diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 236cef8a..5969ee75 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -146,6 +146,10 @@ OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25 Along the same lines as the code points, X.509 OIDs may be subject to change prior to final standardization. The environment variables below permit adapting the OIDs of all supported signature algorithms as per the table below. +OIDs denoted with NULL are not maintained and may lead to errors in code +execution. Anyone interested in using an algorithm with such designation is +requested to contribute to the maintenance of these OIDs along the lines +discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351. |Algorithm name | default OID | enabled | environment variable | @@ -228,58 +232,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE +| frodo640aes | NULL | OQS_OID_FRODO640AES +| p256_frodo640aes | NULL | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | NULL | OQS_OID_X25519_FRODO640AES +| frodo640shake | NULL | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | NULL | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | NULL | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | NULL | OQS_OID_FRODO976AES +| p384_frodo976aes | NULL | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | NULL | OQS_OID_X448_FRODO976AES +| frodo976shake | NULL | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | NULL | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | NULL | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | NULL | OQS_OID_FRODO1344AES +| p521_frodo1344aes | NULL | OQS_OID_P521_FRODO1344AES +| frodo1344shake | NULL | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | NULL | OQS_OID_P521_FRODO1344SHAKE | kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512 -| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512 -| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512 +| p256_kyber512 | NULL | OQS_OID_P256_KYBER512 +| x25519_kyber512 | NULL | OQS_OID_X25519_KYBER512 | kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768 +| p384_kyber768 | NULL | OQS_OID_P384_KYBER768 +| x448_kyber768 | NULL | OQS_OID_X448_KYBER768 +| x25519_kyber768 | NULL | OQS_OID_X25519_KYBER768 +| p256_kyber768 | NULL | OQS_OID_P256_KYBER768 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024 +| p521_kyber1024 | NULL | OQS_OID_P521_KYBER1024 | mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 | mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768 -| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768 -| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768 -| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768 -| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768 +| p384_mlkem768 | NULL | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | NULL | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | NULL | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | NULL | OQS_OID_P256_MLKEM768 | mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024 -| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024 +| p521_mlkem1024 | NULL | OQS_OID_P521_MLKEM1024 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 -| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256 +| bikel1 | NULL | OQS_OID_BIKEL1 +| p256_bikel1 | NULL | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | NULL | OQS_OID_X25519_BIKEL1 +| bikel3 | NULL | OQS_OID_BIKEL3 +| p384_bikel3 | NULL | OQS_OID_P384_BIKEL3 +| x448_bikel3 | NULL | OQS_OID_X448_BIKEL3 +| bikel5 | NULL | OQS_OID_BIKEL5 +| p521_bikel5 | NULL | OQS_OID_P521_BIKEL5 +| hqc128 | NULL | OQS_OID_HQC128 +| p256_hqc128 | NULL | OQS_OID_P256_HQC128 +| x25519_hqc128 | NULL | OQS_OID_X25519_HQC128 +| hqc192 | NULL | OQS_OID_HQC192 +| p384_hqc192 | NULL | OQS_OID_P384_HQC192 +| x448_hqc192 | NULL | OQS_OID_X448_HQC192 +| hqc256 | NULL | OQS_OID_HQC256 +| p521_hqc256 | NULL | OQS_OID_P521_HQC256 diff --git a/oqs-template/generate.py b/oqs-template/generate.py index b36433ff..e6091874 100644 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -93,9 +93,11 @@ def nist_to_bits(nistlevel): return None def get_tmp_kem_oid(): - global kemoidcnt - kemoidcnt = kemoidcnt+1 - return "1.3.9999.99."+str(kemoidcnt) + # doesn't work for runs on different files: + # global kemoidcnt + # kemoidcnt = kemoidcnt+1 + # return "1.3.9999.99."+str(kemoidcnt) + return "NULL" def complete_config(config): for kem in config['kems']: diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment index 21af9c85..2012d8b0 100644 --- a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment +++ b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment @@ -29,9 +29,17 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] = #ifdef OQS_KEM_ENCODERS {% for kem in config['kems'] %} +{%- if kem['oid'] == "NULL" -%} +NULL, "{{ kem['name_group'] }}", +{%- else -%} "{{ kem['oid'] }}", "{{ kem['name_group'] }}", +{%- endif -%} {%- for hybrid in kem['hybrids'] %} +{%- if hybrid['hybrid_oid'] == "NULL" -%} +NULL, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", +{%- else -%} "{{hybrid['hybrid_oid']}}", "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", +{%- endif -%} {%- endfor -%} {%- endfor %} diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b95a1741..2a02899c 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -58,58 +58,57 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; const char *oqs_oid_alg_list[OQS_OID_CNT] = { #ifdef OQS_KEM_ENCODERS - - "1.3.9999.99.17", + NULL, "frodo640aes", - "1.3.9999.99.16", + NULL, "p256_frodo640aes", - "1.3.9999.99.1", + NULL, "x25519_frodo640aes", - "1.3.9999.99.19", + NULL, "frodo640shake", - "1.3.9999.99.18", + NULL, "p256_frodo640shake", - "1.3.9999.99.2", + NULL, "x25519_frodo640shake", - "1.3.9999.99.21", + NULL, "frodo976aes", - "1.3.9999.99.20", + NULL, "p384_frodo976aes", - "1.3.9999.99.3", + NULL, "x448_frodo976aes", - "1.3.9999.99.23", + NULL, "frodo976shake", - "1.3.9999.99.22", + NULL, "p384_frodo976shake", - "1.3.9999.99.4", + NULL, "x448_frodo976shake", - "1.3.9999.99.25", + NULL, "frodo1344aes", - "1.3.9999.99.24", + NULL, "p521_frodo1344aes", - "1.3.9999.99.27", + NULL, "frodo1344shake", - "1.3.9999.99.26", + NULL, "p521_frodo1344shake", "1.3.6.1.4.1.2.267.8.2.2", "kyber512", - "1.3.9999.99.28", + NULL, "p256_kyber512", - "1.3.9999.99.5", + NULL, "x25519_kyber512", "1.3.6.1.4.1.2.267.8.3.3", "kyber768", - "1.3.9999.99.29", + NULL, "p384_kyber768", - "1.3.9999.99.6", + NULL, "x448_kyber768", - "1.3.9999.99.7", + NULL, "x25519_kyber768", - "1.3.9999.99.8", + NULL, "p256_kyber768", "1.3.6.1.4.1.2.267.8.4.4", "kyber1024", - "1.3.9999.99.30", + NULL, "p521_kyber1024", "2.16.840.1.101.3.4.4.1", "mlkem512", @@ -119,51 +118,51 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_mlkem512", "2.16.840.1.101.3.4.4.2", "mlkem768", - "1.3.9999.99.31", + NULL, "p384_mlkem768", - "1.3.9999.99.9", + NULL, "x448_mlkem768", - "1.3.9999.99.10", + NULL, "x25519_mlkem768", - "1.3.9999.99.11", + NULL, "p256_mlkem768", "2.16.840.1.101.3.4.4.3", "mlkem1024", - "1.3.9999.99.32", + NULL, "p521_mlkem1024", "1.3.6.1.4.1.42235.6", "p384_mlkem1024", - "1.3.9999.99.34", + NULL, "bikel1", - "1.3.9999.99.33", + NULL, "p256_bikel1", - "1.3.9999.99.12", + NULL, "x25519_bikel1", - "1.3.9999.99.36", + NULL, "bikel3", - "1.3.9999.99.35", + NULL, "p384_bikel3", - "1.3.9999.99.13", + NULL, "x448_bikel3", - "1.3.9999.99.38", + NULL, "bikel5", - "1.3.9999.99.37", + NULL, "p521_bikel5", - "1.3.9999.99.40", + NULL, "hqc128", - "1.3.9999.99.39", + NULL, "p256_hqc128", - "1.3.9999.99.14", + NULL, "x25519_hqc128", - "1.3.9999.99.42", + NULL, "hqc192", - "1.3.9999.99.41", + NULL, "p384_hqc192", - "1.3.9999.99.15", + NULL, "x448_hqc192", - "1.3.9999.99.44", + NULL, "hqc256", - "1.3.9999.99.43", + NULL, "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ @@ -1151,6 +1150,11 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle, // insert all OIDs to the global objects list for (i = 0; i < OQS_OID_CNT; i += 2) { + if (oqs_oid_alg_list[i] == NULL) { + OQS_PROV_PRINTF2("OQS PROV: Warning: No OID registered for %s\n", + oqs_oid_alg_list[i + 1]); + break; + } if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1], oqs_oid_alg_list[i + 1])) { ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);