signing rebase

Signed-off-by: Felipe Ventura <[email protected]>
EntrustCorporation · Mar 13, 2024 · 314b0f8 · 314b0f8
2 parents eddab02 + 045c411
commit 314b0f8
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 35 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -166,6 +166,9 @@ adapting the OIDs of all supported signature algorithms as per the table below.
 | mldsa65_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_MLDSA65_ed25519
 | mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87
 | p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87
+| mldsa87_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_MLDSA87_p384
+| mldsa87_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_MLDSA87_bp384
+| mldsa87_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_MLDSA87_ed448
 | falcon512 | 1.3.9999.3.11 |Yes| OQS_OID_FALCON512
 | p256_falcon512 | 1.3.9999.3.12 |Yes| OQS_OID_P256_FALCON512
 | rsa3072_falcon512 | 1.3.9999.3.13 |Yes| OQS_OID_RSA3072_FALCON512

diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ This implementation makes available the following quantum safe algorithms:
 ### Signature algorithms
 
 - **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\*
-- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\*
+- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa44_pss2048`\*, `mldsa44_rsa2048`\*, `mldsa44_ed25519`\*, `mldsa44_p256`\*, `mldsa44_bp256`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa65_pss3072`\*, `mldsa65_rsa3072`\*, `mldsa65_p256`\*, `mldsa65_bp256`\*, `mldsa65_ed25519`\*, `mldsa87`\*, `p521_mldsa87`\*, `mldsa87_p384`\*, `mldsa87_bp384`\*, `mldsa87_ed448`\*
 - **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falconpadded512`\*, `p256_falconpadded512`\*, `rsa3072_falconpadded512`\*, `falcon1024`\*, `p521_falcon1024`\*, `falconpadded1024`\*, `p521_falconpadded1024`\*
 
 - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple`

diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
@@ -629,18 +629,18 @@ int oqs_patch_encodings(void)
         oqs_alg_encoding_list[53]
             = getenv("OQS_ENCODING_MLDSA87_ED448_ALGNAME");
     if (getenv("OQS_ENCODING_FALCON512"))
-        oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_FALCON512");
+        oqs_alg_encoding_list[54] = getenv("OQS_ENCODING_FALCON512");
     if (getenv("OQS_ENCODING_FALCON512_ALGNAME"))
-        oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_FALCON512_ALGNAME");
+        oqs_alg_encoding_list[55] = getenv("OQS_ENCODING_FALCON512_ALGNAME");
     if (getenv("OQS_ENCODING_P256_FALCON512"))
-        oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_P256_FALCON512");
+        oqs_alg_encoding_list[56] = getenv("OQS_ENCODING_P256_FALCON512");
     if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"))
-        oqs_alg_encoding_list[31]
+        oqs_alg_encoding_list[57]
             = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME");
     if (getenv("OQS_ENCODING_RSA3072_FALCON512"))
-        oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_RSA3072_FALCON512");
+        oqs_alg_encoding_list[58] = getenv("OQS_ENCODING_RSA3072_FALCON512");
     if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"))
-        oqs_alg_encoding_list[33]
+        oqs_alg_encoding_list[59]
             = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME");
     if (getenv("OQS_ENCODING_FALCONPADDED512"))
         oqs_alg_encoding_list[60] = getenv("OQS_ENCODING_FALCONPADDED512");
@@ -827,32 +827,6 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = {
     SIGALG("mldsa87_bp384", 384, oqs_signature_functions),
     SIGALG("mldsa87_ed448", 192, oqs_signature_functions),
 #endif
-#ifdef OQS_ENABLE_SIG_ml_dsa_44
-    SIGALG("mldsa44", 128, oqs_signature_functions),
-    SIGALG("p256_mldsa44", 128, oqs_signature_functions),
-    SIGALG("rsa3072_mldsa44", 128, oqs_signature_functions),
-    SIGALG("mldsa44_pss2048", 112, oqs_signature_functions),
-    SIGALG("mldsa44_rsa2048", 112, oqs_signature_functions),
-    SIGALG("mldsa44_ed25519", 128, oqs_signature_functions),
-    SIGALG("mldsa44_p256", 128, oqs_signature_functions),
-    SIGALG("mldsa44_bp256", 256, oqs_signature_functions),
-#endif
-#ifdef OQS_ENABLE_SIG_ml_dsa_65
-    SIGALG("mldsa65", 192, oqs_signature_functions),
-    SIGALG("p384_mldsa65", 192, oqs_signature_functions),
-    SIGALG("mldsa65_pss3072", 128, oqs_signature_functions),
-    SIGALG("mldsa65_rsa3072", 128, oqs_signature_functions),
-    SIGALG("mldsa65_p256", 128, oqs_signature_functions),
-    SIGALG("mldsa65_bp256", 256, oqs_signature_functions),
-    SIGALG("mldsa65_ed25519", 128, oqs_signature_functions),
-#endif
-#ifdef OQS_ENABLE_SIG_ml_dsa_87
-    SIGALG("mldsa87", 256, oqs_signature_functions),
-    SIGALG("p521_mldsa87", 256, oqs_signature_functions),
-    SIGALG("mldsa87_p384", 192, oqs_signature_functions),
-    SIGALG("mldsa87_bp384", 384, oqs_signature_functions),
-    SIGALG("mldsa87_ed448", 192, oqs_signature_functions),
-#endif
 #ifdef OQS_ENABLE_SIG_falcon_512
     SIGALG("falcon512", 128, oqs_signature_functions),
     SIGALG("p256_falcon512", 128, oqs_signature_functions),

diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c
@@ -1330,6 +1330,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name,
         ret->comp_privkey = OPENSSL_malloc(sizeof(void *));
         ret->comp_pubkey = OPENSSL_malloc(sizeof(void *));
         ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err);
+        ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL;
         ret->oqsx_provider_ctx.oqsx_qs_ctx.sig = OQS_SIG_new(oqs_name);
         if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.sig) {
             fprintf(
@@ -1369,6 +1370,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name,
         ret->comp_privkey = OPENSSL_malloc(sizeof(void *));
         ret->comp_pubkey = OPENSSL_malloc(sizeof(void *));
         ON_ERR_GOTO(!ret->comp_privkey || !ret->comp_pubkey, err);
+        ret->oqsx_provider_ctx.oqsx_evp_ctx = NULL;
         ret->oqsx_provider_ctx.oqsx_qs_ctx.kem = OQS_KEM_new(oqs_name);
         if (!ret->oqsx_provider_ctx.oqsx_qs_ctx.kem) {
             fprintf(
@@ -1610,7 +1612,7 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private)
         aux = SIZE_OF_UINT32;
 
     if (!key->privkey && include_private) {
-        key->privkey = OPENSSL_secure_zalloc(key->privkeylen);
+        key->privkey = OPENSSL_secure_zalloc(key->privkeylen + aux);
         ON_ERR_SET_GOTO(!key->privkey, ret, 1, err_alloc);
     }
     if (!key->pubkey && !include_private) {
@@ -1807,7 +1809,7 @@ int oqsx_key_gen(OQSX_KEY *key)
                || key->keytype == KEY_TYPE_ECX_HYB_KEM
                || key->keytype == KEY_TYPE_HYB_SIG) {
         pkey = oqsx_key_gen_evp_key(key->oqsx_provider_ctx.oqsx_evp_ctx,
-                                    key->pubkey, key->privkey);
+                                    key->pubkey, key->privkey, 1);
         ON_ERR_GOTO(pkey == NULL, err_gen);
         ret = !oqsx_key_set_composites(key);
         ON_ERR_GOTO(ret, err_gen);

diff --git a/scripts/common.py b/scripts/common.py
@@ -19,6 +19,8 @@
     'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falconpadded512','falcon1024','falconpadded1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple',
     # post-quantum + classical signatures
     'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p256_falconpadded512','rsa3072_falconpadded512','p521_falcon1024','p521_falconpadded1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple',
+    # post-quantum + classical signatures (COMPOSITE)
+    'mldsa44_pss2048','mldsa44_rsa2048','mldsa44_ed25519','mldsa44_p256','mldsa44_bp256','mldsa65_pss3072','mldsa65_rsa3072','mldsa65_p256','mldsa65_bp256','mldsa65_ed25519','mldsa87_p384','mldsa87_bp384','mldsa87_ed448',
 ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_END
 ]