// SPDX-License-Identifier: Apache-2.0 AND MIT /* * OQS OpenSSL 3 provider * * Code strongly inspired by OpenSSL legacy provider. * */ #include #include #include #include #include #include #include #include #include #include "oqs_prov.h" #ifdef NDEBUG #define OQS_PROV_PRINTF(a) #define OQS_PROV_PRINTF2(a, b) #define OQS_PROV_PRINTF3(a, b, c) #else #define OQS_PROV_PRINTF(a) if (getenv("OQSPROV")) printf(a) #define OQS_PROV_PRINTF2(a, b) if (getenv("OQSPROV")) printf(a, b) #define OQS_PROV_PRINTF3(a, b, c) if (getenv("OQSPROV")) printf(a, b, c) #endif // NDEBUG /* * Forward declarations to ensure that interface functions are correctly * defined. */ static OSSL_FUNC_provider_gettable_params_fn oqsprovider_gettable_params; static OSSL_FUNC_provider_get_params_fn oqsprovider_get_params; static OSSL_FUNC_provider_query_operation_fn oqsprovider_query; extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; /* * List of all algorithms with given OIDs */ ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #define OQS_OID_CNT 46 const char* oqs_oid_alg_list[OQS_OID_CNT] = { "1.3.6.1.4.1.2.267.7.4.4", "dilithium2", "1.3.9999.2.7.1" , "p256_dilithium2", "1.3.9999.2.7.2" , "rsa3072_dilithium2", "1.3.6.1.4.1.2.267.7.6.5", "dilithium3", "1.3.9999.2.7.3" , "p384_dilithium3", "1.3.6.1.4.1.2.267.7.8.7", "dilithium5", "1.3.9999.2.7.4" , "p521_dilithium5", "1.3.9999.3.6", "falcon512", "1.3.9999.3.7" , "p256_falcon512", "1.3.9999.3.8" , "rsa3072_falcon512", "1.3.9999.3.9", "falcon1024", "1.3.9999.3.10" , "p521_falcon1024", "1.3.9999.6.4.13", "sphincssha2128fsimple", "1.3.9999.6.4.14" , "p256_sphincssha2128fsimple", "1.3.9999.6.4.15" , "rsa3072_sphincssha2128fsimple", "1.3.9999.6.4.16", "sphincssha2128ssimple", "1.3.9999.6.4.17" , "p256_sphincssha2128ssimple", "1.3.9999.6.4.18" , "rsa3072_sphincssha2128ssimple", "1.3.9999.6.5.10", "sphincssha2192fsimple", "1.3.9999.6.5.11" , "p384_sphincssha2192fsimple", "1.3.9999.6.7.13", "sphincsshake128fsimple", "1.3.9999.6.7.14" , "p256_sphincsshake128fsimple", "1.3.9999.6.7.15" , "rsa3072_sphincsshake128fsimple", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; int oqs_patch_oids(void) { ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_START if (getenv("OQS_OID_DILITHIUM2")) oqs_oid_alg_list[0] = getenv("OQS_OID_DILITHIUM2"); if (getenv("OQS_OID_P256_DILITHIUM2")) oqs_oid_alg_list[2] = getenv("OQS_OID_P256_DILITHIUM2"); if (getenv("OQS_OID_RSA3072_DILITHIUM2")) oqs_oid_alg_list[4] = getenv("OQS_OID_RSA3072_DILITHIUM2"); if (getenv("OQS_OID_DILITHIUM3")) oqs_oid_alg_list[6] = getenv("OQS_OID_DILITHIUM3"); if (getenv("OQS_OID_P384_DILITHIUM3")) oqs_oid_alg_list[8] = getenv("OQS_OID_P384_DILITHIUM3"); if (getenv("OQS_OID_DILITHIUM5")) oqs_oid_alg_list[10] = getenv("OQS_OID_DILITHIUM5"); if (getenv("OQS_OID_P521_DILITHIUM5")) oqs_oid_alg_list[12] = getenv("OQS_OID_P521_DILITHIUM5"); if (getenv("OQS_OID_FALCON512")) oqs_oid_alg_list[14] = getenv("OQS_OID_FALCON512"); if (getenv("OQS_OID_P256_FALCON512")) oqs_oid_alg_list[16] = getenv("OQS_OID_P256_FALCON512"); if (getenv("OQS_OID_RSA3072_FALCON512")) oqs_oid_alg_list[18] = getenv("OQS_OID_RSA3072_FALCON512"); if (getenv("OQS_OID_FALCON1024")) oqs_oid_alg_list[20] = getenv("OQS_OID_FALCON1024"); if (getenv("OQS_OID_P521_FALCON1024")) oqs_oid_alg_list[22] = getenv("OQS_OID_P521_FALCON1024"); if (getenv("OQS_OID_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[24] = getenv("OQS_OID_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[26] = getenv("OQS_OID_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_oid_alg_list[28] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[30] = getenv("OQS_OID_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[32] = getenv("OQS_OID_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_oid_alg_list[34] = getenv("OQS_OID_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_OID_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[36] = getenv("OQS_OID_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE")) oqs_oid_alg_list[38] = getenv("OQS_OID_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[40] = getenv("OQS_OID_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[42] = getenv("OQS_OID_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_oid_alg_list[44] = getenv("OQS_OID_RSA3072_SPHINCSSHAKE128FSIMPLE"); ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } #ifdef USE_ENCODING_LIB const char* oqs_alg_encoding_list[OQS_OID_CNT] = { 0 }; int oqs_patch_encodings(void) { ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_START if (getenv("OQS_ENCODING_DILITHIUM2")) oqs_alg_encoding_list[0] = getenv("OQS_ENCODING_DILITHIUM2"); if (getenv("OQS_ENCODING_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[1] = getenv("OQS_ENCODING_DILITHIUM2_ALGNAME"); if (getenv("OQS_ENCODING_P256_DILITHIUM2")) oqs_alg_encoding_list[2] = getenv("OQS_ENCODING_P256_DILITHIUM2"); if (getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[3] = getenv("OQS_ENCODING_P256_DILITHIUM2_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2")) oqs_alg_encoding_list[4] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2"); if (getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME")) oqs_alg_encoding_list[5] = getenv("OQS_ENCODING_RSA3072_DILITHIUM2_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM3")) oqs_alg_encoding_list[6] = getenv("OQS_ENCODING_DILITHIUM3"); if (getenv("OQS_ENCODING_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[7] = getenv("OQS_ENCODING_DILITHIUM3_ALGNAME"); if (getenv("OQS_ENCODING_P384_DILITHIUM3")) oqs_alg_encoding_list[8] = getenv("OQS_ENCODING_P384_DILITHIUM3"); if (getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME")) oqs_alg_encoding_list[9] = getenv("OQS_ENCODING_P384_DILITHIUM3_ALGNAME"); if (getenv("OQS_ENCODING_DILITHIUM5")) oqs_alg_encoding_list[10] = getenv("OQS_ENCODING_DILITHIUM5"); if (getenv("OQS_ENCODING_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[11] = getenv("OQS_ENCODING_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_P521_DILITHIUM5")) oqs_alg_encoding_list[12] = getenv("OQS_ENCODING_P521_DILITHIUM5"); if (getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME")) oqs_alg_encoding_list[13] = getenv("OQS_ENCODING_P521_DILITHIUM5_ALGNAME"); if (getenv("OQS_ENCODING_FALCON512")) oqs_alg_encoding_list[14] = getenv("OQS_ENCODING_FALCON512"); if (getenv("OQS_ENCODING_FALCON512_ALGNAME")) oqs_alg_encoding_list[15] = getenv("OQS_ENCODING_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_P256_FALCON512")) oqs_alg_encoding_list[16] = getenv("OQS_ENCODING_P256_FALCON512"); if (getenv("OQS_ENCODING_P256_FALCON512_ALGNAME")) oqs_alg_encoding_list[17] = getenv("OQS_ENCODING_P256_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_FALCON512")) oqs_alg_encoding_list[18] = getenv("OQS_ENCODING_RSA3072_FALCON512"); if (getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME")) oqs_alg_encoding_list[19] = getenv("OQS_ENCODING_RSA3072_FALCON512_ALGNAME"); if (getenv("OQS_ENCODING_FALCON1024")) oqs_alg_encoding_list[20] = getenv("OQS_ENCODING_FALCON1024"); if (getenv("OQS_ENCODING_FALCON1024_ALGNAME")) oqs_alg_encoding_list[21] = getenv("OQS_ENCODING_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_P521_FALCON1024")) oqs_alg_encoding_list[22] = getenv("OQS_ENCODING_P521_FALCON1024"); if (getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME")) oqs_alg_encoding_list[23] = getenv("OQS_ENCODING_P521_FALCON1024_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[24] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[25] = getenv("OQS_ENCODING_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[26] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[27] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE")) oqs_alg_encoding_list[28] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[29] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[30] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[31] = getenv("OQS_ENCODING_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[32] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[33] = getenv("OQS_ENCODING_P256_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE")) oqs_alg_encoding_list[34] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME")) oqs_alg_encoding_list[35] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHA2128SSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[36] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[37] = getenv("OQS_ENCODING_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE")) oqs_alg_encoding_list[38] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE"); if (getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME")) oqs_alg_encoding_list[39] = getenv("OQS_ENCODING_P384_SPHINCSSHA2192FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[40] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[41] = getenv("OQS_ENCODING_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[42] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[43] = getenv("OQS_ENCODING_P256_SPHINCSSHAKE128FSIMPLE_ALGNAME"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE")) oqs_alg_encoding_list[44] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE"); if (getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME")) oqs_alg_encoding_list[45] = getenv("OQS_ENCODING_RSA3072_SPHINCSSHAKE128FSIMPLE_ALGNAME"); ///// OQS_TEMPLATE_FRAGMENT_ENCODING_PATCHING_END return 1; } #endif #define SIGALG(NAMES, SECBITS, FUNC) { NAMES, "provider=oqsprovider,oqsprovider.security_bits="#SECBITS"", FUNC } #define KEMBASEALG(NAMES, SECBITS) \ { "" #NAMES "", "provider=oqsprovider,oqsprovider.security_bits="#SECBITS"", oqs_generic_kem_functions }, #define KEMHYBALG(NAMES, SECBITS) \ { "" #NAMES "", "provider=oqsprovider,oqsprovider.security_bits="#SECBITS"", oqs_hybrid_kem_functions }, #define KEMKMALG(NAMES, SECBITS) \ { "" #NAMES "", "provider=oqsprovider,oqsprovider.security_bits="#SECBITS"" , oqs_##NAMES##_keymgmt_functions }, #define KEMKMHYBALG(NAMES, SECBITS, HYBTYPE) \ { "" #NAMES "", "provider=oqsprovider,oqsprovider.security_bits="#SECBITS"" , oqs_##HYBTYPE##_##NAMES##_keymgmt_functions }, /* Functions provided by the core */ static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL; static OSSL_FUNC_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ static const OSSL_PARAM oqsprovider_param_types[] = { OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_END }; static const OSSL_ALGORITHM oqsprovider_signatures[] = { ///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_START #ifdef OQS_ENABLE_SIG_dilithium_2 SIGALG("dilithium2", 128, oqs_signature_functions), SIGALG("p256_dilithium2", 128, oqs_signature_functions), SIGALG("rsa3072_dilithium2", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_signature_functions), SIGALG("p384_dilithium3", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_signature_functions), SIGALG("p521_dilithium5", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_signature_functions), SIGALG("p256_falcon512", 128, oqs_signature_functions), SIGALG("rsa3072_falcon512", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_signature_functions), SIGALG("p521_falcon1024", 256, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_signature_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_signature_functions), SIGALG("rsa3072_sphincssha2128fsimple", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple SIGALG("sphincssha2128ssimple", 128, oqs_signature_functions), SIGALG("p256_sphincssha2128ssimple", 128, oqs_signature_functions), SIGALG("rsa3072_sphincssha2128ssimple", 128, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple SIGALG("sphincssha2192fsimple", 192, oqs_signature_functions), SIGALG("p384_sphincssha2192fsimple", 192, oqs_signature_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple SIGALG("sphincsshake128fsimple", 128, oqs_signature_functions), SIGALG("p256_sphincsshake128fsimple", 128, oqs_signature_functions), SIGALG("rsa3072_sphincsshake128fsimple", 128, oqs_signature_functions), #endif ///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END { NULL, NULL, NULL } }; static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_START #ifdef OQS_ENABLE_KEM_frodokem_640_aes KEMBASEALG(frodo640aes, 128) KEMHYBALG(p256_frodo640aes, 128) KEMHYBALG(x25519_frodo640aes, 128) #endif #ifdef OQS_ENABLE_KEM_frodokem_640_shake KEMBASEALG(frodo640shake, 128) KEMHYBALG(p256_frodo640shake, 128) KEMHYBALG(x25519_frodo640shake, 128) #endif #ifdef OQS_ENABLE_KEM_frodokem_976_aes KEMBASEALG(frodo976aes, 192) KEMHYBALG(p384_frodo976aes, 192) KEMHYBALG(x448_frodo976aes, 192) #endif #ifdef OQS_ENABLE_KEM_frodokem_976_shake KEMBASEALG(frodo976shake, 192) KEMHYBALG(p384_frodo976shake, 192) KEMHYBALG(x448_frodo976shake, 192) #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_aes KEMBASEALG(frodo1344aes, 256) KEMHYBALG(p521_frodo1344aes, 256) #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_shake KEMBASEALG(frodo1344shake, 256) KEMHYBALG(p521_frodo1344shake, 256) #endif #ifdef OQS_ENABLE_KEM_kyber_512 KEMBASEALG(kyber512, 128) KEMHYBALG(p256_kyber512, 128) KEMHYBALG(x25519_kyber512, 128) #endif #ifdef OQS_ENABLE_KEM_kyber_768 KEMBASEALG(kyber768, 192) KEMHYBALG(p384_kyber768, 192) KEMHYBALG(x448_kyber768, 192) KEMHYBALG(x25519_kyber768, 128) KEMHYBALG(p256_kyber768, 128) #endif #ifdef OQS_ENABLE_KEM_kyber_1024 KEMBASEALG(kyber1024, 256) KEMHYBALG(p521_kyber1024, 256) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMBASEALG(bikel1, 128) KEMHYBALG(p256_bikel1, 128) KEMHYBALG(x25519_bikel1, 128) #endif #ifdef OQS_ENABLE_KEM_bike_l3 KEMBASEALG(bikel3, 192) KEMHYBALG(p384_bikel3, 192) KEMHYBALG(x448_bikel3, 192) #endif #ifdef OQS_ENABLE_KEM_bike_l5 KEMBASEALG(bikel5, 256) KEMHYBALG(p521_bikel5, 256) #endif #ifdef OQS_ENABLE_KEM_hqc_128 KEMBASEALG(hqc128, 128) KEMHYBALG(p256_hqc128, 128) KEMHYBALG(x25519_hqc128, 128) #endif #ifdef OQS_ENABLE_KEM_hqc_192 KEMBASEALG(hqc192, 192) KEMHYBALG(p384_hqc192, 192) KEMHYBALG(x448_hqc192, 192) #endif #ifdef OQS_ENABLE_KEM_hqc_256 KEMBASEALG(hqc256, 256) KEMHYBALG(p521_hqc256, 256) #endif ///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END { NULL, NULL, NULL } }; static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_START #ifdef OQS_ENABLE_SIG_dilithium_2 SIGALG("dilithium2", 128, oqs_dilithium2_keymgmt_functions), SIGALG("p256_dilithium2", 128, oqs_p256_dilithium2_keymgmt_functions), SIGALG("rsa3072_dilithium2", 128, oqs_rsa3072_dilithium2_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_3 SIGALG("dilithium3", 192, oqs_dilithium3_keymgmt_functions), SIGALG("p384_dilithium3", 192, oqs_p384_dilithium3_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_dilithium_5 SIGALG("dilithium5", 256, oqs_dilithium5_keymgmt_functions), SIGALG("p521_dilithium5", 256, oqs_p521_dilithium5_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_512 SIGALG("falcon512", 128, oqs_falcon512_keymgmt_functions), SIGALG("p256_falcon512", 128, oqs_p256_falcon512_keymgmt_functions), SIGALG("rsa3072_falcon512", 128, oqs_rsa3072_falcon512_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_falcon_1024 SIGALG("falcon1024", 256, oqs_falcon1024_keymgmt_functions), SIGALG("p521_falcon1024", 256, oqs_p521_falcon1024_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128f_simple SIGALG("sphincssha2128fsimple", 128, oqs_sphincssha2128fsimple_keymgmt_functions), SIGALG("p256_sphincssha2128fsimple", 128, oqs_p256_sphincssha2128fsimple_keymgmt_functions), SIGALG("rsa3072_sphincssha2128fsimple", 128, oqs_rsa3072_sphincssha2128fsimple_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_128s_simple SIGALG("sphincssha2128ssimple", 128, oqs_sphincssha2128ssimple_keymgmt_functions), SIGALG("p256_sphincssha2128ssimple", 128, oqs_p256_sphincssha2128ssimple_keymgmt_functions), SIGALG("rsa3072_sphincssha2128ssimple", 128, oqs_rsa3072_sphincssha2128ssimple_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_sha2_192f_simple SIGALG("sphincssha2192fsimple", 192, oqs_sphincssha2192fsimple_keymgmt_functions), SIGALG("p384_sphincssha2192fsimple", 192, oqs_p384_sphincssha2192fsimple_keymgmt_functions), #endif #ifdef OQS_ENABLE_SIG_sphincs_shake_128f_simple SIGALG("sphincsshake128fsimple", 128, oqs_sphincsshake128fsimple_keymgmt_functions), SIGALG("p256_sphincsshake128fsimple", 128, oqs_p256_sphincsshake128fsimple_keymgmt_functions), SIGALG("rsa3072_sphincsshake128fsimple", 128, oqs_rsa3072_sphincsshake128fsimple_keymgmt_functions), #endif #ifdef OQS_ENABLE_KEM_frodokem_640_aes KEMKMALG(frodo640aes, 128) KEMKMHYBALG(p256_frodo640aes, 128, ecp) KEMKMHYBALG(x25519_frodo640aes, 128, ecx) #endif #ifdef OQS_ENABLE_KEM_frodokem_640_shake KEMKMALG(frodo640shake, 128) KEMKMHYBALG(p256_frodo640shake, 128, ecp) KEMKMHYBALG(x25519_frodo640shake, 128, ecx) #endif #ifdef OQS_ENABLE_KEM_frodokem_976_aes KEMKMALG(frodo976aes, 192) KEMKMHYBALG(p384_frodo976aes, 192, ecp) KEMKMHYBALG(x448_frodo976aes, 192, ecx) #endif #ifdef OQS_ENABLE_KEM_frodokem_976_shake KEMKMALG(frodo976shake, 192) KEMKMHYBALG(p384_frodo976shake, 192, ecp) KEMKMHYBALG(x448_frodo976shake, 192, ecx) #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_aes KEMKMALG(frodo1344aes, 256) KEMKMHYBALG(p521_frodo1344aes, 256, ecp) #endif #ifdef OQS_ENABLE_KEM_frodokem_1344_shake KEMKMALG(frodo1344shake, 256) KEMKMHYBALG(p521_frodo1344shake, 256, ecp) #endif #ifdef OQS_ENABLE_KEM_kyber_512 KEMKMALG(kyber512, 128) KEMKMHYBALG(p256_kyber512, 128, ecp) KEMKMHYBALG(x25519_kyber512, 128, ecx) #endif #ifdef OQS_ENABLE_KEM_kyber_768 KEMKMALG(kyber768, 192) KEMKMHYBALG(p384_kyber768, 192, ecp) KEMKMHYBALG(x448_kyber768, 192, ecx) KEMKMHYBALG(x25519_kyber768, 128, ecx) KEMKMHYBALG(p256_kyber768, 128, ecp) #endif #ifdef OQS_ENABLE_KEM_kyber_1024 KEMKMALG(kyber1024, 256) KEMKMHYBALG(p521_kyber1024, 256, ecp) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMKMALG(bikel1, 128) KEMKMHYBALG(p256_bikel1, 128, ecp) KEMKMHYBALG(x25519_bikel1, 128, ecx) #endif #ifdef OQS_ENABLE_KEM_bike_l3 KEMKMALG(bikel3, 192) KEMKMHYBALG(p384_bikel3, 192, ecp) KEMKMHYBALG(x448_bikel3, 192, ecx) #endif #ifdef OQS_ENABLE_KEM_bike_l5 KEMKMALG(bikel5, 256) KEMKMHYBALG(p521_bikel5, 256, ecp) #endif #ifdef OQS_ENABLE_KEM_hqc_128 KEMKMALG(hqc128, 128) KEMKMHYBALG(p256_hqc128, 128, ecp) KEMKMHYBALG(x25519_hqc128, 128, ecx) #endif #ifdef OQS_ENABLE_KEM_hqc_192 KEMKMALG(hqc192, 192) KEMKMHYBALG(p384_hqc192, 192, ecp) KEMKMHYBALG(x448_hqc192, 192, ecx) #endif #ifdef OQS_ENABLE_KEM_hqc_256 KEMKMALG(hqc256, 256) KEMKMHYBALG(p521_hqc256, 256, ecp) #endif ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END //ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), { NULL, NULL, NULL } }; static const OSSL_ALGORITHM oqsprovider_encoder[] = { #define ENCODER_PROVIDER "oqsprovider" #include "oqsencoders.inc" { NULL, NULL, NULL } #undef ENCODER_PROVIDER }; static const OSSL_ALGORITHM oqsprovider_decoder[] = { #define DECODER_PROVIDER "oqsprovider" #include "oqsdecoders.inc" { NULL, NULL, NULL } #undef DECODER_PROVIDER }; static const OSSL_PARAM *oqsprovider_gettable_params(void *provctx) { return oqsprovider_param_types; } #define OQS_PROVIDER_BASE_BUILD_INFO_STR "OQS Provider v." OQS_PROVIDER_VERSION_STR OQS_PROVIDER_COMMIT " based on liboqs v." OQS_VERSION_TEXT #ifdef QSC_ENCODING_VERSION_STRING #define OQS_PROVIDER_BUILD_INFO_STR OQS_PROVIDER_BASE_BUILD_INFO_STR " using qsc-key-encoder v." QSC_ENCODING_VERSION_STRING #else #define OQS_PROVIDER_BUILD_INFO_STR OQS_PROVIDER_BASE_BUILD_INFO_STR #endif static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL OQS Provider")) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OQS_PROVIDER_VERSION_STR)) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OQS_PROVIDER_BUILD_INFO_STR)) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); if (p != NULL && !OSSL_PARAM_set_int(p, 1)) // provider is always running return 0; return 1; } static const OSSL_ALGORITHM *oqsprovider_query(void *provctx, int operation_id, int *no_cache) { *no_cache = 0; switch (operation_id) { case OSSL_OP_SIGNATURE: return oqsprovider_signatures; case OSSL_OP_KEM: return oqsprovider_asym_kems; case OSSL_OP_KEYMGMT: return oqsprovider_keymgmt; case OSSL_OP_ENCODER: return oqsprovider_encoder; case OSSL_OP_DECODER: return oqsprovider_decoder; default: if (getenv("OQSPROV")) printf("Unknown operation %d requested from OQS provider\n", operation_id); } return NULL; } static void oqsprovider_teardown(void *provctx) { oqsx_freeprovctx((PROV_OQS_CTX*)provctx); OQS_destroy(); } /* Functions we provide to the core */ static const OSSL_DISPATCH oqsprovider_dispatch_table[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))oqsprovider_teardown }, { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))oqsprovider_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))oqsprovider_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))oqsprovider_query }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))oqs_provider_get_capabilities }, { 0, NULL } }; int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { const OSSL_DISPATCH *orig_in=in; OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL; OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL; BIO_METHOD *corebiometh; OSSL_LIB_CTX *libctx = NULL; int i, rc = 0; OQS_init(); if (!oqs_prov_bio_from_dispatch(in)) return 0; if (!oqs_patch_codepoints()) return 0; if (!oqs_patch_oids()) return 0; #ifdef USE_ENCODING_LIB if (!oqs_patch_encodings()) return 0; #endif for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_GETTABLE_PARAMS: c_gettable_params = OSSL_FUNC_core_gettable_params(in); break; case OSSL_FUNC_CORE_GET_PARAMS: c_get_params = OSSL_FUNC_core_get_params(in); break; case OSSL_FUNC_CORE_OBJ_CREATE: c_obj_create = OSSL_FUNC_core_obj_create(in); break; case OSSL_FUNC_CORE_OBJ_ADD_SIGID: c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); break; /* Just ignore anything we don't understand */ default: break; } } // we need these functions: if (c_obj_create == NULL || c_obj_add_sigid==NULL) return 0; // insert all OIDs to the global objects list for (i=0; i