lib/libgnutlsxx.la
lib/Makefile
lib/Makefile.in
-lib/liboqs/libcrypto.la
lib/minitasn1/libminitasn1.la
lib/minitasn1/Makefile
lib/minitasn1/Makefile.in
--disable-non-suiteb-curves
--with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config
--with-default-trust-store-pkcs11='pkcs11:'
- --without-tpm --with-tpm2 --enable-ktls --with-liboqs
+ --without-tpm --with-tpm2 --enable-ktls
--htmldir=/usr/share/doc/manual
--with-unbound-root-key-file=/var/lib/unbound/root.key
--enable-libdane --disable-rpath
- gnutls-prev-abi.tmp/
- compat_reports/
-fedora-no-liboqs/test:
- extends:
- - .test
- - .fedora
- dependencies:
- - fedora/build
- needs:
- - fedora/build
- script:
- - |
- cat > /etc/crypto-policies/local.d/gnutls-ktls.config <<EOF
- [global]
- ktls = true
- EOF
- update-crypto-policies
- echo "SYSTEM=NORMAL" >> tests/system.prio
- - dnf remove -y liboqs
- - make -j$CHECKJOBS check
-
fedora-cross/bootstrap:
extends:
- .bootstrap
Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
See the end for copying conditions.
+* Version 3.8.10 (unreleased)
+
+** libgnutls: liboqs support for PQC has been removed
+ For maintenance purposes, support for post-quantum cryptography
+ (PQC) is now only provided through leancrypto. The experimental key
+ exchange algorithm, X25519Kyber768Draft00, which is based on the
+ round 3 candidate of Kyber and only supported through liboqs has
+ also been removed altogether.
+
* Version 3.8.9 (released 2025-02-07)
** libgnutls: leancrypto was added as an interim option for PQC
.PHONY: config glimport
-INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./config.h -e ^./devel/ -e ^./gnulib -e ^./lib/minitasn1/ -e ^./lib/includes/gnutls/gnutls.h -e ^./lib/nettle/backport/ -e ^./lib/priority_options.h -e ^./lib/unistring/ -e ^./lib/x509/supported_exts.h -e ^./lib/build-aux/ -e ^./lib/dlwrap/ -e ^./lib/liboqs/backport/ -e ^./gl/ -e ^./src/gl/ -e ^./src/.*-options.[ch] -e -args.[ch] -e asn1_tab.c -e ^./tests/suite/`
+INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./config.h -e ^./devel/ -e ^./gnulib -e ^./lib/minitasn1/ -e ^./lib/includes/gnutls/gnutls.h -e ^./lib/nettle/backport/ -e ^./lib/priority_options.h -e ^./lib/unistring/ -e ^./lib/x509/supported_exts.h -e ^./lib/build-aux/ -e ^./lib/dlwrap/ -e ^./gl/ -e ^./src/gl/ -e ^./src/.*-options.[ch] -e -args.[ch] -e asn1_tab.c -e ^./tests/suite/`
ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
.DEFAULT_GOAL := bootstrap
fi
])
-AC_ARG_WITH(liboqs,
- [AS_HELP_STRING([--with-liboqs=yes/link/dlopen --with-liboqs],
- [customize/enable liboqs support])],
- ac_liboqs=$withval, ac_liboqs=no)
-
-AS_IF([test "$ac_leancrypto" != no && test "$ac_liboqs" != no],
- [AC_MSG_ERROR([--with-leancrypto and --with-liboqs are mutually exclusive])])
-
-AS_CASE([$ac_liboqs],
- [yes],
- [AM_COND_IF([ENABLE_DLOPEN], [ac_liboqs=dlopen], [ac_liboqs=link])],
- [dlopen],
- [AM_COND_IF([ENABLE_DLOPEN], [:],[AC_MSG_ERROR([[
-***
-*** Unable to dlopen LIBOQS, try --with-liboqs.
-*** ]])])],
- [link], [:],
- [no], [:],
- [AC_MSG_ERROR([[Unknown argument ${ac_liboqs} for --with-liboqs]])])
-
-m4_define([min_liboqs_version_major], [0])
-m4_define([min_liboqs_version_minor], [11])
-m4_define([min_liboqs_version_micro], [0])
-
-AS_IF([test x$ac_liboqs != xno],
- [PKG_CHECK_MODULES([LIBOQS],[liboqs >= min_liboqs_version_major.min_liboqs_version_minor.min_liboqs_version_micro],
- [AC_DEFINE([HAVE_LIBOQS], 1, [Have liboqs])
- AC_DEFINE([MIN_LIBOQS_VERSION_MAJOR], min_liboqs_version_major, [Major version of liboqs required])
- AC_DEFINE([MIN_LIBOQS_VERSION_MINOR], min_liboqs_version_minor, [Minor version of liboqs required])
- AC_DEFINE([MIN_LIBOQS_VERSION_MICRO], min_liboqs_version_micro, [Micro version of liboqs required])
- need_ltlibdl=yes],
- [AC_MSG_ERROR([liboqs support was requested but the required libraries were not found.])])])
-
-AM_CONDITIONAL(ENABLE_LIBOQS, test "$ac_liboqs" != "no")
-AM_CONDITIONAL([LIBOQS_ENABLE_DLOPEN], [test "$ac_liboqs" = dlopen])
-
-AS_IF([test "$ac_liboqs" = dlopen], [
- save_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS $LIBOQS_CFLAGS"
- save_LIBS=$LIBS
- LIBS="$LIBS $LIBOQS_LIBS"
- LIBGNUTLS_CHECK_SONAME([oqs], [AC_LANG_PROGRAM([
- #include <oqs/oqs.h>],[
- OQS_version ();])])
- CFLAGS="$save_CFLAGS"
- LIBS="$save_LIBS"
-],
- [test "$ac_liboqs" = link], [
- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
- GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs"
- else
- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs"
- fi
-])
-
AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes)
# export for use in scripts
lib/gnutls.pc
lib/includes/Makefile
lib/includes/gnutls/gnutls.h
- lib/liboqs/Makefile
lib/minitasn1/Makefile
lib/nettle/Makefile
lib/x509/Makefile
+++ /dev/null
-OQS_SHA2_set_callbacks
-OQS_SHA3_set_callbacks
-OQS_SHA3_x4_set_callbacks
-OQS_init
-OQS_destroy
-OQS_KEM_alg_is_enabled
-OQS_KEM_new
-OQS_KEM_encaps
-OQS_KEM_decaps
-OQS_KEM_keypair
-OQS_KEM_free
-OQS_randombytes_custom_algorithm
-OQS_version
-OQS_SIG_new
-OQS_SIG_alg_is_enabled
-OQS_SIG_keypair
-OQS_SIG_sign
-OQS_SIG_verify
-OQS_SIG_free
"$DLWRAP" --input /usr/include/brotli/decode.h -o "$DST" --symbol-file "$SRC/brotlidec.syms" --license-file "$SRC/brotli.license" --soname BROTLIDEC_LIBRARY_SONAME_UNUSED --prefix gnutls_brotlidec --loader-basename brotlidec --header-guard GNUTLS_LIB_DLWRAP_BROTLIDEC_H_ --include "<brotli/decode.h>"
-echo "Generating $DST/oqs.h"
-
-"$DLWRAP" --input /usr/include/oqs/oqs.h -o "$DST" --symbol-file "$SRC/oqs.syms" --license "SPDX-License-Identifier: MIT" --soname OQS_LIBRARY_SONAME_UNUSED --prefix gnutls_oqs --header-guard GNUTLS_LIB_DLWRAP_OQS_H_ --include "<oqs/oqs.h>"
-
echo "Generating $DST/tss2_esys.h"
"$DLWRAP" --input /usr/include/tss2/tss2_esys.h -o "$DST" --symbol-file "$SRC/tss2-esys.syms" --license "SPDX-License-Identifier: BSD-2-Clause" --soname TSS2_ESYS_LIBRARY_SONAME_UNUSED --prefix gnutls_tss2_esys --header-guard GNUTLS_LIB_DLWRAP_TSS2_ESYS_H_ --include "<tss2/tss2_esys.h>"
;;
esac
-git ls-files -z | grep -z '\.[ch]\(.in\)\?$' | grep -z -v '^devel/' | grep -z -v '^lib/dlwrap/' | grep -z -v '^lib/liboqs/backport/' | xargs -P "$parallel" -0 -n1 "$CLANG_FORMAT" $CLANG_FORMAT_ARGS
+git ls-files -z | grep -z '\.[ch]\(.in\)\?$' | grep -z -v '^devel/' | grep -z -v '^lib/dlwrap/' | xargs -P "$parallel" -0 -n1 "$CLANG_FORMAT" $CLANG_FORMAT_ARGS
exit $?
SUBDIRS += minitasn1
endif
-if ENABLE_LIBOQS
-SUBDIRS += liboqs
-endif
-
localedir = $(datadir)/locale
include $(top_srcdir)/lib/common.mk
endif
endif
-if ENABLE_LIBOQS
-COBJECTS += dlwrap/oqs.c dlwrap/oqsfuncs.h dlwrap/oqs.h
-AM_CPPFLAGS += $(LIBOQS_CFLAGS)
-
-if LIBOQS_ENABLE_DLOPEN
-AM_CPPFLAGS += -DGNUTLS_OQS_ENABLE_DLOPEN=1
-else
-thirdparty_libadd += $(LIBOQS_LIBS)
-endif
-endif
-
if ENABLE_LEANCRYPTO
AM_CPPFLAGS += $(LEANCRYPTO_CFLAGS)
thirdparty_libadd += $(LEANCRYPTO_LIBS)
libgnutls_la_LIBADD += nettle/libcrypto.la
endif
-if ENABLE_LIBOQS
-libgnutls_la_LIBADD += liboqs/libcrypto.la
-endif
-
if HAVE_LD_OUTPUT_DEF
libgnutls_la_LDFLAGS += -Wl,--output-def,libgnutls-$(DLL_VERSION).def
libgnutls-$(DLL_VERSION).def: libgnutls.la
.pk = GNUTLS_PK_DH,
.tls_id = 0x104 },
#endif
-#if defined(HAVE_LIBOQS) || defined(HAVE_LEANCRYPTO)
+#ifdef HAVE_LEANCRYPTO
{
.name = "MLKEM768",
.id = GNUTLS_GROUP_EXP_MLKEM768,
/* absense of .tls_id means that this group alone cannot be used in TLS */
},
#endif
-#ifdef HAVE_LIBOQS
- {
- .name = "KYBER768",
- .id = GNUTLS_GROUP_EXP_KYBER768,
- .pk = GNUTLS_PK_EXP_KYBER768,
- .pubkey_size = MLKEM768_PUBKEY_SIZE,
- .ciphertext_size = MLKEM768_CIPHERTEXT_SIZE,
- /* absense of .tls_id means that this group alone cannot be used in TLS */
- },
-#endif
-#if defined(HAVE_LIBOQS) || defined(HAVE_LEANCRYPTO)
+#ifdef HAVE_LEANCRYPTO
{ .name = "SECP256R1-MLKEM768",
.id = GNUTLS_GROUP_EXP_SECP256R1_MLKEM768,
.ids = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_EXP_MLKEM768,
.ids = { GNUTLS_GROUP_EXP_MLKEM768, GNUTLS_GROUP_X25519,
GNUTLS_GROUP_INVALID },
.tls_id = 0x11EC },
-#endif
-#ifdef HAVE_LIBOQS
- { .name = "X25519-KYBER768",
- .id = GNUTLS_GROUP_EXP_X25519_KYBER768,
- .ids = { GNUTLS_GROUP_X25519, GNUTLS_GROUP_EXP_KYBER768,
- GNUTLS_GROUP_INVALID },
- .tls_id = 0x6399 },
#endif
{ 0, 0, 0 }
};
.oid = NULL,
.id = GNUTLS_PK_MLKEM1024,
.curve = GNUTLS_ECC_CURVE_INVALID },
-/* Hidden behind HAVE_LIBOQS as it will be removed in the future.
- */
-#ifdef HAVE_LIBOQS
- { .name = "KYBER768",
- .oid = NULL,
- .id = GNUTLS_PK_EXP_KYBER768,
- .curve = GNUTLS_ECC_CURVE_INVALID },
-#endif
{ .name = "ML-DSA-44",
.oid = MLDSA44_OID,
.id = GNUTLS_PK_MLDSA44,
+++ /dev/null
-/*
- * Copying and distribution of this file, with or without modification,
- * are permitted in any medium without royalty provided the copyright
- * notice and this notice are preserved. This file is offered as-is,
- * without any warranty.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "oqs.h"
-
-#if defined(GNUTLS_OQS_ENABLE_DLOPEN) && GNUTLS_OQS_ENABLE_DLOPEN
-
-#include <assert.h>
-#include <dlfcn.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* If OQS_LIBRARY_SONAME_UNUSED is defined, dlopen handle can be automatically
- * set; otherwise, the caller needs to call
- * gnutls_oqs_ensure_library with soname determined at run time.
- */
-#ifdef OQS_LIBRARY_SONAME_UNUSED
-
-static void
-ensure_library (void)
-{
- if (gnutls_oqs_ensure_library (OQS_LIBRARY_SONAME_UNUSED, RTLD_LAZY | RTLD_LOCAL) < 0)
- abort ();
-}
-
-#if defined(GNUTLS_OQS_ENABLE_PTHREAD) && GNUTLS_OQS_ENABLE_PTHREAD
-#include <pthread.h>
-
-static pthread_once_t dlopen_once = PTHREAD_ONCE_INIT;
-
-#define ENSURE_LIBRARY pthread_once(&dlopen_once, ensure_library)
-
-#else /* GNUTLS_OQS_ENABLE_PTHREAD */
-
-#define ENSURE_LIBRARY do { \
- if (!gnutls_oqs_dlhandle) \
- ensure_library(); \
- } while (0)
-
-#endif /* !GNUTLS_OQS_ENABLE_PTHREAD */
-
-#else /* OQS_LIBRARY_SONAME_UNUSED */
-
-#define ENSURE_LIBRARY do {} while (0)
-
-#endif /* !OQS_LIBRARY_SONAME_UNUSED */
-
-static void *gnutls_oqs_dlhandle;
-
-/* Define redirection symbols */
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-macros"
-
-#if (2 <= __GNUC__ || (4 <= __clang_major__))
-#define FUNC(ret, name, args, cargs) \
- static __typeof__(name)(*gnutls_oqs_sym_##name);
-#else
-#define FUNC(ret, name, args, cargs) \
- static ret(*gnutls_oqs_sym_##name)args;
-#endif
-#define VOID_FUNC FUNC
-#include "oqsfuncs.h"
-#undef VOID_FUNC
-#undef FUNC
-
-#pragma GCC diagnostic pop
-
-/* Define redirection wrapper functions */
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-macros"
-
-#define FUNC(ret, name, args, cargs) \
-ret gnutls_oqs_func_##name args \
-{ \
- ENSURE_LIBRARY; \
- assert (gnutls_oqs_sym_##name); \
- return gnutls_oqs_sym_##name cargs; \
-}
-#define VOID_FUNC(ret, name, args, cargs) \
-ret gnutls_oqs_func_##name args \
-{ \
- ENSURE_LIBRARY; \
- assert (gnutls_oqs_sym_##name); \
- gnutls_oqs_sym_##name cargs; \
-}
-#include "oqsfuncs.h"
-#undef VOID_FUNC
-#undef FUNC
-
-#pragma GCC diagnostic pop
-
-static int
-ensure_symbol (const char *name, void **symp)
-{
- if (!*symp)
- {
- void *sym = dlsym (gnutls_oqs_dlhandle, name);
- if (!sym)
- return -EINVAL;
- *symp = sym;
- }
- return 0;
-}
-
-int
-gnutls_oqs_ensure_library (const char *soname, int flags)
-{
- int err;
-
- if (!gnutls_oqs_dlhandle)
- {
- gnutls_oqs_dlhandle = dlopen (soname, flags);
- if (!gnutls_oqs_dlhandle)
- return -EINVAL;
- }
-
-#define ENSURE_SYMBOL(name) \
- ensure_symbol(#name, (void **)&gnutls_oqs_sym_##name)
-
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-macros"
-
-#define FUNC(ret, name, args, cargs) \
- err = ENSURE_SYMBOL(name); \
- if (err < 0) \
- { \
- dlclose (gnutls_oqs_dlhandle); \
- gnutls_oqs_dlhandle = NULL; \
- return err; \
- }
-#define VOID_FUNC FUNC
-#include "oqsfuncs.h"
-#undef VOID_FUNC
-#undef FUNC
-
-#pragma GCC diagnostic pop
-
-#undef ENSURE_SYMBOL
- return 0;
-}
-
-void
-gnutls_oqs_unload_library (void)
-{
- if (gnutls_oqs_dlhandle)
- {
- dlclose (gnutls_oqs_dlhandle);
- gnutls_oqs_dlhandle = NULL;
- }
-
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunused-macros"
-
-#define FUNC(ret, name, args, cargs) \
- gnutls_oqs_sym_##name = NULL;
-#define VOID_FUNC FUNC
-#include "oqsfuncs.h"
-#undef VOID_FUNC
-#undef FUNC
-
-#pragma GCC diagnostic pop
-}
-
-unsigned
-gnutls_oqs_is_usable (void)
-{
- return gnutls_oqs_dlhandle != NULL;
-}
-
-#else /* GNUTLS_OQS_ENABLE_DLOPEN */
-
-int
-gnutls_oqs_ensure_library (const char *soname, int flags)
-{
- (void) soname;
- (void) flags;
- return 0;
-}
-
-void
-gnutls_oqs_unload_library (void)
-{
-}
-
-unsigned
-gnutls_oqs_is_usable (void)
-{
- /* The library is linked at build time, thus always usable */
- return 1;
-}
-
-#endif /* !GNUTLS_OQS_ENABLE_DLOPEN */
+++ /dev/null
-/*
- * Copying and distribution of this file, with or without modification,
- * are permitted in any medium without royalty provided the copyright
- * notice and this notice are preserved. This file is offered as-is,
- * without any warranty.
- */
-
-#ifndef GNUTLS_LIB_DLWRAP_OQS_H_
-#define GNUTLS_LIB_DLWRAP_OQS_H_
-
-#include <oqs/oqs.h>
-
-#if defined(GNUTLS_OQS_ENABLE_DLOPEN) && GNUTLS_OQS_ENABLE_DLOPEN
-
-#define FUNC(ret, name, args, cargs) \
- ret gnutls_oqs_func_##name args;
-#define VOID_FUNC FUNC
-#include "oqsfuncs.h"
-#undef VOID_FUNC
-#undef FUNC
-
-#define GNUTLS_OQS_FUNC(name) gnutls_oqs_func_##name
-
-#else
-
-#define GNUTLS_OQS_FUNC(name) name
-
-#endif /* GNUTLS_OQS_ENABLE_DLOPEN */
-
-/* Ensure SONAME to be loaded with dlopen FLAGS, and all the necessary
- * symbols are resolved.
- *
- * Returns 0 on success; negative error code otherwise.
- *
- * Note that this function is NOT thread-safe; when calling it from
- * multi-threaded programs, protect it with a locking mechanism.
- */
-int gnutls_oqs_ensure_library (const char *soname, int flags);
-
-/* Unload library and reset symbols.
- *
- * Note that this function is NOT thread-safe; when calling it from
- * multi-threaded programs, protect it with a locking mechanism.
- */
-void gnutls_oqs_unload_library (void);
-
-/* Return 1 if the library is loaded and usable.
- *
- * Note that this function is NOT thread-safe; when calling it from
- * multi-threaded programs, protect it with a locking mechanism.
- */
-unsigned gnutls_oqs_is_usable (void);
-
-#endif /* GNUTLS_LIB_DLWRAP_OQS_H_ */
+++ /dev/null
-/*
- * This file was automatically generated from oqs.h,
- * which is covered by the following license:
- * SPDX-License-Identifier: MIT
- */
-VOID_FUNC(void, OQS_init, (void), ())
-VOID_FUNC(void, OQS_destroy, (void), ())
-FUNC(const char *, OQS_version, (void), ())
-VOID_FUNC(void, OQS_randombytes_custom_algorithm, (void (*algorithm_ptr)(uint8_t *, size_t)), (algorithm_ptr))
-FUNC(int, OQS_KEM_alg_is_enabled, (const char *method_name), (method_name))
-FUNC(OQS_KEM *, OQS_KEM_new, (const char *method_name), (method_name))
-FUNC(OQS_STATUS, OQS_KEM_keypair, (const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key), (kem, public_key, secret_key))
-FUNC(OQS_STATUS, OQS_KEM_encaps, (const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key), (kem, ciphertext, shared_secret, public_key))
-FUNC(OQS_STATUS, OQS_KEM_decaps, (const OQS_KEM *kem, uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key), (kem, shared_secret, ciphertext, secret_key))
-VOID_FUNC(void, OQS_KEM_free, (OQS_KEM *kem), (kem))
-FUNC(int, OQS_SIG_alg_is_enabled, (const char *method_name), (method_name))
-FUNC(OQS_SIG *, OQS_SIG_new, (const char *method_name), (method_name))
-FUNC(OQS_STATUS, OQS_SIG_keypair, (const OQS_SIG *sig, uint8_t *public_key, uint8_t *secret_key), (sig, public_key, secret_key))
-FUNC(OQS_STATUS, OQS_SIG_sign, (const OQS_SIG *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key), (sig, signature, signature_len, message, message_len, secret_key))
-FUNC(OQS_STATUS, OQS_SIG_verify, (const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key), (sig, message, message_len, signature, signature_len, public_key))
-VOID_FUNC(void, OQS_SIG_free, (OQS_SIG *sig), (sig))
-VOID_FUNC(void, OQS_SHA2_set_callbacks, (struct OQS_SHA2_callbacks *new_callbacks), (new_callbacks))
-VOID_FUNC(void, OQS_SHA3_set_callbacks, (struct OQS_SHA3_callbacks *new_callbacks), (new_callbacks))
-VOID_FUNC(void, OQS_SHA3_x4_set_callbacks, (struct OQS_SHA3_x4_callbacks *new_callbacks), (new_callbacks))
#include "system-keys.h"
#include "str.h"
#include "global.h"
-#include "liboqs/liboqs.h"
#ifdef HAVE_LEANCRYPTO
#include <leancrypto.h>
#endif
#ifdef HAVE_TPM2
_gnutls_tpm2_deinit();
#endif
-#ifdef HAVE_LIBOQS
- _gnutls_liboqs_deinit();
-#endif
_gnutls_nss_keylog_deinit();
} else {
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-# Copyright (C) 2004-2012 Free Software Foundation, Inc.
-# Copyright (C) 2024 Red Hat, Inc.
-#
-# Author: Daiki Ueno
-#
-# This file is part of GNUTLS.
-#
-# The GNUTLS library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 3 of
-# the License, or (at your option) any later version.
-#
-# The GNUTLS library is distributed in the hope that it will be
-# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
-# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>
-
-include $(top_srcdir)/lib/common.mk
-
-AM_CFLAGS += $(LIBOQS_CFLAGS)
-
-AM_CPPFLAGS += \
- -I$(srcdir)/../../gl \
- -I$(builddir)/../../gl \
- -I$(srcdir)/../includes \
- -I$(builddir)/../includes \
- -I$(srcdir)/..
-
-if LIBOQS_ENABLE_DLOPEN
-AM_CPPFLAGS += $(LIBOQS_CFLAGS) -DGNUTLS_OQS_ENABLE_DLOPEN=1
-endif
-
-noinst_LTLIBRARIES = libcrypto.la
-
-libcrypto_la_SOURCES = liboqs.h liboqs.c rand.h rand.c sha2.h sha2.c sha3.h sha3.c sha3x4.h sha3x4.c
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#include "config.h"
-
-#include "liboqs/liboqs.h"
-
-#ifdef _WIN32
-#define RTLD_NOW 0
-#define RTLD_GLOBAL 0
-#else
-#include <dlfcn.h>
-#endif
-
-#ifndef OQS_LIBRARY_SONAME
-#define OQS_LIBRARY_SONAME "none"
-#endif
-
-#include <limits.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include "errors.h"
-#include "locks.h"
-
-#include "dlwrap/oqs.h"
-#include "liboqs/rand.h"
-#include "liboqs/sha2.h"
-#include "liboqs/sha3.h"
-#include "liboqs/sha3x4.h"
-
-/* We can't use GNUTLS_ONCE here, as it wouldn't allow manual unloading */
-GNUTLS_STATIC_MUTEX(liboqs_init_mutex);
-static int _liboqs_init = 0;
-
-static bool parse_version(const char *version, long *major, long *minor,
- long *micro)
-{
- long components[3] = { 0, 0, 0 };
- const char *start = version, *end = version + strlen(version);
-
- for (size_t i = 0; start < end && i < 3; i++) {
- char *next;
-
- components[i] = strtol(start, &next, 10);
- if (components[i] < 0 || components[i] == LONG_MAX)
- return false;
-
- start = next + 1;
- }
- if (major)
- *major = components[0];
- if (minor)
- *minor = components[1];
- if (micro)
- *micro = components[2];
-
- return true;
-}
-
-static bool check_version(const char *version, long req_major, long req_minor,
- long req_micro)
-{
- long major, minor, micro;
-
- return parse_version(version, &major, &minor, µ) &&
- (major > req_major ||
- (major == req_major &&
- (minor > req_minor ||
- (minor == req_minor && micro >= req_micro))));
-}
-
-int _gnutls_liboqs_ensure(void)
-{
- const char *version;
- int ret;
-
- if (_liboqs_init)
- return GNUTLS_E_SUCCESS;
-
- ret = gnutls_static_mutex_lock(&liboqs_init_mutex);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- if (gnutls_oqs_ensure_library(OQS_LIBRARY_SONAME,
- RTLD_NOW | RTLD_GLOBAL) < 0) {
- _gnutls_debug_log(
- "liboqs: unable to initialize liboqs functions\n");
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- goto out;
- }
-
- version = GNUTLS_OQS_FUNC(OQS_version)();
- if (unlikely(version == NULL)) {
- _gnutls_debug_log(
- "liboqs: unable to retrieve liboqs version\n");
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- goto out;
- }
- if (!check_version(version, MIN_LIBOQS_VERSION_MAJOR,
- MIN_LIBOQS_VERSION_MINOR,
- MIN_LIBOQS_VERSION_MICRO)) {
- _gnutls_debug_log("liboqs: unsupported liboqs version\n");
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- goto out;
- }
-
- _gnutls_liboqs_sha2_init();
- _gnutls_liboqs_sha3_init();
- _gnutls_liboqs_sha3x4_init();
- GNUTLS_OQS_FUNC(OQS_init)();
- _gnutls_liboqs_rand_init();
-
- _liboqs_init = 1;
- ret = GNUTLS_E_SUCCESS;
-
-out:
- (void)gnutls_static_mutex_unlock(&liboqs_init_mutex);
-
- return ret;
-}
-
-/* This is not thread-safe: call this function only from
- * gnutls_global_deinit, which has a proper protection.
- */
-void _gnutls_liboqs_deinit(void)
-{
- if (_liboqs_init) {
- const char *version;
-
- _gnutls_liboqs_rand_deinit();
- _gnutls_liboqs_sha3x4_deinit();
- _gnutls_liboqs_sha3_deinit();
- _gnutls_liboqs_sha2_deinit();
-
- /* OQS_destroy in liboqs 0.11.0 unconditionally calls
- * OpenSSL functions for cleanup; see:
- * https://github.com/open-quantum-safe/liboqs/pull/1982
- *
- * As it doesn't do anything other than that so far,
- * just skip it for now */
- version = GNUTLS_OQS_FUNC(OQS_version)();
- if (unlikely(version == NULL)) {
- _gnutls_debug_log(
- "liboqs: unable to retrieve liboqs version\n");
- } else if (check_version(version, 0, 11, 1)) {
- GNUTLS_OQS_FUNC(OQS_destroy)();
- }
- }
-
- gnutls_oqs_unload_library();
- _liboqs_init = 0;
-}
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_LIB_LIBOQS_LIBOQS_H
-#define GNUTLS_LIB_LIBOQS_LIBOQS_H
-
-int _gnutls_liboqs_ensure(void);
-void _gnutls_liboqs_deinit(void);
-
-#endif /* GNUTLS_LIB_LIBOQS_LIBOQS_H */
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#include "config.h"
-
-#include "liboqs/rand.h"
-
-#include "dlwrap/oqs.h"
-#include "fips.h"
-#include <gnutls/crypto.h>
-#include <stdint.h>
-
-static void rand_bytes(uint8_t *data, size_t size)
-{
- if (gnutls_rnd(GNUTLS_RND_RANDOM, data, size) < 0)
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-}
-
-void _gnutls_liboqs_rand_init(void)
-{
- GNUTLS_OQS_FUNC(OQS_randombytes_custom_algorithm)(rand_bytes);
-}
-
-void _gnutls_liboqs_rand_deinit(void)
-{
-}
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_LIB_LIBOQS_RAND_H
-#define GNUTLS_LIB_LIBOQS_RAND_H
-
-void _gnutls_liboqs_rand_init(void);
-void _gnutls_liboqs_rand_deinit(void);
-
-#endif /* GNUTLS_LIB_LIBOQS_RAND_H */
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#include "config.h"
-
-#include "liboqs/sha2.h"
-
-#include "dlwrap/oqs.h"
-#include <assert.h>
-#include <gnutls/crypto.h>
-#include <string.h>
-
-#undef SHA2_BLOCK_SIZE
-#define SHA2_BLOCK_SIZE 64
-
-/* SHA2-256 */
-
-static void SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA256, input, inplen, output);
-}
-
-/* SHA2-256 incremental */
-
-static void SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA256);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA2_sha256_inc(OQS_SHA2_sha256_ctx *state, const uint8_t *in,
- size_t len)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in, len);
- assert(ret == 0);
-}
-
-static void SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state,
- const uint8_t *in, size_t inblocks)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in,
- inblocks * SHA2_BLOCK_SIZE);
- assert(ret == 0);
-}
-
-static void SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state,
- const uint8_t *in, size_t inlen)
-{
- if (inlen > 0) {
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in, inlen);
- assert(ret == 0);
- }
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, out);
-}
-
-static void SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest,
- const OQS_SHA2_sha256_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-/* SHA2-384 */
-
-static void SHA2_sha384(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA384, input, inplen, output);
-}
-
-/* SHA2-384 incremental */
-
-static void SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA384);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state,
- const uint8_t *in, size_t inblocks)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in,
- inblocks * SHA2_BLOCK_SIZE);
- assert(ret == 0);
-}
-
-static void SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state,
- const uint8_t *in, size_t inlen)
-{
- if (inlen > 0) {
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in, inlen);
- assert(ret == 0);
- }
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, out);
-}
-
-static void SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest,
- const OQS_SHA2_sha384_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-/* SHA2-512 */
-
-static void SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA512, input, inplen, output);
-}
-
-/* SHA2-512 incremental */
-
-static void SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA512);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state,
- const uint8_t *in, size_t inblocks)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in,
- inblocks * SHA2_BLOCK_SIZE);
- assert(ret == 0);
-}
-
-static void SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state,
- const uint8_t *in, size_t inlen)
-{
- if (inlen > 0) {
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, in, inlen);
- assert(ret == 0);
- }
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, out);
-}
-
-static void SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest,
- const OQS_SHA2_sha512_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-struct OQS_SHA2_callbacks sha2_callbacks = {
- SHA2_sha256,
- SHA2_sha256_inc_init,
- SHA2_sha256_inc_ctx_clone,
- SHA2_sha256_inc,
- SHA2_sha256_inc_blocks,
- SHA2_sha256_inc_finalize,
- SHA2_sha256_inc_ctx_release,
- SHA2_sha384,
- SHA2_sha384_inc_init,
- SHA2_sha384_inc_ctx_clone,
- SHA2_sha384_inc_blocks,
- SHA2_sha384_inc_finalize,
- SHA2_sha384_inc_ctx_release,
- SHA2_sha512,
- SHA2_sha512_inc_init,
- SHA2_sha512_inc_ctx_clone,
- SHA2_sha512_inc_blocks,
- SHA2_sha512_inc_finalize,
- SHA2_sha512_inc_ctx_release,
-};
-
-void _gnutls_liboqs_sha2_init(void)
-{
- GNUTLS_OQS_FUNC(OQS_SHA2_set_callbacks)(&sha2_callbacks);
-}
-
-void _gnutls_liboqs_sha2_deinit(void)
-{
-}
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_LIB_LIBOQS_SHA2_H
-#define GNUTLS_LIB_LIBOQS_SHA2_H
-
-void _gnutls_liboqs_sha2_init(void);
-void _gnutls_liboqs_sha2_deinit(void);
-
-#endif /* GNUTLS_LIB_LIBOQS_SHA2_H */
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#include "config.h"
-
-#include "liboqs/sha3.h"
-
-#include "dlwrap/oqs.h"
-#include <assert.h>
-#include <gnutls/crypto.h>
-#include <string.h>
-
-/* SHA3-256 */
-
-static void SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA3_256, input, inplen, output);
-}
-
-/* SHA3-256 incremental */
-
-static void SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA3_256);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state,
- const uint8_t *input, size_t inplen)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, input, inplen);
- assert(ret == 0);
-}
-
-static void SHA3_sha3_256_inc_finalize(uint8_t *output,
- OQS_SHA3_sha3_256_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, output);
-}
-
-static void SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest,
- const OQS_SHA3_sha3_256_inc_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-static void SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-/* SHA3-384 */
-
-static void SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA3_384, input, inplen, output);
-}
-
-/* SHA3-384 incremental */
-static void SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA3_384);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state,
- const uint8_t *input, size_t inplen)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, input, inplen);
- assert(ret == 0);
-}
-
-static void SHA3_sha3_384_inc_finalize(uint8_t *output,
- OQS_SHA3_sha3_384_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, output);
-}
-
-static void SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest,
- const OQS_SHA3_sha3_384_inc_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-static void SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-/* SHA3-512 */
-
-static void SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen)
-{
- gnutls_hash_fast(GNUTLS_DIG_SHA3_512, input, inplen, output);
-}
-
-/* SHA3-512 incremental */
-
-static void SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHA3_512);
- assert(ret == 0);
- state->ctx = hd;
-}
-
-static void SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state,
- const uint8_t *input, size_t inplen)
-{
- int ret;
-
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, input, inplen);
- assert(ret == 0);
-}
-
-static void SHA3_sha3_512_inc_finalize(uint8_t *output,
- OQS_SHA3_sha3_512_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, output);
-}
-
-static void SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest,
- const OQS_SHA3_sha3_512_inc_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-static void SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-/* SHAKE-128 */
-
-static void SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input,
- size_t inplen)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHAKE_128);
- assert(ret == 0);
-
- ret = gnutls_hash(hd, input, inplen);
- assert(ret == 0);
-
- ret = gnutls_hash_squeeze(hd, output, outlen);
- assert(ret == 0);
-
- gnutls_hash_deinit(hd, NULL);
-}
-
-/* SHAKE-128 incremental
- */
-
-static void SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHAKE_128);
- assert(ret == 0);
-
- state->ctx = hd;
-}
-
-static void SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state,
- const uint8_t *input, size_t inplen)
-{
- int ret;
-
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, input, inplen);
- assert(ret == 0);
-}
-
-static void SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state)
-{
- (void)state;
-}
-
-static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen,
- OQS_SHA3_shake128_inc_ctx *state)
-{
- int ret;
-
- ret = gnutls_hash_squeeze((gnutls_hash_hd_t)state->ctx, output, outlen);
- assert(ret == 0);
-}
-
-static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest,
- const OQS_SHA3_shake128_inc_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-static void SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-/* SHAKE-256 */
-
-static void SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input,
- size_t inplen)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHAKE_256);
- assert(ret == 0);
-
- ret = gnutls_hash(hd, input, inplen);
- assert(ret == 0);
-
- ret = gnutls_hash_squeeze(hd, output, outlen);
- assert(ret == 0);
-
- gnutls_hash_deinit(hd, NULL);
-}
-
-/* SHAKE-256 incremental */
-
-static void SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state)
-{
- gnutls_hash_hd_t hd;
- int ret;
-
- ret = gnutls_hash_init(&hd, GNUTLS_DIG_SHAKE_256);
- assert(ret == 0);
-
- state->ctx = hd;
-}
-
-static void SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state,
- const uint8_t *input, size_t inplen)
-{
- int ret;
-
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
- ret = gnutls_hash((gnutls_hash_hd_t)state->ctx, input, inplen);
- assert(ret == 0);
-}
-
-static void SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state)
-{
- (void)state;
-}
-
-static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen,
- OQS_SHA3_shake256_inc_ctx *state)
-{
- int ret;
-
- ret = gnutls_hash_squeeze((gnutls_hash_hd_t)state->ctx, output, outlen);
- assert(ret == 0);
-}
-
-static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state)
-{
- gnutls_hash_deinit((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest,
- const OQS_SHA3_shake256_inc_ctx *src)
-{
- dest->ctx = gnutls_hash_copy((gnutls_hash_hd_t)src->ctx);
-}
-
-static void SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state)
-{
- gnutls_hash_output((gnutls_hash_hd_t)state->ctx, NULL);
-}
-
-static struct OQS_SHA3_callbacks sha3_callbacks = {
- SHA3_sha3_256,
- SHA3_sha3_256_inc_init,
- SHA3_sha3_256_inc_absorb,
- SHA3_sha3_256_inc_finalize,
- SHA3_sha3_256_inc_ctx_release,
- SHA3_sha3_256_inc_ctx_reset,
- SHA3_sha3_256_inc_ctx_clone,
- SHA3_sha3_384,
- SHA3_sha3_384_inc_init,
- SHA3_sha3_384_inc_absorb,
- SHA3_sha3_384_inc_finalize,
- SHA3_sha3_384_inc_ctx_release,
- SHA3_sha3_384_inc_ctx_reset,
- SHA3_sha3_384_inc_ctx_clone,
- SHA3_sha3_512,
- SHA3_sha3_512_inc_init,
- SHA3_sha3_512_inc_absorb,
- SHA3_sha3_512_inc_finalize,
- SHA3_sha3_512_inc_ctx_release,
- SHA3_sha3_512_inc_ctx_reset,
- SHA3_sha3_512_inc_ctx_clone,
- SHA3_shake128,
- SHA3_shake128_inc_init,
- SHA3_shake128_inc_absorb,
- SHA3_shake128_inc_finalize,
- SHA3_shake128_inc_squeeze,
- SHA3_shake128_inc_ctx_release,
- SHA3_shake128_inc_ctx_clone,
- SHA3_shake128_inc_ctx_reset,
- SHA3_shake256,
- SHA3_shake256_inc_init,
- SHA3_shake256_inc_absorb,
- SHA3_shake256_inc_finalize,
- SHA3_shake256_inc_squeeze,
- SHA3_shake256_inc_ctx_release,
- SHA3_shake256_inc_ctx_clone,
- SHA3_shake256_inc_ctx_reset,
-};
-
-void _gnutls_liboqs_sha3_init(void)
-{
- GNUTLS_OQS_FUNC(OQS_SHA3_set_callbacks)(&sha3_callbacks);
-}
-
-void _gnutls_liboqs_sha3_deinit(void)
-{
-}
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_LIB_LIBOQS_SHA3_H
-#define GNUTLS_LIB_LIBOQS_SHA3_H
-
-void _gnutls_liboqs_sha3_init(void);
-void _gnutls_liboqs_sha3_deinit(void);
-
-#endif /* GNUTLS_LIB_LIBOQS_SHA3_H */
+++ /dev/null
-/*
- * Copyright (C) 2024 David Dudas
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#include "config.h"
-
-#include "liboqs/sha3x4.h"
-
-#include "attribute.h"
-#include "dlwrap/oqs.h"
-#include "gnutls_int.h"
-#include <gnutls/crypto.h>
-#include <string.h>
-
-#define SHA3_N 4
-
-struct sha3_x4_context_st {
- gnutls_hash_hd_t hds[SHA3_N];
-};
-
-static void sha3_x4_context_deinit(struct sha3_x4_context_st *context)
-{
- if (!context)
- return;
-
- for (size_t i = 0; i < SHA3_N; i++) {
- if (context->hds[i])
- gnutls_hash_deinit(context->hds[i], NULL);
- }
- gnutls_free(context);
-}
-
-static int sha3_x4_context_init(struct sha3_x4_context_st **context,
- gnutls_digest_algorithm_t algo)
-{
- struct sha3_x4_context_st *p;
- int ret = 0;
-
- p = gnutls_calloc(1, sizeof(struct sha3_x4_context_st));
- if (!p)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (size_t i = 0; i < sizeof(p->hds) / sizeof(p->hds[0]); i++) {
- ret = gnutls_hash_init(&p->hds[i], algo);
- if (ret < 0)
- goto out;
- }
-
- /* steal the result */
- *context = p;
- p = NULL;
-
-out:
- sha3_x4_context_deinit(p);
- return ret;
-}
-
-static struct sha3_x4_context_st *
-sha3_x4_context_copy(const struct sha3_x4_context_st *src)
-{
- struct sha3_x4_context_st *copy = NULL, *p;
-
- p = gnutls_calloc(1, sizeof(struct sha3_x4_context_st));
- if (!p)
- return NULL;
-
- for (size_t i = 0; i < sizeof(p->hds) / sizeof(p->hds[0]); i++) {
- p->hds[i] = gnutls_hash_copy(src->hds[i]);
- if (!p->hds[i])
- goto out;
- }
-
- /* steal the result */
- copy = p;
- p = NULL;
-
-out:
- sha3_x4_context_deinit(p);
- return copy;
-}
-
-static void sha3_x4_reset(struct sha3_x4_context_st *context)
-{
- for (size_t i = 0; i < SHA3_N; i++)
- gnutls_hash_output(context->hds[i], NULL);
-}
-
-static int sha3_x4_absorb(struct sha3_x4_context_st *context,
- const uint8_t *in[SHA3_N], size_t inlen)
-{
- for (size_t i = 0; i < SHA3_N; i++) {
- int ret;
-
- ret = gnutls_hash(context->hds[i], in[i], inlen);
- if (unlikely(ret < 0)) {
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
-}
-
-static int sha3_x4_squeeze(struct sha3_x4_context_st *context,
- uint8_t *out[SHA3_N], size_t outlen)
-{
- for (size_t i = 0; i < SHA3_N; i++) {
- int ret;
-
- ret = gnutls_hash_squeeze(context->hds[i], out[i], outlen);
- if (unlikely(ret < 0)) {
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
-}
-
-static int sha3_x4(gnutls_digest_algorithm_t algo, uint8_t *out[SHA3_N],
- const uint8_t *in[SHA3_N], size_t len)
-{
- for (size_t i = 0; i < SHA3_N; i++) {
- int ret;
-
- ret = gnutls_hash_fast(algo, in[i], len, out[i]);
- if (unlikely(ret < 0)) {
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
-}
-
-static void SHA3_shake128_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2,
- uint8_t *out3, size_t outlen, const uint8_t *in0,
- const uint8_t *in1, const uint8_t *in2,
- const uint8_t *in3, size_t inlen)
-{
- const uint8_t *in[SHA3_N] = { in0, in1, in2, in3 };
- uint8_t *out[SHA3_N] = { out0, out1, out2, out3 };
- int ret;
-
- ret = sha3_x4(GNUTLS_DIG_SHAKE_128, out, in, inlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state)
-{
- struct sha3_x4_context_st *context;
- int ret;
-
- ret = sha3_x4_context_init(&context, GNUTLS_DIG_SHAKE_128);
- if (unlikely(ret < 0)) {
- abort();
- }
- state->ctx = context;
-}
-
-static void SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state,
- const uint8_t *in0, const uint8_t *in1,
- const uint8_t *in2, const uint8_t *in3,
- size_t inlen)
-{
- const uint8_t *in[SHA3_N] = { in0, in1, in2, in3 };
- int ret;
-
- ret = sha3_x4_absorb((struct sha3_x4_context_st *)state->ctx, in,
- inlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void
-SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state MAYBE_UNUSED)
-{
-}
-
-static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1,
- uint8_t *out2, uint8_t *out3,
- size_t outlen,
- OQS_SHA3_shake128_x4_inc_ctx *state)
-{
- uint8_t *out[SHA3_N] = { out0, out1, out2, out3 };
- int ret;
-
- ret = sha3_x4_squeeze((struct sha3_x4_context_st *)state->ctx, out,
- outlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void
-SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state)
-{
- sha3_x4_context_deinit((struct sha3_x4_context_st *)state->ctx);
-}
-
-static void
-SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest,
- const OQS_SHA3_shake128_x4_inc_ctx *src)
-{
- dest->ctx = sha3_x4_context_copy(src->ctx);
-}
-
-static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state)
-{
- sha3_x4_reset((struct sha3_x4_context_st *)state->ctx);
-}
-
-static void SHA3_shake256_x4(uint8_t *out0, uint8_t *out1, uint8_t *out2,
- uint8_t *out3, size_t outlen, const uint8_t *in0,
- const uint8_t *in1, const uint8_t *in2,
- const uint8_t *in3, size_t inlen)
-{
- const uint8_t *in[SHA3_N] = { in0, in1, in2, in3 };
- uint8_t *out[SHA3_N] = { out0, out1, out2, out3 };
- int ret;
-
- ret = sha3_x4(GNUTLS_DIG_SHAKE_256, out, in, inlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state)
-{
- struct sha3_x4_context_st *context;
- int ret;
-
- ret = sha3_x4_context_init(&context, GNUTLS_DIG_SHAKE_256);
- if (unlikely(ret < 0)) {
- abort();
- }
- state->ctx = context;
-}
-
-static void SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state,
- const uint8_t *in0, const uint8_t *in1,
- const uint8_t *in2, const uint8_t *in3,
- size_t inlen)
-{
- const uint8_t *in[SHA3_N] = { in0, in1, in2, in3 };
- int ret;
-
- ret = sha3_x4_absorb((struct sha3_x4_context_st *)state->ctx, in,
- inlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void
-SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state MAYBE_UNUSED)
-{
-}
-
-static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1,
- uint8_t *out2, uint8_t *out3,
- size_t outlen,
- OQS_SHA3_shake256_x4_inc_ctx *state)
-{
- uint8_t *out[SHA3_N] = { out0, out1, out2, out3 };
- int ret;
-
- ret = sha3_x4_squeeze((struct sha3_x4_context_st *)state->ctx, out,
- outlen);
- if (unlikely(ret < 0)) {
- abort();
- }
-}
-
-static void
-SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state)
-{
- sha3_x4_context_deinit((struct sha3_x4_context_st *)state->ctx);
-}
-
-static void
-SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest,
- const OQS_SHA3_shake256_x4_inc_ctx *src)
-{
- dest->ctx = sha3_x4_context_copy(src->ctx);
-}
-
-static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state)
-{
- sha3_x4_reset((struct sha3_x4_context_st *)state->ctx);
-}
-
-struct OQS_SHA3_x4_callbacks sha3_x4_callbacks = {
- SHA3_shake128_x4,
- SHA3_shake128_x4_inc_init,
- SHA3_shake128_x4_inc_absorb,
- SHA3_shake128_x4_inc_finalize,
- SHA3_shake128_x4_inc_squeeze,
- SHA3_shake128_x4_inc_ctx_release,
- SHA3_shake128_x4_inc_ctx_clone,
- SHA3_shake128_x4_inc_ctx_reset,
- SHA3_shake256_x4,
- SHA3_shake256_x4_inc_init,
- SHA3_shake256_x4_inc_absorb,
- SHA3_shake256_x4_inc_finalize,
- SHA3_shake256_x4_inc_squeeze,
- SHA3_shake256_x4_inc_ctx_release,
- SHA3_shake256_x4_inc_ctx_clone,
- SHA3_shake256_x4_inc_ctx_reset,
-};
-
-void _gnutls_liboqs_sha3x4_init(void)
-{
- GNUTLS_OQS_FUNC(OQS_SHA3_x4_set_callbacks)(&sha3_x4_callbacks);
-}
-
-void _gnutls_liboqs_sha3x4_deinit(void)
-{
-}
+++ /dev/null
-/*
- * Copyright (C) 2024 Red Hat, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_LIB_LIBOQS_SHA3X4_H
-#define GNUTLS_LIB_LIBOQS_SHA3X4_H
-
-void _gnutls_liboqs_sha3x4_init(void);
-void _gnutls_liboqs_sha3x4_deinit(void);
-
-#endif /* GNUTLS_LIB_LIBOQS_SHA3X4_H */
AM_CPPFLAGS += -I$(srcdir)/../minitasn1
endif
-if LIBOQS_ENABLE_DLOPEN
-AM_CPPFLAGS += $(LIBOQS_CFLAGS) -DGNUTLS_OQS_ENABLE_DLOPEN=1
-endif
-
if ENABLE_LEANCRYPTO
AM_CPPFLAGS += $(LEANCRYPTO_CFLAGS)
endif
#include "dh.h"
#ifdef HAVE_LEANCRYPTO
#include <leancrypto.h>
-#elif defined HAVE_LIBOQS
-#include "dlwrap/oqs.h"
-#include "liboqs/liboqs.h"
#endif
#include "attribute.h"
zeroize_key(&sk, sizeof(sk));
return ret;
}
-#elif defined HAVE_LIBOQS
-static const char *ml_kem_pk_to_liboqs_algo(gnutls_pk_algorithm_t algo)
-{
- switch (algo) {
- case GNUTLS_PK_MLKEM768:
- return OQS_KEM_alg_ml_kem_768;
- case GNUTLS_PK_EXP_KYBER768:
- return OQS_KEM_alg_kyber_768;
- case GNUTLS_PK_MLKEM1024:
- return OQS_KEM_alg_ml_kem_1024;
- default:
- gnutls_assert();
- return NULL;
- }
-}
-
-static int ml_kem_exists(gnutls_pk_algorithm_t algo)
-{
- const char *algo_name;
-
- if (_gnutls_liboqs_ensure() < 0)
- return 0;
-
- algo_name = ml_kem_pk_to_liboqs_algo(algo);
- return algo_name != NULL &&
- GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name);
-}
-
-static int ml_kem_encaps(gnutls_pk_algorithm_t algo, gnutls_datum_t *ciphertext,
- gnutls_datum_t *shared_secret,
- const gnutls_datum_t *pub)
-{
- int ret;
- OQS_KEM *kem = NULL;
- const char *algo_name;
- gnutls_datum_t tmp_ciphertext = { NULL, 0 };
- gnutls_datum_t tmp_shared_secret = { NULL, 0 };
- OQS_STATUS rc;
-
- if (_gnutls_liboqs_ensure() < 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- algo_name = ml_kem_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
- if (kem == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- tmp_ciphertext.size = kem->length_ciphertext;
- tmp_ciphertext.data = gnutls_malloc(tmp_ciphertext.size);
- if (tmp_ciphertext.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- tmp_shared_secret.size = kem->length_shared_secret;
- tmp_shared_secret.data = gnutls_malloc(tmp_shared_secret.size);
- if (tmp_shared_secret.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- rc = GNUTLS_OQS_FUNC(OQS_KEM_encaps)(kem, tmp_ciphertext.data,
- tmp_shared_secret.data, pub->data);
- if (rc != OQS_SUCCESS) {
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- *ciphertext = _gnutls_steal_datum(&tmp_ciphertext);
- *shared_secret = _gnutls_steal_datum(&tmp_shared_secret);
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum(&tmp_ciphertext);
- _gnutls_free_key_datum(&tmp_shared_secret);
- GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);
- return ret;
-}
-
-static int ml_kem_decaps(gnutls_pk_algorithm_t algo,
- gnutls_datum_t *shared_secret,
- const gnutls_datum_t *ciphertext,
- const gnutls_datum_t *priv)
-{
- int ret;
- OQS_KEM *kem = NULL;
- const char *algo_name;
- gnutls_datum_t tmp_shared_secret = { NULL, 0 };
- OQS_STATUS rc;
-
- if (_gnutls_liboqs_ensure() < 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- algo_name = ml_kem_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
- if (kem == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- tmp_shared_secret.size = kem->length_shared_secret;
- tmp_shared_secret.data = gnutls_malloc(tmp_shared_secret.size);
- if (tmp_shared_secret.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- rc = GNUTLS_OQS_FUNC(OQS_KEM_decaps)(kem, tmp_shared_secret.data,
- ciphertext->data, priv->data);
- if (rc != OQS_SUCCESS) {
- GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- *shared_secret = _gnutls_steal_datum(&tmp_shared_secret);
-
- ret = 0;
-
-cleanup:
- _gnutls_free_key_datum(&tmp_shared_secret);
- GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);
- return ret;
-}
-
-static int ml_kem_generate_keypair(gnutls_pk_algorithm_t algo,
- gnutls_datum_t *raw_priv,
- gnutls_datum_t *raw_pub)
-{
- int ret;
- OQS_KEM *kem = NULL;
- const char *algo_name;
- gnutls_datum_t tmp_raw_priv = { NULL, 0 };
- gnutls_datum_t tmp_raw_pub = { NULL, 0 };
- OQS_STATUS rc;
-
- if (_gnutls_liboqs_ensure() < 0) {
- ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- goto cleanup;
- }
-
- algo_name = ml_kem_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name)) {
- ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- goto cleanup;
- }
-
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
- if (kem == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- tmp_raw_priv.size = kem->length_secret_key;
- tmp_raw_priv.data = gnutls_malloc(tmp_raw_priv.size);
- if (tmp_raw_priv.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- tmp_raw_pub.size = kem->length_public_key;
- tmp_raw_pub.data = gnutls_malloc(tmp_raw_pub.size);
- if (tmp_raw_pub.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- rc = GNUTLS_OQS_FUNC(OQS_KEM_keypair)(kem, tmp_raw_pub.data,
- tmp_raw_priv.data);
- if (rc != OQS_SUCCESS) {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto cleanup;
- }
-
- *raw_priv = _gnutls_steal_datum(&tmp_raw_priv);
- *raw_pub = _gnutls_steal_datum(&tmp_raw_pub);
-
- ret = 0;
-
-cleanup:
- _gnutls_free_key_datum(&tmp_raw_priv);
- _gnutls_free_key_datum(&tmp_raw_pub);
- GNUTLS_OQS_FUNC(OQS_KEM_free)(kem);
- return ret;
-}
#else
static int ml_kem_exists(gnutls_pk_algorithm_t algo MAYBE_UNUSED)
{
switch (algo) {
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
return ml_kem_encaps(algo, ciphertext, shared_secret, pub);
default:
return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
switch (algo) {
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
return ml_kem_decaps(algo, shared_secret, ciphertext, priv);
default:
return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
zeroize_key(&sk, sizeof(sk));
return ret;
}
-#elif defined HAVE_LIBOQS
-static const char *ml_dsa_pk_to_liboqs_algo(gnutls_pk_algorithm_t algo)
-{
- switch (algo) {
- case GNUTLS_PK_MLDSA44:
- return OQS_SIG_alg_ml_dsa_44;
- case GNUTLS_PK_MLDSA65:
- return OQS_SIG_alg_ml_dsa_65;
- case GNUTLS_PK_MLDSA87:
- return OQS_SIG_alg_ml_dsa_87;
- default:
- gnutls_assert();
- return NULL;
- }
-}
-
-static int ml_dsa_exists(gnutls_pk_algorithm_t algo)
-{
- const char *algo_name;
-
- if (_gnutls_liboqs_ensure() < 0)
- return 0;
-
- algo_name = ml_dsa_pk_to_liboqs_algo(algo);
- return algo_name != NULL &&
- GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name);
-}
-
-static int ml_dsa_sign(gnutls_pk_algorithm_t algo, gnutls_datum_t *signature,
- const gnutls_datum_t *message,
- const gnutls_datum_t *raw_priv)
-{
- int ret;
- OQS_SIG *sig;
- OQS_STATUS rc;
- gnutls_datum_t tmp_signature = { NULL, 0 };
- size_t size;
- const char *algo_name;
-
- if (_gnutls_liboqs_ensure() < 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- algo_name = ml_dsa_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name)) {
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- }
-
- sig = GNUTLS_OQS_FUNC(OQS_SIG_new)(algo_name);
- if (sig == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- tmp_signature.size = sig->length_signature;
- tmp_signature.data = gnutls_malloc(tmp_signature.size);
- if (tmp_signature.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- size = tmp_signature.size;
- rc = GNUTLS_OQS_FUNC(OQS_SIG_sign)(sig, tmp_signature.data, &size,
- message->data, message->size,
- raw_priv->data);
- if (rc != OQS_SUCCESS) {
- ret = gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED);
- goto cleanup;
- }
- tmp_signature.size = size;
-
- *signature = _gnutls_steal_datum(&tmp_signature);
-
- ret = GNUTLS_E_SUCCESS;
-
-cleanup:
- _gnutls_free_datum(&tmp_signature);
- GNUTLS_OQS_FUNC(OQS_SIG_free)(sig);
- return ret;
-}
-
-static int ml_dsa_verify(gnutls_pk_algorithm_t algo,
- const gnutls_datum_t *signature,
- const gnutls_datum_t *message,
- const gnutls_datum_t *raw_pub)
-{
- int ret;
- OQS_SIG *sig;
- OQS_STATUS rc;
-
- if (_gnutls_liboqs_ensure() < 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- const char *algo_name = ml_dsa_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name)) {
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- }
-
- sig = GNUTLS_OQS_FUNC(OQS_SIG_new)(algo_name);
- if (sig == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- rc = GNUTLS_OQS_FUNC(OQS_SIG_verify)(sig, message->data, message->size,
- signature->data, signature->size,
- raw_pub->data);
- if (rc != OQS_SUCCESS) {
- ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
- goto cleanup;
- }
-
- ret = GNUTLS_E_SUCCESS;
-
-cleanup:
- GNUTLS_OQS_FUNC(OQS_SIG_free)(sig);
- return ret;
-}
-
-static int ml_dsa_generate_keypair(gnutls_pk_algorithm_t algo,
- gnutls_datum_t *raw_priv,
- gnutls_datum_t *raw_pub)
-{
- int ret;
- OQS_SIG *sig = NULL;
- gnutls_datum_t tmp_raw_priv = { NULL, 0 };
- gnutls_datum_t tmp_raw_pub = { NULL, 0 };
- OQS_STATUS rc;
-
- if (_gnutls_liboqs_ensure() < 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- const char *algo_name = ml_dsa_pk_to_liboqs_algo(algo);
- if (algo_name == NULL ||
- !GNUTLS_OQS_FUNC(OQS_SIG_alg_is_enabled)(algo_name))
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-
- sig = GNUTLS_OQS_FUNC(OQS_SIG_new)(algo_name);
- if (sig == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- tmp_raw_priv.size = sig->length_secret_key;
- tmp_raw_priv.data = gnutls_malloc(tmp_raw_priv.size);
- if (tmp_raw_priv.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- tmp_raw_pub.size = sig->length_public_key;
- tmp_raw_pub.data = gnutls_malloc(tmp_raw_pub.size);
- if (tmp_raw_pub.data == NULL) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- rc = GNUTLS_OQS_FUNC(OQS_SIG_keypair)(sig, tmp_raw_pub.data,
- tmp_raw_priv.data);
- if (rc != OQS_SUCCESS) {
- ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
- goto cleanup;
- }
-
- *raw_priv = _gnutls_steal_datum(&tmp_raw_priv);
- *raw_pub = _gnutls_steal_datum(&tmp_raw_pub);
-
- ret = GNUTLS_E_SUCCESS;
-
-cleanup:
- _gnutls_free_key_datum(&tmp_raw_priv);
- _gnutls_free_key_datum(&tmp_raw_pub);
- GNUTLS_OQS_FUNC(OQS_SIG_free)(sig);
- return ret;
-}
#else
static int ml_dsa_exists(gnutls_pk_algorithm_t algo MAYBE_UNUSED)
{
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
case GNUTLS_PK_MLDSA87:
-#if !defined(HAVE_LEANCRYPTO) && defined(HAVE_LIBOQS)
- /* As of liboqs 0.12.0, liboqs implementation lacks
- * sufficient checks for ML-DSA.
- */
- not_approved = true;
-#endif
ret = ml_dsa_sign(algo, signature, vdata, &pk_params->raw_priv);
if (ret < 0)
goto cleanup;
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
case GNUTLS_PK_MLDSA87:
-#if !defined(HAVE_LEANCRYPTO) && defined(HAVE_LIBOQS)
- /* As of liboqs 0.12.0, liboqs implementation lacks
- * sufficient checks for ML-DSA.
- */
- not_approved = true;
-#endif
ret = ml_dsa_verify(algo, signature, vdata,
&pk_params->raw_pub);
if (ret < 0)
return 1;
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
return ml_kem_exists(pk);
case GNUTLS_PK_MLDSA44:
case GNUTLS_PK_MLDSA65:
break;
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
if (!ml_kem_exists(algo)) {
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
not_approved = true;
ret = ml_kem_generate_keypair(algo, ¶ms->raw_priv,
¶ms->raw_pub);
}
case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_MLKEM1024:
-#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
-#endif
if (!ml_kem_exists(algo))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
projects / thirdparty / gnutls.git / commitdiff
