On 17/11/2023 10:22, Juan di Mauro wrote:
Dear Matt,
Thanks for your reply. Unfortunately, the issue persists. I think
something is missing in my provider. Could be the case that I'm not
loading default provider?
I included the change that you suggested, but it returns a NULL. Below
is the code sample
I meant: continue to use the EVP_PKEY_CTX created via
EVP_PKEY_CTX_new_from_name() for the initial generate - but then create
a new EVP_PKEY_CTX using EVP_PKEY_CTX_new_from_pkey() for the
encapsulate operation passing in the key that was generated
E.g.
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of Keymgmt algorithm>,NULL);
if (!ctx){
printf("The context can't be created. Exiting\n");
return -1;
}
//generate the key
EVP_PKEY *key = NULL;
EVP_PKEY_keygen_init(ctx);
EVP_PKEY_keygen(ctx, &key);
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
Note that many of the functions above may fail, so you really need to
check for failure responses from each of these functions (where
applicable). I've not tried to add such checks above for brevity.
Matt
OSSL_LIB_CTX *libctx = NULL;
libctx = OSSL_LIB_CTX_new();
OSSL_PROVIDER_set_default_search_path(libctx,"./provider");
OSSL_PROVIDER *prov = OSSL_PROVIDER_load(libctx,"libprovider");
if(!prov){
printf("Provider not found. Exiting\n");
return -1;
}else{
printf("The provider was successfully loaded\n");
}
EVP_PKEY *key = NULL;
EVP_PKEY_CTX *ctx;
// ctx = EVP_PKEY_CTX_new_from_name(libctx,"syndenokmgm",NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, key,NULL );
if (!ctx){
printf("The context can't be created. Exiting\n");
return -1;
}else{
printf("The context was successfully created\n");
}
//generate the key
EVP_PKEY_keygen_init(ctx);
//EVP_PKEY_generate(ctx,&key);
EVP_PKEY_keygen(ctx, &key);
// Now, the operation code is good but since the pkey is NULL, fails
int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
Best regards,
J.
On Fri, Nov 10, 2023 at 6:07 PM Matt Caswell <matt@xxxxxxxxxxx
<mailto:matt@xxxxxxxxxxx>> wrote:
On 10/11/2023 16:05, Juan di Mauro wrote:
> Dear all,
>
> I'm coding an external provider for OpenSSL to incorporate a KEM
> algorithm (the provider will be compiled as a .so as usual). I
have the
> KEM part of the code
> and the Key management module (the OSSL_ALGORITHM dispatch tables
and so
> on, corresponding to the OSSL_OP_KEM and OSSL_OP_KEYMGMT query
types).
>
> However, I have problems making things interact ok. It's clear that
> I do not fully understand the way the API should work in this
case so my
> first question is: Is there a complete documented guide about that?
>
> Secondly, to state things clearly: I want to make key
encapsulation and
> I'm following this sequence of API calls to interact with my
provider:
>
>
> EVP_PKEY_CTX *ctx;
> ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of my Keymgmt
> algorithm>,NULL);
> if (!ctx){
> printf("The context can't be created. Exiting\n");
> return -1;
> }
> //generate the key
> EVP_PKEY *key = NULL;
> EVP_PKEY_keygen_init(ctx);
> EVP_PKEY_keygen(ctx, &key);
> // Here, since the pkey in context is NULL, fails
> int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
Since you are starting a new operation here you should probably use a
new pkey ctx created via EVP_PKEY_CTX_new_from_pkey() rather than
trying
to reuse the old one.
Matt
>
>
> So, maybe the sequence of steps is wrong or my code doesn't
satisfy the
> API requirements.
>
> Thanks in advance,
>
> /LEGAL NOTICE: The content of this email message, including the
attached
> files, is confidential and is protected by article 18.3 of the
Spanish
> Constitution, which guarantees the secrecy of communications. If you
> receive this message in error, please contact the sender to
inform them
> of this fact, and do not broadcast its content or make copies./
> /*** This message has been verified with removal tools for
viruses and
> malicious content ***/
> /This legal notice has been automatically incorporated into the
message./
> /---------------------------------------------/
> /AVISO LEGAL: El contenido de este mensaje de correo electrónico,
> incluidos los ficheros adjuntos, es confidencial y está protegido
por el
> artículo 18.3 de la Constitución Española, que garantiza el
secreto de
> las comunicaciones. Si usted recibe este mensaje por error, por
favor
> póngase en contacto con el remitente para informarle de este
hecho, y no
> difunda su contenido ni haga copias.
> /
> /*** Este mensaje ha sido verificado con herramientas de
eliminación de
> virus y contenido malicioso ***/
> /Este aviso legal ha sido incorporado automáticamente al mensaje./
--
Juan Di Mauro
I+D
www.syndeno.com <http://www.syndeno.com>
/LEGAL NOTICE: The content of this email message, including the attached
files, is confidential and is protected by article 18.3 of the Spanish
Constitution, which guarantees the secrecy of communications. If you
receive this message in error, please contact the sender to inform them
of this fact, and do not broadcast its content or make copies./
/*** This message has been verified with removal tools for viruses and
malicious content ***/
/This legal notice has been automatically incorporated into the message./
/---------------------------------------------/
/AVISO LEGAL: El contenido de este mensaje de correo electrónico,
incluidos los ficheros adjuntos, es confidencial y está protegido por el
artículo 18.3 de la Constitución Española, que garantiza el secreto de
las comunicaciones. Si usted recibe este mensaje por error, por favor
póngase en contacto con el remitente para informarle de este hecho, y no
difunda su contenido ni haga copias.
/
/*** Este mensaje ha sido verificado con herramientas de eliminación de
virus y contenido malicioso ***/
/Este aviso legal ha sido incorporado automáticamente al mensaje./
