Merge pull request #260 from open-quantum-safe/mb-liboqs-standard-branch

updated (O)IDs for interop test branch
open-quantum-safe · Sep 22, 2023 · ed6462a · ed6462a
2 parents 9fffe3b + 37af73c
commit ed6462a
Show file tree

Hide file tree

Showing 9 changed files with 384 additions and 298 deletions.
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Full build
-        run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
+        run: LIBOQS_BRANCH=standard OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
       - name: Enable sibling oqsprovider for testing
         run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
       - name: Test

diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -28,16 +28,16 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | p521_frodo1344aes | 0x2F04 | Yes | OQS_CODEPOINT_P521_FRODO1344AES |
 | frodo1344shake | 0x0205 | Yes | OQS_CODEPOINT_FRODO1344SHAKE |
 | p521_frodo1344shake | 0x2F05 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE |
-| kyber512 | 0x023A | Yes | OQS_CODEPOINT_KYBER512 |
-| p256_kyber512 | 0x2F3A | Yes | OQS_CODEPOINT_P256_KYBER512 |
-| x25519_kyber512 | 0x2F39 | Yes | OQS_CODEPOINT_X25519_KYBER512 |
-| kyber768 | 0x023C | Yes | OQS_CODEPOINT_KYBER768 |
-| p384_kyber768 | 0x2F3C | Yes | OQS_CODEPOINT_P384_KYBER768 |
-| x448_kyber768 | 0x2F90 | Yes | OQS_CODEPOINT_X448_KYBER768 |
-| x25519_kyber768 | 0x6399 | Yes | OQS_CODEPOINT_X25519_KYBER768 |
-| p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 |
-| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
-| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
+| kyber512 | 0x0244 | Yes | OQS_CODEPOINT_KYBER512 |
+| p256_kyber512 | 0x2F44 | Yes | OQS_CODEPOINT_P256_KYBER512 |
+| x25519_kyber512 | 0x2FB0 | Yes | OQS_CODEPOINT_X25519_KYBER512 |
+| kyber768 | 0x0245 | Yes | OQS_CODEPOINT_KYBER768 |
+| p384_kyber768 | 0x2F45 | Yes | OQS_CODEPOINT_P384_KYBER768 |
+| x448_kyber768 | 0x2FB1 | Yes | OQS_CODEPOINT_X448_KYBER768 |
+| x25519_kyber768 | 0x2FB2 | Yes | OQS_CODEPOINT_X25519_KYBER768 |
+| p256_kyber768 | 0x2FB3 | Yes | OQS_CODEPOINT_P256_KYBER768 |
+| kyber1024 | 0x0246 | Yes | OQS_CODEPOINT_KYBER1024 |
+| p521_kyber1024 | 0x2F46 | Yes | OQS_CODEPOINT_P521_KYBER1024 |
 | bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
 | p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
 | x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
@@ -54,13 +54,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | x448_hqc192 | 0x2FAD | Yes | OQS_CODEPOINT_X448_HQC192 |
 | hqc256 | 0x022E | Yes | OQS_CODEPOINT_HQC256 |
 | p521_hqc256 | 0x2F2E | Yes | OQS_CODEPOINT_P521_HQC256 |
-| dilithium2 | 0xfea0 |Yes| OQS_CODEPOINT_DILITHIUM2
-| p256_dilithium2 | 0xfea1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
-| rsa3072_dilithium2 | 0xfea2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
-| dilithium3 | 0xfea3 |Yes| OQS_CODEPOINT_DILITHIUM3
-| p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
-| dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5
-| p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
+| dilithium2 | 0xfed0 |Yes| OQS_CODEPOINT_DILITHIUM2
+| p256_dilithium2 | 0xfed1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
+| rsa3072_dilithium2 | 0xfed2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
+| dilithium3 | 0xfed3 |Yes| OQS_CODEPOINT_DILITHIUM3
+| p384_dilithium3 | 0xfed4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
+| dilithium5 | 0xfed5 |Yes| OQS_CODEPOINT_DILITHIUM5
+| p521_dilithium5 | 0xfed6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
 | falcon512 | 0xfeae |Yes| OQS_CODEPOINT_FALCON512
 | p256_falcon512 | 0xfeaf |Yes| OQS_CODEPOINT_P256_FALCON512
 | rsa3072_falcon512 | 0xfeb0 |Yes| OQS_CODEPOINT_RSA3072_FALCON512
@@ -119,13 +119,13 @@ adapting the OIDs of all supported signature algorithms as per the table below.
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
 |Algorithm name |    default OID    | enabled | environment variable |
 |---------------|:-----------------:|:-------:|----------------------|
-| dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |Yes| OQS_OID_DILITHIUM2
-| p256_dilithium2 | 1.3.9999.2.7.1 |Yes| OQS_OID_P256_DILITHIUM2
-| rsa3072_dilithium2 | 1.3.9999.2.7.2 |Yes| OQS_OID_RSA3072_DILITHIUM2
-| dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |Yes| OQS_OID_DILITHIUM3
-| p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3
-| dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5
-| p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5
+| dilithium2 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_DILITHIUM2
+| p256_dilithium2 | 1.3.9999.2.7.5 |Yes| OQS_OID_P256_DILITHIUM2
+| rsa3072_dilithium2 | 1.3.9999.2.7.6 |Yes| OQS_OID_RSA3072_DILITHIUM2
+| dilithium3 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_DILITHIUM3
+| p384_dilithium3 | 1.3.9999.2.7.7 |Yes| OQS_OID_P384_DILITHIUM3
+| dilithium5 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_DILITHIUM5
+| p521_dilithium5 | 1.3.9999.2.7.8 |Yes| OQS_OID_P521_DILITHIUM5
 | falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512
 | p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512
 | rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -25,7 +25,7 @@ else()
   set(OQS_ADDL_SOCKET_LIBS "")
 endif()
 
-option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " OFF)
+option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " ON)
 if(${NOPUBKEY_IN_PRIVKEY})
     message(STATUS "Build will not store public keys alongside private keys in PKCS#8 structures")
     add_compile_definitions( NOPUBKEY_IN_PRIVKEY )

diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -1,5 +1,5 @@
 # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
-# Next free plain KEM ID: 0x0244, p-hybrid: 0x2F44, X-hybrid: 0x2FB0
+# Next free plain KEM ID: 0x0247, p-hybrid: 0x2F47, X-hybrid: 0x2FB4
 kems:
   -
     family: 'FrodoKEM'
@@ -84,14 +84,25 @@ kems:
   -
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber512'
-    nid: '0x023A'
-    nid_hybrid: '0x2F3A'
+    nid: '0x0244'
+    nid_hybrid: '0x2F44'
     oqs_alg: 'OQS_KEM_alg_kyber_512'
     extra_nids:
       current:
         - hybrid_group: "x25519"
-          nid: '0x2F39'
+          nid: '0x2FB0'
       old:
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          nid: '0x023A'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: secp256_r1
+          nid: '0x2F3A'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: x25519
+          nid: '0x2F39'
         - implementation_version: NIST Round 2 submission
           nist-round: 2
           nid: '0x020F'
@@ -106,17 +117,32 @@ kems:
   -
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber768'
-    nid: '0x023C'
-    nid_hybrid: '0x2F3C'
+    nid: '0x0245'
+    nid_hybrid: '0x2F45'
     extra_nids:
       current:
         - hybrid_group: "x448"
-          nid: '0x2F90'
+          nid: '0x2FB1'
         - hybrid_group: "x25519"
-          nid: '0x6399'
+          nid: '0x2FB2'
         - hybrid_group: "p256"
-          nid: '0x639A'
+          nid: '0x2FB3'
       old:
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          nid: '0x023C'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: secp384_r1
+          nid: '0x2F3C'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: x25519
+          nid: '0x6399'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: x448
+          nid: '0x639A'
         - implementation_version: NIST Round 2 submission
           nist-round: 2
           nid: '0x0210'
@@ -128,10 +154,17 @@ kems:
   -
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber1024'
-    nid: '0x023D'
-    nid_hybrid: '0x2F3D'
+    nid: '0x0246'
+    nid_hybrid: '0x2F46'
     extra_nids:
       old:
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          nid: '0x023D'
+        - implementation_version: NIST Round 3 submission
+          nist-round: 3
+          hybrid_group: secp521_r1
+          nid: '0x2F3D'
         - implementation_version: NIST Round 2 submission
           nist-round: 2
           nid: '0x0211'
@@ -320,7 +353,7 @@ kem_nid_end: '0x0250'
 kem_nid_hybrid_end: '0x2FFF'
 # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values
 
-# Next free signature ID: 0xfed0
+# Next free signature ID: 0xfed7
 sigs:
   # -
     # iso (1)
@@ -366,42 +399,79 @@ sigs:
         name: 'dilithium2'
         pretty_name: 'Dilithium2'
         oqs_meth: 'OQS_SIG_alg_dilithium_2'
-        oid: '1.3.6.1.4.1.2.267.7.4.4'
-        code_point: '0xfea0'
+        oid: '1.3.6.1.4.1.2.267.12.4.4'
+        code_point: '0xfed0'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
         enable: true
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
-                    'oid': '1.3.9999.2.7.1',
-                    'code_point': '0xfea1'},
+                    'oid': '1.3.9999.2.7.5',
+                    'code_point': '0xfed1'},
                    {'name': 'rsa3072',
                     'pretty_name': 'RSA3072',
-                    'oid': '1.3.9999.2.7.2',
-                    'code_point': '0xfea2'}]
+                    'oid': '1.3.9999.2.7.6',
+                    'code_point': '0xfed2'}]
+        extra_nids:
+          old:
+            - implementation_version: NIST Round 3 submission
+              nist-round: 3
+              oid: '1.3.6.1.4.1.2.267.7.4.4'
+              code_point: '0xfea0'
+              supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
+              mix_with: [{'name': 'p256',
+                          'pretty_name': 'ECDSA p256',
+                          'oid': '1.3.9999.2.7.1',
+                          'code_point': '0xfea1'},
+                         {'name': 'rsa3072',
+                          'pretty_name': 'RSA3072',
+                          'oid': '1.3.9999.2.7.2',
+                          'code_point': '0xfea2'}]
       -
         name: 'dilithium3'
         pretty_name: 'Dilithium3'
         oqs_meth: 'OQS_SIG_alg_dilithium_3'
-        oid: '1.3.6.1.4.1.2.267.7.6.5'
-        code_point: '0xfea3'
+        oid: '1.3.6.1.4.1.2.267.12.6.5'
+        code_point: '0xfed3'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
         enable: true
         mix_with: [{'name': 'p384',
                     'pretty_name': 'ECDSA p384',
-                    'oid': '1.3.9999.2.7.3',
-                    'code_point': '0xfea4'}]
+                    'oid': '1.3.9999.2.7.7',
+                    'code_point': '0xfed4'}]
+        extra_nids:
+          old:
+            - implementation_version: NIST Round 3 submission
+              nist-round: 3
+              oid: '1.3.6.1.4.1.2.267.7.6.5'
+              code_point: '0xfea3'
+              supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
+              mix_with: [{'name': 'p384',
+                          'pretty_name': 'ECDSA p384',
+                          'oid': '1.3.9999.2.7.3',
+                          'code_point': '0xfea4'}]
       -
         name: 'dilithium5'
         pretty_name: 'Dilithium5'
         oqs_meth: 'OQS_SIG_alg_dilithium_5'
-        oid: '1.3.6.1.4.1.2.267.7.8.7'
-        code_point: '0xfea5'
+        oid: '1.3.6.1.4.1.2.267.12.8.7'
+        code_point: '0xfed5'
         supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
         enable: true
         mix_with: [{'name': 'p521',
                     'pretty_name': 'ECDSA p521',
-                    'oid': '1.3.9999.2.7.4',
-                    'code_point': '0xfea6'}]
+                    'oid': '1.3.9999.2.7.8',
+                    'code_point': '0xfed6'}]
+        extra_nids:
+          old:
+            - implementation_version: NIST Round 3 submission
+              nist-round: 3
+              oid: '1.3.6.1.4.1.2.267.7.8.7'
+              code_point: '0xfea5'
+              supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
+              mix_with: [{'name': 'p521',
+                          'pretty_name': 'ECDSA p521',
+                          'oid': '1.3.9999.2.7.4',
+                          'code_point': '0xfea6'}]
       -
         name: 'dilithium2_aes'
         pretty_name: 'Dilithium2_AES'

diff --git a/oqs-template/generate_oid_nid_table.py b/oqs-template/generate_oid_nid_table.py
@@ -138,7 +138,7 @@ def gen_kem_table(oqslibdocdir):
                               entry['hybrid_group'] if 'hybrid_group' in entry else ""])
 
   # sort by:  family, version, security level, variant, hybrid
-  table.sort(key = lambda row: "{:s}|{:s}|{:d}|{:s}|{:s}".format(row[0], row[1], row[3], row[2], row[5]))
+  table.sort(key = lambda row: "{:s}|{:s}|{:s}|{:s}|{:s}".format(row[0], row[1], str(row[3]), row[2], row[5]))
 
   table = [table_header] + table