From 0ec51eca39d72867f309878f5bb9002f1c3e07fb Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 12 Apr 2024 09:07:56 +0200 Subject: [PATCH] 0.6.0 (#392) * 0.6.0 Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- .github/workflows/linux.yml | 4 +- .github/workflows/macos.yml | 2 +- .github/workflows/windows.yml | 6 +- CMakeLists.txt | 2 +- RELEASE.md | 75 +- oqs-template/generate.yml-0.10.0 | 1473 ++++++++++++++++++++++++++++++ 6 files changed, 1553 insertions(+), 9 deletions(-) create mode 100644 oqs-template/generate.yml-0.10.0 diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index f8fb079f..994db97b 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -53,7 +53,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - name: Full build - run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main ./scripts/fullbuild.sh + run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.10.0 ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test @@ -198,7 +198,7 @@ jobs: - name: Clone and build liboqs for linux-aarch64 working-directory: /opt/ run: | - git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs + git clone --depth=1 --branch 0.10.0 https://github.com/open-quantum-safe/liboqs.git liboqs cd liboqs mkdir build install cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 63e903d5..d2482832 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -38,7 +38,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.10.0 path: liboqs - name: Retrieve OpenSSL32 from cache id: cache-openssl32 diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 9fd95620..9cfa4871 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -41,7 +41,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.10.0 path: liboqs - name: Install cygwin uses: cygwin/cygwin-install-action@master @@ -130,7 +130,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.10.0 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: @@ -244,7 +244,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.10.0 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: diff --git a/CMakeLists.txt b/CMakeLists.txt index 901422ff..e654363a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.0 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.5.4-dev") +set(OQSPROVIDER_VERSION_TEXT "0.6.0") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/RELEASE.md b/RELEASE.md index 74c85f19..9802b57f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -# oqs-provider 0.5.4-dev +# oqs-provider 0.6.0 ## About @@ -14,7 +14,78 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.5.4-dev of oqs-provider. +This is version 0.6.0 of oqs-provider. + +### Security considerations + +None. + +### What's New + +This release continues from the 0.5.3 release of oqs-provider and is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs). This release is guaranteed to be in sync with v0.10.0 of `liboqs`. + +This release also makes available ready-to-run binaries for Windows (.dll) and MacOS (.dylib) compiled for `x64` CPUs. Activation and use is documented in [USAGE.md](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md). + +### Additional new feature highlights + +* First availability of standardized PQ algorithms, e.g., [ML-KEM](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf), [ML-DSA](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf) +* Support for [Composite PQ operations](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) +* Alignment with PQ algorithm implementations as provided by [liboqs 0.10.0](https://github.com/open-quantum-safe/liboqs/releases/tag/0.10.0), most notably updating HQC and Falcon. +* Implementation of security code review recommendations +* Support for more hybrid operations as fully documented [here](https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md). +* Support for extraction of classical and hybrid key material + +## What's Changed +* Clarify liboqs_DIR naming convention by @ajbozarth in https://github.com/open-quantum-safe/oqs-provider/pull/292 +* check empty params lists passed by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/296 +* Fix minor typos in documentation by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/304 +* HQC code point update by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/306 +* Fix broken circleci job for macOS by @johnma14 in https://github.com/open-quantum-safe/oqs-provider/pull/305 +* Contribution policy by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/286 +* Fix link in GOVERNANCE.md [skip ci] by @pi-314159 in https://github.com/open-quantum-safe/oqs-provider/pull/309 +* Add a example of how to load oqsprovider using `OSSL_PROVIDER_add_builtin`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/308 +* Get Windows CI to work again by @qnfm in https://github.com/open-quantum-safe/oqs-provider/pull/310 +* Use `build` directory instead of `_build`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/314 +* correct upstream and Windows CI snafus by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/322 +* Revert "Use `build` directory instead of `_build`. (#314)" by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/325 +* reverting to dev by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/327 +* Bump jinja2 from 3.0.3 to 3.1.3 in /oqs-template by @dependabot in https://github.com/open-quantum-safe/oqs-provider/pull/334 +* LICENSE copyright update [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/336 +* update to 0.5.4-dev by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/337 +* bring GOVERNANCE in line with liboqs [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/342 +* Automatically run release tests on liboqs release candidates by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/345 +* add more defensive error handling by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/346 +* correct wrong use of sizeof by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/347 +* Protecting from NULL parameters by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/350 +* guard external testing against algorithm absence by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/352 +* first cut adding ML-* by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/348 +* Adapt Kyber OIDs and avoid testing using downlevel brew releases by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/356 +* Add extra debug information in case of TLS handshake failure. by @beldmit in https://github.com/open-quantum-safe/oqs-provider/pull/357 +* p384_mlkem1024 hybrid added by @bencemali in https://github.com/open-quantum-safe/oqs-provider/pull/361 +* length and null checks in en/decaps by @bencemali in https://github.com/open-quantum-safe/oqs-provider/pull/364 +* documentation update [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/366 +* Set Kyber OIDs by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/368 +* Add code points for PADDED variant of Falcon [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/362 +* Fix #372: expose `hybrid_classical_` and `hybrid_pq_` `OSSL_PARAMS` for `EVP_PKEY`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/374 +* Implementation of Composite Sig by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/317 +* Do not duplicate call to `getenv`. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/369 +* Fix #338 and #339: output a valid aarch64 debian package with a valid directory layout. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/377 +* Move the clang-format check from CircleCI to GitHub actions. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/376 +* fix ossl32 cache miss for cygwin by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/387 +* Remove `--repeat until-pass:5` workaround for ASan tests. by @thb-sb in https://github.com/open-quantum-safe/oqs-provider/pull/382 +* Add composite signatures to sigalg list & add code points. by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/386 +* openssl provider support documentation update [skip ci] by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/388 + +## New Contributors +* @ajbozarth made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/292 +* @johnma14 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/304 +* @pi-314159 made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/309 +* @dependabot made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/334 +* @beldmit made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/357 +* @bencemali made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/361 +* @feventura made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/317 + +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.5.3...0.6.0 Previous Release Notes ====================== diff --git a/oqs-template/generate.yml-0.10.0 b/oqs-template/generate.yml-0.10.0 new file mode 100644 index 00000000..a0b9e230 --- /dev/null +++ b/oqs-template/generate.yml-0.10.0 @@ -0,0 +1,1473 @@ +# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs +# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4B, X-hybrid: 0x2FB6 +kems: + - + family: 'FrodoKEM' + name_group: 'frodo640aes' + nid: '0x0200' + nid_hybrid: '0x2F00' + oqs_alg: 'OQS_KEM_alg_frodokem_640_aes' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F80' + - + family: 'FrodoKEM' + name_group: 'frodo640shake' + nid: '0x0201' + nid_hybrid: '0x2F01' + oqs_alg: 'OQS_KEM_alg_frodokem_640_shake' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F81' + - + family: 'FrodoKEM' + name_group: 'frodo976aes' + nid: '0x0202' + nid_hybrid: '0x2F02' + oqs_alg: 'OQS_KEM_alg_frodokem_976_aes' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F82' + - + family: 'FrodoKEM' + name_group: 'frodo976shake' + nid: '0x0203' + nid_hybrid: '0x2F03' + oqs_alg: 'OQS_KEM_alg_frodokem_976_shake' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F83' + - + family: 'FrodoKEM' + name_group: 'frodo1344aes' + nid: '0x0204' + nid_hybrid: '0x2F04' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_aes' + - + family: 'FrodoKEM' + name_group: 'frodo1344shake' + nid: '0x0205' + nid_hybrid: '0x2F05' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_shake' + - + family: 'BIKE' + name_group: 'bike1l1cpa' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0206' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F06' + oqs_alg: 'OQS_KEM_alg_bike1_l1_cpa' + - + family: 'BIKE' + name_group: 'bike1l3cpa' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0207' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F07' + oqs_alg: 'OQS_KEM_alg_bike1_l3_cpa' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber512' + nid: '0x023A' + oid: '1.3.6.1.4.1.2.267.8.2.2' + nid_hybrid: '0x2F3A' + oqs_alg: 'OQS_KEM_alg_kyber_512' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F39' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x020F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F0F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: x25519 + nid: '0x2F26' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber768' + nid: '0x023C' + oid: '1.3.6.1.4.1.2.267.8.3.3' + nid_hybrid: '0x2F3C' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F90' + - hybrid_group: "x25519" + nid: '0x6399' + - hybrid_group: "p256" + nid: '0x639A' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0210' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F10' + oqs_alg: 'OQS_KEM_alg_kyber_768' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber1024' + nid: '0x023D' + oid: '1.3.6.1.4.1.2.267.8.4.4' + nid_hybrid: '0x2F3D' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0211' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F11' + oqs_alg: 'OQS_KEM_alg_kyber_1024' + - + family: 'ML-KEM' + name_group: 'mlkem512' + nid: '0x0247' + oid: '1.3.6.1.4.1.22554.5.6.1' + nid_hybrid: '0x2F47' + hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' + oqs_alg: 'OQS_KEM_alg_ml_kem_512' + extra_nids: + current: + - hybrid_group: "x25519" + hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' + nid: '0x2FB2' + - + family: 'ML-KEM' + name_group: 'mlkem768' + nid: '0x0248' + oid: '1.3.6.1.4.1.22554.5.6.2' + nid_hybrid: '0x2F48' + oqs_alg: 'OQS_KEM_alg_ml_kem_768' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FB3' + - hybrid_group: "x25519" + nid: '0x2FB4' + - hybrid_group: "p256" + nid: '0x2FB5' + - + family: 'ML-KEM' + name_group: 'mlkem1024' + nid: '0x0249' + oid: '1.3.6.1.4.1.22554.5.6.3' + nid_hybrid: '0x2F49' + oqs_alg: 'OQS_KEM_alg_ml_kem_1024' + extra_nids: + current: + # p384_mlkem1024 hybrid doesn't appear in any standardization drafts + # this oid is proposed by Tresorit + # if the hybrid combination is standardized, feel free to change it + - hybrid_group: "p384" + hybrid_oid: '1.3.6.1.4.1.42235.6' + nid: '0x2F4A' + - + family: 'BIKE' + name_group: 'bike1l1fo' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0223' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F23' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: "x25519" + nid: '0x2F28' + oqs_alg: 'OQS_KEM_alg_bike1_l1_fo' + - + family: 'BIKE' + name_group: 'bike1l3fo' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0224' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F24' + oqs_alg: 'OQS_KEM_alg_bike1_l3_fo' + - + family: 'BIKE' + name_group: 'bikel1' + implementation_version: '5.1' + nid: '0x0241' + nid_hybrid: '0x2F41' + oqs_alg: 'OQS_KEM_alg_bike_l1' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FAE' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0238' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2F37' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F38' + - + family: 'BIKE' + name_group: 'bikel3' + implementation_version: '5.1' + nid: '0x0242' + nid_hybrid: '0x2F42' + oqs_alg: 'OQS_KEM_alg_bike_l3' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FAF' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3B' + - + family: 'BIKE' + name_group: 'bikel5' + implementation_version: '5.1' + nid: '0x0243' + nid_hybrid: '0x2F43' + oqs_alg: 'OQS_KEM_alg_bike_l5' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s512' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0229' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F29' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F3E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2FA9' + oqs_alg: 'OQS_KEM_alg_kyber_512_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s768' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022A' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F2A' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 + nid: '0x2FAA' + oqs_alg: 'OQS_KEM_alg_kyber_768_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s1024' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022B' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F2B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0240' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F40' + oqs_alg: 'OQS_KEM_alg_kyber_1024_90s' + - + family: 'HQC' + name_group: 'hqc128' + nid: '0x0244' + nid_hybrid: '0x2F44' + oqs_alg: 'OQS_KEM_alg_hqc_128' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FB0' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F2C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2FAC' + - + family: 'HQC' + name_group: 'hqc192' + nid: '0x0245' + nid_hybrid: '0x2F45' + oqs_alg: 'OQS_KEM_alg_hqc_192' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FB1' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F2D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 + nid: '0x2FAD' + - + family: 'HQC' + name_group: 'hqc256' + nid: '0x0246' + nid_hybrid: '0x2F46' + oqs_alg: 'OQS_KEM_alg_hqc_256' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F2E' + +kem_nid_end: '0x0250' +kem_nid_hybrid_end: '0x2FFF' +# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values + +# Next free signature ID: 0xfeee +sigs: + # - + # iso (1) + # identified-organization (3) + # reserved (9999) + # oqs_sig_default (1) + # disabled + #variants: + # - + # name: 'oqs_sig_default' + # pretty_name: 'OQS Default Signature Algorithm' + # oqs_meth: 'OQS_SIG_alg_default' + # oid: '1.3.9999.1.1' + # code_point: '0xfe00' + # enable: true + # mix_with: [{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'oid': '1.3.9999.1.2', + # 'code_point': '0xfe01'}, + # {'name': 'rsa3072', + # 'pretty_name': 'RSA3072', + # 'oid': '1.3.9999.1.3', + # 'code_point': '0xfe02'}] + # composite:[{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'security': '128', + # 'oid': '2.16.840.1.114027.80.1.8'}] + - + # The Composite OIDs are kept up to date by @feventura (Entrust) + # These are prototype OIDs and are in line with draft-ounsworth-pq-composite-sigs-13 + # OID scheme for composite variants: + # joint-iso-itu-t (2) + # country (16) + # us (840) + # organization (1) + # entrust (114027) + # algorithm (80) + # composite (8) + # signature (1) + # - + # OID scheme for hybrid variants of Dilithium: + # iso (1) + # identified-organization (3) + # reserved (9999) + # dilithium (2) + # OID scheme for plain Dilithium: + # iso (1) + # identified-organization (3) + # dod (6) + # internet (1) + # private (4) + # enterprise (1) + # IBM (2) + # qsc (267) + # Dilithium-r3 (7) + + + family: 'CRYSTALS-Dilithium' + variants: + - + name: 'dilithium2' + pretty_name: 'Dilithium2' + oqs_meth: 'OQS_SIG_alg_dilithium_2' + oid: '1.3.6.1.4.1.2.267.7.4.4' + code_point: '0xfea0' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.7.1', + 'code_point': '0xfea1'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.7.2', + 'code_point': '0xfea2'}] + - + name: 'dilithium3' + pretty_name: 'Dilithium3' + oqs_meth: 'OQS_SIG_alg_dilithium_3' + oid: '1.3.6.1.4.1.2.267.7.6.5' + code_point: '0xfea3' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.7.3', + 'code_point': '0xfea4'}] + - + name: 'dilithium5' + pretty_name: 'Dilithium5' + oqs_meth: 'OQS_SIG_alg_dilithium_5' + oid: '1.3.6.1.4.1.2.267.7.8.7' + code_point: '0xfea5' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.7.4', + 'code_point': '0xfea6'}] + - + name: 'dilithium2_aes' + pretty_name: 'Dilithium2_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_2_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.4.4' + code_point: '0xfea7' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.11.1', + 'code_point': '0xfea8'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.11.2', + 'code_point': '0xfea9'}] + - + name: 'dilithium3_aes' + pretty_name: 'Dilithium3_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_3_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.6.5' + code_point: '0xfeaa' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.11.3', + 'code_point': '0xfeab'}] + - + name: 'dilithium5_aes' + pretty_name: 'Dilithium5_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_5_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.8.7' + code_point: '0xfeac' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.11.4', + 'code_point': '0xfead'}] + - + family: 'ML-DSA' + variants: + - + name: 'mldsa44' + pretty_name: 'ML-DSA-44' + oqs_meth: 'OQS_SIG_alg_ml_dsa_44' + oid: '1.3.6.1.4.1.2.267.12.4.4' + code_point: '0xfed0' + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.7.1', + 'code_point': '0xfed3'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.7.2', + 'code_point': '0xfed4'}] + composite: [{'name': 'pss2048', + 'pretty_name': 'RSA PSS 2048', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.1', + 'code_point': '0xfee1'}, + {'name': 'rsa2048', + 'pretty_name': 'RSA2028', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.2', + 'code_point': '0xfee2'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.3', + 'code_point': '0xfee3'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.4', + 'code_point': '0xfee4'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.5', + 'code_point': '0xfee5'}] + - + name: 'mldsa65' + pretty_name: 'ML-DSA-65' + oqs_meth: 'OQS_SIG_alg_ml_dsa_65' + oid: '1.3.6.1.4.1.2.267.12.6.5' + code_point: '0xfed1' + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.7.3', + 'code_point': '0xfed5'}] + composite: [{'name': 'pss3072', + 'pretty_name': 'RSA PSS 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.6', + 'code_point': '0xfee6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.7', + 'code_point': '0xfee7'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.8', + 'code_point': '0xfee8'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.9', + 'code_point': '0xfee9'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.10', + 'code_point': '0xfeea'}] + - + name: 'mldsa87' + pretty_name: 'ML-DSA-87' + oqs_meth: 'OQS_SIG_alg_ml_dsa_87' + oid: '1.3.6.1.4.1.2.267.12.8.7' + code_point: '0xfed2' + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.7.4', + 'code_point': '0xfed6'}] + composite: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.11', + 'code_point': '0xfeeb'}, + {'name': 'bp384', + 'pretty_name': 'ECDSA brainpoolP384r1', + 'security': '384', + 'oid': '2.16.840.1.114027.80.8.1.12', + 'code_point': '0xfeec'}, + {'name': 'ed448', + 'pretty_name': 'ED448', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.13', + 'code_point': '0xfeed'}] + - + # iso (1) + # identified-organization (3) + # reserved (9999) + # falcon (3) + family: 'Falcon' + variants: + - + name: 'falcon512' + pretty_name: 'Falcon-512' + oqs_meth: 'OQS_SIG_alg_falcon_512' + oid: '1.3.9999.3.11' + code_point: '0xfed7' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.12', + 'code_point': '0xfed8'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.13', + 'code_point': '0xfed9'}] + extra_nids: + old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.6' + code_point: '0xfeae' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.7', + 'code_point': '0xfeaf'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.8', + 'code_point': '0xfeb0'}] + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.1' + code_point: '0xfe0b' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.2', + 'code_point': '0xfe0c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.3', + 'code_point': '0xfe0d'}] + - + name: 'falconpadded512' + pretty_name: 'Falcon-padded-512' + oqs_meth: 'OQS_SIG_alg_falcon_padded_512' + oid: '1.3.9999.3.16' + code_point: '0xfedc' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.17', + 'code_point': '0xfedd'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.18', + 'code_point': '0xfede'}] + - + name: 'falcon1024' + pretty_name: 'Falcon-1024' + oqs_meth: 'OQS_SIG_alg_falcon_1024' + oid: '1.3.9999.3.14' + code_point: '0xfeda' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.15', + 'code_point': '0xfedb'}] + extra_nids: + old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.9' + code_point: '0xfeb1' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.10', + 'code_point': '0xfeb2'}] + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.4' + code_point: '0xfe0e' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.5', + 'code_point': '0xfe0f'}] + - + name: 'falconpadded1024' + pretty_name: 'Falcon-padded-1024' + oqs_meth: 'OQS_SIG_alg_falcon_padded_1024' + oid: '1.3.9999.3.19' + code_point: '0xfedf' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.20', + 'code_point': '0xfee0'}] + - + family: 'SPHINCS-Haraka' + variants: + - + name: 'sphincsharaka128frobust' + pretty_name: 'SPHINCS+-Haraka-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.1' + code_point: '0xfe42' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.2', + 'code_point': '0xfe43'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.3', + 'code_point': '0xfe44'}] + - + name: 'sphincsharaka128fsimple' + pretty_name: 'SPHINCS+-Haraka-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.4' + code_point: '0xfe45' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.5', + 'code_point': '0xfe46'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.6', + 'code_point': '0xfe47'}] + - + name: 'sphincsharaka128srobust' + pretty_name: 'SPHINCS+-Haraka-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.7' + code_point: '0xfe48' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.8', + 'code_point': '0xfe49'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.9', + 'code_point': '0xfe4a'}] + - + name: 'sphincsharaka128ssimple' + pretty_name: 'SPHINCS+-Haraka-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.10' + code_point: '0xfe4b' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.11', + 'code_point': '0xfe4c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.12', + 'code_point': '0xfe4d'}] + - + name: 'sphincsharaka192frobust' + pretty_name: 'SPHINCS+-Haraka-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.1' + code_point: '0xfe4e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.2', + 'code_point': '0xfe4f'}] + - + name: 'sphincsharaka192fsimple' + pretty_name: 'SPHINCS+-Haraka-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.3' + code_point: '0xfe50' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.4', + 'code_point': '0xfe51'}] + - + name: 'sphincsharaka192srobust' + pretty_name: 'SPHINCS+-Haraka-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.5' + code_point: '0xfe52' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.6', + 'code_point': '0xfe53'}] + - + name: 'sphincsharaka192ssimple' + pretty_name: 'SPHINCS+-Haraka-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.7' + code_point: '0xfe54' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.8', + 'code_point': '0xfe55'}] + - + name: 'sphincsharaka256frobust' + pretty_name: 'SPHINCS+-Haraka-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.1' + code_point: '0xfe56' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.2', + 'code_point': '0xfe57'}] + - + name: 'sphincsharaka256fsimple' + pretty_name: 'SPHINCS+-Haraka-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.3' + code_point: '0xfe58' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.4', + 'code_point': '0xfe59'}] + - + name: 'sphincsharaka256srobust' + pretty_name: 'SPHINCS+-Haraka-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.5' + code_point: '0xfe5a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.6', + 'code_point': '0xfe5b'}] + - + name: 'sphincsharaka256ssimple' + pretty_name: 'SPHINCS+-Haraka-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.7' + code_point: '0xfe5c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.8', + 'code_point': '0xfe5d'}] + - + family: 'SPHINCS-SHA2' + variants: + - + name: 'sphincssha26128frobust' + pretty_name: 'SPHINCS+-SHA256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.1' + code_point: '0xfe5e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.2', + 'code_point': '0xfe5f'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.3', + 'code_point': '0xfe60'}] + - + name: 'sphincssha2128fsimple' + pretty_name: 'SPHINCS+-SHA2-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128f_simple' + oid: '1.3.9999.6.4.13' + code_point: '0xfeb3' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.14', + 'code_point': '0xfeb4'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.15', + 'code_point': '0xfeb5'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.4' + code_point: '0xfe61' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.5', + 'code_point': '0xfe62'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.6', + 'code_point': '0xfe63'}] + - + name: 'sphincssha256128srobust' + pretty_name: 'SPHINCS+-SHA256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.7' + code_point: '0xfe64' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.8', + 'code_point': '0xfe65'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.9', + 'code_point': '0xfe66'}] + - + name: 'sphincssha2128ssimple' + pretty_name: 'SPHINCS+-SHA2-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128s_simple' + oid: '1.3.9999.6.4.16' + code_point: '0xfeb6' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.17', + 'code_point': '0xfeb7'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.18', + 'code_point': '0xfeb8'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.10' + code_point: '0xfe67' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.11', + 'code_point': '0xfe68'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.12', + 'code_point': '0xfe69'}] + - + name: 'sphincssha256192frobust' + pretty_name: 'SPHINCS+-SHA256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.1' + code_point: '0xfe6a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.2', + 'code_point': '0xfe6b'}] + - + name: 'sphincssha2192fsimple' + pretty_name: 'SPHINCS+-SHA2-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192f_simple' + oid: '1.3.9999.6.5.10' + code_point: '0xfeb9' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.11', + 'code_point': '0xfeba'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.3' + code_point: '0xfe6c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.4', + 'code_point': '0xfe6d'}] + - + name: 'sphincssha256192srobust' + pretty_name: 'SPHINCS+-SHA256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.5' + code_point: '0xfe6e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.6', + 'code_point': '0xfe6f'}] + - + name: 'sphincssha2192ssimple' + pretty_name: 'SPHINCS+-SHA2-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192s_simple' + oid: '1.3.9999.6.5.12' + code_point: '0xfebb' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.13', + 'code_point': '0xfebc'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.7' + code_point: '0xfe70' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.8', + 'code_point': '0xfe71'}] + - + name: 'sphincssha256256frobust' + pretty_name: 'SPHINCS+-SHA256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.1' + code_point: '0xfe72' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.2', + 'code_point': '0xfe73'}] + - + name: 'sphincssha2256fsimple' + pretty_name: 'SPHINCS+-SHA2-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256f_simple' + oid: '1.3.9999.6.6.10' + code_point: '0xfebd' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.11', + 'code_point': '0xfebe'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.3' + code_point: '0xfe74' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.4', + 'code_point': '0xfe75'}] + - + name: 'sphincssha256256srobust' + pretty_name: 'SPHINCS+-SHA256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.5' + code_point: '0xfe76' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.6', + 'code_point': '0xfe77'}] + - + name: 'sphincssha2256ssimple' + pretty_name: 'SPHINCS+-SHA2-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256s_simple' + oid: '1.3.9999.6.6.12' + code_point: '0xfec0' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.13', + 'code_point': '0xfec1'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.7' + code_point: '0xfe78' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.8', + 'code_point': '0xfe79'}] + - + family: 'SPHINCS-SHAKE' + variants: + - + name: 'sphincsshake256128frobust' + pretty_name: 'SPHINCS+-SHAKE256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.1' + code_point: '0xfe7a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.2', + 'code_point': '0xfe7b'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.3', + 'code_point': '0xfe7c'}] + - + name: 'sphincsshake128fsimple' + pretty_name: 'SPHINCS+-SHAKE-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128f_simple' + oid: '1.3.9999.6.7.13' + code_point: '0xfec2' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.14', + 'code_point': '0xfec3'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.15', + 'code_point': '0xfec4'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.4' + code_point: '0xfe7d' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.5', + 'code_point': '0xfe7e'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.6', + 'code_point': '0xfe7f'}] + - + name: 'sphincsshake256128srobust' + pretty_name: 'SPHINCS+-SHAKE256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.7' + code_point: '0xfe80' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.8', + 'code_point': '0xfe81'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.9', + 'code_point': '0xfe82'}] + - + name: 'sphincsshake128ssimple' + pretty_name: 'SPHINCS+-SHAKE-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128s_simple' + oid: '1.3.9999.6.7.16' + code_point: '0xfec5' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.17', + 'code_point': '0xfec6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.18', + 'code_point': '0xfec7'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.10' + code_point: '0xfe83' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.11', + 'code_point': '0xfe84'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.12', + 'code_point': '0xfe85'}] + - + name: 'sphincsshake256192frobust' + pretty_name: 'SPHINCS+-SHAKE256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.1' + code_point: '0xfe86' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.2', + 'code_point': '0xfe87'}] + - + name: 'sphincsshake192fsimple' + pretty_name: 'SPHINCS+-SHAKE-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192f_simple' + oid: '1.3.9999.6.8.10' + code_point: '0xfec8' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.11', + 'code_point': '0xfec9'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.3' + code_point: '0xfe88' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.4', + 'code_point': '0xfe89'}] + - + name: 'sphincsshake256192srobust' + pretty_name: 'SPHINCS+-SHAKE256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.5' + code_point: '0xfe8a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.6', + 'code_point': '0xfe8b'}] + - + name: 'sphincsshake192ssimple' + pretty_name: 'SPHINCS+-SHAKE-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192s_simple' + oid: '1.3.9999.6.8.12' + code_point: '0xfeca' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.13', + 'code_point': '0xfecb'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.7' + code_point: '0xfe8c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.8', + 'code_point': '0xfe8d'}] + - + name: 'sphincsshake256256frobust' + pretty_name: 'SPHINCS+-SHAKE256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.1' + code_point: '0xfe8e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.2', + 'code_point': '0xfe8f'}] + - + name: 'sphincsshake256fsimple' + pretty_name: 'SPHINCS+-SHAKE-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256f_simple' + oid: '1.3.9999.6.9.10' + code_point: '0xfecc' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.11', + 'code_point': '0xfecd'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.3' + code_point: '0xfe90' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.4', + 'code_point': '0xfe91'}] + - + name: 'sphincsshake256256srobust' + pretty_name: 'SPHINCS+-SHAKE256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.5' + code_point: '0xfe92' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.6', + 'code_point': '0xfe93'}] + - + name: 'sphincsshake256ssimple' + pretty_name: 'SPHINCS+-SHAKE-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256s_simple' + oid: '1.3.9999.6.9.12' + code_point: '0xfece' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.13', + 'code_point': '0xfecf'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.7' + code_point: '0xfe94' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.8', + 'code_point': '0xfe95'}] + +