Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
first cut adding ML-* (open-quantum-safe#348)
Browse files Browse the repository at this point in the history
* introducing ML-* algorithms

* split KEX testing in 2 and add openssl bug warning to README

* clarify utility of KEM OIDs
baentsch authored and feventura committed Mar 16, 2024
1 parent 23980cf commit cf6706f
Showing 21 changed files with 1,782 additions and 658 deletions.
111 changes: 71 additions & 40 deletions ALGORITHMS.md
Original file line number Diff line number Diff line change
@@ -38,6 +38,16 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
| p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 |
| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
| mlkem512 | 0x0247 | Yes | OQS_CODEPOINT_MLKEM512 |
| p256_mlkem512 | 0x2F47 | Yes | OQS_CODEPOINT_P256_MLKEM512 |
| x25519_mlkem512 | 0x2FB2 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
| mlkem768 | 0x0248 | Yes | OQS_CODEPOINT_MLKEM768 |
| p384_mlkem768 | 0x2F48 | Yes | OQS_CODEPOINT_P384_MLKEM768 |
| x448_mlkem768 | 0x2FB3 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
| x25519_mlkem768 | 0x2FB4 | Yes | OQS_CODEPOINT_X25519_MLKEM768 |
| p256_mlkem768 | 0x2FB5 | Yes | OQS_CODEPOINT_P256_MLKEM768 |
| mlkem1024 | 0x0249 | Yes | OQS_CODEPOINT_MLKEM1024 |
| p521_mlkem1024 | 0x2F49 | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
| p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
| x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
@@ -61,6 +71,13 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
| p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
| dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5
| p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
| mldsa44 | 0xfed0 |Yes| OQS_CODEPOINT_MLDSA44
| p256_mldsa44 | 0xfed3 |Yes| OQS_CODEPOINT_P256_MLDSA44
| rsa3072_mldsa44 | 0xfed4 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44
| mldsa65 | 0xfed1 |Yes| OQS_CODEPOINT_MLDSA65
| p384_mldsa65 | 0xfed5 |Yes| OQS_CODEPOINT_P384_MLDSA65
| mldsa87 | 0xfed2 |Yes| OQS_CODEPOINT_MLDSA87
| p521_mldsa87 | 0xfed6 |Yes| OQS_CODEPOINT_P521_MLDSA87
| falcon512 | 0xfeae |Yes| OQS_CODEPOINT_FALCON512
| p256_falcon512 | 0xfeaf |Yes| OQS_CODEPOINT_P256_FALCON512
| rsa3072_falcon512 | 0xfeb0 |Yes| OQS_CODEPOINT_RSA3072_FALCON512
@@ -136,9 +153,13 @@ adapting the OIDs of all supported signature algorithms as per the table below.
| dilithium3_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_DILITHIUM3_ed25519
| dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5
| p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5
| dilithium5_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_DILITHIUM5_p384
| dilithium5_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_DILITHIUM5_bp384
| dilithium5_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_DILITHIUM5_ed448
| mldsa44 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_MLDSA44
| p256_mldsa44 | 1.3.9999.7.1 |Yes| OQS_OID_P256_MLDSA44
| rsa3072_mldsa44 | 1.3.9999.7.2 |Yes| OQS_OID_RSA3072_MLDSA44
| mldsa65 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_MLDSA65
| p384_mldsa65 | 1.3.9999.7.3 |Yes| OQS_OID_P384_MLDSA65
| mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87
| p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87
| falcon512 | 1.3.9999.3.6 |Yes| OQS_OID_FALCON512
| p256_falcon512 | 1.3.9999.3.7 |Yes| OQS_OID_P256_FALCON512
| rsa3072_falcon512 | 1.3.9999.3.8 |Yes| OQS_OID_RSA3072_FALCON512
@@ -180,48 +201,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li

|Algorithm name | default OID | environment variable |
|---------------|:-----------------:|----------------------|
| frodo640aes | 1.3.9999.99.50 | OQS_OID_FRODO640AES
| p256_frodo640aes | 1.3.9999.99.49 | OQS_OID_P256_FRODO640AES
| x25519_frodo640aes | 1.3.9999.99.38 | OQS_OID_X25519_FRODO640AES
| frodo640shake | 1.3.9999.99.52 | OQS_OID_FRODO640SHAKE
| p256_frodo640shake | 1.3.9999.99.51 | OQS_OID_P256_FRODO640SHAKE
| x25519_frodo640shake | 1.3.9999.99.39 | OQS_OID_X25519_FRODO640SHAKE
| frodo976aes | 1.3.9999.99.54 | OQS_OID_FRODO976AES
| p384_frodo976aes | 1.3.9999.99.53 | OQS_OID_P384_FRODO976AES
| x448_frodo976aes | 1.3.9999.99.40 | OQS_OID_X448_FRODO976AES
| frodo976shake | 1.3.9999.99.56 | OQS_OID_FRODO976SHAKE
| p384_frodo976shake | 1.3.9999.99.55 | OQS_OID_P384_FRODO976SHAKE
| x448_frodo976shake | 1.3.9999.99.41 | OQS_OID_X448_FRODO976SHAKE
| frodo1344aes | 1.3.9999.99.58 | OQS_OID_FRODO1344AES
| p521_frodo1344aes | 1.3.9999.99.57 | OQS_OID_P521_FRODO1344AES
| frodo1344shake | 1.3.9999.99.60 | OQS_OID_FRODO1344SHAKE
| p521_frodo1344shake | 1.3.9999.99.59 | OQS_OID_P521_FRODO1344SHAKE
| frodo640aes | 1.3.9999.99.58 | OQS_OID_FRODO640AES
| p256_frodo640aes | 1.3.9999.99.57 | OQS_OID_P256_FRODO640AES
| x25519_frodo640aes | 1.3.9999.99.43 | OQS_OID_X25519_FRODO640AES
| frodo640shake | 1.3.9999.99.60 | OQS_OID_FRODO640SHAKE
| p256_frodo640shake | 1.3.9999.99.59 | OQS_OID_P256_FRODO640SHAKE
| x25519_frodo640shake | 1.3.9999.99.44 | OQS_OID_X25519_FRODO640SHAKE
| frodo976aes | 1.3.9999.99.62 | OQS_OID_FRODO976AES
| p384_frodo976aes | 1.3.9999.99.61 | OQS_OID_P384_FRODO976AES
| x448_frodo976aes | 1.3.9999.99.45 | OQS_OID_X448_FRODO976AES
| frodo976shake | 1.3.9999.99.64 | OQS_OID_FRODO976SHAKE
| p384_frodo976shake | 1.3.9999.99.63 | OQS_OID_P384_FRODO976SHAKE
| x448_frodo976shake | 1.3.9999.99.46 | OQS_OID_X448_FRODO976SHAKE
| frodo1344aes | 1.3.9999.99.66 | OQS_OID_FRODO1344AES
| p521_frodo1344aes | 1.3.9999.99.65 | OQS_OID_P521_FRODO1344AES
| frodo1344shake | 1.3.9999.99.68 | OQS_OID_FRODO1344SHAKE
| p521_frodo1344shake | 1.3.9999.99.67 | OQS_OID_P521_FRODO1344SHAKE
| kyber512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_KYBER512
| p256_kyber512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_KYBER512
| x25519_kyber512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_KYBER512
| kyber768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_KYBER768
| p384_kyber768 | 1.3.9999.99.61 | OQS_OID_P384_KYBER768
| x448_kyber768 | 1.3.9999.99.42 | OQS_OID_X448_KYBER768
| x25519_kyber768 | 1.3.9999.99.43 | OQS_OID_X25519_KYBER768
| p256_kyber768 | 1.3.9999.99.44 | OQS_OID_P256_KYBER768
| p384_kyber768 | 1.3.9999.99.69 | OQS_OID_P384_KYBER768
| x448_kyber768 | 1.3.9999.99.47 | OQS_OID_X448_KYBER768
| x25519_kyber768 | 1.3.9999.99.48 | OQS_OID_X25519_KYBER768
| p256_kyber768 | 1.3.9999.99.49 | OQS_OID_P256_KYBER768
| kyber1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_KYBER1024
| p521_kyber1024 | 1.3.9999.99.62 | OQS_OID_P521_KYBER1024
| bikel1 | 1.3.9999.99.64 | OQS_OID_BIKEL1
| p256_bikel1 | 1.3.9999.99.63 | OQS_OID_P256_BIKEL1
| x25519_bikel1 | 1.3.9999.99.45 | OQS_OID_X25519_BIKEL1
| bikel3 | 1.3.9999.99.66 | OQS_OID_BIKEL3
| p384_bikel3 | 1.3.9999.99.65 | OQS_OID_P384_BIKEL3
| x448_bikel3 | 1.3.9999.99.46 | OQS_OID_X448_BIKEL3
| bikel5 | 1.3.9999.99.68 | OQS_OID_BIKEL5
| p521_bikel5 | 1.3.9999.99.67 | OQS_OID_P521_BIKEL5
| hqc128 | 1.3.9999.99.70 | OQS_OID_HQC128
| p256_hqc128 | 1.3.9999.99.69 | OQS_OID_P256_HQC128
| x25519_hqc128 | 1.3.9999.99.47 | OQS_OID_X25519_HQC128
| hqc192 | 1.3.9999.99.72 | OQS_OID_HQC192
| p384_hqc192 | 1.3.9999.99.71 | OQS_OID_P384_HQC192
| x448_hqc192 | 1.3.9999.99.48 | OQS_OID_X448_HQC192
| hqc256 | 1.3.9999.99.74 | OQS_OID_HQC256
| p521_hqc256 | 1.3.9999.99.73 | OQS_OID_P521_HQC256
| p521_kyber1024 | 1.3.9999.99.70 | OQS_OID_P521_KYBER1024
| mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512
| p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512
| x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512
| mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768
| p384_mlkem768 | 1.3.9999.99.71 | OQS_OID_P384_MLKEM768
| x448_mlkem768 | 1.3.9999.99.50 | OQS_OID_X448_MLKEM768
| x25519_mlkem768 | 1.3.9999.99.51 | OQS_OID_X25519_MLKEM768
| p256_mlkem768 | 1.3.9999.99.52 | OQS_OID_P256_MLKEM768
| mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024
| p521_mlkem1024 | 1.3.9999.99.72 | OQS_OID_P521_MLKEM1024
| bikel1 | 1.3.9999.99.74 | OQS_OID_BIKEL1
| p256_bikel1 | 1.3.9999.99.73 | OQS_OID_P256_BIKEL1
| x25519_bikel1 | 1.3.9999.99.53 | OQS_OID_X25519_BIKEL1
| bikel3 | 1.3.9999.99.76 | OQS_OID_BIKEL3
| p384_bikel3 | 1.3.9999.99.75 | OQS_OID_P384_BIKEL3
| x448_bikel3 | 1.3.9999.99.54 | OQS_OID_X448_BIKEL3
| bikel5 | 1.3.9999.99.78 | OQS_OID_BIKEL5
| p521_bikel5 | 1.3.9999.99.77 | OQS_OID_P521_BIKEL5
| hqc128 | 1.3.9999.99.80 | OQS_OID_HQC128
| p256_hqc128 | 1.3.9999.99.79 | OQS_OID_P256_HQC128
| x25519_hqc128 | 1.3.9999.99.55 | OQS_OID_X25519_HQC128
| hqc192 | 1.3.9999.99.82 | OQS_OID_HQC192
| p384_hqc192 | 1.3.9999.99.81 | OQS_OID_P384_HQC192
| x448_hqc192 | 1.3.9999.99.56 | OQS_OID_X448_HQC192
| hqc256 | 1.3.9999.99.84 | OQS_OID_HQC256
| p521_hqc256 | 1.3.9999.99.83 | OQS_OID_P521_HQC256
<!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->

# Key Encodings
11 changes: 7 additions & 4 deletions CONFIGURE.md
Original file line number Diff line number Diff line change
@@ -54,10 +54,13 @@ The default value is `OFF`.

### OQS_KEM_ENCODERS

By setting this to "ON", `oqsprovider` is configured to provide encoders and decoders for
KEM algorithms both for public and private key file formats. This increases the size of
the provider but enables further use cases.
The default value is `OFF`.
By setting this to "ON", `oqsprovider` is configured to provide encoders
and decoders for KEM algorithms both for public and private key file formats.
This increases the size of the provider but enables further use cases.
The underlying OIDs are chosen at random and should not be relied on for
future use. For purposes of interoperability testing the chosen OIDs can
always --at runtime-- be set by [environment variables](https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md#oids) to arbitrary values
The default value therefore is `OFF`.

### OQS_PROVIDER_BUILD_STATIC

13 changes: 11 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -40,11 +40,13 @@ This implementation makes available the following quantum safe algorithms:
- **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p384_kyber768`, `x448_kyber768`, `x25519_kyber768`, `p256_kyber768`, `kyber1024`, `p521_kyber1024`
- **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `x448_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `x448_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake`
- **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `x448_hqc192`, `hqc256`, `p521_hqc256`
- **ML-KEM**: `mlkem512`, `p256_mlkem512`, `x25519_mlkem512`, `mlkem768`, `p384_mlkem768`, `x448_mlkem768`, `x25519_mlkem768`, `p256_mlkem768`, `mlkem1024`, `p521_mlkem1024`

### Signature algorithms

- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium2_pss2048`\*, `dilithium2_rsa2048`\*, `dilithium2_ed25519`\*, `dilithium2_p256`\*, `dilithium2_bp256`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium3_pss3072`\*, `dilithium3_rsa3072`\*, `dilithium3_p256`\*, `dilithium3_bp256`\*, `dilithium3_ed25519`\*, `dilithium5`\*, `p521_dilithium5`\*, `dilithium5_p384`\*, `dilithium5_bp384`\*, `dilithium5_ed448`\*
- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon512_p256`\*, `falcon512_bp256`\*, `falcon512_ed25519`\*, `falcon1024`\*, `p521_falcon1024`\*
- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\*
- **ML-DSA**:`mldsa44`\*, `p256_mldsa44`\*, `rsa3072_mldsa44`\*, `mldsa65`\*, `p384_mldsa65`\*, `mldsa87`\*, `p521_mldsa87`\*
- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\*

- **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple`
- **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple`
@@ -144,6 +146,13 @@ as documented in https://github.com/openssl/openssl/issues/22761.
When https://github.com/openssl/openssl/pull/22779 land, the last config-time limitation
for provider-based signatures should be gone.

A limitation present in all OpenSSL versions is the number of default groups
supported: [At most 44 default groups may be specified](https://github.com/openssl/openssl/issues/23624)
, e.g., passing to [SSL_CTX_set1_groups](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html).
Therefore caution is advised activating all KEMs supported by `oqsprovider`:
This may lead to `openssl` crashing.


For [general OpenSSL implementation limitations, e.g., regarding provider feature usage and support,
see here](https://wiki.openssl.org/index.php/OpenSSL_3.0#STATUS_of_current_development).

8 changes: 4 additions & 4 deletions oqs-template/generate.py
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ def get_kem_nistlevel(alg):
if alg['family'] == 'CRYSTALS-Kyber': datasheetname = 'kyber'
elif alg['family'] == 'SIDH': datasheetname = 'sike'
elif alg['family'] == 'NTRU-Prime': datasheetname = 'ntruprime'
else: datasheetname = alg['family'].lower()
else: datasheetname = alg['family'].lower().replace('-', '_')
# load datasheet
algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'kem', '{:s}.yml'.format(datasheetname))
algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8'))
@@ -53,7 +53,7 @@ def simplify(s):
return False
# find the variant that matches
for variant in algyml['parameter-sets']:
if matches(variant['name'], alg):
if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)):
return variant['claimed-nist-level']
return None

@@ -66,7 +66,7 @@ def get_sig_nistlevel(family, alg):
elif family['family'] == 'SPHINCS-Haraka': datasheetname = 'sphincs'
elif family['family'] == 'SPHINCS-SHA2': datasheetname = 'sphincs'
elif family['family'] == 'SPHINCS-SHAKE': datasheetname = 'sphincs'
else: datasheetname = family['family'].lower()
else: datasheetname = family['family'].lower().replace('-', '_')
# load datasheet
algymlfilename = os.path.join(os.environ['LIBOQS_SRC_DIR'], 'docs', 'algorithms', 'sig', '{:s}.yml'.format(datasheetname))
algyml = yaml.safe_load(file_get_contents(algymlfilename, encoding='utf-8'))
@@ -78,7 +78,7 @@ def simplify(s):
return False
# find the variant that matches
for variant in algyml['parameter-sets']:
if matches(variant['name'], alg):
if matches(variant['name'], alg) or ('alias' in variant and matches(variant['alias'], alg)):
return variant['claimed-nist-level']
return None

79 changes: 77 additions & 2 deletions oqs-template/generate.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
# Next free plain KEM ID: 0x0247, p-hybrid: 0x2F47, X-hybrid: 0x2FB2
# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4A, X-hybrid: 0x2FB6
kems:
-
family: 'FrodoKEM'
@@ -145,6 +145,41 @@ kems:
hybrid_group: secp521_r1
nid: '0x2F11'
oqs_alg: 'OQS_KEM_alg_kyber_1024'
-
family: 'ML-KEM'
name_group: 'mlkem512'
nid: '0x0247'
oid: '1.3.6.1.4.1.22554.5.6.1'
nid_hybrid: '0x2F47'
hybrid_oid: '1.3.6.1.4.1.22554.5.7.1'
oqs_alg: 'OQS_KEM_alg_ml_kem_512'
extra_nids:
current:
- hybrid_group: "x25519"
hybrid_oid: '1.3.6.1.4.1.22554.5.8.1'
nid: '0x2FB2'
-
family: 'ML-KEM'
name_group: 'mlkem768'
nid: '0x0248'
oid: '1.3.6.1.4.1.22554.5.6.2'
nid_hybrid: '0x2F48'
oqs_alg: 'OQS_KEM_alg_ml_kem_768'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2FB3'
- hybrid_group: "x25519"
nid: '0x2FB4'
- hybrid_group: "p256"
nid: '0x2FB5'
-
family: 'ML-KEM'
name_group: 'mlkem1024'
nid: '0x0249'
oid: '1.3.6.1.4.1.22554.5.6.3'
nid_hybrid: '0x2F49'
oqs_alg: 'OQS_KEM_alg_ml_kem_1024'
-
family: 'BIKE'
name_group: 'bike1l1fo'
@@ -358,7 +393,7 @@ kem_nid_end: '0x0250'
kem_nid_hybrid_end: '0x2FFF'
# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values

# Next free signature ID: 0xfed0
# Next free signature ID: 0xfed7
sigs:
# -
# iso (1)
@@ -557,6 +592,46 @@ sigs:
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.2.11.4',
'code_point': '0xfead'}]
-
family: 'ML-DSA'
variants:
-
name: 'mldsa44'
pretty_name: 'ML-DSA-44'
oqs_meth: 'OQS_SIG_alg_ml_dsa_44'
oid: '1.3.6.1.4.1.2.267.12.4.4'
code_point: '0xfed0'
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.7.1',
'code_point': '0xfed3'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.7.2',
'code_point': '0xfed4'}]
-
name: 'mldsa65'
pretty_name: 'ML-DSA-65'
oqs_meth: 'OQS_SIG_alg_ml_dsa_65'
oid: '1.3.6.1.4.1.2.267.12.6.5'
code_point: '0xfed1'
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.7.3',
'code_point': '0xfed5'}]
-
name: 'mldsa87'
pretty_name: 'ML-DSA-87'
oqs_meth: 'OQS_SIG_alg_ml_dsa_87'
oid: '1.3.6.1.4.1.2.267.12.8.7'
code_point: '0xfed2'
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.7.4',
'code_point': '0xfed6'}]
-
# iso (1)
# identified-organization (3)
Loading

0 comments on commit cf6706f

Please sign in to comment.