Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include use of loaded 'libctx' context in KEM and SIG procedures (#557) #614

Merged
merged 2 commits into from
Jan 6, 2025
Merged

Include use of loaded 'libctx' context in KEM and SIG procedures (#557) #614

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1e7b545
Include use of loaded 'libctx' context in KEM and SIG procedures (#557)
RodriM11 Jan 4, 2025
1e07b81
better error checks oqs_test_libctx MSVC
RodriM11 Jan 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion oqs-template/generate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ def load_config(include_disabled_sigs=False):
populate('oqsprov/oqs_decode_der2key.c', config, '/////')
populate('oqsprov/oqsprov_keys.c', config, '/////')
populate('scripts/common.py', config, '#####')
populate('test/oqs_test_evp_pkey_params.c', config, '/////')
populate('test/test_common.c', config, '/////')

config2 = load_config(include_disabled_sigs=True)
config2 = complete_config(config2)
Expand Down
0 ...pkey_params.c/composite_sig_algs.fragment → ...test_common.c/composite_sig_algs.fragment
View file
Open in desktop
File renamed without changes.
0 ...vp_pkey_params.c/hybrid_kem_algs.fragment → ...st/test_common.c/hybrid_kem_algs.fragment
View file
Open in desktop
File renamed without changes.
0 ...vp_pkey_params.c/hybrid_sig_algs.fragment → ...st/test_common.c/hybrid_sig_algs.fragment
View file
Open in desktop
File renamed without changes.
18 changes: 11 additions & 7 deletions oqsprov/oqs_hyb_kem.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,

const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx;
const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx;
OSSL_LIB_CTX *libctx = pkemctx->libctx;

size_t pubkey_kexlen = 0;
size_t kexDeriveLen = 0, pkeylen = 0;
Expand Down Expand Up @@ -51,7 +52,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,
ret2 = EVP_PKEY_set1_encoded_public_key(peerpk, pubkey_kex, pubkey_kexlen);
ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, err);

kgctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL);
kgctx = EVP_PKEY_CTX_new_from_pkey(libctx, evp_ctx->keyParam, NULL);
ON_ERR_SET_GOTO(!kgctx, ret, -1, err);

ret2 = EVP_PKEY_keygen_init(kgctx);
Expand All @@ -60,7 +61,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,
ret2 = EVP_PKEY_keygen(kgctx, &pkey);
ON_ERR_SET_GOTO(ret2 != 1, ret, -1, err);

ctx = EVP_PKEY_CTX_new(pkey, NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
ON_ERR_SET_GOTO(!ctx, ret, -1, err);

ret = EVP_PKEY_derive_init(ctx);
Expand Down Expand Up @@ -96,6 +97,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
int ret = OQS_SUCCESS, ret2 = 0;
const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx;
const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx;
OSSL_LIB_CTX *libctx = pkemctx->libctx;

size_t pubkey_kexlen = evp_ctx->evp_info->length_public_key;
size_t kexDeriveLen = evp_ctx->evp_info->kex_length_secret;
Expand All @@ -111,12 +113,14 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
return 1;

if (evp_ctx->evp_info->raw_key_support) {
pkey = EVP_PKEY_new_raw_private_key(evp_ctx->evp_info->keytype, NULL,
privkey_kex, privkey_kexlen);
pkey = EVP_PKEY_new_raw_private_key_ex(
libctx, OBJ_nid2sn(evp_ctx->evp_info->keytype), NULL, privkey_kex,
privkey_kexlen);
ON_ERR_SET_GOTO(!pkey, ret, -10, err);
} else {
pkey = d2i_AutoPrivateKey(&pkey, (const unsigned char **)&privkey_kex,
privkey_kexlen);
pkey =
d2i_AutoPrivateKey_ex(&pkey, (const unsigned char **)&privkey_kex,
privkey_kexlen, libctx, NULL);
ON_ERR_SET_GOTO(!pkey, ret, -2, err);
}

Expand All @@ -129,7 +133,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
ret2 = EVP_PKEY_set1_encoded_public_key(peerpkey, ct, pubkey_kexlen);
ON_ERR_SET_GOTO(ret2 <= 0 || !peerpkey, ret, -5, err);

ctx = EVP_PKEY_CTX_new(pkey, NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
ON_ERR_SET_GOTO(!ctx, ret, -6, err);

ret = EVP_PKEY_derive_init(ctx);
Expand Down
28 changes: 17 additions & 11 deletions oqsprov/oqs_sig.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx;
OQSX_KEY *oqsxkey = poqs_sigctx->sig;
OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig;
OSSL_LIB_CTX *libctx = poqs_sigctx->libctx;
EVP_PKEY *oqs_key_classic = NULL;
EVP_PKEY *cmp_key_classic = NULL;
EVP_PKEY *evpkey = oqsxkey->classical_pkey;
Expand Down Expand Up @@ -373,7 +374,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
}

if (is_hybrid) {
if ((classical_ctx_sign = EVP_PKEY_CTX_new(evpkey, NULL)) == NULL ||
if ((classical_ctx_sign =
EVP_PKEY_CTX_new_from_pkey(libctx, evpkey, NULL)) == NULL ||
EVP_PKEY_sign_init(classical_ctx_sign) <= 0) {
ERR_raise(ERR_LIB_USER, ERR_R_FATAL);
goto endsign;
Expand Down Expand Up @@ -551,8 +553,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,

if (name[0] == 'e') { // ed25519 or ed448
EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL,
oqs_key_classic) <= 0) ||
if ((EVP_DigestSignInit_ex(evp_ctx, NULL, NULL, libctx,
NULL, oqs_key_classic,
NULL) <= 0) ||
(EVP_DigestSign(evp_ctx, buf, &oqs_sig_len,
(const unsigned char *)final_tbs,
final_tbslen) <= 0)) {
Expand All @@ -566,8 +569,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
}
EVP_MD_CTX_free(evp_ctx);
} else {
if ((classical_ctx_sign =
EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL ||
if ((classical_ctx_sign = EVP_PKEY_CTX_new_from_pkey(
libctx, oqs_key_classic, NULL)) == NULL ||
(EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) {
ERR_raise(ERR_LIB_USER, ERR_R_FATAL);
CompositeSignature_free(compsig);
Expand Down Expand Up @@ -711,6 +714,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx;
OQSX_KEY *oqsxkey = poqs_sigctx->sig;
OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig;
OSSL_LIB_CTX *libctx = poqs_sigctx->libctx;
EVP_PKEY *evpkey = oqsxkey->classical_pkey;
EVP_PKEY_CTX *classical_ctx_sign = NULL;
EVP_PKEY_CTX *ctx_verify = NULL;
Expand Down Expand Up @@ -741,8 +745,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
size_t max_classical_sig_len =
oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature;

if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) ==
NULL ||
if ((ctx_verify = EVP_PKEY_CTX_new_from_pkey(
libctx, oqsxkey->classical_pkey, NULL)) == NULL ||
EVP_PKEY_verify_init(ctx_verify) <= 0) {
ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
goto endverify;
Expand Down Expand Up @@ -925,8 +929,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,

if (name[0] == 'e') { // ed25519 or ed448
EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL,
oqsxkey->classical_pkey) <= 0) ||
if ((EVP_DigestVerifyInit_ex(evp_ctx, NULL, NULL, libctx,
NULL, oqsxkey->classical_pkey,
NULL) <= 0) ||
(EVP_DigestVerify(evp_ctx, buf, buf_len,
(const unsigned char *)final_tbs,
final_tbslen) <= 0)) {
Expand All @@ -939,8 +944,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
}
EVP_MD_CTX_free(evp_ctx);
} else {
if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey,
NULL)) == NULL) ||
if (((ctx_verify = EVP_PKEY_CTX_new_from_pkey(
libctx, oqsxkey->classical_pkey, NULL)) ==
NULL) ||
(EVP_PKEY_verify_init(ctx_verify) <= 0)) {
ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
OPENSSL_free(name);
Expand Down
Loading
Loading