rpms / opencryptoki

Clone
Source Code
GIT

Blame SOURCES/0001-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   71f833ec9df3094ca9ddd088da3e757d74920d88
  2.   SOURCES
  3.   0001-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
Blob History Raw
71f833 
From a431e3742a1bdac515d0b491e77caeeb44720354 Mon Sep 17 00:00:00 2001
71f833 
From: Ingo Franzki <ifranzki@linux.ibm.com>
71f833 
Date: Tue, 1 Feb 2022 13:50:18 +0100
71f833 
Subject: [PATCH 1/2] EP11: Dilithium: Specify OID of key strength at key
71f833 
 generation
71f833
71f833 
Newer EP11 firmware versions require that the OID of the desired
71f833 
Dilithium key strength is specified with attribute CKA_IBM_PQC_PARAMS
71f833 
at key generation. Older firmware versions ignore this attribute.
71f833
71f833 
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
71f833 
---
71f833 
 usr/lib/ep11_stdll/ep11_specific.c | 20 ++++++++++++++++++++
71f833 
 1 file changed, 20 insertions(+)
71f833
71f833 
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
71f833 
index 75fd46a5..4ca9678a 100644
71f833 
--- a/usr/lib/ep11_stdll/ep11_specific.c
71f833 
+++ b/usr/lib/ep11_stdll/ep11_specific.c
71f833 
@@ -6347,6 +6347,8 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
71f833 
     CK_ULONG new_publ_attrs_len = 0, new_priv_attrs_len = 0;
71f833 
     CK_ATTRIBUTE *new_publ_attrs2 = NULL, *new_priv_attrs2 = NULL;
71f833 
     CK_ULONG new_publ_attrs2_len = 0, new_priv_attrs2_len = 0;
71f833 
+    const CK_BYTE dilithium_oid[] = { 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01,
71f833 
+                                      0x02, 0x82, 0x0b, 0x01, 0x06, 0x05 };
71f833
71f833 
     UNUSED(h);
71f833
71f833 
@@ -6371,6 +6373,24 @@ static CK_RV ibm_dilithium_generate_keypair(STDLL_TokData_t * tokdata,
71f833 
         goto error;
71f833 
     }
71f833
71f833 
+    rc = add_to_attribute_array(&new_publ_attrs, &new_publ_attrs_len,
71f833 
+                                CKA_IBM_PQC_PARAMS, (CK_BYTE *)dilithium_oid,
71f833 
+                                sizeof(dilithium_oid));
71f833 
+    if (rc != CKR_OK) {
71f833 
+        TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
71f833 
+                    __func__, rc);
71f833 
+        goto error;
71f833 
+    }
71f833 
+
71f833 
+    rc = add_to_attribute_array(&new_priv_attrs, &new_priv_attrs_len,
71f833 
+                                CKA_IBM_PQC_PARAMS,(CK_BYTE *)dilithium_oid,
71f833 
+                                sizeof(dilithium_oid));
71f833 
+    if (rc != CKR_OK) {
71f833 
+        TRACE_ERROR("%s add_to_attribute_array failed with rc=0x%lx\n",
71f833 
+                    __func__, rc);
71f833 
+        goto error;
71f833 
+    }
71f833 
+
71f833 
     rc = check_key_attributes(tokdata, ktype, CKO_PUBLIC_KEY,
71f833 
                               new_publ_attrs, new_publ_attrs_len,
71f833 
                               &new_publ_attrs2, &new_publ_attrs2_len, -1);
71f833 
--
71f833 
2.16.2.windows.1
71f833

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation