diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 9d57fd03..a833dae6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,9 +2,10 @@ * @baentsch /oqsprov/oqs_hyb_kem.c @bhess +# TODO: @alexrow owns OIDs for CROSS; add them below when possible /oqs-template/generate.yml @baentsch @bhess @feventura -/CMakeLists.txt @baentsch @thb-sb -/.circleci/config.yml @baentsch @thb-sb -/.github/workflows @baentsch @thb-sb @jplomas +/CMakeLists.txt @baentsch @zadlg +/.circleci/config.yml @baentsch @zadlg +/.github/workflows @baentsch @zadlg @jplomas /oqsprov/oqs_sig.c @baentsch @feventura /scripts/oqsprovider-pkcs12gen.sh @iyanmv diff --git a/ALGORITHMS.md b/ALGORITHMS.md index cedabb57..511cc219 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -125,6 +125,22 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | p384_mayo3 | 0xfef4 |Yes| OQS_CODEPOINT_P384_MAYO3 | mayo5 | 0xfef1 |Yes| OQS_CODEPOINT_MAYO5 | p521_mayo5 | 0xfef5 |Yes| OQS_CODEPOINT_P521_MAYO5 +| CROSSrsdp128balanced | 0xfef6 |Yes| OQS_CODEPOINT_CROSSRSDP128BALANCED +| CROSSrsdp128fast | 0xfef7 |No| OQS_CODEPOINT_CROSSRSDP128FAST +| CROSSrsdp128small | 0xfef8 |No| OQS_CODEPOINT_CROSSRSDP128SMALL +| CROSSrsdp192balanced | 0xfef9 |No| OQS_CODEPOINT_CROSSRSDP192BALANCED +| CROSSrsdp192fast | 0xfefa |No| OQS_CODEPOINT_CROSSRSDP192FAST +| CROSSrsdp192small | 0xfefb |No| OQS_CODEPOINT_CROSSRSDP192SMALL +| CROSSrsdp256small | 0xfefc |No| OQS_CODEPOINT_CROSSRSDP256SMALL +| CROSSrsdpg128balanced | 0xfefd |No| OQS_CODEPOINT_CROSSRSDPG128BALANCED +| CROSSrsdpg128fast | 0xfefe |No| OQS_CODEPOINT_CROSSRSDPG128FAST +| CROSSrsdpg128small | 0xfeff |No| OQS_CODEPOINT_CROSSRSDPG128SMALL +| CROSSrsdpg192balanced | 0xff00 |No| OQS_CODEPOINT_CROSSRSDPG192BALANCED +| CROSSrsdpg192fast | 0xff01 |No| OQS_CODEPOINT_CROSSRSDPG192FAST +| CROSSrsdpg192small | 0xff02 |No| OQS_CODEPOINT_CROSSRSDPG192SMALL +| CROSSrsdpg256balanced | 0xff03 |No| OQS_CODEPOINT_CROSSRSDPG256BALANCED +| CROSSrsdpg256fast | 0xff04 |No| OQS_CODEPOINT_CROSSRSDPG256FAST +| CROSSrsdpg256small | 0xff05 |No| OQS_CODEPOINT_CROSSRSDPG256SMALL Changing code points @@ -223,6 +239,22 @@ adapting the OIDs of all supported signature algorithms as per the table below. | p384_mayo3 | 1.3.9999.8.3.2 |Yes| OQS_OID_P384_MAYO3 | mayo5 | 1.3.9999.8.5.1 |Yes| OQS_OID_MAYO5 | p521_mayo5 | 1.3.9999.8.5.2 |Yes| OQS_OID_P521_MAYO5 +| CROSSrsdp128balanced | 1.3.6.1.4.1.62245.2.1.1 |Yes| OQS_OID_CROSSRSDP128BALANCED +| CROSSrsdp128fast | 1.3.6.1.4.1.62245.2.1.2 |No| OQS_OID_CROSSRSDP128FAST +| CROSSrsdp128small | 1.3.6.1.4.1.62245.2.1.3 |No| OQS_OID_CROSSRSDP128SMALL +| CROSSrsdp192balanced | 1.3.6.1.4.1.62245.2.1.4 |No| OQS_OID_CROSSRSDP192BALANCED +| CROSSrsdp192fast | 1.3.6.1.4.1.62245.2.1.5 |No| OQS_OID_CROSSRSDP192FAST +| CROSSrsdp192small | 1.3.6.1.4.1.62245.2.1.6 |No| OQS_OID_CROSSRSDP192SMALL +| CROSSrsdp256small | 1.3.6.1.4.1.62245.2.1.9 |No| OQS_OID_CROSSRSDP256SMALL +| CROSSrsdpg128balanced | 1.3.6.1.4.1.62245.2.1.10 |No| OQS_OID_CROSSRSDPG128BALANCED +| CROSSrsdpg128fast | 1.3.6.1.4.1.62245.2.1.11 |No| OQS_OID_CROSSRSDPG128FAST +| CROSSrsdpg128small | 1.3.6.1.4.1.62245.2.1.12 |No| OQS_OID_CROSSRSDPG128SMALL +| CROSSrsdpg192balanced | 1.3.6.1.4.1.62245.2.1.13 |No| OQS_OID_CROSSRSDPG192BALANCED +| CROSSrsdpg192fast | 1.3.6.1.4.1.62245.2.1.14 |No| OQS_OID_CROSSRSDPG192FAST +| CROSSrsdpg192small | 1.3.6.1.4.1.62245.2.1.15 |No| OQS_OID_CROSSRSDPG192SMALL +| CROSSrsdpg256balanced | 1.3.6.1.4.1.62245.2.1.16 |No| OQS_OID_CROSSRSDPG256BALANCED +| CROSSrsdpg256fast | 1.3.6.1.4.1.62245.2.1.17 |No| OQS_OID_CROSSRSDPG256FAST +| CROSSrsdpg256small | 1.3.6.1.4.1.62245.2.1.18 |No| OQS_OID_CROSSRSDPG256SMALL If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following list is also available: diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 680c9cfa..76a1bacc 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -102,7 +102,7 @@ Votes are to be executed by way of open GitHub discussions. No quorum is needed @baentsch @bhess -@thb-sb +@zadlg @christianpaquin ## Afterword diff --git a/README.md b/README.md index 7eb736c8..ca5949f6 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ This implementation makes available the following quantum safe algorithms: - **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple` - **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple` - **MAYO**:`mayo1`\*, `p256_mayo1`\*, `mayo2`\*, `p256_mayo2`\*, `mayo3`\*, `p384_mayo3`\*, `mayo5`\*, `p521_mayo5`\* +- **CROSS**:`CROSSrsdp128balanced`\*, `CROSSrsdp128fast`, `CROSSrsdp128small`, `CROSSrsdp192balanced`, `CROSSrsdp192fast`, `CROSSrsdp192small`, `CROSSrsdp256small`, `CROSSrsdpg128balanced`, `CROSSrsdpg128fast`, `CROSSrsdpg128small`, `CROSSrsdpg192balanced`, `CROSSrsdpg192fast`, `CROSSrsdpg192small`, `CROSSrsdpg256balanced`, `CROSSrsdpg256fast`, `CROSSrsdpg256small` @@ -204,6 +205,7 @@ Contributors to the `oqsprovider` include: - Thomas Bailleux (many build, CI and usage improvements for different platforms) - Felipe Ventura (composite sig integration and OID management) - Iyán Méndez Veiga (PKCS#12 testing) +- Alessandro Barenghi (CROSS OIDs) History ------- diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 4733fe71..33f827c3 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -424,7 +424,7 @@ kem_nid_end: '0x0250' kem_nid_hybrid_end: '0x2FFF' # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values -# Next free signature ID: 0xfef6 +# Next free signature ID: 0xff06 sigs: # - # iso (1) @@ -1541,3 +1541,127 @@ sigs: 'pretty_name': 'ECDSA p521', 'oid': '1.3.9999.8.5.2', 'code_point': '0xfef5'}] + - + family: 'CROSS' + variants: + # RSDP 128 + - + name: 'CROSSrsdp128balanced' + pretty_name: 'CROSS-rsdp-128-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_balanced' + oid: '1.3.6.1.4.1.62245.2.1.1' + code_point: '0xfef6' + enable: true + - + name: 'CROSSrsdp128fast' + pretty_name: 'CROSS-rsdp-128-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_fast' + oid: '1.3.6.1.4.1.62245.2.1.2' + code_point: '0xfef7' + enable: false + - + name: 'CROSSrsdp128small' + pretty_name: 'CROSS-rsdp-128-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_small' + oid: '1.3.6.1.4.1.62245.2.1.3' + code_point: '0xfef8' + enable: false + # RSDP 192 + - + name: 'CROSSrsdp192balanced' + pretty_name: 'CROSS-rsdp-192-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_balanced' + oid: '1.3.6.1.4.1.62245.2.1.4' + code_point: '0xfef9' + enable: false + - + name: 'CROSSrsdp192fast' + pretty_name: 'CROSS-rsdp-192-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_fast' + oid: '1.3.6.1.4.1.62245.2.1.5' + code_point: '0xfefa' + enable: false + - + name: 'CROSSrsdp192small' + pretty_name: 'CROSS-rsdp-192-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_small' + oid: '1.3.6.1.4.1.62245.2.1.6' + code_point: '0xfefb' + enable: false + # RSDP 256 + # CROSS variants rsdp-256-balanced and rsdp-256-fast are missing because + # they produce certificates that are larger than the maximum size allowed + # by TLS 1.3 (RFC 8446 section B.3.3) + - + name: 'CROSSrsdp256small' + pretty_name: 'CROSS-rsdp-256-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_256_small' + oid: '1.3.6.1.4.1.62245.2.1.9' + code_point: '0xfefc' + enable: false + # RSDPG 128 + - + name: 'CROSSrsdpg128balanced' + pretty_name: 'CROSS-rsdpg-128-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_balanced' + oid: '1.3.6.1.4.1.62245.2.1.10' + code_point: '0xfefd' + enable: false + - + name: 'CROSSrsdpg128fast' + pretty_name: 'CROSS-rsdpg-128-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_fast' + oid: '1.3.6.1.4.1.62245.2.1.11' + code_point: '0xfefe' + enable: false + - + name: 'CROSSrsdpg128small' + pretty_name: 'CROSS-rsdpg-128-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_small' + oid: '1.3.6.1.4.1.62245.2.1.12' + code_point: '0xfeff' + enable: false + # RSDPG 192 + - + name: 'CROSSrsdpg192balanced' + pretty_name: 'CROSS-rsdpg-192-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_balanced' + oid: '1.3.6.1.4.1.62245.2.1.13' + code_point: '0xff00' + enable: false + - + name: 'CROSSrsdpg192fast' + pretty_name: 'CROSS-rsdpg-192-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_fast' + oid: '1.3.6.1.4.1.62245.2.1.14' + code_point: '0xff01' + enable: false + - + name: 'CROSSrsdpg192small' + pretty_name: 'CROSS-rsdpg-192-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_small' + oid: '1.3.6.1.4.1.62245.2.1.15' + code_point: '0xff02' + enable: false + # RSDPG 256 + - + name: 'CROSSrsdpg256balanced' + pretty_name: 'CROSS-rsdpg-256-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_balanced' + oid: '1.3.6.1.4.1.62245.2.1.16' + code_point: '0xff03' + enable: false + - + name: 'CROSSrsdpg256fast' + pretty_name: 'CROSS-rsdpg-256-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_fast' + oid: '1.3.6.1.4.1.62245.2.1.17' + code_point: '0xff04' + enable: false + - + name: 'CROSSrsdpg256small' + pretty_name: 'CROSS-rsdpg-256-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_small' + oid: '1.3.6.1.4.1.62245.2.1.18' + code_point: '0xff05' + enable: false \ No newline at end of file diff --git a/oqs-template/oqs-sig-info.md b/oqs-template/oqs-sig-info.md index 71e19a1a..1d296738 100644 --- a/oqs-template/oqs-sig-info.md +++ b/oqs-template/oqs-sig-info.md @@ -1,5 +1,21 @@ | Algorithm | Implementation Version | NIST round | Claimed NIST Level | Code Point | OID | |:--------------------------------------------------|:------------------------------------------------|:-------------|---------------------:|:-------------|:-------------------------| +| CROSSrsdp128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef6 | 1.3.6.1.4.1.62245.2.1.1 | +| CROSSrsdp128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef7 | 1.3.6.1.4.1.62245.2.1.2 | +| CROSSrsdp128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef8 | 1.3.6.1.4.1.62245.2.1.3 | +| CROSSrsdp192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfef9 | 1.3.6.1.4.1.62245.2.1.4 | +| CROSSrsdp192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefa | 1.3.6.1.4.1.62245.2.1.5 | +| CROSSrsdp192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefb | 1.3.6.1.4.1.62245.2.1.6 | +| CROSSrsdp256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xfefc | 1.3.6.1.4.1.62245.2.1.9 | +| CROSSrsdpg128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefd | 1.3.6.1.4.1.62245.2.1.10 | +| CROSSrsdpg128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefe | 1.3.6.1.4.1.62245.2.1.11 | +| CROSSrsdpg128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfeff | 1.3.6.1.4.1.62245.2.1.12 | +| CROSSrsdpg192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff00 | 1.3.6.1.4.1.62245.2.1.13 | +| CROSSrsdpg192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff01 | 1.3.6.1.4.1.62245.2.1.14 | +| CROSSrsdpg192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff02 | 1.3.6.1.4.1.62245.2.1.15 | +| CROSSrsdpg256balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff03 | 1.3.6.1.4.1.62245.2.1.16 | +| CROSSrsdpg256fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff04 | 1.3.6.1.4.1.62245.2.1.17 | +| CROSSrsdpg256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff05 | 1.3.6.1.4.1.62245.2.1.18 | | dilithium2 | 3.1 | 3 | 2 | 0xfea0 | 1.3.6.1.4.1.2.267.7.4.4 | | dilithium2 **hybrid with** p256 | 3.1 | 3 | 2 | 0xfea1 | 1.3.9999.2.7.1 | | dilithium2 **hybrid with** rsa3072 | 3.1 | 3 | 2 | 0xfea2 | 1.3.9999.2.7.2 | diff --git a/oqsprov/oqs_decode_der2key.c b/oqsprov/oqs_decode_der2key.c index 5f8f3924..07308b25 100644 --- a/oqsprov/oqs_decode_der2key.c +++ b/oqsprov/oqs_decode_der2key.c @@ -821,4 +821,8 @@ MAKE_DECODER(, "mayo5", mayo5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "mayo5", mayo5, oqsx, SubjectPublicKeyInfo); MAKE_DECODER(, "p521_mayo5", p521_mayo5, oqsx, PrivateKeyInfo); MAKE_DECODER(, "p521_mayo5", p521_mayo5, oqsx, SubjectPublicKeyInfo); +MAKE_DECODER(, "CROSSrsdp128balanced", CROSSrsdp128balanced, oqsx, + PrivateKeyInfo); +MAKE_DECODER(, "CROSSrsdp128balanced", CROSSrsdp128balanced, oqsx, + SubjectPublicKeyInfo); ///// OQS_TEMPLATE_FRAGMENT_DECODER_MAKE_END diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 83ff6554..55ffbfc8 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -1240,6 +1240,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { #define p521_mayo5_evp_type 0 #define p521_mayo5_input_type "p521_mayo5" #define p521_mayo5_pem_type "p521_mayo5" +#define CROSSrsdp128balanced_evp_type 0 +#define CROSSrsdp128balanced_input_type "CROSSrsdp128balanced" +#define CROSSrsdp128balanced_pem_type "CROSSrsdp128balanced" ///// OQS_TEMPLATE_FRAGMENT_ENCODER_DEFINES_END /* ---------------------------------------------------------------------- */ @@ -2675,4 +2678,11 @@ MAKE_ENCODER(, p521_mayo5, oqsx, PrivateKeyInfo, pem); MAKE_ENCODER(, p521_mayo5, oqsx, SubjectPublicKeyInfo, der); MAKE_ENCODER(, p521_mayo5, oqsx, SubjectPublicKeyInfo, pem); MAKE_TEXT_ENCODER(, p521_mayo5); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, EncryptedPrivateKeyInfo, der); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, EncryptedPrivateKeyInfo, pem); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, PrivateKeyInfo, der); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, PrivateKeyInfo, pem); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, SubjectPublicKeyInfo, der); +MAKE_ENCODER(, CROSSrsdp128balanced, oqsx, SubjectPublicKeyInfo, pem); +MAKE_TEXT_ENCODER(, CROSSrsdp128balanced); ///// OQS_TEMPLATE_FRAGMENT_ENCODER_MAKE_END diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 7cf193d5..e9c6dac3 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -1239,6 +1239,18 @@ static void *p521_mayo5_gen_init(void *provctx, int selection) { KEY_TYPE_HYB_SIG, 256, 55, 0); } +static void *CROSSrsdp128balanced_new_key(void *provctx) { + return oqsx_key_new(PROV_OQS_LIBCTX_OF(provctx), + OQS_SIG_alg_cross_rsdp_128_balanced, + "CROSSrsdp128balanced", KEY_TYPE_SIG, NULL, 128, 56, 0); +} + +static void *CROSSrsdp128balanced_gen_init(void *provctx, int selection) { + return oqsx_gen_init(provctx, selection, + OQS_SIG_alg_cross_rsdp_128_balanced, + "CROSSrsdp128balanced", 0, 128, 56, 0); +} + ///// OQS_TEMPLATE_FRAGMENT_KEYMGMT_CONSTRUCTORS_END #define MAKE_SIG_KEYMGMT_FUNCTIONS(alg) \ @@ -1439,6 +1451,7 @@ MAKE_SIG_KEYMGMT_FUNCTIONS(mayo3) MAKE_SIG_KEYMGMT_FUNCTIONS(p384_mayo3) MAKE_SIG_KEYMGMT_FUNCTIONS(mayo5) MAKE_SIG_KEYMGMT_FUNCTIONS(p521_mayo5) +MAKE_SIG_KEYMGMT_FUNCTIONS(CROSSrsdp128balanced) MAKE_KEM_KEYMGMT_FUNCTIONS(frodo640aes, OQS_KEM_alg_frodokem_640_aes, 128) diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index 4338ed3c..bb8ed1a9 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -2151,6 +2151,23 @@ extern const OSSL_DISPATCH oqs_PrivateKeyInfo_der_to_p521_mayo5_decoder_functions[]; extern const OSSL_DISPATCH oqs_SubjectPublicKeyInfo_der_to_p521_mayo5_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_PrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_SubjectPublicKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_CROSSrsdp128balanced_to_SubjectPublicKeyInfo_pem_encoder_functions[]; +extern const OSSL_DISPATCH oqs_CROSSrsdp128balanced_to_text_encoder_functions[]; +extern const OSSL_DISPATCH + oqs_PrivateKeyInfo_der_to_CROSSrsdp128balanced_decoder_functions[]; +extern const OSSL_DISPATCH + oqs_SubjectPublicKeyInfo_der_to_CROSSrsdp128balanced_decoder_functions[]; ///// OQS_TEMPLATE_FRAGMENT_ENDECODER_FUNCTIONS_END ///// OQS_TEMPLATE_FRAGMENT_ALG_FUNCTIONS_START @@ -2213,6 +2230,7 @@ extern const OSSL_DISPATCH oqs_mayo3_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p384_mayo3_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_mayo5_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_p521_mayo5_keymgmt_functions[]; +extern const OSSL_DISPATCH oqs_CROSSrsdp128balanced_keymgmt_functions[]; extern const OSSL_DISPATCH oqs_frodo640aes_keymgmt_functions[]; diff --git a/oqsprov/oqsdecoders.inc b/oqsprov/oqsdecoders.inc index 8655ca97..cd0403de 100644 --- a/oqsprov/oqsdecoders.inc +++ b/oqsprov/oqsdecoders.inc @@ -275,4 +275,8 @@ DECODER_w_structure("mayo5", der, PrivateKeyInfo, mayo5), DECODER_w_structure("mayo5", der, SubjectPublicKeyInfo, mayo5),DECODER_w_structure("p521_mayo5", der, PrivateKeyInfo, p521_mayo5), DECODER_w_structure("p521_mayo5", der, SubjectPublicKeyInfo, p521_mayo5), #endif +#ifdef OQS_ENABLE_SIG_cross_rsdp_128_balanced +DECODER_w_structure("CROSSrsdp128balanced", der, PrivateKeyInfo, CROSSrsdp128balanced), +DECODER_w_structure("CROSSrsdp128balanced", der, SubjectPublicKeyInfo, CROSSrsdp128balanced), +#endif ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsencoders.inc b/oqsprov/oqsencoders.inc index 9fcea547..386ef8a0 100644 --- a/oqsprov/oqsencoders.inc +++ b/oqsprov/oqsencoders.inc @@ -921,4 +921,13 @@ ENCODER_w_structure("p521_mayo5", p521_mayo5, der, SubjectPublicKeyInfo), ENCODER_w_structure("p521_mayo5", p521_mayo5, pem, SubjectPublicKeyInfo), ENCODER_TEXT("p521_mayo5", p521_mayo5), #endif +#ifdef OQS_ENABLE_SIG_cross_rsdp_128_balanced +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, der, PrivateKeyInfo), +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, pem, PrivateKeyInfo), +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, der, EncryptedPrivateKeyInfo), +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, pem, EncryptedPrivateKeyInfo), +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, der, SubjectPublicKeyInfo), +ENCODER_w_structure("CROSSrsdp128balanced", CROSSrsdp128balanced, pem, SubjectPublicKeyInfo), +ENCODER_TEXT("CROSSrsdp128balanced", CROSSrsdp128balanced), +#endif ///// OQS_TEMPLATE_FRAGMENT_MAKE_END diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 069ea8ec..ca406c2a 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -51,9 +51,9 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START #ifdef OQS_KEM_ENCODERS -#define OQS_OID_CNT 218 +#define OQS_OID_CNT 220 #else -#define OQS_OID_CNT 112 +#define OQS_OID_CNT 114 #endif const char *oqs_oid_alg_list[OQS_OID_CNT] = { @@ -280,6 +280,8 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "mayo5", "1.3.9999.8.5.2", "p521_mayo5", + "1.3.6.1.4.1.62245.2.1.1", + "CROSSrsdp128balanced", ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_END }; @@ -531,6 +533,8 @@ int oqs_patch_oids(void) { oqs_oid_alg_list[108 + OQS_KEMOID_CNT] = envval; if ((envval = getenv("OQS_OID_P521_MAYO5"))) oqs_oid_alg_list[110 + OQS_KEMOID_CNT] = envval; + if ((envval = getenv("OQS_OID_CROSSRSDP128BALANCED"))) + oqs_oid_alg_list[112 + OQS_KEMOID_CNT] = envval; } ///// OQS_TEMPLATE_FRAGMENT_OID_PATCHING_END return 1; } @@ -665,6 +669,9 @@ static const OSSL_ALGORITHM oqsprovider_signatures[] = { #ifdef OQS_ENABLE_SIG_mayo_5 SIGALG("mayo5", 256, oqs_signature_functions), SIGALG("p521_mayo5", 256, oqs_signature_functions), +#endif +#ifdef OQS_ENABLE_SIG_cross_rsdp_128_balanced + SIGALG("CROSSrsdp128balanced", 128, oqs_signature_functions), #endif ///// OQS_TEMPLATE_FRAGMENT_SIG_FUNCTIONS_END {NULL, NULL, NULL}}; @@ -861,6 +868,9 @@ static const OSSL_ALGORITHM oqsprovider_keymgmt[] = { SIGALG("mayo5", 256, oqs_mayo5_keymgmt_functions), SIGALG("p521_mayo5", 256, oqs_p521_mayo5_keymgmt_functions), #endif +#ifdef OQS_ENABLE_SIG_cross_rsdp_128_balanced + SIGALG("CROSSrsdp128balanced", 128, oqs_CROSSrsdp128balanced_keymgmt_functions), +#endif #ifdef OQS_ENABLE_KEM_frodokem_640_aes KEMKMALG(frodo640aes, 128) diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c index 744805cd..bf8081e2 100644 --- a/oqsprov/oqsprov_capabilities.c +++ b/oqsprov/oqsprov_capabilities.c @@ -294,6 +294,7 @@ static OQS_SIGALG_CONSTANTS oqs_sigalg_list[] = { {0xfeef, 128, TLS1_3_VERSION, 0}, {0xfef3, 128, TLS1_3_VERSION, 0}, {0xfef0, 192, TLS1_3_VERSION, 0}, {0xfef4, 192, TLS1_3_VERSION, 0}, {0xfef1, 256, TLS1_3_VERSION, 0}, {0xfef5, 256, TLS1_3_VERSION, 0}, + {0xfef6, 128, TLS1_3_VERSION, 0}, ///// OQS_TEMPLATE_FRAGMENT_SIGALG_ASSIGNMENTS_END }; @@ -598,6 +599,9 @@ int oqs_patch_codepoints() { if (getenv("OQS_CODEPOINT_P521_MAYO5")) oqs_sigalg_list[55].code_point = atoi(getenv("OQS_CODEPOINT_P521_MAYO5")); + if (getenv("OQS_CODEPOINT_CROSSRSDP128BALANCED")) + oqs_sigalg_list[56].code_point = + atoi(getenv("OQS_CODEPOINT_CROSSRSDP128BALANCED")); ///// OQS_TEMPLATE_FRAGMENT_CODEPOINT_PATCHING_END return 1; } @@ -772,6 +776,10 @@ static const OSSL_PARAM oqs_param_sigalg_list[][12] = { #ifdef OQS_ENABLE_SIG_mayo_5 OQS_SIGALG_ENTRY(mayo5, mayo5, mayo5, "1.3.9999.8.5.1", 54), OQS_SIGALG_ENTRY(p521_mayo5, p521_mayo5, p521_mayo5, "1.3.9999.8.5.2", 55), +#endif +#ifdef OQS_ENABLE_SIG_cross_rsdp_128_balanced + OQS_SIGALG_ENTRY(CROSSrsdp128balanced, CROSSrsdp128balanced, + CROSSrsdp128balanced, "1.3.6.1.4.1.62245.2.1.1", 56), #endif ///// OQS_TEMPLATE_FRAGMENT_SIGALG_NAMES_END }; diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 507d3b26..6153b1de 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -53,9 +53,9 @@ static int oqsx_key_recreate_classickey(OQSX_KEY *key, oqsx_key_op_t op); ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_START #ifdef OQS_KEM_ENCODERS -#define NID_TABLE_LEN 109 +#define NID_TABLE_LEN 110 #else -#define NID_TABLE_LEN 56 +#define NID_TABLE_LEN 57 #endif static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { @@ -201,6 +201,8 @@ static oqs_nid_name_t nid_names[NID_TABLE_LEN] = { {0, "p384_mayo3", OQS_SIG_alg_mayo_3, KEY_TYPE_HYB_SIG, 192}, {0, "mayo5", OQS_SIG_alg_mayo_5, KEY_TYPE_SIG, 256}, {0, "p521_mayo5", OQS_SIG_alg_mayo_5, KEY_TYPE_HYB_SIG, 256}, + {0, "CROSSrsdp128balanced", OQS_SIG_alg_cross_rsdp_128_balanced, + KEY_TYPE_SIG, 128}, ///// OQS_TEMPLATE_FRAGMENT_OQSNAMES_END }; diff --git a/scripts/common.py b/scripts/common.py index 8eb7a7d6..b9cd6a8f 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -16,7 +16,7 @@ 'ecdsap256', 'rsa3072', ##### OQS_TEMPLATE_FRAGMENT_SIG_ALGS_START # post-quantum signatures - 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falconpadded512','falcon1024','falconpadded1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple','mayo1','mayo2','mayo3','mayo5', + 'dilithium2','dilithium3','dilithium5','mldsa44','mldsa65','mldsa87','falcon512','falconpadded512','falcon1024','falconpadded1024','sphincssha2128fsimple','sphincssha2128ssimple','sphincssha2192fsimple','sphincsshake128fsimple','mayo1','mayo2','mayo3','mayo5','CROSSrsdp128balanced', # post-quantum + classical signatures 'p256_dilithium2','rsa3072_dilithium2','p384_dilithium3','p521_dilithium5','p256_mldsa44','rsa3072_mldsa44','p384_mldsa65','p521_mldsa87','p256_falcon512','rsa3072_falcon512','p256_falconpadded512','rsa3072_falconpadded512','p521_falcon1024','p521_falconpadded1024','p256_sphincssha2128fsimple','rsa3072_sphincssha2128fsimple','p256_sphincssha2128ssimple','rsa3072_sphincssha2128ssimple','p384_sphincssha2192fsimple','p256_sphincsshake128fsimple','rsa3072_sphincsshake128fsimple','p256_mayo1','p256_mayo2','p384_mayo3','p521_mayo5', # post-quantum + classical signatures (COMPOSITE)