Skip to content

Commit

Permalink
switching KEM code points as per IANA
Browse files Browse the repository at this point in the history 
Signed-off-by: Michael Baentsch <[email protected]>
  • Loading branch information
@baentsch
baentsch committed Nov 26, 2024
1 parent 8642b72 commit 7670259
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 31 deletions.
12 changes: 6 additions & 6 deletions ALGORITHMS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
<!--- OQS_TEMPLATE_FRAGMENT_IDS_START -->
|Algorithm name | default ID | enabled | environment variable |
|---------------|:----------:|:-------:|----------------------|
| frodo640aes | 0x0200 | Yes | OQS_CODEPOINT_FRODO640AES |
| frodo640aes | 65024 | Yes | OQS_CODEPOINT_FRODO640AES |
| p256_frodo640aes | 0x2F00 | Yes | OQS_CODEPOINT_P256_FRODO640AES |
| x25519_frodo640aes | 0x2F80 | Yes | OQS_CODEPOINT_X25519_FRODO640AES |
| frodo640shake | 0x0201 | Yes | OQS_CODEPOINT_FRODO640SHAKE |
| frodo640shake | 65025 | Yes | OQS_CODEPOINT_FRODO640SHAKE |
| p256_frodo640shake | 0x2F01 | Yes | OQS_CODEPOINT_P256_FRODO640SHAKE |
| x25519_frodo640shake | 0x2F81 | Yes | OQS_CODEPOINT_X25519_FRODO640SHAKE |
| frodo976aes | 0x0202 | Yes | OQS_CODEPOINT_FRODO976AES |
| frodo976aes | 65026 | Yes | OQS_CODEPOINT_FRODO976AES |
| p384_frodo976aes | 0x2F02 | Yes | OQS_CODEPOINT_P384_FRODO976AES |
| x448_frodo976aes | 0x2F82 | Yes | OQS_CODEPOINT_X448_FRODO976AES |
| frodo976shake | 0x0203 | Yes | OQS_CODEPOINT_FRODO976SHAKE |
Expand All @@ -38,15 +38,15 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
| p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 |
| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
| mlkem512 | 261 | Yes | OQS_CODEPOINT_MLKEM512 |
| mlkem512 | 512 | Yes | OQS_CODEPOINT_MLKEM512 |
| p256_mlkem512 | 0x2F4B | Yes | OQS_CODEPOINT_P256_MLKEM512 |
| x25519_mlkem512 | 0x2FB6 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
| mlkem768 | 262 | Yes | OQS_CODEPOINT_MLKEM768 |
| mlkem768 | 513 | Yes | OQS_CODEPOINT_MLKEM768 |
| p384_mlkem768 | 0x2F4C | Yes | OQS_CODEPOINT_P384_MLKEM768 |
| x448_mlkem768 | 0x2FB7 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
| X25519MLKEM768 | 0x11ec | Yes | OQS_CODEPOINT_X25519MLKEM768 |
| SecP256r1MLKEM768 | 0x11eb | Yes | OQS_CODEPOINT_SECP256R1MLKEM768 |
| mlkem1024 | 263 | Yes | OQS_CODEPOINT_MLKEM1024 |
| mlkem1024 | 514 | Yes | OQS_CODEPOINT_MLKEM1024 |
| p521_mlkem1024 | 0x2F4D | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
| p384_mlkem1024 | 0x2F4E | Yes | OQS_CODEPOINT_P384_MLKEM1024 |
| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
Expand Down
14 changes: 8 additions & 6 deletions oqs-template/generate.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
# Next free plain KEM ID: 0x024D, p-hybrid: 0x2F4F, X-hybrid: 0x2FB9
# Switch to using unassigned code points as per https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8:
# Next free: 65027 (see https://github.com/open-quantum-safe/oqs-provider/issues/561)
kems:
-
family: 'FrodoKEM'
name_group: 'frodo640aes'
nid: '0x0200'
nid: '65024'
nid_hybrid: '0x2F00'
oqs_alg: 'OQS_KEM_alg_frodokem_640_aes'
extra_nids:
Expand All @@ -14,7 +16,7 @@ kems:
-
family: 'FrodoKEM'
name_group: 'frodo640shake'
nid: '0x0201'
nid: '65025'
nid_hybrid: '0x2F01'
oqs_alg: 'OQS_KEM_alg_frodokem_640_shake'
extra_nids:
Expand All @@ -24,7 +26,7 @@ kems:
-
family: 'FrodoKEM'
name_group: 'frodo976aes'
nid: '0x0202'
nid: '65026'
nid_hybrid: '0x2F02'
oqs_alg: 'OQS_KEM_alg_frodokem_976_aes'
extra_nids:
Expand Down Expand Up @@ -151,7 +153,7 @@ kems:
fips_standard: 1
name_group: 'mlkem512'
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
nid: '261'
nid: '512'
# NIST kem 1
oid: '2.16.840.1.101.3.4.4.1'
# code point not standardized: Why? XXX
Expand All @@ -171,7 +173,7 @@ kems:
fips_standard: 1
name_group: 'mlkem768'
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
nid: '262'
nid: '513'
# NIST kem 2
oid: '2.16.840.1.101.3.4.4.2'
# code point not standardized: Why? XXX
Expand All @@ -195,7 +197,7 @@ kems:
fips_standard: 1
name_group: 'mlkem1024'
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
nid: '263'
nid: '514'
# NIST kem 3
oid: '2.16.840.1.101.3.4.4.3'
# code point not standardized: Why? XXX
Expand Down
12 changes: 6 additions & 6 deletions oqs-template/oqs-kem-info.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,15 +57,15 @@
| FrodoKEM | NIST Round 3 submission | frodo1344aes | 3 | 5 | 0x2F04 | secp521_r1 |
| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x0205 | |
| FrodoKEM | NIST Round 3 submission | frodo1344shake | 3 | 5 | 0x2F05 | secp521_r1 |
| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x0200 | |
| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F00 | secp256_r1 |
| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 0x2F80 | x25519 |
| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x0201 | |
| FrodoKEM | NIST Round 3 submission | frodo640aes | 3 | 1 | 65024 | |
| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F01 | secp256_r1 |
| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 0x2F81 | x25519 |
| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x0202 | |
| FrodoKEM | NIST Round 3 submission | frodo640shake | 3 | 1 | 65025 | |
| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F02 | secp384_r1 |
| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 0x2F82 | x448 |
| FrodoKEM | NIST Round 3 submission | frodo976aes | 3 | 3 | 65026 | |
| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x0203 | |
| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F03 | secp384_r1 |
| FrodoKEM | NIST Round 3 submission | frodo976shake | 3 | 3 | 0x2F83 | x448 |
Expand All @@ -87,12 +87,12 @@
| HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 |
| ML-KEM | ML-KEM | mlkem1024 | FIPS203 | 5 | 0x2F4D | secp521_r1 |
| ML-KEM | ML-KEM | mlkem1024 | FIPS203 | 5 | 0x2F4E | p384 |
| ML-KEM | ML-KEM | mlkem1024 | FIPS203 | 5 | 263 | |
| ML-KEM | ML-KEM | mlkem1024 | FIPS203 | 5 | 514 | |
| ML-KEM | ML-KEM | mlkem512 | FIPS203 | 1 | 0x2F4B | secp256_r1 |
| ML-KEM | ML-KEM | mlkem512 | FIPS203 | 1 | 0x2FB6 | x25519 |
| ML-KEM | ML-KEM | mlkem512 | FIPS203 | 1 | 261 | |
| ML-KEM | ML-KEM | mlkem512 | FIPS203 | 1 | 512 | |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 0x11eb | p256 |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 0x11ec | x25519 |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 0x2F4C | secp384_r1 |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 0x2FB7 | x448 |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 262 | |
| ML-KEM | ML-KEM | mlkem768 | FIPS203 | 3 | 513 | |
12 changes: 6 additions & 6 deletions oqsprov/oqsprov_capabilities.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ typedef struct oqs_group_constants_st {
static OQS_GROUP_CONSTANTS oqs_group_list[] = {
// ad-hoc assignments - take from OQS generate data structures
///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_START
{0x0200, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{65024, 128, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F00, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2F80, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{0x0201, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{65025, 128, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F01, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2F81, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{0x0202, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{65026, 192, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F02, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2F82, 192, TLS1_3_VERSION, 0, -1, -1, 1},
Expand All @@ -70,17 +70,17 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = {
{0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1},
{261, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{512, 128, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F4B, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2FB6, 128, TLS1_3_VERSION, 0, -1, -1, 1},
{262, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{513, 192, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F4C, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2FB7, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{0x11ec, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{0x11eb, 192, TLS1_3_VERSION, 0, -1, -1, 1},
{263, 256, TLS1_3_VERSION, 0, -1, -1, 1},
{514, 256, TLS1_3_VERSION, 0, -1, -1, 1},

{0x2F4D, 256, TLS1_3_VERSION, 0, -1, -1, 1},
{0x2F4E, 256, TLS1_3_VERSION, 0, -1, -1, 1},
Expand Down
15 changes: 8 additions & 7 deletions scripts/oqsprovider-externalinterop.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,14 @@ fi

# Ascertain algorithms are available:

echo " Cloudflare:"

if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber768); then
echo "Skipping unconfigured x25519_kyber768 interop test"
else
(echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00
fi
#echo " Cloudflare:"
#
# Cloudflare seems to have disabled this algorithm family by now. Drop for good?
#if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber768); then
# echo "Skipping unconfigured x25519_kyber768 interop test"
#else
# (echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00
#fi

echo " Google:"

Expand Down

0 comments on commit 7670259

Please sign in to comment.