Open petrovr opened 4 days ago
baentsch
commented
2 days ago The reason for this is that some classic algs may have a length less than the maximum length and the logic in oqs-provider is generic in that sense (handling also that case, thus encoding the actual length in 4 bytes). If you could point to a specific specification that mandates this to be different (and how) please provide a pointer so we can properly treat this as a bug and solicit PRs to change this behaviour.
petrovr
commented
1 day ago Now I have draft implementation of mlkem768x25519-sha256, see https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-04 . It uses EVP and PKEY API with activated oqs-provider.
For protocol dump shows that OSSL_PKEY_PARAM_PUB_KEY for X25519MLKEM768 return data that starts with 32 (four bytes) + 1184 bytes + 32 bytes.
Project openssh is out of scope as it uses archaic OpenSSL API.
Soon I will publish PKIX-SSH draft implementation as new branch. Implementation pass interoperable tests with asyncssh (uses dynamically loaded oqs library).
baentsch
commented
1 day ago Soon I will publish PKIX-SSH draft implementation as new branch.
Thanks for letting us know (also thanks for the spec pointer) @petrovr ! It would be helpful if you could post a pointer here as and when (and where!) you have published this when you're done -- and particularly if you think some code changes in oqsprovider are required: Thanks in advance.
Function EVP_PKEY_get_octet_string_param with arguments OSSL_PKEY_PARAM_PUB_KEY returns some data. For key X25519MLKEM768 I expect to see output that contains concatenation of respective public parts.
Current output is with length 1220=4(?)+1184+32.
Why output contain (starts) with length of x25519 key?