qubip_aurora 0.11.0

A framework to build OpenSSL Providers tailored for the transition to post-quantum cryptography
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

use crate as aurora;
use crate::adapters::ObjSigId;

use super::common::macros;
use aurora::adapters::AdapterContextTrait;
use aurora::bindings;
use aurora::forge;
use aurora::traits::*;
use aurora::ProviderInstance;
use aurora::{handleResult, named};
use bindings::{CONST_OSSL_PARAM, OSSL_OP_DECODER, OSSL_OP_ENCODER, OSSL_OP_KEYMGMT};
use macros::{algorithm_to_register, decoder_to_register, encoder_to_register};
use openssl_provider_forge::bindings::OSSL_OP_SIGNATURE;
use std::ffi::CStr;

pub(crate) type OurError = aurora::Error;

const PROPERTY_DEFINITION: &CStr =
    concat_cstr!(super::PROPERTY_DEFINITION, c",aurora.adapter=pqclean");

#[allow(non_snake_case)]
pub(crate) mod MLDSA44;
#[allow(non_snake_case)]
pub(crate) mod MLDSA44_Ed25519;
#[allow(non_snake_case)]
pub(crate) mod MLDSA65;
#[allow(non_snake_case)]
pub(crate) mod MLDSA65_Ed25519;
#[allow(non_snake_case)]
pub(crate) mod MLDSA87;

pub(super) mod helpers;

#[derive(Debug)]
struct PQCleanAdapter;

impl AdapterContextTrait for PQCleanAdapter {
    #[named]
    fn register_algorithms(&self, handle: &mut super::AdaptersHandle) -> Result<(), aurora::Error> {
        trace!(target: log_target!(), "{}", "Called!");

        let signature_algorithms = Box::new([
            algorithm_to_register!(MLDSA44, SIG_FUNCTIONS),
            algorithm_to_register!(MLDSA65, SIG_FUNCTIONS),
            algorithm_to_register!(MLDSA87, SIG_FUNCTIONS),
            algorithm_to_register!(MLDSA65_Ed25519, SIG_FUNCTIONS),
            algorithm_to_register!(MLDSA44_Ed25519, SIG_FUNCTIONS),
        ]);
        // ownership transfers to the iterator which is transferred to the handle
        handle.register_algorithms(OSSL_OP_SIGNATURE, signature_algorithms.into_iter())?;

        let keymgmt_algorithms = Box::new([
            algorithm_to_register!(MLDSA44, KMGMT_FUNCTIONS),
            algorithm_to_register!(MLDSA65, KMGMT_FUNCTIONS),
            algorithm_to_register!(MLDSA87, KMGMT_FUNCTIONS),
            algorithm_to_register!(MLDSA65_Ed25519, KMGMT_FUNCTIONS),
            algorithm_to_register!(MLDSA44_Ed25519, KMGMT_FUNCTIONS),
        ]);
        // ownership transfers to the iterator which is transferred to the handle
        handle.register_algorithms(OSSL_OP_KEYMGMT, keymgmt_algorithms.into_iter())?;

        // FIXME: probably this should be a const/static
        let decoder_algorithms = Box::new([
            // MLDSA44
            decoder_to_register!(MLDSA44, DECODER_DER2SubjectPublicKeyInfo),
            decoder_to_register!(MLDSA44, DECODER_DER2PrivateKeyInfo),
            // MLDSA65
            decoder_to_register!(MLDSA65, DECODER_DER2SubjectPublicKeyInfo),
            decoder_to_register!(MLDSA65, DECODER_DER2PrivateKeyInfo),
            // MLDSA87
            decoder_to_register!(MLDSA87, DECODER_DER2SubjectPublicKeyInfo),
            decoder_to_register!(MLDSA87, DECODER_DER2PrivateKeyInfo),
            // MLDSA65_Ed25519
            decoder_to_register!(MLDSA65_Ed25519, DECODER_DER2SubjectPublicKeyInfo),
            decoder_to_register!(MLDSA65_Ed25519, DECODER_DER2PrivateKeyInfo),
            // MLDSA44_Ed25519
            decoder_to_register!(MLDSA44_Ed25519, DECODER_DER2SubjectPublicKeyInfo),
            decoder_to_register!(MLDSA44_Ed25519, DECODER_DER2PrivateKeyInfo),
        ]);

        handle.register_algorithms(OSSL_OP_DECODER, decoder_algorithms.into_iter())?;

        let encoder_algorithms = Box::new([
            // MLDSA44
            encoder_to_register!(MLDSA44, ENCODER_PrivateKeyInfo2DER),
            encoder_to_register!(MLDSA44, ENCODER_PrivateKeyInfo2PEM),
            encoder_to_register!(MLDSA44, ENCODER_PrivateKeyInfo2Text),
            encoder_to_register!(MLDSA44, ENCODER_SubjectPublicKeyInfo2DER),
            encoder_to_register!(MLDSA44, ENCODER_SubjectPublicKeyInfo2PEM),
            encoder_to_register!(MLDSA44, ENCODER_PubKeyStructureless2Text),
            // MLDSA65
            encoder_to_register!(MLDSA65, ENCODER_PrivateKeyInfo2DER),
            encoder_to_register!(MLDSA65, ENCODER_PrivateKeyInfo2PEM),
            encoder_to_register!(MLDSA65, ENCODER_PrivateKeyInfo2Text),
            encoder_to_register!(MLDSA65, ENCODER_SubjectPublicKeyInfo2DER),
            encoder_to_register!(MLDSA65, ENCODER_SubjectPublicKeyInfo2PEM),
            encoder_to_register!(MLDSA65, ENCODER_PubKeyStructureless2Text),
            // MLDSA87
            encoder_to_register!(MLDSA87, ENCODER_PrivateKeyInfo2DER),
            encoder_to_register!(MLDSA87, ENCODER_PrivateKeyInfo2PEM),
            encoder_to_register!(MLDSA87, ENCODER_PrivateKeyInfo2Text),
            encoder_to_register!(MLDSA87, ENCODER_SubjectPublicKeyInfo2DER),
            encoder_to_register!(MLDSA87, ENCODER_SubjectPublicKeyInfo2PEM),
            encoder_to_register!(MLDSA87, ENCODER_PubKeyStructureless2Text),
            // MLDSA65_Ed25519
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_PrivateKeyInfo2DER),
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_PrivateKeyInfo2PEM),
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_PrivateKeyInfo2Text),
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_SubjectPublicKeyInfo2DER),
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_SubjectPublicKeyInfo2PEM),
            encoder_to_register!(MLDSA65_Ed25519, ENCODER_PubKeyStructureless2Text),
            // MLDSA44_Ed25519
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_PrivateKeyInfo2DER),
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_PrivateKeyInfo2PEM),
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_PrivateKeyInfo2Text),
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_SubjectPublicKeyInfo2DER),
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_SubjectPublicKeyInfo2PEM),
            encoder_to_register!(MLDSA44_Ed25519, ENCODER_PubKeyStructureless2Text),
        ]);

        handle.register_algorithms(OSSL_OP_ENCODER, encoder_algorithms.into_iter())?;

        Ok(())
    }

    #[named]
    fn register_capabilities(
        &self,
        handle: &mut super::AdaptersHandle,
    ) -> Result<(), aurora::Error> {
        trace!(target: log_target!(), "{}", "Called!");

        let tls_sigalgs = [
            // ------ MLDSA44
            MLDSA44::capabilities::tls_sigalg::OSSL_PARAM_ARRAY,
            // Add second sigalg capability for better compatibility with OQS-provider
            MLDSA44::capabilities::tls_sigalg::OSSL_PARAM_ARRAY_OQSCOMP,
            // ------ MLDSA65
            MLDSA65::capabilities::tls_sigalg::OSSL_PARAM_ARRAY,
            // Add second sigalg capability for better compatibility with OQS-provider
            MLDSA65::capabilities::tls_sigalg::OSSL_PARAM_ARRAY_OQSCOMP,
            // ------ MLDSA87
            MLDSA87::capabilities::tls_sigalg::OSSL_PARAM_ARRAY,
            // Add second sigalg capability for better compatibility with OQS-provider
            MLDSA87::capabilities::tls_sigalg::OSSL_PARAM_ARRAY_OQSCOMP,
            // ------ MLDSA65_Ed25519
            MLDSA65_Ed25519::capabilities::tls_sigalg::OSSL_PARAM_ARRAY,
            // ------ MLDSA44_Ed25519
            MLDSA44_Ed25519::capabilities::tls_sigalg::OSSL_PARAM_ARRAY,
        ];
        for a in tls_sigalgs {
            let first: &bindings::OSSL_PARAM = a.first().unwrap_or(&CONST_OSSL_PARAM::END);
            let ptr: *const bindings::OSSL_PARAM = std::ptr::from_ref(first);
            handle.register_capability(c"TLS-SIGALG", ptr)?;
        }
        Ok(())
    }

    #[named]
    fn register_obj_sigids(&self, handle: &mut super::AdaptersHandle) -> Result<(), aurora::Error> {
        trace!(target: log_target!(), "{}", "Called!");

        let obj_sigids = vec![
            MLDSA44::OBJ_SIGID,
            MLDSA65::OBJ_SIGID,
            MLDSA87::OBJ_SIGID,
            MLDSA65_Ed25519::OBJ_SIGID,
            MLDSA44_Ed25519::OBJ_SIGID,
        ];

        for obj_sigid in obj_sigids {
            handle.register_obj_sigid(obj_sigid)?;
        }

        Ok(())
    }
}

#[named]
pub fn init(handle: &mut super::AdaptersHandle) -> Result<(), OurError> {
    trace!(target: log_target!(), "{}", "Called!");
    let ourctx = PQCleanAdapter {};
    handle.register_adapter(ourctx);
    Ok(())
}