From a924d21c22fcaa31ea953affcd984003e5557c09 Mon Sep 17 00:00:00 2001 From: Goutam Tamvada Date: Wed, 5 Aug 2020 16:03:25 -0400 Subject: [PATCH] Added HQC variants. (#227) --- README.md | 3 ++ apps/s_cb.c | 12 ++++++++ crypto/ec/oqs_meth.c | 24 +++++++++++++++ crypto/objects/obj_dat.h | 42 +++++++++++++++++++++++-- crypto/objects/obj_mac.num | 12 ++++++++ crypto/objects/objects.txt | 12 ++++++++ include/openssl/evp.h | 4 +-- include/openssl/obj_mac.h | 48 +++++++++++++++++++++++++++++ oqs-interop-test/ossl_algorithms.py | 4 +-- oqs-template/generate.yml | 37 ++++++++++++++++++++++ oqs-test/common.py | 4 +-- ssl/ssl_local.h | 48 +++++++++++++++++++++++++---- ssl/t1_lib.c | 25 +++++++++++++++ ssl/t1_trce.c | 12 ++++++++ 14 files changed, 272 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 6600a93b26918..07d7bdfa7fb3c 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h - `oqs_kem_default` (see [here](https://github.com/open-quantum-safe/openssl/wiki/Using-liboqs-algorithms-that-are-not-in-the-forks#oqsdefault) for what this denotes) - **BIKE**: `bike1l1cpa`, `bike1l3cpa`, `bike1l1fo`, `bike1l3fo` - **FrodoKEM**: `frodo640aes`, `frodo640shake`, `frodo976aes`, `frodo976shake`, `frodo1344aes`, `frodo1344shake` +- **HQC**: `hqc128_1_cca2`, `hqc192_1_cca2`, `hqc192_2_cca2`, `hqc256_1_cca2`† , `hqc256_2_cca2`†, `hqc256_3_cca2`† - **Kyber**: `kyber512`, `kyber768`, `kyber1024`, `kyber90s512`, `kyber90s768`, `kyber90s1024` - **LEDA**: `ledacryptkemlt12`, `ledacryptkemlt32`, `ledacryptkemlt52` - **NewHope**: `newhope512cca`, `newhope1024cca` @@ -93,6 +94,8 @@ If ```` is any of the algorithms listed above, the following hybrid algorit For example, since `kyber768` claims L3 security, the hybrid `p384_kyber768` is available. +Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. + #### Authentication The following digital signature algorithms from liboqs are supported by the fork. **Note that not all variants of all algorithms are enabled by default; algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssl/wiki/Using-liboqs-algorithms-not-in-the-fork#code-generation)**. diff --git a/apps/s_cb.c b/apps/s_cb.c index b981565917dbd..3e34832132b88 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -515,6 +515,12 @@ static const char* OQS_CURVE_ID_NAME_STR(int id) { case 0x022F: return "babybearephem"; case 0x0230: return "mamabearephem"; case 0x0231: return "papabearephem"; + case 0x0232: return "hqc128_1_cca2"; + case 0x0233: return "hqc192_1_cca2"; + case 0x0234: return "hqc192_2_cca2"; + case 0x0235: return "hqc256_1_cca2"; + case 0x0236: return "hqc256_2_cca2"; + case 0x0237: return "hqc256_3_cca2"; ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_END case 0x2FFF: return "p256_oqs_kem_default hybrid"; ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_HYBRID_START @@ -557,6 +563,12 @@ static const char* OQS_CURVE_ID_NAME_STR(int id) { case 0x2F2F: return "p256_babybearephem hybrid"; case 0x2F30: return "p384_mamabearephem hybrid"; case 0x2F31: return "p521_papabearephem hybrid"; + case 0x2F32: return "p256_hqc128_1_cca2 hybrid"; + case 0x2F33: return "p384_hqc192_1_cca2 hybrid"; + case 0x2F34: return "p384_hqc192_2_cca2 hybrid"; + case 0x2F35: return "p521_hqc256_1_cca2 hybrid"; + case 0x2F36: return "p521_hqc256_2_cca2 hybrid"; + case 0x2F37: return "p521_hqc256_3_cca2 hybrid"; ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_HYBRID_END default: return ""; } diff --git a/crypto/ec/oqs_meth.c b/crypto/ec/oqs_meth.c index 48d17b87cfcc5..b8c7ce18577d2 100644 --- a/crypto/ec/oqs_meth.c +++ b/crypto/ec/oqs_meth.c @@ -157,6 +157,12 @@ int oqssl_kem_nids_list[] = { NID_babybearephem, NID_mamabearephem, NID_papabearephem, + NID_hqc128_1_cca2, + NID_hqc192_1_cca2, + NID_hqc192_2_cca2, + NID_hqc256_1_cca2, + NID_hqc256_2_cca2, + NID_hqc256_3_cca2, /////// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_KEM_NIDS_END }; @@ -358,6 +364,24 @@ char* get_oqs_alg_name(int openssl_nid) case NID_papabearephem: case NID_p521_papabearephem: return OQS_KEM_alg_threebears_papabear_ephem; + case NID_hqc128_1_cca2: + case NID_p256_hqc128_1_cca2: + return OQS_KEM_alg_hqc_128_1_cca2; + case NID_hqc192_1_cca2: + case NID_p384_hqc192_1_cca2: + return OQS_KEM_alg_hqc_192_1_cca2; + case NID_hqc192_2_cca2: + case NID_p384_hqc192_2_cca2: + return OQS_KEM_alg_hqc_192_2_cca2; + case NID_hqc256_1_cca2: + case NID_p521_hqc256_1_cca2: + return OQS_KEM_alg_hqc_256_1_cca2; + case NID_hqc256_2_cca2: + case NID_p521_hqc256_2_cca2: + return OQS_KEM_alg_hqc_256_2_cca2; + case NID_hqc256_3_cca2: + case NID_p521_hqc256_3_cca2: + return OQS_KEM_alg_hqc_256_3_cca2; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_ALG_END default: return NULL; diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 2b88b7b60a245..0d44cf895e138 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1116,7 +1116,7 @@ static const unsigned char so[8044] = { 0x2B,0xCE,0x0F,0x06,0x01,0x03, /* [ 8037] OBJ_rsa3072_sphincsharaka128frobust */ }; -#define NUM_NID 1313 +#define NUM_NID 1325 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2431,9 +2431,21 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"p384_mamabearephem", "p384_mamabearephem", NID_p384_mamabearephem}, {"papabearephem", "papabearephem", NID_papabearephem}, {"p521_papabearephem", "p521_papabearephem", NID_p521_papabearephem}, + {"hqc128_1_cca2", "hqc128_1_cca2", NID_hqc128_1_cca2}, + {"p256_hqc128_1_cca2", "p256_hqc128_1_cca2", NID_p256_hqc128_1_cca2}, + {"hqc192_1_cca2", "hqc192_1_cca2", NID_hqc192_1_cca2}, + {"p384_hqc192_1_cca2", "p384_hqc192_1_cca2", NID_p384_hqc192_1_cca2}, + {"hqc192_2_cca2", "hqc192_2_cca2", NID_hqc192_2_cca2}, + {"p384_hqc192_2_cca2", "p384_hqc192_2_cca2", NID_p384_hqc192_2_cca2}, + {"hqc256_1_cca2", "hqc256_1_cca2", NID_hqc256_1_cca2}, + {"p521_hqc256_1_cca2", "p521_hqc256_1_cca2", NID_p521_hqc256_1_cca2}, + {"hqc256_2_cca2", "hqc256_2_cca2", NID_hqc256_2_cca2}, + {"p521_hqc256_2_cca2", "p521_hqc256_2_cca2", NID_p521_hqc256_2_cca2}, + {"hqc256_3_cca2", "hqc256_3_cca2", NID_hqc256_3_cca2}, + {"p521_hqc256_3_cca2", "p521_hqc256_3_cca2", NID_p521_hqc256_3_cca2}, }; -#define NUM_SN 1304 +#define NUM_SN 1316 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2945,6 +2957,12 @@ static const unsigned int sn_objs[NUM_SN] = { 473, /* "homeTelephoneNumber" */ 466, /* "host" */ 889, /* "houseIdentifier" */ + 1313, /* "hqc128_1_cca2" */ + 1315, /* "hqc192_1_cca2" */ + 1317, /* "hqc192_2_cca2" */ + 1319, /* "hqc256_1_cca2" */ + 1321, /* "hqc256_2_cca2" */ + 1323, /* "hqc256_3_cca2" */ 442, /* "iA5StringSyntax" */ 783, /* "id-DHBasedMac" */ 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ @@ -3352,6 +3370,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1207, /* "p256_falcon512" */ 1236, /* "p256_frodo640aes" */ 1238, /* "p256_frodo640shake" */ + 1314, /* "p256_hqc128_1_cca2" */ 1256, /* "p256_kyber512" */ 1296, /* "p256_kyber90s512" */ 1274, /* "p256_lightsaber" */ @@ -3374,6 +3393,8 @@ static const unsigned int sn_objs[NUM_SN] = { 1205, /* "p384_dilithium4" */ 1240, /* "p384_frodo976aes" */ 1242, /* "p384_frodo976shake" */ + 1316, /* "p384_hqc192_1_cca2" */ + 1318, /* "p384_hqc192_2_cca2" */ 1258, /* "p384_kyber768" */ 1298, /* "p384_kyber90s768" */ 1304, /* "p384_mamabear" */ @@ -3388,6 +3409,9 @@ static const unsigned int sn_objs[NUM_SN] = { 1278, /* "p521_firesaber" */ 1244, /* "p521_frodo1344aes" */ 1246, /* "p521_frodo1344shake" */ + 1320, /* "p521_hqc256_1_cca2" */ + 1322, /* "p521_hqc256_2_cca2" */ + 1324, /* "p521_hqc256_3_cca2" */ 1260, /* "p521_kyber1024" */ 1300, /* "p521_kyber90s1024" */ 1264, /* "p521_newhope1024cca" */ @@ -3741,7 +3765,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1304 +#define NUM_LN 1316 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4285,6 +4309,12 @@ static const unsigned int ln_objs[NUM_LN] = { 473, /* "homeTelephoneNumber" */ 466, /* "host" */ 889, /* "houseIdentifier" */ + 1313, /* "hqc128_1_cca2" */ + 1315, /* "hqc192_1_cca2" */ + 1317, /* "hqc192_2_cca2" */ + 1319, /* "hqc256_1_cca2" */ + 1321, /* "hqc256_2_cca2" */ + 1323, /* "hqc256_3_cca2" */ 442, /* "iA5StringSyntax" */ 381, /* "iana" */ 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ @@ -4633,6 +4663,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1207, /* "p256_falcon512" */ 1236, /* "p256_frodo640aes" */ 1238, /* "p256_frodo640shake" */ + 1314, /* "p256_hqc128_1_cca2" */ 1256, /* "p256_kyber512" */ 1296, /* "p256_kyber90s512" */ 1274, /* "p256_lightsaber" */ @@ -4655,6 +4686,8 @@ static const unsigned int ln_objs[NUM_LN] = { 1205, /* "p384_dilithium4" */ 1240, /* "p384_frodo976aes" */ 1242, /* "p384_frodo976shake" */ + 1316, /* "p384_hqc192_1_cca2" */ + 1318, /* "p384_hqc192_2_cca2" */ 1258, /* "p384_kyber768" */ 1298, /* "p384_kyber90s768" */ 1304, /* "p384_mamabear" */ @@ -4669,6 +4702,9 @@ static const unsigned int ln_objs[NUM_LN] = { 1278, /* "p521_firesaber" */ 1244, /* "p521_frodo1344aes" */ 1246, /* "p521_frodo1344shake" */ + 1320, /* "p521_hqc256_1_cca2" */ + 1322, /* "p521_hqc256_2_cca2" */ + 1324, /* "p521_hqc256_3_cca2" */ 1260, /* "p521_kyber1024" */ 1300, /* "p521_kyber90s1024" */ 1264, /* "p521_newhope1024cca" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index b56ac5eae8382..9463adc752cca 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1310,3 +1310,15 @@ mamabearephem 1309 p384_mamabearephem 1310 papabearephem 1311 p521_papabearephem 1312 +hqc128_1_cca2 1313 +p256_hqc128_1_cca2 1314 +hqc192_1_cca2 1315 +p384_hqc192_1_cca2 1316 +hqc192_2_cca2 1317 +p384_hqc192_2_cca2 1318 +hqc256_1_cca2 1319 +p521_hqc256_1_cca2 1320 +hqc256_2_cca2 1321 +p521_hqc256_2_cca2 1322 +hqc256_3_cca2 1323 +p521_hqc256_3_cca2 1324 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index c411c3f052ac3..04b3cbd58854c 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1757,6 +1757,18 @@ dstu4145le 2 9 : uacurve9 : DSTU curve 9 : p384_mamabearephem : p384_mamabearephem : papabearephem : papabearephem : p521_papabearephem : p521_papabearephem + : hqc128_1_cca2 : hqc128_1_cca2 + : p256_hqc128_1_cca2 : p256_hqc128_1_cca2 + : hqc192_1_cca2 : hqc192_1_cca2 + : p384_hqc192_1_cca2 : p384_hqc192_1_cca2 + : hqc192_2_cca2 : hqc192_2_cca2 + : p384_hqc192_2_cca2 : p384_hqc192_2_cca2 + : hqc256_1_cca2 : hqc256_1_cca2 + : p521_hqc256_1_cca2 : p521_hqc256_1_cca2 + : hqc256_2_cca2 : hqc256_2_cca2 + : p521_hqc256_2_cca2 : p521_hqc256_2_cca2 + : hqc256_3_cca2 : hqc256_3_cca2 + : p521_hqc256_3_cca2 : p521_hqc256_3_cca2 ##### OQS_TEMPLATE_FRAGMENT_LIST_KEMS_END ##### OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 44d4baae819cd..168453faf2ddf 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -103,8 +103,8 @@ # define EVP_PKEY_P256_SPHINCSHARAKA128FROBUST NID_p256_sphincsharaka128frobust # define EVP_PKEY_RSA3072_SPHINCSHARAKA128FROBUST NID_rsa3072_sphincsharaka128frobust #define OQS_OPENSSL_SIG_algs_length 38 -#define OQS_OPENSSL_KEM_algs_length 39 -#define IS_OQS_OPENSSL_KEM_NID(a) ((a >= NID_oqs_kem_default) && (a <= NID_p521_papabearephem)) +#define OQS_OPENSSL_KEM_algs_length 45 +#define IS_OQS_OPENSSL_KEM_NID(a) ((a >= NID_oqs_kem_default) && (a <= NID_p521_hqc256_3_cca2)) #define IS_OQS_OPENSSL_SIG_NID(a) ((a >= NID_oqs_sig_default) && (a <= NID_rsa3072_sphincsharaka128frobust)) /////// OQS_TEMPLATE_FRAGMENT_DEFINE_EVP_PKEYS_END const char *OQSKEM_options(void); diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 74264e4896968..c0c59fb77b14e 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5517,6 +5517,54 @@ #define LN_p521_papabearephem "p521_papabearephem" #define NID_p521_papabearephem 1312 +#define SN_hqc128_1_cca2 "hqc128_1_cca2" +#define LN_hqc128_1_cca2 "hqc128_1_cca2" +#define NID_hqc128_1_cca2 1313 + +#define SN_p256_hqc128_1_cca2 "p256_hqc128_1_cca2" +#define LN_p256_hqc128_1_cca2 "p256_hqc128_1_cca2" +#define NID_p256_hqc128_1_cca2 1314 + +#define SN_hqc192_1_cca2 "hqc192_1_cca2" +#define LN_hqc192_1_cca2 "hqc192_1_cca2" +#define NID_hqc192_1_cca2 1315 + +#define SN_p384_hqc192_1_cca2 "p384_hqc192_1_cca2" +#define LN_p384_hqc192_1_cca2 "p384_hqc192_1_cca2" +#define NID_p384_hqc192_1_cca2 1316 + +#define SN_hqc192_2_cca2 "hqc192_2_cca2" +#define LN_hqc192_2_cca2 "hqc192_2_cca2" +#define NID_hqc192_2_cca2 1317 + +#define SN_p384_hqc192_2_cca2 "p384_hqc192_2_cca2" +#define LN_p384_hqc192_2_cca2 "p384_hqc192_2_cca2" +#define NID_p384_hqc192_2_cca2 1318 + +#define SN_hqc256_1_cca2 "hqc256_1_cca2" +#define LN_hqc256_1_cca2 "hqc256_1_cca2" +#define NID_hqc256_1_cca2 1319 + +#define SN_p521_hqc256_1_cca2 "p521_hqc256_1_cca2" +#define LN_p521_hqc256_1_cca2 "p521_hqc256_1_cca2" +#define NID_p521_hqc256_1_cca2 1320 + +#define SN_hqc256_2_cca2 "hqc256_2_cca2" +#define LN_hqc256_2_cca2 "hqc256_2_cca2" +#define NID_hqc256_2_cca2 1321 + +#define SN_p521_hqc256_2_cca2 "p521_hqc256_2_cca2" +#define LN_p521_hqc256_2_cca2 "p521_hqc256_2_cca2" +#define NID_p521_hqc256_2_cca2 1322 + +#define SN_hqc256_3_cca2 "hqc256_3_cca2" +#define LN_hqc256_3_cca2 "hqc256_3_cca2" +#define NID_hqc256_3_cca2 1323 + +#define SN_p521_hqc256_3_cca2 "p521_hqc256_3_cca2" +#define LN_p521_hqc256_3_cca2 "p521_hqc256_3_cca2" +#define NID_p521_hqc256_3_cca2 1324 + #define SN_oqs_sig_default "oqs_sig_default" #define LN_oqs_sig_default "oqs_sig_default" #define NID_oqs_sig_default 1195 diff --git a/oqs-interop-test/ossl_algorithms.py b/oqs-interop-test/ossl_algorithms.py index 6c97dfb2effa9..c65d0f498821c 100644 --- a/oqs-interop-test/ossl_algorithms.py +++ b/oqs-interop-test/ossl_algorithms.py @@ -2,9 +2,9 @@ 'oqs_kem_default', 'p256_oqs_kem_default', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_START # post-quantum key exchanges - 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem', + 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem','hqc128_1_cca2','hqc192_1_cca2','hqc192_2_cca2','hqc256_1_cca2','hqc256_2_cca2','hqc256_3_cca2', # post-quantum + classical key exchanges - 'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem', + 'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem','p256_hqc128_1_cca2','p384_hqc192_1_cca2','p384_hqc192_2_cca2','p521_hqc256_1_cca2','p521_hqc256_2_cca2','p521_hqc256_3_cca2', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END ] signatures = [ diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 4b732cd59b6ab..d0d69d36f31bf 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -235,6 +235,43 @@ kems: nid_hybrid: "0x2F31" oqs_alg: "OQS_KEM_alg_threebears_papabear_ephem" bit_security: 256 + - + name_group: "hqc128_1_cca2" + nid: "0x0232" + nid_hybrid: "0x2F32" + oqs_alg: 'OQS_KEM_alg_hqc_128_1_cca2' + bit_security: 128 + - + name_group: 'hqc192_1_cca2' + nid: "0x0233" + nid_hybrid: "0x2F33" + oqs_alg: 'OQS_KEM_alg_hqc_192_1_cca2' + bit_security: 192 + - + name_group: 'hqc192_2_cca2' + nid: "0x0234" + nid_hybrid: "0x2F34" + oqs_alg: 'OQS_KEM_alg_hqc_192_2_cca2' + bit_security: 192 + - + name_group: 'hqc256_1_cca2' + nid: "0x0235" + nid_hybrid: "0x2F35" + oqs_alg: 'OQS_KEM_alg_hqc_256_1_cca2' + bit_security: 256 + - + name_group: 'hqc256_2_cca2' + nid: "0x0236" + nid_hybrid: "0x2F36" + oqs_alg: 'OQS_KEM_alg_hqc_256_2_cca2' + bit_security: 256 + - + name_group: 'hqc256_3_cca2' + nid: "0x0237" + nid_hybrid: "0x2F37" + oqs_alg: 'OQS_KEM_alg_hqc_256_3_cca2' + bit_security: 256 + kem_nid_end: "0x0250" kem_nid_hybrid_end: "0x2FFF" # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values diff --git a/oqs-test/common.py b/oqs-test/common.py index ceca098acd905..e736d3c8f49af 100644 --- a/oqs-test/common.py +++ b/oqs-test/common.py @@ -8,9 +8,9 @@ 'oqs_kem_default', 'p256_oqs_kem_default', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_START # post-quantum key exchanges - 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem', + 'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem','hqc128_1_cca2','hqc192_1_cca2','hqc192_2_cca2','hqc256_1_cca2','hqc256_2_cca2','hqc256_3_cca2', # post-quantum + classical key exchanges - 'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem', + 'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem','p256_hqc128_1_cca2','p384_hqc192_1_cca2','p384_hqc192_2_cca2','p521_hqc256_1_cca2','p521_hqc256_2_cca2','p521_hqc256_3_cca2', ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END ] signatures = [ diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 92faa84c6c038..3953e65a88ad0 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -562,8 +562,14 @@ (nid == NID_babybearephem ? 0x022F : \ (nid == NID_mamabearephem ? 0x0230 : \ (nid == NID_papabearephem ? 0x0231 : \ + (nid == NID_hqc128_1_cca2 ? 0x0232 : \ + (nid == NID_hqc192_1_cca2 ? 0x0233 : \ + (nid == NID_hqc192_2_cca2 ? 0x0234 : \ + (nid == NID_hqc256_1_cca2 ? 0x0235 : \ + (nid == NID_hqc256_2_cca2 ? 0x0236 : \ + (nid == NID_hqc256_3_cca2 ? 0x0237 : \ 0 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_KEM_CURVEID_END ///// OQS_TEMPLATE_FRAGMENT_OQS_KEM_HYBRID_CURVEID_START @@ -608,8 +614,14 @@ (nid == NID_p256_babybearephem ? 0x2F2F : \ (nid == NID_p384_mamabearephem ? 0x2F30 : \ (nid == NID_p521_papabearephem ? 0x2F31 : \ + (nid == NID_p256_hqc128_1_cca2 ? 0x2F32 : \ + (nid == NID_p384_hqc192_1_cca2 ? 0x2F33 : \ + (nid == NID_p384_hqc192_2_cca2 ? 0x2F34 : \ + (nid == NID_p521_hqc256_1_cca2 ? 0x2F35 : \ + (nid == NID_p521_hqc256_2_cca2 ? 0x2F36 : \ + (nid == NID_p521_hqc256_3_cca2 ? 0x2F37 : \ 0 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_KEM_HYBRID_CURVEID_END /* Returns the non-hybrid OQS KEM NID for a PQ or hybrid curve ID */ @@ -655,8 +667,14 @@ (curveID == 0x022F || curveID == 0x2F2F ? NID_babybearephem : \ (curveID == 0x0230 || curveID == 0x2F30 ? NID_mamabearephem : \ (curveID == 0x0231 || curveID == 0x2F31 ? NID_papabearephem : \ + (curveID == 0x0232 || curveID == 0x2F32 ? NID_hqc128_1_cca2 : \ + (curveID == 0x0233 || curveID == 0x2F33 ? NID_hqc192_1_cca2 : \ + (curveID == 0x0234 || curveID == 0x2F34 ? NID_hqc192_2_cca2 : \ + (curveID == 0x0235 || curveID == 0x2F35 ? NID_hqc256_1_cca2 : \ + (curveID == 0x0236 || curveID == 0x2F36 ? NID_hqc256_2_cca2 : \ + (curveID == 0x0237 || curveID == 0x2F37 ? NID_hqc256_3_cca2 : \ 0 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_KEM_NID_END /* Returns the hybrid OQS KEM NID for a hybrid curve ID */ @@ -702,8 +720,14 @@ (curveID == 0x2F2F ? NID_p256_babybearephem : \ (curveID == 0x2F30 ? NID_p384_mamabearephem : \ (curveID == 0x2F31 ? NID_p521_papabearephem : \ + (curveID == 0x2F32 ? NID_p256_hqc128_1_cca2 : \ + (curveID == 0x2F33 ? NID_p384_hqc192_1_cca2 : \ + (curveID == 0x2F34 ? NID_p384_hqc192_2_cca2 : \ + (curveID == 0x2F35 ? NID_p521_hqc256_1_cca2 : \ + (curveID == 0x2F36 ? NID_p521_hqc256_2_cca2 : \ + (curveID == 0x2F37 ? NID_p521_hqc256_3_cca2 : \ 0 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_HYBRID_KEM_NID_END /* Returns true if the curve ID is for an OQS KEM */ @@ -757,8 +781,14 @@ (nid == NID_babybearephem ? OQS_KEM_alg_threebears_babybear_ephem : \ (nid == NID_mamabearephem ? OQS_KEM_alg_threebears_mamabear_ephem : \ (nid == NID_papabearephem ? OQS_KEM_alg_threebears_papabear_ephem : \ + (nid == NID_hqc128_1_cca2 ? OQS_KEM_alg_hqc_128_1_cca2 : \ + (nid == NID_hqc192_1_cca2 ? OQS_KEM_alg_hqc_192_1_cca2 : \ + (nid == NID_hqc192_2_cca2 ? OQS_KEM_alg_hqc_192_2_cca2 : \ + (nid == NID_hqc256_1_cca2 ? OQS_KEM_alg_hqc_256_1_cca2 : \ + (nid == NID_hqc256_2_cca2 ? OQS_KEM_alg_hqc_256_2_cca2 : \ + (nid == NID_hqc256_3_cca2 ? OQS_KEM_alg_hqc_256_3_cca2 : \ 0 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_ALG_NAME_END /* Returns the classic curve ID for a given hybrid curve */ @@ -804,8 +834,14 @@ (cid == 0x2F2F ?23: \ (cid == 0x2F30 ?24: \ (cid == 0x2F31 ?25: \ + (cid == 0x2F32 ?23: \ + (cid == 0x2F33 ?24: \ + (cid == 0x2F34 ?24: \ + (cid == 0x2F35 ?25: \ + (cid == 0x2F36 ?25: \ + (cid == 0x2F37 ?25: \ 23 \ - )))))))))))))))))))))))))))))))))))))))) + )))))))))))))))))))))))))))))))))))))))))))))) ///// OQS_TEMPLATE_FRAGMENT_OQS_MAP_HYBRID_END /* Returns the classical nid for an hybrid alg */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 82e70bb0071a3..7ccd6b55ffbc1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -221,6 +221,12 @@ static const TLS_GROUP_INFO oqs_nid_list[] = { {NID_babybearephem, 128, TLS_CURVE_CUSTOM}, /* babybearephem (0x022F) */ {NID_mamabearephem, 192, TLS_CURVE_CUSTOM}, /* mamabearephem (0x0230) */ {NID_papabearephem, 256, TLS_CURVE_CUSTOM}, /* papabearephem (0x0231) */ + {NID_hqc128_1_cca2, 128, TLS_CURVE_CUSTOM}, /* hqc128_1_cca2 (0x0232) */ + {NID_hqc192_1_cca2, 192, TLS_CURVE_CUSTOM}, /* hqc192_1_cca2 (0x0233) */ + {NID_hqc192_2_cca2, 192, TLS_CURVE_CUSTOM}, /* hqc192_2_cca2 (0x0234) */ + {NID_hqc256_1_cca2, 256, TLS_CURVE_CUSTOM}, /* hqc256_1_cca2 (0x0235) */ + {NID_hqc256_2_cca2, 256, TLS_CURVE_CUSTOM}, /* hqc256_2_cca2 (0x0236) */ + {NID_hqc256_3_cca2, 256, TLS_CURVE_CUSTOM}, /* hqc256_3_cca2 (0x0237) */ ///// OQS_TEMPLATE_FRAGMENT_OQS_NID_LIST_END }; /* Hybrid OQS groups. Security level is classical. */ @@ -266,6 +272,12 @@ static const TLS_GROUP_INFO oqs_hybrid_nid_list[] = { {NID_p256_babybearephem, 128, TLS_CURVE_CUSTOM}, /* p256/384/521 + babybearephem hybrid (0x022F) */ {NID_p384_mamabearephem, 192, TLS_CURVE_CUSTOM}, /* p256/384/521 + mamabearephem hybrid (0x0230) */ {NID_p521_papabearephem, 256, TLS_CURVE_CUSTOM}, /* p256/384/521 + papabearephem hybrid (0x0231) */ + {NID_p256_hqc128_1_cca2, 128, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc128_1_cca2 hybrid (0x0232) */ + {NID_p384_hqc192_1_cca2, 192, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc192_1_cca2 hybrid (0x0233) */ + {NID_p384_hqc192_2_cca2, 192, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc192_2_cca2 hybrid (0x0234) */ + {NID_p521_hqc256_1_cca2, 256, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc256_1_cca2 hybrid (0x0235) */ + {NID_p521_hqc256_2_cca2, 256, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc256_2_cca2 hybrid (0x0236) */ + {NID_p521_hqc256_3_cca2, 256, TLS_CURVE_CUSTOM}, /* p256/384/521 + hqc256_3_cca2 hybrid (0x0237) */ ///// OQS_TEMPLATE_FRAGMENT_OQS_NID_LIST_HYBRID_END }; @@ -298,6 +310,7 @@ static const uint16_t eccurves_default[] = { 0x2F29, /* OQS kyber90s512 hybrid */ 0x2F2C, /* OQS babybear hybrid */ 0x2F2F, /* OQS babybearephem hybrid */ + 0x2F32, /* OQS hqc128_1_cca2 hybrid */ ///// OQS_TEMPLATE_FRAGMENT_ECCURVES_DEFAULT_HYBRID_END }; @@ -393,6 +406,18 @@ static const uint16_t oqs_all_tls13_server_groups[] = { 0x2F30, /* OQS mamabearephem hybrid */ 0x0231, /* papabearephem */ 0x2F31, /* OQS papabearephem hybrid */ + 0x0232, /* hqc128_1_cca2 */ + 0x2F32, /* OQS hqc128_1_cca2 hybrid */ + 0x0233, /* hqc192_1_cca2 */ + 0x2F33, /* OQS hqc192_1_cca2 hybrid */ + 0x0234, /* hqc192_2_cca2 */ + 0x2F34, /* OQS hqc192_2_cca2 hybrid */ + 0x0235, /* hqc256_1_cca2 */ + 0x2F35, /* OQS hqc256_1_cca2 hybrid */ + 0x0236, /* hqc256_2_cca2 */ + 0x2F36, /* OQS hqc256_2_cca2 hybrid */ + 0x0237, /* hqc256_3_cca2 */ + 0x2F37, /* OQS hqc256_3_cca2 hybrid */ ///// OQS_TEMPLATE_FRAGMENT_ALL_OQS_CURVEIDS_END }; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 54e7f69be70d2..81d468a6a6be7 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -571,6 +571,12 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { {OQS_KEM_CURVEID(NID_babybearephem), "babybearephem"}, {OQS_KEM_CURVEID(NID_mamabearephem), "mamabearephem"}, {OQS_KEM_CURVEID(NID_papabearephem), "papabearephem"}, + {OQS_KEM_CURVEID(NID_hqc128_1_cca2), "hqc128_1_cca2"}, + {OQS_KEM_CURVEID(NID_hqc192_1_cca2), "hqc192_1_cca2"}, + {OQS_KEM_CURVEID(NID_hqc192_2_cca2), "hqc192_2_cca2"}, + {OQS_KEM_CURVEID(NID_hqc256_1_cca2), "hqc256_1_cca2"}, + {OQS_KEM_CURVEID(NID_hqc256_2_cca2), "hqc256_2_cca2"}, + {OQS_KEM_CURVEID(NID_hqc256_3_cca2), "hqc256_3_cca2"}, ///// OQS_TEMPLATE_FRAGMENT_SSL_GROUPS_TBL_END {OQS_KEM_CURVEID(NID_p256_oqs_kem_default), "p256 - OQS KEM default hybrid"}, ///// OQS_TEMPLATE_FRAGMENT_SSL_GROUPS_TBL_HYBRID_START @@ -613,6 +619,12 @@ static const ssl_trace_tbl ssl_groups_tbl[] = { {OQS_KEM_CURVEID(NID_p256_babybearephem), "p256 - babybearephem hybrid"}, {OQS_KEM_CURVEID(NID_p384_mamabearephem), "p384 - mamabearephem hybrid"}, {OQS_KEM_CURVEID(NID_p521_papabearephem), "p521 - papabearephem hybrid"}, + {OQS_KEM_CURVEID(NID_p256_hqc128_1_cca2), "p256 - hqc128_1_cca2 hybrid"}, + {OQS_KEM_CURVEID(NID_p384_hqc192_1_cca2), "p384 - hqc192_1_cca2 hybrid"}, + {OQS_KEM_CURVEID(NID_p384_hqc192_2_cca2), "p384 - hqc192_2_cca2 hybrid"}, + {OQS_KEM_CURVEID(NID_p521_hqc256_1_cca2), "p521 - hqc256_1_cca2 hybrid"}, + {OQS_KEM_CURVEID(NID_p521_hqc256_2_cca2), "p521 - hqc256_2_cca2 hybrid"}, + {OQS_KEM_CURVEID(NID_p521_hqc256_3_cca2), "p521 - hqc256_3_cca2 hybrid"}, ///// OQS_TEMPLATE_FRAGMENT_SSL_GROUPS_TBL_HYBRID_END {0xFF01, "arbitrary_explicit_prime_curves"}, {0xFF02, "arbitrary_explicit_char2_curves"}