return ret;
}
+#ifdef HAVE_LIBOQS
+static const char *pk_to_liboqs_algo(gnutls_pk_algorithm_t algo)
+{
+ switch (algo) {
+ case GNUTLS_PK_MLKEM768:
+ return OQS_KEM_alg_ml_kem_768;
+ case GNUTLS_PK_EXP_KYBER768:
+ return OQS_KEM_alg_kyber_768;
+ default:
+ gnutls_assert();
+ return NULL;
+ }
+}
+#endif
+
static int _wrap_nettle_pk_encaps(gnutls_pk_algorithm_t algo,
gnutls_datum_t *ciphertext,
gnutls_datum_t *shared_secret,
switch (algo) {
#ifdef HAVE_LIBOQS
+ case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
+ const char *algo_name;
OQS_STATUS rc;
- if (_gnutls_liboqs_ensure() < 0 ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768))
+ if (_gnutls_liboqs_ensure() < 0)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
+ kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
if (kem == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
switch (algo) {
#ifdef HAVE_LIBOQS
+ case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
+ const char *algo_name;
OQS_STATUS rc;
- if (_gnutls_liboqs_ensure() < 0 ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768))
+ if (_gnutls_liboqs_ensure() < 0)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
+ kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
if (kem == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
case GNUTLS_PK_EDDSA_ED448:
return 1;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
- return _gnutls_liboqs_ensure() == 0 &&
- GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768);
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_EXP_KYBER768: {
+ const char *algo_name;
+
+ if (_gnutls_liboqs_ensure() < 0)
+ return 0;
+
+ algo_name = pk_to_liboqs_algo(pk);
+ return algo_name != NULL &&
+ GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name);
+ }
#endif
default:
return 0;
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
#endif
+ case GNUTLS_PK_MLKEM768:
break;
default:
gnutls_assert();
case GNUTLS_PK_ECDH_X448:
break;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
- if (_gnutls_liboqs_ensure() < 0 ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768)) {
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_EXP_KYBER768: {
+ const char *algo_name;
+
+ if (_gnutls_liboqs_ensure() < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ goto cleanup;
+ }
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name)) {
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
+ }
#endif
- break;
+ break;
default:
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
break;
}
#ifdef HAVE_LIBOQS
+ case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
+ const char *algo_name;
OQS_STATUS rc;
- if (_gnutls_liboqs_ensure() < 0 ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768)) {
+ if (_gnutls_liboqs_ensure() < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ goto cleanup;
+ }
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name)) {
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
not_approved = true;
- kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(OQS_KEM_alg_kyber_768);
+ kem = GNUTLS_OQS_FUNC(OQS_KEM_new)(algo_name);
if (kem == NULL) {
ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
goto cleanup;
break;
}
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_EXP_KYBER768:
- if (_gnutls_liboqs_ensure() < 0 ||
- !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(
- OQS_KEM_alg_kyber_768))
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_EXP_KYBER768: {
+ const char *algo_name;
+
+ if (_gnutls_liboqs_ensure() < 0)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+
+ algo_name = pk_to_liboqs_algo(algo);
+ if (algo_name == NULL ||
+ !GNUTLS_OQS_FUNC(OQS_KEM_alg_is_enabled)(algo_name))
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
ret = 0;
break;
+ }
#endif
#if ENABLE_GOST
case GNUTLS_PK_GOST_01:
#include "config.h"
#endif
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
gnutls_free(signature.data);
}
-static unsigned int is_approved_pk_algo(gnutls_pk_algorithm_t algo)
+static bool is_approved_pk_algo(gnutls_pk_algorithm_t algo)
{
switch (algo) {
case GNUTLS_PK_RSA:
case GNUTLS_PK_RSA_PSS:
case GNUTLS_PK_RSA_OAEP:
case GNUTLS_PK_EC:
- return 1;
+ return true;
default:
- return 0;
+ return false;
}
}
+static bool is_supported_pk_algo(gnutls_pk_algorithm_t algo)
+{
+ const gnutls_pk_algorithm_t *p;
+
+ for (p = gnutls_pk_list(); *p != GNUTLS_PK_UNKNOWN; p++) {
+ if (*p == algo)
+ return true;
+ }
+
+ return false;
+}
+
void doit(void)
{
gnutls_x509_privkey_t pkey, dst;
for (i = 0; i < MAX_TRIES; i++) {
for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX;
algorithm++) {
+ if (!is_supported_pk_algo(algorithm))
+ continue;
+
if (algorithm == GNUTLS_PK_DH ||
#ifndef ENABLE_DSA
algorithm == GNUTLS_PK_DSA ||
#endif
algorithm == GNUTLS_PK_ECDH_X25519 ||
- algorithm == GNUTLS_PK_ECDH_X448)
+ algorithm == GNUTLS_PK_ECDH_X448 ||
+ algorithm == GNUTLS_PK_MLKEM768)
continue;
if (algorithm == GNUTLS_PK_GOST_01 ||
projects / thirdparty / gnutls.git / commitdiff
