From 67ed25a8f7764e61647c3c31d09a1e60db38006b Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 16 Feb 2022 11:20:54 +0100
Subject: [PATCH 18/34] COMMON: Add post-quantum algorithm OIDs

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 usr/include/include.mk         |  2 +-
 usr/include/pqc_oids.h         | 48 ++++++++++++++++++++++++++
 usr/lib/common/common.mk       |  3 +-
 usr/lib/common/globals.c       |  1 +
 usr/lib/common/pqc_defs.h      | 48 ++++++++++++++++++++++++++
 usr/lib/common/pqc_supported.c | 78 ++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 178 insertions(+), 2 deletions(-)
 create mode 100644 usr/include/pqc_oids.h
 create mode 100644 usr/lib/common/pqc_defs.h
 create mode 100644 usr/lib/common/pqc_supported.c

diff --git a/usr/include/include.mk b/usr/include/include.mk
index 79e593d7..a63e043f 100644
--- a/usr/include/include.mk
+++ b/usr/include/include.mk
@@ -3,7 +3,7 @@ opencryptokiincludedir = ${includedir}/opencryptoki
 opencryptokiinclude_HEADERS =						\
 	usr/include/apiclient.h	usr/include/pkcs11types.h		\
 	usr/include/pkcs11.h						\
-	usr/include/ec_curves.h
+	usr/include/ec_curves.h usr/include/pqc_oids.h
 
 noinst_HEADERS +=							\
 	usr/include/apictl.h usr/include/local_types.h			\
diff --git a/usr/include/pqc_oids.h b/usr/include/pqc_oids.h
new file mode 100644
index 00000000..0891373e
--- /dev/null
+++ b/usr/include/pqc_oids.h
@@ -0,0 +1,48 @@
+/*
+ * COPYRIGHT (c) International Business Machines Corp. 2022
+ *
+ * This program is provided under the terms of the Common Public License,
+ * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
+ * software constitutes recipient's acceptance of CPL-1.0 terms which can be
+ * found in the file LICENSE file or at
+ * https://opensource.org/licenses/cpl1.0.php
+ */
+
+
+#ifndef _PQC_OIDS_H_
+#define _PQC_OIDS_H_
+
+/*
+ * OIDs and their DER encoding for the post-quantum crypto algorithms
+ * supported by OpenCryptoki:
+ */
+
+/* Dilithium Round 2 high-security (SHAKE-256): 1.3.6.1.4.1.2.267.1.6.5 */
+#define OCK_DILITHIUM_R2_65        { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x01, 0x06, 0x05 }
+
+/* Dilithium Round 2 for outbound authentication: 1.3.6.1.4.1.2.267.1.8.7 */
+#define OCK_DILITHIUM_R2_87        { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x01, 0x08, 0x07 }
+
+/* Dilithium Round 3 weak (SHAKE-256): 1.3.6.1.4.1.2.267.7.4.4 */
+#define OCK_DILITHIUM_R3_44        { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x07, 0x04, 0x04 }
+
+/* Dilithium Round 3 recommended (SHAKE-256): 1.3.6.1.4.1.2.267.7.6.5 */
+#define OCK_DILITHIUM_R3_65        { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x07, 0x06, 0x05 }
+
+/* Dilithium Round 3 high-security (SHAKE-256): 1.3.6.1.4.1.2.267.7.8.7 */
+#define OCK_DILITHIUM_R3_87        { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x07, 0x08, 0x07 }
+
+/* Kyber Round 2 768 (SHAKE-128): 1.3.6.1.4.1.2.267.5.3.3 */
+#define OCK_KYBER_R2_768           { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x05, 0x03, 0x03 }
+
+/* Kyber Round 2 1024 (SHAKE-128): 1.3.6.1.4.1.2.267.5.4.4 */
+#define OCK_KYBER_R2_1024          { 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, \
+                                     0x01, 0x02, 0x82, 0x0B, 0x05, 0x04, 0x04 }
+
+#endif                          // _PQC_OIDS_H_
diff --git a/usr/lib/common/common.mk b/usr/lib/common/common.mk
index 6341cb74..93f1e21f 100644
--- a/usr/lib/common/common.mk
+++ b/usr/lib/common/common.mk
@@ -7,4 +7,5 @@ noinst_HEADERS +=							\
 	usr/lib/common/p11util.h usr/lib/common/event_client.h		\
 	usr/lib/common/list.h usr/lib/common/tok_specific.h		\
 	usr/lib/common/uri_enc.h usr/lib/common/uri.h 			\
-	usr/lib/common/buffer.h usr/lib/common/pin_prompt.h
+	usr/lib/common/buffer.h usr/lib/common/pin_prompt.h		\
+	usr/lib/common/pqc_defs.h
diff --git a/usr/lib/common/globals.c b/usr/lib/common/globals.c
index db4d352c..5b79e785 100644
--- a/usr/lib/common/globals.c
+++ b/usr/lib/common/globals.c
@@ -27,6 +27,7 @@
 #include "defs.h"
 #include "host_defs.h"
 #include "h_extern.h"
+#include "pqc_oids.h"
 
 struct ST_FCN_LIST function_list;
 
diff --git a/usr/lib/common/pqc_defs.h b/usr/lib/common/pqc_defs.h
new file mode 100644
index 00000000..51ee1200
--- /dev/null
+++ b/usr/lib/common/pqc_defs.h
@@ -0,0 +1,48 @@
+/*
+ * COPYRIGHT (c) International Business Machines Corp. 2022
+ *
+ * This program is provided under the terms of the Common Public License,
+ * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
+ * software constitutes recipient's acceptance of CPL-1.0 terms which can be
+ * found in the file LICENSE file or at
+ * https://opensource.org/licenses/cpl1.0.php
+ */
+
+#ifndef _PQC_DEFS
+#define _PQC_DEFS
+
+#include <stdio.h>
+
+#include "pqc_oids.h"
+
+extern const CK_BYTE dilithium_r2_65[];
+extern const CK_ULONG dilithium_r2_65_len;
+extern const CK_BYTE dilithium_r2_87[];
+extern const CK_ULONG dilithium_r2_87_len;
+extern const CK_BYTE dilithium_r3_44[];
+extern const CK_ULONG dilithium_r3_44_len;
+extern const CK_BYTE dilithium_r3_56[];
+extern const CK_ULONG dilithium_r3_56_len;
+extern const CK_BYTE dilithium_r3_87[];
+extern const CK_ULONG dilithium_r3_87_len;
+
+extern const CK_BYTE kyber_r2_768[];
+extern const CK_ULONG kyber_r2_768_len;
+extern const CK_BYTE kyber_r2_1024[];
+extern const CK_ULONG kyber_r2_1024_len;
+
+struct pqc_oid {
+    const CK_BYTE *oid;
+    CK_ULONG oid_len;
+    CK_ULONG keyform;
+};
+
+extern const struct pqc_oid dilithium_oids[];
+extern const struct pqc_oid kyber_oids[];
+
+const struct pqc_oid *find_pqc_by_keyform(const struct pqc_oid *pqcs,
+                                          CK_ULONG keyform);
+const struct pqc_oid *find_pqc_by_oid(const struct pqc_oid *pqcs,
+                                      CK_BYTE *oid, CK_ULONG oid_len);
+
+#endif
diff --git a/usr/lib/common/pqc_supported.c b/usr/lib/common/pqc_supported.c
new file mode 100644
index 00000000..4f048c33
--- /dev/null
+++ b/usr/lib/common/pqc_supported.c
@@ -0,0 +1,78 @@
+/*
+ * COPYRIGHT (c) International Business Machines Corp. 2022
+ *
+ * This program is provided under the terms of the Common Public License,
+ * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
+ * software constitutes recipient's acceptance of CPL-1.0 terms which can be
+ * found in the file LICENSE file or at
+ * https://opensource.org/licenses/cpl1.0.php
+ */
+
+#include <string.h>
+#include "pkcs11types.h"
+#include "pqc_defs.h"
+
+const CK_BYTE dilithium_r2_65[] = OCK_DILITHIUM_R2_65;
+const CK_ULONG dilithium_r2_65_len = sizeof(dilithium_r2_65);
+const CK_BYTE dilithium_r2_87[] = OCK_DILITHIUM_R2_87;
+const CK_ULONG dilithium_r2_87_len = sizeof(dilithium_r2_87);
+const CK_BYTE dilithium_r3_44[] = OCK_DILITHIUM_R3_44;
+const CK_ULONG dilithium_r3_44_len = sizeof(dilithium_r3_44);
+const CK_BYTE dilithium_r3_65[] = OCK_DILITHIUM_R3_65;
+const CK_ULONG dilithium_r3_65_len = sizeof(dilithium_r3_65);
+const CK_BYTE dilithium_r3_87[] = OCK_DILITHIUM_R3_87;
+const CK_ULONG dilithium_r3_87_len = sizeof(dilithium_r3_87);
+
+const struct pqc_oid dilithium_oids[] = {
+    { .oid = dilithium_r2_65, .oid_len = dilithium_r2_65_len,
+      .keyform = CK_IBM_DILITHIUM_KEYFORM_ROUND2_65 },
+    { .oid = dilithium_r2_87, .oid_len = dilithium_r2_87_len,
+      .keyform = CK_IBM_DILITHIUM_KEYFORM_ROUND2_87 },
+    { .oid = dilithium_r3_44, .oid_len = dilithium_r3_44_len,
+      .keyform = CK_IBM_DILITHIUM_KEYFORM_ROUND3_44 },
+    { .oid = dilithium_r3_65, .oid_len = dilithium_r3_65_len,
+      .keyform = CK_IBM_DILITHIUM_KEYFORM_ROUND3_65 },
+    { .oid = dilithium_r3_87, .oid_len = dilithium_r3_87_len,
+      .keyform = CK_IBM_DILITHIUM_KEYFORM_ROUND3_87 },
+    { .oid = NULL, .oid_len = 0, .keyform = 0 }
+};
+
+const CK_BYTE kyber_r2_768[] = OCK_KYBER_R2_768;
+const CK_ULONG kyber_r2_768_len = sizeof(kyber_r2_768);
+const CK_BYTE kyber_r2_1024[] = OCK_KYBER_R2_1024;
+const CK_ULONG kyber_r2_1024_len = sizeof(kyber_r2_1024);
+
+const struct pqc_oid kyber_oids[] = {
+    { .oid = kyber_r2_768, .oid_len = kyber_r2_768_len,
+       .keyform = CK_IBM_KYBER_KEYFORM_ROUND2_768 },
+    { .oid = kyber_r2_1024, .oid_len = kyber_r2_1024_len,
+      .keyform = CK_IBM_KYBER_KEYFORM_ROUND2_1024 },
+    { .oid = NULL, .oid_len = 0, .keyform = 0 }
+};
+
+const struct pqc_oid *find_pqc_by_keyform(const struct pqc_oid *pqcs,
+                                          CK_ULONG keyform)
+{
+    CK_ULONG i;
+
+    for (i = 0; pqcs[i].oid != NULL; i++) {
+        if (pqcs[i].keyform == keyform)
+            return &pqcs[i];
+    }
+
+    return NULL;
+}
+
+const struct pqc_oid *find_pqc_by_oid(const struct pqc_oid *pqcs,
+                                      CK_BYTE *oid, CK_ULONG oid_len)
+{
+    CK_ULONG i;
+
+    for (i = 0; pqcs[i].oid != NULL; i++) {
+        if (pqcs[i].oid_len == oid_len &&
+            memcmp(pqcs[i].oid, oid, oid_len) == 0)
+            return &pqcs[i];
+    }
+
+    return NULL;
+}
-- 
2.16.2.windows.1