium2_pss2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 34); +} + +static void *dilithium2_rsa2048_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 35); +} + +static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 35); +} + +static void *dilithium2_ed25519_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 36); +} + +static void *dilithium2_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 36); +} + +static void *dilithium2_p256_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 37); +} + +static void *dilithium2_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 37); +} + +static void *dilithium2_bp256_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 38); +} + +static void *dilithium2_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init + (provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 38); +} ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1198,7 +1267,12 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_pss2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_rsa2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_bp256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1fc85e6d..5d402e60 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1485,14 +1485,54 @@ extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_enc extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -1532,7 +1572,12 @@ extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index c84922d2..b6d57726 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -227,7 +227,12 @@ static const char *composite_OID_hash[] = { "69642D4D4C44534138372D45643434382D5348414B45323536", //dilithium5_ed448 "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", //falcon512_bp256 "69642D46616C636F6E3531322D456432353531392D534841353132", //falcon512_ed25519 - "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss + "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss3072 + "69642D4D4C44534134342D525341323034382D5053532D534841323536", //dilithium2_pss2048 + "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", //dilithium2_rsa2048 + "69642D4D4C44534134342D456432353531392D534841353132", //dilithium2_ed25519 + "69642D4D4C44534134342D45434453412D503235362D534841323536", //dilithium2_p256 + "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536," //dilithium2_bp256 }; static const size_t composite_OID_hash_len[] = { @@ -241,7 +246,12 @@ static const size_t composite_OID_hash_len[] = { 50, //dilithium5_ed448 82, //falcon512_bp256 54, //falcon512_ed25519 - 58, //dilithium3_pss + 58, //dilithium3_pss3072 + 58, //dilithium2_pss2048 + 61, //dilithium2_rsa2048 + 50, //dilithium2_ed25519 + 56, //dilithium2_p256 + 79, //dilithium2_bp256 }; /* On entry to this function, data to be signed (tbs) might have been hashed diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 96775d49..e300a86c 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -199,6 +199,46 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_dilithium2), DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, rsa3072_dilithium2), + DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, + dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), @@ -227,10 +267,10 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium3_ed25519), DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), - DECODER_w_structure("dilithium3_pss", der, PrivateKeyInfo, - dilithium3_pss), - DECODER_w_structure("dilithium3_pss", der, SubjectPublicKeyInfo, - dilithium3_pss), + DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, + dilithium3_pss3072), + DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, + dilithium3_pss3072), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index b944c047..52e97f29 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -578,6 +578,66 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + SubjectPublicKeyInfo), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), @@ -648,17 +708,17 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss", dilithium3_pss, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), #endif diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 89862e92..93fced6a 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,9 +49,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 155 +# define OQS_OID_CNT 165 #else -# define OQS_OID_CNT 46 +# define OQS_OID_CNT 78 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -211,7 +211,17 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "2.16.840.1.114027.80.7.1.16", "falcon512_ed25519", "2.16.840.1.114027.80.7.1.6", - "dilithium3_pss", + "dilithium3_pss3072", + "2.16.840.1.114027.80.7.1.1", + "dilithium2_pss2048", + "2.16.840.1.114027.80.7.1.2", + "dilithium2_rsa2048", + "2.16.840.1.114027.80.7.1.3", + "dilithium2_ed25519", + "2.16.840.1.114027.80.7.1.4", + "dilithium2_p256", + "2.16.840.1.114027.80.7.1.5", + "dilithium2_bp256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -568,6 +578,11 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium2", 128, oqs_signature_functions), SIGALG("p256_dilithium2", 128, oqs_signature_functions), SIGALG("rsa3072_dilithium2", 128, oqs_signature_functions), + SIGALG("dilithium2_pss2048", 128, oqs_signature_functions), + SIGALG("dilithium2_rsa2048", 128, oqs_signature_functions), + SIGALG("dilithium2_ed25519", 128, oqs_signature_functions), + SIGALG("dilithium2_p256", 128, oqs_signature_functions), + SIGALG("dilithium2_bp256", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), @@ -576,7 +591,7 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium3_p256", 192, oqs_signature_functions), SIGALG("dilithium3_bp256", 192, oqs_signature_functions), SIGALG("dilithium3_ed25519", 192, oqs_signature_functions), - SIGALG("dilithium3_pss", 192, oqs_signature_functions), + SIGALG("dilithium3_pss3072", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -707,6 +722,11 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium2", 128, oqs_dilithium2_keymgmt_functions), SIGALG("p256_dilithium2", 128, oqs_p256_dilithium2_keymgmt_functions), SIGALG("rsa3072_dilithium2", 128, oqs_rsa3072_dilithium2_keymgmt_functions), + SIGALG("dilithium2_pss2048", 128, oqs_dilithium2_pss2048_keymgmt_functions), + SIGALG("dilithium2_rsa2048", 128, oqs_dilithium2_rsa2048_keymgmt_functions), + SIGALG("dilithium2_ed25519", 128, oqs_dilithium2_ed25519_keymgmt_functions), + SIGALG("dilithium2_p256", 128, oqs_dilithium2_p256_keymgmt_functions), + SIGALG("dilithium2_bp256", 128, oqs_dilithium2_bp256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), @@ -715,7 +735,7 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), SIGALG("dilithium3_bp256", 192, oqs_dilithium3_bp256_keymgmt_functions), SIGALG("dilithium3_ed25519", 192, oqs_dilithium3_ed25519_keymgmt_functions), - SIGALG("dilithium3_pss", 192, oqs_dilithium3_pss_keymgmt_functions), + SIGALG("dilithium3_pss3072", 192, oqs_dilithium3_pss3072_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 674d9fdf..73c39051 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -57,9 +57,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 76 +# define NID_TABLE_LEN 81 #else -# define NID_TABLE_LEN 34 +# define NID_TABLE_LEN 39 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -173,9 +173,18 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_CMP_SIG, 256}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, + {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - + {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, + KEY_TYPE_CMP_SIG, 256}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -449,8 +458,9 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit - {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit - {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit + {EVP_PKEY_RSA, NID_rsaEncryption, 0, 270, 1193, 0, 256}, // 112 bit + {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit + {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit }; // These two array need to stay synced: @@ -476,9 +486,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 5, err); - if (!strncmp(algname, "rsa3072", 7) || !strncmp(algname, "pss", 3)) + if (!strncmp(algname, "rsa", 3) || !strncmp(algname, "pss", 3)){ idx += 5; - else if (algname[0] != 'p' && algname[0] != 'e') + if (bit_security == 112) + idx += 1; + } else if (algname[0] != 'p' && algname[0] != 'e') { if (algname[0] == 'b'){ //bp if (algname[2] == '2') //bp256 @@ -492,11 +504,11 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } } - ON_ERR_GOTO(idx < 0 || idx > 5, err); + ON_ERR_GOTO(idx < 0 || idx > 6, err); if(algname[0] == 'e') //ED25519 or ED448 { - evp_ctx->evp_info = &nids_sig[idx + 6]; + evp_ctx->evp_info = &nids_sig[idx + 7]; evp_ctx->keyParam = EVP_PKEY_new(); ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); @@ -1095,8 +1107,12 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, memcpy(concat_key + plen - aux, buf, buflen); //if is a RSA key the actual encoding size might be different from max size //we calculate that difference for to facilitate the key reconstruction - if(!strncmp(name, "rsa3072", 7) || !strncmp(name, "pss", 3)) - rsa_diff = nids_sig[5].length_private_key - buflen; + if(!strncmp(name, "rsa", 3) || !strncmp(name, "pss", 3)) { + if (name[3] == '3') //3072 + rsa_diff = nids_sig[5].length_private_key - buflen; + else //2048 + rsa_diff = nids_sig[6].length_private_key - buflen; + } OPENSSL_free(name); } @@ -1559,7 +1575,10 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); if (ctx->evp_info->keytype == EVP_PKEY_RSA) { - ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); + if (ctx->evp_info->length_public_key > 270) + ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); + else + ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 2048); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } From 12f149e731fa276293e74751f7e325fb45a5e117 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Mon, 16 Oct 2023 08:40:57 +0200 Subject: [PATCH 062/164] Add releasetest (#281) * add releasetest for all algs/combinations Signed-off-by: Felipe Ventura --- .gitignore | 1 + oqs-template/generate.py | 1 + .../scripts/common.py/kex_algs.fragment | 10 ++ .../scripts/common.py/sig_algs.fragment | 12 ++ scripts/README.md | 21 +++ scripts/common.py | 165 ++++++++++++++++++ scripts/conftest.py | 20 +++ scripts/pytest.ini | 2 + scripts/release-test.sh | 39 +++++ scripts/test_tls_full.py | 30 ++++ 10 files changed, 301 insertions(+) create mode 100644 oqs-template/scripts/common.py/kex_algs.fragment create mode 100644 oqs-template/scripts/common.py/sig_algs.fragment create mode 100644 scripts/README.md create mode 100644 scripts/common.py create mode 100644 scripts/conftest.py create mode 100644 scripts/pytest.ini create mode 100755 scripts/release-test.sh create mode 100644 scripts/test_tls_full.py diff --git a/.gitignore b/.gitignore index 4c607356..003421d7 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ tmp interop.log # pycache oqs-template/__pycache__ +scripts/__pycache__ # Visual Studio Code .vscode diff --git a/oqs-template/generate.py b/oqs-template/generate.py index e25fe300..03271e8f 100644 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -244,6 +244,7 @@ def load_config(include_disabled_sigs=False): populate('oqsprov/oqs_encode_key2any.c', config, '/////') populate('oqsprov/oqs_decode_der2key.c', config, '/////') populate('oqsprov/oqsprov_keys.c', config, '/////') +populate('scripts/common.py', config, '#####') config2 = load_config(include_disabled_sigs=True) config2 = complete_config(config2) diff --git a/oqs-template/scripts/common.py/kex_algs.fragment b/oqs-template/scripts/common.py/kex_algs.fragment new file mode 100644 index 00000000..c8805d32 --- /dev/null +++ b/oqs-template/scripts/common.py/kex_algs.fragment @@ -0,0 +1,10 @@ + + # post-quantum key exchanges + {% for kem in config['kems'] %}'{{ kem['name_group'] }}', {%- endfor %} + # post-quantum + classical key exchanges + {% for kem in config['kems'] -%} + {%- for hybrid in kem['hybrids'] -%} + '{{ hybrid['hybrid_group'] }}_{{kem['name_group']}}', + {%- endfor -%} + {% endfor %} + diff --git a/oqs-template/scripts/common.py/sig_algs.fragment b/oqs-template/scripts/common.py/sig_algs.fragment new file mode 100644 index 00000000..2541638a --- /dev/null +++ b/oqs-template/scripts/common.py/sig_algs.fragment @@ -0,0 +1,12 @@ + + # post-quantum signatures + {% for sig in config['sigs'] %}{% for variant in sig['variants'] %}'{{ variant['name'] }}', + {%- endfor %} {%- endfor %} + # post-quantum + classical signatures + {% for sig in config['sigs'] -%} + {%- for variant in sig['variants'] -%} + {%- for classical_alg in variant['mix_with'] -%} + '{{ classical_alg['name'] }}_{{ variant['name'] }}', + {%- endfor -%} + {%- endfor %} {%- endfor %} + diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 00000000..40bb7936 --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,21 @@ +# Build and test support scripts + +This directory contains various scripts aiming to ease build and test of `oqsprovider`. + +## Building + +The key file is [fullbuild.sh](fullbuild.sh) with options documented [here](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONFIGURE.md#convenience-build-script-options). + +## Testing + +### API testing + +All features and enabled algorithms are API tested by `ctest` driven code contained in the [test directory](https://github.com/open-quantum-safe/oqs-provider/tree/main/test). + +### Command line testing + +All features and enabled algorithms are tested via `openssl` command line instructions via the [runtests.sh](runtests.sh) script with options documented [here](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONFIGURE.md#convenience-build-script-options). + +### Release testing + +All features and all algorithms can be tested in a full matrix running all possible signature and KEM algorithms in client/server setup via the corresponding `openssl s_server/s_client` commands via the [release-test.sh](release-test.sh) script. To run this test successfully, installation of `python3` and `pytest` with `xdist` extension is required, e.g., via `sudo apt install python3 python3-pytest python3-pytest-xdist python3-psutil`. The test must be executed within the main project directory, e.g., as such `./scripts/release-test.sh`. For full operation, a local and up-to-date (release) installation of `openssl` and `liboqs` (e.g., built via `scripts/fulltest.sh`) is recommended. diff --git a/scripts/common.py b/scripts/common.py new file mode 100644 index 00000000..7b936214 --- /dev/null +++ b/scripts/common.py @@ -0,0 +1,165 @@ +import os +import subprocess +import pathlib +import psutil +import time + +key_exchanges = [ +##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_START + # post-quantum key exchanges + 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','kyber512','kyber768','kyber1024','bikel1','bikel3','bikel5','hqc128','hqc192','hqc256', + # post-quantum + classical key exchanges + 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', +##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END +] +signatures = [ + 'ecdsap256', 'rsa3072', +##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_START + # post-quantum signatures + 'dilithium2','dilithium3','dilithium5','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', + # post-quantum + classical signatures + 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', +##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END +] + +SERVER_START_ATTEMPTS = 10 + +def all_pq_groups(): + ag = "" + for kex in key_exchanges: + if len(ag)==0: + ag = kex + else: + ag = ag + ":" + kex + return ag + +def run_subprocess(command, working_dir='.', expected_returncode=0, input=None, env=os.environ): + """ + Helper function to run a shell command and report success/failure + depending on the exit status of the shell command. + """ + + # Note we need to capture stdout/stderr from the subprocess, + # then print it, which pytest will then capture and + # buffer appropriately + print(working_dir + " > " + " ".join(command)) + result = subprocess.run( + command, + input=input, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + cwd=working_dir, + env=env + ) + if result.returncode != expected_returncode: + print(result.stdout.decode('utf-8')) + assert False, "Got unexpected return code {}".format(result.returncode) + return result.stdout.decode('utf-8') + +def start_server(ossl, test_artifacts_dir, sig_alg, worker_id): + command = [ossl, 's_server', + '-cert', os.path.join(test_artifacts_dir, '{}_{}_srv.crt'.format(worker_id, sig_alg)), + '-key', os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(worker_id, sig_alg)), + '-CAfile', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(worker_id, sig_alg)), + '-tls1_3', + '-quiet', +# add X25519 for baseline server test and all PQ KEMs for single PQ KEM tests: + '-groups', "x25519:"+all_pq_groups(), + # On UNIX-like systems, binding to TCP port 0 + # is a request to dynamically generate an unused + # port number. + # TODO: Check if Windows behaves similarly + '-accept', '0'] + + print(" > " + " ".join(command)) + server = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + server_info = psutil.Process(server.pid) + + # Try SERVER_START_ATTEMPTS times to see + # what port the server is bound to. + server_start_attempt = 1 + while server_start_attempt <= SERVER_START_ATTEMPTS: + if server_info.connections(): + break + else: + server_start_attempt += 1 + time.sleep(2) + server_port = str(server_info.connections()[0].laddr.port) + + # Check SERVER_START_ATTEMPTS times to see + # if the server is responsive. + server_start_attempt = 1 + while server_start_attempt <= SERVER_START_ATTEMPTS: + result = subprocess.run([ossl, 's_client', '-connect', 'localhost:{}'.format(server_port)], + input='Q'.encode(), + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + if result.returncode == 0: + break + else: + server_start_attempt += 1 + time.sleep(2) + + if server_start_attempt > SERVER_START_ATTEMPTS: + raise Exception('Cannot start OpenSSL server') + + return server, server_port + +def gen_keys(ossl, ossl_config, sig_alg, test_artifacts_dir, filename_prefix): + pathlib.Path(test_artifacts_dir).mkdir(parents=True, exist_ok=True) + if sig_alg == 'ecdsap256': + run_subprocess([ossl, 'ecparam', + '-name', 'prime256v1', + '-out', os.path.join(test_artifacts_dir, '{}_prime256v1.pem'.format(filename_prefix))]) + run_subprocess([ossl, 'req', '-x509', '-new', + '-newkey', 'ec:{}'.format(os.path.join(test_artifacts_dir, '{}_prime256v1.pem'.format(filename_prefix))), + '-keyout', os.path.join(test_artifacts_dir, '{}_ecdsap256_CA.key'.format(filename_prefix)), + '-out', os.path.join(test_artifacts_dir, '{}_ecdsap256_CA.crt'.format(filename_prefix)), + '-nodes', + '-subj', '/CN=oqstest_CA', + '-days', '365', + '-config', ossl_config]) + run_subprocess([ossl, 'req', '-new', + '-newkey', 'ec:{}'.format(os.path.join(test_artifacts_dir, '{}_prime256v1.pem'.format(filename_prefix))), + '-keyout', os.path.join(test_artifacts_dir, '{}_ecdsap256_srv.key'.format(filename_prefix)), + '-out', os.path.join(test_artifacts_dir, '{}_ecdsap256_srv.csr'.format(filename_prefix)), + '-nodes', + '-subj', '/CN=oqstest_server', + '-config', ossl_config]) + else: + if sig_alg == 'rsa3072': + ossl_sig_alg_arg = 'rsa:3072' + else: + ossl_sig_alg_arg = sig_alg + run_subprocess([ossl, 'req', '-x509', '-new', + '-newkey', ossl_sig_alg_arg, + '-keyout', os.path.join(test_artifacts_dir, '{}_{}_CA.key'.format(filename_prefix, sig_alg)), + '-out', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(filename_prefix, sig_alg)), + '-nodes', + '-subj', '/CN=oqstest_CA', + '-days', '365', + '-config', ossl_config]) + run_subprocess([ossl, 'req', '-new', + '-newkey', ossl_sig_alg_arg, + '-keyout', os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(filename_prefix, sig_alg)), + '-out', os.path.join(test_artifacts_dir, '{}_{}_srv.csr'.format(filename_prefix, sig_alg)), + '-nodes', + '-subj', '/CN=oqstest_server', + '-config', ossl_config]) + + run_subprocess([ossl, 'x509', '-req', + '-in', os.path.join(test_artifacts_dir, '{}_{}_srv.csr'.format(filename_prefix, sig_alg)), + '-out', os.path.join(test_artifacts_dir, '{}_{}_srv.crt'.format(filename_prefix, sig_alg)), + '-CA', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(filename_prefix, sig_alg)), + '-CAkey', os.path.join(test_artifacts_dir, '{}_{}_CA.key'.format(filename_prefix, sig_alg)), + '-CAcreateserial', + '-days', '365']) + + # also create pubkeys from certs for dgst verify tests: + env = os.environ + #env["OPENSSL_CONF"]=os.path.join("scripts", "openssl.cnf") + #env["OPENSSL_MODULES"]=os.path.join("_build", "lib") + run_subprocess([ossl, 'req', + '-in', os.path.join(test_artifacts_dir, '{}_{}_srv.csr'.format(filename_prefix, sig_alg)), + '-pubkey', '-out', os.path.join(test_artifacts_dir, '{}_{}_srv.pubk'.format(filename_prefix, sig_alg)) ], + env=env) diff --git a/scripts/conftest.py b/scripts/conftest.py new file mode 100644 index 00000000..758d1e23 --- /dev/null +++ b/scripts/conftest.py @@ -0,0 +1,20 @@ +import os +import pytest +import subprocess + +def pytest_addoption(parser): + parser.addoption("--ossl", action="store", help="ossl: Path to standalone OpenSSL executable.") + parser.addoption("--ossl-config", action="store", help="ossl-config: Path to openssl.cnf file.") + parser.addoption("--test-artifacts-dir", action="store", help="test-artifacts-dir: Path to directory containing files generated during the testing process.") + +@pytest.fixture +def ossl_config(request): + return os.path.normpath(request.config.getoption("--ossl-config")) + +@pytest.fixture +def ossl(request): + return os.path.normpath(request.config.getoption("--ossl")) + +@pytest.fixture +def test_artifacts_dir(request): + return os.path.normpath(request.config.getoption("--test-artifacts-dir")) diff --git a/scripts/pytest.ini b/scripts/pytest.ini new file mode 100644 index 00000000..ef297a1d --- /dev/null +++ b/scripts/pytest.ini @@ -0,0 +1,2 @@ +[pytest] +addopts = --verbose --ossl=.local/bin/openssl --ossl-config=scripts/openssl-ca.cnf --test-artifacts-dir=tmp diff --git a/scripts/release-test.sh b/scripts/release-test.sh new file mode 100755 index 00000000..df3a60b2 --- /dev/null +++ b/scripts/release-test.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Stop in case of error +set -e + +# To be run as part of a release test only on Linux +# requires python, pytest, xdist; install e.g. via +# sudo apt install python3 python3-pytest python3-pytest-xdist python3-psutil + +# must be run in main folder +# multicore machine recommended for fast execution + +# expect (ideally latest/release-test) liboqs to be already build and present +if [ -d liboqs ]; then + export LIBOQS_SRC_DIR=`pwd`/liboqs +else + echo "liboqs not found. Exiting." + exit 1 +fi + +if [ -d oqs-template ]; then + # just a temp setup + git checkout -b reltest + # Activate all algorithms + sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml + python3 oqs-template/generate.py + rm -rf _build + ./scripts/fullbuild.sh + ./scripts/runtests.sh + if [ -f .local/bin/openssl ]; then + OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py + else + echo "For full TLS PQ SIG/KEM matrix test, build (latest) openssl locally." + fi + git reset --hard && git checkout main && git branch -D reltest +else + echo "$0 must be run in main oqs-provider folder. Exiting." +fi + diff --git a/scripts/test_tls_full.py b/scripts/test_tls_full.py new file mode 100644 index 00000000..a1639140 --- /dev/null +++ b/scripts/test_tls_full.py @@ -0,0 +1,30 @@ +import common +import pytest +import sys +import os + +@pytest.fixture(params=common.signatures) +def server(ossl, ossl_config, test_artifacts_dir, request, worker_id): + # Setup: start ossl server + common.gen_keys(ossl, ossl_config, request.param, test_artifacts_dir, worker_id) + server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id) + # Run tests + yield (request.param, port) + # Teardown: stop ossl server + server.kill() + +@pytest.mark.parametrize('kex_name', common.key_exchanges) +def test_sig_kem_pair(ossl, server, test_artifacts_dir, kex_name, worker_id): + client_output = common.run_subprocess([ossl, 's_client', + '-groups', kex_name, + '-CAfile', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(worker_id, server[0])), + '-verify_return_error', + '-connect', 'localhost:{}'.format(server[1])], + input='Q'.encode()) +# OpenSSL3 by default does not output KEM used; so rely on forced client group and OK handshake completion: + if not "SSL handshake has read" in client_output: + assert False, "Handshake failure." + +if __name__ == "__main__": + import sys + pytest.main(sys.argv) From 0b157065b3875e71d22f6d03c2830860160d5e2b Mon Sep 17 00:00:00 2001 From: Mouse Date: Thu, 19 Oct 2023 13:21:51 -0400 Subject: [PATCH 063/164] Support web proxy in external interop tests (#288) Update oqsprovider-externalinterop.sh to support web proxy in external interop tests. To determine whether to resort to proxy handling, checks if env var `HTTP_PROXY` is set Signed-off-by: Felipe Ventura --- scripts/oqsprovider-externalinterop.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/scripts/oqsprovider-externalinterop.sh b/scripts/oqsprovider-externalinterop.sh index d90dff68..f2af0f32 100755 --- a/scripts/oqsprovider-externalinterop.sh +++ b/scripts/oqsprovider-externalinterop.sh @@ -18,9 +18,15 @@ if [ -z "$DYLD_LIBRARY_PATH" ]; then export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH fi +# We assume the value of env var HTTP_PROXY is "http://host.domain:port_num" +if [ ! -z "${HTTP_PROXY}" ]; then + echo "Using Web proxy \"${HTTP_PROXY}\"" + export USE_PROXY="-proxy ${HTTP_PROXY#http://} -allow_proxy_certs" +else + export USE_PROXY="" +fi + echo " Cloudflare:" export OQS_CODEPOINT_X25519_KYBER512=65072 -(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | $OPENSSL_APP s_client -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 -(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | $OPENSSL_APP s_client -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 - - +(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 +(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 From 916a87153f5df5f8e84a57e8482544954f02dfec Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 20 Oct 2023 16:30:43 +0200 Subject: [PATCH 064/164] Get Windows CI to work again; prepare for release (#291) * Change version preparing for release * eliminate failing Debug MSVC native tests Signed-off-by: Felipe Ventura --- .github/workflows/windows.yml | 2 +- CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index a5b187a6..a03fc8bb 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -215,7 +215,7 @@ jobs: msarch: - x64 type: - - Debug +# - Debug - Release runs-on: ${{matrix.os}} steps: diff --git a/CMakeLists.txt b/CMakeLists.txt index 977b7437..c930ad3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.2-dev") +set(OQSPROVIDER_VERSION_TEXT "0.5.2") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") From 2086b5388f5198c8ecdb3d2c6f040b44a0a86933 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 21 Oct 2023 08:06:08 +0200 Subject: [PATCH 065/164] add 0.5.2 release documentation Signed-off-by: Felipe Ventura --- RELEASE.md | 55 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 5483fa73..dd4f0b58 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,20 +1,20 @@ -# oqs-provider 0.5.2-dev +# oqs-provider 0.5.2 ## About The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/. -**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and hybrid key exchange for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS and dgst operations. +**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations. -When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. +When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography). -In general, the oqs-provider `main` branch is meant to be useable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl). +In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl). Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use. ## Release notes -This is version 0.5.2-dev of oqs-provider. +This is version 0.5.2 of oqs-provider. ### Security considerations @@ -22,10 +22,53 @@ None. ### What's New -This release continues from the 0.5.1 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This code is in sync with `liboqs` "main" branch. +This release continues from the 0.5.1 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is guaranteed to be in sync with v0.9.0 of `liboqs`. + +This release also makes available ready-to-run binaries for Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md). ### Additional new feature highlights +- Algorithm updates as documented in the [liboqs 0.9.0 release notes](https://github.com/open-quantum-safe/liboqs/releases/tag/0.9.0) +- [Standard coding style](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONTRIBUTING.md#coding-style) +- Enhanced memory leak protection +- [Added community cooperation documentation](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONTRIBUTING.md) +- (optional) [KEM algorithm en-/decoder feature](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONFIGURE.md#oqs_kem_encoders) + +## What's Changed +* switch repo to -dev mode/unlock release by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/225 +* add C API and cleanup PQ terminology [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/226 +* Clarify install instructions by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/232 +* sigalg config warning by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/235 +* Fix a missing `-DOQS_PROVIDER_BUILD_STATIC=ON` in CircleCI build static jobs. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/242 +* Fix DOQS_ALGS_ENABLED setting for cmake by @marcbrevoort-cyberhive in https://github.com/open-quantum-safe/oqs-provider/pull/238 +* Fix #224: Add a clang-format that matches the best the OpenSSL coding style. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/241 +* corner case object creation added by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/243 +* fix for runtests.sh: skip non-working OpenSSL versions by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/244 +* Add a GithubCI job to test oqs-provider against memory leaks. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/246 +* Fix various memory leaks. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/245 +* remove unneeded OQS context reference from CCI PRs by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/250 +* Cross-compile to linux-aarch64 from linux-x64 in GitHub actions. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/253 +* add manual approval step to use restricted CCI context by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/254 +* Create SECURITY.md by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/257 +* Create CODE_OF_CONDUCT.md by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/258 +* adding contributing guideline [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/259 +* CI & cmake changes by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/263 +* fix for txt output length of plain PQ key material by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/268 +* KEM en/decoders by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/266 +* Remove duplicate LIBOQS_BRANCH option in CONFIGURE.md by @psschwei in https://github.com/open-quantum-safe/oqs-provider/pull/274 +* add cloudflare interop tests by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/278 +* Add releasetest by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/281 +* Support web proxy in external interop tests by @mouse07410 in https://github.com/open-quantum-safe/oqs-provider/pull/288 +* Get Windows CI to work again; prepare for release by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/291 + +## New Contributors +* @marcbrevoort-cyberhive made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/238 +* @qnfm made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/263 +* @psschwei made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/274 +* @mouse07410 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/288 + +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.1...0.5.2 + Previous Release Notes ====================== From f49275da48467413d5dbd97de0186147805763b1 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 21 Oct 2023 08:34:59 +0200 Subject: [PATCH 066/164] switch repo to -dev mode/unlock release Signed-off-by: Felipe Ventura --- CMakeLists.txt | 2 +- RELEASE.md | 27 ++++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c930ad3f..7958247c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.2") +set(OQSPROVIDER_VERSION_TEXT "0.5.3-dev") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/RELEASE.md b/RELEASE.md index dd4f0b58..0959a5a4 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,27 @@ +# oqs-provider 0.5.3-dev + +## About + +The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/. + +**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations. + +When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography). + +In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl). + +Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use. + +## Release notes + +This is version 0.5.3-dev of oqs-provider. + + + + +Previous Release Notes +====================== + # oqs-provider 0.5.2 ## About @@ -69,9 +93,6 @@ This release also makes available ready-to-run binaries for Windows (.dll) and M **Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.1...0.5.2 -Previous Release Notes -====================== - ## This is version 0.5.1 of oqs-provider. ### Security considerations From 6f0d4e5a42cbd45ed751a88d32e27e0662c80c1e Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 23 Oct 2023 14:56:30 -0500 Subject: [PATCH 067/164] Clarify liboqs_DIR naming convention (#292) * Clarify liboqs_DIR naming convention As per discussion in #277 we want to clarify why the env var `liboqs_DIR` does not follow standard naming convention by using lowercase. * added link to cmake command doc Signed-off-by: Felipe Ventura --- CONFIGURE.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONFIGURE.md b/CONFIGURE.md index 416bfb88..afae2735 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -36,6 +36,8 @@ This environment variable must be set to the location of the `liboqs` installati utilized in the build. By default, this is un-set, requiring installation of `liboqs` in a standard location for the OS. +This uses the [`find_package`](https://cmake.org/cmake/help/latest/command/find_package.html) +command in `cmake`, which checks for local builds of a package at `_DIR` ### USE_ENCODING_LIB From 9d3e2a85d085d87d73bd2089568141be4928508a Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 26 Oct 2023 06:42:05 +0200 Subject: [PATCH 068/164] check empty params lists passed (#296) Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 1 + oqsprov/oqs_kmgmt.c | 4 +++ oqsprov/oqs_sig.c | 3 ++- oqsprov/oqsprov.c | 1 + oqsprov/oqsprov_keys.c | 47 +++++++++++++++++------------------- 5 files changed, 30 insertions(+), 26 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index a4164731..374652aa 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1097,6 +1097,7 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } } OQS_ENC_PRINTF2(" cipher set to %p: \n", ctx->cipher); + // not passing in a cipher param will lead to no-op hence no error return 1; } diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 9f5d5f41..e5abf132 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -258,6 +258,7 @@ int oqsx_key_to_params(const OQSX_KEY *key, OSSL_PARAM_BLD *tmpl, goto err; } } + // not passing in params to respond to is no error; the response is empty ret = 1; err: return ret; @@ -374,6 +375,7 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[]) return 0; } + // not passing in params to respond to is no error return 1; } @@ -444,6 +446,7 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[]) } } + // not passing in params to set is no error, just a no-op return 1; } @@ -575,6 +578,7 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) if (gctx->propq == NULL) return 0; } + // not passing in params is no error; subsequent operations may fail, though return 1; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index b6d57726..6ea88e08 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -1181,7 +1181,8 @@ static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) return 0; } - return 1; + // not passing in parameters we can act on is no error + return 1; } static const OSSL_PARAM known_settable_ctx_params[] diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 93fced6a..57a91509 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -916,6 +916,7 @@ static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); if (p != NULL && !OSSL_PARAM_set_int(p, 1)) // provider is always running return 0; + // not passing in params to respond to is no error; response is empty then return 1; } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 73c39051..c2c92cbc 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1479,52 +1479,49 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *p; + const OSSL_PARAM *pp1, *pp2; OQS_KEY_PRINTF("OQSX Key from data called\n"); - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - if (p != NULL) - { - if (p->data_type != OSSL_PARAM_OCTET_STRING) - { + pp1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + pp2 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + // at least one parameter must be given + if (pp1 == NULL && pp2 == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + return 0; + } + if (pp1 != NULL) { + if (pp1->data_type != OSSL_PARAM_OCTET_STRING) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } - if (key->privkeylen != p->data_size) - { + if (key->privkeylen != pp1->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } - OPENSSL_secure_clear_free(key->privkey, p->data_size); - key->privkey = OPENSSL_secure_malloc(p->data_size); - if (key->privkey == NULL) - { + OPENSSL_secure_clear_free(key->privkey, pp1->data_size); + key->privkey = OPENSSL_secure_malloc(pp1->data_size); + if (key->privkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(key->privkey, p->data, p->data_size); + memcpy(key->privkey, pp1->data, pp1->data_size); } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (p != NULL) - { - if (p->data_type != OSSL_PARAM_OCTET_STRING) - { + if (pp2 != NULL) { + if (pp2->data_type != OSSL_PARAM_OCTET_STRING) { OQS_KEY_PRINTF("invalid data type\n"); return 0; } - if (key->pubkeylen != p->data_size) - { + if (key->pubkeylen != pp2->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } - OPENSSL_secure_clear_free(key->pubkey, p->data_size); - key->pubkey = OPENSSL_secure_malloc(p->data_size); - if (key->pubkey == NULL) - { + OPENSSL_secure_clear_free(key->pubkey, pp2->data_size); + key->pubkey = OPENSSL_secure_malloc(pp2->data_size); + if (key->pubkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(key->pubkey, p->data, p->data_size); + memcpy(key->pubkey, pp2->data, pp2->data_size); } if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey( From e3eda7646815ae8b7d0370cdbc378132e5a5603f Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 27 Nov 2023 14:04:13 -0600 Subject: [PATCH 069/164] Fixed memory issues and added optimizations Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 151 +++++++++++------- oqsprov/oqs_sig.c | 289 +++++++++++++++++++++-------------- oqsprov/oqsprov_keys.c | 170 +++++++++++++++------ 3 files changed, 393 insertions(+), 217 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 374652aa..b0b4bbd7 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -289,9 +289,8 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, struct key2any_ctx_st *ctx) { int ret = 0, cmp_len = 0; - void *str = NULL, *strc = NULL; + void *str = NULL; int strtype = V_ASN1_UNDEF; - int strtypec = V_ASN1_UNDEF; PKCS8_PRIV_KEY_INFO *p8info; OQS_ENC_PRINTF("OQS ENC provider: key_to_pki_pem_priv_bio called\n"); @@ -506,10 +505,6 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) unsigned char *keyblob, *buf; int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; - ASN1_TYPE *aType = NULL; - ASN1_STRING *aString = NULL, *tempOct = NULL; - unsigned char *temp = NULL; - X509_PUBKEY *p8info_internal = NULL; int ret = 0; OQS_ENC_PRINTF("OQS ENC provider: oqsx_spki_pub_to_der called\n"); @@ -550,33 +545,49 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } #endif }else{ + ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); + ASN1_STRING **aString = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + ASN1_STRING **tempOct = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + unsigned char **cbuf = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); int len, i; -// char *name = OPENSSL_malloc(strlen(oqsxkey->tls_name)); if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; for (i = 0; i < oqsxkey->numkeys; i++){ - p8info_internal = X509_PUBKEY_new(); - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); - tempOct = ASN1_OCTET_STRING_new(); - temp = NULL; + aType[i] = ASN1_TYPE_new(); + aString[i] = ASN1_OCTET_STRING_new(); + tempOct[i] = ASN1_OCTET_STRING_new(); + temp[i] = NULL; len = oqsxkey->pubkeylen_cmp[i]; - buf = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - ASN1_STRING_set0(tempOct, buf, len); - keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) + cbuf[i] = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); + ASN1_STRING_set0(tempOct[i], cbuf[i], len); + keybloblen = i2d_ASN1_OCTET_STRING(tempOct[i], &temp[i]); + ASN1_STRING_set0(aString[i], temp[i], keybloblen); + ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); + + if (!sk_ASN1_TYPE_push(sk, aType[i])){ + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } + OPENSSL_free(sk); return -1; + } } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - OPENSSL_free(temp); - OPENSSL_free(aType); - OPENSSL_free(aString); - OPENSSL_free(tempOct); + + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } OPENSSL_free(sk); return keybloblen; @@ -593,11 +604,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_OCTET_STRING oct; int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; - ASN1_TYPE *aType = NULL; - ASN1_STRING *aString = NULL, *tempOct = NULL; - unsigned char *temp = NULL; char* name; - PKCS8_PRIV_KEY_INFO *p8info_internal = NULL; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -687,17 +694,33 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } }else{ + ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); + ASN1_STRING **aString = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + ASN1_STRING **tempOct = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + unsigned char **cbuf = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); int i; if((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; for (i = 0; i < oqsxkey->numkeys; i++){ - p8info_internal = PKCS8_PRIV_KEY_INFO_new(); - aType = ASN1_TYPE_new(); - aString = ASN1_OCTET_STRING_new(); - tempOct = ASN1_OCTET_STRING_new(); - temp = NULL; - name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + aType[i] = ASN1_TYPE_new(); + aString[i] = ASN1_OCTET_STRING_new(); + tempOct[i] = ASN1_OCTET_STRING_new(); + temp[i] = NULL; + + if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL){ + OPENSSL_free(name); + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } + OPENSSL_free(sk); + return -1; + } if(get_oqsname_fromtls(name) == 0){ if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size @@ -706,38 +729,64 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) DECODE_UINT32(buflen, enc_len); buflen += 4; OPENSSL_free(enc_len); + if (buflen > oqsxkey->privkeylen_cmp[i]){ + OPENSSL_free(name); + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } + OPENSSL_free(sk); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return -1; + } }else buflen = oqsxkey->privkeylen_cmp[i]; }else buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; - buf = OPENSSL_malloc(buflen); - memcpy(buf, oqsxkey->comp_privkey[i], buflen); + cbuf[i] = OPENSSL_malloc(buflen); + memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); if(get_oqsname_fromtls(name) != 0){//include pubkey in privkey for PQC - memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); - memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); + memcpy(cbuf[i], oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); + memcpy(cbuf[i] + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); }else - memcpy(buf, oqsxkey->comp_privkey[i], buflen); - - ASN1_STRING_set0(tempOct, buf, buflen); - keybloblen = i2d_ASN1_OCTET_STRING(tempOct, &temp); - ASN1_STRING_set0(aString, temp, keybloblen); - ASN1_TYPE_set(aType, V_ASN1_SEQUENCE, aString); - - if (!sk_ASN1_TYPE_push(sk, aType)) + memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); + + ASN1_STRING_set0(tempOct[i], cbuf[i], buflen); + keybloblen = i2d_ASN1_OCTET_STRING(tempOct[i], &temp[i]); + ASN1_STRING_set0(aString[i], temp[i], keybloblen); + ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); + + if (!sk_ASN1_TYPE_push(sk, aType[i])){ + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } + OPENSSL_free(sk); + OPENSSL_free(name); return -1; + } OPENSSL_free(name); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - OPENSSL_free(temp); - OPENSSL_free(aType); - OPENSSL_free(aString); - OPENSSL_free(tempOct); + + for (i = 0; i < oqsxkey->numkeys; i++){ + OPENSSL_free(temp[i]); + OPENSSL_free(cbuf[i]); + OPENSSL_free(aType[i]); + OPENSSL_free(aString[i]); + OPENSSL_free(tempOct[i]); + } + OPENSSL_free(sk); } OPENSSL_secure_clear_free(buf, buflen); - - return keybloblen; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 6ea88e08..85943ccb 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,6 +27,7 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +#define COMPOSITE_IDX_ADJUST 23 /*idx to the frist composite in the composite idx block*/ #ifdef NDEBUG # define OQS_SIG_PRINTF(a) @@ -216,7 +217,7 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } -static const char *composite_OID_hash[] = { +static const char *composite_OID_prefix[] = { "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", //dilithium3_rsa3072 "69642D4D4C44534136352D45434453412D503235362D534841323536", //dilithium3_p256 "69642D46616C6F6E3531322D45434453412D503235362D534841323536", //falcon512_p256 @@ -232,10 +233,10 @@ static const char *composite_OID_hash[] = { "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", //dilithium2_rsa2048 "69642D4D4C44534134342D456432353531392D534841353132", //dilithium2_ed25519 "69642D4D4C44534134342D45434453412D503235362D534841323536", //dilithium2_p256 - "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536," //dilithium2_bp256 + "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", //dilithium2_bp256 }; -static const size_t composite_OID_hash_len[] = { +static const size_t composite_OID_prefix_len[] = { 64, //dilithium3_rsa3072 56, //dilithium3_p256 58, //falcon512_p256 @@ -248,10 +249,10 @@ static const size_t composite_OID_hash_len[] = { 54, //falcon512_ed25519 58, //dilithium3_pss3072 58, //dilithium2_pss2048 - 61, //dilithium2_rsa2048 + 64, //dilithium2_rsa2048 50, //dilithium2_ed25519 56, //dilithium2_p256 - 79, //dilithium2_bp256 + 78, //dilithium2_bp256 }; /* On entry to this function, data to be signed (tbs) might have been hashed @@ -291,7 +292,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, }else { max_sig_len += oqs_key->length_signature; - oqs_sig_len = oqs_key->length_signature; } if (is_hybrid) @@ -391,14 +391,20 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; - const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; - const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + int nid = OBJ_sn2nid(oqsxkey->tls_name); + const char *oid_prefix = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + const size_t oid_prefix_len = composite_OID_prefix_len[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; char *final_tbs; - size_t final_tbslen = oid_hash_len; + size_t final_tbslen = oid_prefix_len; //prepare the pre hash for (i = 0; i < oqsxkey->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + char *name; + if ((name = get_cmpname(nid, i)) == NULL){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + goto endsign; + } unsigned char *tbs_hash; if (!get_oqsname_fromtls(name)){ if (name[0] == 'e'){//ed25519 or ed448 @@ -415,6 +421,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); goto endsign; } final_tbslen += tbs_hash_len; @@ -442,22 +449,29 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, break; default: ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); goto endsign; } }else{ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); goto endsign; } final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_hash, oid_hash_len); - memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); + memcpy(final_tbs, oid_prefix, oid_prefix_len); + memcpy(final_tbs + oid_prefix_len, tbs_hash, final_tbslen - oid_prefix_len); OPENSSL_free(tbs_hash); } OPENSSL_free(name); } for (i = 0; i < oqsxkey->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + char *name; + if((name = get_cmpname(nid, i)) == NULL){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + goto endsign; + } if (get_oqsname_fromtls(name)){ //PQC signing oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; @@ -465,6 +479,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } }else @@ -481,6 +497,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 ) || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs, final_tbslen) <= 0)){ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } }else { @@ -488,6 +506,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } @@ -498,6 +518,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) @@ -505,6 +527,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } } @@ -514,10 +538,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, || (name[0] == 'r')) { int aux; - if(name[0] == 'b') + if(name[0] == 'b'){ aux = 2; - else + }else { aux = 1; + } switch(name[aux]){ case 's'://pss or rsa case '2'://p256 or bp256 @@ -533,10 +558,12 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, case '5'://p512 classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + SHA512(final_tbs, final_tbslen, (unsigned char *)&digest); break; default: ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } } @@ -545,6 +572,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } @@ -552,6 +581,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, { /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + OPENSSL_free(name); + OPENSSL_free(buf); goto endsign; } } @@ -567,7 +598,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, compsig->sig2->flags = 8; //set as 8 to not check for unused bits } - OPENSSL_free(name); + OPENSSL_free(buf); + OPENSSL_free(name); } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); @@ -686,50 +718,57 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, index += classical_sig_len; } if(is_composite){ - CompositeSignature* compsig = CompositeSignature_new(); - int i; - unsigned char *buf; - size_t buf_len; - const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; - const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; - char *final_tbs; - size_t final_tbslen = oid_hash_len; - - if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } + CompositeSignature* compsig; + int i; + int nid = OBJ_sn2nid(oqsxkey->tls_name); + unsigned char *buf; + size_t buf_len; + const char *oid_prefix = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + const size_t oid_prefix_len = composite_OID_prefix_len[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + char *final_tbs; + size_t final_tbslen = oid_prefix_len; + + if((compsig = d2i_CompositeSignature(NULL, &sig, siglen)) == NULL) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } - //prepare the pre-hash - for (i = 0; i < oqsxkey->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - unsigned char *tbs_hash; - if (!get_oqsname_fromtls(name)){ - if (name[0] == 'e'){//ed25519 or ed448 - if(name[2] == '2'){//ed25519 - tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); - SHA512(tbs, tbslen, tbs_hash); - final_tbslen += SHA512_DIGEST_LENGTH; - }else{//ed4448 - EVP_MD_CTX *shake = EVP_MD_CTX_new(); - unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; - tbs_hash = OPENSSL_malloc(tbs_hash_len); - - if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) - || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) - || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - final_tbslen += tbs_hash_len; - EVP_MD_CTX_free(shake); - } - }else if ((name[0] == 'p') - || (name[0] == 'b') - || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 - int aux; - if (name[0] == 'b') + //prepare the pre-hash + for (i = 0; i < oqsxkey->numkeys; i++){ + char *name; + if ((name = get_cmpname(nid, i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)){ + if (name[0] == 'e'){//ed25519 or ed448 + if(name[2] == '2'){//ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + }else{//ed4448 + EVP_MD_CTX *shake = EVP_MD_CTX_new(); + unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; + tbs_hash = OPENSSL_malloc(tbs_hash_len); + + if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) + || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) + || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + final_tbslen += tbs_hash_len; + EVP_MD_CTX_free(shake); + } + }else if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') aux = 2; else aux = 1; @@ -747,57 +786,67 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, break; default: ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); goto endverify; } - }else{ - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_hash, oid_hash_len); - memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); - OPENSSL_free(tbs_hash); - } - OPENSSL_free(name); - } - - for(i = 0; i < oqsxkey->numkeys; i++){ - if (i == 0){ - buf = compsig->sig1->data; - buf_len = compsig->sig1->length; - }else{ - buf = compsig->sig2->data; - buf_len = compsig->sig2->length; + }else{ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_prefix, oid_prefix_len); + memcpy(final_tbs + oid_prefix_len, tbs_hash, final_tbslen - oid_prefix_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); } - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + for(i = 0; i < oqsxkey->numkeys; i++){ + if (i == 0){ + buf = compsig->sig1->data; + buf_len = compsig->sig1->length; + }else{ + buf = compsig->sig2->data; + buf_len = compsig->sig2->length; + } - if (get_oqsname_fromtls(name)){ - if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) - { + char *name; + if((name = get_cmpname(nid, i)) == NULL){ + OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - }else{ - const EVP_MD *classical_md; - int digest_len; - int aux; - EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if(name[0] == 'e'){ //ed25519 or ed448 - if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) - || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)){ - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - } else { - if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL) - || (EVP_PKEY_verify_init(ctx_verify) <= 0)) + if (get_oqsname_fromtls(name)){ + if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); goto endverify; } + }else{ + const EVP_MD *classical_md; + int digest_len; + int aux; + EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); + unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if(name[0] == 'e'){ //ed25519 or ed448 + if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) + || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)){ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } else { + if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL) + || (EVP_PKEY_verify_init(ctx_verify) <= 0)) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } if (!strncmp(name, "pss", 3)) { if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) @@ -805,6 +854,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + OPENSSL_free(name); goto endverify; } } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) @@ -812,6 +862,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + OPENSSL_free(name); goto endverify; } } @@ -839,10 +890,11 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, case '5'://p512 classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + SHA512(final_tbs, final_tbslen, (unsigned char *)&digest); break; default: ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); goto endverify; } } @@ -850,32 +902,33 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); goto endverify; } } } - OPENSSL_free(name); - } - OPENSSL_free(compsig); - OPENSSL_free(final_tbs); - }else - { - if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - goto endverify; - } - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, - siglen - classical_sig_len, - oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) + OPENSSL_free(name); + } + OPENSSL_free(compsig); + OPENSSL_free(final_tbs); + }else { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; + if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + goto endverify; + } + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, + siglen - classical_sig_len, + oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) + != OQS_SUCCESS) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } } - } - rv = 1; + rv = 1; endverify: if (ctx_verify) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index c2c92cbc..d179cd44 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -249,36 +249,42 @@ char* get_cmpname(int nid, int index) { int i, j; char* name; - for (i = 0; i < NID_TABLE_LEN; i++) - { - if (nid_names[i].nid == nid){ - char* s = OPENSSL_strdup(nid_names[i].tlsname); - char* token = strtok(s, "_"); - for (j = 0; j < index; j ++) - token = strtok(NULL, "_"); - name = OPENSSL_strdup(token); - OPENSSL_free(s); - return name; - } + char* first_token; + char* token; + char* s; + if ((i = get_oqsalg_idx(nid)) == -1) + return NULL; + s = OPENSSL_strdup(nid_names[i].tlsname); + first_token = strtok_r(s, "_", &s); + token; + if (index == 0){ + name = OPENSSL_strdup(first_token); + }else{ + for (j = 0; j < index; j ++) + token = strtok_r(s, "_", &s); + name = OPENSSL_strdup(token); } - return 0; + OPENSSL_free(first_token); + return name; } -//count the amount of keys in composite structure +//count the amount of keys in the structure int get_qntcmp(int nid) { - int i, index = 0; - for (i = 0; i < NID_TABLE_LEN; i++) - { - if (nid_names[i].nid == nid && nid_names[i].keytype == KEY_TYPE_CMP_SIG){ - char* s = OPENSSL_strdup(nid_names[i].tlsname); - s = strtok(s, "_"); - while (s != NULL){ - s = strtok(NULL, "_"); - index++; - } - OPENSSL_free(s); + int i; + int index = 1; + if ((i = get_oqsalg_idx(nid)) == -1) + return -1; + if (nid_names[i].keytype == KEY_TYPE_CMP_SIG){ + char* s = OPENSSL_strdup(nid_names[i].tlsname); + char* first_token = strtok_r(s, "_", &s); + char* token; + index = 0; + while (token != NULL){ + token = strtok_r(s, "_", &s); + index++; } + OPENSSL_free(first_token); } return index; } @@ -313,7 +319,7 @@ static int oqsx_key_set_composites(OQSX_KEY *key) for (i = 0; i < key->numkeys; i++){ if (key->privkey) { - key->comp_privkey[i] = key->privkey + privlen; + key->comp_privkey[i] = (char *)key->privkey + privlen; privlen += key->privkeylen_cmp[i]; } else @@ -322,7 +328,7 @@ static int oqsx_key_set_composites(OQSX_KEY *key) } if (key->pubkey) { - key->comp_pubkey[i] = key->pubkey + publen; + key->comp_pubkey[i] = (char *)key->pubkey + publen; publen += key->pubkeylen_cmp[i]; } else @@ -334,20 +340,20 @@ static int oqsx_key_set_composites(OQSX_KEY *key) int classic_pubkey_len, classic_privkey_len; if (key->privkey) { - key->comp_privkey[0] = key->privkey + SIZE_OF_UINT32; + key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; DECODE_UINT32(classic_privkey_len, key->privkey); key->comp_privkey[1] - = key->privkey + classic_privkey_len + SIZE_OF_UINT32; + = (char *)key->privkey + classic_privkey_len + SIZE_OF_UINT32; } else { key->comp_privkey[0] = NULL; key->comp_privkey[1] = NULL; } if (key->pubkey) { - key->comp_pubkey[0] = key->pubkey + SIZE_OF_UINT32; + key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; DECODE_UINT32(classic_pubkey_len, key->pubkey); key->comp_pubkey[1] - = key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; + = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; } else { key->comp_pubkey[0] = NULL; @@ -696,13 +702,18 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, //check if key is the right size for (i = 0; i < key->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - privlen = key->privkeylen_cmp[i]; - if (get_oqsname_fromtls(name) == 0)//classical key + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + privlen = key->privkeylen_cmp[i]; + if (get_oqsname_fromtls(name) == 0){//classical key publen = 0; - else//PQC key + }else{//PQC key publen = key->pubkeylen_cmp[i]; //pubkey in PQC privkey is OPTIONAL - + } previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); @@ -730,7 +741,12 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_publen = 0; for (i = 0; i < key->numkeys; i++){ size_t classic_publen = 0; - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } if (get_oqsname_fromtls(name) == 0){//classical key publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size @@ -739,6 +755,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, DECODE_UINT32(privlen, enc_len); privlen += 4; OPENSSL_free(enc_len); + if (privlen > key->privkeylen_cmp[i]){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } }else privlen = key->privkeylen_cmp[i]; }else{//PQC key @@ -946,7 +967,12 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (op == KEY_OP_PUBLIC){ for (i = 0; i < key->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } if (get_oqsname_fromtls(name) == 0){ EVP_PKEY *npk = EVP_PKEY_new(); if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA ) @@ -962,6 +988,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + OPENSSL_free(name); goto rec_err; } } @@ -973,7 +1000,12 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (op == KEY_OP_PRIVATE){ for (i = 0; i < key->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } if (get_oqsname_fromtls(name) == 0){ const unsigned char *enc_privkey = key->comp_privkey[i]; if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support) @@ -983,6 +1015,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + OPENSSL_free(name); goto rec_err; } if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ @@ -990,6 +1023,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) int pubkeylen = i2d_PublicKey(key->cmp_classical_pkey[i], &comp_pubkey); if (pubkeylen != key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + OPENSSL_free(name); goto rec_err; } }else{ @@ -997,6 +1031,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) int ret = EVP_PKEY_get_raw_public_key(key->cmp_classical_pkey[i], key->comp_pubkey[i], &pubkeylen); if (ret <= 0){ ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + OPENSSL_free(name); goto rec_err; } } @@ -1034,8 +1069,8 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG){ sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); if (sk == NULL){ - p = NULL; - plen = 0; + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return NULL; }else{ count = sk_ASN1_TYPE_num(sk); concat_key = OPENSSL_secure_malloc(plen); @@ -1049,8 +1084,9 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, memcpy(concat_key + plen - aux, buf, buflen); } - p = concat_key + plen - aux; + p = OPENSSL_memdup (concat_key + plen - aux, aux); plen = aux; + OPENSSL_free(concat_key); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); @@ -1091,8 +1127,8 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, }else{ sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); if (sk == NULL){ - p = NULL; - plen = 0; + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return NULL; }else{ count = sk_ASN1_TYPE_num(sk); concat_key = OPENSSL_secure_malloc(plen); @@ -1100,7 +1136,12 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, aux = 0; for (i = 0; i < count; i++){ aType = sk_ASN1_TYPE_pop(sk); - char *name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i); + char *name; + if ((name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return NULL; + } buf = aType->value.sequence->data; buflen = aType->value.sequence->length; aux += buflen; @@ -1308,7 +1349,12 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); for (i = 0; i < ret->numkeys; i++){ - char *name = get_cmpname(OBJ_sn2nid(tls_name), i); + char *name; + if ((name = get_cmpname(OBJ_sn2nid(tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } if (get_oqsname_fromtls(name) != 0) { ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(get_oqsname_fromtls(name)); @@ -1532,7 +1578,6 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], // OQS key always the last of the numkeys comp keys static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { -printf("18\n"); if (gen_kem) return OQS_KEM_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem, key->comp_pubkey[key->numkeys-1], @@ -1664,8 +1709,37 @@ int oqsx_key_gen(OQSX_KEY *key) key->classical_pkey = pkey; ret = oqsx_key_gen_oqs(key, key->keytype != KEY_TYPE_HYB_SIG); - } else if (key->keytype == KEY_TYPE_SIG) { - ret = !oqsx_key_set_composites(key); + } else if (key->keytype == KEY_TYPE_CMP_SIG) + { + int i; + ret = oqsx_key_set_composites(key); + for (i = 0; i < key->numkeys; i++){ + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + OPENSSL_free(name); + ON_ERR_GOTO(ret, err); + } + if (get_oqsname_fromtls(name) == 0) + { + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); + OPENSSL_free(name); + ON_ERR_GOTO(pkey == NULL, err); + key->cmp_classical_pkey[i] = pkey; + } + else + { + ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); + OPENSSL_free(name); + ON_ERR_GOTO(ret, err); + } + } + + + + } + else if (key->keytype == KEY_TYPE_SIG) + { + ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); } else { From d344c9fc16883e788db9fd13ff530ec6788e87eb Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 30 Nov 2023 09:27:00 -0600 Subject: [PATCH 070/164] fixed memory leak and typos Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 4 +++- oqsprov/oqsprov_keys.c | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 85943ccb..49cd26f5 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,7 +27,7 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -#define COMPOSITE_IDX_ADJUST 23 /*idx to the frist composite in the composite idx block*/ +#define COMPOSITE_IDX_ADJUST 23 /*idx to the first composite in the composite idx block*/ #ifdef NDEBUG # define OQS_SIG_PRINTF(a) @@ -603,6 +603,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); + OPENSSL_free(compsig->sig1->data); + OPENSSL_free(compsig->sig2->data); OPENSSL_free(compsig); OPENSSL_free(final_tbs); } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index d179cd44..43ae28f9 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -285,6 +285,10 @@ int get_qntcmp(int nid) index++; } OPENSSL_free(first_token); + }else{ + if (nid_names[i].keytype == KEY_TYPE_HYB_SIG){ + index = 2; + } } return index; } From a90ce1eb178fccc20c187c90c50e23a1c417bca4 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Dec 2023 13:28:39 -0600 Subject: [PATCH 071/164] fixed memory issues with single sigs Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 43ae28f9..06e70f35 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -286,7 +286,9 @@ int get_qntcmp(int nid) } OPENSSL_free(first_token); }else{ - if (nid_names[i].keytype == KEY_TYPE_HYB_SIG){ + if ((nid_names[i].keytype == KEY_TYPE_HYB_SIG) + ||(nid_names[i].keytype == KEY_TYPE_ECP_HYB_KEM) + ||(nid_names[i].keytype == KEY_TYPE_ECX_HYB_KEM)){ index = 2; } } @@ -1220,7 +1222,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); + ret->oqsx_provider_ctx[0].oqsx_evp_ctx = NULL; ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { fprintf( @@ -1259,7 +1262,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); + ret->oqsx_provider_ctx[0].oqsx_evp_ctx = NULL; ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( @@ -1276,7 +1280,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, break; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { fprintf( @@ -1308,7 +1312,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->evp_info = evp_ctx->evp_info; break; case KEY_TYPE_HYB_SIG: - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(void *)); + ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { fprintf( @@ -1469,7 +1473,6 @@ void oqsx_key_free(OQSX_KEY *key) } }else{ OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); - EVP_PKEY_free(key->classical_pkey); if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); @@ -1482,6 +1485,7 @@ void oqsx_key_free(OQSX_KEY *key) #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif + OPENSSL_free(key->oqsx_provider_ctx); OPENSSL_free(key->classical_pkey); OPENSSL_free(key->cmp_classical_pkey); OPENSSL_free(key); From 6f471ed1d55985dcd051d496fb1f93682e8729db Mon Sep 17 00:00:00 2001 From: Mariam John Date: Wed, 29 Nov 2023 11:15:00 -0600 Subject: [PATCH 072/164] Fix minor typos in documentation (#304) Fixed minor typos and incorrect links in README.md and STANDARDS.md Signed-off-by: Felipe Ventura --- README.md | 2 +- STANDARDS.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eaa24aa6..23d07b70 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ via the standard commands, i.e., In addition, algorithms not denoted with "\*" above are not enabled for TLS operations. This designation [can be changed by modifying the -"enabled" flags in the main alorithm configuration file](CONFIGURE.md#pre-build-configuration). +"enabled" flags in the main algorithm configuration file](CONFIGURE.md#pre-build-configuration). In order to support parallel use of classic and quantum-safe cryptography this provider also provides different hybrid algorithms, combining classic diff --git a/STANDARDS.md b/STANDARDS.md index cb1a6a28..fae1379d 100644 --- a/STANDARDS.md +++ b/STANDARDS.md @@ -26,5 +26,5 @@ components, this provider implements the following standards: - Hybrid post-quantum / traditional private keys: - Simple concatenation of traditional and post-quantum components in plain binary / OCTET_STRING representations. -Additionally worthwhile noting is that only quantum-safe [signature algorithms](#signature-algorithms) are persisted via PKCS#8 and X.509. No corresponding encoder/decoder logic exists for quantum safe [KEM algorithms](#kem-algorithms) -- See also #194. +Additionally worthwhile noting is that only quantum-safe [signature algorithms](README.md#signature-algorithms) are persisted via PKCS#8 and X.509. No corresponding encoder/decoder logic exists for quantum safe [KEM algorithms](README.md#kem-algorithms) -- See also [#194](https://github.com/open-quantum-safe/oqs-provider/issues/194). From c334b347d10cb773faf404d1316a0d4248135e84 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 2 Dec 2023 00:45:02 +0100 Subject: [PATCH 073/164] HQC code point update (#306) * HQC code point updates * adding liboqs 0.9.0 generator YAML * remove Win 2019 from CI Signed-off-by: Felipe Ventura --- .circleci/config.yml | 4 +- .github/workflows/windows.yml | 2 +- ALGORITHMS.md | 16 +- oqs-template/generate.yml | 47 +- oqs-template/generate.yml-0.9.0 | 1228 +++++++++++++++++++++++++++++++ oqs-template/oqs-kem-info.md | 8 + oqsprov/oqsprov_capabilities.c | 16 +- 7 files changed, 1295 insertions(+), 26 deletions(-) create mode 100644 oqs-template/generate.yml-0.9.0 diff --git a/.circleci/config.yml b/.circleci/config.yml index 1cfbca05..d06837c1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -301,12 +301,12 @@ workflows: - macOS: name: macOS-shared CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF - OPENSSL_PREINSTALL: openssl@3.1 + OPENSSL_PREINSTALL: openssl@3 - macOS: name: macOS-static OQS_PROVIDER_BUILD_STATIC: true CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF - OPENSSL_PREINSTALL: openssl@3.1 + OPENSSL_PREINSTALL: openssl@3 on-main-branch: when: or: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index a03fc8bb..8e73be13 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -204,7 +204,7 @@ jobs: strategy: matrix: os: - - windows-2019 +# - windows-2019 - windows-2022 platform: - arch: win64 diff --git a/ALGORITHMS.md b/ALGORITHMS.md index a76bcb59..9ec32f93 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -46,14 +46,14 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | x448_bikel3 | 0x2FAF | Yes | OQS_CODEPOINT_X448_BIKEL3 | | bikel5 | 0x0243 | Yes | OQS_CODEPOINT_BIKEL5 | | p521_bikel5 | 0x2F43 | Yes | OQS_CODEPOINT_P521_BIKEL5 | -| hqc128 | 0x022C | Yes | OQS_CODEPOINT_HQC128 | -| p256_hqc128 | 0x2F2C | Yes | OQS_CODEPOINT_P256_HQC128 | -| x25519_hqc128 | 0x2FAC | Yes | OQS_CODEPOINT_X25519_HQC128 | -| hqc192 | 0x022D | Yes | OQS_CODEPOINT_HQC192 | -| p384_hqc192 | 0x2F2D | Yes | OQS_CODEPOINT_P384_HQC192 | -| x448_hqc192 | 0x2FAD | Yes | OQS_CODEPOINT_X448_HQC192 | -| hqc256 | 0x022E | Yes | OQS_CODEPOINT_HQC256 | -| p521_hqc256 | 0x2F2E | Yes | OQS_CODEPOINT_P521_HQC256 | +| hqc128 | 0x0244 | Yes | OQS_CODEPOINT_HQC128 | +| p256_hqc128 | 0x2F44 | Yes | OQS_CODEPOINT_P256_HQC128 | +| x25519_hqc128 | 0x2FB0 | Yes | OQS_CODEPOINT_X25519_HQC128 | +| hqc192 | 0x0245 | Yes | OQS_CODEPOINT_HQC192 | +| p384_hqc192 | 0x2F45 | Yes | OQS_CODEPOINT_P384_HQC192 | +| x448_hqc192 | 0x2FB1 | Yes | OQS_CODEPOINT_X448_HQC192 | +| hqc256 | 0x0246 | Yes | OQS_CODEPOINT_HQC256 | +| p521_hqc256 | 0x2F46 | Yes | OQS_CODEPOINT_P521_HQC256 | | dilithium2 | 0xfea0 |Yes| OQS_CODEPOINT_DILITHIUM2 | p256_dilithium2 | 0xfea1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2 | rsa3072_dilithium2 | 0xfea2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2 diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 269388a9..099d36ed 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -1,5 +1,5 @@ # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs -# Next free plain KEM ID: 0x0244, p-hybrid: 0x2F44, X-hybrid: 0x2FB0 +# Next free plain KEM ID: 0x0247, p-hybrid: 0x2F47, X-hybrid: 0x2FB2 kems: - family: 'FrodoKEM' @@ -297,29 +297,62 @@ kems: - family: 'HQC' name_group: 'hqc128' - nid: '0x022C' - nid_hybrid: '0x2F2C' + nid: '0x0244' + nid_hybrid: '0x2F44' oqs_alg: 'OQS_KEM_alg_hqc_128' extra_nids: current: - hybrid_group: "x25519" + nid: '0x2FB0' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F2C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 nid: '0x2FAC' - family: 'HQC' name_group: 'hqc192' - nid: '0x022D' - nid_hybrid: '0x2F2D' + nid: '0x0245' + nid_hybrid: '0x2F45' oqs_alg: 'OQS_KEM_alg_hqc_192' extra_nids: current: - hybrid_group: "x448" + nid: '0x2FB1' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F2D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 nid: '0x2FAD' - family: 'HQC' name_group: 'hqc256' - nid: '0x022E' - nid_hybrid: '0x2F2E' + nid: '0x0246' + nid_hybrid: '0x2F46' oqs_alg: 'OQS_KEM_alg_hqc_256' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F2E' kem_nid_end: '0x0250' kem_nid_hybrid_end: '0x2FFF' diff --git a/oqs-template/generate.yml-0.9.0 b/oqs-template/generate.yml-0.9.0 new file mode 100644 index 00000000..269388a9 --- /dev/null +++ b/oqs-template/generate.yml-0.9.0 @@ -0,0 +1,1228 @@ +# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs +# Next free plain KEM ID: 0x0244, p-hybrid: 0x2F44, X-hybrid: 0x2FB0 +kems: + - + family: 'FrodoKEM' + name_group: 'frodo640aes' + nid: '0x0200' + nid_hybrid: '0x2F00' + oqs_alg: 'OQS_KEM_alg_frodokem_640_aes' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F80' + - + family: 'FrodoKEM' + name_group: 'frodo640shake' + nid: '0x0201' + nid_hybrid: '0x2F01' + oqs_alg: 'OQS_KEM_alg_frodokem_640_shake' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F81' + - + family: 'FrodoKEM' + name_group: 'frodo976aes' + nid: '0x0202' + nid_hybrid: '0x2F02' + oqs_alg: 'OQS_KEM_alg_frodokem_976_aes' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F82' + - + family: 'FrodoKEM' + name_group: 'frodo976shake' + nid: '0x0203' + nid_hybrid: '0x2F03' + oqs_alg: 'OQS_KEM_alg_frodokem_976_shake' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F83' + - + family: 'FrodoKEM' + name_group: 'frodo1344aes' + nid: '0x0204' + nid_hybrid: '0x2F04' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_aes' + - + family: 'FrodoKEM' + name_group: 'frodo1344shake' + nid: '0x0205' + nid_hybrid: '0x2F05' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_shake' + - + family: 'BIKE' + name_group: 'bike1l1cpa' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0206' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F06' + oqs_alg: 'OQS_KEM_alg_bike1_l1_cpa' + - + family: 'BIKE' + name_group: 'bike1l3cpa' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0207' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F07' + oqs_alg: 'OQS_KEM_alg_bike1_l3_cpa' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber512' + nid: '0x023A' + oid: '1.3.6.1.4.1.22554.5.6.1' + nid_hybrid: '0x2F3A' + hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' + oqs_alg: 'OQS_KEM_alg_kyber_512' + extra_nids: + current: + - hybrid_group: "x25519" + hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' + nid: '0x2F39' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x020F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F0F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: x25519 + nid: '0x2F26' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber768' + nid: '0x023C' + oid: '1.3.6.1.4.1.22554.5.6.2' + nid_hybrid: '0x2F3C' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F90' + - hybrid_group: "x25519" + nid: '0x6399' + - hybrid_group: "p256" + nid: '0x639A' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0210' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F10' + oqs_alg: 'OQS_KEM_alg_kyber_768' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber1024' + nid: '0x023D' + oid: '1.3.6.1.4.1.22554.5.6.3' + nid_hybrid: '0x2F3D' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0211' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F11' + oqs_alg: 'OQS_KEM_alg_kyber_1024' + - + family: 'BIKE' + name_group: 'bike1l1fo' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0223' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F23' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: "x25519" + nid: '0x2F28' + oqs_alg: 'OQS_KEM_alg_bike1_l1_fo' + - + family: 'BIKE' + name_group: 'bike1l3fo' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0224' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F24' + oqs_alg: 'OQS_KEM_alg_bike1_l3_fo' + - + family: 'BIKE' + name_group: 'bikel1' + implementation_version: '5.1' + nid: '0x0241' + nid_hybrid: '0x2F41' + oqs_alg: 'OQS_KEM_alg_bike_l1' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FAE' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0238' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2F37' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F38' + - + family: 'BIKE' + name_group: 'bikel3' + implementation_version: '5.1' + nid: '0x0242' + nid_hybrid: '0x2F42' + oqs_alg: 'OQS_KEM_alg_bike_l3' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FAF' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3B' + - + family: 'BIKE' + name_group: 'bikel5' + implementation_version: '5.1' + nid: '0x0243' + nid_hybrid: '0x2F43' + oqs_alg: 'OQS_KEM_alg_bike_l5' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s512' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0229' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F29' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F3E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2FA9' + oqs_alg: 'OQS_KEM_alg_kyber_512_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s768' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022A' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F2A' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 + nid: '0x2FAA' + oqs_alg: 'OQS_KEM_alg_kyber_768_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s1024' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022B' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F2B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0240' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F40' + oqs_alg: 'OQS_KEM_alg_kyber_1024_90s' + - + family: 'HQC' + name_group: 'hqc128' + nid: '0x022C' + nid_hybrid: '0x2F2C' + oqs_alg: 'OQS_KEM_alg_hqc_128' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FAC' + - + family: 'HQC' + name_group: 'hqc192' + nid: '0x022D' + nid_hybrid: '0x2F2D' + oqs_alg: 'OQS_KEM_alg_hqc_192' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FAD' + - + family: 'HQC' + name_group: 'hqc256' + nid: '0x022E' + nid_hybrid: '0x2F2E' + oqs_alg: 'OQS_KEM_alg_hqc_256' + +kem_nid_end: '0x0250' +kem_nid_hybrid_end: '0x2FFF' +# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values + +# Next free signature ID: 0xfed0 +sigs: + # - + # iso (1) + # identified-organization (3) + # reserved (9999) + # oqs_sig_default (1) + # disabled + #variants: + # - + # name: 'oqs_sig_default' + # pretty_name: 'OQS Default Signature Algorithm' + # oqs_meth: 'OQS_SIG_alg_default' + # oid: '1.3.9999.1.1' + # code_point: '0xfe00' + # enable: true + # mix_with: [{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'oid': '1.3.9999.1.2', + # 'code_point': '0xfe01'}, + # {'name': 'rsa3072', + # 'pretty_name': 'RSA3072', + # 'oid': '1.3.9999.1.3', + # 'code_point': '0xfe02'}] + - + # OID scheme for hybrid variants of Dilithium: + # iso (1) + # identified-organization (3) + # reserved (9999) + # dilithium (2) + # OID scheme for plain Dilithium: + # iso (1) + # identified-organization (3) + # dod (6) + # internet (1) + # private (4) + # enterprise (1) + # IBM (2) + # qsc (267) + # Dilithium-r3 (7) + family: 'CRYSTALS-Dilithium' + variants: + - + name: 'dilithium2' + pretty_name: 'Dilithium2' + oqs_meth: 'OQS_SIG_alg_dilithium_2' + oid: '1.3.6.1.4.1.2.267.7.4.4' + code_point: '0xfea0' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.7.1', + 'code_point': '0xfea1'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.7.2', + 'code_point': '0xfea2'}] + - + name: 'dilithium3' + pretty_name: 'Dilithium3' + oqs_meth: 'OQS_SIG_alg_dilithium_3' + oid: '1.3.6.1.4.1.2.267.7.6.5' + code_point: '0xfea3' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.7.3', + 'code_point': '0xfea4'}] + - + name: 'dilithium5' + pretty_name: 'Dilithium5' + oqs_meth: 'OQS_SIG_alg_dilithium_5' + oid: '1.3.6.1.4.1.2.267.7.8.7' + code_point: '0xfea5' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.7.4', + 'code_point': '0xfea6'}] + - + name: 'dilithium2_aes' + pretty_name: 'Dilithium2_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_2_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.4.4' + code_point: '0xfea7' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.11.1', + 'code_point': '0xfea8'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.11.2', + 'code_point': '0xfea9'}] + - + name: 'dilithium3_aes' + pretty_name: 'Dilithium3_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_3_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.6.5' + code_point: '0xfeaa' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.11.3', + 'code_point': '0xfeab'}] + - + name: 'dilithium5_aes' + pretty_name: 'Dilithium5_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_5_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.8.7' + code_point: '0xfeac' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.11.4', + 'code_point': '0xfead'}] + - + # iso (1) + # identified-organization (3) + # reserved (9999) + # falcon (3) + family: 'Falcon' + variants: + - + name: 'falcon512' + pretty_name: 'Falcon-512' + oqs_meth: 'OQS_SIG_alg_falcon_512' + oid: '1.3.9999.3.6' + code_point: '0xfeae' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.7', + 'code_point': '0xfeaf'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.8', + 'code_point': '0xfeb0'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.1' + code_point: '0xfe0b' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.2', + 'code_point': '0xfe0c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.3', + 'code_point': '0xfe0d'}] + - + name: 'falcon1024' + pretty_name: 'Falcon-1024' + oqs_meth: 'OQS_SIG_alg_falcon_1024' + oid: '1.3.9999.3.9' + code_point: '0xfeb1' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.10', + 'code_point': '0xfeb2'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.4' + code_point: '0xfe0e' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.5', + 'code_point': '0xfe0f'}] + - + family: 'SPHINCS-Haraka' + variants: + - + name: 'sphincsharaka128frobust' + pretty_name: 'SPHINCS+-Haraka-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.1' + code_point: '0xfe42' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.2', + 'code_point': '0xfe43'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.3', + 'code_point': '0xfe44'}] + - + name: 'sphincsharaka128fsimple' + pretty_name: 'SPHINCS+-Haraka-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.4' + code_point: '0xfe45' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.5', + 'code_point': '0xfe46'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.6', + 'code_point': '0xfe47'}] + - + name: 'sphincsharaka128srobust' + pretty_name: 'SPHINCS+-Haraka-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.7' + code_point: '0xfe48' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.8', + 'code_point': '0xfe49'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.9', + 'code_point': '0xfe4a'}] + - + name: 'sphincsharaka128ssimple' + pretty_name: 'SPHINCS+-Haraka-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.10' + code_point: '0xfe4b' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.11', + 'code_point': '0xfe4c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.12', + 'code_point': '0xfe4d'}] + - + name: 'sphincsharaka192frobust' + pretty_name: 'SPHINCS+-Haraka-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.1' + code_point: '0xfe4e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.2', + 'code_point': '0xfe4f'}] + - + name: 'sphincsharaka192fsimple' + pretty_name: 'SPHINCS+-Haraka-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.3' + code_point: '0xfe50' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.4', + 'code_point': '0xfe51'}] + - + name: 'sphincsharaka192srobust' + pretty_name: 'SPHINCS+-Haraka-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.5' + code_point: '0xfe52' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.6', + 'code_point': '0xfe53'}] + - + name: 'sphincsharaka192ssimple' + pretty_name: 'SPHINCS+-Haraka-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.7' + code_point: '0xfe54' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.8', + 'code_point': '0xfe55'}] + - + name: 'sphincsharaka256frobust' + pretty_name: 'SPHINCS+-Haraka-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.1' + code_point: '0xfe56' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.2', + 'code_point': '0xfe57'}] + - + name: 'sphincsharaka256fsimple' + pretty_name: 'SPHINCS+-Haraka-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.3' + code_point: '0xfe58' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.4', + 'code_point': '0xfe59'}] + - + name: 'sphincsharaka256srobust' + pretty_name: 'SPHINCS+-Haraka-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.5' + code_point: '0xfe5a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.6', + 'code_point': '0xfe5b'}] + - + name: 'sphincsharaka256ssimple' + pretty_name: 'SPHINCS+-Haraka-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.7' + code_point: '0xfe5c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.8', + 'code_point': '0xfe5d'}] + - + family: 'SPHINCS-SHA2' + variants: + - + name: 'sphincssha26128frobust' + pretty_name: 'SPHINCS+-SHA256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.1' + code_point: '0xfe5e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.2', + 'code_point': '0xfe5f'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.3', + 'code_point': '0xfe60'}] + - + name: 'sphincssha2128fsimple' + pretty_name: 'SPHINCS+-SHA2-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128f_simple' + oid: '1.3.9999.6.4.13' + code_point: '0xfeb3' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.14', + 'code_point': '0xfeb4'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.15', + 'code_point': '0xfeb5'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.4' + code_point: '0xfe61' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.5', + 'code_point': '0xfe62'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.6', + 'code_point': '0xfe63'}] + - + name: 'sphincssha256128srobust' + pretty_name: 'SPHINCS+-SHA256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.7' + code_point: '0xfe64' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.8', + 'code_point': '0xfe65'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.9', + 'code_point': '0xfe66'}] + - + name: 'sphincssha2128ssimple' + pretty_name: 'SPHINCS+-SHA2-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128s_simple' + oid: '1.3.9999.6.4.16' + code_point: '0xfeb6' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.17', + 'code_point': '0xfeb7'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.18', + 'code_point': '0xfeb8'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.10' + code_point: '0xfe67' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.11', + 'code_point': '0xfe68'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.12', + 'code_point': '0xfe69'}] + - + name: 'sphincssha256192frobust' + pretty_name: 'SPHINCS+-SHA256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.1' + code_point: '0xfe6a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.2', + 'code_point': '0xfe6b'}] + - + name: 'sphincssha2192fsimple' + pretty_name: 'SPHINCS+-SHA2-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192f_simple' + oid: '1.3.9999.6.5.10' + code_point: '0xfeb9' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.11', + 'code_point': '0xfeba'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.3' + code_point: '0xfe6c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.4', + 'code_point': '0xfe6d'}] + - + name: 'sphincssha256192srobust' + pretty_name: 'SPHINCS+-SHA256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.5' + code_point: '0xfe6e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.6', + 'code_point': '0xfe6f'}] + - + name: 'sphincssha2192ssimple' + pretty_name: 'SPHINCS+-SHA2-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192s_simple' + oid: '1.3.9999.6.5.12' + code_point: '0xfebb' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.13', + 'code_point': '0xfebc'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.7' + code_point: '0xfe70' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.8', + 'code_point': '0xfe71'}] + - + name: 'sphincssha256256frobust' + pretty_name: 'SPHINCS+-SHA256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.1' + code_point: '0xfe72' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.2', + 'code_point': '0xfe73'}] + - + name: 'sphincssha2256fsimple' + pretty_name: 'SPHINCS+-SHA2-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256f_simple' + oid: '1.3.9999.6.6.10' + code_point: '0xfebd' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.11', + 'code_point': '0xfebe'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.3' + code_point: '0xfe74' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.4', + 'code_point': '0xfe75'}] + - + name: 'sphincssha256256srobust' + pretty_name: 'SPHINCS+-SHA256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.5' + code_point: '0xfe76' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.6', + 'code_point': '0xfe77'}] + - + name: 'sphincssha2256ssimple' + pretty_name: 'SPHINCS+-SHA2-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256s_simple' + oid: '1.3.9999.6.6.12' + code_point: '0xfec0' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.13', + 'code_point': '0xfec1'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.7' + code_point: '0xfe78' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.8', + 'code_point': '0xfe79'}] + - + family: 'SPHINCS-SHAKE' + variants: + - + name: 'sphincsshake256128frobust' + pretty_name: 'SPHINCS+-SHAKE256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.1' + code_point: '0xfe7a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.2', + 'code_point': '0xfe7b'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.3', + 'code_point': '0xfe7c'}] + - + name: 'sphincsshake128fsimple' + pretty_name: 'SPHINCS+-SHAKE-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128f_simple' + oid: '1.3.9999.6.7.13' + code_point: '0xfec2' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.14', + 'code_point': '0xfec3'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.15', + 'code_point': '0xfec4'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.4' + code_point: '0xfe7d' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.5', + 'code_point': '0xfe7e'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.6', + 'code_point': '0xfe7f'}] + - + name: 'sphincsshake256128srobust' + pretty_name: 'SPHINCS+-SHAKE256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.7' + code_point: '0xfe80' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.8', + 'code_point': '0xfe81'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.9', + 'code_point': '0xfe82'}] + - + name: 'sphincsshake128ssimple' + pretty_name: 'SPHINCS+-SHAKE-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128s_simple' + oid: '1.3.9999.6.7.16' + code_point: '0xfec5' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.17', + 'code_point': '0xfec6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.18', + 'code_point': '0xfec7'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.10' + code_point: '0xfe83' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.11', + 'code_point': '0xfe84'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.12', + 'code_point': '0xfe85'}] + - + name: 'sphincsshake256192frobust' + pretty_name: 'SPHINCS+-SHAKE256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.1' + code_point: '0xfe86' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.2', + 'code_point': '0xfe87'}] + - + name: 'sphincsshake192fsimple' + pretty_name: 'SPHINCS+-SHAKE-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192f_simple' + oid: '1.3.9999.6.8.10' + code_point: '0xfec8' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.11', + 'code_point': '0xfec9'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.3' + code_point: '0xfe88' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.4', + 'code_point': '0xfe89'}] + - + name: 'sphincsshake256192srobust' + pretty_name: 'SPHINCS+-SHAKE256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.5' + code_point: '0xfe8a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.6', + 'code_point': '0xfe8b'}] + - + name: 'sphincsshake192ssimple' + pretty_name: 'SPHINCS+-SHAKE-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192s_simple' + oid: '1.3.9999.6.8.12' + code_point: '0xfeca' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.13', + 'code_point': '0xfecb'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.7' + code_point: '0xfe8c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.8', + 'code_point': '0xfe8d'}] + - + name: 'sphincsshake256256frobust' + pretty_name: 'SPHINCS+-SHAKE256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.1' + code_point: '0xfe8e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.2', + 'code_point': '0xfe8f'}] + - + name: 'sphincsshake256fsimple' + pretty_name: 'SPHINCS+-SHAKE-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256f_simple' + oid: '1.3.9999.6.9.10' + code_point: '0xfecc' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.11', + 'code_point': '0xfecd'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.3' + code_point: '0xfe90' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.4', + 'code_point': '0xfe91'}] + - + name: 'sphincsshake256256srobust' + pretty_name: 'SPHINCS+-SHAKE256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.5' + code_point: '0xfe92' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.6', + 'code_point': '0xfe93'}] + - + name: 'sphincsshake256ssimple' + pretty_name: 'SPHINCS+-SHAKE-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256s_simple' + oid: '1.3.9999.6.9.12' + code_point: '0xfece' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.13', + 'code_point': '0xfecf'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.7' + code_point: '0xfe94' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.8', + 'code_point': '0xfe95'}] + + diff --git a/oqs-template/oqs-kem-info.md b/oqs-template/oqs-kem-info.md index d45c8a1e..d85fca20 100644 --- a/oqs-template/oqs-kem-info.md +++ b/oqs-template/oqs-kem-info.md @@ -77,3 +77,11 @@ | HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x2FAD | x448 | | HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x022E | | | HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x2F2E | secp521_r1 | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x0244 | | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2F44 | secp256_r1 | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2FB0 | x25519 | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x0245 | | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2F45 | secp384_r1 | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2FB1 | x448 | +| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x0246 | | +| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 | diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 001dd419..6255b041 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -81,17 +81,17 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = { {0x0243, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F43, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x022C, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0244, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F2C, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FAC, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x022D, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F44, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB0, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0245, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F2D, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FAD, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x022E, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F45, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB1, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0246, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F2E, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F46, 256, TLS1_3_VERSION, 0, -1, -1, 1}, ///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END }; From d4eac6cd6f107087e9e91b1eb56e0122c05183c1 Mon Sep 17 00:00:00 2001 From: Mariam John Date: Tue, 5 Dec 2023 04:59:57 -0600 Subject: [PATCH 074/164] Fix broken circleci job for macOS (#305) This PR updates the openssl version to be installed for testing macOS builds The circleci config file currently points to openssl@3.1 to install openssl for macOS. This change was made as part of the following [PR](https://github.com/open-quantum-safe/oqs-provider/commit/080c3dd2703a6b26f0aca12b265346a15f87c43e), where previously `openssl@3` pointed to `openssl v3.0.x` which was causing errors trying to build oqs-provider. So the change was made to specify `openssl@3.1`. OpenSSL v3.2 was released last week and the circleci jobs for macOS started failing since `openssl@3.1` is no longer available to install using homebrew. Instead the following are the options: `openssl@3` (which points to the current stable version, v3.2), `openssl@3.0` and `openssl@1.1`. Changes made in this PR include: - pointing the openssl version back to `openssl@3` since it now points to the latest 3.2 - a small doc change to the CONTRIBUTING doc to update the circleci command to run a specific job locally. (In the latest version (currently vv0.1.29314), this command does not have the --job flag) Signed-off-by: Felipe Ventura --- .circleci/config.yml | 4 ++-- CONTRIBUTING.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d06837c1..c900afdb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -166,7 +166,7 @@ jobs: - when: condition: not: - equal: [ openssl@3.1, << parameters.OPENSSL_PREINSTALL >> ] + equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ] steps: - run: name: Clone and build OpenSSL(3) master @@ -186,7 +186,7 @@ jobs: fi - when: condition: - equal: [ openssl@3.1, << parameters.OPENSSL_PREINSTALL >> ] + equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ] steps: - run: name: Build OQS-OpenSSL provider diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bcd1793f..ea800111 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -37,7 +37,7 @@ run the following command in the project main directory prior to finishing a PR: If encountering CI errors in CircleCI, it may be helpful to execute the test jobs locally to debug. This can be facilitated by executing the command - circleci local execute --job some-test-job + circleci local execute [--job] some-test-job assuming "some-test-job" is the name of the test to be executed and the CircleCI [command line tools have been installed](https://circleci.com/docs/local-cli). From 04f2874a5613ea4fe47b8d6fcf19a29dbe889775 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Tue, 5 Dec 2023 12:03:14 +0100 Subject: [PATCH 075/164] Contribution policy (#286) * add new issue template * add GOVERNANCE policy * feedback by @levitte * Clarifications on voting * updates following SustainOSS feedback * Clarify reinstatement into role * Make Leave of absence its own section, and clarify some details Co-authored-by: Richard Levitte Co-authored-by: Spencer Wilson Co-authored-by: Douglas Stebila Signed-off-by: Felipe Ventura --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/ISSUE_TEMPLATE/discussion.md | 25 ++++++++++ GOVERNANCE.md | 70 ++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 .github/ISSUE_TEMPLATE/discussion.md create mode 100644 GOVERNANCE.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 22234bd7..08658392 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -2,7 +2,7 @@ name: Bug report about: Create a report to help us improve title: '' -labels: '' +labels: 'bug' assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/discussion.md b/.github/ISSUE_TEMPLATE/discussion.md new file mode 100644 index 00000000..328941c5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/discussion.md @@ -0,0 +1,25 @@ +--- +name: Question, Feature, Documentation +labels: 'question' +about: Ask question, request feature or documentation update +--- + +### Thank you for taking the time to share your thoughts with us. + +We welcome all suggestions for new features or documentation updates +helping others to make better use of this project. + +As with any other topic you'd like to discuss with the community, +we'd primarily like to invite you to [open a discussion](https://github.com/open-quantum-safe/oqs-provider/discussions) +item with your concern. + +If you have a bug to report please use the [Bug report template](https://github.com/open-quantum-safe/oqs-provider/issues/new?assignees=&labels=&projects=&template=bug_report.md&title=). + +If you have an issue with the project that does not qualify as a bug +and have already explored the code to the extent that you can make a +proposal how to handle the issue, please feel free to open a +"blank issue" providing all information you have already collected. + +Please remember to tell us which code version/branch you are using and +then briefly describe the issue and proposal how to resolve it if +available. diff --git a/GOVERNANCE.md b/GOVERNANCE.md new file mode 100644 index 00000000..4207602a --- /dev/null +++ b/GOVERNANCE.md @@ -0,0 +1,70 @@ +# Governance + +## Foreword + +This file documents the governance guidelines used for this project. It is principally concerned with defining the roles of project contributors, the associated rights and responsibilities, and the process for transitioning between them. As such, this document is written in a fairly formal and precise tone, so as to be succint and unambiguous. This should not be interpreted as a lack of warmth on the part of the OQS team---we're really quite friendly! We do not intend to act as gatekeepers by laying out this tier of roles and the associated rules. Instead, we hope that clearly defining these roles and the processes for attaining them shows contributors a clear path by which to become more involved in project governance, if they so wish. We welcome all questions, discussions, and contributions, and we would love to have more people on board. + +We recognize that some of the policies discussed here can seem intimidating---for instance, revocation of privileges or code of conduct violations. It is our hope that we don't have to rely on these guidelines; however, we believe that it is important to have them in place should they be needed. + +## Roles + +The following roles exist in the project: + +1. Maintainer: Person with GitHub administrative rights. + +2. Committer: Person with GitHub "Write" privileges; this entails the right and obligation to review PRs by Contributors and to actively participate in discussions. + +3. Contributor: Person that has contributed code. + +4. Users: Person using the project passively or actively, e.g., by participating in discussions. + +## Relationships between roles + +Any User may also be a Contributor. Any Contributor may also be a Committer. Any Committer may also be a Maintainer. A Maintainer must be a Committer. + +## Change of role + +Any User may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers. + +Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers. + +As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice by Committers as to what---if anything---should be done to attain this status (additional to already documented knowledge in contributions). Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer. + +Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers. + +A Maintainer is not permitted to remove another Maintainer's GitHub privileges. + +A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected. + +Any person violating the [code of conduct](CODE_OF_CONDUCT.md], consistently not fulfilling the role responsibilities or other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. + +Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees. + +## Leave of absence + +Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below. At the end of this time period, the Committer automatically regains their voting rights. + +A leave of absence may not be longer than a year. If the Committer needs to be away for longer than that, they must step down from that role unconditionally, and regaining that role becomes subject of normal procedures to become Committer, as described in ["Change of role"](#change-of-role) above. + +## Voting + +Change of role or changes to this document is subject to voting. + +Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period. + +## Documentation of roles + +Current Maintainers and Committers are to be documented below by way of reference to their GitHub handles. + +### Maintainers + +@baentsch +@dstebila + +### Committers + +@baentsch +@bhess +@dstebila +@thb-sb +@christianpaquin From 91e63fbdd97342d16271af7a28ac50c736e4cf18 Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Wed, 6 Dec 2023 01:16:19 -0600 Subject: [PATCH 076/164] Fix link in GOVERNANCE.md (#309) Fix the link to CODE_OF_CONDUCT.md Signed-off-by: Felipe Ventura --- GOVERNANCE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 4207602a..a90d4d15 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -36,7 +36,7 @@ A Maintainer is not permitted to remove another Maintainer's GitHub privileges. A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected. -Any person violating the [code of conduct](CODE_OF_CONDUCT.md], consistently not fulfilling the role responsibilities or other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. +Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities or other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees. From 7b36297d60e01088df1e2c80df573def08ef8646 Mon Sep 17 00:00:00 2001 From: thomas <108470890+thb-sb@users.noreply.github.com> Date: Wed, 6 Dec 2023 08:17:34 +0100 Subject: [PATCH 077/164] Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. (#308) This commit adds an example under the `examples/` directory of how to load oqsprovider using [`OSSL_PROVIDER_add_builtin`]. A CMake test target has been added to ensure that the example works. Note that this target is skipped if `OQS_PROVIDER_BUILD_STATIC` is not enabled. [`OSSL_PROVIDER_add_builtin`]: https://www.openssl.org/docs/man3.2/man3/OSSL_PROVIDER_add_builtin.html Signed-off-by: Felipe Ventura --- CMakeLists.txt | 3 ++ CONFIGURE.md | 3 ++ examples/CMakeLists.txt | 7 +++ examples/static_oqsprovider.c | 95 +++++++++++++++++++++++++++++++++++ 4 files changed, 108 insertions(+) create mode 100644 examples/CMakeLists.txt create mode 100644 examples/static_oqsprovider.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 7958247c..fad726df 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -89,3 +89,6 @@ add_subdirectory(oqsprov) # Testing enable_testing() add_subdirectory(test) + +# Examples +add_subdirectory(examples) diff --git a/CONFIGURE.md b/CONFIGURE.md index afae2735..dff28861 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -91,6 +91,9 @@ void load_oqs_provider(OSSL_LIB_CTX *libctx) { > **Warning** > `OQS_PROVIDER_BUILD_STATIC` and `BUILD_SHARED_LIBS` are mutually exclusive. +See [`examples/static_oqsprovider.c`](examples/static_oqsprovider.c) for a complete +example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. + ## Convenience build script options For anyone interested in building the complete software stack diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt new file mode 100644 index 00000000..43ec0ca8 --- /dev/null +++ b/examples/CMakeLists.txt @@ -0,0 +1,7 @@ +if (OQS_PROVIDER_BUILD_STATIC) + add_executable(example_static_oqsprovider static_oqsprovider.c) + target_link_libraries(example_static_oqsprovider PRIVATE ${OPENSSL_CRYPTO_LIBRARY} oqsprovider) + targets_set_static_provider(example_static_oqsprovider) + add_test(NAME test_example_static_oqsprovider + COMMAND example_static_oqsprovider) +endif() diff --git a/examples/static_oqsprovider.c b/examples/static_oqsprovider.c new file mode 100644 index 00000000..14285340 --- /dev/null +++ b/examples/static_oqsprovider.c @@ -0,0 +1,95 @@ +/** + * \file + * \brief Example of how to load oqsprovider when compiled as a static library + * `using OSSL_PROVIDER_add_builtin`. + */ + +#include + +#include +#include +#include + +/** \brief The initialization function of oqsprovider. */ +extern OSSL_provider_init_fn oqs_provider_init; + +/** \brief Name of the oqsprovider. */ +static const char *kOQSProviderName = "oqsprovider"; + +/** \brief Tries to load the oqsprovider named "oqsprovider". + * + * \param libctx Context of the OpenSSL library in which to load the + * oqsprovider. + * + * \returns 0 if success, else -1. */ +static int load_oqs_provider(OSSL_LIB_CTX *libctx) +{ + OSSL_PROVIDER *provider; + int ret; + + ret = OSSL_PROVIDER_available(libctx, kOQSProviderName); + if (ret != 0) { + fprintf(stderr, + "`OSSL_PROVIDER_available` returned %i, but 0 was expected\n", + ret); + return -1; + } + + ret = OSSL_PROVIDER_add_builtin(libctx, kOQSProviderName, + oqs_provider_init); + if (ret != 1) { + fprintf(stderr, + "`OSSL_PROVIDER_add_builtin` failed with returned code %i\n", + ret); + return -1; + } + + provider = OSSL_PROVIDER_load(libctx, kOQSProviderName); + if (provider == NULL) { + fputs("`OSSL_PROVIDER_load` failed\n", stderr); + return -1; + } + + ret = OSSL_PROVIDER_available(libctx, kOQSProviderName); + if (ret != 1) { + fprintf(stderr, + "`OSSL_PROVIDER_available` returned %i, but 0 was expected\n", + ret); + return -1; + } + + ret = OSSL_PROVIDER_self_test(provider); + if (ret != 1) { + fprintf(stderr, + "`OSSL_PROVIDER_self_test` failed with returned code %i\n", + ret); + return -1; + } + + return 0; +} + +int main() +{ + OSSL_LIB_CTX *libctx; + int ret; + + libctx = OSSL_LIB_CTX_new(); + if (libctx == NULL) { + fputs("`OSSL_LIB_CTX_new` failed. Cannot initialize OpenSSL.\n", + stderr); + return 1; + } + + ret = load_oqs_provider(libctx); + if (ret != 0) { + fputs("`load_oqs_provider` failed. Dumping OpenSSL error queue.\n", + stderr); + ERR_print_errors_fp(stderr); + return 2; + } + + OSSL_LIB_CTX_free(libctx); + + return 0; +} From 66ce92838792593bca24e101046baf8bed49a565 Mon Sep 17 00:00:00 2001 From: qnfm <104289862+qnfm@users.noreply.github.com> Date: Thu, 7 Dec 2023 07:10:03 +0000 Subject: [PATCH 078/164] Get Windows CI to work again (#310) * Change osslconfig for Windows build * Re-activate Debug build Signed-off-by: Felipe Ventura --- .github/workflows/windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 8e73be13..ca6bfaef 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -101,7 +101,7 @@ jobs: platform: - arch: win64 oqsconfig: -DOQS_ALGS_ENABLED=STD - osslconfig: no-shared no-fips VC-WIN64A-masm + osslconfig: no-shared no-fips VC-WIN64A # - arch: win32 # oqsconfig: -DOQS_ALGS_ENABLED=STD # osslconfig: --strict-warnings no-fips enable-quic @@ -215,7 +215,7 @@ jobs: msarch: - x64 type: -# - Debug + - Debug - Release runs-on: ${{matrix.os}} steps: From e372d5f35fa593a65a6e0e0fb4c1ed80d77c29bf Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 8 Dec 2023 11:46:43 -0600 Subject: [PATCH 079/164] added TEXT encoder options for composite Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 158 ++++++++++++++++++++++++++--------- oqsprov/oqs_prov.h | 16 ++++ oqsprov/oqsencoders.inc | 18 ++++ 3 files changed, 152 insertions(+), 40 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index b0b4bbd7..199188e8 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1475,6 +1475,10 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) <= 0) return 0; break; + case KEY_TYPE_CMP_SIG: + if (BIO_printf(out, "%s composite private key:\n", okey->tls_name) <= 0) + return 0; + break; default: ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; @@ -1497,6 +1501,10 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) if (BIO_printf(out, "%s hybrid public key:\n", okey->tls_name) <= 0) return 0; break; + case KEY_TYPE_CMP_SIG: + if (BIO_printf(out, "%s composite public key:\n", okey->tls_name) <= 0) + return 0; + break; default: ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; @@ -1505,51 +1513,105 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (okey->privkey) { - if (okey->numkeys > 1) { // hybrid key - char classic_label[200]; - int classic_key_len = 0; - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); - DECODE_UINT32(classic_key_len, okey->privkey); - if (!print_labeled_buf(out, classic_label, - okey->comp_privkey[0], classic_key_len)) - return 0; - /* finally print pure PQ key */ - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_privkey[okey->numkeys - 1], - okey->privkeylen - classic_key_len - - SIZE_OF_UINT32)) - return 0; - } else { // plain PQ key - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_privkey[okey->numkeys - 1], - okey->privkeylen)) - return 0; + if (okey->keytype == KEY_TYPE_CMP_SIG){ + char *name; + char label[200]; + int i, privlen; + for (i = 0; i < okey->numkeys; i++){ + if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); + return 0; + } + sprintf(label, "%s key material:", name); + + if(get_oqsname_fromtls(name) == 0 //classical key + && okey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size + unsigned char* enc_len = OPENSSL_strndup(okey->comp_privkey[i], 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(privlen, enc_len); + privlen += 4; + OPENSSL_free(enc_len); + if (privlen > okey->privkeylen_cmp[i]){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return 0; + } + }else + privlen = okey->privkeylen_cmp[i]; + if (!print_labeled_buf(out, label, + okey->comp_privkey[i], privlen)) + return 0; + + OPENSSL_free(name); + } + }else{ + if (okey->numkeys > 1) { // hybrid key + char classic_label[200]; + int classic_key_len = 0; + sprintf(classic_label, + "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); + DECODE_UINT32(classic_key_len, okey->privkey); + if (!print_labeled_buf(out, classic_label, + okey->comp_privkey[0], classic_key_len)) + return 0; + /* finally print pure PQ key */ + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen - classic_key_len + - SIZE_OF_UINT32)) + return 0; + } else { // plain PQ key + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen)) + return 0; + } } } } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { if (okey->pubkey) { - if (okey->numkeys > 1) { // hybrid key - char classic_label[200]; - int classic_key_len = 0; - DECODE_UINT32(classic_key_len, okey->pubkey); - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); - if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0], - classic_key_len)) - return 0; - /* finally print pure PQ key */ - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_pubkey[okey->numkeys - 1], - okey->pubkeylen - classic_key_len - - SIZE_OF_UINT32)) - return 0; - } else { // PQ key only - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_pubkey[okey->numkeys - 1], - okey->pubkeylen)) - return 0; + if (okey->keytype == KEY_TYPE_CMP_SIG){ + char *name; + char label[200]; + int i; + for (i = 0; i < okey->numkeys; i++){ + if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL){ + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); + return 0; + } + sprintf(label, "%s key material:", name); + + if (!print_labeled_buf(out, label, + okey->comp_pubkey[i], okey->pubkeylen_cmp[i])) + return 0; + + OPENSSL_free(name); + } + }else{ + if (okey->numkeys > 1) { // hybrid key + char classic_label[200]; + int classic_key_len = 0; + DECODE_UINT32(classic_key_len, okey->pubkey); + sprintf(classic_label, + "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); + if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0], + classic_key_len)) + return 0; + /* finally print pure PQ key */ + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen - classic_key_len + - SIZE_OF_UINT32)) + return 0; + } else { // PQ key only + if (!print_labeled_buf(out, "PQ key material:", + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen)) + return 0; + } } } } @@ -2122,94 +2184,110 @@ MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_rsa3072); MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_p256); MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_p256); MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_p384); MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_bp256); MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_ed25519); MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_bp384); MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_ed448); MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_bp256); MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_ed25519); MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_pss3072); MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_pss2048); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_rsa2048); MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_ed25519); MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_p256); MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_bp256); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 5d402e60..fb7a7ee6 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1411,6 +1411,7 @@ extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1419,6 +1420,7 @@ extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_en extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1427,6 +1429,7 @@ extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_enc extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1435,6 +1438,7 @@ extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_en extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1443,6 +1447,7 @@ extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_e extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1451,6 +1456,7 @@ extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1459,6 +1465,7 @@ extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_e extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1467,6 +1474,7 @@ extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_e extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1475,6 +1483,7 @@ extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_en extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1483,6 +1492,7 @@ extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_ extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1491,6 +1501,7 @@ extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1499,6 +1510,7 @@ extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1507,6 +1519,7 @@ extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1515,6 +1528,7 @@ extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1523,6 +1537,7 @@ extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_en extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; @@ -1531,6 +1546,7 @@ extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_e extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 52e97f29..e12e45cb 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -590,6 +590,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, @@ -602,6 +603,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, @@ -614,6 +616,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, @@ -626,6 +629,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_p256", dilithium2_p256), ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, @@ -638,6 +642,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), @@ -672,6 +677,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, @@ -684,6 +690,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_p256", dilithium3_p256), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, @@ -696,6 +703,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, @@ -708,6 +716,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, @@ -720,6 +729,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 @@ -755,6 +765,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_p384", dilithium5_p384), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, @@ -767,6 +778,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, @@ -779,6 +791,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), @@ -798,6 +811,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_falcon512", p256_falcon512), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, @@ -810,6 +824,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, @@ -822,6 +837,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_p256", falcon512_p256), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, @@ -834,6 +850,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_bp256", falcon512_bp256), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, @@ -846,6 +863,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), From 85a3ce166e7f05ccfa4170ce8280f6b733c88530 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 8 Dec 2023 14:10:07 -0600 Subject: [PATCH 080/164] fix composite adjust Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 7 ++++++- oqsprov/oqsprov.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 49cd26f5..8a9bec70 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,7 +27,12 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -#define COMPOSITE_IDX_ADJUST 23 /*idx to the first composite in the composite idx block*/ +#ifdef OQS_KEM_ENCODERS /*idx to the first composite in the composite idx block*/ +# define COMPOSITE_IDX_ADJUST 65 +#else +# define COMPOSITE_IDX_ADJUST 23 +#endif + #ifdef NDEBUG # define OQS_SIG_PRINTF(a) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 57a91509..bf7ad14e 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 165 +# define OQS_OID_CNT 162 #else # define OQS_OID_CNT 78 #endif From d5b8d90abd35c269674269a67d9e07fe33b14b48 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 8 Dec 2023 14:45:12 -0600 Subject: [PATCH 081/164] bugfix Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 06e70f35..f92fd828 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -256,7 +256,6 @@ char* get_cmpname(int nid, int index) return NULL; s = OPENSSL_strdup(nid_names[i].tlsname); first_token = strtok_r(s, "_", &s); - token; if (index == 0){ name = OPENSSL_strdup(first_token); }else{ @@ -1345,7 +1344,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); break; case KEY_TYPE_CMP_SIG: - int i; ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); ret->privkeylen = 0; ret->pubkeylen = 0; From a4911d536407f18f6a71bcb578a9859aadb4c40b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 8 Dec 2023 14:48:30 -0600 Subject: [PATCH 082/164] bugfix Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index f92fd828..4e75490b 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1191,7 +1191,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, { OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); OQSX_EVP_CTX *evp_ctx = NULL; - int ret2 = 0; + int ret2 = 0, i; if (ret == NULL) goto err; From 2015b2d503d458134c6f80cc5bc09a4ca36270fc Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 11 Dec 2023 09:24:40 -0600 Subject: [PATCH 083/164] changed to OpenSSL coding style Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 107 ++- oqsprov/oqs_encode_key2any.c | 355 +++++----- oqsprov/oqs_kem.c | 9 +- oqsprov/oqs_kmgmt.c | 163 ++--- oqsprov/oqs_prov.h | 400 +++++++---- oqsprov/oqs_sig.c | 1253 ++++++++++++++++++---------------- oqsprov/oqsdecoders.inc | 35 +- oqsprov/oqsencoders.inc | 106 ++- oqsprov/oqsprov.c | 48 +- oqsprov/oqsprov_keys.c | 797 +++++++++++---------- 10 files changed, 1702 insertions(+), 1571 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 5ea20a50..8a0629c8 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -731,68 +731,47 @@ MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, - oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, + SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 199188e8..6d424017 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -9,6 +9,7 @@ */ #include "oqs_endecoder_local.h" +#include "oqs_prov.h" #include #include #include @@ -21,7 +22,6 @@ #include #include #include -#include "oqs_prov.h" #include #include @@ -57,7 +57,6 @@ struct key2any_ctx_st { void *pwcbarg; }; - typedef int check_key_type_fn(const void *key, int nid); typedef int key_to_paramstring_fn(const void *key, int nid, int save, void **str, int *strtype); @@ -302,11 +301,11 @@ static int key_to_pki_pem_priv_bio(BIO *out, const void *key, int key_nid, if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; - p8info = key_to_p8info(key, key_nid, str, strtype, k2d); - if (p8info != NULL) - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); - else - free_asn1_data(strtype, str); + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); + if (p8info != NULL) + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + else + free_asn1_data(strtype, str); PKCS8_PRIV_KEY_INFO_free(p8info); @@ -329,10 +328,8 @@ static int key_to_spki_der_pub_bio(BIO *out, const void *key, int key_nid, if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; - xpk = oqsx_key_to_pubkey(key, key_nid, str, strtype, k2d); - if (xpk != NULL) ret = i2d_X509_PUBKEY_bio(out, xpk); @@ -513,7 +510,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (oqsxkey->keytype != KEY_TYPE_CMP_SIG){ + if (oqsxkey->keytype != KEY_TYPE_CMP_SIG) { #ifdef USE_ENCODING_LIB if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { @@ -525,8 +522,8 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) buf = OPENSSL_secure_zalloc(buflen); ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, - 0, 1); + encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, + 0, 0, 1); if (ret != QSC_ENC_OK) return -1; @@ -541,20 +538,25 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } *pder = keyblob; return oqsxkey->pubkeylen; - #ifdef USE_ENCODING_LIB +#ifdef USE_ENCODING_LIB } - #endif - }else{ - ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); - ASN1_STRING **aString = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - ASN1_STRING **tempOct = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); - unsigned char **cbuf = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); +#endif + } else { + ASN1_TYPE **aType + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); + ASN1_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + ASN1_STRING **tempOct + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + unsigned char **temp + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + unsigned char **cbuf + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); int len, i; - if((sk = sk_ASN1_TYPE_new_null()) == NULL) + if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); aString[i] = ASN1_OCTET_STRING_new(); tempOct[i] = ASN1_OCTET_STRING_new(); @@ -567,8 +569,8 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) ASN1_STRING_set0(aString[i], temp[i], keybloblen); ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); - if (!sk_ASN1_TYPE_push(sk, aType[i])){ - for (i = 0; i < oqsxkey->numkeys; i++){ + if (!sk_ASN1_TYPE_push(sk, aType[i])) { + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -581,7 +583,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -589,11 +591,9 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(tempOct[i]); } OPENSSL_free(sk); - + return keybloblen; } - - } static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) @@ -604,7 +604,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_OCTET_STRING oct; int keybloblen, nid; STACK_OF(ASN1_TYPE) *sk = NULL; - char* name; + char *name; OQS_ENC_PRINTF("OQS ENC provider: oqsx_pki_priv_to_der called\n"); @@ -623,7 +623,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) // only concatenate private classic key (if any) and OQS private and public // key NOT saving public classic key component (if any) - if (oqsxkey->keytype != KEY_TYPE_CMP_SIG){ + if (oqsxkey->keytype != KEY_TYPE_CMP_SIG) { privkeylen = oqsxkey->privkeylen; if (oqsxkey->numkeys > 1) { // hybrid int actualprivkeylen; @@ -635,51 +635,51 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) privkeylen -= (oqsxkey->evp_info->length_private_key - actualprivkeylen); } - #ifdef USE_ENCODING_LIB +#ifdef USE_ENCODING_LIB if (oqsxkey->oqsx_encoding_ctx.encoding_ctx != NULL && oqsxkey->oqsx_encoding_ctx.encoding_impl != NULL) { const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; int ret = 0; - # ifdef NOPUBKEY_IN_PRIVKEY - int withoptional - = (encoding_ctx->encoding_ctx->raw_private_key_encodes_public_key - ? 1 - : 0); - # else +# ifdef NOPUBKEY_IN_PRIVKEY + int withoptional = (encoding_ctx->encoding_ctx + ->raw_private_key_encodes_public_key + ? 1 + : 0); +# else int withoptional = 1; - # endif - buflen - = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes - : encoding_ctx->encoding_impl - ->crypto_secretkeybytes_nooptional); +# endif + buflen = (withoptional + ? encoding_ctx->encoding_impl->crypto_secretkeybytes + : encoding_ctx->encoding_impl + ->crypto_secretkeybytes_nooptional); buf = OPENSSL_secure_zalloc(buflen); ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, - oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], 0, - oqsxkey->privkey, &buf, withoptional); + encoding_ctx->encoding_impl, + oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], 0, + oqsxkey->privkey, &buf, withoptional); if (ret != QSC_ENC_OK) return -1; } else { - #endif - #ifdef NOPUBKEY_IN_PRIVKEY +#endif +#ifdef NOPUBKEY_IN_PRIVKEY buflen = privkeylen; buf = OPENSSL_secure_malloc(buflen); OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", buflen); memcpy(buf, oqsxkey->privkey, privkeylen); - #else +#else buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); buf = OPENSSL_secure_malloc(buflen); OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", buflen); memcpy(buf, oqsxkey->privkey, privkeylen); memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], - oqsx_key_get_oqs_public_key_len(oqsxkey)); - #endif - #ifdef USE_ENCODING_LIB + oqsx_key_get_oqs_public_key_len(oqsxkey)); +#endif +#ifdef USE_ENCODING_LIB } - #endif +#endif oct.data = buf; oct.length = buflen; @@ -693,25 +693,31 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } - }else{ - ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); - ASN1_STRING **aString = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - ASN1_STRING **tempOct = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); - unsigned char **cbuf = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + } else { + ASN1_TYPE **aType + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); + ASN1_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + ASN1_STRING **tempOct + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + unsigned char **temp + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + unsigned char **cbuf + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); int i; - if((sk = sk_ASN1_TYPE_new_null()) == NULL) + if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); aString[i] = ASN1_OCTET_STRING_new(); tempOct[i] = ASN1_OCTET_STRING_new(); temp[i] = NULL; - if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) + == NULL) { OPENSSL_free(name); - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -721,17 +727,20 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(sk); return -1; } - - if(get_oqsname_fromtls(name) == 0){ - if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); + + if (get_oqsname_fromtls(name) == 0) { + if (oqsxkey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { // get the RSA real key size + unsigned char *enc_len + = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(buflen, enc_len); buflen += 4; OPENSSL_free(enc_len); - if (buflen > oqsxkey->privkeylen_cmp[i]){ + if (buflen > oqsxkey->privkeylen_cmp[i]) { OPENSSL_free(name); - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -742,17 +751,20 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return -1; } - }else + } else buflen = oqsxkey->privkeylen_cmp[i]; - }else + } else buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; cbuf[i] = OPENSSL_malloc(buflen); memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); - if(get_oqsname_fromtls(name) != 0){//include pubkey in privkey for PQC - memcpy(cbuf[i], oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); - memcpy(cbuf[i] + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - }else + if (get_oqsname_fromtls(name) + != 0) { // include pubkey in privkey for PQC + memcpy(cbuf[i], oqsxkey->comp_privkey[i], + oqsxkey->privkeylen_cmp[i]); + memcpy(cbuf[i] + oqsxkey->privkeylen_cmp[i], + oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); + } else memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); ASN1_STRING_set0(tempOct[i], cbuf[i], buflen); @@ -760,8 +772,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_STRING_set0(aString[i], temp[i], keybloblen); ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); - if (!sk_ASN1_TYPE_push(sk, aType[i])){ - for (i = 0; i < oqsxkey->numkeys; i++){ + if (!sk_ASN1_TYPE_push(sk, aType[i])) { + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -776,7 +788,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); - for (i = 0; i < oqsxkey->numkeys; i++){ + for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_free(temp[i]); OPENSSL_free(cbuf[i]); OPENSSL_free(aType[i]); @@ -1015,54 +1027,54 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" -# define dilithium2_pss2048_evp_type 0 -# define dilithium2_pss2048_input_type "dilithium2_pss2048" -# define dilithium2_pss2048_pem_type "dilithium2_pss2048" -# define dilithium2_rsa2048_evp_type 0 -# define dilithium2_rsa2048_input_type "dilithium2_rsa2048" -# define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" -# define dilithium2_ed25519_evp_type 0 -# define dilithium2_ed25519_input_type "dilithium2_ed25519" -# define dilithium2_ed25519_pem_type "dilithium2_ed25519" -# define dilithium2_p256_evp_type 0 -# define dilithium2_p256_input_type "dilithium2_p256" -# define dilithium2_p256_pem_type "dilithium2_p256" -# define dilithium2_bp256_evp_type 0 -# define dilithium2_bp256_input_type "dilithium2_bp256" -# define dilithium2_bp256_pem_type "dilithium2_bp256" -# define dilithium3_rsa2048_evp_type 0 -# define dilithium3_rsa3072_input_type "dilithium3_rsa3072" -# define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" -# define dilithium3_p256_evp_type 0 -# define dilithium3_p256_input_type "dilithium3_p256" -# define dilithium3_p256_pem_type "dilithium3_p256" -# define falcon512_p256_evp_type 0 -# define falcon512_p256_input_type "falcon512_p256" -# define falcon512_p256_pem_type "falcon512_p256" -# define dilithium5_p384_evp_type 0 -# define dilithium5_p384_input_type "dilithium5_p384" -# define dilithium5_p384_pem_type "dilithium5_p384" -# define dilithium3_bp256_evp_type 0 -# define dilithium3_bp256_input_type "dilithium3_bp256" -# define dilithium3_bp256_pem_type "dilithium3_bp256" -# define dilithium3_ed25519_evp_type 0 -# define dilithium3_ed25519_input_type "dilithium3_ed25519" -# define dilithium3_ed25519_pem_type "dilithium3_ed25519" -# define dilithium3_pss3072_evp_type 0 -# define dilithium3_pss3072_input_type "dilithium3_pss3072" -# define dilithium3_pss3072_pem_type "dilithium3_pss3072" -# define dilithium5_bp384_evp_type 0 -# define dilithium5_bp384_input_type "dilithium5_bp384" -# define dilithium5_bp384_pem_type "dilithium5_bp384" -# define dilithium5_ed448_evp_type 0 -# define dilithium5_ed448_input_type "dilithium5_ed448" -# define dilithium5_ed448_pem_type "dilithium5_ed448" -# define falcon512_bp256_evp_type 0 -# define falcon512_bp256_input_type "falcon512_bp256" -# define falcon512_bp256_pem_type "falcon512_bp256" -# define falcon512_ed25519_evp_type 0 -# define falcon512_ed25519_input_type "falcon512_ed25519" -# define falcon512_ed25519_pem_type "falcon512_ed25519" +#define dilithium2_pss2048_evp_type 0 +#define dilithium2_pss2048_input_type "dilithium2_pss2048" +#define dilithium2_pss2048_pem_type "dilithium2_pss2048" +#define dilithium2_rsa2048_evp_type 0 +#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +#define dilithium2_ed25519_evp_type 0 +#define dilithium2_ed25519_input_type "dilithium2_ed25519" +#define dilithium2_ed25519_pem_type "dilithium2_ed25519" +#define dilithium2_p256_evp_type 0 +#define dilithium2_p256_input_type "dilithium2_p256" +#define dilithium2_p256_pem_type "dilithium2_p256" +#define dilithium2_bp256_evp_type 0 +#define dilithium2_bp256_input_type "dilithium2_bp256" +#define dilithium2_bp256_pem_type "dilithium2_bp256" +#define dilithium3_rsa2048_evp_type 0 +#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" +#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" +#define dilithium3_p256_evp_type 0 +#define dilithium3_p256_input_type "dilithium3_p256" +#define dilithium3_p256_pem_type "dilithium3_p256" +#define falcon512_p256_evp_type 0 +#define falcon512_p256_input_type "falcon512_p256" +#define falcon512_p256_pem_type "falcon512_p256" +#define dilithium5_p384_evp_type 0 +#define dilithium5_p384_input_type "dilithium5_p384" +#define dilithium5_p384_pem_type "dilithium5_p384" +#define dilithium3_bp256_evp_type 0 +#define dilithium3_bp256_input_type "dilithium3_bp256" +#define dilithium3_bp256_pem_type "dilithium3_bp256" +#define dilithium3_ed25519_evp_type 0 +#define dilithium3_ed25519_input_type "dilithium3_ed25519" +#define dilithium3_ed25519_pem_type "dilithium3_ed25519" +#define dilithium3_pss3072_evp_type 0 +#define dilithium3_pss3072_input_type "dilithium3_pss3072" +#define dilithium3_pss3072_pem_type "dilithium3_pss3072" +#define dilithium5_bp384_evp_type 0 +#define dilithium5_bp384_input_type "dilithium5_bp384" +#define dilithium5_bp384_pem_type "dilithium5_bp384" +#define dilithium5_ed448_evp_type 0 +#define dilithium5_ed448_input_type "dilithium5_ed448" +#define dilithium5_ed448_pem_type "dilithium5_ed448" +#define falcon512_bp256_evp_type 0 +#define falcon512_bp256_input_type "falcon512_bp256" +#define falcon512_bp256_pem_type "falcon512_bp256" +#define falcon512_ed25519_evp_type 0 +#define falcon512_ed25519_input_type "falcon512_ed25519" +#define falcon512_ed25519_pem_type "falcon512_ed25519" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -1476,7 +1488,8 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) return 0; break; case KEY_TYPE_CMP_SIG: - if (BIO_printf(out, "%s composite private key:\n", okey->tls_name) <= 0) + if (BIO_printf(out, "%s composite private key:\n", okey->tls_name) + <= 0) return 0; break; default: @@ -1502,7 +1515,8 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) return 0; break; case KEY_TYPE_CMP_SIG: - if (BIO_printf(out, "%s composite public key:\n", okey->tls_name) <= 0) + if (BIO_printf(out, "%s composite public key:\n", okey->tls_name) + <= 0) return 0; break; default: @@ -1513,58 +1527,65 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (okey->privkey) { - if (okey->keytype == KEY_TYPE_CMP_SIG){ + if (okey->keytype == KEY_TYPE_CMP_SIG) { char *name; char label[200]; int i, privlen; - for (i = 0; i < okey->numkeys; i++){ - if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL){ + for (i = 0; i < okey->numkeys; i++) { + if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; } sprintf(label, "%s key material:", name); - if(get_oqsname_fromtls(name) == 0 //classical key - && okey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(okey->comp_privkey[i], 4); + if (get_oqsname_fromtls(name) == 0 // classical key + && okey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { // get the RSA real key size + unsigned char *enc_len + = OPENSSL_strndup(okey->comp_privkey[i], 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(privlen, enc_len); privlen += 4; OPENSSL_free(enc_len); - if (privlen > okey->privkeylen_cmp[i]){ + if (privlen > okey->privkeylen_cmp[i]) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } - }else - privlen = okey->privkeylen_cmp[i]; - if (!print_labeled_buf(out, label, - okey->comp_privkey[i], privlen)) + } else + privlen = okey->privkeylen_cmp[i]; + if (!print_labeled_buf(out, label, okey->comp_privkey[i], + privlen)) return 0; - + OPENSSL_free(name); } - }else{ + } else { if (okey->numkeys > 1) { // hybrid key char classic_label[200]; int classic_key_len = 0; - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); + sprintf(classic_label, "%s key material:", + OBJ_nid2sn(okey->evp_info->nid)); DECODE_UINT32(classic_key_len, okey->privkey); if (!print_labeled_buf(out, classic_label, - okey->comp_privkey[0], classic_key_len)) + okey->comp_privkey[0], + classic_key_len)) return 0; /* finally print pure PQ key */ - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_privkey[okey->numkeys - 1], - okey->privkeylen - classic_key_len - - SIZE_OF_UINT32)) + if (!print_labeled_buf( + out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen - classic_key_len + - SIZE_OF_UINT32)) return 0; } else { // plain PQ key - if (!print_labeled_buf(out, "PQ key material:", - okey->comp_privkey[okey->numkeys - 1], - okey->privkeylen)) + if (!print_labeled_buf( + out, "PQ key material:", + okey->comp_privkey[okey->numkeys - 1], + okey->privkeylen)) return 0; } } @@ -1572,44 +1593,46 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { if (okey->pubkey) { - if (okey->keytype == KEY_TYPE_CMP_SIG){ + if (okey->keytype == KEY_TYPE_CMP_SIG) { char *name; char label[200]; int i; - for (i = 0; i < okey->numkeys; i++){ - if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL){ + for (i = 0; i < okey->numkeys; i++) { + if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; } sprintf(label, "%s key material:", name); - if (!print_labeled_buf(out, label, - okey->comp_pubkey[i], okey->pubkeylen_cmp[i])) + if (!print_labeled_buf(out, label, okey->comp_pubkey[i], + okey->pubkeylen_cmp[i])) return 0; - + OPENSSL_free(name); } - }else{ + } else { if (okey->numkeys > 1) { // hybrid key char classic_label[200]; int classic_key_len = 0; DECODE_UINT32(classic_key_len, okey->pubkey); - sprintf(classic_label, - "%s key material:", OBJ_nid2sn(okey->evp_info->nid)); - if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0], - classic_key_len)) + sprintf(classic_label, "%s key material:", + OBJ_nid2sn(okey->evp_info->nid)); + if (!print_labeled_buf(out, classic_label, + okey->comp_pubkey[0], + classic_key_len)) return 0; /* finally print pure PQ key */ if (!print_labeled_buf(out, "PQ key material:", - okey->comp_pubkey[okey->numkeys - 1], - okey->pubkeylen - classic_key_len - - SIZE_OF_UINT32)) + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen - classic_key_len + - SIZE_OF_UINT32)) return 0; } else { // PQ key only if (!print_labeled_buf(out, "PQ key material:", - okey->comp_pubkey[okey->numkeys - 1], - okey->pubkeylen)) + okey->comp_pubkey[okey->numkeys - 1], + okey->pubkeylen)) return 0; } } diff --git a/oqsprov/oqs_kem.c b/oqsprov/oqs_kem.c index fee636bb..ce68ef39 100644 --- a/oqsprov/oqs_kem.c +++ b/oqsprov/oqs_kem.c @@ -171,7 +171,8 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx + = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; size_t pubkey_kexlen = 0; size_t kexDeriveLen = 0, pkeylen = 0; @@ -249,7 +250,8 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx + = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; size_t pubkey_kexlen = evp_ctx->evp_info->length_public_key; size_t kexDeriveLen = evp_ctx->evp_info->kex_length_secret; @@ -351,7 +353,8 @@ static int oqs_hyb_kem_decaps(void *vpkemctx, unsigned char *secret, { int ret = OQS_SUCCESS; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx + = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; const OQS_KEM *qs_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; size_t secretLen0 = 0, secretLen1 = 0; diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index e5abf132..dcde2dbc 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -468,10 +468,8 @@ static void *oqsx_gen_init(void *provctx, int selection, char *oqs_name, OSSL_LIB_CTX *libctx = PROV_OQS_LIBCTX_OF(provctx); struct oqsx_gen_ctx *gctx = NULL; - OQS_KM_PRINTF2("OQSKEYMGMT: gen_init called for key %s \n", oqs_name); - if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; gctx->cmp_name = NULL; @@ -865,229 +863,196 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 22); } - static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 23); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 23); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 23); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 23); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 24); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 24); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 24); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 24); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 25); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 25); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 25); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 25); } static void *dilithium5_p384_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 26); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 26); } static void *dilithium5_p384_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 26); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 26); } static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 27); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 27); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 27); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 27); } static void *dilithium3_ed25519_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 28); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 28); } static void *dilithium3_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 28); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 28); } static void *dilithium5_bp384_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 29); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 29); } static void *dilithium5_bp384_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 29); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 29); } static void *dilithium5_ed448_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 30); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 30); } static void *dilithium5_ed448_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 30); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 30); } static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init - (provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); } static void *falcon512_ed25519_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); } static void *falcon512_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } static void *dilithium3_pss3072_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 33); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 33); } static void *dilithium3_pss3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 33); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 33); } static void *dilithium2_pss2048_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 34); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 34); } static void *dilithium2_pss2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 34); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 34); } static void *dilithium2_rsa2048_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 35); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 35); } static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 35); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 35); } static void *dilithium2_ed25519_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 36); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 36); } static void *dilithium2_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 36); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 36); } static void *dilithium2_p256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 37); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 37); } static void *dilithium2_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 37); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 37); } static void *dilithium2_bp256_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 38); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 38); } static void *dilithium2_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init - (provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 38); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 38); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index fb7a7ee6..79d5edaa 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -158,7 +158,7 @@ struct oqsx_key_st { #ifdef USE_ENCODING_LIB OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif - EVP_PKEY** cmp_classical_pkey; + EVP_PKEY **cmp_classical_pkey; EVP_PKEY *classical_pkey; // for hybrid sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; @@ -177,8 +177,8 @@ struct oqsx_key_st { #endif int references; - /* point to actual priv key material -- classic key, if present, first, unless is composite - * i.e., OQS key always at comp_*key[numkeys-1] + /* point to actual priv key material -- classic key, if present, first, + * unless is composite i.e., OQS key always at comp_*key[numkeys-1] */ void **comp_privkey; void **comp_pubkey; @@ -192,17 +192,17 @@ struct oqsx_key_st { typedef struct oqsx_key_st OQSX_KEY; -//composite signature -struct SignatureModel{ - ASN1_BIT_STRING *sig1; - ASN1_BIT_STRING *sig2; +// composite signature +struct SignatureModel { + ASN1_BIT_STRING *sig1; + ASN1_BIT_STRING *sig2; }; typedef struct SignatureModel CompositeSignature; char *get_oqsname_fromtls(char *tlsname); char *get_oqsname(int nid); -char* get_cmpname(int nid, int index); +char *get_cmpname(int nid, int index); int get_oqsalg_idx(int nid); /* Register given NID with tlsname in OSSL3 registry */ @@ -1405,150 +1405,278 @@ extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions []; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 8a9bec70..1dddeb4e 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,13 +27,13 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -#ifdef OQS_KEM_ENCODERS /*idx to the first composite in the composite idx block*/ -# define COMPOSITE_IDX_ADJUST 65 +#ifdef OQS_KEM_ENCODERS /*idx to the first composite in the composite idx \ + block*/ +# define COMPOSITE_IDX_ADJUST 65 #else -# define COMPOSITE_IDX_ADJUST 23 +# define COMPOSITE_IDX_ADJUST 23 #endif - #ifdef NDEBUG # define OQS_SIG_PRINTF(a) # define OQS_SIG_PRINTF2(a, b) @@ -104,19 +104,19 @@ IMPLEMENT_ASN1_FUNCTIONS(CompositeSignature) typedef struct { - OSSL_LIB_CTX *libctx; - char *propq; - OQSX_KEY *sig; + OSSL_LIB_CTX *libctx; + char *propq; + OQSX_KEY *sig; - /* - * Flag to determine if the hash function can be changed (1) or not (0) - * Because it's dangerous to change during a DigestSign or DigestVerify - * operation, this flag is cleared by their Init function, and set again - * by their Final function. - */ - unsigned int flag_allow_md : 1; + /* + * Flag to determine if the hash function can be changed (1) or not (0) + * Because it's dangerous to change during a DigestSign or DigestVerify + * operation, this flag is cleared by their Init function, and set again + * by their Final function. + */ + unsigned int flag_allow_md : 1; - char mdname[OSSL_MAX_NAME_SIZE]; + char mdname[OSSL_MAX_NAME_SIZE]; /* The Algorithm Identifier of the combined signature algorithm */ unsigned char *aid; @@ -131,17 +131,15 @@ typedef struct int operation; } PROV_OQSSIG_CTX; - - static void *oqs_sig_newctx(void *provctx, const char *propq) { - PROV_OQSSIG_CTX *poqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx; OQS_SIG_PRINTF2("OQS SIG provider: newctx called with propq %s\n", propq); - poqs_sigctx = OPENSSL_zalloc(sizeof(PROV_OQSSIG_CTX)); - if (poqs_sigctx == NULL) - return NULL; + poqs_sigctx = OPENSSL_zalloc(sizeof(PROV_OQSSIG_CTX)); + if (poqs_sigctx == NULL) + return NULL; poqs_sigctx->libctx = ((PROV_OQS_CTX *)provctx)->libctx; if (propq != NULL && (poqs_sigctx->propq = OPENSSL_strdup(propq)) == NULL) { @@ -160,9 +158,8 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, if (mdprops == NULL) mdprops = ctx->propq; - if (mdname != NULL) - { - EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); if ((md == NULL) || (EVP_MD_nid(md) == NID_undef)) { if (md == NULL) @@ -177,10 +174,10 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, EVP_MD_free(ctx->md); ctx->md = NULL; - if (ctx->aid) - OPENSSL_free(ctx->aid); - ctx->aid = NULL; // ensure next function allocates memory - ctx->aid_len = get_aid(&(ctx->aid), ctx->sig->tls_name); + if (ctx->aid) + OPENSSL_free(ctx->aid); + ctx->aid = NULL; // ensure next function allocates memory + ctx->aid_len = get_aid(&(ctx->aid), ctx->sig->tls_name); ctx->md = md; OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); @@ -191,7 +188,7 @@ static int oqs_sig_setup_md(PROV_OQSSIG_CTX *ctx, const char *mdname, static int oqs_sig_signverify_init(void *vpoqs_sigctx, void *voqssig, int operation) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF("OQS SIG provider: signverify_init called\n"); if (poqs_sigctx == NULL || voqssig == NULL || !oqsx_key_up_ref(voqssig)) @@ -211,53 +208,53 @@ static int oqs_sig_signverify_init(void *vpoqs_sigctx, void *voqssig, static int oqs_sig_sign_init(void *vpoqs_sigctx, void *voqssig, const OSSL_PARAM params[]) { - OQS_SIG_PRINTF("OQS SIG provider: sign_init called\n"); - return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_SIGN); + OQS_SIG_PRINTF("OQS SIG provider: sign_init called\n"); + return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_SIGN); } static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, const OSSL_PARAM params[]) { - OQS_SIG_PRINTF("OQS SIG provider: verify_init called\n"); - return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); + OQS_SIG_PRINTF("OQS SIG provider: verify_init called\n"); + return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } static const char *composite_OID_prefix[] = { - "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", //dilithium3_rsa3072 - "69642D4D4C44534136352D45434453412D503235362D534841323536", //dilithium3_p256 - "69642D46616C6F6E3531322D45434453412D503235362D534841323536", //falcon512_p256 - "69642D4D4C44534138372D45434453412D503338342D534841333834", //dilithium5_p384 - "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", //dilithium3_bp256 - "69642D4D4C44534136352D456432353531392D534841353132", //dilithium3_ed25519 - "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", //dilithium5_bp384 - "69642D4D4C44534138372D45643434382D5348414B45323536", //dilithium5_ed448 - "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", //falcon512_bp256 - "69642D46616C636F6E3531322D456432353531392D534841353132", //falcon512_ed25519 - "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss3072 - "69642D4D4C44534134342D525341323034382D5053532D534841323536", //dilithium2_pss2048 - "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", //dilithium2_rsa2048 - "69642D4D4C44534134342D456432353531392D534841353132", //dilithium2_ed25519 - "69642D4D4C44534134342D45434453412D503235362D534841323536", //dilithium2_p256 - "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", //dilithium2_bp256 + "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", // dilithium3_rsa3072 + "69642D4D4C44534136352D45434453412D503235362D534841323536", // dilithium3_p256 + "69642D46616C6F6E3531322D45434453412D503235362D534841323536", // falcon512_p256 + "69642D4D4C44534138372D45434453412D503338342D534841333834", // dilithium5_p384 + "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium3_bp256 + "69642D4D4C44534136352D456432353531392D534841353132", // dilithium3_ed25519 + "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", // dilithium5_bp384 + "69642D4D4C44534138372D45643434382D5348414B45323536", // dilithium5_ed448 + "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", // falcon512_bp256 + "69642D46616C636F6E3531322D456432353531392D534841353132", // falcon512_ed25519 + "69642D4D4C44534136352D525341333037322D5053532D534841323536", // dilithium3_pss3072 + "69642D4D4C44534134342D525341323034382D5053532D534841323536", // dilithium2_pss2048 + "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", // dilithium2_rsa2048 + "69642D4D4C44534134342D456432353531392D534841353132", // dilithium2_ed25519 + "69642D4D4C44534134342D45434453412D503235362D534841323536", // dilithium2_p256 + "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium2_bp256 }; static const size_t composite_OID_prefix_len[] = { - 64, //dilithium3_rsa3072 - 56, //dilithium3_p256 - 58, //falcon512_p256 - 56, //dilithium5_p384 - 78, //dilithium3_bp256 - 50, //dilithium3_ed25519 - 78, //dilithium5_bp384 - 50, //dilithium5_ed448 - 82, //falcon512_bp256 - 54, //falcon512_ed25519 - 58, //dilithium3_pss3072 - 58, //dilithium2_pss2048 - 64, //dilithium2_rsa2048 - 50, //dilithium2_ed25519 - 56, //dilithium2_p256 - 78, //dilithium2_bp256 + 64, // dilithium3_rsa3072 + 56, // dilithium3_p256 + 58, // falcon512_p256 + 56, // dilithium5_p384 + 78, // dilithium3_bp256 + 50, // dilithium3_ed25519 + 78, // dilithium5_bp384 + 50, // dilithium5_ed448 + 82, // falcon512_bp256 + 54, // falcon512_ed25519 + 58, // dilithium3_pss3072 + 58, // dilithium2_pss2048 + 64, // dilithium2_rsa2048 + 50, // dilithium2_ed25519 + 56, // dilithium2_p256 + 78, // dilithium2_bp256 }; /* On entry to this function, data to be signed (tbs) might have been hashed @@ -267,45 +264,40 @@ static const size_t composite_OID_prefix_len[] = { static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; - EVP_PKEY *oqs_key_classic = NULL; - EVP_PKEY *cmp_key_classic = NULL; - EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, we're running hybrid - EVP_PKEY_CTX *classical_ctx_sign = NULL; - - OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - - int is_hybrid = evpkey != NULL; - int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); - size_t max_sig_len = 0; - size_t classical_sig_len = 0, oqs_sig_len = 0; - size_t actual_classical_sig_len = 0; - size_t index = 0; - int rv = 0; - - if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); - return rv; - } + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + OQSX_KEY *oqsxkey = poqs_sigctx->sig; + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; + EVP_PKEY *oqs_key_classic = NULL; + EVP_PKEY *cmp_key_classic = NULL; + EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, + // we're running hybrid + EVP_PKEY_CTX *classical_ctx_sign = NULL; + + OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - if (is_composite) - { - max_sig_len = oqsx_key_maxsize(oqsxkey); - }else - { - max_sig_len += oqs_key->length_signature; - } + int is_hybrid = evpkey != NULL; + int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); + size_t max_sig_len = 0; + size_t classical_sig_len = 0, oqs_sig_len = 0; + size_t actual_classical_sig_len = 0; + size_t index = 0; + int rv = 0; - if (is_hybrid) - { - actual_classical_sig_len = oqsxkey->evp_info->length_signature; - max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); - } + if (!oqsxkey || !(oqs_key || oqs_key_classic) || !oqsxkey->privkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_NO_PRIVATE_KEY); + return rv; + } - + if (is_composite) { + max_sig_len = oqsx_key_maxsize(oqsxkey); + } else { + max_sig_len += oqs_key->length_signature; + } + + if (is_hybrid) { + actual_classical_sig_len = oqsxkey->evp_info->length_signature; + max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); + } if (sig == NULL) { *siglen = max_sig_len; @@ -391,237 +383,265 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, index += classical_sig_len; } - if (is_composite) - { - unsigned char *buf; - CompositeSignature *compsig = CompositeSignature_new(); - int i; - int nid = OBJ_sn2nid(oqsxkey->tls_name); - const char *oid_prefix = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; - const size_t oid_prefix_len = composite_OID_prefix_len[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; - char *final_tbs; - size_t final_tbslen = oid_prefix_len; - - //prepare the pre hash - for (i = 0; i < oqsxkey->numkeys; i++){ - char *name; - if ((name = get_cmpname(nid, i)) == NULL){ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - unsigned char *tbs_hash; - if (!get_oqsname_fromtls(name)){ - if (name[0] == 'e'){//ed25519 or ed448 - if(name[2] == '2'){//ed25519 - tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); - SHA512(tbs, tbslen, tbs_hash); - final_tbslen += SHA512_DIGEST_LENGTH; - }else{//ed4448 - EVP_MD_CTX *shake = EVP_MD_CTX_new(); - unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; - tbs_hash = OPENSSL_malloc(tbs_hash_len); - - if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) - || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) - || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - final_tbslen += tbs_hash_len; - EVP_MD_CTX_free(shake); - } - }else if ((name[0] == 'p') - || (name[0] == 'b') - || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 - int aux; - if (name[0] == 'b') - aux = 2; - else - aux = 1; - switch(name[aux]){ - case 's'://pss or rsa - case '2'://p256 or bp256 - tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); - SHA256(tbs, tbslen, tbs_hash); - final_tbslen += SHA256_DIGEST_LENGTH; - break; - case '3'://p384 or bp384 - tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); - SHA384(tbs, tbslen, tbs_hash); - final_tbslen += SHA384_DIGEST_LENGTH; - break; - default: + if (is_composite) { + unsigned char *buf; + CompositeSignature *compsig = CompositeSignature_new(); + int i; + int nid = OBJ_sn2nid(oqsxkey->tls_name); + const char *oid_prefix + = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + const size_t oid_prefix_len + = composite_OID_prefix_len[get_oqsalg_idx(nid) + - COMPOSITE_IDX_ADJUST]; + char *final_tbs; + size_t final_tbslen = oid_prefix_len; + + // prepare the pre hash + for (i = 0; i < oqsxkey->numkeys; i++) { + char *name; + if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); goto endsign; } - }else{ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, oid_prefix_len); - memcpy(final_tbs + oid_prefix_len, tbs_hash, final_tbslen - oid_prefix_len); - OPENSSL_free(tbs_hash); - } - OPENSSL_free(name); - } - - for (i = 0; i < oqsxkey->numkeys; i++){ - char *name; - if((name = get_cmpname(nid, i)) == NULL){ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - - if (get_oqsname_fromtls(name)){ //PQC signing - oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; - buf = OPENSSL_malloc(oqs_sig_len); - if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)) { + if (name[0] == 'e') { // ed25519 or ed448 + if (name[2] == '2') { // ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + } else { // ed4448 + EVP_MD_CTX *shake = EVP_MD_CTX_new(); + unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; + tbs_hash = OPENSSL_malloc(tbs_hash_len); + + if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) + <= 0) + || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) + || (EVP_DigestFinalXOF(shake, tbs_hash, + tbs_hash_len) + <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + goto endsign; + } + final_tbslen += tbs_hash_len; + EVP_MD_CTX_free(shake); + } + } else if ((name[0] == 'p') || (name[0] == 'b') + || (name[0] == 'r')) { // p256 or p384 or bp256 or + // bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch (name[aux]) { + case 's': // pss or rsa + case '2': // p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3': // p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + goto endsign; + } + } else { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + goto endsign; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_prefix, oid_prefix_len); + memcpy(final_tbs + oid_prefix_len, tbs_hash, + final_tbslen - oid_prefix_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); } - }else - { // sign non PQC key on oqs_key - oqs_key_classic = oqsxkey->cmp_classical_pkey[i]; - oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; - buf = OPENSSL_malloc(oqs_sig_len); - const EVP_MD *classical_md; - EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); - int digest_len; - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - if (name[0] == 'e'){ //ed25519 or ed448 - if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 ) - || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs, final_tbslen) <= 0)){ - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } - }else { - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL - || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } - - if (!strncmp(name, "pss", 3)) - { - if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) - || (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) - || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } - } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } - } - - if ((name[0] == 'p') - || (name[0] == 'b') - || (name[0] == 'r')) - { - int aux; - if(name[0] == 'b'){ - aux = 2; - }else { - aux = 1; - } - switch(name[aux]){ - case 's'://pss or rsa - case '2'://p256 or bp256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - case '3'://p384 or bp384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - case '5'://p512 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - default: + for (i = 0; i < oqsxkey->numkeys; i++) { + char *name; + if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); - OPENSSL_free(buf); goto endsign; } - } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) - || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } + if (get_oqsname_fromtls(name)) { // PQC signing + oqs_sig_len = oqsxkey->oqsx_provider_ctx[i] + .oqsx_qs_ctx.sig->length_signature; + buf = OPENSSL_malloc(oqs_sig_len); + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, + final_tbslen, oqsxkey->comp_privkey[i]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } else { // sign non PQC key on oqs_key + oqs_key_classic = oqsxkey->cmp_classical_pkey[i]; + oqs_sig_len = oqsxkey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_signature; + buf = OPENSSL_malloc(oqs_sig_len); + const EVP_MD *classical_md; + EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); + int digest_len; + unsigned char + digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if (name[0] == 'e') { // ed25519 or ed448 + if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, + oqs_key_classic) + <= 0) + || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, + final_tbs, final_tbslen) + <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } else { + if ((classical_ctx_sign + = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) + == NULL + || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + + if (!strncmp(name, "pss", 3)) { + if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, + RSA_PKCS1_PSS_PADDING) + <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen( + classical_ctx_sign, 64) + <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, + EVP_sha256()) + <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } else if (oqsxkey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { + if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, + RSA_PKCS1_PADDING) + <= 0) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } + + if ((name[0] == 'p') || (name[0] == 'b') + || (name[0] == 'r')) { + int aux; + if (name[0] == 'b') { + aux = 2; + } else { + aux = 1; + } + switch (name[aux]) { + case 's': // pss or rsa + case '2': // p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + case '3': // p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + case '5': // p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } + + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, + classical_md) + <= 0) + || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, + digest, digest_len) + <= 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + + if (oqs_sig_len + > oqsxkey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_signature) { + /* sig is bigger than expected */ + ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } + } + + if (i == 0) { + compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig1->length = oqs_sig_len; + compsig->sig1->flags + = 8; // set as 8 to not check for unused bits + } else { + compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); + compsig->sig2->length = oqs_sig_len; + compsig->sig2->flags + = 8; // set as 8 to not check for unused bits + } - if (oqs_sig_len > oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature) - { - /* sig is bigger than expected */ - ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); - OPENSSL_free(name); OPENSSL_free(buf); - goto endsign; - } + OPENSSL_free(name); } - } - - if (i == 0){ - compsig->sig1->data = OPENSSL_memdup(buf, oqs_sig_len); - compsig->sig1->length = oqs_sig_len; - compsig->sig1->flags = 8; //set as 8 to not check for unused bits - }else{ - compsig->sig2->data = OPENSSL_memdup(buf, oqs_sig_len); - compsig->sig2->length = oqs_sig_len; - compsig->sig2->flags = 8; //set as 8 to not check for unused bits - } - - OPENSSL_free(buf); - OPENSSL_free(name); + oqs_sig_len = i2d_CompositeSignature(compsig, &sig); + + OPENSSL_free(compsig->sig1->data); + OPENSSL_free(compsig->sig2->data); + OPENSSL_free(compsig); + OPENSSL_free(final_tbs); + } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, + oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + goto endsign; } - oqs_sig_len = i2d_CompositeSignature(compsig, &sig); - - OPENSSL_free(compsig->sig1->data); - OPENSSL_free(compsig->sig2->data); - OPENSSL_free(compsig); - OPENSSL_free(final_tbs); - } - else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); - goto endsign; - } - - *siglen = classical_sig_len + oqs_sig_len; - OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", *siglen); - rv = 1; /* success */ + + *siglen = classical_sig_len + oqs_sig_len; + OQS_SIG_PRINTF2("OQS SIG provider: signing completes with size %ld\n", + *siglen); + rv = 1; /* success */ endsign: if (classical_ctx_sign) { @@ -646,7 +666,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; int rv = 0; - ASN1_BIT_STRING *comp_sig; + ASN1_BIT_STRING *comp_sig; OQS_SIG_PRINTF3( "OQS SIG provider: verify called with siglen %ld bytes and tbslen %ld\n", @@ -724,216 +744,234 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, classical_sig_len = SIZE_OF_UINT32 + actual_classical_sig_len; index += classical_sig_len; } - if(is_composite){ - CompositeSignature* compsig; - int i; - int nid = OBJ_sn2nid(oqsxkey->tls_name); - unsigned char *buf; - size_t buf_len; - const char *oid_prefix = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; - const size_t oid_prefix_len = composite_OID_prefix_len[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; - char *final_tbs; - size_t final_tbslen = oid_prefix_len; - - if((compsig = d2i_CompositeSignature(NULL, &sig, siglen)) == NULL) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - - //prepare the pre-hash - for (i = 0; i < oqsxkey->numkeys; i++){ - char *name; - if ((name = get_cmpname(nid, i)) == NULL){ - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; + if (is_composite) { + CompositeSignature *compsig; + int i; + int nid = OBJ_sn2nid(oqsxkey->tls_name); + unsigned char *buf; + size_t buf_len; + const char *oid_prefix + = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + const size_t oid_prefix_len + = composite_OID_prefix_len[get_oqsalg_idx(nid) + - COMPOSITE_IDX_ADJUST]; + char *final_tbs; + size_t final_tbslen = oid_prefix_len; + + if ((compsig = d2i_CompositeSignature(NULL, &sig, siglen)) == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; } - unsigned char *tbs_hash; - if (!get_oqsname_fromtls(name)){ - if (name[0] == 'e'){//ed25519 or ed448 - if(name[2] == '2'){//ed25519 - tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); - SHA512(tbs, tbslen, tbs_hash); - final_tbslen += SHA512_DIGEST_LENGTH; - }else{//ed4448 - EVP_MD_CTX *shake = EVP_MD_CTX_new(); - unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; - tbs_hash = OPENSSL_malloc(tbs_hash_len); - - if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) <= 0) - || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) - || (EVP_DigestFinalXOF(shake, tbs_hash, tbs_hash_len) <= 0 )){ + + // prepare the pre-hash + for (i = 0; i < oqsxkey->numkeys; i++) { + char *name; + if ((name = get_cmpname(nid, i)) == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - final_tbslen += tbs_hash_len; - EVP_MD_CTX_free(shake); + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)) { + if (name[0] == 'e') { // ed25519 or ed448 + if (name[2] == '2') { // ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + } else { // ed4448 + EVP_MD_CTX *shake = EVP_MD_CTX_new(); + unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; + tbs_hash = OPENSSL_malloc(tbs_hash_len); + + if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) + <= 0) + || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) + || (EVP_DigestFinalXOF(shake, tbs_hash, + tbs_hash_len) + <= 0)) { + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + final_tbslen += tbs_hash_len; + EVP_MD_CTX_free(shake); + } + } else if ((name[0] == 'p') || (name[0] == 'b') + || (name[0] == 'r')) { // p256 or p384 or bp256 or + // bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch (name[aux]) { + case 's': // pss or rsa + case '2': // p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3': // p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } else { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_prefix, oid_prefix_len); + memcpy(final_tbs + oid_prefix_len, tbs_hash, + final_tbslen - oid_prefix_len); + OPENSSL_free(tbs_hash); } - }else if ((name[0] == 'p') - || (name[0] == 'b') - || (name[0] == 'r')){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 - int aux; - if (name[0] == 'b') - aux = 2; - else - aux = 1; - switch(name[aux]){ - case 's'://pss or rsa - case '2'://p256 or bp256 - tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); - SHA256(tbs, tbslen, tbs_hash); - final_tbslen += SHA256_DIGEST_LENGTH; - break; - case '3'://p384 or bp384 - tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); - SHA384(tbs, tbslen, tbs_hash); - final_tbslen += SHA384_DIGEST_LENGTH; - break; - default: - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; - } - }else{ - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); - goto endverify; - } - final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, oid_prefix_len); - memcpy(final_tbs + oid_prefix_len, tbs_hash, final_tbslen - oid_prefix_len); - OPENSSL_free(tbs_hash); - } - OPENSSL_free(name); - } - - for(i = 0; i < oqsxkey->numkeys; i++){ - if (i == 0){ - buf = compsig->sig1->data; - buf_len = compsig->sig1->length; - }else{ - buf = compsig->sig2->data; - buf_len = compsig->sig2->length; - } - - char *name; - if((name = get_cmpname(nid, i)) == NULL){ - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; } - if (get_oqsname_fromtls(name)){ - if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; - } - }else{ - const EVP_MD *classical_md; - int digest_len; - int aux; - EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); - unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - if(name[0] == 'e'){ //ed25519 or ed448 - if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) - || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)){ - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; - } - } else { - if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL) - || (EVP_PKEY_verify_init(ctx_verify) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; + for (i = 0; i < oqsxkey->numkeys; i++) { + if (i == 0) { + buf = compsig->sig1->data; + buf_len = compsig->sig1->length; + } else { + buf = compsig->sig2->data; + buf_len = compsig->sig2->length; } - if (!strncmp(name, "pss", 3)) - { - if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) - || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) - || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - OPENSSL_free(name); - goto endverify; - } - } else if (oqsxkey->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) - { - if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - OPENSSL_free(name); - goto endverify; - } - } - if ((name[0] == 'p') - || (name[0] == 'b') - || (name[0] == 'r')) - { - int aux; - if(name[0] == 'b') - aux = 2; - else - aux = 1; - switch(name[aux]){ - case 's'://pss or rsa - case '2'://p256 or bp256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - case '3'://p384 or bp384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - case '5'://p512 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, (unsigned char *)&digest); - break; - default: - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + + char *name; + if ((name = get_cmpname(nid, i)) == NULL) { OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) - || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + + if (get_oqsname_fromtls(name)) { + if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, + buf_len, oqsxkey->comp_pubkey[i]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } else { + const EVP_MD *classical_md; + int digest_len; + int aux; + EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); + unsigned char + digest[SHA512_DIGEST_LENGTH]; /* init with max length */ + + if (name[0] == 'e') { // ed25519 or ed448 + if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, + oqsxkey->cmp_classical_pkey[i]) + <= 0) + || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, + final_tbslen) + <= 0)) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } else { + if (((ctx_verify = EVP_PKEY_CTX_new( + oqsxkey->cmp_classical_pkey[i], NULL)) + == NULL) + || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + if (!strncmp(name, "pss", 3)) { + if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_PSS_PADDING) + <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) + <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, + EVP_sha256()) + <= 0)) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + OPENSSL_free(name); + goto endverify; + } + } else if (oqsxkey->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { + if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_PADDING) + <= 0) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + OPENSSL_free(name); + goto endverify; + } + } + if ((name[0] == 'p') || (name[0] == 'b') + || (name[0] == 'r')) { + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch (name[aux]) { + case 's': // pss or rsa + case '2': // p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + case '3': // p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + case '5': // p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(final_tbs, final_tbslen, + (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) + <= 0) + || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, + digest_len) + <= 0)) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + goto endverify; + } + } + } + OPENSSL_free(name); + } + OPENSSL_free(compsig); + OPENSSL_free(final_tbs); + } else { + if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); goto endverify; - } - } - } - - OPENSSL_free(name); - } - OPENSSL_free(compsig); - OPENSSL_free(final_tbs); - }else - { - if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - goto endverify; - } - if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, - siglen - classical_sig_len, - oqsxkey->comp_pubkey[oqsxkey->numkeys-1]) - != OQS_SUCCESS) - { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } + } + if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index, + siglen - classical_sig_len, + oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) + != OQS_SUCCESS) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } } rv = 1; @@ -949,7 +987,7 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, const char *mdname, void *voqssig, int operation) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF2( "OQS SIG provider: digest_signverify_init called for mdname %s\n", @@ -959,8 +997,8 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, if (!oqs_sig_signverify_init(vpoqs_sigctx, voqssig, operation)) return 0; - if (!oqs_sig_setup_md(poqs_sigctx, mdname, NULL)) - return 0; + if (!oqs_sig_setup_md(poqs_sigctx, mdname, NULL)) + return 0; if (mdname != NULL) { poqs_sigctx->mdctx = EVP_MD_CTX_new(); @@ -971,7 +1009,7 @@ static int oqs_sig_digest_signverify_init(void *vpoqs_sigctx, goto error; } - return 1; + return 1; error: EVP_MD_CTX_free(poqs_sigctx->mdctx); @@ -1001,9 +1039,9 @@ static int oqs_sig_digest_verify_init(void *vpoqs_sigctx, const char *mdname, int oqs_sig_digest_signverify_update(void *vpoqs_sigctx, const unsigned char *data, size_t datalen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: digest_signverify_update called\n"); + OQS_SIG_PRINTF("OQS SIG provider: digest_signverify_update called\n"); if (poqs_sigctx == NULL) return 0; @@ -1039,13 +1077,13 @@ int oqs_sig_digest_signverify_update(void *vpoqs_sigctx, int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, size_t sigsize) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; - OQS_SIG_PRINTF("OQS SIG provider: digest_sign_final called\n"); - if (poqs_sigctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: digest_sign_final called\n"); + if (poqs_sigctx == NULL) + return 0; /* * If sig is NULL then we're just finding out the sig size. Other fields @@ -1062,7 +1100,7 @@ int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, return 0; } - poqs_sigctx->flag_allow_md = 1; + poqs_sigctx->flag_allow_md = 1; if (poqs_sigctx->mdctx != NULL) return oqs_sig_sign(vpoqs_sigctx, sig, siglen, sigsize, digest, @@ -1075,13 +1113,13 @@ int oqs_sig_digest_sign_final(void *vpoqs_sigctx, unsigned char *sig, int oqs_sig_digest_verify_final(void *vpoqs_sigctx, const unsigned char *sig, size_t siglen) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; - OQS_SIG_PRINTF("OQS SIG provider: digest_verify_final called\n"); - if (poqs_sigctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: digest_verify_final called\n"); + if (poqs_sigctx == NULL) + return 0; // TBC for hybrids: if (poqs_sigctx->mdctx) { @@ -1098,7 +1136,7 @@ int oqs_sig_digest_verify_final(void *vpoqs_sigctx, const unsigned char *sig, static void oqs_sig_freectx(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *ctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *ctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQS_SIG_PRINTF("OQS SIG provider: freectx called\n"); OPENSSL_free(ctx->propq); @@ -1119,27 +1157,27 @@ static void oqs_sig_freectx(void *vpoqs_sigctx) static void *oqs_sig_dupctx(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *srcctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - PROV_OQSSIG_CTX *dstctx; + PROV_OQSSIG_CTX *srcctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *dstctx; - OQS_SIG_PRINTF("OQS SIG provider: dupctx called\n"); + OQS_SIG_PRINTF("OQS SIG provider: dupctx called\n"); - dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) - return NULL; + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; - *dstctx = *srcctx; - dstctx->sig = NULL; - dstctx->md = NULL; - dstctx->mdctx = NULL; + *dstctx = *srcctx; + dstctx->sig = NULL; + dstctx->md = NULL; + dstctx->mdctx = NULL; - if (srcctx->sig != NULL && !oqsx_key_up_ref(srcctx->sig)) - goto err; - dstctx->sig = srcctx->sig; + if (srcctx->sig != NULL && !oqsx_key_up_ref(srcctx->sig)) + goto err; + dstctx->sig = srcctx->sig; - if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) - goto err; - dstctx->md = srcctx->md; + if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) + goto err; + dstctx->md = srcctx->md; if (srcctx->mdctx != NULL) { dstctx->mdctx = EVP_MD_CTX_new(); @@ -1176,14 +1214,14 @@ static void *oqs_sig_dupctx(void *vpoqs_sigctx) static int oqs_sig_get_ctx_params(void *vpoqs_sigctx, OSSL_PARAM *params) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OSSL_PARAM *p; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + OSSL_PARAM *p; - OQS_SIG_PRINTF("OQS SIG provider: get_ctx_params called\n"); - if (poqs_sigctx == NULL || params == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: get_ctx_params called\n"); + if (poqs_sigctx == NULL || params == NULL) + return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); if (poqs_sigctx->aid == NULL) { poqs_sigctx->aid_len @@ -1195,11 +1233,11 @@ static int oqs_sig_get_ctx_params(void *vpoqs_sigctx, OSSL_PARAM *params) poqs_sigctx->aid_len)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, poqs_sigctx->mdname)) - return 0; + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, poqs_sigctx->mdname)) + return 0; - return 1; + return 1; } static const OSSL_PARAM known_gettable_ctx_params[] @@ -1211,17 +1249,17 @@ static const OSSL_PARAM * oqs_sig_gettable_ctx_params(ossl_unused void *vpoqs_sigctx, ossl_unused void *vctx) { - OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_params called\n"); - return known_gettable_ctx_params; + OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_params called\n"); + return known_gettable_ctx_params; } static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - const OSSL_PARAM *p; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + const OSSL_PARAM *p; - OQS_SIG_PRINTF("OQS SIG provider: set_ctx_params called\n"); - if (poqs_sigctx == NULL || params == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: set_ctx_params called\n"); + if (poqs_sigctx == NULL || params == NULL) + return 0; p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); /* Not allowed during certain operations */ @@ -1233,13 +1271,14 @@ static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PROPERTIES); - if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) - return 0; - if (propsp != NULL && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) - return 0; - if (!oqs_sig_setup_md(poqs_sigctx, mdname, mdprops)) - return 0; - } + if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + return 0; + if (propsp != NULL + && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + return 0; + if (!oqs_sig_setup_md(poqs_sigctx, mdname, mdprops)) + return 0; + } // not passing in parameters we can act on is no error return 1; @@ -1253,65 +1292,65 @@ static const OSSL_PARAM known_settable_ctx_params[] static const OSSL_PARAM *oqs_sig_settable_ctx_params(ossl_unused void *vpsm2ctx, ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - * NOTE: Ideally we would check poqs_sigctx->flag_allow_md, but this is - * problematic because there is no nice way of passing the - * PROV_OQSSIG_CTX down to this function... - * Because we have API's that dont know about their parent.. - * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). - * We could pass NULL for that case (but then how useful is the check?). - */ - OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_params called\n"); - return known_settable_ctx_params; + /* + * TODO(3.0): Should this function return a different set of settable ctx + * params if the ctx is being used for a DigestSign/DigestVerify? In that + * case it is not allowed to set the digest size/digest name because the + * digest is explicitly set as part of the init. + * NOTE: Ideally we would check poqs_sigctx->flag_allow_md, but this is + * problematic because there is no nice way of passing the + * PROV_OQSSIG_CTX down to this function... + * Because we have API's that dont know about their parent.. + * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). + * We could pass NULL for that case (but then how useful is the check?). + */ + OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_params called\n"); + return known_settable_ctx_params; } static int oqs_sig_get_ctx_md_params(void *vpoqs_sigctx, OSSL_PARAM *params) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: get_ctx_md_params called\n"); - if (poqs_sigctx->mdctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: get_ctx_md_params called\n"); + if (poqs_sigctx->mdctx == NULL) + return 0; - return EVP_MD_CTX_get_params(poqs_sigctx->mdctx, params); + return EVP_MD_CTX_get_params(poqs_sigctx->mdctx, params); } static const OSSL_PARAM *oqs_sig_gettable_ctx_md_params(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_md_params called\n"); - if (poqs_sigctx->md == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: gettable_ctx_md_params called\n"); + if (poqs_sigctx->md == NULL) + return 0; - return EVP_MD_gettable_ctx_params(poqs_sigctx->md); + return EVP_MD_gettable_ctx_params(poqs_sigctx->md); } static int oqs_sig_set_ctx_md_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - OQS_SIG_PRINTF("OQS SIG provider: set_ctx_md_params called\n"); - if (poqs_sigctx->mdctx == NULL) - return 0; + OQS_SIG_PRINTF("OQS SIG provider: set_ctx_md_params called\n"); + if (poqs_sigctx->mdctx == NULL) + return 0; - return EVP_MD_CTX_set_params(poqs_sigctx->mdctx, params); + return EVP_MD_CTX_set_params(poqs_sigctx->mdctx, params); } static const OSSL_PARAM *oqs_sig_settable_ctx_md_params(void *vpoqs_sigctx) { - PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; + PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; - if (poqs_sigctx->md == NULL) - return 0; + if (poqs_sigctx->md == NULL) + return 0; - OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_md_params called\n"); - return EVP_MD_settable_ctx_params(poqs_sigctx->md); + OQS_SIG_PRINTF("OQS SIG provider: settable_ctx_md_params called\n"); + return EVP_MD_settable_ctx_params(poqs_sigctx->md); } const OSSL_DISPATCH oqs_signature_functions[] diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index e300a86c..17d73480 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -261,15 +261,15 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium3_p256), DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, dilithium3_bp256), - DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, dilithium3_bp256), - DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, + DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, dilithium3_ed25519), - DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), - DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, + DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, dilithium3_pss3072), - DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, dilithium3_pss3072), #endif @@ -280,17 +280,17 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), p521_dilithium5), DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, p521_dilithium5), - DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, + DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, dilithium5_p384), - DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, dilithium5_p384), - DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, + DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, dilithium5_bp384), - DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, dilithium5_bp384), - DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, + DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, dilithium5_ed448), - DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, + DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 @@ -305,17 +305,16 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_falcon512), DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256), - DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, - falcon512_p256), + DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256), - DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, + DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, falcon512_bp256), - DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, + DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, falcon512_bp256), - DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, + DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, falcon512_ed25519), - DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, + DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 @@ -378,4 +377,4 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), #endif -///// OQS_TEMPLATE_FRAGMENT_MAKE_END + ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index e12e45cb..165fb62d 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -677,7 +677,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), + ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, @@ -691,43 +691,43 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_p256", dilithium3_p256), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), @@ -753,43 +753,43 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_dilithium5", p521_dilithium5), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium5_p384", dilithium5_p384), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif @@ -825,10 +825,8 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, - PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, der, EncryptedPrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, @@ -838,30 +836,30 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("falcon512_p256", falcon512_p256), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), ENCODER_TEXT("falcon512_bp256", falcon512_bp256), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, SubjectPublicKeyInfo), ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), #endif @@ -1061,4 +1059,4 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_TEXT("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple), #endif -///// OQS_TEMPLATE_FRAGMENT_MAKE_END + ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index bf7ad14e..24d02400 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -193,34 +193,34 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "2.16.840.1.114027.80.7.1.7", "dilithium3_rsa3072", "2.16.840.1.114027.80.7.1.8", - "dilithium3_p256", - "2.16.840.1.114027.80.7.1.9", - "dilithium3_bp256", - "2.16.840.1.114027.80.7.1.10", - "dilithium3_ed25519", - "2.16.840.1.114027.80.7.1.11", - "dilithium5_p384", - "2.16.840.1.114027.80.7.1.12", - "dilithium5_bp384", - "2.16.840.1.114027.80.7.1.13", - "dilithium5_ed448", - "2.16.840.1.114027.80.7.1.14", - "falcon512_p256", - "2.16.840.1.114027.80.7.1.15", - "falcon512_bp256", - "2.16.840.1.114027.80.7.1.16", - "falcon512_ed25519", - "2.16.840.1.114027.80.7.1.6", - "dilithium3_pss3072", - "2.16.840.1.114027.80.7.1.1", + "dilithium3_p256", + "2.16.840.1.114027.80.7.1.9", + "dilithium3_bp256", + "2.16.840.1.114027.80.7.1.10", + "dilithium3_ed25519", + "2.16.840.1.114027.80.7.1.11", + "dilithium5_p384", + "2.16.840.1.114027.80.7.1.12", + "dilithium5_bp384", + "2.16.840.1.114027.80.7.1.13", + "dilithium5_ed448", + "2.16.840.1.114027.80.7.1.14", + "falcon512_p256", + "2.16.840.1.114027.80.7.1.15", + "falcon512_bp256", + "2.16.840.1.114027.80.7.1.16", + "falcon512_ed25519", + "2.16.840.1.114027.80.7.1.6", + "dilithium3_pss3072", + "2.16.840.1.114027.80.7.1.1", "dilithium2_pss2048", - "2.16.840.1.114027.80.7.1.2", + "2.16.840.1.114027.80.7.1.2", "dilithium2_rsa2048", - "2.16.840.1.114027.80.7.1.3", + "2.16.840.1.114027.80.7.1.3", "dilithium2_ed25519", - "2.16.840.1.114027.80.7.1.4", + "2.16.840.1.114027.80.7.1.4", "dilithium2_p256", - "2.16.840.1.114027.80.7.1.5", + "2.16.840.1.114027.80.7.1.5", "dilithium2_bp256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4e75490b..76087dfc 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -17,7 +17,6 @@ #include #include - #ifdef NDEBUG # define OQS_KEY_PRINTF(a) # define OQS_KEY_PRINTF2(a, b) @@ -34,8 +33,7 @@ printf(a, b, c) #endif // NDEBUG -typedef enum -{ +typedef enum { KEY_OP_PUBLIC, KEY_OP_PRIVATE, KEY_OP_KEYGEN @@ -43,8 +41,7 @@ typedef enum /// NID/name table -typedef struct -{ +typedef struct { int nid; char *tlsname; char *oqsname; @@ -153,38 +150,22 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128}, - {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, - {0, "falcon512_p256", OQS_SIG_alg_falcon_512, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, - KEY_TYPE_CMP_SIG, 192}, - {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 256}, - {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, - KEY_TYPE_CMP_SIG, 384}, - {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, - KEY_TYPE_CMP_SIG, 192}, - {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, - KEY_TYPE_CMP_SIG, 256}, - {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, - KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, - KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, - KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, - KEY_TYPE_CMP_SIG, 256}, + {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, + {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, + {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, + {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; @@ -220,19 +201,17 @@ static int get_keytype(int nid) return 0; } - -char *get_oqsname_fromtls(char *tlsname) +char *get_oqsname_fromtls(char *tlsname) { int i; - for (i = 0; i < NID_TABLE_LEN; i++) - { - if (nid_names[i].keytype == KEY_TYPE_SIG) - { - if (!strcmp(nid_names[i].oqsname, tlsname) || !strcmp(nid_names[i].tlsname, tlsname)) + for (i = 0; i < NID_TABLE_LEN; i++) { + if (nid_names[i].keytype == KEY_TYPE_SIG) { + if (!strcmp(nid_names[i].oqsname, tlsname) + || !strcmp(nid_names[i].tlsname, tlsname)) return nid_names[i].oqsname; } } - return 0; //classical + return 0; // classical } char *get_oqsname(int nid) @@ -245,49 +224,49 @@ char *get_oqsname(int nid) return 0; } -char* get_cmpname(int nid, int index) +char *get_cmpname(int nid, int index) { int i, j; - char* name; - char* first_token; - char* token; - char* s; + char *name; + char *first_token; + char *token; + char *s; if ((i = get_oqsalg_idx(nid)) == -1) return NULL; s = OPENSSL_strdup(nid_names[i].tlsname); first_token = strtok_r(s, "_", &s); - if (index == 0){ - name = OPENSSL_strdup(first_token); - }else{ - for (j = 0; j < index; j ++) - token = strtok_r(s, "_", &s); + if (index == 0) { + name = OPENSSL_strdup(first_token); + } else { + for (j = 0; j < index; j++) + token = strtok_r(s, "_", &s); name = OPENSSL_strdup(token); } OPENSSL_free(first_token); return name; } -//count the amount of keys in the structure +// count the amount of keys in the structure int get_qntcmp(int nid) { int i; int index = 1; if ((i = get_oqsalg_idx(nid)) == -1) return -1; - if (nid_names[i].keytype == KEY_TYPE_CMP_SIG){ - char* s = OPENSSL_strdup(nid_names[i].tlsname); - char* first_token = strtok_r(s, "_", &s); - char* token; + if (nid_names[i].keytype == KEY_TYPE_CMP_SIG) { + char *s = OPENSSL_strdup(nid_names[i].tlsname); + char *first_token = strtok_r(s, "_", &s); + char *token; index = 0; - while (token != NULL){ + while (token != NULL) { token = strtok_r(s, "_", &s); index++; } OPENSSL_free(first_token); - }else{ + } else { if ((nid_names[i].keytype == KEY_TYPE_HYB_SIG) - ||(nid_names[i].keytype == KEY_TYPE_ECP_HYB_KEM) - ||(nid_names[i].keytype == KEY_TYPE_ECX_HYB_KEM)){ + || (nid_names[i].keytype == KEY_TYPE_ECP_HYB_KEM) + || (nid_names[i].keytype == KEY_TYPE_ECX_HYB_KEM)) { index = 2; } } @@ -314,56 +293,47 @@ static int oqsx_key_set_composites(OQSX_KEY *key) if (key->numkeys == 1) { key->comp_privkey[0] = key->privkey; key->comp_pubkey[0] = key->pubkey; - } - else - { // TBD: extend for more than 1 classic key or first OQS for composite: - if (key->keytype == KEY_TYPE_CMP_SIG){ + } else { // TBD: extend for more than 1 classic key or first OQS for + // composite: + if (key->keytype == KEY_TYPE_CMP_SIG) { int i; int privlen = 0; int publen = 0; - for (i = 0; i < key->numkeys; i++){ - if (key->privkey) - { + for (i = 0; i < key->numkeys; i++) { + if (key->privkey) { key->comp_privkey[i] = (char *)key->privkey + privlen; privlen += key->privkeylen_cmp[i]; - } - else - { + } else { key->comp_privkey[i] = NULL; } - if (key->pubkey) - { + if (key->pubkey) { key->comp_pubkey[i] = (char *)key->pubkey + publen; publen += key->pubkeylen_cmp[i]; - } - else - { + } else { key->comp_pubkey[i] = NULL; } } - }else{ - int classic_pubkey_len, classic_privkey_len; - - if (key->privkey) { - key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_privkey_len, key->privkey); - key->comp_privkey[1] - = (char *)key->privkey + classic_privkey_len + SIZE_OF_UINT32; - } - else { - key->comp_privkey[0] = NULL; - key->comp_privkey[1] = NULL; - } - if (key->pubkey) { - key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; - DECODE_UINT32(classic_pubkey_len, key->pubkey); - key->comp_pubkey[1] - = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; - } - else { - key->comp_pubkey[0] = NULL; - key->comp_pubkey[1] = NULL; - } + } else { + int classic_pubkey_len, classic_privkey_len; + + if (key->privkey) { + key->comp_privkey[0] = (char *)key->privkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_privkey_len, key->privkey); + key->comp_privkey[1] = (char *)key->privkey + + classic_privkey_len + SIZE_OF_UINT32; + } else { + key->comp_privkey[0] = NULL; + key->comp_privkey[1] = NULL; + } + if (key->pubkey) { + key->comp_pubkey[0] = (char *)key->pubkey + SIZE_OF_UINT32; + DECODE_UINT32(classic_pubkey_len, key->pubkey); + key->comp_pubkey[1] + = (char *)key->pubkey + classic_pubkey_len + SIZE_OF_UINT32; + } else { + key->comp_pubkey[0] = NULL; + key->comp_pubkey[1] = NULL; + } } } err: @@ -423,13 +393,11 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22}; const unsigned char p521params[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; - const char ed25519params[] - = {0x06, 0x03, 0x2b, 0x65, 0x70}; - const char ed448params[] - = {0x06, 0x03, 0x2b, 0x65, 0x71}; - const char bp256params[] + const char ed25519params[] = {0x06, 0x03, 0x2b, 0x65, 0x70}; + const char ed448params[] = {0x06, 0x03, 0x2b, 0x65, 0x71}; + const char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}; - const char bp384params[] + const char bp384params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b}; const unsigned char *params; @@ -464,15 +432,15 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit {EVP_PKEY_RSA, NID_rsaEncryption, 0, 270, 1193, 0, 256}, // 112 bit - {EVP_PKEY_ED25519, NID_ED25519, 1 , 32, 32, 32, 72}, // 128 bit - {EVP_PKEY_ED448, NID_ED448, 1 , 57, 57, 57, 122}, // 192 bit - + {EVP_PKEY_ED25519, NID_ED25519, 1, 32, 32, 32, 72}, // 128 bit + {EVP_PKEY_ED448, NID_ED448, 1, 57, 57, 57, 122}, // 192 bit + }; // These two array need to stay synced: static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; @@ -497,18 +465,15 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, int idx = (bit_security - 128) / 64; ON_ERR_GOTO(idx < 0 || idx > 5, err); - if (!strncmp(algname, "rsa", 3) || !strncmp(algname, "pss", 3)){ + if (!strncmp(algname, "rsa", 3) || !strncmp(algname, "pss", 3)) { idx += 5; if (bit_security == 112) idx += 1; - } else if (algname[0] != 'p' && algname[0] != 'e') - { - if (algname[0] == 'b'){ //bp - if (algname[2] == '2') //bp256 + } else if (algname[0] != 'p' && algname[0] != 'e') { + if (algname[0] == 'b') { // bp + if (algname[2] == '2') // bp256 idx += 1; - } - else - { + } else { OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); ret = 0; goto err; @@ -517,7 +482,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, ON_ERR_GOTO(idx < 0 || idx > 6, err); - if(algname[0] == 'e') //ED25519 or ED448 + if (algname[0] == 'e') // ED25519 or ED448 { evp_ctx->evp_info = &nids_sig[idx + 7]; @@ -534,18 +499,17 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); ON_ERR_GOTO(!evp_ctx->ctx, err); - - if (idx < 5) - { // EC - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err); - - ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, - evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, free_evp_ctx); - - ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); + + if (idx < 5) { // EC + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, err); + + ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid( + evp_ctx->ctx, evp_ctx->evp_info->nid); + ON_ERR_GOTO(ret <= 0, free_evp_ctx); + + ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); } } // RSA bit length set only during keygen @@ -627,29 +591,25 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, int ret = 0; OQS_KEY_PRINTF2("OQSX KEY: key_op called with data of len %d\n", plen); - if (palg != NULL) - { + if (palg != NULL) { int ptype; /* Algorithm parameters must be absent */ X509_ALGOR_get0(NULL, &ptype, NULL, palg); - if (ptype != V_ASN1_UNDEF || !palg || !palg->algorithm) - { + if (ptype != V_ASN1_UNDEF || !palg || !palg->algorithm) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } nid = OBJ_obj2nid(palg->algorithm); } - if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) - { + if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } key = oqsx_key_new_from_nid(libctx, propq, nid); - if (key == NULL) - { + if (key == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } @@ -697,182 +657,193 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, size_t actualprivkeylen = key->privkeylen; // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub // key classic pub key must/can be re-created from classic private key - if (key->keytype == KEY_TYPE_CMP_SIG){ + if (key->keytype == KEY_TYPE_CMP_SIG) { size_t privlen = 0; size_t publen = 0; size_t previous_privlen = 0; size_t previous_publen = 0; int pqc_pub_enc = 0; int i; - - //check if key is the right size - for (i = 0; i < key->numkeys; i++){ + + // check if key is the right size + for (i = 0; i < key->numkeys; i++) { char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } privlen = key->privkeylen_cmp[i]; - if (get_oqsname_fromtls(name) == 0){//classical key + if (get_oqsname_fromtls(name) == 0) { // classical key publen = 0; - }else{//PQC key - publen = key->pubkeylen_cmp[i]; //pubkey in PQC privkey is OPTIONAL + } else { // PQC key + publen = key->pubkeylen_cmp[i]; // pubkey in PQC privkey is + // OPTIONAL } previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); - } - if (previous_privlen != plen) - { - //is ok, PQC pubkey might be in privkey + } + if (previous_privlen != plen) { + // is ok, PQC pubkey might be in privkey pqc_pub_enc = 1; - if (previous_privlen + previous_publen != plen){ + if (previous_privlen + previous_publen != plen) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } - if (oqsx_key_allocate_keymaterial(key, 0)) - { + if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err; } } - if (oqsx_key_allocate_keymaterial(key, 1)) - { + if (oqsx_key_allocate_keymaterial(key, 1)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err; } previous_privlen = 0; previous_publen = 0; - for (i = 0; i < key->numkeys; i++){ + for (i = 0; i < key->numkeys; i++) { size_t classic_publen = 0; char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } - if (get_oqsname_fromtls(name) == 0){//classical key - publen = 0; //no pubkey encoded with privkey on classical keys. will recreate the pubkey later - if(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA){ //get the RSA real key size - unsigned char* enc_len = OPENSSL_strndup(p + previous_privlen + previous_publen, 4); + if (get_oqsname_fromtls(name) == 0) { // classical key + publen = 0; // no pubkey encoded with privkey on classical + // keys. will recreate the pubkey later + if (key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { // get the RSA real key size + unsigned char *enc_len = OPENSSL_strndup( + p + previous_privlen + previous_publen, 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(privlen, enc_len); privlen += 4; OPENSSL_free(enc_len); - if (privlen > key->privkeylen_cmp[i]){ + if (privlen > key->privkeylen_cmp[i]) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } - }else - privlen = key->privkeylen_cmp[i]; - }else{//PQC key + } else + privlen = key->privkeylen_cmp[i]; + } else { // PQC key privlen = key->privkeylen_cmp[i]; if (pqc_pub_enc) publen = key->pubkeylen_cmp[i]; else publen = 0; - - } - memcpy(key->privkey + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, p + privlen + previous_privlen + previous_publen, publen); - previous_privlen += privlen; - previous_publen += publen; - OPENSSL_free(name); + } + memcpy(key->privkey + previous_privlen, + p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, + p + privlen + previous_privlen + previous_publen, + publen); + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); } - }else{ - if (key->numkeys == 2) { - DECODE_UINT32(classical_privatekey_len, - p); // actual classic key len - // adjust expected size - if (classical_privatekey_len > key->evp_info->length_private_key) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + } else { + if (key->numkeys == 2) { + DECODE_UINT32(classical_privatekey_len, + p); // actual classic key len + // adjust expected size + if (classical_privatekey_len + > key->evp_info->length_private_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + actualprivkeylen -= (key->evp_info->length_private_key + - classical_privatekey_len); } - actualprivkeylen -= (key->evp_info->length_private_key - - classical_privatekey_len); - } #ifdef USE_ENCODING_LIB - if (key->oqsx_encoding_ctx.encoding_ctx - && key->oqsx_encoding_ctx.encoding_impl) { - const qsc_encoding_t *encoding_ctx - = key->oqsx_encoding_ctx.encoding_ctx; + if (key->oqsx_encoding_ctx.encoding_ctx + && key->oqsx_encoding_ctx.encoding_impl) { + const qsc_encoding_t *encoding_ctx + = key->oqsx_encoding_ctx.encoding_ctx; # ifdef NOPUBKEY_IN_PRIVKEY - // if the raw private key includes the public key, the optional part - // is needed, otherwise not. - int withoptional - = (encoding_ctx->raw_private_key_encodes_public_key ? 1 : 0); + // if the raw private key includes the public key, the optional + // part is needed, otherwise not. + int withoptional + = (encoding_ctx->raw_private_key_encodes_public_key ? 1 + : 0); # else - int withoptional = 1; + int withoptional = 1; # endif - int pubkey_available = withoptional; - if (oqsx_key_allocate_keymaterial(key, 1)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - if (pubkey_available) { - if (oqsx_key_allocate_keymaterial(key, 0)) { + int pubkey_available = withoptional; + if (oqsx_key_allocate_keymaterial(key, 1)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err; } - } + if (pubkey_available) { + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + } - if (qsc_decode( - encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, - (pubkey_available ? (unsigned char **)&key->pubkey : 0), p, - (unsigned char **)&key->privkey, withoptional) - != QSC_ENC_OK) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } + if (qsc_decode( + encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, + (pubkey_available ? (unsigned char **)&key->pubkey : 0), + p, (unsigned char **)&key->privkey, withoptional) + != QSC_ENC_OK) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } - } else { + } else { #endif #ifdef NOPUBKEY_IN_PRIVKEY - if (actualprivkeylen != plen) { + if (actualprivkeylen != plen) { + OQS_KEY_PRINTF3( + "OQSX KEY: private key with unexpected length %d vs %d\n", + plen, (int)(actualprivkeylen)); +#else + if (actualprivkeylen + oqsx_key_get_oqs_public_key_len(key) + != plen) { OQS_KEY_PRINTF3( "OQSX KEY: private key with unexpected length %d vs %d\n", - plen, (int)(actualprivkeylen)); -#else - if (actualprivkeylen + oqsx_key_get_oqs_public_key_len(key) != plen) { - OQS_KEY_PRINTF3( - "OQSX KEY: private key with unexpected length %d vs %d\n", plen, - (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); + plen, + (int)(actualprivkeylen + + oqsx_key_get_oqs_public_key_len(key))); #endif - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - if (oqsx_key_allocate_keymaterial(key, 1) + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + if (oqsx_key_allocate_keymaterial(key, 1) #ifndef NOPUBKEY_IN_PRIVKEY - || oqsx_key_allocate_keymaterial(key, 0) + || oqsx_key_allocate_keymaterial(key, 0) #endif - ) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - // first populate private key data - memcpy(key->privkey, p, actualprivkeylen); + ) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } + // first populate private key data + memcpy(key->privkey, p, actualprivkeylen); #ifndef NOPUBKEY_IN_PRIVKEY - // only enough data to fill public OQS key component - if (oqsx_key_get_oqs_public_key_len(key) - != plen - actualprivkeylen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - // populate OQS public key structure - if (key->numkeys == 2) { - unsigned char *pubkey = (unsigned char *)key->pubkey; - ENCODE_UINT32(pubkey, key->evp_info->length_public_key); - memcpy(pubkey + SIZE_OF_UINT32 - + key->evp_info->length_public_key, - p + actualprivkeylen, plen - actualprivkeylen); - } else - memcpy(key->pubkey, p + key->privkeylen, - plen - key->privkeylen); + // only enough data to fill public OQS key component + if (oqsx_key_get_oqs_public_key_len(key) + != plen - actualprivkeylen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err; + } + // populate OQS public key structure + if (key->numkeys == 2) { + unsigned char *pubkey = (unsigned char *)key->pubkey; + ENCODE_UINT32(pubkey, key->evp_info->length_public_key); + memcpy(pubkey + SIZE_OF_UINT32 + + key->evp_info->length_public_key, + p + actualprivkeylen, plen - actualprivkeylen); + } else + memcpy(key->pubkey, p + key->privkeylen, + plen - key->privkeylen); #endif } - } + } #ifdef USE_ENCODING_LIB } #endif @@ -891,8 +862,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) { if (key->keytype == KEY_TYPE_HYB_SIG) { // hybrid key int classical_pubkey_len, classical_privkey_len; - if (!key->evp_info) - { + if (!key->evp_info) { ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); goto rec_err; } @@ -967,74 +937,98 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } } } - if (key->keytype == KEY_TYPE_CMP_SIG){ + if (key->keytype == KEY_TYPE_CMP_SIG) { int i; - if (op == KEY_OP_PUBLIC){ + if (op == KEY_OP_PUBLIC) { - for (i = 0; i < key->numkeys; i++){ + for (i = 0; i < key->numkeys; i++) { char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } - if (get_oqsname_fromtls(name) == 0){ + if (get_oqsname_fromtls(name) == 0) { EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype != EVP_PKEY_RSA ) - { - npk = setECParams(npk, key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->nid); + if (key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype + != EVP_PKEY_RSA) { + npk = setECParams(npk, + key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->nid); } const unsigned char *enc_pubkey = key->comp_pubkey[i]; - if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ - key->cmp_classical_pkey[i] = d2i_PublicKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); - }else - key->cmp_classical_pkey[i] = EVP_PKEY_new_raw_public_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, enc_pubkey, key->pubkeylen_cmp[i]); - if (!key->cmp_classical_pkey[i]) - { + if (!key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->raw_key_support) { + key->cmp_classical_pkey[i] = d2i_PublicKey( + key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype, + &npk, &enc_pubkey, key->pubkeylen_cmp[i]); + } else + key->cmp_classical_pkey[i] + = EVP_PKEY_new_raw_public_key( + key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype, + NULL, enc_pubkey, key->pubkeylen_cmp[i]); + if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; } } OPENSSL_free(name); - } } - if (op == KEY_OP_PRIVATE){ + if (op == KEY_OP_PRIVATE) { - for (i = 0; i < key->numkeys; i++){ + for (i = 0; i < key->numkeys; i++) { char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } - if (get_oqsname_fromtls(name) == 0){ + if (get_oqsname_fromtls(name) == 0) { const unsigned char *enc_privkey = key->comp_privkey[i]; - if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support) - key->cmp_classical_pkey[i] = d2i_PrivateKey(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); + if (!key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->raw_key_support) + key->cmp_classical_pkey[i] = d2i_PrivateKey( + key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype, + NULL, &enc_privkey, key->privkeylen_cmp[i]); else - key->cmp_classical_pkey[i] = EVP_PKEY_new_raw_private_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->keytype, NULL, enc_privkey, key->privkeylen_cmp[i]); - if (!key->cmp_classical_pkey[i]) - { + key->cmp_classical_pkey[i] + = EVP_PKEY_new_raw_private_key( + key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->keytype, + NULL, enc_privkey, key->privkeylen_cmp[i]); + if (!key->cmp_classical_pkey[i]) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; } - if (!key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->raw_key_support){ - unsigned char* comp_pubkey = key->comp_pubkey[i]; - int pubkeylen = i2d_PublicKey(key->cmp_classical_pkey[i], &comp_pubkey); - if (pubkeylen != key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key){ + if (!key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->raw_key_support) { + unsigned char *comp_pubkey = key->comp_pubkey[i]; + int pubkeylen = i2d_PublicKey( + key->cmp_classical_pkey[i], &comp_pubkey); + if (pubkeylen + != key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_public_key) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; } - }else{ + } else { size_t pubkeylen = key->pubkeylen_cmp[i]; - int ret = EVP_PKEY_get_raw_public_key(key->cmp_classical_pkey[i], key->comp_pubkey[i], &pubkeylen); - if (ret <= 0){ + int ret = EVP_PKEY_get_raw_public_key( + key->cmp_classical_pkey[i], key->comp_pubkey[i], + &pubkeylen); + if (ret <= 0) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; @@ -1067,29 +1061,28 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, unsigned char *concat_key; int count, aux, i, buflen; - if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) - { + if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { return NULL; } - if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG){ + if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) { sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); - if (sk == NULL){ + if (sk == NULL) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; - }else{ + } else { count = sk_ASN1_TYPE_num(sk); concat_key = OPENSSL_secure_malloc(plen); aux = 0; - for (i = 0; i < count; i++){ - aType = sk_ASN1_TYPE_pop(sk); + for (i = 0; i < count; i++) { + aType = sk_ASN1_TYPE_pop(sk); buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); } - p = OPENSSL_memdup (concat_key + plen - aux, aux); + p = OPENSSL_memdup(concat_key + plen - aux, aux); plen = aux; OPENSSL_free(concat_key); } @@ -1117,46 +1110,46 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; - if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG){ + if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) - { + if (oct == NULL) { p = NULL; plen = 0; - } - else - { + } else { p = ASN1_STRING_get0_data(oct); plen = ASN1_STRING_length(oct); } - }else{ + } else { sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); - if (sk == NULL){ + if (sk == NULL) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; - }else{ + } else { count = sk_ASN1_TYPE_num(sk); concat_key = OPENSSL_secure_malloc(plen); aux = 0; - for (i = 0; i < count; i++){ - aType = sk_ASN1_TYPE_pop(sk); + for (i = 0; i < count; i++) { + aType = sk_ASN1_TYPE_pop(sk); char *name; - if ((name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) == NULL){ + if ((name + = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) + == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; } buf = aType->value.sequence->data; - buflen = aType->value.sequence->length; + buflen = aType->value.sequence->length; aux += buflen; memcpy(concat_key + plen - aux, buf, buflen); - //if is a RSA key the actual encoding size might be different from max size - //we calculate that difference for to facilitate the key reconstruction - if(!strncmp(name, "rsa", 3) || !strncmp(name, "pss", 3)) { - if (name[3] == '3') //3072 - rsa_diff = nids_sig[5].length_private_key - buflen; - else //2048 + // if is a RSA key the actual encoding size might be different + // from max size we calculate that difference for to facilitate + // the key reconstruction + if (!strncmp(name, "rsa", 3) || !strncmp(name, "pss", 3)) { + if (name[3] == '3') // 3072 + rsa_diff = nids_sig[5].length_private_key - buflen; + else // 2048 rsa_diff = nids_sig[6].length_private_key - buflen; } OPENSSL_free(name); @@ -1166,14 +1159,12 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, plen = aux; } } - if (rsa_diff > 4){//diff is too big, this means an decoding error + if (rsa_diff > 4) { // diff is too big, this means an decoding error ASN1_OCTET_STRING_free(oct); return NULL; } - - oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, - libctx, propq); + oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, libctx, propq); ASN1_OCTET_STRING_free(oct); return oqsx; } @@ -1204,14 +1195,12 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } #endif - if (oqs_name == NULL) - { + if (oqs_name == NULL) { OQS_KEY_PRINTF("OQSX_KEY: Fatal error: No OQS key name provided:\n"); goto err; } - if (tls_name == NULL) - { + if (tls_name == NULL) { OQS_KEY_PRINTF("OQSX_KEY: Fatal error: No TLS key name provided:\n"); goto err; } @@ -1347,49 +1336,55 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); ret->privkeylen = 0; ret->pubkeylen = 0; - ret->oqsx_provider_ctx = OPENSSL_malloc(ret->numkeys * sizeof(OQSX_PROVIDER_CTX)); + ret->oqsx_provider_ctx + = OPENSSL_malloc(ret->numkeys * sizeof(OQSX_PROVIDER_CTX)); ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - for (i = 0; i < ret->numkeys; i++){ + for (i = 0; i < ret->numkeys; i++) { char *name; - if ((name = get_cmpname(OBJ_sn2nid(tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(tls_name), i)) == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } - if (get_oqsname_fromtls(name) != 0) - { - ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig = OQS_SIG_new(get_oqsname_fromtls(name)); - if (!ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig) - { - fprintf(stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", name); + if (get_oqsname_fromtls(name) != 0) { + ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig + = OQS_SIG_new(get_oqsname_fromtls(name)); + if (!ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig) { + fprintf( + stderr, + "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", + name); goto err; } - ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_public_key; - } - else - { + ret->privkeylen_cmp[i] + = ret->oqsx_provider_ctx[i] + .oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i] + .oqsx_qs_ctx.sig->length_public_key; + } else { evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); ret2 = oqsx_hybsig_init(bit_security, evp_ctx, name); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); ret->oqsx_provider_ctx[i].oqsx_evp_ctx = evp_ctx; - ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_private_key; - ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_public_key; + ret->privkeylen_cmp[i] + = ret->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_private_key; + ret->pubkeylen_cmp[i] + = ret->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_public_key; } ret->privkeylen += ret->privkeylen_cmp[i]; - ret->pubkeylen += ret->pubkeylen_cmp[i]; + ret->pubkeylen += ret->pubkeylen_cmp[i]; OPENSSL_free(name); } ret->keytype = primitive; - - break; default: @@ -1403,8 +1398,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->tls_name = OPENSSL_strdup(tls_name); ret->bit_security = bit_security; - if (propq != NULL) - { + if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); if (ret->propq == NULL) @@ -1454,32 +1448,30 @@ void oqsx_key_free(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); - } - else if(key->keytype == KEY_TYPE_CMP_SIG){ + } else if (key->keytype == KEY_TYPE_CMP_SIG) { int i; - for (i = 0; i < key->numkeys; i ++){ + for (i = 0; i < key->numkeys; i++) { char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); - else{ + else { EVP_PKEY_free(key->classical_pkey); EVP_PKEY_CTX_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->keyParam); OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); } OPENSSL_free(name); - } - }else{ + } + } else { OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); - } + } } OPENSSL_free(key->tls_name); - - + #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif @@ -1515,8 +1507,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) if (key->keytype != KEY_TYPE_CMP_SIG) aux = SIZE_OF_UINT32; - if (!key->privkey && include_private) - { + if (!key->privkey && include_private) { key->privkey = OPENSSL_secure_zalloc(key->privkeylen + aux); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); } @@ -1583,16 +1574,17 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], } // OQS key always the last of the numkeys comp keys -static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { - if (gen_kem) - return OQS_KEM_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem, - key->comp_pubkey[key->numkeys-1], - key->comp_privkey[key->numkeys-1]); - else { - return OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, - key->comp_pubkey[key->numkeys-1], - key->comp_privkey[key->numkeys-1]); - } +static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) +{ + if (gen_kem) + return OQS_KEM_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem, + key->comp_pubkey[key->numkeys - 1], + key->comp_privkey[key->numkeys - 1]); + else { + return OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, + key->comp_pubkey[key->numkeys - 1], + key->comp_privkey[key->numkeys - 1]); + } } /* Generate classic keys, store length in leading SIZE_OF_UINT32 bytes of @@ -1621,8 +1613,7 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen_init(kgctx); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); - if (ctx->evp_info->keytype == EVP_PKEY_RSA) - { + if (ctx->evp_info->keytype == EVP_PKEY_RSA) { if (ctx->evp_info->length_public_key > 270) ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); else @@ -1632,23 +1623,25 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 <= 0, ret, -2, errhyb); - - if (ctx->evp_info->raw_key_support) - { + if (ctx->evp_info->raw_key_support) { // TODO: If available, use preallocated memory - if (ctx->evp_info->nid != NID_ED25519 && ctx->evp_info->nid != NID_ED448){ + if (ctx->evp_info->nid != NID_ED25519 + && ctx->evp_info->nid != NID_ED448) { pubkeylen = EVP_PKEY_get1_encoded_public_key(pkey, &pubkey_encoded); - ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key || !pubkey_encoded, ret, -3, errhyb); + ON_ERR_SET_GOTO(pubkeylen != ctx->evp_info->length_public_key + || !pubkey_encoded, + ret, -3, errhyb); memcpy(pubkey + aux, pubkey_encoded, pubkeylen); - }else{ + } else { pubkeylen = ctx->evp_info->length_public_key; ret2 = EVP_PKEY_get_raw_public_key(pkey, pubkey + aux, &pubkeylen); - ON_ERR_SET_GOTO(ret2 <= 0 || pubkeylen != ctx->evp_info->length_public_key, ret, -3, errhyb); + ON_ERR_SET_GOTO( + ret2 <= 0 || pubkeylen != ctx->evp_info->length_public_key, ret, + -3, errhyb); } privkeylen = ctx->evp_info->length_private_key; - ret2 = EVP_PKEY_get_raw_private_key(pkey, privkey + aux, - &privkeylen); + ret2 = EVP_PKEY_get_raw_private_key(pkey, privkey + aux, &privkeylen); ON_ERR_SET_GOTO(ret2 <= 0 || privkeylen != ctx->evp_info->length_private_key, ret, -4, errhyb); @@ -1656,7 +1649,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, unsigned char *pubkey_enc = pubkey + aux; const unsigned char *pubkey_enc2 = pubkey + aux; pubkeylen = i2d_PublicKey(pkey, &pubkey_enc); - ON_ERR_SET_GOTO(!pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, ret, -11, errhyb); + ON_ERR_SET_GOTO( + !pubkey_enc || pubkeylen > (int)ctx->evp_info->length_public_key, + ret, -11, errhyb); unsigned char *privkey_enc = privkey + aux; const unsigned char *privkey_enc2 = privkey + aux; privkeylen = i2d_PrivateKey(pkey, &privkey_enc); @@ -1669,11 +1664,13 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ON_ERR_SET_GOTO(!ck2, ret, -14, errhyb); EVP_PKEY_free(ck2); } - if (encode){ + if (encode) { ENCODE_UINT32(pubkey, pubkeylen); ENCODE_UINT32(privkey, privkeylen); } - OQS_KEY_PRINTF3("OQSKM: Storing classical privkeylen: %ld & pubkeylen: %ld\n", privkeylen, pubkeylen); + OQS_KEY_PRINTF3( + "OQSKM: Storing classical privkeylen: %ld & pubkeylen: %ld\n", + privkeylen, pubkeylen); EVP_PKEY_CTX_free(kgctx); OPENSSL_free(pubkey_encoded); @@ -1715,37 +1712,33 @@ int oqsx_key_gen(OQSX_KEY *key) key->classical_pkey = pkey; ret = oqsx_key_gen_oqs(key, key->keytype != KEY_TYPE_HYB_SIG); - } else if (key->keytype == KEY_TYPE_CMP_SIG) - { + } else if (key->keytype == KEY_TYPE_CMP_SIG) { int i; ret = oqsx_key_set_composites(key); - for (i = 0; i < key->numkeys; i++){ + for (i = 0; i < key->numkeys; i++) { char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL){ + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { OPENSSL_free(name); ON_ERR_GOTO(ret, err); } - if (get_oqsname_fromtls(name) == 0) - { - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); + if (get_oqsname_fromtls(name) == 0) { + pkey = oqsx_key_gen_evp_key( + key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], + key->comp_privkey[i], 0); OPENSSL_free(name); ON_ERR_GOTO(pkey == NULL, err); key->cmp_classical_pkey[i] = pkey; - } - else - { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); + } else { + ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, + key->comp_pubkey[i], + key->comp_privkey[i]); OPENSSL_free(name); ON_ERR_GOTO(ret, err); - } + } } - - - } - else if (key->keytype == KEY_TYPE_SIG) - { - ret = !oqsx_key_set_composites(key); + } else if (key->keytype == KEY_TYPE_SIG) { + ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err); ret = oqsx_key_gen_oqs(key, 0); } else { @@ -1771,27 +1764,31 @@ int oqsx_key_maxsize(OQSX_KEY *key) return key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_ECP_HYB_KEM: case KEY_TYPE_ECX_HYB_KEM: - return key->oqsx_provider_ctx[0].oqsx_evp_ctx->evp_info->kex_length_secret - + key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_shared_secret; + return key->oqsx_provider_ctx[0] + .oqsx_evp_ctx->evp_info->kex_length_secret + + key->oqsx_provider_ctx[0] + .oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_SIG: return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature; case KEY_TYPE_HYB_SIG: return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature - + key->oqsx_provider_ctx[0].oqsx_evp_ctx->evp_info->length_signature + + key->oqsx_provider_ctx[0] + .oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; - case KEY_TYPE_CMP_SIG: - { + case KEY_TYPE_CMP_SIG: { int aux = sizeof(CompositeSignature); int i; - for (i = 0; i < key->numkeys; i ++){ + for (i = 0; i < key->numkeys; i++) { char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name) == 0) - aux += key->oqsx_provider_ctx[i].oqsx_evp_ctx->evp_info->length_signature; + aux += key->oqsx_provider_ctx[i] + .oqsx_evp_ctx->evp_info->length_signature; else - aux += key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; - OPENSSL_free(name); + aux += key->oqsx_provider_ctx[i] + .oqsx_qs_ctx.sig->length_signature; + OPENSSL_free(name); } - + return aux; } default: From 5aa2907a15d07fdda0ec8273803c6b7cc6f95bee Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 12 Dec 2023 14:30:51 -0600 Subject: [PATCH 084/164] added composite to generate.yaml Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 80 +++ .../decoder_make.fragment | 4 + .../encoder_make.fragment | 9 + .../oqs_kmgmt.c/keymgmt_constructors.fragment | 13 + .../oqs_kmgmt.c/keymgmt_functions.fragment | 3 + .../oqsprov/oqs_prov.h/alg_functions.fragment | 3 + .../oqs_prov.h/endecoder_functions.fragment | 11 + .../oqsprov/oqsdecoders.inc/make.fragment | 4 + .../oqsprov/oqsencoders.inc/make.fragment | 9 + .../oqsprov.c/assign_sig_oids.fragment | 6 + .../oqsprov.c/encoding_patching.fragment | 5 + .../oqsprov.c/keymgmt_functions.fragment | 3 + .../oqsprov/oqsprov.c/sig_functions.fragment | 3 + .../oqsprov/oqsprov_keys.c/oqsnames.fragment | 6 + .../scripts/common.py/sig_algs.fragment | 8 +- oqsprov/oqs_decode_der2key.c | 87 ++- oqsprov/oqs_encode_key2any.c | 320 ++++----- oqsprov/oqs_kmgmt.c | 479 +++++++------- oqsprov/oqs_prov.h | 614 +++++++++--------- oqsprov/oqs_sig.c | 53 +- oqsprov/oqsdecoders.inc | 35 +- oqsprov/oqsencoders.inc | 27 +- oqsprov/oqsprov.c | 291 ++++++--- oqsprov/oqsprov_keys.c | 32 +- scripts/common.py | 3 +- 25 files changed, 1161 insertions(+), 947 deletions(-) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 099d36ed..a78a9843 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -382,7 +382,21 @@ sigs: # 'pretty_name': 'RSA3072', # 'oid': '1.3.9999.1.3', # 'code_point': '0xfe02'}] + # composite:[{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'security': '128', + # 'oid': '2.16.840.1.114027.80.1.8'}] - + # OID scheme for composite variants: + # (2) + # (16) + # (840) + # (1) + # (114027) + # (80) + # (7) + # (1) + # - # OID scheme for hybrid variants of Dilithium: # iso (1) # identified-organization (3) @@ -398,6 +412,8 @@ sigs: # IBM (2) # qsc (267) # Dilithium-r3 (7) + + family: 'CRYSTALS-Dilithium' variants: - @@ -416,6 +432,26 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.2.7.2', 'code_point': '0xfea2'}] + composite: [{'name': 'pss2048', + 'pretty_name': 'RSA PSS 2048', + 'security': '112', + 'oid': '2.16.840.1.114027.80.7.1.1'}, + {'name': 'rsa2048', + 'pretty_name': 'RSA2028', + 'security': '112', + 'oid': '2.16.840.1.114027.80.7.1.2'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.3'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.4'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.7.1.5'}] - name: 'dilithium3' pretty_name: 'Dilithium3' @@ -428,6 +464,26 @@ sigs: 'pretty_name': 'ECDSA p384', 'oid': '1.3.9999.2.7.3', 'code_point': '0xfea4'}] + composite: [{'name': 'pss3072', + 'pretty_name': 'RSA PSS 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.7'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.8'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.7.1.9'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.10'}] - name: 'dilithium5' pretty_name: 'Dilithium5' @@ -440,6 +496,18 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.2.7.4', 'code_point': '0xfea6'}] + composite: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'security': '192', + 'oid': '2.16.840.1.114027.80.7.1.11'}, + {'name': 'bp384', + 'pretty_name': 'ECDSA brainpoolP384r1', + 'security': '384', + 'oid': '2.16.840.1.114027.80.7.1.12'}, + {'name': 'ed448', + 'pretty_name': 'ED448', + 'security': '192', + 'oid': '2.16.840.1.114027.80.7.1.13'}] - name: 'dilithium2_aes' pretty_name: 'Dilithium2_AES' @@ -512,6 +580,18 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.3.8', 'code_point': '0xfeb0'}] + composite: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.14'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.7.1.15'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.7.1.16'}] extra_nids: old: - implementation_version: NIST Round 3 submission diff --git a/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment b/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment index be39a93e..e99a82b2 100644 --- a/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment +++ b/oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment @@ -19,6 +19,10 @@ MAKE_DECODER(, "{{ variant['name'] }}", {{ variant['name'] }}, oqsx, SubjectPubl MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo); MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo); {%- endfor -%} + {%- for composite_alg in variant['composite'] %} +MAKE_DECODER(, "{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, SubjectPublicKeyInfo); + {%- endfor -%} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment index edc87530..f05a36b9 100644 --- a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment +++ b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment @@ -38,6 +38,15 @@ MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectP MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}); {%- endfor -%} + {%- for composite_alg in variant['composite'] %} +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, {{ variant['name'] }}_{{ composite_alg['name'] }}); + {%- endfor -%} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment index df892142..847eff8d 100644 --- a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment +++ b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_constructors.fragment @@ -24,6 +24,19 @@ static void *{{ classical_alg['name'] }}_{{variant['name']}}_gen_init(void *prov return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{ classical_alg['name'] }}_{{variant['name']}}", KEY_TYPE_HYB_SIG, {{variant['security']}}, {{ count.val }}); } + {%- endfor -%} + {%- for composite_alg in variant['composite'] %} + {%- set count.val = count.val + 1 %} +static void *{{ variant['name'] }}_{{ composite_alg['name'] }}_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), {{variant['oqs_meth']}}, "{{ variant['name'] }}_{{ composite_alg['name'] }}", KEY_TYPE_CMP_SIG, NULL, {{composite_alg['security']}}, {{ count.val }}); +} + +static void *{{ variant['name'] }}_{{ composite_alg['name'] }}_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, {{variant['oqs_meth']}}, "{{ variant['name'] }}_{{ composite_alg['name'] }}", KEY_TYPE_CMP_SIG, {{composite_alg['security']}}, {{ count.val }}); +} + {%- endfor -%} {%- endfor %} {% endfor %} diff --git a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_functions.fragment b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_functions.fragment index 93e6dbb8..8c0bc153 100644 --- a/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_functions.fragment +++ b/oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_functions.fragment @@ -4,6 +4,9 @@ MAKE_SIG_KEYMGMT_FUNCTIONS({{variant['name']}}) {%- for classical_alg in variant['mix_with'] %} MAKE_SIG_KEYMGMT_FUNCTIONS({{ classical_alg['name'] }}_{{variant['name']}}) {%- endfor -%} + {%- for composite_alg in variant['composite'] %} +MAKE_SIG_KEYMGMT_FUNCTIONS({{variant['name']}}_{{ composite_alg['name'] }}) + {%- endfor -%} {%- endfor %} {%- endfor %} {% for kem in config['kems'] %} diff --git a/oqs-template/oqsprov/oqs_prov.h/alg_functions.fragment b/oqs-template/oqsprov/oqs_prov.h/alg_functions.fragment index e18eb388..acc8e86c 100644 --- a/oqs-template/oqsprov/oqs_prov.h/alg_functions.fragment +++ b/oqs-template/oqsprov/oqs_prov.h/alg_functions.fragment @@ -4,6 +4,9 @@ extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_keymgmt_functions[]; {%- for classical_alg in variant['mix_with'] -%} extern const OSSL_DISPATCH oqs_{{ classical_alg['name'] }}_{{ variant['name'] }}_keymgmt_functions[]; {%- endfor -%} + {%- for composite_alg in variant['composite'] -%} +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_keymgmt_functions[]; + {%- endfor -%} {%- endfor %} {%- endfor %} {% for kem in config['kems'] %} diff --git a/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment b/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment index 43f1c3b0..85a71b8a 100644 --- a/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment +++ b/oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment @@ -48,6 +48,17 @@ extern const OSSL_DISPATCH oqs_{{ classical_alg['name'] }}_{{ variant['name'] }} extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{ classical_alg['name'] }}_{{ variant['name'] }}_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{ classical_alg['name'] }}_{{ variant['name'] }}_decoder_functions[]; {%- endfor -%} + {%- for composite_alg in variant['composite'] -%} +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_{{ composite_alg['name'] }}_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{ variant['name'] }}_{{ composite_alg['name'] }}_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{ variant['name'] }}_{{ composite_alg['name'] }}_decoder_functions[]; + {%- endfor -%} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsdecoders.inc/make.fragment b/oqs-template/oqsprov/oqsdecoders.inc/make.fragment index a2d28c45..8d1c26e7 100644 --- a/oqs-template/oqsprov/oqsdecoders.inc/make.fragment +++ b/oqs-template/oqsprov/oqsdecoders.inc/make.fragment @@ -22,6 +22,10 @@ DECODER_w_structure("{{ variant['name'] }}", der, SubjectPublicKeyInfo, {{ varia DECODER_w_structure("{{ classical_alg['name'] }}_{{ variant['name'] }}", der, PrivateKeyInfo, {{ classical_alg['name'] }}_{{ variant['name'] }}), DECODER_w_structure("{{ classical_alg['name'] }}_{{ variant['name'] }}", der, SubjectPublicKeyInfo, {{ classical_alg['name'] }}_{{ variant['name'] }}), {%- endfor %} + {%- for composite_alg in variant['composite'] -%} +DECODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", der, PrivateKeyInfo, {{ variant['name'] }}_{{ composite_alg['name'] }}), +DECODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", der, SubjectPublicKeyInfo, {{ variant['name'] }}_{{ composite_alg['name'] }}), + {%- endfor %} #endif {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsencoders.inc/make.fragment b/oqs-template/oqsprov/oqsencoders.inc/make.fragment index 90464d6d..06509616 100644 --- a/oqs-template/oqsprov/oqsencoders.inc/make.fragment +++ b/oqs-template/oqsprov/oqsencoders.inc/make.fragment @@ -43,6 +43,15 @@ ENCODER_w_structure("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ clas ENCODER_w_structure("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, pem, SubjectPublicKeyInfo), ENCODER_TEXT("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}), {% endfor -%} +{% for composite_alg in variant['composite'] -%} +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, der, PrivateKeyInfo), +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, pem, PrivateKeyInfo), +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, der, SubjectPublicKeyInfo), +ENCODER_w_structure("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("{{ variant['name'] }}_{{ composite_alg['name'] }}", {{ variant['name'] }}_{{ composite_alg['name'] }}), +{% endfor -%} #endif {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment index bb0c6e00..21af9c85 100644 --- a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment +++ b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment @@ -11,6 +11,9 @@ {%- for variant in sig['variants'] %} {%- set count.val = count.val + 1 -%} {%- for classical_alg in variant['mix_with'] %} +{%- set count.val = count.val + 1 -%} + {%- endfor %} + {%- for composite_alg in variant['composite'] %} {%- set count.val = count.val + 1 -%} {%- endfor %} {%- endfor %} @@ -40,6 +43,9 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] = {%- for classical_alg in variant['mix_with'] %} "{{ classical_alg['oid'] }}" , "{{ classical_alg['name'] }}_{{ variant['name'] }}", {%- endfor %} + {%- for composite_alg in variant['composite'] %} +"{{ composite_alg['oid'] }}" , "{{ variant['name'] }}_{{ composite_alg['name'] }}", + {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment b/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment index 3531db2f..f629b840 100644 --- a/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment +++ b/oqs-template/oqsprov/oqsprov.c/encoding_patching.fragment @@ -9,6 +9,11 @@ if (getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}")) oqs_alg_encoding_list[{{ cnt.val }}] = getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}"); if (getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}_ALGNAME")) oqs_alg_encoding_list[{{ cnt.val + 1 }}] = getenv("OQS_ENCODING_{{ classical_alg['name']|upper }}_{{variant['name']|upper}}_ALGNAME"); {%- endfor %} + {%- for composite_alg in variant['composite'] %} + {%- set cnt.val = cnt.val + 2 %} + if (getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}")) oqs_alg_encoding_list[{{ cnt.val }}] = getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}"); + if (getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}_ALGNAME")) oqs_alg_encoding_list[{{ cnt.val + 1 }}] = getenv("OQS_ENCODING_{{variant['name']|upper}}_{{ composite_alg['name']|upper }}_ALGNAME"); + {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov.c/keymgmt_functions.fragment b/oqs-template/oqsprov/oqsprov.c/keymgmt_functions.fragment index ad49db2a..f98a4341 100644 --- a/oqs-template/oqsprov/oqsprov.c/keymgmt_functions.fragment +++ b/oqs-template/oqsprov/oqsprov.c/keymgmt_functions.fragment @@ -7,6 +7,9 @@ {%- for classical_alg in variant['mix_with'] %} SIGALG("{{ classical_alg['name'] }}_{{variant['name']}}", {{variant['security']}}, oqs_{{ classical_alg['name'] }}_{{ variant['name'] }}_keymgmt_functions), {%- endfor %} + {%- for composite_alg in variant['composite'] %} + SIGALG("{{variant['name']}}_{{ composite_alg['name'] }}", {{composite_alg['security']}}, oqs_{{variant['name']}}_{{ composite_alg['name'] }}_keymgmt_functions), + {%- endfor %} #endif {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov.c/sig_functions.fragment b/oqs-template/oqsprov/oqsprov.c/sig_functions.fragment index 1dbc8be9..92a5c0a4 100644 --- a/oqs-template/oqsprov/oqsprov.c/sig_functions.fragment +++ b/oqs-template/oqsprov/oqsprov.c/sig_functions.fragment @@ -5,6 +5,9 @@ {%- for classical_alg in variant['mix_with'] %} SIGALG("{{ classical_alg['name'] }}_{{variant['name']}}", {{variant['security']}}, oqs_signature_functions), {%- endfor %} + {%- for composite_alg in variant['composite'] %} + SIGALG("{{variant['name']}}_{{ composite_alg['name'] }}", {{composite_alg['security']}}, oqs_signature_functions), + {%- endfor %} #endif {%- endfor %} {%- endfor %} diff --git a/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment b/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment index c452b649..142cb2aa 100644 --- a/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment +++ b/oqs-template/oqsprov/oqsprov_keys.c/oqsnames.fragment @@ -15,6 +15,9 @@ {%- for classical_alg in variant['mix_with'] %} {%- set count.val = count.val + 1 -%} {%- endfor -%} +{%- for composite_alg in variant['composite'] %} +{%- set count.val = count.val + 1 -%} +{%- endfor -%} {%- endfor -%} {%- endfor %} @@ -41,6 +44,9 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {%- for classical_alg in variant['mix_with'] %} { 0, "{{ classical_alg['name'] }}_{{variant['name']}}", {{variant['oqs_meth']}}, KEY_TYPE_HYB_SIG, {{variant['security']}} }, {%- endfor %} + {%- for composite_alg in variant['composite'] %} + { 0, "{{variant['name']}}_{{ composite_alg['name'] }}", {{variant['oqs_meth']}}, KEY_TYPE_CMP_SIG, {{composite_alg['security']}} }, + {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/scripts/common.py/sig_algs.fragment b/oqs-template/scripts/common.py/sig_algs.fragment index 2541638a..d3839008 100644 --- a/oqs-template/scripts/common.py/sig_algs.fragment +++ b/oqs-template/scripts/common.py/sig_algs.fragment @@ -9,4 +9,10 @@ '{{ classical_alg['name'] }}_{{ variant['name'] }}', {%- endfor -%} {%- endfor %} {%- endfor %} - + # post-quantum + classical signatures (COMPOSITE) + {% for sig in config['sigs'] -%} + {%- for variant in sig['variants'] -%} + {%- for composite_alg in variant['composite'] -%} + '{{ variant['name'] }}_{{ composite_alg['name'] }}', + {%- endfor -%} + {%- endfor %} {%- endfor %} diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 8a0629c8..180dc7f4 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -667,14 +667,50 @@ MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); @@ -682,6 +718,13 @@ MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); @@ -730,48 +773,4 @@ MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); - -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, - SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 6d424017..a54834eb 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -966,18 +966,57 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_dilithium2_evp_type 0 #define rsa3072_dilithium2_input_type "rsa3072_dilithium2" #define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" +#define dilithium2_pss2048_evp_type 0 +#define dilithium2_pss2048_input_type "dilithium2_pss2048" +#define dilithium2_pss2048_pem_type "dilithium2_pss2048" +#define dilithium2_rsa2048_evp_type 0 +#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +#define dilithium2_ed25519_evp_type 0 +#define dilithium2_ed25519_input_type "dilithium2_ed25519" +#define dilithium2_ed25519_pem_type "dilithium2_ed25519" +#define dilithium2_p256_evp_type 0 +#define dilithium2_p256_input_type "dilithium2_p256" +#define dilithium2_p256_pem_type "dilithium2_p256" +#define dilithium2_bp256_evp_type 0 +#define dilithium2_bp256_input_type "dilithium2_bp256" +#define dilithium2_bp256_pem_type "dilithium2_bp256" #define dilithium3_evp_type 0 #define dilithium3_input_type "dilithium3" #define dilithium3_pem_type "dilithium3" #define p384_dilithium3_evp_type 0 #define p384_dilithium3_input_type "p384_dilithium3" #define p384_dilithium3_pem_type "p384_dilithium3" +#define dilithium3_pss3072_evp_type 0 +#define dilithium3_pss3072_input_type "dilithium3_pss3072" +#define dilithium3_pss3072_pem_type "dilithium3_pss3072" +#define dilithium3_rsa3072_evp_type 0 +#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" +#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" +#define dilithium3_p256_evp_type 0 +#define dilithium3_p256_input_type "dilithium3_p256" +#define dilithium3_p256_pem_type "dilithium3_p256" +#define dilithium3_bp256_evp_type 0 +#define dilithium3_bp256_input_type "dilithium3_bp256" +#define dilithium3_bp256_pem_type "dilithium3_bp256" +#define dilithium3_ed25519_evp_type 0 +#define dilithium3_ed25519_input_type "dilithium3_ed25519" +#define dilithium3_ed25519_pem_type "dilithium3_ed25519" #define dilithium5_evp_type 0 #define dilithium5_input_type "dilithium5" #define dilithium5_pem_type "dilithium5" #define p521_dilithium5_evp_type 0 #define p521_dilithium5_input_type "p521_dilithium5" #define p521_dilithium5_pem_type "p521_dilithium5" +#define dilithium5_p384_evp_type 0 +#define dilithium5_p384_input_type "dilithium5_p384" +#define dilithium5_p384_pem_type "dilithium5_p384" +#define dilithium5_bp384_evp_type 0 +#define dilithium5_bp384_input_type "dilithium5_bp384" +#define dilithium5_bp384_pem_type "dilithium5_bp384" +#define dilithium5_ed448_evp_type 0 +#define dilithium5_ed448_input_type "dilithium5_ed448" +#define dilithium5_ed448_pem_type "dilithium5_ed448" #define falcon512_evp_type 0 #define falcon512_input_type "falcon512" #define falcon512_pem_type "falcon512" @@ -987,6 +1026,15 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_falcon512_evp_type 0 #define rsa3072_falcon512_input_type "rsa3072_falcon512" #define rsa3072_falcon512_pem_type "rsa3072_falcon512" +#define falcon512_p256_evp_type 0 +#define falcon512_p256_input_type "falcon512_p256" +#define falcon512_p256_pem_type "falcon512_p256" +#define falcon512_bp256_evp_type 0 +#define falcon512_bp256_input_type "falcon512_bp256" +#define falcon512_bp256_pem_type "falcon512_bp256" +#define falcon512_ed25519_evp_type 0 +#define falcon512_ed25519_input_type "falcon512_ed25519" +#define falcon512_ed25519_pem_type "falcon512_ed25519" #define falcon1024_evp_type 0 #define falcon1024_input_type "falcon1024" #define falcon1024_pem_type "falcon1024" @@ -1027,54 +1075,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_sphincsshake128fsimple_input_type \ "rsa3072_sphincsshake128fsimple" #define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" -#define dilithium2_pss2048_evp_type 0 -#define dilithium2_pss2048_input_type "dilithium2_pss2048" -#define dilithium2_pss2048_pem_type "dilithium2_pss2048" -#define dilithium2_rsa2048_evp_type 0 -#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" -#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" -#define dilithium2_ed25519_evp_type 0 -#define dilithium2_ed25519_input_type "dilithium2_ed25519" -#define dilithium2_ed25519_pem_type "dilithium2_ed25519" -#define dilithium2_p256_evp_type 0 -#define dilithium2_p256_input_type "dilithium2_p256" -#define dilithium2_p256_pem_type "dilithium2_p256" -#define dilithium2_bp256_evp_type 0 -#define dilithium2_bp256_input_type "dilithium2_bp256" -#define dilithium2_bp256_pem_type "dilithium2_bp256" -#define dilithium3_rsa2048_evp_type 0 -#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" -#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" -#define dilithium3_p256_evp_type 0 -#define dilithium3_p256_input_type "dilithium3_p256" -#define dilithium3_p256_pem_type "dilithium3_p256" -#define falcon512_p256_evp_type 0 -#define falcon512_p256_input_type "falcon512_p256" -#define falcon512_p256_pem_type "falcon512_p256" -#define dilithium5_p384_evp_type 0 -#define dilithium5_p384_input_type "dilithium5_p384" -#define dilithium5_p384_pem_type "dilithium5_p384" -#define dilithium3_bp256_evp_type 0 -#define dilithium3_bp256_input_type "dilithium3_bp256" -#define dilithium3_bp256_pem_type "dilithium3_bp256" -#define dilithium3_ed25519_evp_type 0 -#define dilithium3_ed25519_input_type "dilithium3_ed25519" -#define dilithium3_ed25519_pem_type "dilithium3_ed25519" -#define dilithium3_pss3072_evp_type 0 -#define dilithium3_pss3072_input_type "dilithium3_pss3072" -#define dilithium3_pss3072_pem_type "dilithium3_pss3072" -#define dilithium5_bp384_evp_type 0 -#define dilithium5_bp384_input_type "dilithium5_bp384" -#define dilithium5_bp384_pem_type "dilithium5_bp384" -#define dilithium5_ed448_evp_type 0 -#define dilithium5_ed448_input_type "dilithium5_ed448" -#define dilithium5_ed448_pem_type "dilithium5_ed448" -#define falcon512_bp256_evp_type 0 -#define falcon512_bp256_input_type "falcon512_bp256" -#define falcon512_bp256_pem_type "falcon512_bp256" -#define falcon512_ed25519_evp_type 0 -#define falcon512_ed25519_input_type "falcon512_ed25519" -#define falcon512_ed25519_pem_type "falcon512_ed25519" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -2055,6 +2055,41 @@ MAKE_ENCODER(, rsa3072_dilithium2, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_dilithium2); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_pss2048); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_rsa2048); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_ed25519); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_p256); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium2_bp256); MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3, oqsx, PrivateKeyInfo, der); @@ -2069,6 +2104,41 @@ MAKE_ENCODER(, p384_dilithium3, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p384_dilithium3); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_pss3072); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_rsa3072); +MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_p256); +MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_bp256); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium3_ed25519); MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5, oqsx, PrivateKeyInfo, der); @@ -2083,6 +2153,27 @@ MAKE_ENCODER(, p521_dilithium5, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p521_dilithium5); +MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_p384); +MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_bp384); +MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, dilithium5_ed448); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512, oqsx, PrivateKeyInfo, der); @@ -2104,6 +2195,27 @@ MAKE_ENCODER(, rsa3072_falcon512, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_falcon512); +MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_p256); +MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_bp256); +MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falcon512_ed25519); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon1024, oqsx, PrivateKeyInfo, der); @@ -2201,116 +2313,4 @@ MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_sphincsshake128fsimple); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_rsa3072); -MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_p256); -MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_p256); -MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_p384); -MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_bp256); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_ed25519); -MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_bp384); -MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_ed448); -MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_bp256); -MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_ed25519); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_pss3072); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_pss2048); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_rsa2048); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_ed25519); -MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_p256); -MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_bp256); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index dcde2dbc..09bb2b31 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -614,138 +614,314 @@ static void *rsa3072_dilithium2_gen_init(void *provctx, int selection) return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); } +static void *dilithium2_pss2048_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); +} + +static void *dilithium2_pss2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); +} +static void *dilithium2_rsa2048_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); +} + +static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); +} +static void *dilithium2_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); +} + +static void *dilithium2_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); +} +static void *dilithium2_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); +} + +static void *dilithium2_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); +} +static void *dilithium2_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); +} + +static void *dilithium2_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); +} static void *dilithium3_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3", KEY_TYPE_SIG, NULL, 192, 3); + "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); } static void *dilithium3_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3", 0, 192, 3); + "dilithium3", 0, 192, 8); } static void *p384_dilithium3_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 4); + "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); } static void *p384_dilithium3_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 4); + "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); +} +static void *dilithium3_pss3072_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); +} + +static void *dilithium3_pss3072_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); +} +static void *dilithium3_rsa3072_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); +} + +static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); +} +static void *dilithium3_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); +} + +static void *dilithium3_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); +} +static void *dilithium3_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); +} + +static void *dilithium3_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); +} +static void *dilithium3_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); +} + +static void *dilithium3_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); } static void *dilithium5_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5", KEY_TYPE_SIG, NULL, 256, 5); + "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); } static void *dilithium5_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5", 0, 256, 5); + "dilithium5", 0, 256, 15); } static void *p521_dilithium5_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 6); + "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); } static void *p521_dilithium5_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 6); + "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); +} +static void *dilithium5_p384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); +} + +static void *dilithium5_p384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); +} +static void *dilithium5_bp384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); +} + +static void *dilithium5_bp384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); +} +static void *dilithium5_ed448_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); +} + +static void *dilithium5_ed448_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); } static void *falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512", KEY_TYPE_SIG, NULL, 128, 7); + "falcon512", KEY_TYPE_SIG, NULL, 128, 20); } static void *falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512", 0, 128, 7); + "falcon512", 0, 128, 20); } static void *p256_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 8); + "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); } static void *p256_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 8); + "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); } static void *rsa3072_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 9); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); } static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 9); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); +} +static void *falcon512_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); +} + +static void *falcon512_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); +} +static void *falcon512_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); +} + +static void *falcon512_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); +} +static void *falcon512_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); +} + +static void *falcon512_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); } static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 10); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 10); + "falcon1024", 0, 256, 26); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 11); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 11); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 12); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 12); + "sphincssha2128fsimple", 0, 128, 28); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 13); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 13); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 14); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -753,39 +929,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 14); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 15); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 15); + "sphincssha2128ssimple", 0, 128, 31); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 16); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 16); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 17); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -793,66 +969,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 17); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 18); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 18); + "sphincssha2192fsimple", 0, 192, 34); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 19); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 19); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 20); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 20); + "sphincsshake128fsimple", 0, 128, 36); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 21); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 21); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 22); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -860,200 +1036,9 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 22); -} - -static void *dilithium3_rsa3072_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 23); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); } -static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 23); -} - -static void *dilithium3_p256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 24); -} - -static void *dilithium3_p256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 24); -} - -static void *falcon512_p256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 25); -} - -static void *falcon512_p256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 25); -} - -static void *dilithium5_p384_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 26); -} - -static void *dilithium5_p384_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 26); -} - -static void *dilithium3_bp256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 27); -} - -static void *dilithium3_bp256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 27); -} - -static void *dilithium3_ed25519_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 28); -} - -static void *dilithium3_ed25519_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 28); -} - -static void *dilithium5_bp384_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 29); -} - -static void *dilithium5_bp384_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 29); -} - -static void *dilithium5_ed448_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 30); -} - -static void *dilithium5_ed448_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 30); -} - -static void *falcon512_bp256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); -} - -static void *falcon512_bp256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); -} - -static void *falcon512_ed25519_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); -} - -static void *falcon512_ed25519_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); -} - -static void *dilithium3_pss3072_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 33); -} - -static void *dilithium3_pss3072_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 33); -} - -static void *dilithium2_pss2048_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 34); -} - -static void *dilithium2_pss2048_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 34); -} - -static void *dilithium2_rsa2048_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 35); -} - -static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 35); -} - -static void *dilithium2_ed25519_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 36); -} - -static void *dilithium2_ed25519_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 36); -} - -static void *dilithium2_p256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 37); -} - -static void *dilithium2_p256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 37); -} - -static void *dilithium2_bp256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 38); -} - -static void *dilithium2_bp256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 38); -} ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1206,13 +1191,29 @@ static void *dilithium2_bp256_gen_init(void *provctx, int selection) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_dilithium2) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_dilithium2) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_pss2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_rsa2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3) MAKE_SIG_KEYMGMT_FUNCTIONS(p384_dilithium3) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_rsa3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_bp256) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_dilithium5) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_p384) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) +MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) +MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincssha2128fsimple) @@ -1226,22 +1227,6 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(p384_sphincssha2192fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincsshake128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_sphincsshake128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincsshake128fsimple) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_rsa3072) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_p384) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_bp256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss3072) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_pss2048) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_rsa2048) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_bp256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 79d5edaa..7192f60e 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -204,6 +204,7 @@ char *get_oqsname_fromtls(char *tlsname); char *get_oqsname(int nid); char *get_cmpname(int nid, int index); int get_oqsalg_idx(int nid); +int get_composite_idx(int idx); /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); @@ -1007,6 +1008,91 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1041,6 +1127,91 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1075,6 +1246,57 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_dilithium5_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1127,39 +1349,90 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; + oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; + oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; + oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_text_encoder_functions[]; + oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; + oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[]; + oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; + oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; + oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_text_encoder_functions[]; + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; + oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; + oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1404,292 +1677,35 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions []; - -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[]; @@ -1706,22 +1722,6 @@ extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 1dddeb4e..b4785056 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,12 +27,6 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -#ifdef OQS_KEM_ENCODERS /*idx to the first composite in the composite idx \ - block*/ -# define COMPOSITE_IDX_ADJUST 65 -#else -# define COMPOSITE_IDX_ADJUST 23 -#endif #ifdef NDEBUG # define OQS_SIG_PRINTF(a) @@ -219,42 +213,45 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } +// this next two list need to be in order of the last number on the OID from the +// composite static const char *composite_OID_prefix[] = { + "69642D4D4C44534134342D525341323034382D5053532D534841323536", // dilithium2_pss2048 + "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", // dilithium2_rsa2048 + "69642D4D4C44534134342D456432353531392D534841353132", // dilithium2_ed25519 + "69642D4D4C44534134342D45434453412D503235362D534841323536", // dilithium2_p256 + "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium2_bp256 + "69642D4D4C44534136352D525341333037322D5053532D534841323536", // dilithium3_pss3072 "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", // dilithium3_rsa3072 "69642D4D4C44534136352D45434453412D503235362D534841323536", // dilithium3_p256 - "69642D46616C6F6E3531322D45434453412D503235362D534841323536", // falcon512_p256 - "69642D4D4C44534138372D45434453412D503338342D534841333834", // dilithium5_p384 "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium3_bp256 "69642D4D4C44534136352D456432353531392D534841353132", // dilithium3_ed25519 + "69642D4D4C44534138372D45434453412D503338342D534841333834", // dilithium5_p384 "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", // dilithium5_bp384 "69642D4D4C44534138372D45643434382D5348414B45323536", // dilithium5_ed448 + "69642D46616C6F6E3531322D45434453412D503235362D534841323536", // falcon512_p256 "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", // falcon512_bp256 "69642D46616C636F6E3531322D456432353531392D534841353132", // falcon512_ed25519 - "69642D4D4C44534136352D525341333037322D5053532D534841323536", // dilithium3_pss3072 - "69642D4D4C44534134342D525341323034382D5053532D534841323536", // dilithium2_pss2048 - "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", // dilithium2_rsa2048 - "69642D4D4C44534134342D456432353531392D534841353132", // dilithium2_ed25519 - "69642D4D4C44534134342D45434453412D503235362D534841323536", // dilithium2_p256 - "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium2_bp256 + }; static const size_t composite_OID_prefix_len[] = { + 58, // dilithium2_pss2048 + 64, // dilithium2_rsa2048 + 50, // dilithium2_ed25519 + 56, // dilithium2_p256 + 78, // dilithium2_bp256 + 58, // dilithium3_pss3072 64, // dilithium3_rsa3072 56, // dilithium3_p256 - 58, // falcon512_p256 - 56, // dilithium5_p384 78, // dilithium3_bp256 50, // dilithium3_ed25519 + 56, // dilithium5_p384 78, // dilithium5_bp384 50, // dilithium5_ed448 + 58, // falcon512_p256 82, // falcon512_bp256 54, // falcon512_ed25519 - 58, // dilithium3_pss3072 - 58, // dilithium2_pss2048 - 64, // dilithium2_rsa2048 - 50, // dilithium2_ed25519 - 56, // dilithium2_p256 - 78, // dilithium2_bp256 }; /* On entry to this function, data to be signed (tbs) might have been hashed @@ -389,10 +386,10 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); const char *oid_prefix - = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; const size_t oid_prefix_len - = composite_OID_prefix_len[get_oqsalg_idx(nid) - - COMPOSITE_IDX_ADJUST]; + = composite_OID_prefix_len[get_composite_idx(get_oqsalg_idx(nid)) + - 1]; char *final_tbs; size_t final_tbslen = oid_prefix_len; @@ -751,10 +748,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, unsigned char *buf; size_t buf_len; const char *oid_prefix - = composite_OID_prefix[get_oqsalg_idx(nid) - COMPOSITE_IDX_ADJUST]; + = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; const size_t oid_prefix_len - = composite_OID_prefix_len[get_oqsalg_idx(nid) - - COMPOSITE_IDX_ADJUST]; + = composite_OID_prefix_len[get_composite_idx(get_oqsalg_idx(nid)) + - 1]; char *final_tbs; size_t final_tbslen = oid_prefix_len; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 17d73480..3496d68d 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -203,22 +203,10 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium2_pss2048), DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, dilithium2_pss2048), - DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, - dilithium2_pss2048), - DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, - dilithium2_pss2048), DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, dilithium2_rsa2048), DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, dilithium2_rsa2048), - DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, - dilithium2_ed25519), - DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, - dilithium2_ed25519), DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, dilithium2_ed25519), DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, @@ -227,14 +215,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium2_p256), DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, dilithium2_p256), - DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, - dilithium2_bp256), - DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, - dilithium2_bp256), DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, dilithium2_bp256), DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, @@ -247,10 +227,10 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), p384_dilithium3), DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, p384_dilithium3), - DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, - dilithium3_rsa3072), - DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, - dilithium3_p256), + DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, + dilithium3_pss3072), + DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, + dilithium3_pss3072), DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, dilithium3_rsa3072), DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, @@ -267,11 +247,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), dilithium3_ed25519), DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), - DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, - dilithium3_pss3072), - DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, - dilithium3_pss3072), - #endif #ifdef OQS_ENABLE_SIG_dilithium_5 DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), @@ -303,8 +278,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_falcon512), DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512), - DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, - falcon512_p256), DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 165fb62d..88729583 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -665,6 +665,19 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p384_dilithium3", p384_dilithium3), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, @@ -717,20 +730,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), - #endif #ifdef OQS_ENABLE_SIG_dilithium_5 ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 24d02400..47f34c8a 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -150,20 +150,52 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_dilithium2", "1.3.9999.2.7.2", "rsa3072_dilithium2", + "2.16.840.1.114027.80.7.1.1", + "dilithium2_pss2048", + "2.16.840.1.114027.80.7.1.2", + "dilithium2_rsa2048", + "2.16.840.1.114027.80.7.1.3", + "dilithium2_ed25519", + "2.16.840.1.114027.80.7.1.4", + "dilithium2_p256", + "2.16.840.1.114027.80.7.1.5", + "dilithium2_bp256", "1.3.6.1.4.1.2.267.7.6.5", "dilithium3", "1.3.9999.2.7.3", "p384_dilithium3", + "2.16.840.1.114027.80.7.1.6", + "dilithium3_pss3072", + "2.16.840.1.114027.80.7.1.7", + "dilithium3_rsa3072", + "2.16.840.1.114027.80.7.1.8", + "dilithium3_p256", + "2.16.840.1.114027.80.7.1.9", + "dilithium3_bp256", + "2.16.840.1.114027.80.7.1.10", + "dilithium3_ed25519", "1.3.6.1.4.1.2.267.7.8.7", "dilithium5", "1.3.9999.2.7.4", "p521_dilithium5", + "2.16.840.1.114027.80.7.1.11", + "dilithium5_p384", + "2.16.840.1.114027.80.7.1.12", + "dilithium5_bp384", + "2.16.840.1.114027.80.7.1.13", + "dilithium5_ed448", "1.3.9999.3.6", "falcon512", "1.3.9999.3.7", "p256_falcon512", "1.3.9999.3.8", "rsa3072_falcon512", + "2.16.840.1.114027.80.7.1.14", + "falcon512_p256", + "2.16.840.1.114027.80.7.1.15", + "falcon512_bp256", + "2.16.840.1.114027.80.7.1.16", + "falcon512_ed25519", "1.3.9999.3.9", "falcon1024", "1.3.9999.3.10", @@ -190,38 +222,6 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_sphincsshake128fsimple", "1.3.9999.6.7.15", "rsa3072_sphincsshake128fsimple", - "2.16.840.1.114027.80.7.1.7", - "dilithium3_rsa3072", - "2.16.840.1.114027.80.7.1.8", - "dilithium3_p256", - "2.16.840.1.114027.80.7.1.9", - "dilithium3_bp256", - "2.16.840.1.114027.80.7.1.10", - "dilithium3_ed25519", - "2.16.840.1.114027.80.7.1.11", - "dilithium5_p384", - "2.16.840.1.114027.80.7.1.12", - "dilithium5_bp384", - "2.16.840.1.114027.80.7.1.13", - "dilithium5_ed448", - "2.16.840.1.114027.80.7.1.14", - "falcon512_p256", - "2.16.840.1.114027.80.7.1.15", - "falcon512_bp256", - "2.16.840.1.114027.80.7.1.16", - "falcon512_ed25519", - "2.16.840.1.114027.80.7.1.6", - "dilithium3_pss3072", - "2.16.840.1.114027.80.7.1.1", - "dilithium2_pss2048", - "2.16.840.1.114027.80.7.1.2", - "dilithium2_rsa2048", - "2.16.840.1.114027.80.7.1.3", - "dilithium2_ed25519", - "2.16.840.1.114027.80.7.1.4", - "dilithium2_p256", - "2.16.840.1.114027.80.7.1.5", - "dilithium2_bp256", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -423,112 +423,192 @@ int oqs_patch_encodings(void) if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) + oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) + oqs_alg_encoding_list[7] + = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) + oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) + oqs_alg_encoding_list[9] + = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) + oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) + oqs_alg_encoding_list[11] + = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256")) + oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) + oqs_alg_encoding_list[13] + = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) + oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) + oqs_alg_encoding_list[15] + = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM3")) - oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM3"); + oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); + oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); if (getenv("OQS_ENCODING_P384_DILITHIUM3")) - oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P384_DILITHIUM3"); + oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[9] + oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) + oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) + oqs_alg_encoding_list[21] + = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) + oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) + oqs_alg_encoding_list[23] + = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256")) + oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) + oqs_alg_encoding_list[25] + = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) + oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) + oqs_alg_encoding_list[27] + = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) + oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) + oqs_alg_encoding_list[29] + = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM5")) - oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM5"); + oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); + oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_P521_DILITHIUM5")) - oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_P521_DILITHIUM5"); + oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[13] + oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384")) + oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) + oqs_alg_encoding_list[35] + = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) + oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) + oqs_alg_encoding_list[37] + = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) + oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) + oqs_alg_encoding_list[39] + = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512")) - oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_FALCON512"); + oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) - oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); + oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_P256_FALCON512")) - oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_FALCON512"); + oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) - oqs_alg_encoding_list[17] + oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_FALCON512")) - oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) - oqs_alg_encoding_list[19] + oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_P256")) + oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); + if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) + oqs_alg_encoding_list[47] + = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_BP256")) + oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); + if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) + oqs_alg_encoding_list[49] + = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_ED25519")) + oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); + if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) + oqs_alg_encoding_list[51] + = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_FALCON1024"); + oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P521_FALCON1024"); + oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[23] + oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[24] + oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[25] + oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[26] + oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[27] + oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[28] + oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[29] + oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[30] + oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[31] + oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[32] + oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[33] + oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[34] + oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[35] + oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[36] + oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[37] + oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[38] + oqs_alg_encoding_list[70] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[39] + oqs_alg_encoding_list[71] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[40] + oqs_alg_encoding_list[72] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[41] + oqs_alg_encoding_list[73] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[42] + oqs_alg_encoding_list[74] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[43] + oqs_alg_encoding_list[75] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[44] + oqs_alg_encoding_list[76] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[45] + oqs_alg_encoding_list[77] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; @@ -578,35 +658,34 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium2", 128, oqs_signature_functions), SIGALG("p256_dilithium2", 128, oqs_signature_functions), SIGALG("rsa3072_dilithium2", 128, oqs_signature_functions), - SIGALG("dilithium2_pss2048", 128, oqs_signature_functions), - SIGALG("dilithium2_rsa2048", 128, oqs_signature_functions), + SIGALG("dilithium2_pss2048", 112, oqs_signature_functions), + SIGALG("dilithium2_rsa2048", 112, oqs_signature_functions), SIGALG("dilithium2_ed25519", 128, oqs_signature_functions), SIGALG("dilithium2_p256", 128, oqs_signature_functions), - SIGALG("dilithium2_bp256", 128, oqs_signature_functions), + SIGALG("dilithium2_bp256", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), SIGALG("p384_dilithium3", 192, oqs_signature_functions), - SIGALG("dilithium3_rsa3072", 192, oqs_signature_functions), - SIGALG("dilithium3_p256", 192, oqs_signature_functions), - SIGALG("dilithium3_bp256", 192, oqs_signature_functions), - SIGALG("dilithium3_ed25519", 192, oqs_signature_functions), - SIGALG("dilithium3_pss3072", 192, oqs_signature_functions), - + SIGALG("dilithium3_pss3072", 128, oqs_signature_functions), + SIGALG("dilithium3_rsa3072", 128, oqs_signature_functions), + SIGALG("dilithium3_p256", 128, oqs_signature_functions), + SIGALG("dilithium3_bp256", 256, oqs_signature_functions), + SIGALG("dilithium3_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), SIGALG("p521_dilithium5", 256, oqs_signature_functions), - SIGALG("dilithium5_p384", 256, oqs_signature_functions), - SIGALG("dilithium5_bp384", 256, oqs_signature_functions), - SIGALG("dilithium5_ed448", 256, oqs_signature_functions), + SIGALG("dilithium5_p384", 192, oqs_signature_functions), + SIGALG("dilithium5_bp384", 384, oqs_signature_functions), + SIGALG("dilithium5_ed448", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_signature_functions), SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), SIGALG("falcon512_p256", 128, oqs_signature_functions), - SIGALG("falcon512_bp256", 128, oqs_signature_functions), + SIGALG("falcon512_bp256", 256, oqs_signature_functions), SIGALG("falcon512_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 @@ -722,35 +801,34 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("dilithium2", 128, oqs_dilithium2_keymgmt_functions), SIGALG("p256_dilithium2", 128, oqs_p256_dilithium2_keymgmt_functions), SIGALG("rsa3072_dilithium2", 128, oqs_rsa3072_dilithium2_keymgmt_functions), - SIGALG("dilithium2_pss2048", 128, oqs_dilithium2_pss2048_keymgmt_functions), - SIGALG("dilithium2_rsa2048", 128, oqs_dilithium2_rsa2048_keymgmt_functions), + SIGALG("dilithium2_pss2048", 112, oqs_dilithium2_pss2048_keymgmt_functions), + SIGALG("dilithium2_rsa2048", 112, oqs_dilithium2_rsa2048_keymgmt_functions), SIGALG("dilithium2_ed25519", 128, oqs_dilithium2_ed25519_keymgmt_functions), SIGALG("dilithium2_p256", 128, oqs_dilithium2_p256_keymgmt_functions), - SIGALG("dilithium2_bp256", 128, oqs_dilithium2_bp256_keymgmt_functions), + SIGALG("dilithium2_bp256", 256, oqs_dilithium2_bp256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), SIGALG("p384_dilithium3", 192, oqs_p384_dilithium3_keymgmt_functions), - SIGALG("dilithium3_rsa3072", 192, oqs_dilithium3_rsa3072_keymgmt_functions), - SIGALG("dilithium3_p256", 192, oqs_dilithium3_p256_keymgmt_functions), - SIGALG("dilithium3_bp256", 192, oqs_dilithium3_bp256_keymgmt_functions), - SIGALG("dilithium3_ed25519", 192, oqs_dilithium3_ed25519_keymgmt_functions), - SIGALG("dilithium3_pss3072", 192, oqs_dilithium3_pss3072_keymgmt_functions), - + SIGALG("dilithium3_pss3072", 128, oqs_dilithium3_pss3072_keymgmt_functions), + SIGALG("dilithium3_rsa3072", 128, oqs_dilithium3_rsa3072_keymgmt_functions), + SIGALG("dilithium3_p256", 128, oqs_dilithium3_p256_keymgmt_functions), + SIGALG("dilithium3_bp256", 256, oqs_dilithium3_bp256_keymgmt_functions), + SIGALG("dilithium3_ed25519", 128, oqs_dilithium3_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), SIGALG("p521_dilithium5", 256, oqs_p521_dilithium5_keymgmt_functions), - SIGALG("dilithium5_p384", 256, oqs_dilithium5_p384_keymgmt_functions), - SIGALG("dilithium5_bp384", 256, oqs_dilithium5_bp384_keymgmt_functions), - SIGALG("dilithium5_ed448", 256, oqs_dilithium5_ed448_keymgmt_functions), + SIGALG("dilithium5_p384", 192, oqs_dilithium5_p384_keymgmt_functions), + SIGALG("dilithium5_bp384", 384, oqs_dilithium5_bp384_keymgmt_functions), + SIGALG("dilithium5_ed448", 192, oqs_dilithium5_ed448_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), SIGALG("falcon512_p256", 128, oqs_falcon512_p256_keymgmt_functions), - SIGALG("falcon512_bp256", 128, oqs_falcon512_bp256_keymgmt_functions), + SIGALG("falcon512_bp256", 256, oqs_falcon512_bp256_keymgmt_functions), SIGALG("falcon512_ed25519", 128, oqs_falcon512_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 @@ -883,6 +961,23 @@ static const OSSL_ALGORITHM oqsprovider_decoder[] = { #undef DECODER_PROVIDER }; +// get the last number on the composite OID +int get_composite_idx(int idx) +{ + char *first_token; + char *token; + char *s; + int i; + s = OPENSSL_strdup(oqs_oid_alg_list[idx * 2]); + first_token = strtok_r(s, ".", &s); + for (i = 0; i <= 7; i++) { // 7 dots in composite OID + token = strtok_r(NULL, ".", &s); + } + i = atoi(token); + OPENSSL_free(first_token); + return i; +} + static const OSSL_PARAM *oqsprovider_gettable_params(void *provctx) { return oqsprovider_param_types; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 76087dfc..20fb3049 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -119,13 +119,29 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, + {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, {0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192}, {0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192}, + {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, + {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256}, {0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256}, + {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, + {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, + {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, + {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, @@ -150,22 +166,6 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128}, - {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, - {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, - {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, - {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, - {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, - {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; diff --git a/scripts/common.py b/scripts/common.py index 7b936214..88c609e5 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -19,7 +19,8 @@ 'dilithium2','dilithium3','dilithium5','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', -##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END + # post-quantum + classical signatures (COMPOSITE) + 'dilithium2_pss2048','dilithium2_rsa2048','dilithium2_ed25519','dilithium2_p256','dilithium2_bp256','dilithium3_pss3072','dilithium3_rsa3072','dilithium3_p256','dilithium3_bp256','dilithium3_ed25519','dilithium5_p384','dilithium5_bp384','dilithium5_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519',##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] SERVER_START_ATTEMPTS = 10 From 74c334ff695bf0676290e98d8269677b7b2cbcd1 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 12 Dec 2023 14:32:23 -0600 Subject: [PATCH 085/164] missed one file from last commit Signed-off-by: Felipe Ventura --- .../oqsprov/oqs_encode_key2any.c/encoder_defines.fragment | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment index e5caab63..9eb193c0 100644 --- a/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment +++ b/oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment @@ -19,6 +19,11 @@ # define {{ classical_alg['name'] }}_{{ variant['name'] }}_input_type "{{ classical_alg['name'] }}_{{ variant['name'] }}" # define {{ classical_alg['name'] }}_{{ variant['name'] }}_pem_type "{{ classical_alg['name'] }}_{{ variant['name'] }}" {%- endfor -%} + {%- for composite_alg in variant['composite'] %} +# define {{ variant['name'] }}_{{ composite_alg['name'] }}_evp_type 0 +# define {{ variant['name'] }}_{{ composite_alg['name'] }}_input_type "{{ variant['name'] }}_{{ composite_alg['name'] }}" +# define {{ variant['name'] }}_{{ composite_alg['name'] }}_pem_type "{{ variant['name'] }}_{{ composite_alg['name'] }}" + {%- endfor -%} {%- endfor %} {%- endfor %} From bd9dd85a8124838d0126b4573171c311d3de4f87 Mon Sep 17 00:00:00 2001 From: thomas <108470890+thb-sb@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:30:34 +0100 Subject: [PATCH 086/164] Use `build` directory instead of `_build`. (#314) Signed-off-by: Felipe Ventura --- .circleci/config.yml | 36 ++++++++++++------------- .github/workflows/linux.yml | 8 +++--- .github/workflows/macos.yml | 14 +++++----- .github/workflows/standalone.yml | 6 ++--- .github/workflows/windows.yml | 46 ++++++++++++++++---------------- .gitignore | 4 +-- ALGORITHMS.md | 2 +- NOTES-UNIX.md | 14 +++++----- NOTES-Windows.md | 12 ++++----- README.md | 10 +++---- scripts/common.py | 4 +-- scripts/fullbuild.sh | 14 +++++----- scripts/release-test.sh | 4 +-- scripts/runtests.sh | 4 +-- 14 files changed, 89 insertions(+), 89 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c900afdb..b14d8626 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,7 +41,7 @@ jobs: name: Clone and build liboqs (<< parameters.CMAKE_ARGS >>) command: | git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && - cd liboqs && mkdir _build && cd _build && + cd liboqs && mkdir build && cd build && cmake -GNinja << parameters.CMAKE_ARGS >> -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install && cd .. && cd .. && pwd - when: @@ -61,9 +61,9 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. + mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - when: condition: @@ -76,15 +76,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. + mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ + ctest --test-dir build/ else ./scripts/runtests.sh -V fi @@ -107,15 +107,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - rm -rf _build && mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja + rm -rf build && mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - run: name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON) command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ + ctest --test-dir build/ else ./scripts/runtests.sh -V fi @@ -159,7 +159,7 @@ jobs: name: Clone and build liboqs command: | git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && - export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir _build && cd _build && + export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir build && cd build && export OPENSSL_INSTALL="$(brew --prefix << parameters.OPENSSL_PREINSTALL >> || echo "")" cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" -DCMAKE_INSTALL_PREFIX=$LIBOQS_INSTALLPATH << parameters.CMAKE_ARGS >> .. && ninja install && cd .. && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$LIBOQS_INSTALLPATH/lib" >> "$BASH_ENV" @@ -180,9 +180,9 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - export OPENSSL_INSTALL=$(pwd)/.local && mkdir _build && cd _build && cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" + export OPENSSL_INSTALL=$(pwd)/.local && mkdir build && cd build && cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - when: condition: @@ -196,15 +196,15 @@ jobs: oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi export OPENSSL_INSTALL="$(brew --prefix << parameters.OPENSSL_PREINSTALL >>)" - mkdir _build && cd _build && liboqs_DIR=`pwd`/../.local cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$OPENSSL_INSTALL/lib" >> "$BASH_ENV" + mkdir build && cd build && liboqs_DIR=`pwd`/../.local cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$OPENSSL_INSTALL/lib" >> "$BASH_ENV" if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ --output-on-failure + ctest --test-dir build/ --output-on-failure else ./scripts/runtests.sh -V fi @@ -215,15 +215,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja + rm -rf build && mkdir build && cd build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file _build/lib/oqsprovider.a + file build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir _build/ --output-on-failure + ctest --test-dir build/ --output-on-failure else ./scripts/runtests.sh -V fi diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 2324be25..057845c4 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -24,7 +24,7 @@ jobs: - name: Full build run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing - run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so + run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V @@ -52,7 +52,7 @@ jobs: - name: Full build run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing - run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so + run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V - name: Verify nothing changes on re-generate code @@ -68,12 +68,12 @@ jobs: ! git status | grep modified - name: Build .deb install package run: cpack - working-directory: _build + working-directory: build - name: Retain .deb installer uses: actions/upload-artifact@v3 with: name: oqsprovider-x64 - path: _build/*.deb + path: build/*.deb asan_linux_intel: name: "Security checks" diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 7a6f95f4..6ecc434f 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -57,17 +57,17 @@ jobs: key: ${{ runner.os }}-openssl32 - name: build liboqs run: | - cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs ${{ matrix.params.oqsconfig }} -S . -B _build - cmake --build _build - cmake --install _build + cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs ${{ matrix.params.oqsconfig }} -S . -B build + cmake --build build + cmake --install build working-directory: liboqs - name: build oqs-provider - run: liboqs_DIR=.localliboqs cmake -DOPENSSL_ROOT_DIR=.localopenssl32 -S . -B _build && cmake --build _build + run: liboqs_DIR=.localliboqs cmake -DOPENSSL_ROOT_DIR=.localopenssl32 -S . -B build && cmake --build build - name: Check Openssl providers - run: OPENSSL_MODULES=_build/lib .localopenssl32/bin/openssl list -providers -provider oqsprovider -provider default + run: OPENSSL_MODULES=build/lib .localopenssl32/bin/openssl list -providers -provider oqsprovider -provider default - name: Run tests run: PATH=../.localopenssl32/bin:$PATH ctest -V - working-directory: _build + working-directory: build # Try brew install of head: If error message below appears, build and test passed successfully - name: brew install test run: brew install --HEAD --formula -s oqsprovider.rb 2>&1 | grep "Empty installation" @@ -76,4 +76,4 @@ jobs: uses: actions/upload-artifact@v3 with: name: oqs-provider-${{matrix.os}}-x64 - path: _build/lib/oqsprovider.dylib + path: build/lib/oqsprovider.dylib diff --git a/.github/workflows/standalone.yml b/.github/workflows/standalone.yml index 6e27e626..3e949d94 100644 --- a/.github/workflows/standalone.yml +++ b/.github/workflows/standalone.yml @@ -5,7 +5,7 @@ on: branches: [ '*' ] pull_request: branches: [ "main" ] - + jobs: macos_intel: @@ -18,9 +18,9 @@ jobs: - name: Checkout oqsprovider code uses: actions/checkout@v2 - name: Build oqsprovider - run: cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B _build && cmake --build _build + run: cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B build && cmake --build build - name: Test oqsprovider - run: ctest --parallel 5 --test-dir _build + run: ctest --parallel 5 --test-dir build linux_intel: runs-on: ubuntu-latest diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index ca6bfaef..7e75aa91 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -58,8 +58,8 @@ jobs: which cmake cmake --version gcc --version - mkdir _build - cd _build + mkdir build + cd build cmake -GNinja -DOPENSSL_ROOT_DIR=/opt/openssl32 -DCMAKE_INSTALL_PREFIX="${{ env.IP }}" ${{ matrix.platform.oqsconfig }} -DCMAKE_C_COMPILER=gcc .. ninja ninja install @@ -79,17 +79,17 @@ jobs: c:\cygwin\opt\openssl32 key: ${{ runner.os }}-cygwinopenssl32 - name: build oqs-provider - run: bash -c "git config --global --add safe.directory $(cygpath -u $PWD) && liboqs_DIR='${{ env.IP }}' cmake -GNinja -DCMAKE_C_COMPILER=gcc -DOPENSSL_ROOT_DIR=/opt/openssl32 -S . -B _build && cd _build && ninja && cd .." + run: bash -c "git config --global --add safe.directory $(cygpath -u $PWD) && liboqs_DIR='${{ env.IP }}' cmake -GNinja -DCMAKE_C_COMPILER=gcc -DOPENSSL_ROOT_DIR=/opt/openssl32 -S . -B build && cd build && ninja && cd .." - name: Check Openssl providers - run: bash -c "OPENSSL_MODULES=_build/lib /opt/openssl32/bin/openssl list -providers -provider oqsprovider -provider default" + run: bash -c "OPENSSL_MODULES=build/lib /opt/openssl32/bin/openssl list -providers -provider oqsprovider -provider default" - name: Run tests run: bash -c "echo $PATH && PATH=/opt/openssl32/bin:/usr/bin ctest -V" - working-directory: _build + working-directory: build - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-cygwin - path: D:/a/oqs-provider/oqs-provider/_build/bin/oqsprovider.dll + path: D:/a/oqs-provider/oqs-provider/build/bin/oqsprovider.dll msvc: # Run a job for each of the specified target architectures: @@ -139,10 +139,10 @@ jobs: if: steps.cache-openssl32.outputs.cache-hit != 'true' # OQS_USE_OPENSSL=OFF by default on Win32 # if cmake --build fails, try explicit -# cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release -# fails: cmake -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -S . -B _build -# cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release && cd .. -# cmake --install _build +# cd build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release +# fails: cmake -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -S . -B build +# cd build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release && cd .. +# cmake --install build - name: build liboqs run: | cmake --version @@ -154,7 +154,7 @@ jobs: working-directory: liboqs - name: prepare the OpenSSL build directory if: steps.cache-openssl32.outputs.cache-hit != 'true' - run: mkdir _build + run: mkdir build working-directory: openssl - name: OpenSSL config if: steps.cache-openssl32.outputs.cache-hit != 'true' @@ -187,17 +187,17 @@ jobs: key: ${{ runner.os }}-msvcopenssl32 - name: build oqs-provider run: | - cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build - cd _build + cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B build + cd build ninja - name: Run tests run: | - ctest -V --test-dir _build + ctest -V --test-dir build - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-msvc - path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll + path: D:/a/oqs-provider/oqs-provider/build/lib/oqsprovider.dll msvc_native: # Run a job for each of the specified target architectures: @@ -210,7 +210,7 @@ jobs: - arch: win64 oqsconfig: -DOQS_ALGS_ENABLED=STD osslconfig: no-shared no-fips VC-WIN64A - toolchain: + toolchain: - .CMake/toolchain_windows_amd64.cmake msarch: - x64 @@ -258,12 +258,12 @@ jobs: run: | cmake --version cmake -B build --toolchain ${{ matrix.toolchain }} . - cmake --build build + cmake --build build cmake --build build --target INSTALL working-directory: liboqs - name: prepare the OpenSSL build directory if: steps.cache-openssl32n.outputs.cache-hit != 'true' - run: mkdir _build + run: mkdir build working-directory: openssl - name: OpenSSL config if: steps.cache-openssl32n.outputs.cache-hit != 'true' @@ -292,14 +292,14 @@ jobs: key: ${{ runner.os }}-msvcopenssl32n - name: build oqs-provider run: | - cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build - cmake --build _build --config=${{ matrix.type }} + cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B build + cmake --build build --config=${{ matrix.type }} - name: Run tests run: | - ctest --test-dir _build -C ${{ matrix.type }} + ctest --test-dir build -C ${{ matrix.type }} - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-msvc - path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll - + path: D:/a/oqs-provider/oqs-provider/build/lib/oqsprovider.dll + diff --git a/.gitignore b/.gitignore index 003421d7..137ff80b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,12 @@ # checked out OSSL variants -openssl*/* +openssl*/* openssl # checked out liboqs liboqs # installed SW .local # build directory -_build +build # generated from openssl src: test/ssltestlib.c test/ssltestlib.h diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 9ec32f93..314ba3cb 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -107,7 +107,7 @@ can be used to successfully confirm interoperability between the oqs-provider and the Cloudflare infrastructure using this hybrid classic/quantum-safe algorithm: ``` -OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25519_kyber512 -connect cloudflare.com:443 -provider-path _build/oqsprov -provider oqsprovider -provider default +OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25519_kyber512 -connect cloudflare.com:443 -provider-path build/oqsprov -provider oqsprovider -provider default ``` # OIDs diff --git a/NOTES-UNIX.md b/NOTES-UNIX.md index af40c8fa..5b7a5b95 100644 --- a/NOTES-UNIX.md +++ b/NOTES-UNIX.md @@ -28,30 +28,30 @@ to be present to be build, e.g., via `apt install cmake build-essential git`. ## Build Standard `cmake` build sequence can be used (assuming prerequisites are installed) -to build in/install from directory `_build`: +to build in/install from directory `build`: - cmake -S . -B _build && cmake --build _build && cmake --install _build + cmake -S . -B build && cmake --build build && cmake --install build If `openssl` and/or `liboqs` have not been installed to system standard locations -use the `cmake` define "-DOPENSSL_ROOT_DIR" and/or the environment variable +use the `cmake` define "-DOPENSSL_ROOT_DIR" and/or the environment variable "liboqs_DIR" to utilize those, e.g., like this: - liboqs_DIR=../liboqs cmake -DOPENSSL_ROOT_DIR=/opt/openssl3 -S . -B _build && cmake --build _build && cmake --install _build + liboqs_DIR=../liboqs cmake -DOPENSSL_ROOT_DIR=/opt/openssl3 -S . -B build && cmake --build build && cmake --install build Further configuration options are documented [here](CONFIGURE.md#build-install-options). ## Test -Standard `ctest` can be used to validate correct operation in build directory `_build`, e.g.: +Standard `ctest` can be used to validate correct operation in build directory `build`, e.g.: - cd _build && ctest --parallel 5 --rerun-failed --output-on-failure -V + cd build && ctest --parallel 5 --rerun-failed --output-on-failure -V ## Packaging ### Debian A build target to create UNIX .deb packaging is available via the standard -`package` target, e.g., executing `make package` in the `_build` subdirectory. +`package` target, e.g., executing `make package` in the `build` subdirectory. The resultant file can be installed as usual via `dpkg -i ...`. ### MacOS diff --git a/NOTES-Windows.md b/NOTES-Windows.md index 80eeffd5..50942d79 100644 --- a/NOTES-Windows.md +++ b/NOTES-Windows.md @@ -17,7 +17,7 @@ A complete scripted setup is available in the [CI tooling for oqs-provider](http ### liboqs -Instructions for building `liboqs` from source is available +Instructions for building `liboqs` from source is available [here](https://github.com/open-quantum-safe/liboqs#windows). ## Build tooling @@ -28,9 +28,9 @@ a C compiler are present, e.g., as in MS Visual Studio 2022. ## Build A standard `cmake` build sequence can be used (assuming prerequisites are installed) -to build in/install from directory `_build`: +to build in/install from directory `build`: - cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -GNinja -S . -B _build && cd _build && ninja && ninja install + cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -GNinja -S . -B build && cd build && ninja && ninja install The specific `CMAKE_C_FLAGS` silence some overly strict warning messages and the specific reference to the build type ensures a shared library with @@ -41,15 +41,15 @@ If `openssl` and/or `liboqs` have not been installed to system standard location use the `cmake` defines "-DOPENSSL_ROOT_DIR" and/or "-Dliboqs_DIR" to utilize those, e.g., like this: - cmake -DOPENSSL_ROOT_DIR=c:\opt\openssl3 -Dliboqs_DIR=c:\liboqs -S . -B _build && cmake --build _build && cmake --install _build + cmake -DOPENSSL_ROOT_DIR=c:\opt\openssl3 -Dliboqs_DIR=c:\liboqs -S . -B build && cmake --build build && cmake --install build Further configuration options are documented [here](CONFIGURE.md#build-install-options). ## Test -Standard `ctest` can be used to validate correct operation in build directory `_build`, e.g.: +Standard `ctest` can be used to validate correct operation in build directory `build`, e.g.: - ctest -V --test-dir _build + ctest -V --test-dir build ## Packaging diff --git a/README.md b/README.md index 23d07b70..c30af18b 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ key establishment in TLS1.3 including management of such keys via the OpenSSL (3.0) provider interface and hybrid KEM schemes. Also, QSC signatures including CMS and CMP functionality are available via the OpenSSL EVP interface. Key persistence is provided via the encode/decode -mechanism and X.509 data structures. Starting with OpenSSL 3.2 support for +mechanism and X.509 data structures. Starting with OpenSSL 3.2 support for TLS1.3 signature functionality is available and final glitches for CMS have been resolved. @@ -62,7 +62,7 @@ In addition, algorithms not denoted with "\*" above are not enabled for TLS operations. This designation [can be changed by modifying the "enabled" flags in the main algorithm configuration file](CONFIGURE.md#pre-build-configuration). -In order to support parallel use of classic and quantum-safe cryptography +In order to support parallel use of classic and quantum-safe cryptography this provider also provides different hybrid algorithms, combining classic and quantum-safe methods: These are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". @@ -80,7 +80,7 @@ respectively (tested on Linux Ubuntu and Mint as well as MacOS). By default, these scripts always build and test against the current OpenSSL `master` branch. -These scripts can be [configured by setting various variables](CONFIGURE.md#convenience-build-script-options). Please note that these scripts do _not_ install `oqsprovider`. This can be facilitated by running `cmake --install _build` (and following the [activation instructions](USAGE.md#activation). +These scripts can be [configured by setting various variables](CONFIGURE.md#convenience-build-script-options). Please note that these scripts do _not_ install `oqsprovider`. This can be facilitated by running `cmake --install build` (and following the [activation instructions](USAGE.md#activation). Building and testing -------------------- @@ -104,8 +104,8 @@ for details. ## Basic steps - cmake -S . -B _build && cmake --build _build && ctest --test-dir _build && cmake --install _build - + cmake -S . -B build && cmake --build build && ctest --test-dir build && cmake --install build + Using ----- diff --git a/scripts/common.py b/scripts/common.py index 88c609e5..b6c777c4 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -29,7 +29,7 @@ def all_pq_groups(): ag = "" for kex in key_exchanges: if len(ag)==0: - ag = kex + ag = kex else: ag = ag + ":" + kex return ag @@ -159,7 +159,7 @@ def gen_keys(ossl, ossl_config, sig_alg, test_artifacts_dir, filename_prefix): # also create pubkeys from certs for dgst verify tests: env = os.environ #env["OPENSSL_CONF"]=os.path.join("scripts", "openssl.cnf") - #env["OPENSSL_MODULES"]=os.path.join("_build", "lib") + #env["OPENSSL_MODULES"]=os.path.join("build", "lib") run_subprocess([ossl, 'req', '-in', os.path.join(test_artifacts_dir, '{}_{}_srv.csr'.format(filename_prefix, sig_alg)), '-pubkey', '-out', os.path.join(test_artifacts_dir, '{}_{}_srv.pubk'.format(filename_prefix, sig_alg)) ], diff --git a/scripts/fullbuild.sh b/scripts/fullbuild.sh index a411d901..de6551aa 100755 --- a/scripts/fullbuild.sh +++ b/scripts/fullbuild.sh @@ -21,10 +21,10 @@ fi if [ $# -gt 0 ]; then if [ "$1" == "-f" ]; then - rm -rf _build + rm -rf build fi if [ "$1" == "-F" ]; then - rm -rf _build openssl liboqs .local + rm -rf build openssl liboqs .local fi fi @@ -107,7 +107,7 @@ if [ -z $liboqs_DIR ]; then # STD: only include NIST standardized algorithms # NIST_R4: only include algorithms in round 4 of the NIST competition # All: include all algorithms supported by liboqs (default) - cd liboqs && cmake -GNinja $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B _build && cd _build && ninja && ninja install && cd ../.. + cd liboqs && cmake -GNinja $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B build && cd build && ninja && ninja install && cd ../.. if [ $? -ne 0 ]; then echo "liboqs build failed. Exiting." exit -1 @@ -117,16 +117,16 @@ if [ -z $liboqs_DIR ]; then fi # Check whether provider is built: -if [ ! -f "_build/lib/oqsprovider.$SHLIBEXT" ]; then - echo "oqsprovider (_build/lib/oqsprovider.$SHLIBEXT) not built: Building..." +if [ ! -f "build/lib/oqsprovider.$SHLIBEXT" ]; then + echo "oqsprovider (build/lib/oqsprovider.$SHLIBEXT) not built: Building..." # for full debug build add: -DCMAKE_BUILD_TYPE=Debug #BUILD_TYPE="-DCMAKE_BUILD_TYPE=Debug" BUILD_TYPE="" # for omitting public key in private keys add -DNOPUBKEY_IN_PRIVKEY=ON if [ -z "$OPENSSL_INSTALL" ]; then - cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build + cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B build && cmake --build build else - cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build + cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B build && cmake --build build fi if [ $? -ne 0 ]; then echo "provider build failed. Exiting." diff --git a/scripts/release-test.sh b/scripts/release-test.sh index df3a60b2..b8e2b812 100755 --- a/scripts/release-test.sh +++ b/scripts/release-test.sh @@ -24,11 +24,11 @@ if [ -d oqs-template ]; then # Activate all algorithms sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml python3 oqs-template/generate.py - rm -rf _build + rm -rf build ./scripts/fullbuild.sh ./scripts/runtests.sh if [ -f .local/bin/openssl ]; then - OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py + OPENSSL_MODULES=`pwd`/build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py else echo "For full TLS PQ SIG/KEM matrix test, build (latest) openssl locally." fi diff --git a/scripts/runtests.sh b/scripts/runtests.sh index 79762205..7ad61cd2 100755 --- a/scripts/runtests.sh +++ b/scripts/runtests.sh @@ -90,7 +90,7 @@ if [ -z "${OPENSSL_APP}" ]; then fi if [ -z "${OPENSSL_MODULES}" ]; then - export OPENSSL_MODULES="$(pwd)/_build/lib" + export OPENSSL_MODULES="$(pwd)/build/lib" fi if [ -z "${LD_LIBRARY_PATH}" ]; then @@ -188,7 +188,7 @@ ${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-externalinterop.sh # Without removing OPENSSL_CONF ctest hangs... ??? unset OPENSSL_CONF rv=0 -if ! ( cd _build && ctest $@ ); then +if ! ( cd build && ctest $@ ); then rv=1 fi From c648c7059d45eeca66de986a149afaed704fa9f5 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 12 Dec 2023 15:56:21 -0600 Subject: [PATCH 087/164] added composite OID scheme comment Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index a78a9843..cd8ca0fe 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -388,14 +388,14 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # OID scheme for composite variants: - # (2) - # (16) - # (840) - # (1) - # (114027) - # (80) - # (7) - # (1) + # joint-iso-itu-t (2) + # country (16) + # us (840) + # organization (1) + # entrust (114027) + # algorithm (80) + # composite (7) + # signature (1) # - # OID scheme for hybrid variants of Dilithium: # iso (1) From a80e109ac32d5318685d793cbaecb037a0a8299c Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Wed, 13 Dec 2023 15:28:15 -0600 Subject: [PATCH 088/164] bugfix changes Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 2 +- oqsprov/oqsprov.c | 6 +++++- oqsprov/oqsprov_keys.c | 6 ++++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 7192f60e..10119939 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -93,7 +93,7 @@ void oqsx_freeprovctx(PROV_OQS_CTX *ctx); #endif /* helper structure for classic key components in hybrid keys. - * Actual tables in oqsprov_keys.ce + * Actual tables in oqsprov_keys.c */ struct oqsx_evp_info_st { int keytype; diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 47f34c8a..30d09b60 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -973,7 +973,11 @@ int get_composite_idx(int idx) for (i = 0; i <= 7; i++) { // 7 dots in composite OID token = strtok_r(NULL, ".", &s); } - i = atoi(token); + if (token != NULL) { + i = atoi(token); + } else { + i = -1; + } OPENSSL_free(first_token); return i; } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 20fb3049..740702ef 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -419,10 +419,12 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(bp384params)); case NID_ED25519: params = ed25519params; - return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(ed25519params)); + return d2i_KeyParams(EVP_PKEY_ED25519, &eck, ¶ms, + sizeof(ed25519params)); case NID_ED448: params = ed448params; - return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(ed448params)); + return d2i_KeyParams(EVP_PKEY_ED448, &eck, ¶ms, + sizeof(ed448params)); default: return NULL; } From 493f613e62f978e5f3bb23699764e1fb117aab9a Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 19 Dec 2023 08:55:50 -0600 Subject: [PATCH 089/164] simplified the code and fix some memory leaks Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 7 +- oqsprov/oqs_kem.c | 15 +- oqsprov/oqs_prov.h | 5 +- oqsprov/oqs_sig.c | 51 +++---- oqsprov/oqsprov_keys.c | 274 ++++++++++++----------------------- 5 files changed, 133 insertions(+), 219 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index a54834eb..b060754d 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -729,8 +729,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } if (get_oqsname_fromtls(name) == 0) { - if (oqsxkey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype + if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { // get the RSA real key size unsigned char *enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); @@ -1541,8 +1540,8 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) sprintf(label, "%s key material:", name); if (get_oqsname_fromtls(name) == 0 // classical key - && okey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype + && okey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype == EVP_PKEY_RSA) { // get the RSA real key size unsigned char *enc_len = OPENSSL_strndup(okey->comp_privkey[i], 4); diff --git a/oqsprov/oqs_kem.c b/oqsprov/oqs_kem.c index ce68ef39..76780a16 100644 --- a/oqsprov/oqs_kem.c +++ b/oqsprov/oqs_kem.c @@ -109,7 +109,7 @@ static int oqs_qs_kem_encaps_keyslot(void *vpkemctx, unsigned char *out, size_t *secretlen, int keyslot) { const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; + const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; OQS_KEM_PRINTF("OQS KEM provider called: encaps\n"); if (pkemctx->kem == NULL) { @@ -133,7 +133,7 @@ static int oqs_qs_kem_decaps_keyslot(void *vpkemctx, unsigned char *out, size_t inlen, int keyslot) { const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; + const OQS_KEM *kem_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; OQS_KEM_PRINTF("OQS KEM provider called: decaps\n"); if (pkemctx->kem == NULL) { @@ -171,8 +171,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx - = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; size_t pubkey_kexlen = 0; size_t kexDeriveLen = 0, pkeylen = 0; @@ -250,8 +249,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret, int ret = OQS_SUCCESS, ret2 = 0; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx - = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; size_t pubkey_kexlen = evp_ctx->evp_info->length_public_key; size_t kexDeriveLen = evp_ctx->evp_info->kex_length_secret; @@ -353,9 +351,8 @@ static int oqs_hyb_kem_decaps(void *vpkemctx, unsigned char *secret, { int ret = OQS_SUCCESS; const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx; - const OQSX_EVP_CTX *evp_ctx - = pkemctx->kem->oqsx_provider_ctx[0].oqsx_evp_ctx; - const OQS_KEM *qs_ctx = pkemctx->kem->oqsx_provider_ctx[0].oqsx_qs_ctx.kem; + const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx; + const OQS_KEM *qs_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_qs_ctx.kem; size_t secretLen0 = 0, secretLen1 = 0; size_t ctLen0 = 0, ctLen1 = 0; diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 10119939..1bf1c02e 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -154,12 +154,11 @@ struct oqsx_key_st { #endif char *propq; OQSX_KEY_TYPE keytype; - OQSX_PROVIDER_CTX *oqsx_provider_ctx; + OQSX_PROVIDER_CTX oqsx_provider_ctx; #ifdef USE_ENCODING_LIB OQSX_ENCODING_CTX oqsx_encoding_ctx; #endif - EVP_PKEY **cmp_classical_pkey; - EVP_PKEY *classical_pkey; // for hybrid sigs + EVP_PKEY *classical_pkey; // for hybrid & composite sigs const OQSX_EVP_INFO *evp_info; size_t numkeys; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index b4785056..3f6ee8a6 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -263,16 +263,15 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; EVP_PKEY *oqs_key_classic = NULL; EVP_PKEY *cmp_key_classic = NULL; - EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, - // we're running hybrid + EVP_PKEY *evpkey = oqsxkey->classical_pkey; EVP_PKEY_CTX *classical_ctx_sign = NULL; OQS_SIG_PRINTF2("OQS SIG provider: sign called for %ld bytes\n", tbslen); - int is_hybrid = evpkey != NULL; + int is_hybrid = (oqsxkey->keytype == KEY_TYPE_HYB_SIG); int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); size_t max_sig_len = 0; size_t classical_sig_len = 0, oqs_sig_len = 0; @@ -474,8 +473,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (get_oqsname_fromtls(name)) { // PQC signing - oqs_sig_len = oqsxkey->oqsx_provider_ctx[i] - .oqsx_qs_ctx.sig->length_signature; + oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig + ->length_signature; buf = OPENSSL_malloc(oqs_sig_len); if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) @@ -486,17 +485,17 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } else { // sign non PQC key on oqs_key - oqs_key_classic = oqsxkey->cmp_classical_pkey[i]; - oqs_sig_len = oqsxkey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_signature; + oqs_key_classic = oqsxkey->classical_pkey; + oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->length_signature; buf = OPENSSL_malloc(oqs_sig_len); const EVP_MD *classical_md; - EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); int digest_len; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if (name[0] == 'e') { // ed25519 or ed448 + EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0) @@ -505,9 +504,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); + OPENSSL_free(evp_ctx); OPENSSL_free(buf); goto endsign; } + OPENSSL_free(evp_ctx); } else { if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) @@ -534,8 +535,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, OPENSSL_free(buf); goto endsign; } - } else if (oqsxkey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype + } else if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype == EVP_PKEY_RSA) { if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) @@ -595,9 +596,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } - if (oqs_sig_len - > oqsxkey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_signature) { + if (oqs_sig_len > oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx + ->evp_info->length_signature) { /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); OPENSSL_free(name); @@ -653,12 +653,11 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, { PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx; OQSX_KEY *oqsxkey = poqs_sigctx->sig; - OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx[0].oqsx_qs_ctx.sig; - EVP_PKEY *evpkey = oqsxkey->classical_pkey; // if this value is not NULL, - // we're running hybrid + OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig; + EVP_PKEY *evpkey = oqsxkey->classical_pkey; EVP_PKEY_CTX *classical_ctx_sign = NULL; EVP_PKEY_CTX *ctx_verify = NULL; - int is_hybrid = evpkey != NULL; + int is_hybrid = (oqsxkey->keytype == KEY_TYPE_HYB_SIG); int is_composite = (oqsxkey->keytype == KEY_TYPE_CMP_SIG); size_t classical_sig_len = 0, oqs_sig_len = 0; size_t index = 0; @@ -860,24 +859,26 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, const EVP_MD *classical_md; int digest_len; int aux; - EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if (name[0] == 'e') { // ed25519 or ed448 + EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, - oqsxkey->cmp_classical_pkey[i]) + oqsxkey->classical_pkey) <= 0) || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); + OPENSSL_free(evp_ctx); goto endverify; } + OPENSSL_free(evp_ctx); } else { - if (((ctx_verify = EVP_PKEY_CTX_new( - oqsxkey->cmp_classical_pkey[i], NULL)) + if (((ctx_verify + = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) == NULL) || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); @@ -897,8 +898,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); goto endverify; } - } else if (oqsxkey->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype + } else if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype == EVP_PKEY_RSA) { if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 740702ef..3b28743a 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -246,33 +246,6 @@ char *get_cmpname(int nid, int index) return name; } -// count the amount of keys in the structure -int get_qntcmp(int nid) -{ - int i; - int index = 1; - if ((i = get_oqsalg_idx(nid)) == -1) - return -1; - if (nid_names[i].keytype == KEY_TYPE_CMP_SIG) { - char *s = OPENSSL_strdup(nid_names[i].tlsname); - char *first_token = strtok_r(s, "_", &s); - char *token; - index = 0; - while (token != NULL) { - token = strtok_r(s, "_", &s); - index++; - } - OPENSSL_free(first_token); - } else { - if ((nid_names[i].keytype == KEY_TYPE_HYB_SIG) - || (nid_names[i].keytype == KEY_TYPE_ECP_HYB_KEM) - || (nid_names[i].keytype == KEY_TYPE_ECX_HYB_KEM)) { - index = 2; - } - } - return index; -} - int get_oqsalg_idx(int nid) { int i; @@ -393,8 +366,6 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22}; const unsigned char p521params[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; - const char ed25519params[] = {0x06, 0x03, 0x2b, 0x65, 0x70}; - const char ed448params[] = {0x06, 0x03, 0x2b, 0x65, 0x71}; const char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}; const char bp384params[] @@ -417,14 +388,6 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) case NID_brainpoolP384r1: params = bp384params; return d2i_KeyParams(EVP_PKEY_EC, &eck, ¶ms, sizeof(bp384params)); - case NID_ED25519: - params = ed25519params; - return d2i_KeyParams(EVP_PKEY_ED25519, &eck, ¶ms, - sizeof(ed25519params)); - case NID_ED448: - params = ed448params; - return d2i_KeyParams(EVP_PKEY_ED448, &eck, ¶ms, - sizeof(ed448params)); default: return NULL; } @@ -717,8 +680,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, if (get_oqsname_fromtls(name) == 0) { // classical key publen = 0; // no pubkey encoded with privkey on classical // keys. will recreate the pubkey later - if (key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype + if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype == EVP_PKEY_RSA) { // get the RSA real key size unsigned char *enc_len = OPENSSL_strndup( p + previous_privlen + previous_publen, 4); @@ -951,30 +913,29 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } - if (get_oqsname_fromtls(name) == 0) { - EVP_PKEY *npk = EVP_PKEY_new(); - if (key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype - != EVP_PKEY_RSA) { - npk = setECParams(npk, - key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->nid); - } + const unsigned char *enc_pubkey = key->comp_pubkey[i]; - const unsigned char *enc_pubkey = key->comp_pubkey[i]; - if (!key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->raw_key_support) { - key->cmp_classical_pkey[i] = d2i_PublicKey( - key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype, + if (get_oqsname_fromtls(name) == 0) { + if (!key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->raw_key_support) { + EVP_PKEY *npk = EVP_PKEY_new(); + if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype + != EVP_PKEY_RSA) { + npk = setECParams(npk, + key->oqsx_provider_ctx + .oqsx_evp_ctx->evp_info->nid); + } + key->classical_pkey = d2i_PublicKey( + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype, &npk, &enc_pubkey, key->pubkeylen_cmp[i]); } else - key->cmp_classical_pkey[i] - = EVP_PKEY_new_raw_public_key( - key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype, - NULL, enc_pubkey, key->pubkeylen_cmp[i]); - if (!key->cmp_classical_pkey[i]) { + key->classical_pkey = EVP_PKEY_new_raw_public_key( + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype, + NULL, enc_pubkey, key->pubkeylen_cmp[i]); + if (!key->classical_pkey) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; @@ -996,31 +957,30 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } if (get_oqsname_fromtls(name) == 0) { const unsigned char *enc_privkey = key->comp_privkey[i]; - if (!key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->raw_key_support) - key->cmp_classical_pkey[i] = d2i_PrivateKey( - key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype, + if (!key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->raw_key_support) + key->classical_pkey = d2i_PrivateKey( + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); else - key->cmp_classical_pkey[i] - = EVP_PKEY_new_raw_private_key( - key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->keytype, - NULL, enc_privkey, key->privkeylen_cmp[i]); - if (!key->cmp_classical_pkey[i]) { + key->classical_pkey = EVP_PKEY_new_raw_private_key( + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype, + NULL, enc_privkey, key->privkeylen_cmp[i]); + if (!key->classical_pkey) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; } - if (!key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->raw_key_support) { + if (!key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->raw_key_support) { unsigned char *comp_pubkey = key->comp_pubkey[i]; - int pubkeylen = i2d_PublicKey( - key->cmp_classical_pkey[i], &comp_pubkey); + int pubkeylen + = i2d_PublicKey(key->classical_pkey, &comp_pubkey); if (pubkeylen - != key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_public_key) { + != key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->length_public_key) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); goto rec_err; @@ -1028,7 +988,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) } else { size_t pubkeylen = key->pubkeylen_cmp[i]; int ret = EVP_PKEY_get_raw_public_key( - key->cmp_classical_pkey[i], key->comp_pubkey[i], + key->classical_pkey, key->comp_pubkey[i], &pubkeylen); if (ret <= 0) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -1212,10 +1172,9 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); - ret->oqsx_provider_ctx[0].oqsx_evp_ctx = NULL; - ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { + ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { fprintf( stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?\n", @@ -1243,19 +1202,18 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, } #endif ret->privkeylen - = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_secret_key; + = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; ret->pubkeylen - = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key; + = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; ret->keytype = KEY_TYPE_SIG; break; case KEY_TYPE_KEM: ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); - ret->oqsx_provider_ctx[0].oqsx_evp_ctx = NULL; - ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); - if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { + ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { fprintf( stderr, "Could not create OQS KEM algorithm %s. Enabled in liboqs?\n", @@ -1263,16 +1221,15 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } ret->privkeylen - = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_secret_key; + = ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key; ret->pubkeylen - = ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key; + = ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key; ret->keytype = KEY_TYPE_KEM; break; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); - ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); - if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem) { + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { fprintf( stderr, "Could not create OQS KEM algorithm %s. Enabled in liboqs?\n", @@ -1291,20 +1248,19 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_secret_key + + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key + evp_ctx->evp_info->length_private_key; ret->pubkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key + + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key + evp_ctx->evp_info->length_public_key; - ret->oqsx_provider_ctx[0].oqsx_evp_ctx = evp_ctx; + ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; ret->evp_info = evp_ctx->evp_info; break; case KEY_TYPE_HYB_SIG: - ret->oqsx_provider_ctx = OPENSSL_malloc(sizeof(OQSX_PROVIDER_CTX)); - ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); - if (!ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig) { + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { fprintf( stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?\n", @@ -1322,29 +1278,24 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_secret_key + + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key + evp_ctx->evp_info->length_private_key; ret->pubkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 - + ret->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key + + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key + evp_ctx->evp_info->length_public_key; - ret->oqsx_provider_ctx[0].oqsx_evp_ctx = evp_ctx; + ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; ret->evp_info = evp_ctx->evp_info; - - ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); break; case KEY_TYPE_CMP_SIG: - ret->numkeys = get_qntcmp(OBJ_sn2nid(tls_name)); + ret->numkeys = 2; ret->privkeylen = 0; ret->pubkeylen = 0; - ret->oqsx_provider_ctx - = OPENSSL_malloc(ret->numkeys * sizeof(OQSX_PROVIDER_CTX)); ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->cmp_classical_pkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); for (i = 0; i < ret->numkeys; i++) { char *name; @@ -1354,9 +1305,9 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } if (get_oqsname_fromtls(name) != 0) { - ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(get_oqsname_fromtls(name)); - if (!ret->oqsx_provider_ctx[i].oqsx_qs_ctx.sig) { + if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { fprintf( stderr, "Could not create OQS signature algorithm %s. Enabled in liboqs?A\n", @@ -1364,23 +1315,20 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, goto err; } ret->privkeylen_cmp[i] - = ret->oqsx_provider_ctx[i] - .oqsx_qs_ctx.sig->length_secret_key; - ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx[i] - .oqsx_qs_ctx.sig->length_public_key; + = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key; + ret->pubkeylen_cmp[i] + = ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; } else { evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); ret2 = oqsx_hybsig_init(bit_security, evp_ctx, name); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); - ret->oqsx_provider_ctx[i].oqsx_evp_ctx = evp_ctx; - ret->privkeylen_cmp[i] - = ret->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_private_key; - ret->pubkeylen_cmp[i] - = ret->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_public_key; + ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; + ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx.oqsx_evp_ctx + ->evp_info->length_private_key; + ret->pubkeylen_cmp[i] = ret->oqsx_provider_ctx.oqsx_evp_ctx + ->evp_info->length_public_key; } ret->privkeylen += ret->privkeylen_cmp[i]; ret->pubkeylen += ret->pubkeylen_cmp[i]; @@ -1446,30 +1394,16 @@ void oqsx_key_free(OQSX_KEY *key) OPENSSL_free(key->comp_pubkey); OPENSSL_free(key->comp_privkey); if (key->keytype == KEY_TYPE_KEM) - OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); + OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { - OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); - } else if (key->keytype == KEY_TYPE_CMP_SIG) { - int i; - for (i = 0; i < key->numkeys; i++) { - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - if (get_oqsname_fromtls(name)) - OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); - else { - EVP_PKEY_free(key->classical_pkey); - EVP_PKEY_CTX_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); - } - OPENSSL_free(name); - } + OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); } else { - OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); - if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); + OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); + if (key->oqsx_provider_ctx.oqsx_evp_ctx) { + EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); } } OPENSSL_free(key->tls_name); @@ -1477,9 +1411,7 @@ void oqsx_key_free(OQSX_KEY *key) #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif - OPENSSL_free(key->oqsx_provider_ctx); OPENSSL_free(key->classical_pkey); - OPENSSL_free(key->cmp_classical_pkey); OPENSSL_free(key); } @@ -1579,11 +1511,11 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { if (gen_kem) - return OQS_KEM_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem, + return OQS_KEM_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.kem, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1]); else { - return OQS_SIG_keypair(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig, + return OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->comp_pubkey[key->numkeys - 1], key->comp_privkey[key->numkeys - 1]); } @@ -1704,7 +1636,7 @@ int oqsx_key_gen(OQSX_KEY *key) } else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM || key->keytype == KEY_TYPE_HYB_SIG) { - pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx[0].oqsx_evp_ctx, + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey == NULL, err); ret = !oqsx_key_set_composites(key); @@ -1724,14 +1656,14 @@ int oqsx_key_gen(OQSX_KEY *key) ON_ERR_GOTO(ret, err); } if (get_oqsname_fromtls(name) == 0) { - pkey = oqsx_key_gen_evp_key( - key->oqsx_provider_ctx[i].oqsx_evp_ctx, key->comp_pubkey[i], - key->comp_privkey[i], 0); + pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, + key->comp_pubkey[i], + key->comp_privkey[i], 0); OPENSSL_free(name); ON_ERR_GOTO(pkey == NULL, err); - key->cmp_classical_pkey[i] = pkey; + key->classical_pkey = pkey; } else { - ret = OQS_SIG_keypair(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig, + ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); OPENSSL_free(name); @@ -1763,36 +1695,22 @@ int oqsx_key_maxsize(OQSX_KEY *key) { switch (key->keytype) { case KEY_TYPE_KEM: - return key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_shared_secret; + return key->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_ECP_HYB_KEM: case KEY_TYPE_ECX_HYB_KEM: - return key->oqsx_provider_ctx[0] - .oqsx_evp_ctx->evp_info->kex_length_secret - + key->oqsx_provider_ctx[0] - .oqsx_qs_ctx.kem->length_shared_secret; + return key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->kex_length_secret + + key->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_shared_secret; case KEY_TYPE_SIG: - return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature; + return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; case KEY_TYPE_HYB_SIG: - return key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_signature - + key->oqsx_provider_ctx[0] - .oqsx_evp_ctx->evp_info->length_signature + return key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature + + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + SIZE_OF_UINT32; - case KEY_TYPE_CMP_SIG: { - int aux = sizeof(CompositeSignature); - int i; - for (i = 0; i < key->numkeys; i++) { - char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); - if (get_oqsname_fromtls(name) == 0) - aux += key->oqsx_provider_ctx[i] - .oqsx_evp_ctx->evp_info->length_signature; - else - aux += key->oqsx_provider_ctx[i] - .oqsx_qs_ctx.sig->length_signature; - OPENSSL_free(name); - } + case KEY_TYPE_CMP_SIG: + return sizeof(CompositeSignature) + + key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature + + key->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_signature; - return aux; - } default: OQS_KEY_PRINTF("OQSX KEY: Wrong key type\n"); return 0; @@ -1806,10 +1724,10 @@ int oqsx_key_get_oqs_public_key_len(OQSX_KEY *k) case KEY_TYPE_KEM: return k->pubkeylen; case KEY_TYPE_HYB_SIG: - return k->oqsx_provider_ctx[0].oqsx_qs_ctx.sig->length_public_key; + return k->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_public_key; case KEY_TYPE_ECX_HYB_KEM: case KEY_TYPE_ECP_HYB_KEM: - return k->oqsx_provider_ctx[0].oqsx_qs_ctx.kem->length_public_key; + return k->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_public_key; default: OQS_KEY_PRINTF2("OQSX_KEY: Unknown key type encountered: %d\n", k->keytype); From f25d4ec0d39a807a965649bc43203b7a5c076540 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 19 Dec 2023 12:27:12 -0600 Subject: [PATCH 090/164] adaptations to draft v11 Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 34 ++--- oqsprov/oqs_sig.c | 273 +++++++++++++++----------------------- 2 files changed, 122 insertions(+), 185 deletions(-) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index cd8ca0fe..78782bdb 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -394,7 +394,7 @@ sigs: # organization (1) # entrust (114027) # algorithm (80) - # composite (7) + # composite (8) # signature (1) # - # OID scheme for hybrid variants of Dilithium: @@ -435,23 +435,23 @@ sigs: composite: [{'name': 'pss2048', 'pretty_name': 'RSA PSS 2048', 'security': '112', - 'oid': '2.16.840.1.114027.80.7.1.1'}, + 'oid': '2.16.840.1.114027.80.8.1.1'}, {'name': 'rsa2048', 'pretty_name': 'RSA2028', 'security': '112', - 'oid': '2.16.840.1.114027.80.7.1.2'}, + 'oid': '2.16.840.1.114027.80.8.1.2'}, {'name': 'ed25519', 'pretty_name': 'ED25519', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.3'}, + 'oid': '2.16.840.1.114027.80.8.1.3'}, {'name': 'p256', 'pretty_name': 'ECDSA p256', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.4'}, + 'oid': '2.16.840.1.114027.80.8.1.4'}, {'name': 'bp256', 'pretty_name': 'ECDSA brainpoolP256r1', 'security': '256', - 'oid': '2.16.840.1.114027.80.7.1.5'}] + 'oid': '2.16.840.1.114027.80.8.1.5'}] - name: 'dilithium3' pretty_name: 'Dilithium3' @@ -467,23 +467,23 @@ sigs: composite: [{'name': 'pss3072', 'pretty_name': 'RSA PSS 3072', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.6'}, + 'oid': '2.16.840.1.114027.80.8.1.6'}, {'name': 'rsa3072', 'pretty_name': 'RSA 3072', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.7'}, + 'oid': '2.16.840.1.114027.80.8.1.7'}, {'name': 'p256', 'pretty_name': 'ECDSA p256', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.8'}, + 'oid': '2.16.840.1.114027.80.8.1.8'}, {'name': 'bp256', 'pretty_name': 'ECDSA brainpoolP256r1', 'security': '256', - 'oid': '2.16.840.1.114027.80.7.1.9'}, + 'oid': '2.16.840.1.114027.80.8.1.9'}, {'name': 'ed25519', 'pretty_name': 'ED25519', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.10'}] + 'oid': '2.16.840.1.114027.80.8.1.10'}] - name: 'dilithium5' pretty_name: 'Dilithium5' @@ -499,15 +499,15 @@ sigs: composite: [{'name': 'p384', 'pretty_name': 'ECDSA p384', 'security': '192', - 'oid': '2.16.840.1.114027.80.7.1.11'}, + 'oid': '2.16.840.1.114027.80.8.1.11'}, {'name': 'bp384', 'pretty_name': 'ECDSA brainpoolP384r1', 'security': '384', - 'oid': '2.16.840.1.114027.80.7.1.12'}, + 'oid': '2.16.840.1.114027.80.8.1.12'}, {'name': 'ed448', 'pretty_name': 'ED448', 'security': '192', - 'oid': '2.16.840.1.114027.80.7.1.13'}] + 'oid': '2.16.840.1.114027.80.8.1.13'}] - name: 'dilithium2_aes' pretty_name: 'Dilithium2_AES' @@ -583,15 +583,15 @@ sigs: composite: [{'name': 'p256', 'pretty_name': 'ECDSA p256', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.14'}, + 'oid': '2.16.840.1.114027.80.8.1.14'}, {'name': 'bp256', 'pretty_name': 'ECDSA brainpoolP256r1', 'security': '256', - 'oid': '2.16.840.1.114027.80.7.1.15'}, + 'oid': '2.16.840.1.114027.80.8.1.15'}, {'name': 'ed25519', 'pretty_name': 'ED25519', 'security': '128', - 'oid': '2.16.840.1.114027.80.7.1.16'}] + 'oid': '2.16.840.1.114027.80.8.1.16'}] extra_nids: old: - implementation_version: NIST Round 3 submission diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 3f6ee8a6..17117459 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -25,8 +25,9 @@ #include // TBD: Review what we really need/want: For now go with OSSL settings: -#define OSSL_MAX_NAME_SIZE 50 -#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +#define OSSL_MAX_NAME_SIZE 50 +#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +#define COMPOSITE_OID_PREFIRX_LEN 26 #ifdef NDEBUG # define OQS_SIG_PRINTF(a) @@ -213,47 +214,43 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } -// this next two list need to be in order of the last number on the OID from the +// this list need to be in order of the last number on the OID from the // composite static const char *composite_OID_prefix[] = { - "69642D4D4C44534134342D525341323034382D5053532D534841323536", // dilithium2_pss2048 - "69642D4D4C44534134342D525341323034382D504B435331352D534841323536", // dilithium2_rsa2048 - "69642D4D4C44534134342D456432353531392D534841353132", // dilithium2_ed25519 - "69642D4D4C44534134342D45434453412D503235362D534841323536", // dilithium2_p256 - "69642D4D4C44534134342D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium2_bp256 - "69642D4D4C44534136352D525341333037322D5053532D534841323536", // dilithium3_pss3072 - "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", // dilithium3_rsa3072 - "69642D4D4C44534136352D45434453412D503235362D534841323536", // dilithium3_p256 - "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", // dilithium3_bp256 - "69642D4D4C44534136352D456432353531392D534841353132", // dilithium3_ed25519 - "69642D4D4C44534138372D45434453412D503338342D534841333834", // dilithium5_p384 - "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", // dilithium5_bp384 - "69642D4D4C44534138372D45643434382D5348414B45323536", // dilithium5_ed448 - "69642D46616C6F6E3531322D45434453412D503235362D534841323536", // falcon512_p256 - "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", // falcon512_bp256 - "69642D46616C636F6E3531322D456432353531392D534841353132", // falcon512_ed25519 + "060B6086480186FA6B50080101", // dilithium2_pss2048 + // id-MLDSA44-RSA2048-PSS-SHA256 + "060B6086480186FA6B50080102", // dilithium2_rsa2048 + // id-MLDSA44-RSA2048-PKCS15-SHA256 + "060B6086480186FA6B50080103", // dilithium2_ed25519 + // id-MLDSA44-Ed25519-SHA512 + "060B6086480186FA6B50080104", // dilithium2_p256 + // id-MLDSA44-ECDSA-P256-SHA256 + "060B6086480186FA6B50080105", // dilithium2_bp256 + // id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 + "060B6086480186FA6B50080106", // dilithium3_pss3072 + // id-MLDSA65-RSA3072-PSS-SHA512 + "060B6086480186FA6B50080107", // dilithium3_rsa3072 + // id-MLDSA65-RSA3072-PKCS15-SHA512 + "060B6086480186FA6B50080108", // dilithium3_p256 + // id-MLDSA65-ECDSA-P256-SHA512 + "060B6086480186FA6B50080109", // dilithium3_bp256 + // id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 + "060B6086480186FA6B5008010A", // dilithium3_ed25519 + // id-MLDSA65-Ed25519-SHA512 + "060B6086480186FA6B5008010B", // dilithium5_p384 + // id-MLDSA87-ECDSA-P384-SHA512 + "060B6086480186FA6B5008010C", // dilithium5_bp384 + // id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 + "060B6086480186FA6B5008010D", // dilithium5_ed448 id-MLDSA87-Ed448-SHA512 + "060B6086480186FA6B5008010E", // falcon512_p256 + // id-Falon512-ECDSA-P256-SHA256 + "060B6086480186FA6B5008010F", // falcon512_bp256 + // id-Falcon512-ECDSA-brainpoolP256r1-SHA256 + "060B6086480186FA6B50080110", // falcon512_ed25519 + // id-Falcon512-Ed25519-SHA512 }; -static const size_t composite_OID_prefix_len[] = { - 58, // dilithium2_pss2048 - 64, // dilithium2_rsa2048 - 50, // dilithium2_ed25519 - 56, // dilithium2_p256 - 78, // dilithium2_bp256 - 58, // dilithium3_pss3072 - 64, // dilithium3_rsa3072 - 56, // dilithium3_p256 - 78, // dilithium3_bp256 - 50, // dilithium3_ed25519 - 56, // dilithium5_p384 - 78, // dilithium5_bp384 - 50, // dilithium5_ed448 - 58, // falcon512_p256 - 82, // falcon512_bp256 - 54, // falcon512_ed25519 -}; - /* On entry to this function, data to be signed (tbs) might have been hashed * already: this would be the case if poqs_sigctx->mdctx != NULL; if that is * NULL, we have to hash in case of hybrid signatures @@ -386,84 +383,54 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, int nid = OBJ_sn2nid(oqsxkey->tls_name); const char *oid_prefix = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; - const size_t oid_prefix_len - = composite_OID_prefix_len[get_composite_idx(get_oqsalg_idx(nid)) - - 1]; char *final_tbs; - size_t final_tbslen = oid_prefix_len; + size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN; + int aux = 0; + unsigned char *tbs_hash; // prepare the pre hash for (i = 0; i < oqsxkey->numkeys; i++) { char *name; + char *upcase_name; if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); goto endsign; } - unsigned char *tbs_hash; - if (!get_oqsname_fromtls(name)) { - if (name[0] == 'e') { // ed25519 or ed448 - if (name[2] == '2') { // ed25519 - tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); - SHA512(tbs, tbslen, tbs_hash); - final_tbslen += SHA512_DIGEST_LENGTH; - } else { // ed4448 - EVP_MD_CTX *shake = EVP_MD_CTX_new(); - unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; - tbs_hash = OPENSSL_malloc(tbs_hash_len); - - if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) - <= 0) - || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) - || (EVP_DigestFinalXOF(shake, tbs_hash, - tbs_hash_len) - <= 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - final_tbslen += tbs_hash_len; - EVP_MD_CTX_free(shake); - } - } else if ((name[0] == 'p') || (name[0] == 'b') - || (name[0] == 'r')) { // p256 or p384 or bp256 or - // bp384 or pss or rsa3072 - int aux; - if (name[0] == 'b') - aux = 2; - else - aux = 1; - switch (name[aux]) { - case 's': // pss or rsa - case '2': // p256 or bp256 - tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); - SHA256(tbs, tbslen, tbs_hash); - final_tbslen += SHA256_DIGEST_LENGTH; - break; - case '3': // p384 or bp384 - tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); - SHA384(tbs, tbslen, tbs_hash); - final_tbslen += SHA384_DIGEST_LENGTH; - break; - default: - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - } else { - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - goto endsign; - } - final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, oid_prefix_len); - memcpy(final_tbs + oid_prefix_len, tbs_hash, - final_tbslen - oid_prefix_len); - OPENSSL_free(tbs_hash); + upcase_name = get_oqsname_fromtls(name); + + if ((upcase_name != 0) + && ((!strcmp(upcase_name, OQS_SIG_alg_dilithium_3)) + || (!strcmp(upcase_name, OQS_SIG_alg_dilithium_5))) + || (name[0] == 'e')) { + aux = 1; + OPENSSL_free(name); + break; } OPENSSL_free(name); } + switch (aux) { + case 0: + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case 1: + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); + memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, + final_tbslen - COMPOSITE_OID_PREFIRX_LEN); + OPENSSL_free(tbs_hash); + // sign for (i = 0; i < oqsxkey->numkeys; i++) { char *name; if ((name = get_cmpname(nid, i)) == NULL) { @@ -748,89 +715,59 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t buf_len; const char *oid_prefix = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; - const size_t oid_prefix_len - = composite_OID_prefix_len[get_composite_idx(get_oqsalg_idx(nid)) - - 1]; char *final_tbs; - size_t final_tbslen = oid_prefix_len; + size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN; + int aux = 0; + unsigned char *tbs_hash; if ((compsig = d2i_CompositeSignature(NULL, &sig, siglen)) == NULL) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - // prepare the pre-hash + // prepare the pre hash for (i = 0; i < oqsxkey->numkeys; i++) { char *name; + char *upcase_name; if ((name = get_cmpname(nid, i)) == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } - unsigned char *tbs_hash; - if (!get_oqsname_fromtls(name)) { - if (name[0] == 'e') { // ed25519 or ed448 - if (name[2] == '2') { // ed25519 - tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); - SHA512(tbs, tbslen, tbs_hash); - final_tbslen += SHA512_DIGEST_LENGTH; - } else { // ed4448 - EVP_MD_CTX *shake = EVP_MD_CTX_new(); - unsigned int tbs_hash_len = EVP_MAX_MD_SIZE; - tbs_hash = OPENSSL_malloc(tbs_hash_len); - - if ((EVP_DigestInit_ex(shake, EVP_shake256(), NULL) - <= 0) - || (EVP_DigestUpdate(shake, tbs, tbslen) <= 0) - || (EVP_DigestFinalXOF(shake, tbs_hash, - tbs_hash_len) - <= 0)) { - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - goto endverify; - } - final_tbslen += tbs_hash_len; - EVP_MD_CTX_free(shake); - } - } else if ((name[0] == 'p') || (name[0] == 'b') - || (name[0] == 'r')) { // p256 or p384 or bp256 or - // bp384 or pss or rsa3072 - int aux; - if (name[0] == 'b') - aux = 2; - else - aux = 1; - switch (name[aux]) { - case 's': // pss or rsa - case '2': // p256 or bp256 - tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); - SHA256(tbs, tbslen, tbs_hash); - final_tbslen += SHA256_DIGEST_LENGTH; - break; - case '3': // p384 or bp384 - tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); - SHA384(tbs, tbslen, tbs_hash); - final_tbslen += SHA384_DIGEST_LENGTH; - break; - default: - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; - } - } else { - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - goto endverify; - } - final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, oid_prefix_len); - memcpy(final_tbs + oid_prefix_len, tbs_hash, - final_tbslen - oid_prefix_len); - OPENSSL_free(tbs_hash); + upcase_name = get_oqsname_fromtls(name); + + if ((upcase_name != 0) + && ((!strcmp(upcase_name, OQS_SIG_alg_dilithium_3)) + || (!strcmp(upcase_name, OQS_SIG_alg_dilithium_5))) + || (name[0] == 'e')) { + aux = 1; + OPENSSL_free(name); + break; } OPENSSL_free(name); } + switch (aux) { + case 0: + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case 1: + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endverify; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); + memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, + final_tbslen - COMPOSITE_OID_PREFIRX_LEN); + OPENSSL_free(tbs_hash); + // verify for (i = 0; i < oqsxkey->numkeys; i++) { if (i == 0) { buf = compsig->sig1->data; From 20af97893077c87006d98b101da433240470e6de Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 19 Dec 2023 13:22:40 -0600 Subject: [PATCH 091/164] updated internal OIDs to v11 Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 167 +-- oqsprov/oqs_encode_key2any.c | 539 +++++---- oqsprov/oqs_kmgmt.c | 296 ++--- oqsprov/oqs_prov.h | 1965 ++++++++++---------------------- oqsprov/oqsdecoders.inc | 444 +++----- oqsprov/oqsencoders.inc | 1555 ++++++++++--------------- oqsprov/oqsprov.c | 798 +++++-------- oqsprov/oqsprov_capabilities.c | 494 +++----- oqsprov/oqsprov_keys.c | 193 ++-- 9 files changed, 2289 insertions(+), 4162 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 180dc7f4..f9361950 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -539,69 +539,52 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_START #ifdef OQS_KEM_ENCODERS + MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, - PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "kyber512", kyber512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber512", kyber512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "kyber768", kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber768", kyber768, oqsx, SubjectPublicKeyInfo); @@ -610,16 +593,14 @@ MAKE_DECODER(_ecp, "p384_kyber768", p384_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "kyber1024", kyber1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber1024", kyber1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); @@ -660,45 +641,37 @@ MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, SubjectPublicKeyInfo); #endif /* OQS_KEM_ENCODERS */ + MAKE_DECODER(, "dilithium2", dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium2", dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); @@ -706,71 +679,45 @@ MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, - oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, - oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, - oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index b060754d..bd648cc9 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -814,266 +814,266 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) // OQS provider uses NIDs generated at load time as EVP_type identifiers // so initially this must be 0 and set to a real value by OBJ_sn2nid later ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_START -#define frodo640aes_evp_type 0 -#define frodo640aes_input_type "frodo640aes" -#define frodo640aes_pem_type "frodo640aes" - -#define p256_frodo640aes_evp_type 0 -#define p256_frodo640aes_input_type "p256_frodo640aes" -#define p256_frodo640aes_pem_type "p256_frodo640aes" -#define x25519_frodo640aes_evp_type 0 -#define x25519_frodo640aes_input_type "x25519_frodo640aes" -#define x25519_frodo640aes_pem_type "x25519_frodo640aes" -#define frodo640shake_evp_type 0 -#define frodo640shake_input_type "frodo640shake" -#define frodo640shake_pem_type "frodo640shake" - -#define p256_frodo640shake_evp_type 0 -#define p256_frodo640shake_input_type "p256_frodo640shake" -#define p256_frodo640shake_pem_type "p256_frodo640shake" -#define x25519_frodo640shake_evp_type 0 -#define x25519_frodo640shake_input_type "x25519_frodo640shake" -#define x25519_frodo640shake_pem_type "x25519_frodo640shake" -#define frodo976aes_evp_type 0 -#define frodo976aes_input_type "frodo976aes" -#define frodo976aes_pem_type "frodo976aes" - -#define p384_frodo976aes_evp_type 0 -#define p384_frodo976aes_input_type "p384_frodo976aes" -#define p384_frodo976aes_pem_type "p384_frodo976aes" -#define x448_frodo976aes_evp_type 0 -#define x448_frodo976aes_input_type "x448_frodo976aes" -#define x448_frodo976aes_pem_type "x448_frodo976aes" -#define frodo976shake_evp_type 0 -#define frodo976shake_input_type "frodo976shake" -#define frodo976shake_pem_type "frodo976shake" - -#define p384_frodo976shake_evp_type 0 -#define p384_frodo976shake_input_type "p384_frodo976shake" -#define p384_frodo976shake_pem_type "p384_frodo976shake" -#define x448_frodo976shake_evp_type 0 -#define x448_frodo976shake_input_type "x448_frodo976shake" -#define x448_frodo976shake_pem_type "x448_frodo976shake" -#define frodo1344aes_evp_type 0 -#define frodo1344aes_input_type "frodo1344aes" -#define frodo1344aes_pem_type "frodo1344aes" - -#define p521_frodo1344aes_evp_type 0 -#define p521_frodo1344aes_input_type "p521_frodo1344aes" -#define p521_frodo1344aes_pem_type "p521_frodo1344aes" -#define frodo1344shake_evp_type 0 -#define frodo1344shake_input_type "frodo1344shake" -#define frodo1344shake_pem_type "frodo1344shake" - -#define p521_frodo1344shake_evp_type 0 -#define p521_frodo1344shake_input_type "p521_frodo1344shake" -#define p521_frodo1344shake_pem_type "p521_frodo1344shake" -#define kyber512_evp_type 0 -#define kyber512_input_type "kyber512" -#define kyber512_pem_type "kyber512" - -#define p256_kyber512_evp_type 0 -#define p256_kyber512_input_type "p256_kyber512" -#define p256_kyber512_pem_type "p256_kyber512" -#define x25519_kyber512_evp_type 0 -#define x25519_kyber512_input_type "x25519_kyber512" -#define x25519_kyber512_pem_type "x25519_kyber512" -#define kyber768_evp_type 0 -#define kyber768_input_type "kyber768" -#define kyber768_pem_type "kyber768" - -#define p384_kyber768_evp_type 0 -#define p384_kyber768_input_type "p384_kyber768" -#define p384_kyber768_pem_type "p384_kyber768" -#define x448_kyber768_evp_type 0 -#define x448_kyber768_input_type "x448_kyber768" -#define x448_kyber768_pem_type "x448_kyber768" -#define x25519_kyber768_evp_type 0 -#define x25519_kyber768_input_type "x25519_kyber768" -#define x25519_kyber768_pem_type "x25519_kyber768" -#define p256_kyber768_evp_type 0 -#define p256_kyber768_input_type "p256_kyber768" -#define p256_kyber768_pem_type "p256_kyber768" -#define kyber1024_evp_type 0 -#define kyber1024_input_type "kyber1024" -#define kyber1024_pem_type "kyber1024" - -#define p521_kyber1024_evp_type 0 -#define p521_kyber1024_input_type "p521_kyber1024" -#define p521_kyber1024_pem_type "p521_kyber1024" -#define bikel1_evp_type 0 -#define bikel1_input_type "bikel1" -#define bikel1_pem_type "bikel1" - -#define p256_bikel1_evp_type 0 -#define p256_bikel1_input_type "p256_bikel1" -#define p256_bikel1_pem_type "p256_bikel1" -#define x25519_bikel1_evp_type 0 -#define x25519_bikel1_input_type "x25519_bikel1" -#define x25519_bikel1_pem_type "x25519_bikel1" -#define bikel3_evp_type 0 -#define bikel3_input_type "bikel3" -#define bikel3_pem_type "bikel3" - -#define p384_bikel3_evp_type 0 -#define p384_bikel3_input_type "p384_bikel3" -#define p384_bikel3_pem_type "p384_bikel3" -#define x448_bikel3_evp_type 0 -#define x448_bikel3_input_type "x448_bikel3" -#define x448_bikel3_pem_type "x448_bikel3" -#define bikel5_evp_type 0 -#define bikel5_input_type "bikel5" -#define bikel5_pem_type "bikel5" - -#define p521_bikel5_evp_type 0 -#define p521_bikel5_input_type "p521_bikel5" -#define p521_bikel5_pem_type "p521_bikel5" -#define hqc128_evp_type 0 -#define hqc128_input_type "hqc128" -#define hqc128_pem_type "hqc128" - -#define p256_hqc128_evp_type 0 -#define p256_hqc128_input_type "p256_hqc128" -#define p256_hqc128_pem_type "p256_hqc128" -#define x25519_hqc128_evp_type 0 -#define x25519_hqc128_input_type "x25519_hqc128" -#define x25519_hqc128_pem_type "x25519_hqc128" -#define hqc192_evp_type 0 -#define hqc192_input_type "hqc192" -#define hqc192_pem_type "hqc192" - -#define p384_hqc192_evp_type 0 -#define p384_hqc192_input_type "p384_hqc192" -#define p384_hqc192_pem_type "p384_hqc192" -#define x448_hqc192_evp_type 0 -#define x448_hqc192_input_type "x448_hqc192" -#define x448_hqc192_pem_type "x448_hqc192" -#define hqc256_evp_type 0 -#define hqc256_input_type "hqc256" -#define hqc256_pem_type "hqc256" - -#define p521_hqc256_evp_type 0 -#define p521_hqc256_input_type "p521_hqc256" -#define p521_hqc256_pem_type "p521_hqc256" - -#define dilithium2_evp_type 0 -#define dilithium2_input_type "dilithium2" -#define dilithium2_pem_type "dilithium2" -#define p256_dilithium2_evp_type 0 -#define p256_dilithium2_input_type "p256_dilithium2" -#define p256_dilithium2_pem_type "p256_dilithium2" -#define rsa3072_dilithium2_evp_type 0 -#define rsa3072_dilithium2_input_type "rsa3072_dilithium2" -#define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" -#define dilithium2_pss2048_evp_type 0 -#define dilithium2_pss2048_input_type "dilithium2_pss2048" -#define dilithium2_pss2048_pem_type "dilithium2_pss2048" -#define dilithium2_rsa2048_evp_type 0 -#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" -#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" -#define dilithium2_ed25519_evp_type 0 -#define dilithium2_ed25519_input_type "dilithium2_ed25519" -#define dilithium2_ed25519_pem_type "dilithium2_ed25519" -#define dilithium2_p256_evp_type 0 -#define dilithium2_p256_input_type "dilithium2_p256" -#define dilithium2_p256_pem_type "dilithium2_p256" -#define dilithium2_bp256_evp_type 0 -#define dilithium2_bp256_input_type "dilithium2_bp256" -#define dilithium2_bp256_pem_type "dilithium2_bp256" -#define dilithium3_evp_type 0 -#define dilithium3_input_type "dilithium3" -#define dilithium3_pem_type "dilithium3" -#define p384_dilithium3_evp_type 0 -#define p384_dilithium3_input_type "p384_dilithium3" -#define p384_dilithium3_pem_type "p384_dilithium3" -#define dilithium3_pss3072_evp_type 0 -#define dilithium3_pss3072_input_type "dilithium3_pss3072" -#define dilithium3_pss3072_pem_type "dilithium3_pss3072" -#define dilithium3_rsa3072_evp_type 0 -#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" -#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" -#define dilithium3_p256_evp_type 0 -#define dilithium3_p256_input_type "dilithium3_p256" -#define dilithium3_p256_pem_type "dilithium3_p256" -#define dilithium3_bp256_evp_type 0 -#define dilithium3_bp256_input_type "dilithium3_bp256" -#define dilithium3_bp256_pem_type "dilithium3_bp256" -#define dilithium3_ed25519_evp_type 0 -#define dilithium3_ed25519_input_type "dilithium3_ed25519" -#define dilithium3_ed25519_pem_type "dilithium3_ed25519" -#define dilithium5_evp_type 0 -#define dilithium5_input_type "dilithium5" -#define dilithium5_pem_type "dilithium5" -#define p521_dilithium5_evp_type 0 -#define p521_dilithium5_input_type "p521_dilithium5" -#define p521_dilithium5_pem_type "p521_dilithium5" -#define dilithium5_p384_evp_type 0 -#define dilithium5_p384_input_type "dilithium5_p384" -#define dilithium5_p384_pem_type "dilithium5_p384" -#define dilithium5_bp384_evp_type 0 -#define dilithium5_bp384_input_type "dilithium5_bp384" -#define dilithium5_bp384_pem_type "dilithium5_bp384" -#define dilithium5_ed448_evp_type 0 -#define dilithium5_ed448_input_type "dilithium5_ed448" -#define dilithium5_ed448_pem_type "dilithium5_ed448" -#define falcon512_evp_type 0 -#define falcon512_input_type "falcon512" -#define falcon512_pem_type "falcon512" -#define p256_falcon512_evp_type 0 -#define p256_falcon512_input_type "p256_falcon512" -#define p256_falcon512_pem_type "p256_falcon512" -#define rsa3072_falcon512_evp_type 0 -#define rsa3072_falcon512_input_type "rsa3072_falcon512" -#define rsa3072_falcon512_pem_type "rsa3072_falcon512" -#define falcon512_p256_evp_type 0 -#define falcon512_p256_input_type "falcon512_p256" -#define falcon512_p256_pem_type "falcon512_p256" -#define falcon512_bp256_evp_type 0 -#define falcon512_bp256_input_type "falcon512_bp256" -#define falcon512_bp256_pem_type "falcon512_bp256" -#define falcon512_ed25519_evp_type 0 -#define falcon512_ed25519_input_type "falcon512_ed25519" -#define falcon512_ed25519_pem_type "falcon512_ed25519" -#define falcon1024_evp_type 0 -#define falcon1024_input_type "falcon1024" -#define falcon1024_pem_type "falcon1024" -#define p521_falcon1024_evp_type 0 -#define p521_falcon1024_input_type "p521_falcon1024" -#define p521_falcon1024_pem_type "p521_falcon1024" -#define sphincssha2128fsimple_evp_type 0 -#define sphincssha2128fsimple_input_type "sphincssha2128fsimple" -#define sphincssha2128fsimple_pem_type "sphincssha2128fsimple" -#define p256_sphincssha2128fsimple_evp_type 0 -#define p256_sphincssha2128fsimple_input_type "p256_sphincssha2128fsimple" -#define p256_sphincssha2128fsimple_pem_type "p256_sphincssha2128fsimple" -#define rsa3072_sphincssha2128fsimple_evp_type 0 -#define rsa3072_sphincssha2128fsimple_input_type "rsa3072_sphincssha2128fsimple" -#define rsa3072_sphincssha2128fsimple_pem_type "rsa3072_sphincssha2128fsimple" -#define sphincssha2128ssimple_evp_type 0 -#define sphincssha2128ssimple_input_type "sphincssha2128ssimple" -#define sphincssha2128ssimple_pem_type "sphincssha2128ssimple" -#define p256_sphincssha2128ssimple_evp_type 0 -#define p256_sphincssha2128ssimple_input_type "p256_sphincssha2128ssimple" -#define p256_sphincssha2128ssimple_pem_type "p256_sphincssha2128ssimple" -#define rsa3072_sphincssha2128ssimple_evp_type 0 -#define rsa3072_sphincssha2128ssimple_input_type "rsa3072_sphincssha2128ssimple" -#define rsa3072_sphincssha2128ssimple_pem_type "rsa3072_sphincssha2128ssimple" -#define sphincssha2192fsimple_evp_type 0 -#define sphincssha2192fsimple_input_type "sphincssha2192fsimple" -#define sphincssha2192fsimple_pem_type "sphincssha2192fsimple" -#define p384_sphincssha2192fsimple_evp_type 0 -#define p384_sphincssha2192fsimple_input_type "p384_sphincssha2192fsimple" -#define p384_sphincssha2192fsimple_pem_type "p384_sphincssha2192fsimple" -#define sphincsshake128fsimple_evp_type 0 -#define sphincsshake128fsimple_input_type "sphincsshake128fsimple" -#define sphincsshake128fsimple_pem_type "sphincsshake128fsimple" -#define p256_sphincsshake128fsimple_evp_type 0 -#define p256_sphincsshake128fsimple_input_type "p256_sphincsshake128fsimple" -#define p256_sphincsshake128fsimple_pem_type "p256_sphincsshake128fsimple" -#define rsa3072_sphincsshake128fsimple_evp_type 0 -#define rsa3072_sphincsshake128fsimple_input_type \ - "rsa3072_sphincsshake128fsimple" -#define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" +# define frodo640aes_evp_type 0 +# define frodo640aes_input_type "frodo640aes" +# define frodo640aes_pem_type "frodo640aes" + +# define p256_frodo640aes_evp_type 0 +# define p256_frodo640aes_input_type "p256_frodo640aes" +# define p256_frodo640aes_pem_type "p256_frodo640aes" +# define x25519_frodo640aes_evp_type 0 +# define x25519_frodo640aes_input_type "x25519_frodo640aes" +# define x25519_frodo640aes_pem_type "x25519_frodo640aes" +# define frodo640shake_evp_type 0 +# define frodo640shake_input_type "frodo640shake" +# define frodo640shake_pem_type "frodo640shake" + +# define p256_frodo640shake_evp_type 0 +# define p256_frodo640shake_input_type "p256_frodo640shake" +# define p256_frodo640shake_pem_type "p256_frodo640shake" +# define x25519_frodo640shake_evp_type 0 +# define x25519_frodo640shake_input_type "x25519_frodo640shake" +# define x25519_frodo640shake_pem_type "x25519_frodo640shake" +# define frodo976aes_evp_type 0 +# define frodo976aes_input_type "frodo976aes" +# define frodo976aes_pem_type "frodo976aes" + +# define p384_frodo976aes_evp_type 0 +# define p384_frodo976aes_input_type "p384_frodo976aes" +# define p384_frodo976aes_pem_type "p384_frodo976aes" +# define x448_frodo976aes_evp_type 0 +# define x448_frodo976aes_input_type "x448_frodo976aes" +# define x448_frodo976aes_pem_type "x448_frodo976aes" +# define frodo976shake_evp_type 0 +# define frodo976shake_input_type "frodo976shake" +# define frodo976shake_pem_type "frodo976shake" + +# define p384_frodo976shake_evp_type 0 +# define p384_frodo976shake_input_type "p384_frodo976shake" +# define p384_frodo976shake_pem_type "p384_frodo976shake" +# define x448_frodo976shake_evp_type 0 +# define x448_frodo976shake_input_type "x448_frodo976shake" +# define x448_frodo976shake_pem_type "x448_frodo976shake" +# define frodo1344aes_evp_type 0 +# define frodo1344aes_input_type "frodo1344aes" +# define frodo1344aes_pem_type "frodo1344aes" + +# define p521_frodo1344aes_evp_type 0 +# define p521_frodo1344aes_input_type "p521_frodo1344aes" +# define p521_frodo1344aes_pem_type "p521_frodo1344aes" +# define frodo1344shake_evp_type 0 +# define frodo1344shake_input_type "frodo1344shake" +# define frodo1344shake_pem_type "frodo1344shake" + +# define p521_frodo1344shake_evp_type 0 +# define p521_frodo1344shake_input_type "p521_frodo1344shake" +# define p521_frodo1344shake_pem_type "p521_frodo1344shake" +# define kyber512_evp_type 0 +# define kyber512_input_type "kyber512" +# define kyber512_pem_type "kyber512" + +# define p256_kyber512_evp_type 0 +# define p256_kyber512_input_type "p256_kyber512" +# define p256_kyber512_pem_type "p256_kyber512" +# define x25519_kyber512_evp_type 0 +# define x25519_kyber512_input_type "x25519_kyber512" +# define x25519_kyber512_pem_type "x25519_kyber512" +# define kyber768_evp_type 0 +# define kyber768_input_type "kyber768" +# define kyber768_pem_type "kyber768" + +# define p384_kyber768_evp_type 0 +# define p384_kyber768_input_type "p384_kyber768" +# define p384_kyber768_pem_type "p384_kyber768" +# define x448_kyber768_evp_type 0 +# define x448_kyber768_input_type "x448_kyber768" +# define x448_kyber768_pem_type "x448_kyber768" +# define x25519_kyber768_evp_type 0 +# define x25519_kyber768_input_type "x25519_kyber768" +# define x25519_kyber768_pem_type "x25519_kyber768" +# define p256_kyber768_evp_type 0 +# define p256_kyber768_input_type "p256_kyber768" +# define p256_kyber768_pem_type "p256_kyber768" +# define kyber1024_evp_type 0 +# define kyber1024_input_type "kyber1024" +# define kyber1024_pem_type "kyber1024" + +# define p521_kyber1024_evp_type 0 +# define p521_kyber1024_input_type "p521_kyber1024" +# define p521_kyber1024_pem_type "p521_kyber1024" +# define bikel1_evp_type 0 +# define bikel1_input_type "bikel1" +# define bikel1_pem_type "bikel1" + +# define p256_bikel1_evp_type 0 +# define p256_bikel1_input_type "p256_bikel1" +# define p256_bikel1_pem_type "p256_bikel1" +# define x25519_bikel1_evp_type 0 +# define x25519_bikel1_input_type "x25519_bikel1" +# define x25519_bikel1_pem_type "x25519_bikel1" +# define bikel3_evp_type 0 +# define bikel3_input_type "bikel3" +# define bikel3_pem_type "bikel3" + +# define p384_bikel3_evp_type 0 +# define p384_bikel3_input_type "p384_bikel3" +# define p384_bikel3_pem_type "p384_bikel3" +# define x448_bikel3_evp_type 0 +# define x448_bikel3_input_type "x448_bikel3" +# define x448_bikel3_pem_type "x448_bikel3" +# define bikel5_evp_type 0 +# define bikel5_input_type "bikel5" +# define bikel5_pem_type "bikel5" + +# define p521_bikel5_evp_type 0 +# define p521_bikel5_input_type "p521_bikel5" +# define p521_bikel5_pem_type "p521_bikel5" +# define hqc128_evp_type 0 +# define hqc128_input_type "hqc128" +# define hqc128_pem_type "hqc128" + +# define p256_hqc128_evp_type 0 +# define p256_hqc128_input_type "p256_hqc128" +# define p256_hqc128_pem_type "p256_hqc128" +# define x25519_hqc128_evp_type 0 +# define x25519_hqc128_input_type "x25519_hqc128" +# define x25519_hqc128_pem_type "x25519_hqc128" +# define hqc192_evp_type 0 +# define hqc192_input_type "hqc192" +# define hqc192_pem_type "hqc192" + +# define p384_hqc192_evp_type 0 +# define p384_hqc192_input_type "p384_hqc192" +# define p384_hqc192_pem_type "p384_hqc192" +# define x448_hqc192_evp_type 0 +# define x448_hqc192_input_type "x448_hqc192" +# define x448_hqc192_pem_type "x448_hqc192" +# define hqc256_evp_type 0 +# define hqc256_input_type "hqc256" +# define hqc256_pem_type "hqc256" + +# define p521_hqc256_evp_type 0 +# define p521_hqc256_input_type "p521_hqc256" +# define p521_hqc256_pem_type "p521_hqc256" + + +# define dilithium2_evp_type 0 +# define dilithium2_input_type "dilithium2" +# define dilithium2_pem_type "dilithium2" +# define p256_dilithium2_evp_type 0 +# define p256_dilithium2_input_type "p256_dilithium2" +# define p256_dilithium2_pem_type "p256_dilithium2" +# define rsa3072_dilithium2_evp_type 0 +# define rsa3072_dilithium2_input_type "rsa3072_dilithium2" +# define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" +# define dilithium2_pss2048_evp_type 0 +# define dilithium2_pss2048_input_type "dilithium2_pss2048" +# define dilithium2_pss2048_pem_type "dilithium2_pss2048" +# define dilithium2_rsa2048_evp_type 0 +# define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +# define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +# define dilithium2_ed25519_evp_type 0 +# define dilithium2_ed25519_input_type "dilithium2_ed25519" +# define dilithium2_ed25519_pem_type "dilithium2_ed25519" +# define dilithium2_p256_evp_type 0 +# define dilithium2_p256_input_type "dilithium2_p256" +# define dilithium2_p256_pem_type "dilithium2_p256" +# define dilithium2_bp256_evp_type 0 +# define dilithium2_bp256_input_type "dilithium2_bp256" +# define dilithium2_bp256_pem_type "dilithium2_bp256" +# define dilithium3_evp_type 0 +# define dilithium3_input_type "dilithium3" +# define dilithium3_pem_type "dilithium3" +# define p384_dilithium3_evp_type 0 +# define p384_dilithium3_input_type "p384_dilithium3" +# define p384_dilithium3_pem_type "p384_dilithium3" +# define dilithium3_pss3072_evp_type 0 +# define dilithium3_pss3072_input_type "dilithium3_pss3072" +# define dilithium3_pss3072_pem_type "dilithium3_pss3072" +# define dilithium3_rsa3072_evp_type 0 +# define dilithium3_rsa3072_input_type "dilithium3_rsa3072" +# define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" +# define dilithium3_p256_evp_type 0 +# define dilithium3_p256_input_type "dilithium3_p256" +# define dilithium3_p256_pem_type "dilithium3_p256" +# define dilithium3_bp256_evp_type 0 +# define dilithium3_bp256_input_type "dilithium3_bp256" +# define dilithium3_bp256_pem_type "dilithium3_bp256" +# define dilithium3_ed25519_evp_type 0 +# define dilithium3_ed25519_input_type "dilithium3_ed25519" +# define dilithium3_ed25519_pem_type "dilithium3_ed25519" +# define dilithium5_evp_type 0 +# define dilithium5_input_type "dilithium5" +# define dilithium5_pem_type "dilithium5" +# define p521_dilithium5_evp_type 0 +# define p521_dilithium5_input_type "p521_dilithium5" +# define p521_dilithium5_pem_type "p521_dilithium5" +# define dilithium5_p384_evp_type 0 +# define dilithium5_p384_input_type "dilithium5_p384" +# define dilithium5_p384_pem_type "dilithium5_p384" +# define dilithium5_bp384_evp_type 0 +# define dilithium5_bp384_input_type "dilithium5_bp384" +# define dilithium5_bp384_pem_type "dilithium5_bp384" +# define dilithium5_ed448_evp_type 0 +# define dilithium5_ed448_input_type "dilithium5_ed448" +# define dilithium5_ed448_pem_type "dilithium5_ed448" +# define falcon512_evp_type 0 +# define falcon512_input_type "falcon512" +# define falcon512_pem_type "falcon512" +# define p256_falcon512_evp_type 0 +# define p256_falcon512_input_type "p256_falcon512" +# define p256_falcon512_pem_type "p256_falcon512" +# define rsa3072_falcon512_evp_type 0 +# define rsa3072_falcon512_input_type "rsa3072_falcon512" +# define rsa3072_falcon512_pem_type "rsa3072_falcon512" +# define falcon512_p256_evp_type 0 +# define falcon512_p256_input_type "falcon512_p256" +# define falcon512_p256_pem_type "falcon512_p256" +# define falcon512_bp256_evp_type 0 +# define falcon512_bp256_input_type "falcon512_bp256" +# define falcon512_bp256_pem_type "falcon512_bp256" +# define falcon512_ed25519_evp_type 0 +# define falcon512_ed25519_input_type "falcon512_ed25519" +# define falcon512_ed25519_pem_type "falcon512_ed25519" +# define falcon1024_evp_type 0 +# define falcon1024_input_type "falcon1024" +# define falcon1024_pem_type "falcon1024" +# define p521_falcon1024_evp_type 0 +# define p521_falcon1024_input_type "p521_falcon1024" +# define p521_falcon1024_pem_type "p521_falcon1024" +# define sphincssha2128fsimple_evp_type 0 +# define sphincssha2128fsimple_input_type "sphincssha2128fsimple" +# define sphincssha2128fsimple_pem_type "sphincssha2128fsimple" +# define p256_sphincssha2128fsimple_evp_type 0 +# define p256_sphincssha2128fsimple_input_type "p256_sphincssha2128fsimple" +# define p256_sphincssha2128fsimple_pem_type "p256_sphincssha2128fsimple" +# define rsa3072_sphincssha2128fsimple_evp_type 0 +# define rsa3072_sphincssha2128fsimple_input_type "rsa3072_sphincssha2128fsimple" +# define rsa3072_sphincssha2128fsimple_pem_type "rsa3072_sphincssha2128fsimple" +# define sphincssha2128ssimple_evp_type 0 +# define sphincssha2128ssimple_input_type "sphincssha2128ssimple" +# define sphincssha2128ssimple_pem_type "sphincssha2128ssimple" +# define p256_sphincssha2128ssimple_evp_type 0 +# define p256_sphincssha2128ssimple_input_type "p256_sphincssha2128ssimple" +# define p256_sphincssha2128ssimple_pem_type "p256_sphincssha2128ssimple" +# define rsa3072_sphincssha2128ssimple_evp_type 0 +# define rsa3072_sphincssha2128ssimple_input_type "rsa3072_sphincssha2128ssimple" +# define rsa3072_sphincssha2128ssimple_pem_type "rsa3072_sphincssha2128ssimple" +# define sphincssha2192fsimple_evp_type 0 +# define sphincssha2192fsimple_input_type "sphincssha2192fsimple" +# define sphincssha2192fsimple_pem_type "sphincssha2192fsimple" +# define p384_sphincssha2192fsimple_evp_type 0 +# define p384_sphincssha2192fsimple_input_type "p384_sphincssha2192fsimple" +# define p384_sphincssha2192fsimple_pem_type "p384_sphincssha2192fsimple" +# define sphincsshake128fsimple_evp_type 0 +# define sphincsshake128fsimple_input_type "sphincsshake128fsimple" +# define sphincsshake128fsimple_pem_type "sphincsshake128fsimple" +# define p256_sphincsshake128fsimple_evp_type 0 +# define p256_sphincsshake128fsimple_input_type "p256_sphincsshake128fsimple" +# define p256_sphincsshake128fsimple_pem_type "p256_sphincsshake128fsimple" +# define rsa3072_sphincsshake128fsimple_evp_type 0 +# define rsa3072_sphincsshake128fsimple_input_type "rsa3072_sphincsshake128fsimple" +# define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -1722,6 +1722,7 @@ key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_START #ifdef OQS_KEM_ENCODERS + MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, frodo640aes, oqsx, PrivateKeyInfo, der); @@ -2243,10 +2244,8 @@ MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincssha2128fsimple); -MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, - der); -MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, - pem); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); @@ -2266,10 +2265,8 @@ MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincssha2128ssimple); -MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, - der); -MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, - pem); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); @@ -2303,10 +2300,8 @@ MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincsshake128fsimple); -MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, - der); -MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, - pem); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 09bb2b31..bb56299c 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -583,460 +583,358 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_START static void *dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2", KEY_TYPE_SIG, NULL, 128, 0); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2", KEY_TYPE_SIG, NULL, 128, 0); } static void *dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2", 0, 128, 0); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2", 0, 128, 0); } static void *p256_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 1); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 1); } static void *p256_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "p256_dilithium2", KEY_TYPE_HYB_SIG, 128, 1); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, 128, 1); } static void *rsa3072_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 2); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 2); } static void *rsa3072_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); } static void *dilithium2_pss2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); } static void *dilithium2_pss2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); } static void *dilithium2_rsa2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); } static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); } static void *dilithium2_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); } static void *dilithium2_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); } static void *dilithium2_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); } static void *dilithium2_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); } static void *dilithium2_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); } static void *dilithium2_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); } static void *dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); } static void *dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3", 0, 192, 8); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3", 0, 192, 8); } static void *p384_dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); } static void *p384_dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); } static void *dilithium3_pss3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); } static void *dilithium3_pss3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); } static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); } static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); } static void *dilithium3_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); } static void *dilithium3_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); } static void *dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); } static void *dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5", 0, 256, 15); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5", 0, 256, 15); } static void *p521_dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); } static void *p521_dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); } static void *dilithium5_p384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); } static void *dilithium5_p384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); } static void *dilithium5_bp384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); } static void *dilithium5_bp384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); } static void *dilithium5_ed448_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); } static void *dilithium5_ed448_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); } static void *falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512", KEY_TYPE_SIG, NULL, 128, 20); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512", KEY_TYPE_SIG, NULL, 128, 20); } static void *falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512", 0, 128, 20); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512", 0, 128, 20); } static void *p256_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); } static void *p256_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); } static void *rsa3072_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); } static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); } static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); } static void *falcon512_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); } static void *falcon512_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); } static void *falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); } static void *falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 26); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "falcon1024", 0, 256, 26); } static void *p521_falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); } + static void *sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), - OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, - OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 28); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "sphincssha2128fsimple", 0, 128, 28); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); } -static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, - int selection) +static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); } static void *sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), - OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, - OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 31); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "sphincssha2128ssimple", 0, 128, 31); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } -static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, - int selection) +static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); } static void *sphincssha2192fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), - OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, - OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 34); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, "sphincssha2192fsimple", 0, 192, 34); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); } static void *sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), - OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, - OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 36); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "sphincsshake128fsimple", 0, 128, 36); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new( - PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); } -static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, - int selection) +static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init( - provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -1230,40 +1128,30 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincsshake128fsimple) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640aes, OQS_KEM_alg_frodokem_640_aes, - 128) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640aes, OQS_KEM_alg_frodokem_640_aes, - 128) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640shake, - OQS_KEM_alg_frodokem_640_shake, 128) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640shake, - OQS_KEM_alg_frodokem_640_shake, 128) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976aes, OQS_KEM_alg_frodokem_976_aes, - 192) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976aes, OQS_KEM_alg_frodokem_976_aes, - 192) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976shake, - OQS_KEM_alg_frodokem_976_shake, 192) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976shake, - OQS_KEM_alg_frodokem_976_shake, 192) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, - 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, 256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo1344shake, OQS_KEM_alg_frodokem_1344_shake, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344shake, - OQS_KEM_alg_frodokem_1344_shake, 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344shake, OQS_KEM_alg_frodokem_1344_shake, 256) MAKE_KEM_KEYMGMT_FUNCTIONS(kyber512, OQS_KEM_alg_kyber_512, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_kyber512, OQS_KEM_alg_kyber_512, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1bf1c02e..1ec8608a 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -257,1470 +257,695 @@ extern const OSSL_DISPATCH oqs_signature_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_START #ifdef OQS_KEM_ENCODERS -extern const OSSL_DISPATCH - oqs_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; + +extern const OSSL_DISPATCH oqs_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo640aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_frodo640aes_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo640shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_frodo640shake_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo976aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_frodo976aes_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo976shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_frodo976shake_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo1344aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo1344aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo1344shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo1344shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber512_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_kyber512_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x448_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x448_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_kyber1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_kyber1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber1024_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_kyber1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel1_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_bikel1_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_bikel1_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_bikel1_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_bikel1_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel3_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_bikel3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_bikel3_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_bikel3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x448_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_bikel3_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_bikel5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel5_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_bikel5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_bikel5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_bikel5_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc128_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_hqc128_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x25519_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_hqc128_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_hqc128_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x25519_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_hqc128_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc192_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_hqc192_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_x448_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_hqc192_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_hqc192_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_x448_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_hqc192_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_hqc256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc256_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_hqc256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_hqc256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_hqc256_decoder_functions[]; #endif /* OQS_KEM_ENCODERS */ -extern const OSSL_DISPATCH - oqs_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; + +extern const OSSL_DISPATCH oqs_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_dilithium3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_dilithium5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_falcon1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincssha2192fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p384_sphincssha2192fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_p256_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions - []; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions - []; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions - []; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START -extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_keymgmt_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincssha2128ssimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH - oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 3496d68d..9bdc5e3f 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -36,318 +36,176 @@ ///// OQS_TEMPLATE_FRAGMENT_MAKE_START #ifdef OQS_KEM_ENCODERS -# ifdef OQS_ENABLE_KEM_frodokem_640_aes +#ifdef OQS_ENABLE_KEM_frodokem_640_aes DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), - DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), - DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, - p256_frodo640aes), - DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, - p256_frodo640aes), - DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, - x25519_frodo640aes), - DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, - x25519_frodo640aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_640_shake - DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), - DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, - frodo640shake), - DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, - p256_frodo640shake), - DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, - p256_frodo640shake), - DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, - x25519_frodo640shake), - DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, - x25519_frodo640shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_aes - DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), - DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), - DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, - p384_frodo976aes), - DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, - p384_frodo976aes), - DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, - x448_frodo976aes), - DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, - x448_frodo976aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_shake - DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), - DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, - frodo976shake), - DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, - p384_frodo976shake), - DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, - p384_frodo976shake), - DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, - x448_frodo976shake), - DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, - x448_frodo976shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_aes - DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), - DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, - frodo1344aes), - DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, - p521_frodo1344aes), - DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, - p521_frodo1344aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_shake - DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), - DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, - frodo1344shake), - DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, - p521_frodo1344shake), - DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, - p521_frodo1344shake), -# endif -# ifdef OQS_ENABLE_KEM_kyber_512 - DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), - DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), - DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), - DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, - p256_kyber512), - DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, - x25519_kyber512), - DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, - x25519_kyber512), -# endif -# ifdef OQS_ENABLE_KEM_kyber_768 - DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), - DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), - DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), - DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, - p384_kyber768), - DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), - DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, - x448_kyber768), - DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, - x25519_kyber768), - DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, - x25519_kyber768), - DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), - DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, - p256_kyber768), -# endif -# ifdef OQS_ENABLE_KEM_kyber_1024 - DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), - DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), - DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), - DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, - p521_kyber1024), -# endif -# ifdef OQS_ENABLE_KEM_bike_l1 - DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), - DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), - DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), - DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1), - DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), - DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, - x25519_bikel1), -# endif -# ifdef OQS_ENABLE_KEM_bike_l3 - DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), - DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), - DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), - DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3), - DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), - DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), -# endif -# ifdef OQS_ENABLE_KEM_bike_l5 - DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), - DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), - DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), - DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), -# endif -# ifdef OQS_ENABLE_KEM_hqc_128 - DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), - DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), - DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), - DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128), - DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), - DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, - x25519_hqc128), -# endif -# ifdef OQS_ENABLE_KEM_hqc_192 - DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), - DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), - DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), - DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192), - DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), - DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), -# endif -# ifdef OQS_ENABLE_KEM_hqc_256 - DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), - DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), - DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), - DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), -# endif +DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), +DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, p256_frodo640aes), +DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, p256_frodo640aes),DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, x25519_frodo640aes), +DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, x25519_frodo640aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_640_shake +DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), +DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, frodo640shake), +DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, p256_frodo640shake), +DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, p256_frodo640shake),DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, x25519_frodo640shake), +DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, x25519_frodo640shake), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_976_aes +DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), +DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), +DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, p384_frodo976aes), +DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, p384_frodo976aes),DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, x448_frodo976aes), +DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, x448_frodo976aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_976_shake +DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), +DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, frodo976shake), +DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, p384_frodo976shake), +DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, p384_frodo976shake),DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, x448_frodo976shake), +DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, x448_frodo976shake), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_1344_aes +DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), +DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, frodo1344aes), +DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, p521_frodo1344aes), +DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, p521_frodo1344aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_1344_shake +DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), +DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, frodo1344shake), +DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, p521_frodo1344shake), +DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, p521_frodo1344shake), +#endif +#ifdef OQS_ENABLE_KEM_kyber_512 +DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), +DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), +DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), +DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, p256_kyber512),DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, x25519_kyber512), +DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, x25519_kyber512), +#endif +#ifdef OQS_ENABLE_KEM_kyber_768 +DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), +DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), +DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), +DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, p384_kyber768),DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), +DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, x448_kyber768),DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, x25519_kyber768), +DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, x25519_kyber768),DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), +DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, p256_kyber768), +#endif +#ifdef OQS_ENABLE_KEM_kyber_1024 +DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), +DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), +DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), +DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, p521_kyber1024), +#endif +#ifdef OQS_ENABLE_KEM_bike_l1 +DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), +DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), +DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), +DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1),DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), +DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, x25519_bikel1), +#endif +#ifdef OQS_ENABLE_KEM_bike_l3 +DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), +DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), +DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), +DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3),DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), +DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), +#endif +#ifdef OQS_ENABLE_KEM_bike_l5 +DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), +DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), +DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), +DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), +#endif +#ifdef OQS_ENABLE_KEM_hqc_128 +DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), +DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), +DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), +DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128),DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), +DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, x25519_hqc128), +#endif +#ifdef OQS_ENABLE_KEM_hqc_192 +DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), +DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), +DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), +DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192),DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), +DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), +#endif +#ifdef OQS_ENABLE_KEM_hqc_256 +DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), +DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), +DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), +DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), +#endif #endif /* OQS_KEM_ENCODERS */ + #ifdef OQS_ENABLE_SIG_dilithium_2 - DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), - DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2), - DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, - p256_dilithium2), - DECODER_w_structure("p256_dilithium2", der, SubjectPublicKeyInfo, - p256_dilithium2), - DECODER_w_structure("rsa3072_dilithium2", der, PrivateKeyInfo, - rsa3072_dilithium2), - DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, - rsa3072_dilithium2), - DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, - dilithium2_pss2048), - DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, - dilithium2_pss2048), - DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, - dilithium2_ed25519), - DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, - dilithium2_ed25519), - DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, - dilithium2_bp256), - DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, - dilithium2_bp256), +DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), +DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2),DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, p256_dilithium2), +DECODER_w_structure("p256_dilithium2", der, SubjectPublicKeyInfo, p256_dilithium2),DECODER_w_structure("rsa3072_dilithium2", der, PrivateKeyInfo, rsa3072_dilithium2), +DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, rsa3072_dilithium2),DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, dilithium2_pss2048), +DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, dilithium2_pss2048),DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, dilithium2_rsa2048), +DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, dilithium2_rsa2048),DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, dilithium2_ed25519), +DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, dilithium2_ed25519),DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, dilithium2_p256), +DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, dilithium2_p256),DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, dilithium2_bp256), +DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 - DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), - DECODER_w_structure("dilithium3", der, SubjectPublicKeyInfo, dilithium3), - DECODER_w_structure("p384_dilithium3", der, PrivateKeyInfo, - p384_dilithium3), - DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, - p384_dilithium3), - DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, - dilithium3_pss3072), - DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, - dilithium3_pss3072), - DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, - dilithium3_rsa3072), - DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, - dilithium3_rsa3072), - DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, - dilithium3_p256), - DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, - dilithium3_p256), - DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, - dilithium3_bp256), - DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, - dilithium3_bp256), - DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, - dilithium3_ed25519), - DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, - dilithium3_ed25519), +DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), +DECODER_w_structure("dilithium3", der, SubjectPublicKeyInfo, dilithium3),DECODER_w_structure("p384_dilithium3", der, PrivateKeyInfo, p384_dilithium3), +DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, p384_dilithium3),DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, dilithium3_pss3072), +DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, dilithium3_pss3072),DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, dilithium3_rsa3072), +DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, dilithium3_rsa3072),DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, dilithium3_p256), +DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, dilithium3_p256),DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, dilithium3_bp256), +DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, dilithium3_bp256),DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, dilithium3_ed25519), +DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 - DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), - DECODER_w_structure("dilithium5", der, SubjectPublicKeyInfo, dilithium5), - DECODER_w_structure("p521_dilithium5", der, PrivateKeyInfo, - p521_dilithium5), - DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, - p521_dilithium5), - DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, - dilithium5_p384), - DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, - dilithium5_p384), - DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, - dilithium5_bp384), - DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, - dilithium5_bp384), - DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, - dilithium5_ed448), - DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, - dilithium5_ed448), +DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), +DECODER_w_structure("dilithium5", der, SubjectPublicKeyInfo, dilithium5),DECODER_w_structure("p521_dilithium5", der, PrivateKeyInfo, p521_dilithium5), +DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, p521_dilithium5),DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, dilithium5_p384), +DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, dilithium5_p384),DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, dilithium5_bp384), +DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, dilithium5_bp384),DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, dilithium5_ed448), +DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 - DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), - DECODER_w_structure("falcon512", der, SubjectPublicKeyInfo, falcon512), - DECODER_w_structure("p256_falcon512", der, PrivateKeyInfo, p256_falcon512), - DECODER_w_structure("p256_falcon512", der, SubjectPublicKeyInfo, - p256_falcon512), - DECODER_w_structure("rsa3072_falcon512", der, PrivateKeyInfo, - rsa3072_falcon512), - DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, - rsa3072_falcon512), - DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), - DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, - falcon512_p256), - DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, - falcon512_bp256), - DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, - falcon512_bp256), - DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, - falcon512_ed25519), - DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, - falcon512_ed25519), +DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), +DECODER_w_structure("falcon512", der, SubjectPublicKeyInfo, falcon512),DECODER_w_structure("p256_falcon512", der, PrivateKeyInfo, p256_falcon512), +DECODER_w_structure("p256_falcon512", der, SubjectPublicKeyInfo, p256_falcon512),DECODER_w_structure("rsa3072_falcon512", der, PrivateKeyInfo, rsa3072_falcon512), +DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512),DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), +DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256),DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, falcon512_bp256), +DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, falcon512_bp256),DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, falcon512_ed25519), +DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 - DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), - DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024), - DECODER_w_structure("p521_falcon1024", der, PrivateKeyInfo, - p521_falcon1024), - DECODER_w_structure("p521_falcon1024", der, SubjectPublicKeyInfo, - p521_falcon1024), +DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), +DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024),DECODER_w_structure("p521_falcon1024", der, PrivateKeyInfo, p521_falcon1024), +DECODER_w_structure("p521_falcon1024", der, SubjectPublicKeyInfo, p521_falcon1024), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple - DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, - sphincssha2128fsimple), - DECODER_w_structure("sphincssha2128fsimple", der, SubjectPublicKeyInfo, - sphincssha2128fsimple), - DECODER_w_structure("p256_sphincssha2128fsimple", der, PrivateKeyInfo, - p256_sphincssha2128fsimple), - DECODER_w_structure("p256_sphincssha2128fsimple", der, SubjectPublicKeyInfo, - p256_sphincssha2128fsimple), - DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, PrivateKeyInfo, - rsa3072_sphincssha2128fsimple), - DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, - SubjectPublicKeyInfo, rsa3072_sphincssha2128fsimple), +DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, sphincssha2128fsimple), +DECODER_w_structure("sphincssha2128fsimple", der, SubjectPublicKeyInfo, sphincssha2128fsimple),DECODER_w_structure("p256_sphincssha2128fsimple", der, PrivateKeyInfo, p256_sphincssha2128fsimple), +DECODER_w_structure("p256_sphincssha2128fsimple", der, SubjectPublicKeyInfo, p256_sphincssha2128fsimple),DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, PrivateKeyInfo, rsa3072_sphincssha2128fsimple), +DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincssha2128fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple - DECODER_w_structure("sphincssha2128ssimple", der, PrivateKeyInfo, - sphincssha2128ssimple), - DECODER_w_structure("sphincssha2128ssimple", der, SubjectPublicKeyInfo, - sphincssha2128ssimple), - DECODER_w_structure("p256_sphincssha2128ssimple", der, PrivateKeyInfo, - p256_sphincssha2128ssimple), - DECODER_w_structure("p256_sphincssha2128ssimple", der, SubjectPublicKeyInfo, - p256_sphincssha2128ssimple), - DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, PrivateKeyInfo, - rsa3072_sphincssha2128ssimple), - DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, - SubjectPublicKeyInfo, rsa3072_sphincssha2128ssimple), +DECODER_w_structure("sphincssha2128ssimple", der, PrivateKeyInfo, sphincssha2128ssimple), +DECODER_w_structure("sphincssha2128ssimple", der, SubjectPublicKeyInfo, sphincssha2128ssimple),DECODER_w_structure("p256_sphincssha2128ssimple", der, PrivateKeyInfo, p256_sphincssha2128ssimple), +DECODER_w_structure("p256_sphincssha2128ssimple", der, SubjectPublicKeyInfo, p256_sphincssha2128ssimple),DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, PrivateKeyInfo, rsa3072_sphincssha2128ssimple), +DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, SubjectPublicKeyInfo, rsa3072_sphincssha2128ssimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple - DECODER_w_structure("sphincssha2192fsimple", der, PrivateKeyInfo, - sphincssha2192fsimple), - DECODER_w_structure("sphincssha2192fsimple", der, SubjectPublicKeyInfo, - sphincssha2192fsimple), - DECODER_w_structure("p384_sphincssha2192fsimple", der, PrivateKeyInfo, - p384_sphincssha2192fsimple), - DECODER_w_structure("p384_sphincssha2192fsimple", der, SubjectPublicKeyInfo, - p384_sphincssha2192fsimple), +DECODER_w_structure("sphincssha2192fsimple", der, PrivateKeyInfo, sphincssha2192fsimple), +DECODER_w_structure("sphincssha2192fsimple", der, SubjectPublicKeyInfo, sphincssha2192fsimple),DECODER_w_structure("p384_sphincssha2192fsimple", der, PrivateKeyInfo, p384_sphincssha2192fsimple), +DECODER_w_structure("p384_sphincssha2192fsimple", der, SubjectPublicKeyInfo, p384_sphincssha2192fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple - DECODER_w_structure("sphincsshake128fsimple", der, PrivateKeyInfo, - sphincsshake128fsimple), - DECODER_w_structure("sphincsshake128fsimple", der, SubjectPublicKeyInfo, - sphincsshake128fsimple), - DECODER_w_structure("p256_sphincsshake128fsimple", der, PrivateKeyInfo, - p256_sphincsshake128fsimple), - DECODER_w_structure("p256_sphincsshake128fsimple", der, - SubjectPublicKeyInfo, p256_sphincsshake128fsimple), - DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, PrivateKeyInfo, - rsa3072_sphincsshake128fsimple), - DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, - SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), +DECODER_w_structure("sphincsshake128fsimple", der, PrivateKeyInfo, sphincsshake128fsimple), +DECODER_w_structure("sphincsshake128fsimple", der, SubjectPublicKeyInfo, sphincsshake128fsimple),DECODER_w_structure("p256_sphincsshake128fsimple", der, PrivateKeyInfo, p256_sphincsshake128fsimple), +DECODER_w_structure("p256_sphincsshake128fsimple", der, SubjectPublicKeyInfo, p256_sphincsshake128fsimple),DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, PrivateKeyInfo, rsa3072_sphincsshake128fsimple), +DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), #endif - ///// OQS_TEMPLATE_FRAGMENT_MAKE_END +///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 88729583..97e06f08 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -81,981 +81,624 @@ ///// OQS_TEMPLATE_FRAGMENT_MAKE_START #ifdef OQS_KEM_ENCODERS -# ifdef OQS_ENABLE_KEM_frodokem_640_aes + +#ifdef OQS_ENABLE_KEM_frodokem_640_aes ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("frodo640aes", frodo640aes), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_640_shake - ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo640shake", frodo640shake), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_aes - ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("frodo976aes", frodo976aes), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_shake - ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo976shake", frodo976shake), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_aes - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo1344aes", frodo1344aes), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_shake - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo1344shake", frodo1344shake), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), -# endif -# ifdef OQS_ENABLE_KEM_kyber_512 - ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber512", kyber512), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_kyber512", p256_kyber512), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_kyber512", x25519_kyber512), -# endif -# ifdef OQS_ENABLE_KEM_kyber_768 - ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber768", kyber768), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_kyber768", p384_kyber768), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_kyber768", x448_kyber768), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_kyber768", x25519_kyber768), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_kyber768", p256_kyber768), -# endif -# ifdef OQS_ENABLE_KEM_kyber_1024 - ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber1024", kyber1024), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_kyber1024", p521_kyber1024), -# endif -# ifdef OQS_ENABLE_KEM_bike_l1 - ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel1", bikel1), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_bikel1", p256_bikel1), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_bikel1", x25519_bikel1), -# endif -# ifdef OQS_ENABLE_KEM_bike_l3 - ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel3", bikel3), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p384_bikel3", p384_bikel3), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("x448_bikel3", x448_bikel3), -# endif -# ifdef OQS_ENABLE_KEM_bike_l5 - ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel5", bikel5), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p521_bikel5", p521_bikel5), -# endif -# ifdef OQS_ENABLE_KEM_hqc_128 - ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc128", hqc128), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_hqc128", p256_hqc128), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_hqc128", x25519_hqc128), -# endif -# ifdef OQS_ENABLE_KEM_hqc_192 - ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc192", hqc192), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p384_hqc192", p384_hqc192), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("x448_hqc192", x448_hqc192), -# endif -# ifdef OQS_ENABLE_KEM_hqc_256 - ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc256", hqc256), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p521_hqc256", p521_hqc256), -# endif +ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo640aes", frodo640aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo640aes", frodo640aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo640aes", frodo640aes), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, PrivateKeyInfo), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_640_shake +ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), +ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo640shake", frodo640shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo640shake", frodo640shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo640shake", frodo640shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo640shake", frodo640shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo640shake", frodo640shake), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, PrivateKeyInfo), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_976_aes +ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), +ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo976aes", frodo976aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo976aes", frodo976aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo976aes", frodo976aes), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, PrivateKeyInfo), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, PrivateKeyInfo), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, PrivateKeyInfo), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_976_shake +ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), +ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo976shake", frodo976shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo976shake", frodo976shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo976shake", frodo976shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo976shake", frodo976shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo976shake", frodo976shake), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, PrivateKeyInfo), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, PrivateKeyInfo), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, PrivateKeyInfo), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_1344_aes +ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), +ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo1344aes", frodo1344aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo1344aes", frodo1344aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo1344aes", frodo1344aes), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, PrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), +#endif +#ifdef OQS_ENABLE_KEM_frodokem_1344_shake +ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), +ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), +ENCODER_w_structure("frodo1344shake", frodo1344shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("frodo1344shake", frodo1344shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("frodo1344shake", frodo1344shake), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, PrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), +#endif +#ifdef OQS_ENABLE_KEM_kyber_512 +ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), +ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), +ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("kyber512", kyber512), +ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), +ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_kyber512", p256_kyber512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_kyber512", p256_kyber512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_kyber512", p256_kyber512), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_kyber512", x25519_kyber512), +#endif +#ifdef OQS_ENABLE_KEM_kyber_768 +ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), +ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), +ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), +ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("kyber768", kyber768), +ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), +ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_kyber768", p384_kyber768, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_kyber768", p384_kyber768, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_kyber768", p384_kyber768), +ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), +ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), +ENCODER_w_structure("x448_kyber768", x448_kyber768, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_kyber768", x448_kyber768, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x448_kyber768", x448_kyber768), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_kyber768", x25519_kyber768), +ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), +ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_kyber768", p256_kyber768, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_kyber768", p256_kyber768, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_kyber768", p256_kyber768), +#endif +#ifdef OQS_ENABLE_KEM_kyber_1024 +ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), +ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), +ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), +ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("kyber1024", kyber1024), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_kyber1024", p521_kyber1024), +#endif +#ifdef OQS_ENABLE_KEM_bike_l1 +ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), +ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), +ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), +ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("bikel1", bikel1), +ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), +ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_bikel1", p256_bikel1, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_bikel1", p256_bikel1), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_bikel1", x25519_bikel1), +#endif +#ifdef OQS_ENABLE_KEM_bike_l3 +ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), +ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), +ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), +ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("bikel3", bikel3), +ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), +ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_bikel3", p384_bikel3, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_bikel3", p384_bikel3), +ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), +ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), +ENCODER_w_structure("x448_bikel3", x448_bikel3, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x448_bikel3", x448_bikel3), +#endif +#ifdef OQS_ENABLE_KEM_bike_l5 +ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), +ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), +ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), +ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("bikel5", bikel5), +ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), +ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_bikel5", p521_bikel5, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_bikel5", p521_bikel5), +#endif +#ifdef OQS_ENABLE_KEM_hqc_128 +ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), +ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), +ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), +ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("hqc128", hqc128), +ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), +ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_hqc128", p256_hqc128, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_hqc128", p256_hqc128), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x25519_hqc128", x25519_hqc128), +#endif +#ifdef OQS_ENABLE_KEM_hqc_192 +ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), +ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), +ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), +ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("hqc192", hqc192), +ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), +ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_hqc192", p384_hqc192, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_hqc192", p384_hqc192), +ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), +ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), +ENCODER_w_structure("x448_hqc192", x448_hqc192, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), +ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("x448_hqc192", x448_hqc192), +#endif +#ifdef OQS_ENABLE_KEM_hqc_256 +ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), +ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), +ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("hqc256", hqc256), +ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), +ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_hqc256", p521_hqc256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_hqc256", p521_hqc256), +#endif #endif /* OQS_KEM_ENCODERS */ + #ifdef OQS_ENABLE_SIG_dilithium_2 - ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2", dilithium2, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2", dilithium2, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2", dilithium2, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2", dilithium2), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_dilithium2", p256_dilithium2), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_p256", dilithium2_p256), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), +ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2", dilithium2, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2", dilithium2, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2", dilithium2, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2", dilithium2), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, PrivateKeyInfo), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_dilithium2", p256_dilithium2), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, SubjectPublicKeyInfo), +ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2_p256", dilithium2_p256), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 - ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium3", dilithium3, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium3", dilithium3, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3", dilithium3, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3", dilithium3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3", dilithium3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3", dilithium3), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, - PrivateKeyInfo), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, - PrivateKeyInfo), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_dilithium3", p384_dilithium3), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_p256", dilithium3_p256), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), +ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3", dilithium3, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3", dilithium3, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3", dilithium3, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3", dilithium3, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3", dilithium3, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3", dilithium3), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, PrivateKeyInfo), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_dilithium3", p384_dilithium3), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3_p256", dilithium3_p256), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 - ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), - ENCODER_w_structure("dilithium5", dilithium5, pem, PrivateKeyInfo), - ENCODER_w_structure("dilithium5", dilithium5, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5", dilithium5, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5", dilithium5, der, SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5", dilithium5, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5", dilithium5), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_dilithium5", p521_dilithium5), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_p384", dilithium5_p384), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), +ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium5", dilithium5, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium5", dilithium5, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5", dilithium5, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5", dilithium5, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium5", dilithium5, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium5", dilithium5), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, PrivateKeyInfo), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_dilithium5", p521_dilithium5), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium5_p384", dilithium5_p384), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, PrivateKeyInfo), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, SubjectPublicKeyInfo), +ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 - ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), - ENCODER_w_structure("falcon512", falcon512, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon512", falcon512, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512", falcon512, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512", falcon512, der, SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512", falcon512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512", falcon512), - ENCODER_w_structure("p256_falcon512", p256_falcon512, der, PrivateKeyInfo), - ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_falcon512", p256_falcon512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_falcon512", p256_falcon512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_falcon512", p256_falcon512), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_p256", falcon512_p256), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_bp256", falcon512_bp256), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), +ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), +ENCODER_w_structure("falcon512", falcon512, pem, PrivateKeyInfo), +ENCODER_w_structure("falcon512", falcon512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512", falcon512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512", falcon512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("falcon512", falcon512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("falcon512", falcon512), +ENCODER_w_structure("p256_falcon512", p256_falcon512, der, PrivateKeyInfo), +ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_falcon512", p256_falcon512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_falcon512", p256_falcon512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_falcon512", p256_falcon512), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, SubjectPublicKeyInfo), +ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), +ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), +ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), +ENCODER_w_structure("falcon512_p256", falcon512_p256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_p256", falcon512_p256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("falcon512_p256", falcon512_p256), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, PrivateKeyInfo), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, SubjectPublicKeyInfo), +ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("falcon512_bp256", falcon512_bp256), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, PrivateKeyInfo), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, SubjectPublicKeyInfo), +ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 - ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), - ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon1024", falcon1024, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon1024", falcon1024, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon1024", falcon1024, der, SubjectPublicKeyInfo), - ENCODER_w_structure("falcon1024", falcon1024, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("falcon1024", falcon1024), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_falcon1024", p521_falcon1024), +ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), +ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), +ENCODER_w_structure("falcon1024", falcon1024, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon1024", falcon1024, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("falcon1024", falcon1024, der, SubjectPublicKeyInfo), +ENCODER_w_structure("falcon1024", falcon1024, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("falcon1024", falcon1024), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, PrivateKeyInfo), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, PrivateKeyInfo), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p521_falcon1024", p521_falcon1024), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("sphincssha2128fsimple", sphincssha2128fsimple), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, der, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_sphincssha2128fsimple", - p256_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, der, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, pem, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_sphincssha2128fsimple", - rsa3072_sphincssha2128fsimple), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("sphincssha2128fsimple", sphincssha2128fsimple), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("sphincssha2128ssimple", sphincssha2128ssimple), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, der, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_sphincssha2128ssimple", - p256_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, der, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, pem, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_sphincssha2128ssimple", - rsa3072_sphincssha2128ssimple), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("sphincssha2128ssimple", sphincssha2128ssimple), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, - PrivateKeyInfo), - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("sphincssha2192fsimple", sphincssha2192fsimple), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, der, PrivateKeyInfo), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p384_sphincssha2192fsimple", - p384_sphincssha2192fsimple, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("sphincssha2192fsimple", sphincssha2192fsimple), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, - PrivateKeyInfo), - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, - PrivateKeyInfo), - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("sphincsshake128fsimple", sphincsshake128fsimple), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, der, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_sphincsshake128fsimple", - p256_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, der, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, pem, PrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_sphincsshake128fsimple", - rsa3072_sphincsshake128fsimple), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("sphincsshake128fsimple", sphincsshake128fsimple), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, PrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, SubjectPublicKeyInfo), +ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple), #endif - ///// OQS_TEMPLATE_FRAGMENT_MAKE_END +///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 30d09b60..f1e9d6de 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -48,181 +48,103 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START + #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 162 +#define OQS_OID_CNT 162 #else -# define OQS_OID_CNT 78 +#define OQS_OID_CNT 78 #endif -const char *oqs_oid_alg_list[OQS_OID_CNT] = { +const char* oqs_oid_alg_list[OQS_OID_CNT] = +{ #ifdef OQS_KEM_ENCODERS - "1.3.9999.99.13", - "frodo640aes", - "1.3.9999.99.12", - "p256_frodo640aes", - "1.3.9999.99.1", - "x25519_frodo640aes", - "1.3.9999.99.15", - "frodo640shake", - "1.3.9999.99.14", - "p256_frodo640shake", - "1.3.9999.99.2", - "x25519_frodo640shake", - "1.3.9999.99.17", - "frodo976aes", - "1.3.9999.99.16", - "p384_frodo976aes", - "1.3.9999.99.3", - "x448_frodo976aes", - "1.3.9999.99.19", - "frodo976shake", - "1.3.9999.99.18", - "p384_frodo976shake", - "1.3.9999.99.4", - "x448_frodo976shake", - "1.3.9999.99.21", - "frodo1344aes", - "1.3.9999.99.20", - "p521_frodo1344aes", - "1.3.9999.99.23", - "frodo1344shake", - "1.3.9999.99.22", - "p521_frodo1344shake", - "1.3.6.1.4.1.22554.5.6.1", - "kyber512", - "1.3.6.1.4.1.22554.5.7.1", - "p256_kyber512", - "1.3.6.1.4.1.22554.5.8.1", - "x25519_kyber512", - "1.3.6.1.4.1.22554.5.6.2", - "kyber768", - "1.3.9999.99.24", - "p384_kyber768", - "1.3.9999.99.5", - "x448_kyber768", - "1.3.9999.99.6", - "x25519_kyber768", - "1.3.9999.99.7", - "p256_kyber768", - "1.3.6.1.4.1.22554.5.6.3", - "kyber1024", - "1.3.9999.99.25", - "p521_kyber1024", - "1.3.9999.99.27", - "bikel1", - "1.3.9999.99.26", - "p256_bikel1", - "1.3.9999.99.8", - "x25519_bikel1", - "1.3.9999.99.29", - "bikel3", - "1.3.9999.99.28", - "p384_bikel3", - "1.3.9999.99.9", - "x448_bikel3", - "1.3.9999.99.31", - "bikel5", - "1.3.9999.99.30", - "p521_bikel5", - "1.3.9999.99.33", - "hqc128", - "1.3.9999.99.32", - "p256_hqc128", - "1.3.9999.99.10", - "x25519_hqc128", - "1.3.9999.99.35", - "hqc192", - "1.3.9999.99.34", - "p384_hqc192", - "1.3.9999.99.11", - "x448_hqc192", - "1.3.9999.99.37", - "hqc256", - "1.3.9999.99.36", - "p521_hqc256", +"1.3.9999.99.13", "frodo640aes", +"1.3.9999.99.12", "p256_frodo640aes", +"1.3.9999.99.1", "x25519_frodo640aes", +"1.3.9999.99.15", "frodo640shake", +"1.3.9999.99.14", "p256_frodo640shake", +"1.3.9999.99.2", "x25519_frodo640shake", +"1.3.9999.99.17", "frodo976aes", +"1.3.9999.99.16", "p384_frodo976aes", +"1.3.9999.99.3", "x448_frodo976aes", +"1.3.9999.99.19", "frodo976shake", +"1.3.9999.99.18", "p384_frodo976shake", +"1.3.9999.99.4", "x448_frodo976shake", +"1.3.9999.99.21", "frodo1344aes", +"1.3.9999.99.20", "p521_frodo1344aes", +"1.3.9999.99.23", "frodo1344shake", +"1.3.9999.99.22", "p521_frodo1344shake", +"1.3.6.1.4.1.22554.5.6.1", "kyber512", +"1.3.6.1.4.1.22554.5.7.1", "p256_kyber512", +"1.3.6.1.4.1.22554.5.8.1", "x25519_kyber512", +"1.3.6.1.4.1.22554.5.6.2", "kyber768", +"1.3.9999.99.24", "p384_kyber768", +"1.3.9999.99.5", "x448_kyber768", +"1.3.9999.99.6", "x25519_kyber768", +"1.3.9999.99.7", "p256_kyber768", +"1.3.6.1.4.1.22554.5.6.3", "kyber1024", +"1.3.9999.99.25", "p521_kyber1024", +"1.3.9999.99.27", "bikel1", +"1.3.9999.99.26", "p256_bikel1", +"1.3.9999.99.8", "x25519_bikel1", +"1.3.9999.99.29", "bikel3", +"1.3.9999.99.28", "p384_bikel3", +"1.3.9999.99.9", "x448_bikel3", +"1.3.9999.99.31", "bikel5", +"1.3.9999.99.30", "p521_bikel5", +"1.3.9999.99.33", "hqc128", +"1.3.9999.99.32", "p256_hqc128", +"1.3.9999.99.10", "x25519_hqc128", +"1.3.9999.99.35", "hqc192", +"1.3.9999.99.34", "p384_hqc192", +"1.3.9999.99.11", "x448_hqc192", +"1.3.9999.99.37", "hqc256", +"1.3.9999.99.36", "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ - "1.3.6.1.4.1.2.267.7.4.4", - "dilithium2", - "1.3.9999.2.7.1", - "p256_dilithium2", - "1.3.9999.2.7.2", - "rsa3072_dilithium2", - "2.16.840.1.114027.80.7.1.1", - "dilithium2_pss2048", - "2.16.840.1.114027.80.7.1.2", - "dilithium2_rsa2048", - "2.16.840.1.114027.80.7.1.3", - "dilithium2_ed25519", - "2.16.840.1.114027.80.7.1.4", - "dilithium2_p256", - "2.16.840.1.114027.80.7.1.5", - "dilithium2_bp256", - "1.3.6.1.4.1.2.267.7.6.5", - "dilithium3", - "1.3.9999.2.7.3", - "p384_dilithium3", - "2.16.840.1.114027.80.7.1.6", - "dilithium3_pss3072", - "2.16.840.1.114027.80.7.1.7", - "dilithium3_rsa3072", - "2.16.840.1.114027.80.7.1.8", - "dilithium3_p256", - "2.16.840.1.114027.80.7.1.9", - "dilithium3_bp256", - "2.16.840.1.114027.80.7.1.10", - "dilithium3_ed25519", - "1.3.6.1.4.1.2.267.7.8.7", - "dilithium5", - "1.3.9999.2.7.4", - "p521_dilithium5", - "2.16.840.1.114027.80.7.1.11", - "dilithium5_p384", - "2.16.840.1.114027.80.7.1.12", - "dilithium5_bp384", - "2.16.840.1.114027.80.7.1.13", - "dilithium5_ed448", - "1.3.9999.3.6", - "falcon512", - "1.3.9999.3.7", - "p256_falcon512", - "1.3.9999.3.8", - "rsa3072_falcon512", - "2.16.840.1.114027.80.7.1.14", - "falcon512_p256", - "2.16.840.1.114027.80.7.1.15", - "falcon512_bp256", - "2.16.840.1.114027.80.7.1.16", - "falcon512_ed25519", - "1.3.9999.3.9", - "falcon1024", - "1.3.9999.3.10", - "p521_falcon1024", - "1.3.9999.6.4.13", - "sphincssha2128fsimple", - "1.3.9999.6.4.14", - "p256_sphincssha2128fsimple", - "1.3.9999.6.4.15", - "rsa3072_sphincssha2128fsimple", - "1.3.9999.6.4.16", - "sphincssha2128ssimple", - "1.3.9999.6.4.17", - "p256_sphincssha2128ssimple", - "1.3.9999.6.4.18", - "rsa3072_sphincssha2128ssimple", - "1.3.9999.6.5.10", - "sphincssha2192fsimple", - "1.3.9999.6.5.11", - "p384_sphincssha2192fsimple", - "1.3.9999.6.7.13", - "sphincsshake128fsimple", - "1.3.9999.6.7.14", - "p256_sphincsshake128fsimple", - "1.3.9999.6.7.15", - "rsa3072_sphincsshake128fsimple", - ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END + +"1.3.6.1.4.1.2.267.7.4.4", "dilithium2", +"1.3.9999.2.7.1" , "p256_dilithium2", +"1.3.9999.2.7.2" , "rsa3072_dilithium2", +"2.16.840.1.114027.80.8.1.1" , "dilithium2_pss2048", +"2.16.840.1.114027.80.8.1.2" , "dilithium2_rsa2048", +"2.16.840.1.114027.80.8.1.3" , "dilithium2_ed25519", +"2.16.840.1.114027.80.8.1.4" , "dilithium2_p256", +"2.16.840.1.114027.80.8.1.5" , "dilithium2_bp256", +"1.3.6.1.4.1.2.267.7.6.5", "dilithium3", +"1.3.9999.2.7.3" , "p384_dilithium3", +"2.16.840.1.114027.80.8.1.6" , "dilithium3_pss3072", +"2.16.840.1.114027.80.8.1.7" , "dilithium3_rsa3072", +"2.16.840.1.114027.80.8.1.8" , "dilithium3_p256", +"2.16.840.1.114027.80.8.1.9" , "dilithium3_bp256", +"2.16.840.1.114027.80.8.1.10" , "dilithium3_ed25519", +"1.3.6.1.4.1.2.267.7.8.7", "dilithium5", +"1.3.9999.2.7.4" , "p521_dilithium5", +"2.16.840.1.114027.80.8.1.11" , "dilithium5_p384", +"2.16.840.1.114027.80.8.1.12" , "dilithium5_bp384", +"2.16.840.1.114027.80.8.1.13" , "dilithium5_ed448", +"1.3.9999.3.6", "falcon512", +"1.3.9999.3.7" , "p256_falcon512", +"1.3.9999.3.8" , "rsa3072_falcon512", +"2.16.840.1.114027.80.8.1.14" , "falcon512_p256", +"2.16.840.1.114027.80.8.1.15" , "falcon512_bp256", +"2.16.840.1.114027.80.8.1.16" , "falcon512_ed25519", +"1.3.9999.3.9", "falcon1024", +"1.3.9999.3.10" , "p521_falcon1024", +"1.3.9999.6.4.13", "sphincssha2128fsimple", +"1.3.9999.6.4.14" , "p256_sphincssha2128fsimple", +"1.3.9999.6.4.15" , "rsa3072_sphincssha2128fsimple", +"1.3.9999.6.4.16", "sphincssha2128ssimple", +"1.3.9999.6.4.17" , "p256_sphincssha2128ssimple", +"1.3.9999.6.4.18" , "rsa3072_sphincssha2128ssimple", +"1.3.9999.6.5.10", "sphincssha2192fsimple", +"1.3.9999.6.5.11" , "p384_sphincssha2192fsimple", +"1.3.9999.6.7.13", "sphincsshake128fsimple", +"1.3.9999.6.7.14" , "p256_sphincsshake128fsimple", +"1.3.9999.6.7.15" , "rsa3072_sphincsshake128fsimple", +///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; int oqs_patch_oids(void) @@ -231,175 +153,94 @@ int oqs_patch_oids(void) #ifdef OQS_KEM_ENCODERS - if (getenv("OQS_OID_FRODO640AES")) - oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); - - if (getenv("OQS_OID_P256_FRODO640AES")) - oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); - if (getenv("OQS_OID_X25519_FRODO640AES")) - oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); - if (getenv("OQS_OID_FRODO640SHAKE")) - oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); - - if (getenv("OQS_OID_P256_FRODO640SHAKE")) - oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); - if (getenv("OQS_OID_X25519_FRODO640SHAKE")) - oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); - if (getenv("OQS_OID_FRODO976AES")) - oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); - - if (getenv("OQS_OID_P384_FRODO976AES")) - oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); - if (getenv("OQS_OID_X448_FRODO976AES")) - oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); - if (getenv("OQS_OID_FRODO976SHAKE")) - oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); - - if (getenv("OQS_OID_P384_FRODO976SHAKE")) - oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); - if (getenv("OQS_OID_X448_FRODO976SHAKE")) - oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); - if (getenv("OQS_OID_FRODO1344AES")) - oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); - - if (getenv("OQS_OID_P521_FRODO1344AES")) - oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); - if (getenv("OQS_OID_FRODO1344SHAKE")) - oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); - - if (getenv("OQS_OID_P521_FRODO1344SHAKE")) - oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); - if (getenv("OQS_OID_KYBER512")) - oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); - - if (getenv("OQS_OID_P256_KYBER512")) - oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); - if (getenv("OQS_OID_X25519_KYBER512")) - oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); - if (getenv("OQS_OID_KYBER768")) - oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); - - if (getenv("OQS_OID_P384_KYBER768")) - oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); - if (getenv("OQS_OID_X448_KYBER768")) - oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); - if (getenv("OQS_OID_X25519_KYBER768")) - oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); - if (getenv("OQS_OID_P256_KYBER768")) - oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); - if (getenv("OQS_OID_KYBER1024")) - oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); - - if (getenv("OQS_OID_P521_KYBER1024")) - oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); - if (getenv("OQS_OID_BIKEL1")) - oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); - - if (getenv("OQS_OID_P256_BIKEL1")) - oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); - if (getenv("OQS_OID_X25519_BIKEL1")) - oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); - if (getenv("OQS_OID_BIKEL3")) - oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); - - if (getenv("OQS_OID_P384_BIKEL3")) - oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); - if (getenv("OQS_OID_X448_BIKEL3")) - oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); - if (getenv("OQS_OID_BIKEL5")) - oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); - - if (getenv("OQS_OID_P521_BIKEL5")) - oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); - if (getenv("OQS_OID_HQC128")) - oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); - - if (getenv("OQS_OID_P256_HQC128")) - oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); - if (getenv("OQS_OID_X25519_HQC128")) - oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); - if (getenv("OQS_OID_HQC192")) - oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); - - if (getenv("OQS_OID_P384_HQC192")) - oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); - if (getenv("OQS_OID_X448_HQC192")) - oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); - if (getenv("OQS_OID_HQC256")) - oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); - - if (getenv("OQS_OID_P521_HQC256")) - oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); - -# define OQS_KEMOID_CNT 82 + 2 + + +if (getenv("OQS_OID_FRODO640AES")) oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); + +if (getenv("OQS_OID_P256_FRODO640AES")) oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); +if (getenv("OQS_OID_X25519_FRODO640AES")) oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); +if (getenv("OQS_OID_FRODO640SHAKE")) oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); + +if (getenv("OQS_OID_P256_FRODO640SHAKE")) oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); +if (getenv("OQS_OID_X25519_FRODO640SHAKE")) oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); +if (getenv("OQS_OID_FRODO976AES")) oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); + +if (getenv("OQS_OID_P384_FRODO976AES")) oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); +if (getenv("OQS_OID_X448_FRODO976AES")) oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); +if (getenv("OQS_OID_FRODO976SHAKE")) oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); + +if (getenv("OQS_OID_P384_FRODO976SHAKE")) oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); +if (getenv("OQS_OID_X448_FRODO976SHAKE")) oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); +if (getenv("OQS_OID_FRODO1344AES")) oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); + +if (getenv("OQS_OID_P521_FRODO1344AES")) oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); +if (getenv("OQS_OID_FRODO1344SHAKE")) oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); + +if (getenv("OQS_OID_P521_FRODO1344SHAKE")) oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); +if (getenv("OQS_OID_KYBER512")) oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); + +if (getenv("OQS_OID_P256_KYBER512")) oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); +if (getenv("OQS_OID_X25519_KYBER512")) oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); +if (getenv("OQS_OID_KYBER768")) oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); + +if (getenv("OQS_OID_P384_KYBER768")) oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); +if (getenv("OQS_OID_X448_KYBER768")) oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); +if (getenv("OQS_OID_X25519_KYBER768")) oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); +if (getenv("OQS_OID_P256_KYBER768")) oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); +if (getenv("OQS_OID_KYBER1024")) oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); + +if (getenv("OQS_OID_P521_KYBER1024")) oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); +if (getenv("OQS_OID_BIKEL1")) oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); + +if (getenv("OQS_OID_P256_BIKEL1")) oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); +if (getenv("OQS_OID_X25519_BIKEL1")) oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); +if (getenv("OQS_OID_BIKEL3")) oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); + +if (getenv("OQS_OID_P384_BIKEL3")) oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); +if (getenv("OQS_OID_X448_BIKEL3")) oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); +if (getenv("OQS_OID_BIKEL5")) oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); + +if (getenv("OQS_OID_P521_BIKEL5")) oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); +if (getenv("OQS_OID_HQC128")) oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); + +if (getenv("OQS_OID_P256_HQC128")) oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); +if (getenv("OQS_OID_X25519_HQC128")) oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); +if (getenv("OQS_OID_HQC192")) oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); + +if (getenv("OQS_OID_P384_HQC192")) oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); +if (getenv("OQS_OID_X448_HQC192")) oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); +if (getenv("OQS_OID_HQC256")) oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); + +if (getenv("OQS_OID_P521_HQC256")) oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); + +#define OQS_KEMOID_CNT 82+2 #else -# define OQS_KEMOID_CNT 0 +#define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ - if (getenv("OQS_OID_DILITHIUM2")) - oqs_oid_alg_list[0 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); - if (getenv("OQS_OID_P256_DILITHIUM2")) - oqs_oid_alg_list[2 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_DILITHIUM2"); - if (getenv("OQS_OID_RSA3072_DILITHIUM2")) - oqs_oid_alg_list[4 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_DILITHIUM2"); - if (getenv("OQS_OID_DILITHIUM3")) - oqs_oid_alg_list[6 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); - if (getenv("OQS_OID_P384_DILITHIUM3")) - oqs_oid_alg_list[8 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P384_DILITHIUM3"); - if (getenv("OQS_OID_DILITHIUM5")) - oqs_oid_alg_list[10 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); - if (getenv("OQS_OID_P521_DILITHIUM5")) - oqs_oid_alg_list[12 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P521_DILITHIUM5"); - if (getenv("OQS_OID_FALCON512")) - oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); - if (getenv("OQS_OID_P256_FALCON512")) - oqs_oid_alg_list[16 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_FALCON512"); - if (getenv("OQS_OID_RSA3072_FALCON512")) - oqs_oid_alg_list[18 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_FALCON512"); - if (getenv("OQS_OID_FALCON1024")) - oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); - if (getenv("OQS_OID_P521_FALCON1024")) - oqs_oid_alg_list[22 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P521_FALCON1024"); - if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[24 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[26 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[28 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[30 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[32 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[34 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[36 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[38 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[40 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[42 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[44 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); - ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END + if (getenv("OQS_OID_DILITHIUM2")) oqs_oid_alg_list[0+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); + if (getenv("OQS_OID_P256_DILITHIUM2")) oqs_oid_alg_list[2+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_DILITHIUM2"); + if (getenv("OQS_OID_RSA3072_DILITHIUM2")) oqs_oid_alg_list[4+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_DILITHIUM2"); + if (getenv("OQS_OID_DILITHIUM3")) oqs_oid_alg_list[6+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); + if (getenv("OQS_OID_P384_DILITHIUM3")) oqs_oid_alg_list[8+OQS_KEMOID_CNT] = getenv("OQS_OID_P384_DILITHIUM3"); + if (getenv("OQS_OID_DILITHIUM5")) oqs_oid_alg_list[10+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); + if (getenv("OQS_OID_P521_DILITHIUM5")) oqs_oid_alg_list[12+OQS_KEMOID_CNT] = getenv("OQS_OID_P521_DILITHIUM5"); + if (getenv("OQS_OID_FALCON512")) oqs_oid_alg_list[14+OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); + if (getenv("OQS_OID_P256_FALCON512")) oqs_oid_alg_list[16+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_FALCON512"); + if (getenv("OQS_OID_RSA3072_FALCON512")) oqs_oid_alg_list[18+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCON512"); + if (getenv("OQS_OID_FALCON1024")) oqs_oid_alg_list[20+OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); + if (getenv("OQS_OID_P521_FALCON1024")) oqs_oid_alg_list[22+OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCON1024"); + if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[24+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[26+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[28+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[30+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[32+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[34+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[36+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[38+OQS_KEMOID_CNT] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[40+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[42+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[44+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); +///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } @@ -409,208 +250,85 @@ const char *oqs_alg_encoding_list[OQS_OID_CNT] = {0}; int oqs_patch_encodings(void) { ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START - if (getenv("OQS_ENCODING_DILITHIUM2")) - oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); - if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) - oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_P256_DILITHIUM2")) - oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); - if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) - oqs_alg_encoding_list[3] - = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) - oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); - if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) - oqs_alg_encoding_list[5] - = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) - oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) - oqs_alg_encoding_list[7] - = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) - oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) - oqs_alg_encoding_list[9] - = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) - oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) - oqs_alg_encoding_list[11] - = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256")) - oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) - oqs_alg_encoding_list[13] - = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) - oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) - oqs_alg_encoding_list[15] - = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3")) - oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); - if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); - if (getenv("OQS_ENCODING_P384_DILITHIUM3")) - oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); - if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[19] - = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) - oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) - oqs_alg_encoding_list[21] - = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) - oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) - oqs_alg_encoding_list[23] - = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256")) - oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) - oqs_alg_encoding_list[25] - = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) - oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) - oqs_alg_encoding_list[27] - = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) - oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) - oqs_alg_encoding_list[29] - = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5")) - oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); - if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); - if (getenv("OQS_ENCODING_P521_DILITHIUM5")) - oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); - if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[33] - = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384")) - oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) - oqs_alg_encoding_list[35] - = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) - oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) - oqs_alg_encoding_list[37] - = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) - oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) - oqs_alg_encoding_list[39] - = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512")) - oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); - if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) - oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_P256_FALCON512")) - oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); - if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) - oqs_alg_encoding_list[43] - = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_FALCON512")) - oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); - if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) - oqs_alg_encoding_list[45] - = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_P256")) - oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); - if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) - oqs_alg_encoding_list[47] - = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_BP256")) - oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); - if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) - oqs_alg_encoding_list[49] - = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_ED25519")) - oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); - if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) - oqs_alg_encoding_list[51] - = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); - if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); - if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); - if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[55] - = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[56] - = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[57] - = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[58] - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[59] - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[60] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[61] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[62] - = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[63] - = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[64] - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[65] - = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[66] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[67] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[68] - = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[69] - = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[70] - = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[71] - = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[72] - = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[73] - = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[74] - = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[75] - = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[76] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[77] - = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); - ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END + if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); + if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[3] = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); + if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); + if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384")) oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) oqs_alg_encoding_list[37] = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); + if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); + if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_P256")) oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); + if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) oqs_alg_encoding_list[47] = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_BP256")) oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); + if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) oqs_alg_encoding_list[49] = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_ED25519")) oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); + if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) oqs_alg_encoding_list[51] = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); + if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); + if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[70] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[71] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[72] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[73] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[74] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[75] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[76] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[77] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); +///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; } #endif @@ -711,7 +429,7 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("p256_sphincsshake128fsimple", 128, oqs_signature_functions), SIGALG("rsa3072_sphincsshake128fsimple", 128, oqs_signature_functions), #endif - ///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END +///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { @@ -789,8 +507,8 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { KEMBASEALG(hqc256, 256) KEMHYBALG(p521_hqc256, 256) #endif - // clang-format on - ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END +// clang-format on +///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { @@ -942,8 +660,8 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { KEMKMHYBALG(p521_hqc256, 256, ecp) #endif - // clang-format on - ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END +// clang-format on +///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), {NULL, NULL, NULL}}; diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 6255b041..1911e1a4 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -35,64 +35,64 @@ typedef struct oqs_group_constants_st { static OQS_GROUP_CONSTANTS oqs_group_list[] = { // ad-hoc assignments - take from OQS generate data structures ///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_START - {0x0200, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x0200, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F00, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F80, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0201, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F00, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F80, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0201, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F01, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F81, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0202, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F01, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F81, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0202, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F02, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F82, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0203, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F02, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F82, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0203, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F03, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F83, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0204, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F03, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F83, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0204, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F04, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0205, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F04, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0205, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F05, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x023A, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F05, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x023A, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F3A, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F39, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x023C, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F3A, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F39, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x023C, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F3C, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2F90, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x6399, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x639A, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F3C, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2F90, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x6399, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x639A, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FAE, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0242, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2FAE, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0242, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F42, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FAF, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0243, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F42, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2FAF, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0243, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F43, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0244, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F43, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0244, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F44, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FB0, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0245, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F44, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2FB0, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0245, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F45, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x2FB1, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - {0x0246, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + { 0x2F45, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x2FB1, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + { 0x0246, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - {0x2F46, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - ///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END + { 0x2F46, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, +///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END }; // Adds entries for tlsname, `ecx`_tlsname and `ecp`_tlsname @@ -128,16 +128,13 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(frodo640aes, frodo640aes, frodo640aes, 0), OQS_GROUP_ENTRY(p256_frodo640aes, p256_frodo640aes, p256_frodo640aes, 1), - OQS_GROUP_ENTRY(x25519_frodo640aes, x25519_frodo640aes, x25519_frodo640aes, - 2), + OQS_GROUP_ENTRY(x25519_frodo640aes, x25519_frodo640aes, x25519_frodo640aes, 2), #endif #ifdef OQS_ENABLE_KEM_frodokem_640_shake OQS_GROUP_ENTRY(frodo640shake, frodo640shake, frodo640shake, 3), - OQS_GROUP_ENTRY(p256_frodo640shake, p256_frodo640shake, p256_frodo640shake, - 4), - OQS_GROUP_ENTRY(x25519_frodo640shake, x25519_frodo640shake, - x25519_frodo640shake, 5), + OQS_GROUP_ENTRY(p256_frodo640shake, p256_frodo640shake, p256_frodo640shake, 4), + OQS_GROUP_ENTRY(x25519_frodo640shake, x25519_frodo640shake, x25519_frodo640shake, 5), #endif #ifdef OQS_ENABLE_KEM_frodokem_976_aes OQS_GROUP_ENTRY(frodo976aes, frodo976aes, frodo976aes, 6), @@ -148,22 +145,18 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { #ifdef OQS_ENABLE_KEM_frodokem_976_shake OQS_GROUP_ENTRY(frodo976shake, frodo976shake, frodo976shake, 9), - OQS_GROUP_ENTRY(p384_frodo976shake, p384_frodo976shake, p384_frodo976shake, - 10), - OQS_GROUP_ENTRY(x448_frodo976shake, x448_frodo976shake, x448_frodo976shake, - 11), + OQS_GROUP_ENTRY(p384_frodo976shake, p384_frodo976shake, p384_frodo976shake, 10), + OQS_GROUP_ENTRY(x448_frodo976shake, x448_frodo976shake, x448_frodo976shake, 11), #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_aes OQS_GROUP_ENTRY(frodo1344aes, frodo1344aes, frodo1344aes, 12), - OQS_GROUP_ENTRY(p521_frodo1344aes, p521_frodo1344aes, p521_frodo1344aes, - 13), + OQS_GROUP_ENTRY(p521_frodo1344aes, p521_frodo1344aes, p521_frodo1344aes, 13), #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_shake OQS_GROUP_ENTRY(frodo1344shake, frodo1344shake, frodo1344shake, 14), - OQS_GROUP_ENTRY(p521_frodo1344shake, p521_frodo1344shake, - p521_frodo1344shake, 15), + OQS_GROUP_ENTRY(p521_frodo1344shake, p521_frodo1344shake, p521_frodo1344shake, 15), #endif #ifdef OQS_ENABLE_KEM_kyber_512 OQS_GROUP_ENTRY(kyber512, kyber512, kyber512, 16), @@ -218,7 +211,7 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 41), #endif - ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END +///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END }; typedef struct oqs_sigalg_constants_st { @@ -231,202 +224,103 @@ typedef struct oqs_sigalg_constants_st { static OQS_SIGALG_CONSTANTS oqs_sigalg_list[] = { // ad-hoc assignments - take from OQS generate data structures ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_START - {0xfea0, 128, TLS1_3_VERSION, 0}, {0xfea1, 128, TLS1_3_VERSION, 0}, - {0xfea2, 128, TLS1_3_VERSION, 0}, {0xfea3, 192, TLS1_3_VERSION, 0}, - {0xfea4, 192, TLS1_3_VERSION, 0}, {0xfea5, 256, TLS1_3_VERSION, 0}, - {0xfea6, 256, TLS1_3_VERSION, 0}, {0xfeae, 128, TLS1_3_VERSION, 0}, - {0xfeaf, 128, TLS1_3_VERSION, 0}, {0xfeb0, 128, TLS1_3_VERSION, 0}, - {0xfeb1, 256, TLS1_3_VERSION, 0}, {0xfeb2, 256, TLS1_3_VERSION, 0}, - {0xfeb3, 128, TLS1_3_VERSION, 0}, {0xfeb4, 128, TLS1_3_VERSION, 0}, - {0xfeb5, 128, TLS1_3_VERSION, 0}, {0xfeb6, 128, TLS1_3_VERSION, 0}, - {0xfeb7, 128, TLS1_3_VERSION, 0}, {0xfeb8, 128, TLS1_3_VERSION, 0}, - {0xfeb9, 192, TLS1_3_VERSION, 0}, {0xfeba, 192, TLS1_3_VERSION, 0}, - {0xfec2, 128, TLS1_3_VERSION, 0}, {0xfec3, 128, TLS1_3_VERSION, 0}, - {0xfec4, 128, TLS1_3_VERSION, 0}, - ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END + { 0xfea0, 128, TLS1_3_VERSION, 0 }, + { 0xfea1, 128, TLS1_3_VERSION, 0 }, + { 0xfea2, 128, TLS1_3_VERSION, 0 }, + { 0xfea3, 192, TLS1_3_VERSION, 0 }, + { 0xfea4, 192, TLS1_3_VERSION, 0 }, + { 0xfea5, 256, TLS1_3_VERSION, 0 }, + { 0xfea6, 256, TLS1_3_VERSION, 0 }, + { 0xfeae, 128, TLS1_3_VERSION, 0 }, + { 0xfeaf, 128, TLS1_3_VERSION, 0 }, + { 0xfeb0, 128, TLS1_3_VERSION, 0 }, + { 0xfeb1, 256, TLS1_3_VERSION, 0 }, + { 0xfeb2, 256, TLS1_3_VERSION, 0 }, + { 0xfeb3, 128, TLS1_3_VERSION, 0 }, + { 0xfeb4, 128, TLS1_3_VERSION, 0 }, + { 0xfeb5, 128, TLS1_3_VERSION, 0 }, + { 0xfeb6, 128, TLS1_3_VERSION, 0 }, + { 0xfeb7, 128, TLS1_3_VERSION, 0 }, + { 0xfeb8, 128, TLS1_3_VERSION, 0 }, + { 0xfeb9, 192, TLS1_3_VERSION, 0 }, + { 0xfeba, 192, TLS1_3_VERSION, 0 }, + { 0xfec2, 128, TLS1_3_VERSION, 0 }, + { 0xfec3, 128, TLS1_3_VERSION, 0 }, + { 0xfec4, 128, TLS1_3_VERSION, 0 }, +///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END }; int oqs_patch_codepoints() { ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_START - if (getenv("OQS_CODEPOINT_FRODO640AES")) - oqs_group_list[0].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640AES")); - if (getenv("OQS_CODEPOINT_P256_FRODO640AES")) - oqs_group_list[1].group_id - = atoi(getenv("OQS_CODEPOINT_P256_FRODO640AES")); - if (getenv("OQS_CODEPOINT_X25519_FRODO640AES")) - oqs_group_list[2].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640AES")); - if (getenv("OQS_CODEPOINT_FRODO640SHAKE")) - oqs_group_list[3].group_id - = atoi(getenv("OQS_CODEPOINT_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")) - oqs_group_list[4].group_id - = atoi(getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")) - oqs_group_list[5].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_FRODO976AES")) - oqs_group_list[6].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976AES")); - if (getenv("OQS_CODEPOINT_P384_FRODO976AES")) - oqs_group_list[7].group_id - = atoi(getenv("OQS_CODEPOINT_P384_FRODO976AES")); - if (getenv("OQS_CODEPOINT_X448_FRODO976AES")) - oqs_group_list[8].group_id - = atoi(getenv("OQS_CODEPOINT_X448_FRODO976AES")); - if (getenv("OQS_CODEPOINT_FRODO976SHAKE")) - oqs_group_list[9].group_id - = atoi(getenv("OQS_CODEPOINT_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")) - oqs_group_list[10].group_id - = atoi(getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")) - oqs_group_list[11].group_id - = atoi(getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_FRODO1344AES")) - oqs_group_list[12].group_id - = atoi(getenv("OQS_CODEPOINT_FRODO1344AES")); - if (getenv("OQS_CODEPOINT_P521_FRODO1344AES")) - oqs_group_list[13].group_id - = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344AES")); - if (getenv("OQS_CODEPOINT_FRODO1344SHAKE")) - oqs_group_list[14].group_id - = atoi(getenv("OQS_CODEPOINT_FRODO1344SHAKE")); - if (getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")) - oqs_group_list[15].group_id - = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")); - if (getenv("OQS_CODEPOINT_KYBER512")) - oqs_group_list[16].group_id = atoi(getenv("OQS_CODEPOINT_KYBER512")); - if (getenv("OQS_CODEPOINT_P256_KYBER512")) - oqs_group_list[17].group_id - = atoi(getenv("OQS_CODEPOINT_P256_KYBER512")); - if (getenv("OQS_CODEPOINT_X25519_KYBER512")) - oqs_group_list[18].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_KYBER512")); - if (getenv("OQS_CODEPOINT_KYBER768")) - oqs_group_list[19].group_id = atoi(getenv("OQS_CODEPOINT_KYBER768")); - if (getenv("OQS_CODEPOINT_P384_KYBER768")) - oqs_group_list[20].group_id - = atoi(getenv("OQS_CODEPOINT_P384_KYBER768")); - if (getenv("OQS_CODEPOINT_X448_KYBER768")) - oqs_group_list[21].group_id - = atoi(getenv("OQS_CODEPOINT_X448_KYBER768")); - if (getenv("OQS_CODEPOINT_X25519_KYBER768")) - oqs_group_list[22].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_KYBER768")); - if (getenv("OQS_CODEPOINT_P256_KYBER768")) - oqs_group_list[23].group_id - = atoi(getenv("OQS_CODEPOINT_P256_KYBER768")); - if (getenv("OQS_CODEPOINT_KYBER1024")) - oqs_group_list[24].group_id = atoi(getenv("OQS_CODEPOINT_KYBER1024")); - if (getenv("OQS_CODEPOINT_P521_KYBER1024")) - oqs_group_list[25].group_id - = atoi(getenv("OQS_CODEPOINT_P521_KYBER1024")); - if (getenv("OQS_CODEPOINT_BIKEL1")) - oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); - if (getenv("OQS_CODEPOINT_P256_BIKEL1")) - oqs_group_list[27].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); - if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) - oqs_group_list[28].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); - if (getenv("OQS_CODEPOINT_BIKEL3")) - oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); - if (getenv("OQS_CODEPOINT_P384_BIKEL3")) - oqs_group_list[30].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); - if (getenv("OQS_CODEPOINT_X448_BIKEL3")) - oqs_group_list[31].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); - if (getenv("OQS_CODEPOINT_BIKEL5")) - oqs_group_list[32].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); - if (getenv("OQS_CODEPOINT_P521_BIKEL5")) - oqs_group_list[33].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); - if (getenv("OQS_CODEPOINT_HQC128")) - oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); - if (getenv("OQS_CODEPOINT_P256_HQC128")) - oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); - if (getenv("OQS_CODEPOINT_X25519_HQC128")) - oqs_group_list[36].group_id - = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); - if (getenv("OQS_CODEPOINT_HQC192")) - oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); - if (getenv("OQS_CODEPOINT_P384_HQC192")) - oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); - if (getenv("OQS_CODEPOINT_X448_HQC192")) - oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); - if (getenv("OQS_CODEPOINT_HQC256")) - oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); - if (getenv("OQS_CODEPOINT_P521_HQC256")) - oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); - - if (getenv("OQS_CODEPOINT_DILITHIUM2")) - oqs_sigalg_list[0].code_point - = atoi(getenv("OQS_CODEPOINT_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_P256_DILITHIUM2")) - oqs_sigalg_list[1].code_point - = atoi(getenv("OQS_CODEPOINT_P256_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")) - oqs_sigalg_list[2].code_point - = atoi(getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_DILITHIUM3")) - oqs_sigalg_list[3].code_point - = atoi(getenv("OQS_CODEPOINT_DILITHIUM3")); - if (getenv("OQS_CODEPOINT_P384_DILITHIUM3")) - oqs_sigalg_list[4].code_point - = atoi(getenv("OQS_CODEPOINT_P384_DILITHIUM3")); - if (getenv("OQS_CODEPOINT_DILITHIUM5")) - oqs_sigalg_list[5].code_point - = atoi(getenv("OQS_CODEPOINT_DILITHIUM5")); - if (getenv("OQS_CODEPOINT_P521_DILITHIUM5")) - oqs_sigalg_list[6].code_point - = atoi(getenv("OQS_CODEPOINT_P521_DILITHIUM5")); - if (getenv("OQS_CODEPOINT_FALCON512")) - oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_FALCON512")); - if (getenv("OQS_CODEPOINT_P256_FALCON512")) - oqs_sigalg_list[8].code_point - = atoi(getenv("OQS_CODEPOINT_P256_FALCON512")); - if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) - oqs_sigalg_list[9].code_point - = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); - if (getenv("OQS_CODEPOINT_FALCON1024")) - oqs_sigalg_list[10].code_point - = atoi(getenv("OQS_CODEPOINT_FALCON1024")); - if (getenv("OQS_CODEPOINT_P521_FALCON1024")) - oqs_sigalg_list[11].code_point - = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[12].code_point - = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[13].code_point - = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[14].code_point - = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[15].code_point - = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[16].code_point - = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[17].code_point - = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[18].code_point - = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); - if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[19].code_point - = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[20].code_point - = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[21].code_point - = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[22].code_point - = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); - ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END + if (getenv("OQS_CODEPOINT_FRODO640AES")) oqs_group_list[0].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640AES")); + if (getenv("OQS_CODEPOINT_P256_FRODO640AES")) oqs_group_list[1].group_id = atoi(getenv("OQS_CODEPOINT_P256_FRODO640AES")); + if (getenv("OQS_CODEPOINT_X25519_FRODO640AES")) oqs_group_list[2].group_id = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640AES")); + if (getenv("OQS_CODEPOINT_FRODO640SHAKE")) oqs_group_list[3].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")) oqs_group_list[4].group_id = atoi(getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")) oqs_group_list[5].group_id = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_FRODO976AES")) oqs_group_list[6].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976AES")); + if (getenv("OQS_CODEPOINT_P384_FRODO976AES")) oqs_group_list[7].group_id = atoi(getenv("OQS_CODEPOINT_P384_FRODO976AES")); + if (getenv("OQS_CODEPOINT_X448_FRODO976AES")) oqs_group_list[8].group_id = atoi(getenv("OQS_CODEPOINT_X448_FRODO976AES")); + if (getenv("OQS_CODEPOINT_FRODO976SHAKE")) oqs_group_list[9].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")) oqs_group_list[10].group_id = atoi(getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")) oqs_group_list[11].group_id = atoi(getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_FRODO1344AES")) oqs_group_list[12].group_id = atoi(getenv("OQS_CODEPOINT_FRODO1344AES")); + if (getenv("OQS_CODEPOINT_P521_FRODO1344AES")) oqs_group_list[13].group_id = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344AES")); + if (getenv("OQS_CODEPOINT_FRODO1344SHAKE")) oqs_group_list[14].group_id = atoi(getenv("OQS_CODEPOINT_FRODO1344SHAKE")); + if (getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")) oqs_group_list[15].group_id = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")); + if (getenv("OQS_CODEPOINT_KYBER512")) oqs_group_list[16].group_id = atoi(getenv("OQS_CODEPOINT_KYBER512")); + if (getenv("OQS_CODEPOINT_P256_KYBER512")) oqs_group_list[17].group_id = atoi(getenv("OQS_CODEPOINT_P256_KYBER512")); + if (getenv("OQS_CODEPOINT_X25519_KYBER512")) oqs_group_list[18].group_id = atoi(getenv("OQS_CODEPOINT_X25519_KYBER512")); + if (getenv("OQS_CODEPOINT_KYBER768")) oqs_group_list[19].group_id = atoi(getenv("OQS_CODEPOINT_KYBER768")); + if (getenv("OQS_CODEPOINT_P384_KYBER768")) oqs_group_list[20].group_id = atoi(getenv("OQS_CODEPOINT_P384_KYBER768")); + if (getenv("OQS_CODEPOINT_X448_KYBER768")) oqs_group_list[21].group_id = atoi(getenv("OQS_CODEPOINT_X448_KYBER768")); + if (getenv("OQS_CODEPOINT_X25519_KYBER768")) oqs_group_list[22].group_id = atoi(getenv("OQS_CODEPOINT_X25519_KYBER768")); + if (getenv("OQS_CODEPOINT_P256_KYBER768")) oqs_group_list[23].group_id = atoi(getenv("OQS_CODEPOINT_P256_KYBER768")); + if (getenv("OQS_CODEPOINT_KYBER1024")) oqs_group_list[24].group_id = atoi(getenv("OQS_CODEPOINT_KYBER1024")); + if (getenv("OQS_CODEPOINT_P521_KYBER1024")) oqs_group_list[25].group_id = atoi(getenv("OQS_CODEPOINT_P521_KYBER1024")); + if (getenv("OQS_CODEPOINT_BIKEL1")) oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); + if (getenv("OQS_CODEPOINT_P256_BIKEL1")) oqs_group_list[27].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); + if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) oqs_group_list[28].group_id = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); + if (getenv("OQS_CODEPOINT_BIKEL3")) oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); + if (getenv("OQS_CODEPOINT_P384_BIKEL3")) oqs_group_list[30].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); + if (getenv("OQS_CODEPOINT_X448_BIKEL3")) oqs_group_list[31].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); + if (getenv("OQS_CODEPOINT_BIKEL5")) oqs_group_list[32].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); + if (getenv("OQS_CODEPOINT_P521_BIKEL5")) oqs_group_list[33].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); + if (getenv("OQS_CODEPOINT_HQC128")) oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); + if (getenv("OQS_CODEPOINT_P256_HQC128")) oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); + if (getenv("OQS_CODEPOINT_X25519_HQC128")) oqs_group_list[36].group_id = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); + if (getenv("OQS_CODEPOINT_HQC192")) oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); + if (getenv("OQS_CODEPOINT_P384_HQC192")) oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); + if (getenv("OQS_CODEPOINT_X448_HQC192")) oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); + if (getenv("OQS_CODEPOINT_HQC256")) oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); + if (getenv("OQS_CODEPOINT_P521_HQC256")) oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); + + if (getenv("OQS_CODEPOINT_DILITHIUM2")) oqs_sigalg_list[0].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_P256_DILITHIUM2")) oqs_sigalg_list[1].code_point = atoi(getenv("OQS_CODEPOINT_P256_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")) oqs_sigalg_list[2].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_DILITHIUM3")) oqs_sigalg_list[3].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM3")); + if (getenv("OQS_CODEPOINT_P384_DILITHIUM3")) oqs_sigalg_list[4].code_point = atoi(getenv("OQS_CODEPOINT_P384_DILITHIUM3")); + if (getenv("OQS_CODEPOINT_DILITHIUM5")) oqs_sigalg_list[5].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM5")); + if (getenv("OQS_CODEPOINT_P521_DILITHIUM5")) oqs_sigalg_list[6].code_point = atoi(getenv("OQS_CODEPOINT_P521_DILITHIUM5")); + if (getenv("OQS_CODEPOINT_FALCON512")) oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_FALCON512")); + if (getenv("OQS_CODEPOINT_P256_FALCON512")) oqs_sigalg_list[8].code_point = atoi(getenv("OQS_CODEPOINT_P256_FALCON512")); + if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) oqs_sigalg_list[9].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); + if (getenv("OQS_CODEPOINT_FALCON1024")) oqs_sigalg_list[10].code_point = atoi(getenv("OQS_CODEPOINT_FALCON1024")); + if (getenv("OQS_CODEPOINT_P521_FALCON1024")) oqs_sigalg_list[11].code_point = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[12].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[13].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[14].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[15].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[16].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[17].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) oqs_sigalg_list[18].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); + if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) oqs_sigalg_list[19].code_point = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[20].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[21].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[22].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); +///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END return 1; } @@ -466,72 +360,48 @@ static int oqs_group_capability(OSSL_CALLBACK *cb, void *arg) static const OSSL_PARAM oqs_param_sigalg_list[][12] = { ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_START -# ifdef OQS_ENABLE_SIG_dilithium_2 - OQS_SIGALG_ENTRY(dilithium2, dilithium2, dilithium2, - "1.3.6.1.4.1.2.267.7.4.4", 0), - OQS_SIGALG_ENTRY(p256_dilithium2, p256_dilithium2, p256_dilithium2, - "1.3.9999.2.7.1", 1), - OQS_SIGALG_ENTRY(rsa3072_dilithium2, rsa3072_dilithium2, rsa3072_dilithium2, - "1.3.9999.2.7.2", 2), -# endif -# ifdef OQS_ENABLE_SIG_dilithium_3 - OQS_SIGALG_ENTRY(dilithium3, dilithium3, dilithium3, - "1.3.6.1.4.1.2.267.7.6.5", 3), - OQS_SIGALG_ENTRY(p384_dilithium3, p384_dilithium3, p384_dilithium3, - "1.3.9999.2.7.3", 4), -# endif -# ifdef OQS_ENABLE_SIG_dilithium_5 - OQS_SIGALG_ENTRY(dilithium5, dilithium5, dilithium5, - "1.3.6.1.4.1.2.267.7.8.7", 5), - OQS_SIGALG_ENTRY(p521_dilithium5, p521_dilithium5, p521_dilithium5, - "1.3.9999.2.7.4", 6), -# endif -# ifdef OQS_ENABLE_SIG_falcon_512 +#ifdef OQS_ENABLE_SIG_dilithium_2 + OQS_SIGALG_ENTRY(dilithium2, dilithium2, dilithium2, "1.3.6.1.4.1.2.267.7.4.4", 0), + OQS_SIGALG_ENTRY(p256_dilithium2, p256_dilithium2, p256_dilithium2, "1.3.9999.2.7.1", 1), + OQS_SIGALG_ENTRY(rsa3072_dilithium2, rsa3072_dilithium2, rsa3072_dilithium2, "1.3.9999.2.7.2", 2), +#endif +#ifdef OQS_ENABLE_SIG_dilithium_3 + OQS_SIGALG_ENTRY(dilithium3, dilithium3, dilithium3, "1.3.6.1.4.1.2.267.7.6.5", 3), + OQS_SIGALG_ENTRY(p384_dilithium3, p384_dilithium3, p384_dilithium3, "1.3.9999.2.7.3", 4), +#endif +#ifdef OQS_ENABLE_SIG_dilithium_5 + OQS_SIGALG_ENTRY(dilithium5, dilithium5, dilithium5, "1.3.6.1.4.1.2.267.7.8.7", 5), + OQS_SIGALG_ENTRY(p521_dilithium5, p521_dilithium5, p521_dilithium5, "1.3.9999.2.7.4", 6), +#endif +#ifdef OQS_ENABLE_SIG_falcon_512 OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.6", 7), - OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, - "1.3.9999.3.7", 8), - OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, - "1.3.9999.3.8", 9), -# endif -# ifdef OQS_ENABLE_SIG_falcon_1024 + OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, "1.3.9999.3.7", 8), + OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, "1.3.9999.3.8", 9), +#endif +#ifdef OQS_ENABLE_SIG_falcon_1024 OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.9", 10), - OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, - "1.3.9999.3.10", 11), -# endif -# ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple - OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, - sphincssha2128fsimple, "1.3.9999.6.4.13", 12), - OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, - p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 13), - OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, - rsa3072_sphincssha2128fsimple, - rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 14), -# endif -# ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple - OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, - sphincssha2128ssimple, "1.3.9999.6.4.16", 15), - OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, - p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 16), - OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, - rsa3072_sphincssha2128ssimple, - rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 17), -# endif -# ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple - OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, - sphincssha2192fsimple, "1.3.9999.6.5.10", 18), - OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, - p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 19), -# endif -# ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple - OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, - sphincsshake128fsimple, "1.3.9999.6.7.13", 20), - OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, - p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 21), - OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, - rsa3072_sphincsshake128fsimple, - rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 22), -# endif - ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END + OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, "1.3.9999.3.10", 11), +#endif +#ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple + OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, sphincssha2128fsimple, "1.3.9999.6.4.13", 12), + OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 13), + OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 14), +#endif +#ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple + OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, sphincssha2128ssimple, "1.3.9999.6.4.16", 15), + OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 16), + OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 17), +#endif +#ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple + OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, sphincssha2192fsimple, "1.3.9999.6.5.10", 18), + OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 19), +#endif +#ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple + OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, sphincsshake128fsimple, "1.3.9999.6.7.13", 20), + OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 21), + OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 22), +#endif +///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END }; static int oqs_sigalg_capability(OSSL_CALLBACK *cb, void *arg) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 3b28743a..30d6835d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -53,120 +53,103 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START + + + + #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 81 +#define NID_TABLE_LEN 81 #else -# define NID_TABLE_LEN 39 +#define NID_TABLE_LEN 39 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { #ifdef OQS_KEM_ENCODERS - {0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128}, - {0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM, - 128}, - {0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, - KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128}, - {0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, - KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, - KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192}, - {0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM, - 192}, - {0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM, - 192}, - {0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192}, - {0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, - KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, - KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256}, - {0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, - KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256}, - {0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, - KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128}, - {0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192}, - {0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256}, - {0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, - {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192}, - {0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256}, - {0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128}, - {0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192}, - {0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256}, - {0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM, 256}, + { 0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128 }, + { 0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM , 128 }, + { 0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECX_HYB_KEM , 128 }, + { 0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128 }, + { 0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_ECP_HYB_KEM , 128 }, + { 0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_ECX_HYB_KEM , 128 }, + { 0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192 }, + { 0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192 }, + { 0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256 }, + { 0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_ECP_HYB_KEM , 256 }, + { 0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256 }, + { 0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_ECP_HYB_KEM , 256 }, + { 0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128 }, + { 0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM , 128 }, + { 0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM , 128 }, + { 0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192 }, + { 0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256 }, + { 0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM , 256 }, + { 0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128 }, + { 0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM , 128 }, + { 0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM , 128 }, + { 0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192 }, + { 0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256 }, + { 0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM , 256 }, + { 0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128 }, + { 0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM , 128 }, + { 0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM , 128 }, + { 0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192 }, + { 0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM , 192 }, + { 0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM , 192 }, + { 0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256 }, + { 0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM , 256 }, #endif /* OQS_KEM_ENCODERS */ - {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, - {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, - {0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, - {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, - {0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192}, - {0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192}, - {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, - {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256}, - {0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256}, - {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, - {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, - {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, - {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, - {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, - {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, - {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, - {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, - {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, - {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, - KEY_TYPE_SIG, 128}, - {0, "p256_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, - KEY_TYPE_HYB_SIG, 128}, - {0, "rsa3072_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, - KEY_TYPE_HYB_SIG, 128}, - {0, "sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, - KEY_TYPE_SIG, 128}, - {0, "p256_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, - KEY_TYPE_HYB_SIG, 128}, - {0, "rsa3072_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, - KEY_TYPE_HYB_SIG, 128}, - {0, "sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, - KEY_TYPE_SIG, 192}, - {0, "p384_sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, - KEY_TYPE_HYB_SIG, 192}, - {0, "sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, - KEY_TYPE_SIG, 128}, - {0, "p256_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, - KEY_TYPE_HYB_SIG, 128}, - {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, - KEY_TYPE_HYB_SIG, 128}, - ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END + { 0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128 }, + { 0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128 }, + { 0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128 }, + { 0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112 }, + { 0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112 }, + { 0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256 }, + { 0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192 }, + { 0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192 }, + { 0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256 }, + { 0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, + { 0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256 }, + { 0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256 }, + { 0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192 }, + { 0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384 }, + { 0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192 }, + { 0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128 }, + { 0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128 }, + { 0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128 }, + { 0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128 }, + { 0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256 }, + { 0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128 }, + { 0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256 }, + { 0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256 }, + { 0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_SIG, 128 }, + { 0, "p256_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_HYB_SIG, 128 }, + { 0, "rsa3072_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_HYB_SIG, 128 }, + { 0, "sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_SIG, 128 }, + { 0, "p256_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_HYB_SIG, 128 }, + { 0, "rsa3072_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_HYB_SIG, 128 }, + { 0, "sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, KEY_TYPE_SIG, 192 }, + { 0, "p384_sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, KEY_TYPE_HYB_SIG, 192 }, + { 0, "sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_SIG, 128 }, + { 0, "p256_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128 }, + { 0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128 }, +///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; int oqs_set_nid(char *tlsname, int nid) From 4f5c859d6a836a5bf0aaf0d339186c1977166ce6 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 19 Dec 2023 13:49:38 -0600 Subject: [PATCH 092/164] using OpenSSL coding style Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 167 ++- oqsprov/oqs_encode_key2any.c | 539 ++++----- oqsprov/oqs_kmgmt.c | 296 +++-- oqsprov/oqs_prov.h | 1965 ++++++++++++++++++++++---------- oqsprov/oqsdecoders.inc | 444 +++++--- oqsprov/oqsencoders.inc | 1555 +++++++++++++++---------- oqsprov/oqsprov.c | 798 ++++++++----- oqsprov/oqsprov_capabilities.c | 494 +++++--- oqsprov/oqsprov_keys.c | 193 ++-- 9 files changed, 4162 insertions(+), 2289 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index f9361950..180dc7f4 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -539,52 +539,69 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_START #ifdef OQS_KEM_ENCODERS - MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo640aes", frodo640aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640aes", p256_frodo640aes, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640aes", x25519_frodo640aes, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo640shake", frodo640shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_frodo640shake", p256_frodo640shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_frodo640shake", x25519_frodo640shake, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo976aes", frodo976aes, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976aes", p384_frodo976aes, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976aes", x448_frodo976aes, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo976shake", frodo976shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_frodo976shake", p384_frodo976shake, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_frodo976shake", x448_frodo976shake, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo1344aes", frodo1344aes, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344aes", p521_frodo1344aes, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, PrivateKeyInfo); MAKE_DECODER(, "frodo1344shake", frodo1344shake, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, + PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_frodo1344shake", p521_frodo1344shake, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "kyber512", kyber512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber512", kyber512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p256_kyber512", p256_kyber512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber512", x25519_kyber512, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "kyber768", kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber768", kyber768, oqsx, SubjectPublicKeyInfo); @@ -593,14 +610,16 @@ MAKE_DECODER(_ecp, "p384_kyber768", p384_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecx, "x448_kyber768", x448_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_kyber768", x25519_kyber768, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p256_kyber768", p256_kyber768, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "kyber1024", kyber1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "kyber1024", kyber1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, PrivateKeyInfo); -MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); @@ -641,37 +660,45 @@ MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p521_hqc256", p521_hqc256, oqsx, SubjectPublicKeyInfo); #endif /* OQS_KEM_ENCODERS */ - MAKE_DECODER(, "dilithium2", dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium2", dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); @@ -679,45 +706,71 @@ MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, + oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, + oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, + oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index bd648cc9..b060754d 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -814,266 +814,266 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) // OQS provider uses NIDs generated at load time as EVP_type identifiers // so initially this must be 0 and set to a real value by OBJ_sn2nid later ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_START -# define frodo640aes_evp_type 0 -# define frodo640aes_input_type "frodo640aes" -# define frodo640aes_pem_type "frodo640aes" - -# define p256_frodo640aes_evp_type 0 -# define p256_frodo640aes_input_type "p256_frodo640aes" -# define p256_frodo640aes_pem_type "p256_frodo640aes" -# define x25519_frodo640aes_evp_type 0 -# define x25519_frodo640aes_input_type "x25519_frodo640aes" -# define x25519_frodo640aes_pem_type "x25519_frodo640aes" -# define frodo640shake_evp_type 0 -# define frodo640shake_input_type "frodo640shake" -# define frodo640shake_pem_type "frodo640shake" - -# define p256_frodo640shake_evp_type 0 -# define p256_frodo640shake_input_type "p256_frodo640shake" -# define p256_frodo640shake_pem_type "p256_frodo640shake" -# define x25519_frodo640shake_evp_type 0 -# define x25519_frodo640shake_input_type "x25519_frodo640shake" -# define x25519_frodo640shake_pem_type "x25519_frodo640shake" -# define frodo976aes_evp_type 0 -# define frodo976aes_input_type "frodo976aes" -# define frodo976aes_pem_type "frodo976aes" - -# define p384_frodo976aes_evp_type 0 -# define p384_frodo976aes_input_type "p384_frodo976aes" -# define p384_frodo976aes_pem_type "p384_frodo976aes" -# define x448_frodo976aes_evp_type 0 -# define x448_frodo976aes_input_type "x448_frodo976aes" -# define x448_frodo976aes_pem_type "x448_frodo976aes" -# define frodo976shake_evp_type 0 -# define frodo976shake_input_type "frodo976shake" -# define frodo976shake_pem_type "frodo976shake" - -# define p384_frodo976shake_evp_type 0 -# define p384_frodo976shake_input_type "p384_frodo976shake" -# define p384_frodo976shake_pem_type "p384_frodo976shake" -# define x448_frodo976shake_evp_type 0 -# define x448_frodo976shake_input_type "x448_frodo976shake" -# define x448_frodo976shake_pem_type "x448_frodo976shake" -# define frodo1344aes_evp_type 0 -# define frodo1344aes_input_type "frodo1344aes" -# define frodo1344aes_pem_type "frodo1344aes" - -# define p521_frodo1344aes_evp_type 0 -# define p521_frodo1344aes_input_type "p521_frodo1344aes" -# define p521_frodo1344aes_pem_type "p521_frodo1344aes" -# define frodo1344shake_evp_type 0 -# define frodo1344shake_input_type "frodo1344shake" -# define frodo1344shake_pem_type "frodo1344shake" - -# define p521_frodo1344shake_evp_type 0 -# define p521_frodo1344shake_input_type "p521_frodo1344shake" -# define p521_frodo1344shake_pem_type "p521_frodo1344shake" -# define kyber512_evp_type 0 -# define kyber512_input_type "kyber512" -# define kyber512_pem_type "kyber512" - -# define p256_kyber512_evp_type 0 -# define p256_kyber512_input_type "p256_kyber512" -# define p256_kyber512_pem_type "p256_kyber512" -# define x25519_kyber512_evp_type 0 -# define x25519_kyber512_input_type "x25519_kyber512" -# define x25519_kyber512_pem_type "x25519_kyber512" -# define kyber768_evp_type 0 -# define kyber768_input_type "kyber768" -# define kyber768_pem_type "kyber768" - -# define p384_kyber768_evp_type 0 -# define p384_kyber768_input_type "p384_kyber768" -# define p384_kyber768_pem_type "p384_kyber768" -# define x448_kyber768_evp_type 0 -# define x448_kyber768_input_type "x448_kyber768" -# define x448_kyber768_pem_type "x448_kyber768" -# define x25519_kyber768_evp_type 0 -# define x25519_kyber768_input_type "x25519_kyber768" -# define x25519_kyber768_pem_type "x25519_kyber768" -# define p256_kyber768_evp_type 0 -# define p256_kyber768_input_type "p256_kyber768" -# define p256_kyber768_pem_type "p256_kyber768" -# define kyber1024_evp_type 0 -# define kyber1024_input_type "kyber1024" -# define kyber1024_pem_type "kyber1024" - -# define p521_kyber1024_evp_type 0 -# define p521_kyber1024_input_type "p521_kyber1024" -# define p521_kyber1024_pem_type "p521_kyber1024" -# define bikel1_evp_type 0 -# define bikel1_input_type "bikel1" -# define bikel1_pem_type "bikel1" - -# define p256_bikel1_evp_type 0 -# define p256_bikel1_input_type "p256_bikel1" -# define p256_bikel1_pem_type "p256_bikel1" -# define x25519_bikel1_evp_type 0 -# define x25519_bikel1_input_type "x25519_bikel1" -# define x25519_bikel1_pem_type "x25519_bikel1" -# define bikel3_evp_type 0 -# define bikel3_input_type "bikel3" -# define bikel3_pem_type "bikel3" - -# define p384_bikel3_evp_type 0 -# define p384_bikel3_input_type "p384_bikel3" -# define p384_bikel3_pem_type "p384_bikel3" -# define x448_bikel3_evp_type 0 -# define x448_bikel3_input_type "x448_bikel3" -# define x448_bikel3_pem_type "x448_bikel3" -# define bikel5_evp_type 0 -# define bikel5_input_type "bikel5" -# define bikel5_pem_type "bikel5" - -# define p521_bikel5_evp_type 0 -# define p521_bikel5_input_type "p521_bikel5" -# define p521_bikel5_pem_type "p521_bikel5" -# define hqc128_evp_type 0 -# define hqc128_input_type "hqc128" -# define hqc128_pem_type "hqc128" - -# define p256_hqc128_evp_type 0 -# define p256_hqc128_input_type "p256_hqc128" -# define p256_hqc128_pem_type "p256_hqc128" -# define x25519_hqc128_evp_type 0 -# define x25519_hqc128_input_type "x25519_hqc128" -# define x25519_hqc128_pem_type "x25519_hqc128" -# define hqc192_evp_type 0 -# define hqc192_input_type "hqc192" -# define hqc192_pem_type "hqc192" - -# define p384_hqc192_evp_type 0 -# define p384_hqc192_input_type "p384_hqc192" -# define p384_hqc192_pem_type "p384_hqc192" -# define x448_hqc192_evp_type 0 -# define x448_hqc192_input_type "x448_hqc192" -# define x448_hqc192_pem_type "x448_hqc192" -# define hqc256_evp_type 0 -# define hqc256_input_type "hqc256" -# define hqc256_pem_type "hqc256" - -# define p521_hqc256_evp_type 0 -# define p521_hqc256_input_type "p521_hqc256" -# define p521_hqc256_pem_type "p521_hqc256" - - -# define dilithium2_evp_type 0 -# define dilithium2_input_type "dilithium2" -# define dilithium2_pem_type "dilithium2" -# define p256_dilithium2_evp_type 0 -# define p256_dilithium2_input_type "p256_dilithium2" -# define p256_dilithium2_pem_type "p256_dilithium2" -# define rsa3072_dilithium2_evp_type 0 -# define rsa3072_dilithium2_input_type "rsa3072_dilithium2" -# define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" -# define dilithium2_pss2048_evp_type 0 -# define dilithium2_pss2048_input_type "dilithium2_pss2048" -# define dilithium2_pss2048_pem_type "dilithium2_pss2048" -# define dilithium2_rsa2048_evp_type 0 -# define dilithium2_rsa2048_input_type "dilithium2_rsa2048" -# define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" -# define dilithium2_ed25519_evp_type 0 -# define dilithium2_ed25519_input_type "dilithium2_ed25519" -# define dilithium2_ed25519_pem_type "dilithium2_ed25519" -# define dilithium2_p256_evp_type 0 -# define dilithium2_p256_input_type "dilithium2_p256" -# define dilithium2_p256_pem_type "dilithium2_p256" -# define dilithium2_bp256_evp_type 0 -# define dilithium2_bp256_input_type "dilithium2_bp256" -# define dilithium2_bp256_pem_type "dilithium2_bp256" -# define dilithium3_evp_type 0 -# define dilithium3_input_type "dilithium3" -# define dilithium3_pem_type "dilithium3" -# define p384_dilithium3_evp_type 0 -# define p384_dilithium3_input_type "p384_dilithium3" -# define p384_dilithium3_pem_type "p384_dilithium3" -# define dilithium3_pss3072_evp_type 0 -# define dilithium3_pss3072_input_type "dilithium3_pss3072" -# define dilithium3_pss3072_pem_type "dilithium3_pss3072" -# define dilithium3_rsa3072_evp_type 0 -# define dilithium3_rsa3072_input_type "dilithium3_rsa3072" -# define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" -# define dilithium3_p256_evp_type 0 -# define dilithium3_p256_input_type "dilithium3_p256" -# define dilithium3_p256_pem_type "dilithium3_p256" -# define dilithium3_bp256_evp_type 0 -# define dilithium3_bp256_input_type "dilithium3_bp256" -# define dilithium3_bp256_pem_type "dilithium3_bp256" -# define dilithium3_ed25519_evp_type 0 -# define dilithium3_ed25519_input_type "dilithium3_ed25519" -# define dilithium3_ed25519_pem_type "dilithium3_ed25519" -# define dilithium5_evp_type 0 -# define dilithium5_input_type "dilithium5" -# define dilithium5_pem_type "dilithium5" -# define p521_dilithium5_evp_type 0 -# define p521_dilithium5_input_type "p521_dilithium5" -# define p521_dilithium5_pem_type "p521_dilithium5" -# define dilithium5_p384_evp_type 0 -# define dilithium5_p384_input_type "dilithium5_p384" -# define dilithium5_p384_pem_type "dilithium5_p384" -# define dilithium5_bp384_evp_type 0 -# define dilithium5_bp384_input_type "dilithium5_bp384" -# define dilithium5_bp384_pem_type "dilithium5_bp384" -# define dilithium5_ed448_evp_type 0 -# define dilithium5_ed448_input_type "dilithium5_ed448" -# define dilithium5_ed448_pem_type "dilithium5_ed448" -# define falcon512_evp_type 0 -# define falcon512_input_type "falcon512" -# define falcon512_pem_type "falcon512" -# define p256_falcon512_evp_type 0 -# define p256_falcon512_input_type "p256_falcon512" -# define p256_falcon512_pem_type "p256_falcon512" -# define rsa3072_falcon512_evp_type 0 -# define rsa3072_falcon512_input_type "rsa3072_falcon512" -# define rsa3072_falcon512_pem_type "rsa3072_falcon512" -# define falcon512_p256_evp_type 0 -# define falcon512_p256_input_type "falcon512_p256" -# define falcon512_p256_pem_type "falcon512_p256" -# define falcon512_bp256_evp_type 0 -# define falcon512_bp256_input_type "falcon512_bp256" -# define falcon512_bp256_pem_type "falcon512_bp256" -# define falcon512_ed25519_evp_type 0 -# define falcon512_ed25519_input_type "falcon512_ed25519" -# define falcon512_ed25519_pem_type "falcon512_ed25519" -# define falcon1024_evp_type 0 -# define falcon1024_input_type "falcon1024" -# define falcon1024_pem_type "falcon1024" -# define p521_falcon1024_evp_type 0 -# define p521_falcon1024_input_type "p521_falcon1024" -# define p521_falcon1024_pem_type "p521_falcon1024" -# define sphincssha2128fsimple_evp_type 0 -# define sphincssha2128fsimple_input_type "sphincssha2128fsimple" -# define sphincssha2128fsimple_pem_type "sphincssha2128fsimple" -# define p256_sphincssha2128fsimple_evp_type 0 -# define p256_sphincssha2128fsimple_input_type "p256_sphincssha2128fsimple" -# define p256_sphincssha2128fsimple_pem_type "p256_sphincssha2128fsimple" -# define rsa3072_sphincssha2128fsimple_evp_type 0 -# define rsa3072_sphincssha2128fsimple_input_type "rsa3072_sphincssha2128fsimple" -# define rsa3072_sphincssha2128fsimple_pem_type "rsa3072_sphincssha2128fsimple" -# define sphincssha2128ssimple_evp_type 0 -# define sphincssha2128ssimple_input_type "sphincssha2128ssimple" -# define sphincssha2128ssimple_pem_type "sphincssha2128ssimple" -# define p256_sphincssha2128ssimple_evp_type 0 -# define p256_sphincssha2128ssimple_input_type "p256_sphincssha2128ssimple" -# define p256_sphincssha2128ssimple_pem_type "p256_sphincssha2128ssimple" -# define rsa3072_sphincssha2128ssimple_evp_type 0 -# define rsa3072_sphincssha2128ssimple_input_type "rsa3072_sphincssha2128ssimple" -# define rsa3072_sphincssha2128ssimple_pem_type "rsa3072_sphincssha2128ssimple" -# define sphincssha2192fsimple_evp_type 0 -# define sphincssha2192fsimple_input_type "sphincssha2192fsimple" -# define sphincssha2192fsimple_pem_type "sphincssha2192fsimple" -# define p384_sphincssha2192fsimple_evp_type 0 -# define p384_sphincssha2192fsimple_input_type "p384_sphincssha2192fsimple" -# define p384_sphincssha2192fsimple_pem_type "p384_sphincssha2192fsimple" -# define sphincsshake128fsimple_evp_type 0 -# define sphincsshake128fsimple_input_type "sphincsshake128fsimple" -# define sphincsshake128fsimple_pem_type "sphincsshake128fsimple" -# define p256_sphincsshake128fsimple_evp_type 0 -# define p256_sphincsshake128fsimple_input_type "p256_sphincsshake128fsimple" -# define p256_sphincsshake128fsimple_pem_type "p256_sphincsshake128fsimple" -# define rsa3072_sphincsshake128fsimple_evp_type 0 -# define rsa3072_sphincsshake128fsimple_input_type "rsa3072_sphincsshake128fsimple" -# define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" +#define frodo640aes_evp_type 0 +#define frodo640aes_input_type "frodo640aes" +#define frodo640aes_pem_type "frodo640aes" + +#define p256_frodo640aes_evp_type 0 +#define p256_frodo640aes_input_type "p256_frodo640aes" +#define p256_frodo640aes_pem_type "p256_frodo640aes" +#define x25519_frodo640aes_evp_type 0 +#define x25519_frodo640aes_input_type "x25519_frodo640aes" +#define x25519_frodo640aes_pem_type "x25519_frodo640aes" +#define frodo640shake_evp_type 0 +#define frodo640shake_input_type "frodo640shake" +#define frodo640shake_pem_type "frodo640shake" + +#define p256_frodo640shake_evp_type 0 +#define p256_frodo640shake_input_type "p256_frodo640shake" +#define p256_frodo640shake_pem_type "p256_frodo640shake" +#define x25519_frodo640shake_evp_type 0 +#define x25519_frodo640shake_input_type "x25519_frodo640shake" +#define x25519_frodo640shake_pem_type "x25519_frodo640shake" +#define frodo976aes_evp_type 0 +#define frodo976aes_input_type "frodo976aes" +#define frodo976aes_pem_type "frodo976aes" + +#define p384_frodo976aes_evp_type 0 +#define p384_frodo976aes_input_type "p384_frodo976aes" +#define p384_frodo976aes_pem_type "p384_frodo976aes" +#define x448_frodo976aes_evp_type 0 +#define x448_frodo976aes_input_type "x448_frodo976aes" +#define x448_frodo976aes_pem_type "x448_frodo976aes" +#define frodo976shake_evp_type 0 +#define frodo976shake_input_type "frodo976shake" +#define frodo976shake_pem_type "frodo976shake" + +#define p384_frodo976shake_evp_type 0 +#define p384_frodo976shake_input_type "p384_frodo976shake" +#define p384_frodo976shake_pem_type "p384_frodo976shake" +#define x448_frodo976shake_evp_type 0 +#define x448_frodo976shake_input_type "x448_frodo976shake" +#define x448_frodo976shake_pem_type "x448_frodo976shake" +#define frodo1344aes_evp_type 0 +#define frodo1344aes_input_type "frodo1344aes" +#define frodo1344aes_pem_type "frodo1344aes" + +#define p521_frodo1344aes_evp_type 0 +#define p521_frodo1344aes_input_type "p521_frodo1344aes" +#define p521_frodo1344aes_pem_type "p521_frodo1344aes" +#define frodo1344shake_evp_type 0 +#define frodo1344shake_input_type "frodo1344shake" +#define frodo1344shake_pem_type "frodo1344shake" + +#define p521_frodo1344shake_evp_type 0 +#define p521_frodo1344shake_input_type "p521_frodo1344shake" +#define p521_frodo1344shake_pem_type "p521_frodo1344shake" +#define kyber512_evp_type 0 +#define kyber512_input_type "kyber512" +#define kyber512_pem_type "kyber512" + +#define p256_kyber512_evp_type 0 +#define p256_kyber512_input_type "p256_kyber512" +#define p256_kyber512_pem_type "p256_kyber512" +#define x25519_kyber512_evp_type 0 +#define x25519_kyber512_input_type "x25519_kyber512" +#define x25519_kyber512_pem_type "x25519_kyber512" +#define kyber768_evp_type 0 +#define kyber768_input_type "kyber768" +#define kyber768_pem_type "kyber768" + +#define p384_kyber768_evp_type 0 +#define p384_kyber768_input_type "p384_kyber768" +#define p384_kyber768_pem_type "p384_kyber768" +#define x448_kyber768_evp_type 0 +#define x448_kyber768_input_type "x448_kyber768" +#define x448_kyber768_pem_type "x448_kyber768" +#define x25519_kyber768_evp_type 0 +#define x25519_kyber768_input_type "x25519_kyber768" +#define x25519_kyber768_pem_type "x25519_kyber768" +#define p256_kyber768_evp_type 0 +#define p256_kyber768_input_type "p256_kyber768" +#define p256_kyber768_pem_type "p256_kyber768" +#define kyber1024_evp_type 0 +#define kyber1024_input_type "kyber1024" +#define kyber1024_pem_type "kyber1024" + +#define p521_kyber1024_evp_type 0 +#define p521_kyber1024_input_type "p521_kyber1024" +#define p521_kyber1024_pem_type "p521_kyber1024" +#define bikel1_evp_type 0 +#define bikel1_input_type "bikel1" +#define bikel1_pem_type "bikel1" + +#define p256_bikel1_evp_type 0 +#define p256_bikel1_input_type "p256_bikel1" +#define p256_bikel1_pem_type "p256_bikel1" +#define x25519_bikel1_evp_type 0 +#define x25519_bikel1_input_type "x25519_bikel1" +#define x25519_bikel1_pem_type "x25519_bikel1" +#define bikel3_evp_type 0 +#define bikel3_input_type "bikel3" +#define bikel3_pem_type "bikel3" + +#define p384_bikel3_evp_type 0 +#define p384_bikel3_input_type "p384_bikel3" +#define p384_bikel3_pem_type "p384_bikel3" +#define x448_bikel3_evp_type 0 +#define x448_bikel3_input_type "x448_bikel3" +#define x448_bikel3_pem_type "x448_bikel3" +#define bikel5_evp_type 0 +#define bikel5_input_type "bikel5" +#define bikel5_pem_type "bikel5" + +#define p521_bikel5_evp_type 0 +#define p521_bikel5_input_type "p521_bikel5" +#define p521_bikel5_pem_type "p521_bikel5" +#define hqc128_evp_type 0 +#define hqc128_input_type "hqc128" +#define hqc128_pem_type "hqc128" + +#define p256_hqc128_evp_type 0 +#define p256_hqc128_input_type "p256_hqc128" +#define p256_hqc128_pem_type "p256_hqc128" +#define x25519_hqc128_evp_type 0 +#define x25519_hqc128_input_type "x25519_hqc128" +#define x25519_hqc128_pem_type "x25519_hqc128" +#define hqc192_evp_type 0 +#define hqc192_input_type "hqc192" +#define hqc192_pem_type "hqc192" + +#define p384_hqc192_evp_type 0 +#define p384_hqc192_input_type "p384_hqc192" +#define p384_hqc192_pem_type "p384_hqc192" +#define x448_hqc192_evp_type 0 +#define x448_hqc192_input_type "x448_hqc192" +#define x448_hqc192_pem_type "x448_hqc192" +#define hqc256_evp_type 0 +#define hqc256_input_type "hqc256" +#define hqc256_pem_type "hqc256" + +#define p521_hqc256_evp_type 0 +#define p521_hqc256_input_type "p521_hqc256" +#define p521_hqc256_pem_type "p521_hqc256" + +#define dilithium2_evp_type 0 +#define dilithium2_input_type "dilithium2" +#define dilithium2_pem_type "dilithium2" +#define p256_dilithium2_evp_type 0 +#define p256_dilithium2_input_type "p256_dilithium2" +#define p256_dilithium2_pem_type "p256_dilithium2" +#define rsa3072_dilithium2_evp_type 0 +#define rsa3072_dilithium2_input_type "rsa3072_dilithium2" +#define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" +#define dilithium2_pss2048_evp_type 0 +#define dilithium2_pss2048_input_type "dilithium2_pss2048" +#define dilithium2_pss2048_pem_type "dilithium2_pss2048" +#define dilithium2_rsa2048_evp_type 0 +#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" +#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" +#define dilithium2_ed25519_evp_type 0 +#define dilithium2_ed25519_input_type "dilithium2_ed25519" +#define dilithium2_ed25519_pem_type "dilithium2_ed25519" +#define dilithium2_p256_evp_type 0 +#define dilithium2_p256_input_type "dilithium2_p256" +#define dilithium2_p256_pem_type "dilithium2_p256" +#define dilithium2_bp256_evp_type 0 +#define dilithium2_bp256_input_type "dilithium2_bp256" +#define dilithium2_bp256_pem_type "dilithium2_bp256" +#define dilithium3_evp_type 0 +#define dilithium3_input_type "dilithium3" +#define dilithium3_pem_type "dilithium3" +#define p384_dilithium3_evp_type 0 +#define p384_dilithium3_input_type "p384_dilithium3" +#define p384_dilithium3_pem_type "p384_dilithium3" +#define dilithium3_pss3072_evp_type 0 +#define dilithium3_pss3072_input_type "dilithium3_pss3072" +#define dilithium3_pss3072_pem_type "dilithium3_pss3072" +#define dilithium3_rsa3072_evp_type 0 +#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" +#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" +#define dilithium3_p256_evp_type 0 +#define dilithium3_p256_input_type "dilithium3_p256" +#define dilithium3_p256_pem_type "dilithium3_p256" +#define dilithium3_bp256_evp_type 0 +#define dilithium3_bp256_input_type "dilithium3_bp256" +#define dilithium3_bp256_pem_type "dilithium3_bp256" +#define dilithium3_ed25519_evp_type 0 +#define dilithium3_ed25519_input_type "dilithium3_ed25519" +#define dilithium3_ed25519_pem_type "dilithium3_ed25519" +#define dilithium5_evp_type 0 +#define dilithium5_input_type "dilithium5" +#define dilithium5_pem_type "dilithium5" +#define p521_dilithium5_evp_type 0 +#define p521_dilithium5_input_type "p521_dilithium5" +#define p521_dilithium5_pem_type "p521_dilithium5" +#define dilithium5_p384_evp_type 0 +#define dilithium5_p384_input_type "dilithium5_p384" +#define dilithium5_p384_pem_type "dilithium5_p384" +#define dilithium5_bp384_evp_type 0 +#define dilithium5_bp384_input_type "dilithium5_bp384" +#define dilithium5_bp384_pem_type "dilithium5_bp384" +#define dilithium5_ed448_evp_type 0 +#define dilithium5_ed448_input_type "dilithium5_ed448" +#define dilithium5_ed448_pem_type "dilithium5_ed448" +#define falcon512_evp_type 0 +#define falcon512_input_type "falcon512" +#define falcon512_pem_type "falcon512" +#define p256_falcon512_evp_type 0 +#define p256_falcon512_input_type "p256_falcon512" +#define p256_falcon512_pem_type "p256_falcon512" +#define rsa3072_falcon512_evp_type 0 +#define rsa3072_falcon512_input_type "rsa3072_falcon512" +#define rsa3072_falcon512_pem_type "rsa3072_falcon512" +#define falcon512_p256_evp_type 0 +#define falcon512_p256_input_type "falcon512_p256" +#define falcon512_p256_pem_type "falcon512_p256" +#define falcon512_bp256_evp_type 0 +#define falcon512_bp256_input_type "falcon512_bp256" +#define falcon512_bp256_pem_type "falcon512_bp256" +#define falcon512_ed25519_evp_type 0 +#define falcon512_ed25519_input_type "falcon512_ed25519" +#define falcon512_ed25519_pem_type "falcon512_ed25519" +#define falcon1024_evp_type 0 +#define falcon1024_input_type "falcon1024" +#define falcon1024_pem_type "falcon1024" +#define p521_falcon1024_evp_type 0 +#define p521_falcon1024_input_type "p521_falcon1024" +#define p521_falcon1024_pem_type "p521_falcon1024" +#define sphincssha2128fsimple_evp_type 0 +#define sphincssha2128fsimple_input_type "sphincssha2128fsimple" +#define sphincssha2128fsimple_pem_type "sphincssha2128fsimple" +#define p256_sphincssha2128fsimple_evp_type 0 +#define p256_sphincssha2128fsimple_input_type "p256_sphincssha2128fsimple" +#define p256_sphincssha2128fsimple_pem_type "p256_sphincssha2128fsimple" +#define rsa3072_sphincssha2128fsimple_evp_type 0 +#define rsa3072_sphincssha2128fsimple_input_type "rsa3072_sphincssha2128fsimple" +#define rsa3072_sphincssha2128fsimple_pem_type "rsa3072_sphincssha2128fsimple" +#define sphincssha2128ssimple_evp_type 0 +#define sphincssha2128ssimple_input_type "sphincssha2128ssimple" +#define sphincssha2128ssimple_pem_type "sphincssha2128ssimple" +#define p256_sphincssha2128ssimple_evp_type 0 +#define p256_sphincssha2128ssimple_input_type "p256_sphincssha2128ssimple" +#define p256_sphincssha2128ssimple_pem_type "p256_sphincssha2128ssimple" +#define rsa3072_sphincssha2128ssimple_evp_type 0 +#define rsa3072_sphincssha2128ssimple_input_type "rsa3072_sphincssha2128ssimple" +#define rsa3072_sphincssha2128ssimple_pem_type "rsa3072_sphincssha2128ssimple" +#define sphincssha2192fsimple_evp_type 0 +#define sphincssha2192fsimple_input_type "sphincssha2192fsimple" +#define sphincssha2192fsimple_pem_type "sphincssha2192fsimple" +#define p384_sphincssha2192fsimple_evp_type 0 +#define p384_sphincssha2192fsimple_input_type "p384_sphincssha2192fsimple" +#define p384_sphincssha2192fsimple_pem_type "p384_sphincssha2192fsimple" +#define sphincsshake128fsimple_evp_type 0 +#define sphincsshake128fsimple_input_type "sphincsshake128fsimple" +#define sphincsshake128fsimple_pem_type "sphincsshake128fsimple" +#define p256_sphincsshake128fsimple_evp_type 0 +#define p256_sphincsshake128fsimple_input_type "p256_sphincsshake128fsimple" +#define p256_sphincsshake128fsimple_pem_type "p256_sphincsshake128fsimple" +#define rsa3072_sphincsshake128fsimple_evp_type 0 +#define rsa3072_sphincsshake128fsimple_input_type \ + "rsa3072_sphincsshake128fsimple" +#define rsa3072_sphincsshake128fsimple_pem_type "rsa3072_sphincsshake128fsimple" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -1722,7 +1722,6 @@ key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_START #ifdef OQS_KEM_ENCODERS - MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, frodo640aes, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, frodo640aes, oqsx, PrivateKeyInfo, der); @@ -2244,8 +2243,10 @@ MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincssha2128fsimple); -MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, + der); +MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, + pem); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo, der); @@ -2265,8 +2266,10 @@ MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincssha2128ssimple); -MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, + der); +MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, EncryptedPrivateKeyInfo, + pem); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo, der); @@ -2300,8 +2303,10 @@ MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p256_sphincsshake128fsimple); -MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, + der); +MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, EncryptedPrivateKeyInfo, + pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, der); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index bb56299c..09bb2b31 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -583,358 +583,460 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_START static void *dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2", KEY_TYPE_SIG, NULL, 128, 0); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2", KEY_TYPE_SIG, NULL, 128, 0); } static void *dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2", 0, 128, 0); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2", 0, 128, 0); } static void *p256_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 1); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "p256_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 1); } static void *p256_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "p256_dilithium2", KEY_TYPE_HYB_SIG, 128, 1); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "p256_dilithium2", KEY_TYPE_HYB_SIG, 128, 1); } static void *rsa3072_dilithium2_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 2); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, NULL, 128, 2); } static void *rsa3072_dilithium2_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); } static void *dilithium2_pss2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); } static void *dilithium2_pss2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); } static void *dilithium2_rsa2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); } static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); } static void *dilithium2_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); } static void *dilithium2_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); } static void *dilithium2_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); } static void *dilithium2_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); } static void *dilithium2_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); } static void *dilithium2_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, + "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); } static void *dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); } static void *dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3", 0, 192, 8); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3", 0, 192, 8); } static void *p384_dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); } static void *p384_dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); } static void *dilithium3_pss3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); } static void *dilithium3_pss3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); } static void *dilithium3_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); } static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); } static void *dilithium3_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); } static void *dilithium3_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); } static void *dilithium3_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); } static void *dilithium3_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); } static void *dilithium3_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); } static void *dilithium3_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); } static void *dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); } static void *dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5", 0, 256, 15); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5", 0, 256, 15); } static void *p521_dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); } static void *p521_dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); } static void *dilithium5_p384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); } static void *dilithium5_p384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); } static void *dilithium5_bp384_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); } static void *dilithium5_bp384_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); } static void *dilithium5_ed448_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); } static void *dilithium5_ed448_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); } static void *falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512", KEY_TYPE_SIG, NULL, 128, 20); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512", KEY_TYPE_SIG, NULL, 128, 20); } static void *falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512", 0, 128, 20); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512", 0, 128, 20); } static void *p256_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); } static void *p256_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); } static void *rsa3072_falcon512_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); } static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); } static void *falcon512_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); } static void *falcon512_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); } static void *falcon512_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); } static void *falcon512_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); } static void *falcon512_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); } static void *falcon512_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); } static void *falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, + "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); } static void *falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "falcon1024", 0, 256, 26); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, + "falcon1024", 0, 256, 26); } static void *p521_falcon1024_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); } - static void *sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_sphincs_sha2_128f_simple, + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "sphincssha2128fsimple", 0, 128, 28); + return oqsx_gen_init(provctx, selection, + OQS_SIG_alg_sphincs_sha2_128f_simple, + "sphincssha2128fsimple", 0, 128, 28); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); } -static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, int selection) +static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, + int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); } static void *sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_sphincs_sha2_128s_simple, + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "sphincssha2128ssimple", 0, 128, 31); + return oqsx_gen_init(provctx, selection, + OQS_SIG_alg_sphincs_sha2_128s_simple, + "sphincssha2128ssimple", 0, 128, 31); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } -static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, int selection) +static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, + int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); } static void *sphincssha2192fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_sphincs_sha2_192f_simple, + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, "sphincssha2192fsimple", 0, 192, 34); + return oqsx_gen_init(provctx, selection, + OQS_SIG_alg_sphincs_sha2_192f_simple, + "sphincssha2192fsimple", 0, 192, 34); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); } static void *sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_sphincs_shake_128f_simple, + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "sphincsshake128fsimple", 0, 128, 36); + return oqsx_gen_init(provctx, selection, + OQS_SIG_alg_sphincs_shake_128f_simple, + "sphincsshake128fsimple", 0, 128, 36); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); } -static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, int selection) +static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, + int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); + return oqsx_gen_init( + provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -1128,30 +1230,40 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincsshake128fsimple) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640aes, OQS_KEM_alg_frodokem_640_aes, + 128) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640aes, OQS_KEM_alg_frodokem_640_aes, + 128) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_frodo640shake, + OQS_KEM_alg_frodokem_640_shake, 128) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640shake, OQS_KEM_alg_frodokem_640_shake, 128) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_frodo640shake, + OQS_KEM_alg_frodokem_640_shake, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976aes, OQS_KEM_alg_frodokem_976_aes, + 192) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976aes, OQS_KEM_alg_frodokem_976_aes, 192) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976aes, OQS_KEM_alg_frodokem_976_aes, + 192) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_frodo976shake, + OQS_KEM_alg_frodokem_976_shake, 192) -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976shake, OQS_KEM_alg_frodokem_976_shake, 192) +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_frodo976shake, + OQS_KEM_alg_frodokem_976_shake, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344aes, OQS_KEM_alg_frodokem_1344_aes, + 256) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo1344shake, OQS_KEM_alg_frodokem_1344_shake, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344shake, OQS_KEM_alg_frodokem_1344_shake, 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_frodo1344shake, + OQS_KEM_alg_frodokem_1344_shake, 256) MAKE_KEM_KEYMGMT_FUNCTIONS(kyber512, OQS_KEM_alg_kyber_512, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_kyber512, OQS_KEM_alg_kyber_512, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1ec8608a..1bf1c02e 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -257,695 +257,1470 @@ extern const OSSL_DISPATCH oqs_signature_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_START #ifdef OQS_KEM_ENCODERS - -extern const OSSL_DISPATCH oqs_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo640aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_frodo640aes_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_frodo640aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo640shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_frodo640shake_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_frodo640shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_frodo640shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_frodo640shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo976aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_frodo976aes_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_frodo976aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_frodo976aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo976shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_frodo976shake_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_frodo976shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_frodo976shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_frodo976shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo1344aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo1344aes_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344aes_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_frodo1344aes_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344aes_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_frodo1344shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_frodo1344shake_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_frodo1344shake_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_frodo1344shake_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_frodo1344shake_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber512_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_kyber512_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_kyber512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_kyber512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_kyber512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_kyber768_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_kyber768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_kyber768_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_kyber768_decoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_kyber768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_kyber1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_kyber1024_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_kyber1024_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_kyber1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_kyber1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel1_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_bikel1_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_bikel1_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_bikel1_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_bikel1_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_bikel1_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_bikel1_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_bikel1_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel3_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel3_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_bikel3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_bikel3_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_bikel3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_bikel3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_bikel3_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_bikel3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_bikel3_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel5_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_bikel5_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_bikel5_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_bikel5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_bikel5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_bikel5_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_bikel5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_bikel5_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc128_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc128_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_hqc128_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_hqc128_decoder_functions[];extern const OSSL_DISPATCH oqs_x25519_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x25519_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_hqc128_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x25519_hqc128_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x25519_hqc128_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_hqc128_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_hqc128_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc192_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc192_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_hqc192_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_hqc192_decoder_functions[];extern const OSSL_DISPATCH oqs_x448_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_x448_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_hqc192_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_x448_hqc192_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_x448_hqc192_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_hqc192_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_hqc192_decoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_hqc256_to_text_encoder_functions[]; extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_hqc256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_hqc256_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_hqc256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_hqc256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_hqc256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_hqc256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_hqc256_decoder_functions[]; #endif /* OQS_KEM_ENCODERS */ - -extern const OSSL_DISPATCH oqs_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_dilithium2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_dilithium3_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p384_dilithium3_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_dilithium5_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_dilithium5_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_dilithium5_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[];extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falcon512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[];extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[];extern const OSSL_DISPATCH oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falcon1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH oqs_p521_falcon1024_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_to_text_encoder_functions[]; -extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions[]; -extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128fsimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128fsimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_sphincssha2128ssimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincssha2128ssimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincssha2192fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p384_sphincssha2192fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_sphincssha2192fsimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p256_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_sphincsshake128fsimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_PrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_SubjectPublicKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions + []; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_sphincsshake128fsimple_decoder_functions + []; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START -extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[];extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[];extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincssha2128ssimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[];extern const OSSL_DISPATCH oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2128ssimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincssha2128ssimple_keymgmt_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincssha2128ssimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincssha2192fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p384_sphincssha2192fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_sphincsshake128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_sphincsshake128fsimple_keymgmt_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 9bdc5e3f..3496d68d 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -36,176 +36,318 @@ ///// OQS_TEMPLATE_FRAGMENT_MAKE_START #ifdef OQS_KEM_ENCODERS -#ifdef OQS_ENABLE_KEM_frodokem_640_aes +# ifdef OQS_ENABLE_KEM_frodokem_640_aes DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), -DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), -DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, p256_frodo640aes), -DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, p256_frodo640aes),DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, x25519_frodo640aes), -DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, x25519_frodo640aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_640_shake -DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), -DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, frodo640shake), -DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, p256_frodo640shake), -DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, p256_frodo640shake),DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, x25519_frodo640shake), -DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, x25519_frodo640shake), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_976_aes -DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), -DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), -DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, p384_frodo976aes), -DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, p384_frodo976aes),DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, x448_frodo976aes), -DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, x448_frodo976aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_976_shake -DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), -DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, frodo976shake), -DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, p384_frodo976shake), -DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, p384_frodo976shake),DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, x448_frodo976shake), -DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, x448_frodo976shake), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_1344_aes -DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), -DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, frodo1344aes), -DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, p521_frodo1344aes), -DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, p521_frodo1344aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_1344_shake -DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), -DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, frodo1344shake), -DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, p521_frodo1344shake), -DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, p521_frodo1344shake), -#endif -#ifdef OQS_ENABLE_KEM_kyber_512 -DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), -DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), -DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), -DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, p256_kyber512),DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, x25519_kyber512), -DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, x25519_kyber512), -#endif -#ifdef OQS_ENABLE_KEM_kyber_768 -DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), -DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), -DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), -DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, p384_kyber768),DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), -DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, x448_kyber768),DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, x25519_kyber768), -DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, x25519_kyber768),DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), -DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, p256_kyber768), -#endif -#ifdef OQS_ENABLE_KEM_kyber_1024 -DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), -DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), -DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), -DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, p521_kyber1024), -#endif -#ifdef OQS_ENABLE_KEM_bike_l1 -DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), -DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), -DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), -DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1),DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), -DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, x25519_bikel1), -#endif -#ifdef OQS_ENABLE_KEM_bike_l3 -DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), -DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), -DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), -DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3),DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), -DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), -#endif -#ifdef OQS_ENABLE_KEM_bike_l5 -DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), -DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), -DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), -DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), -#endif -#ifdef OQS_ENABLE_KEM_hqc_128 -DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), -DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), -DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), -DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128),DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), -DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, x25519_hqc128), -#endif -#ifdef OQS_ENABLE_KEM_hqc_192 -DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), -DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), -DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), -DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192),DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), -DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), -#endif -#ifdef OQS_ENABLE_KEM_hqc_256 -DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), -DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), -DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), -DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), -#endif + DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), + DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, + p256_frodo640aes), + DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, + p256_frodo640aes), + DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, + x25519_frodo640aes), + DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, + x25519_frodo640aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_640_shake + DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), + DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, + frodo640shake), + DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, + p256_frodo640shake), + DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, + p256_frodo640shake), + DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, + x25519_frodo640shake), + DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, + x25519_frodo640shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_aes + DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), + DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), + DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, + p384_frodo976aes), + DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, + p384_frodo976aes), + DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, + x448_frodo976aes), + DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, + x448_frodo976aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_shake + DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), + DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, + frodo976shake), + DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, + p384_frodo976shake), + DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, + p384_frodo976shake), + DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, + x448_frodo976shake), + DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, + x448_frodo976shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_aes + DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), + DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, + frodo1344aes), + DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, + p521_frodo1344aes), + DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, + p521_frodo1344aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_shake + DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), + DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, + frodo1344shake), + DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, + p521_frodo1344shake), + DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, + p521_frodo1344shake), +# endif +# ifdef OQS_ENABLE_KEM_kyber_512 + DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), + DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), + DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), + DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, + p256_kyber512), + DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, + x25519_kyber512), + DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, + x25519_kyber512), +# endif +# ifdef OQS_ENABLE_KEM_kyber_768 + DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), + DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), + DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), + DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, + p384_kyber768), + DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), + DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, + x448_kyber768), + DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, + x25519_kyber768), + DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, + x25519_kyber768), + DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), + DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, + p256_kyber768), +# endif +# ifdef OQS_ENABLE_KEM_kyber_1024 + DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), + DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), + DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), + DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, + p521_kyber1024), +# endif +# ifdef OQS_ENABLE_KEM_bike_l1 + DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), + DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), + DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), + DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1), + DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), + DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, + x25519_bikel1), +# endif +# ifdef OQS_ENABLE_KEM_bike_l3 + DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), + DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), + DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), + DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3), + DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), + DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), +# endif +# ifdef OQS_ENABLE_KEM_bike_l5 + DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), + DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), + DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), + DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), +# endif +# ifdef OQS_ENABLE_KEM_hqc_128 + DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), + DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), + DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), + DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128), + DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), + DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, + x25519_hqc128), +# endif +# ifdef OQS_ENABLE_KEM_hqc_192 + DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), + DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), + DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), + DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192), + DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), + DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), +# endif +# ifdef OQS_ENABLE_KEM_hqc_256 + DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), + DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), + DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), + DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), +# endif #endif /* OQS_KEM_ENCODERS */ - #ifdef OQS_ENABLE_SIG_dilithium_2 -DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), -DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2),DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, p256_dilithium2), -DECODER_w_structure("p256_dilithium2", der, SubjectPublicKeyInfo, p256_dilithium2),DECODER_w_structure("rsa3072_dilithium2", der, PrivateKeyInfo, rsa3072_dilithium2), -DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, rsa3072_dilithium2),DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, dilithium2_pss2048), -DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, dilithium2_pss2048),DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, dilithium2_rsa2048), -DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, dilithium2_rsa2048),DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, dilithium2_ed25519), -DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, dilithium2_ed25519),DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, dilithium2_p256), -DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, dilithium2_p256),DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, dilithium2_bp256), -DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, dilithium2_bp256), + DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), + DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2), + DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, + p256_dilithium2), + DECODER_w_structure("p256_dilithium2", der, SubjectPublicKeyInfo, + p256_dilithium2), + DECODER_w_structure("rsa3072_dilithium2", der, PrivateKeyInfo, + rsa3072_dilithium2), + DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, + rsa3072_dilithium2), + DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, + dilithium2_pss2048), + DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, + dilithium2_rsa2048), + DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, + dilithium2_ed25519), + DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, + dilithium2_p256), + DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, + dilithium2_bp256), + DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, + dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 -DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), -DECODER_w_structure("dilithium3", der, SubjectPublicKeyInfo, dilithium3),DECODER_w_structure("p384_dilithium3", der, PrivateKeyInfo, p384_dilithium3), -DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, p384_dilithium3),DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, dilithium3_pss3072), -DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, dilithium3_pss3072),DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, dilithium3_rsa3072), -DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, dilithium3_rsa3072),DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, dilithium3_p256), -DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, dilithium3_p256),DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, dilithium3_bp256), -DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, dilithium3_bp256),DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, dilithium3_ed25519), -DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, dilithium3_ed25519), + DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), + DECODER_w_structure("dilithium3", der, SubjectPublicKeyInfo, dilithium3), + DECODER_w_structure("p384_dilithium3", der, PrivateKeyInfo, + p384_dilithium3), + DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, + p384_dilithium3), + DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, + dilithium3_pss3072), + DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, + dilithium3_pss3072), + DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, + dilithium3_rsa3072), + DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, + dilithium3_rsa3072), + DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, + dilithium3_p256), + DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, + dilithium3_p256), + DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, + dilithium3_bp256), + DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, + dilithium3_bp256), + DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, + dilithium3_ed25519), + DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, + dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 -DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), -DECODER_w_structure("dilithium5", der, SubjectPublicKeyInfo, dilithium5),DECODER_w_structure("p521_dilithium5", der, PrivateKeyInfo, p521_dilithium5), -DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, p521_dilithium5),DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, dilithium5_p384), -DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, dilithium5_p384),DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, dilithium5_bp384), -DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, dilithium5_bp384),DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, dilithium5_ed448), -DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, dilithium5_ed448), + DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), + DECODER_w_structure("dilithium5", der, SubjectPublicKeyInfo, dilithium5), + DECODER_w_structure("p521_dilithium5", der, PrivateKeyInfo, + p521_dilithium5), + DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, + p521_dilithium5), + DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, + dilithium5_p384), + DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, + dilithium5_p384), + DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, + dilithium5_bp384), + DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, + dilithium5_bp384), + DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, + dilithium5_ed448), + DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, + dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 -DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), -DECODER_w_structure("falcon512", der, SubjectPublicKeyInfo, falcon512),DECODER_w_structure("p256_falcon512", der, PrivateKeyInfo, p256_falcon512), -DECODER_w_structure("p256_falcon512", der, SubjectPublicKeyInfo, p256_falcon512),DECODER_w_structure("rsa3072_falcon512", der, PrivateKeyInfo, rsa3072_falcon512), -DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512),DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), -DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, falcon512_p256),DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, falcon512_bp256), -DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, falcon512_bp256),DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, falcon512_ed25519), -DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, falcon512_ed25519), + DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), + DECODER_w_structure("falcon512", der, SubjectPublicKeyInfo, falcon512), + DECODER_w_structure("p256_falcon512", der, PrivateKeyInfo, p256_falcon512), + DECODER_w_structure("p256_falcon512", der, SubjectPublicKeyInfo, + p256_falcon512), + DECODER_w_structure("rsa3072_falcon512", der, PrivateKeyInfo, + rsa3072_falcon512), + DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, + rsa3072_falcon512), + DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), + DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, + falcon512_p256), + DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, + falcon512_bp256), + DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, + falcon512_bp256), + DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, + falcon512_ed25519), + DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, + falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 -DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), -DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024),DECODER_w_structure("p521_falcon1024", der, PrivateKeyInfo, p521_falcon1024), -DECODER_w_structure("p521_falcon1024", der, SubjectPublicKeyInfo, p521_falcon1024), + DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), + DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024), + DECODER_w_structure("p521_falcon1024", der, PrivateKeyInfo, + p521_falcon1024), + DECODER_w_structure("p521_falcon1024", der, SubjectPublicKeyInfo, + p521_falcon1024), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple -DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, sphincssha2128fsimple), -DECODER_w_structure("sphincssha2128fsimple", der, SubjectPublicKeyInfo, sphincssha2128fsimple),DECODER_w_structure("p256_sphincssha2128fsimple", der, PrivateKeyInfo, p256_sphincssha2128fsimple), -DECODER_w_structure("p256_sphincssha2128fsimple", der, SubjectPublicKeyInfo, p256_sphincssha2128fsimple),DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, PrivateKeyInfo, rsa3072_sphincssha2128fsimple), -DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincssha2128fsimple), + DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, + sphincssha2128fsimple), + DECODER_w_structure("sphincssha2128fsimple", der, SubjectPublicKeyInfo, + sphincssha2128fsimple), + DECODER_w_structure("p256_sphincssha2128fsimple", der, PrivateKeyInfo, + p256_sphincssha2128fsimple), + DECODER_w_structure("p256_sphincssha2128fsimple", der, SubjectPublicKeyInfo, + p256_sphincssha2128fsimple), + DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, PrivateKeyInfo, + rsa3072_sphincssha2128fsimple), + DECODER_w_structure("rsa3072_sphincssha2128fsimple", der, + SubjectPublicKeyInfo, rsa3072_sphincssha2128fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple -DECODER_w_structure("sphincssha2128ssimple", der, PrivateKeyInfo, sphincssha2128ssimple), -DECODER_w_structure("sphincssha2128ssimple", der, SubjectPublicKeyInfo, sphincssha2128ssimple),DECODER_w_structure("p256_sphincssha2128ssimple", der, PrivateKeyInfo, p256_sphincssha2128ssimple), -DECODER_w_structure("p256_sphincssha2128ssimple", der, SubjectPublicKeyInfo, p256_sphincssha2128ssimple),DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, PrivateKeyInfo, rsa3072_sphincssha2128ssimple), -DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, SubjectPublicKeyInfo, rsa3072_sphincssha2128ssimple), + DECODER_w_structure("sphincssha2128ssimple", der, PrivateKeyInfo, + sphincssha2128ssimple), + DECODER_w_structure("sphincssha2128ssimple", der, SubjectPublicKeyInfo, + sphincssha2128ssimple), + DECODER_w_structure("p256_sphincssha2128ssimple", der, PrivateKeyInfo, + p256_sphincssha2128ssimple), + DECODER_w_structure("p256_sphincssha2128ssimple", der, SubjectPublicKeyInfo, + p256_sphincssha2128ssimple), + DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, PrivateKeyInfo, + rsa3072_sphincssha2128ssimple), + DECODER_w_structure("rsa3072_sphincssha2128ssimple", der, + SubjectPublicKeyInfo, rsa3072_sphincssha2128ssimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple -DECODER_w_structure("sphincssha2192fsimple", der, PrivateKeyInfo, sphincssha2192fsimple), -DECODER_w_structure("sphincssha2192fsimple", der, SubjectPublicKeyInfo, sphincssha2192fsimple),DECODER_w_structure("p384_sphincssha2192fsimple", der, PrivateKeyInfo, p384_sphincssha2192fsimple), -DECODER_w_structure("p384_sphincssha2192fsimple", der, SubjectPublicKeyInfo, p384_sphincssha2192fsimple), + DECODER_w_structure("sphincssha2192fsimple", der, PrivateKeyInfo, + sphincssha2192fsimple), + DECODER_w_structure("sphincssha2192fsimple", der, SubjectPublicKeyInfo, + sphincssha2192fsimple), + DECODER_w_structure("p384_sphincssha2192fsimple", der, PrivateKeyInfo, + p384_sphincssha2192fsimple), + DECODER_w_structure("p384_sphincssha2192fsimple", der, SubjectPublicKeyInfo, + p384_sphincssha2192fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple -DECODER_w_structure("sphincsshake128fsimple", der, PrivateKeyInfo, sphincsshake128fsimple), -DECODER_w_structure("sphincsshake128fsimple", der, SubjectPublicKeyInfo, sphincsshake128fsimple),DECODER_w_structure("p256_sphincsshake128fsimple", der, PrivateKeyInfo, p256_sphincsshake128fsimple), -DECODER_w_structure("p256_sphincsshake128fsimple", der, SubjectPublicKeyInfo, p256_sphincsshake128fsimple),DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, PrivateKeyInfo, rsa3072_sphincsshake128fsimple), -DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), + DECODER_w_structure("sphincsshake128fsimple", der, PrivateKeyInfo, + sphincsshake128fsimple), + DECODER_w_structure("sphincsshake128fsimple", der, SubjectPublicKeyInfo, + sphincsshake128fsimple), + DECODER_w_structure("p256_sphincsshake128fsimple", der, PrivateKeyInfo, + p256_sphincsshake128fsimple), + DECODER_w_structure("p256_sphincsshake128fsimple", der, + SubjectPublicKeyInfo, p256_sphincsshake128fsimple), + DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, PrivateKeyInfo, + rsa3072_sphincsshake128fsimple), + DECODER_w_structure("rsa3072_sphincsshake128fsimple", der, + SubjectPublicKeyInfo, rsa3072_sphincsshake128fsimple), #endif -///// OQS_TEMPLATE_FRAGMENT_MAKE_END + ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 97e06f08..88729583 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -81,624 +81,981 @@ ///// OQS_TEMPLATE_FRAGMENT_MAKE_START #ifdef OQS_KEM_ENCODERS - -#ifdef OQS_ENABLE_KEM_frodokem_640_aes +# ifdef OQS_ENABLE_KEM_frodokem_640_aes ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), -ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo640aes", frodo640aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo640aes", frodo640aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo640aes", frodo640aes), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, PrivateKeyInfo), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_640_shake -ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), -ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo640shake", frodo640shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo640shake", frodo640shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo640shake", frodo640shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo640shake", frodo640shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo640shake", frodo640shake), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, PrivateKeyInfo), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_976_aes -ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), -ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo976aes", frodo976aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo976aes", frodo976aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo976aes", frodo976aes), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, PrivateKeyInfo), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, PrivateKeyInfo), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, PrivateKeyInfo), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_976_shake -ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), -ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo976shake", frodo976shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo976shake", frodo976shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo976shake", frodo976shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo976shake", frodo976shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo976shake", frodo976shake), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, PrivateKeyInfo), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, PrivateKeyInfo), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, PrivateKeyInfo), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_1344_aes -ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), -ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo1344aes", frodo1344aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo1344aes", frodo1344aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo1344aes", frodo1344aes), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, PrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), -#endif -#ifdef OQS_ENABLE_KEM_frodokem_1344_shake -ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), -ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), -ENCODER_w_structure("frodo1344shake", frodo1344shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("frodo1344shake", frodo1344shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("frodo1344shake", frodo1344shake), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, PrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), -#endif -#ifdef OQS_ENABLE_KEM_kyber_512 -ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), -ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), -ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("kyber512", kyber512), -ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), -ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_kyber512", p256_kyber512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_kyber512", p256_kyber512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_kyber512", p256_kyber512), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_kyber512", x25519_kyber512), -#endif -#ifdef OQS_ENABLE_KEM_kyber_768 -ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), -ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), -ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), -ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("kyber768", kyber768), -ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), -ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_kyber768", p384_kyber768, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_kyber768", p384_kyber768, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_kyber768", p384_kyber768), -ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), -ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), -ENCODER_w_structure("x448_kyber768", x448_kyber768, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_kyber768", x448_kyber768, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x448_kyber768", x448_kyber768), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_kyber768", x25519_kyber768), -ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), -ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_kyber768", p256_kyber768, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_kyber768", p256_kyber768, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_kyber768", p256_kyber768), -#endif -#ifdef OQS_ENABLE_KEM_kyber_1024 -ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), -ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), -ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), -ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("kyber1024", kyber1024), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_kyber1024", p521_kyber1024), -#endif -#ifdef OQS_ENABLE_KEM_bike_l1 -ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), -ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), -ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), -ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("bikel1", bikel1), -ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), -ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_bikel1", p256_bikel1, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_bikel1", p256_bikel1), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_bikel1", x25519_bikel1), -#endif -#ifdef OQS_ENABLE_KEM_bike_l3 -ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), -ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), -ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), -ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("bikel3", bikel3), -ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), -ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_bikel3", p384_bikel3, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_bikel3", p384_bikel3), -ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), -ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), -ENCODER_w_structure("x448_bikel3", x448_bikel3, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x448_bikel3", x448_bikel3), -#endif -#ifdef OQS_ENABLE_KEM_bike_l5 -ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), -ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), -ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), -ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("bikel5", bikel5), -ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), -ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_bikel5", p521_bikel5, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_bikel5", p521_bikel5), -#endif -#ifdef OQS_ENABLE_KEM_hqc_128 -ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), -ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), -ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), -ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("hqc128", hqc128), -ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), -ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_hqc128", p256_hqc128, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_hqc128", p256_hqc128), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x25519_hqc128", x25519_hqc128), -#endif -#ifdef OQS_ENABLE_KEM_hqc_192 -ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), -ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), -ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), -ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("hqc192", hqc192), -ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), -ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_hqc192", p384_hqc192, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_hqc192", p384_hqc192), -ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), -ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), -ENCODER_w_structure("x448_hqc192", x448_hqc192, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), -ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("x448_hqc192", x448_hqc192), -#endif -#ifdef OQS_ENABLE_KEM_hqc_256 -ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), -ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), -ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("hqc256", hqc256), -ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), -ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_hqc256", p521_hqc256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_hqc256", p521_hqc256), -#endif + ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), + ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("frodo640aes", frodo640aes), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_640_shake + ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo640shake", frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo640shake", frodo640shake), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_aes + ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), + ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("frodo976aes", frodo976aes), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_976_shake + ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo976shake", frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo976shake", frodo976shake), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_aes + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo1344aes", frodo1344aes), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), +# endif +# ifdef OQS_ENABLE_KEM_frodokem_1344_shake + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("frodo1344shake", frodo1344shake), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), +# endif +# ifdef OQS_ENABLE_KEM_kyber_512 + ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber512", kyber512), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_kyber512", p256_kyber512), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_kyber512", x25519_kyber512), +# endif +# ifdef OQS_ENABLE_KEM_kyber_768 + ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber768", kyber768), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_kyber768", p384_kyber768), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_kyber768", x448_kyber768), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_kyber768", x25519_kyber768), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_kyber768", p256_kyber768), +# endif +# ifdef OQS_ENABLE_KEM_kyber_1024 + ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), + ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("kyber1024", kyber1024), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_kyber1024", p521_kyber1024), +# endif +# ifdef OQS_ENABLE_KEM_bike_l1 + ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel1", bikel1), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_bikel1", p256_bikel1), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_bikel1", x25519_bikel1), +# endif +# ifdef OQS_ENABLE_KEM_bike_l3 + ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel3", bikel3), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p384_bikel3", p384_bikel3), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("x448_bikel3", x448_bikel3), +# endif +# ifdef OQS_ENABLE_KEM_bike_l5 + ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), + ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("bikel5", bikel5), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p521_bikel5", p521_bikel5), +# endif +# ifdef OQS_ENABLE_KEM_hqc_128 + ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc128", hqc128), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_hqc128", p256_hqc128), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_hqc128", x25519_hqc128), +# endif +# ifdef OQS_ENABLE_KEM_hqc_192 + ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc192", hqc192), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p384_hqc192", p384_hqc192), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), + ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("x448_hqc192", x448_hqc192), +# endif +# ifdef OQS_ENABLE_KEM_hqc_256 + ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), + ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("hqc256", hqc256), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p521_hqc256", p521_hqc256), +# endif #endif /* OQS_KEM_ENCODERS */ - #ifdef OQS_ENABLE_SIG_dilithium_2 -ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2", dilithium2, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2", dilithium2, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2", dilithium2, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2", dilithium2), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, PrivateKeyInfo), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_dilithium2", p256_dilithium2), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, SubjectPublicKeyInfo), -ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2_p256", dilithium2_p256), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), + ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, der, SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2", dilithium2, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2", dilithium2), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_dilithium2", p256_dilithium2, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_dilithium2", p256_dilithium2), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_p256", dilithium2_p256), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 -ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3", dilithium3, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3", dilithium3, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3", dilithium3, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3", dilithium3, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3", dilithium3, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3", dilithium3), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, PrivateKeyInfo), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_dilithium3", p384_dilithium3), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3_p256", dilithium3_p256), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), + ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), + ENCODER_w_structure("dilithium3", dilithium3, pem, PrivateKeyInfo), + ENCODER_w_structure("dilithium3", dilithium3, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3", dilithium3, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3", dilithium3, der, SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3", dilithium3, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3", dilithium3), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, + PrivateKeyInfo), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, + PrivateKeyInfo), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_dilithium3", p384_dilithium3), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_p256", dilithium3_p256), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 -ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium5", dilithium5, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium5", dilithium5, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5", dilithium5, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5", dilithium5, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium5", dilithium5, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium5", dilithium5), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, PrivateKeyInfo), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_dilithium5", p521_dilithium5), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium5_p384", dilithium5_p384), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, PrivateKeyInfo), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, SubjectPublicKeyInfo), -ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), + ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), + ENCODER_w_structure("dilithium5", dilithium5, pem, PrivateKeyInfo), + ENCODER_w_structure("dilithium5", dilithium5, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5", dilithium5, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5", dilithium5, der, SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5", dilithium5, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5", dilithium5), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_dilithium5", p521_dilithium5), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_p384", dilithium5_p384), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + PrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 -ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), -ENCODER_w_structure("falcon512", falcon512, pem, PrivateKeyInfo), -ENCODER_w_structure("falcon512", falcon512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512", falcon512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512", falcon512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("falcon512", falcon512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("falcon512", falcon512), -ENCODER_w_structure("p256_falcon512", p256_falcon512, der, PrivateKeyInfo), -ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_falcon512", p256_falcon512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_falcon512", p256_falcon512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_falcon512", p256_falcon512), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, SubjectPublicKeyInfo), -ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), -ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), -ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), -ENCODER_w_structure("falcon512_p256", falcon512_p256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_p256", falcon512_p256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("falcon512_p256", falcon512_p256), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, PrivateKeyInfo), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, PrivateKeyInfo), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, SubjectPublicKeyInfo), -ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("falcon512_bp256", falcon512_bp256), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, PrivateKeyInfo), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, PrivateKeyInfo), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, SubjectPublicKeyInfo), -ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), + ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), + ENCODER_w_structure("falcon512", falcon512, pem, PrivateKeyInfo), + ENCODER_w_structure("falcon512", falcon512, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512", falcon512, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512", falcon512, der, SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512", falcon512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512", falcon512), + ENCODER_w_structure("p256_falcon512", p256_falcon512, der, PrivateKeyInfo), + ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_falcon512", p256_falcon512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_falcon512", p256_falcon512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_falcon512", p256_falcon512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_falcon512", p256_falcon512), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_p256", falcon512_p256), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_bp256", falcon512_bp256), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 -ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), -ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), -ENCODER_w_structure("falcon1024", falcon1024, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon1024", falcon1024, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("falcon1024", falcon1024, der, SubjectPublicKeyInfo), -ENCODER_w_structure("falcon1024", falcon1024, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("falcon1024", falcon1024), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, PrivateKeyInfo), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, PrivateKeyInfo), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p521_falcon1024", p521_falcon1024), + ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), + ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), + ENCODER_w_structure("falcon1024", falcon1024, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon1024", falcon1024, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("falcon1024", falcon1024, der, SubjectPublicKeyInfo), + ENCODER_w_structure("falcon1024", falcon1024, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("falcon1024", falcon1024), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_falcon1024", p521_falcon1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_falcon1024", p521_falcon1024), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("sphincssha2128fsimple", sphincssha2128fsimple), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("sphincssha2128fsimple", sphincssha2128fsimple), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, der, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_sphincssha2128fsimple", + p256_sphincssha2128fsimple, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_sphincssha2128fsimple", p256_sphincssha2128fsimple), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, der, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, pem, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_sphincssha2128fsimple", + rsa3072_sphincssha2128fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("sphincssha2128ssimple", sphincssha2128ssimple), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("sphincssha2128ssimple", sphincssha2128ssimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("sphincssha2128ssimple", sphincssha2128ssimple), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, der, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_sphincssha2128ssimple", + p256_sphincssha2128ssimple, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_sphincssha2128ssimple", p256_sphincssha2128ssimple), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, der, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, pem, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_sphincssha2128ssimple", + rsa3072_sphincssha2128ssimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("sphincssha2192fsimple", sphincssha2192fsimple), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, + PrivateKeyInfo), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("sphincssha2192fsimple", sphincssha2192fsimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("sphincssha2192fsimple", sphincssha2192fsimple), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, der, PrivateKeyInfo), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p384_sphincssha2192fsimple", + p384_sphincssha2192fsimple, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p384_sphincssha2192fsimple", p384_sphincssha2192fsimple), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("sphincsshake128fsimple", sphincsshake128fsimple), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, PrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, EncryptedPrivateKeyInfo), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, der, SubjectPublicKeyInfo), -ENCODER_w_structure("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), -ENCODER_TEXT("rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, + PrivateKeyInfo), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, + PrivateKeyInfo), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("sphincsshake128fsimple", sphincsshake128fsimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("sphincsshake128fsimple", sphincsshake128fsimple), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, der, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, der, SubjectPublicKeyInfo), + ENCODER_w_structure("p256_sphincsshake128fsimple", + p256_sphincsshake128fsimple, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("p256_sphincsshake128fsimple", p256_sphincsshake128fsimple), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, der, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, pem, PrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_sphincsshake128fsimple", + rsa3072_sphincsshake128fsimple), #endif -///// OQS_TEMPLATE_FRAGMENT_MAKE_END + ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index f1e9d6de..541a0ba9 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -48,103 +48,181 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START - #ifdef OQS_KEM_ENCODERS -#define OQS_OID_CNT 162 +# define OQS_OID_CNT 162 #else -#define OQS_OID_CNT 78 +# define OQS_OID_CNT 78 #endif -const char* oqs_oid_alg_list[OQS_OID_CNT] = -{ +const char *oqs_oid_alg_list[OQS_OID_CNT] = { #ifdef OQS_KEM_ENCODERS -"1.3.9999.99.13", "frodo640aes", -"1.3.9999.99.12", "p256_frodo640aes", -"1.3.9999.99.1", "x25519_frodo640aes", -"1.3.9999.99.15", "frodo640shake", -"1.3.9999.99.14", "p256_frodo640shake", -"1.3.9999.99.2", "x25519_frodo640shake", -"1.3.9999.99.17", "frodo976aes", -"1.3.9999.99.16", "p384_frodo976aes", -"1.3.9999.99.3", "x448_frodo976aes", -"1.3.9999.99.19", "frodo976shake", -"1.3.9999.99.18", "p384_frodo976shake", -"1.3.9999.99.4", "x448_frodo976shake", -"1.3.9999.99.21", "frodo1344aes", -"1.3.9999.99.20", "p521_frodo1344aes", -"1.3.9999.99.23", "frodo1344shake", -"1.3.9999.99.22", "p521_frodo1344shake", -"1.3.6.1.4.1.22554.5.6.1", "kyber512", -"1.3.6.1.4.1.22554.5.7.1", "p256_kyber512", -"1.3.6.1.4.1.22554.5.8.1", "x25519_kyber512", -"1.3.6.1.4.1.22554.5.6.2", "kyber768", -"1.3.9999.99.24", "p384_kyber768", -"1.3.9999.99.5", "x448_kyber768", -"1.3.9999.99.6", "x25519_kyber768", -"1.3.9999.99.7", "p256_kyber768", -"1.3.6.1.4.1.22554.5.6.3", "kyber1024", -"1.3.9999.99.25", "p521_kyber1024", -"1.3.9999.99.27", "bikel1", -"1.3.9999.99.26", "p256_bikel1", -"1.3.9999.99.8", "x25519_bikel1", -"1.3.9999.99.29", "bikel3", -"1.3.9999.99.28", "p384_bikel3", -"1.3.9999.99.9", "x448_bikel3", -"1.3.9999.99.31", "bikel5", -"1.3.9999.99.30", "p521_bikel5", -"1.3.9999.99.33", "hqc128", -"1.3.9999.99.32", "p256_hqc128", -"1.3.9999.99.10", "x25519_hqc128", -"1.3.9999.99.35", "hqc192", -"1.3.9999.99.34", "p384_hqc192", -"1.3.9999.99.11", "x448_hqc192", -"1.3.9999.99.37", "hqc256", -"1.3.9999.99.36", "p521_hqc256", + "1.3.9999.99.13", + "frodo640aes", + "1.3.9999.99.12", + "p256_frodo640aes", + "1.3.9999.99.1", + "x25519_frodo640aes", + "1.3.9999.99.15", + "frodo640shake", + "1.3.9999.99.14", + "p256_frodo640shake", + "1.3.9999.99.2", + "x25519_frodo640shake", + "1.3.9999.99.17", + "frodo976aes", + "1.3.9999.99.16", + "p384_frodo976aes", + "1.3.9999.99.3", + "x448_frodo976aes", + "1.3.9999.99.19", + "frodo976shake", + "1.3.9999.99.18", + "p384_frodo976shake", + "1.3.9999.99.4", + "x448_frodo976shake", + "1.3.9999.99.21", + "frodo1344aes", + "1.3.9999.99.20", + "p521_frodo1344aes", + "1.3.9999.99.23", + "frodo1344shake", + "1.3.9999.99.22", + "p521_frodo1344shake", + "1.3.6.1.4.1.22554.5.6.1", + "kyber512", + "1.3.6.1.4.1.22554.5.7.1", + "p256_kyber512", + "1.3.6.1.4.1.22554.5.8.1", + "x25519_kyber512", + "1.3.6.1.4.1.22554.5.6.2", + "kyber768", + "1.3.9999.99.24", + "p384_kyber768", + "1.3.9999.99.5", + "x448_kyber768", + "1.3.9999.99.6", + "x25519_kyber768", + "1.3.9999.99.7", + "p256_kyber768", + "1.3.6.1.4.1.22554.5.6.3", + "kyber1024", + "1.3.9999.99.25", + "p521_kyber1024", + "1.3.9999.99.27", + "bikel1", + "1.3.9999.99.26", + "p256_bikel1", + "1.3.9999.99.8", + "x25519_bikel1", + "1.3.9999.99.29", + "bikel3", + "1.3.9999.99.28", + "p384_bikel3", + "1.3.9999.99.9", + "x448_bikel3", + "1.3.9999.99.31", + "bikel5", + "1.3.9999.99.30", + "p521_bikel5", + "1.3.9999.99.33", + "hqc128", + "1.3.9999.99.32", + "p256_hqc128", + "1.3.9999.99.10", + "x25519_hqc128", + "1.3.9999.99.35", + "hqc192", + "1.3.9999.99.34", + "p384_hqc192", + "1.3.9999.99.11", + "x448_hqc192", + "1.3.9999.99.37", + "hqc256", + "1.3.9999.99.36", + "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ - -"1.3.6.1.4.1.2.267.7.4.4", "dilithium2", -"1.3.9999.2.7.1" , "p256_dilithium2", -"1.3.9999.2.7.2" , "rsa3072_dilithium2", -"2.16.840.1.114027.80.8.1.1" , "dilithium2_pss2048", -"2.16.840.1.114027.80.8.1.2" , "dilithium2_rsa2048", -"2.16.840.1.114027.80.8.1.3" , "dilithium2_ed25519", -"2.16.840.1.114027.80.8.1.4" , "dilithium2_p256", -"2.16.840.1.114027.80.8.1.5" , "dilithium2_bp256", -"1.3.6.1.4.1.2.267.7.6.5", "dilithium3", -"1.3.9999.2.7.3" , "p384_dilithium3", -"2.16.840.1.114027.80.8.1.6" , "dilithium3_pss3072", -"2.16.840.1.114027.80.8.1.7" , "dilithium3_rsa3072", -"2.16.840.1.114027.80.8.1.8" , "dilithium3_p256", -"2.16.840.1.114027.80.8.1.9" , "dilithium3_bp256", -"2.16.840.1.114027.80.8.1.10" , "dilithium3_ed25519", -"1.3.6.1.4.1.2.267.7.8.7", "dilithium5", -"1.3.9999.2.7.4" , "p521_dilithium5", -"2.16.840.1.114027.80.8.1.11" , "dilithium5_p384", -"2.16.840.1.114027.80.8.1.12" , "dilithium5_bp384", -"2.16.840.1.114027.80.8.1.13" , "dilithium5_ed448", -"1.3.9999.3.6", "falcon512", -"1.3.9999.3.7" , "p256_falcon512", -"1.3.9999.3.8" , "rsa3072_falcon512", -"2.16.840.1.114027.80.8.1.14" , "falcon512_p256", -"2.16.840.1.114027.80.8.1.15" , "falcon512_bp256", -"2.16.840.1.114027.80.8.1.16" , "falcon512_ed25519", -"1.3.9999.3.9", "falcon1024", -"1.3.9999.3.10" , "p521_falcon1024", -"1.3.9999.6.4.13", "sphincssha2128fsimple", -"1.3.9999.6.4.14" , "p256_sphincssha2128fsimple", -"1.3.9999.6.4.15" , "rsa3072_sphincssha2128fsimple", -"1.3.9999.6.4.16", "sphincssha2128ssimple", -"1.3.9999.6.4.17" , "p256_sphincssha2128ssimple", -"1.3.9999.6.4.18" , "rsa3072_sphincssha2128ssimple", -"1.3.9999.6.5.10", "sphincssha2192fsimple", -"1.3.9999.6.5.11" , "p384_sphincssha2192fsimple", -"1.3.9999.6.7.13", "sphincsshake128fsimple", -"1.3.9999.6.7.14" , "p256_sphincsshake128fsimple", -"1.3.9999.6.7.15" , "rsa3072_sphincsshake128fsimple", -///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END + "1.3.6.1.4.1.2.267.7.4.4", + "dilithium2", + "1.3.9999.2.7.1", + "p256_dilithium2", + "1.3.9999.2.7.2", + "rsa3072_dilithium2", + "2.16.840.1.114027.80.8.1.1", + "dilithium2_pss2048", + "2.16.840.1.114027.80.8.1.2", + "dilithium2_rsa2048", + "2.16.840.1.114027.80.8.1.3", + "dilithium2_ed25519", + "2.16.840.1.114027.80.8.1.4", + "dilithium2_p256", + "2.16.840.1.114027.80.8.1.5", + "dilithium2_bp256", + "1.3.6.1.4.1.2.267.7.6.5", + "dilithium3", + "1.3.9999.2.7.3", + "p384_dilithium3", + "2.16.840.1.114027.80.8.1.6", + "dilithium3_pss3072", + "2.16.840.1.114027.80.8.1.7", + "dilithium3_rsa3072", + "2.16.840.1.114027.80.8.1.8", + "dilithium3_p256", + "2.16.840.1.114027.80.8.1.9", + "dilithium3_bp256", + "2.16.840.1.114027.80.8.1.10", + "dilithium3_ed25519", + "1.3.6.1.4.1.2.267.7.8.7", + "dilithium5", + "1.3.9999.2.7.4", + "p521_dilithium5", + "2.16.840.1.114027.80.8.1.11", + "dilithium5_p384", + "2.16.840.1.114027.80.8.1.12", + "dilithium5_bp384", + "2.16.840.1.114027.80.8.1.13", + "dilithium5_ed448", + "1.3.9999.3.6", + "falcon512", + "1.3.9999.3.7", + "p256_falcon512", + "1.3.9999.3.8", + "rsa3072_falcon512", + "2.16.840.1.114027.80.8.1.14", + "falcon512_p256", + "2.16.840.1.114027.80.8.1.15", + "falcon512_bp256", + "2.16.840.1.114027.80.8.1.16", + "falcon512_ed25519", + "1.3.9999.3.9", + "falcon1024", + "1.3.9999.3.10", + "p521_falcon1024", + "1.3.9999.6.4.13", + "sphincssha2128fsimple", + "1.3.9999.6.4.14", + "p256_sphincssha2128fsimple", + "1.3.9999.6.4.15", + "rsa3072_sphincssha2128fsimple", + "1.3.9999.6.4.16", + "sphincssha2128ssimple", + "1.3.9999.6.4.17", + "p256_sphincssha2128ssimple", + "1.3.9999.6.4.18", + "rsa3072_sphincssha2128ssimple", + "1.3.9999.6.5.10", + "sphincssha2192fsimple", + "1.3.9999.6.5.11", + "p384_sphincssha2192fsimple", + "1.3.9999.6.7.13", + "sphincsshake128fsimple", + "1.3.9999.6.7.14", + "p256_sphincsshake128fsimple", + "1.3.9999.6.7.15", + "rsa3072_sphincsshake128fsimple", + ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; int oqs_patch_oids(void) @@ -153,94 +231,175 @@ int oqs_patch_oids(void) #ifdef OQS_KEM_ENCODERS - - -if (getenv("OQS_OID_FRODO640AES")) oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); - -if (getenv("OQS_OID_P256_FRODO640AES")) oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); -if (getenv("OQS_OID_X25519_FRODO640AES")) oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); -if (getenv("OQS_OID_FRODO640SHAKE")) oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); - -if (getenv("OQS_OID_P256_FRODO640SHAKE")) oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); -if (getenv("OQS_OID_X25519_FRODO640SHAKE")) oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); -if (getenv("OQS_OID_FRODO976AES")) oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); - -if (getenv("OQS_OID_P384_FRODO976AES")) oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); -if (getenv("OQS_OID_X448_FRODO976AES")) oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); -if (getenv("OQS_OID_FRODO976SHAKE")) oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); - -if (getenv("OQS_OID_P384_FRODO976SHAKE")) oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); -if (getenv("OQS_OID_X448_FRODO976SHAKE")) oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); -if (getenv("OQS_OID_FRODO1344AES")) oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); - -if (getenv("OQS_OID_P521_FRODO1344AES")) oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); -if (getenv("OQS_OID_FRODO1344SHAKE")) oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); - -if (getenv("OQS_OID_P521_FRODO1344SHAKE")) oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); -if (getenv("OQS_OID_KYBER512")) oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); - -if (getenv("OQS_OID_P256_KYBER512")) oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); -if (getenv("OQS_OID_X25519_KYBER512")) oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); -if (getenv("OQS_OID_KYBER768")) oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); - -if (getenv("OQS_OID_P384_KYBER768")) oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); -if (getenv("OQS_OID_X448_KYBER768")) oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); -if (getenv("OQS_OID_X25519_KYBER768")) oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); -if (getenv("OQS_OID_P256_KYBER768")) oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); -if (getenv("OQS_OID_KYBER1024")) oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); - -if (getenv("OQS_OID_P521_KYBER1024")) oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); -if (getenv("OQS_OID_BIKEL1")) oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); - -if (getenv("OQS_OID_P256_BIKEL1")) oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); -if (getenv("OQS_OID_X25519_BIKEL1")) oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); -if (getenv("OQS_OID_BIKEL3")) oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); - -if (getenv("OQS_OID_P384_BIKEL3")) oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); -if (getenv("OQS_OID_X448_BIKEL3")) oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); -if (getenv("OQS_OID_BIKEL5")) oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); - -if (getenv("OQS_OID_P521_BIKEL5")) oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); -if (getenv("OQS_OID_HQC128")) oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); - -if (getenv("OQS_OID_P256_HQC128")) oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); -if (getenv("OQS_OID_X25519_HQC128")) oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); -if (getenv("OQS_OID_HQC192")) oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); - -if (getenv("OQS_OID_P384_HQC192")) oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); -if (getenv("OQS_OID_X448_HQC192")) oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); -if (getenv("OQS_OID_HQC256")) oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); - -if (getenv("OQS_OID_P521_HQC256")) oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); - -#define OQS_KEMOID_CNT 82+2 + if (getenv("OQS_OID_FRODO640AES")) + oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); + + if (getenv("OQS_OID_P256_FRODO640AES")) + oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); + if (getenv("OQS_OID_X25519_FRODO640AES")) + oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); + if (getenv("OQS_OID_FRODO640SHAKE")) + oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); + + if (getenv("OQS_OID_P256_FRODO640SHAKE")) + oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); + if (getenv("OQS_OID_X25519_FRODO640SHAKE")) + oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); + if (getenv("OQS_OID_FRODO976AES")) + oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); + + if (getenv("OQS_OID_P384_FRODO976AES")) + oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); + if (getenv("OQS_OID_X448_FRODO976AES")) + oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); + if (getenv("OQS_OID_FRODO976SHAKE")) + oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); + + if (getenv("OQS_OID_P384_FRODO976SHAKE")) + oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); + if (getenv("OQS_OID_X448_FRODO976SHAKE")) + oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); + if (getenv("OQS_OID_FRODO1344AES")) + oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); + + if (getenv("OQS_OID_P521_FRODO1344AES")) + oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); + if (getenv("OQS_OID_FRODO1344SHAKE")) + oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); + + if (getenv("OQS_OID_P521_FRODO1344SHAKE")) + oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); + if (getenv("OQS_OID_KYBER512")) + oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); + + if (getenv("OQS_OID_P256_KYBER512")) + oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); + if (getenv("OQS_OID_X25519_KYBER512")) + oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); + if (getenv("OQS_OID_KYBER768")) + oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); + + if (getenv("OQS_OID_P384_KYBER768")) + oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); + if (getenv("OQS_OID_X448_KYBER768")) + oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); + if (getenv("OQS_OID_X25519_KYBER768")) + oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); + if (getenv("OQS_OID_P256_KYBER768")) + oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); + if (getenv("OQS_OID_KYBER1024")) + oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); + + if (getenv("OQS_OID_P521_KYBER1024")) + oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); + if (getenv("OQS_OID_BIKEL1")) + oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); + + if (getenv("OQS_OID_P256_BIKEL1")) + oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); + if (getenv("OQS_OID_X25519_BIKEL1")) + oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); + if (getenv("OQS_OID_BIKEL3")) + oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); + + if (getenv("OQS_OID_P384_BIKEL3")) + oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); + if (getenv("OQS_OID_X448_BIKEL3")) + oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); + if (getenv("OQS_OID_BIKEL5")) + oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); + + if (getenv("OQS_OID_P521_BIKEL5")) + oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); + if (getenv("OQS_OID_HQC128")) + oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); + + if (getenv("OQS_OID_P256_HQC128")) + oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); + if (getenv("OQS_OID_X25519_HQC128")) + oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); + if (getenv("OQS_OID_HQC192")) + oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); + + if (getenv("OQS_OID_P384_HQC192")) + oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); + if (getenv("OQS_OID_X448_HQC192")) + oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); + if (getenv("OQS_OID_HQC256")) + oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); + + if (getenv("OQS_OID_P521_HQC256")) + oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); + +# define OQS_KEMOID_CNT 82 + 2 #else -#define OQS_KEMOID_CNT 0 +# define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ - if (getenv("OQS_OID_DILITHIUM2")) oqs_oid_alg_list[0+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); - if (getenv("OQS_OID_P256_DILITHIUM2")) oqs_oid_alg_list[2+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_DILITHIUM2"); - if (getenv("OQS_OID_RSA3072_DILITHIUM2")) oqs_oid_alg_list[4+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_DILITHIUM2"); - if (getenv("OQS_OID_DILITHIUM3")) oqs_oid_alg_list[6+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); - if (getenv("OQS_OID_P384_DILITHIUM3")) oqs_oid_alg_list[8+OQS_KEMOID_CNT] = getenv("OQS_OID_P384_DILITHIUM3"); - if (getenv("OQS_OID_DILITHIUM5")) oqs_oid_alg_list[10+OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); - if (getenv("OQS_OID_P521_DILITHIUM5")) oqs_oid_alg_list[12+OQS_KEMOID_CNT] = getenv("OQS_OID_P521_DILITHIUM5"); - if (getenv("OQS_OID_FALCON512")) oqs_oid_alg_list[14+OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); - if (getenv("OQS_OID_P256_FALCON512")) oqs_oid_alg_list[16+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_FALCON512"); - if (getenv("OQS_OID_RSA3072_FALCON512")) oqs_oid_alg_list[18+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCON512"); - if (getenv("OQS_OID_FALCON1024")) oqs_oid_alg_list[20+OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); - if (getenv("OQS_OID_P521_FALCON1024")) oqs_oid_alg_list[22+OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCON1024"); - if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[24+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[26+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[28+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[30+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[32+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[34+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[36+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[38+OQS_KEMOID_CNT] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[40+OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[42+OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[44+OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); -///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END + if (getenv("OQS_OID_DILITHIUM2")) + oqs_oid_alg_list[0 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); + if (getenv("OQS_OID_P256_DILITHIUM2")) + oqs_oid_alg_list[2 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_DILITHIUM2"); + if (getenv("OQS_OID_RSA3072_DILITHIUM2")) + oqs_oid_alg_list[4 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_DILITHIUM2"); + if (getenv("OQS_OID_DILITHIUM3")) + oqs_oid_alg_list[6 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); + if (getenv("OQS_OID_P384_DILITHIUM3")) + oqs_oid_alg_list[8 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P384_DILITHIUM3"); + if (getenv("OQS_OID_DILITHIUM5")) + oqs_oid_alg_list[10 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); + if (getenv("OQS_OID_P521_DILITHIUM5")) + oqs_oid_alg_list[12 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P521_DILITHIUM5"); + if (getenv("OQS_OID_FALCON512")) + oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); + if (getenv("OQS_OID_P256_FALCON512")) + oqs_oid_alg_list[16 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_FALCON512"); + if (getenv("OQS_OID_RSA3072_FALCON512")) + oqs_oid_alg_list[18 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_FALCON512"); + if (getenv("OQS_OID_FALCON1024")) + oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); + if (getenv("OQS_OID_P521_FALCON1024")) + oqs_oid_alg_list[22 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P521_FALCON1024"); + if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) + oqs_oid_alg_list[24 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) + oqs_oid_alg_list[26 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) + oqs_oid_alg_list[28 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) + oqs_oid_alg_list[30 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) + oqs_oid_alg_list[32 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) + oqs_oid_alg_list[34 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) + oqs_oid_alg_list[36 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) + oqs_oid_alg_list[38 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) + oqs_oid_alg_list[40 + OQS_KEMOID_CNT] + = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) + oqs_oid_alg_list[42 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) + oqs_oid_alg_list[44 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); + ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } @@ -250,85 +409,208 @@ const char *oqs_alg_encoding_list[OQS_OID_CNT] = {0}; int oqs_patch_encodings(void) { ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START - if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); - if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); - if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[3] = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); - if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); - if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); - if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); - if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); - if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); - if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); - if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384")) oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) oqs_alg_encoding_list[37] = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); - if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); - if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); - if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_P256")) oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); - if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) oqs_alg_encoding_list[47] = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_BP256")) oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); - if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) oqs_alg_encoding_list[49] = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_ED25519")) oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); - if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) oqs_alg_encoding_list[51] = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); - if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); - if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); - if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[70] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); - if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[71] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[72] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[73] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[74] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[75] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[76] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); - if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[77] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); -///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END + if (getenv("OQS_ENCODING_DILITHIUM2")) + oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); + if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) + oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2")) + oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); + if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) + oqs_alg_encoding_list[3] + = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) + oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); + if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) + oqs_alg_encoding_list[5] + = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) + oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) + oqs_alg_encoding_list[7] + = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) + oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); + if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) + oqs_alg_encoding_list[9] + = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) + oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) + oqs_alg_encoding_list[11] + = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256")) + oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); + if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) + oqs_alg_encoding_list[13] + = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) + oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) + oqs_alg_encoding_list[15] + = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3")) + oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); + if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) + oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3")) + oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); + if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) + oqs_alg_encoding_list[19] + = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) + oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) + oqs_alg_encoding_list[21] + = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) + oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); + if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) + oqs_alg_encoding_list[23] + = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256")) + oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); + if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) + oqs_alg_encoding_list[25] + = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) + oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); + if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) + oqs_alg_encoding_list[27] + = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) + oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); + if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) + oqs_alg_encoding_list[29] + = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5")) + oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); + if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) + oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5")) + oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); + if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) + oqs_alg_encoding_list[33] + = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384")) + oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); + if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) + oqs_alg_encoding_list[35] + = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) + oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); + if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) + oqs_alg_encoding_list[37] + = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) + oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); + if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) + oqs_alg_encoding_list[39] + = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512")) + oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); + if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) + oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_P256_FALCON512")) + oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); + if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) + oqs_alg_encoding_list[43] + = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_FALCON512")) + oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) + oqs_alg_encoding_list[45] + = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_P256")) + oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); + if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) + oqs_alg_encoding_list[47] + = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_BP256")) + oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); + if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) + oqs_alg_encoding_list[49] + = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON512_ED25519")) + oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); + if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) + oqs_alg_encoding_list[51] + = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_FALCON1024")) + oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); + if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) + oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + if (getenv("OQS_ENCODING_P521_FALCON1024")) + oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); + if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) + oqs_alg_encoding_list[55] + = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) + oqs_alg_encoding_list[56] + = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[57] + = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) + oqs_alg_encoding_list[58] + = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[59] + = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) + oqs_alg_encoding_list[60] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[61] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) + oqs_alg_encoding_list[62] + = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) + oqs_alg_encoding_list[63] + = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) + oqs_alg_encoding_list[64] + = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) + oqs_alg_encoding_list[65] + = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) + oqs_alg_encoding_list[66] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) + oqs_alg_encoding_list[67] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) + oqs_alg_encoding_list[68] + = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[69] + = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) + oqs_alg_encoding_list[70] + = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); + if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[71] + = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) + oqs_alg_encoding_list[72] + = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[73] + = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) + oqs_alg_encoding_list[74] + = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[75] + = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) + oqs_alg_encoding_list[76] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); + if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) + oqs_alg_encoding_list[77] + = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); + ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; } #endif @@ -429,7 +711,7 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("p256_sphincsshake128fsimple", 128, oqs_signature_functions), SIGALG("rsa3072_sphincsshake128fsimple", 128, oqs_signature_functions), #endif -///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END + ///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { @@ -507,8 +789,8 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { KEMBASEALG(hqc256, 256) KEMHYBALG(p521_hqc256, 256) #endif -// clang-format on -///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END + // clang-format on + ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { @@ -660,8 +942,8 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { KEMKMHYBALG(p521_hqc256, 256, ecp) #endif -// clang-format on -///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END + // clang-format on + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), {NULL, NULL, NULL}}; diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 1911e1a4..6255b041 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -35,64 +35,64 @@ typedef struct oqs_group_constants_st { static OQS_GROUP_CONSTANTS oqs_group_list[] = { // ad-hoc assignments - take from OQS generate data structures ///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_START - { 0x0200, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x0200, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F00, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F80, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0201, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F00, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F80, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0201, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F01, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F81, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0202, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F01, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F81, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0202, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F02, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F82, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0203, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F02, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F82, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0203, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F03, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F83, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0204, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F03, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F83, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0204, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F04, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0205, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F04, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0205, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F05, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x023A, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F05, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x023A, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F3A, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F39, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x023C, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F3A, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F39, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x023C, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F3C, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2F90, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x6399, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x639A, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F3C, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F90, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x6399, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x639A, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2FAE, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0242, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FAE, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0242, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F42, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2FAF, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0243, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F42, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FAF, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0243, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F43, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0244, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F43, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0244, 128, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F44, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2FB0, 128, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0245, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F44, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB0, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0245, 192, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F45, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x2FB1, 192, TLS1_3_VERSION, 0, -1, -1, 1 }, - { 0x0246, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, + {0x2F45, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB1, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0246, 256, TLS1_3_VERSION, 0, -1, -1, 1}, - { 0x2F46, 256, TLS1_3_VERSION, 0, -1, -1, 1 }, -///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END + {0x2F46, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + ///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END }; // Adds entries for tlsname, `ecx`_tlsname and `ecp`_tlsname @@ -128,13 +128,16 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(frodo640aes, frodo640aes, frodo640aes, 0), OQS_GROUP_ENTRY(p256_frodo640aes, p256_frodo640aes, p256_frodo640aes, 1), - OQS_GROUP_ENTRY(x25519_frodo640aes, x25519_frodo640aes, x25519_frodo640aes, 2), + OQS_GROUP_ENTRY(x25519_frodo640aes, x25519_frodo640aes, x25519_frodo640aes, + 2), #endif #ifdef OQS_ENABLE_KEM_frodokem_640_shake OQS_GROUP_ENTRY(frodo640shake, frodo640shake, frodo640shake, 3), - OQS_GROUP_ENTRY(p256_frodo640shake, p256_frodo640shake, p256_frodo640shake, 4), - OQS_GROUP_ENTRY(x25519_frodo640shake, x25519_frodo640shake, x25519_frodo640shake, 5), + OQS_GROUP_ENTRY(p256_frodo640shake, p256_frodo640shake, p256_frodo640shake, + 4), + OQS_GROUP_ENTRY(x25519_frodo640shake, x25519_frodo640shake, + x25519_frodo640shake, 5), #endif #ifdef OQS_ENABLE_KEM_frodokem_976_aes OQS_GROUP_ENTRY(frodo976aes, frodo976aes, frodo976aes, 6), @@ -145,18 +148,22 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { #ifdef OQS_ENABLE_KEM_frodokem_976_shake OQS_GROUP_ENTRY(frodo976shake, frodo976shake, frodo976shake, 9), - OQS_GROUP_ENTRY(p384_frodo976shake, p384_frodo976shake, p384_frodo976shake, 10), - OQS_GROUP_ENTRY(x448_frodo976shake, x448_frodo976shake, x448_frodo976shake, 11), + OQS_GROUP_ENTRY(p384_frodo976shake, p384_frodo976shake, p384_frodo976shake, + 10), + OQS_GROUP_ENTRY(x448_frodo976shake, x448_frodo976shake, x448_frodo976shake, + 11), #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_aes OQS_GROUP_ENTRY(frodo1344aes, frodo1344aes, frodo1344aes, 12), - OQS_GROUP_ENTRY(p521_frodo1344aes, p521_frodo1344aes, p521_frodo1344aes, 13), + OQS_GROUP_ENTRY(p521_frodo1344aes, p521_frodo1344aes, p521_frodo1344aes, + 13), #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_shake OQS_GROUP_ENTRY(frodo1344shake, frodo1344shake, frodo1344shake, 14), - OQS_GROUP_ENTRY(p521_frodo1344shake, p521_frodo1344shake, p521_frodo1344shake, 15), + OQS_GROUP_ENTRY(p521_frodo1344shake, p521_frodo1344shake, + p521_frodo1344shake, 15), #endif #ifdef OQS_ENABLE_KEM_kyber_512 OQS_GROUP_ENTRY(kyber512, kyber512, kyber512, 16), @@ -211,7 +218,7 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 41), #endif -///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END + ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END }; typedef struct oqs_sigalg_constants_st { @@ -224,103 +231,202 @@ typedef struct oqs_sigalg_constants_st { static OQS_SIGALG_CONSTANTS oqs_sigalg_list[] = { // ad-hoc assignments - take from OQS generate data structures ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_START - { 0xfea0, 128, TLS1_3_VERSION, 0 }, - { 0xfea1, 128, TLS1_3_VERSION, 0 }, - { 0xfea2, 128, TLS1_3_VERSION, 0 }, - { 0xfea3, 192, TLS1_3_VERSION, 0 }, - { 0xfea4, 192, TLS1_3_VERSION, 0 }, - { 0xfea5, 256, TLS1_3_VERSION, 0 }, - { 0xfea6, 256, TLS1_3_VERSION, 0 }, - { 0xfeae, 128, TLS1_3_VERSION, 0 }, - { 0xfeaf, 128, TLS1_3_VERSION, 0 }, - { 0xfeb0, 128, TLS1_3_VERSION, 0 }, - { 0xfeb1, 256, TLS1_3_VERSION, 0 }, - { 0xfeb2, 256, TLS1_3_VERSION, 0 }, - { 0xfeb3, 128, TLS1_3_VERSION, 0 }, - { 0xfeb4, 128, TLS1_3_VERSION, 0 }, - { 0xfeb5, 128, TLS1_3_VERSION, 0 }, - { 0xfeb6, 128, TLS1_3_VERSION, 0 }, - { 0xfeb7, 128, TLS1_3_VERSION, 0 }, - { 0xfeb8, 128, TLS1_3_VERSION, 0 }, - { 0xfeb9, 192, TLS1_3_VERSION, 0 }, - { 0xfeba, 192, TLS1_3_VERSION, 0 }, - { 0xfec2, 128, TLS1_3_VERSION, 0 }, - { 0xfec3, 128, TLS1_3_VERSION, 0 }, - { 0xfec4, 128, TLS1_3_VERSION, 0 }, -///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END + {0xfea0, 128, TLS1_3_VERSION, 0}, {0xfea1, 128, TLS1_3_VERSION, 0}, + {0xfea2, 128, TLS1_3_VERSION, 0}, {0xfea3, 192, TLS1_3_VERSION, 0}, + {0xfea4, 192, TLS1_3_VERSION, 0}, {0xfea5, 256, TLS1_3_VERSION, 0}, + {0xfea6, 256, TLS1_3_VERSION, 0}, {0xfeae, 128, TLS1_3_VERSION, 0}, + {0xfeaf, 128, TLS1_3_VERSION, 0}, {0xfeb0, 128, TLS1_3_VERSION, 0}, + {0xfeb1, 256, TLS1_3_VERSION, 0}, {0xfeb2, 256, TLS1_3_VERSION, 0}, + {0xfeb3, 128, TLS1_3_VERSION, 0}, {0xfeb4, 128, TLS1_3_VERSION, 0}, + {0xfeb5, 128, TLS1_3_VERSION, 0}, {0xfeb6, 128, TLS1_3_VERSION, 0}, + {0xfeb7, 128, TLS1_3_VERSION, 0}, {0xfeb8, 128, TLS1_3_VERSION, 0}, + {0xfeb9, 192, TLS1_3_VERSION, 0}, {0xfeba, 192, TLS1_3_VERSION, 0}, + {0xfec2, 128, TLS1_3_VERSION, 0}, {0xfec3, 128, TLS1_3_VERSION, 0}, + {0xfec4, 128, TLS1_3_VERSION, 0}, + ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END }; int oqs_patch_codepoints() { ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_START - if (getenv("OQS_CODEPOINT_FRODO640AES")) oqs_group_list[0].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640AES")); - if (getenv("OQS_CODEPOINT_P256_FRODO640AES")) oqs_group_list[1].group_id = atoi(getenv("OQS_CODEPOINT_P256_FRODO640AES")); - if (getenv("OQS_CODEPOINT_X25519_FRODO640AES")) oqs_group_list[2].group_id = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640AES")); - if (getenv("OQS_CODEPOINT_FRODO640SHAKE")) oqs_group_list[3].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")) oqs_group_list[4].group_id = atoi(getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")) oqs_group_list[5].group_id = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")); - if (getenv("OQS_CODEPOINT_FRODO976AES")) oqs_group_list[6].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976AES")); - if (getenv("OQS_CODEPOINT_P384_FRODO976AES")) oqs_group_list[7].group_id = atoi(getenv("OQS_CODEPOINT_P384_FRODO976AES")); - if (getenv("OQS_CODEPOINT_X448_FRODO976AES")) oqs_group_list[8].group_id = atoi(getenv("OQS_CODEPOINT_X448_FRODO976AES")); - if (getenv("OQS_CODEPOINT_FRODO976SHAKE")) oqs_group_list[9].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")) oqs_group_list[10].group_id = atoi(getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")) oqs_group_list[11].group_id = atoi(getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")); - if (getenv("OQS_CODEPOINT_FRODO1344AES")) oqs_group_list[12].group_id = atoi(getenv("OQS_CODEPOINT_FRODO1344AES")); - if (getenv("OQS_CODEPOINT_P521_FRODO1344AES")) oqs_group_list[13].group_id = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344AES")); - if (getenv("OQS_CODEPOINT_FRODO1344SHAKE")) oqs_group_list[14].group_id = atoi(getenv("OQS_CODEPOINT_FRODO1344SHAKE")); - if (getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")) oqs_group_list[15].group_id = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")); - if (getenv("OQS_CODEPOINT_KYBER512")) oqs_group_list[16].group_id = atoi(getenv("OQS_CODEPOINT_KYBER512")); - if (getenv("OQS_CODEPOINT_P256_KYBER512")) oqs_group_list[17].group_id = atoi(getenv("OQS_CODEPOINT_P256_KYBER512")); - if (getenv("OQS_CODEPOINT_X25519_KYBER512")) oqs_group_list[18].group_id = atoi(getenv("OQS_CODEPOINT_X25519_KYBER512")); - if (getenv("OQS_CODEPOINT_KYBER768")) oqs_group_list[19].group_id = atoi(getenv("OQS_CODEPOINT_KYBER768")); - if (getenv("OQS_CODEPOINT_P384_KYBER768")) oqs_group_list[20].group_id = atoi(getenv("OQS_CODEPOINT_P384_KYBER768")); - if (getenv("OQS_CODEPOINT_X448_KYBER768")) oqs_group_list[21].group_id = atoi(getenv("OQS_CODEPOINT_X448_KYBER768")); - if (getenv("OQS_CODEPOINT_X25519_KYBER768")) oqs_group_list[22].group_id = atoi(getenv("OQS_CODEPOINT_X25519_KYBER768")); - if (getenv("OQS_CODEPOINT_P256_KYBER768")) oqs_group_list[23].group_id = atoi(getenv("OQS_CODEPOINT_P256_KYBER768")); - if (getenv("OQS_CODEPOINT_KYBER1024")) oqs_group_list[24].group_id = atoi(getenv("OQS_CODEPOINT_KYBER1024")); - if (getenv("OQS_CODEPOINT_P521_KYBER1024")) oqs_group_list[25].group_id = atoi(getenv("OQS_CODEPOINT_P521_KYBER1024")); - if (getenv("OQS_CODEPOINT_BIKEL1")) oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); - if (getenv("OQS_CODEPOINT_P256_BIKEL1")) oqs_group_list[27].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); - if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) oqs_group_list[28].group_id = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); - if (getenv("OQS_CODEPOINT_BIKEL3")) oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); - if (getenv("OQS_CODEPOINT_P384_BIKEL3")) oqs_group_list[30].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); - if (getenv("OQS_CODEPOINT_X448_BIKEL3")) oqs_group_list[31].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); - if (getenv("OQS_CODEPOINT_BIKEL5")) oqs_group_list[32].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); - if (getenv("OQS_CODEPOINT_P521_BIKEL5")) oqs_group_list[33].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); - if (getenv("OQS_CODEPOINT_HQC128")) oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); - if (getenv("OQS_CODEPOINT_P256_HQC128")) oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); - if (getenv("OQS_CODEPOINT_X25519_HQC128")) oqs_group_list[36].group_id = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); - if (getenv("OQS_CODEPOINT_HQC192")) oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); - if (getenv("OQS_CODEPOINT_P384_HQC192")) oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); - if (getenv("OQS_CODEPOINT_X448_HQC192")) oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); - if (getenv("OQS_CODEPOINT_HQC256")) oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); - if (getenv("OQS_CODEPOINT_P521_HQC256")) oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); - - if (getenv("OQS_CODEPOINT_DILITHIUM2")) oqs_sigalg_list[0].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_P256_DILITHIUM2")) oqs_sigalg_list[1].code_point = atoi(getenv("OQS_CODEPOINT_P256_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")) oqs_sigalg_list[2].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")); - if (getenv("OQS_CODEPOINT_DILITHIUM3")) oqs_sigalg_list[3].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM3")); - if (getenv("OQS_CODEPOINT_P384_DILITHIUM3")) oqs_sigalg_list[4].code_point = atoi(getenv("OQS_CODEPOINT_P384_DILITHIUM3")); - if (getenv("OQS_CODEPOINT_DILITHIUM5")) oqs_sigalg_list[5].code_point = atoi(getenv("OQS_CODEPOINT_DILITHIUM5")); - if (getenv("OQS_CODEPOINT_P521_DILITHIUM5")) oqs_sigalg_list[6].code_point = atoi(getenv("OQS_CODEPOINT_P521_DILITHIUM5")); - if (getenv("OQS_CODEPOINT_FALCON512")) oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_FALCON512")); - if (getenv("OQS_CODEPOINT_P256_FALCON512")) oqs_sigalg_list[8].code_point = atoi(getenv("OQS_CODEPOINT_P256_FALCON512")); - if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) oqs_sigalg_list[9].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); - if (getenv("OQS_CODEPOINT_FALCON1024")) oqs_sigalg_list[10].code_point = atoi(getenv("OQS_CODEPOINT_FALCON1024")); - if (getenv("OQS_CODEPOINT_P521_FALCON1024")) oqs_sigalg_list[11].code_point = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[12].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[13].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_sigalg_list[14].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[15].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[16].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_sigalg_list[17].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) oqs_sigalg_list[18].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); - if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) oqs_sigalg_list[19].code_point = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); - if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[20].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); - if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[21].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); - if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_sigalg_list[22].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); -///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END + if (getenv("OQS_CODEPOINT_FRODO640AES")) + oqs_group_list[0].group_id = atoi(getenv("OQS_CODEPOINT_FRODO640AES")); + if (getenv("OQS_CODEPOINT_P256_FRODO640AES")) + oqs_group_list[1].group_id + = atoi(getenv("OQS_CODEPOINT_P256_FRODO640AES")); + if (getenv("OQS_CODEPOINT_X25519_FRODO640AES")) + oqs_group_list[2].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640AES")); + if (getenv("OQS_CODEPOINT_FRODO640SHAKE")) + oqs_group_list[3].group_id + = atoi(getenv("OQS_CODEPOINT_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")) + oqs_group_list[4].group_id + = atoi(getenv("OQS_CODEPOINT_P256_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")) + oqs_group_list[5].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_FRODO640SHAKE")); + if (getenv("OQS_CODEPOINT_FRODO976AES")) + oqs_group_list[6].group_id = atoi(getenv("OQS_CODEPOINT_FRODO976AES")); + if (getenv("OQS_CODEPOINT_P384_FRODO976AES")) + oqs_group_list[7].group_id + = atoi(getenv("OQS_CODEPOINT_P384_FRODO976AES")); + if (getenv("OQS_CODEPOINT_X448_FRODO976AES")) + oqs_group_list[8].group_id + = atoi(getenv("OQS_CODEPOINT_X448_FRODO976AES")); + if (getenv("OQS_CODEPOINT_FRODO976SHAKE")) + oqs_group_list[9].group_id + = atoi(getenv("OQS_CODEPOINT_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")) + oqs_group_list[10].group_id + = atoi(getenv("OQS_CODEPOINT_P384_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")) + oqs_group_list[11].group_id + = atoi(getenv("OQS_CODEPOINT_X448_FRODO976SHAKE")); + if (getenv("OQS_CODEPOINT_FRODO1344AES")) + oqs_group_list[12].group_id + = atoi(getenv("OQS_CODEPOINT_FRODO1344AES")); + if (getenv("OQS_CODEPOINT_P521_FRODO1344AES")) + oqs_group_list[13].group_id + = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344AES")); + if (getenv("OQS_CODEPOINT_FRODO1344SHAKE")) + oqs_group_list[14].group_id + = atoi(getenv("OQS_CODEPOINT_FRODO1344SHAKE")); + if (getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")) + oqs_group_list[15].group_id + = atoi(getenv("OQS_CODEPOINT_P521_FRODO1344SHAKE")); + if (getenv("OQS_CODEPOINT_KYBER512")) + oqs_group_list[16].group_id = atoi(getenv("OQS_CODEPOINT_KYBER512")); + if (getenv("OQS_CODEPOINT_P256_KYBER512")) + oqs_group_list[17].group_id + = atoi(getenv("OQS_CODEPOINT_P256_KYBER512")); + if (getenv("OQS_CODEPOINT_X25519_KYBER512")) + oqs_group_list[18].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_KYBER512")); + if (getenv("OQS_CODEPOINT_KYBER768")) + oqs_group_list[19].group_id = atoi(getenv("OQS_CODEPOINT_KYBER768")); + if (getenv("OQS_CODEPOINT_P384_KYBER768")) + oqs_group_list[20].group_id + = atoi(getenv("OQS_CODEPOINT_P384_KYBER768")); + if (getenv("OQS_CODEPOINT_X448_KYBER768")) + oqs_group_list[21].group_id + = atoi(getenv("OQS_CODEPOINT_X448_KYBER768")); + if (getenv("OQS_CODEPOINT_X25519_KYBER768")) + oqs_group_list[22].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_KYBER768")); + if (getenv("OQS_CODEPOINT_P256_KYBER768")) + oqs_group_list[23].group_id + = atoi(getenv("OQS_CODEPOINT_P256_KYBER768")); + if (getenv("OQS_CODEPOINT_KYBER1024")) + oqs_group_list[24].group_id = atoi(getenv("OQS_CODEPOINT_KYBER1024")); + if (getenv("OQS_CODEPOINT_P521_KYBER1024")) + oqs_group_list[25].group_id + = atoi(getenv("OQS_CODEPOINT_P521_KYBER1024")); + if (getenv("OQS_CODEPOINT_BIKEL1")) + oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); + if (getenv("OQS_CODEPOINT_P256_BIKEL1")) + oqs_group_list[27].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); + if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) + oqs_group_list[28].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); + if (getenv("OQS_CODEPOINT_BIKEL3")) + oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); + if (getenv("OQS_CODEPOINT_P384_BIKEL3")) + oqs_group_list[30].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); + if (getenv("OQS_CODEPOINT_X448_BIKEL3")) + oqs_group_list[31].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); + if (getenv("OQS_CODEPOINT_BIKEL5")) + oqs_group_list[32].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); + if (getenv("OQS_CODEPOINT_P521_BIKEL5")) + oqs_group_list[33].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); + if (getenv("OQS_CODEPOINT_HQC128")) + oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); + if (getenv("OQS_CODEPOINT_P256_HQC128")) + oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); + if (getenv("OQS_CODEPOINT_X25519_HQC128")) + oqs_group_list[36].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); + if (getenv("OQS_CODEPOINT_HQC192")) + oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); + if (getenv("OQS_CODEPOINT_P384_HQC192")) + oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); + if (getenv("OQS_CODEPOINT_X448_HQC192")) + oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); + if (getenv("OQS_CODEPOINT_HQC256")) + oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); + if (getenv("OQS_CODEPOINT_P521_HQC256")) + oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); + + if (getenv("OQS_CODEPOINT_DILITHIUM2")) + oqs_sigalg_list[0].code_point + = atoi(getenv("OQS_CODEPOINT_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_P256_DILITHIUM2")) + oqs_sigalg_list[1].code_point + = atoi(getenv("OQS_CODEPOINT_P256_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")) + oqs_sigalg_list[2].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_DILITHIUM2")); + if (getenv("OQS_CODEPOINT_DILITHIUM3")) + oqs_sigalg_list[3].code_point + = atoi(getenv("OQS_CODEPOINT_DILITHIUM3")); + if (getenv("OQS_CODEPOINT_P384_DILITHIUM3")) + oqs_sigalg_list[4].code_point + = atoi(getenv("OQS_CODEPOINT_P384_DILITHIUM3")); + if (getenv("OQS_CODEPOINT_DILITHIUM5")) + oqs_sigalg_list[5].code_point + = atoi(getenv("OQS_CODEPOINT_DILITHIUM5")); + if (getenv("OQS_CODEPOINT_P521_DILITHIUM5")) + oqs_sigalg_list[6].code_point + = atoi(getenv("OQS_CODEPOINT_P521_DILITHIUM5")); + if (getenv("OQS_CODEPOINT_FALCON512")) + oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_FALCON512")); + if (getenv("OQS_CODEPOINT_P256_FALCON512")) + oqs_sigalg_list[8].code_point + = atoi(getenv("OQS_CODEPOINT_P256_FALCON512")); + if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) + oqs_sigalg_list[9].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); + if (getenv("OQS_CODEPOINT_FALCON1024")) + oqs_sigalg_list[10].code_point + = atoi(getenv("OQS_CODEPOINT_FALCON1024")); + if (getenv("OQS_CODEPOINT_P521_FALCON1024")) + oqs_sigalg_list[11].code_point + = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) + oqs_sigalg_list[12].code_point + = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) + oqs_sigalg_list[13].code_point + = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) + oqs_sigalg_list[14].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) + oqs_sigalg_list[15].code_point + = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) + oqs_sigalg_list[16].code_point + = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) + oqs_sigalg_list[17].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) + oqs_sigalg_list[18].code_point + = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); + if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) + oqs_sigalg_list[19].code_point + = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); + if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) + oqs_sigalg_list[20].code_point + = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); + if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) + oqs_sigalg_list[21].code_point + = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); + if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) + oqs_sigalg_list[22].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); + ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END return 1; } @@ -360,48 +466,72 @@ static int oqs_group_capability(OSSL_CALLBACK *cb, void *arg) static const OSSL_PARAM oqs_param_sigalg_list[][12] = { ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_START -#ifdef OQS_ENABLE_SIG_dilithium_2 - OQS_SIGALG_ENTRY(dilithium2, dilithium2, dilithium2, "1.3.6.1.4.1.2.267.7.4.4", 0), - OQS_SIGALG_ENTRY(p256_dilithium2, p256_dilithium2, p256_dilithium2, "1.3.9999.2.7.1", 1), - OQS_SIGALG_ENTRY(rsa3072_dilithium2, rsa3072_dilithium2, rsa3072_dilithium2, "1.3.9999.2.7.2", 2), -#endif -#ifdef OQS_ENABLE_SIG_dilithium_3 - OQS_SIGALG_ENTRY(dilithium3, dilithium3, dilithium3, "1.3.6.1.4.1.2.267.7.6.5", 3), - OQS_SIGALG_ENTRY(p384_dilithium3, p384_dilithium3, p384_dilithium3, "1.3.9999.2.7.3", 4), -#endif -#ifdef OQS_ENABLE_SIG_dilithium_5 - OQS_SIGALG_ENTRY(dilithium5, dilithium5, dilithium5, "1.3.6.1.4.1.2.267.7.8.7", 5), - OQS_SIGALG_ENTRY(p521_dilithium5, p521_dilithium5, p521_dilithium5, "1.3.9999.2.7.4", 6), -#endif -#ifdef OQS_ENABLE_SIG_falcon_512 +# ifdef OQS_ENABLE_SIG_dilithium_2 + OQS_SIGALG_ENTRY(dilithium2, dilithium2, dilithium2, + "1.3.6.1.4.1.2.267.7.4.4", 0), + OQS_SIGALG_ENTRY(p256_dilithium2, p256_dilithium2, p256_dilithium2, + "1.3.9999.2.7.1", 1), + OQS_SIGALG_ENTRY(rsa3072_dilithium2, rsa3072_dilithium2, rsa3072_dilithium2, + "1.3.9999.2.7.2", 2), +# endif +# ifdef OQS_ENABLE_SIG_dilithium_3 + OQS_SIGALG_ENTRY(dilithium3, dilithium3, dilithium3, + "1.3.6.1.4.1.2.267.7.6.5", 3), + OQS_SIGALG_ENTRY(p384_dilithium3, p384_dilithium3, p384_dilithium3, + "1.3.9999.2.7.3", 4), +# endif +# ifdef OQS_ENABLE_SIG_dilithium_5 + OQS_SIGALG_ENTRY(dilithium5, dilithium5, dilithium5, + "1.3.6.1.4.1.2.267.7.8.7", 5), + OQS_SIGALG_ENTRY(p521_dilithium5, p521_dilithium5, p521_dilithium5, + "1.3.9999.2.7.4", 6), +# endif +# ifdef OQS_ENABLE_SIG_falcon_512 OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.6", 7), - OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, "1.3.9999.3.7", 8), - OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, "1.3.9999.3.8", 9), -#endif -#ifdef OQS_ENABLE_SIG_falcon_1024 + OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, + "1.3.9999.3.7", 8), + OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, + "1.3.9999.3.8", 9), +# endif +# ifdef OQS_ENABLE_SIG_falcon_1024 OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.9", 10), - OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, "1.3.9999.3.10", 11), -#endif -#ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple - OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, sphincssha2128fsimple, "1.3.9999.6.4.13", 12), - OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 13), - OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 14), -#endif -#ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple - OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, sphincssha2128ssimple, "1.3.9999.6.4.16", 15), - OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 16), - OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 17), -#endif -#ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple - OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, sphincssha2192fsimple, "1.3.9999.6.5.10", 18), - OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 19), -#endif -#ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple - OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, sphincsshake128fsimple, "1.3.9999.6.7.13", 20), - OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 21), - OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 22), -#endif -///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END + OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, + "1.3.9999.3.10", 11), +# endif +# ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple + OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, + sphincssha2128fsimple, "1.3.9999.6.4.13", 12), + OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, + p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 13), + OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, + rsa3072_sphincssha2128fsimple, + rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 14), +# endif +# ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple + OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, + sphincssha2128ssimple, "1.3.9999.6.4.16", 15), + OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, + p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 16), + OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, + rsa3072_sphincssha2128ssimple, + rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 17), +# endif +# ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple + OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, + sphincssha2192fsimple, "1.3.9999.6.5.10", 18), + OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, + p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 19), +# endif +# ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple + OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, + sphincsshake128fsimple, "1.3.9999.6.7.13", 20), + OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, + p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 21), + OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, + rsa3072_sphincsshake128fsimple, + rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 22), +# endif + ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END }; static int oqs_sigalg_capability(OSSL_CALLBACK *cb, void *arg) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 30d6835d..3b28743a 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -53,103 +53,120 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START - - - - #ifdef OQS_KEM_ENCODERS -#define NID_TABLE_LEN 81 +# define NID_TABLE_LEN 81 #else -#define NID_TABLE_LEN 39 +# define NID_TABLE_LEN 39 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { #ifdef OQS_KEM_ENCODERS - { 0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128 }, - { 0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM , 128 }, - { 0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECX_HYB_KEM , 128 }, - { 0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128 }, - { 0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_ECP_HYB_KEM , 128 }, - { 0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_ECX_HYB_KEM , 128 }, - { 0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192 }, - { 0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192 }, - { 0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256 }, - { 0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_ECP_HYB_KEM , 256 }, - { 0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256 }, - { 0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_ECP_HYB_KEM , 256 }, - { 0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128 }, - { 0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM , 128 }, - { 0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM , 128 }, - { 0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192 }, - { 0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256 }, - { 0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM , 256 }, - { 0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128 }, - { 0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM , 128 }, - { 0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM , 128 }, - { 0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192 }, - { 0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256 }, - { 0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM , 256 }, - { 0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128 }, - { 0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM , 128 }, - { 0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM , 128 }, - { 0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192 }, - { 0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM , 192 }, - { 0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM , 192 }, - { 0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256 }, - { 0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM , 256 }, + {0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128}, + {0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM, + 128}, + {0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, + KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128}, + {0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, + KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, + KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192}, + {0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM, + 192}, + {0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM, + 192}, + {0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192}, + {0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, + KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, + KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256}, + {0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, + KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256}, + {0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, + KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128}, + {0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192}, + {0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256}, + {0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, + {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192}, + {0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256}, + {0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128}, + {0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192}, + {0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256}, + {0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM, 256}, #endif /* OQS_KEM_ENCODERS */ - { 0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128 }, - { 0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128 }, - { 0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128 }, - { 0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112 }, - { 0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112 }, - { 0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256 }, - { 0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192 }, - { 0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192 }, - { 0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256 }, - { 0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128 }, - { 0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256 }, - { 0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256 }, - { 0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192 }, - { 0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384 }, - { 0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192 }, - { 0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128 }, - { 0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128 }, - { 0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128 }, - { 0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128 }, - { 0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256 }, - { 0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128 }, - { 0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256 }, - { 0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256 }, - { 0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_SIG, 128 }, - { 0, "p256_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_HYB_SIG, 128 }, - { 0, "rsa3072_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_HYB_SIG, 128 }, - { 0, "sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_SIG, 128 }, - { 0, "p256_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_HYB_SIG, 128 }, - { 0, "rsa3072_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, KEY_TYPE_HYB_SIG, 128 }, - { 0, "sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, KEY_TYPE_SIG, 192 }, - { 0, "p384_sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, KEY_TYPE_HYB_SIG, 192 }, - { 0, "sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_SIG, 128 }, - { 0, "p256_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128 }, - { 0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, KEY_TYPE_HYB_SIG, 128 }, -///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END + {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, + {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, + {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, + {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, + {0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192}, + {0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192}, + {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, + {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, + {0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256}, + {0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256}, + {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, + {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, + {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, + {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, + {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, + {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, + {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, + {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, + KEY_TYPE_SIG, 128}, + {0, "p256_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, + KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, + KEY_TYPE_HYB_SIG, 128}, + {0, "sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, + KEY_TYPE_SIG, 128}, + {0, "p256_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, + KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_sphincssha2128ssimple", OQS_SIG_alg_sphincs_sha2_128s_simple, + KEY_TYPE_HYB_SIG, 128}, + {0, "sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, + KEY_TYPE_SIG, 192}, + {0, "p384_sphincssha2192fsimple", OQS_SIG_alg_sphincs_sha2_192f_simple, + KEY_TYPE_HYB_SIG, 192}, + {0, "sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, + KEY_TYPE_SIG, 128}, + {0, "p256_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, + KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_sphincsshake128fsimple", OQS_SIG_alg_sphincs_shake_128f_simple, + KEY_TYPE_HYB_SIG, 128}, + ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; int oqs_set_nid(char *tlsname, int nid) From 74620bfc7bcbd916f26627a862a43f2207d5d2d0 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 19 Dec 2023 15:02:21 -0600 Subject: [PATCH 093/164] fixed DOQS_KEM_ENCODERS=ON Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 3b28743a..b2ec8f96 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -824,7 +824,8 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, /* Recreate EVP data structure after import. RetVal 0 is error. */ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) { - if (key->keytype == KEY_TYPE_HYB_SIG) { // hybrid key + if ((key->keytype != KEY_TYPE_CMP_SIG) + && (key->numkeys == 2)) { // hybrid key int classical_pubkey_len, classical_privkey_len; if (!key->evp_info) { ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); From 5afb6baf14cc0d7a0be147bef05030350688bd4f Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 21 Dec 2023 09:16:46 -0600 Subject: [PATCH 094/164] added composite to README.md and ALGORITHMS.md && inverted logic for KEM_ENCODERS=ON to optimize condition checks Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 16 +++ README.md | 10 +- oqs-template/ALGORITHMS.md/oids.fragment | 3 + oqs-template/README.md/algs.fragment | 1 + oqsprov/oqsprov_keys.c | 157 ++++++++++++----------- 5 files changed, 105 insertions(+), 82 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 314ba3cb..b5d668aa 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -122,13 +122,29 @@ adapting the OIDs of all supported signature algorithms as per the table below. | dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |Yes| OQS_OID_DILITHIUM2 | p256_dilithium2 | 1.3.9999.2.7.1 |Yes| OQS_OID_P256_DILITHIUM2 | rsa3072_dilithium2 | 1.3.9999.2.7.2 |Yes| OQS_OID_RSA3072_DILITHIUM2 +| dilithium2_pss2048 | 2.16.840.1.114027.80.8.1.1 |Yes| OQS_OID_DILITHIUM2_pss2048 +| dilithium2_rsa2048 | 2.16.840.1.114027.80.8.1.2 |Yes| OQS_OID_DILITHIUM2_rsa2048 +| dilithium2_ed25519 | 2.16.840.1.114027.80.8.1.3 |Yes| OQS_OID_DILITHIUM2_ed25519 +| dilithium2_p256 | 2.16.840.1.114027.80.8.1.4 |Yes| OQS_OID_DILITHIUM2_p256 +| dilithium2_bp256 | 2.16.840.1.114027.80.8.1.5 |Yes| OQS_OID_DILITHIUM2_bp256 | dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |Yes| OQS_OID_DILITHIUM3 | p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3 +| dilithium3_pss3072 | 2.16.840.1.114027.80.8.1.6 |Yes| OQS_OID_DILITHIUM3_pss3072 +| dilithium3_rsa3072 | 2.16.840.1.114027.80.8.1.7 |Yes| OQS_OID_DILITHIUM3_rsa3072 +| dilithium3_p256 | 2.16.840.1.114027.80.8.1.8 |Yes| OQS_OID_DILITHIUM3_p256 +| dilithium3_bp256 | 2.16.840.1.114027.80.8.1.9 |Yes| OQS_OID_DILITHIUM3_bp256 +| dilithium3_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_DILITHIUM3_ed25519 | dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5 | p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5 +| dilithium5_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_DILITHIUM5_p384 +| dilithium5_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_DILITHIUM5_bp384 +| dilithium5_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_DILITHIUM5_ed448 | falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512 | p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512 | rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512 +| falcon512_p256 | 2.16.840.1.114027.80.8.1.14 |Yes| OQS_OID_FALCON512_p256 +| falcon512_bp256 | 2.16.840.1.114027.80.8.1.15 |Yes| OQS_OID_FALCON512_bp256 +| falcon512_ed25519 | 2.16.840.1.114027.80.8.1.16 |Yes| OQS_OID_FALCON512_ed25519 | falcon1024 | 1.3.9999.3.9 |Yes| OQS_OID_FALCON1024 | p521_falcon1024 | 1.3.9999.3.10 |Yes| OQS_OID_P521_FALCON1024 | sphincssha2128fsimple | 1.3.9999.6.4.13 |Yes| OQS_OID_SPHINCSSHA2128FSIMPLE diff --git a/README.md b/README.md index c30af18b..449d3cad 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,8 @@ This implementation makes available the following quantum safe algorithms: ### Signature algorithms -- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* -- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\* +- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium2_pss2048`\*, `dilithium2_rsa2048`\*, `dilithium2_ed25519`\*, `dilithium2_p256`\*, `dilithium2_bp256`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium3_pss3072`\*, `dilithium3_rsa3072`\*, `dilithium3_p256`\*, `dilithium3_bp256`\*, `dilithium3_ed25519`\*, `dilithium5`\*, `p521_dilithium5`\*, `dilithium5_p384`\*, `dilithium5_bp384`\*, `dilithium5_ed448`\* +- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon512_p256`\*, `falcon512_bp256`\*, `falcon512_ed25519`\*, `falcon1024`\*, `p521_falcon1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` @@ -63,9 +63,11 @@ TLS operations. This designation [can be changed by modifying the "enabled" flags in the main algorithm configuration file](CONFIGURE.md#pre-build-configuration). In order to support parallel use of classic and quantum-safe cryptography -this provider also provides different hybrid algorithms, combining classic -and quantum-safe methods: These are listed above with a prefix denoting a +this provider also provides different hybrid and composite algorithms, combining classic +and quantum-safe methods: For hybrid, these are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". +For composite, these are listed above with a suffix denoting a +classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well as a method to dynamically adapt them, e.g., for interoperability testing are diff --git a/oqs-template/ALGORITHMS.md/oids.fragment b/oqs-template/ALGORITHMS.md/oids.fragment index cea8c3c3..0e04d830 100644 --- a/oqs-template/ALGORITHMS.md/oids.fragment +++ b/oqs-template/ALGORITHMS.md/oids.fragment @@ -8,6 +8,9 @@ {%- for classical_alg in variant['mix_with'] %} | {{ classical_alg['name'] }}_{{variant['name']}} | {{ classical_alg['oid'] }} | {%- if variant['enable'] -%} Yes {%- else -%} No {%- endif -%} | OQS_OID_{{ classical_alg['name']|upper }}_{{ variant['name']|upper }} {%- endfor %} + {%- for composite_alg in variant['composite'] %} +| {{variant['name']}}_{{ composite_alg['name'] }} | {{ composite_alg['oid'] }} | {%- if variant['enable'] -%} Yes {%- else -%} No {%- endif -%} | OQS_OID_{{ variant['name']|upper }}_{{ composite_alg['name'] }} + {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/README.md/algs.fragment b/oqs-template/README.md/algs.fragment index 17e0785c..e13eb0b2 100644 --- a/oqs-template/README.md/algs.fragment +++ b/oqs-template/README.md/algs.fragment @@ -12,6 +12,7 @@ `{{ variant['name'] }}` {%- if variant['enable'] -%} \* {%- endif -%} {%- for classical_alg in variant['mix_with'] -%} , `{{ classical_alg['name']}}_{{ variant['name'] }}`{%- if variant['enable'] -%} \* {%- endif -%}{%- endfor -%} +{%- for composite_alg in variant['composite'] -%} , `{{ variant['name'] }}_{{ composite_alg['name']}}`{%- if variant['enable'] -%} \* {%- endif -%}{%- endfor -%} {%- if not loop.last %}, {% endif -%} {%- endfor -%} {%- endif -%} diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index b2ec8f96..ad5e0f6f 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -824,84 +824,6 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, /* Recreate EVP data structure after import. RetVal 0 is error. */ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) { - if ((key->keytype != KEY_TYPE_CMP_SIG) - && (key->numkeys == 2)) { // hybrid key - int classical_pubkey_len, classical_privkey_len; - if (!key->evp_info) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); - goto rec_err; - } - if (op == KEY_OP_PUBLIC) { - const unsigned char *enc_pubkey = key->comp_pubkey[0]; - DECODE_UINT32(classical_pubkey_len, key->pubkey); - if (key->evp_info->raw_key_support) { - key->classical_pkey = EVP_PKEY_new_raw_public_key( - key->evp_info->keytype, NULL, enc_pubkey, - classical_pubkey_len); - if (!key->classical_pkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; - } - } else { - EVP_PKEY *npk = EVP_PKEY_new(); - if (key->evp_info->keytype != EVP_PKEY_RSA) { - npk = setECParams(npk, key->evp_info->nid); - } - key->classical_pkey - = d2i_PublicKey(key->evp_info->keytype, &npk, &enc_pubkey, - classical_pubkey_len); - if (!key->classical_pkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - EVP_PKEY_free(npk); - goto rec_err; - } - } - } - if (op == KEY_OP_PRIVATE) { - DECODE_UINT32(classical_privkey_len, key->privkey); - const unsigned char *enc_privkey = key->comp_privkey[0]; - unsigned char *enc_pubkey = key->comp_pubkey[0]; - if (key->evp_info->raw_key_support) { - key->classical_pkey = EVP_PKEY_new_raw_private_key( - key->evp_info->keytype, NULL, enc_privkey, - classical_privkey_len); - if (!key->classical_pkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; - } -#ifndef NOPUBKEY_IN_PRIVKEY - // re-create classic public key part from private key: - size_t pubkeylen; - - EVP_PKEY_get_raw_public_key(key->classical_pkey, NULL, - &pubkeylen); - if (pubkeylen != key->evp_info->length_public_key - || EVP_PKEY_get_raw_public_key(key->classical_pkey, - enc_pubkey, &pubkeylen) - != 1) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; - } -#endif - } else { - key->classical_pkey - = d2i_PrivateKey(key->evp_info->keytype, NULL, &enc_privkey, - classical_privkey_len); - if (!key->classical_pkey) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; - } -#ifndef NOPUBKEY_IN_PRIVKEY - // re-create classic public key part from private key: - int pubkeylen = i2d_PublicKey(key->classical_pkey, &enc_pubkey); - if (pubkeylen != key->evp_info->length_public_key) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto rec_err; - } -#endif - } - } - } if (key->keytype == KEY_TYPE_CMP_SIG) { int i; if (op == KEY_OP_PUBLIC) { @@ -1001,6 +923,85 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) OPENSSL_free(name); } } + } else { + if ((key->numkeys == 2)) { // hybrid key + int classical_pubkey_len, classical_privkey_len; + if (!key->evp_info) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_EVPINFO_MISSING); + goto rec_err; + } + if (op == KEY_OP_PUBLIC) { + const unsigned char *enc_pubkey = key->comp_pubkey[0]; + DECODE_UINT32(classical_pubkey_len, key->pubkey); + if (key->evp_info->raw_key_support) { + key->classical_pkey = EVP_PKEY_new_raw_public_key( + key->evp_info->keytype, NULL, enc_pubkey, + classical_pubkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } + } else { + EVP_PKEY *npk = EVP_PKEY_new(); + if (key->evp_info->keytype != EVP_PKEY_RSA) { + npk = setECParams(npk, key->evp_info->nid); + } + key->classical_pkey + = d2i_PublicKey(key->evp_info->keytype, &npk, + &enc_pubkey, classical_pubkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + EVP_PKEY_free(npk); + goto rec_err; + } + } + } + if (op == KEY_OP_PRIVATE) { + DECODE_UINT32(classical_privkey_len, key->privkey); + const unsigned char *enc_privkey = key->comp_privkey[0]; + unsigned char *enc_pubkey = key->comp_pubkey[0]; + if (key->evp_info->raw_key_support) { + key->classical_pkey = EVP_PKEY_new_raw_private_key( + key->evp_info->keytype, NULL, enc_privkey, + classical_privkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#ifndef NOPUBKEY_IN_PRIVKEY + // re-create classic public key part from private key: + size_t pubkeylen; + + EVP_PKEY_get_raw_public_key(key->classical_pkey, NULL, + &pubkeylen); + if (pubkeylen != key->evp_info->length_public_key + || EVP_PKEY_get_raw_public_key(key->classical_pkey, + enc_pubkey, &pubkeylen) + != 1) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#endif + } else { + key->classical_pkey + = d2i_PrivateKey(key->evp_info->keytype, NULL, + &enc_privkey, classical_privkey_len); + if (!key->classical_pkey) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#ifndef NOPUBKEY_IN_PRIVKEY + // re-create classic public key part from private key: + int pubkeylen + = i2d_PublicKey(key->classical_pkey, &enc_pubkey); + if (pubkeylen != key->evp_info->length_public_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto rec_err; + } +#endif + } + } + } } return 1; From 9e313e4eb07e09c6b4c208a2c9f35d1adccc8dbc Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 11 Jan 2024 11:17:46 -0600 Subject: [PATCH 095/164] fix rsa size mismatch bug Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index ad5e0f6f..4ed9666e 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1123,10 +1123,6 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, plen = aux; } } - if (rsa_diff > 4) { // diff is too big, this means an decoding error - ASN1_OCTET_STRING_free(oct); - return NULL; - } oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, libctx, propq); ASN1_OCTET_STRING_free(oct); @@ -1550,10 +1546,11 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, ret2 = EVP_PKEY_keygen_init(kgctx); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); if (ctx->evp_info->keytype == EVP_PKEY_RSA) { - if (ctx->evp_info->length_public_key > 270) + if (ctx->evp_info->length_public_key > 270) { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 3072); - else + } else { ret2 = EVP_PKEY_CTX_set_rsa_keygen_bits(kgctx, 2048); + } ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, errhyb); } From 9f926f76fe73461c8b5081762daaf5fe3d36692d Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sun, 24 Dec 2023 13:16:35 +0100 Subject: [PATCH 096/164] 0.5.3 release Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 4 ++-- .github/workflows/macos.yml | 2 +- .github/workflows/windows.yml | 4 +++- CMakeLists.txt | 2 +- RELEASE.md | 36 +++++++++++++++++++++++++++++++++-- 5 files changed, 41 insertions(+), 7 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 057845c4..7d03a91c 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -50,7 +50,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - name: Full build - run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh + run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.9.1 ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test @@ -189,7 +189,7 @@ jobs: - name: Clone and build liboqs for linux-aarch64 working-directory: /opt/ run: | - git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs + git clone --depth=1 --branch 0.9.1 https://github.com/open-quantum-safe/liboqs.git liboqs cd liboqs mkdir build install cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 6ecc434f..96835adb 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -35,7 +35,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.9.1 path: liboqs - name: Retrieve OpenSSL32 from cache id: cache-openssl32 diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 7e75aa91..438bb4ab 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -38,7 +38,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.9.1 path: liboqs - name: Install cygwin uses: cygwin/cygwin-install-action@master @@ -125,6 +125,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs + ref: 0.9.1 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: @@ -237,6 +238,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs + ref: 0.9.1 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: diff --git a/CMakeLists.txt b/CMakeLists.txt index fad726df..632f44cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.3-dev") +set(OQSPROVIDER_VERSION_TEXT "0.5.3") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/RELEASE.md b/RELEASE.md index 0959a5a4..b545549e 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -# oqs-provider 0.5.3-dev +# oqs-provider 0.5.3 ## About @@ -14,10 +14,42 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.5.3-dev of oqs-provider. +This is version 0.5.3 of oqs-provider. +### Security considerations + +This improves a non-constant time issue in previous releases for Kyber. + +### What's New + +This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is guaranteed to be in sync with v0.9.1 of `liboqs`. + +This release also makes available ready-to-run binaries for Linux (.so), Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md). +### Additional new feature highlights + +- Kyber code update addressing constant time property +- Code point updates for HQC following code updates in `liboqs` +- Document project governance + +## What's Changed +* Clarify liboqs_DIR naming convention by @ajbozarth in https://github.com/open-quantum-safe/oqs-provider/pull/292 +* check empty params lists passed by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/296 +* Fix minor typos in documentation by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/304 +* HQC code point update by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/306 +* Fix broken circleci job for macOS by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/305 +* Contribution policy by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/286 +* Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in https://github.com/open-quantum-safe/oqs-provider/pull/309 +* Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/308 +* Get Windows CI to work again by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/310 +* Use `build` directory instead of `_build`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/314 + +## New Contributors +* @ajbozarth made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/292 +* @johnma14 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/304 +* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/309 +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.2...0.5.3 Previous Release Notes ====================== From 86110cd70c62057a291f382429450afe6f4ee521 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sun, 24 Dec 2023 14:33:53 +0100 Subject: [PATCH 097/164] correct upstream and Windows CI snafus (#322) Enabling 0.5.3 release Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 23 ++++++++++++----------- .github/workflows/windows.yml | 4 ++-- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 7d03a91c..cf45ea3f 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -55,17 +55,18 @@ jobs: run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V - - name: Verify nothing changes on re-generate code - run: | - apt-get update && apt-get install -y clang-format && \ - git config --global user.name "ciuser" && \ - git config --global user.email "ci@openquantumsafe.org" && \ - git config --global --add safe.directory `pwd` && \ - export LIBOQS_SRC_DIR=`pwd`/liboqs && \ - ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ - python3 oqs-template/generate.py && \ - find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ - ! git status | grep modified +# Need to disable due to missing HQC update cherry-pick in liboqs release: +# - name: Verify nothing changes on re-generate code +# run: | +# apt-get update && apt-get install -y clang-format && \ +# git config --global user.name "ciuser" && \ +# git config --global user.email "ci@openquantumsafe.org" && \ +# git config --global --add safe.directory `pwd` && \ +# export LIBOQS_SRC_DIR=`pwd`/liboqs && \ +# ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ +# python3 oqs-template/generate.py && \ +# find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ +# ! git status | grep modified - name: Build .deb install package run: cpack working-directory: build diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 438bb4ab..5304d1ac 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -155,7 +155,7 @@ jobs: working-directory: liboqs - name: prepare the OpenSSL build directory if: steps.cache-openssl32.outputs.cache-hit != 'true' - run: mkdir build + run: mkdir _build working-directory: openssl - name: OpenSSL config if: steps.cache-openssl32.outputs.cache-hit != 'true' @@ -265,7 +265,7 @@ jobs: working-directory: liboqs - name: prepare the OpenSSL build directory if: steps.cache-openssl32n.outputs.cache-hit != 'true' - run: mkdir build + run: mkdir _build working-directory: openssl - name: OpenSSL config if: steps.cache-openssl32n.outputs.cache-hit != 'true' From 054edebfc534635ba8a5d4e0696ecf33ccb57b4e Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 28 Dec 2023 08:07:25 +0100 Subject: [PATCH 098/164] Revert "Use `build` directory instead of `_build`. (#314)" (#325) This reverts commit f205f116a82ea981278313b7bf2d9032c0710821. Signed-off-by: Felipe Ventura --- .circleci/config.yml | 36 +++++++++++++-------------- .github/workflows/linux.yml | 8 +++--- .github/workflows/macos.yml | 14 +++++------ .github/workflows/standalone.yml | 6 ++--- .github/workflows/windows.yml | 42 ++++++++++++++++---------------- .gitignore | 4 +-- ALGORITHMS.md | 2 +- NOTES-UNIX.md | 14 +++++------ NOTES-Windows.md | 12 ++++----- README.md | 14 +++++------ scripts/common.py | 4 +-- scripts/fullbuild.sh | 14 +++++------ scripts/release-test.sh | 4 +-- scripts/runtests.sh | 4 +-- 14 files changed, 89 insertions(+), 89 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b14d8626..c900afdb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,7 +41,7 @@ jobs: name: Clone and build liboqs (<< parameters.CMAKE_ARGS >>) command: | git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && - cd liboqs && mkdir build && cd build && + cd liboqs && mkdir _build && cd _build && cmake -GNinja << parameters.CMAKE_ARGS >> -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install && cd .. && cd .. && pwd - when: @@ -61,9 +61,9 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. + mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - when: condition: @@ -76,15 +76,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. + mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd .. if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir build/ + ctest --test-dir _build/ else ./scripts/runtests.sh -V fi @@ -107,15 +107,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - rm -rf build && mkdir build && cd build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja + rm -rf _build && mkdir _build && cd _build && cmake -GNinja ${oqsprovider_cmake_args} -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - run: name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON) command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir build/ + ctest --test-dir _build/ else ./scripts/runtests.sh -V fi @@ -159,7 +159,7 @@ jobs: name: Clone and build liboqs command: | git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && - export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir build && cd build && + export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir _build && cd _build && export OPENSSL_INSTALL="$(brew --prefix << parameters.OPENSSL_PREINSTALL >> || echo "")" cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" -DCMAKE_INSTALL_PREFIX=$LIBOQS_INSTALLPATH << parameters.CMAKE_ARGS >> .. && ninja install && cd .. && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$LIBOQS_INSTALLPATH/lib" >> "$BASH_ENV" @@ -180,9 +180,9 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - export OPENSSL_INSTALL=$(pwd)/.local && mkdir build && cd build && cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" + export OPENSSL_INSTALL=$(pwd)/.local && mkdir _build && cd _build && cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - when: condition: @@ -196,15 +196,15 @@ jobs: oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi export OPENSSL_INSTALL="$(brew --prefix << parameters.OPENSSL_PREINSTALL >>)" - mkdir build && cd build && liboqs_DIR=`pwd`/../.local cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$OPENSSL_INSTALL/lib" >> "$BASH_ENV" + mkdir _build && cd _build && liboqs_DIR=`pwd`/../.local cmake -GNinja -DOPENSSL_ROOT_DIR="${OPENSSL_INSTALL}" ${oqsprovider_cmake_args} .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$OPENSSL_INSTALL/lib" >> "$BASH_ENV" if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir build/ --output-on-failure + ctest --test-dir _build/ --output-on-failure else ./scripts/runtests.sh -V fi @@ -215,15 +215,15 @@ jobs: if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then oqsprovider_cmake_args="${oqsprovider_cmake_args} -DOQS_PROVIDER_BUILD_STATIC=ON" fi - rm -rf build && mkdir build && cd build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja + rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local ${oqsprovider_cmake_args} .. && ninja if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - file build/lib/oqsprovider.a + file _build/lib/oqsprovider.a fi - run: name: Run tests command: | if << parameters.OQS_PROVIDER_BUILD_STATIC >> ; then - ctest --test-dir build/ --output-on-failure + ctest --test-dir _build/ --output-on-failure else ./scripts/runtests.sh -V fi diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index cf45ea3f..954578b6 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -24,7 +24,7 @@ jobs: - name: Full build run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing - run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so + run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V @@ -52,7 +52,7 @@ jobs: - name: Full build run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.9.1 ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing - run: cd build/lib && ln -s oqsprovider.so oqsprovider2.so + run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V # Need to disable due to missing HQC update cherry-pick in liboqs release: @@ -69,12 +69,12 @@ jobs: # ! git status | grep modified - name: Build .deb install package run: cpack - working-directory: build + working-directory: _build - name: Retain .deb installer uses: actions/upload-artifact@v3 with: name: oqsprovider-x64 - path: build/*.deb + path: _build/*.deb asan_linux_intel: name: "Security checks" diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 96835adb..88129082 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -57,17 +57,17 @@ jobs: key: ${{ runner.os }}-openssl32 - name: build liboqs run: | - cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs ${{ matrix.params.oqsconfig }} -S . -B build - cmake --build build - cmake --install build + cmake -DOPENSSL_ROOT_DIR=../.localopenssl32 -DCMAKE_INSTALL_PREFIX=../.localliboqs ${{ matrix.params.oqsconfig }} -S . -B _build + cmake --build _build + cmake --install _build working-directory: liboqs - name: build oqs-provider - run: liboqs_DIR=.localliboqs cmake -DOPENSSL_ROOT_DIR=.localopenssl32 -S . -B build && cmake --build build + run: liboqs_DIR=.localliboqs cmake -DOPENSSL_ROOT_DIR=.localopenssl32 -S . -B _build && cmake --build _build - name: Check Openssl providers - run: OPENSSL_MODULES=build/lib .localopenssl32/bin/openssl list -providers -provider oqsprovider -provider default + run: OPENSSL_MODULES=_build/lib .localopenssl32/bin/openssl list -providers -provider oqsprovider -provider default - name: Run tests run: PATH=../.localopenssl32/bin:$PATH ctest -V - working-directory: build + working-directory: _build # Try brew install of head: If error message below appears, build and test passed successfully - name: brew install test run: brew install --HEAD --formula -s oqsprovider.rb 2>&1 | grep "Empty installation" @@ -76,4 +76,4 @@ jobs: uses: actions/upload-artifact@v3 with: name: oqs-provider-${{matrix.os}}-x64 - path: build/lib/oqsprovider.dylib + path: _build/lib/oqsprovider.dylib diff --git a/.github/workflows/standalone.yml b/.github/workflows/standalone.yml index 3e949d94..6e27e626 100644 --- a/.github/workflows/standalone.yml +++ b/.github/workflows/standalone.yml @@ -5,7 +5,7 @@ on: branches: [ '*' ] pull_request: branches: [ "main" ] - + jobs: macos_intel: @@ -18,9 +18,9 @@ jobs: - name: Checkout oqsprovider code uses: actions/checkout@v2 - name: Build oqsprovider - run: cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B build && cmake --build build + run: cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B _build && cmake --build _build - name: Test oqsprovider - run: ctest --parallel 5 --test-dir build + run: ctest --parallel 5 --test-dir _build linux_intel: runs-on: ubuntu-latest diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 5304d1ac..87b2ab6c 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -58,8 +58,8 @@ jobs: which cmake cmake --version gcc --version - mkdir build - cd build + mkdir _build + cd _build cmake -GNinja -DOPENSSL_ROOT_DIR=/opt/openssl32 -DCMAKE_INSTALL_PREFIX="${{ env.IP }}" ${{ matrix.platform.oqsconfig }} -DCMAKE_C_COMPILER=gcc .. ninja ninja install @@ -79,17 +79,17 @@ jobs: c:\cygwin\opt\openssl32 key: ${{ runner.os }}-cygwinopenssl32 - name: build oqs-provider - run: bash -c "git config --global --add safe.directory $(cygpath -u $PWD) && liboqs_DIR='${{ env.IP }}' cmake -GNinja -DCMAKE_C_COMPILER=gcc -DOPENSSL_ROOT_DIR=/opt/openssl32 -S . -B build && cd build && ninja && cd .." + run: bash -c "git config --global --add safe.directory $(cygpath -u $PWD) && liboqs_DIR='${{ env.IP }}' cmake -GNinja -DCMAKE_C_COMPILER=gcc -DOPENSSL_ROOT_DIR=/opt/openssl32 -S . -B _build && cd _build && ninja && cd .." - name: Check Openssl providers - run: bash -c "OPENSSL_MODULES=build/lib /opt/openssl32/bin/openssl list -providers -provider oqsprovider -provider default" + run: bash -c "OPENSSL_MODULES=_build/lib /opt/openssl32/bin/openssl list -providers -provider oqsprovider -provider default" - name: Run tests run: bash -c "echo $PATH && PATH=/opt/openssl32/bin:/usr/bin ctest -V" - working-directory: build + working-directory: _build - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-cygwin - path: D:/a/oqs-provider/oqs-provider/build/bin/oqsprovider.dll + path: D:/a/oqs-provider/oqs-provider/_build/bin/oqsprovider.dll msvc: # Run a job for each of the specified target architectures: @@ -140,10 +140,10 @@ jobs: if: steps.cache-openssl32.outputs.cache-hit != 'true' # OQS_USE_OPENSSL=OFF by default on Win32 # if cmake --build fails, try explicit -# cd build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release -# fails: cmake -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -S . -B build -# cd build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release && cd .. -# cmake --install build +# cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release +# fails: cmake -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -S . -B _build +# cd _build && msbuild ALL_BUILD.vcxproj -p:Configuration=Release && cd .. +# cmake --install _build - name: build liboqs run: | cmake --version @@ -188,17 +188,17 @@ jobs: key: ${{ runner.os }}-msvcopenssl32 - name: build oqs-provider run: | - cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B build - cd build + cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build + cd _build ninja - name: Run tests run: | - ctest -V --test-dir build + ctest -V --test-dir _build - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-msvc - path: D:/a/oqs-provider/oqs-provider/build/lib/oqsprovider.dll + path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll msvc_native: # Run a job for each of the specified target architectures: @@ -211,7 +211,7 @@ jobs: - arch: win64 oqsconfig: -DOQS_ALGS_ENABLED=STD osslconfig: no-shared no-fips VC-WIN64A - toolchain: + toolchain: - .CMake/toolchain_windows_amd64.cmake msarch: - x64 @@ -260,7 +260,7 @@ jobs: run: | cmake --version cmake -B build --toolchain ${{ matrix.toolchain }} . - cmake --build build + cmake --build build cmake --build build --target INSTALL working-directory: liboqs - name: prepare the OpenSSL build directory @@ -294,14 +294,14 @@ jobs: key: ${{ runner.os }}-msvcopenssl32n - name: build oqs-provider run: | - cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B build - cmake --build build --config=${{ matrix.type }} + cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build + cmake --build _build --config=${{ matrix.type }} - name: Run tests run: | - ctest --test-dir build -C ${{ matrix.type }} + ctest --test-dir _build -C ${{ matrix.type }} - name: Retain oqsprovider.dll uses: actions/upload-artifact@v3 with: name: oqs-provider-msvc - path: D:/a/oqs-provider/oqs-provider/build/lib/oqsprovider.dll - + path: D:/a/oqs-provider/oqs-provider/_build/lib/oqsprovider.dll + diff --git a/.gitignore b/.gitignore index 137ff80b..003421d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,12 @@ # checked out OSSL variants -openssl*/* +openssl*/* openssl # checked out liboqs liboqs # installed SW .local # build directory -build +_build # generated from openssl src: test/ssltestlib.c test/ssltestlib.h diff --git a/ALGORITHMS.md b/ALGORITHMS.md index b5d668aa..b036473e 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -107,7 +107,7 @@ can be used to successfully confirm interoperability between the oqs-provider and the Cloudflare infrastructure using this hybrid classic/quantum-safe algorithm: ``` -OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25519_kyber512 -connect cloudflare.com:443 -provider-path build/oqsprov -provider oqsprovider -provider default +OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25519_kyber512 -connect cloudflare.com:443 -provider-path _build/oqsprov -provider oqsprovider -provider default ``` # OIDs diff --git a/NOTES-UNIX.md b/NOTES-UNIX.md index 5b7a5b95..af40c8fa 100644 --- a/NOTES-UNIX.md +++ b/NOTES-UNIX.md @@ -28,30 +28,30 @@ to be present to be build, e.g., via `apt install cmake build-essential git`. ## Build Standard `cmake` build sequence can be used (assuming prerequisites are installed) -to build in/install from directory `build`: +to build in/install from directory `_build`: - cmake -S . -B build && cmake --build build && cmake --install build + cmake -S . -B _build && cmake --build _build && cmake --install _build If `openssl` and/or `liboqs` have not been installed to system standard locations -use the `cmake` define "-DOPENSSL_ROOT_DIR" and/or the environment variable +use the `cmake` define "-DOPENSSL_ROOT_DIR" and/or the environment variable "liboqs_DIR" to utilize those, e.g., like this: - liboqs_DIR=../liboqs cmake -DOPENSSL_ROOT_DIR=/opt/openssl3 -S . -B build && cmake --build build && cmake --install build + liboqs_DIR=../liboqs cmake -DOPENSSL_ROOT_DIR=/opt/openssl3 -S . -B _build && cmake --build _build && cmake --install _build Further configuration options are documented [here](CONFIGURE.md#build-install-options). ## Test -Standard `ctest` can be used to validate correct operation in build directory `build`, e.g.: +Standard `ctest` can be used to validate correct operation in build directory `_build`, e.g.: - cd build && ctest --parallel 5 --rerun-failed --output-on-failure -V + cd _build && ctest --parallel 5 --rerun-failed --output-on-failure -V ## Packaging ### Debian A build target to create UNIX .deb packaging is available via the standard -`package` target, e.g., executing `make package` in the `build` subdirectory. +`package` target, e.g., executing `make package` in the `_build` subdirectory. The resultant file can be installed as usual via `dpkg -i ...`. ### MacOS diff --git a/NOTES-Windows.md b/NOTES-Windows.md index 50942d79..80eeffd5 100644 --- a/NOTES-Windows.md +++ b/NOTES-Windows.md @@ -17,7 +17,7 @@ A complete scripted setup is available in the [CI tooling for oqs-provider](http ### liboqs -Instructions for building `liboqs` from source is available +Instructions for building `liboqs` from source is available [here](https://github.com/open-quantum-safe/liboqs#windows). ## Build tooling @@ -28,9 +28,9 @@ a C compiler are present, e.g., as in MS Visual Studio 2022. ## Build A standard `cmake` build sequence can be used (assuming prerequisites are installed) -to build in/install from directory `build`: +to build in/install from directory `_build`: - cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -GNinja -S . -B build && cd build && ninja && ninja install + cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -GNinja -S . -B _build && cd _build && ninja && ninja install The specific `CMAKE_C_FLAGS` silence some overly strict warning messages and the specific reference to the build type ensures a shared library with @@ -41,15 +41,15 @@ If `openssl` and/or `liboqs` have not been installed to system standard location use the `cmake` defines "-DOPENSSL_ROOT_DIR" and/or "-Dliboqs_DIR" to utilize those, e.g., like this: - cmake -DOPENSSL_ROOT_DIR=c:\opt\openssl3 -Dliboqs_DIR=c:\liboqs -S . -B build && cmake --build build && cmake --install build + cmake -DOPENSSL_ROOT_DIR=c:\opt\openssl3 -Dliboqs_DIR=c:\liboqs -S . -B _build && cmake --build _build && cmake --install _build Further configuration options are documented [here](CONFIGURE.md#build-install-options). ## Test -Standard `ctest` can be used to validate correct operation in build directory `build`, e.g.: +Standard `ctest` can be used to validate correct operation in build directory `_build`, e.g.: - ctest -V --test-dir build + ctest -V --test-dir _build ## Packaging diff --git a/README.md b/README.md index 449d3cad..963f8d97 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ key establishment in TLS1.3 including management of such keys via the OpenSSL (3.0) provider interface and hybrid KEM schemes. Also, QSC signatures including CMS and CMP functionality are available via the OpenSSL EVP interface. Key persistence is provided via the encode/decode -mechanism and X.509 data structures. Starting with OpenSSL 3.2 support for +mechanism and X.509 data structures. Starting with OpenSSL 3.2 support for TLS1.3 signature functionality is available and final glitches for CMS have been resolved. @@ -62,9 +62,9 @@ In addition, algorithms not denoted with "\*" above are not enabled for TLS operations. This designation [can be changed by modifying the "enabled" flags in the main algorithm configuration file](CONFIGURE.md#pre-build-configuration). -In order to support parallel use of classic and quantum-safe cryptography -this provider also provides different hybrid and composite algorithms, combining classic -and quantum-safe methods: For hybrid, these are listed above with a prefix denoting a +In order to support parallel use of classic and quantum-safe cryptography +this provider also provides different hybrid algorithms, combining classic +and quantum-safe methods: These are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". For composite, these are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". @@ -82,7 +82,7 @@ respectively (tested on Linux Ubuntu and Mint as well as MacOS). By default, these scripts always build and test against the current OpenSSL `master` branch. -These scripts can be [configured by setting various variables](CONFIGURE.md#convenience-build-script-options). Please note that these scripts do _not_ install `oqsprovider`. This can be facilitated by running `cmake --install build` (and following the [activation instructions](USAGE.md#activation). +These scripts can be [configured by setting various variables](CONFIGURE.md#convenience-build-script-options). Please note that these scripts do _not_ install `oqsprovider`. This can be facilitated by running `cmake --install _build` (and following the [activation instructions](USAGE.md#activation). Building and testing -------------------- @@ -106,8 +106,8 @@ for details. ## Basic steps - cmake -S . -B build && cmake --build build && ctest --test-dir build && cmake --install build - + cmake -S . -B _build && cmake --build _build && ctest --test-dir _build && cmake --install _build + Using ----- diff --git a/scripts/common.py b/scripts/common.py index b6c777c4..88c609e5 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -29,7 +29,7 @@ def all_pq_groups(): ag = "" for kex in key_exchanges: if len(ag)==0: - ag = kex + ag = kex else: ag = ag + ":" + kex return ag @@ -159,7 +159,7 @@ def gen_keys(ossl, ossl_config, sig_alg, test_artifacts_dir, filename_prefix): # also create pubkeys from certs for dgst verify tests: env = os.environ #env["OPENSSL_CONF"]=os.path.join("scripts", "openssl.cnf") - #env["OPENSSL_MODULES"]=os.path.join("build", "lib") + #env["OPENSSL_MODULES"]=os.path.join("_build", "lib") run_subprocess([ossl, 'req', '-in', os.path.join(test_artifacts_dir, '{}_{}_srv.csr'.format(filename_prefix, sig_alg)), '-pubkey', '-out', os.path.join(test_artifacts_dir, '{}_{}_srv.pubk'.format(filename_prefix, sig_alg)) ], diff --git a/scripts/fullbuild.sh b/scripts/fullbuild.sh index de6551aa..a411d901 100755 --- a/scripts/fullbuild.sh +++ b/scripts/fullbuild.sh @@ -21,10 +21,10 @@ fi if [ $# -gt 0 ]; then if [ "$1" == "-f" ]; then - rm -rf build + rm -rf _build fi if [ "$1" == "-F" ]; then - rm -rf build openssl liboqs .local + rm -rf _build openssl liboqs .local fi fi @@ -107,7 +107,7 @@ if [ -z $liboqs_DIR ]; then # STD: only include NIST standardized algorithms # NIST_R4: only include algorithms in round 4 of the NIST competition # All: include all algorithms supported by liboqs (default) - cd liboqs && cmake -GNinja $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B build && cd build && ninja && ninja install && cd ../.. + cd liboqs && cmake -GNinja $DOQS_ALGS_ENABLED $CMAKE_OPENSSL_LOCATION -DCMAKE_INSTALL_PREFIX=$(pwd)/../.local -S . -B _build && cd _build && ninja && ninja install && cd ../.. if [ $? -ne 0 ]; then echo "liboqs build failed. Exiting." exit -1 @@ -117,16 +117,16 @@ if [ -z $liboqs_DIR ]; then fi # Check whether provider is built: -if [ ! -f "build/lib/oqsprovider.$SHLIBEXT" ]; then - echo "oqsprovider (build/lib/oqsprovider.$SHLIBEXT) not built: Building..." +if [ ! -f "_build/lib/oqsprovider.$SHLIBEXT" ]; then + echo "oqsprovider (_build/lib/oqsprovider.$SHLIBEXT) not built: Building..." # for full debug build add: -DCMAKE_BUILD_TYPE=Debug #BUILD_TYPE="-DCMAKE_BUILD_TYPE=Debug" BUILD_TYPE="" # for omitting public key in private keys add -DNOPUBKEY_IN_PRIVKEY=ON if [ -z "$OPENSSL_INSTALL" ]; then - cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B build && cmake --build build + cmake -DOPENSSL_ROOT_DIR=$(pwd)/.local $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build else - cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B build && cmake --build build + cmake -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL $BUILD_TYPE $OQSPROV_CMAKE_PARAMS -S . -B _build && cmake --build _build fi if [ $? -ne 0 ]; then echo "provider build failed. Exiting." diff --git a/scripts/release-test.sh b/scripts/release-test.sh index b8e2b812..df3a60b2 100755 --- a/scripts/release-test.sh +++ b/scripts/release-test.sh @@ -24,11 +24,11 @@ if [ -d oqs-template ]; then # Activate all algorithms sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml python3 oqs-template/generate.py - rm -rf build + rm -rf _build ./scripts/fullbuild.sh ./scripts/runtests.sh if [ -f .local/bin/openssl ]; then - OPENSSL_MODULES=`pwd`/build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py + OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py else echo "For full TLS PQ SIG/KEM matrix test, build (latest) openssl locally." fi diff --git a/scripts/runtests.sh b/scripts/runtests.sh index 7ad61cd2..79762205 100755 --- a/scripts/runtests.sh +++ b/scripts/runtests.sh @@ -90,7 +90,7 @@ if [ -z "${OPENSSL_APP}" ]; then fi if [ -z "${OPENSSL_MODULES}" ]; then - export OPENSSL_MODULES="$(pwd)/build/lib" + export OPENSSL_MODULES="$(pwd)/_build/lib" fi if [ -z "${LD_LIBRARY_PATH}" ]; then @@ -188,7 +188,7 @@ ${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-externalinterop.sh # Without removing OPENSSL_CONF ctest hangs... ??? unset OPENSSL_CONF rv=0 -if ! ( cd build && ctest $@ ); then +if ! ( cd _build && ctest $@ ); then rv=1 fi From 3c54874a957bcfde099339f4f1d5bfe98d2b7e0b Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 28 Dec 2023 08:26:00 +0100 Subject: [PATCH 099/164] 0.5.3rc2 Signed-off-by: Felipe Ventura --- RELEASE.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index b545549e..c9b215ad 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -22,7 +22,7 @@ This improves a non-constant time issue in previous releases for Kyber. ### What's New -This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is guaranteed to be in sync with v0.9.1 of `liboqs`. +This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is functionally guaranteed to be in sync with v0.9.1 of `liboqs` (see note below), This release also makes available ready-to-run binaries for Linux (.so), Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md). @@ -42,7 +42,11 @@ This release also makes available ready-to-run binaries for Linux (.so), Windows * Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in https://github.com/open-quantum-safe/oqs-provider/pull/309 * Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/308 * Get Windows CI to work again by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/310 -* Use `build` directory instead of `_build`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/314 +* correct upstream and Windows CI snafus by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/322 + +## Release-specific note + +Due to an incomplete cherry-pick in `liboqs`, the code-generator logic in `oqsprovider` does produce incorrect documentation when used in conjunction with `liboqs` release 0.9.1. The corresponding CI test therefore is disabled for this `oqsprovider` release and this note has been created to warn users of this inconsistency in `liboqs` v0.9.1. It has no functional implications. ## New Contributors * @ajbozarth made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/292 From 49f717da166e09fee0e7c5212a9f7c5dcd2c13bc Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Wed, 3 Jan 2024 10:15:08 +0100 Subject: [PATCH 100/164] reverting to dev (#327) * reverting to dev * eliminate 0.5.3 release draft Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 27 ++++++++-------- .github/workflows/macos.yml | 2 +- .github/workflows/windows.yml | 6 ++-- CMakeLists.txt | 2 +- GOVERNANCE.md | 2 -- README.md | 27 ++++++++++++---- RELEASE.md | 60 ----------------------------------- 7 files changed, 38 insertions(+), 88 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 954578b6..73eef30d 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -50,23 +50,22 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - name: Full build - run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.9.1 ./scripts/fullbuild.sh + run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test run: ./scripts/runtests.sh -V -# Need to disable due to missing HQC update cherry-pick in liboqs release: -# - name: Verify nothing changes on re-generate code -# run: | -# apt-get update && apt-get install -y clang-format && \ -# git config --global user.name "ciuser" && \ -# git config --global user.email "ci@openquantumsafe.org" && \ -# git config --global --add safe.directory `pwd` && \ -# export LIBOQS_SRC_DIR=`pwd`/liboqs && \ -# ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ -# python3 oqs-template/generate.py && \ -# find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ -# ! git status | grep modified + - name: Verify nothing changes on re-generate code + run: | + apt-get update && apt-get install -y clang-format && \ + git config --global user.name "ciuser" && \ + git config --global user.email "ci@openquantumsafe.org" && \ + git config --global --add safe.directory `pwd` && \ + export LIBOQS_SRC_DIR=`pwd`/liboqs && \ + ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ + python3 oqs-template/generate.py && \ + find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ + ! git status | grep modified - name: Build .deb install package run: cpack working-directory: _build @@ -190,7 +189,7 @@ jobs: - name: Clone and build liboqs for linux-aarch64 working-directory: /opt/ run: | - git clone --depth=1 --branch 0.9.1 https://github.com/open-quantum-safe/liboqs.git liboqs + git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs cd liboqs mkdir build install cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 88129082..7a6f95f4 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -35,7 +35,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: 0.9.1 + ref: main path: liboqs - name: Retrieve OpenSSL32 from cache id: cache-openssl32 diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 87b2ab6c..a699e8cb 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -38,7 +38,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: 0.9.1 + ref: main path: liboqs - name: Install cygwin uses: cygwin/cygwin-install-action@master @@ -125,7 +125,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: 0.9.1 + ref: main path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: @@ -238,7 +238,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: 0.9.1 + ref: main path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: diff --git a/CMakeLists.txt b/CMakeLists.txt index 632f44cc..fad726df 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.3") +set(OQSPROVIDER_VERSION_TEXT "0.5.3-dev") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/GOVERNANCE.md b/GOVERNANCE.md index a90d4d15..d9626453 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -59,12 +59,10 @@ Current Maintainers and Committers are to be documented below by way of referenc ### Maintainers @baentsch -@dstebila ### Committers @baentsch @bhess -@dstebila @thb-sb @christianpaquin diff --git a/README.md b/README.md index 963f8d97..534efc9c 100644 --- a/README.md +++ b/README.md @@ -131,15 +131,28 @@ has not been not getting back-ported to OpenSSL3.0. Also not supported in this version are provider-based signature algorithms used during TLS1.3 operations as documented in https://github.com/openssl/openssl/issues/10512. -## 3.2(-dev) +## 3.2 -After https://github.com/openssl/openssl/pull/19312 landed, (also PQ) signature -algorithms are working in TLS1.3 (handshaking); after https://github.com/openssl/openssl/pull/20486 -has landed, also algorithms with very long signatures are supported. +This version has full support for all TLS1.3 operations using PQ algorithms +when deploying `oqsprovider`. + +A final configuration limitation for provider-based signature algorithms exists +as documented in https://github.com/openssl/openssl/issues/22761. + +## 3.3(-dev) + +When https://github.com/openssl/openssl/pull/22779 land, the last config-time limitation +for provider-based signatures should be gone. For [general OpenSSL implementation limitations, e.g., regarding provider feature usage and support, see here](https://wiki.openssl.org/index.php/OpenSSL_3.0#STATUS_of_current_development). +Governance & Contributions +-------------------------- + +Project governance is documented in [GOVERNANCE.md](GOVERNANCE.md) and contribution +policy is documented in [CONTRIBUTING.md](CONTRIBUTING.md). + Team ---- @@ -165,17 +178,17 @@ the separate file [RELEASE.md](RELEASE.md). Acknowledgments --------------- -The `oqsprovider` project is supported through the [NGI Assure Fund](https://nlnet.nl/assure), +The `oqsprovider` project had been supported through the [NGI Assure Fund](https://nlnet.nl/assure), a fund established by [NLnet](https://nlnet.nl) with financial support from the European Commission's [Next Generation Internet programme](https://www.ngi.eu), under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073. -Financial support for the development of Open Quantum Safe has been provided +Financial support for the development of Open Quantum Safe had been provided by Amazon Web Services and the Tutte Institute for Mathematics and Computing. The OQS project would like to make a special acknowledgement to the companies who -have dedicated programmer time to contribute source code to OQS, including +had dedicated programmer time to contribute source code to OQS, including Amazon Web Services, evolutionQ, Microsoft Research, Cisco Systems, and IBM Research. Research projects which developed specific components of OQS have been diff --git a/RELEASE.md b/RELEASE.md index c9b215ad..a4653782 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,63 +1,3 @@ -# oqs-provider 0.5.3 - -## About - -The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/. - -**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations. - -When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography). - -In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl). - -Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use. - -## Release notes - -This is version 0.5.3 of oqs-provider. - -### Security considerations - -This improves a non-constant time issue in previous releases for Kyber. - -### What's New - -This release continues from the 0.5.2 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is functionally guaranteed to be in sync with v0.9.1 of `liboqs` (see note below), - -This release also makes available ready-to-run binaries for Linux (.so), Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md). - -### Additional new feature highlights - -- Kyber code update addressing constant time property -- Code point updates for HQC following code updates in `liboqs` -- Document project governance - -## What's Changed -* Clarify liboqs_DIR naming convention by @ajbozarth in https://github.com/open-quantum-safe/oqs-provider/pull/292 -* check empty params lists passed by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/296 -* Fix minor typos in documentation by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/304 -* HQC code point update by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/306 -* Fix broken circleci job for macOS by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/305 -* Contribution policy by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/286 -* Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in https://github.com/open-quantum-safe/oqs-provider/pull/309 -* Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/308 -* Get Windows CI to work again by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/310 -* correct upstream and Windows CI snafus by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/322 - -## Release-specific note - -Due to an incomplete cherry-pick in `liboqs`, the code-generator logic in `oqsprovider` does produce incorrect documentation when used in conjunction with `liboqs` release 0.9.1. The corresponding CI test therefore is disabled for this `oqsprovider` release and this note has been created to warn users of this inconsistency in `liboqs` v0.9.1. It has no functional implications. - -## New Contributors -* @ajbozarth made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/292 -* @johnma14 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/304 -* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/309 - -**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.2...0.5.3 - -Previous Release Notes -====================== - # oqs-provider 0.5.2 ## About From 1c2710417f934989cdcb21ed8553aa3b4a02e9bd Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 15 Jan 2024 09:03:51 -0600 Subject: [PATCH 101/164] fixed memory leaks Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 34 +++++++++++++--------------------- oqsprov/oqs_sig.c | 14 ++++++-------- oqsprov/oqsprov_keys.c | 19 +++++++++++-------- 3 files changed, 30 insertions(+), 37 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index b060754d..3438fe12 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -713,16 +713,15 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) aString[i] = ASN1_OCTET_STRING_new(); tempOct[i] = ASN1_OCTET_STRING_new(); temp[i] = NULL; + buflen = 0; if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL) { OPENSSL_free(name); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); return -1; @@ -740,11 +739,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (buflen > oqsxkey->privkeylen_cmp[i]) { OPENSSL_free(name); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); @@ -756,7 +753,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; cbuf[i] = OPENSSL_malloc(buflen); - memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); if (get_oqsname_fromtls(name) != 0) { // include pubkey in privkey for PQC memcpy(cbuf[i], oqsxkey->comp_privkey[i], @@ -773,11 +769,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) if (!sk_ASN1_TYPE_push(sk, aType[i])) { for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); OPENSSL_free(name); @@ -788,11 +782,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + ASN1_OCTET_STRING_free(aString[i]); + ASN1_OCTET_STRING_free(tempOct[i]); + ASN1_TYPE_free(aType[i]); } OPENSSL_free(sk); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 17117459..45fffb79 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -471,11 +471,11 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); OPENSSL_free(buf); goto endsign; } - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); } else { if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) @@ -591,9 +591,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } oqs_sig_len = i2d_CompositeSignature(compsig, &sig); - OPENSSL_free(compsig->sig1->data); - OPENSSL_free(compsig->sig2->data); - OPENSSL_free(compsig); + CompositeSignature_free(compsig); OPENSSL_free(final_tbs); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) @@ -809,10 +807,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); goto endverify; } - OPENSSL_free(evp_ctx); + EVP_MD_CTX_free(evp_ctx); } else { if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) @@ -893,7 +891,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } - OPENSSL_free(compsig); + CompositeSignature_free(compsig); OPENSSL_free(final_tbs); } else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4ed9666e..81bbb072 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1387,29 +1387,32 @@ void oqsx_key_free(OQSX_KEY *key) #endif OPENSSL_free(key->propq); + OPENSSL_free(key->tls_name); OPENSSL_secure_clear_free(key->privkey, key->privkeylen); OPENSSL_secure_clear_free(key->pubkey, key->pubkeylen); OPENSSL_free(key->comp_pubkey); OPENSSL_free(key->comp_privkey); + if (key->keytype == KEY_TYPE_CMP_SIG) { + OPENSSL_free(key->privkeylen_cmp); + OPENSSL_free(key->pubkeylen_cmp); + } if (key->keytype == KEY_TYPE_KEM) OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx.oqsx_qs_ctx.kem); - } else { + } else OQS_SIG_free(key->oqsx_provider_ctx.oqsx_qs_ctx.sig); - if (key->oqsx_provider_ctx.oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); - } + EVP_PKEY_free(key->classical_pkey); + if (key->oqsx_provider_ctx.oqsx_evp_ctx) { + EVP_PKEY_CTX_free(key->oqsx_provider_ctx.oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx.oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx.oqsx_evp_ctx); } - OPENSSL_free(key->tls_name); #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock); #endif - OPENSSL_free(key->classical_pkey); OPENSSL_free(key); } From 15175d2d2edbc8aa950ae1f54ad546eb82fca5d7 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 18 Jan 2024 16:00:28 -0600 Subject: [PATCH 102/164] solved some memleaks Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 97 +++++++++++++++++++++--------------- oqsprov/oqsprov_keys.c | 27 ++++++---- 2 files changed, 74 insertions(+), 50 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 3438fe12..d54fd6ca 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -696,14 +696,11 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } else { ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); - ASN1_STRING **aString - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - ASN1_STRING **tempOct - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); + ASN1_OCTET_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING)); unsigned char **temp - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); - unsigned char **cbuf - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); + = OPENSSL_secure_malloc(oqsxkey->numkeys * sizeof(void *)); + size_t templen[oqsxkey->numkeys]; int i; if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -711,19 +708,24 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); aString[i] = ASN1_OCTET_STRING_new(); - tempOct[i] = ASN1_OCTET_STRING_new(); temp[i] = NULL; - buflen = 0; if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL) { - OPENSSL_free(name); - for (i = 0; i < oqsxkey->numkeys; i++) { - ASN1_OCTET_STRING_free(aString[i]); - ASN1_OCTET_STRING_free(tempOct[i]); - ASN1_TYPE_free(aType[i]); + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); } - OPENSSL_free(sk); + + if (sk_ASN1_TYPE_num(sk) != -1) + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + else + ASN1_TYPE_free(aType[i]); + + OPENSSL_free(name); return -1; } @@ -737,14 +739,21 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) buflen += 4; OPENSSL_free(enc_len); if (buflen > oqsxkey->privkeylen_cmp[i]) { - OPENSSL_free(name); - for (i = 0; i < oqsxkey->numkeys; i++) { - ASN1_OCTET_STRING_free(aString[i]); - ASN1_OCTET_STRING_free(tempOct[i]); - ASN1_TYPE_free(aType[i]); + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, + aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); } - OPENSSL_free(sk); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + + if (sk_ASN1_TYPE_num(sk) != -1) + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + else + ASN1_TYPE_free(aType[i]); + + OPENSSL_free(name); return -1; } } else @@ -752,42 +761,52 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } else buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; - cbuf[i] = OPENSSL_malloc(buflen); + buf = OPENSSL_secure_malloc(buflen); if (get_oqsname_fromtls(name) != 0) { // include pubkey in privkey for PQC - memcpy(cbuf[i], oqsxkey->comp_privkey[i], + memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); - memcpy(cbuf[i] + oqsxkey->privkeylen_cmp[i], + memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); } else - memcpy(cbuf[i], oqsxkey->comp_privkey[i], buflen); + memcpy(buf, oqsxkey->comp_privkey[i], buflen); - ASN1_STRING_set0(tempOct[i], cbuf[i], buflen); - keybloblen = i2d_ASN1_OCTET_STRING(tempOct[i], &temp[i]); - ASN1_STRING_set0(aString[i], temp[i], keybloblen); - ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); + oct.data = buf; + oct.length = buflen; + templen[i] = i2d_ASN1_OCTET_STRING(&oct, &temp[i]); + ASN1_STRING_set(aString[i], temp[i], templen[i]); + ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); if (!sk_ASN1_TYPE_push(sk, aType[i])) { - for (i = 0; i < oqsxkey->numkeys; i++) { - ASN1_OCTET_STRING_free(aString[i]); - ASN1_OCTET_STRING_free(tempOct[i]); - ASN1_TYPE_free(aType[i]); + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); } - OPENSSL_free(sk); + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); OPENSSL_free(name); + OPENSSL_secure_clear_free(buf, buflen); return -1; } OPENSSL_free(name); + if (i + 1 < oqsxkey->numkeys){ // clear buf and oct if is not the last call + OPENSSL_secure_clear_free(buf, buflen); + } } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); for (i = 0; i < oqsxkey->numkeys; i++) { + OPENSSL_cleanse(aString[i]->data, aString[i]->length); ASN1_OCTET_STRING_free(aString[i]); - ASN1_OCTET_STRING_free(tempOct[i]); - ASN1_TYPE_free(aType[i]); + OPENSSL_cleanse(aType[i]->value.sequence->data, + aType[i]->value.sequence->length); + OPENSSL_clear_free(temp[i], templen[i]); } - - OPENSSL_free(sk); + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); } OPENSSL_secure_clear_free(buf, buflen); return keybloblen; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 81bbb072..bb074c6c 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1020,7 +1020,6 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; ASN1_OCTET_STRING *oct = NULL; - X509_PUBKEY *p8info_buf = X509_PUBKEY_new(); const unsigned char *buf; unsigned char *concat_key; int count, aux, i, buflen; @@ -1035,7 +1034,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, return NULL; } else { count = sk_ASN1_TYPE_num(sk); - concat_key = OPENSSL_secure_malloc(plen); + concat_key = OPENSSL_zalloc(plen); aux = 0; for (i = 0; i < count; i++) { @@ -1043,16 +1042,17 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, buf = aType->value.sequence->data; buflen = aType->value.sequence->length; aux += buflen; - memcpy(concat_key + plen - aux, buf, buflen); + memcpy(concat_key + plen - 1 - aux , buf, buflen); } - p = OPENSSL_memdup(concat_key + plen - aux, aux); + p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); + OPENSSL_clear_free(concat_key, plen); plen = aux; - OPENSSL_free(concat_key); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); - + if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) + OPENSSL_clear_free(p, plen); return oqsx; } @@ -1069,7 +1069,6 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, const unsigned char *buf; unsigned char *concat_key; int count, aux, i, buflen, rsa_diff = 0; - PKCS8_PRIV_KEY_INFO *p8info_buf = PKCS8_PRIV_KEY_INFO_new(); if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; @@ -1090,7 +1089,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, return NULL; } else { count = sk_ASN1_TYPE_num(sk); - concat_key = OPENSSL_secure_malloc(plen); + concat_key = OPENSSL_zalloc(plen); aux = 0; for (i = 0; i < count; i++) { @@ -1106,7 +1105,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, buf = aType->value.sequence->data; buflen = aType->value.sequence->length; aux += buflen; - memcpy(concat_key + plen - aux, buf, buflen); + memcpy(concat_key + plen - 1 - aux, buf, buflen); // if is a RSA key the actual encoding size might be different // from max size we calculate that difference for to facilitate // the key reconstruction @@ -1119,13 +1118,19 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OPENSSL_free(name); } - p = concat_key + plen - aux; + p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); + OPENSSL_clear_free(concat_key, plen); plen = aux; + sk_ASN1_TYPE_free(sk); } } oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, libctx, propq); - ASN1_OCTET_STRING_free(oct); + if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { + ASN1_OCTET_STRING_free(oct); + }else{ + OPENSSL_clear_free(p, plen); + } return oqsx; } From e269970d2267d22dd4dcbf52458310b683220d90 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 22 Jan 2024 13:32:33 -0600 Subject: [PATCH 103/164] solved memory leaks Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 87 +++++++++++++++++++----------------- oqsprov/oqsprov_keys.c | 19 +++++--- 2 files changed, 57 insertions(+), 49 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index d54fd6ca..7d8851fe 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -500,7 +500,8 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) { const OQSX_KEY *oqsxkey = vxkey; unsigned char *keyblob, *buf; - int keybloblen, nid; + int keybloblen, nid, buflen = 0; + ASN1_OCTET_STRING oct; STACK_OF(ASN1_TYPE) *sk = NULL; int ret = 0; @@ -542,55 +543,55 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } #endif } else { - ASN1_TYPE **aType - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); - ASN1_STRING **aString - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - ASN1_STRING **tempOct - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_STRING)); - unsigned char **temp - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); - unsigned char **cbuf - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(void *)); - int len, i; if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; + ASN1_TYPE *aType[oqsxkey->numkeys]; + ASN1_OCTET_STRING *aString[oqsxkey->numkeys]; + unsigned char *temp[oqsxkey->numkeys]; + size_t templen[oqsxkey->numkeys]; + int i; for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); aString[i] = ASN1_OCTET_STRING_new(); - tempOct[i] = ASN1_OCTET_STRING_new(); temp[i] = NULL; - len = oqsxkey->pubkeylen_cmp[i]; - cbuf[i] = OPENSSL_memdup(oqsxkey->comp_pubkey[i], len); - ASN1_STRING_set0(tempOct[i], cbuf[i], len); - keybloblen = i2d_ASN1_OCTET_STRING(tempOct[i], &temp[i]); - ASN1_STRING_set0(aString[i], temp[i], keybloblen); - ASN1_TYPE_set(aType[i], V_ASN1_SEQUENCE, aString[i]); + buflen = oqsxkey->pubkeylen_cmp[i]; + buf = OPENSSL_secure_malloc(buflen); + memcpy(buf, oqsxkey->comp_pubkey[i], buflen); + + oct.data = buf; + oct.length = buflen; + templen[i] = i2d_ASN1_OCTET_STRING(&oct, &temp[i]); + ASN1_STRING_set(aString[i], temp[i], templen[i]); + ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); if (!sk_ASN1_TYPE_push(sk, aType[i])) { - for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); } - OPENSSL_free(sk); + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_secure_clear_free(buf, buflen); return -1; } + OPENSSL_secure_clear_free(buf, buflen); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); for (i = 0; i < oqsxkey->numkeys; i++) { - OPENSSL_free(temp[i]); - OPENSSL_free(cbuf[i]); - OPENSSL_free(aType[i]); - OPENSSL_free(aString[i]); - OPENSSL_free(tempOct[i]); + OPENSSL_cleanse(aString[i]->data, aString[i]->length); + ASN1_OCTET_STRING_free(aString[i]); + OPENSSL_cleanse(aType[i]->value.sequence->data, + aType[i]->value.sequence->length); + OPENSSL_clear_free(temp[i], templen[i]); } - OPENSSL_free(sk); + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); return keybloblen; } @@ -694,14 +695,12 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } } else { - ASN1_TYPE **aType - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE)); - ASN1_OCTET_STRING **aString - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING)); - unsigned char **temp - = OPENSSL_secure_malloc(oqsxkey->numkeys * sizeof(void *)); + ASN1_TYPE *aType[oqsxkey->numkeys]; + ASN1_OCTET_STRING *aString[oqsxkey->numkeys]; + unsigned char *temp[oqsxkey->numkeys]; size_t templen[oqsxkey->numkeys]; int i; + if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; @@ -717,7 +716,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_OCTET_STRING_free(aString[j]); OPENSSL_cleanse(aType[j]->value.sequence->data, aType[j]->value.sequence->length); - OPENSSL_clear_free(temp[j], templen[j]); + if (j < i) + OPENSSL_clear_free(temp[j], templen[j]); } if (sk_ASN1_TYPE_num(sk) != -1) @@ -745,7 +745,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ASN1_OCTET_STRING_free(aString[j]); OPENSSL_cleanse(aType[j]->value.sequence->data, aType[j]->value.sequence->length); - OPENSSL_clear_free(temp[j], templen[j]); + if (j < i) + OPENSSL_clear_free(temp[j], templen[j]); } if (sk_ASN1_TYPE_num(sk) != -1) @@ -792,7 +793,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) return -1; } OPENSSL_free(name); - if (i + 1 < oqsxkey->numkeys){ // clear buf and oct if is not the last call + if (i + 1 + < oqsxkey + ->numkeys) { // clear buf and oct if is not the last call OPENSSL_secure_clear_free(buf, buflen); } } @@ -805,7 +808,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) aType[i]->value.sequence->length); OPENSSL_clear_free(temp[i], templen[i]); } - + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); } OPENSSL_secure_clear_free(buf, buflen); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index bb074c6c..57080102 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1030,11 +1030,12 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) { sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); if (sk == NULL) { + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; } else { count = sk_ASN1_TYPE_num(sk); - concat_key = OPENSSL_zalloc(plen); + concat_key = OPENSSL_zalloc(plen); aux = 0; for (i = 0; i < count; i++) { @@ -1042,16 +1043,18 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, buf = aType->value.sequence->data; buflen = aType->value.sequence->length; aux += buflen; - memcpy(concat_key + plen - 1 - aux , buf, buflen); + memcpy(concat_key + plen - 1 - aux, buf, buflen); + ASN1_TYPE_free(aType); } - p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); - OPENSSL_clear_free(concat_key, plen); + p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); + OPENSSL_clear_free(concat_key, plen); plen = aux; + sk_ASN1_TYPE_free(sk); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); - if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) + if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) OPENSSL_clear_free(p, plen); return oqsx; } @@ -1085,6 +1088,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, } else { sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); if (sk == NULL) { + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; } else { @@ -1116,10 +1120,11 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, rsa_diff = nids_sig[6].length_private_key - buflen; } OPENSSL_free(name); + ASN1_TYPE_free(aType); } p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); - OPENSSL_clear_free(concat_key, plen); + OPENSSL_clear_free(concat_key, plen); plen = aux; sk_ASN1_TYPE_free(sk); } @@ -1128,7 +1133,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, libctx, propq); if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { ASN1_OCTET_STRING_free(oct); - }else{ + } else { OPENSSL_clear_free(p, plen); } return oqsx; From 8b38b15a15ae720b56cd1db476ad38be80deab9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 10:54:38 +0100 Subject: [PATCH 104/164] Bump jinja2 from 3.0.3 to 3.1.3 in /oqs-template (#334) * Bump jinja2 from 3.0.3 to 3.1.3 in /oqs-template Bumps [jinja2](https://github.com/pallets/jinja) from 3.0.3 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.0.3...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] * add MSVC native toolchain --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Signed-off-by: Felipe Ventura --- .CMake/toolchain_windows_amd64.cmake | 12 ++++++++++++ .github/workflows/windows.yml | 11 ++++++----- oqs-template/requirements.txt | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 .CMake/toolchain_windows_amd64.cmake diff --git a/.CMake/toolchain_windows_amd64.cmake b/.CMake/toolchain_windows_amd64.cmake new file mode 100644 index 00000000..60a0dca9 --- /dev/null +++ b/.CMake/toolchain_windows_amd64.cmake @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: MIT + +set(CMAKE_SYSTEM_NAME Windows) + +set(CMAKE_SYSTEM_PROCESSOR AMD64) + +set(CMAKE_CROSSCOMPILING OFF) + +set(CMAKE_GENERATOR_PLATFORM + x64 + CACHE STRING "Platform" FORCE +) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index a699e8cb..56a5d1c4 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -96,8 +96,9 @@ jobs: strategy: matrix: os: +# liboqs doesn't check Windows 2019 - windows-2019 -# - windows-2022 + - windows-2022 platform: - arch: win64 oqsconfig: -DOQS_ALGS_ENABLED=STD @@ -149,7 +150,7 @@ jobs: cmake --version mkdir build cd build - cmake -GNinja -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -DOQS_DIST_BUILD=ON .. + cmake -GNinja -DCMAKE_C_COMPILER="cl" -DCMAKE_C_FLAGS="/wd5105" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX="c:\liboqs" ${{ matrix.platform.oqsconfig }} -DOQS_DIST_BUILD=ON .. ninja ninja install working-directory: liboqs @@ -188,7 +189,7 @@ jobs: key: ${{ runner.os }}-msvcopenssl32 - name: build oqs-provider run: | - cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build + cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER="cl" -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build cd _build ninja - name: Run tests @@ -205,7 +206,7 @@ jobs: strategy: matrix: os: -# - windows-2019 + - windows-2019 - windows-2022 platform: - arch: win64 @@ -294,7 +295,7 @@ jobs: key: ${{ runner.os }}-msvcopenssl32n - name: build oqs-provider run: | - cmake -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build + cmake --toolchain ${{ matrix.toolchain }} -DCMAKE_BUILD_TYPE=${{ matrix.type }} -DCMAKE_C_COMPILER="cl" -DCMAKE_C_FLAGS="/wd5105" -DOPENSSL_ROOT_DIR="c:\openssl32n" -Dliboqs_DIR="c:\liboqs\lib\cmake\liboqs" -S . -B _build cmake --build _build --config=${{ matrix.type }} - name: Run tests run: | diff --git a/oqs-template/requirements.txt b/oqs-template/requirements.txt index 6bd605b4..1cc5566d 100644 --- a/oqs-template/requirements.txt +++ b/oqs-template/requirements.txt @@ -1,4 +1,4 @@ -Jinja2==3.0.3 +Jinja2==3.1.3 MarkupSafe==2.1.3 PyYAML==6.0 tabulate==0.9.0 From f8e708a8f194085efe85d8086acdc7c6048d1efd Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 18 Jan 2024 14:49:57 +0100 Subject: [PATCH 105/164] LICENSE copyright update [skip ci] (#336) Signed-off-by: Felipe Ventura --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index 4ca97962..eeaecf8b 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,6 +1,6 @@ The MIT license, the text of which is below, applies to oqs-provider in general. -Copyright (c) 2016-2021 Open Quantum Safe project +Copyright (c) 2016-2024 The Open Quantum Safe project authors. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 76263be79ccc6b8721b3b0126b2321fbc4df1b0d Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:25:12 +0100 Subject: [PATCH 106/164] update to 0.5.4-dev (#337) Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 1 + CMakeLists.txt | 2 +- RELEASE.md | 25 +++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 73eef30d..9f4b07de 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -65,6 +65,7 @@ jobs: ! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ python3 oqs-template/generate.py && \ find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ + git diff && \ ! git status | grep modified - name: Build .deb install package run: cpack diff --git a/CMakeLists.txt b/CMakeLists.txt index fad726df..901422ff 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.3-dev") +set(OQSPROVIDER_VERSION_TEXT "0.5.4-dev") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/RELEASE.md b/RELEASE.md index a4653782..74c85f19 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,28 @@ +# oqs-provider 0.5.4-dev + +## About + +The **Open Quantum Safe (OQS) project** has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/. + +**oqs-provider** is a standalone [OpenSSL 3](https://github.com/openssl/openssl) [provider](https://www.openssl.org/docs/manmaster/man7/provider.html) enabling [liboqs](https://github.com/open-quantum-safe/liboqs)-based quantum-safe and [hybrid key exchange](https://datatracker.ietf.org/doc/draft-ietf-pquip-pqt-hybrid-terminology) for TLS 1.3, as well as quantum-safe and hybrid X.509 certificate generation, CMS, CMP and `dgst` (signature) operations. + +When deployed, the `oqs-provider` binary (shared library) thus adds support for quantum-safe cryptographic operations to any standard OpenSSL(v3) installation. The ultimate goal is that all `openssl` functionality shall be [PQC-enabled](https://csrc.nist.gov/projects/post-quantum-cryptography). + +In general, the oqs-provider `main` branch is meant to be usable in conjunction with the `main` branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and the `master` branch of [OpenSSL](https://github.com/openssl/openssl). + +Further details on building, testing and use can be found in [README.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md). See in particular limitations on intended use. + +## Release notes + +This is version 0.5.4-dev of oqs-provider. + +Previous Release Notes +====================== + +# oqs-provider 0.5.3 + +This is a maintenance release not changing any `oqsprovider` functionality but only tracking a security update in `liboqs` (0.9.2). + # oqs-provider 0.5.2 ## About From acd38703c6cde9bd37418d57bf8ebc6cf7ffe272 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 22 Jan 2024 14:56:55 -0600 Subject: [PATCH 107/164] correcting mem allocation Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 46 +++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 7d8851fe..074d5939 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -545,10 +545,13 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } else { if ((sk = sk_ASN1_TYPE_new_null()) == NULL) return -1; - ASN1_TYPE *aType[oqsxkey->numkeys]; - ASN1_OCTET_STRING *aString[oqsxkey->numkeys]; - unsigned char *temp[oqsxkey->numkeys]; - size_t templen[oqsxkey->numkeys]; + ASN1_TYPE **aType + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE *)); + ASN1_OCTET_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING *)); + unsigned char **temp + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(unsigned char *)); + size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)); int i; for (i = 0; i < oqsxkey->numkeys; i++) { @@ -577,6 +580,10 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); OPENSSL_secure_clear_free(buf, buflen); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); return -1; } OPENSSL_secure_clear_free(buf, buflen); @@ -592,6 +599,10 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) } sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); return keybloblen; } @@ -695,10 +706,13 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) keybloblen = 0; // signal error } } else { - ASN1_TYPE *aType[oqsxkey->numkeys]; - ASN1_OCTET_STRING *aString[oqsxkey->numkeys]; - unsigned char *temp[oqsxkey->numkeys]; - size_t templen[oqsxkey->numkeys]; + ASN1_TYPE **aType + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE *)); + ASN1_OCTET_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING *)); + unsigned char **temp + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(unsigned char *)); + size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)); int i; if ((sk = sk_ASN1_TYPE_new_null()) == NULL) @@ -725,6 +739,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) else ASN1_TYPE_free(aType[i]); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); OPENSSL_free(name); return -1; } @@ -754,6 +772,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) else ASN1_TYPE_free(aType[i]); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); OPENSSL_free(name); return -1; } @@ -789,6 +811,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); OPENSSL_free(name); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); OPENSSL_secure_clear_free(buf, buflen); return -1; } @@ -810,6 +836,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); } OPENSSL_secure_clear_free(buf, buflen); return keybloblen; From ab497cdf7930490a1844d4cc4a485e8f026b16f0 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 15 Feb 2024 14:04:53 -0600 Subject: [PATCH 108/164] added oid to privkey and fix keys format Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 78 +++++++++++++++++++++++++++--------- oqsprov/oqs_prov.h | 5 +++ oqsprov/oqsprov_keys.c | 32 ++++++++++++--- 3 files changed, 89 insertions(+), 26 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 074d5939..ca8caa75 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -547,8 +547,8 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) return -1; ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE *)); - ASN1_OCTET_STRING **aString - = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING *)); + ASN1_BIT_STRING **aString + = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_BIT_STRING *)); unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(unsigned char *)); size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)); @@ -556,7 +556,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); - aString[i] = ASN1_OCTET_STRING_new(); + aString[i] = ASN1_BIT_STRING_new(); temp[i] = NULL; buflen = oqsxkey->pubkeylen_cmp[i]; @@ -565,14 +565,15 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) oct.data = buf; oct.length = buflen; - templen[i] = i2d_ASN1_OCTET_STRING(&oct, &temp[i]); + oct.flags = 0; + templen[i] = i2d_ASN1_BIT_STRING(&oct, &temp[i]); ASN1_STRING_set(aString[i], temp[i], templen[i]); ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); if (!sk_ASN1_TYPE_push(sk, aType[i])) { for (int j = 0; j <= i; j++) { OPENSSL_cleanse(aString[j]->data, aString[j]->length); - ASN1_OCTET_STRING_free(aString[j]); + ASN1_BIT_STRING_free(aString[j]); OPENSSL_cleanse(aType[j]->value.sequence->data, aType[j]->value.sequence->length); OPENSSL_clear_free(temp[j], templen[j]); @@ -592,7 +593,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) for (i = 0; i < oqsxkey->numkeys; i++) { OPENSSL_cleanse(aString[i]->data, aString[i]->length); - ASN1_OCTET_STRING_free(aString[i]); + ASN1_BIT_STRING_free(aString[i]); OPENSSL_cleanse(aType[i]->value.sequence->data, aType[i]->value.sequence->length); OPENSSL_clear_free(temp[i], templen[i]); @@ -705,6 +706,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); keybloblen = 0; // signal error } + OPENSSL_secure_clear_free(buf, buflen); } else { ASN1_TYPE **aType = OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_TYPE *)); @@ -713,6 +715,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(unsigned char *)); size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)); + PKCS8_PRIV_KEY_INFO *p8inf_internal = NULL; int i; if ((sk = sk_ASN1_TYPE_new_null()) == NULL) @@ -721,7 +724,10 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) for (i = 0; i < oqsxkey->numkeys; i++) { aType[i] = ASN1_TYPE_new(); aString[i] = ASN1_OCTET_STRING_new(); + p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); temp[i] = NULL; + int nid, version; + void *pval; if ((name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i)) == NULL) { @@ -743,13 +749,16 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(aString); OPENSSL_free(temp); OPENSSL_free(templen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); OPENSSL_free(name); return -1; } if (get_oqsname_fromtls(name) == 0) { - if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype - == EVP_PKEY_RSA) { // get the RSA real key size + + nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info + ->keytype; + if (nid == EVP_PKEY_RSA) { // get the RSA real key size unsigned char *enc_len = OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); OPENSSL_cleanse(enc_len, 2); @@ -776,13 +785,16 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(aString); OPENSSL_free(temp); OPENSSL_free(templen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); OPENSSL_free(name); return -1; } } else buflen = oqsxkey->privkeylen_cmp[i]; - } else + } else { + nid = OBJ_sn2nid(name); buflen = oqsxkey->privkeylen_cmp[i] + oqsxkey->pubkeylen_cmp[i]; + } buf = OPENSSL_secure_malloc(buflen); if (get_oqsname_fromtls(name) @@ -791,12 +803,40 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) oqsxkey->privkeylen_cmp[i]); memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); - } else + } else { memcpy(buf, oqsxkey->comp_privkey[i], buflen); + } - oct.data = buf; - oct.length = buflen; - templen[i] = i2d_ASN1_OCTET_STRING(&oct, &temp[i]); + if (nid == EVP_PKEY_EC) { + version = V_ASN1_OBJECT; + pval = OBJ_nid2obj( + oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid); + } else { + version = V_ASN1_UNDEF; + pval = NULL; + } + if (!PKCS8_pkey_set0(p8inf_internal, OBJ_nid2obj(nid), 0, version, + pval, buf, buflen)) { + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); + } + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(name); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); + OPENSSL_cleanse(buf, buflen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + return -1; + } + + templen[i] = i2d_PKCS8_PRIV_KEY_INFO(p8inf_internal, &temp[i]); ASN1_STRING_set(aString[i], temp[i], templen[i]); ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); @@ -815,15 +855,14 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(aString); OPENSSL_free(temp); OPENSSL_free(templen); - OPENSSL_secure_clear_free(buf, buflen); + OPENSSL_cleanse(buf, buflen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); return -1; } OPENSSL_free(name); - if (i + 1 - < oqsxkey - ->numkeys) { // clear buf and oct if is not the last call - OPENSSL_secure_clear_free(buf, buflen); - } + + OPENSSL_cleanse(buf, buflen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); @@ -841,7 +880,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(temp); OPENSSL_free(templen); } - OPENSSL_secure_clear_free(buf, buflen); return keybloblen; } diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 1bf1c02e..6cfa7fbd 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -205,6 +205,11 @@ char *get_cmpname(int nid, int index); int get_oqsalg_idx(int nid); int get_composite_idx(int idx); +/* Workaround for not functioning EC PARAM initialization + * TBD, check https://github.com/openssl/openssl/issues/16989 + */ +EVP_PKEY *setECParams(EVP_PKEY *eck, int nid); + /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 57080102..1e50f80b 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1069,8 +1069,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, const X509_ALGOR *palg; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; - const unsigned char *buf; - unsigned char *concat_key; + unsigned char *concat_key, *buf; int count, aux, i, buflen, rsa_diff = 0; if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) @@ -1094,20 +1093,39 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, } else { count = sk_ASN1_TYPE_num(sk); concat_key = OPENSSL_zalloc(plen); + PKCS8_PRIV_KEY_INFO *p8inf_internal = NULL; aux = 0; for (i = 0; i < count; i++) { aType = sk_ASN1_TYPE_pop(sk); + p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); char *name; if ((name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) == NULL) { OPENSSL_free(name); + ASN1_TYPE_free(aType); + OPENSSL_clear_free(concat_key, plen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + sk_ASN1_TYPE_free(sk); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return NULL; } - buf = aType->value.sequence->data; buflen = aType->value.sequence->length; + const unsigned char *buf2 = aType->value.sequence->data; + + p8inf_internal + = d2i_PKCS8_PRIV_KEY_INFO(&p8inf_internal, &buf2, buflen); + if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, + p8inf_internal)) { + OPENSSL_free(name); + ASN1_TYPE_free(aType); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_clear_free(concat_key, plen); + sk_ASN1_TYPE_free(sk); + return NULL; + } + aux += buflen; memcpy(concat_key + plen - 1 - aux, buf, buflen); // if is a RSA key the actual encoding size might be different @@ -1120,6 +1138,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, rsa_diff = nids_sig[6].length_private_key - buflen; } OPENSSL_free(name); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); ASN1_TYPE_free(aType); } @@ -1300,8 +1319,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->privkeylen = 0; ret->pubkeylen = 0; - ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); - ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ret->privkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(size_t)); + ret->pubkeylen_cmp = OPENSSL_malloc(ret->numkeys * sizeof(size_t)); ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); @@ -1547,8 +1566,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, size_t pubkeylen = 0, privkeylen = 0; - if (encode) + if (encode) { // hybrid aux = SIZE_OF_UINT32; + } if (ctx->keyParam) kgctx = EVP_PKEY_CTX_new(ctx->keyParam, NULL); From cdb25d90ad06ac779fe41534bd84af474a636dd5 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Tue, 23 Jan 2024 18:04:32 +0100 Subject: [PATCH 109/164] bring GOVERNANCE in line with liboqs [skip ci] (#342) Signed-off-by: Felipe Ventura --- GOVERNANCE.md | 78 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 18 deletions(-) diff --git a/GOVERNANCE.md b/GOVERNANCE.md index d9626453..680c9cfa 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -1,34 +1,74 @@ # Governance -## Foreword +## Basic principles -This file documents the governance guidelines used for this project. It is principally concerned with defining the roles of project contributors, the associated rights and responsibilities, and the process for transitioning between them. As such, this document is written in a fairly formal and precise tone, so as to be succint and unambiguous. This should not be interpreted as a lack of warmth on the part of the OQS team---we're really quite friendly! We do not intend to act as gatekeepers by laying out this tier of roles and the associated rules. Instead, we hope that clearly defining these roles and the processes for attaining them shows contributors a clear path by which to become more involved in project governance, if they so wish. We welcome all questions, discussions, and contributions, and we would love to have more people on board. +This project aims to operate by the following principles: -We recognize that some of the policies discussed here can seem intimidating---for instance, revocation of privileges or code of conduct violations. It is our hope that we don't have to rely on these guidelines; however, we believe that it is important to have them in place should they be needed. +- **Openness**: The project will be open in its operation, open to contributions, and produce open source software. +- **Respect**: The project will foster respectful interactions with all participants. +- **Scientific integrity**: The project will follow advancements in cryptographic research and will be guided by standards and best practices. -## Roles +Decision making in the project will follow the principles above, and be governed first and foremost by reason and mutually respectful interaction between all participants. +The project will aim to build consensus for decisions, and will where possible operate by the approach of [lazy consensus](https://community.apache.org/committers/decisionMaking.html). +If decisions cannot be reached using lazy consensus, voting will be used to come to a resolution. + +## Community and Roles + +The OQS community is open to all who would like to participate in the project following its principles, including academic, industry, public sector, and individual contributors. The following roles exist in the project: -1. Maintainer: Person with GitHub administrative rights. +### Users + +A **User** is a person or organization using software produced by the project. + +Responsibilities: + +- Abide by the [license][LICENSE.txt] +- Consider participating in the project! -2. Committer: Person with GitHub "Write" privileges; this entails the right and obligation to review PRs by Contributors and to actively participate in discussions. +### Community Members -3. Contributor: Person that has contributed code. +A **Community Member** is a User who interacts with the project, for example by participating in discussions on Github or mailing lists, or in project meetings. -4. Users: Person using the project passively or actively, e.g., by participating in discussions. +Responsibilities: -## Relationships between roles +- Follow the [code of conduct](CODE_OF_CONDUCT.md) -Any User may also be a Contributor. Any Contributor may also be a Committer. Any Committer may also be a Maintainer. A Maintainer must be a Committer. +### Contributors -## Change of role +A **Contributor** is a Community Member who contributes directly to the project by submitting code or documentation, or actively participating in issues or pull requests on Github. -Any User may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers. +### Committers + +A **Committer** is a Contributor with increased experience in the project who helps review pull requests and actively participates in discussions about the project. Committers will be members of the open-quantum-safe GitHub organization and will have "write" permissions in GitHub. + +Responsibilities: + +- Further the goals of the project. +- Monitor and respond to GitHub issues. +- Review and merge pull requests. +- Assist with security releases when required. +- Participate in discussions and project meetings. + +### Maintainers + +A **Maintainer** is a Committer who makes significant and sustained contributions to the project, and is committed to guiding the direction of the project. Maintainers will have "administrative" permissions in GitHub. + +Responsibilities: + +- Oversee the overall project health and growth. +- Lead communication for the project. +- Define general and technical guidelines for the project. +- Identify priorities and manage the release cycle. + +### Change of role + +Any Community Member may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers. Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers. -As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice by Committers as to what---if anything---should be done to attain this status (additional to already documented knowledge in contributions). Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer. +As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice from Committers/Maintainers as to what they can do to obtain this role. Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer. Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers. @@ -36,11 +76,11 @@ A Maintainer is not permitted to remove another Maintainer's GitHub privileges. A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected. -Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities or other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. +Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees. -## Leave of absence +### Leave of absence Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below. At the end of this time period, the Committer automatically regains their voting rights. @@ -52,9 +92,7 @@ Change of role or changes to this document is subject to voting. Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period. -## Documentation of roles - -Current Maintainers and Committers are to be documented below by way of reference to their GitHub handles. +## Current Maintainers and Committers ### Maintainers @@ -66,3 +104,7 @@ Current Maintainers and Committers are to be documented below by way of referenc @bhess @thb-sb @christianpaquin + +## Afterword + +*This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md). From 281d015a71c4f3aac4612c3e2a89ec5bd5196403 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 2 Feb 2024 11:53:42 -0500 Subject: [PATCH 110/164] Automatically trigger CI on significant liboqs changes (#345) * Add CI job for triggering downstream tests, e.g., during releases * Add wrapper around CI script for local use * Generalize workflow so that the provider ref can be specified Signed-off-by: Felipe Ventura --- .github/workflows/release.yml | 58 +++++++++++++++++++++++++++++++++ scripts/release-test-ci.sh | 36 +++++++++++++++++++++ scripts/release-test.sh | 60 +++++++++++++++++------------------ 3 files changed, 123 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100755 scripts/release-test-ci.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..ed5774b2 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,58 @@ +name: Release tests + +on: + repository_dispatch: + types: [ "liboqs-release" ] + +# To trigger this job, generate a GitHub personal access token and run the following command: +# +# curl --request POST \ +# --header "Accept: application/vnd.github+json" \ +# --header "Authorization: Bearer YOUR_TOKEN_HERE" \ +# --header "X-GitHub-Api-Version: 2022-11-28" \ +# --data '{ +# "event_type": "liboqs-release", +# "client_payload": { +# "provider_ref": "PROVIDER_BRANCH_OR_TAG_HERE", +# "liboqs_ref": "LIBOQS_BRANCH_OR_TAG_HERE" +# } +# }' \ +# https://api.github.com/repos/open-quantum-safe/oqs-provider/dispatches + +jobs: + release-test: + runs-on: ubuntu-latest + container: + image: openquantumsafe/ci-ubuntu-jammy:latest + + steps: + - name: Check if requested ref exists + env: + provider_ref: ${{ github.event.client_payload.provider_ref }} + run: | + # try both branch and tag + wget --quiet \ + --header "Accept: application/vnd.github+json" \ + --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + --header "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/open-quantum-safe/oqs-provider/branches/$provider_ref || \ + wget --quiet \ + --header "Accept: application/vnd.github+json" \ + --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + --header "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/open-quantum-safe/oqs-provider/git/ref/tags/$provider_ref \ + && echo "provider_ref=$provider_ref" >> "$GITHUB_ENV" \ + || echo "provider_ref=main" >> "$GITHUB_ENV" + - name: Checkout oqs-provider on requested ref if it exists; otherwise, fall back to main + uses: actions/checkout@v4 + with: + ref: ${{ env.provider_ref }} + # This is designed to be triggered automatically from liboqs CI, so don't bother validating the liboqs ref. + - name: Checkout liboqs at requested ref + uses: actions/checkout@v4 + with: + repository: open-quantum-safe/liboqs + path: liboqs + ref: ${{ github.event.client_payload.liboqs_ref }} + - name: Run release tests + run: OPENSSL_BRANCH=master ./scripts/release-test-ci.sh diff --git a/scripts/release-test-ci.sh b/scripts/release-test-ci.sh new file mode 100755 index 00000000..62a9ea02 --- /dev/null +++ b/scripts/release-test-ci.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Stop in case of error +set -e + +# To be run as part of a release test only on Linux +# requires python, pytest, xdist; install e.g. via +# sudo apt install python3 python3-pytest python3-pytest-xdist python3-psutil + +# must be run in main folder +# multicore machine recommended for fast execution + +# expect (ideally latest/release-test) liboqs to be already build and present +if [ -d liboqs ]; then + export LIBOQS_SRC_DIR=`pwd`/liboqs +else + echo "liboqs not found. Exiting." + exit 1 +fi + +if [ -d oqs-template ]; then + # Activate all algorithms + sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml + python3 oqs-template/generate.py + ./scripts/fullbuild.sh + ./scripts/runtests.sh + if [ -f .local/bin/openssl ]; then + OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py + else + echo "For full TLS PQ SIG/KEM matrix test, build (latest) openssl locally." + fi +else + echo "$0 must be run in main oqs-provider folder. Exiting." + exit 1 +fi + diff --git a/scripts/release-test.sh b/scripts/release-test.sh index df3a60b2..fcbc96e2 100755 --- a/scripts/release-test.sh +++ b/scripts/release-test.sh @@ -3,37 +3,35 @@ # Stop in case of error set -e -# To be run as part of a release test only on Linux -# requires python, pytest, xdist; install e.g. via -# sudo apt install python3 python3-pytest python3-pytest-xdist python3-psutil +# Wrapper around the release-test-ci.sh script to preserve uncommitted modifications. -# must be run in main folder -# multicore machine recommended for fast execution +# back up git status and checkout a fresh branch with identical staged/unstaged changes +save_local_git() { + # git stash does not have an --allow-empty option, so make sure we have something to stash. + # This allows us to safely call git stash pop. + tmpfile=$(mktemp ./XXXXXX) + git add $tmpfile + # back up uncommitted changes + git stash push --quiet + # restore changes but save stash + git stash apply --quiet + # delete dummy file + git rm -f $tmpfile --quiet + # save working branch name + working_branch=$(git branch --show-current) + # checkout a fresh branch + reltest_branch="reltest-$RANDOM" + git checkout -b $reltest_branch --quiet +} -# expect (ideally latest/release-test) liboqs to be already build and present -if [ -d liboqs ]; then - export LIBOQS_SRC_DIR=`pwd`/liboqs -else - echo "liboqs not found. Exiting." - exit 1 -fi - -if [ -d oqs-template ]; then - # just a temp setup - git checkout -b reltest - # Activate all algorithms - sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml - python3 oqs-template/generate.py - rm -rf _build - ./scripts/fullbuild.sh - ./scripts/runtests.sh - if [ -f .local/bin/openssl ]; then - OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py - else - echo "For full TLS PQ SIG/KEM matrix test, build (latest) openssl locally." - fi - git reset --hard && git checkout main && git branch -D reltest -else - echo "$0 must be run in main oqs-provider folder. Exiting." -fi +# restore git status +restore_local_git() { + # switch back to working branch; delete temporary branch; reset to HEAD; pop stashed changes; delete dummy file + git switch $working_branch --quiet && git branch -D $reltest_branch --quiet && git reset --hard --quiet && git stash pop --quiet && git rm -f $tmpfile --quiet +} +save_local_git +trap restore_local_git EXIT +# clean out the build directory and run tests +rm -rf _build +./scripts/release-test-ci.sh From 8e85bb4a36c7da26727e1c853c8285cd61a5bd83 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 3 Feb 2024 17:03:53 +0100 Subject: [PATCH 111/164] add more defensive error handling (#346) * add more defensive error handling Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 58 +++-- oqsprov/oqsprov_keys.c | 463 +++++++++++++++++------------------ 2 files changed, 255 insertions(+), 266 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index ca8caa75..c7683c5f 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -521,12 +521,16 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; - buf = OPENSSL_secure_zalloc(buflen); - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, - 0, 0, 1); - if (ret != QSC_ENC_OK) - return -1; + buf = OPENSSL_secure_zalloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = qsc_encode(encoding_ctx->encoding_ctx, + encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, + 0, 1); + if (ret != QSC_ENC_OK) + return -1; *pder = buf; return buflen; @@ -661,11 +665,15 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # else int withoptional = 1; # endif - buflen = (withoptional - ? encoding_ctx->encoding_impl->crypto_secretkeybytes - : encoding_ctx->encoding_impl - ->crypto_secretkeybytes_nooptional); - buf = OPENSSL_secure_zalloc(buflen); + buflen + = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes + : encoding_ctx->encoding_impl + ->crypto_secretkeybytes_nooptional); + buf = OPENSSL_secure_zalloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } ret = qsc_encode(encoding_ctx->encoding_ctx, encoding_ctx->encoding_impl, @@ -676,19 +684,27 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } else { #endif #ifdef NOPUBKEY_IN_PRIVKEY - buflen = privkeylen; - buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", - buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); -#else - buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); + buflen = privkeylen; buf = OPENSSL_secure_malloc(buflen); - OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", buflen); memcpy(buf, oqsxkey->privkey, privkeylen); - memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], - oqsx_key_get_oqs_public_key_len(oqsxkey)); +#else + buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); + buf = OPENSSL_secure_malloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", + buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); + memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], + oqsx_key_get_oqs_public_key_len(oqsxkey)); #endif #ifdef USE_ENCODING_LIB } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 1e50f80b..e9e65655 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -589,28 +589,28 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, if (key->oqsx_encoding_ctx.encoding_impl->crypto_publickeybytes != plen) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto err_key_op; } if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; + goto err_key_op; } if (qsc_decode(key->oqsx_encoding_ctx.encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, p, (unsigned char **)&key->pubkey, 0, 0, 1) != QSC_ENC_OK) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto err_key_op; } } else { #endif if (key->pubkeylen != plen) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; + goto err_key_op; } if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; + goto err_key_op; } memcpy(key->pubkey, p, plen); #ifdef USE_ENCODING_LIB @@ -622,108 +622,17 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, size_t actualprivkeylen = key->privkeylen; // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub // key classic pub key must/can be re-created from classic private key - if (key->keytype == KEY_TYPE_CMP_SIG) { - size_t privlen = 0; - size_t publen = 0; - size_t previous_privlen = 0; - size_t previous_publen = 0; - int pqc_pub_enc = 0; - int i; - - // check if key is the right size - for (i = 0; i < key->numkeys; i++) { - char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) - == NULL) { - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - privlen = key->privkeylen_cmp[i]; - if (get_oqsname_fromtls(name) == 0) { // classical key - publen = 0; - } else { // PQC key - publen = key->pubkeylen_cmp[i]; // pubkey in PQC privkey is - // OPTIONAL - } - previous_privlen += privlen; - previous_publen += publen; - OPENSSL_free(name); - } - if (previous_privlen != plen) { - // is ok, PQC pubkey might be in privkey - pqc_pub_enc = 1; - if (previous_privlen + previous_publen != plen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - } - if (oqsx_key_allocate_keymaterial(key, 1)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - previous_privlen = 0; - previous_publen = 0; - for (i = 0; i < key->numkeys; i++) { - size_t classic_publen = 0; - char *name; - if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) - == NULL) { - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - if (get_oqsname_fromtls(name) == 0) { // classical key - publen = 0; // no pubkey encoded with privkey on classical - // keys. will recreate the pubkey later - if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype - == EVP_PKEY_RSA) { // get the RSA real key size - unsigned char *enc_len = OPENSSL_strndup( - p + previous_privlen + previous_publen, 4); - OPENSSL_cleanse(enc_len, 2); - DECODE_UINT32(privlen, enc_len); - privlen += 4; - OPENSSL_free(enc_len); - if (privlen > key->privkeylen_cmp[i]) { - OPENSSL_free(name); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - } else - privlen = key->privkeylen_cmp[i]; - } else { // PQC key - privlen = key->privkeylen_cmp[i]; - if (pqc_pub_enc) - publen = key->pubkeylen_cmp[i]; - else - publen = 0; - } - memcpy(key->privkey + previous_privlen, - p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, - p + privlen + previous_privlen + previous_publen, - publen); - previous_privlen += privlen; - previous_publen += publen; - OPENSSL_free(name); - } - } else { - if (key->numkeys == 2) { - DECODE_UINT32(classical_privatekey_len, - p); // actual classic key len - // adjust expected size - if (classical_privatekey_len - > key->evp_info->length_private_key) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - actualprivkeylen -= (key->evp_info->length_private_key - - classical_privatekey_len); + if (key->numkeys == 2) { + DECODE_UINT32(classical_privatekey_len, + p); // actual classic key len + // adjust expected size + if (classical_privatekey_len > key->evp_info->length_private_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; } + actualprivkeylen -= (key->evp_info->length_private_key + - classical_privatekey_len); + } #ifdef USE_ENCODING_LIB if (key->oqsx_encoding_ctx.encoding_ctx && key->oqsx_encoding_ctx.encoding_impl) { @@ -738,26 +647,26 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, # else int withoptional = 1; # endif - int pubkey_available = withoptional; - if (oqsx_key_allocate_keymaterial(key, 1)) { + int pubkey_available = withoptional; + if (oqsx_key_allocate_keymaterial(key, 1)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + if (pubkey_available) { + if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - if (pubkey_available) { - if (oqsx_key_allocate_keymaterial(key, 0)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } + goto err_key_op; } + } - if (qsc_decode( - encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, - (pubkey_available ? (unsigned char **)&key->pubkey : 0), - p, (unsigned char **)&key->privkey, withoptional) - != QSC_ENC_OK) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } + if (qsc_decode( + encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, + (pubkey_available ? (unsigned char **)&key->pubkey : 0), p, + (unsigned char **)&key->privkey, withoptional) + != QSC_ENC_OK) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } } else { #endif @@ -775,36 +684,36 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); #endif - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - if (oqsx_key_allocate_keymaterial(key, 1) + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + if (oqsx_key_allocate_keymaterial(key, 1) #ifndef NOPUBKEY_IN_PRIVKEY || oqsx_key_allocate_keymaterial(key, 0) #endif - ) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err; - } - // first populate private key data - memcpy(key->privkey, p, actualprivkeylen); + ) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + // first populate private key data + memcpy(key->privkey, p, actualprivkeylen); #ifndef NOPUBKEY_IN_PRIVKEY - // only enough data to fill public OQS key component - if (oqsx_key_get_oqs_public_key_len(key) - != plen - actualprivkeylen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err; - } - // populate OQS public key structure - if (key->numkeys == 2) { - unsigned char *pubkey = (unsigned char *)key->pubkey; - ENCODE_UINT32(pubkey, key->evp_info->length_public_key); - memcpy(pubkey + SIZE_OF_UINT32 - + key->evp_info->length_public_key, - p + actualprivkeylen, plen - actualprivkeylen); - } else - memcpy(key->pubkey, p + key->privkeylen, - plen - key->privkeylen); + // only enough data to fill public OQS key component + if (oqsx_key_get_oqs_public_key_len(key) + != plen - actualprivkeylen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + // populate OQS public key structure + if (key->numkeys == 2) { + unsigned char *pubkey = (unsigned char *)key->pubkey; + ENCODE_UINT32(pubkey, key->evp_info->length_public_key); + memcpy(pubkey + SIZE_OF_UINT32 + + key->evp_info->length_public_key, + p + actualprivkeylen, plen - actualprivkeylen); + } else + memcpy(key->pubkey, p + key->privkeylen, + plen - key->privkeylen); #endif } } @@ -812,11 +721,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, } #endif if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey(key, op)) - goto err; + goto err_key_op; return key; -err: +err_key_op: oqsx_key_free(key); return NULL; } @@ -1075,87 +984,144 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; - if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { - oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) { - p = NULL; - plen = 0; - } else { - p = ASN1_STRING_get0_data(oct); - plen = ASN1_STRING_length(oct); - } + oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); + if (oct == NULL) { + p = NULL; + plen = 0; } else { - sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); - if (sk == NULL) { - sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - return NULL; - } else { - count = sk_ASN1_TYPE_num(sk); - concat_key = OPENSSL_zalloc(plen); - PKCS8_PRIV_KEY_INFO *p8inf_internal = NULL; + p = ASN1_STRING_get0_data(oct); + plen = ASN1_STRING_length(oct); + } - aux = 0; - for (i = 0; i < count; i++) { - aType = sk_ASN1_TYPE_pop(sk); - p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); - char *name; - if ((name - = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) - == NULL) { - OPENSSL_free(name); - ASN1_TYPE_free(aType); - OPENSSL_clear_free(concat_key, plen); - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); - sk_ASN1_TYPE_free(sk); - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - return NULL; - } - buflen = aType->value.sequence->length; - const unsigned char *buf2 = aType->value.sequence->data; + oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PRIVATE, libctx, propq); + ASN1_OCTET_STRING_free(oct); + return oqsx; +} - p8inf_internal - = d2i_PKCS8_PRIV_KEY_INFO(&p8inf_internal, &buf2, buflen); - if (!PKCS8_pkey_get0(NULL, &buf, &buflen, NULL, - p8inf_internal)) { - OPENSSL_free(name); - ASN1_TYPE_free(aType); - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); - OPENSSL_clear_free(concat_key, plen); - sk_ASN1_TYPE_free(sk); - return NULL; - } +/* Key codes */ - aux += buflen; - memcpy(concat_key + plen - 1 - aux, buf, buflen); - // if is a RSA key the actual encoding size might be different - // from max size we calculate that difference for to facilitate - // the key reconstruction - if (!strncmp(name, "rsa", 3) || !strncmp(name, "pss", 3)) { - if (name[3] == '3') // 3072 - rsa_diff = nids_sig[5].length_private_key - buflen; - else // 2048 - rsa_diff = nids_sig[6].length_private_key - buflen; - } - OPENSSL_free(name); - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); - ASN1_TYPE_free(aType); - } +static const OQSX_EVP_INFO nids_sig[] = { + {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit + {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit + {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit +}; - p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); - OPENSSL_clear_free(concat_key, plen); - plen = aux; - sk_ASN1_TYPE_free(sk); - } +// These two array need to stay synced: +static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; +static const OQSX_EVP_INFO nids_ecp[] = { + {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 0}, // 192 bit + {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 0} // 256 bit +}; + +// These two array need to stay synced: +static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; +static const OQSX_EVP_INFO nids_ecx[] = { + {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit + {EVP_PKEY_X448, 0, 1, 56, 56, 56, 0}, // 192 bit + {0, 0, 0, 0, 0, 0, 0} // 256 bit +}; + +static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, + char *algname) +{ + int ret = 1; + int idx = (bit_security - 128) / 64; + ON_ERR_GOTO(idx < 0 || idx > 2, err_init); + + if (!strncmp(algname, "rsa3072_", 8)) + idx += 3; + else if (algname[0] != 'p') { + OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); + ret = 0; + goto err_init; } - oqsx = oqsx_key_op(palg, p, plen + rsa_diff, KEY_OP_PRIVATE, libctx, propq); - if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { - ASN1_OCTET_STRING_free(oct); - } else { - OPENSSL_clear_free(p, plen); + ON_ERR_GOTO(idx < 0 || idx > 3, err_init); + + evp_ctx->evp_info = &nids_sig[idx]; + + evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + ON_ERR_GOTO(!evp_ctx->ctx, err_init); + + if (idx < 3) { // EC + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, free_evp_ctx); + + ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, + evp_ctx->evp_info->nid); + ON_ERR_GOTO(ret <= 0, free_evp_ctx); + + ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); } - return oqsx; + // RSA bit length set only during keygen + goto err_init; + +free_evp_ctx: + EVP_PKEY_CTX_free(evp_ctx->ctx); + evp_ctx->ctx = NULL; + +err_init: + return ret; +} + +static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) +{ + int ret = 1; + int idx = 0; + while (idx < sizeof(OQSX_ECP_NAMES)) { + if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) + break; + idx++; + } + ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecp); + + evp_ctx->evp_info = &nids_ecp[idx]; + + evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + ON_ERR_GOTO(!evp_ctx->ctx, err_init_ecp); + + ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); + ON_ERR_GOTO(ret <= 0, err_init_ecp); + + ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, + evp_ctx->evp_info->nid); + ON_ERR_GOTO(ret <= 0, err_init_ecp); + + ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err_init_ecp); + +err_init_ecp: + return ret; +} + +static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) +{ + int ret = 1; + int idx = 0; + + while (idx < sizeof(OQSX_ECX_NAMES)) { + if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) + break; + idx++; + } + ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecx); + + evp_ctx->evp_info = &nids_ecx[idx]; + + evp_ctx->keyParam = EVP_PKEY_new(); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err_init_ecx); + + ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init_ecx); + + evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init_ecx); + +err_init_ecx: + return ret; } static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *) @@ -1169,7 +1135,8 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { - OQSX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); + OQSX_KEY *ret = OPENSSL_zalloc( + sizeof(*ret)); // ensure all component pointers are NULL OQSX_EVP_CTX *evp_ctx = NULL; int ret2 = 0, i; @@ -1178,10 +1145,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, #ifdef OQS_PROVIDER_NOATOMIC ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - OPENSSL_free(ret); - goto err; - } + ON_ERR_GOTO(!ret->lock, err); #endif if (oqs_name == NULL) { @@ -1199,7 +1163,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; + ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { fprintf( @@ -1238,7 +1202,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 1; ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); - ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; + ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { fprintf( @@ -1273,6 +1237,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key @@ -1303,6 +1268,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->numkeys = 2; ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); + ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key @@ -1373,13 +1339,12 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->libctx = libctx; ret->references = 1; ret->tls_name = OPENSSL_strdup(tls_name); + ON_ERR_GOTO(!ret->tls_name, err); ret->bit_security = bit_security; if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - if (ret->propq == NULL) - goto err; + ON_ERR_GOTO(!ret->propq, err); } OQS_KEY_PRINTF2("OQSX_KEY: new key created: %s\n", ret->tls_name); @@ -1388,6 +1353,14 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, return ret; err: ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); +#ifdef OQS_PROVIDER_NOATOMIC + if (ret->lock) + CRYPTO_THREAD_lock_free(ret->lock); +#endif + OPENSSL_free(ret->tls_name); + OPENSSL_free(ret->propq); + OPENSSL_free(ret->comp_privkey); + OPENSSL_free(ret->comp_pubkey); OPENSSL_free(ret); return NULL; } @@ -1472,14 +1445,14 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) aux = SIZE_OF_UINT32; if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen + aux); - ON_ERR_SET_GOTO(!key->privkey, ret, 1, err); + key->privkey = OPENSSL_secure_zalloc(key->privkeylen); + ON_ERR_SET_GOTO(!key->privkey, ret, 1, err_alloc); } if (!key->pubkey && !include_private) { key->pubkey = OPENSSL_secure_zalloc(key->pubkeylen); - ON_ERR_SET_GOTO(!key->pubkey, ret, 1, err); + ON_ERR_SET_GOTO(!key->pubkey, ret, 1, err_alloc); } -err: +err_alloc: return ret; } @@ -1658,21 +1631,21 @@ int oqsx_key_gen(OQSX_KEY *key) if (key->privkey == NULL || key->pubkey == NULL) { ret = oqsx_key_allocate_keymaterial(key, 0) || oqsx_key_allocate_keymaterial(key, 1); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); } if (key->keytype == KEY_TYPE_KEM) { ret = !oqsx_key_set_composites(key); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); ret = oqsx_key_gen_oqs(key, 1); } else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM || key->keytype == KEY_TYPE_HYB_SIG) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, - key->pubkey, key->privkey, 1); - ON_ERR_GOTO(pkey == NULL, err); + key->pubkey, key->privkey); + ON_ERR_GOTO(pkey == NULL, err_gen); ret = !oqsx_key_set_composites(key); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); OQS_KEY_PRINTF3("OQSKM: OQSX_KEY privkeylen %ld & pubkeylen: %ld\n", key->privkeylen, key->pubkeylen); @@ -1705,12 +1678,12 @@ int oqsx_key_gen(OQSX_KEY *key) } else if (key->keytype == KEY_TYPE_SIG) { ret = !oqsx_key_set_composites(key); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); ret = oqsx_key_gen_oqs(key, 0); } else { ret = 1; } -err: +err_gen: if (ret) { EVP_PKEY_free(pkey); key->classical_pkey = NULL; From cd5cab5317329f04f3f99a63d41f7b55b3eecae6 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 3 Feb 2024 17:04:43 +0100 Subject: [PATCH 112/164] correct wrong use of sizeof (#347) Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index e9e65655..0dc12f79 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1007,7 +1007,8 @@ static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit }; -// These two array need to stay synced: +// These two arrays need to stay synced: +// note only leading 4 chars of alg name are checked static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; static const OQSX_EVP_INFO nids_ecp[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit @@ -1015,7 +1016,8 @@ static const OQSX_EVP_INFO nids_ecp[] = { {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 0} // 256 bit }; -// These two array need to stay synced: +// These two arrays need to stay synced: +// note only leading 4 chars of alg name are checked static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; static const OQSX_EVP_INFO nids_ecx[] = { {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit @@ -1071,7 +1073,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { int ret = 1; int idx = 0; - while (idx < sizeof(OQSX_ECP_NAMES)) { + while (idx < OSSL_NELEM(OQSX_ECP_NAMES)) { if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) break; idx++; @@ -1102,7 +1104,7 @@ static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) int ret = 1; int idx = 0; - while (idx < sizeof(OQSX_ECX_NAMES)) { + while (idx < OSSL_NELEM(OQSX_ECX_NAMES)) { if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) break; idx++; From ca50cba9fb7cd9104d5bddb7629638480338cfec Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Mon, 12 Feb 2024 15:42:16 +0100 Subject: [PATCH 113/164] Protecting from NULL parameters (#350) * guard against possible NULL parameters passed * fix SECURITY status [skip ci] Signed-off-by: Felipe Ventura --- SECURITY.md | 4 +++- oqsprov/oqs_kmgmt.c | 22 ++++++++++++++++++---- oqsprov/oqs_prov.h | 3 ++- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8e1623b7..a58a1077 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,9 @@ We only support the most recent release. | Version | Supported | | ------- | ------------------ | -| 0.5.1 | :white_check_mark: | +| 0.5.3 | :white_check_mark: | +| 0.5.2 | :x: | +| 0.5.1 | :x: | | < 0.5 | :x: | ## Reporting a Vulnerability diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 09bb2b31..69de105c 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -134,6 +134,11 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) keydata2); OQS_KM_PRINTF2("OQSKEYMGMT: match called for selection %d\n", selection); + if (key1 == NULL || key2 == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + return 0; + } + #ifdef NOPUBKEY_IN_PRIVKEY /* Now this is a "leap of faith" logic: If a public-only PKEY and a * private-only PKEY are tested for equality we cannot do anything other @@ -279,8 +284,8 @@ static int oqsx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, * In this implementation, only public and private keys can be exported, * nothing else */ - if (key == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_UNEXPECTED_NULL); + if (key == NULL || param_cb == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); return 0; } @@ -329,6 +334,11 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[]) OQSX_KEY *oqsxk = key; OSSL_PARAM *p; + if (oqsxk == NULL || params == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + return 0; + } + OQS_KM_PRINTF2("OQSKEYMGMT: get_params called for %s\n", params[0].key); if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, oqsx_key_secbits(oqsxk))) @@ -414,6 +424,10 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[]) const OSSL_PARAM *p; OQS_KM_PRINTF("OQSKEYMGMT: set_params called\n"); + if (oqsxkey == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + return 0; + } p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { size_t used_len; @@ -487,10 +501,10 @@ static void *oqsx_genkey(struct oqsx_gen_ctx *gctx) { OQSX_KEY *key; - OQS_KM_PRINTF3("OQSKEYMGMT: gen called for %s (%s)\n", gctx->oqs_name, - gctx->tls_name); if (gctx == NULL) return NULL; + OQS_KM_PRINTF3("OQSKEYMGMT: gen called for %s (%s)\n", gctx->oqs_name, + gctx->tls_name); if ((key = oqsx_key_new(gctx->libctx, gctx->oqs_name, gctx->tls_name, gctx->primitive, gctx->propq, gctx->bit_security, gctx->alg_idx)) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 6cfa7fbd..7ed809c4 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -85,7 +85,8 @@ typedef struct prov_oqs_ctx_st { PROV_OQS_CTX *oqsx_newprovctx(OSSL_LIB_CTX *libctx, const OSSL_CORE_HANDLE *handle, BIO_METHOD *bm); void oqsx_freeprovctx(PROV_OQS_CTX *ctx); -#define PROV_OQS_LIBCTX_OF(provctx) (((PROV_OQS_CTX *)provctx)->libctx) +#define PROV_OQS_LIBCTX_OF(provctx) \ + provctx ? (((PROV_OQS_CTX *)provctx)->libctx) : NULL #include "oqs/oqs.h" #ifdef USE_ENCODING_LIB From dc363e7e0dc9e90bd0d501e0abd32b8906c4d172 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 15 Feb 2024 14:35:02 -0600 Subject: [PATCH 114/164] merged upstream Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 66 ++++++++--------- oqsprov/oqsprov_keys.c | 138 ++++++++++++++++++----------------- 2 files changed, 103 insertions(+), 101 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index c7683c5f..73838901 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -521,16 +521,16 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) const OQSX_ENCODING_CTX *encoding_ctx = &oqsxkey->oqsx_encoding_ctx; buflen = encoding_ctx->encoding_impl->crypto_publickeybytes; - buf = OPENSSL_secure_zalloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } - ret = qsc_encode(encoding_ctx->encoding_ctx, - encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, 0, - 0, 1); - if (ret != QSC_ENC_OK) - return -1; + buf = OPENSSL_secure_zalloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = qsc_encode(encoding_ctx->encoding_ctx, + encoding_ctx->encoding_impl, oqsxkey->pubkey, &buf, + 0, 0, 1); + if (ret != QSC_ENC_OK) + return -1; *pder = buf; return buflen; @@ -665,15 +665,15 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) # else int withoptional = 1; # endif - buflen - = (withoptional ? encoding_ctx->encoding_impl->crypto_secretkeybytes - : encoding_ctx->encoding_impl - ->crypto_secretkeybytes_nooptional); - buf = OPENSSL_secure_zalloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } + buflen = (withoptional + ? encoding_ctx->encoding_impl->crypto_secretkeybytes + : encoding_ctx->encoding_impl + ->crypto_secretkeybytes_nooptional); + buf = OPENSSL_secure_zalloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } ret = qsc_encode(encoding_ctx->encoding_ctx, encoding_ctx->encoding_impl, @@ -684,27 +684,27 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } else { #endif #ifdef NOPUBKEY_IN_PRIVKEY - buflen = privkeylen; + buflen = privkeylen; + buf = OPENSSL_secure_malloc(buflen); + if (buf == NULL) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } + OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", + buflen); + memcpy(buf, oqsxkey->privkey, privkeylen); +#else + buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); buf = OPENSSL_secure_malloc(buflen); if (buf == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return -1; } - OQS_ENC_PRINTF2("OQS ENC provider: saving privkey of length %d\n", + OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", buflen); memcpy(buf, oqsxkey->privkey, privkeylen); -#else - buflen = privkeylen + oqsx_key_get_oqs_public_key_len(oqsxkey); - buf = OPENSSL_secure_malloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - return -1; - } - OQS_ENC_PRINTF2("OQS ENC provider: saving priv+pubkey of length %d\n", - buflen); - memcpy(buf, oqsxkey->privkey, privkeylen); - memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], - oqsx_key_get_oqs_public_key_len(oqsxkey)); + memcpy(buf + privkeylen, oqsxkey->comp_pubkey[oqsxkey->numkeys - 1], + oqsx_key_get_oqs_public_key_len(oqsxkey)); #endif #ifdef USE_ENCODING_LIB } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 0dc12f79..9634087f 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -408,6 +408,7 @@ static const OQSX_EVP_INFO nids_sig[] = { }; // These two array need to stay synced: +// note only leading 4 chars of alg name are checked static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; static const OQSX_EVP_INFO nids_ecp[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit @@ -416,6 +417,7 @@ static const OQSX_EVP_INFO nids_ecp[] = { }; // These two array need to stay synced: +// note only leading 4 chars of alg name are checked static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; static const OQSX_EVP_INFO nids_ecx[] = { {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit @@ -428,7 +430,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, { int ret = 1; int idx = (bit_security - 128) / 64; - ON_ERR_GOTO(idx < 0 || idx > 5, err); + ON_ERR_GOTO(idx < 0 || idx > 5, err_init); if (!strncmp(algname, "rsa", 3) || !strncmp(algname, "pss", 3)) { idx += 5; @@ -441,33 +443,33 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } else { OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); ret = 0; - goto err; + goto err_init; } } - ON_ERR_GOTO(idx < 0 || idx > 6, err); + ON_ERR_GOTO(idx < 0 || idx > 6, err_init); if (algname[0] == 'e') // ED25519 or ED448 { evp_ctx->evp_info = &nids_sig[idx + 7]; evp_ctx->keyParam = EVP_PKEY_new(); - ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err_init); ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); - ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init); evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); - ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init); } else { evp_ctx->evp_info = &nids_sig[idx]; evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err); + ON_ERR_GOTO(!evp_ctx->ctx, err_init); if (idx < 5) { // EC ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err); + ON_ERR_GOTO(ret <= 0, err_init); ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid( evp_ctx->ctx, evp_ctx->evp_info->nid); @@ -478,13 +480,13 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, } } // RSA bit length set only during keygen - goto err; + goto err_init; free_evp_ctx: EVP_PKEY_CTX_free(evp_ctx->ctx); evp_ctx->ctx = NULL; -err: +err_init: return ret; } @@ -492,29 +494,29 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { int ret = 1; int idx = 0; - while (idx < sizeof(OQSX_ECP_NAMES)) { + while (idx < OSSL_NELEM(OQSX_ECP_NAMES)) { if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) break; idx++; } - ON_ERR_GOTO(idx < 0 || idx > 2, err); + ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecp); evp_ctx->evp_info = &nids_ecp[idx]; evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err); + ON_ERR_GOTO(!evp_ctx->ctx, err_init_ecp); ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err); + ON_ERR_GOTO(ret <= 0, err_init_ecp); ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, err); + ON_ERR_GOTO(ret <= 0, err_init_ecp); ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err); + ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err_init_ecp); -err: +err_init_ecp: return ret; } @@ -523,25 +525,25 @@ static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) int ret = 1; int idx = 0; - while (idx < sizeof(OQSX_ECX_NAMES)) { + while (idx < OSSL_NELEM(OQSX_ECX_NAMES)) { if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) break; idx++; } - ON_ERR_GOTO(idx < 0 || idx > 2, err); + ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecx); evp_ctx->evp_info = &nids_ecx[idx]; evp_ctx->keyParam = EVP_PKEY_new(); - ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err); + ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err_init_ecx); ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); - ON_ERR_SET_GOTO(ret <= 0, ret, -1, err); + ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init_ecx); evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); - ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err); + ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init_ecx); -err: +err_init_ecx: return ret; } @@ -647,26 +649,26 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, # else int withoptional = 1; # endif - int pubkey_available = withoptional; - if (oqsx_key_allocate_keymaterial(key, 1)) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - if (pubkey_available) { - if (oqsx_key_allocate_keymaterial(key, 0)) { + int pubkey_available = withoptional; + if (oqsx_key_allocate_keymaterial(key, 1)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err_key_op; } - } + if (pubkey_available) { + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + } - if (qsc_decode( - encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, - (pubkey_available ? (unsigned char **)&key->pubkey : 0), p, - (unsigned char **)&key->privkey, withoptional) - != QSC_ENC_OK) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } + if (qsc_decode( + encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, 0, + (pubkey_available ? (unsigned char **)&key->pubkey : 0), + p, (unsigned char **)&key->privkey, withoptional) + != QSC_ENC_OK) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } } else { #endif @@ -684,36 +686,36 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, (int)(actualprivkeylen + oqsx_key_get_oqs_public_key_len(key))); #endif - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - if (oqsx_key_allocate_keymaterial(key, 1) + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + if (oqsx_key_allocate_keymaterial(key, 1) #ifndef NOPUBKEY_IN_PRIVKEY || oqsx_key_allocate_keymaterial(key, 0) #endif - ) { - ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); - goto err_key_op; - } - // first populate private key data - memcpy(key->privkey, p, actualprivkeylen); + ) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + // first populate private key data + memcpy(key->privkey, p, actualprivkeylen); #ifndef NOPUBKEY_IN_PRIVKEY - // only enough data to fill public OQS key component - if (oqsx_key_get_oqs_public_key_len(key) - != plen - actualprivkeylen) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); - goto err_key_op; - } - // populate OQS public key structure - if (key->numkeys == 2) { - unsigned char *pubkey = (unsigned char *)key->pubkey; - ENCODE_UINT32(pubkey, key->evp_info->length_public_key); - memcpy(pubkey + SIZE_OF_UINT32 - + key->evp_info->length_public_key, - p + actualprivkeylen, plen - actualprivkeylen); - } else - memcpy(key->pubkey, p + key->privkeylen, - plen - key->privkeylen); + // only enough data to fill public OQS key component + if (oqsx_key_get_oqs_public_key_len(key) + != plen - actualprivkeylen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + // populate OQS public key structure + if (key->numkeys == 2) { + unsigned char *pubkey = (unsigned char *)key->pubkey; + ENCODE_UINT32(pubkey, key->evp_info->length_public_key); + memcpy(pubkey + SIZE_OF_UINT32 + + key->evp_info->length_public_key, + p + actualprivkeylen, plen - actualprivkeylen); + } else + memcpy(key->pubkey, p + key->privkeylen, + plen - key->privkeylen); #endif } } @@ -1660,21 +1662,21 @@ int oqsx_key_gen(OQSX_KEY *key) char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { OPENSSL_free(name); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); } if (get_oqsname_fromtls(name) == 0) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, key->comp_pubkey[i], key->comp_privkey[i], 0); OPENSSL_free(name); - ON_ERR_GOTO(pkey == NULL, err); + ON_ERR_GOTO(pkey == NULL, err_gen); key->classical_pkey = pkey; } else { ret = OQS_SIG_keypair(key->oqsx_provider_ctx.oqsx_qs_ctx.sig, key->comp_pubkey[i], key->comp_privkey[i]); OPENSSL_free(name); - ON_ERR_GOTO(ret, err); + ON_ERR_GOTO(ret, err_gen); } } From 166e846a790e2dc9ba30a52c7b2dceca75895e41 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 15 Feb 2024 15:08:40 -0600 Subject: [PATCH 115/164] adjusted flags for SubjectPublicKeyInto BIT_STRING Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 73838901..3ef60fae 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -569,7 +569,7 @@ static int oqsx_spki_pub_to_der(const void *vxkey, unsigned char **pder) oct.data = buf; oct.length = buflen; - oct.flags = 0; + oct.flags = 8; templen[i] = i2d_ASN1_BIT_STRING(&oct, &temp[i]); ASN1_STRING_set(aString[i], temp[i], templen[i]); ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); From d15fc6b0f23b966d8613120626399da988e549e8 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 23 Feb 2024 14:22:58 -0600 Subject: [PATCH 116/164] added support for EC without ECParam and Pubkey Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 367 +++++++++++++++++++++++++---------------- 1 file changed, 226 insertions(+), 141 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 9634087f..21a06e1c 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -624,17 +624,109 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, size_t actualprivkeylen = key->privkeylen; // for hybrid keys, we expect classic priv key||OQS priv key||OQS pub // key classic pub key must/can be re-created from classic private key - if (key->numkeys == 2) { - DECODE_UINT32(classical_privatekey_len, - p); // actual classic key len - // adjust expected size - if (classical_privatekey_len > key->evp_info->length_private_key) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + if (key->keytype == KEY_TYPE_CMP_SIG) { + size_t privlen = 0; + size_t publen = 0; + size_t previous_privlen = 0; + size_t previous_publen = 0; + int pqc_pub_enc = 0; + int i; + + // check if key is the right size + for (i = 0; i < key->numkeys; i++) { + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + privlen = key->privkeylen_cmp[i]; + if (get_oqsname_fromtls(name) == 0) { // classical key + publen = 0; + } else { // PQC key + publen = key->pubkeylen_cmp[i]; // pubkey in PQC privkey is + // OPTIONAL + } + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } + if (previous_privlen != plen) { + // is ok, PQC pubkey might be in privkey + pqc_pub_enc = 1; + if (previous_privlen + previous_publen != plen) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + if (oqsx_key_allocate_keymaterial(key, 0)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err_key_op; + } + } + if (oqsx_key_allocate_keymaterial(key, 1)) { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err_key_op; } - actualprivkeylen -= (key->evp_info->length_private_key - - classical_privatekey_len); - } + previous_privlen = 0; + previous_publen = 0; + for (i = 0; i < key->numkeys; i++) { + size_t classic_publen = 0; + char *name; + if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) + == NULL) { + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + if (get_oqsname_fromtls(name) == 0) { // classical key + publen = 0; // no pubkey encoded with privkey on classical + // keys. will recreate the pubkey later + if (key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype + == EVP_PKEY_RSA) { // get the RSA real key size + unsigned char *enc_len = OPENSSL_strndup( + p + previous_privlen + previous_publen, 4); + OPENSSL_cleanse(enc_len, 2); + DECODE_UINT32(privlen, enc_len); + privlen += 4; + OPENSSL_free(enc_len); + if (privlen > key->privkeylen_cmp[i]) { + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + key->privkeylen_cmp[i] = privlen; + } else + privlen = key->privkeylen_cmp[i]; + } else { // PQC key + privlen = key->privkeylen_cmp[i]; + if (pqc_pub_enc) + publen = key->pubkeylen_cmp[i]; + else + publen = 0; + } + memcpy(key->privkey + previous_privlen, + p + previous_privlen + previous_publen, privlen); + memcpy(key->pubkey + previous_publen, + p + privlen + previous_privlen + previous_publen, + publen); + previous_privlen += privlen; + previous_publen += publen; + OPENSSL_free(name); + } + } else { + if (key->numkeys == 2) { + DECODE_UINT32(classical_privatekey_len, + p); // actual classic key len + // adjust expected size + if (classical_privatekey_len + > key->evp_info->length_private_key) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + goto err_key_op; + } + actualprivkeylen -= (key->evp_info->length_private_key + - classical_privatekey_len); + } #ifdef USE_ENCODING_LIB if (key->oqsx_encoding_ctx.encoding_ctx && key->oqsx_encoding_ctx.encoding_impl) { @@ -792,16 +884,18 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) if (get_oqsname_fromtls(name) == 0) { const unsigned char *enc_privkey = key->comp_privkey[i]; if (!key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info - ->raw_key_support) + ->raw_key_support) { + EVP_PKEY *npk; key->classical_pkey = d2i_PrivateKey( key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info ->keytype, NULL, &enc_privkey, key->privkeylen_cmp[i]); - else + } else { key->classical_pkey = EVP_PKEY_new_raw_private_key( key->oqsx_provider_ctx.oqsx_evp_ctx->evp_info ->keytype, NULL, enc_privkey, key->privkeylen_cmp[i]); + } if (!key->classical_pkey) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); OPENSSL_free(name); @@ -981,151 +1075,142 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; unsigned char *concat_key, *buf; - int count, aux, i, buflen, rsa_diff = 0; + int count, aux, i, buflen, key_diff = 0; if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) return 0; - oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) { - p = NULL; - plen = 0; + if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { + oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); + if (oct == NULL) { + p = NULL; + plen = 0; + } else { + p = ASN1_STRING_get0_data(oct); + plen = ASN1_STRING_length(oct); + } } else { - p = ASN1_STRING_get0_data(oct); - plen = ASN1_STRING_length(oct); - } - - oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PRIVATE, libctx, propq); - ASN1_OCTET_STRING_free(oct); - return oqsx; -} - -/* Key codes */ - -static const OQSX_EVP_INFO nids_sig[] = { - {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit - {EVP_PKEY_RSA, NID_rsaEncryption, 0, 398, 1770, 0, 384}, // 128 bit -}; - -// These two arrays need to stay synced: -// note only leading 4 chars of alg name are checked -static const char *OQSX_ECP_NAMES[] = {"p256", "p384", "p521", 0}; -static const OQSX_EVP_INFO nids_ecp[] = { - {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 0}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 0}, // 192 bit - {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 0} // 256 bit -}; - -// These two arrays need to stay synced: -// note only leading 4 chars of alg name are checked -static const char *OQSX_ECX_NAMES[] = {"x25519", "x448", 0}; -static const OQSX_EVP_INFO nids_ecx[] = { - {EVP_PKEY_X25519, 0, 1, 32, 32, 32, 0}, // 128 bit - {EVP_PKEY_X448, 0, 1, 56, 56, 56, 0}, // 192 bit - {0, 0, 0, 0, 0, 0, 0} // 256 bit -}; - -static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, - char *algname) -{ - int ret = 1; - int idx = (bit_security - 128) / 64; - ON_ERR_GOTO(idx < 0 || idx > 2, err_init); - - if (!strncmp(algname, "rsa3072_", 8)) - idx += 3; - else if (algname[0] != 'p') { - OQS_KEY_PRINTF2("OQS KEY: Incorrect hybrid name: %s\n", algname); - ret = 0; - goto err_init; - } - - ON_ERR_GOTO(idx < 0 || idx > 3, err_init); - - evp_ctx->evp_info = &nids_sig[idx]; + sk = d2i_ASN1_SEQUENCE_ANY(NULL, &p, plen); + if (sk == NULL) { + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return NULL; + } else { + count = sk_ASN1_TYPE_num(sk); + plen = 2 * plen; // get more than necessary in case its needed + concat_key = OPENSSL_zalloc(plen); + PKCS8_PRIV_KEY_INFO *p8inf_internal = NULL; + const X509_ALGOR *palg_internal; + int keytype, nid; - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err_init); + aux = 0; + for (i = 0; i < count; i++) { + aType = sk_ASN1_TYPE_pop(sk); + p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); + nid = 1; + char *name; + if ((name + = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) + == NULL) { + OPENSSL_free(name); + ASN1_TYPE_free(aType); + OPENSSL_clear_free(concat_key, plen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + sk_ASN1_TYPE_free(sk); + ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + return NULL; + } + buflen = aType->value.sequence->length; + const unsigned char *buf2 = aType->value.sequence->data; - if (idx < 3) { // EC - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, free_evp_ctx); + p8inf_internal + = d2i_PKCS8_PRIV_KEY_INFO(&p8inf_internal, &buf2, buflen); + if (!PKCS8_pkey_get0(NULL, &buf, &buflen, &palg_internal, + p8inf_internal)) { + OPENSSL_free(name); + ASN1_TYPE_free(aType); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_clear_free(concat_key, plen); + sk_ASN1_TYPE_free(sk); + return NULL; + } - ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, - evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, free_evp_ctx); + keytype = OBJ_obj2nid(palg_internal->algorithm); + + // Checking OPTIONAL params on EC + if (keytype == EVP_PKEY_EC) { + nid = OBJ_obj2nid(palg_internal->parameter->value.object); + for (int j = 0; j < OSSL_NELEM(nids_sig); j++) { + if ((nids_sig[j].nid == nid) + && (nids_sig[j].length_private_key > buflen)) { + EC_KEY *ec_pkey; + const unsigned char *buf3 = buf; + unsigned char *buf4, *buf5; + + if (buflen + != nids_sig[j].kex_length_secret + + 7) { // no ECParameter and no + // Pubkey + OPENSSL_free(name); + ASN1_TYPE_free(aType); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_clear_free(concat_key, plen); + sk_ASN1_TYPE_free(sk); + return NULL; + } + ec_pkey = EC_KEY_new_by_curve_name(nid); + ec_pkey = d2i_ECPrivateKey(&ec_pkey, &buf3, buflen); + EC_KEY_set_enc_flags(ec_pkey, 0); + buf4 = OPENSSL_malloc( + nids_sig[j].length_private_key); + buf5 = buf4; + buflen = i2d_ECPrivateKey(ec_pkey, &buf5); + + aux += buflen; + memcpy(concat_key + plen - 1 - aux, buf4, buflen); + nid = 0; // use as flag to not memcpy twice + + OPENSSL_clear_free(buf4, buflen); + EC_KEY_free(ec_pkey); + break; + } + } + } - ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, free_evp_ctx); - } - // RSA bit length set only during keygen - goto err_init; + // if is a RSA key the actual encoding size might be different + // from max size we calculate that difference for to facilitate + // the key reconstruction + if (keytype == EVP_PKEY_RSA) { + if (name[3] == '3') // 3072 + key_diff = nids_sig[5].length_private_key - buflen; + else // 2048 + key_diff = nids_sig[6].length_private_key - buflen; + } -free_evp_ctx: - EVP_PKEY_CTX_free(evp_ctx->ctx); - evp_ctx->ctx = NULL; + if (nid) { + aux += buflen; + memcpy(concat_key + plen - 1 - aux, buf, buflen); + } -err_init: - return ret; -} + OPENSSL_free(name); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + ASN1_TYPE_free(aType); + } -static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) -{ - int ret = 1; - int idx = 0; - while (idx < OSSL_NELEM(OQSX_ECP_NAMES)) { - if (!strncmp(tls_name, OQSX_ECP_NAMES[idx], 4)) - break; - idx++; + p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); + OPENSSL_clear_free(concat_key, plen); + plen = aux; // update plen to correct size + sk_ASN1_TYPE_free(sk); + } } - ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecp); - evp_ctx->evp_info = &nids_ecp[idx]; - - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); - ON_ERR_GOTO(!evp_ctx->ctx, err_init_ecp); - - ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); - ON_ERR_GOTO(ret <= 0, err_init_ecp); - - ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(evp_ctx->ctx, - evp_ctx->evp_info->nid); - ON_ERR_GOTO(ret <= 0, err_init_ecp); - - ret = EVP_PKEY_paramgen(evp_ctx->ctx, &evp_ctx->keyParam); - ON_ERR_GOTO(ret <= 0 || !evp_ctx->keyParam, err_init_ecp); - -err_init_ecp: - return ret; -} - -static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) -{ - int ret = 1; - int idx = 0; - - while (idx < OSSL_NELEM(OQSX_ECX_NAMES)) { - if (!strncmp(tls_name, OQSX_ECX_NAMES[idx], 4)) - break; - idx++; + oqsx = oqsx_key_op(palg, p, plen + key_diff, KEY_OP_PRIVATE, libctx, propq); + if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { + ASN1_OCTET_STRING_free(oct); + } else { + OPENSSL_clear_free(p, plen); } - ON_ERR_GOTO(idx < 0 || idx > 2, err_init_ecx); - - evp_ctx->evp_info = &nids_ecx[idx]; - - evp_ctx->keyParam = EVP_PKEY_new(); - ON_ERR_SET_GOTO(!evp_ctx->keyParam, ret, -1, err_init_ecx); - - ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); - ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init_ecx); - - evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); - ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init_ecx); - -err_init_ecx: - return ret; + return oqsx; } static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *) From a2348e780730c91a22e86cb6126fecbbe2c6facf Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 23 Feb 2024 09:01:09 +0100 Subject: [PATCH 117/164] guard external testing against algorithm absence (#352) Signed-off-by: Felipe Ventura --- scripts/oqsprovider-externalinterop.sh | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/scripts/oqsprovider-externalinterop.sh b/scripts/oqsprovider-externalinterop.sh index f2af0f32..7a161a4e 100755 --- a/scripts/oqsprovider-externalinterop.sh +++ b/scripts/oqsprovider-externalinterop.sh @@ -26,7 +26,19 @@ else export USE_PROXY="" fi +# Ascertain algorithms are available: + echo " Cloudflare:" -export OQS_CODEPOINT_X25519_KYBER512=65072 -(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 -(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 + +if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber768); then + echo "Skipping unconfigured x25519_kyber768 interop test" +else + export OQS_CODEPOINT_X25519_KYBER512=65072 + (echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 +fi + +if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber512); then + echo "Skipping unconfigured x25519_kyber512 interop test" +else + (echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 +fi From c74da322a7b0de9cb242cf756fd0c1f97b35fe0d Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sat, 24 Feb 2024 07:34:02 +0100 Subject: [PATCH 118/164] first cut adding ML-* (#348) * introducing ML-* algorithms * split KEX testing in 2 and add openssl bug warning to README * clarify utility of KEM OIDs Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 111 ++++--- CONFIGURE.md | 11 +- README.md | 13 +- oqs-template/generate.py | 8 +- oqs-template/generate.yml | 79 ++++- oqs-template/generate_oid_nid_table.py | 16 +- oqs-template/generatehelpers.py | 8 +- oqs-template/oqs-kem-info.md | 184 ++++++------ oqs-template/oqs-sig-info.md | 283 +++++++++--------- oqsprov/oqs_decode_der2key.c | 48 ++- oqsprov/oqs_encode_key2any.c | 206 +++++++++++-- oqsprov/oqs_kmgmt.c | 188 +++++++----- oqsprov/oqs_prov.h | 315 ++++++++++++++++++-- oqsprov/oqsdecoders.inc | 60 ++++ oqsprov/oqsencoders.inc | 181 ++++++++++++ oqsprov/oqsprov.c | 394 +++++++++++++++++-------- oqsprov/oqsprov_capabilities.c | 244 ++++++++++----- oqsprov/oqsprov_keys.c | 24 +- scripts/common.py | 31 +- scripts/release-test-ci.sh | 2 +- scripts/test_tls_full.py | 39 ++- 21 files changed, 1784 insertions(+), 661 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index b036473e..a17aa556 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -38,6 +38,16 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 | | kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 | | p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 | +| mlkem512 | 0x0247 | Yes | OQS_CODEPOINT_MLKEM512 | +| p256_mlkem512 | 0x2F47 | Yes | OQS_CODEPOINT_P256_MLKEM512 | +| x25519_mlkem512 | 0x2FB2 | Yes | OQS_CODEPOINT_X25519_MLKEM512 | +| mlkem768 | 0x0248 | Yes | OQS_CODEPOINT_MLKEM768 | +| p384_mlkem768 | 0x2F48 | Yes | OQS_CODEPOINT_P384_MLKEM768 | +| x448_mlkem768 | 0x2FB3 | Yes | OQS_CODEPOINT_X448_MLKEM768 | +| x25519_mlkem768 | 0x2FB4 | Yes | OQS_CODEPOINT_X25519_MLKEM768 | +| p256_mlkem768 | 0x2FB5 | Yes | OQS_CODEPOINT_P256_MLKEM768 | +| mlkem1024 | 0x0249 | Yes | OQS_CODEPOINT_MLKEM1024 | +| p521_mlkem1024 | 0x2F49 | Yes | OQS_CODEPOINT_P521_MLKEM1024 | | bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 | | p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 | | x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 | @@ -61,6 +71,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3 | dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5 | p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5 +| mldsa44 | 0xfed0 |Yes| OQS_CODEPOINT_MLDSA44 +| p256_mldsa44 | 0xfed3 |Yes| OQS_CODEPOINT_P256_MLDSA44 +| rsa3072_mldsa44 | 0xfed4 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44 +| mldsa65 | 0xfed1 |Yes| OQS_CODEPOINT_MLDSA65 +| p384_mldsa65 | 0xfed5 |Yes| OQS_CODEPOINT_P384_MLDSA65 +| mldsa87 | 0xfed2 |Yes| OQS_CODEPOINT_MLDSA87 +| p521_mldsa87 | 0xfed6 |Yes| OQS_CODEPOINT_P521_MLDSA87 | falcon512 | 0xfeae |Yes| OQS_CODEPOINT_FALCON512 | p256_falcon512 | 0xfeaf |Yes| OQS_CODEPOINT_P256_FALCON512 | rsa3072_falcon512 | 0xfeb0 |Yes| OQS_CODEPOINT_RSA3072_FALCON512 @@ -136,9 +153,13 @@ adapting the OIDs of all supported signature algorithms as per the table below. | dilithium3_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_DILITHIUM3_ed25519 | dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5 | p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5 -| dilithium5_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_DILITHIUM5_p384 -| dilithium5_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_DILITHIUM5_bp384 -| dilithium5_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_DILITHIUM5_ed448 +| mldsa44 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_MLDSA44 +| p256_mldsa44 | 1.3.9999.7.1 |Yes| OQS_OID_P256_MLDSA44 +| rsa3072_mldsa44 | 1.3.9999.7.2 |Yes| OQS_OID_RSA3072_MLDSA44 +| mldsa65 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_MLDSA65 +| p384_mldsa65 | 1.3.9999.7.3 |Yes| OQS_OID_P384_MLDSA65 +| mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87 +| p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87 | falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512 | p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512 | rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512 @@ -180,48 +201,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.50 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.49 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.38 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.52 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.51 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.39 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.54 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.53 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.40 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.56 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.55 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.41 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.58 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.57 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.60 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.59 | OQS_OID_P521_FRODO1344SHAKE +| frodo640aes | 1.3.9999.99.58 | OQS_OID_FRODO640AES +| p256_frodo640aes | 1.3.9999.99.57 | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | 1.3.9999.99.43 | OQS_OID_X25519_FRODO640AES +| frodo640shake | 1.3.9999.99.60 | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | 1.3.9999.99.59 | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | 1.3.9999.99.44 | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | 1.3.9999.99.62 | OQS_OID_FRODO976AES +| p384_frodo976aes | 1.3.9999.99.61 | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | 1.3.9999.99.45 | OQS_OID_X448_FRODO976AES +| frodo976shake | 1.3.9999.99.64 | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | 1.3.9999.99.63 | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | 1.3.9999.99.46 | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | 1.3.9999.99.66 | OQS_OID_FRODO1344AES +| p521_frodo1344aes | 1.3.9999.99.65 | OQS_OID_P521_FRODO1344AES +| frodo1344shake | 1.3.9999.99.68 | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | 1.3.9999.99.67 | OQS_OID_P521_FRODO1344SHAKE | kyber512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_KYBER512 | p256_kyber512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_KYBER512 | x25519_kyber512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_KYBER512 | kyber768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.61 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.42 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.43 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.44 | OQS_OID_P256_KYBER768 +| p384_kyber768 | 1.3.9999.99.69 | OQS_OID_P384_KYBER768 +| x448_kyber768 | 1.3.9999.99.47 | OQS_OID_X448_KYBER768 +| x25519_kyber768 | 1.3.9999.99.48 | OQS_OID_X25519_KYBER768 +| p256_kyber768 | 1.3.9999.99.49 | OQS_OID_P256_KYBER768 | kyber1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.62 | OQS_OID_P521_KYBER1024 -| bikel1 | 1.3.9999.99.64 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.63 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.45 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.66 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.65 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.46 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.68 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.67 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.70 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.69 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.47 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.72 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.71 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.48 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.74 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.73 | OQS_OID_P521_HQC256 +| p521_kyber1024 | 1.3.9999.99.70 | OQS_OID_P521_KYBER1024 +| mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512 +| p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 +| x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 +| mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768 +| p384_mlkem768 | 1.3.9999.99.71 | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | 1.3.9999.99.50 | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | 1.3.9999.99.51 | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | 1.3.9999.99.52 | OQS_OID_P256_MLKEM768 +| mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 +| p521_mlkem1024 | 1.3.9999.99.72 | OQS_OID_P521_MLKEM1024 +| bikel1 | 1.3.9999.99.74 | OQS_OID_BIKEL1 +| p256_bikel1 | 1.3.9999.99.73 | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | 1.3.9999.99.53 | OQS_OID_X25519_BIKEL1 +| bikel3 | 1.3.9999.99.76 | OQS_OID_BIKEL3 +| p384_bikel3 | 1.3.9999.99.75 | OQS_OID_P384_BIKEL3 +| x448_bikel3 | 1.3.9999.99.54 | OQS_OID_X448_BIKEL3 +| bikel5 | 1.3.9999.99.78 | OQS_OID_BIKEL5 +| p521_bikel5 | 1.3.9999.99.77 | OQS_OID_P521_BIKEL5 +| hqc128 | 1.3.9999.99.80 | OQS_OID_HQC128 +| p256_hqc128 | 1.3.9999.99.79 | OQS_OID_P256_HQC128 +| x25519_hqc128 | 1.3.9999.99.55 | OQS_OID_X25519_HQC128 +| hqc192 | 1.3.9999.99.82 | OQS_OID_HQC192 +| p384_hqc192 | 1.3.9999.99.81 | OQS_OID_P384_HQC192 +| x448_hqc192 | 1.3.9999.99.56 | OQS_OID_X448_HQC192 +| hqc256 | 1.3.9999.99.84 | OQS_OID_HQC256 +| p521_hqc256 | 1.3.9999.99.83 | OQS_OID_P521_HQC256 # Key Encodings diff --git a/CONFIGURE.md b/CONFIGURE.md index dff28861..626513d3 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -54,10 +54,13 @@ The default value is `OFF`. ### OQS_KEM_ENCODERS -By setting this to "ON", `oqsprovider` is configured to provide encoders and decoders for -KEM algorithms both for public and private key file formats. This increases the size of -the provider but enables further use cases. -The default value is `OFF`. +By setting this to "ON", `oqsprovider` is configured to provide encoders +and decoders for KEM algorithms both for public and private key file formats. +This increases the size of the provider but enables further use cases. +The underlying OIDs are chosen at random and should not be relied on for +future use. For purposes of interoperability testing the chosen OIDs can +always --at runtime-- be set by [environment variables](https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md#oids) to arbitrary values +The default value therefore is `OFF`. ### OQS_PROVIDER_BUILD_STATIC diff --git a/README.md b/README.md index 534efc9c..106a7989 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,13 @@ This implementation makes available the following quantum safe algorithms: - **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p384_kyber768`, `x448_kyber768`, `x25519_kyber768`, `p256_kyber768`, `kyber1024`, `p521_kyber1024` - **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `x448_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `x448_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake` - **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `x448_hqc192`, `hqc256`, `p521_hqc256`† +- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024` ### Signature algorithms -- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium2_pss2048`\*, `dilithium2_rsa2048`\*, `dilithium2_ed25519`\*, `dilithium2_p256`\*, `dilithium2_bp256`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium3_pss3072`\*, `dilithium3_rsa3072`\*, `dilithium3_p256`\*, `dilithium3_bp256`\*, `dilithium3_ed25519`\*, `dilithium5`\*, `p521_dilithium5`\*, `dilithium5_p384`\*, `dilithium5_bp384`\*, `dilithium5_ed448`\* -- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon512_p256`\*, `falcon512_bp256`\*, `falcon512_ed25519`\*, `falcon1024`\*, `p521_falcon1024`\* +- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* +- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\* +- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` @@ -144,6 +146,13 @@ as documented in https://github.com/openssl/openssl/issues/22761. When https://github.com/openssl/openssl/pull/22779 land, the last config-time limitation for provider-based signatures should be gone. +A limitation present in all OpenSSL versions is the number of default groups +supported: [At most 44 default groups may be specified](https://github.com/openssl/openssl/issues/23624) +, e.g., passing to [SSL_CTX_set1_groups](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html). +Therefore caution is advised activating all KEMs supported by `oqsprovider`: +This may lead to `openssl` crashing. + + For [general OpenSSL implementation limitations, e.g., regarding provider feature usage and support, see here](https://wiki.openssl.org/index.php/OpenSSL_3.0#STATUS_of_current_development). diff --git a/oqs-template/generate.py b/oqs-template/generate.py index 03271e8f..5888df72 100644 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -38,7 +38,7 @@ def get_kem_nistlevel(alg): if alg['family'] == 'CRYSTALS-Kyber': datasheetname = 'kyber' elif alg['family'] == 'SIDH': datasheetname = 'sike' elif alg['family'] == 'NTRU-Prime': datasheetname = 'ntruprime' - else: datasheetname = alg['family'].lower() + else: datasheetname = alg['family'].lower().replace('-', '_') # load datasheet algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'kem', '{:s}.yml'.format(datasheetname)) algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8')) @@ -53,7 +53,7 @@ def simplify(s): return False # find the variant that matches for variant in algyml['parameter-sets']: - if matches(variant['name'], alg): + if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)): return variant['claimed-nist-level'] return None @@ -66,7 +66,7 @@ def get_sig_nistlevel(family, alg): elif family['family'] == 'SPHINCS-Haraka': datasheetname = 'sphincs' elif family['family'] == 'SPHINCS-SHA2': datasheetname = 'sphincs' elif family['family'] == 'SPHINCS-SHAKE': datasheetname = 'sphincs' - else: datasheetname = family['family'].lower() + else: datasheetname = family['family'].lower().replace('-', '_') # load datasheet algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'sig', '{:s}.yml'.format(datasheetname)) algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8')) @@ -78,7 +78,7 @@ def simplify(s): return False # find the variant that matches for variant in algyml['parameter-sets']: - if matches(variant['name'], alg): + if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)): return variant['claimed-nist-level'] return None diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 78782bdb..74112ded 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -1,5 +1,5 @@ # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs -# Next free plain KEM ID: 0x0247, p-hybrid: 0x2F47, X-hybrid: 0x2FB2 +# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4A, X-hybrid: 0x2FB6 kems: - family: 'FrodoKEM' @@ -145,6 +145,41 @@ kems: hybrid_group: secp521_r1 nid: '0x2F11' oqs_alg: 'OQS_KEM_alg_kyber_1024' + - + family: 'ML-KEM' + name_group: 'mlkem512' + nid: '0x0247' + oid: '1.3.6.1.4.1.22554.5.6.1' + nid_hybrid: '0x2F47' + hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' + oqs_alg: 'OQS_KEM_alg_ml_kem_512' + extra_nids: + current: + - hybrid_group: "x25519" + hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' + nid: '0x2FB2' + - + family: 'ML-KEM' + name_group: 'mlkem768' + nid: '0x0248' + oid: '1.3.6.1.4.1.22554.5.6.2' + nid_hybrid: '0x2F48' + oqs_alg: 'OQS_KEM_alg_ml_kem_768' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FB3' + - hybrid_group: "x25519" + nid: '0x2FB4' + - hybrid_group: "p256" + nid: '0x2FB5' + - + family: 'ML-KEM' + name_group: 'mlkem1024' + nid: '0x0249' + oid: '1.3.6.1.4.1.22554.5.6.3' + nid_hybrid: '0x2F49' + oqs_alg: 'OQS_KEM_alg_ml_kem_1024' - family: 'BIKE' name_group: 'bike1l1fo' @@ -358,7 +393,7 @@ kem_nid_end: '0x0250' kem_nid_hybrid_end: '0x2FFF' # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values -# Next free signature ID: 0xfed0 +# Next free signature ID: 0xfed7 sigs: # - # iso (1) @@ -557,6 +592,46 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.2.11.4', 'code_point': '0xfead'}] + - + family: 'ML-DSA' + variants: + - + name: 'mldsa44' + pretty_name: 'ML-DSA-44' + oqs_meth: 'OQS_SIG_alg_ml_dsa_44' + oid: '1.3.6.1.4.1.2.267.12.4.4' + code_point: '0xfed0' + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.7.1', + 'code_point': '0xfed3'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.7.2', + 'code_point': '0xfed4'}] + - + name: 'mldsa65' + pretty_name: 'ML-DSA-65' + oqs_meth: 'OQS_SIG_alg_ml_dsa_65' + oid: '1.3.6.1.4.1.2.267.12.6.5' + code_point: '0xfed1' + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.7.3', + 'code_point': '0xfed5'}] + - + name: 'mldsa87' + pretty_name: 'ML-DSA-87' + oqs_meth: 'OQS_SIG_alg_ml_dsa_87' + oid: '1.3.6.1.4.1.2.267.12.8.7' + code_point: '0xfed2' + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.7.4', + 'code_point': '0xfed6'}] - # iso (1) # identified-organization (3) diff --git a/oqs-template/generate_oid_nid_table.py b/oqs-template/generate_oid_nid_table.py index 24a0ac24..71fa98a5 100644 --- a/oqs-template/generate_oid_nid_table.py +++ b/oqs-template/generate_oid_nid_table.py @@ -47,7 +47,7 @@ def gen_sig_table(oqslibdocdir): for hybrid in variant['mix_with']: table.append([variant['name'] + ' **hybrid with** ' + hybrid['name'], liboqs_sigs[sig['family']]['spec-version'], - liboqs_sigs[sig['family']]['nist-round'], + str(liboqs_sigs[sig['family']]['nist-round']), claimed_nist_level, hybrid['code_point'], hybrid['oid']]) @@ -58,12 +58,12 @@ def gen_sig_table(oqslibdocdir): if 'extra_nids' in variant: for i in range(len(variant['extra_nids']['old'])): table.append([variant['name'], variant['extra_nids']['old'][i]['implementation_version'], - variant['extra_nids']['old'][i]['nist-round'], claimed_nist_level, variant['extra_nids']['old'][i]['code_point'], + str(variant['extra_nids']['old'][i]['nist-round']), claimed_nist_level, variant['extra_nids']['old'][i]['code_point'], variant['extra_nids']['old'][i]['oid']]) for hybrid in variant['extra_nids']['old'][i]['mix_with']: table.append([variant['name'] + ' **hybrid with** ' + hybrid['name'], variant['extra_nids']['old'][i]['implementation_version'], - variant['extra_nids']['old'][i]['nist-round'], + str(variant['extra_nids']['old'][i]['nist-round']), claimed_nist_level, hybrid['code_point'], hybrid['oid']]) @@ -114,10 +114,10 @@ def gen_kem_table(oqslibdocdir): try: table.append([kem['family'], implementation_version, - kem['name_group'], liboqs_kems[kem['family']]['nist-round'], claimed_nist_level, + kem['name_group'], str(liboqs_kems[kem['family']]['nist-round']), claimed_nist_level, kem['nid'], ""]) table.append([kem['family'], implementation_version, - kem['name_group'], liboqs_kems[kem['family']]['nist-round'], claimed_nist_level, + kem['name_group'], str(liboqs_kems[kem['family']]['nist-round']), claimed_nist_level, kem['nid_hybrid'], hybrid_elliptic_curve]) except KeyError as ke: # Non-existant NIDs mean this alg is not supported any more @@ -127,18 +127,18 @@ def gen_kem_table(oqslibdocdir): if 'current' in kem['extra_nids']: # assume "current" NIDs to mean liboqs-driven NIST round information: for entry in kem['extra_nids']['current']: table.append([kem['family'], implementation_version, - kem['name_group'], liboqs_kems[kem['family']]['nist-round'], claimed_nist_level, + kem['name_group'], str(liboqs_kems[kem['family']]['nist-round']), claimed_nist_level, entry['nid'], entry['hybrid_group'] if 'hybrid_group' in entry else ""]) if 'old' in kem['extra_nids']: for entry in kem['extra_nids']['old']: table.append([kem['family'], entry['implementation_version'], - kem['name_group'], entry['nist-round'], claimed_nist_level, + kem['name_group'], str(entry['nist-round']), claimed_nist_level, entry['nid'], entry['hybrid_group'] if 'hybrid_group' in entry else ""]) # sort by: family, version, security level, variant, hybrid - table.sort(key = lambda row: "{:s}|{:s}|{:d}|{:s}|{:s}".format(row[0], row[1], row[3], row[2], row[5])) + table.sort(key = lambda row: "{:s}|{:s}|{:s}|{:s}|{:s}".format(row[0], row[1], row[3], row[2], row[5])) table = [table_header] + table diff --git a/oqs-template/generatehelpers.py b/oqs-template/generatehelpers.py index 8da3eff0..689d37af 100644 --- a/oqs-template/generatehelpers.py +++ b/oqs-template/generatehelpers.py @@ -24,7 +24,7 @@ def get_kem_nistlevel(alg, docsdir): if alg['family'] == 'CRYSTALS-Kyber': datasheetname = 'kyber' elif alg['family'] == 'SIDH': datasheetname = 'sike' elif alg['family'] == 'NTRU-Prime': datasheetname = 'ntruprime' - else: datasheetname = alg['family'].lower() + else: datasheetname = alg['family'].lower().replace('-', '_') # load datasheet try: algymlfilename = os.path.join(docsdir, 'algorithms', 'kem', '{:s}.yml'.format(datasheetname)) @@ -44,7 +44,7 @@ def simplify(s): return False # find the variant that matches for variant in algyml['parameter-sets']: - if matches(variant['name'], alg): + if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)): return variant['claimed-nist-level'] # Information file for algorithms no longer supported by liboqs: oldalgs = yaml.safe_load(file_get_contents(os.path.join("oqs-template", "oldalgs.yml"), encoding='utf-8')) @@ -61,7 +61,7 @@ def get_sig_nistlevel(family, alg, docsdir): elif family['family'] == 'SPHINCS-SHAKE256': datasheetname = 'sphincs' elif family['family'] == 'SPHINCS-SHA2': datasheetname = 'sphincs' elif family['family'] == 'SPHINCS-SHAKE': datasheetname = 'sphincs' - else: datasheetname = family['family'].lower() + else: datasheetname = family['family'].lower().replace('-', '_') # load datasheet algymlfilename = os.path.join(docsdir, 'algorithms', 'sig', '{:s}.yml'.format(datasheetname)) algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8')) @@ -73,7 +73,7 @@ def simplify(s): return False # find the variant that matches for variant in algyml['parameter-sets']: - if matches(variant['name'], alg): + if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)): return variant['claimed-nist-level'] # Information file for algorithms no longer supported by liboqs: oldalgs = yaml.safe_load(file_get_contents(os.path.join("oqs-template", "oldalgs.yml"), encoding='utf-8')) diff --git a/oqs-template/oqs-kem-info.md b/oqs-template/oqs-kem-info.md index d85fca20..66ba2326 100644 --- a/oqs-template/oqs-kem-info.md +++ b/oqs-template/oqs-kem-info.md @@ -1,87 +1,97 @@ -| Family | Implementation Version | Variant | NIST round | Claimed NIST Level | Code Point | Hybrid Elliptic Curve (if any) | -|:---------------|:-------------------------|:---------------|-------------:|---------------------:|:-------------|:---------------------------------| -| BIKE | 5.1 | bikel1 | 4 | 1 | 0x0241 | | -| BIKE | 5.1 | bikel1 | 4 | 1 | 0x2F41 | secp256_r1 | -| BIKE | 5.1 | bikel1 | 4 | 1 | 0x2FAE | x25519 | -| BIKE | 5.1 | bikel3 | 4 | 3 | 0x0242 | | -| BIKE | 5.1 | bikel3 | 4 | 3 | 0x2F42 | secp384_r1 | -| BIKE | 5.1 | bikel3 | 4 | 3 | 0x2FAF | x448 | -| BIKE | 5.1 | bikel5 | 4 | 5 | 0x0243 | | -| BIKE | 5.1 | bikel5 | 4 | 5 | 0x2F43 | secp521_r1 | -| BIKE | NIST Round 2 submission | bike1l1cpa | 2 | 1 | 0x0206 | | -| BIKE | NIST Round 2 submission | bike1l1cpa | 2 | 1 | 0x2F06 | secp256_r1 | -| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x0223 | | -| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x2F23 | secp256_r1 | -| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x2F28 | x25519 | -| BIKE | NIST Round 2 submission | bike1l3cpa | 2 | 3 | 0x0207 | | -| BIKE | NIST Round 2 submission | bike1l3cpa | 2 | 3 | 0x2F07 | secp384_r1 | -| BIKE | NIST Round 2 submission | bike1l3fo | 2 | 3 | 0x0224 | | -| BIKE | NIST Round 2 submission | bike1l3fo | 2 | 3 | 0x2F24 | secp384_r1 | -| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x0238 | | -| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x2F37 | x25519 | -| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x2F38 | secp256_r1 | -| BIKE | NIST Round 3 submission | bikel3 | 3 | 3 | 0x023B | | -| BIKE | NIST Round 3 submission | bikel3 | 3 | 3 | 0x2F3B | secp384_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber1024 | 2 | 5 | 0x0211 | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber1024 | 2 | 5 | 0x2F11 | secp521_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x020F | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x2F0F | secp256_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x2F26 | x25519 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber768 | 2 | 3 | 0x0210 | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber768 | 2 | 3 | 0x2F10 | secp384_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s1024 | 2 | 5 | 0x022B | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s1024 | 2 | 5 | 0x2F2B | secp521_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s512 | 2 | 1 | 0x0229 | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s512 | 2 | 1 | 0x2F29 | secp256_r1 | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s768 | 2 | 3 | 0x022A | | -| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s768 | 2 | 3 | 0x2F2A | secp384_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber1024 | 3 | 5 | 0x023D | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber1024 | 3 | 5 | 0x2F3D | secp521_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x023A | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x2F39 | x25519 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x2F3A | secp256_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x023C | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x2F3C | secp384_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x2F90 | x448 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x6399 | x25519 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x639A | p256 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s1024 | 3 | 5 | 0x0240 | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s1024 | 3 | 5 | 0x2F40 | secp521_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x023E | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x2F3E | secp256_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x2FA9 | x25519 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x023F | | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x2F3F | secp384_r1 | -| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x2FAA | x448 | -| FrodoKEM | NIST Round 3 submission | frodo1344aes | 3 | 5 | 0x0204 | | -| FrodoKEM | NIST Round 3 submission | frodo1344aes | 3 | 5 | 0x2F04 | secp521_r1 | -| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x0205 | | -| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x2F05 | secp521_r1 | -| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x0200 | | -| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F00 | secp256_r1 | -| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F80 | x25519 | -| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x0201 | | -| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F01 | secp256_r1 | -| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F81 | x25519 | -| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x0202 | | -| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F02 | secp384_r1 | -| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F82 | x448 | -| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x0203 | | -| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F03 | secp384_r1 | -| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F83 | x448 | -| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x022C | | -| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x2F2C | secp256_r1 | -| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x2FAC | x25519 | -| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x022D | | -| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x2F2D | secp384_r1 | -| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x2FAD | x448 | -| HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x022E | | -| HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x2F2E | secp521_r1 | -| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x0244 | | -| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2F44 | secp256_r1 | -| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2FB0 | x25519 | -| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x0245 | | -| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2F45 | secp384_r1 | -| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2FB1 | x448 | -| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x0246 | | -| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 | +| Family | Implementation Version | Variant | NIST round | Claimed NIST Level | Code Point | Hybrid Elliptic Curve (if any) | +|:---------------|:-------------------------|:---------------|:-------------|---------------------:|:-------------|:---------------------------------| +| BIKE | 5.1 | bikel1 | 4 | 1 | 0x0241 | | +| BIKE | 5.1 | bikel1 | 4 | 1 | 0x2F41 | secp256_r1 | +| BIKE | 5.1 | bikel1 | 4 | 1 | 0x2FAE | x25519 | +| BIKE | 5.1 | bikel3 | 4 | 3 | 0x0242 | | +| BIKE | 5.1 | bikel3 | 4 | 3 | 0x2F42 | secp384_r1 | +| BIKE | 5.1 | bikel3 | 4 | 3 | 0x2FAF | x448 | +| BIKE | 5.1 | bikel5 | 4 | 5 | 0x0243 | | +| BIKE | 5.1 | bikel5 | 4 | 5 | 0x2F43 | secp521_r1 | +| BIKE | NIST Round 2 submission | bike1l1cpa | 2 | 1 | 0x0206 | | +| BIKE | NIST Round 2 submission | bike1l1cpa | 2 | 1 | 0x2F06 | secp256_r1 | +| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x0223 | | +| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x2F23 | secp256_r1 | +| BIKE | NIST Round 2 submission | bike1l1fo | 2 | 1 | 0x2F28 | x25519 | +| BIKE | NIST Round 2 submission | bike1l3cpa | 2 | 3 | 0x0207 | | +| BIKE | NIST Round 2 submission | bike1l3cpa | 2 | 3 | 0x2F07 | secp384_r1 | +| BIKE | NIST Round 2 submission | bike1l3fo | 2 | 3 | 0x0224 | | +| BIKE | NIST Round 2 submission | bike1l3fo | 2 | 3 | 0x2F24 | secp384_r1 | +| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x0238 | | +| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x2F37 | x25519 | +| BIKE | NIST Round 3 submission | bikel1 | 3 | 1 | 0x2F38 | secp256_r1 | +| BIKE | NIST Round 3 submission | bikel3 | 3 | 3 | 0x023B | | +| BIKE | NIST Round 3 submission | bikel3 | 3 | 3 | 0x2F3B | secp384_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber1024 | 2 | 5 | 0x0211 | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber1024 | 2 | 5 | 0x2F11 | secp521_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x020F | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x2F0F | secp256_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber512 | 2 | 1 | 0x2F26 | x25519 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber768 | 2 | 3 | 0x0210 | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber768 | 2 | 3 | 0x2F10 | secp384_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s1024 | 2 | 5 | 0x022B | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s1024 | 2 | 5 | 0x2F2B | secp521_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s512 | 2 | 1 | 0x0229 | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s512 | 2 | 1 | 0x2F29 | secp256_r1 | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s768 | 2 | 3 | 0x022A | | +| CRYSTALS-Kyber | NIST Round 2 submission | kyber90s768 | 2 | 3 | 0x2F2A | secp384_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber1024 | 3 | 5 | 0x023D | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber1024 | 3 | 5 | 0x2F3D | secp521_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x023A | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x2F39 | x25519 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber512 | 3 | 1 | 0x2F3A | secp256_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x023C | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x2F3C | secp384_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x2F90 | x448 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x6399 | x25519 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber768 | 3 | 3 | 0x639A | p256 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s1024 | 3 | 5 | 0x0240 | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s1024 | 3 | 5 | 0x2F40 | secp521_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x023E | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x2F3E | secp256_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s512 | 3 | 1 | 0x2FA9 | x25519 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x023F | | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x2F3F | secp384_r1 | +| CRYSTALS-Kyber | NIST Round 3 submission | kyber90s768 | 3 | 3 | 0x2FAA | x448 | +| FrodoKEM | NIST Round 3 submission | frodo1344aes | 3 | 5 | 0x0204 | | +| FrodoKEM | NIST Round 3 submission | frodo1344aes | 3 | 5 | 0x2F04 | secp521_r1 | +| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x0205 | | +| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x2F05 | secp521_r1 | +| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x0200 | | +| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F00 | secp256_r1 | +| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F80 | x25519 | +| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x0201 | | +| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F01 | secp256_r1 | +| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F81 | x25519 | +| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x0202 | | +| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F02 | secp384_r1 | +| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F82 | x448 | +| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x0203 | | +| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F03 | secp384_r1 | +| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F83 | x448 | +| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x022C | | +| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x2F2C | secp256_r1 | +| HQC | NIST Round 3 submission | hqc128 | 3 | 1 | 0x2FAC | x25519 | +| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x022D | | +| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x2F2D | secp384_r1 | +| HQC | NIST Round 3 submission | hqc192 | 3 | 3 | 0x2FAD | x448 | +| HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x022E | | +| HQC | NIST Round 3 submission | hqc256 | 3 | 5 | 0x2F2E | secp521_r1 | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x0244 | | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2F44 | secp256_r1 | +| HQC | 2023-04-30 | hqc128 | 4 | 1 | 0x2FB0 | x25519 | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x0245 | | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2F45 | secp384_r1 | +| HQC | 2023-04-30 | hqc192 | 4 | 3 | 0x2FB1 | x448 | +| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x0246 | | +| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 | +| ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x0249 | | +| ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x2F49 | secp521_r1 | +| ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x0247 | | +| ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2F47 | secp256_r1 | +| ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2FB2 | x25519 | +| ML-KEM | ML-KEM-ipd | mlkem768 | ipd | 3 | 0x0248 | | +| ML-KEM | ML-KEM-ipd | mlkem768 | ipd | 3 | 0x2F48 | secp384_r1 | +| ML-KEM | ML-KEM-ipd | mlkem768 | ipd | 3 | 0x2FB3 | x448 | +| ML-KEM | ML-KEM-ipd | mlkem768 | ipd | 3 | 0x2FB4 | x25519 | +| ML-KEM | ML-KEM-ipd | mlkem768 | ipd | 3 | 0x2FB5 | p256 | diff --git a/oqs-template/oqs-sig-info.md b/oqs-template/oqs-sig-info.md index 9f084982..15607003 100644 --- a/oqs-template/oqs-sig-info.md +++ b/oqs-template/oqs-sig-info.md @@ -1,138 +1,145 @@ -| Algorithm | Implementation Version | NIST round | Claimed NIST Level | Code Point | OID | -|:--------------------------------------------------|:----------------------------------------------|-------------:|---------------------:|:-------------|:-------------------------| -| dilithium2 | 3.1 | 3 | 2 | 0xfea0 | 1.3.6.1.4.1.2.267.7.4.4 | -| dilithium2 **hybrid with** p256 | 3.1 | 3 | 2 | 0xfea1 | 1.3.9999.2.7.1 | -| dilithium2 **hybrid with** rsa3072 | 3.1 | 3 | 2 | 0xfea2 | 1.3.9999.2.7.2 | -| dilithium3 | 3.1 | 3 | 3 | 0xfea3 | 1.3.6.1.4.1.2.267.7.6.5 | -| dilithium3 **hybrid with** p384 | 3.1 | 3 | 3 | 0xfea4 | 1.3.9999.2.7.3 | -| dilithium5 | 3.1 | 3 | 5 | 0xfea5 | 1.3.6.1.4.1.2.267.7.8.7 | -| dilithium5 **hybrid with** p521 | 3.1 | 3 | 5 | 0xfea6 | 1.3.9999.2.7.4 | -| dilithium2_aes | NIST Round 3 submission | 3 | 2 | 0xfea7 | 1.3.6.1.4.1.2.267.11.4.4 | -| dilithium2_aes **hybrid with** p256 | NIST Round 3 submission | 3 | 2 | 0xfea8 | 1.3.9999.2.11.1 | -| dilithium2_aes **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 2 | 0xfea9 | 1.3.9999.2.11.2 | -| dilithium3_aes | NIST Round 3 submission | 3 | 3 | 0xfeaa | 1.3.6.1.4.1.2.267.11.6.5 | -| dilithium3_aes **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfeab | 1.3.9999.2.11.3 | -| dilithium5_aes | NIST Round 3 submission | 3 | 5 | 0xfeac | 1.3.6.1.4.1.2.267.11.8.7 | -| dilithium5_aes **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfead | 1.3.9999.2.11.4 | -| falcon512 | 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | -| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | -| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | -| falcon512 | NIST Round 3 submission | 3 | 1 | 0xfe0b | 1.3.9999.3.1 | -| falcon512 **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe0c | 1.3.9999.3.2 | -| falcon512 **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe0d | 1.3.9999.3.3 | -| falcon1024 | 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | -| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | -| falcon1024 | NIST Round 3 submission | 3 | 5 | 0xfe0e | 1.3.9999.3.4 | -| falcon1024 **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe0f | 1.3.9999.3.5 | -| sphincsharaka128frobust | NIST Round 3 submission | 3 | 1 | 0xfe42 | 1.3.9999.6.1.1 | -| sphincsharaka128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe43 | 1.3.9999.6.1.2 | -| sphincsharaka128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe44 | 1.3.9999.6.1.3 | -| sphincsharaka128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe45 | 1.3.9999.6.1.4 | -| sphincsharaka128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe46 | 1.3.9999.6.1.5 | -| sphincsharaka128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe47 | 1.3.9999.6.1.6 | -| sphincsharaka128srobust | NIST Round 3 submission | 3 | 1 | 0xfe48 | 1.3.9999.6.1.7 | -| sphincsharaka128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe49 | 1.3.9999.6.1.8 | -| sphincsharaka128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4a | 1.3.9999.6.1.9 | -| sphincsharaka128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe4b | 1.3.9999.6.1.10 | -| sphincsharaka128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe4c | 1.3.9999.6.1.11 | -| sphincsharaka128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4d | 1.3.9999.6.1.12 | -| sphincsharaka192frobust | NIST Round 3 submission | 3 | 3 | 0xfe4e | 1.3.9999.6.2.1 | -| sphincsharaka192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe4f | 1.3.9999.6.2.2 | -| sphincsharaka192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe50 | 1.3.9999.6.2.3 | -| sphincsharaka192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe51 | 1.3.9999.6.2.4 | -| sphincsharaka192srobust | NIST Round 3 submission | 3 | 3 | 0xfe52 | 1.3.9999.6.2.5 | -| sphincsharaka192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe53 | 1.3.9999.6.2.6 | -| sphincsharaka192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe54 | 1.3.9999.6.2.7 | -| sphincsharaka192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe55 | 1.3.9999.6.2.8 | -| sphincsharaka256frobust | NIST Round 3 submission | 3 | 3 | 0xfe56 | 1.3.9999.6.3.1 | -| sphincsharaka256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 3 | 0xfe57 | 1.3.9999.6.3.2 | -| sphincsharaka256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe58 | 1.3.9999.6.3.3 | -| sphincsharaka256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe59 | 1.3.9999.6.3.4 | -| sphincsharaka256srobust | NIST Round 3 submission | 3 | 5 | 0xfe5a | 1.3.9999.6.3.5 | -| sphincsharaka256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5b | 1.3.9999.6.3.6 | -| sphincsharaka256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe5c | 1.3.9999.6.3.7 | -| sphincsharaka256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5d | 1.3.9999.6.3.8 | -| sphincssha26128frobust | NIST Round 3 submission | 3 | 5 | 0xfe5e | 1.3.9999.6.4.1 | -| sphincssha26128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe5f | 1.3.9999.6.4.2 | -| sphincssha26128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe60 | 1.3.9999.6.4.3 | -| sphincssha2128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb3 | 1.3.9999.6.4.13 | -| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb4 | 1.3.9999.6.4.14 | -| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb5 | 1.3.9999.6.4.15 | -| sphincssha2128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe61 | 1.3.9999.6.4.4 | -| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe62 | 1.3.9999.6.4.5 | -| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe63 | 1.3.9999.6.4.6 | -| sphincssha256128srobust | NIST Round 3 submission | 3 | 5 | 0xfe64 | 1.3.9999.6.4.7 | -| sphincssha256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe65 | 1.3.9999.6.4.8 | -| sphincssha256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe66 | 1.3.9999.6.4.9 | -| sphincssha2128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb6 | 1.3.9999.6.4.16 | -| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb7 | 1.3.9999.6.4.17 | -| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb8 | 1.3.9999.6.4.18 | -| sphincssha2128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe67 | 1.3.9999.6.4.10 | -| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe68 | 1.3.9999.6.4.11 | -| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe69 | 1.3.9999.6.4.12 | -| sphincssha256192frobust | NIST Round 3 submission | 3 | 5 | 0xfe6a | 1.3.9999.6.5.1 | -| sphincssha256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6b | 1.3.9999.6.5.2 | -| sphincssha2192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeb9 | 1.3.9999.6.5.10 | -| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeba | 1.3.9999.6.5.11 | -| sphincssha2192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe6c | 1.3.9999.6.5.3 | -| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe6d | 1.3.9999.6.5.4 | -| sphincssha256192srobust | NIST Round 3 submission | 3 | 5 | 0xfe6e | 1.3.9999.6.5.5 | -| sphincssha256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6f | 1.3.9999.6.5.6 | -| sphincssha2192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebb | 1.3.9999.6.5.12 | -| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebc | 1.3.9999.6.5.13 | -| sphincssha2192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe70 | 1.3.9999.6.5.7 | -| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe71 | 1.3.9999.6.5.8 | -| sphincssha256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe72 | 1.3.9999.6.6.1 | -| sphincssha256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe73 | 1.3.9999.6.6.2 | -| sphincssha2256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebd | 1.3.9999.6.6.10 | -| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebe | 1.3.9999.6.6.11 | -| sphincssha2256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe74 | 1.3.9999.6.6.3 | -| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe75 | 1.3.9999.6.6.4 | -| sphincssha256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe76 | 1.3.9999.6.6.5 | -| sphincssha256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe77 | 1.3.9999.6.6.6 | -| sphincssha2256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec0 | 1.3.9999.6.6.12 | -| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec1 | 1.3.9999.6.6.13 | -| sphincssha2256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe78 | 1.3.9999.6.6.7 | -| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe79 | 1.3.9999.6.6.8 | -| sphincsshake256128frobust | NIST Round 3 submission | 3 | 1 | 0xfe7a | 1.3.9999.6.7.1 | -| sphincsshake256128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7b | 1.3.9999.6.7.2 | -| sphincsshake256128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7c | 1.3.9999.6.7.3 | -| sphincsshake128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec2 | 1.3.9999.6.7.13 | -| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec3 | 1.3.9999.6.7.14 | -| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec4 | 1.3.9999.6.7.15 | -| sphincsshake128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe7d | 1.3.9999.6.7.4 | -| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7e | 1.3.9999.6.7.5 | -| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7f | 1.3.9999.6.7.6 | -| sphincsshake256128srobust | NIST Round 3 submission | 3 | 1 | 0xfe80 | 1.3.9999.6.7.7 | -| sphincsshake256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe81 | 1.3.9999.6.7.8 | -| sphincsshake256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe82 | 1.3.9999.6.7.9 | -| sphincsshake128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec5 | 1.3.9999.6.7.16 | -| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec6 | 1.3.9999.6.7.17 | -| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec7 | 1.3.9999.6.7.18 | -| sphincsshake128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe83 | 1.3.9999.6.7.10 | -| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe84 | 1.3.9999.6.7.11 | -| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe85 | 1.3.9999.6.7.12 | -| sphincsshake256192frobust | NIST Round 3 submission | 3 | 3 | 0xfe86 | 1.3.9999.6.8.1 | -| sphincsshake256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe87 | 1.3.9999.6.8.2 | -| sphincsshake192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec8 | 1.3.9999.6.8.10 | -| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec9 | 1.3.9999.6.8.11 | -| sphincsshake192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe88 | 1.3.9999.6.8.3 | -| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe89 | 1.3.9999.6.8.4 | -| sphincsshake256192srobust | NIST Round 3 submission | 3 | 3 | 0xfe8a | 1.3.9999.6.8.5 | -| sphincsshake256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8b | 1.3.9999.6.8.6 | -| sphincsshake192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeca | 1.3.9999.6.8.12 | -| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfecb | 1.3.9999.6.8.13 | -| sphincsshake192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe8c | 1.3.9999.6.8.7 | -| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8d | 1.3.9999.6.8.8 | -| sphincsshake256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe8e | 1.3.9999.6.9.1 | -| sphincsshake256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe8f | 1.3.9999.6.9.2 | -| sphincsshake256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecc | 1.3.9999.6.9.10 | -| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecd | 1.3.9999.6.9.11 | -| sphincsshake256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe90 | 1.3.9999.6.9.3 | -| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe91 | 1.3.9999.6.9.4 | -| sphincsshake256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe92 | 1.3.9999.6.9.5 | -| sphincsshake256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe93 | 1.3.9999.6.9.6 | -| sphincsshake256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfece | 1.3.9999.6.9.12 | -| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecf | 1.3.9999.6.9.13 | -| sphincsshake256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe94 | 1.3.9999.6.9.7 | -| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe95 | 1.3.9999.6.9.8 | \ No newline at end of file +| Algorithm | Implementation Version | NIST round | Claimed NIST Level | Code Point | OID | +|:--------------------------------------------------|:----------------------------------------------|:-------------|---------------------:|:-------------|:-------------------------| +| dilithium2 | 3.1 | 3 | 2 | 0xfea0 | 1.3.6.1.4.1.2.267.7.4.4 | +| dilithium2 **hybrid with** p256 | 3.1 | 3 | 2 | 0xfea1 | 1.3.9999.2.7.1 | +| dilithium2 **hybrid with** rsa3072 | 3.1 | 3 | 2 | 0xfea2 | 1.3.9999.2.7.2 | +| dilithium3 | 3.1 | 3 | 3 | 0xfea3 | 1.3.6.1.4.1.2.267.7.6.5 | +| dilithium3 **hybrid with** p384 | 3.1 | 3 | 3 | 0xfea4 | 1.3.9999.2.7.3 | +| dilithium5 | 3.1 | 3 | 5 | 0xfea5 | 1.3.6.1.4.1.2.267.7.8.7 | +| dilithium5 **hybrid with** p521 | 3.1 | 3 | 5 | 0xfea6 | 1.3.9999.2.7.4 | +| dilithium2_aes | NIST Round 3 submission | 3 | 2 | 0xfea7 | 1.3.6.1.4.1.2.267.11.4.4 | +| dilithium2_aes **hybrid with** p256 | NIST Round 3 submission | 3 | 2 | 0xfea8 | 1.3.9999.2.11.1 | +| dilithium2_aes **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 2 | 0xfea9 | 1.3.9999.2.11.2 | +| dilithium3_aes | NIST Round 3 submission | 3 | 3 | 0xfeaa | 1.3.6.1.4.1.2.267.11.6.5 | +| dilithium3_aes **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfeab | 1.3.9999.2.11.3 | +| dilithium5_aes | NIST Round 3 submission | 3 | 5 | 0xfeac | 1.3.6.1.4.1.2.267.11.8.7 | +| dilithium5_aes **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfead | 1.3.9999.2.11.4 | +| falcon512 | 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | +| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | +| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | +| falcon512 | NIST Round 3 submission | 3 | 1 | 0xfe0b | 1.3.9999.3.1 | +| falcon512 **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe0c | 1.3.9999.3.2 | +| falcon512 **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe0d | 1.3.9999.3.3 | +| falcon1024 | 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | +| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | +| falcon1024 | NIST Round 3 submission | 3 | 5 | 0xfe0e | 1.3.9999.3.4 | +| falcon1024 **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe0f | 1.3.9999.3.5 | +| mldsa44 | ML-DSA-ipd | ipd | 1 | 0xfed0 | 1.3.6.1.4.1.2.267.12.4.4 | +| mldsa44 **hybrid with** p256 | ML-DSA-ipd | ipd | 1 | 0xfed3 | 1.3.9999.7.1 | +| mldsa44 **hybrid with** rsa3072 | ML-DSA-ipd | ipd | 1 | 0xfed4 | 1.3.9999.7.2 | +| mldsa65 | ML-DSA-ipd | ipd | 3 | 0xfed1 | 1.3.6.1.4.1.2.267.12.6.5 | +| mldsa65 **hybrid with** p384 | ML-DSA-ipd | ipd | 3 | 0xfed5 | 1.3.9999.7.3 | +| mldsa87 | ML-DSA-ipd | ipd | 5 | 0xfed2 | 1.3.6.1.4.1.2.267.12.8.7 | +| mldsa87 **hybrid with** p521 | ML-DSA-ipd | ipd | 5 | 0xfed6 | 1.3.9999.7.4 | +| sphincsharaka128frobust | NIST Round 3 submission | 3 | 1 | 0xfe42 | 1.3.9999.6.1.1 | +| sphincsharaka128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe43 | 1.3.9999.6.1.2 | +| sphincsharaka128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe44 | 1.3.9999.6.1.3 | +| sphincsharaka128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe45 | 1.3.9999.6.1.4 | +| sphincsharaka128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe46 | 1.3.9999.6.1.5 | +| sphincsharaka128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe47 | 1.3.9999.6.1.6 | +| sphincsharaka128srobust | NIST Round 3 submission | 3 | 1 | 0xfe48 | 1.3.9999.6.1.7 | +| sphincsharaka128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe49 | 1.3.9999.6.1.8 | +| sphincsharaka128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4a | 1.3.9999.6.1.9 | +| sphincsharaka128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe4b | 1.3.9999.6.1.10 | +| sphincsharaka128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe4c | 1.3.9999.6.1.11 | +| sphincsharaka128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4d | 1.3.9999.6.1.12 | +| sphincsharaka192frobust | NIST Round 3 submission | 3 | 3 | 0xfe4e | 1.3.9999.6.2.1 | +| sphincsharaka192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe4f | 1.3.9999.6.2.2 | +| sphincsharaka192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe50 | 1.3.9999.6.2.3 | +| sphincsharaka192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe51 | 1.3.9999.6.2.4 | +| sphincsharaka192srobust | NIST Round 3 submission | 3 | 3 | 0xfe52 | 1.3.9999.6.2.5 | +| sphincsharaka192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe53 | 1.3.9999.6.2.6 | +| sphincsharaka192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe54 | 1.3.9999.6.2.7 | +| sphincsharaka192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe55 | 1.3.9999.6.2.8 | +| sphincsharaka256frobust | NIST Round 3 submission | 3 | 3 | 0xfe56 | 1.3.9999.6.3.1 | +| sphincsharaka256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 3 | 0xfe57 | 1.3.9999.6.3.2 | +| sphincsharaka256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe58 | 1.3.9999.6.3.3 | +| sphincsharaka256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe59 | 1.3.9999.6.3.4 | +| sphincsharaka256srobust | NIST Round 3 submission | 3 | 5 | 0xfe5a | 1.3.9999.6.3.5 | +| sphincsharaka256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5b | 1.3.9999.6.3.6 | +| sphincsharaka256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe5c | 1.3.9999.6.3.7 | +| sphincsharaka256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5d | 1.3.9999.6.3.8 | +| sphincssha26128frobust | NIST Round 3 submission | 3 | 5 | 0xfe5e | 1.3.9999.6.4.1 | +| sphincssha26128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe5f | 1.3.9999.6.4.2 | +| sphincssha26128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe60 | 1.3.9999.6.4.3 | +| sphincssha2128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb3 | 1.3.9999.6.4.13 | +| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb4 | 1.3.9999.6.4.14 | +| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb5 | 1.3.9999.6.4.15 | +| sphincssha2128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe61 | 1.3.9999.6.4.4 | +| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe62 | 1.3.9999.6.4.5 | +| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe63 | 1.3.9999.6.4.6 | +| sphincssha256128srobust | NIST Round 3 submission | 3 | 5 | 0xfe64 | 1.3.9999.6.4.7 | +| sphincssha256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe65 | 1.3.9999.6.4.8 | +| sphincssha256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe66 | 1.3.9999.6.4.9 | +| sphincssha2128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb6 | 1.3.9999.6.4.16 | +| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb7 | 1.3.9999.6.4.17 | +| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb8 | 1.3.9999.6.4.18 | +| sphincssha2128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe67 | 1.3.9999.6.4.10 | +| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe68 | 1.3.9999.6.4.11 | +| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe69 | 1.3.9999.6.4.12 | +| sphincssha256192frobust | NIST Round 3 submission | 3 | 5 | 0xfe6a | 1.3.9999.6.5.1 | +| sphincssha256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6b | 1.3.9999.6.5.2 | +| sphincssha2192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeb9 | 1.3.9999.6.5.10 | +| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeba | 1.3.9999.6.5.11 | +| sphincssha2192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe6c | 1.3.9999.6.5.3 | +| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe6d | 1.3.9999.6.5.4 | +| sphincssha256192srobust | NIST Round 3 submission | 3 | 5 | 0xfe6e | 1.3.9999.6.5.5 | +| sphincssha256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6f | 1.3.9999.6.5.6 | +| sphincssha2192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebb | 1.3.9999.6.5.12 | +| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebc | 1.3.9999.6.5.13 | +| sphincssha2192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe70 | 1.3.9999.6.5.7 | +| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe71 | 1.3.9999.6.5.8 | +| sphincssha256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe72 | 1.3.9999.6.6.1 | +| sphincssha256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe73 | 1.3.9999.6.6.2 | +| sphincssha2256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebd | 1.3.9999.6.6.10 | +| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebe | 1.3.9999.6.6.11 | +| sphincssha2256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe74 | 1.3.9999.6.6.3 | +| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe75 | 1.3.9999.6.6.4 | +| sphincssha256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe76 | 1.3.9999.6.6.5 | +| sphincssha256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe77 | 1.3.9999.6.6.6 | +| sphincssha2256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec0 | 1.3.9999.6.6.12 | +| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec1 | 1.3.9999.6.6.13 | +| sphincssha2256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe78 | 1.3.9999.6.6.7 | +| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe79 | 1.3.9999.6.6.8 | +| sphincsshake256128frobust | NIST Round 3 submission | 3 | 1 | 0xfe7a | 1.3.9999.6.7.1 | +| sphincsshake256128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7b | 1.3.9999.6.7.2 | +| sphincsshake256128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7c | 1.3.9999.6.7.3 | +| sphincsshake128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec2 | 1.3.9999.6.7.13 | +| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec3 | 1.3.9999.6.7.14 | +| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec4 | 1.3.9999.6.7.15 | +| sphincsshake128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe7d | 1.3.9999.6.7.4 | +| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7e | 1.3.9999.6.7.5 | +| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7f | 1.3.9999.6.7.6 | +| sphincsshake256128srobust | NIST Round 3 submission | 3 | 1 | 0xfe80 | 1.3.9999.6.7.7 | +| sphincsshake256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe81 | 1.3.9999.6.7.8 | +| sphincsshake256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe82 | 1.3.9999.6.7.9 | +| sphincsshake128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec5 | 1.3.9999.6.7.16 | +| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec6 | 1.3.9999.6.7.17 | +| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec7 | 1.3.9999.6.7.18 | +| sphincsshake128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe83 | 1.3.9999.6.7.10 | +| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe84 | 1.3.9999.6.7.11 | +| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe85 | 1.3.9999.6.7.12 | +| sphincsshake256192frobust | NIST Round 3 submission | 3 | 3 | 0xfe86 | 1.3.9999.6.8.1 | +| sphincsshake256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe87 | 1.3.9999.6.8.2 | +| sphincsshake192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec8 | 1.3.9999.6.8.10 | +| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec9 | 1.3.9999.6.8.11 | +| sphincsshake192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe88 | 1.3.9999.6.8.3 | +| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe89 | 1.3.9999.6.8.4 | +| sphincsshake256192srobust | NIST Round 3 submission | 3 | 3 | 0xfe8a | 1.3.9999.6.8.5 | +| sphincsshake256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8b | 1.3.9999.6.8.6 | +| sphincsshake192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeca | 1.3.9999.6.8.12 | +| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfecb | 1.3.9999.6.8.13 | +| sphincsshake192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe8c | 1.3.9999.6.8.7 | +| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8d | 1.3.9999.6.8.8 | +| sphincsshake256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe8e | 1.3.9999.6.9.1 | +| sphincsshake256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe8f | 1.3.9999.6.9.2 | +| sphincsshake256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecc | 1.3.9999.6.9.10 | +| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecd | 1.3.9999.6.9.11 | +| sphincsshake256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe90 | 1.3.9999.6.9.3 | +| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe91 | 1.3.9999.6.9.4 | +| sphincsshake256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe92 | 1.3.9999.6.9.5 | +| sphincsshake256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe93 | 1.3.9999.6.9.6 | +| sphincsshake256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfece | 1.3.9999.6.9.12 | +| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecf | 1.3.9999.6.9.13 | +| sphincsshake256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe94 | 1.3.9999.6.9.7 | +| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe95 | 1.3.9999.6.9.8 | \ No newline at end of file diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 180dc7f4..9fadf50b 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -620,6 +620,32 @@ MAKE_DECODER(, "kyber1024", kyber1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p521_kyber1024", p521_kyber1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mlkem512", mlkem512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mlkem512", mlkem512, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p256_mlkem512", p256_mlkem512, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_mlkem512", p256_mlkem512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_mlkem512", x25519_mlkem512, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_mlkem512", x25519_mlkem512, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "mlkem768", mlkem768, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mlkem768", mlkem768, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p384_mlkem768", p384_mlkem768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_mlkem768", p384_mlkem768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x448_mlkem768", x448_mlkem768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x448_mlkem768", x448_mlkem768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecx, "x25519_mlkem768", x25519_mlkem768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecx, "x25519_mlkem768", x25519_mlkem768, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p256_mlkem768", p256_mlkem768, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p256_mlkem768", p256_mlkem768, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mlkem1024", mlkem1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mlkem1024", mlkem1024, oqsx, SubjectPublicKeyInfo); + +MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); @@ -703,14 +729,20 @@ MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_p384", dilithium5_p384, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_bp384", dilithium5_bp384, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium5_ed448", dilithium5_ed448, oqsx, - SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44", mldsa44, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44", mldsa44, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_mldsa44", p256_mldsa44, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p256_mldsa44", p256_mldsa44, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_mldsa44", rsa3072_mldsa44, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_mldsa44", rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65", mldsa65, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65", mldsa65, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p384_mldsa65", p384_mldsa65, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p384_mldsa65", p384_mldsa65, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa87", mldsa87, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa87", mldsa87, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p521_mldsa87", p521_mldsa87, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "p521_mldsa87", p521_mldsa87, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 3ef60fae..22b55a21 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -999,6 +999,39 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define p521_kyber1024_evp_type 0 #define p521_kyber1024_input_type "p521_kyber1024" #define p521_kyber1024_pem_type "p521_kyber1024" +#define mlkem512_evp_type 0 +#define mlkem512_input_type "mlkem512" +#define mlkem512_pem_type "mlkem512" + +#define p256_mlkem512_evp_type 0 +#define p256_mlkem512_input_type "p256_mlkem512" +#define p256_mlkem512_pem_type "p256_mlkem512" +#define x25519_mlkem512_evp_type 0 +#define x25519_mlkem512_input_type "x25519_mlkem512" +#define x25519_mlkem512_pem_type "x25519_mlkem512" +#define mlkem768_evp_type 0 +#define mlkem768_input_type "mlkem768" +#define mlkem768_pem_type "mlkem768" + +#define p384_mlkem768_evp_type 0 +#define p384_mlkem768_input_type "p384_mlkem768" +#define p384_mlkem768_pem_type "p384_mlkem768" +#define x448_mlkem768_evp_type 0 +#define x448_mlkem768_input_type "x448_mlkem768" +#define x448_mlkem768_pem_type "x448_mlkem768" +#define x25519_mlkem768_evp_type 0 +#define x25519_mlkem768_input_type "x25519_mlkem768" +#define x25519_mlkem768_pem_type "x25519_mlkem768" +#define p256_mlkem768_evp_type 0 +#define p256_mlkem768_input_type "p256_mlkem768" +#define p256_mlkem768_pem_type "p256_mlkem768" +#define mlkem1024_evp_type 0 +#define mlkem1024_input_type "mlkem1024" +#define mlkem1024_pem_type "mlkem1024" + +#define p521_mlkem1024_evp_type 0 +#define p521_mlkem1024_input_type "p521_mlkem1024" +#define p521_mlkem1024_pem_type "p521_mlkem1024" #define bikel1_evp_type 0 #define bikel1_input_type "bikel1" #define bikel1_pem_type "bikel1" @@ -1105,15 +1138,27 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define p521_dilithium5_evp_type 0 #define p521_dilithium5_input_type "p521_dilithium5" #define p521_dilithium5_pem_type "p521_dilithium5" -#define dilithium5_p384_evp_type 0 -#define dilithium5_p384_input_type "dilithium5_p384" -#define dilithium5_p384_pem_type "dilithium5_p384" -#define dilithium5_bp384_evp_type 0 -#define dilithium5_bp384_input_type "dilithium5_bp384" -#define dilithium5_bp384_pem_type "dilithium5_bp384" -#define dilithium5_ed448_evp_type 0 -#define dilithium5_ed448_input_type "dilithium5_ed448" -#define dilithium5_ed448_pem_type "dilithium5_ed448" +#define mldsa44_evp_type 0 +#define mldsa44_input_type "mldsa44" +#define mldsa44_pem_type "mldsa44" +#define p256_mldsa44_evp_type 0 +#define p256_mldsa44_input_type "p256_mldsa44" +#define p256_mldsa44_pem_type "p256_mldsa44" +#define rsa3072_mldsa44_evp_type 0 +#define rsa3072_mldsa44_input_type "rsa3072_mldsa44" +#define rsa3072_mldsa44_pem_type "rsa3072_mldsa44" +#define mldsa65_evp_type 0 +#define mldsa65_input_type "mldsa65" +#define mldsa65_pem_type "mldsa65" +#define p384_mldsa65_evp_type 0 +#define p384_mldsa65_input_type "p384_mldsa65" +#define p384_mldsa65_pem_type "p384_mldsa65" +#define mldsa87_evp_type 0 +#define mldsa87_input_type "mldsa87" +#define mldsa87_pem_type "mldsa87" +#define p521_mldsa87_evp_type 0 +#define p521_mldsa87_input_type "p521_mldsa87" +#define p521_mldsa87_pem_type "p521_mldsa87" #define falcon512_evp_type 0 #define falcon512_input_type "falcon512" #define falcon512_pem_type "falcon512" @@ -2011,6 +2056,79 @@ MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(_ecp, p521_kyber1024, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(_ecp, p521_kyber1024); +MAKE_ENCODER(, mlkem512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mlkem512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mlkem512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mlkem512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mlkem512); + +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_mlkem512); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_mlkem512); +MAKE_ENCODER(, mlkem768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mlkem768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mlkem768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mlkem768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mlkem768); + +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_mlkem768); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x448_mlkem768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x448_mlkem768); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecx, x25519_mlkem768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecx, x25519_mlkem768); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p256_mlkem768, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p256_mlkem768); +MAKE_ENCODER(, mlkem1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mlkem1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mlkem1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mlkem1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mlkem1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mlkem1024); + +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p521_mlkem1024); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, bikel1, oqsx, PrivateKeyInfo, der); @@ -2250,27 +2368,55 @@ MAKE_ENCODER(, p521_dilithium5, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p521_dilithium5, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p521_dilithium5); -MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_p384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_p384); -MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_bp384, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_bp384); -MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium5_ed448, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium5_ed448); +MAKE_ENCODER(, mldsa44, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44); +MAKE_ENCODER(, p256_mldsa44, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_mldsa44, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_mldsa44, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_mldsa44, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_mldsa44, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_mldsa44, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_mldsa44); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_mldsa44); +MAKE_ENCODER(, mldsa65, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65); +MAKE_ENCODER(, p384_mldsa65, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p384_mldsa65, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p384_mldsa65, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p384_mldsa65, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p384_mldsa65, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p384_mldsa65, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p384_mldsa65); +MAKE_ENCODER(, mldsa87, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa87, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa87); +MAKE_ENCODER(, p521_mldsa87, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p521_mldsa87, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p521_mldsa87, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p521_mldsa87, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p521_mldsa87, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p521_mldsa87, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p521_mldsa87); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 69de105c..23666f2b 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -780,162 +780,174 @@ static void *p521_dilithium5_new_key(void *provctx) static void *p521_dilithium5_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 16); + "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 6); } -static void *dilithium5_p384_new_key(void *provctx) + +static void *mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, NULL, 192, 17); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44", KEY_TYPE_SIG, NULL, 128, 7); } -static void *dilithium5_p384_gen_init(void *provctx, int selection) +static void *mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_p384", KEY_TYPE_CMP_SIG, 192, 17); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, "mldsa44", + 0, 128, 7); } -static void *dilithium5_bp384_new_key(void *provctx) +static void *p256_mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 18); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "p256_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 8); } -static void *dilithium5_bp384_gen_init(void *provctx, int selection) +static void *p256_mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_bp384", KEY_TYPE_CMP_SIG, 384, 18); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "p256_mldsa44", KEY_TYPE_HYB_SIG, 128, 8); } -static void *dilithium5_ed448_new_key(void *provctx) +static void *rsa3072_mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 19); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 9); } -static void *dilithium5_ed448_gen_init(void *provctx, int selection) +static void *rsa3072_mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5_ed448", KEY_TYPE_CMP_SIG, 192, 19); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, 128, 9); +} +static void *mldsa65_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "mldsa65", KEY_TYPE_SIG, NULL, 192, 10); } -static void *falcon512_new_key(void *provctx) +static void *mldsa65_gen_init(void *provctx, int selection) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512", KEY_TYPE_SIG, NULL, 128, 20); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, "mldsa65", + 0, 192, 10); +} +static void *p384_mldsa65_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "p384_mldsa65", KEY_TYPE_HYB_SIG, NULL, 192, 11); } -static void *falcon512_gen_init(void *provctx, int selection) +static void *p384_mldsa65_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512", 0, 128, 20); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "p384_mldsa65", KEY_TYPE_HYB_SIG, 192, 11); } -static void *p256_falcon512_new_key(void *provctx) +static void *mldsa87_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 21); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, + "mldsa87", KEY_TYPE_SIG, NULL, 256, 12); } -static void *p256_falcon512_gen_init(void *provctx, int selection) +static void *mldsa87_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 21); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, "mldsa87", + 0, 256, 12); } -static void *rsa3072_falcon512_new_key(void *provctx) +static void *p521_mldsa87_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 22); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, + "p521_mldsa87", KEY_TYPE_HYB_SIG, NULL, 256, 13); } -static void *rsa3072_falcon512_gen_init(void *provctx, int selection) +static void *p521_mldsa87_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 22); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, + "p521_mldsa87", KEY_TYPE_HYB_SIG, 256, 13); } -static void *falcon512_p256_new_key(void *provctx) + +static void *falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 23); + "falcon512", KEY_TYPE_SIG, NULL, 128, 14); } -static void *falcon512_p256_gen_init(void *provctx, int selection) +static void *falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 23); + "falcon512", 0, 128, 14); } -static void *falcon512_bp256_new_key(void *provctx) +static void *p256_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 24); + "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 15); } -static void *falcon512_bp256_gen_init(void *provctx, int selection) +static void *p256_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 24); + "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 15); } -static void *falcon512_ed25519_new_key(void *provctx) +static void *rsa3072_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 25); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 16); } -static void *falcon512_ed25519_gen_init(void *provctx, int selection) +static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 25); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 16); } static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 26); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 17); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 26); + "falcon1024", 0, 256, 17); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 27); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 18); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 27); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 18); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 28); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 19); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 28); + "sphincssha2128fsimple", 0, 128, 19); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 20); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 29); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 20); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 30); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 21); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -943,39 +955,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 30); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 21); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 31); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 22); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 31); + "sphincssha2128ssimple", 0, 128, 22); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 32); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 23); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 32); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 23); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 24); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -983,66 +995,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 33); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 24); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 34); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 25); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 34); + "sphincssha2192fsimple", 0, 192, 25); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 35); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 26); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 35); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 26); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 36); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 27); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 36); + "sphincsshake128fsimple", 0, 128, 27); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 28); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 37); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 28); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -1050,7 +1062,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 38); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 29); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -1219,9 +1231,13 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_dilithium5) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_p384) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_bp384) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5_ed448) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44) +MAKE_SIG_KEYMGMT_FUNCTIONS(p256_mldsa44) +MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_mldsa44) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65) +MAKE_SIG_KEYMGMT_FUNCTIONS(p384_mldsa65) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87) +MAKE_SIG_KEYMGMT_FUNCTIONS(p521_mldsa87) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) @@ -1294,6 +1310,22 @@ MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_kyber768, OQS_KEM_alg_kyber_768, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(kyber1024, OQS_KEM_alg_kyber_1024, 256) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_kyber1024, OQS_KEM_alg_kyber_1024, 256) +MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem512, OQS_KEM_alg_ml_kem_512, 128) + +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem512, OQS_KEM_alg_ml_kem_512, 128) + +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_mlkem512, OQS_KEM_alg_ml_kem_512, 128) +MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem768, OQS_KEM_alg_ml_kem_768, 192) + +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem768, OQS_KEM_alg_ml_kem_768, 192) + +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_mlkem768, OQS_KEM_alg_ml_kem_768, 192) + +MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_mlkem768, OQS_KEM_alg_ml_kem_768, 128) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem768, OQS_KEM_alg_ml_kem_768, 128) +MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) + +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) MAKE_KEM_KEYMGMT_FUNCTIONS(bikel1, OQS_KEM_alg_bike_l1, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_bikel1, OQS_KEM_alg_bike_l1, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 7ed809c4..2771d78e 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -705,6 +705,176 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_kyber1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_kyber1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mlkem512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_mlkem512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_mlkem512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_mlkem512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mlkem768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_mlkem768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x448_mlkem768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x448_mlkem768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x448_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x448_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_x25519_mlkem768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_x25519_mlkem768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_x25519_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_x25519_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_mlkem768_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_mlkem768_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_mlkem768_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mlkem1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mlkem1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mlkem1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_mlkem1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH @@ -1252,56 +1422,124 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_dilithium5_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_der_encoder_functions[]; + oqs_mldsa44_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_PrivateKeyInfo_pem_encoder_functions[]; + oqs_p256_mldsa44_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; + oqs_p256_mldsa44_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; + oqs_p256_mldsa44_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; + oqs_p256_mldsa44_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_to_text_encoder_functions[]; + oqs_p256_mldsa44_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_p384_decoder_functions[]; + oqs_p256_mldsa44_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_mldsa44_to_text_encoder_functions[]; extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_p384_decoder_functions[]; + oqs_PrivateKeyInfo_der_to_p256_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_der_encoder_functions[]; + oqs_SubjectPublicKeyInfo_der_to_p256_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; + oqs_rsa3072_mldsa44_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; + oqs_rsa3072_mldsa44_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; + oqs_rsa3072_mldsa44_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; + oqs_rsa3072_mldsa44_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_to_text_encoder_functions[]; + oqs_rsa3072_mldsa44_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; + oqs_rsa3072_mldsa44_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_mldsa44_to_text_encoder_functions[]; extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_bp384_decoder_functions[]; + oqs_PrivateKeyInfo_der_to_rsa3072_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_der_encoder_functions[]; + oqs_SubjectPublicKeyInfo_der_to_rsa3072_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; + oqs_mldsa65_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; + oqs_mldsa65_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; + oqs_mldsa65_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; + oqs_mldsa65_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH - oqs_dilithium5_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_to_text_encoder_functions[]; + oqs_mldsa65_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; + oqs_mldsa65_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_to_text_encoder_functions[]; extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium5_ed448_decoder_functions[]; + oqs_PrivateKeyInfo_der_to_mldsa65_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mldsa65_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_mldsa65_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_mldsa65_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_mldsa65_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa87_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa87_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_mldsa87_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p521_mldsa87_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_mldsa87_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_mldsa87_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1702,9 +1940,13 @@ extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_p384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_bp384_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium5_ed448_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_mldsa44_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_mldsa44_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p384_mldsa65_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p521_mldsa87_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; @@ -1763,6 +2005,19 @@ extern const OSSL_DISPATCH oqs_ecp_p256_kyber768_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_kyber1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p521_kyber1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mlkem512_keymgmt_functions[]; + +extern const OSSL_DISPATCH oqs_ecp_p256_mlkem512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecx_x25519_mlkem512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mlkem768_keymgmt_functions[]; + +extern const OSSL_DISPATCH oqs_ecp_p384_mlkem768_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecx_x448_mlkem768_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecx_x25519_mlkem768_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecp_p256_mlkem768_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mlkem1024_keymgmt_functions[]; + +extern const OSSL_DISPATCH oqs_ecp_p521_mlkem1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_bikel1_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p256_bikel1_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 3496d68d..eda81119 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -139,6 +139,41 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, p521_kyber1024), # endif +# ifdef OQS_ENABLE_KEM_ml_kem_512 + DECODER_w_structure("mlkem512", der, PrivateKeyInfo, mlkem512), + DECODER_w_structure("mlkem512", der, SubjectPublicKeyInfo, mlkem512), + DECODER_w_structure("p256_mlkem512", der, PrivateKeyInfo, p256_mlkem512), + DECODER_w_structure("p256_mlkem512", der, SubjectPublicKeyInfo, + p256_mlkem512), + DECODER_w_structure("x25519_mlkem512", der, PrivateKeyInfo, + x25519_mlkem512), + DECODER_w_structure("x25519_mlkem512", der, SubjectPublicKeyInfo, + x25519_mlkem512), +# endif +# ifdef OQS_ENABLE_KEM_ml_kem_768 + DECODER_w_structure("mlkem768", der, PrivateKeyInfo, mlkem768), + DECODER_w_structure("mlkem768", der, SubjectPublicKeyInfo, mlkem768), + DECODER_w_structure("p384_mlkem768", der, PrivateKeyInfo, p384_mlkem768), + DECODER_w_structure("p384_mlkem768", der, SubjectPublicKeyInfo, + p384_mlkem768), + DECODER_w_structure("x448_mlkem768", der, PrivateKeyInfo, x448_mlkem768), + DECODER_w_structure("x448_mlkem768", der, SubjectPublicKeyInfo, + x448_mlkem768), + DECODER_w_structure("x25519_mlkem768", der, PrivateKeyInfo, + x25519_mlkem768), + DECODER_w_structure("x25519_mlkem768", der, SubjectPublicKeyInfo, + x25519_mlkem768), + DECODER_w_structure("p256_mlkem768", der, PrivateKeyInfo, p256_mlkem768), + DECODER_w_structure("p256_mlkem768", der, SubjectPublicKeyInfo, + p256_mlkem768), +# endif +# ifdef OQS_ENABLE_KEM_ml_kem_1024 + DECODER_w_structure("mlkem1024", der, PrivateKeyInfo, mlkem1024), + DECODER_w_structure("mlkem1024", der, SubjectPublicKeyInfo, mlkem1024), + DECODER_w_structure("p521_mlkem1024", der, PrivateKeyInfo, p521_mlkem1024), + DECODER_w_structure("p521_mlkem1024", der, SubjectPublicKeyInfo, + p521_mlkem1024), +# endif # ifdef OQS_ENABLE_KEM_bike_l1 DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), @@ -268,6 +303,31 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, dilithium5_ed448), #endif +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + DECODER_w_structure("mldsa44", der, PrivateKeyInfo, mldsa44), + DECODER_w_structure("mldsa44", der, SubjectPublicKeyInfo, mldsa44), + DECODER_w_structure("p256_mldsa44", der, PrivateKeyInfo, p256_mldsa44), + DECODER_w_structure("p256_mldsa44", der, SubjectPublicKeyInfo, + p256_mldsa44), + DECODER_w_structure("rsa3072_mldsa44", der, PrivateKeyInfo, + rsa3072_mldsa44), + DECODER_w_structure("rsa3072_mldsa44", der, SubjectPublicKeyInfo, + rsa3072_mldsa44), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + DECODER_w_structure("mldsa65", der, PrivateKeyInfo, mldsa65), + DECODER_w_structure("mldsa65", der, SubjectPublicKeyInfo, mldsa65), + DECODER_w_structure("p384_mldsa65", der, PrivateKeyInfo, p384_mldsa65), + DECODER_w_structure("p384_mldsa65", der, SubjectPublicKeyInfo, + p384_mldsa65), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + DECODER_w_structure("mldsa87", der, PrivateKeyInfo, mldsa87), + DECODER_w_structure("mldsa87", der, SubjectPublicKeyInfo, mldsa87), + DECODER_w_structure("p521_mldsa87", der, PrivateKeyInfo, p521_mldsa87), + DECODER_w_structure("p521_mldsa87", der, SubjectPublicKeyInfo, + p521_mldsa87), +#endif #ifdef OQS_ENABLE_SIG_falcon_512 DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), DECODER_w_structure("falcon512", der, SubjectPublicKeyInfo, falcon512), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 88729583..08442ac5 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -393,6 +393,114 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("p521_kyber1024", p521_kyber1024), # endif +# ifdef OQS_ENABLE_KEM_ml_kem_512 + ENCODER_w_structure("mlkem512", mlkem512, der, PrivateKeyInfo), + ENCODER_w_structure("mlkem512", mlkem512, pem, PrivateKeyInfo), + ENCODER_w_structure("mlkem512", mlkem512, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem512", mlkem512, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem512", mlkem512, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mlkem512", mlkem512, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mlkem512", mlkem512), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, PrivateKeyInfo), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_mlkem512", p256_mlkem512), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_mlkem512", x25519_mlkem512), +# endif +# ifdef OQS_ENABLE_KEM_ml_kem_768 + ENCODER_w_structure("mlkem768", mlkem768, der, PrivateKeyInfo), + ENCODER_w_structure("mlkem768", mlkem768, pem, PrivateKeyInfo), + ENCODER_w_structure("mlkem768", mlkem768, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem768", mlkem768, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem768", mlkem768, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mlkem768", mlkem768, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mlkem768", mlkem768), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_mlkem768", p384_mlkem768), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, PrivateKeyInfo), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, PrivateKeyInfo), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x448_mlkem768", x448_mlkem768), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, + PrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, + PrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("x25519_mlkem768", x25519_mlkem768), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, PrivateKeyInfo), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_mlkem768", p256_mlkem768), +# endif +# ifdef OQS_ENABLE_KEM_ml_kem_1024 + ENCODER_w_structure("mlkem1024", mlkem1024, der, PrivateKeyInfo), + ENCODER_w_structure("mlkem1024", mlkem1024, pem, PrivateKeyInfo), + ENCODER_w_structure("mlkem1024", mlkem1024, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem1024", mlkem1024, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mlkem1024", mlkem1024, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mlkem1024", mlkem1024, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mlkem1024", mlkem1024), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, PrivateKeyInfo), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_mlkem1024", p521_mlkem1024), +# endif # ifdef OQS_ENABLE_KEM_bike_l1 ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), @@ -792,6 +900,79 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + ENCODER_w_structure("mldsa44", mldsa44, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa44", mldsa44, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa44", mldsa44, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44", mldsa44, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44", mldsa44, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44", mldsa44, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44", mldsa44), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, der, PrivateKeyInfo), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, pem, PrivateKeyInfo), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_mldsa44", p256_mldsa44, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_mldsa44", p256_mldsa44), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, der, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, pem, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_mldsa44", rsa3072_mldsa44), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + ENCODER_w_structure("mldsa65", mldsa65, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa65", mldsa65, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa65", mldsa65, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65", mldsa65, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65", mldsa65, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65", mldsa65, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65", mldsa65), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, der, PrivateKeyInfo), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_mldsa65", p384_mldsa65, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_mldsa65", p384_mldsa65), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + ENCODER_w_structure("mldsa87", mldsa87, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa87", mldsa87, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa87", mldsa87, der, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87", mldsa87, pem, EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87", mldsa87, der, SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa87", mldsa87, pem, SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa87", mldsa87), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, der, PrivateKeyInfo), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, pem, PrivateKeyInfo), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_mldsa87", p521_mldsa87, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_mldsa87", p521_mldsa87), +#endif #ifdef OQS_ENABLE_SIG_falcon_512 ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), ENCODER_w_structure("falcon512", falcon512, pem, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 541a0ba9..928969af 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,45 +49,45 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 162 +# define OQS_OID_CNT 164 #else -# define OQS_OID_CNT 78 +# define OQS_OID_CNT 60 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { #ifdef OQS_KEM_ENCODERS - "1.3.9999.99.13", + "1.3.9999.99.16", "frodo640aes", - "1.3.9999.99.12", + "1.3.9999.99.15", "p256_frodo640aes", "1.3.9999.99.1", "x25519_frodo640aes", - "1.3.9999.99.15", + "1.3.9999.99.18", "frodo640shake", - "1.3.9999.99.14", + "1.3.9999.99.17", "p256_frodo640shake", "1.3.9999.99.2", "x25519_frodo640shake", - "1.3.9999.99.17", + "1.3.9999.99.20", "frodo976aes", - "1.3.9999.99.16", + "1.3.9999.99.19", "p384_frodo976aes", "1.3.9999.99.3", "x448_frodo976aes", - "1.3.9999.99.19", + "1.3.9999.99.22", "frodo976shake", - "1.3.9999.99.18", + "1.3.9999.99.21", "p384_frodo976shake", "1.3.9999.99.4", "x448_frodo976shake", - "1.3.9999.99.21", + "1.3.9999.99.24", "frodo1344aes", - "1.3.9999.99.20", - "p521_frodo1344aes", "1.3.9999.99.23", + "p521_frodo1344aes", + "1.3.9999.99.26", "frodo1344shake", - "1.3.9999.99.22", + "1.3.9999.99.25", "p521_frodo1344shake", "1.3.6.1.4.1.22554.5.6.1", "kyber512", @@ -97,7 +97,7 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_kyber512", "1.3.6.1.4.1.22554.5.6.2", "kyber768", - "1.3.9999.99.24", + "1.3.9999.99.27", "p384_kyber768", "1.3.9999.99.5", "x448_kyber768", @@ -107,39 +107,59 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_kyber768", "1.3.6.1.4.1.22554.5.6.3", "kyber1024", - "1.3.9999.99.25", + "1.3.9999.99.28", "p521_kyber1024", - "1.3.9999.99.27", + "1.3.6.1.4.1.22554.5.6.1", + "mlkem512", + "1.3.6.1.4.1.22554.5.7.1", + "p256_mlkem512", + "1.3.6.1.4.1.22554.5.8.1", + "x25519_mlkem512", + "1.3.6.1.4.1.22554.5.6.2", + "mlkem768", + "1.3.9999.99.29", + "p384_mlkem768", + "1.3.9999.99.8", + "x448_mlkem768", + "1.3.9999.99.9", + "x25519_mlkem768", + "1.3.9999.99.10", + "p256_mlkem768", + "1.3.6.1.4.1.22554.5.6.3", + "mlkem1024", + "1.3.9999.99.30", + "p521_mlkem1024", + "1.3.9999.99.32", "bikel1", - "1.3.9999.99.26", + "1.3.9999.99.31", "p256_bikel1", - "1.3.9999.99.8", + "1.3.9999.99.11", "x25519_bikel1", - "1.3.9999.99.29", + "1.3.9999.99.34", "bikel3", - "1.3.9999.99.28", + "1.3.9999.99.33", "p384_bikel3", - "1.3.9999.99.9", + "1.3.9999.99.12", "x448_bikel3", - "1.3.9999.99.31", + "1.3.9999.99.36", "bikel5", - "1.3.9999.99.30", + "1.3.9999.99.35", "p521_bikel5", - "1.3.9999.99.33", + "1.3.9999.99.38", "hqc128", - "1.3.9999.99.32", + "1.3.9999.99.37", "p256_hqc128", - "1.3.9999.99.10", + "1.3.9999.99.13", "x25519_hqc128", - "1.3.9999.99.35", + "1.3.9999.99.40", "hqc192", - "1.3.9999.99.34", + "1.3.9999.99.39", "p384_hqc192", - "1.3.9999.99.11", + "1.3.9999.99.14", "x448_hqc192", - "1.3.9999.99.37", + "1.3.9999.99.42", "hqc256", - "1.3.9999.99.36", + "1.3.9999.99.41", "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ @@ -178,12 +198,20 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "dilithium5", "1.3.9999.2.7.4", "p521_dilithium5", - "2.16.840.1.114027.80.8.1.11", - "dilithium5_p384", - "2.16.840.1.114027.80.8.1.12", - "dilithium5_bp384", - "2.16.840.1.114027.80.8.1.13", - "dilithium5_ed448", + "1.3.6.1.4.1.2.267.12.4.4", + "mldsa44", + "1.3.9999.7.1", + "p256_mldsa44", + "1.3.9999.7.2", + "rsa3072_mldsa44", + "1.3.6.1.4.1.2.267.12.6.5", + "mldsa65", + "1.3.9999.7.3", + "p384_mldsa65", + "1.3.6.1.4.1.2.267.12.8.7", + "mldsa87", + "1.3.9999.7.4", + "p521_mldsa87", "1.3.9999.3.6", "falcon512", "1.3.9999.3.7", @@ -292,46 +320,69 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P521_KYBER1024")) oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); + if (getenv("OQS_OID_MLKEM512")) + oqs_oid_alg_list[52] = getenv("OQS_OID_MLKEM512"); + + if (getenv("OQS_OID_P256_MLKEM512")) + oqs_oid_alg_list[54] = getenv("OQS_OID_P256_MLKEM512"); + if (getenv("OQS_OID_X25519_MLKEM512")) + oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_MLKEM512"); + if (getenv("OQS_OID_MLKEM768")) + oqs_oid_alg_list[58] = getenv("OQS_OID_MLKEM768"); + + if (getenv("OQS_OID_P384_MLKEM768")) + oqs_oid_alg_list[60] = getenv("OQS_OID_P384_MLKEM768"); + if (getenv("OQS_OID_X448_MLKEM768")) + oqs_oid_alg_list[62] = getenv("OQS_OID_X448_MLKEM768"); + if (getenv("OQS_OID_X25519_MLKEM768")) + oqs_oid_alg_list[64] = getenv("OQS_OID_X25519_MLKEM768"); + if (getenv("OQS_OID_P256_MLKEM768")) + oqs_oid_alg_list[66] = getenv("OQS_OID_P256_MLKEM768"); + if (getenv("OQS_OID_MLKEM1024")) + oqs_oid_alg_list[68] = getenv("OQS_OID_MLKEM1024"); + + if (getenv("OQS_OID_P521_MLKEM1024")) + oqs_oid_alg_list[70] = getenv("OQS_OID_P521_MLKEM1024"); if (getenv("OQS_OID_BIKEL1")) - oqs_oid_alg_list[52] = getenv("OQS_OID_BIKEL1"); + oqs_oid_alg_list[72] = getenv("OQS_OID_BIKEL1"); if (getenv("OQS_OID_P256_BIKEL1")) - oqs_oid_alg_list[54] = getenv("OQS_OID_P256_BIKEL1"); + oqs_oid_alg_list[74] = getenv("OQS_OID_P256_BIKEL1"); if (getenv("OQS_OID_X25519_BIKEL1")) - oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_BIKEL1"); + oqs_oid_alg_list[76] = getenv("OQS_OID_X25519_BIKEL1"); if (getenv("OQS_OID_BIKEL3")) - oqs_oid_alg_list[58] = getenv("OQS_OID_BIKEL3"); + oqs_oid_alg_list[78] = getenv("OQS_OID_BIKEL3"); if (getenv("OQS_OID_P384_BIKEL3")) - oqs_oid_alg_list[60] = getenv("OQS_OID_P384_BIKEL3"); + oqs_oid_alg_list[80] = getenv("OQS_OID_P384_BIKEL3"); if (getenv("OQS_OID_X448_BIKEL3")) - oqs_oid_alg_list[62] = getenv("OQS_OID_X448_BIKEL3"); + oqs_oid_alg_list[82] = getenv("OQS_OID_X448_BIKEL3"); if (getenv("OQS_OID_BIKEL5")) - oqs_oid_alg_list[64] = getenv("OQS_OID_BIKEL5"); + oqs_oid_alg_list[84] = getenv("OQS_OID_BIKEL5"); if (getenv("OQS_OID_P521_BIKEL5")) - oqs_oid_alg_list[66] = getenv("OQS_OID_P521_BIKEL5"); + oqs_oid_alg_list[86] = getenv("OQS_OID_P521_BIKEL5"); if (getenv("OQS_OID_HQC128")) - oqs_oid_alg_list[68] = getenv("OQS_OID_HQC128"); + oqs_oid_alg_list[88] = getenv("OQS_OID_HQC128"); if (getenv("OQS_OID_P256_HQC128")) - oqs_oid_alg_list[70] = getenv("OQS_OID_P256_HQC128"); + oqs_oid_alg_list[90] = getenv("OQS_OID_P256_HQC128"); if (getenv("OQS_OID_X25519_HQC128")) - oqs_oid_alg_list[72] = getenv("OQS_OID_X25519_HQC128"); + oqs_oid_alg_list[92] = getenv("OQS_OID_X25519_HQC128"); if (getenv("OQS_OID_HQC192")) - oqs_oid_alg_list[74] = getenv("OQS_OID_HQC192"); + oqs_oid_alg_list[94] = getenv("OQS_OID_HQC192"); if (getenv("OQS_OID_P384_HQC192")) - oqs_oid_alg_list[76] = getenv("OQS_OID_P384_HQC192"); + oqs_oid_alg_list[96] = getenv("OQS_OID_P384_HQC192"); if (getenv("OQS_OID_X448_HQC192")) - oqs_oid_alg_list[78] = getenv("OQS_OID_X448_HQC192"); + oqs_oid_alg_list[98] = getenv("OQS_OID_X448_HQC192"); if (getenv("OQS_OID_HQC256")) - oqs_oid_alg_list[80] = getenv("OQS_OID_HQC256"); + oqs_oid_alg_list[100] = getenv("OQS_OID_HQC256"); if (getenv("OQS_OID_P521_HQC256")) - oqs_oid_alg_list[82] = getenv("OQS_OID_P521_HQC256"); + oqs_oid_alg_list[102] = getenv("OQS_OID_P521_HQC256"); -# define OQS_KEMOID_CNT 82 + 2 +# define OQS_KEMOID_CNT 102 + 2 #else # define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ @@ -353,51 +404,66 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P521_DILITHIUM5")) oqs_oid_alg_list[12 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_DILITHIUM5"); + if (getenv("OQS_OID_MLDSA44")) + oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA44"); + if (getenv("OQS_OID_P256_MLDSA44")) + oqs_oid_alg_list[16 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_MLDSA44"); + if (getenv("OQS_OID_RSA3072_MLDSA44")) + oqs_oid_alg_list[18 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_MLDSA44"); + if (getenv("OQS_OID_MLDSA65")) + oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA65"); + if (getenv("OQS_OID_P384_MLDSA65")) + oqs_oid_alg_list[22 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_MLDSA65"); + if (getenv("OQS_OID_MLDSA87")) + oqs_oid_alg_list[24 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA87"); + if (getenv("OQS_OID_P521_MLDSA87")) + oqs_oid_alg_list[26 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_MLDSA87"); if (getenv("OQS_OID_FALCON512")) - oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); + oqs_oid_alg_list[28 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); if (getenv("OQS_OID_P256_FALCON512")) - oqs_oid_alg_list[16 + OQS_KEMOID_CNT] + oqs_oid_alg_list[30 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_FALCON512"); if (getenv("OQS_OID_RSA3072_FALCON512")) - oqs_oid_alg_list[18 + OQS_KEMOID_CNT] + oqs_oid_alg_list[32 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCON512"); if (getenv("OQS_OID_FALCON1024")) - oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); + oqs_oid_alg_list[34 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); if (getenv("OQS_OID_P521_FALCON1024")) - oqs_oid_alg_list[22 + OQS_KEMOID_CNT] + oqs_oid_alg_list[36 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCON1024"); if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[24 + OQS_KEMOID_CNT] + oqs_oid_alg_list[38 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[26 + OQS_KEMOID_CNT] + oqs_oid_alg_list[40 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[28 + OQS_KEMOID_CNT] + oqs_oid_alg_list[42 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[30 + OQS_KEMOID_CNT] + oqs_oid_alg_list[44 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[32 + OQS_KEMOID_CNT] + oqs_oid_alg_list[46 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[34 + OQS_KEMOID_CNT] + oqs_oid_alg_list[48 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[36 + OQS_KEMOID_CNT] + oqs_oid_alg_list[50 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[38 + OQS_KEMOID_CNT] + oqs_oid_alg_list[52 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[40 + OQS_KEMOID_CNT] + oqs_oid_alg_list[54 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[42 + OQS_KEMOID_CNT] + oqs_oid_alg_list[56 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[44 + OQS_KEMOID_CNT] + oqs_oid_alg_list[58 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; @@ -491,34 +557,48 @@ int oqs_patch_encodings(void) if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384")) - oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_DILITHIUM5_P384"); - if (getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME")) - oqs_alg_encoding_list[35] - = getenv("OQS_ENCODING_DILITHIUM5_P384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384")) - oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_DILITHIUM5_BP384"); - if (getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME")) - oqs_alg_encoding_list[37] - = getenv("OQS_ENCODING_DILITHIUM5_BP384_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448")) - oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_DILITHIUM5_ED448"); - if (getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME")) - oqs_alg_encoding_list[39] - = getenv("OQS_ENCODING_DILITHIUM5_ED448_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44")) + oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_MLDSA44"); + if (getenv("OQS_ENCODING_MLDSA44_ALGNAME")) + oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_MLDSA44_ALGNAME"); + if (getenv("OQS_ENCODING_P256_MLDSA44")) + oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_MLDSA44"); + if (getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME")) + oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_MLDSA44")) + oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_MLDSA44"); + if (getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME")) + oqs_alg_encoding_list[19] + = getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65")) + oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_MLDSA65"); + if (getenv("OQS_ENCODING_MLDSA65_ALGNAME")) + oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_MLDSA65_ALGNAME"); + if (getenv("OQS_ENCODING_P384_MLDSA65")) + oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P384_MLDSA65"); + if (getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME")) + oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA87")) + oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_MLDSA87"); + if (getenv("OQS_ENCODING_MLDSA87_ALGNAME")) + oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_MLDSA87_ALGNAME"); + if (getenv("OQS_ENCODING_P521_MLDSA87")) + oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P521_MLDSA87"); + if (getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME")) + oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512")) - oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON512"); + oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_FALCON512"); if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) - oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); + oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_P256_FALCON512")) - oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_FALCON512"); + oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_P256_FALCON512"); if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) - oqs_alg_encoding_list[43] + oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_FALCON512")) - oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_RSA3072_FALCON512"); if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) - oqs_alg_encoding_list[45] + oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512_P256")) oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); @@ -536,79 +616,79 @@ int oqs_patch_encodings(void) oqs_alg_encoding_list[51] = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_FALCON1024"); + oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_P521_FALCON1024"); + oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[55] + oqs_alg_encoding_list[37] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[56] + oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[57] + oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[58] + oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[59] + oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[60] + oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[61] + oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[62] + oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[63] + oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[64] + oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[65] + oqs_alg_encoding_list[47] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[66] + oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[67] + oqs_alg_encoding_list[49] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[68] + oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[69] + oqs_alg_encoding_list[51] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[70] + oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[71] + oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[72] + oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[73] + oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[74] + oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[75] + oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[76] + oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[77] + oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; @@ -676,9 +756,19 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), SIGALG("p521_dilithium5", 256, oqs_signature_functions), - SIGALG("dilithium5_p384", 192, oqs_signature_functions), - SIGALG("dilithium5_bp384", 384, oqs_signature_functions), - SIGALG("dilithium5_ed448", 192, oqs_signature_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + SIGALG("mldsa44", 128, oqs_signature_functions), + SIGALG("p256_mldsa44", 128, oqs_signature_functions), + SIGALG("rsa3072_mldsa44", 128, oqs_signature_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + SIGALG("mldsa65", 192, oqs_signature_functions), + SIGALG("p384_mldsa65", 192, oqs_signature_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + SIGALG("mldsa87", 256, oqs_signature_functions), + SIGALG("p521_mldsa87", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_signature_functions), @@ -761,6 +851,22 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { KEMBASEALG(kyber1024, 256) KEMHYBALG(p521_kyber1024, 256) #endif +#ifdef OQS_ENABLE_KEM_ml_kem_512 + KEMBASEALG(mlkem512, 128) + KEMHYBALG(p256_mlkem512, 128) + KEMHYBALG(x25519_mlkem512, 128) +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_768 + KEMBASEALG(mlkem768, 192) + KEMHYBALG(p384_mlkem768, 192) + KEMHYBALG(x448_mlkem768, 192) + KEMHYBALG(x25519_mlkem768, 128) + KEMHYBALG(p256_mlkem768, 128) +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_1024 + KEMBASEALG(mlkem1024, 256) + KEMHYBALG(p521_mlkem1024, 256) +#endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMBASEALG(bikel1, 128) KEMHYBALG(p256_bikel1, 128) @@ -793,7 +899,8 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END {NULL, NULL, NULL}}; -static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { +static const OSSL_ALGORITHM oqsprovider_keymgmt[] + = { ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_START // clang-format off @@ -819,9 +926,19 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), SIGALG("p521_dilithium5", 256, oqs_p521_dilithium5_keymgmt_functions), - SIGALG("dilithium5_p384", 192, oqs_dilithium5_p384_keymgmt_functions), - SIGALG("dilithium5_bp384", 384, oqs_dilithium5_bp384_keymgmt_functions), - SIGALG("dilithium5_ed448", 192, oqs_dilithium5_ed448_keymgmt_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_44 + SIGALG("mldsa44", 128, oqs_mldsa44_keymgmt_functions), + SIGALG("p256_mldsa44", 128, oqs_p256_mldsa44_keymgmt_functions), + SIGALG("rsa3072_mldsa44", 128, oqs_rsa3072_mldsa44_keymgmt_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_65 + SIGALG("mldsa65", 192, oqs_mldsa65_keymgmt_functions), + SIGALG("p384_mldsa65", 192, oqs_p384_mldsa65_keymgmt_functions), +#endif +#ifdef OQS_ENABLE_SIG_ml_dsa_87 + SIGALG("mldsa87", 256, oqs_mldsa87_keymgmt_functions), + SIGALG("p521_mldsa87", 256, oqs_p521_mldsa87_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), @@ -908,6 +1025,25 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { KEMKMHYBALG(p521_kyber1024, 256, ecp) #endif +#ifdef OQS_ENABLE_KEM_ml_kem_512 + KEMKMALG(mlkem512, 128) + + KEMKMHYBALG(p256_mlkem512, 128, ecp) + KEMKMHYBALG(x25519_mlkem512, 128, ecx) +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_768 + KEMKMALG(mlkem768, 192) + + KEMKMHYBALG(p384_mlkem768, 192, ecp) + KEMKMHYBALG(x448_mlkem768, 192, ecx) + KEMKMHYBALG(x25519_mlkem768, 128, ecx) + KEMKMHYBALG(p256_mlkem768, 128, ecp) +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_1024 + KEMKMALG(mlkem1024, 256) + + KEMKMHYBALG(p521_mlkem1024, 256, ecp) +#endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMKMALG(bikel1, 128) @@ -942,10 +1078,10 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { KEMKMHYBALG(p521_hqc256, 256, ecp) #endif - // clang-format on - ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END - // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), - {NULL, NULL, NULL}}; + // clang-format on + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END + // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), + {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_encoder[] = { #define ENCODER_PROVIDER "oqsprovider" diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 6255b041..81aec194 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -70,6 +70,19 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = { {0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0247, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + + {0x2F47, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB2, 128, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0248, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + + {0x2F48, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB3, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB4, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2FB5, 192, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x0249, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + + {0x2F49, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1}, @@ -184,39 +197,58 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(p521_kyber1024, p521_kyber1024, p521_kyber1024, 25), #endif +#ifdef OQS_ENABLE_KEM_ml_kem_512 + OQS_GROUP_ENTRY(mlkem512, mlkem512, mlkem512, 26), + + OQS_GROUP_ENTRY(p256_mlkem512, p256_mlkem512, p256_mlkem512, 27), + OQS_GROUP_ENTRY(x25519_mlkem512, x25519_mlkem512, x25519_mlkem512, 28), +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_768 + OQS_GROUP_ENTRY(mlkem768, mlkem768, mlkem768, 29), + + OQS_GROUP_ENTRY(p384_mlkem768, p384_mlkem768, p384_mlkem768, 30), + OQS_GROUP_ENTRY(x448_mlkem768, x448_mlkem768, x448_mlkem768, 31), + OQS_GROUP_ENTRY(x25519_mlkem768, x25519_mlkem768, x25519_mlkem768, 32), + OQS_GROUP_ENTRY(p256_mlkem768, p256_mlkem768, p256_mlkem768, 33), +#endif +#ifdef OQS_ENABLE_KEM_ml_kem_1024 + OQS_GROUP_ENTRY(mlkem1024, mlkem1024, mlkem1024, 34), + + OQS_GROUP_ENTRY(p521_mlkem1024, p521_mlkem1024, p521_mlkem1024, 35), +#endif #ifdef OQS_ENABLE_KEM_bike_l1 - OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 26), + OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 36), - OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 27), - OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 28), + OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 37), + OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 38), #endif #ifdef OQS_ENABLE_KEM_bike_l3 - OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 29), + OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 39), - OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 30), - OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 31), + OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 40), + OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 41), #endif #ifdef OQS_ENABLE_KEM_bike_l5 - OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 32), + OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 42), - OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 33), + OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 43), #endif #ifdef OQS_ENABLE_KEM_hqc_128 - OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 34), + OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 44), - OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 35), - OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 36), + OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 45), + OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 46), #endif #ifdef OQS_ENABLE_KEM_hqc_192 - OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 37), + OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 47), - OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 38), - OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 39), + OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 48), + OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 49), #endif #ifdef OQS_ENABLE_KEM_hqc_256 - OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 40), + OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 50), - OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 41), + OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 51), #endif ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END }; @@ -234,15 +266,18 @@ static OQS_SIGALG_CONSTANTS oqs_sigalg_list[] = { {0xfea0, 128, TLS1_3_VERSION, 0}, {0xfea1, 128, TLS1_3_VERSION, 0}, {0xfea2, 128, TLS1_3_VERSION, 0}, {0xfea3, 192, TLS1_3_VERSION, 0}, {0xfea4, 192, TLS1_3_VERSION, 0}, {0xfea5, 256, TLS1_3_VERSION, 0}, - {0xfea6, 256, TLS1_3_VERSION, 0}, {0xfeae, 128, TLS1_3_VERSION, 0}, - {0xfeaf, 128, TLS1_3_VERSION, 0}, {0xfeb0, 128, TLS1_3_VERSION, 0}, - {0xfeb1, 256, TLS1_3_VERSION, 0}, {0xfeb2, 256, TLS1_3_VERSION, 0}, - {0xfeb3, 128, TLS1_3_VERSION, 0}, {0xfeb4, 128, TLS1_3_VERSION, 0}, - {0xfeb5, 128, TLS1_3_VERSION, 0}, {0xfeb6, 128, TLS1_3_VERSION, 0}, - {0xfeb7, 128, TLS1_3_VERSION, 0}, {0xfeb8, 128, TLS1_3_VERSION, 0}, - {0xfeb9, 192, TLS1_3_VERSION, 0}, {0xfeba, 192, TLS1_3_VERSION, 0}, - {0xfec2, 128, TLS1_3_VERSION, 0}, {0xfec3, 128, TLS1_3_VERSION, 0}, - {0xfec4, 128, TLS1_3_VERSION, 0}, + {0xfea6, 256, TLS1_3_VERSION, 0}, {0xfed0, 128, TLS1_3_VERSION, 0}, + {0xfed3, 128, TLS1_3_VERSION, 0}, {0xfed4, 128, TLS1_3_VERSION, 0}, + {0xfed1, 192, TLS1_3_VERSION, 0}, {0xfed5, 192, TLS1_3_VERSION, 0}, + {0xfed2, 256, TLS1_3_VERSION, 0}, {0xfed6, 256, TLS1_3_VERSION, 0}, + {0xfeae, 128, TLS1_3_VERSION, 0}, {0xfeaf, 128, TLS1_3_VERSION, 0}, + {0xfeb0, 128, TLS1_3_VERSION, 0}, {0xfeb1, 256, TLS1_3_VERSION, 0}, + {0xfeb2, 256, TLS1_3_VERSION, 0}, {0xfeb3, 128, TLS1_3_VERSION, 0}, + {0xfeb4, 128, TLS1_3_VERSION, 0}, {0xfeb5, 128, TLS1_3_VERSION, 0}, + {0xfeb6, 128, TLS1_3_VERSION, 0}, {0xfeb7, 128, TLS1_3_VERSION, 0}, + {0xfeb8, 128, TLS1_3_VERSION, 0}, {0xfeb9, 192, TLS1_3_VERSION, 0}, + {0xfeba, 192, TLS1_3_VERSION, 0}, {0xfec2, 128, TLS1_3_VERSION, 0}, + {0xfec3, 128, TLS1_3_VERSION, 0}, {0xfec4, 128, TLS1_3_VERSION, 0}, ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END }; @@ -323,40 +358,67 @@ int oqs_patch_codepoints() if (getenv("OQS_CODEPOINT_P521_KYBER1024")) oqs_group_list[25].group_id = atoi(getenv("OQS_CODEPOINT_P521_KYBER1024")); + if (getenv("OQS_CODEPOINT_MLKEM512")) + oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_MLKEM512")); + if (getenv("OQS_CODEPOINT_P256_MLKEM512")) + oqs_group_list[27].group_id + = atoi(getenv("OQS_CODEPOINT_P256_MLKEM512")); + if (getenv("OQS_CODEPOINT_X25519_MLKEM512")) + oqs_group_list[28].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_MLKEM512")); + if (getenv("OQS_CODEPOINT_MLKEM768")) + oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_MLKEM768")); + if (getenv("OQS_CODEPOINT_P384_MLKEM768")) + oqs_group_list[30].group_id + = atoi(getenv("OQS_CODEPOINT_P384_MLKEM768")); + if (getenv("OQS_CODEPOINT_X448_MLKEM768")) + oqs_group_list[31].group_id + = atoi(getenv("OQS_CODEPOINT_X448_MLKEM768")); + if (getenv("OQS_CODEPOINT_X25519_MLKEM768")) + oqs_group_list[32].group_id + = atoi(getenv("OQS_CODEPOINT_X25519_MLKEM768")); + if (getenv("OQS_CODEPOINT_P256_MLKEM768")) + oqs_group_list[33].group_id + = atoi(getenv("OQS_CODEPOINT_P256_MLKEM768")); + if (getenv("OQS_CODEPOINT_MLKEM1024")) + oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_MLKEM1024")); + if (getenv("OQS_CODEPOINT_P521_MLKEM1024")) + oqs_group_list[35].group_id + = atoi(getenv("OQS_CODEPOINT_P521_MLKEM1024")); if (getenv("OQS_CODEPOINT_BIKEL1")) - oqs_group_list[26].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); + oqs_group_list[36].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); if (getenv("OQS_CODEPOINT_P256_BIKEL1")) - oqs_group_list[27].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); + oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) - oqs_group_list[28].group_id + oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); if (getenv("OQS_CODEPOINT_BIKEL3")) - oqs_group_list[29].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); + oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); if (getenv("OQS_CODEPOINT_P384_BIKEL3")) - oqs_group_list[30].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); + oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); if (getenv("OQS_CODEPOINT_X448_BIKEL3")) - oqs_group_list[31].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); + oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); if (getenv("OQS_CODEPOINT_BIKEL5")) - oqs_group_list[32].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); + oqs_group_list[42].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); if (getenv("OQS_CODEPOINT_P521_BIKEL5")) - oqs_group_list[33].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); + oqs_group_list[43].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); if (getenv("OQS_CODEPOINT_HQC128")) - oqs_group_list[34].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); + oqs_group_list[44].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); if (getenv("OQS_CODEPOINT_P256_HQC128")) - oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); + oqs_group_list[45].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); if (getenv("OQS_CODEPOINT_X25519_HQC128")) - oqs_group_list[36].group_id + oqs_group_list[46].group_id = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); if (getenv("OQS_CODEPOINT_HQC192")) - oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); + oqs_group_list[47].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); if (getenv("OQS_CODEPOINT_P384_HQC192")) - oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); + oqs_group_list[48].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); if (getenv("OQS_CODEPOINT_X448_HQC192")) - oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); + oqs_group_list[49].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); if (getenv("OQS_CODEPOINT_HQC256")) - oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); + oqs_group_list[50].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); if (getenv("OQS_CODEPOINT_P521_HQC256")) - oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); + oqs_group_list[51].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); if (getenv("OQS_CODEPOINT_DILITHIUM2")) oqs_sigalg_list[0].code_point @@ -379,52 +441,71 @@ int oqs_patch_codepoints() if (getenv("OQS_CODEPOINT_P521_DILITHIUM5")) oqs_sigalg_list[6].code_point = atoi(getenv("OQS_CODEPOINT_P521_DILITHIUM5")); + if (getenv("OQS_CODEPOINT_MLDSA44")) + oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_MLDSA44")); + if (getenv("OQS_CODEPOINT_P256_MLDSA44")) + oqs_sigalg_list[8].code_point + = atoi(getenv("OQS_CODEPOINT_P256_MLDSA44")); + if (getenv("OQS_CODEPOINT_RSA3072_MLDSA44")) + oqs_sigalg_list[9].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_MLDSA44")); + if (getenv("OQS_CODEPOINT_MLDSA65")) + oqs_sigalg_list[10].code_point = atoi(getenv("OQS_CODEPOINT_MLDSA65")); + if (getenv("OQS_CODEPOINT_P384_MLDSA65")) + oqs_sigalg_list[11].code_point + = atoi(getenv("OQS_CODEPOINT_P384_MLDSA65")); + if (getenv("OQS_CODEPOINT_MLDSA87")) + oqs_sigalg_list[12].code_point = atoi(getenv("OQS_CODEPOINT_MLDSA87")); + if (getenv("OQS_CODEPOINT_P521_MLDSA87")) + oqs_sigalg_list[13].code_point + = atoi(getenv("OQS_CODEPOINT_P521_MLDSA87")); if (getenv("OQS_CODEPOINT_FALCON512")) - oqs_sigalg_list[7].code_point = atoi(getenv("OQS_CODEPOINT_FALCON512")); + oqs_sigalg_list[14].code_point + = atoi(getenv("OQS_CODEPOINT_FALCON512")); if (getenv("OQS_CODEPOINT_P256_FALCON512")) - oqs_sigalg_list[8].code_point + oqs_sigalg_list[15].code_point = atoi(getenv("OQS_CODEPOINT_P256_FALCON512")); if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) - oqs_sigalg_list[9].code_point + oqs_sigalg_list[16].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); if (getenv("OQS_CODEPOINT_FALCON1024")) - oqs_sigalg_list[10].code_point + oqs_sigalg_list[17].code_point = atoi(getenv("OQS_CODEPOINT_FALCON1024")); if (getenv("OQS_CODEPOINT_P521_FALCON1024")) - oqs_sigalg_list[11].code_point + oqs_sigalg_list[18].code_point = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[12].code_point + oqs_sigalg_list[19].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[13].code_point + oqs_sigalg_list[20].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[14].code_point + oqs_sigalg_list[21].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[15].code_point + oqs_sigalg_list[22].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[16].code_point + oqs_sigalg_list[23].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[17].code_point + oqs_sigalg_list[24].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[18].code_point + oqs_sigalg_list[25].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[19].code_point + oqs_sigalg_list[26].code_point = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[20].code_point + oqs_sigalg_list[27].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[21].code_point + oqs_sigalg_list[28].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[22].code_point + oqs_sigalg_list[29].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END return 1; @@ -486,50 +567,67 @@ static const OSSL_PARAM oqs_param_sigalg_list[][12] = { OQS_SIGALG_ENTRY(p521_dilithium5, p521_dilithium5, p521_dilithium5, "1.3.9999.2.7.4", 6), # endif +# ifdef OQS_ENABLE_SIG_ml_dsa_44 + OQS_SIGALG_ENTRY(mldsa44, mldsa44, mldsa44, "1.3.6.1.4.1.2.267.12.4.4", 7), + OQS_SIGALG_ENTRY(p256_mldsa44, p256_mldsa44, p256_mldsa44, "1.3.9999.7.1", + 8), + OQS_SIGALG_ENTRY(rsa3072_mldsa44, rsa3072_mldsa44, rsa3072_mldsa44, + "1.3.9999.7.2", 9), +# endif +# ifdef OQS_ENABLE_SIG_ml_dsa_65 + OQS_SIGALG_ENTRY(mldsa65, mldsa65, mldsa65, "1.3.6.1.4.1.2.267.12.6.5", 10), + OQS_SIGALG_ENTRY(p384_mldsa65, p384_mldsa65, p384_mldsa65, "1.3.9999.7.3", + 11), +# endif +# ifdef OQS_ENABLE_SIG_ml_dsa_87 + OQS_SIGALG_ENTRY(mldsa87, mldsa87, mldsa87, "1.3.6.1.4.1.2.267.12.8.7", 12), + OQS_SIGALG_ENTRY(p521_mldsa87, p521_mldsa87, p521_mldsa87, "1.3.9999.7.4", + 13), +# endif # ifdef OQS_ENABLE_SIG_falcon_512 - OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.6", 7), + OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.6", 14), OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, - "1.3.9999.3.7", 8), + "1.3.9999.3.7", 15), OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, - "1.3.9999.3.8", 9), + "1.3.9999.3.8", 16), # endif # ifdef OQS_ENABLE_SIG_falcon_1024 - OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.9", 10), + OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.9", 17), OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, - "1.3.9999.3.10", 11), + "1.3.9999.3.10", 18), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, - sphincssha2128fsimple, "1.3.9999.6.4.13", 12), + sphincssha2128fsimple, "1.3.9999.6.4.13", 19), OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, - p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 13), + p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 20), OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, - rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 14), + rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 21), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, - sphincssha2128ssimple, "1.3.9999.6.4.16", 15), + sphincssha2128ssimple, "1.3.9999.6.4.16", 22), OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, - p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 16), + p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 23), OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, - rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 17), + rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 24), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, - sphincssha2192fsimple, "1.3.9999.6.5.10", 18), + sphincssha2192fsimple, "1.3.9999.6.5.10", 25), OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, - p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 19), + p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 26), # endif # ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, - sphincsshake128fsimple, "1.3.9999.6.7.13", 20), + sphincsshake128fsimple, "1.3.9999.6.7.13", 27), OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, - p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 21), + p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 28), OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, - rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 22), + rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 29), # endif ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 21a06e1c..885fe62e 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,9 +54,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 81 +# define NID_TABLE_LEN 82 #else -# define NID_TABLE_LEN 39 +# define NID_TABLE_LEN 30 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -98,6 +98,16 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, {0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256}, {0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_KEM, 128}, + {0, "p256_mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_ECP_HYB_KEM, 128}, + {0, "x25519_mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_ECX_HYB_KEM, 128}, + {0, "mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_KEM, 192}, + {0, "p384_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "x448_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "x25519_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECX_HYB_KEM, 192}, + {0, "p256_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, + {0, "mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_KEM, 256}, + {0, "p521_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, @@ -133,9 +143,13 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256}, {0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256}, - {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, - {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 384}, - {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, + {0, "mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_SIG, 128}, + {0, "p256_mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_HYB_SIG, 128}, + {0, "rsa3072_mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_HYB_SIG, 128}, + {0, "mldsa65", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_SIG, 192}, + {0, "p384_mldsa65", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_HYB_SIG, 192}, + {0, "mldsa87", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_SIG, 256}, + {0, "p521_mldsa87", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_HYB_SIG, 256}, {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, diff --git a/scripts/common.py b/scripts/common.py index 88c609e5..85e1492d 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -7,27 +7,32 @@ key_exchanges = [ ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_START # post-quantum key exchanges - 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','kyber512','kyber768','kyber1024','bikel1','bikel3','bikel5','hqc128','hqc192','hqc256', + 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','kyber512','kyber768','kyber1024','mlkem512','mlkem768','mlkem1024','bikel1','bikel3','bikel5','hqc128','hqc192','hqc256', # post-quantum + classical key exchanges - 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', + 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_mlkem512','x25519_mlkem512','p384_mlkem768','x448_mlkem768','x25519_mlkem768','p256_mlkem768','p521_mlkem1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END ] signatures = [ 'ecdsap256', 'rsa3072', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_START # post-quantum signatures - 'dilithium2','dilithium3','dilithium5','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', + 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', # post-quantum + classical signatures - 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', - # post-quantum + classical signatures (COMPOSITE) - 'dilithium2_pss2048','dilithium2_rsa2048','dilithium2_ed25519','dilithium2_p256','dilithium2_bp256','dilithium3_pss3072','dilithium3_rsa3072','dilithium3_p256','dilithium3_bp256','dilithium3_ed25519','dilithium5_p384','dilithium5_bp384','dilithium5_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519',##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END + 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', +##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] SERVER_START_ATTEMPTS = 10 -def all_pq_groups(): +def all_pq_groups(first = 0): ag = "" - for kex in key_exchanges: + half = len(key_exchanges)//2 + if (first == 0): + kexs = key_exchanges[:half] + else: + kexs = key_exchanges[half:] + + for kex in kexs: if len(ag)==0: ag = kex else: @@ -57,7 +62,7 @@ def run_subprocess(command, working_dir='.', expected_returncode=0, input=None, assert False, "Got unexpected return code {}".format(result.returncode) return result.stdout.decode('utf-8') -def start_server(ossl, test_artifacts_dir, sig_alg, worker_id): +def start_server(ossl, test_artifacts_dir, sig_alg, worker_id, first): command = [ossl, 's_server', '-cert', os.path.join(test_artifacts_dir, '{}_{}_srv.crt'.format(worker_id, sig_alg)), '-key', os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(worker_id, sig_alg)), @@ -65,7 +70,7 @@ def start_server(ossl, test_artifacts_dir, sig_alg, worker_id): '-tls1_3', '-quiet', # add X25519 for baseline server test and all PQ KEMs for single PQ KEM tests: - '-groups', "x25519:"+all_pq_groups(), + '-groups', "x25519:"+all_pq_groups(first), # On UNIX-like systems, binding to TCP port 0 # is a request to dynamically generate an unused # port number. @@ -84,7 +89,8 @@ def start_server(ossl, test_artifacts_dir, sig_alg, worker_id): break else: server_start_attempt += 1 - time.sleep(2) + # be more lenient for slow CI servers + time.sleep(1) server_port = str(server_info.connections()[0].laddr.port) # Check SERVER_START_ATTEMPTS times to see @@ -99,7 +105,8 @@ def start_server(ossl, test_artifacts_dir, sig_alg, worker_id): break else: server_start_attempt += 1 - time.sleep(2) + # be more lenient for slow CI servers + time.sleep(1) if server_start_attempt > SERVER_START_ATTEMPTS: raise Exception('Cannot start OpenSSL server') diff --git a/scripts/release-test-ci.sh b/scripts/release-test-ci.sh index 62a9ea02..2c0ac819 100755 --- a/scripts/release-test-ci.sh +++ b/scripts/release-test-ci.sh @@ -23,7 +23,7 @@ if [ -d oqs-template ]; then sed -i "s/enable\: false/enable\: true/g" oqs-template/generate.yml python3 oqs-template/generate.py ./scripts/fullbuild.sh - ./scripts/runtests.sh + ./scripts/runtests.sh -V if [ -f .local/bin/openssl ]; then OPENSSL_MODULES=`pwd`/_build/lib OPENSSL_CONF=`pwd`/scripts/openssl-ca.cnf python3 -m pytest --numprocesses=auto scripts/test_tls_full.py else diff --git a/scripts/test_tls_full.py b/scripts/test_tls_full.py index a1639140..a91a76cc 100644 --- a/scripts/test_tls_full.py +++ b/scripts/test_tls_full.py @@ -3,23 +3,50 @@ import sys import os +# OK, I admit I don't understand this fixture/parameterization stuff +# What I do understand is that openssl crashes when running with too many key_exchange algs +# hence this crude hack to do two tests with half the KEXs each +# XXX anyone better at Python/pytest please improve this! + +@pytest.fixture(params=common.signatures) +def server0(ossl, ossl_config, test_artifacts_dir, request, worker_id): + # Setup: start ossl server + common.gen_keys(ossl, ossl_config, request.param, test_artifacts_dir, worker_id) + server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id, 0) + # Run tests + yield (request.param, port) + # Teardown: stop ossl server + server.kill() + @pytest.fixture(params=common.signatures) -def server(ossl, ossl_config, test_artifacts_dir, request, worker_id): +def server1(ossl, ossl_config, test_artifacts_dir, request, worker_id): # Setup: start ossl server common.gen_keys(ossl, ossl_config, request.param, test_artifacts_dir, worker_id) - server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id) + server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id, 1) # Run tests yield (request.param, port) # Teardown: stop ossl server server.kill() -@pytest.mark.parametrize('kex_name', common.key_exchanges) -def test_sig_kem_pair(ossl, server, test_artifacts_dir, kex_name, worker_id): +@pytest.mark.parametrize('kex_name', common.key_exchanges[:len(common.key_exchanges)//2]) +def test_sig_kem_pair(ossl, server0, test_artifacts_dir, kex_name, worker_id): + client_output = common.run_subprocess([ossl, 's_client', + '-groups', kex_name, + '-CAfile', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(worker_id, server0[0])), + '-verify_return_error', + '-connect', 'localhost:{}'.format(server0[1])], + input='Q'.encode()) +# OpenSSL3 by default does not output KEM used; so rely on forced client group and OK handshake completion: + if not "SSL handshake has read" in client_output: + assert False, "Handshake failure." + +@pytest.mark.parametrize('kex_name', common.key_exchanges[len(common.key_exchanges)//2:]) +def test_sig_kem_pair(ossl, server1, test_artifacts_dir, kex_name, worker_id): client_output = common.run_subprocess([ossl, 's_client', '-groups', kex_name, - '-CAfile', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(worker_id, server[0])), + '-CAfile', os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(worker_id, server1[0])), '-verify_return_error', - '-connect', 'localhost:{}'.format(server[1])], + '-connect', 'localhost:{}'.format(server1[1])], input='Q'.encode()) # OpenSSL3 by default does not output KEM used; so rely on forced client group and OK handshake completion: if not "SSL handshake has read" in client_output: From 6b068b66b8c5f82b6d8e452317f413f2949d0d9d Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 26 Feb 2024 16:29:33 -0600 Subject: [PATCH 119/164] removed deprecated functions Signed-off-by: Felipe Ventura --- oqsprov/oqs_kmgmt.c | 99 ++++++++++++++++++++++++++++-------------- oqsprov/oqsprov.c | 2 +- oqsprov/oqsprov_keys.c | 31 ++++++++----- 3 files changed, 87 insertions(+), 45 deletions(-) diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 23666f2b..a76d81ff 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -858,96 +858,129 @@ static void *p521_mldsa87_new_key(void *provctx) static void *p521_mldsa87_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, - "p521_mldsa87", KEY_TYPE_HYB_SIG, 256, 13); + "p521_mldsa87", KEY_TYPE_HYB_SIG, 256, 26); } static void *falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512", KEY_TYPE_SIG, NULL, 128, 14); + "falcon512", KEY_TYPE_SIG, NULL, 128, 27); } static void *falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512", 0, 128, 14); + "falcon512", 0, 128, 27); } static void *p256_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 15); + "p256_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 28); } static void *p256_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 15); + "p256_falcon512", KEY_TYPE_HYB_SIG, 128, 28); } static void *rsa3072_falcon512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 16); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 16); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 29); +} +static void *falcon512_p256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 30); +} + +static void *falcon512_p256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 30); +} +static void *falcon512_bp256_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); +} + +static void *falcon512_bp256_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); +} +static void *falcon512_ed25519_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); +} + +static void *falcon512_ed25519_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, + "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); } static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 17); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 33); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 17); + "falcon1024", 0, 256, 33); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 18); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 34); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 18); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 34); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 19); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 35); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 19); + "sphincssha2128fsimple", 0, 128, 35); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 20); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 36); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 20); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 36); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 21); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -955,39 +988,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 21); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 37); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 22); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 38); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 22); + "sphincssha2128ssimple", 0, 128, 38); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 23); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 39); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 23); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 39); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 24); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 40); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -995,66 +1028,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 24); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 40); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 25); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 41); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 25); + "sphincssha2192fsimple", 0, 192, 41); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 26); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 42); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 26); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 42); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 27); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 43); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 27); + "sphincsshake128fsimple", 0, 128, 43); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 28); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 44); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 28); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 44); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 45); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -1062,7 +1095,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 29); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 45); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 928969af..7635b5e8 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 164 +# define OQS_OID_CNT 196 #else # define OQS_OID_CNT 60 #endif diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 885fe62e..ce71ea49 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,7 +54,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 82 +# define NID_TABLE_LEN 98 #else # define NID_TABLE_LEN 30 #endif @@ -1121,7 +1121,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, for (i = 0; i < count; i++) { aType = sk_ASN1_TYPE_pop(sk); p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); - nid = 1; + nid = 0; char *name; if ((name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) @@ -1157,8 +1157,11 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, for (int j = 0; j < OSSL_NELEM(nids_sig); j++) { if ((nids_sig[j].nid == nid) && (nids_sig[j].length_private_key > buflen)) { - EC_KEY *ec_pkey; - const unsigned char *buf3 = buf; + EVP_PKEY *ec_pkey; + OSSL_PARAM params[2]; + int include_pub = 1; + const unsigned char *buf3 + = aType->value.sequence->data; unsigned char *buf4, *buf5; if (buflen @@ -1172,20 +1175,26 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, sk_ASN1_TYPE_free(sk); return NULL; } - ec_pkey = EC_KEY_new_by_curve_name(nid); - ec_pkey = d2i_ECPrivateKey(&ec_pkey, &buf3, buflen); - EC_KEY_set_enc_flags(ec_pkey, 0); + ec_pkey = EVP_PKEY_new(); + d2i_PrivateKey(EVP_PKEY_EC, &ec_pkey, &buf3, + aType->value.sequence->length); + + params[0] = OSSL_PARAM_construct_int( + OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, + &include_pub); + params[1] = OSSL_PARAM_construct_end(); + EVP_PKEY_set_params(ec_pkey, params); + buf4 = OPENSSL_malloc( nids_sig[j].length_private_key); buf5 = buf4; - buflen = i2d_ECPrivateKey(ec_pkey, &buf5); + buflen = i2d_PrivateKey(ec_pkey, &buf5); aux += buflen; memcpy(concat_key + plen - 1 - aux, buf4, buflen); - nid = 0; // use as flag to not memcpy twice + EVP_PKEY_free(ec_pkey); OPENSSL_clear_free(buf4, buflen); - EC_KEY_free(ec_pkey); break; } } @@ -1201,7 +1210,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, key_diff = nids_sig[6].length_private_key - buflen; } - if (nid) { + if (!nid) { aux += buflen; memcpy(concat_key + plen - 1 - aux, buf, buflen); } From 180e4898b53777f3e6a6b816362c85cb812f83a4 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 27 Feb 2024 12:12:51 -0600 Subject: [PATCH 120/164] fix composite EC Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index ce71ea49..16cebf8d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1153,12 +1153,13 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, // Checking OPTIONAL params on EC if (keytype == EVP_PKEY_EC) { + int j; nid = OBJ_obj2nid(palg_internal->parameter->value.object); - for (int j = 0; j < OSSL_NELEM(nids_sig); j++) { + for (j = 0; j < OSSL_NELEM(nids_sig); j++) { if ((nids_sig[j].nid == nid) && (nids_sig[j].length_private_key > buflen)) { EVP_PKEY *ec_pkey; - OSSL_PARAM params[2]; + OSSL_PARAM params[3]; int include_pub = 1; const unsigned char *buf3 = aType->value.sequence->data; @@ -1182,7 +1183,10 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, params[0] = OSSL_PARAM_construct_int( OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, &include_pub); - params[1] = OSSL_PARAM_construct_end(); + params[1] = OSSL_PARAM_construct_utf8_string( + OSSL_PKEY_PARAM_EC_ENCODING, + OSSL_PKEY_EC_ENCODING_GROUP, 0); + params[2] = OSSL_PARAM_construct_end(); EVP_PKEY_set_params(ec_pkey, params); buf4 = OPENSSL_malloc( @@ -1198,6 +1202,9 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, break; } } + if (j == OSSL_NELEM(nids_sig)) + nid = 0; // buflen is already with the correct size, + // changing nid to memcpy at the end } // if is a RSA key the actual encoding size might be different From 711a0aff342e3ecbda813a990d23135f348745ef Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 27 Feb 2024 13:10:20 -0600 Subject: [PATCH 121/164] changed composite dilithium to ML-* Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 23 +- README.md | 4 +- oqs-template/generate.yml | 104 ++++----- oqsprov/oqs_decode_der2key.c | 54 +++-- oqsprov/oqs_encode_key2any.c | 230 ++++++++++--------- oqsprov/oqs_kmgmt.c | 288 +++++++++++++----------- oqsprov/oqs_prov.h | 414 ++++++++++++++++++++--------------- oqsprov/oqsdecoders.inc | 97 ++++---- oqsprov/oqsencoders.inc | 324 +++++++++++++-------------- oqsprov/oqsprov.c | 242 +++++++++++--------- oqsprov/oqsprov_keys.c | 23 +- scripts/common.py | 3 +- 12 files changed, 970 insertions(+), 836 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index a17aa556..cbf8d5c6 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -139,27 +139,30 @@ adapting the OIDs of all supported signature algorithms as per the table below. | dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |Yes| OQS_OID_DILITHIUM2 | p256_dilithium2 | 1.3.9999.2.7.1 |Yes| OQS_OID_P256_DILITHIUM2 | rsa3072_dilithium2 | 1.3.9999.2.7.2 |Yes| OQS_OID_RSA3072_DILITHIUM2 -| dilithium2_pss2048 | 2.16.840.1.114027.80.8.1.1 |Yes| OQS_OID_DILITHIUM2_pss2048 -| dilithium2_rsa2048 | 2.16.840.1.114027.80.8.1.2 |Yes| OQS_OID_DILITHIUM2_rsa2048 -| dilithium2_ed25519 | 2.16.840.1.114027.80.8.1.3 |Yes| OQS_OID_DILITHIUM2_ed25519 -| dilithium2_p256 | 2.16.840.1.114027.80.8.1.4 |Yes| OQS_OID_DILITHIUM2_p256 -| dilithium2_bp256 | 2.16.840.1.114027.80.8.1.5 |Yes| OQS_OID_DILITHIUM2_bp256 | dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |Yes| OQS_OID_DILITHIUM3 | p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3 -| dilithium3_pss3072 | 2.16.840.1.114027.80.8.1.6 |Yes| OQS_OID_DILITHIUM3_pss3072 -| dilithium3_rsa3072 | 2.16.840.1.114027.80.8.1.7 |Yes| OQS_OID_DILITHIUM3_rsa3072 -| dilithium3_p256 | 2.16.840.1.114027.80.8.1.8 |Yes| OQS_OID_DILITHIUM3_p256 -| dilithium3_bp256 | 2.16.840.1.114027.80.8.1.9 |Yes| OQS_OID_DILITHIUM3_bp256 -| dilithium3_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_DILITHIUM3_ed25519 | dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5 | p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5 | mldsa44 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_MLDSA44 | p256_mldsa44 | 1.3.9999.7.1 |Yes| OQS_OID_P256_MLDSA44 | rsa3072_mldsa44 | 1.3.9999.7.2 |Yes| OQS_OID_RSA3072_MLDSA44 +| mldsa44_pss2048 | 2.16.840.1.114027.80.8.1.1 |Yes| OQS_OID_MLDSA44_pss2048 +| mldsa44_rsa2048 | 2.16.840.1.114027.80.8.1.2 |Yes| OQS_OID_MLDSA44_rsa2048 +| mldsa44_ed25519 | 2.16.840.1.114027.80.8.1.3 |Yes| OQS_OID_MLDSA44_ed25519 +| mldsa44_p256 | 2.16.840.1.114027.80.8.1.4 |Yes| OQS_OID_MLDSA44_p256 +| mldsa44_bp256 | 2.16.840.1.114027.80.8.1.5 |Yes| OQS_OID_MLDSA44_bp256 | mldsa65 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_MLDSA65 | p384_mldsa65 | 1.3.9999.7.3 |Yes| OQS_OID_P384_MLDSA65 +| mldsa65_pss3072 | 2.16.840.1.114027.80.8.1.6 |Yes| OQS_OID_MLDSA65_pss3072 +| mldsa65_rsa3072 | 2.16.840.1.114027.80.8.1.7 |Yes| OQS_OID_MLDSA65_rsa3072 +| mldsa65_p256 | 2.16.840.1.114027.80.8.1.8 |Yes| OQS_OID_MLDSA65_p256 +| mldsa65_bp256 | 2.16.840.1.114027.80.8.1.9 |Yes| OQS_OID_MLDSA65_bp256 +| mldsa65_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_MLDSA65_ed25519 | mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87 | p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87 +| mldsa87_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_MLDSA87_p384 +| mldsa87_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_MLDSA87_bp384 +| mldsa87_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_MLDSA87_ed448 | falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512 | p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512 | rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512 diff --git a/README.md b/README.md index 106a7989..89d89495 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ This implementation makes available the following quantum safe algorithms: ### Signature algorithms - **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* -- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\* -- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\* +- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\* +- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon512_p256`\*, `falcon512_bp256`\*, `falcon512_ed25519`\*, `falcon1024`\*, `p521_falcon1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 74112ded..f44a388e 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -467,26 +467,6 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.2.7.2', 'code_point': '0xfea2'}] - composite: [{'name': 'pss2048', - 'pretty_name': 'RSA PSS 2048', - 'security': '112', - 'oid': '2.16.840.1.114027.80.8.1.1'}, - {'name': 'rsa2048', - 'pretty_name': 'RSA2028', - 'security': '112', - 'oid': '2.16.840.1.114027.80.8.1.2'}, - {'name': 'ed25519', - 'pretty_name': 'ED25519', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.3'}, - {'name': 'p256', - 'pretty_name': 'ECDSA p256', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.4'}, - {'name': 'bp256', - 'pretty_name': 'ECDSA brainpoolP256r1', - 'security': '256', - 'oid': '2.16.840.1.114027.80.8.1.5'}] - name: 'dilithium3' pretty_name: 'Dilithium3' @@ -499,26 +479,6 @@ sigs: 'pretty_name': 'ECDSA p384', 'oid': '1.3.9999.2.7.3', 'code_point': '0xfea4'}] - composite: [{'name': 'pss3072', - 'pretty_name': 'RSA PSS 3072', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.6'}, - {'name': 'rsa3072', - 'pretty_name': 'RSA 3072', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.7'}, - {'name': 'p256', - 'pretty_name': 'ECDSA p256', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.8'}, - {'name': 'bp256', - 'pretty_name': 'ECDSA brainpoolP256r1', - 'security': '256', - 'oid': '2.16.840.1.114027.80.8.1.9'}, - {'name': 'ed25519', - 'pretty_name': 'ED25519', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.10'}] - name: 'dilithium5' pretty_name: 'Dilithium5' @@ -531,18 +491,6 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.2.7.4', 'code_point': '0xfea6'}] - composite: [{'name': 'p384', - 'pretty_name': 'ECDSA p384', - 'security': '192', - 'oid': '2.16.840.1.114027.80.8.1.11'}, - {'name': 'bp384', - 'pretty_name': 'ECDSA brainpoolP384r1', - 'security': '384', - 'oid': '2.16.840.1.114027.80.8.1.12'}, - {'name': 'ed448', - 'pretty_name': 'ED448', - 'security': '192', - 'oid': '2.16.840.1.114027.80.8.1.13'}] - name: 'dilithium2_aes' pretty_name: 'Dilithium2_AES' @@ -610,6 +558,26 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.7.2', 'code_point': '0xfed4'}] + composite: [{'name': 'pss2048', + 'pretty_name': 'RSA PSS 2048', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.1'}, + {'name': 'rsa2048', + 'pretty_name': 'RSA2028', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.2'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.3'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.4'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.5'}] - name: 'mldsa65' pretty_name: 'ML-DSA-65' @@ -621,6 +589,26 @@ sigs: 'pretty_name': 'ECDSA p384', 'oid': '1.3.9999.7.3', 'code_point': '0xfed5'}] + composite: [{'name': 'pss3072', + 'pretty_name': 'RSA PSS 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.7'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.8'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.9'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.10'}] - name: 'mldsa87' pretty_name: 'ML-DSA-87' @@ -632,6 +620,18 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.7.4', 'code_point': '0xfed6'}] + composite: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.11'}, + {'name': 'bp384', + 'pretty_name': 'ECDSA brainpoolP384r1', + 'security': '384', + 'oid': '2.16.840.1.114027.80.8.1.12'}, + {'name': 'ed448', + 'pretty_name': 'ED448', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.13'}] - # iso (1) # identified-organization (3) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 9fadf50b..c65d073e 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -693,38 +693,10 @@ MAKE_DECODER(, "p256_dilithium2", p256_dilithium2, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_dilithium2", rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_pss2048", dilithium2_pss2048, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_rsa2048", dilithium2_rsa2048, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_ed25519", dilithium2_ed25519, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_p256", dilithium2_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium2_bp256", dilithium2_bp256, oqsx, - SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium3", dilithium3, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p384_dilithium3", p384_dilithium3, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_pss3072", dilithium3_pss3072, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_rsa3072", dilithium3_rsa3072, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_p256", dilithium3_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_bp256", dilithium3_bp256, oqsx, - SubjectPublicKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "dilithium3_ed25519", dilithium3_ed25519, oqsx, - SubjectPublicKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "dilithium5", dilithium5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_dilithium5", p521_dilithium5, oqsx, PrivateKeyInfo); @@ -735,14 +707,40 @@ MAKE_DECODER(, "p256_mldsa44", p256_mldsa44, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p256_mldsa44", p256_mldsa44, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_mldsa44", rsa3072_mldsa44, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_mldsa44", rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44_pss2048", mldsa44_pss2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44_pss2048", mldsa44_pss2048, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44_rsa2048", mldsa44_rsa2048, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44_rsa2048", mldsa44_rsa2048, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44_ed25519", mldsa44_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44_ed25519", mldsa44_ed25519, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44_p256", mldsa44_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44_p256", mldsa44_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa44_bp256", mldsa44_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa44_bp256", mldsa44_bp256, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "mldsa65", mldsa65, oqsx, PrivateKeyInfo); MAKE_DECODER(, "mldsa65", mldsa65, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p384_mldsa65", p384_mldsa65, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p384_mldsa65", p384_mldsa65, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65_pss3072", mldsa65_pss3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65_pss3072", mldsa65_pss3072, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65_rsa3072", mldsa65_rsa3072, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65_rsa3072", mldsa65_rsa3072, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65_p256", mldsa65_p256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65_p256", mldsa65_p256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65_bp256", mldsa65_bp256, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65_bp256", mldsa65_bp256, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa65_ed25519", mldsa65_ed25519, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa65_ed25519", mldsa65_ed25519, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "mldsa87", mldsa87, oqsx, PrivateKeyInfo); MAKE_DECODER(, "mldsa87", mldsa87, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_mldsa87", p521_mldsa87, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_mldsa87", p521_mldsa87, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa87_p384", mldsa87_p384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa87_p384", mldsa87_p384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa87_bp384", mldsa87_bp384, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa87_bp384", mldsa87_bp384, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "mldsa87_ed448", mldsa87_ed448, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "mldsa87_ed448", mldsa87_ed448, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon512", falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, PrivateKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 22b55a21..99e50ee2 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1096,42 +1096,12 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_dilithium2_evp_type 0 #define rsa3072_dilithium2_input_type "rsa3072_dilithium2" #define rsa3072_dilithium2_pem_type "rsa3072_dilithium2" -#define dilithium2_pss2048_evp_type 0 -#define dilithium2_pss2048_input_type "dilithium2_pss2048" -#define dilithium2_pss2048_pem_type "dilithium2_pss2048" -#define dilithium2_rsa2048_evp_type 0 -#define dilithium2_rsa2048_input_type "dilithium2_rsa2048" -#define dilithium2_rsa2048_pem_type "dilithium2_rsa2048" -#define dilithium2_ed25519_evp_type 0 -#define dilithium2_ed25519_input_type "dilithium2_ed25519" -#define dilithium2_ed25519_pem_type "dilithium2_ed25519" -#define dilithium2_p256_evp_type 0 -#define dilithium2_p256_input_type "dilithium2_p256" -#define dilithium2_p256_pem_type "dilithium2_p256" -#define dilithium2_bp256_evp_type 0 -#define dilithium2_bp256_input_type "dilithium2_bp256" -#define dilithium2_bp256_pem_type "dilithium2_bp256" #define dilithium3_evp_type 0 #define dilithium3_input_type "dilithium3" #define dilithium3_pem_type "dilithium3" #define p384_dilithium3_evp_type 0 #define p384_dilithium3_input_type "p384_dilithium3" #define p384_dilithium3_pem_type "p384_dilithium3" -#define dilithium3_pss3072_evp_type 0 -#define dilithium3_pss3072_input_type "dilithium3_pss3072" -#define dilithium3_pss3072_pem_type "dilithium3_pss3072" -#define dilithium3_rsa3072_evp_type 0 -#define dilithium3_rsa3072_input_type "dilithium3_rsa3072" -#define dilithium3_rsa3072_pem_type "dilithium3_rsa3072" -#define dilithium3_p256_evp_type 0 -#define dilithium3_p256_input_type "dilithium3_p256" -#define dilithium3_p256_pem_type "dilithium3_p256" -#define dilithium3_bp256_evp_type 0 -#define dilithium3_bp256_input_type "dilithium3_bp256" -#define dilithium3_bp256_pem_type "dilithium3_bp256" -#define dilithium3_ed25519_evp_type 0 -#define dilithium3_ed25519_input_type "dilithium3_ed25519" -#define dilithium3_ed25519_pem_type "dilithium3_ed25519" #define dilithium5_evp_type 0 #define dilithium5_input_type "dilithium5" #define dilithium5_pem_type "dilithium5" @@ -1147,18 +1117,57 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_mldsa44_evp_type 0 #define rsa3072_mldsa44_input_type "rsa3072_mldsa44" #define rsa3072_mldsa44_pem_type "rsa3072_mldsa44" +#define mldsa44_pss2048_evp_type 0 +#define mldsa44_pss2048_input_type "mldsa44_pss2048" +#define mldsa44_pss2048_pem_type "mldsa44_pss2048" +#define mldsa44_rsa2048_evp_type 0 +#define mldsa44_rsa2048_input_type "mldsa44_rsa2048" +#define mldsa44_rsa2048_pem_type "mldsa44_rsa2048" +#define mldsa44_ed25519_evp_type 0 +#define mldsa44_ed25519_input_type "mldsa44_ed25519" +#define mldsa44_ed25519_pem_type "mldsa44_ed25519" +#define mldsa44_p256_evp_type 0 +#define mldsa44_p256_input_type "mldsa44_p256" +#define mldsa44_p256_pem_type "mldsa44_p256" +#define mldsa44_bp256_evp_type 0 +#define mldsa44_bp256_input_type "mldsa44_bp256" +#define mldsa44_bp256_pem_type "mldsa44_bp256" #define mldsa65_evp_type 0 #define mldsa65_input_type "mldsa65" #define mldsa65_pem_type "mldsa65" #define p384_mldsa65_evp_type 0 #define p384_mldsa65_input_type "p384_mldsa65" #define p384_mldsa65_pem_type "p384_mldsa65" +#define mldsa65_pss3072_evp_type 0 +#define mldsa65_pss3072_input_type "mldsa65_pss3072" +#define mldsa65_pss3072_pem_type "mldsa65_pss3072" +#define mldsa65_rsa3072_evp_type 0 +#define mldsa65_rsa3072_input_type "mldsa65_rsa3072" +#define mldsa65_rsa3072_pem_type "mldsa65_rsa3072" +#define mldsa65_p256_evp_type 0 +#define mldsa65_p256_input_type "mldsa65_p256" +#define mldsa65_p256_pem_type "mldsa65_p256" +#define mldsa65_bp256_evp_type 0 +#define mldsa65_bp256_input_type "mldsa65_bp256" +#define mldsa65_bp256_pem_type "mldsa65_bp256" +#define mldsa65_ed25519_evp_type 0 +#define mldsa65_ed25519_input_type "mldsa65_ed25519" +#define mldsa65_ed25519_pem_type "mldsa65_ed25519" #define mldsa87_evp_type 0 #define mldsa87_input_type "mldsa87" #define mldsa87_pem_type "mldsa87" #define p521_mldsa87_evp_type 0 #define p521_mldsa87_input_type "p521_mldsa87" #define p521_mldsa87_pem_type "p521_mldsa87" +#define mldsa87_p384_evp_type 0 +#define mldsa87_p384_input_type "mldsa87_p384" +#define mldsa87_p384_pem_type "mldsa87_p384" +#define mldsa87_bp384_evp_type 0 +#define mldsa87_bp384_input_type "mldsa87_bp384" +#define mldsa87_bp384_pem_type "mldsa87_bp384" +#define mldsa87_ed448_evp_type 0 +#define mldsa87_ed448_input_type "mldsa87_ed448" +#define mldsa87_ed448_pem_type "mldsa87_ed448" #define falcon512_evp_type 0 #define falcon512_input_type "falcon512" #define falcon512_pem_type "falcon512" @@ -2270,41 +2279,6 @@ MAKE_ENCODER(, rsa3072_dilithium2, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_dilithium2, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_dilithium2); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_pss2048, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_pss2048); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_rsa2048, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_rsa2048); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_ed25519); -MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_p256); -MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium2_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium2_bp256); MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium3, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium3, oqsx, PrivateKeyInfo, der); @@ -2319,41 +2293,6 @@ MAKE_ENCODER(, p384_dilithium3, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p384_dilithium3, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p384_dilithium3); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_pss3072, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_pss3072); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_rsa3072, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_rsa3072); -MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_p256); -MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_bp256); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, dilithium3_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, dilithium3_ed25519); MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, dilithium5, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, dilithium5, oqsx, PrivateKeyInfo, der); @@ -2389,6 +2328,41 @@ MAKE_ENCODER(, rsa3072_mldsa44, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_mldsa44, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_mldsa44); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44_pss2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44_pss2048); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44_rsa2048, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44_rsa2048); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44_ed25519); +MAKE_ENCODER(, mldsa44_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44_p256); +MAKE_ENCODER(, mldsa44_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa44_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa44_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa44_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa44_bp256); MAKE_ENCODER(, mldsa65, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, mldsa65, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, mldsa65, oqsx, PrivateKeyInfo, der); @@ -2403,6 +2377,41 @@ MAKE_ENCODER(, p384_mldsa65, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p384_mldsa65, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p384_mldsa65, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p384_mldsa65); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65_pss3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65_pss3072); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65_rsa3072, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65_rsa3072); +MAKE_ENCODER(, mldsa65_p256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_p256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_p256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_p256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_p256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65_p256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65_p256); +MAKE_ENCODER(, mldsa65_bp256, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_bp256, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_bp256, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_bp256, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_bp256, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65_bp256, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65_bp256); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa65_ed25519, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa65_ed25519); MAKE_ENCODER(, mldsa87, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, mldsa87, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, mldsa87, oqsx, PrivateKeyInfo, der); @@ -2417,6 +2426,27 @@ MAKE_ENCODER(, p521_mldsa87, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p521_mldsa87, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p521_mldsa87, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p521_mldsa87); +MAKE_ENCODER(, mldsa87_p384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_p384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_p384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_p384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_p384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa87_p384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa87_p384); +MAKE_ENCODER(, mldsa87_bp384, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_bp384, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_bp384, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_bp384, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_bp384, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa87_bp384, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa87_bp384); +MAKE_ENCODER(, mldsa87_ed448, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_ed448, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_ed448, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, mldsa87_ed448, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, mldsa87_ed448, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, mldsa87_ed448, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, mldsa87_ed448); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon512, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon512, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index a76d81ff..7f818b40 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -628,237 +628,270 @@ static void *rsa3072_dilithium2_gen_init(void *provctx, int selection) return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, "rsa3072_dilithium2", KEY_TYPE_HYB_SIG, 128, 2); } -static void *dilithium2_pss2048_new_key(void *provctx) +static void *dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 3); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "dilithium3", KEY_TYPE_SIG, NULL, 192, 3); } -static void *dilithium2_pss2048_gen_init(void *provctx, int selection) +static void *dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_pss2048", KEY_TYPE_CMP_SIG, 112, 3); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "dilithium3", 0, 192, 3); } -static void *dilithium2_rsa2048_new_key(void *provctx) +static void *p384_dilithium3_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 4); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, + "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 4); } -static void *dilithium2_rsa2048_gen_init(void *provctx, int selection) +static void *p384_dilithium3_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_rsa2048", KEY_TYPE_CMP_SIG, 112, 4); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, + "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 4); } -static void *dilithium2_ed25519_new_key(void *provctx) +static void *dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 5); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "dilithium5", KEY_TYPE_SIG, NULL, 256, 5); } -static void *dilithium2_ed25519_gen_init(void *provctx, int selection) +static void *dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_ed25519", KEY_TYPE_CMP_SIG, 128, 5); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "dilithium5", 0, 256, 5); } -static void *dilithium2_p256_new_key(void *provctx) +static void *p521_dilithium5_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, NULL, 128, 6); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, + "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 6); } -static void *dilithium2_p256_gen_init(void *provctx, int selection) +static void *p521_dilithium5_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_p256", KEY_TYPE_CMP_SIG, 128, 6); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, + "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 6); } -static void *dilithium2_bp256_new_key(void *provctx) + +static void *mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 7); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44", KEY_TYPE_SIG, NULL, 128, 7); } -static void *dilithium2_bp256_gen_init(void *provctx, int selection) +static void *mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_2, - "dilithium2_bp256", KEY_TYPE_CMP_SIG, 256, 7); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, "mldsa44", + 0, 128, 7); } -static void *dilithium3_new_key(void *provctx) +static void *p256_mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3", KEY_TYPE_SIG, NULL, 192, 8); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "p256_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 8); } -static void *dilithium3_gen_init(void *provctx, int selection) +static void *p256_mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3", 0, 192, 8); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "p256_mldsa44", KEY_TYPE_HYB_SIG, 128, 8); } -static void *p384_dilithium3_new_key(void *provctx) +static void *rsa3072_mldsa44_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, NULL, 192, 9); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 9); } -static void *p384_dilithium3_gen_init(void *provctx, int selection) +static void *rsa3072_mldsa44_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "p384_dilithium3", KEY_TYPE_HYB_SIG, 192, 9); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, 128, 9); } -static void *dilithium3_pss3072_new_key(void *provctx) +static void *mldsa44_pss2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 10); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44_pss2048", KEY_TYPE_CMP_SIG, NULL, 112, 10); } -static void *dilithium3_pss3072_gen_init(void *provctx, int selection) +static void *mldsa44_pss2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_pss3072", KEY_TYPE_CMP_SIG, 128, 10); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "mldsa44_pss2048", KEY_TYPE_CMP_SIG, 112, 10); } -static void *dilithium3_rsa3072_new_key(void *provctx) +static void *mldsa44_rsa2048_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 11); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44_rsa2048", KEY_TYPE_CMP_SIG, NULL, 112, 11); } -static void *dilithium3_rsa3072_gen_init(void *provctx, int selection) +static void *mldsa44_rsa2048_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_rsa3072", KEY_TYPE_CMP_SIG, 128, 11); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "mldsa44_rsa2048", KEY_TYPE_CMP_SIG, 112, 11); } -static void *dilithium3_p256_new_key(void *provctx) +static void *mldsa44_ed25519_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, NULL, 128, 12); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 12); } -static void *dilithium3_p256_gen_init(void *provctx, int selection) +static void *mldsa44_ed25519_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_p256", KEY_TYPE_CMP_SIG, 128, 12); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "mldsa44_ed25519", KEY_TYPE_CMP_SIG, 128, 12); } -static void *dilithium3_bp256_new_key(void *provctx) +static void *mldsa44_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 13); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44_p256", KEY_TYPE_CMP_SIG, NULL, 128, 13); } -static void *dilithium3_bp256_gen_init(void *provctx, int selection) +static void *mldsa44_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_bp256", KEY_TYPE_CMP_SIG, 256, 13); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "mldsa44_p256", KEY_TYPE_CMP_SIG, 128, 13); } -static void *dilithium3_ed25519_new_key(void *provctx) +static void *mldsa44_bp256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 14); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, + "mldsa44_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 14); } -static void *dilithium3_ed25519_gen_init(void *provctx, int selection) +static void *mldsa44_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_3, - "dilithium3_ed25519", KEY_TYPE_CMP_SIG, 128, 14); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, + "mldsa44_bp256", KEY_TYPE_CMP_SIG, 256, 14); } -static void *dilithium5_new_key(void *provctx) +static void *mldsa65_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "dilithium5", KEY_TYPE_SIG, NULL, 256, 15); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "mldsa65", KEY_TYPE_SIG, NULL, 192, 15); } -static void *dilithium5_gen_init(void *provctx, int selection) +static void *mldsa65_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "dilithium5", 0, 256, 15); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, "mldsa65", + 0, 192, 15); } -static void *p521_dilithium5_new_key(void *provctx) +static void *p384_mldsa65_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, NULL, 256, 16); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "p384_mldsa65", KEY_TYPE_HYB_SIG, NULL, 192, 16); } -static void *p521_dilithium5_gen_init(void *provctx, int selection) +static void *p384_mldsa65_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_dilithium_5, - "p521_dilithium5", KEY_TYPE_HYB_SIG, 256, 6); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "p384_mldsa65", KEY_TYPE_HYB_SIG, 192, 16); } - -static void *mldsa44_new_key(void *provctx) +static void *mldsa65_pss3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, - "mldsa44", KEY_TYPE_SIG, NULL, 128, 7); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "mldsa65_pss3072", KEY_TYPE_CMP_SIG, NULL, 128, 17); } -static void *mldsa44_gen_init(void *provctx, int selection) +static void *mldsa65_pss3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, "mldsa44", - 0, 128, 7); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "mldsa65_pss3072", KEY_TYPE_CMP_SIG, 128, 17); } -static void *p256_mldsa44_new_key(void *provctx) +static void *mldsa65_rsa3072_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, - "p256_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 8); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "mldsa65_rsa3072", KEY_TYPE_CMP_SIG, NULL, 128, 18); } -static void *p256_mldsa44_gen_init(void *provctx, int selection) +static void *mldsa65_rsa3072_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, - "p256_mldsa44", KEY_TYPE_HYB_SIG, 128, 8); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "mldsa65_rsa3072", KEY_TYPE_CMP_SIG, 128, 18); } -static void *rsa3072_mldsa44_new_key(void *provctx) +static void *mldsa65_p256_new_key(void *provctx) { - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_44, - "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, NULL, 128, 9); + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, + "mldsa65_p256", KEY_TYPE_CMP_SIG, NULL, 128, 19); } -static void *rsa3072_mldsa44_gen_init(void *provctx, int selection) +static void *mldsa65_p256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_44, - "rsa3072_mldsa44", KEY_TYPE_HYB_SIG, 128, 9); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "mldsa65_p256", KEY_TYPE_CMP_SIG, 128, 19); } -static void *mldsa65_new_key(void *provctx) +static void *mldsa65_bp256_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, - "mldsa65", KEY_TYPE_SIG, NULL, 192, 10); + "mldsa65_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 20); } -static void *mldsa65_gen_init(void *provctx, int selection) +static void *mldsa65_bp256_gen_init(void *provctx, int selection) { - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, "mldsa65", - 0, 192, 10); + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, + "mldsa65_bp256", KEY_TYPE_CMP_SIG, 256, 20); } -static void *p384_mldsa65_new_key(void *provctx) +static void *mldsa65_ed25519_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_65, - "p384_mldsa65", KEY_TYPE_HYB_SIG, NULL, 192, 11); + "mldsa65_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 21); } -static void *p384_mldsa65_gen_init(void *provctx, int selection) +static void *mldsa65_ed25519_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_65, - "p384_mldsa65", KEY_TYPE_HYB_SIG, 192, 11); + "mldsa65_ed25519", KEY_TYPE_CMP_SIG, 128, 21); } static void *mldsa87_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, - "mldsa87", KEY_TYPE_SIG, NULL, 256, 12); + "mldsa87", KEY_TYPE_SIG, NULL, 256, 22); } static void *mldsa87_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, "mldsa87", - 0, 256, 12); + 0, 256, 22); } static void *p521_mldsa87_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, - "p521_mldsa87", KEY_TYPE_HYB_SIG, NULL, 256, 13); + "p521_mldsa87", KEY_TYPE_HYB_SIG, NULL, 256, 23); } static void *p521_mldsa87_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, - "p521_mldsa87", KEY_TYPE_HYB_SIG, 256, 26); + "p521_mldsa87", KEY_TYPE_HYB_SIG, 256, 23); +} +static void *mldsa87_p384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, + "mldsa87_p384", KEY_TYPE_CMP_SIG, NULL, 192, 24); +} + +static void *mldsa87_p384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, + "mldsa87_p384", KEY_TYPE_CMP_SIG, 192, 24); +} +static void *mldsa87_bp384_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, + "mldsa87_bp384", KEY_TYPE_CMP_SIG, NULL, 384, 25); +} + +static void *mldsa87_bp384_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, + "mldsa87_bp384", KEY_TYPE_CMP_SIG, 384, 25); +} +static void *mldsa87_ed448_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_ml_dsa_87, + "mldsa87_ed448", KEY_TYPE_CMP_SIG, NULL, 192, 26); +} + +static void *mldsa87_ed448_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_ml_dsa_87, + "mldsa87_ed448", KEY_TYPE_CMP_SIG, 192, 26); } static void *falcon512_new_key(void *provctx) @@ -1250,27 +1283,30 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_dilithium2) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_dilithium2) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_pss2048) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_rsa2048) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_ed25519) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium2_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3) MAKE_SIG_KEYMGMT_FUNCTIONS(p384_dilithium3) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_pss3072) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_rsa3072) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_bp256) -MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium3_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(dilithium5) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_dilithium5) MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_mldsa44) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_mldsa44) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44_pss2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44_rsa2048) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44_ed25519) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa44_bp256) MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65) MAKE_SIG_KEYMGMT_FUNCTIONS(p384_mldsa65) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65_pss3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65_rsa3072) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65_p256) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65_bp256) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa65_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_mldsa87) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87_p384) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87_bp384) +MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 2771d78e..26daec72 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1183,91 +1183,6 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_dilithium2_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_pss2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_rsa2048_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium2_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium2_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1302,91 +1217,6 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_dilithium3_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_dilithium3_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_pss3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_rsa3072_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_dilithium3_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_dilithium3_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1472,6 +1302,91 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_mldsa44_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_mldsa44_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_pss2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_pss2048_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_pss2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_rsa2048_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_rsa2048_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_rsa2048_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_ed25519_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_p256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa44_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_bp256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa44_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa44_bp256_decoder_functions[]; extern const OSSL_DISPATCH oqs_mldsa65_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1506,6 +1421,91 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p384_mldsa65_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p384_mldsa65_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_pss3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_pss3072_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa65_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_pss3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_rsa3072_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_rsa3072_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa65_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_rsa3072_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_p256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa65_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_p256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_bp256_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa65_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_bp256_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa65_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_ed25519_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa65_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa65_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_mldsa87_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1540,6 +1540,57 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_mldsa87_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_mldsa87_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_p384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_p384_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa87_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa87_p384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_bp384_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_bp384_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa87_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa87_bp384_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_mldsa87_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_ed448_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_mldsa87_ed448_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_mldsa87_ed448_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon512_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1926,27 +1977,30 @@ extern const OSSL_DISPATCH extern const OSSL_DISPATCH oqs_dilithium2_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_dilithium2_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_dilithium2_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_pss2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_rsa2048_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_ed25519_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium2_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium3_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p384_dilithium3_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_pss3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_rsa3072_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_dilithium3_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_dilithium5_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_dilithium5_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mldsa44_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_mldsa44_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_mldsa44_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_pss2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_rsa2048_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_ed25519_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa44_bp256_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mldsa65_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p384_mldsa65_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_pss3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_rsa3072_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_p256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_bp256_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa65_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mldsa87_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_mldsa87_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_p384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_bp384_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_mldsa87_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index eda81119..367ea14f 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -234,26 +234,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_dilithium2), DECODER_w_structure("rsa3072_dilithium2", der, SubjectPublicKeyInfo, rsa3072_dilithium2), - DECODER_w_structure("dilithium2_pss2048", der, PrivateKeyInfo, - dilithium2_pss2048), - DECODER_w_structure("dilithium2_pss2048", der, SubjectPublicKeyInfo, - dilithium2_pss2048), - DECODER_w_structure("dilithium2_rsa2048", der, PrivateKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_rsa2048", der, SubjectPublicKeyInfo, - dilithium2_rsa2048), - DECODER_w_structure("dilithium2_ed25519", der, PrivateKeyInfo, - dilithium2_ed25519), - DECODER_w_structure("dilithium2_ed25519", der, SubjectPublicKeyInfo, - dilithium2_ed25519), - DECODER_w_structure("dilithium2_p256", der, PrivateKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_p256", der, SubjectPublicKeyInfo, - dilithium2_p256), - DECODER_w_structure("dilithium2_bp256", der, PrivateKeyInfo, - dilithium2_bp256), - DECODER_w_structure("dilithium2_bp256", der, SubjectPublicKeyInfo, - dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 DECODER_w_structure("dilithium3", der, PrivateKeyInfo, dilithium3), @@ -262,26 +242,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), p384_dilithium3), DECODER_w_structure("p384_dilithium3", der, SubjectPublicKeyInfo, p384_dilithium3), - DECODER_w_structure("dilithium3_pss3072", der, PrivateKeyInfo, - dilithium3_pss3072), - DECODER_w_structure("dilithium3_pss3072", der, SubjectPublicKeyInfo, - dilithium3_pss3072), - DECODER_w_structure("dilithium3_rsa3072", der, PrivateKeyInfo, - dilithium3_rsa3072), - DECODER_w_structure("dilithium3_rsa3072", der, SubjectPublicKeyInfo, - dilithium3_rsa3072), - DECODER_w_structure("dilithium3_p256", der, PrivateKeyInfo, - dilithium3_p256), - DECODER_w_structure("dilithium3_p256", der, SubjectPublicKeyInfo, - dilithium3_p256), - DECODER_w_structure("dilithium3_bp256", der, PrivateKeyInfo, - dilithium3_bp256), - DECODER_w_structure("dilithium3_bp256", der, SubjectPublicKeyInfo, - dilithium3_bp256), - DECODER_w_structure("dilithium3_ed25519", der, PrivateKeyInfo, - dilithium3_ed25519), - DECODER_w_structure("dilithium3_ed25519", der, SubjectPublicKeyInfo, - dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 DECODER_w_structure("dilithium5", der, PrivateKeyInfo, dilithium5), @@ -290,18 +250,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), p521_dilithium5), DECODER_w_structure("p521_dilithium5", der, SubjectPublicKeyInfo, p521_dilithium5), - DECODER_w_structure("dilithium5_p384", der, PrivateKeyInfo, - dilithium5_p384), - DECODER_w_structure("dilithium5_p384", der, SubjectPublicKeyInfo, - dilithium5_p384), - DECODER_w_structure("dilithium5_bp384", der, PrivateKeyInfo, - dilithium5_bp384), - DECODER_w_structure("dilithium5_bp384", der, SubjectPublicKeyInfo, - dilithium5_bp384), - DECODER_w_structure("dilithium5_ed448", der, PrivateKeyInfo, - dilithium5_ed448), - DECODER_w_structure("dilithium5_ed448", der, SubjectPublicKeyInfo, - dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_44 DECODER_w_structure("mldsa44", der, PrivateKeyInfo, mldsa44), @@ -313,6 +261,24 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_mldsa44), DECODER_w_structure("rsa3072_mldsa44", der, SubjectPublicKeyInfo, rsa3072_mldsa44), + DECODER_w_structure("mldsa44_pss2048", der, PrivateKeyInfo, + mldsa44_pss2048), + DECODER_w_structure("mldsa44_pss2048", der, SubjectPublicKeyInfo, + mldsa44_pss2048), + DECODER_w_structure("mldsa44_rsa2048", der, PrivateKeyInfo, + mldsa44_rsa2048), + DECODER_w_structure("mldsa44_rsa2048", der, SubjectPublicKeyInfo, + mldsa44_rsa2048), + DECODER_w_structure("mldsa44_ed25519", der, PrivateKeyInfo, + mldsa44_ed25519), + DECODER_w_structure("mldsa44_ed25519", der, SubjectPublicKeyInfo, + mldsa44_ed25519), + DECODER_w_structure("mldsa44_p256", der, PrivateKeyInfo, mldsa44_p256), + DECODER_w_structure("mldsa44_p256", der, SubjectPublicKeyInfo, + mldsa44_p256), + DECODER_w_structure("mldsa44_bp256", der, PrivateKeyInfo, mldsa44_bp256), + DECODER_w_structure("mldsa44_bp256", der, SubjectPublicKeyInfo, + mldsa44_bp256), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_65 DECODER_w_structure("mldsa65", der, PrivateKeyInfo, mldsa65), @@ -320,6 +286,24 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p384_mldsa65", der, PrivateKeyInfo, p384_mldsa65), DECODER_w_structure("p384_mldsa65", der, SubjectPublicKeyInfo, p384_mldsa65), + DECODER_w_structure("mldsa65_pss3072", der, PrivateKeyInfo, + mldsa65_pss3072), + DECODER_w_structure("mldsa65_pss3072", der, SubjectPublicKeyInfo, + mldsa65_pss3072), + DECODER_w_structure("mldsa65_rsa3072", der, PrivateKeyInfo, + mldsa65_rsa3072), + DECODER_w_structure("mldsa65_rsa3072", der, SubjectPublicKeyInfo, + mldsa65_rsa3072), + DECODER_w_structure("mldsa65_p256", der, PrivateKeyInfo, mldsa65_p256), + DECODER_w_structure("mldsa65_p256", der, SubjectPublicKeyInfo, + mldsa65_p256), + DECODER_w_structure("mldsa65_bp256", der, PrivateKeyInfo, mldsa65_bp256), + DECODER_w_structure("mldsa65_bp256", der, SubjectPublicKeyInfo, + mldsa65_bp256), + DECODER_w_structure("mldsa65_ed25519", der, PrivateKeyInfo, + mldsa65_ed25519), + DECODER_w_structure("mldsa65_ed25519", der, SubjectPublicKeyInfo, + mldsa65_ed25519), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_87 DECODER_w_structure("mldsa87", der, PrivateKeyInfo, mldsa87), @@ -327,6 +311,15 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_mldsa87", der, PrivateKeyInfo, p521_mldsa87), DECODER_w_structure("p521_mldsa87", der, SubjectPublicKeyInfo, p521_mldsa87), + DECODER_w_structure("mldsa87_p384", der, PrivateKeyInfo, mldsa87_p384), + DECODER_w_structure("mldsa87_p384", der, SubjectPublicKeyInfo, + mldsa87_p384), + DECODER_w_structure("mldsa87_bp384", der, PrivateKeyInfo, mldsa87_bp384), + DECODER_w_structure("mldsa87_bp384", der, SubjectPublicKeyInfo, + mldsa87_bp384), + DECODER_w_structure("mldsa87_ed448", der, PrivateKeyInfo, mldsa87_ed448), + DECODER_w_structure("mldsa87_ed448", der, SubjectPublicKeyInfo, + mldsa87_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 DECODER_w_structure("falcon512", der, PrivateKeyInfo, falcon512), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 08442ac5..1a6d3e8b 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -686,71 +686,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_dilithium2", rsa3072_dilithium2, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_dilithium2", rsa3072_dilithium2), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_pss2048", dilithium2_pss2048, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_pss2048", dilithium2_pss2048), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_rsa2048", dilithium2_rsa2048, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_rsa2048", dilithium2_rsa2048), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_ed25519", dilithium2_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_ed25519", dilithium2_ed25519), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_p256", dilithium2_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_p256", dilithium2_p256), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium2_bp256", dilithium2_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium2_bp256", dilithium2_bp256), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 ENCODER_w_structure("dilithium3", dilithium3, der, PrivateKeyInfo), @@ -773,71 +708,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p384_dilithium3", p384_dilithium3, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p384_dilithium3", p384_dilithium3), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_pss3072", dilithium3_pss3072, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_pss3072", dilithium3_pss3072), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_rsa3072", dilithium3_rsa3072, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_rsa3072", dilithium3_rsa3072), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_p256", dilithium3_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_p256", dilithium3_p256), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_bp256", dilithium3_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_bp256", dilithium3_bp256), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium3_ed25519", dilithium3_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium3_ed25519", dilithium3_ed25519), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 ENCODER_w_structure("dilithium5", dilithium5, der, PrivateKeyInfo), @@ -860,45 +730,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p521_dilithium5", p521_dilithium5, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_dilithium5", p521_dilithium5), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_p384", dilithium5_p384, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_p384", dilithium5_p384), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_bp384", dilithium5_bp384, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_bp384", dilithium5_bp384), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - PrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("dilithium5_ed448", dilithium5_ed448, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("dilithium5_ed448", dilithium5_ed448), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_44 ENCODER_w_structure("mldsa44", mldsa44, der, PrivateKeyInfo), @@ -932,6 +763,67 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_mldsa44", rsa3072_mldsa44, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_mldsa44", rsa3072_mldsa44), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44_pss2048", mldsa44_pss2048, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44_pss2048", mldsa44_pss2048), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44_rsa2048", mldsa44_rsa2048, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44_rsa2048", mldsa44_rsa2048), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44_ed25519", mldsa44_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44_ed25519", mldsa44_ed25519), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44_p256", mldsa44_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44_p256", mldsa44_p256), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa44_bp256", mldsa44_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa44_bp256", mldsa44_bp256), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_65 ENCODER_w_structure("mldsa65", mldsa65, der, PrivateKeyInfo), @@ -952,6 +844,67 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p384_mldsa65", p384_mldsa65, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p384_mldsa65", p384_mldsa65), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65_pss3072", mldsa65_pss3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65_pss3072", mldsa65_pss3072), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65_rsa3072", mldsa65_rsa3072, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65_rsa3072", mldsa65_rsa3072), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65_p256", mldsa65_p256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65_p256", mldsa65_p256), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65_bp256", mldsa65_bp256, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65_bp256", mldsa65_bp256), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, der, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, pem, + PrivateKeyInfo), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa65_ed25519", mldsa65_ed25519, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa65_ed25519", mldsa65_ed25519), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_87 ENCODER_w_structure("mldsa87", mldsa87, der, PrivateKeyInfo), @@ -972,6 +925,39 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p521_mldsa87", p521_mldsa87, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_mldsa87", p521_mldsa87), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa87_p384", mldsa87_p384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa87_p384", mldsa87_p384), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa87_bp384", mldsa87_bp384, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa87_bp384", mldsa87_bp384), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, der, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, pem, PrivateKeyInfo), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("mldsa87_ed448", mldsa87_ed448, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("mldsa87_ed448", mldsa87_ed448), #endif #ifdef OQS_ENABLE_SIG_falcon_512 ENCODER_w_structure("falcon512", falcon512, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 7635b5e8..89e59aeb 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -170,30 +170,10 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_dilithium2", "1.3.9999.2.7.2", "rsa3072_dilithium2", - "2.16.840.1.114027.80.8.1.1", - "dilithium2_pss2048", - "2.16.840.1.114027.80.8.1.2", - "dilithium2_rsa2048", - "2.16.840.1.114027.80.8.1.3", - "dilithium2_ed25519", - "2.16.840.1.114027.80.8.1.4", - "dilithium2_p256", - "2.16.840.1.114027.80.8.1.5", - "dilithium2_bp256", "1.3.6.1.4.1.2.267.7.6.5", "dilithium3", "1.3.9999.2.7.3", "p384_dilithium3", - "2.16.840.1.114027.80.8.1.6", - "dilithium3_pss3072", - "2.16.840.1.114027.80.8.1.7", - "dilithium3_rsa3072", - "2.16.840.1.114027.80.8.1.8", - "dilithium3_p256", - "2.16.840.1.114027.80.8.1.9", - "dilithium3_bp256", - "2.16.840.1.114027.80.8.1.10", - "dilithium3_ed25519", "1.3.6.1.4.1.2.267.7.8.7", "dilithium5", "1.3.9999.2.7.4", @@ -204,14 +184,40 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_mldsa44", "1.3.9999.7.2", "rsa3072_mldsa44", + "2.16.840.1.114027.80.8.1.1", + "mldsa44_pss2048", + "2.16.840.1.114027.80.8.1.2", + "mldsa44_rsa2048", + "2.16.840.1.114027.80.8.1.3", + "mldsa44_ed25519", + "2.16.840.1.114027.80.8.1.4", + "mldsa44_p256", + "2.16.840.1.114027.80.8.1.5", + "mldsa44_bp256", "1.3.6.1.4.1.2.267.12.6.5", "mldsa65", "1.3.9999.7.3", "p384_mldsa65", + "2.16.840.1.114027.80.8.1.6", + "mldsa65_pss3072", + "2.16.840.1.114027.80.8.1.7", + "mldsa65_rsa3072", + "2.16.840.1.114027.80.8.1.8", + "mldsa65_p256", + "2.16.840.1.114027.80.8.1.9", + "mldsa65_bp256", + "2.16.840.1.114027.80.8.1.10", + "mldsa65_ed25519", "1.3.6.1.4.1.2.267.12.8.7", "mldsa87", "1.3.9999.7.4", "p521_mldsa87", + "2.16.840.1.114027.80.8.1.11", + "mldsa87_p384", + "2.16.840.1.114027.80.8.1.12", + "mldsa87_bp384", + "2.16.840.1.114027.80.8.1.13", + "mldsa87_ed448", "1.3.9999.3.6", "falcon512", "1.3.9999.3.7", @@ -489,103 +495,121 @@ int oqs_patch_encodings(void) if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048")) - oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM2_PSS2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME")) - oqs_alg_encoding_list[7] - = getenv("OQS_ENCODING_DILITHIUM2_PSS2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048")) - oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_DILITHIUM2_RSA2048"); - if (getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME")) - oqs_alg_encoding_list[9] - = getenv("OQS_ENCODING_DILITHIUM2_RSA2048_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519")) - oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM2_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME")) - oqs_alg_encoding_list[11] - = getenv("OQS_ENCODING_DILITHIUM2_ED25519_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256")) - oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_DILITHIUM2_P256"); - if (getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME")) - oqs_alg_encoding_list[13] - = getenv("OQS_ENCODING_DILITHIUM2_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256")) - oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_DILITHIUM2_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME")) - oqs_alg_encoding_list[15] - = getenv("OQS_ENCODING_DILITHIUM2_BP256_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM3")) - oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_DILITHIUM3"); + oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM3"); if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); + oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); if (getenv("OQS_ENCODING_P384_DILITHIUM3")) - oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_P384_DILITHIUM3"); + oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P384_DILITHIUM3"); if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) - oqs_alg_encoding_list[19] + oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072")) - oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_DILITHIUM3_PSS3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME")) - oqs_alg_encoding_list[21] - = getenv("OQS_ENCODING_DILITHIUM3_PSS3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072")) - oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_DILITHIUM3_RSA3072"); - if (getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME")) - oqs_alg_encoding_list[23] - = getenv("OQS_ENCODING_DILITHIUM3_RSA3072_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256")) - oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_DILITHIUM3_P256"); - if (getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME")) - oqs_alg_encoding_list[25] - = getenv("OQS_ENCODING_DILITHIUM3_P256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256")) - oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_DILITHIUM3_BP256"); - if (getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME")) - oqs_alg_encoding_list[27] - = getenv("OQS_ENCODING_DILITHIUM3_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519")) - oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_DILITHIUM3_ED25519"); - if (getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME")) - oqs_alg_encoding_list[29] - = getenv("OQS_ENCODING_DILITHIUM3_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM5")) - oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_DILITHIUM5"); + oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM5"); if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); + oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_P521_DILITHIUM5")) - oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P521_DILITHIUM5"); + oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_P521_DILITHIUM5"); if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) - oqs_alg_encoding_list[33] + oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_MLDSA44")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_MLDSA44"); + oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_MLDSA44"); if (getenv("OQS_ENCODING_MLDSA44_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_MLDSA44_ALGNAME"); + oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_MLDSA44_ALGNAME"); if (getenv("OQS_ENCODING_P256_MLDSA44")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_MLDSA44"); + oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_MLDSA44"); if (getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"); + oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_MLDSA44")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_MLDSA44"); + oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_MLDSA44"); if (getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME")) + oqs_alg_encoding_list[19] oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44_PSS2048")) + oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_MLDSA44_PSS2048"); + if (getenv("OQS_ENCODING_MLDSA44_PSS2048_ALGNAME")) + oqs_alg_encoding_list[21] + = getenv("OQS_ENCODING_MLDSA44_PSS2048_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44_RSA2048")) + oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_MLDSA44_RSA2048"); + if (getenv("OQS_ENCODING_MLDSA44_RSA2048_ALGNAME")) + oqs_alg_encoding_list[23] + = getenv("OQS_ENCODING_MLDSA44_RSA2048_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44_ED25519")) + oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_MLDSA44_ED25519"); + if (getenv("OQS_ENCODING_MLDSA44_ED25519_ALGNAME")) + oqs_alg_encoding_list[25] + = getenv("OQS_ENCODING_MLDSA44_ED25519_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44_P256")) + oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_MLDSA44_P256"); + if (getenv("OQS_ENCODING_MLDSA44_P256_ALGNAME")) + oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_MLDSA44_P256_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA44_BP256")) + oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_MLDSA44_BP256"); + if (getenv("OQS_ENCODING_MLDSA44_BP256_ALGNAME")) + oqs_alg_encoding_list[29] + = getenv("OQS_ENCODING_MLDSA44_BP256_ALGNAME"); if (getenv("OQS_ENCODING_MLDSA65")) - oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_MLDSA65"); + oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_MLDSA65"); if (getenv("OQS_ENCODING_MLDSA65_ALGNAME")) - oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_MLDSA65_ALGNAME"); + oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_MLDSA65_ALGNAME"); if (getenv("OQS_ENCODING_P384_MLDSA65")) - oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P384_MLDSA65"); + oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P384_MLDSA65"); if (getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME")) - oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME"); + oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P384_MLDSA65_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65_PSS3072")) + oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_MLDSA65_PSS3072"); + if (getenv("OQS_ENCODING_MLDSA65_PSS3072_ALGNAME")) + oqs_alg_encoding_list[35] + = getenv("OQS_ENCODING_MLDSA65_PSS3072_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65_RSA3072")) + oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_MLDSA65_RSA3072"); + if (getenv("OQS_ENCODING_MLDSA65_RSA3072_ALGNAME")) + oqs_alg_encoding_list[37] + = getenv("OQS_ENCODING_MLDSA65_RSA3072_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65_P256")) + oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_MLDSA65_P256"); + if (getenv("OQS_ENCODING_MLDSA65_P256_ALGNAME")) + oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_MLDSA65_P256_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65_BP256")) + oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_MLDSA65_BP256"); + if (getenv("OQS_ENCODING_MLDSA65_BP256_ALGNAME")) + oqs_alg_encoding_list[41] + = getenv("OQS_ENCODING_MLDSA65_BP256_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA65_ED25519")) + oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_MLDSA65_ED25519"); + if (getenv("OQS_ENCODING_MLDSA65_ED25519_ALGNAME")) + oqs_alg_encoding_list[43] + = getenv("OQS_ENCODING_MLDSA65_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_MLDSA87")) - oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_MLDSA87"); + oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_MLDSA87"); if (getenv("OQS_ENCODING_MLDSA87_ALGNAME")) - oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_MLDSA87_ALGNAME"); + oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_MLDSA87_ALGNAME"); if (getenv("OQS_ENCODING_P521_MLDSA87")) - oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P521_MLDSA87"); + oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_P521_MLDSA87"); if (getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME")) - oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME"); + oqs_alg_encoding_list[47] = getenv("OQS_ENCODING_P521_MLDSA87_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA87_P384")) + oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_MLDSA87_P384"); + if (getenv("OQS_ENCODING_MLDSA87_P384_ALGNAME")) + oqs_alg_encoding_list[49] = getenv("OQS_ENCODING_MLDSA87_P384_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA87_BP384")) + oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_MLDSA87_BP384"); + if (getenv("OQS_ENCODING_MLDSA87_BP384_ALGNAME")) + oqs_alg_encoding_list[51] + = getenv("OQS_ENCODING_MLDSA87_BP384_ALGNAME"); + if (getenv("OQS_ENCODING_MLDSA87_ED448")) + oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_MLDSA87_ED448"); + if (getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME")) + oqs_alg_encoding_list[53] + = getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_FALCON512"); if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) @@ -738,20 +762,10 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("dilithium2", 128, oqs_signature_functions), SIGALG("p256_dilithium2", 128, oqs_signature_functions), SIGALG("rsa3072_dilithium2", 128, oqs_signature_functions), - SIGALG("dilithium2_pss2048", 112, oqs_signature_functions), - SIGALG("dilithium2_rsa2048", 112, oqs_signature_functions), - SIGALG("dilithium2_ed25519", 128, oqs_signature_functions), - SIGALG("dilithium2_p256", 128, oqs_signature_functions), - SIGALG("dilithium2_bp256", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), SIGALG("p384_dilithium3", 192, oqs_signature_functions), - SIGALG("dilithium3_pss3072", 128, oqs_signature_functions), - SIGALG("dilithium3_rsa3072", 128, oqs_signature_functions), - SIGALG("dilithium3_p256", 128, oqs_signature_functions), - SIGALG("dilithium3_bp256", 256, oqs_signature_functions), - SIGALG("dilithium3_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), @@ -761,14 +775,27 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("mldsa44", 128, oqs_signature_functions), SIGALG("p256_mldsa44", 128, oqs_signature_functions), SIGALG("rsa3072_mldsa44", 128, oqs_signature_functions), + SIGALG("mldsa44_pss2048", 112, oqs_signature_functions), + SIGALG("mldsa44_rsa2048", 112, oqs_signature_functions), + SIGALG("mldsa44_ed25519", 128, oqs_signature_functions), + SIGALG("mldsa44_p256", 128, oqs_signature_functions), + SIGALG("mldsa44_bp256", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_65 SIGALG("mldsa65", 192, oqs_signature_functions), SIGALG("p384_mldsa65", 192, oqs_signature_functions), + SIGALG("mldsa65_pss3072", 128, oqs_signature_functions), + SIGALG("mldsa65_rsa3072", 128, oqs_signature_functions), + SIGALG("mldsa65_p256", 128, oqs_signature_functions), + SIGALG("mldsa65_bp256", 256, oqs_signature_functions), + SIGALG("mldsa65_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_87 SIGALG("mldsa87", 256, oqs_signature_functions), SIGALG("p521_mldsa87", 256, oqs_signature_functions), + SIGALG("mldsa87_p384", 192, oqs_signature_functions), + SIGALG("mldsa87_bp384", 384, oqs_signature_functions), + SIGALG("mldsa87_ed448", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_signature_functions), @@ -908,20 +935,10 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("dilithium2", 128, oqs_dilithium2_keymgmt_functions), SIGALG("p256_dilithium2", 128, oqs_p256_dilithium2_keymgmt_functions), SIGALG("rsa3072_dilithium2", 128, oqs_rsa3072_dilithium2_keymgmt_functions), - SIGALG("dilithium2_pss2048", 112, oqs_dilithium2_pss2048_keymgmt_functions), - SIGALG("dilithium2_rsa2048", 112, oqs_dilithium2_rsa2048_keymgmt_functions), - SIGALG("dilithium2_ed25519", 128, oqs_dilithium2_ed25519_keymgmt_functions), - SIGALG("dilithium2_p256", 128, oqs_dilithium2_p256_keymgmt_functions), - SIGALG("dilithium2_bp256", 256, oqs_dilithium2_bp256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), SIGALG("p384_dilithium3", 192, oqs_p384_dilithium3_keymgmt_functions), - SIGALG("dilithium3_pss3072", 128, oqs_dilithium3_pss3072_keymgmt_functions), - SIGALG("dilithium3_rsa3072", 128, oqs_dilithium3_rsa3072_keymgmt_functions), - SIGALG("dilithium3_p256", 128, oqs_dilithium3_p256_keymgmt_functions), - SIGALG("dilithium3_bp256", 256, oqs_dilithium3_bp256_keymgmt_functions), - SIGALG("dilithium3_ed25519", 128, oqs_dilithium3_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), @@ -931,14 +948,27 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("mldsa44", 128, oqs_mldsa44_keymgmt_functions), SIGALG("p256_mldsa44", 128, oqs_p256_mldsa44_keymgmt_functions), SIGALG("rsa3072_mldsa44", 128, oqs_rsa3072_mldsa44_keymgmt_functions), + SIGALG("mldsa44_pss2048", 112, oqs_mldsa44_pss2048_keymgmt_functions), + SIGALG("mldsa44_rsa2048", 112, oqs_mldsa44_rsa2048_keymgmt_functions), + SIGALG("mldsa44_ed25519", 128, oqs_mldsa44_ed25519_keymgmt_functions), + SIGALG("mldsa44_p256", 128, oqs_mldsa44_p256_keymgmt_functions), + SIGALG("mldsa44_bp256", 256, oqs_mldsa44_bp256_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_65 SIGALG("mldsa65", 192, oqs_mldsa65_keymgmt_functions), SIGALG("p384_mldsa65", 192, oqs_p384_mldsa65_keymgmt_functions), + SIGALG("mldsa65_pss3072", 128, oqs_mldsa65_pss3072_keymgmt_functions), + SIGALG("mldsa65_rsa3072", 128, oqs_mldsa65_rsa3072_keymgmt_functions), + SIGALG("mldsa65_p256", 128, oqs_mldsa65_p256_keymgmt_functions), + SIGALG("mldsa65_bp256", 256, oqs_mldsa65_bp256_keymgmt_functions), + SIGALG("mldsa65_ed25519", 128, oqs_mldsa65_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_ml_dsa_87 SIGALG("mldsa87", 256, oqs_mldsa87_keymgmt_functions), SIGALG("p521_mldsa87", 256, oqs_p521_mldsa87_keymgmt_functions), + SIGALG("mldsa87_p384", 192, oqs_mldsa87_p384_keymgmt_functions), + SIGALG("mldsa87_bp384", 384, oqs_mldsa87_bp384_keymgmt_functions), + SIGALG("mldsa87_ed448", 192, oqs_mldsa87_ed448_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 16cebf8d..dbdd3c5d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -129,27 +129,30 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, - {0, "dilithium2_pss2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_rsa2048", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 112}, - {0, "dilithium2_ed25519", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_p256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium2_bp256", OQS_SIG_alg_dilithium_2, KEY_TYPE_CMP_SIG, 256}, {0, "dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_SIG, 192}, {0, "p384_dilithium3", OQS_SIG_alg_dilithium_3, KEY_TYPE_HYB_SIG, 192}, - {0, "dilithium3_pss3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_rsa3072", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_p256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, - {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 256}, - {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_SIG, 256}, {0, "p521_dilithium5", OQS_SIG_alg_dilithium_5, KEY_TYPE_HYB_SIG, 256}, {0, "mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_SIG, 128}, {0, "p256_mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_mldsa44", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_HYB_SIG, 128}, + {0, "mldsa44_pss2048", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_CMP_SIG, 112}, + {0, "mldsa44_rsa2048", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_CMP_SIG, 112}, + {0, "mldsa44_ed25519", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_CMP_SIG, 128}, + {0, "mldsa44_p256", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_CMP_SIG, 128}, + {0, "mldsa44_bp256", OQS_SIG_alg_ml_dsa_44, KEY_TYPE_CMP_SIG, 256}, {0, "mldsa65", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_SIG, 192}, {0, "p384_mldsa65", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_HYB_SIG, 192}, + {0, "mldsa65_pss3072", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_CMP_SIG, 128}, + {0, "mldsa65_rsa3072", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_CMP_SIG, 128}, + {0, "mldsa65_p256", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_CMP_SIG, 128}, + {0, "mldsa65_bp256", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_CMP_SIG, 256}, + {0, "mldsa65_ed25519", OQS_SIG_alg_ml_dsa_65, KEY_TYPE_CMP_SIG, 128}, {0, "mldsa87", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_SIG, 256}, {0, "p521_mldsa87", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_HYB_SIG, 256}, + {0, "mldsa87_p384", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_CMP_SIG, 192}, + {0, "mldsa87_bp384", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_CMP_SIG, 384}, + {0, "mldsa87_ed448", OQS_SIG_alg_ml_dsa_87, KEY_TYPE_CMP_SIG, 192}, {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, diff --git a/scripts/common.py b/scripts/common.py index 85e1492d..7518854a 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -19,7 +19,8 @@ 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', -##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END + # post-quantum + classical signatures (COMPOSITE) + 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519',##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] SERVER_START_ATTEMPTS = 10 From 7493201eb8e52ce62dc90ec5a66fae24252aa93b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 29 Feb 2024 08:14:01 -0600 Subject: [PATCH 122/164] added more descriptive comments Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 2 ++ oqs-template/scripts/common.py/sig_algs.fragment | 1 + oqsprov/oqs_prov.h | 6 ++++-- scripts/common.py | 3 ++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index f44a388e..d1e011a7 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -422,6 +422,8 @@ sigs: # 'security': '128', # 'oid': '2.16.840.1.114027.80.1.8'}] - + # The Composite OIDs are kept up to date by @feventura (Entrust) + # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-12 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) diff --git a/oqs-template/scripts/common.py/sig_algs.fragment b/oqs-template/scripts/common.py/sig_algs.fragment index d3839008..07706745 100644 --- a/oqs-template/scripts/common.py/sig_algs.fragment +++ b/oqs-template/scripts/common.py/sig_algs.fragment @@ -16,3 +16,4 @@ '{{ variant['name'] }}_{{ composite_alg['name'] }}', {%- endfor -%} {%- endfor %} {%- endfor %} + diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 26daec72..e1b6b954 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -177,8 +177,10 @@ struct oqsx_key_st { #endif int references; - /* point to actual priv key material -- classic key, if present, first, - * unless is composite i.e., OQS key always at comp_*key[numkeys-1] + /* point to actual priv key material -- if is a hydrid, the classic key will + * be present first, i.e., OQS key always at comp_*key[numkeys-1] - if is a + * composite, the classic key will be presented second, i.e., OQS key always + * at comp_*key[0] */ void **comp_privkey; void **comp_pubkey; diff --git a/scripts/common.py b/scripts/common.py index 7518854a..83ca6dff 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -20,7 +20,8 @@ # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', # post-quantum + classical signatures (COMPOSITE) - 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519',##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END + 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519', +##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] SERVER_START_ATTEMPTS = 10 From 7bee2c70d78035bb9e0787b0425c8ec5d8ece94b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 29 Feb 2024 09:36:26 -0600 Subject: [PATCH 123/164] added option to easily switch back to dilithium3 instead of ML-DLS65 for interop reasons Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index d1e011a7..00021480 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -481,6 +481,12 @@ sigs: 'pretty_name': 'ECDSA p384', 'oid': '1.3.9999.2.7.3', 'code_point': '0xfea4'}] +# Used to interop with dilithium3 implementations +# composite: [ +# {'name': 'p256', +# 'pretty_name': 'ECDSA p256', +# 'security': '128', +# 'oid': '2.16.840.1.114027.80.8.1.8'},] - name: 'dilithium5' pretty_name: 'Dilithium5' From 1e3a8d6dbb162951d488e2e9953d220ed723df7b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 29 Feb 2024 09:37:13 -0600 Subject: [PATCH 124/164] switched comparison from dilithium to ML-DSA Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 45fffb79..0de708b2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -400,8 +400,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, upcase_name = get_oqsname_fromtls(name); if ((upcase_name != 0) - && ((!strcmp(upcase_name, OQS_SIG_alg_dilithium_3)) - || (!strcmp(upcase_name, OQS_SIG_alg_dilithium_5))) + && ((!strcmp(upcase_name, OQS_SIG_alg_ml_dsa_65)) + || (!strcmp(upcase_name, OQS_SIG_alg_ml_dsa_87))) || (name[0] == 'e')) { aux = 1; OPENSSL_free(name); From 762e7f8ee55de2978e9a348f0b3b05be17e5d0ef Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 29 Feb 2024 13:14:56 -0600 Subject: [PATCH 125/164] switched comparison from dilithium to ML-DSA form validation Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 0de708b2..372d2bd5 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -424,6 +424,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } + final_tbslen -= 1; final_tbs = OPENSSL_malloc(final_tbslen); memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, @@ -720,6 +721,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if ((compsig = d2i_CompositeSignature(NULL, &sig, siglen)) == NULL) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + CompositeSignature_free(compsig); goto endverify; } @@ -730,13 +732,14 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); OPENSSL_free(name); + CompositeSignature_free(compsig); goto endverify; } upcase_name = get_oqsname_fromtls(name); if ((upcase_name != 0) - && ((!strcmp(upcase_name, OQS_SIG_alg_dilithium_3)) - || (!strcmp(upcase_name, OQS_SIG_alg_dilithium_5))) + && ((!strcmp(upcase_name, OQS_SIG_alg_ml_dsa_65)) + || (!strcmp(upcase_name, OQS_SIG_alg_ml_dsa_87))) || (name[0] == 'e')) { aux = 1; OPENSSL_free(name); @@ -757,8 +760,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, break; default: ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); goto endverify; } + final_tbslen -= 1; final_tbs = OPENSSL_malloc(final_tbslen); memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, @@ -779,6 +784,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if ((name = get_cmpname(nid, i)) == NULL) { OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } @@ -788,6 +795,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } } else { @@ -808,6 +817,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); EVP_MD_CTX_free(evp_ctx); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } EVP_MD_CTX_free(evp_ctx); @@ -818,6 +829,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } if (!strncmp(name, "pss", 3)) { @@ -831,6 +844,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } } else if (oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info @@ -841,6 +856,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, <= 0) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } } @@ -874,6 +891,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, default: ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } } @@ -884,6 +903,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endverify; } } From 8bf4c5fbd6432c2b70021f70748b4db1e8740041 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Mar 2024 10:35:09 -0600 Subject: [PATCH 126/164] adding Felipe to the contribuitors list Signed-off-by: Felipe Ventura --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 89d89495..49a771d8 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,7 @@ Contributors to the `oqsprovider` include: - Alex Zaslavsky - Will Childs-Klein - Thomas Bailleux +- Felipe Ventura History ------- From be0df240b27534ec76483d198a9977589b005d8b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Mar 2024 14:16:05 -0600 Subject: [PATCH 127/164] fix OID prefix format Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 61 +++++++++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 372d2bd5..8a9554a2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -216,32 +216,32 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, // this list need to be in order of the last number on the OID from the // composite -static const char *composite_OID_prefix[] = { - "060B6086480186FA6B50080101", // dilithium2_pss2048 +static const unsigned char *composite_OID_prefix[] = { + "060B6086480186FA6B50080101", // mldsa44_pss2048 // id-MLDSA44-RSA2048-PSS-SHA256 - "060B6086480186FA6B50080102", // dilithium2_rsa2048 + "060B6086480186FA6B50080102", // mldsa44_rsa2048 // id-MLDSA44-RSA2048-PKCS15-SHA256 - "060B6086480186FA6B50080103", // dilithium2_ed25519 + "060B6086480186FA6B50080103", // mldsa44_ed25519 // id-MLDSA44-Ed25519-SHA512 - "060B6086480186FA6B50080104", // dilithium2_p256 + "060B6086480186FA6B50080104", // mldsa44_p256 // id-MLDSA44-ECDSA-P256-SHA256 - "060B6086480186FA6B50080105", // dilithium2_bp256 + "060B6086480186FA6B50080105", // mldsa44_bp256 // id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 - "060B6086480186FA6B50080106", // dilithium3_pss3072 + "060B6086480186FA6B50080106", // mldsa65_pss3072 // id-MLDSA65-RSA3072-PSS-SHA512 - "060B6086480186FA6B50080107", // dilithium3_rsa3072 + "060B6086480186FA6B50080107", // mldsa65_rsa3072 // id-MLDSA65-RSA3072-PKCS15-SHA512 - "060B6086480186FA6B50080108", // dilithium3_p256 + "060B6086480186FA6B50080108", // mldsa65_p256 // id-MLDSA65-ECDSA-P256-SHA512 - "060B6086480186FA6B50080109", // dilithium3_bp256 + "060B6086480186FA6B50080109", // mldsa65_bp256 // id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 - "060B6086480186FA6B5008010A", // dilithium3_ed25519 + "060B6086480186FA6B5008010A", // mldsa65_ed25519 // id-MLDSA65-Ed25519-SHA512 - "060B6086480186FA6B5008010B", // dilithium5_p384 + "060B6086480186FA6B5008010B", // mldsa87_p384 // id-MLDSA87-ECDSA-P384-SHA512 - "060B6086480186FA6B5008010C", // dilithium5_bp384 + "060B6086480186FA6B5008010C", // mldsa87_bp384 // id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 - "060B6086480186FA6B5008010D", // dilithium5_ed448 id-MLDSA87-Ed448-SHA512 + "060B6086480186FA6B5008010D", // mldsa87_ed448 id-MLDSA87-Ed448-SHA512 "060B6086480186FA6B5008010E", // falcon512_p256 // id-Falon512-ECDSA-P256-SHA256 "060B6086480186FA6B5008010F", // falcon512_bp256 @@ -251,6 +251,17 @@ static const char *composite_OID_prefix[] = { }; +void Composite_prefix_conversion(char *out, const unsigned char *in) +{ + int temp; + for (int i = 0; i < COMPOSITE_OID_PREFIRX_LEN / 2; i++) { + temp = OPENSSL_hexchar2int(in[2 * i]); + temp = temp * 16; + temp += OPENSSL_hexchar2int(in[2 * i + 1]); + out[i] = (unsigned char)temp; + } +} + /* On entry to this function, data to be signed (tbs) might have been hashed * already: this would be the case if poqs_sigctx->mdctx != NULL; if that is * NULL, we have to hash in case of hybrid signatures @@ -381,10 +392,10 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, CompositeSignature *compsig = CompositeSignature_new(); int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); - const char *oid_prefix + const unsigned char *oid_prefix = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; char *final_tbs; - size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN; + size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; int aux = 0; unsigned char *tbs_hash; @@ -424,11 +435,10 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } - final_tbslen -= 1; final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); - memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, - final_tbslen - COMPOSITE_OID_PREFIRX_LEN); + Composite_prefix_conversion(final_tbs, oid_prefix); + memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, + final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); // sign @@ -712,10 +722,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, int nid = OBJ_sn2nid(oqsxkey->tls_name); unsigned char *buf; size_t buf_len; - const char *oid_prefix + const unsigned char *oid_prefix = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; char *final_tbs; - size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN; + size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; int aux = 0; unsigned char *tbs_hash; @@ -763,11 +773,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, CompositeSignature_free(compsig); goto endverify; } - final_tbslen -= 1; final_tbs = OPENSSL_malloc(final_tbslen); - memcpy(final_tbs, oid_prefix, COMPOSITE_OID_PREFIRX_LEN); - memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN, tbs_hash, - final_tbslen - COMPOSITE_OID_PREFIRX_LEN); + Composite_prefix_conversion(final_tbs, oid_prefix); + memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, + final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); // verify From 2631429d4d58a94a26ad5e5d07fbed8a279d737b Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 1 Mar 2024 07:23:50 +0100 Subject: [PATCH 128/164] Adapt Kyber OIDs and avoid testing using downlevel brew releases (#356) * disable testing to backlevel liboqs & remove OID duplicates * create standalone CI job names Signed-off-by: Felipe Ventura --- .github/workflows/macos.yml | 9 ++- .github/workflows/standalone.yml | 17 ++++-- ALGORITHMS.md | 94 ++++++++++++++++---------------- oqs-template/generate.yml | 5 -- oqsprov/oqsprov.c | 86 ++++++++++++++--------------- 5 files changed, 109 insertions(+), 102 deletions(-) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 7a6f95f4..7aaeaf2d 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -70,7 +70,14 @@ jobs: working-directory: _build # Try brew install of head: If error message below appears, build and test passed successfully - name: brew install test - run: brew install --HEAD --formula -s oqsprovider.rb 2>&1 | grep "Empty installation" + # try this only if brew'd liboqs knows about ML-KEM: + run: | + bash -c 'brew install liboqs && FIND_MLKEM=`brew info liboqs | grep files | awk "{print $1}"` + if [[ `echo $FIND_MLKEM | grep ML_KEM` ]]; then + brew install --HEAD --formula -s oqsprovider.rb 2>&1 | grep "Empty installation" + else + echo "ML-KEM not present in liboqs. Skipping test." + fi' working-directory: scripts - name: Retain oqsprovider.dylib uses: actions/upload-artifact@v3 diff --git a/.github/workflows/standalone.yml b/.github/workflows/standalone.yml index 6e27e626..39b01457 100644 --- a/.github/workflows/standalone.yml +++ b/.github/workflows/standalone.yml @@ -8,7 +8,7 @@ on: jobs: - macos_intel: + standalone_macos_intel: runs-on: macos-13 strategy: fail-fast: false @@ -17,12 +17,17 @@ jobs: run: brew install liboqs - name: Checkout oqsprovider code uses: actions/checkout@v2 - - name: Build oqsprovider - run: cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B _build && cmake --build _build - - name: Test oqsprovider - run: ctest --parallel 5 --test-dir _build + - name: Build and test oqsprovider + # try this only if brew'd liboqs knows about ML-KEM: + run: | + bash -c 'FIND_MLKEM=`brew info liboqs | grep files | awk "{print $1}"` + if [[ `echo $FIND_MLKEM | grep ML_KEM` ]]; then + cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -S . -B _build && cmake --build _build && ctest --parallel 5 --test-dir _build + else + echo "ML-KEM not present in liboqs. Skipping test." + fi' - linux_intel: + standalone_linux_intel: runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/ALGORITHMS.md b/ALGORITHMS.md index cbf8d5c6..bd619ee0 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -204,58 +204,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.58 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.57 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.43 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.60 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.59 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.44 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.62 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.61 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.45 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.64 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.63 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.46 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.66 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.65 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.68 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.67 | OQS_OID_P521_FRODO1344SHAKE -| kyber512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_KYBER512 -| p256_kyber512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_KYBER512 -| x25519_kyber512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_KYBER512 -| kyber768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.69 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.47 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.48 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.49 | OQS_OID_P256_KYBER768 -| kyber1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.70 | OQS_OID_P521_KYBER1024 +| frodo640aes | 1.3.9999.99.64 | OQS_OID_FRODO640AES +| p256_frodo640aes | 1.3.9999.99.63 | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | 1.3.9999.99.48 | OQS_OID_X25519_FRODO640AES +| frodo640shake | 1.3.9999.99.66 | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | 1.3.9999.99.65 | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | 1.3.9999.99.49 | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | 1.3.9999.99.68 | OQS_OID_FRODO976AES +| p384_frodo976aes | 1.3.9999.99.67 | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | 1.3.9999.99.50 | OQS_OID_X448_FRODO976AES +| frodo976shake | 1.3.9999.99.70 | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | 1.3.9999.99.69 | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | 1.3.9999.99.51 | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | 1.3.9999.99.72 | OQS_OID_FRODO1344AES +| p521_frodo1344aes | 1.3.9999.99.71 | OQS_OID_P521_FRODO1344AES +| frodo1344shake | 1.3.9999.99.74 | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | 1.3.9999.99.73 | OQS_OID_P521_FRODO1344SHAKE +| kyber512 | 1.3.9999.99.76 | OQS_OID_KYBER512 +| p256_kyber512 | 1.3.9999.99.75 | OQS_OID_P256_KYBER512 +| x25519_kyber512 | 1.3.9999.99.52 | OQS_OID_X25519_KYBER512 +| kyber768 | 1.3.9999.99.78 | OQS_OID_KYBER768 +| p384_kyber768 | 1.3.9999.99.77 | OQS_OID_P384_KYBER768 +| x448_kyber768 | 1.3.9999.99.53 | OQS_OID_X448_KYBER768 +| x25519_kyber768 | 1.3.9999.99.54 | OQS_OID_X25519_KYBER768 +| p256_kyber768 | 1.3.9999.99.55 | OQS_OID_P256_KYBER768 +| kyber1024 | 1.3.9999.99.80 | OQS_OID_KYBER1024 +| p521_kyber1024 | 1.3.9999.99.79 | OQS_OID_P521_KYBER1024 | mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 | mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768 -| p384_mlkem768 | 1.3.9999.99.71 | OQS_OID_P384_MLKEM768 -| x448_mlkem768 | 1.3.9999.99.50 | OQS_OID_X448_MLKEM768 -| x25519_mlkem768 | 1.3.9999.99.51 | OQS_OID_X25519_MLKEM768 -| p256_mlkem768 | 1.3.9999.99.52 | OQS_OID_P256_MLKEM768 +| p384_mlkem768 | 1.3.9999.99.81 | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | 1.3.9999.99.56 | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | 1.3.9999.99.57 | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | 1.3.9999.99.58 | OQS_OID_P256_MLKEM768 | mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 -| p521_mlkem1024 | 1.3.9999.99.72 | OQS_OID_P521_MLKEM1024 -| bikel1 | 1.3.9999.99.74 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.73 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.53 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.76 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.75 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.54 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.78 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.77 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.80 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.79 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.55 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.82 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.81 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.56 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.84 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.83 | OQS_OID_P521_HQC256 +| p521_mlkem1024 | 1.3.9999.99.82 | OQS_OID_P521_MLKEM1024 +| bikel1 | 1.3.9999.99.84 | OQS_OID_BIKEL1 +| p256_bikel1 | 1.3.9999.99.83 | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | 1.3.9999.99.59 | OQS_OID_X25519_BIKEL1 +| bikel3 | 1.3.9999.99.86 | OQS_OID_BIKEL3 +| p384_bikel3 | 1.3.9999.99.85 | OQS_OID_P384_BIKEL3 +| x448_bikel3 | 1.3.9999.99.60 | OQS_OID_X448_BIKEL3 +| bikel5 | 1.3.9999.99.88 | OQS_OID_BIKEL5 +| p521_bikel5 | 1.3.9999.99.87 | OQS_OID_P521_BIKEL5 +| hqc128 | 1.3.9999.99.90 | OQS_OID_HQC128 +| p256_hqc128 | 1.3.9999.99.89 | OQS_OID_P256_HQC128 +| x25519_hqc128 | 1.3.9999.99.61 | OQS_OID_X25519_HQC128 +| hqc192 | 1.3.9999.99.92 | OQS_OID_HQC192 +| p384_hqc192 | 1.3.9999.99.91 | OQS_OID_P384_HQC192 +| x448_hqc192 | 1.3.9999.99.62 | OQS_OID_X448_HQC192 +| hqc256 | 1.3.9999.99.94 | OQS_OID_HQC256 +| p521_hqc256 | 1.3.9999.99.93 | OQS_OID_P521_HQC256 # Key Encodings diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 00021480..ab6f8ab9 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -85,14 +85,11 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber512' nid: '0x023A' - oid: '1.3.6.1.4.1.22554.5.6.1' nid_hybrid: '0x2F3A' - hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' oqs_alg: 'OQS_KEM_alg_kyber_512' extra_nids: current: - hybrid_group: "x25519" - hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' nid: '0x2F39' old: - implementation_version: NIST Round 2 submission @@ -110,7 +107,6 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber768' nid: '0x023C' - oid: '1.3.6.1.4.1.22554.5.6.2' nid_hybrid: '0x2F3C' extra_nids: current: @@ -133,7 +129,6 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber1024' nid: '0x023D' - oid: '1.3.6.1.4.1.22554.5.6.3' nid_hybrid: '0x2F3D' extra_nids: old: diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 89e59aeb..516aadc8 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -57,57 +57,57 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { #ifdef OQS_KEM_ENCODERS - "1.3.9999.99.16", + "1.3.9999.99.17", "frodo640aes", - "1.3.9999.99.15", + "1.3.9999.99.16", "p256_frodo640aes", "1.3.9999.99.1", "x25519_frodo640aes", - "1.3.9999.99.18", + "1.3.9999.99.19", "frodo640shake", - "1.3.9999.99.17", + "1.3.9999.99.18", "p256_frodo640shake", "1.3.9999.99.2", "x25519_frodo640shake", - "1.3.9999.99.20", + "1.3.9999.99.21", "frodo976aes", - "1.3.9999.99.19", + "1.3.9999.99.20", "p384_frodo976aes", "1.3.9999.99.3", "x448_frodo976aes", - "1.3.9999.99.22", + "1.3.9999.99.23", "frodo976shake", - "1.3.9999.99.21", + "1.3.9999.99.22", "p384_frodo976shake", "1.3.9999.99.4", "x448_frodo976shake", - "1.3.9999.99.24", + "1.3.9999.99.25", "frodo1344aes", - "1.3.9999.99.23", + "1.3.9999.99.24", "p521_frodo1344aes", - "1.3.9999.99.26", + "1.3.9999.99.27", "frodo1344shake", - "1.3.9999.99.25", + "1.3.9999.99.26", "p521_frodo1344shake", - "1.3.6.1.4.1.22554.5.6.1", + "1.3.9999.99.29", "kyber512", - "1.3.6.1.4.1.22554.5.7.1", + "1.3.9999.99.28", "p256_kyber512", - "1.3.6.1.4.1.22554.5.8.1", + "1.3.9999.99.5", "x25519_kyber512", - "1.3.6.1.4.1.22554.5.6.2", + "1.3.9999.99.31", "kyber768", - "1.3.9999.99.27", + "1.3.9999.99.30", "p384_kyber768", - "1.3.9999.99.5", - "x448_kyber768", "1.3.9999.99.6", - "x25519_kyber768", + "x448_kyber768", "1.3.9999.99.7", + "x25519_kyber768", + "1.3.9999.99.8", "p256_kyber768", - "1.3.6.1.4.1.22554.5.6.3", + "1.3.9999.99.33", "kyber1024", - "1.3.9999.99.28", + "1.3.9999.99.32", "p521_kyber1024", "1.3.6.1.4.1.22554.5.6.1", "mlkem512", @@ -117,49 +117,49 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_mlkem512", "1.3.6.1.4.1.22554.5.6.2", "mlkem768", - "1.3.9999.99.29", + "1.3.9999.99.34", "p384_mlkem768", - "1.3.9999.99.8", - "x448_mlkem768", "1.3.9999.99.9", - "x25519_mlkem768", + "x448_mlkem768", "1.3.9999.99.10", + "x25519_mlkem768", + "1.3.9999.99.11", "p256_mlkem768", "1.3.6.1.4.1.22554.5.6.3", "mlkem1024", - "1.3.9999.99.30", + "1.3.9999.99.35", "p521_mlkem1024", - "1.3.9999.99.32", + "1.3.9999.99.37", "bikel1", - "1.3.9999.99.31", + "1.3.9999.99.36", "p256_bikel1", - "1.3.9999.99.11", + "1.3.9999.99.12", "x25519_bikel1", - "1.3.9999.99.34", + "1.3.9999.99.39", "bikel3", - "1.3.9999.99.33", + "1.3.9999.99.38", "p384_bikel3", - "1.3.9999.99.12", + "1.3.9999.99.13", "x448_bikel3", - "1.3.9999.99.36", + "1.3.9999.99.41", "bikel5", - "1.3.9999.99.35", + "1.3.9999.99.40", "p521_bikel5", - "1.3.9999.99.38", + "1.3.9999.99.43", "hqc128", - "1.3.9999.99.37", + "1.3.9999.99.42", "p256_hqc128", - "1.3.9999.99.13", + "1.3.9999.99.14", "x25519_hqc128", - "1.3.9999.99.40", + "1.3.9999.99.45", "hqc192", - "1.3.9999.99.39", + "1.3.9999.99.44", "p384_hqc192", - "1.3.9999.99.14", + "1.3.9999.99.15", "x448_hqc192", - "1.3.9999.99.42", + "1.3.9999.99.47", "hqc256", - "1.3.9999.99.41", + "1.3.9999.99.46", "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ From 70fd1014b6a70abf3c40005747c50cc9dc368ed5 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 1 Mar 2024 14:24:30 +0100 Subject: [PATCH 129/164] Add extra debug information in case of TLS handshake failure. (#357) * Add extra debug information in case of TLS handshake failure. Signed-off-by: Felipe Ventura --- test/tlstest_helpers.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/test/tlstest_helpers.c b/test/tlstest_helpers.c index 09363f49..c2490887 100644 --- a/test/tlstest_helpers.c +++ b/test/tlstest_helpers.c @@ -148,7 +148,10 @@ int create_bare_tls_connection(SSL *serverssl, SSL *clientssl, int want, } if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { - fprintf(stderr, "SSL_connect() failed %d, %d", retc, err); + fprintf(stderr, + "SSL_connect() failed returning %d, SSL error %d.\n", retc, + err); + ERR_print_errors_fp(stderr); if (want != SSL_ERROR_SSL) ERR_clear_error(); clienterr = 1; @@ -165,7 +168,9 @@ int create_bare_tls_connection(SSL *serverssl, SSL *clientssl, int want, if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ && err != SSL_ERROR_WANT_X509_LOOKUP) { - fprintf(stderr, "SSL_accept() failed %d, %d", rets, err); + fprintf(stderr, "SSL_accept() failed returning %d, SSL error %d.\n", + rets, err); + ERR_print_errors_fp(stderr); if (want != SSL_ERROR_SSL) ERR_clear_error(); servererr = 1; From d646f80e5d48d2740c5658e840bd6048133b37cb Mon Sep 17 00:00:00 2001 From: Bence Mali <64798108+bencemali@users.noreply.github.com> Date: Fri, 1 Mar 2024 16:53:34 +0100 Subject: [PATCH 130/164] p384_mlkem1024 hybrid added (#361) * p384_mlkem1024 hybrid added Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 2 + README.md | 2 +- oqs-template/generate.yml | 10 ++++- oqs-template/oqs-kem-info.md | 1 + oqsprov/oqs_decode_der2key.c | 3 ++ oqsprov/oqs_encode_key2any.c | 10 +++++ oqsprov/oqs_kmgmt.c | 1 + oqsprov/oqs_prov.h | 18 +++++++++ oqsprov/oqsdecoders.inc | 3 ++ oqsprov/oqsencoders.inc | 11 ++++++ oqsprov/oqsprov.c | 42 ++++++++++++--------- oqsprov/oqsprov_capabilities.c | 69 ++++++++++++++++++---------------- oqsprov/oqsprov_keys.c | 3 +- scripts/common.py | 2 +- 14 files changed, 123 insertions(+), 54 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index bd619ee0..57ef04d1 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -48,6 +48,7 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p256_mlkem768 | 0x2FB5 | Yes | OQS_CODEPOINT_P256_MLKEM768 | | mlkem1024 | 0x0249 | Yes | OQS_CODEPOINT_MLKEM1024 | | p521_mlkem1024 | 0x2F49 | Yes | OQS_CODEPOINT_P521_MLKEM1024 | +| p384_mlkem1024 | 0x2F4A | Yes | OQS_CODEPOINT_P384_MLKEM1024 | | bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 | | p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 | | x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 | @@ -240,6 +241,7 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li | p256_mlkem768 | 1.3.9999.99.58 | OQS_OID_P256_MLKEM768 | mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 | p521_mlkem1024 | 1.3.9999.99.82 | OQS_OID_P521_MLKEM1024 +| p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 | bikel1 | 1.3.9999.99.84 | OQS_OID_BIKEL1 | p256_bikel1 | 1.3.9999.99.83 | OQS_OID_P256_BIKEL1 | x25519_bikel1 | 1.3.9999.99.59 | OQS_OID_X25519_BIKEL1 diff --git a/README.md b/README.md index 49a771d8..8078d41a 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ This implementation makes available the following quantum safe algorithms: - **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p384_kyber768`, `x448_kyber768`, `x25519_kyber768`, `p256_kyber768`, `kyber1024`, `p521_kyber1024` - **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `x448_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `x448_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake` - **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `x448_hqc192`, `hqc256`, `p521_hqc256`† -- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024` +- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024`, `p384_mlkem1024` ### Signature algorithms diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index ab6f8ab9..b0cb5ffe 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -1,5 +1,5 @@ # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs -# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4A, X-hybrid: 0x2FB6 +# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4B, X-hybrid: 0x2FB6 kems: - family: 'FrodoKEM' @@ -175,6 +175,14 @@ kems: oid: '1.3.6.1.4.1.22554.5.6.3' nid_hybrid: '0x2F49' oqs_alg: 'OQS_KEM_alg_ml_kem_1024' + extra_nids: + current: + # p384_mlkem1024 hybrid doesn't appear in any standardization drafts + # this oid is proposed by Tresorit + # if the hybrid combination is standardized, feel free to change it + - hybrid_group: "p384" + hybrid_oid: '1.3.6.1.4.1.42235.6' + nid: '0x2F4A' - family: 'BIKE' name_group: 'bike1l1fo' diff --git a/oqs-template/oqs-kem-info.md b/oqs-template/oqs-kem-info.md index 66ba2326..dafa41cb 100644 --- a/oqs-template/oqs-kem-info.md +++ b/oqs-template/oqs-kem-info.md @@ -87,6 +87,7 @@ | HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 | | ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x0249 | | | ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x2F49 | secp521_r1 | +| ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x2F4A | p384 | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x0247 | | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2F47 | secp256_r1 | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2FB2 | x25519 | diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index c65d073e..d9bee34f 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -646,6 +646,9 @@ MAKE_DECODER(, "mlkem1024", mlkem1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_mlkem1024", p384_mlkem1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_mlkem1024", p384_mlkem1024, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 99e50ee2..985453cb 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1032,6 +1032,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define p521_mlkem1024_evp_type 0 #define p521_mlkem1024_input_type "p521_mlkem1024" #define p521_mlkem1024_pem_type "p521_mlkem1024" +#define p384_mlkem1024_evp_type 0 +#define p384_mlkem1024_input_type "p384_mlkem1024" +#define p384_mlkem1024_pem_type "p384_mlkem1024" #define bikel1_evp_type 0 #define bikel1_input_type "bikel1" #define bikel1_pem_type "bikel1" @@ -2138,6 +2141,13 @@ MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(_ecp, p521_mlkem1024); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_mlkem1024); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, bikel1, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 7f818b40..013c0ef2 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -1395,6 +1395,7 @@ MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem768, OQS_KEM_alg_ml_kem_768, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem1024, OQS_KEM_alg_ml_kem_1024, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(bikel1, OQS_KEM_alg_bike_l1, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_bikel1, OQS_KEM_alg_bike_l1, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index e1b6b954..e2d26585 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -877,6 +877,23 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_mlkem1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_mlkem1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH @@ -2074,6 +2091,7 @@ extern const OSSL_DISPATCH oqs_ecp_p256_mlkem768_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mlkem1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p521_mlkem1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecp_p384_mlkem1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_bikel1_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p256_bikel1_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 367ea14f..2f9e8399 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -173,6 +173,9 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_mlkem1024", der, PrivateKeyInfo, p521_mlkem1024), DECODER_w_structure("p521_mlkem1024", der, SubjectPublicKeyInfo, p521_mlkem1024), + DECODER_w_structure("p384_mlkem1024", der, PrivateKeyInfo, p384_mlkem1024), + DECODER_w_structure("p384_mlkem1024", der, SubjectPublicKeyInfo, + p384_mlkem1024), # endif # ifdef OQS_ENABLE_KEM_bike_l1 DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 1a6d3e8b..aa87bce1 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -500,6 +500,17 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_mlkem1024", p521_mlkem1024), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_mlkem1024", p384_mlkem1024), # endif # ifdef OQS_ENABLE_KEM_bike_l1 ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 516aadc8..039cd81d 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 196 +# define OQS_OID_CNT 166 #else # define OQS_OID_CNT 60 #endif @@ -129,6 +129,8 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "mlkem1024", "1.3.9999.99.35", "p521_mlkem1024", + "1.3.6.1.4.1.42235.6", + "p384_mlkem1024", "1.3.9999.99.37", "bikel1", "1.3.9999.99.36", @@ -349,46 +351,48 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P521_MLKEM1024")) oqs_oid_alg_list[70] = getenv("OQS_OID_P521_MLKEM1024"); + if (getenv("OQS_OID_P384_MLKEM1024")) + oqs_oid_alg_list[72] = getenv("OQS_OID_P384_MLKEM1024"); if (getenv("OQS_OID_BIKEL1")) - oqs_oid_alg_list[72] = getenv("OQS_OID_BIKEL1"); + oqs_oid_alg_list[74] = getenv("OQS_OID_BIKEL1"); if (getenv("OQS_OID_P256_BIKEL1")) - oqs_oid_alg_list[74] = getenv("OQS_OID_P256_BIKEL1"); + oqs_oid_alg_list[76] = getenv("OQS_OID_P256_BIKEL1"); if (getenv("OQS_OID_X25519_BIKEL1")) - oqs_oid_alg_list[76] = getenv("OQS_OID_X25519_BIKEL1"); + oqs_oid_alg_list[78] = getenv("OQS_OID_X25519_BIKEL1"); if (getenv("OQS_OID_BIKEL3")) - oqs_oid_alg_list[78] = getenv("OQS_OID_BIKEL3"); + oqs_oid_alg_list[80] = getenv("OQS_OID_BIKEL3"); if (getenv("OQS_OID_P384_BIKEL3")) - oqs_oid_alg_list[80] = getenv("OQS_OID_P384_BIKEL3"); + oqs_oid_alg_list[82] = getenv("OQS_OID_P384_BIKEL3"); if (getenv("OQS_OID_X448_BIKEL3")) - oqs_oid_alg_list[82] = getenv("OQS_OID_X448_BIKEL3"); + oqs_oid_alg_list[84] = getenv("OQS_OID_X448_BIKEL3"); if (getenv("OQS_OID_BIKEL5")) - oqs_oid_alg_list[84] = getenv("OQS_OID_BIKEL5"); + oqs_oid_alg_list[86] = getenv("OQS_OID_BIKEL5"); if (getenv("OQS_OID_P521_BIKEL5")) - oqs_oid_alg_list[86] = getenv("OQS_OID_P521_BIKEL5"); + oqs_oid_alg_list[88] = getenv("OQS_OID_P521_BIKEL5"); if (getenv("OQS_OID_HQC128")) - oqs_oid_alg_list[88] = getenv("OQS_OID_HQC128"); + oqs_oid_alg_list[90] = getenv("OQS_OID_HQC128"); if (getenv("OQS_OID_P256_HQC128")) - oqs_oid_alg_list[90] = getenv("OQS_OID_P256_HQC128"); + oqs_oid_alg_list[92] = getenv("OQS_OID_P256_HQC128"); if (getenv("OQS_OID_X25519_HQC128")) - oqs_oid_alg_list[92] = getenv("OQS_OID_X25519_HQC128"); + oqs_oid_alg_list[94] = getenv("OQS_OID_X25519_HQC128"); if (getenv("OQS_OID_HQC192")) - oqs_oid_alg_list[94] = getenv("OQS_OID_HQC192"); + oqs_oid_alg_list[96] = getenv("OQS_OID_HQC192"); if (getenv("OQS_OID_P384_HQC192")) - oqs_oid_alg_list[96] = getenv("OQS_OID_P384_HQC192"); + oqs_oid_alg_list[98] = getenv("OQS_OID_P384_HQC192"); if (getenv("OQS_OID_X448_HQC192")) - oqs_oid_alg_list[98] = getenv("OQS_OID_X448_HQC192"); + oqs_oid_alg_list[100] = getenv("OQS_OID_X448_HQC192"); if (getenv("OQS_OID_HQC256")) - oqs_oid_alg_list[100] = getenv("OQS_OID_HQC256"); + oqs_oid_alg_list[102] = getenv("OQS_OID_HQC256"); if (getenv("OQS_OID_P521_HQC256")) - oqs_oid_alg_list[102] = getenv("OQS_OID_P521_HQC256"); + oqs_oid_alg_list[104] = getenv("OQS_OID_P521_HQC256"); -# define OQS_KEMOID_CNT 102 + 2 +# define OQS_KEMOID_CNT 104 + 2 #else # define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ @@ -893,6 +897,7 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { #ifdef OQS_ENABLE_KEM_ml_kem_1024 KEMBASEALG(mlkem1024, 256) KEMHYBALG(p521_mlkem1024, 256) + KEMHYBALG(p384_mlkem1024, 192) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMBASEALG(bikel1, 128) @@ -1073,6 +1078,7 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] KEMKMALG(mlkem1024, 256) KEMKMHYBALG(p521_mlkem1024, 256, ecp) + KEMKMHYBALG(p384_mlkem1024, 192, ecp) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMKMALG(bikel1, 128) diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 81aec194..2ffb4cc1 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -83,6 +83,7 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = { {0x0249, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F49, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F4A, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1}, @@ -215,40 +216,41 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(mlkem1024, mlkem1024, mlkem1024, 34), OQS_GROUP_ENTRY(p521_mlkem1024, p521_mlkem1024, p521_mlkem1024, 35), + OQS_GROUP_ENTRY(p384_mlkem1024, p384_mlkem1024, p384_mlkem1024, 36), #endif #ifdef OQS_ENABLE_KEM_bike_l1 - OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 36), + OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 37), - OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 37), - OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 38), + OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 38), + OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 39), #endif #ifdef OQS_ENABLE_KEM_bike_l3 - OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 39), + OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 40), - OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 40), - OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 41), + OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 41), + OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 42), #endif #ifdef OQS_ENABLE_KEM_bike_l5 - OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 42), + OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 43), - OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 43), + OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 44), #endif #ifdef OQS_ENABLE_KEM_hqc_128 - OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 44), + OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 45), - OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 45), - OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 46), + OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 46), + OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 47), #endif #ifdef OQS_ENABLE_KEM_hqc_192 - OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 47), + OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 48), - OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 48), - OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 49), + OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 49), + OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 50), #endif #ifdef OQS_ENABLE_KEM_hqc_256 - OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 50), + OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 51), - OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 51), + OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 52), #endif ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END }; @@ -385,40 +387,43 @@ int oqs_patch_codepoints() if (getenv("OQS_CODEPOINT_P521_MLKEM1024")) oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P521_MLKEM1024")); + if (getenv("OQS_CODEPOINT_P384_MLKEM1024")) + oqs_group_list[36].group_id + = atoi(getenv("OQS_CODEPOINT_P384_MLKEM1024")); if (getenv("OQS_CODEPOINT_BIKEL1")) - oqs_group_list[36].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); + oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); if (getenv("OQS_CODEPOINT_P256_BIKEL1")) - oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); + oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) - oqs_group_list[38].group_id + oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); if (getenv("OQS_CODEPOINT_BIKEL3")) - oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); + oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); if (getenv("OQS_CODEPOINT_P384_BIKEL3")) - oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); + oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); if (getenv("OQS_CODEPOINT_X448_BIKEL3")) - oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); + oqs_group_list[42].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); if (getenv("OQS_CODEPOINT_BIKEL5")) - oqs_group_list[42].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); + oqs_group_list[43].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); if (getenv("OQS_CODEPOINT_P521_BIKEL5")) - oqs_group_list[43].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); + oqs_group_list[44].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); if (getenv("OQS_CODEPOINT_HQC128")) - oqs_group_list[44].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); + oqs_group_list[45].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); if (getenv("OQS_CODEPOINT_P256_HQC128")) - oqs_group_list[45].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); + oqs_group_list[46].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); if (getenv("OQS_CODEPOINT_X25519_HQC128")) - oqs_group_list[46].group_id + oqs_group_list[47].group_id = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); if (getenv("OQS_CODEPOINT_HQC192")) - oqs_group_list[47].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); + oqs_group_list[48].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); if (getenv("OQS_CODEPOINT_P384_HQC192")) - oqs_group_list[48].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); + oqs_group_list[49].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); if (getenv("OQS_CODEPOINT_X448_HQC192")) - oqs_group_list[49].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); + oqs_group_list[50].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); if (getenv("OQS_CODEPOINT_HQC256")) - oqs_group_list[50].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); + oqs_group_list[51].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); if (getenv("OQS_CODEPOINT_P521_HQC256")) - oqs_group_list[51].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); + oqs_group_list[52].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); if (getenv("OQS_CODEPOINT_DILITHIUM2")) oqs_sigalg_list[0].code_point diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index dbdd3c5d..347dfe4d 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,7 +54,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 98 +# define NID_TABLE_LEN 83 #else # define NID_TABLE_LEN 30 #endif @@ -108,6 +108,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "p256_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, {0, "mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_KEM, 256}, {0, "p521_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "p384_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, diff --git a/scripts/common.py b/scripts/common.py index 83ca6dff..7913d4b2 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -9,7 +9,7 @@ # post-quantum key exchanges 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','kyber512','kyber768','kyber1024','mlkem512','mlkem768','mlkem1024','bikel1','bikel3','bikel5','hqc128','hqc192','hqc256', # post-quantum + classical key exchanges - 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_mlkem512','x25519_mlkem512','p384_mlkem768','x448_mlkem768','x25519_mlkem768','p256_mlkem768','p521_mlkem1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', + 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_mlkem512','x25519_mlkem512','p384_mlkem768','x448_mlkem768','x25519_mlkem768','p256_mlkem768','p521_mlkem1024','p384_mlkem1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END ] signatures = [ From b3a69793fbd85247efc6b45166e6cdcb4cadec3c Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Mar 2024 14:32:13 -0600 Subject: [PATCH 131/164] correct generate output files Signed-off-by: Felipe Ventura --- oqsprov/oqsprov.c | 2 +- oqsprov/oqsprov_keys.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 039cd81d..7a6e127e 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 166 +# define OQS_OID_CNT 198 #else # define OQS_OID_CNT 60 #endif diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 347dfe4d..bb02f0a5 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,7 +54,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 83 +# define NID_TABLE_LEN 99 #else # define NID_TABLE_LEN 30 #endif From 8f9787218275b39bd16dfc7747648dc14f3ecad4 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Mar 2024 15:04:25 -0600 Subject: [PATCH 132/164] manipulating pointer on a temp instead of void* Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index bb02f0a5..0f45ec6b 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -647,6 +647,8 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, size_t publen = 0; size_t previous_privlen = 0; size_t previous_publen = 0; + size_t temp_pub_len, temp_priv_len; + char *temp_priv, *temp_pub; int pqc_pub_enc = 0; int i; @@ -686,6 +688,10 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err_key_op; } + temp_priv_len = previous_privlen; + temp_pub_len = previous_publen; + temp_priv = OPENSSL_secure_zalloc(temp_priv_len); + temp_pub = OPENSSL_secure_zalloc(temp_pub_len); previous_privlen = 0; previous_publen = 0; for (i = 0; i < key->numkeys; i++) { @@ -710,6 +716,8 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, OPENSSL_free(enc_len); if (privlen > key->privkeylen_cmp[i]) { OPENSSL_free(name); + OPENSSL_secure_clear_free(temp_priv, temp_priv_len); + OPENSSL_secure_clear_free(temp_pub, temp_pub_len); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; } @@ -723,15 +731,19 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, else publen = 0; } - memcpy(key->privkey + previous_privlen, + memcpy(temp_priv + previous_privlen, p + previous_privlen + previous_publen, privlen); - memcpy(key->pubkey + previous_publen, + memcpy(temp_pub + previous_publen, p + privlen + previous_privlen + previous_publen, publen); previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); } + memcpy(key->privkey, temp_priv, previous_privlen); + memcpy(key->privkey, temp_priv, previous_privlen); + OPENSSL_secure_clear_free(temp_priv, temp_priv_len); + OPENSSL_secure_clear_free(temp_pub, temp_pub_len); } else { if (key->numkeys == 2) { DECODE_UINT32(classical_privatekey_len, From e245471fdf145af6f568b22f6d76e71dfad2058b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Fri, 1 Mar 2024 15:16:46 -0600 Subject: [PATCH 133/164] fix pubkey typo Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 0f45ec6b..3c9a26ba 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -741,7 +741,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, OPENSSL_free(name); } memcpy(key->privkey, temp_priv, previous_privlen); - memcpy(key->privkey, temp_priv, previous_privlen); + memcpy(key->pubkey, temp_pub, previous_publen); OPENSSL_secure_clear_free(temp_priv, temp_priv_len); OPENSSL_secure_clear_free(temp_pub, temp_pub_len); } else { From 09e6e603c84f93bf521890c71e5781d8750a6317 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 4 Mar 2024 11:41:57 -0600 Subject: [PATCH 134/164] removed strtok_r Signed-off-by: Felipe Ventura --- oqsprov/oqsprov.c | 29 ++++++++++++++--------------- oqsprov/oqsprov_keys.c | 36 ++++++++++++++++++++++-------------- 2 files changed, 36 insertions(+), 29 deletions(-) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 7a6e127e..f6c5707a 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -1136,22 +1136,21 @@ static const OSSL_ALGORITHM oqsprovider_decoder[] = { // get the last number on the composite OID int get_composite_idx(int idx) { - char *first_token; - char *token; - char *s; - int i; - s = OPENSSL_strdup(oqs_oid_alg_list[idx * 2]); - first_token = strtok_r(s, ".", &s); - for (i = 0; i <= 7; i++) { // 7 dots in composite OID - token = strtok_r(NULL, ".", &s); - } - if (token != NULL) { - i = atoi(token); - } else { - i = -1; + char *token, *s; + int i, len, count = 0; + + s = oqs_oid_alg_list[idx * 2]; + len = strlen(oqs_oid_alg_list[idx * 2]); + + for (i = 0; i < len; i++) { + if (s[i] == '.') { + count += 1; + } + if (count == 8) { // 8 dots in composite OID + return atoi(s + i + 1); + } } - OPENSSL_free(first_token); - return i; + return 0; } static const OSSL_PARAM *oqsprovider_gettable_params(void *provctx) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 3c9a26ba..2980994a 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -244,23 +244,31 @@ char *get_oqsname(int nid) char *get_cmpname(int nid, int index) { - int i, j; - char *name; - char *first_token; - char *token; - char *s; + int i, len; + char *name, *s; if ((i = get_oqsalg_idx(nid)) == -1) return NULL; - s = OPENSSL_strdup(nid_names[i].tlsname); - first_token = strtok_r(s, "_", &s); - if (index == 0) { - name = OPENSSL_strdup(first_token); - } else { - for (j = 0; j < index; j++) - token = strtok_r(s, "_", &s); - name = OPENSSL_strdup(token); + s = nid_names[i].tlsname; + len = strlen(nid_names[i].tlsname); + for (i = 0; i < len; i++) { + if (s[i] == '_') { + break; + } + } + switch (index) { + case 0: + name = OPENSSL_malloc(i); + memcpy(name, s, i); + break; + case 1: + i += 1; + name = OPENSSL_malloc(len - i); + memcpy(name, s + i, len - i); + break; + default: + name = NULL; } - OPENSSL_free(first_token); + return name; } From 294bc98c27eab1742c35cdabd64e02bba4739299 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 4 Mar 2024 11:51:32 -0600 Subject: [PATCH 135/164] removed Falcon accordingly to the draft-ounsworth-pq-composite-sigs-13 Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 3 -- README.md | 2 +- oqs-template/generate.yml | 14 +----- oqsprov/oqs_decode_der2key.c | 7 --- oqsprov/oqs_encode_key2any.c | 30 ------------ oqsprov/oqs_kmgmt.c | 88 +++++++++++------------------------- oqsprov/oqs_prov.h | 54 ---------------------- oqsprov/oqsdecoders.inc | 11 ----- oqsprov/oqsencoders.inc | 37 --------------- oqsprov/oqsprov.c | 83 ++++++++++++---------------------- oqsprov/oqsprov_keys.c | 7 +-- scripts/common.py | 2 +- 12 files changed, 59 insertions(+), 279 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 57ef04d1..f7f5a225 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -167,9 +167,6 @@ adapting the OIDs of all supported signature algorithms as per the table below. | falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512 | p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512 | rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512 -| falcon512_p256 | 2.16.840.1.114027.80.8.1.14 |Yes| OQS_OID_FALCON512_p256 -| falcon512_bp256 | 2.16.840.1.114027.80.8.1.15 |Yes| OQS_OID_FALCON512_bp256 -| falcon512_ed25519 | 2.16.840.1.114027.80.8.1.16 |Yes| OQS_OID_FALCON512_ed25519 | falcon1024 | 1.3.9999.3.9 |Yes| OQS_OID_FALCON1024 | p521_falcon1024 | 1.3.9999.3.10 |Yes| OQS_OID_P521_FALCON1024 | sphincssha2128fsimple | 1.3.9999.6.4.13 |Yes| OQS_OID_SPHINCSSHA2128FSIMPLE diff --git a/README.md b/README.md index 8078d41a..9c4d9c92 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ This implementation makes available the following quantum safe algorithms: - **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* - **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\* -- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon512_p256`\*, `falcon512_bp256`\*, `falcon512_ed25519`\*, `falcon1024`\*, `p521_falcon1024`\* +- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index b0cb5ffe..3cb69dce 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -426,7 +426,7 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # The Composite OIDs are kept up to date by @feventura (Entrust) - # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-12 + # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) @@ -666,18 +666,6 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.3.8', 'code_point': '0xfeb0'}] - composite: [{'name': 'p256', - 'pretty_name': 'ECDSA p256', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.14'}, - {'name': 'bp256', - 'pretty_name': 'ECDSA brainpoolP256r1', - 'security': '256', - 'oid': '2.16.840.1.114027.80.8.1.15'}, - {'name': 'ed25519', - 'pretty_name': 'ED25519', - 'security': '128', - 'oid': '2.16.840.1.114027.80.8.1.16'}] extra_nids: old: - implementation_version: NIST Round 3 submission diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index d9bee34f..2ab814da 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -751,13 +751,6 @@ MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_p256", falcon512_p256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_bp256", falcon512_bp256, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "falcon512_ed25519", falcon512_ed25519, oqsx, - SubjectPublicKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 985453cb..167083f2 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1180,15 +1180,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_falcon512_evp_type 0 #define rsa3072_falcon512_input_type "rsa3072_falcon512" #define rsa3072_falcon512_pem_type "rsa3072_falcon512" -#define falcon512_p256_evp_type 0 -#define falcon512_p256_input_type "falcon512_p256" -#define falcon512_p256_pem_type "falcon512_p256" -#define falcon512_bp256_evp_type 0 -#define falcon512_bp256_input_type "falcon512_bp256" -#define falcon512_bp256_pem_type "falcon512_bp256" -#define falcon512_ed25519_evp_type 0 -#define falcon512_ed25519_input_type "falcon512_ed25519" -#define falcon512_ed25519_pem_type "falcon512_ed25519" #define falcon1024_evp_type 0 #define falcon1024_input_type "falcon1024" #define falcon1024_pem_type "falcon1024" @@ -2478,27 +2469,6 @@ MAKE_ENCODER(, rsa3072_falcon512, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_falcon512); -MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_p256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_p256); -MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_bp256, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_bp256); -MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, EncryptedPrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, PrivateKeyInfo, pem); -MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, der); -MAKE_ENCODER(, falcon512_ed25519, oqsx, SubjectPublicKeyInfo, pem); -MAKE_TEXT_ENCODER(, falcon512_ed25519); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon1024, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 013c0ef2..5f017457 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -927,93 +927,60 @@ static void *rsa3072_falcon512_gen_init(void *provctx, int selection) return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 29); } -static void *falcon512_p256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, NULL, 128, 30); -} - -static void *falcon512_p256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_p256", KEY_TYPE_CMP_SIG, 128, 30); -} -static void *falcon512_bp256_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, NULL, 256, 31); -} - -static void *falcon512_bp256_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_bp256", KEY_TYPE_CMP_SIG, 256, 31); -} -static void *falcon512_ed25519_new_key(void *provctx) -{ - return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, NULL, 128, 32); -} - -static void *falcon512_ed25519_gen_init(void *provctx, int selection) -{ - return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "falcon512_ed25519", KEY_TYPE_CMP_SIG, 128, 32); -} static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 33); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 30); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 33); + "falcon1024", 0, 256, 30); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 34); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 31); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 34); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 31); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 35); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 32); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 35); + "sphincssha2128fsimple", 0, 128, 32); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 36); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 36); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 33); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 34); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -1021,39 +988,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 37); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 34); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 38); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 35); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 38); + "sphincssha2128ssimple", 0, 128, 35); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 39); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 36); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 39); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 36); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 40); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -1061,66 +1028,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 40); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 37); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 41); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 38); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 41); + "sphincssha2192fsimple", 0, 192, 38); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 42); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 39); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 42); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 39); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 43); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 40); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 43); + "sphincsshake128fsimple", 0, 128, 40); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 44); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 41); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 44); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 41); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 45); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 42); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -1128,7 +1095,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 45); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 42); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -1310,9 +1277,6 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_p256) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_bp256) -MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512_ed25519) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincssha2128fsimple) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index e2d26585..62268b31 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1661,57 +1661,6 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_p256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_p256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_bp256_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_bp256_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_falcon512_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH - oqs_PrivateKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH - oqs_SubjectPublicKeyInfo_der_to_falcon512_ed25519_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -2023,9 +1972,6 @@ extern const OSSL_DISPATCH oqs_mldsa87_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_p256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_bp256_keymgmt_functions[]; -extern const OSSL_DISPATCH oqs_falcon512_ed25519_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 2f9e8399..89ee333d 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -334,17 +334,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), rsa3072_falcon512), DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512), - DECODER_w_structure("falcon512_p256", der, PrivateKeyInfo, falcon512_p256), - DECODER_w_structure("falcon512_p256", der, SubjectPublicKeyInfo, - falcon512_p256), - DECODER_w_structure("falcon512_bp256", der, PrivateKeyInfo, - falcon512_bp256), - DECODER_w_structure("falcon512_bp256", der, SubjectPublicKeyInfo, - falcon512_bp256), - DECODER_w_structure("falcon512_ed25519", der, PrivateKeyInfo, - falcon512_ed25519), - DECODER_w_structure("falcon512_ed25519", der, SubjectPublicKeyInfo, - falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index aa87bce1..d9852a14 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -1002,43 +1002,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("rsa3072_falcon512", rsa3072_falcon512, pem, SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, PrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, PrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_p256", falcon512_p256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_p256", falcon512_p256), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_bp256", falcon512_bp256, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_bp256", falcon512_bp256), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - PrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falcon512_ed25519", falcon512_ed25519, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falcon512_ed25519", falcon512_ed25519), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index f6c5707a..f50454b4 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,9 +49,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 198 +# define OQS_OID_CNT 192 #else -# define OQS_OID_CNT 60 +# define OQS_OID_CNT 86 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -226,12 +226,6 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_falcon512", "1.3.9999.3.8", "rsa3072_falcon512", - "2.16.840.1.114027.80.8.1.14", - "falcon512_p256", - "2.16.840.1.114027.80.8.1.15", - "falcon512_bp256", - "2.16.840.1.114027.80.8.1.16", - "falcon512_ed25519", "1.3.9999.3.9", "falcon1024", "1.3.9999.3.10", @@ -628,95 +622,80 @@ int oqs_patch_encodings(void) if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_P256")) - oqs_alg_encoding_list[46] = getenv("OQS_ENCODING_FALCON512_P256"); - if (getenv("OQS_ENCODING_FALCON512_P256_ALGNAME")) - oqs_alg_encoding_list[47] - = getenv("OQS_ENCODING_FALCON512_P256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_BP256")) - oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_FALCON512_BP256"); - if (getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME")) - oqs_alg_encoding_list[49] - = getenv("OQS_ENCODING_FALCON512_BP256_ALGNAME"); - if (getenv("OQS_ENCODING_FALCON512_ED25519")) - oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_FALCON512_ED25519"); - if (getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME")) - oqs_alg_encoding_list[51] - = getenv("OQS_ENCODING_FALCON512_ED25519_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_FALCON1024"); + oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_P521_FALCON1024"); + oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[37] + oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[38] + oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[39] + oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[40] + oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[41] + oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[42] + oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[43] + oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[44] + oqs_alg_encoding_list[70] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[45] + oqs_alg_encoding_list[71] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[46] + oqs_alg_encoding_list[72] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[47] + oqs_alg_encoding_list[73] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[48] + oqs_alg_encoding_list[74] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[49] + oqs_alg_encoding_list[75] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[50] + oqs_alg_encoding_list[76] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[51] + oqs_alg_encoding_list[77] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[52] + oqs_alg_encoding_list[78] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[53] + oqs_alg_encoding_list[79] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[54] + oqs_alg_encoding_list[80] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[55] + oqs_alg_encoding_list[81] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[56] + oqs_alg_encoding_list[82] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[57] + oqs_alg_encoding_list[83] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[58] + oqs_alg_encoding_list[84] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[59] + oqs_alg_encoding_list[85] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; @@ -805,9 +784,6 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("falcon512", 128, oqs_signature_functions), SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), - SIGALG("falcon512_p256", 128, oqs_signature_functions), - SIGALG("falcon512_bp256", 256, oqs_signature_functions), - SIGALG("falcon512_ed25519", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), @@ -979,9 +955,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), - SIGALG("falcon512_p256", 128, oqs_falcon512_p256_keymgmt_functions), - SIGALG("falcon512_bp256", 256, oqs_falcon512_bp256_keymgmt_functions), - SIGALG("falcon512_ed25519", 128, oqs_falcon512_ed25519_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 2980994a..37ffa018 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,9 +54,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 99 +# define NID_TABLE_LEN 96 #else -# define NID_TABLE_LEN 30 +# define NID_TABLE_LEN 43 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -157,9 +157,6 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, - {0, "falcon512_p256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, - {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 256}, - {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, diff --git a/scripts/common.py b/scripts/common.py index 7913d4b2..f5b122b7 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -20,7 +20,7 @@ # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', # post-quantum + classical signatures (COMPOSITE) - 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448','falcon512_p256','falcon512_bp256','falcon512_ed25519', + 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] From 1ecceeb67bc111c122b9ed5ff856655eab8b6d08 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 4 Mar 2024 12:22:09 -0600 Subject: [PATCH 136/164] changed composite classic digest hash logic Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 104 +++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 76 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 8a9554a2..c5fd13b9 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -251,7 +251,7 @@ static const unsigned char *composite_OID_prefix[] = { }; -void Composite_prefix_conversion(char *out, const unsigned char *in) +void composite_prefix_conversion(char *out, const unsigned char *in) { int temp; for (int i = 0; i < COMPOSITE_OID_PREFIRX_LEN / 2; i++) { @@ -392,8 +392,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, CompositeSignature *compsig = CompositeSignature_new(); int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); - const unsigned char *oid_prefix - = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; + int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); + const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; char *final_tbs; size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; int aux = 0; @@ -436,7 +436,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } final_tbs = OPENSSL_malloc(final_tbslen); - Composite_prefix_conversion(final_tbs, oid_prefix); + composite_prefix_conversion(final_tbs, oid_prefix); memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); @@ -525,41 +525,16 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, goto endsign; } } - - if ((name[0] == 'p') || (name[0] == 'b') - || (name[0] == 'r')) { - int aux; - if (name[0] == 'b') { - aux = 2; - } else { - aux = 1; - } - switch (name[aux]) { - case 's': // pss or rsa - case '2': // p256 or bp256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - case '3': // p384 or bp384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - case '5': // p512 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - default: - ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); - OPENSSL_free(buf); - goto endsign; - } + if (comp_idx < 6) { + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, + (unsigned char *)&digest); + } else { + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(final_tbs, final_tbslen, + (unsigned char *)&digest); } if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, @@ -720,10 +695,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, CompositeSignature *compsig; int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); + int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); unsigned char *buf; size_t buf_len; - const unsigned char *oid_prefix - = composite_OID_prefix[get_composite_idx(get_oqsalg_idx(nid)) - 1]; + const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; char *final_tbs; size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; int aux = 0; @@ -774,7 +749,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } final_tbs = OPENSSL_malloc(final_tbslen); - Composite_prefix_conversion(final_tbs, oid_prefix); + composite_prefix_conversion(final_tbs, oid_prefix); memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); @@ -870,41 +845,18 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - if ((name[0] == 'p') || (name[0] == 'b') - || (name[0] == 'r')) { - int aux; - if (name[0] == 'b') - aux = 2; - else - aux = 1; - switch (name[aux]) { - case 's': // pss or rsa - case '2': // p256 or bp256 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - case '3': // p384 or bp384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - case '5': // p512 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, - (unsigned char *)&digest); - break; - default: - ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); - OPENSSL_free(name); - CompositeSignature_free(compsig); - OPENSSL_free(final_tbs); - goto endverify; - } + if (comp_idx < 6) { + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, + (unsigned char *)&digest); + } else { + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(final_tbs, final_tbslen, + (unsigned char *)&digest); } + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, From 8a8a68087b4e964a8f69378f932dd3a77d45cbf0 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 4 Mar 2024 14:10:02 -0600 Subject: [PATCH 137/164] fixed heap buffer overflow Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 37ffa018..bcc1cc02 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -254,13 +254,11 @@ char *get_cmpname(int nid, int index) } switch (index) { case 0: - name = OPENSSL_malloc(i); - memcpy(name, s, i); + name = OPENSSL_strndup(s, i); break; case 1: i += 1; - name = OPENSSL_malloc(len - i); - memcpy(name, s + i, len - i); + name = OPENSSL_strndup(s + i, len - i); break; default: name = NULL; From faacdbb113815af5dd89e729b8c89b09caf4647b Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 4 Mar 2024 14:51:46 -0600 Subject: [PATCH 138/164] removed interop comment Signed-off-by: Felipe Ventura --- oqs-template/generate.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 3cb69dce..43d52909 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -484,12 +484,6 @@ sigs: 'pretty_name': 'ECDSA p384', 'oid': '1.3.9999.2.7.3', 'code_point': '0xfea4'}] -# Used to interop with dilithium3 implementations -# composite: [ -# {'name': 'p256', -# 'pretty_name': 'ECDSA p256', -# 'security': '128', -# 'oid': '2.16.840.1.114027.80.8.1.8'},] - name: 'dilithium5' pretty_name: 'Dilithium5' From ddaadc63a7f0b8606123e066a6dde28c401aa2a2 Mon Sep 17 00:00:00 2001 From: Bence Mali <64798108+bencemali@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:56:53 +0100 Subject: [PATCH 139/164] length and null checks in en/decaps (#364) * length and null checks in en/decaps Signed-off-by: Felipe Ventura --- oqsprov/oqs_kem.c | 68 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 6 deletions(-) diff --git a/oqsprov/oqs_kem.c b/oqsprov/oqs_kem.c index 76780a16..a56150d4 100644 --- a/oqsprov/oqs_kem.c +++ b/oqsprov/oqs_kem.c @@ -116,13 +116,42 @@ static int oqs_qs_kem_encaps_keyslot(void *vpkemctx, unsigned char *out, OQS_KEM_PRINTF("OQS Warning: OQS_KEM not initialized\n"); return -1; } - *outlen = kem_ctx->length_ciphertext; - *secretlen = kem_ctx->length_shared_secret; + if (pkemctx->kem->comp_pubkey == NULL + || pkemctx->kem->comp_pubkey[keyslot] == NULL) { + OQS_KEM_PRINTF("OQS Warning: public key is NULL\n"); + return -1; + } if (out == NULL || secret == NULL) { - OQS_KEM_PRINTF3("KEM returning lengths %ld and %ld\n", *outlen, - *secretlen); + if (outlen != NULL) { + *outlen = kem_ctx->length_ciphertext; + } + if (secretlen != NULL) { + *secretlen = kem_ctx->length_shared_secret; + } + OQS_KEM_PRINTF3("KEM returning lengths %ld and %ld\n", + kem_ctx->length_ciphertext, + kem_ctx->length_shared_secret); return 1; } + if (outlen == NULL) { + OQS_KEM_PRINTF("OQS Warning: outlen is NULL\n"); + return -1; + } + if (secretlen == NULL) { + OQS_KEM_PRINTF("OQS Warning: secretlen is NULL\n"); + return -1; + } + if (*outlen < kem_ctx->length_ciphertext) { + OQS_KEM_PRINTF("OQS Warning: out buffer too small\n"); + return -1; + } + if (*secretlen < kem_ctx->length_shared_secret) { + OQS_KEM_PRINTF("OQS Warning: secret buffer too small\n"); + return -1; + } + *outlen = kem_ctx->length_ciphertext; + *secretlen = kem_ctx->length_shared_secret; + return OQS_SUCCESS == OQS_KEM_encaps(kem_ctx, out, secret, pkemctx->kem->comp_pubkey[keyslot]); @@ -140,9 +169,36 @@ static int oqs_qs_kem_decaps_keyslot(void *vpkemctx, unsigned char *out, OQS_KEM_PRINTF("OQS Warning: OQS_KEM not initialized\n"); return -1; } - *outlen = kem_ctx->length_shared_secret; - if (out == NULL) + if (pkemctx->kem->comp_privkey == NULL + || pkemctx->kem->comp_privkey[keyslot] == NULL) { + OQS_KEM_PRINTF("OQS Warning: private key is NULL\n"); + return -1; + } + if (out == NULL) { + if (outlen != NULL) { + *outlen = kem_ctx->length_shared_secret; + } + OQS_KEM_PRINTF2("KEM returning length %ld\n", + kem_ctx->length_shared_secret); return 1; + } + if (inlen != kem_ctx->length_ciphertext) { + OQS_KEM_PRINTF("OQS Warning: wrong input length\n"); + return 0; + } + if (in == NULL) { + OQS_KEM_PRINTF("OQS Warning: in is NULL\n"); + return -1; + } + if (outlen == NULL) { + OQS_KEM_PRINTF("OQS Warning: outlen is NULL\n"); + return -1; + } + if (*outlen < kem_ctx->length_shared_secret) { + OQS_KEM_PRINTF("OQS Warning: out buffer too small\n"); + return -1; + } + *outlen = kem_ctx->length_shared_secret; return OQS_SUCCESS == OQS_KEM_decaps(kem_ctx, out, in, From caa53b1bed0153104b538503008fae574b9c4796 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Wed, 6 Mar 2024 14:40:53 +0100 Subject: [PATCH 140/164] documentation update [skip ci] (#366) Signed-off-by: Felipe Ventura --- README.md | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 9c4d9c92..1ced62fb 100644 --- a/README.md +++ b/README.md @@ -143,18 +143,22 @@ as documented in https://github.com/openssl/openssl/issues/22761. ## 3.3(-dev) -When https://github.com/openssl/openssl/pull/22779 land, the last config-time limitation -for provider-based signatures should be gone. +When https://github.com/openssl/openssl/pull/22779 lands, a last known +config-time limitation for provider-based signatures should be gone. -A limitation present in all OpenSSL versions is the number of default groups +## All versions + +A limitation present in older OpenSSL versions is the number of default groups supported: [At most 44 default groups may be specified](https://github.com/openssl/openssl/issues/23624) , e.g., passing to [SSL_CTX_set1_groups](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html). Therefore caution is advised activating all KEMs supported by `oqsprovider`: -This may lead to `openssl` crashing. +This may lead to `openssl` crashing, depending on the OpenSSL version used: +The problem is gone in OpenSSL "master" branch and (will be gone) in the +releases 3.3.0, 3.2.2., 3.1.6 and 3.0.14. For [general OpenSSL implementation limitations, e.g., regarding provider feature usage and support, -see here](https://wiki.openssl.org/index.php/OpenSSL_3.0#STATUS_of_current_development). +see here](https://www.openssl.org/docs/man3.0/man7/migration_guide.html). Governance & Contributions -------------------------- @@ -162,11 +166,18 @@ Governance & Contributions Project governance is documented in [GOVERNANCE.md](GOVERNANCE.md) and contribution policy is documented in [CONTRIBUTING.md](CONTRIBUTING.md). +Discussions +----------- + +The policy of this project is that all discussions pertaining to changes in the +functional and non-functional aspects of `oqsprovider` shall take place in +`github`. References to external discussion fora are discouraged to retain the +free and open flow of thoughts unencumbered by potentially differing or changing +access or data retention policies by `github`-external chat forums. + Team ---- -The Open Quantum Safe project is led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/) at the University of Waterloo. - Contributors to the `oqsprovider` include: - Michael Baentsch @@ -188,6 +199,13 @@ the separate file [RELEASE.md](RELEASE.md). Acknowledgments --------------- +`oqsprovider` came into existence as a branch of [oqs-openssl](https://github.com/open-quantum-safe/openssl) +as part of the OQS project initially led by Douglas Stebila and Michele +Mosca at the University of Waterloo but split off to become a separate +project catering to the [OpenSSL provider](https://www.openssl.org/docs/manmaster/man7/provider.html) +concept. With OQS joining [PQCA](https://pqca.org) `oqsprovider` also +was folded into that organization. + The `oqsprovider` project had been supported through the [NGI Assure Fund](https://nlnet.nl/assure), a fund established by [NLnet](https://nlnet.nl) with financial support from the European Commission's [Next Generation Internet programme](https://www.ngi.eu), From cce2279337706f7dbf243479e94adc466c057dc7 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 09:34:59 -0600 Subject: [PATCH 141/164] added composite draft link to README Signed-off-by: Felipe Ventura --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1ced62fb..a6fdb795 100644 --- a/README.md +++ b/README.md @@ -66,9 +66,10 @@ TLS operations. This designation [can be changed by modifying the In order to support parallel use of classic and quantum-safe cryptography this provider also provides different hybrid algorithms, combining classic -and quantum-safe methods: These are listed above with a prefix denoting a -classic algorithm, e.g., for elliptic curve: "p256_". -For composite, these are listed above with a suffix denoting a +and quantum-safe methods. +There are two types of combinations: +The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". +The Composite (https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well From 539d6921d2c1aa2338e37019dc460eb9f9893267 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 09:40:46 -0600 Subject: [PATCH 142/164] added the draft hyperlink to Composite text Signed-off-by: Felipe Ventura --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6fdb795..90eacd70 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ this provider also provides different hybrid algorithms, combining classic and quantum-safe methods. There are two types of combinations: The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". -The Composite (https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a +The [Composite] (https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well From 518a688f6b5050d76c3d632d8f6953df0809ed52 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 09:41:36 -0600 Subject: [PATCH 143/164] fixed space in the Composite hyperlink on README Signed-off-by: Felipe Ventura --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 90eacd70..a80f7154 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ this provider also provides different hybrid algorithms, combining classic and quantum-safe methods. There are two types of combinations: The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". -The [Composite] (https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a +The [Composite](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well From c909ce9a0842739099e2dd9f47b89c95f01bcba1 Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 7 Mar 2024 12:46:39 +0100 Subject: [PATCH 144/164] Set Kyber OIDs (#368) * Fix OIDs for Kyber (r3) * fix comments in generate.sh [skip ci] * run clang-format Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 94 +++++++++++++++++++-------------------- oqs-template/generate.sh | 9 +--- oqs-template/generate.yml | 3 ++ oqsprov/oqsprov.c | 39 ++++++++-------- 4 files changed, 71 insertions(+), 74 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index f7f5a225..e7e91d77 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -202,59 +202,59 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.64 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.63 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.48 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.66 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.65 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.49 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.68 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.67 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.50 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.70 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.69 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.51 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.72 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.71 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.74 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.73 | OQS_OID_P521_FRODO1344SHAKE -| kyber512 | 1.3.9999.99.76 | OQS_OID_KYBER512 -| p256_kyber512 | 1.3.9999.99.75 | OQS_OID_P256_KYBER512 -| x25519_kyber512 | 1.3.9999.99.52 | OQS_OID_X25519_KYBER512 -| kyber768 | 1.3.9999.99.78 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.77 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.53 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.54 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.55 | OQS_OID_P256_KYBER768 -| kyber1024 | 1.3.9999.99.80 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.79 | OQS_OID_P521_KYBER1024 +| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES +| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES +| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES +| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES +| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES +| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES +| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE +| kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512 +| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512 +| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512 +| kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768 +| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768 +| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768 +| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768 +| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768 +| kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024 +| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024 | mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 | mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768 -| p384_mlkem768 | 1.3.9999.99.81 | OQS_OID_P384_MLKEM768 -| x448_mlkem768 | 1.3.9999.99.56 | OQS_OID_X448_MLKEM768 -| x25519_mlkem768 | 1.3.9999.99.57 | OQS_OID_X25519_MLKEM768 -| p256_mlkem768 | 1.3.9999.99.58 | OQS_OID_P256_MLKEM768 +| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768 | mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 -| p521_mlkem1024 | 1.3.9999.99.82 | OQS_OID_P521_MLKEM1024 +| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 -| bikel1 | 1.3.9999.99.84 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.83 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.59 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.86 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.85 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.60 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.88 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.87 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.90 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.89 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.61 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.92 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.91 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.62 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.94 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.93 | OQS_OID_P521_HQC256 +| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1 +| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1 +| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3 +| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3 +| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3 +| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5 +| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5 +| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128 +| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128 +| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128 +| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192 +| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192 +| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192 +| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256 +| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256 # Key Encodings diff --git a/oqs-template/generate.sh b/oqs-template/generate.sh index 105c2aa9..5257e138 100755 --- a/oqs-template/generate.sh +++ b/oqs-template/generate.sh @@ -2,13 +2,8 @@ cd oqs-template -rm generate.yml - -# Step 1: Obtain current generate.yml from main: -wget -c https://raw.githubusercontent.com/open-quantum-safe/openssl/OQS-OpenSSL_1_1_1-stable/oqs-template/generate.yml - -# Step 2: Run the generator: +# Step 1: Run the generator: cd .. && python3 oqs-template/generate.py -# Step 3: Run clang-format. +# Step 2: Run clang-format. find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs "${CLANG_FORMAT:-clang-format}" -i diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 43d52909..bfe9bf9b 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -85,6 +85,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber512' nid: '0x023A' + oid: '1.3.6.1.4.1.2.267.8.2.2' nid_hybrid: '0x2F3A' oqs_alg: 'OQS_KEM_alg_kyber_512' extra_nids: @@ -107,6 +108,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber768' nid: '0x023C' + oid: '1.3.6.1.4.1.2.267.8.3.3' nid_hybrid: '0x2F3C' extra_nids: current: @@ -129,6 +131,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber1024' nid: '0x023D' + oid: '1.3.6.1.4.1.2.267.8.4.4' nid_hybrid: '0x2F3D' extra_nids: old: diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index f50454b4..0ce6d18d 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -89,15 +89,15 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "frodo1344shake", "1.3.9999.99.26", "p521_frodo1344shake", - "1.3.9999.99.29", + "1.3.6.1.4.1.2.267.8.2.2", "kyber512", "1.3.9999.99.28", "p256_kyber512", "1.3.9999.99.5", "x25519_kyber512", - "1.3.9999.99.31", + "1.3.6.1.4.1.2.267.8.3.3", "kyber768", - "1.3.9999.99.30", + "1.3.9999.99.29", "p384_kyber768", "1.3.9999.99.6", "x448_kyber768", @@ -105,9 +105,9 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_kyber768", "1.3.9999.99.8", "p256_kyber768", - "1.3.9999.99.33", + "1.3.6.1.4.1.2.267.8.4.4", "kyber1024", - "1.3.9999.99.32", + "1.3.9999.99.30", "p521_kyber1024", "1.3.6.1.4.1.22554.5.6.1", "mlkem512", @@ -117,7 +117,7 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_mlkem512", "1.3.6.1.4.1.22554.5.6.2", "mlkem768", - "1.3.9999.99.34", + "1.3.9999.99.31", "p384_mlkem768", "1.3.9999.99.9", "x448_mlkem768", @@ -127,41 +127,41 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_mlkem768", "1.3.6.1.4.1.22554.5.6.3", "mlkem1024", - "1.3.9999.99.35", + "1.3.9999.99.32", "p521_mlkem1024", "1.3.6.1.4.1.42235.6", "p384_mlkem1024", - "1.3.9999.99.37", + "1.3.9999.99.34", "bikel1", - "1.3.9999.99.36", + "1.3.9999.99.33", "p256_bikel1", "1.3.9999.99.12", "x25519_bikel1", - "1.3.9999.99.39", + "1.3.9999.99.36", "bikel3", - "1.3.9999.99.38", + "1.3.9999.99.35", "p384_bikel3", "1.3.9999.99.13", "x448_bikel3", - "1.3.9999.99.41", + "1.3.9999.99.38", "bikel5", - "1.3.9999.99.40", + "1.3.9999.99.37", "p521_bikel5", - "1.3.9999.99.43", + "1.3.9999.99.40", "hqc128", - "1.3.9999.99.42", + "1.3.9999.99.39", "p256_hqc128", "1.3.9999.99.14", "x25519_hqc128", - "1.3.9999.99.45", + "1.3.9999.99.42", "hqc192", - "1.3.9999.99.44", + "1.3.9999.99.41", "p384_hqc192", "1.3.9999.99.15", "x448_hqc192", - "1.3.9999.99.47", + "1.3.9999.99.44", "hqc256", - "1.3.9999.99.46", + "1.3.9999.99.43", "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ @@ -1089,7 +1089,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] #endif // clang-format on ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END - // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_encoder[] = { From 3f7deba623998d31be73f6f4c14d3134006611f0 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Thu, 7 Mar 2024 09:35:01 -0500 Subject: [PATCH 145/164] Add code points for PADDED variant of Falcon [skip ci] (#362) * Update OIDs to reflect Falcon KAT changes * Update "old" version string to reflect KAT mismatch Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 35 ++++--- README.md | 4 +- oqs-template/generate.yml | 70 +++++++++++--- oqs-template/oqs-sig-info.md | 20 +++- oqsprov/oqs_decode_der2key.c | 17 ++++ oqsprov/oqs_encode_key2any.c | 50 ++++++++++ oqsprov/oqs_kmgmt.c | 119 +++++++++++++++++------ oqsprov/oqs_prov.h | 96 +++++++++++++++++++ oqsprov/oqsdecoders.inc | 24 +++++ oqsprov/oqsencoders.inc | 69 ++++++++++++++ oqsprov/oqsprov.c | 168 +++++++++++++++++++++++---------- oqsprov/oqsprov_capabilities.c | 106 +++++++++++++-------- oqsprov/oqsprov_keys.c | 12 ++- scripts/common.py | 6 +- 14 files changed, 643 insertions(+), 153 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index e7e91d77..afed6804 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -79,11 +79,16 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p384_mldsa65 | 0xfed5 |Yes| OQS_CODEPOINT_P384_MLDSA65 | mldsa87 | 0xfed2 |Yes| OQS_CODEPOINT_MLDSA87 | p521_mldsa87 | 0xfed6 |Yes| OQS_CODEPOINT_P521_MLDSA87 -| falcon512 | 0xfeae |Yes| OQS_CODEPOINT_FALCON512 -| p256_falcon512 | 0xfeaf |Yes| OQS_CODEPOINT_P256_FALCON512 -| rsa3072_falcon512 | 0xfeb0 |Yes| OQS_CODEPOINT_RSA3072_FALCON512 -| falcon1024 | 0xfeb1 |Yes| OQS_CODEPOINT_FALCON1024 -| p521_falcon1024 | 0xfeb2 |Yes| OQS_CODEPOINT_P521_FALCON1024 +| falcon512 | 0xfed7 |Yes| OQS_CODEPOINT_FALCON512 +| p256_falcon512 | 0xfed8 |Yes| OQS_CODEPOINT_P256_FALCON512 +| rsa3072_falcon512 | 0xfed9 |Yes| OQS_CODEPOINT_RSA3072_FALCON512 +| falconpadded512 | 0xfedc |Yes| OQS_CODEPOINT_FALCONPADDED512 +| p256_falconpadded512 | 0xfedd |Yes| OQS_CODEPOINT_P256_FALCONPADDED512 +| rsa3072_falconpadded512 | 0xfede |Yes| OQS_CODEPOINT_RSA3072_FALCONPADDED512 +| falcon1024 | 0xfeda |Yes| OQS_CODEPOINT_FALCON1024 +| p521_falcon1024 | 0xfedb |Yes| OQS_CODEPOINT_P521_FALCON1024 +| falconpadded1024 | 0xfedf |Yes| OQS_CODEPOINT_FALCONPADDED1024 +| p521_falconpadded1024 | 0xfee0 |Yes| OQS_CODEPOINT_P521_FALCONPADDED1024 | sphincssha2128fsimple | 0xfeb3 |Yes| OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE | p256_sphincssha2128fsimple | 0xfeb4 |Yes| OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE | rsa3072_sphincssha2128fsimple | 0xfeb5 |Yes| OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE @@ -161,14 +166,16 @@ adapting the OIDs of all supported signature algorithms as per the table below. | mldsa65_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_MLDSA65_ed25519 | mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87 | p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87 -| mldsa87_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_MLDSA87_p384 -| mldsa87_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_MLDSA87_bp384 -| mldsa87_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_MLDSA87_ed448 -| falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512 -| p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512 -| rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512 -| falcon1024 | 1.3.9999.3.9 |Yes| OQS_OID_FALCON1024 -| p521_falcon1024 | 1.3.9999.3.10 |Yes| OQS_OID_P521_FALCON1024 +| falcon512 | 1.3.9999.3.11 |Yes| OQS_OID_FALCON512 +| p256_falcon512 | 1.3.9999.3.12 |Yes| OQS_OID_P256_FALCON512 +| rsa3072_falcon512 | 1.3.9999.3.13 |Yes| OQS_OID_RSA3072_FALCON512 +| falconpadded512 | 1.3.9999.3.16 |Yes| OQS_OID_FALCONPADDED512 +| p256_falconpadded512 | 1.3.9999.3.17 |Yes| OQS_OID_P256_FALCONPADDED512 +| rsa3072_falconpadded512 | 1.3.9999.3.18 |Yes| OQS_OID_RSA3072_FALCONPADDED512 +| falcon1024 | 1.3.9999.3.14 |Yes| OQS_OID_FALCON1024 +| p521_falcon1024 | 1.3.9999.3.15 |Yes| OQS_OID_P521_FALCON1024 +| falconpadded1024 | 1.3.9999.3.19 |Yes| OQS_OID_FALCONPADDED1024 +| p521_falconpadded1024 | 1.3.9999.3.20 |Yes| OQS_OID_P521_FALCONPADDED1024 | sphincssha2128fsimple | 1.3.9999.6.4.13 |Yes| OQS_OID_SPHINCSSHA2128FSIMPLE | p256_sphincssha2128fsimple | 1.3.9999.6.4.14 |Yes| OQS_OID_P256_SPHINCSSHA2128FSIMPLE | rsa3072_sphincssha2128fsimple | 1.3.9999.6.4.15 |Yes| OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE @@ -272,7 +279,9 @@ By setting environment variables, oqs-provider can be configured to encode keys |`OQS_ENCODING_DILITHIUM3`|`draft-uni-qsckeys-dilithium-00/sk-pk`| |`OQS_ENCODING_DILITHIUM5`|`draft-uni-qsckeys-dilithium-00/sk-pk`| |`OQS_ENCODING_FALCON512`|`draft-uni-qsckeys-falcon-00/sk-pk`| +|`OQS_ENCODING_FALCONPADDED512`|`draft-uni-qsckeys-falcon-00/sk-pk`| |`OQS_ENCODING_FALCON1024`|`draft-uni-qsckeys-falcon-00/sk-pk`| +|`OQS_ENCODING_FALCONPADDED1024`|`draft-uni-qsckeys-falcon-00/sk-pk`| |`OQS_ENCODING_SPHINCSSHA2128FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| |`OQS_ENCODING_SPHINCSSHA2128SSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| |`OQS_ENCODING_SPHINCSSHA2192FSIMPLE`|`draft-uni-qsckeys-sphincsplus-00/sk-pk`| diff --git a/README.md b/README.md index a80f7154..2f515312 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ This implementation makes available the following quantum safe algorithms: ### Signature algorithms - **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* -- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\* -- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\* +- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\* +- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falconpadded512`\*, `p256_falconpadded512`\*, `rsa3072_falconpadded512`\*, `falcon1024`\*, `p521_falcon1024`\*, `falconpadded1024`\*, `p521_falconpadded1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index bfe9bf9b..1839b970 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -399,7 +399,7 @@ kem_nid_end: '0x0250' kem_nid_hybrid_end: '0x2FFF' # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values -# Next free signature ID: 0xfed7 +# Next free signature ID: 0xfee1 sigs: # - # iso (1) @@ -651,20 +651,32 @@ sigs: name: 'falcon512' pretty_name: 'Falcon-512' oqs_meth: 'OQS_SIG_alg_falcon_512' - oid: '1.3.9999.3.6' - code_point: '0xfeae' + oid: '1.3.9999.3.11' + code_point: '0xfed7' supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] enable: true mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', - 'oid': '1.3.9999.3.7', - 'code_point': '0xfeaf'}, + 'oid': '1.3.9999.3.12', + 'code_point': '0xfed8'}, {'name': 'rsa3072', 'pretty_name': 'RSA3072', - 'oid': '1.3.9999.3.8', - 'code_point': '0xfeb0'}] + 'oid': '1.3.9999.3.13', + 'code_point': '0xfed9'}] extra_nids: old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.6' + code_point: '0xfeae' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.7', + 'code_point': '0xfeaf'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.8', + 'code_point': '0xfeb0'}] - implementation_version: NIST Round 3 submission nist-round: 3 oid: '1.3.9999.3.1' @@ -677,20 +689,44 @@ sigs: 'pretty_name': 'RSA3072', 'oid': '1.3.9999.3.3', 'code_point': '0xfe0d'}] + - + name: 'falconpadded512' + pretty_name: 'Falcon-padded-512' + oqs_meth: 'OQS_SIG_alg_falcon_padded_512' + oid: '1.3.9999.3.16' + code_point: '0xfedc' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.17', + 'code_point': '0xfedd'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.18', + 'code_point': '0xfede'}] - name: 'falcon1024' pretty_name: 'Falcon-1024' oqs_meth: 'OQS_SIG_alg_falcon_1024' - oid: '1.3.9999.3.9' - code_point: '0xfeb1' + oid: '1.3.9999.3.14' + code_point: '0xfeda' supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] enable: true mix_with: [{'name': 'p521', 'pretty_name': 'ECDSA p521', - 'oid': '1.3.9999.3.10', - 'code_point': '0xfeb2'}] + 'oid': '1.3.9999.3.15', + 'code_point': '0xfedb'}] extra_nids: old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.9' + code_point: '0xfeb1' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.10', + 'code_point': '0xfeb2'}] - implementation_version: NIST Round 3 submission nist-round: 3 oid: '1.3.9999.3.4' @@ -699,6 +735,18 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.3.5', 'code_point': '0xfe0f'}] + - + name: 'falconpadded1024' + pretty_name: 'Falcon-padded-1024' + oqs_meth: 'OQS_SIG_alg_falcon_padded_1024' + oid: '1.3.9999.3.19' + code_point: '0xfedf' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.20', + 'code_point': '0xfee0'}] - family: 'SPHINCS-Haraka' variants: diff --git a/oqs-template/oqs-sig-info.md b/oqs-template/oqs-sig-info.md index 15607003..e61a9824 100644 --- a/oqs-template/oqs-sig-info.md +++ b/oqs-template/oqs-sig-info.md @@ -14,16 +14,26 @@ | dilithium3_aes **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfeab | 1.3.9999.2.11.3 | | dilithium5_aes | NIST Round 3 submission | 3 | 5 | 0xfeac | 1.3.6.1.4.1.2.267.11.8.7 | | dilithium5_aes **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfead | 1.3.9999.2.11.4 | -| falcon512 | 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | -| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | -| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | +| falcon512 | 20211101 | 3 | 1 | 0xfed7 | 1.3.9999.3.11 | +| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfed8 | 1.3.9999.3.12 | +| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfed9 | 1.3.9999.3.13 | +| falcon512 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | +| falcon512 **hybrid with** p256 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | +| falcon512 **hybrid with** rsa3072 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | | falcon512 | NIST Round 3 submission | 3 | 1 | 0xfe0b | 1.3.9999.3.1 | | falcon512 **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe0c | 1.3.9999.3.2 | | falcon512 **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe0d | 1.3.9999.3.3 | -| falcon1024 | 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | -| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | +| falconpadded512 | 20211101 | 3 | 1 | 0xfedc | 1.3.9999.3.16 | +| falconpadded512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfedd | 1.3.9999.3.17 | +| falconpadded512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfede | 1.3.9999.3.18 | +| falcon1024 | 20211101 | 3 | 5 | 0xfeda | 1.3.9999.3.14 | +| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfedb | 1.3.9999.3.15 | +| falcon1024 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | +| falcon1024 **hybrid with** p521 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | | falcon1024 | NIST Round 3 submission | 3 | 5 | 0xfe0e | 1.3.9999.3.4 | | falcon1024 **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe0f | 1.3.9999.3.5 | +| falconpadded1024 | 20211101 | 3 | 5 | 0xfedf | 1.3.9999.3.19 | +| falconpadded1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfee0 | 1.3.9999.3.20 | | mldsa44 | ML-DSA-ipd | ipd | 1 | 0xfed0 | 1.3.6.1.4.1.2.267.12.4.4 | | mldsa44 **hybrid with** p256 | ML-DSA-ipd | ipd | 1 | 0xfed3 | 1.3.9999.7.1 | | mldsa44 **hybrid with** rsa3072 | ML-DSA-ipd | ipd | 1 | 0xfed4 | 1.3.9999.7.2 | diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 2ab814da..99093ffa 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -751,10 +751,27 @@ MAKE_DECODER(, "p256_falcon512", p256_falcon512, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, PrivateKeyInfo); MAKE_DECODER(, "rsa3072_falcon512", rsa3072_falcon512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falconpadded512", falconpadded512, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falconpadded512", falconpadded512, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "p256_falconpadded512", p256_falconpadded512, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p256_falconpadded512", p256_falconpadded512, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "rsa3072_falconpadded512", rsa3072_falconpadded512, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "rsa3072_falconpadded512", rsa3072_falconpadded512, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falcon1024", falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "falconpadded1024", falconpadded1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(, "falconpadded1024", falconpadded1024, oqsx, + SubjectPublicKeyInfo); +MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, PrivateKeyInfo); MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 167083f2..7affdaa7 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1180,12 +1180,27 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define rsa3072_falcon512_evp_type 0 #define rsa3072_falcon512_input_type "rsa3072_falcon512" #define rsa3072_falcon512_pem_type "rsa3072_falcon512" +#define falconpadded512_evp_type 0 +#define falconpadded512_input_type "falconpadded512" +#define falconpadded512_pem_type "falconpadded512" +#define p256_falconpadded512_evp_type 0 +#define p256_falconpadded512_input_type "p256_falconpadded512" +#define p256_falconpadded512_pem_type "p256_falconpadded512" +#define rsa3072_falconpadded512_evp_type 0 +#define rsa3072_falconpadded512_input_type "rsa3072_falconpadded512" +#define rsa3072_falconpadded512_pem_type "rsa3072_falconpadded512" #define falcon1024_evp_type 0 #define falcon1024_input_type "falcon1024" #define falcon1024_pem_type "falcon1024" #define p521_falcon1024_evp_type 0 #define p521_falcon1024_input_type "p521_falcon1024" #define p521_falcon1024_pem_type "p521_falcon1024" +#define falconpadded1024_evp_type 0 +#define falconpadded1024_input_type "falconpadded1024" +#define falconpadded1024_pem_type "falconpadded1024" +#define p521_falconpadded1024_evp_type 0 +#define p521_falconpadded1024_input_type "p521_falconpadded1024" +#define p521_falconpadded1024_pem_type "p521_falconpadded1024" #define sphincssha2128fsimple_evp_type 0 #define sphincssha2128fsimple_input_type "sphincssha2128fsimple" #define sphincssha2128fsimple_pem_type "sphincssha2128fsimple" @@ -2469,6 +2484,27 @@ MAKE_ENCODER(, rsa3072_falcon512, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, rsa3072_falcon512, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, rsa3072_falcon512); +MAKE_ENCODER(, falconpadded512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falconpadded512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falconpadded512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falconpadded512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falconpadded512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falconpadded512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falconpadded512); +MAKE_ENCODER(, p256_falconpadded512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p256_falconpadded512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p256_falconpadded512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p256_falconpadded512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p256_falconpadded512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p256_falconpadded512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p256_falconpadded512); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, rsa3072_falconpadded512, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, rsa3072_falconpadded512); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, falcon1024, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, falcon1024, oqsx, PrivateKeyInfo, der); @@ -2483,6 +2519,20 @@ MAKE_ENCODER(, p521_falcon1024, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p521_falcon1024, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p521_falcon1024, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p521_falcon1024); +MAKE_ENCODER(, falconpadded1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, falconpadded1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, falconpadded1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, falconpadded1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, falconpadded1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, falconpadded1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, falconpadded1024); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, p521_falconpadded1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, p521_falconpadded1024); MAKE_ENCODER(, sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, sphincssha2128fsimple, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, sphincssha2128fsimple, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 5f017457..73d2b724 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -925,62 +925,122 @@ static void *rsa3072_falcon512_new_key(void *provctx) static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 29); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 16); +} +static void *falconpadded512_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_falcon_padded_512, "falconpadded512", + KEY_TYPE_SIG, NULL, 128, 17); +} + +static void *falconpadded512_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, + "falconpadded512", 0, 128, 17); +} +static void *p256_falconpadded512_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_falcon_padded_512, "p256_falconpadded512", + KEY_TYPE_HYB_SIG, NULL, 128, 18); +} + +static void *p256_falconpadded512_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, + "p256_falconpadded512", KEY_TYPE_HYB_SIG, 128, 18); +} +static void *rsa3072_falconpadded512_new_key(void *provctx) +{ + return oqsx_key_new( + PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_512, + "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, NULL, 128, 19); +} + +static void *rsa3072_falconpadded512_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, + "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, 128, 19); } static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 30); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 20); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 30); + "falcon1024", 0, 256, 20); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 31); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 21); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 31); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 21); +} +static void *falconpadded1024_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_falcon_padded_1024, "falconpadded1024", + KEY_TYPE_SIG, NULL, 256, 22); +} + +static void *falconpadded1024_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_1024, + "falconpadded1024", 0, 256, 22); +} +static void *p521_falconpadded1024_new_key(void *provctx) +{ + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_falcon_padded_1024, "p521_falconpadded1024", + KEY_TYPE_HYB_SIG, NULL, 256, 23); +} + +static void *p521_falconpadded1024_gen_init(void *provctx, int selection) +{ + return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_1024, + "p521_falconpadded1024", KEY_TYPE_HYB_SIG, 256, 23); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 32); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 24); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 32); + "sphincssha2128fsimple", 0, 128, 24); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 25); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 33); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 25); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 34); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 26); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -988,39 +1048,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 34); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 26); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 35); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 27); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 35); + "sphincssha2128ssimple", 0, 128, 27); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 36); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 28); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 36); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 28); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 37); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -1028,66 +1088,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 37); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 29); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 38); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 30); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 38); + "sphincssha2192fsimple", 0, 192, 30); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 39); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 31); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 39); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 31); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 40); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 32); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 40); + "sphincsshake128fsimple", 0, 128, 32); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 41); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 41); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 33); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 42); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 34); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -1095,7 +1155,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 42); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 34); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END @@ -1277,8 +1337,13 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(mldsa87_ed448) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) +MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded512) +MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falconpadded512) +MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falconpadded512) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falcon1024) +MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded1024) +MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falconpadded1024) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincssha2128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_sphincssha2128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincssha2128fsimple) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 62268b31..3a7faa02 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -1661,6 +1661,60 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_rsa3072_falcon512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falconpadded512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falconpadded512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falconpadded512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p256_falconpadded512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p256_falconpadded512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p256_falconpadded512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p256_falconpadded512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_rsa3072_falconpadded512_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_rsa3072_falconpadded512_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_rsa3072_falconpadded512_decoder_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1695,6 +1749,43 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_falcon1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_falcon1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_falconpadded1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_falconpadded1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_falconpadded1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_falconpadded1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_EncryptedPrivateKeyInfo_der_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions + []; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p521_falconpadded1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p521_falconpadded1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p521_falconpadded1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH @@ -1972,8 +2063,13 @@ extern const OSSL_DISPATCH oqs_mldsa87_ed448_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_falcon512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_rsa3072_falcon512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falconpadded512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p256_falconpadded512_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_rsa3072_falconpadded512_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_falcon1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_falcon1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_falconpadded1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_p521_falconpadded1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_sphincssha2128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p256_sphincssha2128fsimple_keymgmt_functions[]; extern const OSSL_DISPATCH diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 89ee333d..f9d9fc4d 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -335,6 +335,20 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("rsa3072_falcon512", der, SubjectPublicKeyInfo, rsa3072_falcon512), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_512 + DECODER_w_structure("falconpadded512", der, PrivateKeyInfo, + falconpadded512), + DECODER_w_structure("falconpadded512", der, SubjectPublicKeyInfo, + falconpadded512), + DECODER_w_structure("p256_falconpadded512", der, PrivateKeyInfo, + p256_falconpadded512), + DECODER_w_structure("p256_falconpadded512", der, SubjectPublicKeyInfo, + p256_falconpadded512), + DECODER_w_structure("rsa3072_falconpadded512", der, PrivateKeyInfo, + rsa3072_falconpadded512), + DECODER_w_structure("rsa3072_falconpadded512", der, SubjectPublicKeyInfo, + rsa3072_falconpadded512), +#endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024), @@ -343,6 +357,16 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_falcon1024", der, SubjectPublicKeyInfo, p521_falcon1024), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_1024 + DECODER_w_structure("falconpadded1024", der, PrivateKeyInfo, + falconpadded1024), + DECODER_w_structure("falconpadded1024", der, SubjectPublicKeyInfo, + falconpadded1024), + DECODER_w_structure("p521_falconpadded1024", der, PrivateKeyInfo, + p521_falconpadded1024), + DECODER_w_structure("p521_falconpadded1024", der, SubjectPublicKeyInfo, + p521_falconpadded1024), +#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, sphincssha2128fsimple), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index d9852a14..34537f51 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -1003,6 +1003,47 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_falcon512", rsa3072_falcon512), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_512 + ENCODER_w_structure("falconpadded512", falconpadded512, der, + PrivateKeyInfo), + ENCODER_w_structure("falconpadded512", falconpadded512, pem, + PrivateKeyInfo), + ENCODER_w_structure("falconpadded512", falconpadded512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falconpadded512", falconpadded512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falconpadded512", falconpadded512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falconpadded512", falconpadded512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falconpadded512", falconpadded512), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, + PrivateKeyInfo), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, + PrivateKeyInfo), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p256_falconpadded512", p256_falconpadded512), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, + PrivateKeyInfo), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("rsa3072_falconpadded512", rsa3072_falconpadded512), +#endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), @@ -1025,6 +1066,34 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("p521_falcon1024", p521_falcon1024), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_1024 + ENCODER_w_structure("falconpadded1024", falconpadded1024, der, + PrivateKeyInfo), + ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, + PrivateKeyInfo), + ENCODER_w_structure("falconpadded1024", falconpadded1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("falconpadded1024", falconpadded1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("falconpadded1024", falconpadded1024), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, + PrivateKeyInfo), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, + PrivateKeyInfo), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p521_falconpadded1024", p521_falconpadded1024), +#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 0ce6d18d..3da6c7c3 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,9 +49,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 192 +# define OQS_OID_CNT 176 #else -# define OQS_OID_CNT 86 +# define OQS_OID_CNT 70 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -214,22 +214,26 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "mldsa87", "1.3.9999.7.4", "p521_mldsa87", - "2.16.840.1.114027.80.8.1.11", - "mldsa87_p384", - "2.16.840.1.114027.80.8.1.12", - "mldsa87_bp384", - "2.16.840.1.114027.80.8.1.13", - "mldsa87_ed448", - "1.3.9999.3.6", + "1.3.9999.3.11", "falcon512", - "1.3.9999.3.7", + "1.3.9999.3.12", "p256_falcon512", - "1.3.9999.3.8", + "1.3.9999.3.13", "rsa3072_falcon512", - "1.3.9999.3.9", + "1.3.9999.3.16", + "falconpadded512", + "1.3.9999.3.17", + "p256_falconpadded512", + "1.3.9999.3.18", + "rsa3072_falconpadded512", + "1.3.9999.3.14", "falcon1024", - "1.3.9999.3.10", + "1.3.9999.3.15", "p521_falcon1024", + "1.3.9999.3.19", + "falconpadded1024", + "1.3.9999.3.20", + "p521_falconpadded1024", "1.3.9999.6.4.13", "sphincssha2128fsimple", "1.3.9999.6.4.14", @@ -431,43 +435,58 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_RSA3072_FALCON512")) oqs_oid_alg_list[32 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCON512"); + if (getenv("OQS_OID_FALCONPADDED512")) + oqs_oid_alg_list[34 + OQS_KEMOID_CNT] + = getenv("OQS_OID_FALCONPADDED512"); + if (getenv("OQS_OID_P256_FALCONPADDED512")) + oqs_oid_alg_list[36 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P256_FALCONPADDED512"); + if (getenv("OQS_OID_RSA3072_FALCONPADDED512")) + oqs_oid_alg_list[38 + OQS_KEMOID_CNT] + = getenv("OQS_OID_RSA3072_FALCONPADDED512"); if (getenv("OQS_OID_FALCON1024")) - oqs_oid_alg_list[34 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); + oqs_oid_alg_list[40 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); if (getenv("OQS_OID_P521_FALCON1024")) - oqs_oid_alg_list[36 + OQS_KEMOID_CNT] + oqs_oid_alg_list[42 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCON1024"); + if (getenv("OQS_OID_FALCONPADDED1024")) + oqs_oid_alg_list[44 + OQS_KEMOID_CNT] + = getenv("OQS_OID_FALCONPADDED1024"); + if (getenv("OQS_OID_P521_FALCONPADDED1024")) + oqs_oid_alg_list[46 + OQS_KEMOID_CNT] + = getenv("OQS_OID_P521_FALCONPADDED1024"); if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[38 + OQS_KEMOID_CNT] + oqs_oid_alg_list[48 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[40 + OQS_KEMOID_CNT] + oqs_oid_alg_list[50 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_oid_alg_list[42 + OQS_KEMOID_CNT] + oqs_oid_alg_list[52 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[44 + OQS_KEMOID_CNT] + oqs_oid_alg_list[54 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[46 + OQS_KEMOID_CNT] + oqs_oid_alg_list[56 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_oid_alg_list[48 + OQS_KEMOID_CNT] + oqs_oid_alg_list[58 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[50 + OQS_KEMOID_CNT] + oqs_oid_alg_list[60 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) - oqs_oid_alg_list[52 + OQS_KEMOID_CNT] + oqs_oid_alg_list[62 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[54 + OQS_KEMOID_CNT] + oqs_oid_alg_list[64 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[56 + OQS_KEMOID_CNT] + oqs_oid_alg_list[66 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_oid_alg_list[58 + OQS_KEMOID_CNT] + oqs_oid_alg_list[68 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; @@ -622,80 +641,107 @@ int oqs_patch_encodings(void) if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); + if (getenv("OQS_ENCODING_FALCONPADDED512")) + oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_FALCONPADDED512"); + if (getenv("OQS_ENCODING_FALCONPADDED512_ALGNAME")) + oqs_alg_encoding_list[35] + = getenv("OQS_ENCODING_FALCONPADDED512_ALGNAME"); + if (getenv("OQS_ENCODING_P256_FALCONPADDED512")) + oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_P256_FALCONPADDED512"); + if (getenv("OQS_ENCODING_P256_FALCONPADDED512_ALGNAME")) + oqs_alg_encoding_list[37] + = getenv("OQS_ENCODING_P256_FALCONPADDED512_ALGNAME"); + if (getenv("OQS_ENCODING_RSA3072_FALCONPADDED512")) + oqs_alg_encoding_list[38] + = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512"); + if (getenv("OQS_ENCODING_RSA3072_FALCONPADDED512_ALGNAME")) + oqs_alg_encoding_list[39] + = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_FALCON1024"); + oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_P521_FALCON1024"); + oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[63] + oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); + if (getenv("OQS_ENCODING_FALCONPADDED1024")) + oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_FALCONPADDED1024"); + if (getenv("OQS_ENCODING_FALCONPADDED1024_ALGNAME")) + oqs_alg_encoding_list[45] + = getenv("OQS_ENCODING_FALCONPADDED1024_ALGNAME"); + if (getenv("OQS_ENCODING_P521_FALCONPADDED1024")) + oqs_alg_encoding_list[46] + = getenv("OQS_ENCODING_P521_FALCONPADDED1024"); + if (getenv("OQS_ENCODING_P521_FALCONPADDED1024_ALGNAME")) + oqs_alg_encoding_list[47] + = getenv("OQS_ENCODING_P521_FALCONPADDED1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[64] + oqs_alg_encoding_list[48] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[65] + oqs_alg_encoding_list[49] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[66] + oqs_alg_encoding_list[50] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[67] + oqs_alg_encoding_list[51] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[68] + oqs_alg_encoding_list[52] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[69] + oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[70] + oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[71] + oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[72] + oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[73] + oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[74] + oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[75] + oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[76] + oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[77] + oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[78] + oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[79] + oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[80] + oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[81] + oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[82] + oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[83] + oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[84] + oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[85] + oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; @@ -785,10 +831,19 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_512 + SIGALG("falconpadded512", 128, oqs_signature_functions), + SIGALG("p256_falconpadded512", 128, oqs_signature_functions), + SIGALG("rsa3072_falconpadded512", 128, oqs_signature_functions), +#endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), SIGALG("p521_falcon1024", 256, oqs_signature_functions), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_1024 + SIGALG("falconpadded1024", 256, oqs_signature_functions), + SIGALG("p521_falconpadded1024", 256, oqs_signature_functions), +#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_signature_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_signature_functions), @@ -956,10 +1011,19 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_512 + SIGALG("falconpadded512", 128, oqs_falconpadded512_keymgmt_functions), + SIGALG("p256_falconpadded512", 128, oqs_p256_falconpadded512_keymgmt_functions), + SIGALG("rsa3072_falconpadded512", 128, oqs_rsa3072_falconpadded512_keymgmt_functions), +#endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), SIGALG("p521_falcon1024", 256, oqs_p521_falcon1024_keymgmt_functions), #endif +#ifdef OQS_ENABLE_SIG_falcon_padded_1024 + SIGALG("falconpadded1024", 256, oqs_falconpadded1024_keymgmt_functions), + SIGALG("p521_falconpadded1024", 256, oqs_p521_falconpadded1024_keymgmt_functions), +#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_sphincssha2128fsimple_keymgmt_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_p256_sphincssha2128fsimple_keymgmt_functions), diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 2ffb4cc1..6f006225 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -272,14 +272,17 @@ static OQS_SIGALG_CONSTANTS oqs_sigalg_list[] = { {0xfed3, 128, TLS1_3_VERSION, 0}, {0xfed4, 128, TLS1_3_VERSION, 0}, {0xfed1, 192, TLS1_3_VERSION, 0}, {0xfed5, 192, TLS1_3_VERSION, 0}, {0xfed2, 256, TLS1_3_VERSION, 0}, {0xfed6, 256, TLS1_3_VERSION, 0}, - {0xfeae, 128, TLS1_3_VERSION, 0}, {0xfeaf, 128, TLS1_3_VERSION, 0}, - {0xfeb0, 128, TLS1_3_VERSION, 0}, {0xfeb1, 256, TLS1_3_VERSION, 0}, - {0xfeb2, 256, TLS1_3_VERSION, 0}, {0xfeb3, 128, TLS1_3_VERSION, 0}, - {0xfeb4, 128, TLS1_3_VERSION, 0}, {0xfeb5, 128, TLS1_3_VERSION, 0}, - {0xfeb6, 128, TLS1_3_VERSION, 0}, {0xfeb7, 128, TLS1_3_VERSION, 0}, - {0xfeb8, 128, TLS1_3_VERSION, 0}, {0xfeb9, 192, TLS1_3_VERSION, 0}, - {0xfeba, 192, TLS1_3_VERSION, 0}, {0xfec2, 128, TLS1_3_VERSION, 0}, - {0xfec3, 128, TLS1_3_VERSION, 0}, {0xfec4, 128, TLS1_3_VERSION, 0}, + {0xfed7, 128, TLS1_3_VERSION, 0}, {0xfed8, 128, TLS1_3_VERSION, 0}, + {0xfed9, 128, TLS1_3_VERSION, 0}, {0xfedc, 128, TLS1_3_VERSION, 0}, + {0xfedd, 128, TLS1_3_VERSION, 0}, {0xfede, 128, TLS1_3_VERSION, 0}, + {0xfeda, 256, TLS1_3_VERSION, 0}, {0xfedb, 256, TLS1_3_VERSION, 0}, + {0xfedf, 256, TLS1_3_VERSION, 0}, {0xfee0, 256, TLS1_3_VERSION, 0}, + {0xfeb3, 128, TLS1_3_VERSION, 0}, {0xfeb4, 128, TLS1_3_VERSION, 0}, + {0xfeb5, 128, TLS1_3_VERSION, 0}, {0xfeb6, 128, TLS1_3_VERSION, 0}, + {0xfeb7, 128, TLS1_3_VERSION, 0}, {0xfeb8, 128, TLS1_3_VERSION, 0}, + {0xfeb9, 192, TLS1_3_VERSION, 0}, {0xfeba, 192, TLS1_3_VERSION, 0}, + {0xfec2, 128, TLS1_3_VERSION, 0}, {0xfec3, 128, TLS1_3_VERSION, 0}, + {0xfec4, 128, TLS1_3_VERSION, 0}, ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END }; @@ -473,44 +476,59 @@ int oqs_patch_codepoints() if (getenv("OQS_CODEPOINT_RSA3072_FALCON512")) oqs_sigalg_list[16].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCON512")); - if (getenv("OQS_CODEPOINT_FALCON1024")) + if (getenv("OQS_CODEPOINT_FALCONPADDED512")) oqs_sigalg_list[17].code_point + = atoi(getenv("OQS_CODEPOINT_FALCONPADDED512")); + if (getenv("OQS_CODEPOINT_P256_FALCONPADDED512")) + oqs_sigalg_list[18].code_point + = atoi(getenv("OQS_CODEPOINT_P256_FALCONPADDED512")); + if (getenv("OQS_CODEPOINT_RSA3072_FALCONPADDED512")) + oqs_sigalg_list[19].code_point + = atoi(getenv("OQS_CODEPOINT_RSA3072_FALCONPADDED512")); + if (getenv("OQS_CODEPOINT_FALCON1024")) + oqs_sigalg_list[20].code_point = atoi(getenv("OQS_CODEPOINT_FALCON1024")); if (getenv("OQS_CODEPOINT_P521_FALCON1024")) - oqs_sigalg_list[18].code_point + oqs_sigalg_list[21].code_point = atoi(getenv("OQS_CODEPOINT_P521_FALCON1024")); + if (getenv("OQS_CODEPOINT_FALCONPADDED1024")) + oqs_sigalg_list[22].code_point + = atoi(getenv("OQS_CODEPOINT_FALCONPADDED1024")); + if (getenv("OQS_CODEPOINT_P521_FALCONPADDED1024")) + oqs_sigalg_list[23].code_point + = atoi(getenv("OQS_CODEPOINT_P521_FALCONPADDED1024")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[19].code_point + oqs_sigalg_list[24].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[20].code_point + oqs_sigalg_list[25].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_sigalg_list[21].code_point + oqs_sigalg_list[26].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128FSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[22].code_point + oqs_sigalg_list[27].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[23].code_point + oqs_sigalg_list[28].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_sigalg_list[24].code_point + oqs_sigalg_list[29].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHA2128SSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[25].code_point + oqs_sigalg_list[30].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHA2192FSIMPLE")); if (getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")) - oqs_sigalg_list[26].code_point + oqs_sigalg_list[31].code_point = atoi(getenv("OQS_CODEPOINT_P384_SPHINCSSHA2192FSIMPLE")); if (getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[27].code_point + oqs_sigalg_list[32].code_point = atoi(getenv("OQS_CODEPOINT_SPHINCSSHAKE128FSIMPLE")); if (getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[28].code_point + oqs_sigalg_list[33].code_point = atoi(getenv("OQS_CODEPOINT_P256_SPHINCSSHAKE128FSIMPLE")); if (getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_sigalg_list[29].code_point + oqs_sigalg_list[34].code_point = atoi(getenv("OQS_CODEPOINT_RSA3072_SPHINCSSHAKE128FSIMPLE")); ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END return 1; @@ -590,49 +608,63 @@ static const OSSL_PARAM oqs_param_sigalg_list[][12] = { 13), # endif # ifdef OQS_ENABLE_SIG_falcon_512 - OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.6", 14), + OQS_SIGALG_ENTRY(falcon512, falcon512, falcon512, "1.3.9999.3.11", 14), OQS_SIGALG_ENTRY(p256_falcon512, p256_falcon512, p256_falcon512, - "1.3.9999.3.7", 15), + "1.3.9999.3.12", 15), OQS_SIGALG_ENTRY(rsa3072_falcon512, rsa3072_falcon512, rsa3072_falcon512, - "1.3.9999.3.8", 16), + "1.3.9999.3.13", 16), +# endif +# ifdef OQS_ENABLE_SIG_falcon_padded_512 + OQS_SIGALG_ENTRY(falconpadded512, falconpadded512, falconpadded512, + "1.3.9999.3.16", 17), + OQS_SIGALG_ENTRY(p256_falconpadded512, p256_falconpadded512, + p256_falconpadded512, "1.3.9999.3.17", 18), + OQS_SIGALG_ENTRY(rsa3072_falconpadded512, rsa3072_falconpadded512, + rsa3072_falconpadded512, "1.3.9999.3.18", 19), # endif # ifdef OQS_ENABLE_SIG_falcon_1024 - OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.9", 17), + OQS_SIGALG_ENTRY(falcon1024, falcon1024, falcon1024, "1.3.9999.3.14", 20), OQS_SIGALG_ENTRY(p521_falcon1024, p521_falcon1024, p521_falcon1024, - "1.3.9999.3.10", 18), + "1.3.9999.3.15", 21), +# endif +# ifdef OQS_ENABLE_SIG_falcon_padded_1024 + OQS_SIGALG_ENTRY(falconpadded1024, falconpadded1024, falconpadded1024, + "1.3.9999.3.19", 22), + OQS_SIGALG_ENTRY(p521_falconpadded1024, p521_falconpadded1024, + p521_falconpadded1024, "1.3.9999.3.20", 23), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple OQS_SIGALG_ENTRY(sphincssha2128fsimple, sphincssha2128fsimple, - sphincssha2128fsimple, "1.3.9999.6.4.13", 19), + sphincssha2128fsimple, "1.3.9999.6.4.13", 24), OQS_SIGALG_ENTRY(p256_sphincssha2128fsimple, p256_sphincssha2128fsimple, - p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 20), + p256_sphincssha2128fsimple, "1.3.9999.6.4.14", 25), OQS_SIGALG_ENTRY(rsa3072_sphincssha2128fsimple, rsa3072_sphincssha2128fsimple, - rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 21), + rsa3072_sphincssha2128fsimple, "1.3.9999.6.4.15", 26), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple OQS_SIGALG_ENTRY(sphincssha2128ssimple, sphincssha2128ssimple, - sphincssha2128ssimple, "1.3.9999.6.4.16", 22), + sphincssha2128ssimple, "1.3.9999.6.4.16", 27), OQS_SIGALG_ENTRY(p256_sphincssha2128ssimple, p256_sphincssha2128ssimple, - p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 23), + p256_sphincssha2128ssimple, "1.3.9999.6.4.17", 28), OQS_SIGALG_ENTRY(rsa3072_sphincssha2128ssimple, rsa3072_sphincssha2128ssimple, - rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 24), + rsa3072_sphincssha2128ssimple, "1.3.9999.6.4.18", 29), # endif # ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple OQS_SIGALG_ENTRY(sphincssha2192fsimple, sphincssha2192fsimple, - sphincssha2192fsimple, "1.3.9999.6.5.10", 25), + sphincssha2192fsimple, "1.3.9999.6.5.10", 30), OQS_SIGALG_ENTRY(p384_sphincssha2192fsimple, p384_sphincssha2192fsimple, - p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 26), + p384_sphincssha2192fsimple, "1.3.9999.6.5.11", 31), # endif # ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple OQS_SIGALG_ENTRY(sphincsshake128fsimple, sphincsshake128fsimple, - sphincsshake128fsimple, "1.3.9999.6.7.13", 27), + sphincsshake128fsimple, "1.3.9999.6.7.13", 32), OQS_SIGALG_ENTRY(p256_sphincsshake128fsimple, p256_sphincsshake128fsimple, - p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 28), + p256_sphincsshake128fsimple, "1.3.9999.6.7.14", 33), OQS_SIGALG_ENTRY(rsa3072_sphincsshake128fsimple, rsa3072_sphincsshake128fsimple, - rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 29), + rsa3072_sphincsshake128fsimple, "1.3.9999.6.7.15", 34), # endif ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index bcc1cc02..dd818bf2 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,9 +54,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 96 +# define NID_TABLE_LEN 88 #else -# define NID_TABLE_LEN 43 +# define NID_TABLE_LEN 35 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -157,8 +157,16 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_SIG, 128}, {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, + {0, "falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_SIG, 128}, + {0, "p256_falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_HYB_SIG, + 128}, + {0, "rsa3072_falconpadded512", OQS_SIG_alg_falcon_padded_512, + KEY_TYPE_HYB_SIG, 128}, {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, + {0, "falconpadded1024", OQS_SIG_alg_falcon_padded_1024, KEY_TYPE_SIG, 256}, + {0, "p521_falconpadded1024", OQS_SIG_alg_falcon_padded_1024, + KEY_TYPE_HYB_SIG, 256}, {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, KEY_TYPE_SIG, 128}, {0, "p256_sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, diff --git a/scripts/common.py b/scripts/common.py index f5b122b7..70e66d2d 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -16,11 +16,9 @@ 'ecdsap256', 'rsa3072', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_START # post-quantum signatures - 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falcon1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', + 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falconpadded512','falcon1024','falconpadded1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', # post-quantum + classical signatures - 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p521_falcon1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', - # post-quantum + classical signatures (COMPOSITE) - 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448', + 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p256_falconpadded512','rsa3072_falconpadded512','p521_falcon1024','p521_falconpadded1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] From a4c97c9b2517ece73885e210b3950ed96f8b753e Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 15:46:06 -0600 Subject: [PATCH 146/164] rebase Signed-off-by: Felipe Ventura --- oqsprov/oqs_kmgmt.c | 74 +++++++++++++++++++------------------- oqsprov/oqsprov.c | 82 ++++++++++++++++++++++-------------------- oqsprov/oqsprov_keys.c | 4 +-- 3 files changed, 83 insertions(+), 77 deletions(-) diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 73d2b724..7c5f870e 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -925,122 +925,122 @@ static void *rsa3072_falcon512_new_key(void *provctx) static void *rsa3072_falcon512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_512, - "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 16); + "rsa3072_falcon512", KEY_TYPE_HYB_SIG, 128, 29); } static void *falconpadded512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_512, "falconpadded512", - KEY_TYPE_SIG, NULL, 128, 17); + KEY_TYPE_SIG, NULL, 128, 30); } static void *falconpadded512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, - "falconpadded512", 0, 128, 17); + "falconpadded512", 0, 128, 30); } static void *p256_falconpadded512_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_512, "p256_falconpadded512", - KEY_TYPE_HYB_SIG, NULL, 128, 18); + KEY_TYPE_HYB_SIG, NULL, 128, 31); } static void *p256_falconpadded512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, - "p256_falconpadded512", KEY_TYPE_HYB_SIG, 128, 18); + "p256_falconpadded512", KEY_TYPE_HYB_SIG, 128, 31); } static void *rsa3072_falconpadded512_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_512, - "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, NULL, 128, 19); + "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, NULL, 128, 32); } static void *rsa3072_falconpadded512_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_512, - "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, 128, 19); + "rsa3072_falconpadded512", KEY_TYPE_HYB_SIG, 128, 32); } static void *falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "falcon1024", KEY_TYPE_SIG, NULL, 256, 20); + "falcon1024", KEY_TYPE_SIG, NULL, 256, 33); } static void *falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "falcon1024", 0, 256, 20); + "falcon1024", 0, 256, 33); } static void *p521_falcon1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 21); + "p521_falcon1024", KEY_TYPE_HYB_SIG, NULL, 256, 34); } static void *p521_falcon1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_1024, - "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 21); + "p521_falcon1024", KEY_TYPE_HYB_SIG, 256, 34); } static void *falconpadded1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_1024, "falconpadded1024", - KEY_TYPE_SIG, NULL, 256, 22); + KEY_TYPE_SIG, NULL, 256, 35); } static void *falconpadded1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_1024, - "falconpadded1024", 0, 256, 22); + "falconpadded1024", 0, 256, 35); } static void *p521_falconpadded1024_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_falcon_padded_1024, "p521_falconpadded1024", - KEY_TYPE_HYB_SIG, NULL, 256, 23); + KEY_TYPE_HYB_SIG, NULL, 256, 36); } static void *p521_falconpadded1024_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_falcon_padded_1024, - "p521_falconpadded1024", KEY_TYPE_HYB_SIG, 256, 23); + "p521_falconpadded1024", KEY_TYPE_HYB_SIG, 256, 36); } static void *sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 24); + "sphincssha2128fsimple", KEY_TYPE_SIG, NULL, 128, 37); } static void *sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "sphincssha2128fsimple", 0, 128, 24); + "sphincssha2128fsimple", 0, 128, 37); } static void *p256_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 25); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 38); } static void *p256_sphincssha2128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 25); + "p256_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 38); } static void *rsa3072_sphincssha2128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 26); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 39); } static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, @@ -1048,39 +1048,39 @@ static void *rsa3072_sphincssha2128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128f_simple, - "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 26); + "rsa3072_sphincssha2128fsimple", KEY_TYPE_HYB_SIG, 128, 39); } static void *sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 27); + "sphincssha2128ssimple", KEY_TYPE_SIG, NULL, 128, 40); } static void *sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "sphincssha2128ssimple", 0, 128, 27); + "sphincssha2128ssimple", 0, 128, 40); } static void *p256_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 28); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 41); } static void *p256_sphincssha2128ssimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 28); + "p256_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 41); } static void *rsa3072_sphincssha2128ssimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 29); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, NULL, 128, 42); } static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, @@ -1088,66 +1088,66 @@ static void *rsa3072_sphincssha2128ssimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_128s_simple, - "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 29); + "rsa3072_sphincssha2128ssimple", KEY_TYPE_HYB_SIG, 128, 42); } static void *sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 30); + "sphincssha2192fsimple", KEY_TYPE_SIG, NULL, 192, 43); } static void *sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "sphincssha2192fsimple", 0, 192, 30); + "sphincssha2192fsimple", 0, 192, 43); } static void *p384_sphincssha2192fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 31); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, NULL, 192, 44); } static void *p384_sphincssha2192fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_sha2_192f_simple, - "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 31); + "p384_sphincssha2192fsimple", KEY_TYPE_HYB_SIG, 192, 44); } static void *sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 32); + "sphincsshake128fsimple", KEY_TYPE_SIG, NULL, 128, 45); } static void *sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init(provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "sphincsshake128fsimple", 0, 128, 32); + "sphincsshake128fsimple", 0, 128, 45); } static void *p256_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 33); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 46); } static void *p256_sphincsshake128fsimple_gen_init(void *provctx, int selection) { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 33); + "p256_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 46); } static void *rsa3072_sphincsshake128fsimple_new_key(void *provctx) { return oqsx_key_new( PROV_OQS_LIBCTX_OF(provctx), OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 34); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, NULL, 128, 47); } static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, @@ -1155,7 +1155,7 @@ static void *rsa3072_sphincsshake128fsimple_gen_init(void *provctx, { return oqsx_gen_init( provctx, selection, OQS_SIG_alg_sphincs_shake_128f_simple, - "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 34); + "rsa3072_sphincsshake128fsimple", KEY_TYPE_HYB_SIG, 128, 47); } ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 3da6c7c3..d1ea1358 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,9 +49,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 176 +# define OQS_OID_CNT 202 #else -# define OQS_OID_CNT 70 +# define OQS_OID_CNT 96 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -214,6 +214,12 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "mldsa87", "1.3.9999.7.4", "p521_mldsa87", + "2.16.840.1.114027.80.8.1.11", + "mldsa87_p384", + "2.16.840.1.114027.80.8.1.12", + "mldsa87_bp384", + "2.16.840.1.114027.80.8.1.13", + "mldsa87_ed448", "1.3.9999.3.11", "falcon512", "1.3.9999.3.12", @@ -642,106 +648,106 @@ int oqs_patch_encodings(void) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_FALCONPADDED512")) - oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_FALCONPADDED512"); + oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_FALCONPADDED512"); if (getenv("OQS_ENCODING_FALCONPADDED512_ALGNAME")) - oqs_alg_encoding_list[35] + oqs_alg_encoding_list[61] = getenv("OQS_ENCODING_FALCONPADDED512_ALGNAME"); if (getenv("OQS_ENCODING_P256_FALCONPADDED512")) - oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_P256_FALCONPADDED512"); + oqs_alg_encoding_list[62] = getenv("OQS_ENCODING_P256_FALCONPADDED512"); if (getenv("OQS_ENCODING_P256_FALCONPADDED512_ALGNAME")) - oqs_alg_encoding_list[37] + oqs_alg_encoding_list[63] = getenv("OQS_ENCODING_P256_FALCONPADDED512_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_FALCONPADDED512")) - oqs_alg_encoding_list[38] + oqs_alg_encoding_list[64] = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512"); if (getenv("OQS_ENCODING_RSA3072_FALCONPADDED512_ALGNAME")) - oqs_alg_encoding_list[39] + oqs_alg_encoding_list[65] = getenv("OQS_ENCODING_RSA3072_FALCONPADDED512_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) - oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_FALCON1024"); + oqs_alg_encoding_list[66] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); + oqs_alg_encoding_list[67] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) - oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P521_FALCON1024"); + oqs_alg_encoding_list[68] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) - oqs_alg_encoding_list[43] + oqs_alg_encoding_list[69] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_FALCONPADDED1024")) - oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_FALCONPADDED1024"); + oqs_alg_encoding_list[70] = getenv("OQS_ENCODING_FALCONPADDED1024"); if (getenv("OQS_ENCODING_FALCONPADDED1024_ALGNAME")) - oqs_alg_encoding_list[45] + oqs_alg_encoding_list[71] = getenv("OQS_ENCODING_FALCONPADDED1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCONPADDED1024")) - oqs_alg_encoding_list[46] + oqs_alg_encoding_list[72] = getenv("OQS_ENCODING_P521_FALCONPADDED1024"); if (getenv("OQS_ENCODING_P521_FALCONPADDED1024_ALGNAME")) - oqs_alg_encoding_list[47] + oqs_alg_encoding_list[73] = getenv("OQS_ENCODING_P521_FALCONPADDED1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[48] + oqs_alg_encoding_list[74] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[49] + oqs_alg_encoding_list[75] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[50] + oqs_alg_encoding_list[76] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[51] + oqs_alg_encoding_list[77] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) - oqs_alg_encoding_list[52] + oqs_alg_encoding_list[78] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[53] + oqs_alg_encoding_list[79] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[54] + oqs_alg_encoding_list[80] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[55] + oqs_alg_encoding_list[81] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[56] + oqs_alg_encoding_list[82] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[57] + oqs_alg_encoding_list[83] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) - oqs_alg_encoding_list[58] + oqs_alg_encoding_list[84] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) - oqs_alg_encoding_list[59] + oqs_alg_encoding_list[85] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[60] + oqs_alg_encoding_list[86] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[61] + oqs_alg_encoding_list[87] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) - oqs_alg_encoding_list[62] + oqs_alg_encoding_list[88] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[63] + oqs_alg_encoding_list[89] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[64] + oqs_alg_encoding_list[90] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[65] + oqs_alg_encoding_list[91] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[66] + oqs_alg_encoding_list[92] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[67] + oqs_alg_encoding_list[93] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) - oqs_alg_encoding_list[68] + oqs_alg_encoding_list[94] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) - oqs_alg_encoding_list[69] + oqs_alg_encoding_list[95] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index dd818bf2..5787c0dd 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,9 +54,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 88 +# define NID_TABLE_LEN 101 #else -# define NID_TABLE_LEN 35 +# define NID_TABLE_LEN 48 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { From c088cb7eae60e57418ff867462790642e78e2dcf Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:54:51 -0500 Subject: [PATCH 147/164] Update oqsprov/oqs_encode_key2any.c (for symmetry reasons!) Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 7affdaa7..e9ddd229 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -820,7 +820,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); } else { - memcpy(buf, oqsxkey->comp_privkey[i], buflen); + memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); } if (nid == EVP_PKEY_EC) { From 9c967fe8b5c9d795f190e05a39ff230b03785d4d Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:55:23 -0500 Subject: [PATCH 148/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index c5fd13b9..12cf767d 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -27,7 +27,7 @@ // TBD: Review what we really need/want: For now go with OSSL settings: #define OSSL_MAX_NAME_SIZE 50 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ -#define COMPOSITE_OID_PREFIRX_LEN 26 +#define COMPOSITE_OID_PREFIX_LEN 26 #ifdef NDEBUG # define OQS_SIG_PRINTF(a) From 1d00461aa906e97cf62dc46ba3833a439d03e14a Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:55:52 -0500 Subject: [PATCH 149/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 12cf767d..e5f76a1f 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -395,7 +395,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; char *final_tbs; - size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; + size_t final_tbslen = COMPOSITE_OID_PREFIX_LEN / 2; int aux = 0; unsigned char *tbs_hash; From 6261fb611350ec8ff867aa85a77493b96bbb280d Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:56:07 -0500 Subject: [PATCH 150/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index e5f76a1f..1ee962ca 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -437,7 +437,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } final_tbs = OPENSSL_malloc(final_tbslen); composite_prefix_conversion(final_tbs, oid_prefix); - memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, + memcpy(final_tbs + COMPOSITE_OID_PREFIX_LEN / 2, tbs_hash, final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); From 0ec3887ef98e67dc43a1c97a6fe522777090a028 Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:56:26 -0500 Subject: [PATCH 151/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 1ee962ca..20c9419f 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -438,7 +438,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, final_tbs = OPENSSL_malloc(final_tbslen); composite_prefix_conversion(final_tbs, oid_prefix); memcpy(final_tbs + COMPOSITE_OID_PREFIX_LEN / 2, tbs_hash, - final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); + final_tbslen - COMPOSITE_OID_PREFIX_LEN / 2); OPENSSL_free(tbs_hash); // sign From 8db7d924f861b16020f7994b81debbedca490a1c Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:56:47 -0500 Subject: [PATCH 152/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 20c9419f..fa2b7b7c 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -700,7 +700,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t buf_len; const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; char *final_tbs; - size_t final_tbslen = COMPOSITE_OID_PREFIRX_LEN / 2; + size_t final_tbslen = COMPOSITE_OID_PREFIX_LEN / 2; int aux = 0; unsigned char *tbs_hash; From a272a6ab7bbea18d1a049ca4d0f97a47628fdded Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:57:04 -0500 Subject: [PATCH 153/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index fa2b7b7c..d270dacc 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -750,7 +750,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } final_tbs = OPENSSL_malloc(final_tbslen); composite_prefix_conversion(final_tbs, oid_prefix); - memcpy(final_tbs + COMPOSITE_OID_PREFIRX_LEN / 2, tbs_hash, + memcpy(final_tbs + COMPOSITE_OID_PREFIX_LEN / 2, tbs_hash, final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); OPENSSL_free(tbs_hash); From ce0d523d3a93888a8e98a3686bab016dc11994a0 Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:57:20 -0500 Subject: [PATCH 154/164] Update oqsprov/oqs_sig.c Fix typo Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqs_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index d270dacc..add5200d 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -751,7 +751,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, final_tbs = OPENSSL_malloc(final_tbslen); composite_prefix_conversion(final_tbs, oid_prefix); memcpy(final_tbs + COMPOSITE_OID_PREFIX_LEN / 2, tbs_hash, - final_tbslen - COMPOSITE_OID_PREFIRX_LEN / 2); + final_tbslen - COMPOSITE_OID_PREFIX_LEN / 2); OPENSSL_free(tbs_hash); // verify From 2d282bec46f0e9d9acadba5b35b35e363fb3042b Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:57:52 -0500 Subject: [PATCH 155/164] Update oqsprov/oqsprov_keys.c Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 5787c0dd..502a082c 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -254,7 +254,7 @@ char *get_cmpname(int nid, int index) if ((i = get_oqsalg_idx(nid)) == -1) return NULL; s = nid_names[i].tlsname; - len = strlen(nid_names[i].tlsname); + len = strlen(s); for (i = 0; i < len; i++) { if (s[i] == '_') { break; From 385525214f507bbc5ed32a54b56009588229f657 Mon Sep 17 00:00:00 2001 From: Felipe Ventura <37639194+feventura@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:58:12 -0500 Subject: [PATCH 156/164] Update oqsprov/oqsprov.c Co-authored-by: thomas <108470890+thb-sb@users.noreply.github.com> Signed-off-by: Felipe Ventura --- oqsprov/oqsprov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index d1ea1358..b5f19eba 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -1182,7 +1182,7 @@ int get_composite_idx(int idx) int i, len, count = 0; s = oqs_oid_alg_list[idx * 2]; - len = strlen(oqs_oid_alg_list[idx * 2]); + len = strlen(s); for (i = 0; i < len; i++) { if (s[i] == '.') { From 0dcd42a06a34d6585ed26c5386636b11c89621d2 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 16:03:44 -0600 Subject: [PATCH 157/164] fix typo Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 3 ++- oqsprov/oqs_sig.c | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index e9ddd229..6313aa62 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -820,7 +820,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); } else { - memcpy(buf, oqsxkey->comp_privkey[i], oqsxkey->privkeylen_cmp[i]); + memcpy(buf, oqsxkey->comp_privkey[i], + oqsxkey->privkeylen_cmp[i]); } if (nid == EVP_PKEY_EC) { diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index add5200d..f8144b39 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -25,8 +25,8 @@ #include // TBD: Review what we really need/want: For now go with OSSL settings: -#define OSSL_MAX_NAME_SIZE 50 -#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +#define OSSL_MAX_NAME_SIZE 50 +#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ #define COMPOSITE_OID_PREFIX_LEN 26 #ifdef NDEBUG @@ -254,7 +254,7 @@ static const unsigned char *composite_OID_prefix[] = { void composite_prefix_conversion(char *out, const unsigned char *in) { int temp; - for (int i = 0; i < COMPOSITE_OID_PREFIRX_LEN / 2; i++) { + for (int i = 0; i < COMPOSITE_OID_PREFIX_LEN / 2; i++) { temp = OPENSSL_hexchar2int(in[2 * i]); temp = temp * 16; temp += OPENSSL_hexchar2int(in[2 * i + 1]); From 549ae3aea4ff6b19902f71f0086b7de9bdcdfed7 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 7 Mar 2024 16:16:46 -0600 Subject: [PATCH 158/164] buflen isnt always oqsxkey->privkeylen_cmp Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 6313aa62..7affdaa7 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -820,8 +820,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); } else { - memcpy(buf, oqsxkey->comp_privkey[i], - oqsxkey->privkeylen_cmp[i]); + memcpy(buf, oqsxkey->comp_privkey[i], buflen); } if (nid == EVP_PKEY_EC) { From 07cc594b9e1f61570f722fba6d84d51fdb90ed13 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 12 Mar 2024 13:22:15 -0500 Subject: [PATCH 159/164] implemented suggested changes and useful comments Signed-off-by: Felipe Ventura --- oqsprov/oqs_encode_key2any.c | 58 +++++++++++++++++++++++------- oqsprov/oqs_sig.c | 37 +++++++++++++++---- oqsprov/oqsprov.c | 17 ++++++--- oqsprov/oqsprov_keys.c | 70 ++++++++++++++++++++++-------------- 4 files changed, 132 insertions(+), 50 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 7affdaa7..b06e6138 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -766,7 +766,6 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(temp); OPENSSL_free(templen); PKCS8_PRIV_KEY_INFO_free(p8inf_internal); - OPENSSL_free(name); return -1; } @@ -813,6 +812,30 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) } buf = OPENSSL_secure_malloc(buflen); + if (buf == NULL) { + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + if (j < i) + OPENSSL_clear_free(temp[j], templen[j]); + } + + if (sk_ASN1_TYPE_num(sk) != -1) + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + else + ASN1_TYPE_free(aType[i]); + + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_free(name); + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + return -1; + } if (get_oqsname_fromtls(name) != 0) { // include pubkey in privkey for PQC memcpy(buf, oqsxkey->comp_privkey[i], @@ -820,10 +843,12 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) memcpy(buf + oqsxkey->privkeylen_cmp[i], oqsxkey->comp_pubkey[i], oqsxkey->pubkeylen_cmp[i]); } else { - memcpy(buf, oqsxkey->comp_privkey[i], buflen); + memcpy(buf, oqsxkey->comp_privkey[i], + buflen); // buflen for classical (RSA) might be different + // from oqsxkey->privkeylen_cmp[ } - if (nid == EVP_PKEY_EC) { + if (nid == EVP_PKEY_EC) { // add the curve OID with the ECPubkey OID version = V_ASN1_OBJECT; pval = OBJ_nid2obj( oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->nid); @@ -847,14 +872,22 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(aString); OPENSSL_free(temp); OPENSSL_free(templen); - OPENSSL_cleanse(buf, buflen); - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_cleanse( + buf, + buflen); // buf is part of p8inf_internal so we cant free + // now, we cleanse it to remove pkey from memory + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); // this also free buf return -1; } - templen[i] = i2d_PKCS8_PRIV_KEY_INFO(p8inf_internal, &temp[i]); - ASN1_STRING_set(aString[i], temp[i], templen[i]); - ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, aString[i]); + templen[i] = i2d_PKCS8_PRIV_KEY_INFO( + p8inf_internal, + &temp[i]); // create the privkey info for each individual key + ASN1_STRING_set(aString[i], temp[i], + templen[i]); // add privkey info as ASN1_STRING + ASN1_TYPE_set1(aType[i], V_ASN1_SEQUENCE, + aString[i]); // add the ASN1_STRING into a ANS1_TYPE + // so it can be added into the stack if (!sk_ASN1_TYPE_push(sk, aType[i])) { for (int j = 0; j <= i; j++) { @@ -871,8 +904,11 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) OPENSSL_free(aString); OPENSSL_free(temp); OPENSSL_free(templen); - OPENSSL_cleanse(buf, buflen); - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); + OPENSSL_cleanse( + buf, + buflen); // buf is part of p8inf_internal so we cant free + // now, we cleanse it to remove pkey from memory + PKCS8_PRIV_KEY_INFO_free(p8inf_internal); // this also free buf return -1; } OPENSSL_free(name); @@ -1694,7 +1730,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) for (i = 0; i < okey->numkeys; i++) { if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; } @@ -1760,7 +1795,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) for (i = 0; i < okey->numkeys; i++) { if ((name = get_cmpname(OBJ_sn2nid(okey->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_KEY); return 0; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index f8144b39..ba7e56bf 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -215,7 +215,7 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, } // this list need to be in order of the last number on the OID from the -// composite +// composite, the len of each value is COMPOSITE_OID_PREFIX_LEN static const unsigned char *composite_OID_prefix[] = { "060B6086480186FA6B50080101", // mldsa44_pss2048 // id-MLDSA44-RSA2048-PSS-SHA256 @@ -251,6 +251,7 @@ static const unsigned char *composite_OID_prefix[] = { }; +/*put the chars on in into memory on out*/ void composite_prefix_conversion(char *out, const unsigned char *in) { int temp; @@ -389,13 +390,19 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (is_composite) { unsigned char *buf; - CompositeSignature *compsig = CompositeSignature_new(); int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); + if (comp_idx == -1) + goto endsign; const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; char *final_tbs; - size_t final_tbslen = COMPOSITE_OID_PREFIX_LEN / 2; + CompositeSignature *compsig = CompositeSignature_new(); + size_t final_tbslen + = COMPOSITE_OID_PREFIX_LEN + / 2; // COMPOSITE_OID_PREFIX_LEN stores the size of the *char, but + // the prefix will be on memory, so each 2 chars will + // translate into one byte int aux = 0; unsigned char *tbs_hash; @@ -405,7 +412,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, char *upcase_name; if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); + CompositeSignature_free(compsig); goto endsign; } upcase_name = get_oqsname_fromtls(name); @@ -433,6 +440,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, break; default: ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); goto endsign; } final_tbs = OPENSSL_malloc(final_tbslen); @@ -446,7 +454,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, char *name; if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); goto endsign; } @@ -458,6 +467,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -481,6 +492,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, final_tbs, final_tbslen) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); EVP_MD_CTX_free(evp_ctx); OPENSSL_free(buf); @@ -493,6 +506,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, == NULL || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -509,6 +524,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -520,6 +537,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, RSA_PKCS1_PADDING) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -544,6 +563,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -553,6 +574,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, ->evp_info->length_signature) { /* sig is bigger than expected */ ERR_raise(ERR_LIB_USER, OQSPROV_R_BUFFER_LENGTH_WRONG); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); OPENSSL_free(name); OPENSSL_free(buf); goto endsign; @@ -696,6 +719,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); + if (comp_idx == -1) + goto endverify; unsigned char *buf; size_t buf_len; const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; @@ -716,7 +741,6 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, char *upcase_name; if ((name = get_cmpname(nid, i)) == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); - OPENSSL_free(name); CompositeSignature_free(compsig); goto endverify; } @@ -766,7 +790,6 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, char *name; if ((name = get_cmpname(nid, i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); CompositeSignature_free(compsig); OPENSSL_free(final_tbs); diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b5f19eba..e11ef16b 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -8,6 +8,7 @@ */ #include "oqs_prov.h" +#include #include #include #include @@ -1178,10 +1179,12 @@ static const OSSL_ALGORITHM oqsprovider_decoder[] = { // get the last number on the composite OID int get_composite_idx(int idx) { - char *token, *s; - int i, len, count = 0; + char *s; + int i, len, ret = -1, count = 0; - s = oqs_oid_alg_list[idx * 2]; + if (2 * idx > OQS_OID_CNT) + return 0; + s = (char *)oqs_oid_alg_list[idx * 2]; len = strlen(s); for (i = 0; i < len; i++) { @@ -1189,10 +1192,14 @@ int get_composite_idx(int idx) count += 1; } if (count == 8) { // 8 dots in composite OID - return atoi(s + i + 1); + errno = 0; + ret = strtol(s + i + 1, NULL, 10); + if (errno == ERANGE) + ret = -1; + break; } } - return 0; + return ret; } static const OSSL_PARAM *oqsprovider_gettable_params(void *provctx) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 502a082c..95329458 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -668,7 +668,6 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; } @@ -710,8 +709,9 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); + OPENSSL_secure_clear_free(temp_priv, temp_priv_len); + OPENSSL_secure_clear_free(temp_pub, temp_pub_len); goto err_key_op; } if (get_oqsname_fromtls(name) == 0) { // classical key @@ -876,7 +876,6 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } @@ -918,7 +917,6 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op) char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto rec_err; } @@ -1081,27 +1079,33 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, return NULL; } else { count = sk_ASN1_TYPE_num(sk); - concat_key = OPENSSL_zalloc(plen); + concat_key + = OPENSSL_zalloc(plen); // concat_key is allocated with plen, + // which is the max value for pubkey aux = 0; for (i = 0; i < count; i++) { - aType = sk_ASN1_TYPE_pop(sk); + aType + = sk_ASN1_TYPE_pop(sk); // this remove in FILO order, but we + // need this in the opposite order buf = aType->value.sequence->data; buflen = aType->value.sequence->length; aux += buflen; - memcpy(concat_key + plen - 1 - aux, buf, buflen); + memcpy(concat_key + plen - 1 - aux, buf, + buflen); // fill concat_key starting at the end ASN1_TYPE_free(aType); } - p = OPENSSL_memdup(concat_key + plen - 1 - aux, aux); + p = OPENSSL_memdup(concat_key + plen - 1 - aux, + aux); // copy used memory on concat_key to p OPENSSL_clear_free(concat_key, plen); - plen = aux; + plen = aux; // update plen value sk_ASN1_TYPE_free(sk); } } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) - OPENSSL_clear_free(p, plen); + OPENSSL_clear_free((void *)p, plen); return oqsx; } @@ -1115,7 +1119,8 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, const X509_ALGOR *palg; STACK_OF(ASN1_TYPE) *sk = NULL; ASN1_TYPE *aType = NULL; - unsigned char *concat_key, *buf; + unsigned char *concat_key; + const unsigned char *buf; int count, aux, i, buflen, key_diff = 0; if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) @@ -1146,14 +1151,15 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, aux = 0; for (i = 0; i < count; i++) { - aType = sk_ASN1_TYPE_pop(sk); + aType + = sk_ASN1_TYPE_pop(sk); // this remove in FILO order, but we + // need this in the opposite order p8inf_internal = PKCS8_PRIV_KEY_INFO_new(); nid = 0; char *name; if ((name = get_cmpname(OBJ_obj2nid(palg->algorithm), count - 1 - i)) == NULL) { - OPENSSL_free(name); ASN1_TYPE_free(aType); OPENSSL_clear_free(concat_key, plen); PKCS8_PRIV_KEY_INFO_free(p8inf_internal); @@ -1184,7 +1190,10 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, nid = OBJ_obj2nid(palg_internal->parameter->value.object); for (j = 0; j < OSSL_NELEM(nids_sig); j++) { if ((nids_sig[j].nid == nid) - && (nids_sig[j].length_private_key > buflen)) { + && (nids_sig[j].length_private_key + > buflen)) { // check if the curve is the same + // and if the key len is smaller + // than the max key size EVP_PKEY *ec_pkey; OSSL_PARAM params[3]; int include_pub = 1; @@ -1194,8 +1203,8 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (buflen != nids_sig[j].kex_length_secret - + 7) { // no ECParameter and no - // Pubkey + + 7) { // no OPTIONAL ECParameter and no + // OPTIONAL Pubkey OPENSSL_free(name); ASN1_TYPE_free(aType); PKCS8_PRIV_KEY_INFO_free(p8inf_internal); @@ -1204,25 +1213,34 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, return NULL; } ec_pkey = EVP_PKEY_new(); - d2i_PrivateKey(EVP_PKEY_EC, &ec_pkey, &buf3, - aType->value.sequence->length); + d2i_PrivateKey( + EVP_PKEY_EC, &ec_pkey, &buf3, + aType->value.sequence + ->length); // create a new EVP_PKEY using ec + // priv key + // set parameters for the new priv key format params[0] = OSSL_PARAM_construct_int( OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, - &include_pub); + &include_pub); // add pubkey to priv key params[1] = OSSL_PARAM_construct_utf8_string( OSSL_PKEY_PARAM_EC_ENCODING, - OSSL_PKEY_EC_ENCODING_GROUP, 0); + OSSL_PKEY_EC_ENCODING_GROUP, + 0); // add ECParam to the priv key params[2] = OSSL_PARAM_construct_end(); EVP_PKEY_set_params(ec_pkey, params); buf4 = OPENSSL_malloc( nids_sig[j].length_private_key); buf5 = buf4; - buflen = i2d_PrivateKey(ec_pkey, &buf5); + buflen = i2d_PrivateKey( + ec_pkey, + &buf5); // encode priv key including parameters aux += buflen; - memcpy(concat_key + plen - 1 - aux, buf4, buflen); + memcpy( + concat_key + plen - 1 - aux, buf4, + buflen); // fill concat_key starting at the end EVP_PKEY_free(ec_pkey); OPENSSL_clear_free(buf4, buflen); @@ -1246,7 +1264,8 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (!nid) { aux += buflen; - memcpy(concat_key + plen - 1 - aux, buf, buflen); + memcpy(concat_key + plen - 1 - aux, buf, + buflen); // fill concat_key starting at the end } OPENSSL_free(name); @@ -1265,7 +1284,8 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { ASN1_OCTET_STRING_free(oct); } else { - OPENSSL_clear_free(p, plen); + OPENSSL_clear_free((void *)p, + plen); // for COMPOSITE p include both privkey } return oqsx; } @@ -1439,7 +1459,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, for (i = 0; i < ret->numkeys; i++) { char *name; if ((name = get_cmpname(OBJ_sn2nid(tls_name), i)) == NULL) { - OPENSSL_free(name); ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } @@ -1803,7 +1822,6 @@ int oqsx_key_gen(OQSX_KEY *key) for (i = 0; i < key->numkeys; i++) { char *name; if ((name = get_cmpname(OBJ_sn2nid(key->tls_name), i)) == NULL) { - OPENSSL_free(name); ON_ERR_GOTO(ret, err_gen); } if (get_oqsname_fromtls(name) == 0) { From f75e4ea7253cdc91a452ccd261780a2fe3008134 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Tue, 12 Mar 2024 14:30:33 -0500 Subject: [PATCH 160/164] fix casting Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 95329458..7c6721d5 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1105,7 +1105,7 @@ OQSX_KEY *oqsx_key_from_x509pubkey(const X509_PUBKEY *xpk, OSSL_LIB_CTX *libctx, } oqsx = oqsx_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); if (get_keytype(OBJ_obj2nid(palg->algorithm)) == KEY_TYPE_CMP_SIG) - OPENSSL_clear_free((void *)p, plen); + OPENSSL_clear_free((unsigned char *)p, plen); return oqsx; } @@ -1284,7 +1284,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { ASN1_OCTET_STRING_free(oct); } else { - OPENSSL_clear_free((void *)p, + OPENSSL_clear_free((unsigned char *)p, plen); // for COMPOSITE p include both privkey } return oqsx; From 11d156b1f0de7ec5dac3206f85d6d7cbaa996ab5 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Sat, 16 Mar 2024 20:01:12 -0500 Subject: [PATCH 161/164] generated and formated all methods Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 3 +++ README.md | 2 +- oqsprov/oqsprov.c | 18 ++++++------------ scripts/common.py | 2 ++ 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index afed6804..da839eef 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -166,6 +166,9 @@ adapting the OIDs of all supported signature algorithms as per the table below. | mldsa65_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_MLDSA65_ed25519 | mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87 | p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87 +| mldsa87_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_MLDSA87_p384 +| mldsa87_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_MLDSA87_bp384 +| mldsa87_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_MLDSA87_ed448 | falcon512 | 1.3.9999.3.11 |Yes| OQS_OID_FALCON512 | p256_falcon512 | 1.3.9999.3.12 |Yes| OQS_OID_P256_FALCON512 | rsa3072_falcon512 | 1.3.9999.3.13 |Yes| OQS_OID_RSA3072_FALCON512 diff --git a/README.md b/README.md index 2f515312..b011ad2c 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ This implementation makes available the following quantum safe algorithms: ### Signature algorithms - **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\* -- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\* +- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\* - **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falconpadded512`\*, `p256_falconpadded512`\*, `rsa3072_falconpadded512`\*, `falcon1024`\*, `p521_falcon1024`\*, `falconpadded1024`\*, `p521_falconpadded1024`\* - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index e11ef16b..ef494b93 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -539,21 +539,15 @@ int oqs_patch_encodings(void) = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_MLDSA44")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_MLDSA44"); - oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_MLDSA44"); if (getenv("OQS_ENCODING_MLDSA44_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_MLDSA44_ALGNAME"); - oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_MLDSA44_ALGNAME"); if (getenv("OQS_ENCODING_P256_MLDSA44")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_MLDSA44"); - oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_MLDSA44"); if (getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"); - oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_MLDSA44_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_MLDSA44")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_MLDSA44"); - oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_MLDSA44"); if (getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME")) - oqs_alg_encoding_list[19] oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_RSA3072_MLDSA44_ALGNAME"); if (getenv("OQS_ENCODING_MLDSA44_PSS2048")) @@ -635,18 +629,18 @@ int oqs_patch_encodings(void) oqs_alg_encoding_list[53] = getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512")) - oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_FALCON512"); + oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_FALCON512"); if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) - oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); + oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_P256_FALCON512")) - oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_P256_FALCON512"); + oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_P256_FALCON512"); if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) - oqs_alg_encoding_list[31] + oqs_alg_encoding_list[57] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_FALCON512")) - oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_RSA3072_FALCON512"); + oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_RSA3072_FALCON512"); if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) - oqs_alg_encoding_list[33] + oqs_alg_encoding_list[59] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_FALCONPADDED512")) oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_FALCONPADDED512"); diff --git a/scripts/common.py b/scripts/common.py index 70e66d2d..98716939 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -19,6 +19,8 @@ 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falconpadded512','falcon1024','falconpadded1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple', # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p256_falconpadded512','rsa3072_falconpadded512','p521_falcon1024','p521_falconpadded1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple', + # post-quantum + classical signatures (COMPOSITE) + 'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END ] From 0fa7382a8da24f7a753929448d3bad623814766d Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Sat, 16 Mar 2024 20:05:03 -0500 Subject: [PATCH 162/164] fixed rebase diff Signed-off-by: Felipe Ventura --- oqsprov/oqsprov_keys.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 7c6721d5..23e95267 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1330,6 +1330,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); + ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) { fprintf( @@ -1369,6 +1370,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_privkey = OPENSSL_malloc(sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(sizeof(void *)); ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); + ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL; ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name); if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) { fprintf( @@ -1610,7 +1612,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) aux = SIZE_OF_UINT32; if (!key->privkey && include_private) { - key->privkey = OPENSSL_secure_zalloc(key->privkeylen); + key->privkey = OPENSSL_secure_zalloc(key->privkeylen + aux); ON_ERR_SET_GOTO(!key->privkey, ret, 1, err_alloc); } if (!key->pubkey && !include_private) { @@ -1807,7 +1809,7 @@ int oqsx_key_gen(OQSX_KEY *key) || key->keytype == KEY_TYPE_ECX_HYB_KEM || key->keytype == KEY_TYPE_HYB_SIG) { pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx, - key->pubkey, key->privkey); + key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey == NULL, err_gen); ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err_gen); From d6eedfb6df5afedae2078229f3f04ce9667bf4af Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Sat, 16 Mar 2024 23:41:11 -0500 Subject: [PATCH 163/164] solve conflicts Signed-off-by: Felipe Ventura --- oqsprov/oqs_decode_der2key.c | 55 --- oqsprov/oqs_kmgmt.c | 50 --- oqsprov/oqsdecoders.inc | 217 ------------ oqsprov/oqsencoders.inc | 654 ----------------------------------- oqsprov/oqsprov.c | 390 --------------------- oqsprov/oqsprov_keys.c | 130 ------- 6 files changed, 1496 deletions(-) diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 4bedc2c8..99093ffa 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -492,12 +492,10 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) * It takes the following arguments: * * oqskemhyb Possible prefix for OQS KEM hybrids; typically empty - * oqskemhyb Possible prefix for OQS KEM hybrids; typically empty * keytype_name The implementation key type as a string. * keytype The implementation key type. This must correspond exactly * to our existing keymgmt keytype names... in other words, * there must exist an oqs_##keytype##_keymgmt_functions. - * there must exist an oqs_##keytype##_keymgmt_functions. * type The type name for the set of functions that implement the * decoder for the key type. This isn't necessarily the same * as keytype. For example, the key types ed25519, ed448, @@ -508,34 +506,6 @@ static void oqsx_key_adjust(void *key, struct der2key_ctx_st *ctx) * structure. */ // reverted const to be able to change NID/evp_type after assignment -#define MAKE_DECODER(oqskemhyb, keytype_name, keytype, type, kind) \ - static struct keytype_desc_st kind##_##keytype##_desc \ - = {keytype_name, oqs##oqskemhyb##_##keytype##_keymgmt_functions, \ - DO_##kind(keytype)}; \ - \ - static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ - \ - static void *kind##_der2##keytype##_newctx(void *provctx) \ - { \ - OQS_DEC_PRINTF("OQS DEC provider: _newctx called.\n"); \ - return der2key_newctx(provctx, &kind##_##keytype##_desc, \ - keytype_name); \ - } \ - static int kind##_der2##keytype##_does_selection(void *provctx, \ - int selection) \ - { \ - OQS_DEC_PRINTF("OQS DEC provider: _does_selection called.\n"); \ - return der2key_check_selection(selection, &kind##_##keytype##_desc); \ - } \ - const OSSL_DISPATCH oqs_##kind##_der_to_##keytype##_decoder_functions[] \ - = {{OSSL_FUNC_DECODER_NEWCTX, \ - (void (*)(void))kind##_der2##keytype##_newctx}, \ - {OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2key_freectx}, \ - {OSSL_FUNC_DECODER_DOES_SELECTION, \ - (void (*)(void))kind##_der2##keytype##_does_selection}, \ - {OSSL_FUNC_DECODER_DECODE, (void (*)(void))oqs_der2key_decode}, \ - {OSSL_FUNC_DECODER_EXPORT_OBJECT, \ - (void (*)(void))der2key_export_object}, \ #define MAKE_DECODER(oqskemhyb, keytype_name, keytype, type, kind) \ static struct keytype_desc_st kind##_##keytype##_desc \ = {keytype_name, oqs##oqskemhyb##_##keytype##_keymgmt_functions, \ @@ -798,77 +768,52 @@ MAKE_DECODER(, "p521_falcon1024", p521_falcon1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "falconpadded1024", falconpadded1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "falconpadded1024", falconpadded1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, - PrivateKeyInfo); -MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_falconpadded1024", p521_falconpadded1024, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, MAKE_DECODER(, "sphincssha2128fsimple", sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, MAKE_DECODER(, "p256_sphincssha2128fsimple", p256_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, MAKE_DECODER(, "rsa3072_sphincssha2128fsimple", rsa3072_sphincssha2128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, MAKE_DECODER(, "sphincssha2128ssimple", sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, MAKE_DECODER(, "p256_sphincssha2128ssimple", p256_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, MAKE_DECODER(, "rsa3072_sphincssha2128ssimple", rsa3072_sphincssha2128ssimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, MAKE_DECODER(, "sphincssha2192fsimple", sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, MAKE_DECODER(, "p384_sphincssha2192fsimple", p384_sphincssha2192fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, MAKE_DECODER(, "sphincsshake128fsimple", sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, MAKE_DECODER(, "p256_sphincsshake128fsimple", p256_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, PrivateKeyInfo); -MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, MAKE_DECODER(, "rsa3072_sphincsshake128fsimple", rsa3072_sphincsshake128fsimple, oqsx, SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 9c31df3b..7c5f870e 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -139,11 +139,6 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) return 0; } - if (key1 == NULL || key2 == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - return 0; - } - #ifdef NOPUBKEY_IN_PRIVKEY /* Now this is a "leap of faith" logic: If a public-only PKEY and a * private-only PKEY are tested for equality we cannot do anything other @@ -170,9 +165,7 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) || (key1->privkey != NULL && key2->privkey == NULL) || ((key1->tls_name != NULL && key2->tls_name != NULL) && strcmp(key1->tls_name, key2->tls_name))) { - && strcmp(key1->tls_name, key2->tls_name))) { ok = 0; - } else { } else { ok = ((key1->privkey == NULL && key2->privkey == NULL) || ((key1->privkey != NULL) @@ -180,7 +173,6 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) key1->privkeylen) == 0)); } - } } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { @@ -188,7 +180,6 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) || (key1->pubkey != NULL && key2->pubkey == NULL) || ((key1->tls_name != NULL && key2->tls_name != NULL) && strcmp(key1->tls_name, key2->tls_name))) { - && strcmp(key1->tls_name, key2->tls_name))) { // special case now: If domain parameter matching requested, // consider private key match sufficient: ok = ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) @@ -196,7 +187,6 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) && (CRYPTO_memcmp(key1->privkey, key2->privkey, key1->privkeylen) == 0); - } else { } else { ok = ok && ((key1->pubkey == NULL && key2->pubkey == NULL) @@ -205,7 +195,6 @@ static int oqsx_match(const void *keydata1, const void *keydata2, int selection) key1->pubkeylen) == 0)); } - } } if (!ok) OQS_KM_PRINTF("OQSKEYMGMT: match failed!\n"); @@ -275,7 +264,6 @@ int oqsx_key_to_params(const OQSX_KEY *key, OSSL_PARAM_BLD *tmpl, } } // not passing in params to respond to is no error; the response is empty - // not passing in params to respond to is no error; the response is empty ret = 1; err: return ret; @@ -296,8 +284,6 @@ static int oqsx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, * In this implementation, only public and private keys can be exported, * nothing else */ - if (key == NULL || param_cb == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); if (key == NULL || param_cb == NULL) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); return 0; @@ -353,11 +339,6 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[]) return 0; } - if (oqsxk == NULL || params == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - return 0; - } - OQS_KM_PRINTF2("OQSKEYMGMT: get_params called for %s\n", params[0].key); if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, oqsx_key_secbits(oqsxk))) @@ -404,7 +385,6 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[]) return 0; } - // not passing in params to respond to is no error // not passing in params to respond to is no error return 1; } @@ -448,10 +428,6 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[]) ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); return 0; } - if (oqsxkey == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - return 0; - } p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { size_t used_len; @@ -484,7 +460,6 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[]) } } - // not passing in params to set is no error, just a no-op // not passing in params to set is no error, just a no-op return 1; } @@ -530,8 +505,6 @@ static void *oqsx_genkey(struct oqsx_gen_ctx *gctx) return NULL; OQS_KM_PRINTF3("OQSKEYMGMT: gen called for %s (%s)\n", gctx->oqs_name, gctx->tls_name); - OQS_KM_PRINTF3("OQSKEYMGMT: gen called for %s (%s)\n", gctx->oqs_name, - gctx->tls_name); if ((key = oqsx_key_new(gctx->libctx, gctx->oqs_name, gctx->tls_name, gctx->primitive, gctx->propq, gctx->bit_security, gctx->alg_idx)) @@ -618,7 +591,6 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; } // not passing in params is no error; subsequent operations may fail, though - // not passing in params is no error; subsequent operations may fail, though return 1; } @@ -1368,15 +1340,10 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falcon512) MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded512) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falconpadded512) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falconpadded512) -MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded512) -MAKE_SIG_KEYMGMT_FUNCTIONS(p256_falconpadded512) -MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_falconpadded512) MAKE_SIG_KEYMGMT_FUNCTIONS(falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falcon1024) MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded1024) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falconpadded1024) -MAKE_SIG_KEYMGMT_FUNCTIONS(falconpadded1024) -MAKE_SIG_KEYMGMT_FUNCTIONS(p521_falconpadded1024) MAKE_SIG_KEYMGMT_FUNCTIONS(sphincssha2128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(p256_sphincssha2128fsimple) MAKE_SIG_KEYMGMT_FUNCTIONS(rsa3072_sphincssha2128fsimple) @@ -1456,23 +1423,6 @@ MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_mlkem768, OQS_KEM_alg_ml_kem_768, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem768, OQS_KEM_alg_ml_kem_768, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem1024, OQS_KEM_alg_ml_kem_1024, 192) -MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem512, OQS_KEM_alg_ml_kem_512, 128) - -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem512, OQS_KEM_alg_ml_kem_512, 128) - -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_mlkem512, OQS_KEM_alg_ml_kem_512, 128) -MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem768, OQS_KEM_alg_ml_kem_768, 192) - -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem768, OQS_KEM_alg_ml_kem_768, 192) - -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x448_mlkem768, OQS_KEM_alg_ml_kem_768, 192) - -MAKE_KEM_ECX_KEYMGMT_FUNCTIONS(x25519_mlkem768, OQS_KEM_alg_ml_kem_768, 128) -MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem768, OQS_KEM_alg_ml_kem_768, 128) -MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) - MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem1024, OQS_KEM_alg_ml_kem_1024, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(bikel1, OQS_KEM_alg_bike_l1, 128) diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index e61ddba3..f9d9fc4d 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -226,200 +226,7 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), #endif /* OQS_KEM_ENCODERS */ -#ifdef OQS_KEM_ENCODERS - -# ifdef OQS_ENABLE_KEM_frodokem_640_aes -DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), - DECODER_w_structure("frodo640aes", der, SubjectPublicKeyInfo, frodo640aes), - DECODER_w_structure("p256_frodo640aes", der, PrivateKeyInfo, - p256_frodo640aes), - DECODER_w_structure("p256_frodo640aes", der, SubjectPublicKeyInfo, - p256_frodo640aes), - DECODER_w_structure("x25519_frodo640aes", der, PrivateKeyInfo, - x25519_frodo640aes), - DECODER_w_structure("x25519_frodo640aes", der, SubjectPublicKeyInfo, - x25519_frodo640aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_640_shake - DECODER_w_structure("frodo640shake", der, PrivateKeyInfo, frodo640shake), - DECODER_w_structure("frodo640shake", der, SubjectPublicKeyInfo, - frodo640shake), - DECODER_w_structure("p256_frodo640shake", der, PrivateKeyInfo, - p256_frodo640shake), - DECODER_w_structure("p256_frodo640shake", der, SubjectPublicKeyInfo, - p256_frodo640shake), - DECODER_w_structure("x25519_frodo640shake", der, PrivateKeyInfo, - x25519_frodo640shake), - DECODER_w_structure("x25519_frodo640shake", der, SubjectPublicKeyInfo, - x25519_frodo640shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_aes - DECODER_w_structure("frodo976aes", der, PrivateKeyInfo, frodo976aes), - DECODER_w_structure("frodo976aes", der, SubjectPublicKeyInfo, frodo976aes), - DECODER_w_structure("p384_frodo976aes", der, PrivateKeyInfo, - p384_frodo976aes), - DECODER_w_structure("p384_frodo976aes", der, SubjectPublicKeyInfo, - p384_frodo976aes), - DECODER_w_structure("x448_frodo976aes", der, PrivateKeyInfo, - x448_frodo976aes), - DECODER_w_structure("x448_frodo976aes", der, SubjectPublicKeyInfo, - x448_frodo976aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_shake - DECODER_w_structure("frodo976shake", der, PrivateKeyInfo, frodo976shake), - DECODER_w_structure("frodo976shake", der, SubjectPublicKeyInfo, - frodo976shake), - DECODER_w_structure("p384_frodo976shake", der, PrivateKeyInfo, - p384_frodo976shake), - DECODER_w_structure("p384_frodo976shake", der, SubjectPublicKeyInfo, - p384_frodo976shake), - DECODER_w_structure("x448_frodo976shake", der, PrivateKeyInfo, - x448_frodo976shake), - DECODER_w_structure("x448_frodo976shake", der, SubjectPublicKeyInfo, - x448_frodo976shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_aes - DECODER_w_structure("frodo1344aes", der, PrivateKeyInfo, frodo1344aes), - DECODER_w_structure("frodo1344aes", der, SubjectPublicKeyInfo, - frodo1344aes), - DECODER_w_structure("p521_frodo1344aes", der, PrivateKeyInfo, - p521_frodo1344aes), - DECODER_w_structure("p521_frodo1344aes", der, SubjectPublicKeyInfo, - p521_frodo1344aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_shake - DECODER_w_structure("frodo1344shake", der, PrivateKeyInfo, frodo1344shake), - DECODER_w_structure("frodo1344shake", der, SubjectPublicKeyInfo, - frodo1344shake), - DECODER_w_structure("p521_frodo1344shake", der, PrivateKeyInfo, - p521_frodo1344shake), - DECODER_w_structure("p521_frodo1344shake", der, SubjectPublicKeyInfo, - p521_frodo1344shake), -# endif -# ifdef OQS_ENABLE_KEM_kyber_512 - DECODER_w_structure("kyber512", der, PrivateKeyInfo, kyber512), - DECODER_w_structure("kyber512", der, SubjectPublicKeyInfo, kyber512), - DECODER_w_structure("p256_kyber512", der, PrivateKeyInfo, p256_kyber512), - DECODER_w_structure("p256_kyber512", der, SubjectPublicKeyInfo, - p256_kyber512), - DECODER_w_structure("x25519_kyber512", der, PrivateKeyInfo, - x25519_kyber512), - DECODER_w_structure("x25519_kyber512", der, SubjectPublicKeyInfo, - x25519_kyber512), -# endif -# ifdef OQS_ENABLE_KEM_kyber_768 - DECODER_w_structure("kyber768", der, PrivateKeyInfo, kyber768), - DECODER_w_structure("kyber768", der, SubjectPublicKeyInfo, kyber768), - DECODER_w_structure("p384_kyber768", der, PrivateKeyInfo, p384_kyber768), - DECODER_w_structure("p384_kyber768", der, SubjectPublicKeyInfo, - p384_kyber768), - DECODER_w_structure("x448_kyber768", der, PrivateKeyInfo, x448_kyber768), - DECODER_w_structure("x448_kyber768", der, SubjectPublicKeyInfo, - x448_kyber768), - DECODER_w_structure("x25519_kyber768", der, PrivateKeyInfo, - x25519_kyber768), - DECODER_w_structure("x25519_kyber768", der, SubjectPublicKeyInfo, - x25519_kyber768), - DECODER_w_structure("p256_kyber768", der, PrivateKeyInfo, p256_kyber768), - DECODER_w_structure("p256_kyber768", der, SubjectPublicKeyInfo, - p256_kyber768), -# endif -# ifdef OQS_ENABLE_KEM_kyber_1024 - DECODER_w_structure("kyber1024", der, PrivateKeyInfo, kyber1024), - DECODER_w_structure("kyber1024", der, SubjectPublicKeyInfo, kyber1024), - DECODER_w_structure("p521_kyber1024", der, PrivateKeyInfo, p521_kyber1024), - DECODER_w_structure("p521_kyber1024", der, SubjectPublicKeyInfo, - p521_kyber1024), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_512 - DECODER_w_structure("mlkem512", der, PrivateKeyInfo, mlkem512), - DECODER_w_structure("mlkem512", der, SubjectPublicKeyInfo, mlkem512), - DECODER_w_structure("p256_mlkem512", der, PrivateKeyInfo, p256_mlkem512), - DECODER_w_structure("p256_mlkem512", der, SubjectPublicKeyInfo, - p256_mlkem512), - DECODER_w_structure("x25519_mlkem512", der, PrivateKeyInfo, - x25519_mlkem512), - DECODER_w_structure("x25519_mlkem512", der, SubjectPublicKeyInfo, - x25519_mlkem512), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_768 - DECODER_w_structure("mlkem768", der, PrivateKeyInfo, mlkem768), - DECODER_w_structure("mlkem768", der, SubjectPublicKeyInfo, mlkem768), - DECODER_w_structure("p384_mlkem768", der, PrivateKeyInfo, p384_mlkem768), - DECODER_w_structure("p384_mlkem768", der, SubjectPublicKeyInfo, - p384_mlkem768), - DECODER_w_structure("x448_mlkem768", der, PrivateKeyInfo, x448_mlkem768), - DECODER_w_structure("x448_mlkem768", der, SubjectPublicKeyInfo, - x448_mlkem768), - DECODER_w_structure("x25519_mlkem768", der, PrivateKeyInfo, - x25519_mlkem768), - DECODER_w_structure("x25519_mlkem768", der, SubjectPublicKeyInfo, - x25519_mlkem768), - DECODER_w_structure("p256_mlkem768", der, PrivateKeyInfo, p256_mlkem768), - DECODER_w_structure("p256_mlkem768", der, SubjectPublicKeyInfo, - p256_mlkem768), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_1024 - DECODER_w_structure("mlkem1024", der, PrivateKeyInfo, mlkem1024), - DECODER_w_structure("mlkem1024", der, SubjectPublicKeyInfo, mlkem1024), - DECODER_w_structure("p521_mlkem1024", der, PrivateKeyInfo, p521_mlkem1024), - DECODER_w_structure("p521_mlkem1024", der, SubjectPublicKeyInfo, - p521_mlkem1024), - DECODER_w_structure("p384_mlkem1024", der, PrivateKeyInfo, p384_mlkem1024), - DECODER_w_structure("p384_mlkem1024", der, SubjectPublicKeyInfo, - p384_mlkem1024), -# endif -# ifdef OQS_ENABLE_KEM_bike_l1 - DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), - DECODER_w_structure("bikel1", der, SubjectPublicKeyInfo, bikel1), - DECODER_w_structure("p256_bikel1", der, PrivateKeyInfo, p256_bikel1), - DECODER_w_structure("p256_bikel1", der, SubjectPublicKeyInfo, p256_bikel1), - DECODER_w_structure("x25519_bikel1", der, PrivateKeyInfo, x25519_bikel1), - DECODER_w_structure("x25519_bikel1", der, SubjectPublicKeyInfo, - x25519_bikel1), -# endif -# ifdef OQS_ENABLE_KEM_bike_l3 - DECODER_w_structure("bikel3", der, PrivateKeyInfo, bikel3), - DECODER_w_structure("bikel3", der, SubjectPublicKeyInfo, bikel3), - DECODER_w_structure("p384_bikel3", der, PrivateKeyInfo, p384_bikel3), - DECODER_w_structure("p384_bikel3", der, SubjectPublicKeyInfo, p384_bikel3), - DECODER_w_structure("x448_bikel3", der, PrivateKeyInfo, x448_bikel3), - DECODER_w_structure("x448_bikel3", der, SubjectPublicKeyInfo, x448_bikel3), -# endif -# ifdef OQS_ENABLE_KEM_bike_l5 - DECODER_w_structure("bikel5", der, PrivateKeyInfo, bikel5), - DECODER_w_structure("bikel5", der, SubjectPublicKeyInfo, bikel5), - DECODER_w_structure("p521_bikel5", der, PrivateKeyInfo, p521_bikel5), - DECODER_w_structure("p521_bikel5", der, SubjectPublicKeyInfo, p521_bikel5), -# endif -# ifdef OQS_ENABLE_KEM_hqc_128 - DECODER_w_structure("hqc128", der, PrivateKeyInfo, hqc128), - DECODER_w_structure("hqc128", der, SubjectPublicKeyInfo, hqc128), - DECODER_w_structure("p256_hqc128", der, PrivateKeyInfo, p256_hqc128), - DECODER_w_structure("p256_hqc128", der, SubjectPublicKeyInfo, p256_hqc128), - DECODER_w_structure("x25519_hqc128", der, PrivateKeyInfo, x25519_hqc128), - DECODER_w_structure("x25519_hqc128", der, SubjectPublicKeyInfo, - x25519_hqc128), -# endif -# ifdef OQS_ENABLE_KEM_hqc_192 - DECODER_w_structure("hqc192", der, PrivateKeyInfo, hqc192), - DECODER_w_structure("hqc192", der, SubjectPublicKeyInfo, hqc192), - DECODER_w_structure("p384_hqc192", der, PrivateKeyInfo, p384_hqc192), - DECODER_w_structure("p384_hqc192", der, SubjectPublicKeyInfo, p384_hqc192), - DECODER_w_structure("x448_hqc192", der, PrivateKeyInfo, x448_hqc192), - DECODER_w_structure("x448_hqc192", der, SubjectPublicKeyInfo, x448_hqc192), -# endif -# ifdef OQS_ENABLE_KEM_hqc_256 - DECODER_w_structure("hqc256", der, PrivateKeyInfo, hqc256), - DECODER_w_structure("hqc256", der, SubjectPublicKeyInfo, hqc256), - DECODER_w_structure("p521_hqc256", der, PrivateKeyInfo, p521_hqc256), - DECODER_w_structure("p521_hqc256", der, SubjectPublicKeyInfo, p521_hqc256), -# endif - -#endif /* OQS_KEM_ENCODERS */ - #ifdef OQS_ENABLE_SIG_dilithium_2 - DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), DECODER_w_structure("dilithium2", der, PrivateKeyInfo, dilithium2), DECODER_w_structure("dilithium2", der, SubjectPublicKeyInfo, dilithium2), DECODER_w_structure("p256_dilithium2", der, PrivateKeyInfo, @@ -542,20 +349,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("rsa3072_falconpadded512", der, SubjectPublicKeyInfo, rsa3072_falconpadded512), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_512 - DECODER_w_structure("falconpadded512", der, PrivateKeyInfo, - falconpadded512), - DECODER_w_structure("falconpadded512", der, SubjectPublicKeyInfo, - falconpadded512), - DECODER_w_structure("p256_falconpadded512", der, PrivateKeyInfo, - p256_falconpadded512), - DECODER_w_structure("p256_falconpadded512", der, SubjectPublicKeyInfo, - p256_falconpadded512), - DECODER_w_structure("rsa3072_falconpadded512", der, PrivateKeyInfo, - rsa3072_falconpadded512), - DECODER_w_structure("rsa3072_falconpadded512", der, SubjectPublicKeyInfo, - rsa3072_falconpadded512), -#endif #ifdef OQS_ENABLE_SIG_falcon_1024 DECODER_w_structure("falcon1024", der, PrivateKeyInfo, falcon1024), DECODER_w_structure("falcon1024", der, SubjectPublicKeyInfo, falcon1024), @@ -574,16 +367,6 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_falconpadded1024", der, SubjectPublicKeyInfo, p521_falconpadded1024), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_1024 - DECODER_w_structure("falconpadded1024", der, PrivateKeyInfo, - falconpadded1024), - DECODER_w_structure("falconpadded1024", der, SubjectPublicKeyInfo, - falconpadded1024), - DECODER_w_structure("p521_falconpadded1024", der, PrivateKeyInfo, - p521_falconpadded1024), - DECODER_w_structure("p521_falconpadded1024", der, SubjectPublicKeyInfo, - p521_falconpadded1024), -#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple DECODER_w_structure("sphincssha2128fsimple", der, PrivateKeyInfo, sphincssha2128fsimple), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index d9a5e0a0..34537f51 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -663,592 +663,7 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), #endif /* OQS_KEM_ENCODERS */ -#ifdef OQS_KEM_ENCODERS - -# ifdef OQS_ENABLE_KEM_frodokem_640_aes -ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, der, SubjectPublicKeyInfo), - ENCODER_w_structure("frodo640aes", frodo640aes, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("frodo640aes", frodo640aes), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_frodo640aes", p256_frodo640aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_frodo640aes", p256_frodo640aes), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_frodo640aes", x25519_frodo640aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_frodo640aes", x25519_frodo640aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_640_shake - ENCODER_w_structure("frodo640shake", frodo640shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo640shake", frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo640shake", frodo640shake), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_frodo640shake", p256_frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_frodo640shake", p256_frodo640shake), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_frodo640shake", x25519_frodo640shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_frodo640shake", x25519_frodo640shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_aes - ENCODER_w_structure("frodo976aes", frodo976aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, der, SubjectPublicKeyInfo), - ENCODER_w_structure("frodo976aes", frodo976aes, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("frodo976aes", frodo976aes), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_frodo976aes", p384_frodo976aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_frodo976aes", p384_frodo976aes), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_frodo976aes", x448_frodo976aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_frodo976aes", x448_frodo976aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_976_shake - ENCODER_w_structure("frodo976shake", frodo976shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo976shake", frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo976shake", frodo976shake), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_frodo976shake", p384_frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_frodo976shake", p384_frodo976shake), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_frodo976shake", x448_frodo976shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_frodo976shake", x448_frodo976shake), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_aes - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, PrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo1344aes", frodo1344aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo1344aes", frodo1344aes), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_frodo1344aes", p521_frodo1344aes, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_frodo1344aes", p521_frodo1344aes), -# endif -# ifdef OQS_ENABLE_KEM_frodokem_1344_shake - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, PrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, PrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("frodo1344shake", frodo1344shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("frodo1344shake", frodo1344shake), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_frodo1344shake", p521_frodo1344shake, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_frodo1344shake", p521_frodo1344shake), -# endif -# ifdef OQS_ENABLE_KEM_kyber_512 - ENCODER_w_structure("kyber512", kyber512, der, PrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber512", kyber512, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber512", kyber512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber512", kyber512), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_kyber512", p256_kyber512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_kyber512", p256_kyber512), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_kyber512", x25519_kyber512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_kyber512", x25519_kyber512), -# endif -# ifdef OQS_ENABLE_KEM_kyber_768 - ENCODER_w_structure("kyber768", kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber768", kyber768, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber768", kyber768, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber768", kyber768), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_kyber768", p384_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_kyber768", p384_kyber768), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_kyber768", x448_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_kyber768", x448_kyber768), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_kyber768", x25519_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_kyber768", x25519_kyber768), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_kyber768", p256_kyber768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_kyber768", p256_kyber768), -# endif -# ifdef OQS_ENABLE_KEM_kyber_1024 - ENCODER_w_structure("kyber1024", kyber1024, der, PrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, PrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, der, SubjectPublicKeyInfo), - ENCODER_w_structure("kyber1024", kyber1024, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("kyber1024", kyber1024), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, PrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_kyber1024", p521_kyber1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_kyber1024", p521_kyber1024), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_512 - ENCODER_w_structure("mlkem512", mlkem512, der, PrivateKeyInfo), - ENCODER_w_structure("mlkem512", mlkem512, pem, PrivateKeyInfo), - ENCODER_w_structure("mlkem512", mlkem512, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem512", mlkem512, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem512", mlkem512, der, SubjectPublicKeyInfo), - ENCODER_w_structure("mlkem512", mlkem512, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("mlkem512", mlkem512), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, PrivateKeyInfo), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_mlkem512", p256_mlkem512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_mlkem512", p256_mlkem512), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_mlkem512", x25519_mlkem512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_mlkem512", x25519_mlkem512), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_768 - ENCODER_w_structure("mlkem768", mlkem768, der, PrivateKeyInfo), - ENCODER_w_structure("mlkem768", mlkem768, pem, PrivateKeyInfo), - ENCODER_w_structure("mlkem768", mlkem768, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem768", mlkem768, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem768", mlkem768, der, SubjectPublicKeyInfo), - ENCODER_w_structure("mlkem768", mlkem768, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("mlkem768", mlkem768), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, PrivateKeyInfo), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_mlkem768", p384_mlkem768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_mlkem768", p384_mlkem768), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, PrivateKeyInfo), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x448_mlkem768", x448_mlkem768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x448_mlkem768", x448_mlkem768), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, - PrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, - PrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_mlkem768", x25519_mlkem768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_mlkem768", x25519_mlkem768), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, PrivateKeyInfo), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_mlkem768", p256_mlkem768, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_mlkem768", p256_mlkem768), -# endif -# ifdef OQS_ENABLE_KEM_ml_kem_1024 - ENCODER_w_structure("mlkem1024", mlkem1024, der, PrivateKeyInfo), - ENCODER_w_structure("mlkem1024", mlkem1024, pem, PrivateKeyInfo), - ENCODER_w_structure("mlkem1024", mlkem1024, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem1024", mlkem1024, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("mlkem1024", mlkem1024, der, SubjectPublicKeyInfo), - ENCODER_w_structure("mlkem1024", mlkem1024, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("mlkem1024", mlkem1024), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, PrivateKeyInfo), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_mlkem1024", p521_mlkem1024), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, PrivateKeyInfo), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p384_mlkem1024", p384_mlkem1024), -# endif -# ifdef OQS_ENABLE_KEM_bike_l1 - ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel1", bikel1, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel1", bikel1, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel1", bikel1), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_bikel1", p256_bikel1, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_bikel1", p256_bikel1), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, PrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, PrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_bikel1", x25519_bikel1, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_bikel1", x25519_bikel1), -# endif -# ifdef OQS_ENABLE_KEM_bike_l3 - ENCODER_w_structure("bikel3", bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel3", bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel3", bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel3", bikel3), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p384_bikel3", p384_bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p384_bikel3", p384_bikel3), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, PrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, der, SubjectPublicKeyInfo), - ENCODER_w_structure("x448_bikel3", x448_bikel3, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("x448_bikel3", x448_bikel3), -# endif -# ifdef OQS_ENABLE_KEM_bike_l5 - ENCODER_w_structure("bikel5", bikel5, der, PrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, PrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("bikel5", bikel5, der, SubjectPublicKeyInfo), - ENCODER_w_structure("bikel5", bikel5, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("bikel5", bikel5), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, PrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p521_bikel5", p521_bikel5, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p521_bikel5", p521_bikel5), -# endif -# ifdef OQS_ENABLE_KEM_hqc_128 - ENCODER_w_structure("hqc128", hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc128", hqc128, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc128", hqc128, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc128", hqc128), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p256_hqc128", p256_hqc128, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p256_hqc128", p256_hqc128), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, PrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, PrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("x25519_hqc128", x25519_hqc128, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("x25519_hqc128", x25519_hqc128), -# endif -# ifdef OQS_ENABLE_KEM_hqc_192 - ENCODER_w_structure("hqc192", hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc192", hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc192", hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc192", hqc192), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p384_hqc192", p384_hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p384_hqc192", p384_hqc192), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, PrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, PrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, der, SubjectPublicKeyInfo), - ENCODER_w_structure("x448_hqc192", x448_hqc192, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("x448_hqc192", x448_hqc192), -# endif -# ifdef OQS_ENABLE_KEM_hqc_256 - ENCODER_w_structure("hqc256", hqc256, der, PrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, PrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, der, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, EncryptedPrivateKeyInfo), - ENCODER_w_structure("hqc256", hqc256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("hqc256", hqc256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("hqc256", hqc256), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, PrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, PrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, der, SubjectPublicKeyInfo), - ENCODER_w_structure("p521_hqc256", p521_hqc256, pem, SubjectPublicKeyInfo), - ENCODER_TEXT("p521_hqc256", p521_hqc256), -# endif - -#endif /* OQS_KEM_ENCODERS */ - #ifdef OQS_ENABLE_SIG_dilithium_2 - ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, der, PrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, pem, PrivateKeyInfo), ENCODER_w_structure("dilithium2", dilithium2, der, EncryptedPrivateKeyInfo), @@ -1629,47 +1044,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("rsa3072_falconpadded512", rsa3072_falconpadded512), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_512 - ENCODER_w_structure("falconpadded512", falconpadded512, der, - PrivateKeyInfo), - ENCODER_w_structure("falconpadded512", falconpadded512, pem, - PrivateKeyInfo), - ENCODER_w_structure("falconpadded512", falconpadded512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falconpadded512", falconpadded512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falconpadded512", falconpadded512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falconpadded512", falconpadded512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falconpadded512", falconpadded512), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, - PrivateKeyInfo), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, - PrivateKeyInfo), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p256_falconpadded512", p256_falconpadded512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p256_falconpadded512", p256_falconpadded512), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, - PrivateKeyInfo), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("rsa3072_falconpadded512", rsa3072_falconpadded512, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("rsa3072_falconpadded512", rsa3072_falconpadded512), -#endif #ifdef OQS_ENABLE_SIG_falcon_1024 ENCODER_w_structure("falcon1024", falcon1024, der, PrivateKeyInfo), ENCODER_w_structure("falcon1024", falcon1024, pem, PrivateKeyInfo), @@ -1720,34 +1094,6 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), SubjectPublicKeyInfo), ENCODER_TEXT("p521_falconpadded1024", p521_falconpadded1024), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_1024 - ENCODER_w_structure("falconpadded1024", falconpadded1024, der, - PrivateKeyInfo), - ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, - PrivateKeyInfo), - ENCODER_w_structure("falconpadded1024", falconpadded1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("falconpadded1024", falconpadded1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("falconpadded1024", falconpadded1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("falconpadded1024", falconpadded1024), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, - PrivateKeyInfo), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, - PrivateKeyInfo), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, - EncryptedPrivateKeyInfo), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, der, - SubjectPublicKeyInfo), - ENCODER_w_structure("p521_falconpadded1024", p521_falconpadded1024, pem, - SubjectPublicKeyInfo), - ENCODER_TEXT("p521_falconpadded1024", p521_falconpadded1024), -#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple ENCODER_w_structure("sphincssha2128fsimple", sphincssha2128fsimple, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 895fc3cb..ef494b93 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -165,118 +165,6 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.9999.99.43", "p521_hqc256", -#endif /* OQS_KEM_ENCODERS */ - - -#ifdef OQS_KEM_ENCODERS - - "1.3.9999.99.17", - "frodo640aes", - "1.3.9999.99.16", - "p256_frodo640aes", - "1.3.9999.99.1", - "x25519_frodo640aes", - "1.3.9999.99.19", - "frodo640shake", - "1.3.9999.99.18", - "p256_frodo640shake", - "1.3.9999.99.2", - "x25519_frodo640shake", - "1.3.9999.99.21", - "frodo976aes", - "1.3.9999.99.20", - "p384_frodo976aes", - "1.3.9999.99.3", - "x448_frodo976aes", - "1.3.9999.99.23", - "frodo976shake", - "1.3.9999.99.22", - "p384_frodo976shake", - "1.3.9999.99.4", - "x448_frodo976shake", - "1.3.9999.99.25", - "frodo1344aes", - "1.3.9999.99.24", - "p521_frodo1344aes", - "1.3.9999.99.27", - "frodo1344shake", - "1.3.9999.99.26", - "p521_frodo1344shake", - "1.3.6.1.4.1.2.267.8.2.2", - "kyber512", - "1.3.9999.99.28", - "p256_kyber512", - "1.3.9999.99.5", - "x25519_kyber512", - "1.3.6.1.4.1.2.267.8.3.3", - "kyber768", - "1.3.9999.99.29", - "p384_kyber768", - "1.3.9999.99.6", - "x448_kyber768", - "1.3.9999.99.7", - "x25519_kyber768", - "1.3.9999.99.8", - "p256_kyber768", - "1.3.6.1.4.1.2.267.8.4.4", - "kyber1024", - "1.3.9999.99.30", - "p521_kyber1024", - "1.3.6.1.4.1.22554.5.6.1", - "mlkem512", - "1.3.6.1.4.1.22554.5.7.1", - "p256_mlkem512", - "1.3.6.1.4.1.22554.5.8.1", - "x25519_mlkem512", - "1.3.6.1.4.1.22554.5.6.2", - "mlkem768", - "1.3.9999.99.31", - "p384_mlkem768", - "1.3.9999.99.9", - "x448_mlkem768", - "1.3.9999.99.10", - "x25519_mlkem768", - "1.3.9999.99.11", - "p256_mlkem768", - "1.3.6.1.4.1.22554.5.6.3", - "mlkem1024", - "1.3.9999.99.32", - "p521_mlkem1024", - "1.3.6.1.4.1.42235.6", - "p384_mlkem1024", - "1.3.9999.99.34", - "bikel1", - "1.3.9999.99.33", - "p256_bikel1", - "1.3.9999.99.12", - "x25519_bikel1", - "1.3.9999.99.36", - "bikel3", - "1.3.9999.99.35", - "p384_bikel3", - "1.3.9999.99.13", - "x448_bikel3", - "1.3.9999.99.38", - "bikel5", - "1.3.9999.99.37", - "p521_bikel5", - "1.3.9999.99.40", - "hqc128", - "1.3.9999.99.39", - "p256_hqc128", - "1.3.9999.99.14", - "x25519_hqc128", - "1.3.9999.99.42", - "hqc192", - "1.3.9999.99.41", - "p384_hqc192", - "1.3.9999.99.15", - "x448_hqc192", - "1.3.9999.99.44", - "hqc256", - "1.3.9999.99.43", - "p521_hqc256", - #endif /* OQS_KEM_ENCODERS */ "1.3.6.1.4.1.2.267.7.4.4", @@ -336,10 +224,8 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.9999.3.11", "falcon512", "1.3.9999.3.12", - "1.3.9999.3.12", "p256_falcon512", "1.3.9999.3.13", - "1.3.9999.3.13", "rsa3072_falcon512", "1.3.9999.3.16", "falconpadded512", @@ -348,25 +234,13 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.9999.3.18", "rsa3072_falconpadded512", "1.3.9999.3.14", - "1.3.9999.3.16", - "falconpadded512", - "1.3.9999.3.17", - "p256_falconpadded512", - "1.3.9999.3.18", - "rsa3072_falconpadded512", - "1.3.9999.3.14", "falcon1024", "1.3.9999.3.15", - "1.3.9999.3.15", "p521_falcon1024", "1.3.9999.3.19", "falconpadded1024", "1.3.9999.3.20", "p521_falconpadded1024", - "1.3.9999.3.19", - "falconpadded1024", - "1.3.9999.3.20", - "p521_falconpadded1024", "1.3.9999.6.4.13", "sphincssha2128fsimple", "1.3.9999.6.4.14", @@ -523,166 +397,25 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P521_HQC256")) oqs_oid_alg_list[104] = getenv("OQS_OID_P521_HQC256"); -# define OQS_KEMOID_CNT 104 + 2 -#else -# define OQS_KEMOID_CNT 0 -#endif /* OQS_KEM_ENCODERS */ - -#ifdef OQS_KEM_ENCODERS - - if (getenv("OQS_OID_FRODO640AES")) - oqs_oid_alg_list[0] = getenv("OQS_OID_FRODO640AES"); - - if (getenv("OQS_OID_P256_FRODO640AES")) - oqs_oid_alg_list[2] = getenv("OQS_OID_P256_FRODO640AES"); - if (getenv("OQS_OID_X25519_FRODO640AES")) - oqs_oid_alg_list[4] = getenv("OQS_OID_X25519_FRODO640AES"); - if (getenv("OQS_OID_FRODO640SHAKE")) - oqs_oid_alg_list[6] = getenv("OQS_OID_FRODO640SHAKE"); - - if (getenv("OQS_OID_P256_FRODO640SHAKE")) - oqs_oid_alg_list[8] = getenv("OQS_OID_P256_FRODO640SHAKE"); - if (getenv("OQS_OID_X25519_FRODO640SHAKE")) - oqs_oid_alg_list[10] = getenv("OQS_OID_X25519_FRODO640SHAKE"); - if (getenv("OQS_OID_FRODO976AES")) - oqs_oid_alg_list[12] = getenv("OQS_OID_FRODO976AES"); - - if (getenv("OQS_OID_P384_FRODO976AES")) - oqs_oid_alg_list[14] = getenv("OQS_OID_P384_FRODO976AES"); - if (getenv("OQS_OID_X448_FRODO976AES")) - oqs_oid_alg_list[16] = getenv("OQS_OID_X448_FRODO976AES"); - if (getenv("OQS_OID_FRODO976SHAKE")) - oqs_oid_alg_list[18] = getenv("OQS_OID_FRODO976SHAKE"); - - if (getenv("OQS_OID_P384_FRODO976SHAKE")) - oqs_oid_alg_list[20] = getenv("OQS_OID_P384_FRODO976SHAKE"); - if (getenv("OQS_OID_X448_FRODO976SHAKE")) - oqs_oid_alg_list[22] = getenv("OQS_OID_X448_FRODO976SHAKE"); - if (getenv("OQS_OID_FRODO1344AES")) - oqs_oid_alg_list[24] = getenv("OQS_OID_FRODO1344AES"); - - if (getenv("OQS_OID_P521_FRODO1344AES")) - oqs_oid_alg_list[26] = getenv("OQS_OID_P521_FRODO1344AES"); - if (getenv("OQS_OID_FRODO1344SHAKE")) - oqs_oid_alg_list[28] = getenv("OQS_OID_FRODO1344SHAKE"); - - if (getenv("OQS_OID_P521_FRODO1344SHAKE")) - oqs_oid_alg_list[30] = getenv("OQS_OID_P521_FRODO1344SHAKE"); - if (getenv("OQS_OID_KYBER512")) - oqs_oid_alg_list[32] = getenv("OQS_OID_KYBER512"); - - if (getenv("OQS_OID_P256_KYBER512")) - oqs_oid_alg_list[34] = getenv("OQS_OID_P256_KYBER512"); - if (getenv("OQS_OID_X25519_KYBER512")) - oqs_oid_alg_list[36] = getenv("OQS_OID_X25519_KYBER512"); - if (getenv("OQS_OID_KYBER768")) - oqs_oid_alg_list[38] = getenv("OQS_OID_KYBER768"); - - if (getenv("OQS_OID_P384_KYBER768")) - oqs_oid_alg_list[40] = getenv("OQS_OID_P384_KYBER768"); - if (getenv("OQS_OID_X448_KYBER768")) - oqs_oid_alg_list[42] = getenv("OQS_OID_X448_KYBER768"); - if (getenv("OQS_OID_X25519_KYBER768")) - oqs_oid_alg_list[44] = getenv("OQS_OID_X25519_KYBER768"); - if (getenv("OQS_OID_P256_KYBER768")) - oqs_oid_alg_list[46] = getenv("OQS_OID_P256_KYBER768"); - if (getenv("OQS_OID_KYBER1024")) - oqs_oid_alg_list[48] = getenv("OQS_OID_KYBER1024"); - - if (getenv("OQS_OID_P521_KYBER1024")) - oqs_oid_alg_list[50] = getenv("OQS_OID_P521_KYBER1024"); - if (getenv("OQS_OID_MLKEM512")) - oqs_oid_alg_list[52] = getenv("OQS_OID_MLKEM512"); - - if (getenv("OQS_OID_P256_MLKEM512")) - oqs_oid_alg_list[54] = getenv("OQS_OID_P256_MLKEM512"); - if (getenv("OQS_OID_X25519_MLKEM512")) - oqs_oid_alg_list[56] = getenv("OQS_OID_X25519_MLKEM512"); - if (getenv("OQS_OID_MLKEM768")) - oqs_oid_alg_list[58] = getenv("OQS_OID_MLKEM768"); - - if (getenv("OQS_OID_P384_MLKEM768")) - oqs_oid_alg_list[60] = getenv("OQS_OID_P384_MLKEM768"); - if (getenv("OQS_OID_X448_MLKEM768")) - oqs_oid_alg_list[62] = getenv("OQS_OID_X448_MLKEM768"); - if (getenv("OQS_OID_X25519_MLKEM768")) - oqs_oid_alg_list[64] = getenv("OQS_OID_X25519_MLKEM768"); - if (getenv("OQS_OID_P256_MLKEM768")) - oqs_oid_alg_list[66] = getenv("OQS_OID_P256_MLKEM768"); - if (getenv("OQS_OID_MLKEM1024")) - oqs_oid_alg_list[68] = getenv("OQS_OID_MLKEM1024"); - - if (getenv("OQS_OID_P521_MLKEM1024")) - oqs_oid_alg_list[70] = getenv("OQS_OID_P521_MLKEM1024"); - if (getenv("OQS_OID_P384_MLKEM1024")) - oqs_oid_alg_list[72] = getenv("OQS_OID_P384_MLKEM1024"); - if (getenv("OQS_OID_BIKEL1")) - oqs_oid_alg_list[74] = getenv("OQS_OID_BIKEL1"); - - if (getenv("OQS_OID_P256_BIKEL1")) - oqs_oid_alg_list[76] = getenv("OQS_OID_P256_BIKEL1"); - if (getenv("OQS_OID_X25519_BIKEL1")) - oqs_oid_alg_list[78] = getenv("OQS_OID_X25519_BIKEL1"); - if (getenv("OQS_OID_BIKEL3")) - oqs_oid_alg_list[80] = getenv("OQS_OID_BIKEL3"); - - if (getenv("OQS_OID_P384_BIKEL3")) - oqs_oid_alg_list[82] = getenv("OQS_OID_P384_BIKEL3"); - if (getenv("OQS_OID_X448_BIKEL3")) - oqs_oid_alg_list[84] = getenv("OQS_OID_X448_BIKEL3"); - if (getenv("OQS_OID_BIKEL5")) - oqs_oid_alg_list[86] = getenv("OQS_OID_BIKEL5"); - - if (getenv("OQS_OID_P521_BIKEL5")) - oqs_oid_alg_list[88] = getenv("OQS_OID_P521_BIKEL5"); - if (getenv("OQS_OID_HQC128")) - oqs_oid_alg_list[90] = getenv("OQS_OID_HQC128"); - - if (getenv("OQS_OID_P256_HQC128")) - oqs_oid_alg_list[92] = getenv("OQS_OID_P256_HQC128"); - if (getenv("OQS_OID_X25519_HQC128")) - oqs_oid_alg_list[94] = getenv("OQS_OID_X25519_HQC128"); - if (getenv("OQS_OID_HQC192")) - oqs_oid_alg_list[96] = getenv("OQS_OID_HQC192"); - - if (getenv("OQS_OID_P384_HQC192")) - oqs_oid_alg_list[98] = getenv("OQS_OID_P384_HQC192"); - if (getenv("OQS_OID_X448_HQC192")) - oqs_oid_alg_list[100] = getenv("OQS_OID_X448_HQC192"); - if (getenv("OQS_OID_HQC256")) - oqs_oid_alg_list[102] = getenv("OQS_OID_HQC256"); - - if (getenv("OQS_OID_P521_HQC256")) - oqs_oid_alg_list[104] = getenv("OQS_OID_P521_HQC256"); - # define OQS_KEMOID_CNT 104 + 2 #else # define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ if (getenv("OQS_OID_DILITHIUM2")) oqs_oid_alg_list[0 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); - oqs_oid_alg_list[0 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM2"); if (getenv("OQS_OID_P256_DILITHIUM2")) oqs_oid_alg_list[2 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_DILITHIUM2"); - oqs_oid_alg_list[2 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_DILITHIUM2"); if (getenv("OQS_OID_RSA3072_DILITHIUM2")) oqs_oid_alg_list[4 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_DILITHIUM2"); - oqs_oid_alg_list[4 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_DILITHIUM2"); if (getenv("OQS_OID_DILITHIUM3")) oqs_oid_alg_list[6 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); - oqs_oid_alg_list[6 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM3"); if (getenv("OQS_OID_P384_DILITHIUM3")) oqs_oid_alg_list[8 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_DILITHIUM3"); - oqs_oid_alg_list[8 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P384_DILITHIUM3"); if (getenv("OQS_OID_DILITHIUM5")) oqs_oid_alg_list[10 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); - oqs_oid_alg_list[10 + OQS_KEMOID_CNT] = getenv("OQS_OID_DILITHIUM5"); if (getenv("OQS_OID_P521_DILITHIUM5")) oqs_oid_alg_list[12 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_DILITHIUM5"); @@ -699,33 +432,13 @@ int oqs_patch_oids(void) oqs_oid_alg_list[22 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_MLDSA65"); if (getenv("OQS_OID_MLDSA87")) oqs_oid_alg_list[24 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA87"); - if (getenv("OQS_OID_P521_MLDSA87")) - oqs_oid_alg_list[26 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_MLDSA87"); - oqs_oid_alg_list[12 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P521_DILITHIUM5"); - if (getenv("OQS_OID_MLDSA44")) - oqs_oid_alg_list[14 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA44"); - if (getenv("OQS_OID_P256_MLDSA44")) - oqs_oid_alg_list[16 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_MLDSA44"); - if (getenv("OQS_OID_RSA3072_MLDSA44")) - oqs_oid_alg_list[18 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_MLDSA44"); - if (getenv("OQS_OID_MLDSA65")) - oqs_oid_alg_list[20 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA65"); - if (getenv("OQS_OID_P384_MLDSA65")) - oqs_oid_alg_list[22 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_MLDSA65"); - if (getenv("OQS_OID_MLDSA87")) - oqs_oid_alg_list[24 + OQS_KEMOID_CNT] = getenv("OQS_OID_MLDSA87"); if (getenv("OQS_OID_P521_MLDSA87")) oqs_oid_alg_list[26 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_MLDSA87"); if (getenv("OQS_OID_FALCON512")) oqs_oid_alg_list[28 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); - oqs_oid_alg_list[28 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON512"); if (getenv("OQS_OID_P256_FALCON512")) oqs_oid_alg_list[30 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_FALCON512"); - oqs_oid_alg_list[30 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_FALCON512"); if (getenv("OQS_OID_RSA3072_FALCON512")) oqs_oid_alg_list[32 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCON512"); @@ -735,95 +448,53 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P256_FALCONPADDED512")) oqs_oid_alg_list[36 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_FALCONPADDED512"); - if (getenv("OQS_OID_RSA3072_FALCONPADDED512")) - oqs_oid_alg_list[38 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_FALCONPADDED512"); - oqs_oid_alg_list[32 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_FALCON512"); - if (getenv("OQS_OID_FALCONPADDED512")) - oqs_oid_alg_list[34 + OQS_KEMOID_CNT] - = getenv("OQS_OID_FALCONPADDED512"); - if (getenv("OQS_OID_P256_FALCONPADDED512")) - oqs_oid_alg_list[36 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_FALCONPADDED512"); if (getenv("OQS_OID_RSA3072_FALCONPADDED512")) oqs_oid_alg_list[38 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_FALCONPADDED512"); if (getenv("OQS_OID_FALCON1024")) oqs_oid_alg_list[40 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); - oqs_oid_alg_list[40 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCON1024"); if (getenv("OQS_OID_P521_FALCON1024")) oqs_oid_alg_list[42 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCON1024"); if (getenv("OQS_OID_FALCONPADDED1024")) oqs_oid_alg_list[44 + OQS_KEMOID_CNT] = getenv("OQS_OID_FALCONPADDED1024"); - if (getenv("OQS_OID_P521_FALCONPADDED1024")) - oqs_oid_alg_list[46 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P521_FALCONPADDED1024"); - oqs_oid_alg_list[42 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P521_FALCON1024"); - if (getenv("OQS_OID_FALCONPADDED1024")) - oqs_oid_alg_list[44 + OQS_KEMOID_CNT] - = getenv("OQS_OID_FALCONPADDED1024"); if (getenv("OQS_OID_P521_FALCONPADDED1024")) oqs_oid_alg_list[46 + OQS_KEMOID_CNT] = getenv("OQS_OID_P521_FALCONPADDED1024"); if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[48 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); - oqs_oid_alg_list[48 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[50 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); - oqs_oid_alg_list[50 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[52 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); - oqs_oid_alg_list[52 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[54 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); - oqs_oid_alg_list[54 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[56 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); - oqs_oid_alg_list[56 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[58 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); - oqs_oid_alg_list[58 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[60 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); - oqs_oid_alg_list[60 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[62 + OQS_KEMOID_CNT] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); - oqs_oid_alg_list[62 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[64 + OQS_KEMOID_CNT] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); - oqs_oid_alg_list[64 + OQS_KEMOID_CNT] - = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[66 + OQS_KEMOID_CNT] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); - oqs_oid_alg_list[66 + OQS_KEMOID_CNT] - = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[68 + OQS_KEMOID_CNT] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); - oqs_oid_alg_list[68 + OQS_KEMOID_CNT] - = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } @@ -1166,11 +837,6 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("p256_falconpadded512", 128, oqs_signature_functions), SIGALG("rsa3072_falconpadded512", 128, oqs_signature_functions), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_512 - SIGALG("falconpadded512", 128, oqs_signature_functions), - SIGALG("p256_falconpadded512", 128, oqs_signature_functions), - SIGALG("rsa3072_falconpadded512", 128, oqs_signature_functions), -#endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), SIGALG("p521_falcon1024", 256, oqs_signature_functions), @@ -1179,10 +845,6 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { SIGALG("falconpadded1024", 256, oqs_signature_functions), SIGALG("p521_falconpadded1024", 256, oqs_signature_functions), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_1024 - SIGALG("falconpadded1024", 256, oqs_signature_functions), - SIGALG("p521_falconpadded1024", 256, oqs_signature_functions), -#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_signature_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_signature_functions), @@ -1269,23 +931,6 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { KEMHYBALG(p521_mlkem1024, 256) KEMHYBALG(p384_mlkem1024, 192) #endif -#ifdef OQS_ENABLE_KEM_ml_kem_512 - KEMBASEALG(mlkem512, 128) - KEMHYBALG(p256_mlkem512, 128) - KEMHYBALG(x25519_mlkem512, 128) -#endif -#ifdef OQS_ENABLE_KEM_ml_kem_768 - KEMBASEALG(mlkem768, 192) - KEMHYBALG(p384_mlkem768, 192) - KEMHYBALG(x448_mlkem768, 192) - KEMHYBALG(x25519_mlkem768, 128) - KEMHYBALG(p256_mlkem768, 128) -#endif -#ifdef OQS_ENABLE_KEM_ml_kem_1024 - KEMBASEALG(mlkem1024, 256) - KEMHYBALG(p521_mlkem1024, 256) - KEMHYBALG(p384_mlkem1024, 192) -#endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMBASEALG(bikel1, 128) KEMHYBALG(p256_bikel1, 128) @@ -1318,8 +963,6 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END {NULL, NULL, NULL}}; -static const OSSL_ALGORITHM oqsprovider_keymgmt[] - = { static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_START @@ -1374,11 +1017,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("p256_falconpadded512", 128, oqs_p256_falconpadded512_keymgmt_functions), SIGALG("rsa3072_falconpadded512", 128, oqs_rsa3072_falconpadded512_keymgmt_functions), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_512 - SIGALG("falconpadded512", 128, oqs_falconpadded512_keymgmt_functions), - SIGALG("p256_falconpadded512", 128, oqs_p256_falconpadded512_keymgmt_functions), - SIGALG("rsa3072_falconpadded512", 128, oqs_rsa3072_falconpadded512_keymgmt_functions), -#endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), SIGALG("p521_falcon1024", 256, oqs_p521_falcon1024_keymgmt_functions), @@ -1387,10 +1025,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] SIGALG("falconpadded1024", 256, oqs_falconpadded1024_keymgmt_functions), SIGALG("p521_falconpadded1024", 256, oqs_p521_falconpadded1024_keymgmt_functions), #endif -#ifdef OQS_ENABLE_SIG_falcon_padded_1024 - SIGALG("falconpadded1024", 256, oqs_falconpadded1024_keymgmt_functions), - SIGALG("p521_falconpadded1024", 256, oqs_p521_falconpadded1024_keymgmt_functions), -#endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_sphincssha2128fsimple_keymgmt_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_p256_sphincssha2128fsimple_keymgmt_functions), @@ -1484,26 +1118,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] KEMKMHYBALG(p521_mlkem1024, 256, ecp) KEMKMHYBALG(p384_mlkem1024, 192, ecp) #endif -#ifdef OQS_ENABLE_KEM_ml_kem_512 - KEMKMALG(mlkem512, 128) - - KEMKMHYBALG(p256_mlkem512, 128, ecp) - KEMKMHYBALG(x25519_mlkem512, 128, ecx) -#endif -#ifdef OQS_ENABLE_KEM_ml_kem_768 - KEMKMALG(mlkem768, 192) - - KEMKMHYBALG(p384_mlkem768, 192, ecp) - KEMKMHYBALG(x448_mlkem768, 192, ecx) - KEMKMHYBALG(x25519_mlkem768, 128, ecx) - KEMKMHYBALG(p256_mlkem768, 128, ecp) -#endif -#ifdef OQS_ENABLE_KEM_ml_kem_1024 - KEMKMALG(mlkem1024, 256) - - KEMKMHYBALG(p521_mlkem1024, 256, ecp) - KEMKMHYBALG(p384_mlkem1024, 192, ecp) -#endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMKMALG(bikel1, 128) @@ -1541,9 +1155,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] // clang-format on ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END {NULL, NULL, NULL}}; - // clang-format on - ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END - {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_encoder[] = { #define ENCODER_PROVIDER "oqsprovider" @@ -1619,7 +1230,6 @@ static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_int(p, 1)) // provider is always running return 0; // not passing in params to respond to is no error; response is empty then - // not passing in params to respond to is no error; response is empty then return 1; } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 141203c8..23e95267 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -126,73 +126,6 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256}, {0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM, 256}, -#endif /* OQS_KEM_ENCODERS */ -#ifdef OQS_KEM_ENCODERS - - {0, "frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_KEM, 128}, - {0, "p256_frodo640aes", OQS_KEM_alg_frodokem_640_aes, KEY_TYPE_ECP_HYB_KEM, - 128}, - {0, "x25519_frodo640aes", OQS_KEM_alg_frodokem_640_aes, - KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "frodo640shake", OQS_KEM_alg_frodokem_640_shake, KEY_TYPE_KEM, 128}, - {0, "p256_frodo640shake", OQS_KEM_alg_frodokem_640_shake, - KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_frodo640shake", OQS_KEM_alg_frodokem_640_shake, - KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_KEM, 192}, - {0, "p384_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECP_HYB_KEM, - 192}, - {0, "x448_frodo976aes", OQS_KEM_alg_frodokem_976_aes, KEY_TYPE_ECX_HYB_KEM, - 192}, - {0, "frodo976shake", OQS_KEM_alg_frodokem_976_shake, KEY_TYPE_KEM, 192}, - {0, "p384_frodo976shake", OQS_KEM_alg_frodokem_976_shake, - KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_frodo976shake", OQS_KEM_alg_frodokem_976_shake, - KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, KEY_TYPE_KEM, 256}, - {0, "p521_frodo1344aes", OQS_KEM_alg_frodokem_1344_aes, - KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, KEY_TYPE_KEM, 256}, - {0, "p521_frodo1344shake", OQS_KEM_alg_frodokem_1344_shake, - KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_KEM, 128}, - {0, "p256_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_kyber512", OQS_KEM_alg_kyber_512, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_KEM, 192}, - {0, "p384_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "x25519_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "p256_kyber768", OQS_KEM_alg_kyber_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_KEM, 256}, - {0, "p521_kyber1024", OQS_KEM_alg_kyber_1024, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_KEM, 128}, - {0, "p256_mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_mlkem512", OQS_KEM_alg_ml_kem_512, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_KEM, 192}, - {0, "p384_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "x25519_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "p256_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_KEM, 256}, - {0, "p521_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "p384_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, - {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_KEM, 192}, - {0, "p384_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_bikel3", OQS_KEM_alg_bike_l3, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_KEM, 256}, - {0, "p521_bikel5", OQS_KEM_alg_bike_l5, KEY_TYPE_ECP_HYB_KEM, 256}, - {0, "hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_KEM, 128}, - {0, "p256_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECP_HYB_KEM, 128}, - {0, "x25519_hqc128", OQS_KEM_alg_hqc_128, KEY_TYPE_ECX_HYB_KEM, 128}, - {0, "hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_KEM, 192}, - {0, "p384_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECP_HYB_KEM, 192}, - {0, "x448_hqc192", OQS_KEM_alg_hqc_192, KEY_TYPE_ECX_HYB_KEM, 192}, - {0, "hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_KEM, 256}, - {0, "p521_hqc256", OQS_KEM_alg_hqc_256, KEY_TYPE_ECP_HYB_KEM, 256}, - #endif /* OQS_KEM_ENCODERS */ {0, "dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_SIG, 128}, {0, "p256_dilithium2", OQS_SIG_alg_dilithium_2, KEY_TYPE_HYB_SIG, 128}, @@ -225,11 +158,6 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "p256_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falcon512", OQS_SIG_alg_falcon_512, KEY_TYPE_HYB_SIG, 128}, {0, "falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_SIG, 128}, - {0, "p256_falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_HYB_SIG, - 128}, - {0, "rsa3072_falconpadded512", OQS_SIG_alg_falcon_padded_512, - KEY_TYPE_HYB_SIG, 128}, - {0, "falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_SIG, 128}, {0, "p256_falconpadded512", OQS_SIG_alg_falcon_padded_512, KEY_TYPE_HYB_SIG, 128}, {0, "rsa3072_falconpadded512", OQS_SIG_alg_falcon_padded_512, @@ -237,9 +165,6 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_SIG, 256}, {0, "p521_falcon1024", OQS_SIG_alg_falcon_1024, KEY_TYPE_HYB_SIG, 256}, {0, "falconpadded1024", OQS_SIG_alg_falcon_padded_1024, KEY_TYPE_SIG, 256}, - {0, "p521_falconpadded1024", OQS_SIG_alg_falcon_padded_1024, - KEY_TYPE_HYB_SIG, 256}, - {0, "falconpadded1024", OQS_SIG_alg_falcon_padded_1024, KEY_TYPE_SIG, 256}, {0, "p521_falconpadded1024", OQS_SIG_alg_falcon_padded_1024, KEY_TYPE_HYB_SIG, 256}, {0, "sphincssha2128fsimple", OQS_SIG_alg_sphincs_sha2_128f_simple, @@ -685,7 +610,6 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, return 0; } OQS_KEY_PRINTF2("OQSX KEY: Recreated OQSX key %s\n", key->tls_name); - OQS_KEY_PRINTF2("OQSX KEY: Recreated OQSX key %s\n", key->tls_name); if (op == KEY_OP_PUBLIC) { #ifdef USE_ENCODING_LIB @@ -697,12 +621,10 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, != plen) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; - goto err_key_op; } if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err_key_op; - goto err_key_op; } if (qsc_decode(key->oqsx_encoding_ctx.encoding_ctx, key->oqsx_encoding_ctx.encoding_impl, p, @@ -710,19 +632,16 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, != QSC_ENC_OK) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; - goto err_key_op; } } else { #endif if (key->pubkeylen != plen) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; - goto err_key_op; } if (oqsx_key_allocate_keymaterial(key, 0)) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); goto err_key_op; - goto err_key_op; } memcpy(key->pubkey, p, plen); #ifdef USE_ENCODING_LIB @@ -938,11 +857,9 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, #endif if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey(key, op)) goto err_key_op; - goto err_key_op; return key; -err_key_op: err_key_op: oqsx_key_free(key); return NULL; @@ -1384,8 +1301,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, int primitive, const char *propq, int bit_security, int alg_idx) { - OQSX_KEY *ret = OPENSSL_zalloc( - sizeof(*ret)); // ensure all component pointers are NULL OQSX_KEY *ret = OPENSSL_zalloc( sizeof(*ret)); // ensure all component pointers are NULL OQSX_EVP_CTX *evp_ctx = NULL; @@ -1397,7 +1312,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, #ifdef OQS_PROVIDER_NOATOMIC ret->lock = CRYPTO_THREAD_lock_new(); ON_ERR_GOTO(!ret->lock, err); - ON_ERR_GOTO(!ret->lock, err); #endif if (oqs_name == NULL) { @@ -1492,7 +1406,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); - ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.kem->length_secret_key @@ -1504,7 +1417,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->keytype = primitive; ret->evp_info = evp_ctx->evp_info; - ret->evp_info = evp_ctx->evp_info; break; case KEY_TYPE_HYB_SIG: ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name); @@ -1525,7 +1437,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->comp_privkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ret->comp_pubkey = OPENSSL_malloc(ret->numkeys * sizeof(void *)); ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); - ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err); ret->privkeylen = (ret->numkeys - 1) * SIZE_OF_UINT32 + ret->oqsx_provider_ctx.oqsx_qs_ctx.sig->length_secret_key @@ -1596,18 +1507,13 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ret->references = 1; ret->tls_name = OPENSSL_strdup(tls_name); ON_ERR_GOTO(!ret->tls_name, err); - ON_ERR_GOTO(!ret->tls_name, err); ret->bit_security = bit_security; if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); ON_ERR_GOTO(!ret->propq, err); - ON_ERR_GOTO(!ret->propq, err); } - OQS_KEY_PRINTF2("OQSX_KEY: new key created: %s\n", ret->tls_name); - OQS_KEY_PRINTF3("OQSX_KEY: new key created: %p (type: %d)\n", ret, - ret->keytype); OQS_KEY_PRINTF2("OQSX_KEY: new key created: %s\n", ret->tls_name); OQS_KEY_PRINTF3("OQSX_KEY: new key created: %p (type: %d)\n", ret, ret->keytype); @@ -1617,14 +1523,6 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, #ifdef OQS_PROVIDER_NOATOMIC if (ret->lock) CRYPTO_THREAD_lock_free(ret->lock); -#endif - OPENSSL_free(ret->tls_name); - OPENSSL_free(ret->propq); - OPENSSL_free(ret->comp_privkey); - OPENSSL_free(ret->comp_pubkey); -#ifdef OQS_PROVIDER_NOATOMIC - if (ret->lock) - CRYPTO_THREAD_lock_free(ret->lock); #endif OPENSSL_free(ret->tls_name); OPENSSL_free(ret->propq); @@ -1720,9 +1618,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) if (!key->pubkey && !include_private) { key->pubkey = OPENSSL_secure_zalloc(key->pubkeylen); ON_ERR_SET_GOTO(!key->pubkey, ret, 1, err_alloc); - ON_ERR_SET_GOTO(!key->pubkey, ret, 1, err_alloc); } -err_alloc: err_alloc: return ret; } @@ -1731,7 +1627,6 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { const OSSL_PARAM *pp1, *pp2; - const OSSL_PARAM *pp1, *pp2; OQS_KEY_PRINTF("OQSX Key from data called\n"); pp1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); @@ -1741,58 +1636,39 @@ int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); return 0; } - if (pp1 != NULL) { - if (pp1->data_type != OSSL_PARAM_OCTET_STRING) { - pp1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - pp2 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - // at least one parameter must be given - if (pp1 == NULL && pp2 == NULL) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); - return 0; - } if (pp1 != NULL) { if (pp1->data_type != OSSL_PARAM_OCTET_STRING) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } - if (key->privkeylen != pp1->data_size) { if (key->privkeylen != pp1->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } OPENSSL_secure_clear_free(key->privkey, pp1->data_size); key->privkey = OPENSSL_secure_malloc(pp1->data_size); - OPENSSL_secure_clear_free(key->privkey, pp1->data_size); - key->privkey = OPENSSL_secure_malloc(pp1->data_size); if (key->privkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } memcpy(key->privkey, pp1->data, pp1->data_size); - memcpy(key->privkey, pp1->data, pp1->data_size); } - if (pp2 != NULL) { - if (pp2->data_type != OSSL_PARAM_OCTET_STRING) { if (pp2 != NULL) { if (pp2->data_type != OSSL_PARAM_OCTET_STRING) { OQS_KEY_PRINTF("invalid data type\n"); return 0; } - if (key->pubkeylen != pp2->data_size) { if (key->pubkeylen != pp2->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } OPENSSL_secure_clear_free(key->pubkey, pp2->data_size); key->pubkey = OPENSSL_secure_malloc(pp2->data_size); - OPENSSL_secure_clear_free(key->pubkey, pp2->data_size); - key->pubkey = OPENSSL_secure_malloc(pp2->data_size); if (key->pubkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } memcpy(key->pubkey, pp2->data, pp2->data_size); - memcpy(key->pubkey, pp2->data, pp2->data_size); } if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey( @@ -1913,7 +1789,6 @@ static EVP_PKEY *oqsx_key_gen_evp_key(OQSX_EVP_CTX *ctx, unsigned char *pubkey, return NULL; } -/* allocates OQS and classical keys */ /* allocates OQS and classical keys */ int oqsx_key_gen(OQSX_KEY *key) { @@ -1924,13 +1799,11 @@ int oqsx_key_gen(OQSX_KEY *key) ret = oqsx_key_allocate_keymaterial(key, 0) || oqsx_key_allocate_keymaterial(key, 1); ON_ERR_GOTO(ret, err_gen); - ON_ERR_GOTO(ret, err_gen); } if (key->keytype == KEY_TYPE_KEM) { ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err_gen); - ON_ERR_GOTO(ret, err_gen); ret = oqsx_key_gen_oqs(key, 1); } else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM @@ -1940,7 +1813,6 @@ int oqsx_key_gen(OQSX_KEY *key) ON_ERR_GOTO(pkey == NULL, err_gen); ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err_gen); - ON_ERR_GOTO(ret, err_gen); OQS_KEY_PRINTF3("OQSKM: OQSX_KEY privkeylen %ld & pubkeylen: %ld\n", key->privkeylen, key->pubkeylen); @@ -1973,12 +1845,10 @@ int oqsx_key_gen(OQSX_KEY *key) } else if (key->keytype == KEY_TYPE_SIG) { ret = !oqsx_key_set_composites(key); ON_ERR_GOTO(ret, err_gen); - ON_ERR_GOTO(ret, err_gen); ret = oqsx_key_gen_oqs(key, 0); } else { ret = 1; } -err_gen: err_gen: if (ret) { EVP_PKEY_free(pkey); From 3f5888ec9e9e8bf9d7902d55265e32c0609f7a73 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Mon, 18 Mar 2024 13:12:38 -0500 Subject: [PATCH 164/164] added --repeat until-pass:5 to the asan GitActions Signed-off-by: Felipe Ventura --- .github/workflows/linux.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 9f4b07de..68ef0471 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -145,7 +145,11 @@ jobs: done - name: Run tests - run: ctest --test-dir build --output-on-failure + run: | + ctest --test-dir build \ + --output-on-failure \ + --extra-verbose \ + --repeat until-pass:5 linux_aarch64: name: "aarch64 cross-compilation"