How can we get the part of the elliptic curve from the PKEY and use it as the public key of a digital certificat #509

Ericyu0412 · 2024-09-04T02:40:23Z

I am trying to get the part of the classical algorithm from the hybrid pkey, and then write it into the digital certificate, but I find that the separated form is octet_string format, which cannot be used directly. How to realize my idea?

Ericyu0412 · 2024-09-19T16:17:34Z

@thb-sb @praveksharma I have successfully separated classical algorithm part from the hybrid pkey.When I use PEM_write_bio_PUBKEY() to process a certificate and encounter an error, what could be the reason? Could it be due to a problem with the newly created EVP_PKEY?

EVP_PKEY *extract_classical_public_key(EVP_PKEY *pkey) {
 struct KeyPair *out;
    int ret = -1;
    out = malloc(sizeof(struct KeyPair));
    if (!out) {
    fprintf(stderr, "Memory allocation for KeyPair failed.\n");
        return NULL; }
    out->pubkey = NULL;
    out->pubkey_len = 0;
    if((EVP_PKEY_get_int_param(pkey,OSSL_PKEY_PARAM_BITS,out->bits)!=1){
    fprintf(stderr, cRED "`EVP_PKEY_get_int_param` failed with param `OSSL_PKEY_PARAM_BITS`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out->bits);
        free(out);
        return NULL;
 }
    if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0, &out->encoded_pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_get_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out);
        return NULL;
    }    
    if (!(out->encoded_pubkey = malloc(out->encoded_pubkey_len))) {
        fprintf(stderr, "Failed to allocate %#zx byte(s)\n", out->encoded_pubkey_len);
        free(out);
        return NULL;
    }  
    if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, out->encoded_pubkey, out->encoded_pubkey_len, &out->encoded_pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_get_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out->encoded_pubkey);
        free(out);
        return NULL;
    } else {
        ret = 0;
    } 
    if (EVP_PKEY_get_octet_string_param(pkey, OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY, NULL, 0, &out->pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_get_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out);
        return NULL;
    }
    if (!(out->pubkey = malloc(out->pubkey_len))) {
        fprintf(stderr, "Failed to allocate %#zx byte(s)\n", out->pubkey_len);
        free(out);
        return NULL;
    }
    if (EVP_PKEY_get_octet_string_param(pkey, OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY, out->pubkey, out->pubkey_len, &out->pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_get_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out->pubkey);
        free(out);
        return NULL;
    } else {
        ret = 0;
    }
    EVP_PKEY *ppkey = EVP_PKEY_new();
    EVP_PKEY_copy_parameters(ppkey,pkey);
    if (ppkey == NULL) {
        fprintf(stderr, "Failed to create new EVP_PKEY.\n");
        free(out->pubkey);
        free(out);
        return NULL;
    }
    if(EVP_PKEY_set_int_param(ppkey,OSSL_PKEY_PARAM_BITS,out->bits)!=1){
    fprintf(stderr, cRED "`EVP_PKEY_set_int_param` failed with param `OSSL_PKEY_PARAM_BITS`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        free(out->bits);
        free(out);
        return NULL;
    }
    if (EVP_PKEY_set_octet_string_param(ppkey, OSSL_PKEY_PARAM_PUB_KEY, out->pubkey, out->pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_set_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        EVP_PKEY_free(ppkey);
        free(out->pubkey);
        free(out);
        return NULL;
    }    
    if (EVP_PKEY_set_octet_string_param(ppkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, out->encoded_pubkey, out->encoded_pubkey_len) != 1) {
        fprintf(stderr, cRED "`EVP_PKEY_set_octet_string_param` failed with param `OQS_HYBRID_PKEY_PARAM_CLASSICAL_PUB_KEY`: ");
        ERR_print_errors_fp(stderr);
        fputs(cNORM "\n", stderr);
        EVP_PKEY_free(ppkey);
        free(out->encoded_pubkey);
        free(out);
        return NULL;
    }
    free(out->pubkey);
    free(out);
    return ppkey;}

Ericyu0412 · 2024-09-21T06:38:22Z

I achieved to genarate selfsigned certificate with classical and post-quantum separated .But I failed to verify it.How to solve it?

Ericyu0412 added the question No code change required label Sep 4, 2024

baentsch added the enhancement New feature or request label Oct 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How can we get the part of the elliptic curve from the PKEY and use it as the public key of a digital certificat #509

How can we get the part of the elliptic curve from the PKEY and use it as the public key of a digital certificat #509

Ericyu0412 commented Sep 4, 2024

Ericyu0412 commented Sep 19, 2024 •

edited

Loading

Ericyu0412 commented Sep 21, 2024

How can we get the part of the elliptic curve from the PKEY and use it as the public key of a digital certificat #509

How can we get the part of the elliptic curve from the PKEY and use it as the public key of a digital certificat #509

Comments

Ericyu0412 commented Sep 4, 2024

Ericyu0412 commented Sep 19, 2024 • edited Loading

Ericyu0412 commented Sep 21, 2024

Ericyu0412 commented Sep 19, 2024 •

edited

Loading