Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version Incompatibility in Client-Server Communication Using liboqs and PQCrypto #3

Open
laaurii00 opened this issue Dec 11, 2024 · 0 comments

Comments

@laaurii00
Copy link

I am integrating the functionalities of liboqs on two virtual machines, where one acts as a server and the other as a client, communicating via the TLS protocol. On both machines, I have implemented key and certificate management using liboqs. The server is developed in C, and the client in Go. For the client implementation, PQCrypto has been used to implement TLS.

The issue I am encountering is the version incompatibility in the client-server communication. I have verified this in two ways:

1. First client implementation:

I developed a client in Go that reads the certificate, private key, and CA certificate generated using the openssl command. These have the following structure:

     Subject Public Key Info:
         Public Key Algorithm: falcon1024
             falcon1024 public key:
             PQ key material:

    go run tls_PQC.go
    2024/12/11 12:22:44 CA certificate read properly
    2024/12/11 12:22:44 Client certificate read properly
    2024/12/11 12:22:44 Client key read properly
    2024/12/11 12:22:44 Failed to parse key pair: x509: wrong public key

However, the functionalities tls.X509KeyPair(clientCert, clientKey) provided by PQCrypto and fed by liboqs-go do not correctly decode these keys: Failed to parse key pair: x509: wrong public key

2. Second client implementation:

From the CA certificate, I generated the client's private and public keys, and the client's certificate, which has the following form:

     Subject Public Key Info:
         Public Key Algorithm: 1.5.0.1
         Unable to load Public Key
     80CBB788287F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:crypto/x509/x_pubkey.c:464:
     80CBB788287F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:crypto/x509/x_pubkey.c:464:

Server Response (Implemented with liboqs and oqs-provider):
TLS accept failed SSL_ERROR_SSL: (no suitable signature algorithm).

As can be seen, the Go project creates and works with algorithms defined by a numeric code, and my version of liboqs and oqsprovider does not support this. In the case of the first client implementation, the opposite occurs: the keys and certificates have been generated with algorithms like "falcon1024" and the Go project expects the numeric code.


I am unsure if this incompatibility is due to liboqs-go or PQCrypto, but I would like to document this issue in case anyone has any ideas or if the developers of PQCcrypto can provide a solution.

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant