KEM en/decoders (#266)

* KEM algorithms' encoding & decoding added: permits generating and persisting KEM algorithm key pairs via the openssl genpkey command

.github/workflows/linux.yml

@@ -8,6 +8,26 @@ on:
 
 jobs:
 
+  linux_baseline:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        cmake-params: [ "", "-DOQS_KEM_ENCODERS=ON" ]
+    container:
+      image: openquantumsafe/ci-ubuntu-jammy:latest
+    env:
+      MAKE_PARAMS: "-j 18"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Full build
+        run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh
+      - name: Enable sibling oqsprovider for testing
+        run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
+      - name: Test
+        run: ./scripts/runtests.sh -V
+
   linux_intel:
     runs-on: ubuntu-latest
     strategy:

ALGORITHMS.md

@@ -159,6 +159,53 @@ adapting the OIDs of all supported signature algorithms as per the table below.
 | p521_sphincsshake256fsimple | 1.3.9999.6.9.11 |No| OQS_OID_P521_SPHINCSSHAKE256FSIMPLE
 | sphincsshake256ssimple | 1.3.9999.6.9.12 |No| OQS_OID_SPHINCSSHAKE256SSIMPLE
 | p521_sphincsshake256ssimple | 1.3.9999.6.9.13 |No| OQS_OID_P521_SPHINCSSHAKE256SSIMPLE
+
+If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following list is also available:
+
+|Algorithm name |    default OID    | environment variable |
+|---------------|:-----------------:|----------------------|
+| frodo640aes | 1.3.9999.99.50 | OQS_OID_FRODO640AES
+| p256_frodo640aes | 1.3.9999.99.49 | OQS_OID_P256_FRODO640AES
+| x25519_frodo640aes | 1.3.9999.99.38 | OQS_OID_X25519_FRODO640AES
+| frodo640shake | 1.3.9999.99.52 | OQS_OID_FRODO640SHAKE
+| p256_frodo640shake | 1.3.9999.99.51 | OQS_OID_P256_FRODO640SHAKE
+| x25519_frodo640shake | 1.3.9999.99.39 | OQS_OID_X25519_FRODO640SHAKE
+| frodo976aes | 1.3.9999.99.54 | OQS_OID_FRODO976AES
+| p384_frodo976aes | 1.3.9999.99.53 | OQS_OID_P384_FRODO976AES
+| x448_frodo976aes | 1.3.9999.99.40 | OQS_OID_X448_FRODO976AES
+| frodo976shake | 1.3.9999.99.56 | OQS_OID_FRODO976SHAKE
+| p384_frodo976shake | 1.3.9999.99.55 | OQS_OID_P384_FRODO976SHAKE
+| x448_frodo976shake | 1.3.9999.99.41 | OQS_OID_X448_FRODO976SHAKE
+| frodo1344aes | 1.3.9999.99.58 | OQS_OID_FRODO1344AES
+| p521_frodo1344aes | 1.3.9999.99.57 | OQS_OID_P521_FRODO1344AES
+| frodo1344shake | 1.3.9999.99.60 | OQS_OID_FRODO1344SHAKE
+| p521_frodo1344shake | 1.3.9999.99.59 | OQS_OID_P521_FRODO1344SHAKE
+| kyber512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_KYBER512
+| p256_kyber512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_KYBER512
+| x25519_kyber512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_KYBER512
+| kyber768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_KYBER768
+| p384_kyber768 | 1.3.9999.99.61 | OQS_OID_P384_KYBER768
+| x448_kyber768 | 1.3.9999.99.42 | OQS_OID_X448_KYBER768
+| x25519_kyber768 | 1.3.9999.99.43 | OQS_OID_X25519_KYBER768
+| p256_kyber768 | 1.3.9999.99.44 | OQS_OID_P256_KYBER768
+| kyber1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_KYBER1024
+| p521_kyber1024 | 1.3.9999.99.62 | OQS_OID_P521_KYBER1024
+| bikel1 | 1.3.9999.99.64 | OQS_OID_BIKEL1
+| p256_bikel1 | 1.3.9999.99.63 | OQS_OID_P256_BIKEL1
+| x25519_bikel1 | 1.3.9999.99.45 | OQS_OID_X25519_BIKEL1
+| bikel3 | 1.3.9999.99.66 | OQS_OID_BIKEL3
+| p384_bikel3 | 1.3.9999.99.65 | OQS_OID_P384_BIKEL3
+| x448_bikel3 | 1.3.9999.99.46 | OQS_OID_X448_BIKEL3
+| bikel5 | 1.3.9999.99.68 | OQS_OID_BIKEL5
+| p521_bikel5 | 1.3.9999.99.67 | OQS_OID_P521_BIKEL5
+| hqc128 | 1.3.9999.99.70 | OQS_OID_HQC128
+| p256_hqc128 | 1.3.9999.99.69 | OQS_OID_P256_HQC128
+| x25519_hqc128 | 1.3.9999.99.47 | OQS_OID_X25519_HQC128
+| hqc192 | 1.3.9999.99.72 | OQS_OID_HQC192
+| p384_hqc192 | 1.3.9999.99.71 | OQS_OID_P384_HQC192
+| x448_hqc192 | 1.3.9999.99.48 | OQS_OID_X448_HQC192
+| hqc256 | 1.3.9999.99.74 | OQS_OID_HQC256
+| p521_hqc256 | 1.3.9999.99.73 | OQS_OID_P521_HQC256
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->
 
 # Key Encodings

CMakeLists.txt

@@ -25,6 +25,12 @@ else()
   set(OQS_ADDL_SOCKET_LIBS "")
 endif()
 
+option(OQS_KEM_ENCODERS "Provide encoders (and decoders) for KEM algorithms " OFF)
+if(${OQS_KEM_ENCODERS})
+    message(STATUS "Build provides support for encoding KEMs")
+    add_compile_definitions( OQS_KEM_ENCODERS )
+endif()
+
 option(NOPUBKEY_IN_PRIVKEY "Do not include public keys in private key structures/PKCS#8 " OFF)
 if(${NOPUBKEY_IN_PRIVKEY})
     message(STATUS "Build will not store public keys alongside private keys in PKCS#8 structures")

CONFIGURE.md

@@ -50,6 +50,13 @@ By setting this to "ON", it can be specified to omit explicitly serializing
 the public key in a `privateKey` structure, e.g., for interoperability testing.
 The default value is `OFF`.
 
+### OQS_KEM_ENCODERS
+
+By setting this to "ON", `oqsprovider` is configured to provide encoders and decoders for
+KEM algorithms both for public and private key file formats. This increases the size of
+the provider but enables further use cases.
+The default value is `OFF`.
+
 ### OQS_PROVIDER_BUILD_STATIC
 
 By setting `-DOQS_PROVIDER_BUILD_STATIC=ON` at compile-time, oqs-provider can be
@@ -125,6 +132,11 @@ command used to build `openssl`, e.g., "-j 8" to activate 8-fold
 parallel builds to reduce the compilation time on a suitable multicore
 machine.
 
+### OQSPROV_CMAKE_PARAMS
+
+This environment variable permits passing parameters to the `cmake`
+command used to build `oqsprovider`.
+
 ### OQS_SKIP_TESTS
 
 By setting this tests environment variable, testing of specific

oqs-template/ALGORITHMS.md/oids.fragment

@@ -11,3 +11,15 @@
    {%- endfor %}
 {%- endfor %}
 
+If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following list is also available:
+
+|Algorithm name |    default OID    | environment variable |
+|---------------|:-----------------:|----------------------|
+
+{%- for kem in config['kems'] %}
+| {{kem['name_group']}} | {{ kem['oid'] }} | OQS_OID_{{ kem['name_group']|upper }}
+{%- for hybrid in kem['hybrids'] %}
+| {{ hybrid['hybrid_group'] }}_{{kem['name_group']}} | {{hybrid['hybrid_oid']}} | OQS_OID_{{ hybrid['hybrid_group']|upper }}_{{ kem['name_group']|upper }}
+{%- endfor -%}
+{%- endfor %}
+

oqs-template/generate.py

@@ -9,6 +9,8 @@
 import subprocess
 import yaml
 
+kemoidcnt=0
+
 # For files generated, the copyright message can be adapted
 # see https://github.com/open-quantum-safe/oqs-provider/issues/2#issuecomment-920904048
 # SPDX message to be leading, OpenSSL Copyright notice to be deleted
@@ -90,6 +92,11 @@ def nist_to_bits(nistlevel):
    else: 
       return None
 
+def get_tmp_kem_oid():
+   global kemoidcnt
+   kemoidcnt = kemoidcnt+1
+   return "1.3.9999.99."+str(kemoidcnt)
+
 def complete_config(config):
    for kem in config['kems']:
       bits_level = nist_to_bits(get_kem_nistlevel(kem))
@@ -111,7 +118,11 @@ def complete_config(config):
           exit(1)
       phyb['bit_security']=bits_level
       phyb['nid']=kem['nid_hybrid']
+      if 'hybrid_oid' in kem: phyb['hybrid_oid']=kem['hybrid_oid']
+      else: phyb['hybrid_oid'] = get_tmp_kem_oid()
       kem['hybrids'].insert(0, phyb)
+      if not 'oid' in kem:
+         kem['oid'] = get_tmp_kem_oid()
 
    for famsig in config['sigs']:
       for sig in famsig['variants']:
@@ -203,6 +214,8 @@ def load_config(include_disabled_sigs=False):
                extra_hybrid['bit_security'] = 192
             if extra_hybrid['hybrid_group'] == "p521":
                extra_hybrid['bit_security'] = 256
+            if not 'hybrid_oid' in extra_hybrid:
+                extra_hybrid['hybrid_oid'] = get_tmp_kem_oid()
             kem['hybrids'].append(extra_hybrid)
             if 'hybrid_group' in extra_hybrid:
                 extra_hybrid_nid = extra_hybrid['nid']

oqs-template/generate.yml

@@ -85,11 +85,14 @@ kems:
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber512'
     nid: '0x023A'
+    oid: '1.3.6.1.4.1.22554.5.6.1'
     nid_hybrid: '0x2F3A'
+    hybrid_oid: '1.3.6.1.4.1.22554.5.7.1'
     oqs_alg: 'OQS_KEM_alg_kyber_512'
     extra_nids:
       current:
         - hybrid_group: "x25519"
+          hybrid_oid: '1.3.6.1.4.1.22554.5.8.1'
           nid: '0x2F39'
       old:
         - implementation_version: NIST Round 2 submission
@@ -107,6 +110,7 @@ kems:
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber768'
     nid: '0x023C'
+    oid: '1.3.6.1.4.1.22554.5.6.2'
     nid_hybrid: '0x2F3C'
     extra_nids:
       current:
@@ -129,6 +133,7 @@ kems:
     family: 'CRYSTALS-Kyber'
     name_group: 'kyber1024'
     nid: '0x023D'
+    oid: '1.3.6.1.4.1.22554.5.6.3'
     nid_hybrid: '0x2F3D'
     extra_nids:
       old:

oqs-template/oqsprov/oqs_decode_der2key.c/decoder_make.fragment

@@ -1,10 +1,23 @@
+
+#ifdef OQS_KEM_ENCODERS
+
+{% for kem in config['kems'] %}
+MAKE_DECODER(, "{{ kem['name_group'] }}", {{ kem['name_group'] }}, oqsx, PrivateKeyInfo);
+MAKE_DECODER(, "{{ kem['name_group'] }}", {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo);
+{% for hybrid in kem['hybrids'] %}
+MAKE_DECODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo);
+MAKE_DECODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo);
+{%- endfor %}
+{%- endfor %}
+#endif /* OQS_KEM_ENCODERS */
+
 {% for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}
-MAKE_DECODER("{{ variant['name'] }}", {{ variant['name'] }}, oqsx, PrivateKeyInfo);
-MAKE_DECODER("{{ variant['name'] }}", {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo);
+MAKE_DECODER(, "{{ variant['name'] }}", {{ variant['name'] }}, oqsx, PrivateKeyInfo);
+MAKE_DECODER(, "{{ variant['name'] }}", {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo);
      {%- for classical_alg in variant['mix_with'] %}
-MAKE_DECODER("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo);
-MAKE_DECODER("{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo);
+MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo);
+MAKE_DECODER(, "{{ classical_alg['name'] }}_{{ variant['name'] }}", {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo);
      {%- endfor -%}
    {%- endfor %}
 {%- endfor %}

oqs-template/oqsprov/oqs_encode_key2any.c/encoder_defines.fragment

@@ -1,3 +1,14 @@
+{% for kem in config['kems'] %}
+# define {{ kem['name_group'] }}_evp_type     0
+# define {{ kem['name_group'] }}_input_type    "{{ kem['name_group'] }}"
+# define {{ kem['name_group'] }}_pem_type      "{{ kem['name_group'] }}"
+{% for hybrid in kem['hybrids'] %}
+# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_evp_type     0
+# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_input_type    "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}"
+# define {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_pem_type      "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}"
+{%- endfor %}
+{%- endfor %}
+
 {% for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}
 # define {{ variant['name'] }}_evp_type       0

oqs-template/oqsprov/oqs_encode_key2any.c/encoder_make.fragment

@@ -1,20 +1,42 @@
+
+#ifdef OQS_KEM_ENCODERS
+
+{% for kem in config['kems'] %}
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, PrivateKeyInfo, der);
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, PrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(, {{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, pem);
+MAKE_TEXT_ENCODER(, {{ kem['name_group'] }});
+{% for hybrid in kem['hybrids'] %}
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo, der);
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, PrivateKeyInfo, pem);
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, der);
+MAKE_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}, oqsx, SubjectPublicKeyInfo, pem);
+MAKE_TEXT_ENCODER({% if hybrid['hybrid_group'].startswith('x') %}_ecx{% else %}_ecp{% endif %}, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }});
+{%- endfor %}
+{%- endfor %}
+#endif /* OQS_KEM_ENCODERS */
 {% for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}
-MAKE_ENCODER({{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER({{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER({{ variant['name'] }}, oqsx, PrivateKeyInfo, der);
-MAKE_ENCODER({{ variant['name'] }}, oqsx, PrivateKeyInfo, pem);
-MAKE_ENCODER({{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der);
-MAKE_ENCODER({{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem);
-MAKE_TEXT_ENCODER({{ variant['name'] }});
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, PrivateKeyInfo, der);
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, PrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(, {{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem);
+MAKE_TEXT_ENCODER(, {{ variant['name'] }});
      {%- for classical_alg in variant['mix_with'] %}
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der);
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, der);
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, pem);
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der);
-MAKE_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem);
-MAKE_TEXT_ENCODER({{ classical_alg['name'] }}_{{ variant['name'] }});
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, der);
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, EncryptedPrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, der);
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, PrivateKeyInfo, pem);
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, der);
+MAKE_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }}, oqsx, SubjectPublicKeyInfo, pem);
+MAKE_TEXT_ENCODER(, {{ classical_alg['name'] }}_{{ variant['name'] }});
      {%- endfor -%}
    {%- endfor %}
 {%- endfor %}

oqs-template/oqsprov/oqs_prov.h/endecoder_functions.fragment

@@ -1,3 +1,31 @@
+
+#ifdef OQS_KEM_ENCODERS
+
+{% for kem in config['kems'] %}
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_PrivateKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_PrivateKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_to_text_encoder_functions[];
+extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{ kem['name_group'] }}_decoder_functions[];
+extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{ kem['name_group'] }}_decoder_functions[];
+     {%- for hybrid in kem['hybrids'] -%}
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_PrivateKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_PrivateKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_der_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_SubjectPublicKeyInfo_pem_encoder_functions[];
+extern const OSSL_DISPATCH oqs_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_to_text_encoder_functions[];
+extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_decoder_functions[];
+extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}_decoder_functions[];
+     {%- endfor -%}
+{%- endfor %}
+
+#endif /* OQS_KEM_ENCODERS */
+
 {% for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}
 extern const OSSL_DISPATCH oqs_{{ variant['name'] }}_to_PrivateKeyInfo_der_encoder_functions[];

oqs-template/oqsprov/oqsdecoders.inc/make.fragment

@@ -1,3 +1,18 @@
+
+#ifdef OQS_KEM_ENCODERS
+{% for kem in config['kems'] %}
+#ifdef OQS_ENABLE_KEM_{{ kem['oqs_alg']|replace("OQS_KEM_alg_","") }}
+DECODER_w_structure("{{ kem['name_group'] }}", der, PrivateKeyInfo, {{ kem['name_group'] }}),
+DECODER_w_structure("{{ kem['name_group'] }}", der, SubjectPublicKeyInfo, {{ kem['name_group'] }}),
+{% for hybrid in kem['hybrids'] -%}
+DECODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", der, PrivateKeyInfo, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}),
+DECODER_w_structure("{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", der, SubjectPublicKeyInfo, {{hybrid['hybrid_group']}}_{{ kem['name_group'] }}),
+{%- endfor %}
+#endif
+{%- endfor %}
+
+#endif /* OQS_KEM_ENCODERS */
+
 {% for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}
 #ifdef OQS_ENABLE_SIG_{{ variant['oqs_meth']|replace("OQS_SIG_alg_","") }}