Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #372: expose hybrid_classical_ and hybrid_pq_ OSSL_PARAMS for EVP_PKEY. #374

Merged
merged 1 commit into from
Mar 18, 2024
Merged

Fix #372: expose hybrid_classical_ and hybrid_pq_ OSSL_PARAMS for EVP_PKEY. #374

merged 1 commit into from
Mar 18, 2024

Conversation

thb-sb
Copy link
Member

@thb-sb thb-sb commented Mar 14, 2024
edited

Fix #372: expose hybrid_classical_ and hybrid_pq_ OSSL_PARAMS for EVP_PKEY.

This commit is an attempt to fix #372, by adding four new OSSL_PARAM to
EVP_PKEY.

The following OSSL_PARAM are added by this commit:

  • hybrid_classical_pub: an octet string to the classical public key.
  • hybrid_classical_priv: an octet string to the classical private key.
  • hybrid_pq_pub: an octet string to the quantum-resistant public key.
  • hybrid_pq_priv: an octet string to the quantum-resistant private key.

Using EVP_PKEY_get_params, OpenSSL users should be able to extract the
specific subkey they want from an hybrid key.

A test called test_evp_pkey_params has been added to ensure that it works
with all hybrid algorithms, to also ensure that the output of these parameters
are consistent between each other.

Signed-off-by: thb-sb thomas.bailleux@sandboxquantum.com

@thb-sb thb-sb force-pushed the pr374 branch 7 times, most recently from e97f2d4 to a6eda7f Compare March 14, 2024 14:30
@thb-sb thb-sb marked this pull request as ready for review March 14, 2024 18:15
@thb-sb thb-sb requested a review from baentsch as a code owner March 14, 2024 18:15
@thb-sb thb-sb requested review from bhess and dstebila March 14, 2024 18:16
@thb-sb thb-sb self-assigned this Mar 14, 2024
@thb-sb thb-sb added the enhancement New feature or request label Mar 14, 2024
Ericyu0412
Ericyu0412 reviewed Mar 15, 2024
View reviewed changes
Copy link

@Ericyu0412 Ericyu0412 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for adding this feature, which will help promote the promotion of hybrid digital signature certificates.

baentsch
baentsch reviewed Mar 15, 2024
View reviewed changes
oqsprov/oqs_kmgmt.c Outdated Show resolved Hide resolved
baentsch
baentsch requested changes Mar 15, 2024
View reviewed changes
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, looks like a good solution for #372, thanks @thb-sb ! Beyond the single PR comments regarding (algorithm-mutation) automation as well as constants-naming and -location this currently is an undocumented/"hidden feature": What about adding a section on "Supported parameters" to USAGE.md, documenting at least these 4 new params, possibly also all (other) retrievable OSSL_ params pointing to their documentations, e.g. OSSL_SIGNATURE_PARAM_DIGEST?

@thb-sb thb-sb force-pushed the pr374 branch 8 times, most recently from d65d315 to 3b69bbe Compare March 15, 2024 14:25
@thb-sb
Copy link
Member Author

thb-sb commented Mar 15, 2024

Technically, looks like a good solution for #372, thanks @thb-sb ! Beyond the single PR comments regarding (algorithm-mutation) automation as well as constants-naming and -location this currently is an undocumented/"hidden feature": What about adding a section on "Supported parameters" to USAGE.md, documenting at least these 4 new params, possibly also all (other) retrievable OSSL_ params pointing to their documentations, e.g. OSSL_SIGNATURE_PARAM_DIGEST?

I've added a section to USAGE.md!
Let me know if it's OK for you.

@thb-sb thb-sb requested a review from baentsch March 15, 2024 14:26
baentsch
baentsch requested changes Mar 15, 2024
View reviewed changes
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the new test keep working if new hybrids or new algs are introduced? I'm not sure. Other question: Any chance the test output could be red/green coded like all other ctest runs?

@thb-sb thb-sb mentioned this pull request Mar 18, 2024
Merged
@thb-sb thb-sb force-pushed the pr374 branch 2 times, most recently from b4cf702 to 8b278d4 Compare March 18, 2024 17:53
@thb-sb
Copy link
Member Author

thb-sb commented Mar 18, 2024

Does the new test keep working if new hybrids or new algs are introduced? I'm not sure

It should be working now with the jinja2 template I added in 8b278d4.

Other question: Any chance the test output could be red/green coded like all other ctest runs?

Yes :) done in 8b278d4 also

@thb-sb thb-sb requested a review from baentsch March 18, 2024 17:55
@thb-sb
Fix open-quantum-safe#372: expose hybrid_classical_ and `hybrid_pq_…
d19518d 
…` `OSSL_PARAMS` for `EVP_PKEY`.

This commit is an attempt to fix open-quantum-safe#372, by adding four new [`OSSL_PARAM`] to
[`EVP_PKEY`].

The following [`OSSL_PARAM`] are added by this commit:
  - `hybrid_classical_pub`: an octet string to the classical public key.
  - `hybrid_classical_priv`: an octet string to the classical private key.
  - `hybrid_pq_pub`: an octet string to the quantum-resistant public key.
  - `hybrid_pq_priv`: an octet string to the quantum-resistant private key.

Using [`EVP_PKEY_get_params`], OpenSSL users should be able to extract the
specific subkey they want from an hybrid key.

A test called `test_evp_pkey_params` has been added to ensure that it works
with all hybrid algorithms, to also ensure that the output of these parameters
are consistent between each other.

[`OSSL_PARAM`]: https://www.openssl.org/docs/man3.2/man3/OSSL_PARAM.html
[`EVP_PKEY`]: https://www.openssl.org/docs/man3.2/man7/evp.html
[`EVP_PKEY_get_params`]: https://www.openssl.org/docs/man3.2/man3/EVP_PKEY_get_params.html

Signed-off-by: thb-sb <thomas.bailleux@sandboxquantum.com>
@thb-sb thb-sb merged commit f581687 into open-quantum-safe:main Mar 18, 2024
45 checks passed
@thb-sb thb-sb deleted the pr374 branch March 18, 2024 19:30
@thb-sb thb-sb mentioned this pull request Mar 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ericyu0412 Ericyu0412 Ericyu0412 left review comments

@baentsch baentsch baentsch approved these changes

@bhess bhess Awaiting requested review from bhess

@dstebila dstebila Awaiting requested review from dstebila

Assignees

@thb-sb thb-sb

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How to separate the post-quantum algorithmic key and the classical key in the generated pkey
3 participants
@thb-sb @baentsch @Ericyu0412