From e5e3a0cdcab23d3cfd4f26f52b6fb883ff1df21b Mon Sep 17 00:00:00 2001 From: Bence Mali Date: Thu, 29 Feb 2024 13:52:05 +0100 Subject: [PATCH 1/2] p384_mlkem1024 hybrid added --- ALGORITHMS.md | 2 + README.md | 2 +- oqs-template/generate.yml | 7 +++- oqs-template/oqs-kem-info.md | 1 + oqsprov/oqs_decode_der2key.c | 3 ++ oqsprov/oqs_encode_key2any.c | 10 +++++ oqsprov/oqs_kmgmt.c | 1 + oqsprov/oqs_prov.h | 18 +++++++++ oqsprov/oqsdecoders.inc | 3 ++ oqsprov/oqsencoders.inc | 11 ++++++ oqsprov/oqsprov.c | 42 ++++++++++++--------- oqsprov/oqsprov_capabilities.c | 69 ++++++++++++++++++---------------- oqsprov/oqsprov_keys.c | 3 +- scripts/common.py | 2 +- 14 files changed, 120 insertions(+), 54 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 6413425e..d6549213 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -48,6 +48,7 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p256_mlkem768 | 0x2FB5 | Yes | OQS_CODEPOINT_P256_MLKEM768 | | mlkem1024 | 0x0249 | Yes | OQS_CODEPOINT_MLKEM1024 | | p521_mlkem1024 | 0x2F49 | Yes | OQS_CODEPOINT_P521_MLKEM1024 | +| p384_mlkem1024 | 0x2F4A | Yes | OQS_CODEPOINT_P384_MLKEM1024 | | bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 | | p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 | | x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 | @@ -224,6 +225,7 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li | p256_mlkem768 | 1.3.9999.99.58 | OQS_OID_P256_MLKEM768 | mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024 | p521_mlkem1024 | 1.3.9999.99.82 | OQS_OID_P521_MLKEM1024 +| p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 | bikel1 | 1.3.9999.99.84 | OQS_OID_BIKEL1 | p256_bikel1 | 1.3.9999.99.83 | OQS_OID_P256_BIKEL1 | x25519_bikel1 | 1.3.9999.99.59 | OQS_OID_X25519_BIKEL1 diff --git a/README.md b/README.md index 9ee5f48f..b874bd06 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ This implementation makes available the following quantum safe algorithms: - **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p384_kyber768`, `x448_kyber768`, `x25519_kyber768`, `p256_kyber768`, `kyber1024`, `p521_kyber1024` - **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `x448_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `x448_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake` - **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `x448_hqc192`, `hqc256`, `p521_hqc256`† -- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024` +- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024`, `p384_mlkem1024` ### Signature algorithms diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 8ef717b5..89976e47 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -1,5 +1,5 @@ # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs -# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4A, X-hybrid: 0x2FB6 +# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4B, X-hybrid: 0x2FB6 kems: - family: 'FrodoKEM' @@ -175,6 +175,11 @@ kems: oid: '1.3.6.1.4.1.22554.5.6.3' nid_hybrid: '0x2F49' oqs_alg: 'OQS_KEM_alg_ml_kem_1024' + extra_nids: + current: + - hybrid_group: "p384" + hybrid_oid: '1.3.6.1.4.1.42235.6' + nid: '0x2F4A' - family: 'BIKE' name_group: 'bike1l1fo' diff --git a/oqs-template/oqs-kem-info.md b/oqs-template/oqs-kem-info.md index 66ba2326..dafa41cb 100644 --- a/oqs-template/oqs-kem-info.md +++ b/oqs-template/oqs-kem-info.md @@ -87,6 +87,7 @@ | HQC | 2023-04-30 | hqc256 | 4 | 5 | 0x2F46 | secp521_r1 | | ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x0249 | | | ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x2F49 | secp521_r1 | +| ML-KEM | ML-KEM-ipd | mlkem1024 | ipd | 5 | 0x2F4A | p384 | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x0247 | | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2F47 | secp256_r1 | | ML-KEM | ML-KEM-ipd | mlkem512 | ipd | 1 | 0x2FB2 | x25519 | diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index a88fd4b8..ef2aeef4 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -646,6 +646,9 @@ MAKE_DECODER(, "mlkem1024", mlkem1024, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, PrivateKeyInfo); MAKE_DECODER(_ecp, "p521_mlkem1024", p521_mlkem1024, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(_ecp, "p384_mlkem1024", p384_mlkem1024, oqsx, PrivateKeyInfo); +MAKE_DECODER(_ecp, "p384_mlkem1024", p384_mlkem1024, oqsx, + SubjectPublicKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, PrivateKeyInfo); MAKE_DECODER(, "bikel1", bikel1, oqsx, SubjectPublicKeyInfo); diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 5e545ec0..562ab648 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -785,6 +785,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) #define p521_mlkem1024_evp_type 0 #define p521_mlkem1024_input_type "p521_mlkem1024" #define p521_mlkem1024_pem_type "p521_mlkem1024" +#define p384_mlkem1024_evp_type 0 +#define p384_mlkem1024_input_type "p384_mlkem1024" +#define p384_mlkem1024_pem_type "p384_mlkem1024" #define bikel1_evp_type 0 #define bikel1_input_type "bikel1" #define bikel1_pem_type "bikel1" @@ -1770,6 +1773,13 @@ MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(_ecp, p521_mlkem1024, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(_ecp, p521_mlkem1024); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(_ecp, p384_mlkem1024, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(_ecp, p384_mlkem1024); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, der); MAKE_ENCODER(, bikel1, oqsx, EncryptedPrivateKeyInfo, pem); MAKE_ENCODER(, bikel1, oqsx, PrivateKeyInfo, der); diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 2a547f33..0949925d 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -1201,6 +1201,7 @@ MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_mlkem768, OQS_KEM_alg_ml_kem_768, 128) MAKE_KEM_KEYMGMT_FUNCTIONS(mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p521_mlkem1024, OQS_KEM_alg_ml_kem_1024, 256) +MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p384_mlkem1024, OQS_KEM_alg_ml_kem_1024, 192) MAKE_KEM_KEYMGMT_FUNCTIONS(bikel1, OQS_KEM_alg_bike_l1, 128) MAKE_KEM_ECP_KEYMGMT_FUNCTIONS(p256_bikel1, OQS_KEM_alg_bike_l1, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 98f8828b..b9caaa7c 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -853,6 +853,23 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_p384_mlkem1024_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_p384_mlkem1024_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_p384_mlkem1024_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_p384_mlkem1024_decoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH oqs_bikel1_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH @@ -1762,6 +1779,7 @@ extern const OSSL_DISPATCH oqs_ecp_p256_mlkem768_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mlkem1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p521_mlkem1024_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_ecp_p384_mlkem1024_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_bikel1_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_ecp_p256_bikel1_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index ede1df7e..a8e94d0e 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -173,6 +173,9 @@ DECODER_w_structure("frodo640aes", der, PrivateKeyInfo, frodo640aes), DECODER_w_structure("p521_mlkem1024", der, PrivateKeyInfo, p521_mlkem1024), DECODER_w_structure("p521_mlkem1024", der, SubjectPublicKeyInfo, p521_mlkem1024), + DECODER_w_structure("p384_mlkem1024", der, PrivateKeyInfo, p384_mlkem1024), + DECODER_w_structure("p384_mlkem1024", der, SubjectPublicKeyInfo, + p384_mlkem1024), # endif # ifdef OQS_ENABLE_KEM_bike_l1 DECODER_w_structure("bikel1", der, PrivateKeyInfo, bikel1), diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index b3aab89f..c40405f0 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -500,6 +500,17 @@ ENCODER_w_structure("frodo640aes", frodo640aes, der, PrivateKeyInfo), ENCODER_w_structure("p521_mlkem1024", p521_mlkem1024, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_mlkem1024", p521_mlkem1024), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, PrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, + EncryptedPrivateKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, der, + SubjectPublicKeyInfo), + ENCODER_w_structure("p384_mlkem1024", p384_mlkem1024, pem, + SubjectPublicKeyInfo), + ENCODER_TEXT("p384_mlkem1024", p384_mlkem1024), # endif # ifdef OQS_ENABLE_KEM_bike_l1 ENCODER_w_structure("bikel1", bikel1, der, PrivateKeyInfo), diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index a29ac41f..c68dded1 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -49,7 +49,7 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -# define OQS_OID_CNT 164 +# define OQS_OID_CNT 166 #else # define OQS_OID_CNT 60 #endif @@ -129,6 +129,8 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "mlkem1024", "1.3.9999.99.35", "p521_mlkem1024", + "1.3.6.1.4.1.42235.6", + "p384_mlkem1024", "1.3.9999.99.37", "bikel1", "1.3.9999.99.36", @@ -317,46 +319,48 @@ int oqs_patch_oids(void) if (getenv("OQS_OID_P521_MLKEM1024")) oqs_oid_alg_list[70] = getenv("OQS_OID_P521_MLKEM1024"); + if (getenv("OQS_OID_P384_MLKEM1024")) + oqs_oid_alg_list[72] = getenv("OQS_OID_P384_MLKEM1024"); if (getenv("OQS_OID_BIKEL1")) - oqs_oid_alg_list[72] = getenv("OQS_OID_BIKEL1"); + oqs_oid_alg_list[74] = getenv("OQS_OID_BIKEL1"); if (getenv("OQS_OID_P256_BIKEL1")) - oqs_oid_alg_list[74] = getenv("OQS_OID_P256_BIKEL1"); + oqs_oid_alg_list[76] = getenv("OQS_OID_P256_BIKEL1"); if (getenv("OQS_OID_X25519_BIKEL1")) - oqs_oid_alg_list[76] = getenv("OQS_OID_X25519_BIKEL1"); + oqs_oid_alg_list[78] = getenv("OQS_OID_X25519_BIKEL1"); if (getenv("OQS_OID_BIKEL3")) - oqs_oid_alg_list[78] = getenv("OQS_OID_BIKEL3"); + oqs_oid_alg_list[80] = getenv("OQS_OID_BIKEL3"); if (getenv("OQS_OID_P384_BIKEL3")) - oqs_oid_alg_list[80] = getenv("OQS_OID_P384_BIKEL3"); + oqs_oid_alg_list[82] = getenv("OQS_OID_P384_BIKEL3"); if (getenv("OQS_OID_X448_BIKEL3")) - oqs_oid_alg_list[82] = getenv("OQS_OID_X448_BIKEL3"); + oqs_oid_alg_list[84] = getenv("OQS_OID_X448_BIKEL3"); if (getenv("OQS_OID_BIKEL5")) - oqs_oid_alg_list[84] = getenv("OQS_OID_BIKEL5"); + oqs_oid_alg_list[86] = getenv("OQS_OID_BIKEL5"); if (getenv("OQS_OID_P521_BIKEL5")) - oqs_oid_alg_list[86] = getenv("OQS_OID_P521_BIKEL5"); + oqs_oid_alg_list[88] = getenv("OQS_OID_P521_BIKEL5"); if (getenv("OQS_OID_HQC128")) - oqs_oid_alg_list[88] = getenv("OQS_OID_HQC128"); + oqs_oid_alg_list[90] = getenv("OQS_OID_HQC128"); if (getenv("OQS_OID_P256_HQC128")) - oqs_oid_alg_list[90] = getenv("OQS_OID_P256_HQC128"); + oqs_oid_alg_list[92] = getenv("OQS_OID_P256_HQC128"); if (getenv("OQS_OID_X25519_HQC128")) - oqs_oid_alg_list[92] = getenv("OQS_OID_X25519_HQC128"); + oqs_oid_alg_list[94] = getenv("OQS_OID_X25519_HQC128"); if (getenv("OQS_OID_HQC192")) - oqs_oid_alg_list[94] = getenv("OQS_OID_HQC192"); + oqs_oid_alg_list[96] = getenv("OQS_OID_HQC192"); if (getenv("OQS_OID_P384_HQC192")) - oqs_oid_alg_list[96] = getenv("OQS_OID_P384_HQC192"); + oqs_oid_alg_list[98] = getenv("OQS_OID_P384_HQC192"); if (getenv("OQS_OID_X448_HQC192")) - oqs_oid_alg_list[98] = getenv("OQS_OID_X448_HQC192"); + oqs_oid_alg_list[100] = getenv("OQS_OID_X448_HQC192"); if (getenv("OQS_OID_HQC256")) - oqs_oid_alg_list[100] = getenv("OQS_OID_HQC256"); + oqs_oid_alg_list[102] = getenv("OQS_OID_HQC256"); if (getenv("OQS_OID_P521_HQC256")) - oqs_oid_alg_list[102] = getenv("OQS_OID_P521_HQC256"); + oqs_oid_alg_list[104] = getenv("OQS_OID_P521_HQC256"); -# define OQS_KEMOID_CNT 102 + 2 +# define OQS_KEMOID_CNT 104 + 2 #else # define OQS_KEMOID_CNT 0 #endif /* OQS_KEM_ENCODERS */ @@ -762,6 +766,7 @@ static const OSSL_ALGORITHM oqsprovider_asym_kems[] = { #ifdef OQS_ENABLE_KEM_ml_kem_1024 KEMBASEALG(mlkem1024, 256) KEMHYBALG(p521_mlkem1024, 256) + KEMHYBALG(p384_mlkem1024, 192) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMBASEALG(bikel1, 128) @@ -926,6 +931,7 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] KEMKMALG(mlkem1024, 256) KEMKMHYBALG(p521_mlkem1024, 256, ecp) + KEMKMHYBALG(p384_mlkem1024, 192, ecp) #endif #ifdef OQS_ENABLE_KEM_bike_l1 KEMKMALG(bikel1, 128) diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 81aec194..2ffb4cc1 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -83,6 +83,7 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = { {0x0249, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F49, 256, TLS1_3_VERSION, 0, -1, -1, 1}, + {0x2F4A, 256, TLS1_3_VERSION, 0, -1, -1, 1}, {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1}, {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1}, @@ -215,40 +216,41 @@ static const OSSL_PARAM oqs_param_group_list[][11] = { OQS_GROUP_ENTRY(mlkem1024, mlkem1024, mlkem1024, 34), OQS_GROUP_ENTRY(p521_mlkem1024, p521_mlkem1024, p521_mlkem1024, 35), + OQS_GROUP_ENTRY(p384_mlkem1024, p384_mlkem1024, p384_mlkem1024, 36), #endif #ifdef OQS_ENABLE_KEM_bike_l1 - OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 36), + OQS_GROUP_ENTRY(bikel1, bikel1, bikel1, 37), - OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 37), - OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 38), + OQS_GROUP_ENTRY(p256_bikel1, p256_bikel1, p256_bikel1, 38), + OQS_GROUP_ENTRY(x25519_bikel1, x25519_bikel1, x25519_bikel1, 39), #endif #ifdef OQS_ENABLE_KEM_bike_l3 - OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 39), + OQS_GROUP_ENTRY(bikel3, bikel3, bikel3, 40), - OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 40), - OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 41), + OQS_GROUP_ENTRY(p384_bikel3, p384_bikel3, p384_bikel3, 41), + OQS_GROUP_ENTRY(x448_bikel3, x448_bikel3, x448_bikel3, 42), #endif #ifdef OQS_ENABLE_KEM_bike_l5 - OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 42), + OQS_GROUP_ENTRY(bikel5, bikel5, bikel5, 43), - OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 43), + OQS_GROUP_ENTRY(p521_bikel5, p521_bikel5, p521_bikel5, 44), #endif #ifdef OQS_ENABLE_KEM_hqc_128 - OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 44), + OQS_GROUP_ENTRY(hqc128, hqc128, hqc128, 45), - OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 45), - OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 46), + OQS_GROUP_ENTRY(p256_hqc128, p256_hqc128, p256_hqc128, 46), + OQS_GROUP_ENTRY(x25519_hqc128, x25519_hqc128, x25519_hqc128, 47), #endif #ifdef OQS_ENABLE_KEM_hqc_192 - OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 47), + OQS_GROUP_ENTRY(hqc192, hqc192, hqc192, 48), - OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 48), - OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 49), + OQS_GROUP_ENTRY(p384_hqc192, p384_hqc192, p384_hqc192, 49), + OQS_GROUP_ENTRY(x448_hqc192, x448_hqc192, x448_hqc192, 50), #endif #ifdef OQS_ENABLE_KEM_hqc_256 - OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 50), + OQS_GROUP_ENTRY(hqc256, hqc256, hqc256, 51), - OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 51), + OQS_GROUP_ENTRY(p521_hqc256, p521_hqc256, p521_hqc256, 52), #endif ///// OQS_TEMPLATE_FRAGMENT_GROUP_NAMES_END }; @@ -385,40 +387,43 @@ int oqs_patch_codepoints() if (getenv("OQS_CODEPOINT_P521_MLKEM1024")) oqs_group_list[35].group_id = atoi(getenv("OQS_CODEPOINT_P521_MLKEM1024")); + if (getenv("OQS_CODEPOINT_P384_MLKEM1024")) + oqs_group_list[36].group_id + = atoi(getenv("OQS_CODEPOINT_P384_MLKEM1024")); if (getenv("OQS_CODEPOINT_BIKEL1")) - oqs_group_list[36].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); + oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL1")); if (getenv("OQS_CODEPOINT_P256_BIKEL1")) - oqs_group_list[37].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); + oqs_group_list[38].group_id = atoi(getenv("OQS_CODEPOINT_P256_BIKEL1")); if (getenv("OQS_CODEPOINT_X25519_BIKEL1")) - oqs_group_list[38].group_id + oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_X25519_BIKEL1")); if (getenv("OQS_CODEPOINT_BIKEL3")) - oqs_group_list[39].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); + oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL3")); if (getenv("OQS_CODEPOINT_P384_BIKEL3")) - oqs_group_list[40].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); + oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_P384_BIKEL3")); if (getenv("OQS_CODEPOINT_X448_BIKEL3")) - oqs_group_list[41].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); + oqs_group_list[42].group_id = atoi(getenv("OQS_CODEPOINT_X448_BIKEL3")); if (getenv("OQS_CODEPOINT_BIKEL5")) - oqs_group_list[42].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); + oqs_group_list[43].group_id = atoi(getenv("OQS_CODEPOINT_BIKEL5")); if (getenv("OQS_CODEPOINT_P521_BIKEL5")) - oqs_group_list[43].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); + oqs_group_list[44].group_id = atoi(getenv("OQS_CODEPOINT_P521_BIKEL5")); if (getenv("OQS_CODEPOINT_HQC128")) - oqs_group_list[44].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); + oqs_group_list[45].group_id = atoi(getenv("OQS_CODEPOINT_HQC128")); if (getenv("OQS_CODEPOINT_P256_HQC128")) - oqs_group_list[45].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); + oqs_group_list[46].group_id = atoi(getenv("OQS_CODEPOINT_P256_HQC128")); if (getenv("OQS_CODEPOINT_X25519_HQC128")) - oqs_group_list[46].group_id + oqs_group_list[47].group_id = atoi(getenv("OQS_CODEPOINT_X25519_HQC128")); if (getenv("OQS_CODEPOINT_HQC192")) - oqs_group_list[47].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); + oqs_group_list[48].group_id = atoi(getenv("OQS_CODEPOINT_HQC192")); if (getenv("OQS_CODEPOINT_P384_HQC192")) - oqs_group_list[48].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); + oqs_group_list[49].group_id = atoi(getenv("OQS_CODEPOINT_P384_HQC192")); if (getenv("OQS_CODEPOINT_X448_HQC192")) - oqs_group_list[49].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); + oqs_group_list[50].group_id = atoi(getenv("OQS_CODEPOINT_X448_HQC192")); if (getenv("OQS_CODEPOINT_HQC256")) - oqs_group_list[50].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); + oqs_group_list[51].group_id = atoi(getenv("OQS_CODEPOINT_HQC256")); if (getenv("OQS_CODEPOINT_P521_HQC256")) - oqs_group_list[51].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); + oqs_group_list[52].group_id = atoi(getenv("OQS_CODEPOINT_P521_HQC256")); if (getenv("OQS_CODEPOINT_DILITHIUM2")) oqs_sigalg_list[0].code_point diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 800eab8d..17b7169a 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -54,7 +54,7 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -# define NID_TABLE_LEN 82 +# define NID_TABLE_LEN 83 #else # define NID_TABLE_LEN 30 #endif @@ -108,6 +108,7 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "p256_mlkem768", OQS_KEM_alg_ml_kem_768, KEY_TYPE_ECP_HYB_KEM, 192}, {0, "mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_KEM, 256}, {0, "p521_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, + {0, "p384_mlkem1024", OQS_KEM_alg_ml_kem_1024, KEY_TYPE_ECP_HYB_KEM, 256}, {0, "bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_KEM, 128}, {0, "p256_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECP_HYB_KEM, 128}, {0, "x25519_bikel1", OQS_KEM_alg_bike_l1, KEY_TYPE_ECX_HYB_KEM, 128}, diff --git a/scripts/common.py b/scripts/common.py index 85e1492d..0088bb31 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -9,7 +9,7 @@ # post-quantum key exchanges 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','kyber512','kyber768','kyber1024','mlkem512','mlkem768','mlkem1024','bikel1','bikel3','bikel5','hqc128','hqc192','hqc256', # post-quantum + classical key exchanges - 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_mlkem512','x25519_mlkem512','p384_mlkem768','x448_mlkem768','x25519_mlkem768','p256_mlkem768','p521_mlkem1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', + 'p256_frodo640aes','x25519_frodo640aes','p256_frodo640shake','x25519_frodo640shake','p384_frodo976aes','x448_frodo976aes','p384_frodo976shake','x448_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_kyber512','x25519_kyber512','p384_kyber768','x448_kyber768','x25519_kyber768','p256_kyber768','p521_kyber1024','p256_mlkem512','x25519_mlkem512','p384_mlkem768','x448_mlkem768','x25519_mlkem768','p256_mlkem768','p521_mlkem1024','p384_mlkem1024','p256_bikel1','x25519_bikel1','p384_bikel3','x448_bikel3','p521_bikel5','p256_hqc128','x25519_hqc128','p384_hqc192','x448_hqc192','p521_hqc256', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END ] signatures = [ From c5da7c6872befbe992822d8079be010e276c80fa Mon Sep 17 00:00:00 2001 From: Bence Mali Date: Fri, 1 Mar 2024 14:20:12 +0100 Subject: [PATCH 2/2] p384_mlkem1024 oid comment added --- oqs-template/generate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 89976e47..21536863 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -177,6 +177,9 @@ kems: oqs_alg: 'OQS_KEM_alg_ml_kem_1024' extra_nids: current: + # p384_mlkem1024 hybrid doesn't appear in any standardization drafts + # this oid is proposed by Tresorit + # if the hybrid combination is standardized, feel free to change it - hybrid_group: "p384" hybrid_oid: '1.3.6.1.4.1.42235.6' nid: '0x2F4A'