Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated (O)IDs for interop test branch #260

Merged
merged 3 commits into from
Sep 22, 2023
Merged

updated (O)IDs for interop test branch #260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4588019
updated (O)IDs for interop test branch
baentsch Sep 21, 2023
e6de3ff
generate (O)ID tables
baentsch Sep 21, 2023
37af73c
ensure use of proper liboqs branch when testing code generator
baentsch Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/linux.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2
- name: Full build
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
run: LIBOQS_BRANCH=standard OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh
- name: Enable sibling oqsprovider for testing
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
- name: Test
Expand Down
48 changes: 24 additions & 24 deletions ALGORITHMS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,16 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
| p521_frodo1344aes | 0x2F04 | Yes | OQS_CODEPOINT_P521_FRODO1344AES |
| frodo1344shake | 0x0205 | Yes | OQS_CODEPOINT_FRODO1344SHAKE |
| p521_frodo1344shake | 0x2F05 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE |
| kyber512 | 0x023A | Yes | OQS_CODEPOINT_KYBER512 |
| p256_kyber512 | 0x2F3A | Yes | OQS_CODEPOINT_P256_KYBER512 |
| x25519_kyber512 | 0x2F39 | Yes | OQS_CODEPOINT_X25519_KYBER512 |
| kyber768 | 0x023C | Yes | OQS_CODEPOINT_KYBER768 |
| p384_kyber768 | 0x2F3C | Yes | OQS_CODEPOINT_P384_KYBER768 |
| x448_kyber768 | 0x2F90 | Yes | OQS_CODEPOINT_X448_KYBER768 |
| x25519_kyber768 | 0x6399 | Yes | OQS_CODEPOINT_X25519_KYBER768 |
| p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 |
| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
| kyber512 | 0x0244 | Yes | OQS_CODEPOINT_KYBER512 |
| p256_kyber512 | 0x2F44 | Yes | OQS_CODEPOINT_P256_KYBER512 |
| x25519_kyber512 | 0x2FB0 | Yes | OQS_CODEPOINT_X25519_KYBER512 |
| kyber768 | 0x0245 | Yes | OQS_CODEPOINT_KYBER768 |
| p384_kyber768 | 0x2F45 | Yes | OQS_CODEPOINT_P384_KYBER768 |
| x448_kyber768 | 0x2FB1 | Yes | OQS_CODEPOINT_X448_KYBER768 |
| x25519_kyber768 | 0x2FB2 | Yes | OQS_CODEPOINT_X25519_KYBER768 |
| p256_kyber768 | 0x2FB3 | Yes | OQS_CODEPOINT_P256_KYBER768 |
| kyber1024 | 0x0246 | Yes | OQS_CODEPOINT_KYBER1024 |
| p521_kyber1024 | 0x2F46 | Yes | OQS_CODEPOINT_P521_KYBER1024 |
| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
| p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
| x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
Expand All @@ -54,13 +54,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
| x448_hqc192 | 0x2FAD | Yes | OQS_CODEPOINT_X448_HQC192 |
| hqc256 | 0x022E | Yes | OQS_CODEPOINT_HQC256 |
| p521_hqc256 | 0x2F2E | Yes | OQS_CODEPOINT_P521_HQC256 |
| dilithium2 | 0xfea0 |Yes| OQS_CODEPOINT_DILITHIUM2
| p256_dilithium2 | 0xfea1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
| rsa3072_dilithium2 | 0xfea2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
| dilithium3 | 0xfea3 |Yes| OQS_CODEPOINT_DILITHIUM3
| p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
| dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5
| p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
| dilithium2 | 0xfed0 |Yes| OQS_CODEPOINT_DILITHIUM2
| p256_dilithium2 | 0xfed1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
| rsa3072_dilithium2 | 0xfed2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
| dilithium3 | 0xfed3 |Yes| OQS_CODEPOINT_DILITHIUM3
| p384_dilithium3 | 0xfed4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
| dilithium5 | 0xfed5 |Yes| OQS_CODEPOINT_DILITHIUM5
| p521_dilithium5 | 0xfed6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
| falcon512 | 0xfeae |Yes| OQS_CODEPOINT_FALCON512
| p256_falcon512 | 0xfeaf |Yes| OQS_CODEPOINT_P256_FALCON512
| rsa3072_falcon512 | 0xfeb0 |Yes| OQS_CODEPOINT_RSA3072_FALCON512
Expand Down Expand Up @@ -119,13 +119,13 @@ adapting the OIDs of all supported signature algorithms as per the table below.
<!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
|Algorithm name | default OID | enabled | environment variable |
|---------------|:-----------------:|:-------:|----------------------|
| dilithium2 | 1.3.6.1.4.1.2.267.7.4.4 |Yes| OQS_OID_DILITHIUM2
| p256_dilithium2 | 1.3.9999.2.7.1 |Yes| OQS_OID_P256_DILITHIUM2
| rsa3072_dilithium2 | 1.3.9999.2.7.2 |Yes| OQS_OID_RSA3072_DILITHIUM2
| dilithium3 | 1.3.6.1.4.1.2.267.7.6.5 |Yes| OQS_OID_DILITHIUM3
| p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3
| dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5
| p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5
| dilithium2 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_DILITHIUM2
| p256_dilithium2 | 1.3.9999.2.7.5 |Yes| OQS_OID_P256_DILITHIUM2
| rsa3072_dilithium2 | 1.3.9999.2.7.6 |Yes| OQS_OID_RSA3072_DILITHIUM2
| dilithium3 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_DILITHIUM3
| p384_dilithium3 | 1.3.9999.2.7.7 |Yes| OQS_OID_P384_DILITHIUM3
| dilithium5 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_DILITHIUM5
| p521_dilithium5 | 1.3.9999.2.7.8 |Yes| OQS_OID_P521_DILITHIUM5
| falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512
| p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512
| rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512
Expand Down
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ else()
set(OQS_ADDL_SOCKET_LIBS "")
endif()

option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " OFF)
option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " ON)
if(${NOPUBKEY_IN_PRIVKEY})
message(STATUS "Build will not store public keys alongside private keys in PKCS#8 structures")
add_compile_definitions( NOPUBKEY_IN_PRIVKEY )
Expand Down
122 changes: 96 additions & 26 deletions oqs-template/generate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
# Next free plain KEM ID: 0x0244, p-hybrid: 0x2F44, X-hybrid: 0x2FB0
# Next free plain KEM ID: 0x0247, p-hybrid: 0x2F47, X-hybrid: 0x2FB4
kems:
-
family: 'FrodoKEM'
Expand Down Expand Up @@ -84,14 +84,25 @@ kems:
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber512'
nid: '0x023A'
nid_hybrid: '0x2F3A'
nid: '0x0244'
nid_hybrid: '0x2F44'
oqs_alg: 'OQS_KEM_alg_kyber_512'
extra_nids:
current:
- hybrid_group: "x25519"
nid: '0x2F39'
nid: '0x2FB0'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023A'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp256_r1
nid: '0x2F3A'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x25519
nid: '0x2F39'
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x020F'
Expand All @@ -106,17 +117,32 @@ kems:
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber768'
nid: '0x023C'
nid_hybrid: '0x2F3C'
nid: '0x0245'
nid_hybrid: '0x2F45'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2F90'
nid: '0x2FB1'
- hybrid_group: "x25519"
nid: '0x6399'
nid: '0x2FB2'
- hybrid_group: "p256"
nid: '0x639A'
nid: '0x2FB3'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023C'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp384_r1
nid: '0x2F3C'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x25519
nid: '0x6399'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x448
nid: '0x639A'
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0210'
Expand All @@ -128,10 +154,17 @@ kems:
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber1024'
nid: '0x023D'
nid_hybrid: '0x2F3D'
nid: '0x0246'
nid_hybrid: '0x2F46'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023D'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp521_r1
nid: '0x2F3D'
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0211'
Expand Down Expand Up @@ -320,7 +353,7 @@ kem_nid_end: '0x0250'
kem_nid_hybrid_end: '0x2FFF'
# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values

# Next free signature ID: 0xfed0
# Next free signature ID: 0xfed7
sigs:
# -
# iso (1)
Expand Down Expand Up @@ -366,42 +399,79 @@ sigs:
name: 'dilithium2'
pretty_name: 'Dilithium2'
oqs_meth: 'OQS_SIG_alg_dilithium_2'
oid: '1.3.6.1.4.1.2.267.7.4.4'
code_point: '0xfea0'
oid: '1.3.6.1.4.1.2.267.12.4.4'
code_point: '0xfed0'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.2.7.1',
'code_point': '0xfea1'},
'oid': '1.3.9999.2.7.5',
'code_point': '0xfed1'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.2.7.2',
'code_point': '0xfea2'}]
'oid': '1.3.9999.2.7.6',
'code_point': '0xfed2'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.7.4.4'
code_point: '0xfea0'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.2.7.1',
'code_point': '0xfea1'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.2.7.2',
'code_point': '0xfea2'}]
-
name: 'dilithium3'
pretty_name: 'Dilithium3'
oqs_meth: 'OQS_SIG_alg_dilithium_3'
oid: '1.3.6.1.4.1.2.267.7.6.5'
code_point: '0xfea3'
oid: '1.3.6.1.4.1.2.267.12.6.5'
code_point: '0xfed3'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.2.7.3',
'code_point': '0xfea4'}]
'oid': '1.3.9999.2.7.7',
'code_point': '0xfed4'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.7.6.5'
code_point: '0xfea3'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.2.7.3',
'code_point': '0xfea4'}]
-
name: 'dilithium5'
pretty_name: 'Dilithium5'
oqs_meth: 'OQS_SIG_alg_dilithium_5'
oid: '1.3.6.1.4.1.2.267.7.8.7'
code_point: '0xfea5'
oid: '1.3.6.1.4.1.2.267.12.8.7'
code_point: '0xfed5'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.2.7.4',
'code_point': '0xfea6'}]
'oid': '1.3.9999.2.7.8',
'code_point': '0xfed6'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.7.8.7'
code_point: '0xfea5'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.2.7.4',
'code_point': '0xfea6'}]
-
name: 'dilithium2_aes'
pretty_name: 'Dilithium2_AES'
Expand Down
2 changes: 1 addition & 1 deletion oqs-template/generate_oid_nid_table.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ def gen_kem_table(oqslibdocdir):
entry['hybrid_group'] if 'hybrid_group' in entry else ""])

# sort by: family, version, security level, variant, hybrid
table.sort(key = lambda row: "{:s}|{:s}|{:d}|{:s}|{:s}".format(row[0], row[1], row[3], row[2], row[5]))
table.sort(key = lambda row: "{:s}|{:s}|{:s}|{:s}|{:s}".format(row[0], row[1], str(row[3]), row[2], row[5]))

table = [table_header] + table

Expand Down
Loading