#include "ecc.h"
#include "pin.h"
-#ifdef HAVE_LIBOQS
-#include <dlwrap/oqs.h>
-#endif
/**
* gnutls_x509_privkey_init:
* @key: A pointer to the type to be initialized
#define PEM_KEY_DSA "DSA PRIVATE KEY"
#define PEM_KEY_RSA "RSA PRIVATE KEY"
#define PEM_KEY_ECC "EC PRIVATE KEY"
-#ifdef HAVE_LIBOQS
#define PEM_KEY_ML_DSA "ML-DSA PRIVATE KEY"
-#endif
#define PEM_KEY_PKCS8 "PRIVATE KEY"
#define MAX_PEM_HEADER_SIZE 25
if (result >= 0)
key->params.algo =
GNUTLS_PK_DSA;
-#ifdef HAVE_LIBOQS
} else if (left > sizeof(PEM_KEY_ML_DSA) &&
memcmp(ptr, PEM_KEY_ML_DSA,
sizeof(PEM_KEY_ML_DSA) - 1) ==
key->params.algo =
GNUTLS_PK_MLDSA44;
}
-#endif
}
if (key->params.algo == GNUTLS_PK_UNKNOWN &&
return ret;
}
-#ifdef HAVE_LIBOQS
#define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 21
-#else
-#define MAX_ALGORITHM_NAME_SIZE_IN_PEM_HEADER 15
-#endif
/**
* gnutls_x509_privkey_import2:
sizeof(PEM_KEY_ECC) - 1) == 0) ||
(left > sizeof(PEM_KEY_DSA) &&
memcmp(ptr, PEM_KEY_DSA,
- sizeof(PEM_KEY_DSA) - 1) == 0)
-#ifdef HAVE_LIBOQS
- || (left > sizeof(PEM_KEY_ML_DSA) &&
- memcmp(ptr, PEM_KEY_ML_DSA,
- sizeof(PEM_KEY_ML_DSA) - 1) == 0)
-#endif
- ) {
+ sizeof(PEM_KEY_DSA) - 1) == 0) ||
+ (left > sizeof(PEM_KEY_ML_DSA) &&
+ memcmp(ptr, PEM_KEY_ML_DSA,
+ sizeof(PEM_KEY_ML_DSA) - 1) == 0)) {
head_enc = 0;
}
}
return PEM_KEY_DSA;
case GNUTLS_PK_EC:
return PEM_KEY_ECC;
-#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
case GNUTLS_PK_MLDSA87:
return PEM_KEY_ML_DSA;
-#endif
default:
return "UNKNOWN";
}
#include "attributes.h"
#include "prov-seed.h"
-#ifdef HAVE_LIBOQS
-#include <dlwrap/oqs.h>
-#endif
-
static int _decode_pkcs8_ecc_key(asn1_node pkcs8_asn,
gnutls_x509_privkey_t pkey);
static int pkcs8_key_info(const gnutls_datum_t *raw_key,
if (ret < 0)
gnutls_assert();
return ret;
-#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
case GNUTLS_PK_MLDSA87:
if (ret < 0)
gnutls_assert();
return ret;
-#endif
case GNUTLS_PK_GOST_01:
case GNUTLS_PK_GOST_12_256:
return ret;
}
-#ifdef HAVE_LIBOQS
-struct pq_key_length_st {
- gnutls_pk_algorithm_t algorithm;
- int secret_key_length;
- int public_key_length;
-};
-
-static const struct pq_key_length_st pq_key_lengths[] = {
- { GNUTLS_PK_MLDSA44, OQS_SIG_ml_dsa_44_length_secret_key,
- OQS_SIG_ml_dsa_44_length_public_key },
- { GNUTLS_PK_MLDSA65, OQS_SIG_ml_dsa_65_length_secret_key,
- OQS_SIG_ml_dsa_65_length_public_key },
- { GNUTLS_PK_MLDSA87, OQS_SIG_ml_dsa_87_length_secret_key,
- OQS_SIG_ml_dsa_87_length_public_key },
-
- { GNUTLS_PK_UNKNOWN, 0, 0 }
-};
-
-static int _get_pqc_keys_length(const gnutls_pk_algorithm_t algo,
- int *pqc_alg_secret_key_length,
- int *pqc_alg_public_key_length)
-{
- const struct pq_key_length_st *pqc_key_length = pq_key_lengths;
- while (pqc_key_length->algorithm != algo &&
- pqc_key_length->algorithm != GNUTLS_PK_UNKNOWN)
- pqc_key_length++;
-
- if (pqc_key_length->algorithm == GNUTLS_PK_UNKNOWN)
- return GNUTLS_E_UNKNOWN_ALGORITHM;
-
- *pqc_alg_secret_key_length = pqc_key_length->secret_key_length;
- *pqc_alg_public_key_length = pqc_key_length->public_key_length;
-
- return 0;
-}
-
-static int _decode_pkcs8_pqc_alg_key(asn1_node pkcs8_asn,
- gnutls_x509_privkey_t pkey,
- const char *oid)
+static int _decode_pkcs8_ml_dsa_key(asn1_node pkcs8_asn,
+ gnutls_x509_privkey_t pkey,
+ gnutls_pk_algorithm_t algo)
{
int ret;
- gnutls_datum_t private_key;
- gnutls_pk_algorithm_t algo = pkey->params.algo;
- int pqc_alg_secret_key_length;
- int pqc_alg_public_key_length;
-
- ret = _get_pqc_keys_length(pkey->params.algo,
- &pqc_alg_secret_key_length,
- &pqc_alg_public_key_length);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ size_t raw_pub_size, raw_priv_size;
+
+ switch (algo) {
+ case GNUTLS_PK_MLDSA44:
+ raw_priv_size = MLDSA44_PRIVKEY_SIZE;
+ raw_pub_size = MLDSA44_PUBKEY_SIZE;
+ break;
+ case GNUTLS_PK_MLDSA65:
+ raw_priv_size = MLDSA65_PRIVKEY_SIZE;
+ raw_pub_size = MLDSA65_PUBKEY_SIZE;
+ break;
+ case GNUTLS_PK_MLDSA87:
+ raw_priv_size = MLDSA87_PRIVKEY_SIZE;
+ raw_pub_size = MLDSA87_PUBKEY_SIZE;
+ break;
+ default:
+ return gnutls_assert_val(
+ GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
/* TODO: support OneAsymmetricKey to read public key from a
*/
gnutls_pk_params_init(&pkey->params);
+ pkey->params.algo = algo;
- ret = _gnutls_x509_read_string(pkcs8_asn, "privateKey", &private_key,
+ ret = _gnutls_x509_read_string(pkcs8_asn, "privateKey",
+ &pkey->params.raw_priv,
ASN1_ETYPE_OCTET_STRING, 1);
if (ret < 0) {
gnutls_assert();
goto error;
}
- pkey->params.algo = algo;
- pkey->params.raw_priv.data = private_key.data;
- pkey->params.raw_priv.size = pqc_alg_secret_key_length;
+ if (pkey->params.raw_priv.size != raw_priv_size + raw_pub_size) {
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ goto error;
+ }
- pkey->params.raw_pub.data = gnutls_malloc(pqc_alg_public_key_length);
- memcpy(pkey->params.raw_pub.data,
- &private_key.data[pqc_alg_secret_key_length],
- pqc_alg_public_key_length);
- pkey->params.raw_pub.size = pqc_alg_public_key_length;
+ ret = _gnutls_set_datum(&pkey->params.raw_pub,
+ &pkey->params.raw_priv.data[raw_priv_size],
+ raw_pub_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
- private_key.data = NULL;
+ pkey->params.raw_priv.size = raw_priv_size;
return GNUTLS_E_SUCCESS;
error:
- gnutls_free(pkey->params.raw_priv.data);
gnutls_pk_params_clear(&pkey->params);
gnutls_pk_params_release(&pkey->params);
return ret;
}
-#endif
static int decode_private_key_info(const gnutls_datum_t *der,
gnutls_x509_privkey_t pkey)
result = _decode_pkcs8_gost_key(pkcs8_asn, pkey,
pkey->params.algo);
break;
-#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
case GNUTLS_PK_MLDSA87:
- result = _decode_pkcs8_pqc_alg_key(pkcs8_asn, pkey, oid);
+ result = _decode_pkcs8_ml_dsa_key(pkcs8_asn, pkey,
+ pkey->params.algo);
break;
-#endif
default:
result = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
goto error;
projects / thirdparty / gnutls.git / commitdiff
