ENUMS += enums/gnutls_openpgp_crt_status_t
ENUMS += enums/gnutls_params_type_t
ENUMS += enums/gnutls_pin_flag_t
+ENUMS += enums/gnutls_pk_algorithm_t
ENUMS += enums/gnutls_pkcs11_obj_flags
ENUMS += enums/gnutls_pkcs11_obj_info_t
ENUMS += enums/gnutls_pkcs11_obj_type_t
ENUMS += enums/gnutls_sec_param_t
ENUMS += enums/gnutls_server_name_type_t
ENUMS += enums/gnutls_session_flags_t
+ENUMS += enums/gnutls_sign_algorithm_t
ENUMS += enums/gnutls_srtp_profile_t
ENUMS += enums/gnutls_supplemental_data_format_type_t
ENUMS += enums/gnutls_tpmkey_fmt_t
(((x) == GNUTLS_PK_MLKEM768) || ((x) == GNUTLS_PK_EXP_KYBER768))
#ifdef HAVE_LIBOQS
-#define IS_ML_DSA(x) \
- (((x) == GNUTLS_PK_EXP_ML_DSA_44_IPD) || \
- ((x) == GNUTLS_PK_EXP_ML_DSA_65_IPD) || \
- ((x) == GNUTLS_PK_EXP_ML_DSA_87_IPD))
+#define IS_ML_DSA(x) \
+ (((x) == GNUTLS_PK_ML_DSA_44) || ((x) == GNUTLS_PK_ML_DSA_65) || \
+ ((x) == GNUTLS_PK_ML_DSA_87))
#define IS_FALCON(x) \
(((x) == GNUTLS_PK_EXP_FALCON512) || ((x) == GNUTLS_PK_EXP_FALCON1024))
.oid = NULL,
.id = GNUTLS_PK_EXP_KYBER768,
.curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "ML-DSA-44-ipd",
- .oid = ML_DSA_44_IPD_OID,
- .id = GNUTLS_PK_EXP_ML_DSA_44_IPD,
+ { .name = "ML-DSA-44",
+ .oid = ML_DSA_44_OID,
+ .id = GNUTLS_PK_ML_DSA_44,
.curve = GNUTLS_ECC_CURVE_INVALID,
.no_prehashed = 1 },
- { .name = "ML-DSA-65-ipd",
- .oid = ML_DSA_65_IPD_OID,
- .id = GNUTLS_PK_EXP_ML_DSA_65_IPD,
+ { .name = "ML-DSA-65",
+ .oid = ML_DSA_65_OID,
+ .id = GNUTLS_PK_ML_DSA_65,
.curve = GNUTLS_ECC_CURVE_INVALID,
.no_prehashed = 1 },
- { .name = "ML-DSA-87-ipd",
- .oid = ML_DSA_87_IPD_OID,
- .id = GNUTLS_PK_EXP_ML_DSA_87_IPD,
+ { .name = "ML-DSA-87",
+ .oid = ML_DSA_87_OID,
+ .id = GNUTLS_PK_ML_DSA_87,
.curve = GNUTLS_ECC_CURVE_INVALID,
.no_prehashed = 1 },
{ .name = "Falcon512",
},
{ "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 224, 224,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_44_ipd_length_public_key, 0, 0
+ OQS_SIG_ml_dsa_44_length_public_key, 0, 0
#endif
},
{ "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
},
{ "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_44_ipd_length_public_key, 0, 0
+ OQS_SIG_ml_dsa_44_length_public_key, 0, 0
#endif
},
{ "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
#endif
{ "Ultra", GNUTLS_SEC_PARAM_ULTRA, 192, 8192, 8192, 384, 384,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_65_ipd_length_public_key, 0, 0
+ OQS_SIG_ml_dsa_65_length_public_key, 0, 0
#endif
},
{ "Future", GNUTLS_SEC_PARAM_FUTURE, 256, 15360, 15360, 512, 512,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_87_ipd_length_public_key,
+ OQS_SIG_ml_dsa_87_length_public_key,
OQS_SIG_falcon_1024_length_public_key,
OQS_SIG_sphincs_sha2_256f_simple_length_public_key
#endif
.hash = GNUTLS_DIG_SHA512,
.aid = TLS_SIGN_AID_UNKNOWN },
#ifdef HAVE_LIBOQS
- { .name = "ML-DSA-44-ipd",
- .oid = ML_DSA_44_IPD_OID,
- .id = GNUTLS_SIGN_EXP_ML_DSA_44_IPD,
- .pk = GNUTLS_PK_EXP_ML_DSA_44_IPD,
+ { .name = "ML-DSA-44",
+ .oid = ML_DSA_44_OID,
+ .id = GNUTLS_SIGN_ML_DSA_44,
+ .pk = GNUTLS_PK_ML_DSA_44,
.hash = GNUTLS_DIG_SHAKE_256,
.aid = TLS_SIGN_AID_UNKNOWN },
- { .name = "ML-DSA-65-ipd",
- .oid = ML_DSA_65_IPD_OID,
- .id = GNUTLS_SIGN_EXP_ML_DSA_65_IPD,
- .pk = GNUTLS_PK_EXP_ML_DSA_65_IPD,
+ { .name = "ML-DSA-65",
+ .oid = ML_DSA_65_OID,
+ .id = GNUTLS_SIGN_ML_DSA_65,
+ .pk = GNUTLS_PK_ML_DSA_65,
.hash = GNUTLS_DIG_SHAKE_256,
.aid = TLS_SIGN_AID_UNKNOWN },
- { .name = "ML-DSA-87-ipd",
- .oid = ML_DSA_87_IPD_OID,
- .id = GNUTLS_SIGN_EXP_ML_DSA_87_IPD,
- .pk = GNUTLS_PK_EXP_ML_DSA_87_IPD,
+ { .name = "ML-DSA-87",
+ .oid = ML_DSA_87_OID,
+ .id = GNUTLS_SIGN_ML_DSA_87,
+ .pk = GNUTLS_PK_ML_DSA_87,
.hash = GNUTLS_DIG_SHAKE_256,
.aid = TLS_SIGN_AID_UNKNOWN },
{ .name = "Falcon512",
GNUTLS_PK_ECDH_X448 = 11,
GNUTLS_PK_EDDSA_ED448 = 12,
GNUTLS_PK_RSA_OAEP = 13,
- GNUTLS_PK_MLKEM768 = 14,
- GNUTLS_PK_MAX = GNUTLS_PK_MLKEM768,
+ GNUTLS_PK_MLKEM768 = 15,
+ GNUTLS_PK_ML_DSA_44 = 16,
+ GNUTLS_PK_ML_DSA_65 = 17,
+ GNUTLS_PK_ML_DSA_87 = 18,
+ GNUTLS_PK_MAX = GNUTLS_PK_ML_DSA_87,
/* Experimental algorithms */
GNUTLS_PK_EXP_MIN = 256,
- GNUTLS_PK_EXP_KYBER768 = GNUTLS_PK_EXP_MIN + 0,
- GNUTLS_PK_EXP_ML_DSA_44_IPD = GNUTLS_PK_EXP_MIN + 1,
- GNUTLS_PK_EXP_ML_DSA_65_IPD = GNUTLS_PK_EXP_MIN + 2,
- GNUTLS_PK_EXP_ML_DSA_87_IPD = GNUTLS_PK_EXP_MIN + 3,
- GNUTLS_PK_EXP_FALCON512 = GNUTLS_PK_EXP_MIN + 4,
- GNUTLS_PK_EXP_FALCON1024 = GNUTLS_PK_EXP_MIN + 5,
- GNUTLS_PK_EXP_SPHINCS_SHA2_128F = GNUTLS_PK_EXP_MIN + 6,
- GNUTLS_PK_EXP_SPHINCS_SHA2_128S = GNUTLS_PK_EXP_MIN + 7,
- GNUTLS_PK_EXP_SPHINCS_SHA2_192F = GNUTLS_PK_EXP_MIN + 8,
- GNUTLS_PK_EXP_SPHINCS_SHA2_192S = GNUTLS_PK_EXP_MIN + 9,
- GNUTLS_PK_EXP_SPHINCS_SHA2_256F = GNUTLS_PK_EXP_MIN + 10,
- GNUTLS_PK_EXP_SPHINCS_SHA2_256S = GNUTLS_PK_EXP_MIN + 11,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_128F = GNUTLS_PK_EXP_MIN + 12,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_128S = GNUTLS_PK_EXP_MIN + 13,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_192F = GNUTLS_PK_EXP_MIN + 14,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_192S = GNUTLS_PK_EXP_MIN + 15,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_256F = GNUTLS_PK_EXP_MIN + 16,
- GNUTLS_PK_EXP_SPHINCS_SHAKE_256S = GNUTLS_PK_EXP_MIN + 17,
+ GNUTLS_PK_EXP_KYBER768 = 257,
+ GNUTLS_PK_EXP_FALCON512 = 258,
+ GNUTLS_PK_EXP_FALCON1024 = 259,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_128F = 260,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_128S = 261,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_192F = 262,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_192S = 263,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_256F = 264,
+ GNUTLS_PK_EXP_SPHINCS_SHA2_256S = 265,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_128F = 266,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_128S = 267,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_192F = 268,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_192S = 269,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_256F = 270,
+ GNUTLS_PK_EXP_SPHINCS_SHAKE_256S = 271,
GNUTLS_PK_EXP_MAX = GNUTLS_PK_EXP_SPHINCS_SHAKE_256S
} gnutls_pk_algorithm_t;
GNUTLS_SIGN_GOST_256 = 44,
GNUTLS_SIGN_GOST_512 = 45,
GNUTLS_SIGN_EDDSA_ED448 = 46,
- GNUTLS_SIGN_MAX = GNUTLS_SIGN_EDDSA_ED448,
+
+ GNUTLS_SIGN_ML_DSA_44 = 47,
+ GNUTLS_SIGN_ML_DSA_65 = 48,
+ GNUTLS_SIGN_ML_DSA_87 = 49,
+ GNUTLS_SIGN_MAX = GNUTLS_SIGN_ML_DSA_87,
GNUTLS_SIGN_EXP_MIN = 256,
- GNUTLS_SIGN_EXP_ML_DSA_44_IPD = GNUTLS_SIGN_EXP_MIN + 0,
- GNUTLS_SIGN_EXP_ML_DSA_65_IPD = GNUTLS_SIGN_EXP_MIN + 1,
- GNUTLS_SIGN_EXP_ML_DSA_87_IPD = GNUTLS_SIGN_EXP_MIN + 2,
- GNUTLS_SIGN_EXP_FALCON512 = GNUTLS_SIGN_EXP_MIN + 3,
- GNUTLS_SIGN_EXP_FALCON1024 = GNUTLS_SIGN_EXP_MIN + 4,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_128F = GNUTLS_SIGN_EXP_MIN + 5,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_128S = GNUTLS_SIGN_EXP_MIN + 6,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_192F = GNUTLS_SIGN_EXP_MIN + 7,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_192S = GNUTLS_SIGN_EXP_MIN + 8,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_256F = GNUTLS_SIGN_EXP_MIN + 9,
- GNUTLS_SIGN_EXP_SPHINCS_SHA2_256S = GNUTLS_SIGN_EXP_MIN + 10,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128F = GNUTLS_SIGN_EXP_MIN + 11,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128S = GNUTLS_SIGN_EXP_MIN + 12,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192F = GNUTLS_SIGN_EXP_MIN + 13,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192S = GNUTLS_SIGN_EXP_MIN + 14,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256F = GNUTLS_SIGN_EXP_MIN + 15,
- GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S = GNUTLS_SIGN_EXP_MIN + 16,
+ GNUTLS_SIGN_EXP_FALCON512 = 257,
+ GNUTLS_SIGN_EXP_FALCON1024 = 258,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_128F = 259,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_128S = 260,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_192F = 261,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_192S = 262,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_256F = 263,
+ GNUTLS_SIGN_EXP_SPHINCS_SHA2_256S = 264,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128F = 265,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_128S = 266,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192F = 267,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_192S = 268,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256F = 269,
+ GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S = 270,
GNUTLS_SIGN_EXP_MAX = GNUTLS_SIGN_EXP_SPHINCS_SHAKE_256S,
} gnutls_sign_algorithm_t;
static inline const char *convert_to_oqs_alg(gnutls_pk_algorithm_t algo)
{
switch (algo) {
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- return OQS_SIG_alg_ml_dsa_44_ipd;
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- return OQS_SIG_alg_ml_dsa_65_ipd;
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
- return OQS_SIG_alg_ml_dsa_87_ipd;
+ case GNUTLS_PK_ML_DSA_44:
+ return OQS_SIG_alg_ml_dsa_44;
+ case GNUTLS_PK_ML_DSA_65:
+ return OQS_SIG_alg_ml_dsa_65;
+ case GNUTLS_PK_ML_DSA_87:
+ return OQS_SIG_alg_ml_dsa_87;
case GNUTLS_PK_EXP_FALCON512:
return OQS_SIG_alg_falcon_512;
case GNUTLS_PK_EXP_FALCON1024:
break;
}
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
break;
}
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
return 1;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLKEM768:
- case GNUTLS_PK_EXP_KYBER768: {
+ case GNUTLS_PK_EXP_KYBER768:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
+ case GNUTLS_PK_EXP_FALCON512:
+ case GNUTLS_PK_EXP_FALCON1024:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_128S:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_192F:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_192S:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_256F:
+ case GNUTLS_PK_EXP_SPHINCS_SHA2_256S:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_128F:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_128S:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_192F:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_192S:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_256F:
+ case GNUTLS_PK_EXP_SPHINCS_SHAKE_256S:
+ {
const char *algo_name;
if (_gnutls_liboqs_ensure() < 0)
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
#endif
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
ret = 0;
break;
}
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
ret = 0;
break;
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
case GNUTLS_PK_ECDH_X25519:
case GNUTLS_PK_ECDH_X448:
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
#include "ecc.h"
#ifdef HAVE_LIBOQS
-#include <oqs/oqs.h>
+#include <dlwrap/oqs.h>
#endif
static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se,
const gnutls_sign_entry_st *se);
#ifdef HAVE_LIBOQS
-struct OQS_alg_pubkey_bits {
+struct pq_algorithm_pubkey_bits_st {
gnutls_pk_algorithm_t algorithm;
int pubkey_bits;
};
-struct OQS_alg_pubkey_bits pqc_pubkey_bits[] = {
- { GNUTLS_PK_EXP_ML_DSA_44_IPD,
- OQS_SIG_ml_dsa_44_ipd_length_public_key },
- { GNUTLS_PK_EXP_ML_DSA_65_IPD,
- OQS_SIG_ml_dsa_65_ipd_length_public_key },
- { GNUTLS_PK_EXP_ML_DSA_87_IPD,
- OQS_SIG_ml_dsa_87_ipd_length_public_key },
+static const struct pq_algorithm_pubkey_bits_st pq_pubkey_bits[] = {
+ { GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_public_key },
+ { GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_public_key },
+ { GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_public_key },
{ GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_public_key },
{ GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_public_key },
{ GNUTLS_PK_EXP_SPHINCS_SHA2_128F,
{ GNUTLS_PK_UNKNOWN, 0 }
};
-static int pqc_pubkey_to_bits(gnutls_pk_algorithm_t algo)
+static int pq_pubkey_to_bits(const gnutls_pk_algorithm_t algo)
{
- struct OQS_alg_pubkey_bits *pubkey_to_bits = pqc_pubkey_bits;
+ const struct pq_algorithm_pubkey_bits_st *pubkey_to_bits =
+ pq_pubkey_bits;
while (pubkey_to_bits->algorithm != algo &&
pubkey_to_bits->algorithm != GNUTLS_PK_UNKNOWN)
pubkey_to_bits++;
case GNUTLS_PK_GOST_12_512:
return gnutls_ecc_curve_get_size(params->curve) * 8;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
case GNUTLS_PK_EXP_SPHINCS_SHAKE_192S:
case GNUTLS_PK_EXP_SPHINCS_SHAKE_256F:
case GNUTLS_PK_EXP_SPHINCS_SHAKE_256S:
- return pqc_pubkey_to_bits(params->algo);
+ return pq_pubkey_to_bits(params->algo);
#endif
default:
return 0;
ret = 0;
break;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHAKE_128F:
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_EDDSA_ED448:
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
#define GOST28147_89_CPD_OID "1.2.643.2.2.31.4"
#ifdef HAVE_LIBOQS
-#define ML_DSA_44_IPD_OID "1.3.6.1.4.1.2.267.12.4.4"
-#define ML_DSA_65_IPD_OID "1.3.6.1.4.1.2.267.12.6.5"
-#define ML_DSA_87_IPD_OID "1.3.6.1.4.1.2.267.12.8.7"
+#define ML_DSA_44_OID "1.3.6.1.4.1.2.267.12.4.4"
+#define ML_DSA_65_OID "1.3.6.1.4.1.2.267.12.6.5"
+#define ML_DSA_87_OID "1.3.6.1.4.1.2.267.12.8.7"
#define FALCON512_OID "1.3.9999.3.1"
#define FALCON1024_OID "1.3.9999.3.4"
}
break;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
case GNUTLS_PK_ECDH_X25519:
case GNUTLS_PK_ECDH_X448:
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
case GNUTLS_PK_GOST_12_512:
return _gnutls_x509_write_gost_pubkey(params, der);
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
static uint8_t _gnutls_get_pqc_alg_version(gnutls_pk_params_st *params)
{
switch (params->algo) {
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
+ case GNUTLS_PK_ML_DSA_44:
return '\x04';
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
+ case GNUTLS_PK_ML_DSA_65:
return '\x06';
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_87:
return '\x08';
case GNUTLS_PK_EXP_FALCON512:
return '\x01';
/* DH keys are only exportable in PKCS#8 format */
return GNUTLS_E_INVALID_REQUEST;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
return _gnutls_asn1_encode_ml_dsa(c2, params);
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
pk_algorithm != GNUTLS_PK_EDDSA_ED448 &&
pk_algorithm != GNUTLS_PK_ECDH_X448
#ifdef HAVE_LIBOQS
- && pk_algorithm != GNUTLS_PK_EXP_ML_DSA_44_IPD &&
- pk_algorithm != GNUTLS_PK_EXP_ML_DSA_65_IPD &&
- pk_algorithm != GNUTLS_PK_EXP_ML_DSA_87_IPD &&
+ && pk_algorithm != GNUTLS_PK_ML_DSA_44 &&
+ pk_algorithm != GNUTLS_PK_ML_DSA_65 &&
+ pk_algorithm != GNUTLS_PK_ML_DSA_87 &&
pk_algorithm != GNUTLS_PK_EXP_FALCON512 &&
pk_algorithm != GNUTLS_PK_EXP_FALCON1024 &&
pk_algorithm != GNUTLS_PK_EXP_SPHINCS_SHA2_128F &&
pk_algorithm != GNUTLS_PK_EXP_SPHINCS_SHAKE_256S
#endif
) {
- /* RSA, EdDSA and PQC algorithms do not use parameters */
+ /* RSA, EdDSA and PQ algorithms do not use parameters */
result = _gnutls_x509_read_value(asn, name, &tmp);
if (pk_algorithm == GNUTLS_PK_RSA_PSS &&
(result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
#include "pin.h"
#ifdef HAVE_LIBOQS
-#include <oqs/oqs.h>
+#include <dlwrap/oqs.h>
#endif
/**
* gnutls_x509_privkey_init:
}
#ifdef HAVE_LIBOQS
-struct PQCAlgorithmVersion {
+struct pqc_algorithm_version_st {
uint8_t version;
gnutls_pk_algorithm_t algorithm;
int secret_key_length;
return GNUTLS_E_SUCCESS;
}
-struct PQCAlgorithmVersion ml_dsa_versions[] = {
- { '\x04', GNUTLS_PK_EXP_ML_DSA_44_IPD,
- OQS_SIG_ml_dsa_44_ipd_length_secret_key,
- OQS_SIG_ml_dsa_44_ipd_length_public_key },
- { '\x06', GNUTLS_PK_EXP_ML_DSA_65_IPD,
- OQS_SIG_ml_dsa_65_ipd_length_secret_key,
- OQS_SIG_ml_dsa_65_ipd_length_public_key },
- { '\x08', GNUTLS_PK_EXP_ML_DSA_87_IPD,
- OQS_SIG_ml_dsa_87_ipd_length_secret_key,
- OQS_SIG_ml_dsa_87_ipd_length_public_key },
+static const struct pqc_algorithm_version_st ml_dsa_versions[] = {
+ { '\x04', GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_secret_key,
+ OQS_SIG_ml_dsa_44_length_public_key },
+ { '\x06', GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_secret_key,
+ OQS_SIG_ml_dsa_65_length_public_key },
+ { '\x08', GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_secret_key,
+ OQS_SIG_ml_dsa_87_length_public_key },
{ '\x00', GNUTLS_PK_UNKNOWN, 0, 0 }
};
static int _gnutls_set_ml_dsa_params(const uint8_t *version,
gnutls_x509_privkey_t pkey)
{
- struct PQCAlgorithmVersion *v = ml_dsa_versions;
+ const struct pqc_algorithm_version_st *v = ml_dsa_versions;
while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version)
v++;
return result;
}
-struct PQCAlgorithmVersion falcon_versions[] = {
+static const struct pqc_algorithm_version_st falcon_versions[] = {
{ '\x01', GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key,
OQS_SIG_falcon_512_length_public_key },
{ '\x02', GNUTLS_PK_EXP_FALCON1024,
static int _gnutls_set_falcon_params(const uint8_t *version,
gnutls_x509_privkey_t pkey)
{
- struct PQCAlgorithmVersion *v = falcon_versions;
+ const struct pqc_algorithm_version_st *v = falcon_versions;
while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version)
v++;
return result;
}
-struct PQCAlgorithmVersion sphincs_versions[] = {
+static const struct pqc_algorithm_version_st sphincs_versions[] = {
{ '\x01', GNUTLS_PK_EXP_SPHINCS_SHA2_128F,
OQS_SIG_sphincs_sha2_128f_simple_length_secret_key,
OQS_SIG_sphincs_sha2_128f_simple_length_public_key },
static int _gnutls_set_sphincs_params(const uint8_t *version,
gnutls_x509_privkey_t pkey)
{
- struct PQCAlgorithmVersion *v = sphincs_versions;
+ const struct pqc_algorithm_version_st *v = sphincs_versions;
while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version)
v++;
&_data);
if (result >= 0) {
key->params.algo =
- GNUTLS_PK_EXP_ML_DSA_44_IPD;
+ GNUTLS_PK_ML_DSA_44;
}
} else if (left > sizeof(PEM_KEY_FALCON) &&
memcmp(ptr, PEM_KEY_FALCON,
key->key = NULL;
}
#ifdef HAVE_LIBOQS
- } else if (key->params.algo == GNUTLS_PK_EXP_ML_DSA_44_IPD) {
+ } else if (key->params.algo == GNUTLS_PK_ML_DSA_44) {
result = _gnutls_privkey_decode_ml_dsa_key(&key->key, &_data,
key);
#ifdef HAVE_LIBOQS
#define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 21
-#define MAX_PEM_KEY_SIZE PEM_KEY_SPHINCS
#else
#define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 15
-#define MAX_PEM_KEY_SIZE PEM_KEY_RSA
#endif
/**
((ptrdiff_t)ptr - (ptrdiff_t)data->data);
}
- if (ptr != NULL && left > sizeof(MAX_PEM_KEY_SIZE)) {
- if (memcmp(ptr, PEM_KEY_RSA,
- sizeof(PEM_KEY_RSA) - 1) == 0 ||
- memcmp(ptr, PEM_KEY_ECC,
- sizeof(PEM_KEY_ECC) - 1) == 0 ||
- memcmp(ptr, PEM_KEY_DSA,
- sizeof(PEM_KEY_DSA) - 1) == 0
+ if (ptr != NULL) {
+ if ((left > sizeof(PEM_KEY_RSA) &&
+ memcmp(ptr, PEM_KEY_RSA,
+ sizeof(PEM_KEY_RSA) - 1) == 0) ||
+ (left > sizeof(PEM_KEY_ECC) &&
+ memcmp(ptr, PEM_KEY_ECC,
+ sizeof(PEM_KEY_ECC) - 1) == 0) ||
+ (left > sizeof(PEM_KEY_DSA) &&
+ memcmp(ptr, PEM_KEY_DSA,
+ sizeof(PEM_KEY_DSA) - 1) == 0)
#ifdef HAVE_LIBOQS
||
- memcmp(ptr, PEM_KEY_ML_DSA,
- sizeof(PEM_KEY_ML_DSA) - 1) == 0 ||
- memcmp(ptr, PEM_KEY_FALCON,
- sizeof(PEM_KEY_FALCON) - 1) == 0 ||
- memcmp(ptr, PEM_KEY_SPHINCS,
- sizeof(PEM_KEY_SPHINCS) - 1) == 0
+ (left > sizeof(PEM_KEY_ML_DSA) &&
+ memcmp(ptr, PEM_KEY_ML_DSA,
+ sizeof(PEM_KEY_ML_DSA) - 1) == 0) ||
+ (left > sizeof(PEM_KEY_FALCON) &&
+ memcmp(ptr, PEM_KEY_FALCON,
+ sizeof(PEM_KEY_FALCON) - 1) == 0) ||
+ (left > sizeof(PEM_KEY_SPHINCS) &&
+ memcmp(ptr, PEM_KEY_SPHINCS,
+ sizeof(PEM_KEY_SPHINCS) - 1) == 0)
#endif
) {
head_enc = 0;
case GNUTLS_PK_EC:
return PEM_KEY_ECC;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
return PEM_KEY_ML_DSA;
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
#include "prov-seed.h"
#ifdef HAVE_LIBOQS
-#include <oqs/oqs.h>
+#include <dlwrap/oqs.h>
#endif
static int _decode_pkcs8_ecc_key(asn1_node pkcs8_asn,
gnutls_assert();
return ret;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
}
#ifdef HAVE_LIBOQS
-struct pqc_key_length_st {
+struct pq_key_length_st {
gnutls_pk_algorithm_t algorithm;
int secret_key_length;
int public_key_length;
};
-struct pqc_key_length_st pqc_key_lengths[] = {
- { GNUTLS_PK_EXP_ML_DSA_44_IPD, OQS_SIG_ml_dsa_44_ipd_length_secret_key,
- OQS_SIG_ml_dsa_44_ipd_length_public_key },
- { GNUTLS_PK_EXP_ML_DSA_65_IPD, OQS_SIG_ml_dsa_65_ipd_length_secret_key,
- OQS_SIG_ml_dsa_65_ipd_length_public_key },
- { GNUTLS_PK_EXP_ML_DSA_87_IPD, OQS_SIG_ml_dsa_87_ipd_length_secret_key,
- OQS_SIG_ml_dsa_87_ipd_length_public_key },
+static const struct pq_key_length_st pq_key_lengths[] = {
+ { GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_secret_key,
+ OQS_SIG_ml_dsa_44_length_public_key },
+ { GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_secret_key,
+ OQS_SIG_ml_dsa_65_length_public_key },
+ { GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_secret_key,
+ OQS_SIG_ml_dsa_87_length_public_key },
{ GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key,
OQS_SIG_falcon_512_length_public_key },
{ GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_secret_key,
{ GNUTLS_PK_UNKNOWN, 0, 0 }
};
-static int _get_pqc_keys_length(gnutls_pk_algorithm_t algo,
+static int _get_pqc_keys_length(const gnutls_pk_algorithm_t algo,
int *pqc_alg_secret_key_length,
int *pqc_alg_public_key_length)
{
- struct pqc_key_length_st *pqc_key_length = pqc_key_lengths;
+ const struct pq_key_length_st *pqc_key_length = pq_key_lengths;
while (pqc_key_length->algorithm != algo &&
pqc_key_length->algorithm != GNUTLS_PK_UNKNOWN)
pqc_key_length++;
pkey->params.algo);
break;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_ML_DSA_44_IPD:
- case GNUTLS_PK_EXP_ML_DSA_65_IPD:
- case GNUTLS_PK_EXP_ML_DSA_87_IPD:
+ case GNUTLS_PK_ML_DSA_44:
+ case GNUTLS_PK_ML_DSA_65:
+ case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_EXP_FALCON512:
case GNUTLS_PK_EXP_FALCON1024:
case GNUTLS_PK_EXP_SPHINCS_SHA2_128F:
for (i = 0; i < GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC; i++)
check_non_null(gnutls_handshake_description_get_name(i));
- for (i = GNUTLS_PK_UNKNOWN + 1; i <= GNUTLS_PK_MAX; i++)
+ for (i = GNUTLS_PK_UNKNOWN + 1; i <= GNUTLS_PK_MAX; i++) {
+#ifndef HAVE_LIBOQS
+ if (i == GNUTLS_PK_ML_DSA_44 || i == GNUTLS_PK_ML_DSA_65 ||
+ i == GNUTLS_PK_ML_DSA_87)
+ continue;
+#endif
check_unique_non_null(gnutls_pk_algorithm_get_name(i));
+ }
for (i = GNUTLS_SIGN_UNKNOWN + 1; i <= GNUTLS_SIGN_MAX; i++) {
if (i == 19)
i == GNUTLS_SIGN_DSA_SHA3_384 ||
i == GNUTLS_SIGN_DSA_SHA3_512)
continue;
+#endif
+#ifndef HAVE_LIBOQS
+ if (i == GNUTLS_SIGN_ML_DSA_44 || i == GNUTLS_SIGN_ML_DSA_65 ||
+ i == GNUTLS_SIGN_ML_DSA_87)
+ continue;
#endif
check_unique_non_null(gnutls_sign_algorithm_get_name(i));
}
void doit(void)
{
gnutls_x509_privkey_t pkey, dst;
- int ret, algorithm, i;
+ int ret, i;
gnutls_fips140_context_t fips_context;
ret = global_init();
algorithm == GNUTLS_PK_MLKEM768)
continue;
- if (algorithm == GNUTLS_PK_GOST_01 ||
- algorithm == GNUTLS_PK_GOST_12_256 ||
- algorithm == GNUTLS_PK_GOST_12_512) {
- /* Skip GOST algorithms:
- * - If they are disabled by ./configure option
- * - Or in FIPS140 mode
- */
-#ifdef ENABLE_GOST
- if (gnutls_fips140_mode_enabled())
- continue;
-#else
- continue;
-#endif
- }
-#ifndef HAVE_LIBOQS
- if (algorithm == GNUTLS_PK_EXP_ML_DSA_44_IPD ||
- algorithm == GNUTLS_PK_EXP_ML_DSA_65_IPD ||
- algorithm == GNUTLS_PK_EXP_ML_DSA_87_IPD ||
- algorithm == GNUTLS_PK_EXP_FALCON512 ||
- algorithm == GNUTLS_PK_EXP_FALCON1024 ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_128F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_128S ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_192F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_192S ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_256F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHA2_256S ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_128F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_128S ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_192F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_192S ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_256F ||
- algorithm == GNUTLS_PK_EXP_SPHINCS_SHAKE_256S)
- continue;
-#endif
ret = gnutls_x509_privkey_init(&pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_init: %d\n", ret);
FIPS_PUSH_CONTEXT();
ret = gnutls_x509_privkey_generate(
- pkey, algorithm,
- gnutls_sec_param_to_pk_bits(algorithm,
+ pkey, *algorithm,
+ gnutls_sec_param_to_pk_bits(*algorithm,
sec_param[i]),
0);
if (ret < 0) {
fail("gnutls_x509_privkey_generate (%s-%d): %s (%d)\n",
- gnutls_pk_algorithm_get_name(algorithm),
- gnutls_sec_param_to_pk_bits(algorithm,
+ gnutls_pk_algorithm_get_name(*algorithm),
+ gnutls_sec_param_to_pk_bits(*algorithm,
sec_param[i]),
gnutls_strerror(ret), ret);
} else if (debug) {
success("Key[%s] generation ok: %d\n",
- gnutls_pk_algorithm_get_name(algorithm),
+ gnutls_pk_algorithm_get_name(
+ *algorithm),
ret);
}
- if (is_approved_pk_algo(algorithm)) {
+ if (is_approved_pk_algo(*algorithm)) {
FIPS_POP_CONTEXT(APPROVED);
} else {
FIPS_POP_CONTEXT(NOT_APPROVED);
ret = gnutls_x509_privkey_verify_params(pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_generate (%s): %s (%d)\n",
- gnutls_pk_algorithm_get_name(algorithm),
+ gnutls_pk_algorithm_get_name(*algorithm),
gnutls_strerror(ret), ret);
}
ret = gnutls_x509_privkey_cpy(dst, pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_cpy (%s): %s (%d)\n",
- gnutls_pk_algorithm_get_name(algorithm),
+ gnutls_pk_algorithm_get_name(*algorithm),
gnutls_strerror(ret), ret);
}
ret = gnutls_x509_privkey_verify_params(pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_generate after cpy (%s): %s (%d)\n",
- gnutls_pk_algorithm_get_name(algorithm),
+ gnutls_pk_algorithm_get_name(*algorithm),
gnutls_strerror(ret), ret);
}
/* RSA-OAEP doesn't support signing */
- if (algorithm == GNUTLS_PK_RSA_OAEP) {
+ if (*algorithm == GNUTLS_PK_RSA_OAEP) {
goto end;
}
FIPS_PUSH_CONTEXT();
- sign_verify_data(algorithm, pkey);
- if (is_approved_pk_algo(algorithm)) {
+ sign_verify_data(*algorithm, pkey);
+ if (is_approved_pk_algo(*algorithm)) {
FIPS_POP_CONTEXT(APPROVED);
} else {
FIPS_POP_CONTEXT(NOT_APPROVED);
}
FIPS_PUSH_CONTEXT();
- sign_verify_data(algorithm, dst);
- if (is_approved_pk_algo(algorithm)) {
+ sign_verify_data(*algorithm, dst);
+ if (is_approved_pk_algo(*algorithm)) {
FIPS_POP_CONTEXT(APPROVED);
} else {
FIPS_POP_CONTEXT(NOT_APPROVED);
gnutls_x509_privkey_deinit(pkey);
gnutls_x509_privkey_deinit(dst);
success("Generated key with %s-%d\n",
- gnutls_pk_algorithm_get_name(algorithm),
- gnutls_sec_param_to_pk_bits(algorithm,
+ gnutls_pk_algorithm_get_name(*algorithm),
+ gnutls_sec_param_to_pk_bits(*algorithm,
sec_param[i]));
}
}
projects / thirdparty / gnutls.git / commitdiff
