oqs: Support of Falcon signature algorithms
This commit is contained in:
parent
eeb5cf36fb
commit
ff11243b8e
|
@ -60,6 +60,8 @@ chunk_t asn1_algorithmIdentifier(int oid)
|
|||
case OID_DILITHIUM_2:
|
||||
case OID_DILITHIUM_3:
|
||||
case OID_DILITHIUM_4:
|
||||
case OID_FALCON_512:
|
||||
case OID_FALCON_1024:
|
||||
parameters = chunk_empty;
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -421,6 +421,11 @@
|
|||
0x25 "sect409r1" OID_SECT409R1
|
||||
0x26 "sect571k1" OID_SECT571K1
|
||||
0x27 "sect571r1" OID_SECT571R1
|
||||
0xCE ""
|
||||
0x0F "Reserved"
|
||||
0x03 "Falcon"
|
||||
0x01 "falcon512" OID_FALCON_512
|
||||
0x04 "falcon1024" OID_FALCON_1024
|
||||
0x60 ""
|
||||
0x86 ""
|
||||
0x48 ""
|
||||
|
|
|
@ -601,6 +601,8 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
|
|||
{ "identity", SIGN_DILITHIUM_2, KEY_DILITHIUM_2, },
|
||||
{ "identity", SIGN_DILITHIUM_3, KEY_DILITHIUM_3, },
|
||||
{ "identity", SIGN_DILITHIUM_4, KEY_DILITHIUM_4, },
|
||||
{ "identity", SIGN_FALCON_512, KEY_FALCON_512, },
|
||||
{ "identity", SIGN_FALCON_1024, KEY_FALCON_1024, },
|
||||
};
|
||||
|
||||
if (expected_strength != AUTH_RULE_MAX)
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
#include "public_key.h"
|
||||
#include "signature_params.h"
|
||||
|
||||
ENUM(key_type_names, KEY_ANY, KEY_DILITHIUM_4,
|
||||
ENUM(key_type_names, KEY_ANY, KEY_FALCON_1024,
|
||||
"ANY",
|
||||
"RSA",
|
||||
"ECDSA",
|
||||
|
@ -30,9 +30,11 @@ ENUM(key_type_names, KEY_ANY, KEY_DILITHIUM_4,
|
|||
"Dilithium2",
|
||||
"Dilithium3",
|
||||
"Dilithium4",
|
||||
"Falcon512",
|
||||
"Falcon1024",
|
||||
);
|
||||
|
||||
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_DILITHIUM_4,
|
||||
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_FALCON_1024,
|
||||
"UNKNOWN",
|
||||
"RSA_EMSA_PKCS1_NULL",
|
||||
"RSA_EMSA_PKCS1_MD5",
|
||||
|
@ -59,6 +61,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_DILITHIUM_4,
|
|||
"DILITHIUM_2",
|
||||
"DILITHIUM_3",
|
||||
"DILITHIUM_4",
|
||||
"FALCON_512",
|
||||
"FALCON_1024",
|
||||
);
|
||||
|
||||
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
|
||||
|
@ -131,6 +135,10 @@ int key_type_to_oid(key_type_t type)
|
|||
return OID_DILITHIUM_3;
|
||||
case KEY_DILITHIUM_4:
|
||||
return OID_DILITHIUM_4;
|
||||
case KEY_FALCON_512:
|
||||
return OID_FALCON_512;
|
||||
case KEY_FALCON_1024:
|
||||
return OID_FALCON_1024;
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
|
@ -153,6 +161,10 @@ key_type_t key_type_from_oid(int oid)
|
|||
return KEY_DILITHIUM_3;
|
||||
case OID_DILITHIUM_4:
|
||||
return KEY_DILITHIUM_4;
|
||||
case OID_FALCON_512:
|
||||
return KEY_FALCON_512;
|
||||
case OID_FALCON_1024:
|
||||
return KEY_FALCON_1024;
|
||||
default:
|
||||
return KEY_ANY;
|
||||
}
|
||||
|
@ -212,6 +224,10 @@ signature_scheme_t signature_scheme_from_oid(int oid)
|
|||
return SIGN_DILITHIUM_3;
|
||||
case OID_DILITHIUM_4:
|
||||
return SIGN_DILITHIUM_4;
|
||||
case OID_FALCON_512:
|
||||
return SIGN_FALCON_512;
|
||||
case OID_FALCON_1024:
|
||||
return SIGN_FALCON_1024;
|
||||
}
|
||||
return SIGN_UNKNOWN;
|
||||
}
|
||||
|
@ -270,6 +286,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
|
|||
return OID_DILITHIUM_3;
|
||||
case SIGN_DILITHIUM_4:
|
||||
return OID_DILITHIUM_4;
|
||||
case SIGN_FALCON_512:
|
||||
return OID_FALCON_512;
|
||||
case SIGN_FALCON_1024:
|
||||
return OID_FALCON_1024;
|
||||
}
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
|
@ -314,6 +334,8 @@ static struct {
|
|||
{ KEY_DILITHIUM_2, 0, { .scheme = SIGN_DILITHIUM_2}},
|
||||
{ KEY_DILITHIUM_3, 0, { .scheme = SIGN_DILITHIUM_3}},
|
||||
{ KEY_DILITHIUM_4, 0, { .scheme = SIGN_DILITHIUM_4}},
|
||||
{ KEY_FALCON_512, 0, { .scheme = SIGN_FALCON_512}},
|
||||
{ KEY_FALCON_1024, 0, { .scheme = SIGN_FALCON_1024}},
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -408,6 +430,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
|
|||
return KEY_DILITHIUM_3;
|
||||
case SIGN_DILITHIUM_4:
|
||||
return KEY_DILITHIUM_4;
|
||||
case SIGN_FALCON_512:
|
||||
return KEY_FALCON_512;
|
||||
case SIGN_FALCON_1024:
|
||||
return KEY_FALCON_1024;
|
||||
}
|
||||
return KEY_ANY;
|
||||
}
|
||||
|
|
|
@ -53,6 +53,10 @@ enum key_type_t {
|
|||
KEY_DILITHIUM_3 = 7,
|
||||
/** Dilithium4 NIST Round 3 Submission candidate */
|
||||
KEY_DILITHIUM_4 = 8,
|
||||
/** Falcon512 NIST Round 3 Submission candidate */
|
||||
KEY_FALCON_512 = 9,
|
||||
/** Falcon1024 NIST Round 3 Submission candidate */
|
||||
KEY_FALCON_1024 = 10,
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -120,6 +124,10 @@ enum signature_scheme_t {
|
|||
SIGN_DILITHIUM_3,
|
||||
/** Dilithium4 NIST Round 3 Submission signature */
|
||||
SIGN_DILITHIUM_4,
|
||||
/** Falcon512 NIST Round 3 Submission signature */
|
||||
SIGN_FALCON_512,
|
||||
/** Falcon1024 NIST Round 3 Submission signature */
|
||||
SIGN_FALCON_1024,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -158,6 +158,8 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
|
|||
case OID_DILITHIUM_2:
|
||||
case OID_DILITHIUM_3:
|
||||
case OID_DILITHIUM_4:
|
||||
case OID_FALCON_512:
|
||||
case OID_FALCON_1024:
|
||||
return HASH_IDENTITY;
|
||||
default:
|
||||
return HASH_UNKNOWN;
|
||||
|
@ -503,6 +505,22 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
|
|||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
case KEY_FALCON_512:
|
||||
switch (alg)
|
||||
{
|
||||
case HASH_IDENTITY:
|
||||
return OID_FALCON_512;
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
case KEY_FALCON_1024:
|
||||
switch (alg)
|
||||
{
|
||||
case HASH_IDENTITY:
|
||||
return OID_FALCON_1024;
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
|
@ -532,6 +550,8 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
|
|||
case SIGN_DILITHIUM_2:
|
||||
case SIGN_DILITHIUM_3:
|
||||
case SIGN_DILITHIUM_4:
|
||||
case SIGN_FALCON_512:
|
||||
case SIGN_FALCON_1024:
|
||||
return HASH_IDENTITY;
|
||||
case SIGN_RSA_EMSA_PKCS1_MD5:
|
||||
return HASH_MD5;
|
||||
|
|
|
@ -72,23 +72,33 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
|
||||
PLUGIN_REGISTER(PRIVKEY_GEN, oqs_private_key_gen, FALSE),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_FALCON_512),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_FALCON_1024),
|
||||
PLUGIN_REGISTER(PUBKEY, oqs_public_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_FALCON_512),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_FALCON_1024),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
|
||||
/* signature schemes, private */
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_FALCON_512),
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_FALCON_1024),
|
||||
/* signature verification schemes */
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_FALCON_512),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_FALCON_1024),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
|
|
|
@ -114,7 +114,7 @@ METHOD(private_key_t, decrypt, bool,
|
|||
METHOD(private_key_t, get_keysize, int,
|
||||
private_oqs_private_key_t *this)
|
||||
{
|
||||
return this->public_key.len;
|
||||
return BITS_PER_BYTE * this->public_key.len;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
|
@ -222,6 +222,12 @@ static private_oqs_private_key_t *oqs_private_key_create_empty(key_type_t type)
|
|||
case KEY_DILITHIUM_4:
|
||||
sig_alg = OQS_SIG_alg_dilithium_4;
|
||||
break;
|
||||
case KEY_FALCON_512:
|
||||
sig_alg = OQS_SIG_alg_falcon_512;
|
||||
break;
|
||||
case KEY_FALCON_1024:
|
||||
sig_alg = OQS_SIG_alg_falcon_1024;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -90,7 +90,7 @@ METHOD(public_key_t, encrypt_, bool,
|
|||
METHOD(public_key_t, get_keysize, int,
|
||||
private_oqs_public_key_t *this)
|
||||
{
|
||||
return this->public_key.len;
|
||||
return BITS_PER_BYTE * this->public_key.len;
|
||||
}
|
||||
|
||||
static chunk_t public_key_info_encode(chunk_t pubkey, int oid)
|
||||
|
@ -276,6 +276,12 @@ end:
|
|||
case KEY_DILITHIUM_4:
|
||||
sig_alg = OQS_SIG_alg_dilithium_4;
|
||||
break;
|
||||
case KEY_FALCON_512:
|
||||
sig_alg = OQS_SIG_alg_falcon_512;
|
||||
break;
|
||||
case KEY_FALCON_1024:
|
||||
sig_alg = OQS_SIG_alg_falcon_1024;
|
||||
break;
|
||||
default:
|
||||
destroy(this);
|
||||
return NULL;
|
||||
|
@ -302,6 +308,8 @@ bool oqs_supported(key_type_t type)
|
|||
case KEY_DILITHIUM_2:
|
||||
case KEY_DILITHIUM_3:
|
||||
case KEY_DILITHIUM_4:
|
||||
case KEY_FALCON_512:
|
||||
case KEY_FALCON_1024:
|
||||
return TRUE;
|
||||
default:
|
||||
return FALSE;
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -73,6 +73,10 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_DEPENDS(PRIVKEY, KEY_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
|
||||
PLUGIN_DEPENDS(PRIVKEY, KEY_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
|
||||
PLUGIN_DEPENDS(PRIVKEY, KEY_FALCON_512),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
|
||||
PLUGIN_DEPENDS(PRIVKEY, KEY_FALCON_1024),
|
||||
|
||||
/* public key PEM decoding */
|
||||
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
|
||||
|
|
|
@ -100,6 +100,14 @@ static private_key_t *parse_private_key(chunk_t blob)
|
|||
type = KEY_DILITHIUM_4;
|
||||
part = BUILD_PRIV_ASN1_DER;
|
||||
break;
|
||||
case OID_FALCON_512:
|
||||
type = KEY_FALCON_512;
|
||||
part = BUILD_PRIV_ASN1_DER;
|
||||
break;
|
||||
case OID_FALCON_1024:
|
||||
type = KEY_FALCON_1024;
|
||||
part = BUILD_PRIV_ASN1_DER;
|
||||
break;
|
||||
default:
|
||||
/* key type not supported */
|
||||
goto end;
|
||||
|
|
|
@ -51,6 +51,8 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_2),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_3),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
|
|
|
@ -64,6 +64,8 @@ static hasher_oid_t oids[] = {
|
|||
{ OID_DILITHIUM_2, HASH_IDENTITY, KEY_DILITHIUM_2}, /* 33 */
|
||||
{ OID_DILITHIUM_3, HASH_IDENTITY, KEY_DILITHIUM_3}, /* 34 */
|
||||
{ OID_DILITHIUM_4, HASH_IDENTITY, KEY_DILITHIUM_4}, /* 35 */
|
||||
{ OID_FALCON_512, HASH_IDENTITY, KEY_FALCON_512}, /* 36 */
|
||||
{ OID_FALCON_1024, HASH_IDENTITY, KEY_FALCON_1024}, /* 37 */
|
||||
};
|
||||
|
||||
START_TEST(test_hasher_from_oid)
|
||||
|
@ -115,6 +117,8 @@ static struct {
|
|||
{ SIGN_DILITHIUM_2, HASH_IDENTITY },
|
||||
{ SIGN_DILITHIUM_3, HASH_IDENTITY },
|
||||
{ SIGN_DILITHIUM_4, HASH_IDENTITY },
|
||||
{ SIGN_FALCON_512, HASH_IDENTITY },
|
||||
{ SIGN_FALCON_1024, HASH_IDENTITY },
|
||||
{ 30, HASH_UNKNOWN },
|
||||
};
|
||||
|
||||
|
|
|
@ -64,6 +64,14 @@ static int gen()
|
|||
{
|
||||
type = KEY_DILITHIUM_4;
|
||||
}
|
||||
else if (streq(arg, "falcon512"))
|
||||
{
|
||||
type = KEY_FALCON_512;
|
||||
}
|
||||
else if (streq(arg, "falcon1024"))
|
||||
{
|
||||
type = KEY_FALCON_1024;
|
||||
}
|
||||
else
|
||||
{
|
||||
return command_usage("invalid key type");
|
||||
|
@ -178,7 +186,7 @@ static void __attribute__ ((constructor))reg()
|
|||
{
|
||||
command_register((command_t) {
|
||||
gen, 'g', "gen", "generate a new private key",
|
||||
{"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium4]",
|
||||
{"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium4|falcon512|falcon1024]",
|
||||
"[--size bits] [--safe-primes] [--shares n] [--threshold l]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
pki \-\-gen \- Generate a new RSA or ECDSA private key
|
||||
pki \-\-gen \- Generate a new RSA, ECDSA, Edwards Curve, Dilithium or Falcon private key
|
||||
.
|
||||
.SH "SYNOPSIS"
|
||||
.
|
||||
|
@ -30,7 +30,7 @@ pki \-\-gen \- Generate a new RSA or ECDSA private key
|
|||
.
|
||||
This sub-command of
|
||||
.BR pki (1)
|
||||
is used to generate a new RSA or ECDSA private key.
|
||||
is used to generate a new RSA, ECDSA, Edwards Curve, Dilithium or Falcon private key.
|
||||
.
|
||||
.SH "OPTIONS"
|
||||
.
|
||||
|
@ -46,8 +46,8 @@ Read command line options from \fIfile\fR.
|
|||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
|
||||
\fIed448\fR, \fIdilithium2\fR, \fIdilithium3\fR or \fIdilitium4\fR,
|
||||
defaults to \fIrsa\fR.
|
||||
\fIed448\fR, \fIdilithium2\fR, \fIdilithium3\fR, \fIdilitium4\fR,
|
||||
\fIfalcon512\fR or \fIfalcon1024\fR, defaults to \fIrsa\fR.
|
||||
.TP
|
||||
.BI "\-s, \-\-size " bits
|
||||
Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.
|
||||
|
|
Loading…
Reference in New Issue