How to separate the post-quantum algorithmic key and the classical key in the generated pkey

[Ericyu0412]

I hope to realize the separation of the classical algorithm key pair and the post-quantum algorithm key pair in the generated pkey through the code. How to realize this.

[thb-sb]

Hi @Ericyu0412,

This is a really good question. By saying the separation of the classical algorithm key pair and the post-quantum algorithm key pair I assume you're talking about the case when you have generated an hybrid key (for instance p521_dilithium5).

I've tried to find a way using the OpenSSL API to extract the PQ key from an hybrid key, but I couldn't. The only way I found is to use EVP_PKEY_get_attr_by_OBJ, but it requires you to know by advance the OBJ corresponding to the PQ or the classical algorithm (this OBJ can be retrieved at runtime though).

However, I'm pretty sure we can develop a more "elegant" way of doing this by using the OSSL_PARAM API, with EVP_PKEY_get_params. Right now, the following parameters are returned by EVP_PKEY_get_params on a p521_dilithium5 key:

$ OPENSSL_MODULES=/Users/thomas.bailleux/work/oqs-provider/build/lib/ ./poc
key=bits
type=1
key=security-bits
type=1
key=max-size
type=1
key=encoded-pub-key
type=5
key=pub
type=5
key=priv
type=5

I think for hybrid EVP_PKEYs, we can have two additional pairs of parameters called for instance classical_<TYPE> and pq_<TYPE>, where <TYPE> is pub or priv.

What do you think @baentsch ?

[Ericyu0412]

I'm pretty sure we can develop a more "elegant" way of doing this by using the OSSL_PARAM API, with EVP_PKEY_get_params< I also find that [EVP_PKEY_get_params] is a pretty good way to separete pkey,but I am not quiet clear the structure of params.So I am trying to use it .

I'm pretty sure we can develop a more "elegant" way of doing this by using the OSSL_PARAM API, with EVP_PKEY_get_params< I also find that [EVP_PKEY_get_params] is a pretty good way to separete pkey,but I am not quiet clear the structure of params.So I am trying to use it .

Hi @Ericyu0412,

This is a really good question. By saying the separation of the classical algorithm key pair and the post-quantum algorithm key pair I assume you're talking about the case when you have generated an hybrid key (for instance p521_dilithium5).

I've tried to find a way using the OpenSSL API to extract the PQ key from an hybrid key, but I couldn't. The only way I found is to use EVP_PKEY_get_attr_by_OBJ, but it requires you to know by advance the OBJ corresponding to the PQ or the classical algorithm (this OBJ can be retrieved at runtime though).

However, I'm pretty sure we can develop a more "elegant" way of doing this by using the OSSL_PARAM API, with EVP_PKEY_get_params. Right now, the following parameters are returned by EVP_PKEY_get_params on a p521_dilithium5 key:

$ OPENSSL_MODULES=/Users/thomas.bailleux/work/oqs-provider/build/lib/ ./poc
key=bits
type=1
key=security-bits
type=1
key=max-size
type=1
key=encoded-pub-key
type=5
key=pub
type=5
key=priv
type=5

I think for hybrid EVP_PKEYs, we can have two additional pairs of parameters called for instance classical_<TYPE> and pq_<TYPE>, where <TYPE> is pub or priv.

What do you think @baentsch ?

I also find that [EVP_PKEY_get_params] is a pretty good way to separete pkey,but I am not quiet clear the structure of params.So I am trying to use it .

[thb-sb]

I played a little with the API, and I was able to write a fix for that (see PR 374).

Here is a small PoC I wrote for testing the EVP_PKEY_get_params API: https://gist.github.com/thb-sb/1b14a1aadeb381a778b4cdf8cfaf2cd6

[Ericyu0412]

I recently discovered using commands processing the private key like

openssl pkey -in p256_dilithium2_srv.key -text -noout

It can automatically identify post-quantum algorithmic key and the classical key.

How does this process come about?Maybe we can just use it in the direct use of this method instead of in the generation process.

[thb-sb]

How does this process come about?Maybe we can just use it in the direct use of this method instead of in the generation process.

Down the road, openssl calls oqs-provider encoder functions for displaying the key. Actually, displaying the key means "encode the key into text".

You can find the encoder definition for each alg here:

https://github.com/open-quantum-safe/oqs-provider/blob/f581687432509741524904b6008c480fa8af7505/oqsprov/oqs_encode_key2any.c#L1472-L1509

It ultimately calls oqsx_to_text, which is responsible for constructing the strings you're seeing:

https://github.com/open-quantum-safe/oqs-provider/blob/f581687432509741524904b6008c480fa8af7505/oqsprov/oqs_encode_key2any.c#L1336

[Ericyu0412]

Thanks a lot ! But I don't know how to use it to treat files like .key or .crt.By using OSSL_PROVIDER_query_operation() ?

[thb-sb]

Since they contain the key in raw format, you must reconstruct the OneAsymmetricKey structure using the OID etc (see RFC5958 §2).

Using https://github.com/open-quantum-safe/oqs-provider/pull/374 with EVP_PKEY_get_params, you should be able to retrieve all the needed information for reconstructing the key file.

[thb-sb]

@Ericyu0412 did you manage to achieve what you needed?

[Ericyu0412]

I am trying but I have a lot to learn ,so it's not easy.

[Ericyu0412]

@thb-sb I have already separate the the post-quantum algorithmic key and the classical key from cert .However , I want to use classical key when use function X509_set_pubkey ,then set post-quantum algorithmic key to extensions of X509 certificates.Could you teach me how to achieve it ?

[thb-sb]

@thb-sb I have already separate the the post-quantum algorithmic key and the classical key from cert .However , I want to use classical key when use function X509_set_pubkey ,then set post-quantum algorithmic key to extensions of X509 certificates.Could you teach me how to achieve it ?

Let me try something, I'll get back to you!

[Ericyu0412]

I have some trouble to convert uint_8 to EVP_PKEY,how to achieve it?

[baentsch]

I have some trouble to convert uint_8 to EVP_PKEY,how to achieve it?

These IMO are completely different data structures. How and why would you conceivably convert them?

[Ericyu0412]

The way signatures are implemented now is to generate keys using hybrid algorithms,and to set hybrid keys to X509_set_pubkey,but when it comes to promoting this kind of certificate, a certificate system that only recognizes the classical algorithmic key cannot authenticate the signature, so I want to use the classical key in this kind of hybrid key to use alone this is the public key of the certificate.The key generated by the quantum algorithm is then placed in the X509 certificate extension.Now I has been possible to place the keys generated by the post-quantum algorithm in the extension, but the separated keys are all 'uint8_t', which cannot be used in ‘X509_set_pubkey’，so I want to convert them.

[baentsch]

Ah, OK, now I get it: You want the uint_8[] to be converted to EVP_PKEY. I'm afraid I don't know the openssl APIs at sufficient depth as to how to achieve this. Do you, @thb-sb?

[Ericyu0412]

@thb-sb Will you help me ? I have some problem about it.

[Ericyu0412]

@thb-sb Are you free now?

[Ericyu0412]

@baentsch I have some problem to solve. Who can I ask for advice?

[baentsch]

@baentsch I have some problem to solve. Who can I ask for advice?

Honestly, I don't know: After the LinuxFoundation-takeover of the project, I've been inundated with new processes, messages, proposals etc. by LF such that I personally don't really find time to look into real technical matters any more; in turn, looking over all PRs in this project in the past months since LF took over, they did not bring a single new technical contributor helping to move the software forward (or answer questions such as yours); so again, sorry, I don't know. Maybe try Stackoverflow? Or bear with me until I manage to change priorities. But first I've got to find a way to land a security fix...