From 2b28c531f7d4be97f27d4667a9efa0bb8e2ddbee Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 07:50:02 +0100 Subject: [PATCH 01/10] Store generate.yml as generate.yml-0.12.0 Signed-off-by: Pravek Sharma --- oqs-template/generate.yml-0.12.0 | 1674 ++++++++++++++++++++++++++++++ 1 file changed, 1674 insertions(+) create mode 100644 oqs-template/generate.yml-0.12.0 diff --git a/oqs-template/generate.yml-0.12.0 b/oqs-template/generate.yml-0.12.0 new file mode 100644 index 00000000..8fb023ed --- /dev/null +++ b/oqs-template/generate.yml-0.12.0 @@ -0,0 +1,1674 @@ +# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs +# Next free plain KEM ID: 0x024D, p-hybrid: 0x2F4F, X-hybrid: 0x2FB9 +# Switch to using unassigned code points as per https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8: +# Next free: 65027 (see https://github.com/open-quantum-safe/oqs-provider/issues/561) +kems: + - + family: 'FrodoKEM' + name_group: 'frodo640aes' + nid: '65024' + nid_hybrid: '0x2F00' + oqs_alg: 'OQS_KEM_alg_frodokem_640_aes' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F80' + - + family: 'FrodoKEM' + name_group: 'frodo640shake' + nid: '65025' + nid_hybrid: '0x2F01' + oqs_alg: 'OQS_KEM_alg_frodokem_640_shake' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F81' + - + family: 'FrodoKEM' + name_group: 'frodo976aes' + nid: '65026' + nid_hybrid: '0x2F02' + oqs_alg: 'OQS_KEM_alg_frodokem_976_aes' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F82' + - + family: 'FrodoKEM' + name_group: 'frodo976shake' + nid: '0x0203' + nid_hybrid: '0x2F03' + oqs_alg: 'OQS_KEM_alg_frodokem_976_shake' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F83' + - + family: 'FrodoKEM' + name_group: 'frodo1344aes' + nid: '0x0204' + nid_hybrid: '0x2F04' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_aes' + - + family: 'FrodoKEM' + name_group: 'frodo1344shake' + nid: '0x0205' + nid_hybrid: '0x2F05' + oqs_alg: 'OQS_KEM_alg_frodokem_1344_shake' + - + family: 'BIKE' + name_group: 'bike1l1cpa' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0206' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F06' + oqs_alg: 'OQS_KEM_alg_bike1_l1_cpa' + - + family: 'BIKE' + name_group: 'bike1l3cpa' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0207' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F07' + oqs_alg: 'OQS_KEM_alg_bike1_l3_cpa' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber512' + nid: '0x023A' + oid: '1.3.6.1.4.1.2.267.8.2.2' + nid_hybrid: '0x2F3A' + oqs_alg: 'OQS_KEM_alg_kyber_512' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2F39' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x020F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F0F' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: x25519 + nid: '0x2F26' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber768' + nid: '0x023C' + oid: '1.3.6.1.4.1.2.267.8.3.3' + nid_hybrid: '0x2F3C' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2F90' + - hybrid_group: "x25519" + nid: '0x6399' + - hybrid_group: "p256" + nid: '0x639A' + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0210' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F10' + oqs_alg: 'OQS_KEM_alg_kyber_768' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber1024' + nid: '0x023D' + oid: '1.3.6.1.4.1.2.267.8.4.4' + nid_hybrid: '0x2F3D' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0211' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F11' + oqs_alg: 'OQS_KEM_alg_kyber_1024' +# end of IBM support section +# NIST OIDs see https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration +# KEM prefix 2.16.840.1.101.3.4.4. + - + family: 'ML-KEM' + fips_standard: 1 + name_group: 'mlkem512' +# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + nid: '512' +# NIST kem 1 + oid: '2.16.840.1.101.3.4.4.1' +# code point not standardized: Why? XXX + nid_hybrid: '0x2F4B' +# retain OIDs of the Legion of the BouncyCastle: XXX check if OK + hybrid_oid: '1.3.6.1.4.1.22554.5.7.1' + oqs_alg: 'OQS_KEM_alg_ml_kem_512' + extra_nids: + current: + - hybrid_group: "x25519" +# retain OIDs of the Legion of the BouncyCastle: XXX check if OK + hybrid_oid: '1.3.6.1.4.1.22554.5.8.1' +# code point not standardized: Why? XXX + nid: '0x2FB6' + - + family: 'ML-KEM' + fips_standard: 1 + name_group: 'mlkem768' +# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + nid: '513' +# NIST kem 2 + oid: '2.16.840.1.101.3.4.4.2' +# code point not standardized: Why? XXX + nid_hybrid: '0x2F4C' + oqs_alg: 'OQS_KEM_alg_ml_kem_768' + extra_nids: + current: + - hybrid_group: "x448" +# code point not standardized: Why? XXX + nid: '0x2FB7' + - hybrid_group: "x25519" +# https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html#name-x25519mlkem768 + nid: '0x11ec' + standard_name: "X25519MLKEM768" + - hybrid_group: "p256" +# https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html#name-secp256r1mlkem768 + nid: '0x11eb' + standard_name: "SecP256r1MLKEM768" + - + family: 'ML-KEM' + fips_standard: 1 + name_group: 'mlkem1024' +# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + nid: '514' +# NIST kem 3 + oid: '2.16.840.1.101.3.4.4.3' +# code point not standardized: Why? XXX + nid_hybrid: '0x2F4D' + oqs_alg: 'OQS_KEM_alg_ml_kem_1024' + extra_nids: + current: + # p384_mlkem1024 hybrid doesn't appear in any standardization drafts + # this oid is proposed by Tresorit + # if the hybrid combination is standardized, feel free to change it + - hybrid_group: "p384" +# does Tresorit want to update? + hybrid_oid: '1.3.6.1.4.1.42235.6' +# code point not standardized: Why? XXX + nid: '0x2F4E' + - + family: 'BIKE' + name_group: 'bike1l1fo' + bit_security: 128 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0223' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F23' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: "x25519" + nid: '0x2F28' + oqs_alg: 'OQS_KEM_alg_bike1_l1_fo' + - + family: 'BIKE' + name_group: 'bike1l3fo' + bit_security: 192 + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0224' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F24' + oqs_alg: 'OQS_KEM_alg_bike1_l3_fo' + - + family: 'BIKE' + name_group: 'bikel1' + implementation_version: '5.1' + nid: '0x0241' + nid_hybrid: '0x2F41' + oqs_alg: 'OQS_KEM_alg_bike_l1' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FAE' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0238' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2F37' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F38' + - + family: 'BIKE' + name_group: 'bikel3' + implementation_version: '5.1' + nid: '0x0242' + nid_hybrid: '0x2F42' + oqs_alg: 'OQS_KEM_alg_bike_l3' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FAF' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3B' + - + family: 'BIKE' + name_group: 'bikel5' + implementation_version: '5.1' + nid: '0x0243' + nid_hybrid: '0x2F43' + oqs_alg: 'OQS_KEM_alg_bike_l5' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s512' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x0229' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp256_r1 + nid: '0x2F29' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F3E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2FA9' + oqs_alg: 'OQS_KEM_alg_kyber_512_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s768' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022A' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp384_r1 + nid: '0x2F2A' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x023F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F3F' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 + nid: '0x2FAA' + oqs_alg: 'OQS_KEM_alg_kyber_768_90s' + - + family: 'CRYSTALS-Kyber' + name_group: 'kyber90s1024' + extra_nids: + old: + - implementation_version: NIST Round 2 submission + nist-round: 2 + nid: '0x022B' + - implementation_version: NIST Round 2 submission + nist-round: 2 + hybrid_group: secp521_r1 + nid: '0x2F2B' + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x0240' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F40' + oqs_alg: 'OQS_KEM_alg_kyber_1024_90s' + - + family: 'HQC' + name_group: 'hqc128' + nid: '0x0244' + nid_hybrid: '0x2F44' + oqs_alg: 'OQS_KEM_alg_hqc_128' + extra_nids: + current: + - hybrid_group: "x25519" + nid: '0x2FB0' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp256_r1 + nid: '0x2F2C' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x25519 + nid: '0x2FAC' + - + family: 'HQC' + name_group: 'hqc192' + nid: '0x0245' + nid_hybrid: '0x2F45' + oqs_alg: 'OQS_KEM_alg_hqc_192' + extra_nids: + current: + - hybrid_group: "x448" + nid: '0x2FB1' + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp384_r1 + nid: '0x2F2D' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: x448 + nid: '0x2FAD' + - + family: 'HQC' + name_group: 'hqc256' + nid: '0x0246' + nid_hybrid: '0x2F46' + oqs_alg: 'OQS_KEM_alg_hqc_256' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + nid: '0x022E' + - implementation_version: NIST Round 3 submission + nist-round: 3 + hybrid_group: secp521_r1 + nid: '0x2F2E' + +kem_nid_end: '0x0250' +kem_nid_hybrid_end: '0x2FFF' +# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values + +# Next free signature ID: 0xff0a +sigs: + # - + # iso (1) + # identified-organization (3) + # reserved (9999) + # oqs_sig_default (1) + # disabled + #variants: + # - + # name: 'oqs_sig_default' + # pretty_name: 'OQS Default Signature Algorithm' + # oqs_meth: 'OQS_SIG_alg_default' + # oid: '1.3.9999.1.1' + # code_point: '0xfe00' + # enable: true + # mix_with: [{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'oid': '1.3.9999.1.2', + # 'code_point': '0xfe01'}, + # {'name': 'rsa3072', + # 'pretty_name': 'RSA3072', + # 'oid': '1.3.9999.1.3', + # 'code_point': '0xfe02'}] + # composite:[{'name': 'p256', + # 'pretty_name': 'ECDSA p256', + # 'security': '128', + # 'oid': '2.16.840.1.114027.80.1.8'}] + - + # The Composite OIDs are kept up to date by @feventura (Entrust) + # These are prototype OIDs and are in line with draft-ietf-lamps-pq-composite-sigs-02 + # OID scheme for composite variants: + # joint-iso-itu-t (2) + # country (16) + # us (840) + # organization (1) + # entrust (114027) + # algorithm (80) + # composite (8) + # signature (1) + # - + # OID scheme for hybrid variants of Dilithium: + # iso (1) + # identified-organization (3) + # reserved (9999) + # dilithium (2) + # OID scheme for plain Dilithium: + # iso (1) + # identified-organization (3) + # dod (6) + # internet (1) + # private (4) + # enterprise (1) + # IBM (2) + # qsc (267) + # Dilithium-r3 (7) + + + family: 'CRYSTALS-Dilithium' + variants: + - + name: 'dilithium2' + pretty_name: 'Dilithium2' + oqs_meth: 'OQS_SIG_alg_dilithium_2' + oid: '1.3.6.1.4.1.2.267.7.4.4' + code_point: '0xfea0' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.7.1', + 'code_point': '0xfea1'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.7.2', + 'code_point': '0xfea2'}] + - + name: 'dilithium3' + pretty_name: 'Dilithium3' + oqs_meth: 'OQS_SIG_alg_dilithium_3' + oid: '1.3.6.1.4.1.2.267.7.6.5' + code_point: '0xfea3' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.7.3', + 'code_point': '0xfea4'}] + - + name: 'dilithium5' + pretty_name: 'Dilithium5' + oqs_meth: 'OQS_SIG_alg_dilithium_5' + oid: '1.3.6.1.4.1.2.267.7.8.7' + code_point: '0xfea5' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.7.4', + 'code_point': '0xfea6'}] + - + name: 'dilithium2_aes' + pretty_name: 'Dilithium2_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_2_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.4.4' + code_point: '0xfea7' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.2.11.1', + 'code_point': '0xfea8'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.2.11.2', + 'code_point': '0xfea9'}] + - + name: 'dilithium3_aes' + pretty_name: 'Dilithium3_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_3_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.6.5' + code_point: '0xfeaa' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.2.11.3', + 'code_point': '0xfeab'}] + - + name: 'dilithium5_aes' + pretty_name: 'Dilithium5_AES' + oqs_meth: 'OQS_SIG_alg_dilithium_5_aes' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.6.1.4.1.2.267.11.8.7' + code_point: '0xfeac' + supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.2.11.4', + 'code_point': '0xfead'}] +# NIST OIDs see https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration +# Signature prefix 2.16.840.1.101.3.4.3. +# ML-DSA code points: https://datatracker.ietf.org/doc/draft-tls-westerbaan-mldsa/00 +# Composite-ML-DSA OIDs: https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/02/ +# Composite-ML-DSA code points: https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/01 + - + family: 'ML-DSA' + variants: + - + name: 'mldsa44' + pretty_name: 'ML-DSA-44' + oqs_meth: 'OQS_SIG_alg_ml_dsa_44' + oid: '2.16.840.1.101.3.4.3.17' + code_point: '0x0904' + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.7.5', + 'code_point': '0xff06'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.7.6', + 'code_point': '0xff07'}] + composite: [{'name': 'pss2048', + 'pretty_name': 'RSA PSS 2048', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.1', + 'code_point': '0x090f'}, + {'name': 'rsa2048', + 'pretty_name': 'RSA2048', + 'security': '112', + 'oid': '2.16.840.1.114027.80.8.1.2', + 'code_point': '0x090c'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.3', + 'code_point': '0x090a'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.4', + 'code_point': '0x0907'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.5', + 'code_point': '0xfee5'}] + - + name: 'mldsa65' + pretty_name: 'ML-DSA-65' + oqs_meth: 'OQS_SIG_alg_ml_dsa_65' + oid: '2.16.840.1.101.3.4.3.18' + code_point: '0x0905' + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.7.7', + 'code_point': '0xff08'}] + composite: [{'name': 'pss3072', + 'pretty_name': 'RSA PSS 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.6', + 'code_point': '0x0910'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA 3072', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.7', + 'code_point': '0x090d'}, + {'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.8', + 'code_point': '0x0908'}, + {'name': 'bp256', + 'pretty_name': 'ECDSA brainpoolP256r1', + 'security': '256', + 'oid': '2.16.840.1.114027.80.8.1.9', + 'code_point': '0xfee9'}, + {'name': 'ed25519', + 'pretty_name': 'ED25519', + 'security': '128', + 'oid': '2.16.840.1.114027.80.8.1.10', + 'code_point': '0x090b'}] + - + name: 'mldsa87' + pretty_name: 'ML-DSA-87' + oqs_meth: 'OQS_SIG_alg_ml_dsa_87' + oid: '2.16.840.1.101.3.4.3.19' + code_point: '0x0906' + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.7.8', + 'code_point': '0xff09'}] + composite: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.11', + 'code_point': '0x0909'}, + {'name': 'bp384', + 'pretty_name': 'ECDSA brainpoolP384r1', + 'security': '384', + 'oid': '2.16.840.1.114027.80.8.1.12', + 'code_point': '0xfeec'}, + {'name': 'ed448', + 'pretty_name': 'ED448', + 'security': '192', + 'oid': '2.16.840.1.114027.80.8.1.13', + 'code_point': '0x0912'}] + - + # iso (1) + # identified-organization (3) + # reserved (9999) + # falcon (3) + family: 'Falcon' + variants: + - + name: 'falcon512' + pretty_name: 'Falcon-512' + oqs_meth: 'OQS_SIG_alg_falcon_512' + oid: '1.3.9999.3.11' + code_point: '0xfed7' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.12', + 'code_point': '0xfed8'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.13', + 'code_point': '0xfed9'}] + extra_nids: + old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.6' + code_point: '0xfeae' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.7', + 'code_point': '0xfeaf'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.8', + 'code_point': '0xfeb0'}] + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.1' + code_point: '0xfe0b' + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.2', + 'code_point': '0xfe0c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.3', + 'code_point': '0xfe0d'}] + - + name: 'falconpadded512' + pretty_name: 'Falcon-padded-512' + oqs_meth: 'OQS_SIG_alg_falcon_padded_512' + oid: '1.3.9999.3.16' + code_point: '0xfedc' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.3.17', + 'code_point': '0xfedd'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.3.18', + 'code_point': '0xfede'}] + - + name: 'falcon1024' + pretty_name: 'Falcon-1024' + oqs_meth: 'OQS_SIG_alg_falcon_1024' + oid: '1.3.9999.3.14' + code_point: '0xfeda' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.15', + 'code_point': '0xfedb'}] + extra_nids: + old: + - implementation_version: PQClean Round 3 version labelled 20211101 + nist-round: 3 + oid: '1.3.9999.3.9' + code_point: '0xfeb1' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.10', + 'code_point': '0xfeb2'}] + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.3.4' + code_point: '0xfe0e' + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.5', + 'code_point': '0xfe0f'}] + - + name: 'falconpadded1024' + pretty_name: 'Falcon-padded-1024' + oqs_meth: 'OQS_SIG_alg_falcon_padded_1024' + oid: '1.3.9999.3.19' + code_point: '0xfedf' + supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk'] + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.3.20', + 'code_point': '0xfee0'}] + - + family: 'SPHINCS-Haraka' + variants: + - + name: 'sphincsharaka128frobust' + pretty_name: 'SPHINCS+-Haraka-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.1' + code_point: '0xfe42' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.2', + 'code_point': '0xfe43'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.3', + 'code_point': '0xfe44'}] + - + name: 'sphincsharaka128fsimple' + pretty_name: 'SPHINCS+-Haraka-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.4' + code_point: '0xfe45' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.5', + 'code_point': '0xfe46'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.6', + 'code_point': '0xfe47'}] + - + name: 'sphincsharaka128srobust' + pretty_name: 'SPHINCS+-Haraka-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.7' + code_point: '0xfe48' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.8', + 'code_point': '0xfe49'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.9', + 'code_point': '0xfe4a'}] + - + name: 'sphincsharaka128ssimple' + pretty_name: 'SPHINCS+-Haraka-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.1.10' + code_point: '0xfe4b' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.1.11', + 'code_point': '0xfe4c'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.1.12', + 'code_point': '0xfe4d'}] + - + name: 'sphincsharaka192frobust' + pretty_name: 'SPHINCS+-Haraka-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.1' + code_point: '0xfe4e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.2', + 'code_point': '0xfe4f'}] + - + name: 'sphincsharaka192fsimple' + pretty_name: 'SPHINCS+-Haraka-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.3' + code_point: '0xfe50' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.4', + 'code_point': '0xfe51'}] + - + name: 'sphincsharaka192srobust' + pretty_name: 'SPHINCS+-Haraka-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.5' + code_point: '0xfe52' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.6', + 'code_point': '0xfe53'}] + - + name: 'sphincsharaka192ssimple' + pretty_name: 'SPHINCS+-Haraka-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.2.7' + code_point: '0xfe54' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.2.8', + 'code_point': '0xfe55'}] + - + name: 'sphincsharaka256frobust' + pretty_name: 'SPHINCS+-Haraka-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.1' + code_point: '0xfe56' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.2', + 'code_point': '0xfe57'}] + - + name: 'sphincsharaka256fsimple' + pretty_name: 'SPHINCS+-Haraka-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.3' + code_point: '0xfe58' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.4', + 'code_point': '0xfe59'}] + - + name: 'sphincsharaka256srobust' + pretty_name: 'SPHINCS+-Haraka-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.5' + code_point: '0xfe5a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.6', + 'code_point': '0xfe5b'}] + - + name: 'sphincsharaka256ssimple' + pretty_name: 'SPHINCS+-Haraka-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_simple' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.3.7' + code_point: '0xfe5c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.3.8', + 'code_point': '0xfe5d'}] + - + family: 'SPHINCS-SHA2' + variants: + - + name: 'sphincssha26128frobust' + pretty_name: 'SPHINCS+-SHA256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.1' + code_point: '0xfe5e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.2', + 'code_point': '0xfe5f'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.3', + 'code_point': '0xfe60'}] + - + name: 'sphincssha2128fsimple' + pretty_name: 'SPHINCS+-SHA2-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128f_simple' + oid: '1.3.9999.6.4.13' + code_point: '0xfeb3' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.14', + 'code_point': '0xfeb4'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.15', + 'code_point': '0xfeb5'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.4' + code_point: '0xfe61' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.5', + 'code_point': '0xfe62'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.6', + 'code_point': '0xfe63'}] + - + name: 'sphincssha256128srobust' + pretty_name: 'SPHINCS+-SHA256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.7' + code_point: '0xfe64' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.8', + 'code_point': '0xfe65'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.9', + 'code_point': '0xfe66'}] + - + name: 'sphincssha2128ssimple' + pretty_name: 'SPHINCS+-SHA2-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128s_simple' + oid: '1.3.9999.6.4.16' + code_point: '0xfeb6' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.17', + 'code_point': '0xfeb7'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.18', + 'code_point': '0xfeb8'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.4.10' + code_point: '0xfe67' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.4.11', + 'code_point': '0xfe68'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.4.12', + 'code_point': '0xfe69'}] + - + name: 'sphincssha256192frobust' + pretty_name: 'SPHINCS+-SHA256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.1' + code_point: '0xfe6a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.2', + 'code_point': '0xfe6b'}] + - + name: 'sphincssha2192fsimple' + pretty_name: 'SPHINCS+-SHA2-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192f_simple' + oid: '1.3.9999.6.5.10' + code_point: '0xfeb9' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.11', + 'code_point': '0xfeba'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.3' + code_point: '0xfe6c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.4', + 'code_point': '0xfe6d'}] + - + name: 'sphincssha256192srobust' + pretty_name: 'SPHINCS+-SHA256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.5' + code_point: '0xfe6e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.6', + 'code_point': '0xfe6f'}] + - + name: 'sphincssha2192ssimple' + pretty_name: 'SPHINCS+-SHA2-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192s_simple' + oid: '1.3.9999.6.5.12' + code_point: '0xfebb' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.13', + 'code_point': '0xfebc'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.5.7' + code_point: '0xfe70' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.5.8', + 'code_point': '0xfe71'}] + - + name: 'sphincssha256256frobust' + pretty_name: 'SPHINCS+-SHA256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.1' + code_point: '0xfe72' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.2', + 'code_point': '0xfe73'}] + - + name: 'sphincssha2256fsimple' + pretty_name: 'SPHINCS+-SHA2-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256f_simple' + oid: '1.3.9999.6.6.10' + code_point: '0xfebd' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.11', + 'code_point': '0xfebe'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.3' + code_point: '0xfe74' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.4', + 'code_point': '0xfe75'}] + - + name: 'sphincssha256256srobust' + pretty_name: 'SPHINCS+-SHA256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.5' + code_point: '0xfe76' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.6', + 'code_point': '0xfe77'}] + - + name: 'sphincssha2256ssimple' + pretty_name: 'SPHINCS+-SHA2-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256s_simple' + oid: '1.3.9999.6.6.12' + code_point: '0xfec0' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.13', + 'code_point': '0xfec1'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.6.7' + code_point: '0xfe78' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.6.8', + 'code_point': '0xfe79'}] + - + family: 'SPHINCS-SHAKE' + variants: + - + name: 'sphincsshake256128frobust' + pretty_name: 'SPHINCS+-SHAKE256-128f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.1' + code_point: '0xfe7a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.2', + 'code_point': '0xfe7b'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.3', + 'code_point': '0xfe7c'}] + - + name: 'sphincsshake128fsimple' + pretty_name: 'SPHINCS+-SHAKE-128f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128f_simple' + oid: '1.3.9999.6.7.13' + code_point: '0xfec2' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.14', + 'code_point': '0xfec3'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.15', + 'code_point': '0xfec4'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.4' + code_point: '0xfe7d' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.5', + 'code_point': '0xfe7e'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.6', + 'code_point': '0xfe7f'}] + - + name: 'sphincsshake256128srobust' + pretty_name: 'SPHINCS+-SHAKE256-128s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.7' + code_point: '0xfe80' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.8', + 'code_point': '0xfe81'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.9', + 'code_point': '0xfe82'}] + - + name: 'sphincsshake128ssimple' + pretty_name: 'SPHINCS+-SHAKE-128s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_128s_simple' + oid: '1.3.9999.6.7.16' + code_point: '0xfec5' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.17', + 'code_point': '0xfec6'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.18', + 'code_point': '0xfec7'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.7.10' + code_point: '0xfe83' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.6.7.11', + 'code_point': '0xfe84'}, + {'name': 'rsa3072', + 'pretty_name': 'RSA3072', + 'oid': '1.3.9999.6.7.12', + 'code_point': '0xfe85'}] + - + name: 'sphincsshake256192frobust' + pretty_name: 'SPHINCS+-SHAKE256-192f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.1' + code_point: '0xfe86' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.2', + 'code_point': '0xfe87'}] + - + name: 'sphincsshake192fsimple' + pretty_name: 'SPHINCS+-SHAKE-192f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192f_simple' + oid: '1.3.9999.6.8.10' + code_point: '0xfec8' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.11', + 'code_point': '0xfec9'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.3' + code_point: '0xfe88' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.4', + 'code_point': '0xfe89'}] + - + name: 'sphincsshake256192srobust' + pretty_name: 'SPHINCS+-SHAKE256-192s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.5' + code_point: '0xfe8a' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.6', + 'code_point': '0xfe8b'}] + - + name: 'sphincsshake192ssimple' + pretty_name: 'SPHINCS+-SHAKE-192s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_192s_simple' + oid: '1.3.9999.6.8.12' + code_point: '0xfeca' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.13', + 'code_point': '0xfecb'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.8.7' + code_point: '0xfe8c' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.6.8.8', + 'code_point': '0xfe8d'}] + - + name: 'sphincsshake256256frobust' + pretty_name: 'SPHINCS+-SHAKE256-256f-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.1' + code_point: '0xfe8e' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.2', + 'code_point': '0xfe8f'}] + - + name: 'sphincsshake256fsimple' + pretty_name: 'SPHINCS+-SHAKE-256f-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256f_simple' + oid: '1.3.9999.6.9.10' + code_point: '0xfecc' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.11', + 'code_point': '0xfecd'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.3' + code_point: '0xfe90' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.4', + 'code_point': '0xfe91'}] + - + name: 'sphincsshake256256srobust' + pretty_name: 'SPHINCS+-SHAKE256-256s-robust' + oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_robust' + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.5' + code_point: '0xfe92' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.6', + 'code_point': '0xfe93'}] + - + name: 'sphincsshake256ssimple' + pretty_name: 'SPHINCS+-SHAKE-256s-simple' + oqs_meth: 'OQS_SIG_alg_sphincs_shake_256s_simple' + oid: '1.3.9999.6.9.12' + code_point: '0xfece' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + enable: false + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.13', + 'code_point': '0xfecf'}] + extra_nids: + old: + - implementation_version: NIST Round 3 submission + nist-round: 3 + oid: '1.3.9999.6.9.7' + code_point: '0xfe94' + supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk'] + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.6.9.8', + 'code_point': '0xfe95'}] + - + family: 'MAYO' + variants: + - + name: 'mayo1' + pretty_name: 'MAYO-1' + oqs_meth: 'OQS_SIG_alg_mayo_1' + oid: '1.3.9999.8.1.1' + code_point: '0xfeee' + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.8.1.2', + 'code_point': '0xfef2'}] + - + name: 'mayo2' + pretty_name: 'MAYO-2' + oqs_meth: 'OQS_SIG_alg_mayo_2' + oid: '1.3.9999.8.2.1' + code_point: '0xfeef' + enable: true + mix_with: [{'name': 'p256', + 'pretty_name': 'ECDSA p256', + 'oid': '1.3.9999.8.2.2', + 'code_point': '0xfef3'}] + - + name: 'mayo3' + pretty_name: 'MAYO-3' + oqs_meth: 'OQS_SIG_alg_mayo_3' + oid: '1.3.9999.8.3.1' + code_point: '0xfef0' + enable: true + mix_with: [{'name': 'p384', + 'pretty_name': 'ECDSA p384', + 'oid': '1.3.9999.8.3.2', + 'code_point': '0xfef4'}] + - + name: 'mayo5' + pretty_name: 'MAYO-5' + oqs_meth: 'OQS_SIG_alg_mayo_5' + oid: '1.3.9999.8.5.1' + code_point: '0xfef1' + enable: true + mix_with: [{'name': 'p521', + 'pretty_name': 'ECDSA p521', + 'oid': '1.3.9999.8.5.2', + 'code_point': '0xfef5'}] + - + family: 'CROSS' + variants: + # RSDP 128 + - + name: 'CROSSrsdp128balanced' + pretty_name: 'CROSS-rsdp-128-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_balanced' + oid: '1.3.6.1.4.1.62245.2.1.1' + code_point: '0xfef6' + enable: true + - + name: 'CROSSrsdp128fast' + pretty_name: 'CROSS-rsdp-128-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_fast' + oid: '1.3.6.1.4.1.62245.2.1.2' + code_point: '0xfef7' + enable: false + - + name: 'CROSSrsdp128small' + pretty_name: 'CROSS-rsdp-128-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_128_small' + oid: '1.3.6.1.4.1.62245.2.1.3' + code_point: '0xfef8' + enable: false + # RSDP 192 + - + name: 'CROSSrsdp192balanced' + pretty_name: 'CROSS-rsdp-192-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_balanced' + oid: '1.3.6.1.4.1.62245.2.1.4' + code_point: '0xfef9' + enable: false + - + name: 'CROSSrsdp192fast' + pretty_name: 'CROSS-rsdp-192-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_fast' + oid: '1.3.6.1.4.1.62245.2.1.5' + code_point: '0xfefa' + enable: false + - + name: 'CROSSrsdp192small' + pretty_name: 'CROSS-rsdp-192-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_192_small' + oid: '1.3.6.1.4.1.62245.2.1.6' + code_point: '0xfefb' + enable: false + # RSDP 256 + # CROSS variants rsdp-256-balanced and rsdp-256-fast are missing because + # they produce certificates that are larger than the maximum size allowed + # by TLS 1.3 (RFC 8446 section B.3.3) + - + name: 'CROSSrsdp256small' + pretty_name: 'CROSS-rsdp-256-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdp_256_small' + oid: '1.3.6.1.4.1.62245.2.1.9' + code_point: '0xfefc' + enable: false + # RSDPG 128 + - + name: 'CROSSrsdpg128balanced' + pretty_name: 'CROSS-rsdpg-128-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_balanced' + oid: '1.3.6.1.4.1.62245.2.1.10' + code_point: '0xfefd' + enable: false + - + name: 'CROSSrsdpg128fast' + pretty_name: 'CROSS-rsdpg-128-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_fast' + oid: '1.3.6.1.4.1.62245.2.1.11' + code_point: '0xfefe' + enable: false + - + name: 'CROSSrsdpg128small' + pretty_name: 'CROSS-rsdpg-128-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_128_small' + oid: '1.3.6.1.4.1.62245.2.1.12' + code_point: '0xfeff' + enable: false + # RSDPG 192 + - + name: 'CROSSrsdpg192balanced' + pretty_name: 'CROSS-rsdpg-192-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_balanced' + oid: '1.3.6.1.4.1.62245.2.1.13' + code_point: '0xff00' + enable: false + - + name: 'CROSSrsdpg192fast' + pretty_name: 'CROSS-rsdpg-192-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_fast' + oid: '1.3.6.1.4.1.62245.2.1.14' + code_point: '0xff01' + enable: false + - + name: 'CROSSrsdpg192small' + pretty_name: 'CROSS-rsdpg-192-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_192_small' + oid: '1.3.6.1.4.1.62245.2.1.15' + code_point: '0xff02' + enable: false + # RSDPG 256 + - + name: 'CROSSrsdpg256balanced' + pretty_name: 'CROSS-rsdpg-256-balanced' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_balanced' + oid: '1.3.6.1.4.1.62245.2.1.16' + code_point: '0xff03' + enable: false + - + name: 'CROSSrsdpg256fast' + pretty_name: 'CROSS-rsdpg-256-fast' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_fast' + oid: '1.3.6.1.4.1.62245.2.1.17' + code_point: '0xff04' + enable: false + - + name: 'CROSSrsdpg256small' + pretty_name: 'CROSS-rsdpg-256-small' + oqs_meth: 'OQS_SIG_alg_cross_rsdpg_256_small' + oid: '1.3.6.1.4.1.62245.2.1.18' + code_point: '0xff05' + enable: false From 6f2739f9eb7d5b1f6a30b0512bbb4eeeeb9fdf86 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 08:45:17 +0100 Subject: [PATCH 02/10] Bump OQSPROVIDER_VERSION_TEXT Signed-off-by: Pravek Sharma --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 26dea0ea..fefb1d56 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.5 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.7.1-dev") +set(OQSPROVIDER_VERSION_TEXT "0.8.0-rc1") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") From 54dd7c86bea3b183478266cb99207f64cdba79e4 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 08:45:44 +0100 Subject: [PATCH 03/10] Update SECURITY.md Signed-off-by: Pravek Sharma --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 1a92ed30..484639e3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,8 @@ We only support the most recent release. | Version | Supported | | ------- | ------------------ | -| 0.7.0 | :white_check_mark: | +| 0.8.0-rc1 | :white_check_mark: | +| 0.7.0 | :x: | | 0.6.1 | :x: | | 0.6.0 | :x: | | 0.5.3 | :x: | From 3044bba222fa8e33d34532dd56fbd297478a7800 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 08:46:21 +0100 Subject: [PATCH 04/10] Point CI to liboqs 0.12.0 and OpenSSL 3.4.0 Signed-off-by: Pravek Sharma --- .github/workflows/linux.yml | 12 ++++++------ .github/workflows/macos.yml | 2 +- .github/workflows/windows.yml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 39116e00..8f2c656c 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -21,7 +21,7 @@ jobs: image: openquantumsafe/ci-ubuntu-jammy:latest env: MAKE_PARAMS: "-j 18" - LIBOQS_BRANCH: "main" + LIBOQS_BRANCH: "0.12.0" steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 @@ -38,7 +38,7 @@ jobs: strategy: fail-fast: false matrix: - ossl-branch: [openssl-3.3.2, master] + ossl-branch: [openssl-3.4.0, master] libjade-build: - "ON" - "OFF" @@ -59,7 +59,7 @@ jobs: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Full build - run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh + run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=0.12.0 OQS_LIBJADE_BUILD=${{ matrix.libjade-build }} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so - name: Test @@ -103,7 +103,7 @@ jobs: CXX: "clang++" ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer" ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1" - OPENSSL_BRANCH: "openssl-3.3.2" + OPENSSL_BRANCH: "openssl-3.4.0" steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 @@ -127,7 +127,7 @@ jobs: - name: Clone and build liboqs with ASan run: | - git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs + git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs cd liboqs mkdir build install cmake -GNinja -B build \ @@ -209,7 +209,7 @@ jobs: - name: Clone and build liboqs for linux-aarch64 working-directory: /opt/ run: | - git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs + git clone --depth=1 --branch 0.12.0 https://github.com/open-quantum-safe/liboqs.git liboqs cd liboqs mkdir build install cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 0c537db7..0dbb9697 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -39,7 +39,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.12.0 path: liboqs - name: Retrieve OpenSSL32 from cache id: cache-openssl32 diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index d817a672..de54a072 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -44,7 +44,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.12.0 path: liboqs - name: Install cygwin uses: cygwin/cygwin-install-action@master @@ -139,7 +139,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.12.0 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: @@ -253,7 +253,7 @@ jobs: with: set-safe-directory: true repository: open-quantum-safe/liboqs - ref: main + ref: 0.12.0 path: liboqs - uses: ilammy/msvc-dev-cmd@v1 with: From 8b0539654cd1a7c0f4702d9952907eea6faaa4e4 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sat, 14 Dec 2024 09:18:19 +0100 Subject: [PATCH 05/10] Update 0.8.0-rc1 release notes Signed-off-by: Pravek Sharma --- RELEASE.md | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 35b2ac1b..3e891d65 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -# oqs-provider 0.7.1-dev +# oqs-provider 0.8.0 release candidate 1 ## About @@ -14,7 +14,47 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.7.1-dev of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released. +This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released. + +### Deprecation notice + +The associated liboqs v0.12.0 release will be the last liboqs release to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). + +The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a new signature API which includes a context string parameter. The liboqs team is planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at [liboqs #2001](https://github.com/open-quantum-safe/liboqs/issues/2001). + +### Security considerations + +* CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue. + +### What's New + +In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider: + +* Updates IANA code points for ML-KEM. +* Adds support for ML-DSA (FIPS 204 final version) along with support for context strings (when built against an OpenSSL verision also supporting that feature). +* Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02. +* Adds a SBOM template in the CycloneDX 1.6 format. + +## What's Changed +* Switch to dev mode again by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/535 +* Add alexrow to CODEOWNERS by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/537 +* Correct 0.7.0 release notes by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/540 +* switch doc to release, add backlevel liboqs support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/544 +* fix file location error in P12 test by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/546 +* update MLKEM code points by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/559 +* Composite sigs update by @feventura in https://github.com/open-quantum-safe/oqs-provider/pull/549 +* Remove macos-12 runner due to GitHub deprecation. by @SWilson4 in https://github.com/open-quantum-safe/oqs-provider/pull/563 +* update IANA code points for ML-KEM by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/577 +* Adding version-conditional context string support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/583 +* Tracker for FIPS204 / ML-DSA by @bhess in https://github.com/open-quantum-safe/oqs-provider/pull/568 +* Add a SBOM template in CycloneDX format by @hughsie in https://github.com/open-quantum-safe/oqs-provider/pull/585 +* Changes needed when building with a static libcrypto on Linux by @ashman-p in https://github.com/open-quantum-safe/oqs-provider/pull/584 +* Add DTLS 1.3 support by @baentsch in https://github.com/open-quantum-safe/oqs-provider/pull/586 + +## New Contributors +* @hughsie made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/585 + +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0-rc1 Previous Release Notes ====================== From c6ef6fda3270868fda99373fa9b390f853fa68a8 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Sun, 15 Dec 2024 05:39:07 +0100 Subject: [PATCH 06/10] Update RELEASE.md Signed-off-by: Pravek Sharma --- RELEASE.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 3e891d65..28b6dfed 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -14,11 +14,11 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs` as and when released. +This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs`. ### Deprecation notice -The associated liboqs v0.12.0 release will be the last liboqs release to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). +This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) as support for Kyber will be removed with the next release of liboqs and oqsprovider. The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a new signature API which includes a context string parameter. The liboqs team is planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at [liboqs #2001](https://github.com/open-quantum-safe/liboqs/issues/2001). @@ -31,7 +31,8 @@ The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider: * Updates IANA code points for ML-KEM. -* Adds support for ML-DSA (FIPS 204 final version) along with support for context strings (when built against an OpenSSL verision also supporting that feature). +* Adds support for ML-DSA (FIPS 204 final version). +* Adds support for context strings (when built against an OpenSSL version also supporting that feature). * Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02. * Adds a SBOM template in the CycloneDX 1.6 format. From fec57d021dc1df1d1adfbb4ff4f477aa0bda4997 Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Tue, 17 Dec 2024 11:12:15 +0100 Subject: [PATCH 07/10] fixup! Update RELEASE.md Signed-off-by: Pravek Sharma --- RELEASE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 28b6dfed..00f8e256 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -20,8 +20,6 @@ This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) as support for Kyber will be removed with the next release of liboqs and oqsprovider. -The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a new signature API which includes a context string parameter. The liboqs team is planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at [liboqs #2001](https://github.com/open-quantum-safe/liboqs/issues/2001). - ### Security considerations * CVE-2024-54137: The associated liboqs v0.12.0 release fixed a bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. Thank you to Célian Glénaz and Dahmun Goudarzi from Quarkslab for identifying the issue. @@ -31,10 +29,12 @@ The addition of ML-DSA FIPS 204 final version to liboqs v0.12.0 has introduced a In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider: * Updates IANA code points for ML-KEM. +* Updates IANA code points for ML-KEM and changes FrodoKEM code points. * Adds support for ML-DSA (FIPS 204 final version). -* Adds support for context strings (when built against an OpenSSL version also supporting that feature). +* Adds support for context strings in OpenSSL versions >= 3.2. * Updates the implementation of draft-ietf-lamps-pq-composite-sigs from version 01 to version 02. * Adds a SBOM template in the CycloneDX 1.6 format. +* Adds support for DTLS 1.3 (pending support in OpenSSL). ## What's Changed * Switch to dev mode again by @praveksharma in https://github.com/open-quantum-safe/oqs-provider/pull/535 From fdbcf4a59e9be56eeb273ab13c88cda3cd2d8b5c Mon Sep 17 00:00:00 2001 From: Pravek Sharma Date: Tue, 17 Dec 2024 11:14:23 +0100 Subject: [PATCH 08/10] fixup! Update RELEASE.md Signed-off-by: Pravek Sharma --- RELEASE.md | 1 - 1 file changed, 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 00f8e256..27c082a3 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -28,7 +28,6 @@ This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS In addition to improving testing, CI, and fixing platform specific build issues this release of oqs-provider: -* Updates IANA code points for ML-KEM. * Updates IANA code points for ML-KEM and changes FrodoKEM code points. * Adds support for ML-DSA (FIPS 204 final version). * Adds support for context strings in OpenSSL versions >= 3.2. From 778058dee7457cae61cfc74422ca961ecbe25ed2 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Wed, 18 Dec 2024 17:16:38 +0100 Subject: [PATCH 09/10] remove rc1 tags Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- CMakeLists.txt | 2 +- RELEASE.md | 6 +++--- SECURITY.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fefb1d56..b852c2c4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,7 +4,7 @@ else() cmake_minimum_required(VERSION 3.5 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) -set(OQSPROVIDER_VERSION_TEXT "0.8.0-rc1") +set(OQSPROVIDER_VERSION_TEXT "0.8.0") set(CMAKE_C_STANDARD 11) set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS ON) if(CMAKE_BUILD_TYPE STREQUAL "Debug") diff --git a/RELEASE.md b/RELEASE.md index 27c082a3..14c4c506 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -# oqs-provider 0.8.0 release candidate 1 +# oqs-provider 0.8.0 ## About @@ -14,7 +14,7 @@ Further details on building, testing and use can be found in [README.md](https:/ ## Release notes -This is version 0.8.0-rc1 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs`. +This is version 0.8.0 of oqs-provider which continues from the earlier 0.7.0 release. This release is fully tested to be used in conjunction with the main branch of [liboqs](https://github.com/open-quantum-safe/liboqs) and is guaranteed to be in sync with v0.12.0 of `liboqs`. ### Deprecation notice @@ -54,7 +54,7 @@ In addition to improving testing, CI, and fixing platform specific build issues ## New Contributors * @hughsie made their first contribution in https://github.com/open-quantum-safe/oqs-provider/pull/585 -**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0-rc1 +**Full Changelog**: https://github.com/open-quantum-safe/oqs-provider/compare/0.7.0...0.8.0 Previous Release Notes ====================== diff --git a/SECURITY.md b/SECURITY.md index 484639e3..2159d47d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ We only support the most recent release. | Version | Supported | | ------- | ------------------ | -| 0.8.0-rc1 | :white_check_mark: | +| 0.8.0 | :white_check_mark: | | 0.7.0 | :x: | | 0.6.1 | :x: | | 0.6.0 | :x: | From 66d631d3b370ef04cca8be2f13aed22a1e0f7bfd Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:08:42 +0100 Subject: [PATCH 10/10] also announce removal of Dilithium [skip ci] Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- RELEASE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE.md b/RELEASE.md index 14c4c506..6c2c6085 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -18,7 +18,7 @@ This is version 0.8.0 of oqs-provider which continues from the earlier 0.7.0 rel ### Deprecation notice -This is to notify users of Kyber (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) as support for Kyber will be removed with the next release of liboqs and oqsprovider. +This is to notify users of Kyber and Dilithium (Round 3 version) to switch to the ML-KEM (FIPS 203 final version) and ML-DSA (FIPS 204 final version), respectively, as support for both will be removed with the next release of oqsprovider. ### Security considerations