diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 8f52bc4e..07fc6457 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -75,10 +75,23 @@ As standardization for these algorithms within TLS is not done, all TLS code poi | mldsa44 | 0xfed0 |Yes| OQS_CODEPOINT_MLDSA44 | p256_mldsa44 | 0xfed3 |Yes| OQS_CODEPOINT_P256_MLDSA44 | rsa3072_mldsa44 | 0xfed4 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44 +| mldsa44_pss2048 | 0xfee1 |Yes| OQS_CODEPOINT_MLDSA44_pss2048 +| mldsa44_rsa2048 | 0xfee2 |Yes| OQS_CODEPOINT_MLDSA44_rsa2048 +| mldsa44_ed25519 | 0xfee3 |Yes| OQS_CODEPOINT_MLDSA44_ed25519 +| mldsa44_p256 | 0xfee4 |Yes| OQS_CODEPOINT_MLDSA44_p256 +| mldsa44_bp256 | 0xfee5 |Yes| OQS_CODEPOINT_MLDSA44_bp256 | mldsa65 | 0xfed1 |Yes| OQS_CODEPOINT_MLDSA65 | p384_mldsa65 | 0xfed5 |Yes| OQS_CODEPOINT_P384_MLDSA65 +| mldsa65_pss3072 | 0xfee6 |Yes| OQS_CODEPOINT_MLDSA65_pss3072 +| mldsa65_rsa3072 | 0xfee7 |Yes| OQS_CODEPOINT_MLDSA65_rsa3072 +| mldsa65_p256 | 0xfee8 |Yes| OQS_CODEPOINT_MLDSA65_p256 +| mldsa65_bp256 | 0xfee9 |Yes| OQS_CODEPOINT_MLDSA65_bp256 +| mldsa65_ed25519 | 0xfeea |Yes| OQS_CODEPOINT_MLDSA65_ed25519 | mldsa87 | 0xfed2 |Yes| OQS_CODEPOINT_MLDSA87 | p521_mldsa87 | 0xfed6 |Yes| OQS_CODEPOINT_P521_MLDSA87 +| mldsa87_p384 | 0xfeeb |Yes| OQS_CODEPOINT_MLDSA87_p384 +| mldsa87_bp384 | 0xfeec |Yes| OQS_CODEPOINT_MLDSA87_bp384 +| mldsa87_ed448 | 0xfeed |Yes| OQS_CODEPOINT_MLDSA87_ed448 | falcon512 | 0xfed7 |Yes| OQS_CODEPOINT_FALCON512 | p256_falcon512 | 0xfed8 |Yes| OQS_CODEPOINT_P256_FALCON512 | rsa3072_falcon512 | 0xfed9 |Yes| OQS_CODEPOINT_RSA3072_FALCON512 diff --git a/STANDARDS.md b/STANDARDS.md index 199e1445..0e47ee24 100644 --- a/STANDARDS.md +++ b/STANDARDS.md @@ -26,6 +26,6 @@ components, this provider implements the following standards: - Hybrid post-quantum / traditional private keys: - Simple concatenation of traditional and post-quantum components in plain binary / OCTET_STRING representations. -- For composite signatures, the implementation follows [this IETF draft](https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/) (version 13). Note that only those PQ algorithms denoted with the marker "composite" in [oqs-template/generate.yml](oqs-template/generate.yml) are provided with composite variants and not all. +- For composite signatures, the implementation follows [this IETF draft](https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/) (version 02). Note that only those PQ algorithms denoted with the marker "composite" in [oqs-template/generate.yml](oqs-template/generate.yml) are provided with composite variants and not all. Note: Please heed the [documentation on the enablement of KEM encoders](CONFIGURE.md#oqs_kem_encoders) via PKCS#8 and X.509. diff --git a/oqs-template/ALGORITHMS.md/ids.fragment b/oqs-template/ALGORITHMS.md/ids.fragment index 788c8994..64e3bfc1 100644 --- a/oqs-template/ALGORITHMS.md/ids.fragment +++ b/oqs-template/ALGORITHMS.md/ids.fragment @@ -13,6 +13,9 @@ {%- for classical_alg in variant['mix_with'] %} | {{ classical_alg['name'] }}_{{variant['name']}} | {{ classical_alg['code_point'] }} | {%- if variant['enable'] -%} Yes {%- else -%} No {%- endif -%} | OQS_CODEPOINT_{{ classical_alg['name']|upper }}_{{ variant['name']|upper }} {%- endfor %} + {%- for composite_alg in variant['composite'] %} +| {{variant['name']}}_{{ composite_alg['name'] }} | {{ composite_alg['code_point'] }} | {%- if variant['enable'] -%} Yes {%- else -%} No {%- endif -%} | OQS_CODEPOINT_{{ variant['name']|upper }}_{{ composite_alg['name'] }} + {%- endfor %} {%- endfor %} {%- endfor %} diff --git a/oqs-template/generate_oid_nid_table.py b/oqs-template/generate_oid_nid_table.py index 71fa98a5..27b6ad24 100644 --- a/oqs-template/generate_oid_nid_table.py +++ b/oqs-template/generate_oid_nid_table.py @@ -51,6 +51,13 @@ def gen_sig_table(oqslibdocdir): claimed_nist_level, hybrid['code_point'], hybrid['oid']]) + for composite in variant['composite']: + table.append([variant['name'] + ' **composite with** ' + composite['name'], + liboqs_sigs[sig['family']]['spec-version'], + str(liboqs_sigs[sig['family']]['nist-round']), + claimed_nist_level, + composite['code_point'], + composite['oid']]) except KeyError as ke: # Non-existant NIDs mean this alg is not supported any more pass diff --git a/oqs-template/oqs-sig-info.md b/oqs-template/oqs-sig-info.md index 1d296738..58f0f123 100644 --- a/oqs-template/oqs-sig-info.md +++ b/oqs-template/oqs-sig-info.md @@ -1,179 +1,192 @@ -| Algorithm | Implementation Version | NIST round | Claimed NIST Level | Code Point | OID | -|:--------------------------------------------------|:------------------------------------------------|:-------------|---------------------:|:-------------|:-------------------------| -| CROSSrsdp128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef6 | 1.3.6.1.4.1.62245.2.1.1 | -| CROSSrsdp128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef7 | 1.3.6.1.4.1.62245.2.1.2 | -| CROSSrsdp128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef8 | 1.3.6.1.4.1.62245.2.1.3 | -| CROSSrsdp192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfef9 | 1.3.6.1.4.1.62245.2.1.4 | -| CROSSrsdp192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefa | 1.3.6.1.4.1.62245.2.1.5 | -| CROSSrsdp192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefb | 1.3.6.1.4.1.62245.2.1.6 | -| CROSSrsdp256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xfefc | 1.3.6.1.4.1.62245.2.1.9 | -| CROSSrsdpg128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefd | 1.3.6.1.4.1.62245.2.1.10 | -| CROSSrsdpg128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefe | 1.3.6.1.4.1.62245.2.1.11 | -| CROSSrsdpg128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfeff | 1.3.6.1.4.1.62245.2.1.12 | -| CROSSrsdpg192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff00 | 1.3.6.1.4.1.62245.2.1.13 | -| CROSSrsdpg192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff01 | 1.3.6.1.4.1.62245.2.1.14 | -| CROSSrsdpg192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff02 | 1.3.6.1.4.1.62245.2.1.15 | -| CROSSrsdpg256balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff03 | 1.3.6.1.4.1.62245.2.1.16 | -| CROSSrsdpg256fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff04 | 1.3.6.1.4.1.62245.2.1.17 | -| CROSSrsdpg256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff05 | 1.3.6.1.4.1.62245.2.1.18 | -| dilithium2 | 3.1 | 3 | 2 | 0xfea0 | 1.3.6.1.4.1.2.267.7.4.4 | -| dilithium2 **hybrid with** p256 | 3.1 | 3 | 2 | 0xfea1 | 1.3.9999.2.7.1 | -| dilithium2 **hybrid with** rsa3072 | 3.1 | 3 | 2 | 0xfea2 | 1.3.9999.2.7.2 | -| dilithium3 | 3.1 | 3 | 3 | 0xfea3 | 1.3.6.1.4.1.2.267.7.6.5 | -| dilithium3 **hybrid with** p384 | 3.1 | 3 | 3 | 0xfea4 | 1.3.9999.2.7.3 | -| dilithium5 | 3.1 | 3 | 5 | 0xfea5 | 1.3.6.1.4.1.2.267.7.8.7 | -| dilithium5 **hybrid with** p521 | 3.1 | 3 | 5 | 0xfea6 | 1.3.9999.2.7.4 | -| dilithium2_aes | NIST Round 3 submission | 3 | 2 | 0xfea7 | 1.3.6.1.4.1.2.267.11.4.4 | -| dilithium2_aes **hybrid with** p256 | NIST Round 3 submission | 3 | 2 | 0xfea8 | 1.3.9999.2.11.1 | -| dilithium2_aes **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 2 | 0xfea9 | 1.3.9999.2.11.2 | -| dilithium3_aes | NIST Round 3 submission | 3 | 3 | 0xfeaa | 1.3.6.1.4.1.2.267.11.6.5 | -| dilithium3_aes **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfeab | 1.3.9999.2.11.3 | -| dilithium5_aes | NIST Round 3 submission | 3 | 5 | 0xfeac | 1.3.6.1.4.1.2.267.11.8.7 | -| dilithium5_aes **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfead | 1.3.9999.2.11.4 | -| falcon512 | 20211101 | 3 | 1 | 0xfed7 | 1.3.9999.3.11 | -| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfed8 | 1.3.9999.3.12 | -| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfed9 | 1.3.9999.3.13 | -| falcon512 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | -| falcon512 **hybrid with** p256 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | -| falcon512 **hybrid with** rsa3072 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | -| falcon512 | NIST Round 3 submission | 3 | 1 | 0xfe0b | 1.3.9999.3.1 | -| falcon512 **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe0c | 1.3.9999.3.2 | -| falcon512 **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe0d | 1.3.9999.3.3 | -| falconpadded512 | 20211101 | 3 | 1 | 0xfedc | 1.3.9999.3.16 | -| falconpadded512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfedd | 1.3.9999.3.17 | -| falconpadded512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfede | 1.3.9999.3.18 | -| falcon1024 | 20211101 | 3 | 5 | 0xfeda | 1.3.9999.3.14 | -| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfedb | 1.3.9999.3.15 | -| falcon1024 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | -| falcon1024 **hybrid with** p521 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | -| falcon1024 | NIST Round 3 submission | 3 | 5 | 0xfe0e | 1.3.9999.3.4 | -| falcon1024 **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe0f | 1.3.9999.3.5 | -| falconpadded1024 | 20211101 | 3 | 5 | 0xfedf | 1.3.9999.3.19 | -| falconpadded1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfee0 | 1.3.9999.3.20 | -| mayo1 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfeee | 1.3.9999.8.1.1 | -| mayo1 **hybrid with** p256 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfef2 | 1.3.9999.8.1.2 | -| mayo2 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfeef | 1.3.9999.8.2.1 | -| mayo2 **hybrid with** p256 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfef3 | 1.3.9999.8.2.2 | -| mayo3 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 3 | 0xfef0 | 1.3.9999.8.3.1 | -| mayo3 **hybrid with** p384 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 3 | 0xfef4 | 1.3.9999.8.3.2 | -| mayo5 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 5 | 0xfef1 | 1.3.9999.8.5.1 | -| mayo5 **hybrid with** p521 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 5 | 0xfef5 | 1.3.9999.8.5.2 | -| mldsa44 | ML-DSA-ipd | ipd | 1 | 0xfed0 | 1.3.6.1.4.1.2.267.12.4.4 | -| mldsa44 **hybrid with** p256 | ML-DSA-ipd | ipd | 1 | 0xfed3 | 1.3.9999.7.1 | -| mldsa44 **hybrid with** rsa3072 | ML-DSA-ipd | ipd | 1 | 0xfed4 | 1.3.9999.7.2 | -| mldsa65 | ML-DSA-ipd | ipd | 3 | 0xfed1 | 1.3.6.1.4.1.2.267.12.6.5 | -| mldsa65 **hybrid with** p384 | ML-DSA-ipd | ipd | 3 | 0xfed5 | 1.3.9999.7.3 | -| mldsa87 | ML-DSA-ipd | ipd | 5 | 0xfed2 | 1.3.6.1.4.1.2.267.12.8.7 | -| mldsa87 **hybrid with** p521 | ML-DSA-ipd | ipd | 5 | 0xfed6 | 1.3.9999.7.4 | -| sphincsharaka128frobust | NIST Round 3 submission | 3 | 1 | 0xfe42 | 1.3.9999.6.1.1 | -| sphincsharaka128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe43 | 1.3.9999.6.1.2 | -| sphincsharaka128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe44 | 1.3.9999.6.1.3 | -| sphincsharaka128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe45 | 1.3.9999.6.1.4 | -| sphincsharaka128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe46 | 1.3.9999.6.1.5 | -| sphincsharaka128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe47 | 1.3.9999.6.1.6 | -| sphincsharaka128srobust | NIST Round 3 submission | 3 | 1 | 0xfe48 | 1.3.9999.6.1.7 | -| sphincsharaka128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe49 | 1.3.9999.6.1.8 | -| sphincsharaka128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4a | 1.3.9999.6.1.9 | -| sphincsharaka128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe4b | 1.3.9999.6.1.10 | -| sphincsharaka128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe4c | 1.3.9999.6.1.11 | -| sphincsharaka128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4d | 1.3.9999.6.1.12 | -| sphincsharaka192frobust | NIST Round 3 submission | 3 | 3 | 0xfe4e | 1.3.9999.6.2.1 | -| sphincsharaka192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe4f | 1.3.9999.6.2.2 | -| sphincsharaka192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe50 | 1.3.9999.6.2.3 | -| sphincsharaka192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe51 | 1.3.9999.6.2.4 | -| sphincsharaka192srobust | NIST Round 3 submission | 3 | 3 | 0xfe52 | 1.3.9999.6.2.5 | -| sphincsharaka192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe53 | 1.3.9999.6.2.6 | -| sphincsharaka192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe54 | 1.3.9999.6.2.7 | -| sphincsharaka192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe55 | 1.3.9999.6.2.8 | -| sphincsharaka256frobust | NIST Round 3 submission | 3 | 3 | 0xfe56 | 1.3.9999.6.3.1 | -| sphincsharaka256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 3 | 0xfe57 | 1.3.9999.6.3.2 | -| sphincsharaka256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe58 | 1.3.9999.6.3.3 | -| sphincsharaka256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe59 | 1.3.9999.6.3.4 | -| sphincsharaka256srobust | NIST Round 3 submission | 3 | 5 | 0xfe5a | 1.3.9999.6.3.5 | -| sphincsharaka256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5b | 1.3.9999.6.3.6 | -| sphincsharaka256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe5c | 1.3.9999.6.3.7 | -| sphincsharaka256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5d | 1.3.9999.6.3.8 | -| sphincssha26128frobust | NIST Round 3 submission | 3 | 5 | 0xfe5e | 1.3.9999.6.4.1 | -| sphincssha26128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe5f | 1.3.9999.6.4.2 | -| sphincssha26128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe60 | 1.3.9999.6.4.3 | -| sphincssha2128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb3 | 1.3.9999.6.4.13 | -| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb4 | 1.3.9999.6.4.14 | -| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb5 | 1.3.9999.6.4.15 | -| sphincssha2128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe61 | 1.3.9999.6.4.4 | -| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe62 | 1.3.9999.6.4.5 | -| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe63 | 1.3.9999.6.4.6 | -| sphincssha256128srobust | NIST Round 3 submission | 3 | 5 | 0xfe64 | 1.3.9999.6.4.7 | -| sphincssha256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe65 | 1.3.9999.6.4.8 | -| sphincssha256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe66 | 1.3.9999.6.4.9 | -| sphincssha2128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb6 | 1.3.9999.6.4.16 | -| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb7 | 1.3.9999.6.4.17 | -| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb8 | 1.3.9999.6.4.18 | -| sphincssha2128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe67 | 1.3.9999.6.4.10 | -| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe68 | 1.3.9999.6.4.11 | -| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe69 | 1.3.9999.6.4.12 | -| sphincssha256192frobust | NIST Round 3 submission | 3 | 5 | 0xfe6a | 1.3.9999.6.5.1 | -| sphincssha256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6b | 1.3.9999.6.5.2 | -| sphincssha2192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeb9 | 1.3.9999.6.5.10 | -| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeba | 1.3.9999.6.5.11 | -| sphincssha2192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe6c | 1.3.9999.6.5.3 | -| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe6d | 1.3.9999.6.5.4 | -| sphincssha256192srobust | NIST Round 3 submission | 3 | 5 | 0xfe6e | 1.3.9999.6.5.5 | -| sphincssha256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6f | 1.3.9999.6.5.6 | -| sphincssha2192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebb | 1.3.9999.6.5.12 | -| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebc | 1.3.9999.6.5.13 | -| sphincssha2192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe70 | 1.3.9999.6.5.7 | -| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe71 | 1.3.9999.6.5.8 | -| sphincssha256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe72 | 1.3.9999.6.6.1 | -| sphincssha256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe73 | 1.3.9999.6.6.2 | -| sphincssha2256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebd | 1.3.9999.6.6.10 | -| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebe | 1.3.9999.6.6.11 | -| sphincssha2256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe74 | 1.3.9999.6.6.3 | -| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe75 | 1.3.9999.6.6.4 | -| sphincssha256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe76 | 1.3.9999.6.6.5 | -| sphincssha256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe77 | 1.3.9999.6.6.6 | -| sphincssha2256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec0 | 1.3.9999.6.6.12 | -| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec1 | 1.3.9999.6.6.13 | -| sphincssha2256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe78 | 1.3.9999.6.6.7 | -| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe79 | 1.3.9999.6.6.8 | -| sphincsshake256128frobust | NIST Round 3 submission | 3 | 1 | 0xfe7a | 1.3.9999.6.7.1 | -| sphincsshake256128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7b | 1.3.9999.6.7.2 | -| sphincsshake256128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7c | 1.3.9999.6.7.3 | -| sphincsshake128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec2 | 1.3.9999.6.7.13 | -| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec3 | 1.3.9999.6.7.14 | -| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec4 | 1.3.9999.6.7.15 | -| sphincsshake128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe7d | 1.3.9999.6.7.4 | -| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7e | 1.3.9999.6.7.5 | -| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7f | 1.3.9999.6.7.6 | -| sphincsshake256128srobust | NIST Round 3 submission | 3 | 1 | 0xfe80 | 1.3.9999.6.7.7 | -| sphincsshake256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe81 | 1.3.9999.6.7.8 | -| sphincsshake256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe82 | 1.3.9999.6.7.9 | -| sphincsshake128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec5 | 1.3.9999.6.7.16 | -| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec6 | 1.3.9999.6.7.17 | -| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec7 | 1.3.9999.6.7.18 | -| sphincsshake128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe83 | 1.3.9999.6.7.10 | -| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe84 | 1.3.9999.6.7.11 | -| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe85 | 1.3.9999.6.7.12 | -| sphincsshake256192frobust | NIST Round 3 submission | 3 | 3 | 0xfe86 | 1.3.9999.6.8.1 | -| sphincsshake256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe87 | 1.3.9999.6.8.2 | -| sphincsshake192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec8 | 1.3.9999.6.8.10 | -| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec9 | 1.3.9999.6.8.11 | -| sphincsshake192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe88 | 1.3.9999.6.8.3 | -| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe89 | 1.3.9999.6.8.4 | -| sphincsshake256192srobust | NIST Round 3 submission | 3 | 3 | 0xfe8a | 1.3.9999.6.8.5 | -| sphincsshake256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8b | 1.3.9999.6.8.6 | -| sphincsshake192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeca | 1.3.9999.6.8.12 | -| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfecb | 1.3.9999.6.8.13 | -| sphincsshake192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe8c | 1.3.9999.6.8.7 | -| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8d | 1.3.9999.6.8.8 | -| sphincsshake256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe8e | 1.3.9999.6.9.1 | -| sphincsshake256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe8f | 1.3.9999.6.9.2 | -| sphincsshake256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecc | 1.3.9999.6.9.10 | -| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecd | 1.3.9999.6.9.11 | -| sphincsshake256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe90 | 1.3.9999.6.9.3 | -| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe91 | 1.3.9999.6.9.4 | -| sphincsshake256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe92 | 1.3.9999.6.9.5 | -| sphincsshake256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe93 | 1.3.9999.6.9.6 | -| sphincsshake256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfece | 1.3.9999.6.9.12 | -| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecf | 1.3.9999.6.9.13 | -| sphincsshake256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe94 | 1.3.9999.6.9.7 | -| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe95 | 1.3.9999.6.9.8 | \ No newline at end of file +| Algorithm | Implementation Version | NIST round | Claimed NIST Level | Code Point | OID | +|:--------------------------------------------------|:------------------------------------------------|:-------------|---------------------:|:-------------|:----------------------------| +| CROSSrsdp128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef6 | 1.3.6.1.4.1.62245.2.1.1 | +| CROSSrsdp128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef7 | 1.3.6.1.4.1.62245.2.1.2 | +| CROSSrsdp128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfef8 | 1.3.6.1.4.1.62245.2.1.3 | +| CROSSrsdp192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfef9 | 1.3.6.1.4.1.62245.2.1.4 | +| CROSSrsdp192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefa | 1.3.6.1.4.1.62245.2.1.5 | +| CROSSrsdp192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xfefb | 1.3.6.1.4.1.62245.2.1.6 | +| CROSSrsdp256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xfefc | 1.3.6.1.4.1.62245.2.1.9 | +| CROSSrsdpg128balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefd | 1.3.6.1.4.1.62245.2.1.10 | +| CROSSrsdpg128fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfefe | 1.3.6.1.4.1.62245.2.1.11 | +| CROSSrsdpg128small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 1 | 0xfeff | 1.3.6.1.4.1.62245.2.1.12 | +| CROSSrsdpg192balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff00 | 1.3.6.1.4.1.62245.2.1.13 | +| CROSSrsdpg192fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff01 | 1.3.6.1.4.1.62245.2.1.14 | +| CROSSrsdpg192small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 3 | 0xff02 | 1.3.6.1.4.1.62245.2.1.15 | +| CROSSrsdpg256balanced | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff03 | 1.3.6.1.4.1.62245.2.1.16 | +| CROSSrsdpg256fast | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff04 | 1.3.6.1.4.1.62245.2.1.17 | +| CROSSrsdpg256small | 1.2 + Keccak_x4 + PQClean fixes | 1 | 5 | 0xff05 | 1.3.6.1.4.1.62245.2.1.18 | +| dilithium2 | 3.1 | 3 | 2 | 0xfea0 | 1.3.6.1.4.1.2.267.7.4.4 | +| dilithium2 **hybrid with** p256 | 3.1 | 3 | 2 | 0xfea1 | 1.3.9999.2.7.1 | +| dilithium2 **hybrid with** rsa3072 | 3.1 | 3 | 2 | 0xfea2 | 1.3.9999.2.7.2 | +| dilithium3 | 3.1 | 3 | 3 | 0xfea3 | 1.3.6.1.4.1.2.267.7.6.5 | +| dilithium3 **hybrid with** p384 | 3.1 | 3 | 3 | 0xfea4 | 1.3.9999.2.7.3 | +| dilithium5 | 3.1 | 3 | 5 | 0xfea5 | 1.3.6.1.4.1.2.267.7.8.7 | +| dilithium5 **hybrid with** p521 | 3.1 | 3 | 5 | 0xfea6 | 1.3.9999.2.7.4 | +| dilithium2_aes | NIST Round 3 submission | 3 | 2 | 0xfea7 | 1.3.6.1.4.1.2.267.11.4.4 | +| dilithium2_aes **hybrid with** p256 | NIST Round 3 submission | 3 | 2 | 0xfea8 | 1.3.9999.2.11.1 | +| dilithium2_aes **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 2 | 0xfea9 | 1.3.9999.2.11.2 | +| dilithium3_aes | NIST Round 3 submission | 3 | 3 | 0xfeaa | 1.3.6.1.4.1.2.267.11.6.5 | +| dilithium3_aes **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfeab | 1.3.9999.2.11.3 | +| dilithium5_aes | NIST Round 3 submission | 3 | 5 | 0xfeac | 1.3.6.1.4.1.2.267.11.8.7 | +| dilithium5_aes **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfead | 1.3.9999.2.11.4 | +| falcon512 | 20211101 | 3 | 1 | 0xfed7 | 1.3.9999.3.11 | +| falcon512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfed8 | 1.3.9999.3.12 | +| falcon512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfed9 | 1.3.9999.3.13 | +| falcon512 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeae | 1.3.9999.3.6 | +| falcon512 **hybrid with** p256 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeaf | 1.3.9999.3.7 | +| falcon512 **hybrid with** rsa3072 | PQClean Round 3 version labelled 20211101 | 3 | 1 | 0xfeb0 | 1.3.9999.3.8 | +| falcon512 | NIST Round 3 submission | 3 | 1 | 0xfe0b | 1.3.9999.3.1 | +| falcon512 **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe0c | 1.3.9999.3.2 | +| falcon512 **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe0d | 1.3.9999.3.3 | +| falconpadded512 | 20211101 | 3 | 1 | 0xfedc | 1.3.9999.3.16 | +| falconpadded512 **hybrid with** p256 | 20211101 | 3 | 1 | 0xfedd | 1.3.9999.3.17 | +| falconpadded512 **hybrid with** rsa3072 | 20211101 | 3 | 1 | 0xfede | 1.3.9999.3.18 | +| falcon1024 | 20211101 | 3 | 5 | 0xfeda | 1.3.9999.3.14 | +| falcon1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfedb | 1.3.9999.3.15 | +| falcon1024 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb1 | 1.3.9999.3.9 | +| falcon1024 **hybrid with** p521 | PQClean Round 3 version labelled 20211101 | 3 | 5 | 0xfeb2 | 1.3.9999.3.10 | +| falcon1024 | NIST Round 3 submission | 3 | 5 | 0xfe0e | 1.3.9999.3.4 | +| falcon1024 **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe0f | 1.3.9999.3.5 | +| falconpadded1024 | 20211101 | 3 | 5 | 0xfedf | 1.3.9999.3.19 | +| falconpadded1024 **hybrid with** p521 | 20211101 | 3 | 5 | 0xfee0 | 1.3.9999.3.20 | +| mayo1 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfeee | 1.3.9999.8.1.1 | +| mayo1 **hybrid with** p256 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfef2 | 1.3.9999.8.1.2 | +| mayo2 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfeef | 1.3.9999.8.2.1 | +| mayo2 **hybrid with** p256 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 1 | 0xfef3 | 1.3.9999.8.2.2 | +| mayo3 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 3 | 0xfef0 | 1.3.9999.8.3.1 | +| mayo3 **hybrid with** p384 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 3 | 0xfef4 | 1.3.9999.8.3.2 | +| mayo5 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 5 | 0xfef1 | 1.3.9999.8.5.1 | +| mayo5 **hybrid with** p521 | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1 | 5 | 0xfef5 | 1.3.9999.8.5.2 | +| mldsa44 | ML-DSA-ipd | ipd | 1 | 0xfed0 | 1.3.6.1.4.1.2.267.12.4.4 | +| mldsa44 **hybrid with** p256 | ML-DSA-ipd | ipd | 1 | 0xfed3 | 1.3.9999.7.1 | +| mldsa44 **hybrid with** rsa3072 | ML-DSA-ipd | ipd | 1 | 0xfed4 | 1.3.9999.7.2 | +| mldsa44 **composite with** pss2048 | ML-DSA-ipd | ipd | 1 | 0xfee1 | 2.16.840.1.114027.80.8.1.1 | +| mldsa44 **composite with** rsa2048 | ML-DSA-ipd | ipd | 1 | 0xfee2 | 2.16.840.1.114027.80.8.1.2 | +| mldsa44 **composite with** ed25519 | ML-DSA-ipd | ipd | 1 | 0xfee3 | 2.16.840.1.114027.80.8.1.3 | +| mldsa44 **composite with** p256 | ML-DSA-ipd | ipd | 1 | 0xfee4 | 2.16.840.1.114027.80.8.1.4 | +| mldsa44 **composite with** bp256 | ML-DSA-ipd | ipd | 1 | 0xfee5 | 2.16.840.1.114027.80.8.1.5 | +| mldsa65 | ML-DSA-ipd | ipd | 3 | 0xfed1 | 1.3.6.1.4.1.2.267.12.6.5 | +| mldsa65 **hybrid with** p384 | ML-DSA-ipd | ipd | 3 | 0xfed5 | 1.3.9999.7.3 | +| mldsa65 **composite with** pss3072 | ML-DSA-ipd | ipd | 3 | 0xfee6 | 2.16.840.1.114027.80.8.1.6 | +| mldsa65 **composite with** rsa3072 | ML-DSA-ipd | ipd | 3 | 0xfee7 | 2.16.840.1.114027.80.8.1.7 | +| mldsa65 **composite with** p256 | ML-DSA-ipd | ipd | 3 | 0xfee8 | 2.16.840.1.114027.80.8.1.8 | +| mldsa65 **composite with** bp256 | ML-DSA-ipd | ipd | 3 | 0xfee9 | 2.16.840.1.114027.80.8.1.9 | +| mldsa65 **composite with** ed25519 | ML-DSA-ipd | ipd | 3 | 0xfeea | 2.16.840.1.114027.80.8.1.10 | +| mldsa87 | ML-DSA-ipd | ipd | 5 | 0xfed2 | 1.3.6.1.4.1.2.267.12.8.7 | +| mldsa87 **hybrid with** p521 | ML-DSA-ipd | ipd | 5 | 0xfed6 | 1.3.9999.7.4 | +| mldsa87 **composite with** p384 | ML-DSA-ipd | ipd | 5 | 0xfeeb | 2.16.840.1.114027.80.8.1.11 | +| mldsa87 **composite with** bp384 | ML-DSA-ipd | ipd | 5 | 0xfeec | 2.16.840.1.114027.80.8.1.12 | +| mldsa87 **composite with** ed448 | ML-DSA-ipd | ipd | 5 | 0xfeed | 2.16.840.1.114027.80.8.1.13 | +| sphincsharaka128frobust | NIST Round 3 submission | 3 | 1 | 0xfe42 | 1.3.9999.6.1.1 | +| sphincsharaka128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe43 | 1.3.9999.6.1.2 | +| sphincsharaka128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe44 | 1.3.9999.6.1.3 | +| sphincsharaka128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe45 | 1.3.9999.6.1.4 | +| sphincsharaka128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe46 | 1.3.9999.6.1.5 | +| sphincsharaka128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe47 | 1.3.9999.6.1.6 | +| sphincsharaka128srobust | NIST Round 3 submission | 3 | 1 | 0xfe48 | 1.3.9999.6.1.7 | +| sphincsharaka128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe49 | 1.3.9999.6.1.8 | +| sphincsharaka128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4a | 1.3.9999.6.1.9 | +| sphincsharaka128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe4b | 1.3.9999.6.1.10 | +| sphincsharaka128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe4c | 1.3.9999.6.1.11 | +| sphincsharaka128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe4d | 1.3.9999.6.1.12 | +| sphincsharaka192frobust | NIST Round 3 submission | 3 | 3 | 0xfe4e | 1.3.9999.6.2.1 | +| sphincsharaka192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe4f | 1.3.9999.6.2.2 | +| sphincsharaka192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe50 | 1.3.9999.6.2.3 | +| sphincsharaka192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe51 | 1.3.9999.6.2.4 | +| sphincsharaka192srobust | NIST Round 3 submission | 3 | 3 | 0xfe52 | 1.3.9999.6.2.5 | +| sphincsharaka192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe53 | 1.3.9999.6.2.6 | +| sphincsharaka192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe54 | 1.3.9999.6.2.7 | +| sphincsharaka192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe55 | 1.3.9999.6.2.8 | +| sphincsharaka256frobust | NIST Round 3 submission | 3 | 3 | 0xfe56 | 1.3.9999.6.3.1 | +| sphincsharaka256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 3 | 0xfe57 | 1.3.9999.6.3.2 | +| sphincsharaka256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe58 | 1.3.9999.6.3.3 | +| sphincsharaka256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe59 | 1.3.9999.6.3.4 | +| sphincsharaka256srobust | NIST Round 3 submission | 3 | 5 | 0xfe5a | 1.3.9999.6.3.5 | +| sphincsharaka256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5b | 1.3.9999.6.3.6 | +| sphincsharaka256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe5c | 1.3.9999.6.3.7 | +| sphincsharaka256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe5d | 1.3.9999.6.3.8 | +| sphincssha26128frobust | NIST Round 3 submission | 3 | 5 | 0xfe5e | 1.3.9999.6.4.1 | +| sphincssha26128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe5f | 1.3.9999.6.4.2 | +| sphincssha26128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe60 | 1.3.9999.6.4.3 | +| sphincssha2128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb3 | 1.3.9999.6.4.13 | +| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb4 | 1.3.9999.6.4.14 | +| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb5 | 1.3.9999.6.4.15 | +| sphincssha2128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe61 | 1.3.9999.6.4.4 | +| sphincssha2128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe62 | 1.3.9999.6.4.5 | +| sphincssha2128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe63 | 1.3.9999.6.4.6 | +| sphincssha256128srobust | NIST Round 3 submission | 3 | 5 | 0xfe64 | 1.3.9999.6.4.7 | +| sphincssha256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 5 | 0xfe65 | 1.3.9999.6.4.8 | +| sphincssha256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 5 | 0xfe66 | 1.3.9999.6.4.9 | +| sphincssha2128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb6 | 1.3.9999.6.4.16 | +| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb7 | 1.3.9999.6.4.17 | +| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfeb8 | 1.3.9999.6.4.18 | +| sphincssha2128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe67 | 1.3.9999.6.4.10 | +| sphincssha2128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe68 | 1.3.9999.6.4.11 | +| sphincssha2128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe69 | 1.3.9999.6.4.12 | +| sphincssha256192frobust | NIST Round 3 submission | 3 | 5 | 0xfe6a | 1.3.9999.6.5.1 | +| sphincssha256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6b | 1.3.9999.6.5.2 | +| sphincssha2192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeb9 | 1.3.9999.6.5.10 | +| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeba | 1.3.9999.6.5.11 | +| sphincssha2192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe6c | 1.3.9999.6.5.3 | +| sphincssha2192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe6d | 1.3.9999.6.5.4 | +| sphincssha256192srobust | NIST Round 3 submission | 3 | 5 | 0xfe6e | 1.3.9999.6.5.5 | +| sphincssha256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 5 | 0xfe6f | 1.3.9999.6.5.6 | +| sphincssha2192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebb | 1.3.9999.6.5.12 | +| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfebc | 1.3.9999.6.5.13 | +| sphincssha2192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe70 | 1.3.9999.6.5.7 | +| sphincssha2192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe71 | 1.3.9999.6.5.8 | +| sphincssha256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe72 | 1.3.9999.6.6.1 | +| sphincssha256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe73 | 1.3.9999.6.6.2 | +| sphincssha2256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebd | 1.3.9999.6.6.10 | +| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfebe | 1.3.9999.6.6.11 | +| sphincssha2256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe74 | 1.3.9999.6.6.3 | +| sphincssha2256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe75 | 1.3.9999.6.6.4 | +| sphincssha256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe76 | 1.3.9999.6.6.5 | +| sphincssha256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe77 | 1.3.9999.6.6.6 | +| sphincssha2256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec0 | 1.3.9999.6.6.12 | +| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfec1 | 1.3.9999.6.6.13 | +| sphincssha2256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe78 | 1.3.9999.6.6.7 | +| sphincssha2256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe79 | 1.3.9999.6.6.8 | +| sphincsshake256128frobust | NIST Round 3 submission | 3 | 1 | 0xfe7a | 1.3.9999.6.7.1 | +| sphincsshake256128frobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7b | 1.3.9999.6.7.2 | +| sphincsshake256128frobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7c | 1.3.9999.6.7.3 | +| sphincsshake128fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec2 | 1.3.9999.6.7.13 | +| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec3 | 1.3.9999.6.7.14 | +| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec4 | 1.3.9999.6.7.15 | +| sphincsshake128fsimple | NIST Round 3 submission | 3 | 1 | 0xfe7d | 1.3.9999.6.7.4 | +| sphincsshake128fsimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe7e | 1.3.9999.6.7.5 | +| sphincsshake128fsimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe7f | 1.3.9999.6.7.6 | +| sphincsshake256128srobust | NIST Round 3 submission | 3 | 1 | 0xfe80 | 1.3.9999.6.7.7 | +| sphincsshake256128srobust **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe81 | 1.3.9999.6.7.8 | +| sphincsshake256128srobust **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe82 | 1.3.9999.6.7.9 | +| sphincsshake128ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec5 | 1.3.9999.6.7.16 | +| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec6 | 1.3.9999.6.7.17 | +| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 1 | 0xfec7 | 1.3.9999.6.7.18 | +| sphincsshake128ssimple | NIST Round 3 submission | 3 | 1 | 0xfe83 | 1.3.9999.6.7.10 | +| sphincsshake128ssimple **hybrid with** p256 | NIST Round 3 submission | 3 | 1 | 0xfe84 | 1.3.9999.6.7.11 | +| sphincsshake128ssimple **hybrid with** rsa3072 | NIST Round 3 submission | 3 | 1 | 0xfe85 | 1.3.9999.6.7.12 | +| sphincsshake256192frobust | NIST Round 3 submission | 3 | 3 | 0xfe86 | 1.3.9999.6.8.1 | +| sphincsshake256192frobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe87 | 1.3.9999.6.8.2 | +| sphincsshake192fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec8 | 1.3.9999.6.8.10 | +| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfec9 | 1.3.9999.6.8.11 | +| sphincsshake192fsimple | NIST Round 3 submission | 3 | 3 | 0xfe88 | 1.3.9999.6.8.3 | +| sphincsshake192fsimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe89 | 1.3.9999.6.8.4 | +| sphincsshake256192srobust | NIST Round 3 submission | 3 | 3 | 0xfe8a | 1.3.9999.6.8.5 | +| sphincsshake256192srobust **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8b | 1.3.9999.6.8.6 | +| sphincsshake192ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfeca | 1.3.9999.6.8.12 | +| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 3 | 0xfecb | 1.3.9999.6.8.13 | +| sphincsshake192ssimple | NIST Round 3 submission | 3 | 3 | 0xfe8c | 1.3.9999.6.8.7 | +| sphincsshake192ssimple **hybrid with** p384 | NIST Round 3 submission | 3 | 3 | 0xfe8d | 1.3.9999.6.8.8 | +| sphincsshake256256frobust | NIST Round 3 submission | 3 | 5 | 0xfe8e | 1.3.9999.6.9.1 | +| sphincsshake256256frobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe8f | 1.3.9999.6.9.2 | +| sphincsshake256fsimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecc | 1.3.9999.6.9.10 | +| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecd | 1.3.9999.6.9.11 | +| sphincsshake256fsimple | NIST Round 3 submission | 3 | 5 | 0xfe90 | 1.3.9999.6.9.3 | +| sphincsshake256fsimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe91 | 1.3.9999.6.9.4 | +| sphincsshake256256srobust | NIST Round 3 submission | 3 | 5 | 0xfe92 | 1.3.9999.6.9.5 | +| sphincsshake256256srobust **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe93 | 1.3.9999.6.9.6 | +| sphincsshake256ssimple | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfece | 1.3.9999.6.9.12 | +| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission, v3.1 (June 10, 2022) | 3 | 5 | 0xfecf | 1.3.9999.6.9.13 | +| sphincsshake256ssimple | NIST Round 3 submission | 3 | 5 | 0xfe94 | 1.3.9999.6.9.7 | +| sphincsshake256ssimple **hybrid with** p521 | NIST Round 3 submission | 3 | 5 | 0xfe95 | 1.3.9999.6.9.8 | \ No newline at end of file diff --git a/oqs-template/test/oqs_test_evp_pkey_params.c/composite_sig_algs.fragment b/oqs-template/test/oqs_test_evp_pkey_params.c/composite_sig_algs.fragment new file mode 100644 index 00000000..b22a559c --- /dev/null +++ b/oqs-template/test/oqs_test_evp_pkey_params.c/composite_sig_algs.fragment @@ -0,0 +1,14 @@ + + +/** \brief List of composite signature algorithms. */ +const char *kCompositeSignatureAlgorithms[] = { +{% for sig in config['sigs'] %} + {%- for variant in sig['variants'] %} + {%- for composite_alg in variant['composite'] -%} + "{{variant['name']}}_{{ composite_alg['name'] }}", + {%- endfor -%} + {%- endfor %} +{%- endfor %} +NULL, +}; + diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 55ffbfc8..d27115c8 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -665,7 +665,9 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { OPENSSL_malloc(oqsxkey->numkeys * sizeof(ASN1_OCTET_STRING *)); unsigned char **temp = OPENSSL_malloc(oqsxkey->numkeys * sizeof(unsigned char *)); - size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)); + unsigned char *ed_internal; + size_t *templen = OPENSSL_malloc(oqsxkey->numkeys * sizeof(size_t)), + ed_internallen; PKCS8_PRIV_KEY_INFO *p8inf_internal = NULL; sk = sk_ASN1_TYPE_new_null(); int i; @@ -789,7 +791,7 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { memcpy(buf, oqsxkey->comp_privkey[i], buflen); // buflen for classical (RSA) // might be different from - // oqsxkey->privkeylen_cmp[ + // oqsxkey->privkeylen_cmp } if (nid == EVP_PKEY_EC) { // add the curve OID with the ECPubkey OID @@ -800,30 +802,87 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { version = V_ASN1_UNDEF; pval = NULL; } - if (!PKCS8_pkey_set0(p8inf_internal, OBJ_nid2obj(nid), 0, version, - pval, buf, buflen)) { - for (int j = 0; j <= i; j++) { - OPENSSL_cleanse(aString[j]->data, aString[j]->length); - ASN1_OCTET_STRING_free(aString[j]); - OPENSSL_cleanse(aType[j]->value.sequence->data, - aType[j]->value.sequence->length); - OPENSSL_clear_free(temp[j], templen[j]); + if (nid == EVP_PKEY_ED25519 || nid == EVP_PKEY_ED448) { + oct.data = buf; + oct.length = buflen; + oct.flags = 0; + ed_internal = NULL; + + ed_internallen = i2d_ASN1_OCTET_STRING(&oct, &ed_internal); + if (ed_internallen < 0) { + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); + } + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(name); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); + OPENSSL_cleanse(buf, + buflen); // buf is part of p8inf_internal so + // we cant free now, we cleanse it + // to remove pkey from memory + PKCS8_PRIV_KEY_INFO_free( + p8inf_internal); // this also free buf + return -1; } - sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); - OPENSSL_free(name); - OPENSSL_free(aType); - OPENSSL_free(aString); - OPENSSL_free(temp); - OPENSSL_free(templen); - OPENSSL_cleanse(buf, - buflen); // buf is part of p8inf_internal so we - // cant free now, we cleanse it to - // remove pkey from memory - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); // this also free buf - return -1; - } + if (!PKCS8_pkey_set0(p8inf_internal, OBJ_nid2obj(nid), 0, + version, pval, ed_internal, + ed_internallen)) { + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); + } + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(name); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); + OPENSSL_secure_clear_free(buf, buflen); + OPENSSL_cleanse(ed_internal, ed_internallen); + PKCS8_PRIV_KEY_INFO_free( + p8inf_internal); // this also free ed_internal + return -1; + } + } else { + if (!PKCS8_pkey_set0(p8inf_internal, OBJ_nid2obj(nid), 0, + version, pval, buf, buflen)) { + for (int j = 0; j <= i; j++) { + OPENSSL_cleanse(aString[j]->data, aString[j]->length); + ASN1_OCTET_STRING_free(aString[j]); + OPENSSL_cleanse(aType[j]->value.sequence->data, + aType[j]->value.sequence->length); + OPENSSL_clear_free(temp[j], templen[j]); + } + + sk_ASN1_TYPE_pop_free(sk, &ASN1_TYPE_free); + OPENSSL_free(name); + OPENSSL_free(aType); + OPENSSL_free(aString); + OPENSSL_free(temp); + OPENSSL_free(templen); + OPENSSL_cleanse(buf, + buflen); // buf is part of p8inf_internal so + // we cant free now, we cleanse it + // to remove pkey from memory + PKCS8_PRIV_KEY_INFO_free( + p8inf_internal); // this also free buf + return -1; + } + } templen[i] = i2d_PKCS8_PRIV_KEY_INFO(p8inf_internal, &temp[i]); // create the privkey info @@ -853,12 +912,26 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { buflen); // buf is part of p8inf_internal so we // cant free now, we cleanse it to // remove pkey from memory - PKCS8_PRIV_KEY_INFO_free(p8inf_internal); // this also free buf + if (nid == EVP_PKEY_ED25519 || nid == EVP_PKEY_ED448) { + OPENSSL_cleanse(ed_internal, ed_internallen); + OPENSSL_secure_free( + buf); // in this case the ed_internal is + // freed from the pkcs8_free instead + // of buf, so we need to free buf here + } + PKCS8_PRIV_KEY_INFO_free( + p8inf_internal); // this also free buf or ed_internal return -1; } OPENSSL_free(name); OPENSSL_cleanse(buf, buflen); + if (nid == EVP_PKEY_ED25519 || nid == EVP_PKEY_ED448) { + OPENSSL_cleanse(ed_internal, ed_internallen); + OPENSSL_secure_free(buf); // in this case the ed_internal is + // freed from the pkcs8_free instead + // of buf, so we need to free buf here + } PKCS8_PRIV_KEY_INFO_free(p8inf_internal); } keybloblen = i2d_ASN1_SEQUENCE_ANY(sk, pder); diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h index bb8ed1a9..33d74350 100644 --- a/oqsprov/oqs_prov.h +++ b/oqsprov/oqs_prov.h @@ -203,7 +203,7 @@ char *get_oqsname_fromtls(char *tlsname); char *get_oqsname(int nid); char *get_cmpname(int nid, int index); int get_oqsalg_idx(int nid); -int get_composite_idx(int idx); +int get_composite_idx(char *name); /* Workaround for not functioning EC PARAM initialization * TBD, check https://github.com/openssl/openssl/issues/16989 diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 83305bb2..91250642 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -447,7 +447,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, unsigned char *buf; int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); - int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); + int comp_idx = get_composite_idx(oqsxkey->tls_name); if (comp_idx == -1) goto endsign; const unsigned char *oid_prefix = composite_OID_prefix[comp_idx - 1]; @@ -799,7 +799,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, CompositeSignature *compsig; int i; int nid = OBJ_sn2nid(oqsxkey->tls_name); - int comp_idx = get_composite_idx(get_oqsalg_idx(nid)); + int comp_idx = get_composite_idx(oqsxkey->tls_name); if (comp_idx == -1) goto endverify; unsigned char *buf; diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 899032c3..559e9826 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -997,13 +997,20 @@ static const OSSL_ALGORITHM oqsprovider_decoder[] = { }; // get the last number on the composite OID -int get_composite_idx(int idx) { - char *s; +int get_composite_idx(char *name) { + char *s = NULL; int i, len, ret = -1, count = 0; - if (2 * idx > OQS_OID_CNT) - return 0; - s = (char *)oqs_oid_alg_list[idx * 2]; + for (i = 1; i <= OQS_OID_CNT; i += 2) { + if (!strcmp((char *)oqs_oid_alg_list[i], name)) { + s = (char *)oqs_oid_alg_list[i - 1]; + break; + } + } + if (s == NULL) { + return ret; + } + len = strlen(s); for (i = 0; i < len; i++) { diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 6153b1de..6b8bfd25 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1377,6 +1377,19 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, key_diff = nids_sig[6].length_private_key - buflen; } + // removing extra OTECT STRING from ED25519 and ED448 keys + if ((keytype == EVP_PKEY_ED25519) || + (keytype == EVP_PKEY_ED448)) { + ASN1_OCTET_STRING *ed_octet = NULL; + ed_octet = d2i_ASN1_OCTET_STRING(&ed_octet, &buf, buflen); + aux += ed_octet->length; + memcpy(concat_key + plen - 1 - aux, ed_octet->data, + ed_octet->length); + nid = 1; // setting to non zero value so the key is not + // copied again + ASN1_OCTET_STRING_free(ed_octet); + } + if (!nid) { aux += buflen; memcpy(concat_key + plen - 1 - aux, buf, diff --git a/test/oqs_test_evp_pkey_params.c b/test/oqs_test_evp_pkey_params.c index b00c05c2..fbb28135 100644 --- a/test/oqs_test_evp_pkey_params.c +++ b/test/oqs_test_evp_pkey_params.c @@ -46,6 +46,20 @@ const char *kHybridSignatureAlgorithms[] = { }; ///// OQS_TEMPLATE_FRAGMENT_HYBRID_SIG_ALGS_END +///// OQS_TEMPLATE_FRAGMENT_COMPOSITE_SIG_ALGS_START + +/** \brief List of composite signature algorithms. */ +const char *kCompositeSignatureAlgorithms[] = { + "mldsa44_pss2048", "mldsa44_rsa2048", + "mldsa44_ed25519", "mldsa44_p256", + "mldsa44_bp256", "mldsa65_pss3072", + "mldsa65_rsa3072", "mldsa65_p256", + "mldsa65_bp256", "mldsa65_ed25519", + "mldsa87_p384", "mldsa87_bp384", + "mldsa87_ed448", NULL, +}; +///// OQS_TEMPLATE_FRAGMENT_COMPOSITE_SIG_ALGS_END + ///// OQS_TEMPLATE_FRAGMENT_HYBRID_KEM_ALGS_START /** \brief List of hybrid KEMs. */