Merge KEM OID branch (#522)

commit c4f6eac Merge: f0fe7d1 0312c00 Author: Michael Baentsch <[email protected]> Date: Mon Sep 23 17:05:42 2024 +0200 Merge branch 'main' into mb-disabletempoids Signed-off-by: Michael Baentsch <[email protected]> commit f0fe7d1 Author: Michael Baentsch <[email protected]> Date: Mon Sep 23 11:19:08 2024 +0200 Update test/oqs_test_endecode.c Co-authored-by: Spencer Wilson <[email protected]> Signed-off-by: Michael Baentsch <[email protected]> commit 3d5b68e Author: Michael Baentsch <[email protected]> Date: Mon Sep 23 11:18:58 2024 +0200 Update test/oqs_test_endecode.c Co-authored-by: Spencer Wilson <[email protected]> Signed-off-by: Michael Baentsch <[email protected]> commit e94338d Author: Michael Baentsch <[email protected]> Date: Sun Sep 15 18:19:33 2024 +0200 disable tests on no-OID KEMs Signed-off-by: Michael Baentsch <[email protected]> commit a60f6b7 Author: Michael Baentsch <[email protected]> Date: Sun Sep 15 17:31:57 2024 +0200 disable tmp OID generation Signed-off-by: Michael Baentsch <[email protected]>
open-quantum-safe · Sep 26, 2024 · a5a7753 · a5a7753
1 parent c951f62
commit a5a7753
Show file tree

Hide file tree

Showing 5 changed files with 161 additions and 135 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -162,6 +162,10 @@ OQS_CODEPOINT_X25519_KYBER512=65072  ./openssl/apps/openssl s_client -groups x25
 Along the same lines as the code points, X.509 OIDs may be subject to change
 prior to final standardization. The environment variables below permit
 adapting the OIDs of all supported signature algorithms as per the table below.
+OIDs denoted with NULL are not maintained and may lead to errors in code
+execution. Anyone interested in using an algorithm with such designation is
+requested to contribute to the maintenance of these OIDs along the lines
+discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351.
 
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
 |Algorithm name |    default OID    | enabled | environment variable |
@@ -260,58 +264,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li
 
 |Algorithm name |    default OID    | environment variable |
 |---------------|:-----------------:|----------------------|
-| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES
-| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES
-| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES
-| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE
-| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE
-| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE
-| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES
-| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES
-| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES
-| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE
-| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE
-| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE
-| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES
-| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES
-| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE
-| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE
+| frodo640aes | NULL | OQS_OID_FRODO640AES
+| p256_frodo640aes | NULL | OQS_OID_P256_FRODO640AES
+| x25519_frodo640aes | NULL | OQS_OID_X25519_FRODO640AES
+| frodo640shake | NULL | OQS_OID_FRODO640SHAKE
+| p256_frodo640shake | NULL | OQS_OID_P256_FRODO640SHAKE
+| x25519_frodo640shake | NULL | OQS_OID_X25519_FRODO640SHAKE
+| frodo976aes | NULL | OQS_OID_FRODO976AES
+| p384_frodo976aes | NULL | OQS_OID_P384_FRODO976AES
+| x448_frodo976aes | NULL | OQS_OID_X448_FRODO976AES
+| frodo976shake | NULL | OQS_OID_FRODO976SHAKE
+| p384_frodo976shake | NULL | OQS_OID_P384_FRODO976SHAKE
+| x448_frodo976shake | NULL | OQS_OID_X448_FRODO976SHAKE
+| frodo1344aes | NULL | OQS_OID_FRODO1344AES
+| p521_frodo1344aes | NULL | OQS_OID_P521_FRODO1344AES
+| frodo1344shake | NULL | OQS_OID_FRODO1344SHAKE
+| p521_frodo1344shake | NULL | OQS_OID_P521_FRODO1344SHAKE
 | kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512
-| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512
-| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512
+| p256_kyber512 | NULL | OQS_OID_P256_KYBER512
+| x25519_kyber512 | NULL | OQS_OID_X25519_KYBER512
 | kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768
-| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768
-| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768
-| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768
-| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768
+| p384_kyber768 | NULL | OQS_OID_P384_KYBER768
+| x448_kyber768 | NULL | OQS_OID_X448_KYBER768
+| x25519_kyber768 | NULL | OQS_OID_X25519_KYBER768
+| p256_kyber768 | NULL | OQS_OID_P256_KYBER768
 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024
-| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024
+| p521_kyber1024 | NULL | OQS_OID_P521_KYBER1024
 | mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512
 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512
 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512
 | mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768
-| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768
-| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768
-| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768
-| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768
+| p384_mlkem768 | NULL | OQS_OID_P384_MLKEM768
+| x448_mlkem768 | NULL | OQS_OID_X448_MLKEM768
+| x25519_mlkem768 | NULL | OQS_OID_X25519_MLKEM768
+| p256_mlkem768 | NULL | OQS_OID_P256_MLKEM768
 | mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024
-| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024
+| p521_mlkem1024 | NULL | OQS_OID_P521_MLKEM1024
 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024
-| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1
-| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1
-| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1
-| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3
-| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3
-| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3
-| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5
-| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5
-| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128
-| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128
-| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128
-| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192
-| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192
-| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192
-| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256
-| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256
+| bikel1 | NULL | OQS_OID_BIKEL1
+| p256_bikel1 | NULL | OQS_OID_P256_BIKEL1
+| x25519_bikel1 | NULL | OQS_OID_X25519_BIKEL1
+| bikel3 | NULL | OQS_OID_BIKEL3
+| p384_bikel3 | NULL | OQS_OID_P384_BIKEL3
+| x448_bikel3 | NULL | OQS_OID_X448_BIKEL3
+| bikel5 | NULL | OQS_OID_BIKEL5
+| p521_bikel5 | NULL | OQS_OID_P521_BIKEL5
+| hqc128 | NULL | OQS_OID_HQC128
+| p256_hqc128 | NULL | OQS_OID_P256_HQC128
+| x25519_hqc128 | NULL | OQS_OID_X25519_HQC128
+| hqc192 | NULL | OQS_OID_HQC192
+| p384_hqc192 | NULL | OQS_OID_P384_HQC192
+| x448_hqc192 | NULL | OQS_OID_X448_HQC192
+| hqc256 | NULL | OQS_OID_HQC256
+| p521_hqc256 | NULL | OQS_OID_P521_HQC256
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->
 
diff --git a/oqs-template/generate.py b/oqs-template/generate.py
@@ -93,9 +93,11 @@ def nist_to_bits(nistlevel):
       return None
 
 def get_tmp_kem_oid():
-   global kemoidcnt
-   kemoidcnt = kemoidcnt+1
-   return "1.3.9999.99."+str(kemoidcnt)
+   # doesn't work for runs on different files:
+   # global kemoidcnt
+   # kemoidcnt = kemoidcnt+1
+   # return "1.3.9999.99."+str(kemoidcnt)
+   return "NULL"
 
 def complete_config(config):
    for kem in config['kems']:

diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment
@@ -29,9 +29,17 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] =
 
 #ifdef OQS_KEM_ENCODERS
 {% for kem in config['kems'] %}
+{%- if kem['oid'] == "NULL" -%}
+NULL, "{{ kem['name_group'] }}",
+{%- else -%}
 "{{ kem['oid'] }}", "{{ kem['name_group'] }}",
+{%- endif -%}
 {%- for hybrid in kem['hybrids'] %}
+{%- if hybrid['hybrid_oid'] == "NULL" -%}
+NULL, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}",
+{%- else -%}
 "{{hybrid['hybrid_oid']}}", "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}",
+{%- endif -%}
 {%- endfor -%}
 {%- endfor %}