Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding s/ntrup1277 #38

Merged
merged 2 commits into from
Oct 28, 2021
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions oqs-template/generate.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,84 @@ def fixup_copyright(filename):
newfile.write(line)
os.rename(filename+".new", filename)

def get_kem_nistlevel(alg):
if 'LIBOQS_SRC_DIR' not in os.environ:
print("Must include LIBOQS_SRC_DIR in environment")
exit(1)
# translate family names in generate.yml to directory names for liboqs algorithm datasheets
if alg['family'] == 'CRYSTALS-Kyber': datasheetname = 'kyber'
elif alg['family'] == 'SIDH': datasheetname = 'sike'
elif alg['family'] == 'NTRU-Prime': datasheetname = 'ntruprime'
else: datasheetname = alg['family'].lower()
# load datasheet
algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'kem', '{:s}.yml'.format(datasheetname))
algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8'))
# hacks to match names
def matches(name, alg):
def simplify(s):
return s.lower().replace('_', '').replace('-', '')
if 'FrodoKEM' in name: name = name.replace('FrodoKEM', 'Frodo')
if 'Saber-KEM' in name: name = name.replace('-KEM', '')
if '-90s' in name: name = name.replace('-90s', '').replace('Kyber', 'Kyber90s')
if simplify(name) == simplify(alg['name_group']): return True
return False
# find the variant that matches
for variant in algyml['parameter-sets']:
if matches(variant['name'], alg):
return variant['claimed-nist-level']
return None

def get_sig_nistlevel(family, alg):
if 'LIBOQS_SRC_DIR' not in os.environ:
print("Must include LIBOQS_SRC_DIR in environment")
exit(1)
# translate family names in generate.yml to directory names for liboqs algorithm datasheets
if family['family'] == 'CRYSTALS-Dilithium': datasheetname = 'dilithium'
elif family['family'] == 'SPHINCS-Haraka': datasheetname = 'sphincs'
elif family['family'] == 'SPHINCS-SHA256': datasheetname = 'sphincs'
elif family['family'] == 'SPHINCS-SHAKE256': datasheetname = 'sphincs'
else: datasheetname = family['family'].lower()
# load datasheet
algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'sig', '{:s}.yml'.format(datasheetname))
algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8'))
# hacks to match names
def matches(name, alg):
def simplify(s):
return s.lower().replace('_', '').replace('-', '').replace('+', '')
if simplify(name) == simplify(alg['name']): return True
return False
# find the variant that matches
for variant in algyml['parameter-sets']:
if matches(variant['name'], alg):
return variant['claimed-nist-level']
return None

def nist_to_bits(nistlevel):
if nistlevel==1 or nistlevel==2:
return 128
elif nistlevel==3 or nistlevel==4:
return 192
elif nistlevel==5:
return 256
else:
return None

def complete_config(config):
for kem in config['kems']:
bits_level = nist_to_bits(get_kem_nistlevel(kem))
if bits_level == None:
print("Cannot find security level for {:s} {:s}".format(kem['family'], kem['name_group']))
exit(1)
kem['bit_security'] = bits_level
for famsig in config['sigs']:
for sig in famsig['variants']:
bits_level = nist_to_bits(get_sig_nistlevel(famsig, sig))
if bits_level == None:
print("Cannot find security level for {:s} {:s}".format(famsig['family'], sig['name']))
exit(1)
sig['security'] = bits_level
return config

def run_subprocess(command, outfilename=None, working_dir='.', expected_returncode=0, input=None, ignore_returncode=False):
result = subprocess.run(
command,
Expand Down Expand Up @@ -105,6 +183,8 @@ def load_config():
return config

config = load_config()
config = complete_config(config)


populate('test/oqs_test_signatures.c', config, '/////')
populate('test/oqs_test_groups.c', config, '/////')
Expand Down
6 changes: 4 additions & 2 deletions oqsprov/oqs_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -799,9 +799,11 @@ MAKE_KEM_KEYMGMT_FUNCTIONS(hqc128, OQS_KEM_alg_hqc_128, 128)
MAKE_KEM_KEYMGMT_FUNCTIONS(hqc192, OQS_KEM_alg_hqc_192, 192)
MAKE_KEM_KEYMGMT_FUNCTIONS(hqc256, OQS_KEM_alg_hqc_256, 256)
MAKE_KEM_KEYMGMT_FUNCTIONS(ntrulpr653, OQS_KEM_alg_ntruprime_ntrulpr653, 128)
MAKE_KEM_KEYMGMT_FUNCTIONS(ntrulpr761, OQS_KEM_alg_ntruprime_ntrulpr761, 192)
MAKE_KEM_KEYMGMT_FUNCTIONS(ntrulpr761, OQS_KEM_alg_ntruprime_ntrulpr761, 128)
bhess marked this conversation as resolved.
Show resolved Hide resolved
MAKE_KEM_KEYMGMT_FUNCTIONS(ntrulpr857, OQS_KEM_alg_ntruprime_ntrulpr857, 192)
MAKE_KEM_KEYMGMT_FUNCTIONS(ntrulpr1277, OQS_KEM_alg_ntruprime_ntrulpr1277, 256)
MAKE_KEM_KEYMGMT_FUNCTIONS(sntrup653, OQS_KEM_alg_ntruprime_sntrup653, 128)
MAKE_KEM_KEYMGMT_FUNCTIONS(sntrup761, OQS_KEM_alg_ntruprime_sntrup761, 192)
MAKE_KEM_KEYMGMT_FUNCTIONS(sntrup761, OQS_KEM_alg_ntruprime_sntrup761, 128)
MAKE_KEM_KEYMGMT_FUNCTIONS(sntrup857, OQS_KEM_alg_ntruprime_sntrup857, 192)
MAKE_KEM_KEYMGMT_FUNCTIONS(sntrup1277, OQS_KEM_alg_ntruprime_sntrup1277, 256)
///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END
6 changes: 6 additions & 0 deletions oqsprov/oqs_prov.h
Original file line number Diff line number Diff line change
Expand Up @@ -324,9 +324,11 @@ extern const OSSL_DISPATCH oqs_hqc256_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ntrulpr653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ntrulpr761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ntrulpr857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ntrulpr1277_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_sntrup653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_sntrup761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_sntrup857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_sntrup1277_keymgmt_functions[];

extern const OSSL_DISPATCH oqs_ecp_frodo640aes_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_frodo640shake_keymgmt_functions[];
Expand Down Expand Up @@ -363,9 +365,11 @@ extern const OSSL_DISPATCH oqs_ecp_hqc256_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_ntrulpr653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_ntrulpr761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_ntrulpr857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_ntrulpr1277_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_sntrup653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_sntrup761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_sntrup857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecp_sntrup1277_keymgmt_functions[];

extern const OSSL_DISPATCH oqs_ecx_frodo640aes_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_frodo640shake_keymgmt_functions[];
Expand Down Expand Up @@ -402,9 +406,11 @@ extern const OSSL_DISPATCH oqs_ecx_hqc256_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_ntrulpr653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_ntrulpr761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_ntrulpr857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_ntrulpr1277_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_sntrup653_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_sntrup761_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_sntrup857_keymgmt_functions[];
extern const OSSL_DISPATCH oqs_ecx_sntrup1277_keymgmt_functions[];
///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_END

/* BIO function declarations */
Expand Down
12 changes: 8 additions & 4 deletions oqsprov/oqsprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,13 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = {
KEMALG3(hqc192, 192),
KEMALG3(hqc256, 256),
KEMALG3(ntrulpr653, 128),
KEMALG3(ntrulpr761, 192),
KEMALG3(ntrulpr761, 128),
KEMALG3(ntrulpr857, 192),
KEMALG3(ntrulpr1277, 256),
KEMALG3(sntrup653, 128),
KEMALG3(sntrup761, 192),
KEMALG3(sntrup761, 128),
KEMALG3(sntrup857, 192),
KEMALG3(sntrup1277, 256),
///// OQS_TEMPLATE_FRAGMENT_KEM_FUNCTIONS_END
{ NULL, NULL, NULL }
};
Expand Down Expand Up @@ -227,11 +229,13 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = {
KEMKMALG3(hqc192, 192),
KEMKMALG3(hqc256, 256),
KEMKMALG3(ntrulpr653, 128),
KEMKMALG3(ntrulpr761, 192),
KEMKMALG3(ntrulpr761, 128),
KEMKMALG3(ntrulpr857, 192),
KEMKMALG3(ntrulpr1277, 256),
KEMKMALG3(sntrup653, 128),
KEMKMALG3(sntrup761, 192),
KEMKMALG3(sntrup761, 128),
KEMKMALG3(sntrup857, 192),
KEMKMALG3(sntrup1277, 256),
///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_FUNCTIONS_END
//ALG("x25519_sikep434", oqs_ecx_sikep434_keymgmt_functions),
{ NULL, NULL, NULL }
Expand Down
36 changes: 21 additions & 15 deletions oqsprov/oqsprov_groups.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,13 @@ static const OQS_GROUP_CONSTANTS oqs_group_list[] = {
{ 0x022D, 0x2F2D, 0x2FAD, 192, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x022E, 0x2F2E, 0 , 256, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x022F, 0x2F2F, 0x2FAF, 128, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0230, 0x2F30, 0x2FB0, 192, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0230, 0x2F30, 0x2FB0, 128, TLS1_3_VERSION, 0, -1, 0, 1 },
bhess marked this conversation as resolved.
Show resolved Hide resolved
{ 0x0231, 0x2F31, 0x2FB1, 192, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0241, 0x2F41, 0 , 256, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0232, 0x2F32, 0x2FB2, 128, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0233, 0x2F33, 0x2FB3, 192, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0233, 0x2F33, 0x2FB3, 128, TLS1_3_VERSION, 0, -1, 0, 1 },
bhess marked this conversation as resolved.
Show resolved Hide resolved
{ 0x0234, 0x2F34, 0x2FB4, 192, TLS1_3_VERSION, 0, -1, 0, 1 },
{ 0x0242, 0x2F42, 0 , 256, TLS1_3_VERSION, 0, -1, 0, 1 },
///// OQS_TEMPLATE_FRAGMENT_GROUP_ASSIGNMENTS_END
};

Expand Down Expand Up @@ -260,29 +262,33 @@ static const OSSL_PARAM oqs_param_group_list[][11] = {
OQS_GROUP_ENTRY(ntrulpr653, ntrulpr653, ntrulpr653, 128, 32),
OQS_GROUP_ENTRY_ECP(ntrulpr653, ntrulpr653, ntrulpr653, 128, 32),
OQS_GROUP_ENTRY_ECX(ntrulpr653, ntrulpr653, ntrulpr653, 128, 32),
OQS_GROUP_ENTRY(ntrulpr761, ntrulpr761, ntrulpr761, 192, 33),
OQS_GROUP_ENTRY_ECP(ntrulpr761, ntrulpr761, ntrulpr761, 192, 33),
OQS_GROUP_ENTRY_ECX(ntrulpr761, ntrulpr761, ntrulpr761, 192, 33),
OQS_GROUP_ENTRY(ntrulpr761, ntrulpr761, ntrulpr761, 128, 33),
OQS_GROUP_ENTRY_ECP(ntrulpr761, ntrulpr761, ntrulpr761, 128, 33),
OQS_GROUP_ENTRY_ECX(ntrulpr761, ntrulpr761, ntrulpr761, 128, 33),
OQS_GROUP_ENTRY(ntrulpr857, ntrulpr857, ntrulpr857, 192, 34),
OQS_GROUP_ENTRY_ECP(ntrulpr857, ntrulpr857, ntrulpr857, 192, 34),
OQS_GROUP_ENTRY_ECX(ntrulpr857, ntrulpr857, ntrulpr857, 192, 34),
OQS_GROUP_ENTRY(sntrup653, sntrup653, sntrup653, 128, 35),
OQS_GROUP_ENTRY_ECP(sntrup653, sntrup653, sntrup653, 128, 35),
OQS_GROUP_ENTRY_ECX(sntrup653, sntrup653, sntrup653, 128, 35),
OQS_GROUP_ENTRY(sntrup761, sntrup761, sntrup761, 192, 36),
OQS_GROUP_ENTRY_ECP(sntrup761, sntrup761, sntrup761, 192, 36),
OQS_GROUP_ENTRY_ECX(sntrup761, sntrup761, sntrup761, 192, 36),
OQS_GROUP_ENTRY(sntrup857, sntrup857, sntrup857, 192, 37),
OQS_GROUP_ENTRY_ECP(sntrup857, sntrup857, sntrup857, 192, 37),
OQS_GROUP_ENTRY_ECX(sntrup857, sntrup857, sntrup857, 192, 37),
OQS_GROUP_ENTRY(ntrulpr1277, ntrulpr1277, ntrulpr1277, 256, 35),
OQS_GROUP_ENTRY_ECP(ntrulpr1277, ntrulpr1277, ntrulpr1277, 256, 35),
OQS_GROUP_ENTRY(sntrup653, sntrup653, sntrup653, 128, 36),
OQS_GROUP_ENTRY_ECP(sntrup653, sntrup653, sntrup653, 128, 36),
OQS_GROUP_ENTRY_ECX(sntrup653, sntrup653, sntrup653, 128, 36),
OQS_GROUP_ENTRY(sntrup761, sntrup761, sntrup761, 128, 37),
OQS_GROUP_ENTRY_ECP(sntrup761, sntrup761, sntrup761, 128, 37),
OQS_GROUP_ENTRY_ECX(sntrup761, sntrup761, sntrup761, 128, 37),
OQS_GROUP_ENTRY(sntrup857, sntrup857, sntrup857, 192, 38),
OQS_GROUP_ENTRY_ECP(sntrup857, sntrup857, sntrup857, 192, 38),
OQS_GROUP_ENTRY_ECX(sntrup857, sntrup857, sntrup857, 192, 38),
OQS_GROUP_ENTRY(sntrup1277, sntrup1277, sntrup1277, 256, 39),
OQS_GROUP_ENTRY_ECP(sntrup1277, sntrup1277, sntrup1277, 256, 39),
///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END
};

static int oqs_group_capability(OSSL_CALLBACK *cb, void *arg)
{
size_t i;

assert(OSSL_NELEM(oqs_param_group_list) == OSSL_NELEM(oqs_group_list) * 3 - 10);
assert(OSSL_NELEM(oqs_param_group_list) == OSSL_NELEM(oqs_group_list) * 3 - 12 /* XXX manually exclude all 256bit ECX hybrids not supported */);
for (i = 0; i < OSSL_NELEM(oqs_param_group_list); i++) {
if (!cb(oqs_param_group_list[i], arg))
return 0;
Expand Down