From 4a31bd0f046c456f325ad38b76278e99592e11b1 Mon Sep 17 00:00:00 2001 From: venturf Date: Mon, 8 Jul 2024 13:02:22 -0400 Subject: [PATCH 1/3] update the composite to draft-ietf-lamps-pq-composite-sigs-02 Signed-off-by: venturf --- README.md | 2 +- oqs-template/generate.yml | 2 +- oqs-template/generate.yml-0.10.0 | 2 +- oqsprov/oqs_sig.c | 17 +++++++++++++++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9f58f618..69a9cf57 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ this provider also provides different hybrid algorithms, combining classic and quantum-safe methods. There are two types of combinations: The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". -The [Composite](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a +The [Composite](https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/) are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index a0b9e230..2187c337 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -429,7 +429,7 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # The Composite OIDs are kept up to date by @feventura (Entrust) - # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 + # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) diff --git a/oqs-template/generate.yml-0.10.0 b/oqs-template/generate.yml-0.10.0 index a0b9e230..2187c337 100644 --- a/oqs-template/generate.yml-0.10.0 +++ b/oqs-template/generate.yml-0.10.0 @@ -429,7 +429,7 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # The Composite OIDs are kept up to date by @feventura (Entrust) - # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 + # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 31ec99cc..4673190e 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -515,11 +515,17 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (!strncmp(name, "pss", 3)) { + int salt; + if (name[3] == '3') { // pss3072 + salt = 64; + } else { // pss2048 + salt = 32; + } if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || (EVP_PKEY_CTX_set_rsa_pss_saltlen( - classical_ctx_sign, 64) + classical_ctx_sign, salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, EVP_sha256()) @@ -860,10 +866,17 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } if (!strncmp(name, "pss", 3)) { + int salt; + if (name[3] == '3') { // pss3072 + salt = 64; + } else { // pss2048 + salt = 32; + } if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) - || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, + salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, EVP_sha256()) From 8cd3e102d4c9cc64d4e402c6a840f45a8d346f99 Mon Sep 17 00:00:00 2001 From: feventura Date: Wed, 24 Jul 2024 10:19:10 -0400 Subject: [PATCH 2/3] fixed mgf1 to match values in -02 Signed-off-by: feventura --- oqsprov/oqs_sig.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 4673190e..03587a4e 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -516,10 +516,13 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (!strncmp(name, "pss", 3)) { int salt; + const EVP_MD *pss_mgf1; if (name[3] == '3') { // pss3072 salt = 64; + pss_mgf1 = EVP_sha512(); } else { // pss2048 salt = 32; + pss_mgf1 = EVP_sha256(); } if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) @@ -528,7 +531,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, classical_ctx_sign, salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, - EVP_sha256()) + pss_mgf1) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); CompositeSignature_free(compsig); @@ -867,10 +870,13 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } if (!strncmp(name, "pss", 3)) { int salt; + const EVP_MD *pss_mgf1; if (name[3] == '3') { // pss3072 salt = 64; + pss_mgf1 = EVP_sha512(); } else { // pss2048 salt = 32; + pss_mgf1 = EVP_sha256(); } if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) @@ -879,7 +885,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, - EVP_sha256()) + pss_mgf1) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); OPENSSL_free(name); From 3f32c9229dd333a6f689a1d3a8a867e906c847d4 Mon Sep 17 00:00:00 2001 From: feventura Date: Thu, 25 Jul 2024 11:38:10 -0400 Subject: [PATCH 3/3] changing the condition on pss salt and mgf1, and raising an error if the right pss is not found Signed-off-by: feventura --- oqsprov/oqs_sig.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 03587a4e..2e48eaa3 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -517,12 +517,21 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (!strncmp(name, "pss", 3)) { int salt; const EVP_MD *pss_mgf1; - if (name[3] == '3') { // pss3072 + if (!strncmp(name, "pss3072", 7)) { salt = 64; pss_mgf1 = EVP_sha512(); - } else { // pss2048 - salt = 32; - pss_mgf1 = EVP_sha256(); + } else { + if (!strncmp(name, "pss2048", 7)) { + salt = 32; + pss_mgf1 = EVP_sha256(); + } else { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } } if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) @@ -871,12 +880,20 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (!strncmp(name, "pss", 3)) { int salt; const EVP_MD *pss_mgf1; - if (name[3] == '3') { // pss3072 + if (!strncmp(name, "pss3072", 7)) { salt = 64; pss_mgf1 = EVP_sha512(); - } else { // pss2048 - salt = 32; - pss_mgf1 = EVP_sha256(); + } else { + if (!strncmp(name, "pss2048", 7)) { + salt = 32; + pss_mgf1 = EVP_sha256(); + } else { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); + goto endverify; + } } if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING)