Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix for txt output length of plain PQ key material #268

Merged
merged 3 commits into from
Oct 3, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 44 additions & 33 deletions oqsprov/oqs_encode_key2any.c
Original file line number Diff line number Diff line change
Expand Up @@ -1103,7 +1103,6 @@ static int print_labeled_buf(BIO *out, const char *label,
static int oqsx_to_text(BIO *out, const void *key, int selection)
{
OQSX_KEY *okey = (OQSX_KEY *)key;
int is_hybrid = 0;

if (out == NULL || okey == NULL) {
ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
Expand All @@ -1125,7 +1124,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection)
case KEY_TYPE_ECP_HYB_KEM:
case KEY_TYPE_ECX_HYB_KEM:
case KEY_TYPE_HYB_SIG:
is_hybrid = 1;
if (BIO_printf(out, "%s hybrid private key:\n", okey->tls_name)
<= 0)
return 0;
Expand All @@ -1149,7 +1147,6 @@ static int oqsx_to_text(BIO *out, const void *key, int selection)
case KEY_TYPE_ECP_HYB_KEM:
case KEY_TYPE_ECX_HYB_KEM:
case KEY_TYPE_HYB_SIG:
is_hybrid = 1;
if (BIO_printf(out, "%s hybrid public key:\n", okey->tls_name) <= 0)
return 0;
break;
Expand All @@ -1160,40 +1157,54 @@ static int oqsx_to_text(BIO *out, const void *key, int selection)
}

if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
int classic_key_len = 0;

if (okey->numkeys > 1) {
char classic_label[200];
sprintf(classic_label,
"%s key material:", OBJ_nid2sn(okey->evp_info->nid));
DECODE_UINT32(classic_key_len, okey->privkey);
if (!print_labeled_buf(out, classic_label, okey->comp_privkey[0],
classic_key_len))
return 0;
if (okey->privkey) {
if (okey->numkeys > 1) { // hybrid key
char classic_label[200];
int classic_key_len = 0;
sprintf(classic_label,
"%s key material:", OBJ_nid2sn(okey->evp_info->nid));
DECODE_UINT32(classic_key_len, okey->privkey);
if (!print_labeled_buf(out, classic_label,
okey->comp_privkey[0], classic_key_len))
return 0;
/* finally print pure PQ key */
if (!print_labeled_buf(out, "PQ key material:",
okey->comp_privkey[okey->numkeys - 1],
okey->privkeylen - classic_key_len
- SIZE_OF_UINT32))
return 0;
} else { // plain PQ key
if (!print_labeled_buf(out, "PQ key material:",
okey->comp_privkey[okey->numkeys - 1],
okey->privkeylen))
return 0;
}
}
/* finally print pure PQ key */
if (!print_labeled_buf(
out, "PQ key material:", okey->comp_privkey[okey->numkeys - 1],
okey->privkeylen - classic_key_len - SIZE_OF_UINT32))
return 0;
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
int classic_key_len = 0;

if (okey->numkeys > 1) {
char classic_label[200];
DECODE_UINT32(classic_key_len, okey->pubkey);
sprintf(classic_label,
"%s key material:", OBJ_nid2sn(okey->evp_info->nid));
if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0],
classic_key_len))
return 0;
if (okey->pubkey) {
if (okey->numkeys > 1) { // hybrid key
char classic_label[200];
int classic_key_len = 0;
DECODE_UINT32(classic_key_len, okey->pubkey);
sprintf(classic_label,
"%s key material:", OBJ_nid2sn(okey->evp_info->nid));
if (!print_labeled_buf(out, classic_label, okey->comp_pubkey[0],
classic_key_len))
return 0;
/* finally print pure PQ key */
if (!print_labeled_buf(out, "PQ key material:",
okey->comp_pubkey[okey->numkeys - 1],
okey->pubkeylen - classic_key_len
- SIZE_OF_UINT32))
return 0;
} else { // PQ key only
if (!print_labeled_buf(out, "PQ key material:",
okey->comp_pubkey[okey->numkeys - 1],
okey->pubkeylen))
return 0;
}
}
/* finally print pure PQ key */
if (!print_labeled_buf(
out, "PQ key material:", okey->comp_pubkey[okey->numkeys - 1],
okey->pubkeylen - classic_key_len - SIZE_OF_UINT32))
return 0;
}

return 1;
Expand Down
10 changes: 10 additions & 0 deletions scripts/oqsprovider-certgen.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
#!/bin/bash

set -e
set -x

# Use newly built oqsprovider to generate certs for alg $1
# Tests use of openssl req genpkey x509 verify pkey commands

if [ $# -ne 1 ]; then
echo "Usage: $0 <algorithmname>. Exiting."
Expand Down Expand Up @@ -31,6 +35,12 @@ $OPENSSL_APP genpkey -algorithm $1 -out tmp/$1_srv.key && \
$OPENSSL_APP req -new -newkey $1 -keyout tmp/$1_srv.key -out tmp/$1_srv.csr -nodes -subj "/CN=oqstest server" && \
$OPENSSL_APP x509 -req -in tmp/$1_srv.csr -out tmp/$1_srv.crt -CA tmp/$1_CA.crt -CAkey tmp/$1_CA.key -CAcreateserial -days 365 && \
$OPENSSL_APP verify -CAfile tmp/$1_CA.crt tmp/$1_srv.crt
# test PEM/DER/TEXT encoder/decoder logic:
$OPENSSL_APP pkey -text -in tmp/$1_CA.key
$OPENSSL_APP pkey -in tmp/$1_CA.key -outform DER -out tmp/$1_CA.der
if command -v xxd &> /dev/null; then
xxd -i tmp/$1_CA.der
fi

#fails:
#$OPENSSL_APP verify -CAfile tmp/$1_CA.crt tmp/$1_srv.crt -provider oqsprovider -provider default
Expand Down