#define IS_ML_DSA(x) \
(((x) == GNUTLS_PK_ML_DSA_44) || ((x) == GNUTLS_PK_ML_DSA_65) || \
((x) == GNUTLS_PK_ML_DSA_87))
-
-#define IS_FALCON(x) \
- (((x) == GNUTLS_PK_EXP_FALCON512) || ((x) == GNUTLS_PK_EXP_FALCON1024))
#endif
#define SIG_SEM_PRE_TLS12 (1 << 1)
.id = GNUTLS_PK_ML_DSA_87,
.curve = GNUTLS_ECC_CURVE_INVALID,
.no_prehashed = 1 },
- { .name = "Falcon512",
- .oid = FALCON512_OID,
- .id = GNUTLS_PK_EXP_FALCON512,
- .curve = GNUTLS_ECC_CURVE_INVALID,
- .no_prehashed = 1 },
- { .name = "Falcon1024",
- .oid = FALCON1024_OID,
- .id = GNUTLS_PK_EXP_FALCON1024,
- .curve = GNUTLS_ECC_CURVE_INVALID,
- .no_prehashed = 1 },
- { .name = "Falcon512",
- .oid = FALCON512_OID,
- .id = GNUTLS_PK_EXP_FALCON512,
- .curve = GNUTLS_ECC_CURVE_INVALID,
- .no_prehashed = 1 },
- { .name = "Falcon1024",
- .oid = FALCON1024_OID,
- .id = GNUTLS_PK_EXP_FALCON1024,
- .curve = GNUTLS_ECC_CURVE_INVALID,
- .no_prehashed = 1 },
#endif
{ .name = "UNKNOWN",
.oid = NULL,
unsigned int ecc_bits; /* bits for ECC keys */
#ifdef HAVE_LIBOQS
unsigned int ml_dsa_bits;
- unsigned int falcon_bits;
#endif
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
{ "Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
{ "Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 84, 0,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
{ "Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 128, 0,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
{ "Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1008, 160, 160,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
#ifdef ENABLE_FIPS140
{ "Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
- { "Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1024, 1024, 192, 192,
+ {
+ "Legacy",
+ GNUTLS_SEC_PARAM_LEGACY,
+ 96,
+ 1024,
+ 1024,
+ 192,
+ 192,
#ifdef HAVE_LIBOQS
- 0, OQS_SIG_falcon_512_length_public_key
+ 0,
#endif
},
{ "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 224, 224,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_44_length_public_key, 0
+ OQS_SIG_ml_dsa_44_length_public_key
#endif
},
{ "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
#else
{ "Low", GNUTLS_SEC_PARAM_LOW, 80, 1024, 1024, 160, 160,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
}, /* ENISA-LEGACY */
{ "Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192,
#ifdef HAVE_LIBOQS
- 0, OQS_SIG_falcon_512_length_public_key
+ 0
#endif
},
{ "Medium", GNUTLS_SEC_PARAM_MEDIUM, 112, 2048, 2048, 256, 224,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_44_length_public_key, 0
+ OQS_SIG_ml_dsa_44_length_public_key
#endif
},
{ "High", GNUTLS_SEC_PARAM_HIGH, 128, 3072, 3072, 256, 256,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
},
#endif
{ "Ultra", GNUTLS_SEC_PARAM_ULTRA, 192, 8192, 8192, 384, 384,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_65_length_public_key, 0
+ OQS_SIG_ml_dsa_65_length_public_key
#endif
},
{ "Future", GNUTLS_SEC_PARAM_FUTURE, 256, 15360, 15360, 512, 512,
#ifdef HAVE_LIBOQS
- OQS_SIG_ml_dsa_87_length_public_key,
- OQS_SIG_falcon_1024_length_public_key
+ OQS_SIG_ml_dsa_87_length_public_key
#endif
},
{ NULL, 0, 0, 0, 0, 0, 0,
#ifdef HAVE_LIBOQS
- 0, 0
+ 0
#endif
}
};
#ifdef HAVE_LIBOQS
else if (IS_ML_DSA(algo))
ret = p->ml_dsa_bits;
- else if (IS_FALCON(algo))
- ret = p->falcon_bits;
#endif
else
ret = p->pk_bits;
break;
ret = p->sec_param;
}
- } else if (IS_FALCON(algo)) {
- for (p = sec_params; p->name; p++) {
- if (p->falcon_bits > bits)
- break;
- ret = p->sec_param;
- }
#endif
} else {
for (p = sec_params; p->name; p++) {
.pk = GNUTLS_PK_ML_DSA_87,
.hash = GNUTLS_DIG_SHAKE_256,
.aid = TLS_SIGN_AID_UNKNOWN },
- { .name = "Falcon512",
- .oid = FALCON512_OID,
- .id = GNUTLS_SIGN_EXP_FALCON512,
- .pk = GNUTLS_PK_EXP_FALCON512,
- .hash = GNUTLS_DIG_SHAKE_256,
- .aid = TLS_SIGN_AID_UNKNOWN },
- { .name = "Falcon1024",
- .oid = FALCON1024_OID,
- .id = GNUTLS_SIGN_EXP_FALCON1024,
- .pk = GNUTLS_PK_EXP_FALCON1024,
- .hash = GNUTLS_DIG_SHAKE_256,
- .aid = TLS_SIGN_AID_UNKNOWN },
#endif
{ .name = 0,
.oid = 0,
#define GOST_PRIVATE_PARAMS 3
#ifdef HAVE_LIBOQS
#define ML_DSA_PRIVATE_PARAMS 4
-#define FALCON_PRIVATE_PARAMS 4
#endif
#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
privateKey OCTET STRING,
publicKey [1] OCTET STRING OPTIONAL
}
-
-FalconPrivateKey ::= SEQUENCE {
- version INTEGER,
- privateKeyAlgorithm AlgorithmIdentifier,
- privateKey OCTET STRING,
- publicKey [1] OCTET STRING OPTIONAL
-}
END
GNUTLS_PK_MAX = GNUTLS_PK_ML_DSA_87,
/* Experimental algorithms */
- GNUTLS_PK_EXP_MIN = 256,
- GNUTLS_PK_EXP_KYBER768 = 257,
- GNUTLS_PK_EXP_FALCON512 = 258,
- GNUTLS_PK_EXP_FALCON1024 = 259,
- GNUTLS_PK_EXP_MAX = GNUTLS_PK_EXP_FALCON1024
+ GNUTLS_PK_EXP_KYBER768 = 256,
+ GNUTLS_PK_EXP_MAX = GNUTLS_PK_EXP_KYBER768
} gnutls_pk_algorithm_t;
const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm);
GNUTLS_SIGN_ML_DSA_44 = 47,
GNUTLS_SIGN_ML_DSA_65 = 48,
GNUTLS_SIGN_ML_DSA_87 = 49,
- GNUTLS_SIGN_MAX = GNUTLS_SIGN_ML_DSA_87,
-
- GNUTLS_SIGN_EXP_MIN = 256,
- GNUTLS_SIGN_EXP_FALCON512 = 257,
- GNUTLS_SIGN_EXP_FALCON1024 = 258,
- GNUTLS_SIGN_EXP_MAX = GNUTLS_SIGN_EXP_FALCON1024,
+ GNUTLS_SIGN_MAX = GNUTLS_SIGN_ML_DSA_87
} gnutls_sign_algorithm_t;
/**
return OQS_SIG_alg_ml_dsa_65;
case GNUTLS_PK_ML_DSA_87:
return OQS_SIG_alg_ml_dsa_87;
- case GNUTLS_PK_EXP_FALCON512:
- return OQS_SIG_alg_falcon_512;
- case GNUTLS_PK_EXP_FALCON1024:
- return OQS_SIG_alg_falcon_1024;
default:
gnutls_assert();
return NULL;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
- case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024: {
+ case GNUTLS_PK_ML_DSA_87: {
OQS_SIG *sig;
OQS_STATUS rc;
size_t size;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
- case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024: {
+ case GNUTLS_PK_ML_DSA_87: {
OQS_SIG *sig;
OQS_STATUS rc;
return 1;
#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLKEM768:
- case GNUTLS_PK_EXP_KYBER768:
+ case GNUTLS_PK_EXP_KYBER768: {
+ const char *algo_name;
+
+ if (_gnutls_liboqs_ensure() < 0)
+ return 0;
+
+ algo_name = pk_to_liboqs_algo(pk);
+ return algo_name != NULL &&
+ GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name);
+ }
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
- case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024: {
+ case GNUTLS_PK_ML_DSA_87: {
const char *algo_name;
if (_gnutls_liboqs_ensure() < 0)
algo_name = pk_to_liboqs_algo(pk);
return algo_name != NULL &&
- GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name);
+ GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name);
}
#endif
default:
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
break;
default:
gnutls_assert();
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
#ifdef HAVE_LIBOQS
case GNUTLS_PK_MLKEM768:
- case GNUTLS_PK_EXP_KYBER768:
+ case GNUTLS_PK_EXP_KYBER768: {
+ const char *algo_name;
+
+ if (_gnutls_liboqs_ensure() < 0)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+
+ ret = 0;
+ break;
+ }
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
- case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024: {
+ case GNUTLS_PK_ML_DSA_87: {
const char *algo_name;
if (_gnutls_liboqs_ensure() < 0)
algo_name = pk_to_liboqs_algo(algo);
if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
+ !GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name)) {
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ }
ret = 0;
break;
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
#endif
ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data,
priv->raw_pub.size);
{ GNUTLS_PK_ML_DSA_44, OQS_SIG_ml_dsa_44_length_public_key },
{ GNUTLS_PK_ML_DSA_65, OQS_SIG_ml_dsa_65_length_public_key },
{ GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_public_key },
- { GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_public_key },
- { GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_public_key },
{ GNUTLS_PK_UNKNOWN, 0 }
};
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
return pq_pubkey_to_bits(params->algo);
#endif
default:
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
if (hash)
*hash = GNUTLS_DIG_SHAKE_256;
ret = 0;
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
#endif
if (_gnutls_pk_verify(se->pk, data, signature, params,
sign_params) != 0) {
#define GOST28147_89_CPD_OID "1.2.643.2.2.31.4"
#ifdef HAVE_LIBOQS
-#define ML_DSA_44_OID "1.3.6.1.4.1.2.267.12.4.4"
-#define ML_DSA_65_OID "1.3.6.1.4.1.2.267.12.6.5"
-#define ML_DSA_87_OID "1.3.6.1.4.1.2.267.12.8.7"
-
-#define FALCON512_OID "1.3.9999.3.1"
-#define FALCON1024_OID "1.3.9999.3.4"
+#define ML_DSA_44_OID "2.16.840.1.101.3.4.3.17"
+#define ML_DSA_65_OID "2.16.840.1.101.3.4.3.18"
+#define ML_DSA_87_OID "2.16.840.1.101.3.4.3.19"
#endif
#define ASN1_NULL "\x05\x00"
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
ret = _gnutls_set_datum(¶ms->raw_pub, der, dersize);
break;
#endif
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
#endif
return 0;
default:
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
#endif
der->data = NULL;
der->size = 0;
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
return _gnutls_x509_write_pqc_alg_pubkey(params, der);
#endif
default:
return '\x06';
case GNUTLS_PK_ML_DSA_87:
return '\x08';
- case GNUTLS_PK_EXP_FALCON512:
- return '\x01';
- case GNUTLS_PK_EXP_FALCON1024:
- return '\x02';
default:
return '\x00';
}
return GNUTLS_E_SUCCESS;
-cleanup:
- asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE);
-
- return ret;
-}
-
-static int _gnutls_asn1_encode_falcon(asn1_node *c2,
- gnutls_pk_params_st *params)
-{
- int ret;
- const char *oid;
-
- oid = gnutls_pk_get_oid(params->algo);
- if (oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != NULL) {
- asn1_delete_structure(c2);
- *c2 = NULL;
- }
-
- if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.FalconPrivateKey", c2)) !=
- ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
-
- ret = _gnutls_asn1_encode_pqc_alg(
- c2, params, oid, _gnutls_get_pqc_alg_version(params));
- if (ret < 0)
- goto cleanup;
-
- return GNUTLS_E_SUCCESS;
- }
-
cleanup:
asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE);
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
return _gnutls_asn1_encode_ml_dsa(c2, params);
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
- return _gnutls_asn1_encode_falcon(c2, params);
#endif
default:
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#ifdef HAVE_LIBOQS
&& pk_algorithm != GNUTLS_PK_ML_DSA_44 &&
pk_algorithm != GNUTLS_PK_ML_DSA_65 &&
- pk_algorithm != GNUTLS_PK_ML_DSA_87 &&
- pk_algorithm != GNUTLS_PK_EXP_FALCON512 &&
- pk_algorithm != GNUTLS_PK_EXP_FALCON1024
+ pk_algorithm != GNUTLS_PK_ML_DSA_87
#endif
) {
/* RSA, EdDSA and PQ algorithms do not use parameters */
return 0;
-error:
- asn1_delete_structure2(pkey_asn, ASN1_DELETE_FLAG_ZEROIZE);
- gnutls_pk_params_clear(&pkey->params);
- gnutls_pk_params_release(&pkey->params);
- return result;
-}
-
-static const struct pqc_algorithm_version_st falcon_versions[] = {
- { '\x01', GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key,
- OQS_SIG_falcon_512_length_public_key },
- { '\x02', GNUTLS_PK_EXP_FALCON1024,
- OQS_SIG_falcon_1024_length_secret_key,
- OQS_SIG_falcon_1024_length_public_key },
-
- { '\x00', GNUTLS_PK_UNKNOWN, 0, 0 }
-};
-
-static int _gnutls_set_falcon_params(const uint8_t *version,
- gnutls_x509_privkey_t pkey)
-{
- const struct pqc_algorithm_version_st *v = falcon_versions;
- while (v->algorithm != GNUTLS_PK_UNKNOWN && v->version != *version)
- v++;
-
- pkey->params.raw_priv.size = v->secret_key_length;
- pkey->params.raw_pub.size = v->public_key_length;
- pkey->params.params_nr = FALCON_PRIVATE_PARAMS;
- pkey->params.algo = v->algorithm;
-
- if (v->algorithm == GNUTLS_PK_UNKNOWN)
- return GNUTLS_E_UNKNOWN_ALGORITHM;
-
- return 0;
-}
-
-int _gnutls_privkey_decode_falcon_key(asn1_node *pkey_asn,
- const gnutls_datum_t *raw_key,
- gnutls_x509_privkey_t pkey)
-{
- int result;
- uint8_t version;
-
- gnutls_pk_params_init(&pkey->params);
-
- if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.FalconPrivateKey",
- pkey_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_decode_pqc_keys(pkey_asn, raw_key, pkey, &version);
- if (result < 0)
- goto error;
-
- result = _gnutls_set_falcon_params(&version, pkey);
- if (result < 0)
- goto error;
-
- return 0;
-
error:
asn1_delete_structure2(pkey_asn, ASN1_DELETE_FLAG_ZEROIZE);
gnutls_pk_params_clear(&pkey->params);
#define PEM_KEY_ECC "EC PRIVATE KEY"
#ifdef HAVE_LIBOQS
#define PEM_KEY_ML_DSA "ML-DSA PRIVATE KEY"
-#define PEM_KEY_FALCON "FALCON PRIVATE KEY"
#endif
#define PEM_KEY_PKCS8 "PRIVATE KEY"
key->params.algo =
GNUTLS_PK_ML_DSA_44;
}
- } else if (left > sizeof(PEM_KEY_FALCON) &&
- memcmp(ptr, PEM_KEY_FALCON,
- sizeof(PEM_KEY_FALCON) - 1) ==
- 0) {
- result = _gnutls_fbase64_decode(
- PEM_KEY_FALCON, begin_ptr, left,
- &_data);
- if (result >= 0) {
- key->params.algo =
- GNUTLS_PK_EXP_FALCON512;
- }
#endif
}
result = _gnutls_privkey_decode_ml_dsa_key(&key->key, &_data,
key);
- if (result < 0) {
- gnutls_assert();
- key->key = NULL;
- }
- } else if (key->params.algo == GNUTLS_PK_EXP_FALCON512) {
- result = _gnutls_privkey_decode_falcon_key(&key->key, &_data,
- key);
-
if (result < 0) {
gnutls_assert();
key->key = NULL;
memcmp(ptr, PEM_KEY_DSA,
sizeof(PEM_KEY_DSA) - 1) == 0)
#ifdef HAVE_LIBOQS
- ||
- (left > sizeof(PEM_KEY_ML_DSA) &&
- memcmp(ptr, PEM_KEY_ML_DSA,
- sizeof(PEM_KEY_ML_DSA) - 1) == 0) ||
- (left > sizeof(PEM_KEY_FALCON) &&
- memcmp(ptr, PEM_KEY_FALCON,
- sizeof(PEM_KEY_FALCON) - 1) == 0)
+ || (left > sizeof(PEM_KEY_ML_DSA) &&
+ memcmp(ptr, PEM_KEY_ML_DSA,
+ sizeof(PEM_KEY_ML_DSA) - 1) == 0)
#endif
) {
head_enc = 0;
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
return PEM_KEY_ML_DSA;
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
- return PEM_KEY_FALCON;
#endif
default:
return "UNKNOWN";
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
ret = _gnutls_x509_encode_string(
ASN1_ETYPE_OCTET_STRING, pkey->params.raw_priv.data,
pkey->params.raw_priv.size + pkey->params.raw_pub.size,
OQS_SIG_ml_dsa_65_length_public_key },
{ GNUTLS_PK_ML_DSA_87, OQS_SIG_ml_dsa_87_length_secret_key,
OQS_SIG_ml_dsa_87_length_public_key },
- { GNUTLS_PK_EXP_FALCON512, OQS_SIG_falcon_512_length_secret_key,
- OQS_SIG_falcon_512_length_public_key },
- { GNUTLS_PK_EXP_FALCON1024, OQS_SIG_falcon_1024_length_secret_key,
- OQS_SIG_falcon_1024_length_public_key },
{ GNUTLS_PK_UNKNOWN, 0, 0 }
};
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
- case GNUTLS_PK_EXP_FALCON512:
- case GNUTLS_PK_EXP_FALCON1024:
result = _decode_pkcs8_pqc_alg_key(pkcs8_asn, pkey, oid);
break;
#endif
const gnutls_datum_t *raw_key,
gnutls_x509_privkey_t pkey);
-int _gnutls_privkey_decode_falcon_key(asn1_node *pkey_asn,
- const gnutls_datum_t *raw_key,
- gnutls_x509_privkey_t pkey);
-
#endif
int _gnutls_privkey_decode_eddsa_key(asn1_node *pkey_asn,
projects / thirdparty / gnutls.git / commitdiff
