update the composite to draft-ietf-lamps-pq-composite-sigs-02

Signed-off-by: venturf <[email protected]>
EntrustCorporation · Jul 8, 2024 · 4a31bd0 · 4a31bd0
1 parent 8f37521
commit 4a31bd0
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -70,7 +70,7 @@ this provider also provides different hybrid algorithms, combining classic
 and quantum-safe methods.
 There are two types of combinations:
 The Hybrids are listed above with a prefix denoting a classic algorithm, e.g., for elliptic curve: "p256_".
-The [Composite](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) are listed above with a suffix denoting a
+The [Composite](https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/) are listed above with a suffix denoting a
 classic algorithm, e.g., for elliptic curve: "_p256".
 
 A full list of algorithms, their interoperability code points and OIDs as well

diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -429,7 +429,7 @@ sigs:
     #                'oid': '2.16.840.1.114027.80.1.8'}]
   -
     # The Composite OIDs are kept up to date by @feventura (Entrust)
-    # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13
+    # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02
     # OID scheme for composite variants:
     # joint-iso-itu-t (2)
     # country (16)

diff --git a/oqs-template/generate.yml-0.10.0 b/oqs-template/generate.yml-0.10.0
@@ -429,7 +429,7 @@ sigs:
     #                'oid': '2.16.840.1.114027.80.1.8'}]
   -
     # The Composite OIDs are kept up to date by @feventura (Entrust)
-    # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13
+    # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02
     # OID scheme for composite variants:
     # joint-iso-itu-t (2)
     # country (16)

diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c
@@ -515,11 +515,17 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                     }
 
                     if (!strncmp(name, "pss", 3)) {
+                        int salt;
+                        if (name[3] == '3') { // pss3072
+                            salt = 64;
+                        } else { // pss2048
+                            salt = 32;
+                        }
                         if ((EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign,
                                                           RSA_PKCS1_PSS_PADDING)
                              <= 0)
                             || (EVP_PKEY_CTX_set_rsa_pss_saltlen(
-                                    classical_ctx_sign, 64)
+                                    classical_ctx_sign, salt)
                                 <= 0)
                             || (EVP_PKEY_CTX_set_rsa_mgf1_md(classical_ctx_sign,
                                                              EVP_sha256())
@@ -860,10 +866,17 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
                         goto endverify;
                     }
                     if (!strncmp(name, "pss", 3)) {
+                        int salt;
+                        if (name[3] == '3') { // pss3072
+                            salt = 64;
+                        } else { // pss2048
+                            salt = 32;
+                        }
                         if ((EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
                                                           RSA_PKCS1_PSS_PADDING)
                              <= 0)
-                            || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify, 64)
+                            || (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx_verify,
+                                                                 salt)
                                 <= 0)
                             || (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx_verify,
                                                              EVP_sha256())