From d3f4b2140f9ef34e0e937dc6041bf9b7f8ca6e9b Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 7 Mar 2024 12:46:39 +0100 Subject: [PATCH] Set Kyber OIDs (#368) * Fix OIDs for Kyber (r3) * fix comments in generate.sh [skip ci] * run clang-format Signed-off-by: Felipe Ventura --- ALGORITHMS.md | 94 +++++++++++++++++++-------------------- oqs-template/generate.sh | 9 +--- oqs-template/generate.yml | 3 ++ oqsprov/oqsprov.c | 39 ++++++++-------- 4 files changed, 71 insertions(+), 74 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index f7f5a225..e7e91d77 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -202,59 +202,59 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.64 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.63 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.48 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.66 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.65 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.49 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.68 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.67 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.50 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.70 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.69 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.51 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.72 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.71 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.74 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.73 | OQS_OID_P521_FRODO1344SHAKE -| kyber512 | 1.3.9999.99.76 | OQS_OID_KYBER512 -| p256_kyber512 | 1.3.9999.99.75 | OQS_OID_P256_KYBER512 -| x25519_kyber512 | 1.3.9999.99.52 | OQS_OID_X25519_KYBER512 -| kyber768 | 1.3.9999.99.78 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.77 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.53 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.54 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.55 | OQS_OID_P256_KYBER768 -| kyber1024 | 1.3.9999.99.80 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.79 | OQS_OID_P521_KYBER1024 +| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES +| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES +| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES +| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES +| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES +| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES +| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE +| kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512 +| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512 +| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512 +| kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768 +| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768 +| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768 +| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768 +| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768 +| kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024 +| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024 | mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 | mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768 -| p384_mlkem768 | 1.3.9999.99.81 | OQS_OID_P384_MLKEM768 -| x448_mlkem768 | 1.3.9999.99.56 | OQS_OID_X448_MLKEM768 -| x25519_mlkem768 | 1.3.9999.99.57 | OQS_OID_X25519_MLKEM768 -| p256_mlkem768 | 1.3.9999.99.58 | OQS_OID_P256_MLKEM768 +| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768 | mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 -| p521_mlkem1024 | 1.3.9999.99.82 | OQS_OID_P521_MLKEM1024 +| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 -| bikel1 | 1.3.9999.99.84 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.83 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.59 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.86 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.85 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.60 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.88 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.87 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.90 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.89 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.61 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.92 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.91 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.62 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.94 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.93 | OQS_OID_P521_HQC256 +| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1 +| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1 +| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3 +| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3 +| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3 +| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5 +| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5 +| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128 +| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128 +| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128 +| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192 +| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192 +| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192 +| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256 +| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256 # Key Encodings diff --git a/oqs-template/generate.sh b/oqs-template/generate.sh index 105c2aa9..5257e138 100755 --- a/oqs-template/generate.sh +++ b/oqs-template/generate.sh @@ -2,13 +2,8 @@ cd oqs-template -rm generate.yml - -# Step 1: Obtain current generate.yml from main: -wget -c https://raw.githubusercontent.com/open-quantum-safe/openssl/OQS-OpenSSL_1_1_1-stable/oqs-template/generate.yml - -# Step 2: Run the generator: +# Step 1: Run the generator: cd .. && python3 oqs-template/generate.py -# Step 3: Run clang-format. +# Step 2: Run clang-format. find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs "${CLANG_FORMAT:-clang-format}" -i diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 43d52909..bfe9bf9b 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -85,6 +85,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber512' nid: '0x023A' + oid: '1.3.6.1.4.1.2.267.8.2.2' nid_hybrid: '0x2F3A' oqs_alg: 'OQS_KEM_alg_kyber_512' extra_nids: @@ -107,6 +108,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber768' nid: '0x023C' + oid: '1.3.6.1.4.1.2.267.8.3.3' nid_hybrid: '0x2F3C' extra_nids: current: @@ -129,6 +131,7 @@ kems: family: 'CRYSTALS-Kyber' name_group: 'kyber1024' nid: '0x023D' + oid: '1.3.6.1.4.1.2.267.8.4.4' nid_hybrid: '0x2F3D' extra_nids: old: diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b6b974fa..130d508f 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -89,15 +89,15 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "frodo1344shake", "1.3.9999.99.26", "p521_frodo1344shake", - "1.3.9999.99.29", + "1.3.6.1.4.1.2.267.8.2.2", "kyber512", "1.3.9999.99.28", "p256_kyber512", "1.3.9999.99.5", "x25519_kyber512", - "1.3.9999.99.31", + "1.3.6.1.4.1.2.267.8.3.3", "kyber768", - "1.3.9999.99.30", + "1.3.9999.99.29", "p384_kyber768", "1.3.9999.99.6", "x448_kyber768", @@ -105,9 +105,9 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_kyber768", "1.3.9999.99.8", "p256_kyber768", - "1.3.9999.99.33", + "1.3.6.1.4.1.2.267.8.4.4", "kyber1024", - "1.3.9999.99.32", + "1.3.9999.99.30", "p521_kyber1024", "1.3.6.1.4.1.22554.5.6.1", "mlkem512", @@ -117,7 +117,7 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_mlkem512", "1.3.6.1.4.1.22554.5.6.2", "mlkem768", - "1.3.9999.99.34", + "1.3.9999.99.31", "p384_mlkem768", "1.3.9999.99.9", "x448_mlkem768", @@ -127,41 +127,41 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "p256_mlkem768", "1.3.6.1.4.1.22554.5.6.3", "mlkem1024", - "1.3.9999.99.35", + "1.3.9999.99.32", "p521_mlkem1024", "1.3.6.1.4.1.42235.6", "p384_mlkem1024", - "1.3.9999.99.37", + "1.3.9999.99.34", "bikel1", - "1.3.9999.99.36", + "1.3.9999.99.33", "p256_bikel1", "1.3.9999.99.12", "x25519_bikel1", - "1.3.9999.99.39", + "1.3.9999.99.36", "bikel3", - "1.3.9999.99.38", + "1.3.9999.99.35", "p384_bikel3", "1.3.9999.99.13", "x448_bikel3", - "1.3.9999.99.41", + "1.3.9999.99.38", "bikel5", - "1.3.9999.99.40", + "1.3.9999.99.37", "p521_bikel5", - "1.3.9999.99.43", + "1.3.9999.99.40", "hqc128", - "1.3.9999.99.42", + "1.3.9999.99.39", "p256_hqc128", "1.3.9999.99.14", "x25519_hqc128", - "1.3.9999.99.45", + "1.3.9999.99.42", "hqc192", - "1.3.9999.99.44", + "1.3.9999.99.41", "p384_hqc192", "1.3.9999.99.15", "x448_hqc192", - "1.3.9999.99.47", + "1.3.9999.99.44", "hqc256", - "1.3.9999.99.46", + "1.3.9999.99.43", "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ @@ -1109,7 +1109,6 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] #endif // clang-format on ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END - // ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions), {NULL, NULL, NULL}}; static const OSSL_ALGORITHM oqsprovider_encoder[] = {