From: d-Dudas Date: Sun, 22 Sep 2024 13:22:13 +0000 (+0300) Subject: Moved ML-DSA algorithms from the experimtental algorithms to non-exeperimental algori... X-Git-Tag: 3.8.9~21^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=11f86603bdd09d4d5500c8bca41fed60a10aed96;p=thirdparty%2Fgnutls.git Moved ML-DSA algorithms from the experimtental algorithms to non-exeperimental algorithms. Signed-off-by: David Dudas --- diff --git a/doc/Makefile.am b/doc/Makefile.am index 64fde86542..af7431961c 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -567,6 +567,7 @@ ENUMS += enums/gnutls_ocsp_verify_reason_t ENUMS += enums/gnutls_openpgp_crt_status_t ENUMS += enums/gnutls_params_type_t ENUMS += enums/gnutls_pin_flag_t +ENUMS += enums/gnutls_pk_algorithm_t ENUMS += enums/gnutls_pkcs11_obj_flags ENUMS += enums/gnutls_pkcs11_obj_info_t ENUMS += enums/gnutls_pkcs11_obj_type_t @@ -586,6 +587,7 @@ ENUMS += enums/gnutls_rnd_level_t ENUMS += enums/gnutls_sec_param_t ENUMS += enums/gnutls_server_name_type_t ENUMS += enums/gnutls_session_flags_t +ENUMS += enums/gnutls_sign_algorithm_t ENUMS += enums/gnutls_srtp_profile_t ENUMS += enums/gnutls_supplemental_data_format_type_t ENUMS += enums/gnutls_tpmkey_fmt_t diff --git a/lib/algorithms.h b/lib/algorithms.h index 828e95b722..bac20a5d80 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -56,10 +56,9 @@ (((x) == GNUTLS_PK_MLKEM768) || ((x) == GNUTLS_PK_EXP_KYBER768)) #ifdef HAVE_LIBOQS -#define IS_ML_DSA(x) \ - (((x) == GNUTLS_PK_EXP_ML_DSA_44_IPD) || \ - ((x) == GNUTLS_PK_EXP_ML_DSA_65_IPD) || \ - ((x) == GNUTLS_PK_EXP_ML_DSA_87_IPD)) +#define IS_ML_DSA(x) \ + (((x) == GNUTLS_PK_ML_DSA_44) || ((x) == GNUTLS_PK_ML_DSA_65) || \ + ((x) == GNUTLS_PK_ML_DSA_87)) #define IS_FALCON(x) \ (((x) == GNUTLS_PK_EXP_FALCON512) || ((x) == GNUTLS_PK_EXP_FALCON1024)) diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index c7e6d0244f..e0103cc978 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -213,19 +213,19 @@ static const gnutls_pk_entry pk_algorithms[] = { .oid = NULL, .id = GNUTLS_PK_EXP_KYBER768, .curve = GNUTLS_ECC_CURVE_INVALID }, - { .name = "ML-DSA-44-ipd", - .oid = ML_DSA_44_IPD_OID, - .id = GNUTLS_PK_EXP_ML_DSA_44_IPD, + { .name = "ML-DSA-44", + .oid = ML_DSA_44_OID, + .id = GNUTLS_PK_ML_DSA_44, .curve = GNUTLS_ECC_CURVE_INVALID, .no_prehashed = 1 }, - { .name = "ML-DSA-65-ipd", - .oid = ML_DSA_65_IPD_OID, - .id = GNUTLS_PK_EXP_ML_DSA_65_IPD, + { .name = "ML-DSA-65", + .oid = ML_DSA_65_OID, + .id = GNUTLS_PK_ML_DSA_65, .curve = GNUTLS_ECC_CURVE_INVALID, .no_prehashed = 1 }, - { .name = "ML-DSA-87-ipd", - .oid = ML_DSA_87_IPD_OID, - .id = GNUTLS_PK_EXP_ML_DSA_87_IPD, + { .name = "ML-DSA-87", + .oid = ML_DSA_87_OID, + .id = GNUTLS_PK_ML_DSA_87, .curve = GNUTLS_ECC_CURVE_INVALID, .no_prehashed = 1 }, { .name = "Falcon512", diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index d8137f42e9..64ec392004 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -80,7 +80,7 @@ static const gnutls_sec_params_entry sec_params[] = { }, { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 224, 224, #ifdef HAVE_LIBOQS - OQS_SIG_ml_dsa_44_ipd_length_public_key, 0, 0 + OQS_SIG_ml_dsa_44_length_public_key, 0, 0 #endif }, { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256, @@ -101,7 +101,7 @@ static const gnutls_sec_params_entry sec_params[] = { }, { "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224, #ifdef HAVE_LIBOQS - OQS_SIG_ml_dsa_44_ipd_length_public_key, 0, 0 + OQS_SIG_ml_dsa_44_length_public_key, 0, 0 #endif }, { "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256, @@ -112,12 +112,12 @@ static const gnutls_sec_params_entry sec_params[] = { #endif { "Ultra", GNUTLS_SEC_PARAM_ULTRA, 192, 8192, 8192, 384, 384, #ifdef HAVE_LIBOQS - OQS_SIG_ml_dsa_65_ipd_length_public_key, 0, 0 + OQS_SIG_ml_dsa_65_length_public_key, 0, 0 #endif }, { "Future", GNUTLS_SEC_PARAM_FUTURE, 256, 15360, 15360, 512, 512, #ifdef HAVE_LIBOQS - OQS_SIG_ml_dsa_87_ipd_length_public_key, + OQS_SIG_ml_dsa_87_length_public_key, OQS_SIG_falcon_1024_length_public_key, OQS_SIG_sphincs_sha2_256f_simple_length_public_key #endif diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index d1e416681d..c3c08a9227 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -403,22 +403,22 @@ static SYSTEM_CONFIG_OR_CONST gnutls_sign_entry_st sign_algorithms[] = { .hash = GNUTLS_DIG_SHA512, .aid = TLS_SIGN_AID_UNKNOWN }, #ifdef HAVE_LIBOQS - { .name = "ML-DSA-44-ipd", - .oid = ML_DSA_44_IPD_OID, - .id = GNUTLS_SIGN_EXP_ML_DSA_44_IPD, - .pk = GNUTLS_PK_EXP_ML_DSA_44_IPD, + { .name = "ML-DSA-44", + .oid = ML_DSA_44_OID, + .id = GNUTLS_SIGN_ML_DSA_44, + .pk = GNUTLS_PK_ML_DSA_44, .hash = GNUTLS_DIG_SHAKE_256, .aid = TLS_SIGN_AID_UNKNOWN }, - { .name = "ML-DSA-65-ipd", - .oid = ML_DSA_65_IPD_OID, - .id = GNUTLS_SIGN_EXP_ML_DSA_65_IPD, - .pk = GNUTLS_PK_EXP_ML_DSA_65_IPD, + { .name = "ML-DSA-65", + .oid = ML_DSA_65_OID, + .id = GNUTLS_SIGN_ML_DSA_65, + .pk = GNUTLS_PK_ML_DSA_65, .hash = GNUTLS_DIG_SHAKE_256, .aid = TLS_SIGN_AID_UNKNOWN }, - { .name = "ML-DSA-87-ipd", - .oid = ML_DSA_87_IPD_OID, - .id = GNUTLS_SIGN_EXP_ML_DSA_87_IPD, - .pk = GNUTLS_PK_EXP_ML_DSA_87_IPD, + { .name = "ML-DSA-87", + .oid = ML_DSA_87_OID, + .id = GNUTLS_SIGN_ML_DSA_87, + .pk = GNUTLS_PK_ML_DSA_87, .hash = GNUTLS_DIG_SHAKE_256, .aid = TLS_SIGN_AID_UNKNOWN }, { .name = "Falcon512", diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index f06d328805..a175134566 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -908,29 +908,29 @@ typedef enum { GNUTLS_PK_ECDH_X448 = 11, GNUTLS_PK_EDDSA_ED448 = 12, GNUTLS_PK_RSA_OAEP = 13, - GNUTLS_PK_MLKEM768 = 14, - GNUTLS_PK_MAX = GNUTLS_PK_MLKEM768, + GNUTLS_PK_MLKEM768 = 15, + GNUTLS_PK_ML_DSA_44 = 16, + GNUTLS_PK_ML_DSA_65 = 17, + GNUTLS_PK_ML_DSA_87 = 18, + GNUTLS_PK_MAX = GNUTLS_PK_ML_DSA_87, /* Experimental algorithms */ GNUTLS_PK_EXP_MIN = 256, - GNUTLS_PK_EXP_KYBER768 = GNUTLS_PK_EXP_MIN + 0, - GNUTLS_PK_EXP_ML_DSA_44_IPD = GNUTLS_PK_EXP_MIN + 1, - GNUTLS_PK_EXP_ML_DSA_65_IPD = GNUTLS_PK_EXP_MIN + 2, - GNUTLS_PK_EXP_ML_DSA_87_IPD = GNUTLS_PK_EXP_MIN + 3, - GNUTLS_PK_EXP_FALCON512 = GNUTLS_PK_EXP_MIN + 4, - GNUTLS_PK_EXP_FALCON1024 = GNUTLS_PK_EXP_MIN + 5, - GNUTLS_PK_EXP_SPHINCS_SHA2_128F = GNUTLS_PK_EXP_MIN + 6, - GNUTLS_PK_EXP_SPHINCS_SHA2_128S = GNUTLS_PK_EXP_MIN + 7, - GNUTLS_PK_EXP_SPHINCS_SHA2_192F = GNUTLS_PK_EXP_MIN + 8, - GNUTLS_PK_EXP_SPHINCS_SHA2_192S = GNUTLS_PK_EXP_MIN + 9, - GNUTLS_PK_EXP_SPHINCS_SHA2_256F = GNUTLS_PK_EXP_MIN + 10, - GNUTLS_PK_EXP_SPHINCS_SHA2_256S = GNUTLS_PK_EXP_MIN + 11, - GNUTLS_PK_EXP_SPHINCS_SHAKE_128F = GNUTLS_PK_EXP_MIN + 12, - GNUTLS_PK_EXP_SPHINCS_SHAKE_128S = GNUTLS_PK_EXP_MIN + 13, - GNUTLS_PK_EXP_SPHINCS_SHAKE_192F = GNUTLS_PK_EXP_MIN + 14, - GNUTLS_PK_EXP_SPHINCS_SHAKE_192S = GNUTLS_PK_EXP_MIN + 15, - GNUTLS_PK_EXP_SPHINCS_SHAKE_256F = GNUTLS_PK_EXP_MIN + 16, - GNUTLS_PK_EXP_SPHINCS_SHAKE_256S = GNUTLS_PK_EXP_MIN + 17, + GNUTLS_PK_EXP_KYBER768 = 257, + GNUTLS_PK_EXP_FALCON512 = 258, + GNUTLS_PK_EXP_FALCON1024 = 259, + GNUTLS_PK_EXP_SPHINCS_SHA2_128F = 260, + GNUTLS_PK_EXP_SPHINCS_SHA2_128S = 261, + GNUTLS_PK_EXP_SPHINCS_SHA2_192F = 262, + GNUTLS_PK_EXP_SPHINCS_SHA2_192S = 263, + GNUTLS_PK_EXP_SPHINCS_SHA2_256F = 264, + GNUTLS_PK_EXP_SPHINCS_SHA2_256S = 265, + GNUTLS_PK_EXP_SPHINCS_SHAKE_128F = 266, + GNUTLS_PK_EXP_SPHINCS_SHAKE_128S = 267, + GNUTLS_PK_EXP_SPHINCS_SHAKE_192F = 268, + GNUTLS_PK_EXP_SPHINCS_SHAKE_192S = 269, + GNUTLS_PK_EXP_SPHINCS_SHAKE_256F = 270, + GNUTLS_PK_EXP_SPHINCS_SHAKE_256S = 271, GNUTLS_PK_EXP_MAX = GNUTLS_PK_EXP_SPHINCS_SHAKE_256S } gnutls_pk_algorithm_t; @@ -1052,26 +1052,27 @@ typedef enum { GNUTLS_SIGN_GOST_256 = 44, GNUTLS_SIGN_GOST_512 = 45, GNUTLS_SIGN_EDDSA_ED448 = 46, - GNUTLS_SIGN_MAX = GNUTLS_SIGN_EDDSA_ED448, + + GNUTLS_SIGN_ML_DSA_44 = 47, + GNUTLS_SIGN_ML_DSA_65 = 48, + GNUTLS_SIGN_ML_DSA_87 = 49, + GNUTLS_SIGN_MAX = GNUTLS_SIGN_ML_DSA_87, GNUTLS_SIGN_EXP_MIN = 256, - GNUTLS_SIGN_EXP_ML_DSA_44_IPD = GNUTLS_SIGN_EXP_MIN + 0, - GNUTLS_SIGN_EXP_ML_DSA_65_IPD = GNUTLS_SIGN_EXP_MIN + 1, - GNUTLS_SIGN_EXP_ML_DSA_87_IPD = GNUTLS_SIGN_EXP_MIN + 2, - GNUTLS_SIGN_EXP_FALCON512 = GNUTLS_SIGN_EXP_MIN + 3, - GNUTLS_SIGN_EXP_FALCON1024 = GNUTLS_SIGN_EXP_MIN + 4, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_128F = GNUTLS_SIGN_EXP_MIN + 5, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_128S = GNUTLS_SIGN_EXP_MIN + 6, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_192F = GNUTLS_SIGN_EXP_MIN + 7, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_192S = GNUTLS_SIGN_EXP_MIN + 8, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_256F = GNUTLS_SIGN_EXP_MIN + 9, - GNUTLS_SIGN_EXP_SPHINCS_SHA2_256S = GNUTLS_SIGN_EXP_MIN + 10, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128F = GNUTLS_SIGN_EXP_MIN + 11, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128S = GNUTLS_SIGN_EXP_MIN + 12, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192F = GNUTLS_SIGN_EXP_MIN + 13, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192S = GNUTLS_SIGN_EXP_MIN + 14, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256F = GNUTLS_SIGN_EXP_MIN + 15, - GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S = GNUTLS_SIGN_EXP_MIN + 16, + GNUTLS_SIGN_EXP_FALCON512 = 257, + GNUTLS_SIGN_EXP_FALCON1024 = 258, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_128F = 259, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_128S = 260, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_192F = 261, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_192S = 262, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_256F = 263, + GNUTLS_SIGN_EXP_SPHINCS_SHA2_256S = 264, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128F = 265, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128S = 266, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192F = 267, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192S = 268, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256F = 269, + GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S = 270, GNUTLS_SIGN_EXP_MAX = GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S, } gnutls_sign_algorithm_t; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 03a94d99aa..43e3f4ff4b 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1437,12 +1437,12 @@ static inline int eddsa_sign(gnutls_pk_algorithm_t algo, const uint8_t *pub, static inline const char *convert_to_oqs_alg(gnutls_pk_algorithm_t algo) { switch (algo) { - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - return OQS_SIG_alg_ml_dsa_44_ipd; - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - return OQS_SIG_alg_ml_dsa_65_ipd; - case GNUTLS_PK_EXP_ML_DSA_87_IPD: - return OQS_SIG_alg_ml_dsa_87_ipd; + case GNUTLS_PK_ML_DSA_44: + return OQS_SIG_alg_ml_dsa_44; + case GNUTLS_PK_ML_DSA_65: + return OQS_SIG_alg_ml_dsa_65; + case GNUTLS_PK_ML_DSA_87: + return OQS_SIG_alg_ml_dsa_87; case GNUTLS_PK_EXP_FALCON512: return OQS_SIG_alg_falcon_512; case GNUTLS_PK_EXP_FALCON1024: @@ -1898,9 +1898,9 @@ static int _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, break; } #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -2326,9 +2326,9 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, break; } #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -2540,7 +2540,25 @@ static int _wrap_nettle_pk_exists(gnutls_pk_algorithm_t pk) return 1; #ifdef HAVE_LIBOQS case GNUTLS_PK_MLKEM768: - case GNUTLS_PK_EXP_KYBER768: { + case GNUTLS_PK_EXP_KYBER768: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: + case GNUTLS_PK_EXP_FALCON512: + case GNUTLS_PK_EXP_FALCON1024: + case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: + case GNUTLS_PK_EXP_SPHINCS_SHA2_128S: + case GNUTLS_PK_EXP_SPHINCS_SHA2_192F: + case GNUTLS_PK_EXP_SPHINCS_SHA2_192S: + case GNUTLS_PK_EXP_SPHINCS_SHA2_256F: + case GNUTLS_PK_EXP_SPHINCS_SHA2_256S: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_128F: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_128S: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_192F: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_192S: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_256F: + case GNUTLS_PK_EXP_SPHINCS_SHAKE_256S: + { const char *algo_name; if (_gnutls_liboqs_ensure() < 0) @@ -2761,9 +2779,9 @@ static int wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: #endif - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -4026,9 +4044,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ret = 0; break; } - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -4369,9 +4387,9 @@ static int wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo, ret = 0; break; - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: diff --git a/lib/privkey.c b/lib/privkey.c index f97a0cfa75..1346cdfe0e 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -244,9 +244,9 @@ static int privkey_to_pubkey(gnutls_pk_algorithm_t pk, case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: diff --git a/lib/pubkey.c b/lib/pubkey.c index 547854d35b..1f767c4f29 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -39,7 +39,7 @@ #include "ecc.h" #ifdef HAVE_LIBOQS -#include +#include #endif static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se, @@ -54,18 +54,15 @@ static int pubkey_supports_sig(gnutls_pubkey_t pubkey, const gnutls_sign_entry_st *se); #ifdef HAVE_LIBOQS -struct OQS_alg_pubkey_bits { +struct pq_algorithm_pubkey_bits_st { gnutls_pk_algorithm_t algorithm; int pubkey_bits; }; -struct OQS_alg_pubkey_bits pqc_pubkey_bits[] = { - { GNUTLS_PK_EXP_ML_DSA_44_IPD, - OQS_SIG_ml_dsa_44_ipd_length_public_key }, - { GNUTLS_PK_EXP_ML_DSA_65_IPD, - OQS_SIG_ml_dsa_65_ipd_length_public_key }, - { GNUTLS_PK_EXP_ML_DSA_87_IPD, - OQS_SIG_ml_dsa_87_ipd_length_public_key }, +static const struct pq_algorithm_pubkey_bits_st pq_pubkey_bits[] = { + { GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_public_key }, + { GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_public_key }, + { GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_public_key }, { GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_public_key }, { GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_public_key }, { GNUTLS_PK_EXP_SPHINCS_SHA2_128F, @@ -96,9 +93,10 @@ struct OQS_alg_pubkey_bits pqc_pubkey_bits[] = { { GNUTLS_PK_UNKNOWN, 0 } }; -static int pqc_pubkey_to_bits(gnutls_pk_algorithm_t algo) +static int pq_pubkey_to_bits(const gnutls_pk_algorithm_t algo) { - struct OQS_alg_pubkey_bits *pubkey_to_bits = pqc_pubkey_bits; + const struct pq_algorithm_pubkey_bits_st *pubkey_to_bits = + pq_pubkey_bits; while (pubkey_to_bits->algorithm != algo && pubkey_to_bits->algorithm != GNUTLS_PK_UNKNOWN) pubkey_to_bits++; @@ -129,9 +127,9 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st *params) case GNUTLS_PK_GOST_12_512: return gnutls_ecc_curve_get_size(params->curve) * 8; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -146,7 +144,7 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st *params) case GNUTLS_PK_EXP_SPHINCS_SHAKE_192S: case GNUTLS_PK_EXP_SPHINCS_SHAKE_256F: case GNUTLS_PK_EXP_SPHINCS_SHAKE_256S: - return pqc_pubkey_to_bits(params->algo); + return pq_pubkey_to_bits(params->algo); #endif default: return 0; @@ -433,9 +431,9 @@ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, ret = 0; break; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHAKE_128F: @@ -2758,9 +2756,9 @@ int pubkey_verify_data(const gnutls_sign_entry_st *se, const mac_entry_st *me, case GNUTLS_PK_EDDSA_ED25519: case GNUTLS_PK_EDDSA_ED448: #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: diff --git a/lib/x509/common.h b/lib/x509/common.h index 8f6e223d95..c171c67aab 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -118,9 +118,9 @@ #define GOST28147_89_CPD_OID "1.2.643.2.2.31.4" #ifdef HAVE_LIBOQS -#define ML_DSA_44_IPD_OID "1.3.6.1.4.1.2.267.12.4.4" -#define ML_DSA_65_IPD_OID "1.3.6.1.4.1.2.267.12.6.5" -#define ML_DSA_87_IPD_OID "1.3.6.1.4.1.2.267.12.8.7" +#define ML_DSA_44_OID "1.3.6.1.4.1.2.267.12.4.4" +#define ML_DSA_65_OID "1.3.6.1.4.1.2.267.12.6.5" +#define ML_DSA_87_OID "1.3.6.1.4.1.2.267.12.8.7" #define FALCON512_OID "1.3.9999.3.1" #define FALCON1024_OID "1.3.9999.3.4" diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 75827e2db5..0cbd59cfe5 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -736,9 +736,9 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t *der, } break; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -854,9 +854,9 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st *params) case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index c81cdfb796..c020e1e23b 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -303,9 +303,9 @@ int _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st *params, case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -357,9 +357,9 @@ int _gnutls_x509_write_pubkey(const gnutls_pk_params_st *params, case GNUTLS_PK_GOST_12_512: return _gnutls_x509_write_gost_pubkey(params, der); #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -1254,11 +1254,11 @@ static int _gnutls_asn1_encode_pqc_alg(asn1_node *c2, static uint8_t _gnutls_get_pqc_alg_version(gnutls_pk_params_st *params) { switch (params->algo) { - case GNUTLS_PK_EXP_ML_DSA_44_IPD: + case GNUTLS_PK_ML_DSA_44: return '\x04'; - case GNUTLS_PK_EXP_ML_DSA_65_IPD: + case GNUTLS_PK_ML_DSA_65: return '\x06'; - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_87: return '\x08'; case GNUTLS_PK_EXP_FALCON512: return '\x01'; @@ -1428,9 +1428,9 @@ int _gnutls_asn1_encode_privkey(asn1_node *c2, gnutls_pk_params_st *params) /* DH keys are only exportable in PKCS#8 format */ return GNUTLS_E_INVALID_REQUEST; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: return _gnutls_asn1_encode_ml_dsa(c2, params); case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 614fd2df42..6e1daec902 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -135,9 +135,9 @@ int _gnutls_get_asn_mpis(asn1_node asn, const char *root, pk_algorithm != GNUTLS_PK_EDDSA_ED448 && pk_algorithm != GNUTLS_PK_ECDH_X448 #ifdef HAVE_LIBOQS - && pk_algorithm != GNUTLS_PK_EXP_ML_DSA_44_IPD && - pk_algorithm != GNUTLS_PK_EXP_ML_DSA_65_IPD && - pk_algorithm != GNUTLS_PK_EXP_ML_DSA_87_IPD && + && pk_algorithm != GNUTLS_PK_ML_DSA_44 && + pk_algorithm != GNUTLS_PK_ML_DSA_65 && + pk_algorithm != GNUTLS_PK_ML_DSA_87 && pk_algorithm != GNUTLS_PK_EXP_FALCON512 && pk_algorithm != GNUTLS_PK_EXP_FALCON1024 && pk_algorithm != GNUTLS_PK_EXP_SPHINCS_SHA2_128F && @@ -154,7 +154,7 @@ int _gnutls_get_asn_mpis(asn1_node asn, const char *root, pk_algorithm != GNUTLS_PK_EXP_SPHINCS_SHAKE_256S #endif ) { - /* RSA, EdDSA and PQC algorithms do not use parameters */ + /* RSA, EdDSA and PQ algorithms do not use parameters */ result = _gnutls_x509_read_value(asn, name, &tmp); if (pk_algorithm == GNUTLS_PK_RSA_PSS && (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9320f1d5cf..56e6829d44 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -37,7 +37,7 @@ #include "pin.h" #ifdef HAVE_LIBOQS -#include +#include #endif /** * gnutls_x509_privkey_init: @@ -328,7 +328,7 @@ error: } #ifdef HAVE_LIBOQS -struct PQCAlgorithmVersion { +struct pqc_algorithm_version_st { uint8_t version; gnutls_pk_algorithm_t algorithm; int secret_key_length; @@ -372,16 +372,13 @@ int _gnutls_decode_pqc_keys(asn1_node *pkey_asn, const gnutls_datum_t *raw_key, return GNUTLS_E_SUCCESS; } -struct PQCAlgorithmVersion ml_dsa_versions[] = { - { '\x04', GNUTLS_PK_EXP_ML_DSA_44_IPD, - OQS_SIG_ml_dsa_44_ipd_length_secret_key, - OQS_SIG_ml_dsa_44_ipd_length_public_key }, - { '\x06', GNUTLS_PK_EXP_ML_DSA_65_IPD, - OQS_SIG_ml_dsa_65_ipd_length_secret_key, - OQS_SIG_ml_dsa_65_ipd_length_public_key }, - { '\x08', GNUTLS_PK_EXP_ML_DSA_87_IPD, - OQS_SIG_ml_dsa_87_ipd_length_secret_key, - OQS_SIG_ml_dsa_87_ipd_length_public_key }, +static const struct pqc_algorithm_version_st ml_dsa_versions[] = { + { '\x04', GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_secret_key, + OQS_SIG_ml_dsa_44_length_public_key }, + { '\x06', GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_secret_key, + OQS_SIG_ml_dsa_65_length_public_key }, + { '\x08', GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_secret_key, + OQS_SIG_ml_dsa_87_length_public_key }, { '\x00', GNUTLS_PK_UNKNOWN, 0, 0 } }; @@ -389,7 +386,7 @@ struct PQCAlgorithmVersion ml_dsa_versions[] = { static int _gnutls_set_ml_dsa_params(const uint8_t *version, gnutls_x509_privkey_t pkey) { - struct PQCAlgorithmVersion *v = ml_dsa_versions; + const struct pqc_algorithm_version_st *v = ml_dsa_versions; while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version) v++; @@ -437,7 +434,7 @@ error: return result; } -struct PQCAlgorithmVersion falcon_versions[] = { +static const struct pqc_algorithm_version_st falcon_versions[] = { { '\x01', GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key, OQS_SIG_falcon_512_length_public_key }, { '\x02', GNUTLS_PK_EXP_FALCON1024, @@ -450,7 +447,7 @@ struct PQCAlgorithmVersion falcon_versions[] = { static int _gnutls_set_falcon_params(const uint8_t *version, gnutls_x509_privkey_t pkey) { - struct PQCAlgorithmVersion *v = falcon_versions; + const struct pqc_algorithm_version_st *v = falcon_versions; while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version) v++; @@ -498,7 +495,7 @@ error: return result; } -struct PQCAlgorithmVersion sphincs_versions[] = { +static const struct pqc_algorithm_version_st sphincs_versions[] = { { '\x01', GNUTLS_PK_EXP_SPHINCS_SHA2_128F, OQS_SIG_sphincs_sha2_128f_simple_length_secret_key, OQS_SIG_sphincs_sha2_128f_simple_length_public_key }, @@ -542,7 +539,7 @@ struct PQCAlgorithmVersion sphincs_versions[] = { static int _gnutls_set_sphincs_params(const uint8_t *version, gnutls_x509_privkey_t pkey) { - struct PQCAlgorithmVersion *v = sphincs_versions; + const struct pqc_algorithm_version_st *v = sphincs_versions; while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version) v++; @@ -789,7 +786,7 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, &_data); if (result >= 0) { key->params.algo = - GNUTLS_PK_EXP_ML_DSA_44_IPD; + GNUTLS_PK_ML_DSA_44; } } else if (left > sizeof(PEM_KEY_FALCON) && memcmp(ptr, PEM_KEY_FALCON, @@ -874,7 +871,7 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, key->key = NULL; } #ifdef HAVE_LIBOQS - } else if (key->params.algo == GNUTLS_PK_EXP_ML_DSA_44_IPD) { + } else if (key->params.algo == GNUTLS_PK_ML_DSA_44) { result = _gnutls_privkey_decode_ml_dsa_key(&key->key, &_data, key); @@ -1003,10 +1000,8 @@ fail: #ifdef HAVE_LIBOQS #define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 21 -#define MAX_PEM_KEY_SIZE PEM_KEY_SPHINCS #else #define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 15 -#define MAX_PEM_KEY_SIZE PEM_KEY_RSA #endif /** @@ -1069,21 +1064,27 @@ int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, ((ptrdiff_t)ptr - (ptrdiff_t)data->data); } - if (ptr != NULL && left > sizeof(MAX_PEM_KEY_SIZE)) { - if (memcmp(ptr, PEM_KEY_RSA, - sizeof(PEM_KEY_RSA) - 1) == 0 || - memcmp(ptr, PEM_KEY_ECC, - sizeof(PEM_KEY_ECC) - 1) == 0 || - memcmp(ptr, PEM_KEY_DSA, - sizeof(PEM_KEY_DSA) - 1) == 0 + if (ptr != NULL) { + if ((left > sizeof(PEM_KEY_RSA) && + memcmp(ptr, PEM_KEY_RSA, + sizeof(PEM_KEY_RSA) - 1) == 0) || + (left > sizeof(PEM_KEY_ECC) && + memcmp(ptr, PEM_KEY_ECC, + sizeof(PEM_KEY_ECC) - 1) == 0) || + (left > sizeof(PEM_KEY_DSA) && + memcmp(ptr, PEM_KEY_DSA, + sizeof(PEM_KEY_DSA) - 1) == 0) #ifdef HAVE_LIBOQS || - memcmp(ptr, PEM_KEY_ML_DSA, - sizeof(PEM_KEY_ML_DSA) - 1) == 0 || - memcmp(ptr, PEM_KEY_FALCON, - sizeof(PEM_KEY_FALCON) - 1) == 0 || - memcmp(ptr, PEM_KEY_SPHINCS, - sizeof(PEM_KEY_SPHINCS) - 1) == 0 + (left > sizeof(PEM_KEY_ML_DSA) && + memcmp(ptr, PEM_KEY_ML_DSA, + sizeof(PEM_KEY_ML_DSA) - 1) == 0) || + (left > sizeof(PEM_KEY_FALCON) && + memcmp(ptr, PEM_KEY_FALCON, + sizeof(PEM_KEY_FALCON) - 1) == 0) || + (left > sizeof(PEM_KEY_SPHINCS) && + memcmp(ptr, PEM_KEY_SPHINCS, + sizeof(PEM_KEY_SPHINCS) - 1) == 0) #endif ) { head_enc = 0; @@ -1838,9 +1839,9 @@ static const char *set_msg(gnutls_x509_privkey_t key) case GNUTLS_PK_EC: return PEM_KEY_ECC; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: return PEM_KEY_ML_DSA; case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 8485b3e0a2..483d5d2b6c 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -40,7 +40,7 @@ #include "prov-seed.h" #ifdef HAVE_LIBOQS -#include +#include #endif static int _decode_pkcs8_ecc_key(asn1_node pkcs8_asn, @@ -83,9 +83,9 @@ inline static int _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_assert(); return ret; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: @@ -1485,19 +1485,19 @@ error: } #ifdef HAVE_LIBOQS -struct pqc_key_length_st { +struct pq_key_length_st { gnutls_pk_algorithm_t algorithm; int secret_key_length; int public_key_length; }; -struct pqc_key_length_st pqc_key_lengths[] = { - { GNUTLS_PK_EXP_ML_DSA_44_IPD, OQS_SIG_ml_dsa_44_ipd_length_secret_key, - OQS_SIG_ml_dsa_44_ipd_length_public_key }, - { GNUTLS_PK_EXP_ML_DSA_65_IPD, OQS_SIG_ml_dsa_65_ipd_length_secret_key, - OQS_SIG_ml_dsa_65_ipd_length_public_key }, - { GNUTLS_PK_EXP_ML_DSA_87_IPD, OQS_SIG_ml_dsa_87_ipd_length_secret_key, - OQS_SIG_ml_dsa_87_ipd_length_public_key }, +static const struct pq_key_length_st pq_key_lengths[] = { + { GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_secret_key, + OQS_SIG_ml_dsa_44_length_public_key }, + { GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_secret_key, + OQS_SIG_ml_dsa_65_length_public_key }, + { GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_secret_key, + OQS_SIG_ml_dsa_87_length_public_key }, { GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key, OQS_SIG_falcon_512_length_public_key }, { GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_secret_key, @@ -1542,11 +1542,11 @@ struct pqc_key_length_st pqc_key_lengths[] = { { GNUTLS_PK_UNKNOWN, 0, 0 } }; -static int _get_pqc_keys_length(gnutls_pk_algorithm_t algo, +static int _get_pqc_keys_length(const gnutls_pk_algorithm_t algo, int *pqc_alg_secret_key_length, int *pqc_alg_public_key_length) { - struct pqc_key_length_st *pqc_key_length = pqc_key_lengths; + const struct pq_key_length_st *pqc_key_length = pq_key_lengths; while (pqc_key_length->algorithm != algo && pqc_key_length->algorithm != GNUTLS_PK_UNKNOWN) pqc_key_length++; @@ -1693,9 +1693,9 @@ static int decode_private_key_info(const gnutls_datum_t *der, pkey->params.algo); break; #ifdef HAVE_LIBOQS - case GNUTLS_PK_EXP_ML_DSA_44_IPD: - case GNUTLS_PK_EXP_ML_DSA_65_IPD: - case GNUTLS_PK_EXP_ML_DSA_87_IPD: + case GNUTLS_PK_ML_DSA_44: + case GNUTLS_PK_ML_DSA_65: + case GNUTLS_PK_ML_DSA_87: case GNUTLS_PK_EXP_FALCON512: case GNUTLS_PK_EXP_FALCON1024: case GNUTLS_PK_EXP_SPHINCS_SHA2_128F: diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c index 500d39f971..a9f62e841a 100644 --- a/tests/gnutls-strcodes.c +++ b/tests/gnutls-strcodes.c @@ -95,8 +95,14 @@ void doit(void) for (i = 0; i < GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC; i++) check_non_null(gnutls_handshake_description_get_name(i)); - for (i = GNUTLS_PK_UNKNOWN + 1; i <= GNUTLS_PK_MAX; i++) + for (i = GNUTLS_PK_UNKNOWN + 1; i <= GNUTLS_PK_MAX; i++) { +#ifndef HAVE_LIBOQS + if (i == GNUTLS_PK_ML_DSA_44 || i == GNUTLS_PK_ML_DSA_65 || + i == GNUTLS_PK_ML_DSA_87) + continue; +#endif check_unique_non_null(gnutls_pk_algorithm_get_name(i)); + } for (i = GNUTLS_SIGN_UNKNOWN + 1; i <= GNUTLS_SIGN_MAX; i++) { if (i == 19) @@ -111,6 +117,11 @@ void doit(void) i == GNUTLS_SIGN_DSA_SHA3_384 || i == GNUTLS_SIGN_DSA_SHA3_512) continue; +#endif +#ifndef HAVE_LIBOQS + if (i == GNUTLS_SIGN_ML_DSA_44 || i == GNUTLS_SIGN_ML_DSA_65 || + i == GNUTLS_SIGN_ML_DSA_87) + continue; #endif check_unique_non_null(gnutls_sign_algorithm_get_name(i)); } diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c index b92665de87..a70a7f6f11 100644 --- a/tests/privkey-keygen.c +++ b/tests/privkey-keygen.c @@ -132,7 +132,7 @@ static bool is_supported_pk_algo(gnutls_pk_algorithm_t algo) void doit(void) { gnutls_x509_privkey_t pkey, dst; - int ret, algorithm, i; + int ret, i; gnutls_fips140_context_t fips_context; ret = global_init(); @@ -163,40 +163,6 @@ void doit(void) algorithm == GNUTLS_PK_MLKEM768) continue; - if (algorithm == GNUTLS_PK_GOST_01 || - algorithm == GNUTLS_PK_GOST_12_256 || - algorithm == GNUTLS_PK_GOST_12_512) { - /* Skip GOST algorithms: - * - If they are disabled by ./configure option - * - Or in FIPS140 mode - */ -#ifdef ENABLE_GOST - if (gnutls_fips140_mode_enabled()) - continue; -#else - continue; -#endif - } -#ifndef HAVE_LIBOQS - if (algorithm == GNUTLS_PK_EXP_ML_DSA_44_IPD || - algorithm == GNUTLS_PK_EXP_ML_DSA_65_IPD || - algorithm == GNUTLS_PK_EXP_ML_DSA_87_IPD || - algorithm == GNUTLS_PK_EXP_FALCON512 || - algorithm == GNUTLS_PK_EXP_FALCON1024 || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_128F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_128S || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_192F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_192S || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_256F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_256S || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_128F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_128S || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_192F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_192S || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_256F || - algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_256S) - continue; -#endif ret = gnutls_x509_privkey_init(&pkey); if (ret < 0) { fail("gnutls_x509_privkey_init: %d\n", ret); @@ -209,22 +175,23 @@ void doit(void) FIPS_PUSH_CONTEXT(); ret = gnutls_x509_privkey_generate( - pkey, algorithm, - gnutls_sec_param_to_pk_bits(algorithm, + pkey, *algorithm, + gnutls_sec_param_to_pk_bits(*algorithm, sec_param[i]), 0); if (ret < 0) { fail("gnutls_x509_privkey_generate (%s-%d): %s (%d)\n", - gnutls_pk_algorithm_get_name(algorithm), - gnutls_sec_param_to_pk_bits(algorithm, + gnutls_pk_algorithm_get_name(*algorithm), + gnutls_sec_param_to_pk_bits(*algorithm, sec_param[i]), gnutls_strerror(ret), ret); } else if (debug) { success("Key[%s] generation ok: %d\n", - gnutls_pk_algorithm_get_name(algorithm), + gnutls_pk_algorithm_get_name( + *algorithm), ret); } - if (is_approved_pk_algo(algorithm)) { + if (is_approved_pk_algo(*algorithm)) { FIPS_POP_CONTEXT(APPROVED); } else { FIPS_POP_CONTEXT(NOT_APPROVED); @@ -233,7 +200,7 @@ void doit(void) ret = gnutls_x509_privkey_verify_params(pkey); if (ret < 0) { fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", - gnutls_pk_algorithm_get_name(algorithm), + gnutls_pk_algorithm_get_name(*algorithm), gnutls_strerror(ret), ret); } @@ -241,33 +208,33 @@ void doit(void) ret = gnutls_x509_privkey_cpy(dst, pkey); if (ret < 0) { fail("gnutls_x509_privkey_cpy (%s): %s (%d)\n", - gnutls_pk_algorithm_get_name(algorithm), + gnutls_pk_algorithm_get_name(*algorithm), gnutls_strerror(ret), ret); } ret = gnutls_x509_privkey_verify_params(pkey); if (ret < 0) { fail("gnutls_x509_privkey_generate after cpy (%s): %s (%d)\n", - gnutls_pk_algorithm_get_name(algorithm), + gnutls_pk_algorithm_get_name(*algorithm), gnutls_strerror(ret), ret); } /* RSA-OAEP doesn't support signing */ - if (algorithm == GNUTLS_PK_RSA_OAEP) { + if (*algorithm == GNUTLS_PK_RSA_OAEP) { goto end; } FIPS_PUSH_CONTEXT(); - sign_verify_data(algorithm, pkey); - if (is_approved_pk_algo(algorithm)) { + sign_verify_data(*algorithm, pkey); + if (is_approved_pk_algo(*algorithm)) { FIPS_POP_CONTEXT(APPROVED); } else { FIPS_POP_CONTEXT(NOT_APPROVED); } FIPS_PUSH_CONTEXT(); - sign_verify_data(algorithm, dst); - if (is_approved_pk_algo(algorithm)) { + sign_verify_data(*algorithm, dst); + if (is_approved_pk_algo(*algorithm)) { FIPS_POP_CONTEXT(APPROVED); } else { FIPS_POP_CONTEXT(NOT_APPROVED); @@ -277,8 +244,8 @@ void doit(void) gnutls_x509_privkey_deinit(pkey); gnutls_x509_privkey_deinit(dst); success("Generated key with %s-%d\n", - gnutls_pk_algorithm_get_name(algorithm), - gnutls_sec_param_to_pk_bits(algorithm, + gnutls_pk_algorithm_get_name(*algorithm), + gnutls_sec_param_to_pk_bits(*algorithm, sec_param[i])); } }