From e8c87de8b883092f00c3f7cd7e8f683cdbf24443 Mon Sep 17 00:00:00 2001 From: Felipe Ventura Date: Thu, 12 Oct 2023 14:55:09 -0500 Subject: [PATCH] Version 10 pre-hash added Signed-off-by: Felipe Ventura --- oqsprov/oqs_prov.h | 5 + oqsprov/oqs_sig.c | 308 ++++++++++++++++++++++++++++++----------- oqsprov/oqsprov.c | 22 +-- oqsprov/oqsprov_keys.c | 49 ++++--- 4 files changed, 272 insertions(+), 112 deletions(-) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 2a06202b..1fc85e6d 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -200,6 +200,11 @@ struct SignatureModel{ typedef struct SignatureModel CompositeSignature; +char *get_oqsname_fromtls(char *tlsname); +char *get_oqsname(int nid); +char* get_cmpname(int nid, int index); +int get_oqsalg_idx(int nid); + /* Register given NID with tlsname in OSSL3 registry */ int oqs_set_nid(char *tlsname, int nid); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index a97e3053..141016d2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -20,7 +20,6 @@ #include #include #include -#include "oqs_prov.h" #include #include @@ -217,6 +216,34 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, return oqs_sig_signverify_init(vpoqs_sigctx, voqssig, EVP_PKEY_OP_VERIFY); } +static const char *composite_OID_hash[] = { + "69642D4D4C44534136352D525341333037322D504B435331352D534841323536", //dilithium3_rsa3072 + "69642D4D4C44534136352D45434453412D503235362D534841323536", //dilithium3_p256 + "69642D46616C6F6E3531322D45434453412D503235362D534841323536", //falcon512_p256 + "69642D4D4C44534138372D45434453412D503338342D534841333834", //dilithium5_p384 + "69642D4D4C44534136352D45434453412D627261696E706F6F6C5032353672312D534841323536", //dilithium3_bp256 + "69642D4D4C44534136352D456432353531392D534841353132", //dilithium3_ed25519 + "69642D4D4C44534138372D45434453412D627261696E706F6F6C5033383472312D534841333834", //dilithium5_bp384 + "69642D4D4C44534138372D45643434382D5348414B45323536", //dilithium5_ed448 + "69642D46616C636F6E3531322D45434453412D627261696E706F6F6C5032353672312D534841323536", //falcon512_bp256 + "69642D46616C636F6E3531322D456432353531392D534841353132", //falcon512_ed25519 + "69642D4D4C44534136352D525341333037322D5053532D534841323536", //dilithium3_pss +}; + +static const size_t composite_OID_hash_len[] = { + 64, //dilithium3_rsa3072 + 56, //dilithium3_p256 + 58, //falcon512_p256 + 56, //dilithium5_p384 + 78, //dilithium3_bp256 + 50, //dilithium3_ed25519 + 78, //dilithium5_bp384 + 50, //dilithium5_ed448 + 82, //falcon512_bp256 + 54, //falcon512_ed25519 + 58, //dilithium3_pss +}; + /* On entry to this function, data to be signed (tbs) might have been hashed * already: this would be the case if poqs_sigctx->mdctx != NULL; if that is * NULL, we have to hash in case of hybrid signatures @@ -354,15 +381,71 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; CompositeSignature *compsig = CompositeSignature_new(); int i; + const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + char *final_tbs; + size_t final_tbslen = oid_hash_len; + + //prepare the pre hash + for (i = 0; i < oqsxkey->numkeys; i++){ + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)){ + if (name[0] == 'e'){//ed25519 or ed448 + if(name[2] == '2'){//ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + }else{//ed4448 + unsigned int tbs_hash_len; + tbs_hash = OPENSSL_malloc(64); + if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + final_tbslen += tbs_hash_len; + } + }else if (name[0] == 'p' || name[0] == 'b' || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3'://p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + }else{ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_hash, oid_hash_len); + memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); + } + for (i = 0; i < oqsxkey->numkeys; i++){ char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); - - //pre-hash and concat of oids if (get_oqsname_fromtls(name)){ //PQC signing oqs_sig_len = oqsxkey->oqsx_provider_ctx[i].oqsx_qs_ctx.sig->length_signature; buf = OPENSSL_malloc(oqs_sig_len); - if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); goto endsign; @@ -375,18 +458,17 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, const EVP_MD *classical_md; EVP_MD_CTX* evp_ctx = EVP_MD_CTX_new(); int digest_len; - int aux; unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if (name[0] == 'e'){ //ed25519 or ed448 - if (EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 || - EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, tbs, tbslen) <= 0){ + if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0 ) + || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs, final_tbslen) <= 0)){ ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; } }else { - if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || - EVP_PKEY_sign_init(classical_ctx_sign) <= 0) + if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL + || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -394,9 +476,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (!strncmp(name, "pss", 3)) { - if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || - (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) || - (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) + if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(classical_ctx_sign, 64) <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -410,40 +492,40 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } } - if (name[0] == 'p' || name[0] == 'b') + if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')) { - if(name[0] == 'p') + int aux; + if(name[0] == 'b') + aux = 2; + else aux = 1; - else aux = 2; - if (name[aux] == '2' || name[aux] == 's') - { // p256 && pss - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '3'://p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '5'://p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endsign; } } - else - {// rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - - } - if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) || - (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) + if ((EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) + || (EVP_PKEY_sign(classical_ctx_sign, buf, &oqs_sig_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -473,6 +555,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, oqs_sig_len = i2d_CompositeSignature(compsig, &sig); OPENSSL_free(compsig); + OPENSSL_free(final_tbs); } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen, oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) { @@ -488,7 +571,6 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (classical_ctx_sign) { EVP_PKEY_CTX_free(classical_ctx_sign); } - printf("rv %i\n", rv); return rv; } @@ -591,8 +673,72 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, int i; unsigned char *buf; size_t buf_len; + const char *oid_hash = composite_OID_hash[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + const size_t oid_hash_len = composite_OID_hash_len[get_oqsalg_idx(OBJ_sn2nid(oqsxkey->tls_name)) - 23]; + char *final_tbs; + size_t final_tbslen = oid_hash_len; + if(d2i_CompositeSignature(&compsig, &sig, siglen) == NULL) + { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; + } + + //prepare the pre-hash + for (i = 0; i < oqsxkey->numkeys; i++){ + char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); + unsigned char *tbs_hash; + if (!get_oqsname_fromtls(name)){ + if (name[0] == 'e'){//ed25519 or ed448 + if(name[2] == '2'){//ed25519 + tbs_hash = OPENSSL_malloc(SHA512_DIGEST_LENGTH); + SHA512(tbs, tbslen, tbs_hash); + final_tbslen += SHA512_DIGEST_LENGTH; + }else{//ed4448 + unsigned int tbs_hash_len; + tbs_hash = OPENSSL_malloc(64); + if ((EVP_Digest(tbs, tbslen, tbs_hash, &tbs_hash_len, EVP_shake256(), NULL) <= 0)){ + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + goto endverify; + } + final_tbslen += tbs_hash_len; + } + }else if (name[0] == 'p' + || name[0] == 'b' + || name[0] == 'r'){ //p256 or p384 or bp256 or bp384 or pss or rsa3072 + int aux; + if (name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + tbs_hash = OPENSSL_malloc(SHA256_DIGEST_LENGTH); + SHA256(tbs, tbslen, tbs_hash); + final_tbslen += SHA256_DIGEST_LENGTH; + break; + case '3'://p384 or bp384 + tbs_hash = OPENSSL_malloc(SHA384_DIGEST_LENGTH); + SHA384(tbs, tbslen, tbs_hash); + final_tbslen += SHA384_DIGEST_LENGTH; + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + }else{ + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; + } + final_tbs = OPENSSL_malloc(final_tbslen); + memcpy(final_tbs, oid_hash, oid_hash_len); + memcpy(final_tbs + oid_hash_len, tbs_hash, final_tbslen - oid_hash_len); + OPENSSL_free(tbs_hash); + } + OPENSSL_free(name); + } + for(i = 0; i < oqsxkey->numkeys; i++){ if (i == 0){ buf = compsig->sig1->data; @@ -602,12 +748,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, buf_len = compsig->sig2->length; } - //pre-hash and concat of oids test - char *name = get_cmpname(OBJ_sn2nid(oqsxkey->tls_name), i); if (get_oqsname_fromtls(name)){ - if (OQS_SIG_verify(oqs_key, tbs, tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) + if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; @@ -620,23 +764,23 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ if(name[0] == 'e'){ //ed25519 or ed448 - if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) || - (EVP_DigestVerify(evp_ctx, buf, buf_len, tbs, tbslen) <= 0)){ + if((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->cmp_classical_pkey[i]) <= 0) + || (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, final_tbslen) <= 0)){ ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } } else { - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL || - EVP_PKEY_verify_init(ctx_verify) <= 0) + if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->cmp_classical_pkey[i], NULL)) == NULL) + || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; } if (!strncmp(name, "pss", 3)) { - if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) || - (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) || - (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) + if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) <= 0) + || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); goto endverify; @@ -649,38 +793,39 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } } - if (name[0] == 'p' || name[0] == 'b') + if ((name[0] == 'p') + || (name[0] == 'b') + || (name[0] == 'r')) { - if(name[0] == 'p') - aux = 1; - else aux = 2; - if (name[aux] == '2' || name[aux] == 's') - { // p256 && pss - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '3') - { // p384 - classical_md = EVP_sha384(); - digest_len = SHA384_DIGEST_LENGTH; - SHA384(tbs, tbslen, (unsigned char *)&digest); - } - if (name[aux] == '5') - { // p521 - classical_md = EVP_sha512(); - digest_len = SHA512_DIGEST_LENGTH; - SHA512(tbs, tbslen, (unsigned char *)&digest); + int aux; + if(name[0] == 'b') + aux = 2; + else + aux = 1; + switch(name[aux]){ + case 's'://pss or rsa + case '2'://p256 or bp256 + classical_md = EVP_sha256(); + digest_len = SHA256_DIGEST_LENGTH; + SHA256(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '3'://p384 or bp384 + classical_md = EVP_sha384(); + digest_len = SHA384_DIGEST_LENGTH; + SHA384(final_tbs, final_tbslen, (unsigned char *)&digest); + break; + case '5'://p512 + classical_md = EVP_sha512(); + digest_len = SHA512_DIGEST_LENGTH; + SHA512(tbs, tbslen, (unsigned char *)&digest); + break; + default: + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + goto endverify; } } - else - { // rsa3072 - classical_md = EVP_sha256(); - digest_len = SHA256_DIGEST_LENGTH; - SHA256(tbs, tbslen, (unsigned char *)&digest); - } - if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) || - (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) + if ((EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) + || (EVP_PKEY_verify(ctx_verify, buf, buf_len, digest, digest_len) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); goto endverify; @@ -691,6 +836,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, OPENSSL_free(name); } OPENSSL_free(compsig); + OPENSSL_free(final_tbs); }else { if (!oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 557e66c0..89862e92 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -190,27 +190,27 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_sphincsshake128fsimple", "1.3.9999.6.7.15", "rsa3072_sphincsshake128fsimple", - "2.16.840.1.114027.80.5.1.1", + "2.16.840.1.114027.80.7.1.7", "dilithium3_rsa3072", - "2.16.840.1.114027.80.5.1.2", + "2.16.840.1.114027.80.7.1.8", "dilithium3_p256", - "2.16.840.1.114027.80.5.1.3", + "2.16.840.1.114027.80.7.1.9", "dilithium3_bp256", - "2.16.840.1.114027.80.5.1.4", + "2.16.840.1.114027.80.7.1.10", "dilithium3_ed25519", - "2.16.840.1.114027.80.5.1.5", + "2.16.840.1.114027.80.7.1.11", "dilithium5_p384", - "2.16.840.1.114027.80.5.1.6", + "2.16.840.1.114027.80.7.1.12", "dilithium5_bp384", - "2.16.840.1.114027.80.5.1.7", + "2.16.840.1.114027.80.7.1.13", "dilithium5_ed448", - "2.16.840.1.114027.80.5.1.8", + "2.16.840.1.114027.80.7.1.14", "falcon512_p256", - "2.16.840.1.114027.80.5.1.9", + "2.16.840.1.114027.80.7.1.15", "falcon512_bp256", - "2.16.840.1.114027.80.5.1.10", + "2.16.840.1.114027.80.7.1.16", "falcon512_ed25519", - "2.16.840.1.114027.80.5.1.14", + "2.16.840.1.114027.80.7.1.6", "dilithium3_pss", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 4241f0d1..674d9fdf 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -162,7 +162,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium5_p384", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, {0, "dilithium3_bp256", OQS_SIG_alg_dilithium_3, - KEY_TYPE_CMP_SIG, 128}, + KEY_TYPE_CMP_SIG, 256}, {0, "dilithium3_ed25519", OQS_SIG_alg_dilithium_3, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium5_bp384", OQS_SIG_alg_dilithium_5, @@ -170,7 +170,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "dilithium5_ed448", OQS_SIG_alg_dilithium_5, KEY_TYPE_CMP_SIG, 192}, {0, "falcon512_bp256", OQS_SIG_alg_falcon_512, - KEY_TYPE_CMP_SIG, 128}, + KEY_TYPE_CMP_SIG, 256}, {0, "falcon512_ed25519", OQS_SIG_alg_falcon_512, KEY_TYPE_CMP_SIG, 128}, {0, "dilithium3_pss", OQS_SIG_alg_dilithium_3, @@ -226,7 +226,7 @@ char *get_oqsname_fromtls(char *tlsname) return 0; //classical } -static char *get_oqsname(int nid) +char *get_oqsname(int nid) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { @@ -274,7 +274,7 @@ int get_qntcmp(int nid) return index; } -static int get_oqsalg_idx(int nid) +int get_oqsalg_idx(int nid) { int i; for (i = 0; i < NID_TABLE_LEN; i++) { @@ -444,7 +444,7 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) static const OQSX_EVP_INFO nids_sig[] = { {EVP_PKEY_EC, NID_X9_62_prime256v1, 0, 65, 121, 32, 72}, // 128 bit - {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit - p384 + {EVP_PKEY_EC, NID_secp384r1, 0, 97, 167, 48, 104}, // 192 bit {EVP_PKEY_EC, NID_secp521r1, 0, 133, 223, 66, 141}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP256r1, 0, 65, 122, 32, 72}, // 256 bit {EVP_PKEY_EC, NID_brainpoolP384r1, 0, 97, 171, 48, 104}, // 384 bit @@ -694,7 +694,7 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, previous_privlen += privlen; previous_publen += publen; OPENSSL_free(name); - } + } if (previous_privlen != plen) { //is ok, PQC pubkey might be in privkey @@ -703,6 +703,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err; } + if (oqsx_key_allocate_keymaterial(key, 0)) + { + ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); + goto err; + } } if (oqsx_key_allocate_keymaterial(key, 1)) { @@ -1372,7 +1377,6 @@ void oqsx_key_free(OQSX_KEY *key) #endif OPENSSL_free(key->propq); - OPENSSL_free(key->tls_name); OPENSSL_secure_clear_free(key->privkey, key->privkeylen); OPENSSL_secure_clear_free(key->pubkey, key->pubkeylen); OPENSSL_free(key->comp_pubkey); @@ -1382,27 +1386,32 @@ void oqsx_key_free(OQSX_KEY *key) else if (key->keytype == KEY_TYPE_ECP_HYB_KEM || key->keytype == KEY_TYPE_ECX_HYB_KEM) { OQS_KEM_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.kem); - } else - OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); - EVP_PKEY_free(key->classical_pkey); - if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { - EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); - EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); - OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); } - if(key->keytype == KEY_TYPE_CMP_SIG){ + else if(key->keytype == KEY_TYPE_CMP_SIG){ int i; for (i = 0; i < key->numkeys; i ++){ char *name = get_cmpname(OBJ_sn2nid(key->tls_name), i); if (get_oqsname_fromtls(name)) OQS_SIG_free(key->oqsx_provider_ctx[i].oqsx_qs_ctx.sig); + else{ + EVP_PKEY_free(key->classical_pkey); + EVP_PKEY_CTX_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx[i].oqsx_evp_ctx); + } OPENSSL_free(name); - } - - - } - else + } + }else{ OQS_SIG_free(key->oqsx_provider_ctx[0].oqsx_qs_ctx.sig); + EVP_PKEY_free(key->classical_pkey); + if (key->oqsx_provider_ctx[0].oqsx_evp_ctx) { + EVP_PKEY_CTX_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->ctx); + EVP_PKEY_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx->keyParam); + OPENSSL_free(key->oqsx_provider_ctx[0].oqsx_evp_ctx); + } + } + OPENSSL_free(key->tls_name); + #ifdef OQS_PROVIDER_NOATOMIC CRYPTO_THREAD_lock_free(key->lock);