rpms / opencryptoki

Clone
Source Code
GIT

Blame SOURCES/0001-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0971d374ba6f31c6508ca8cfa98470091f50a1db
  2.   SOURCES
  3.   0001-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
Blob History Raw
0971d3 
From a431e3742a1bdac515d0b491e77caeeb44720354 Mon Sep 17 00:00:00 2001
0971d3 
From: Ingo Franzki <ifranzki@linux.ibm.com>
0971d3 
Date: Tue, 1 Feb 2022 13:50:18 +0100
0971d3 
Subject: [PATCH 1/2] EP11: Dilithium: Specify OID of key strength at key
0971d3 
 generation
0971d3
0971d3 
Newer EP11 firmware versions require that the OID of the desired
0971d3 
Dilithium key strength is specified with attribute CKA_IBM_PQC_PARAMS
0971d3 
at key generation. Older firmware versions ignore this attribute.
0971d3
0971d3 
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
0971d3 
---
0971d3 
 usr/lib/ep11_stdll/ep11_specific.c | 20 ++++++++++++++++++++
0971d3 
 1 file changed, 20 insertions(+)
0971d3
0971d3 
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
0971d3 
index 75fd46a5..4ca9678a 100644
0971d3 
--- a/usr/lib/ep11_stdll/ep11_specific.c
0971d3 
+++ b/usr/lib/ep11_stdll/ep11_specific.c
0971d3 
@@ -6347,6 +6347,8 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
0971d3 
     CK_ULONG new_publ_attrs_len = 0, new_priv_attrs_len = 0;
0971d3 
     CK_ATTRIBUTE *new_publ_attrs2 = NULL, *new_priv_attrs2 = NULL;
0971d3 
     CK_ULONG new_publ_attrs2_len = 0, new_priv_attrs2_len = 0;
0971d3 
+    const CK_BYTE dilithium_oid[] = { 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01,
0971d3 
+                                      0x02, 0x82, 0x0b, 0x01, 0x06, 0x05 };
0971d3
0971d3 
     UNUSED(h);
0971d3
0971d3 
@@ -6371,6 +6373,24 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
0971d3 
         goto error;
0971d3 
     }
0971d3
0971d3 
+    rc = add_to_attribute_array(&new_publ_attrs, &new_publ_attrs_len,
0971d3 
+                                CKA_IBM_PQC_PARAMS, (CK_BYTE *)dilithium_oid,
0971d3 
+                                sizeof(dilithium_oid));
0971d3 
+    if (rc != CKR_OK) {
0971d3 
+        TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
0971d3 
+                    __func__, rc);
0971d3 
+        goto error;
0971d3 
+    }
0971d3 
+
0971d3 
+    rc = add_to_attribute_array(&new_priv_attrs, &new_priv_attrs_len,
0971d3 
+                                CKA_IBM_PQC_PARAMS,(CK_BYTE *)dilithium_oid,
0971d3 
+                                sizeof(dilithium_oid));
0971d3 
+    if (rc != CKR_OK) {
0971d3 
+        TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
0971d3 
+                    __func__, rc);
0971d3 
+        goto error;
0971d3 
+    }
0971d3 
+
0971d3 
     rc = check_key_attributes(tokdata, ktype, CKO_PUBLIC_KEY,
0971d3 
                               new_publ_attrs, new_publ_attrs_len,
0971d3 
                               &new_publ_attrs2, &new_publ_attrs2_len, -1);
0971d3 
--
0971d3 
2.16.2.windows.1
0971d3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation