diff --git a/chromium/README.md b/chromium/README.md index e5754a79..1a5244d0 100644 --- a/chromium/README.md +++ b/chromium/README.md @@ -52,7 +52,7 @@ If the build completes successfully, i.e., the executable `chrome` has been crea 2. Then, in the `build` directory, run `./tool/bssl server -accept 4433 -www -loop -curves `, where `` can be any key-exchange algorithm named [here](https://github.com/open-quantum-safe/boringssl#supported-algorithms) that is supported by default by Chromium. The [kDefaultGroups array](https://github.com/open-quantum-safe/boringssl/wiki/Implementation-Notes) lists all such algorithms\*. 3. Load `https://localhost:4433` in Chromium. -An alternative test consists of using the newly built Chromium to access the OQS test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and clicking on any of the algorithm combinations [supported by Chromium](https://github.com/open-quantum-safe/boringssl/blob/master/ssl/t1_lib.cc#L375), e.g., `p256_kyber90s512`). +An alternative test consists of using the newly built Chromium to access the OQS test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and clicking on any of the algorithm combinations [supported by Chromium](https://github.com/open-quantum-safe/boringssl/blob/master/ssl/t1_lib.cc#L375), e.g., `p256_kyber512`). Note: In order to avoid certificate warnings, you need to [download the test site certificate](https://test.openquantumsafe.org/CA.crt) using the newly-built chromium. Then click the "..." Control extensions button in the top-right window corner of your newly built Chromium browser, select "Settings", click on "Privacy and Security" in the newly opened window on the left, click on "Security" in the window pane on the right, scroll down and click on "Manage certificates", click on the "Certificates" tab in the newly opened screen, click on "Import" near the top of the newly opened pane and click on the "Downloads" folder on the file selector window that opens. Then double-click on "CA.crt" and check the box next to "Trust this certificate for identifying websites" and finally click "OK". diff --git a/curl/USAGE.md b/curl/USAGE.md index aa12359b..4e95366a 100644 --- a/curl/USAGE.md +++ b/curl/USAGE.md @@ -48,7 +48,7 @@ docker run -it openquantumsafe/curl openssl speed ``` to run through all crypto algorithms built into and enabled in the docker image. This includes classic as well as quantum-safe algorithms side by side. -If interested in performance of only specific algorithms, this can be done by providing parameters as usual for [openssl speed](https://www.openssl.org/docs/man1.1.1/man1/openssl-speed.html). The list of [currently supported OQS algorithms is accessible here](https://github.com/open-quantum-safe/oqs-provider#algorithms), so an example call would be `docker run -it openquantumsafe/curl openssl speed -seconds 2 kyber90s512`. +If interested in performance of only specific algorithms, this can be done by providing parameters as usual for [openssl speed](https://www.openssl.org/docs/man1.1.1/man1/openssl-speed.html). The list of [currently supported OQS algorithms is accessible here](https://github.com/open-quantum-safe/oqs-provider#algorithms), so an example call would be `docker run -it openquantumsafe/curl openssl speed -seconds 2 kyber512`. #### Classic algorithm names for reference diff --git a/h2load/check_algorithms.sh b/h2load/check_algorithms.sh index 67c66c5e..cc3c36d2 100755 --- a/h2load/check_algorithms.sh +++ b/h2load/check_algorithms.sh @@ -4,7 +4,7 @@ server="https://test.openquantumsafe.org:6000/" # create an array of algorithms -algorithms="bikel1 bikel3 bikel5 kyber512 kyber768 kyber1024 kyber90s512 kyber90s768 kyber90s1024 frodo640aes frodo640shake frodo976aes frodo976shake frodo1344aes frodo1344shake hqc128 hqc192 hqc256" +algorithms="bikel1 bikel3 bikel5 kyber512 kyber768 kyber1024 frodo640aes frodo640shake frodo976aes frodo976shake frodo1344aes frodo1344shake hqc128 hqc192 hqc256" # declare variables for successes and failures successes="" diff --git a/nginx/fulltest/genconfig.py b/nginx/fulltest/genconfig.py index 5ba6476a..4b42ef33 100644 --- a/nginx/fulltest/genconfig.py +++ b/nginx/fulltest/genconfig.py @@ -36,7 +36,7 @@ ASSIGNMENT_FILE="assignments.json" # The list of chromium-supported KEMs: -chromium_algs = ["p256_bikel1", "p256_frodo640aes", "p256_kyber90s512", "p256_ntru_hps2048509", "p256_lightsaber"] +chromium_algs = ["p256_bikel1", "p256_frodo640aes", "p256_kyber512", "p256_ntru_hps2048509", "p256_lightsaber"] ############# Functions starting here diff --git a/nginx/nginx-conf/nginx.conf b/nginx/nginx-conf/nginx.conf index efc02c6a..bc0c0b33 100644 --- a/nginx/nginx-conf/nginx.conf +++ b/nginx/nginx-conf/nginx.conf @@ -107,7 +107,7 @@ http { ssl_protocols TLSv1.3; # You could select a subset of supported KEMs from https://github.com/open-quantum-safe/liboqs#supported-algorithms # Example (longer strings not supported by nginx!): - # ssl_ecdh_curve oqs_kem_default:frodo976shake:frodo1344shake:p256_kyber512:kyber768:kyber1024:ntru_hps2048509:ntru_hps2048677:ntru_hrss701:lightsaber:saber:kyber90s512:X25519; + # ssl_ecdh_curve oqs_kem_default:frodo976shake:frodo1344shake:p256_kyber512:kyber768:kyber1024:ntru_hps2048509:ntru_hps2048677:ntru_hrss701:lightsaber:saber:kyber512:X25519; location / { root html; diff --git a/openssh/ssh_config b/openssh/ssh_config index 5901d2c3..92de28f4 100644 --- a/openssh/ssh_config +++ b/openssh/ssh_config @@ -43,17 +43,12 @@ Port 2222 #IdentityFile ~/.ssh/id_dsa #IdentityFile ~/.ssh/id_ed25519 -#IdentityFile ~/.ssh/id_ssh-dilithium2aes #IdentityFile ~/.ssh/id_ssh-falcon512 -#IdentityFile ~/.ssh/id_ssh-sphincsharaka128fsimple IdentityFile ~/.ssh/id_ssh-ecdsa-nistp384-dilithium3 #IdentityFile ~/.ssh/id_ssh-ecdsa-nistp256-falcon512 -#IdentityFile ~/.ssh/id_ssh-ecdsa-nistp256-sphincsharaka128fsimple -#IdentityFile ~/.ssh/id_ssh-rsa3072-dilithium2aes #IdentityFile ~/.ssh/id_ssh-rsa3072-falcon512 -#IdentityFile ~/.ssh/id_ssh-rsa3072-sphincsharaka128fsimple ############################################################################### #-- Settings for CLASSICAL SSH ------------------------------------------------ diff --git a/openssh/sshd_config b/openssh/sshd_config index a7669b2c..fd260729 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -33,16 +33,12 @@ Port 2222 #HostKey /opt/oqs-ssh/ssh_host_dsa_key #HostKey /opt/oqs-ssh/ssh_host_ed25519_key -#HostKey /opt/oqs-ssh/ssh_host_ssh-dilithium2aes_key #HostKey /opt/oqs-ssh/ssh_host_ssh-falcon512_key -#HostKey /opt/oqs-ssh/ssh_host_ssh-sphincsharaka192frobust_key HostKey /opt/oqs-ssh/ssh_host_ssh-ecdsa-nistp384-dilithium3_key #HostKey /opt/oqs-ssh/ssh_host_ssh-ecdsa-nistp256-falcon512_key -#HostKey /opt/oqs-ssh/ssh_host_ssh-rsa3072-dilithium2aes_key #HostKey /opt/oqs-ssh/ssh_host_ssh-rsa3072-falcon512_key -#HostKey /opt/oqs-ssh/ssh_host_ssh-rsa3072-sphincsharaka128fsimple_key ############################################################################### diff --git a/wireshark/wolfssl-qsc.h b/wireshark/wolfssl-qsc.h index f168bc21..da21f895 100644 --- a/wireshark/wolfssl-qsc.h +++ b/wireshark/wolfssl-qsc.h @@ -5,10 +5,7 @@ oid_add_from_string("falcon_level5", "1.3.9999.3.4"); \ oid_add_from_string("dilithium_level2", "1.3.6.1.4.1.2.267.7.4.4"); \ oid_add_from_string("dilithium_level3", "1.3.6.1.4.1.2.267.7.6.5"); \ - oid_add_from_string("dilithium_level5", "1.3.6.1.4.1.2.267.7.8.7"); \ - oid_add_from_string("dilithium_aes_level2", "1.3.6.1.4.1.2.267.11.4.4"); \ - oid_add_from_string("dilithium_aes_level3", "1.3.6.1.4.1.2.267.11.6.5"); \ - oid_add_from_string("dilithium_aes_level5", "1.3.6.1.4.1.2.267.11.8.7"); + oid_add_from_string("dilithium_level5", "1.3.6.1.4.1.2.267.7.8.7"); #define QSC_KEMS \ { 532, "ntru_hps_level1" }, \ @@ -21,9 +18,6 @@ { 570, "kyber_level1" }, \ { 572, "kyber_level3" }, \ { 573, "kyber_level5" }, \ - { 574, "kyber_90s_level1" }, \ - { 575, "kyber_90s_level3" }, \ - { 576, "kyber_90s_level5" }, \ { 12052, "p256_ntru_hps_level1" }, \ { 12053, "p384_ntru_hps_level3" }, \ { 12054, "p521_ntru_hps_level5" }, \ @@ -34,15 +28,9 @@ { 12090, "p256_kyber_level1" }, \ { 12092, "p384_kyber_level3" }, \ { 12093, "p521_kyber_level5" }, \ - { 12094, "p256_kyber_90s_level1" }, \ - { 12095, "p384_kyber_90s_level3" }, \ - { 12096, "p521_kyber_90s_level5" }, \ { 0xfe0b, "falcon_level1" }, \ { 0xfe0e, "falcon_level5" }, \ { 0xfea0, "dilithium_level2" }, \ { 0xfea3, "dilithium_level3" }, \ - { 0xfea5, "dilithium_level5" }, \ - { 0xfea7, "dilithium_aes_level2" }, \ - { 0xfeaa, "dilithium_aes_level3" }, \ - { 0xfeac, "dilithium_aes_level5" }, + { 0xfea5, "dilithium_level5" },