diff --git a/README.md b/README.md index 0ea4e485..6ba2bab9 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ this provider also provides different hybrid algorithms, combining classic and quantum-safe methods. There are two types of combinations: The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_". -The [Composite](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a +The [Composite](https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/) are listed above with a suffix denoting a classic algorithm, e.g., for elliptic curve: "_p256". A full list of algorithms, their interoperability code points and OIDs as well diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 14464fa4..571dfdc1 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -429,7 +429,7 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # The Composite OIDs are kept up to date by @feventura (Entrust) - # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 + # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) diff --git a/oqs-template/generate.yml-0.10.0 b/oqs-template/generate.yml-0.10.0 index a0b9e230..2187c337 100644 --- a/oqs-template/generate.yml-0.10.0 +++ b/oqs-template/generate.yml-0.10.0 @@ -429,7 +429,7 @@ sigs: # 'oid': '2.16.840.1.114027.80.1.8'}] - # The Composite OIDs are kept up to date by @feventura (Entrust) - # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 + # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02 # OID scheme for composite variants: # joint-iso-itu-t (2) # country (16) diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 31ec99cc..2e48eaa3 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -515,14 +515,32 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (!strncmp(name, "pss", 3)) { + int salt; + const EVP_MD *pss_mgf1; + if (!strncmp(name, "pss3072", 7)) { + salt = 64; + pss_mgf1 = EVP_sha512(); + } else { + if (!strncmp(name, "pss2048", 7)) { + salt = 32; + pss_mgf1 = EVP_sha256(); + } else { + ERR_raise(ERR_LIB_USER, ERR_R_FATAL); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); + OPENSSL_free(name); + OPENSSL_free(buf); + goto endsign; + } + } if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PSS_PADDING) <= 0) || (EVP_PKEY_CTX_set_rsa_pss_saltlen( - classical_ctx_sign, 64) + classical_ctx_sign, salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign, - EVP_sha256()) + pss_mgf1) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); CompositeSignature_free(compsig); @@ -860,13 +878,31 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, goto endverify; } if (!strncmp(name, "pss", 3)) { + int salt; + const EVP_MD *pss_mgf1; + if (!strncmp(name, "pss3072", 7)) { + salt = 64; + pss_mgf1 = EVP_sha512(); + } else { + if (!strncmp(name, "pss2048", 7)) { + salt = 32; + pss_mgf1 = EVP_sha256(); + } else { + ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); + OPENSSL_free(name); + CompositeSignature_free(compsig); + OPENSSL_free(final_tbs); + goto endverify; + } + } if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PSS_PADDING) <= 0) - || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64) + || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, + salt) <= 0) || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify, - EVP_sha256()) + pss_mgf1) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); OPENSSL_free(name);