disable tmp OID generation

Signed-off-by: Michael Baentsch <[email protected]>
open-quantum-safe · Sep 15, 2024 · a60f6b7 · a60f6b7
1 parent 4db09a9
commit a60f6b7
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 92 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -146,6 +146,10 @@ OQS_CODEPOINT_X25519_KYBER512=65072  ./openssl/apps/openssl s_client -groups x25
 Along the same lines as the code points, X.509 OIDs may be subject to change
 prior to final standardization. The environment variables below permit
 adapting the OIDs of all supported signature algorithms as per the table below.
+OIDs denoted with NULL are not maintained and may lead to errors in code
+execution. Anyone interested in using an algorithm with such designation is
+requested to contribute to the maintenance of these OIDs along the lines
+discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351.
 
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
 |Algorithm name |    default OID    | enabled | environment variable |
@@ -228,58 +232,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li
 
 |Algorithm name |    default OID    | environment variable |
 |---------------|:-----------------:|----------------------|
-| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES
-| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES
-| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES
-| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE
-| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE
-| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE
-| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES
-| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES
-| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES
-| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE
-| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE
-| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE
-| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES
-| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES
-| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE
-| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE
+| frodo640aes | NULL | OQS_OID_FRODO640AES
+| p256_frodo640aes | NULL | OQS_OID_P256_FRODO640AES
+| x25519_frodo640aes | NULL | OQS_OID_X25519_FRODO640AES
+| frodo640shake | NULL | OQS_OID_FRODO640SHAKE
+| p256_frodo640shake | NULL | OQS_OID_P256_FRODO640SHAKE
+| x25519_frodo640shake | NULL | OQS_OID_X25519_FRODO640SHAKE
+| frodo976aes | NULL | OQS_OID_FRODO976AES
+| p384_frodo976aes | NULL | OQS_OID_P384_FRODO976AES
+| x448_frodo976aes | NULL | OQS_OID_X448_FRODO976AES
+| frodo976shake | NULL | OQS_OID_FRODO976SHAKE
+| p384_frodo976shake | NULL | OQS_OID_P384_FRODO976SHAKE
+| x448_frodo976shake | NULL | OQS_OID_X448_FRODO976SHAKE
+| frodo1344aes | NULL | OQS_OID_FRODO1344AES
+| p521_frodo1344aes | NULL | OQS_OID_P521_FRODO1344AES
+| frodo1344shake | NULL | OQS_OID_FRODO1344SHAKE
+| p521_frodo1344shake | NULL | OQS_OID_P521_FRODO1344SHAKE
 | kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512
-| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512
-| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512
+| p256_kyber512 | NULL | OQS_OID_P256_KYBER512
+| x25519_kyber512 | NULL | OQS_OID_X25519_KYBER512
 | kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768
-| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768
-| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768
-| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768
-| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768
+| p384_kyber768 | NULL | OQS_OID_P384_KYBER768
+| x448_kyber768 | NULL | OQS_OID_X448_KYBER768
+| x25519_kyber768 | NULL | OQS_OID_X25519_KYBER768
+| p256_kyber768 | NULL | OQS_OID_P256_KYBER768
 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024
-| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024
+| p521_kyber1024 | NULL | OQS_OID_P521_KYBER1024
 | mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512
 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512
 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512
 | mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768
-| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768
-| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768
-| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768
-| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768
+| p384_mlkem768 | NULL | OQS_OID_P384_MLKEM768
+| x448_mlkem768 | NULL | OQS_OID_X448_MLKEM768
+| x25519_mlkem768 | NULL | OQS_OID_X25519_MLKEM768
+| p256_mlkem768 | NULL | OQS_OID_P256_MLKEM768
 | mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024
-| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024
+| p521_mlkem1024 | NULL | OQS_OID_P521_MLKEM1024
 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024
-| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1
-| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1
-| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1
-| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3
-| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3
-| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3
-| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5
-| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5
-| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128
-| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128
-| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128
-| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192
-| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192
-| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192
-| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256
-| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256
+| bikel1 | NULL | OQS_OID_BIKEL1
+| p256_bikel1 | NULL | OQS_OID_P256_BIKEL1
+| x25519_bikel1 | NULL | OQS_OID_X25519_BIKEL1
+| bikel3 | NULL | OQS_OID_BIKEL3
+| p384_bikel3 | NULL | OQS_OID_P384_BIKEL3
+| x448_bikel3 | NULL | OQS_OID_X448_BIKEL3
+| bikel5 | NULL | OQS_OID_BIKEL5
+| p521_bikel5 | NULL | OQS_OID_P521_BIKEL5
+| hqc128 | NULL | OQS_OID_HQC128
+| p256_hqc128 | NULL | OQS_OID_P256_HQC128
+| x25519_hqc128 | NULL | OQS_OID_X25519_HQC128
+| hqc192 | NULL | OQS_OID_HQC192
+| p384_hqc192 | NULL | OQS_OID_P384_HQC192
+| x448_hqc192 | NULL | OQS_OID_X448_HQC192
+| hqc256 | NULL | OQS_OID_HQC256
+| p521_hqc256 | NULL | OQS_OID_P521_HQC256
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->
 
diff --git a/oqs-template/generate.py b/oqs-template/generate.py
@@ -93,9 +93,11 @@ def nist_to_bits(nistlevel):
       return None
 
 def get_tmp_kem_oid():
-   global kemoidcnt
-   kemoidcnt = kemoidcnt+1
-   return "1.3.9999.99."+str(kemoidcnt)
+   # doesn't work for runs on different files:
+   # global kemoidcnt
+   # kemoidcnt = kemoidcnt+1
+   # return "1.3.9999.99."+str(kemoidcnt)
+   return "NULL"
 
 def complete_config(config):
    for kem in config['kems']:

diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment
@@ -29,9 +29,17 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] =
 
 #ifdef OQS_KEM_ENCODERS
 {% for kem in config['kems'] %}
+{%- if kem['oid'] == "NULL" -%}
+NULL, "{{ kem['name_group'] }}",
+{%- else -%}
 "{{ kem['oid'] }}", "{{ kem['name_group'] }}",
+{%- endif -%}
 {%- for hybrid in kem['hybrids'] %}
+{%- if hybrid['hybrid_oid'] == "NULL" -%}
+NULL, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}",
+{%- else -%}
 "{{hybrid['hybrid_oid']}}", "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}",
+{%- endif -%}
 {%- endfor -%}
 {%- endfor %}
 

diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
@@ -58,58 +58,57 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities;
 const char *oqs_oid_alg_list[OQS_OID_CNT] = {
 
 #ifdef OQS_KEM_ENCODERS
-
-    "1.3.9999.99.17",
+    NULL,
     "frodo640aes",
-    "1.3.9999.99.16",
+    NULL,
     "p256_frodo640aes",
-    "1.3.9999.99.1",
+    NULL,
     "x25519_frodo640aes",
-    "1.3.9999.99.19",
+    NULL,
     "frodo640shake",
-    "1.3.9999.99.18",
+    NULL,
     "p256_frodo640shake",
-    "1.3.9999.99.2",
+    NULL,
     "x25519_frodo640shake",
-    "1.3.9999.99.21",
+    NULL,
     "frodo976aes",
-    "1.3.9999.99.20",
+    NULL,
     "p384_frodo976aes",
-    "1.3.9999.99.3",
+    NULL,
     "x448_frodo976aes",
-    "1.3.9999.99.23",
+    NULL,
     "frodo976shake",
-    "1.3.9999.99.22",
+    NULL,
     "p384_frodo976shake",
-    "1.3.9999.99.4",
+    NULL,
     "x448_frodo976shake",
-    "1.3.9999.99.25",
+    NULL,
     "frodo1344aes",
-    "1.3.9999.99.24",
+    NULL,
     "p521_frodo1344aes",
-    "1.3.9999.99.27",
+    NULL,
     "frodo1344shake",
-    "1.3.9999.99.26",
+    NULL,
     "p521_frodo1344shake",
     "1.3.6.1.4.1.2.267.8.2.2",
     "kyber512",
-    "1.3.9999.99.28",
+    NULL,
     "p256_kyber512",
-    "1.3.9999.99.5",
+    NULL,
     "x25519_kyber512",
     "1.3.6.1.4.1.2.267.8.3.3",
     "kyber768",
-    "1.3.9999.99.29",
+    NULL,
     "p384_kyber768",
-    "1.3.9999.99.6",
+    NULL,
     "x448_kyber768",
-    "1.3.9999.99.7",
+    NULL,
     "x25519_kyber768",
-    "1.3.9999.99.8",
+    NULL,
     "p256_kyber768",
     "1.3.6.1.4.1.2.267.8.4.4",
     "kyber1024",
-    "1.3.9999.99.30",
+    NULL,
     "p521_kyber1024",
     "2.16.840.1.101.3.4.4.1",
     "mlkem512",
@@ -119,51 +118,51 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = {
     "x25519_mlkem512",
     "2.16.840.1.101.3.4.4.2",
     "mlkem768",
-    "1.3.9999.99.31",
+    NULL,
     "p384_mlkem768",
-    "1.3.9999.99.9",
+    NULL,
     "x448_mlkem768",
-    "1.3.9999.99.10",
+    NULL,
     "x25519_mlkem768",
-    "1.3.9999.99.11",
+    NULL,
     "p256_mlkem768",
     "2.16.840.1.101.3.4.4.3",
     "mlkem1024",
-    "1.3.9999.99.32",
+    NULL,
     "p521_mlkem1024",
     "1.3.6.1.4.1.42235.6",
     "p384_mlkem1024",
-    "1.3.9999.99.34",
+    NULL,
     "bikel1",
-    "1.3.9999.99.33",
+    NULL,
     "p256_bikel1",
-    "1.3.9999.99.12",
+    NULL,
     "x25519_bikel1",
-    "1.3.9999.99.36",
+    NULL,
     "bikel3",
-    "1.3.9999.99.35",
+    NULL,
     "p384_bikel3",
-    "1.3.9999.99.13",
+    NULL,
     "x448_bikel3",
-    "1.3.9999.99.38",
+    NULL,
     "bikel5",
-    "1.3.9999.99.37",
+    NULL,
     "p521_bikel5",
-    "1.3.9999.99.40",
+    NULL,
     "hqc128",
-    "1.3.9999.99.39",
+    NULL,
     "p256_hqc128",
-    "1.3.9999.99.14",
+    NULL,
     "x25519_hqc128",
-    "1.3.9999.99.42",
+    NULL,
     "hqc192",
-    "1.3.9999.99.41",
+    NULL,
     "p384_hqc192",
-    "1.3.9999.99.15",
+    NULL,
     "x448_hqc192",
-    "1.3.9999.99.44",
+    NULL,
     "hqc256",
-    "1.3.9999.99.43",
+    NULL,
     "p521_hqc256",
 
 #endif /* OQS_KEM_ENCODERS */
@@ -1151,6 +1150,11 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
 
     // insert all OIDs to the global objects list
     for (i = 0; i < OQS_OID_CNT; i += 2) {
+        if (oqs_oid_alg_list[i] == NULL) {
+            OQS_PROV_PRINTF2("OQS PROV: Warning: No OID registered for %s\n",
+                             oqs_oid_alg_list[i + 1]);
+            break;
+        }
         if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1],
                           oqs_oid_alg_list[i + 1])) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);