tracking fips204

Signed-off-by: Basil Hess <[email protected]>
open-quantum-safe · Nov 13, 2024 · 65f3804 · 65f3804
1 parent 527e41c
commit 65f3804
Show file tree

Hide file tree

Showing 9 changed files with 1,673 additions and 1,083 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -72,23 +72,23 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | p384_dilithium3 | 0xfea4 |Yes| OQS_CODEPOINT_P384_DILITHIUM3
 | dilithium5 | 0xfea5 |Yes| OQS_CODEPOINT_DILITHIUM5
 | p521_dilithium5 | 0xfea6 |Yes| OQS_CODEPOINT_P521_DILITHIUM5
-| mldsa44 | 0xfed0 |Yes| OQS_CODEPOINT_MLDSA44
-| p256_mldsa44 | 0xfed3 |Yes| OQS_CODEPOINT_P256_MLDSA44
-| rsa3072_mldsa44 | 0xfed4 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44
+| mldsa44 | 0xff06 |Yes| OQS_CODEPOINT_MLDSA44
+| p256_mldsa44 | 0xff09 |Yes| OQS_CODEPOINT_P256_MLDSA44
+| rsa3072_mldsa44 | 0xff0a |Yes| OQS_CODEPOINT_RSA3072_MLDSA44
 | mldsa44_pss2048 | 0xfee1 |Yes| OQS_CODEPOINT_MLDSA44_pss2048
 | mldsa44_rsa2048 | 0xfee2 |Yes| OQS_CODEPOINT_MLDSA44_rsa2048
 | mldsa44_ed25519 | 0xfee3 |Yes| OQS_CODEPOINT_MLDSA44_ed25519
 | mldsa44_p256 | 0xfee4 |Yes| OQS_CODEPOINT_MLDSA44_p256
 | mldsa44_bp256 | 0xfee5 |Yes| OQS_CODEPOINT_MLDSA44_bp256
-| mldsa65 | 0xfed1 |Yes| OQS_CODEPOINT_MLDSA65
-| p384_mldsa65 | 0xfed5 |Yes| OQS_CODEPOINT_P384_MLDSA65
+| mldsa65 | 0xff07 |Yes| OQS_CODEPOINT_MLDSA65
+| p384_mldsa65 | 0xff0b |Yes| OQS_CODEPOINT_P384_MLDSA65
 | mldsa65_pss3072 | 0xfee6 |Yes| OQS_CODEPOINT_MLDSA65_pss3072
 | mldsa65_rsa3072 | 0xfee7 |Yes| OQS_CODEPOINT_MLDSA65_rsa3072
 | mldsa65_p256 | 0xfee8 |Yes| OQS_CODEPOINT_MLDSA65_p256
 | mldsa65_bp256 | 0xfee9 |Yes| OQS_CODEPOINT_MLDSA65_bp256
 | mldsa65_ed25519 | 0xfeea |Yes| OQS_CODEPOINT_MLDSA65_ed25519
-| mldsa87 | 0xfed2 |Yes| OQS_CODEPOINT_MLDSA87
-| p521_mldsa87 | 0xfed6 |Yes| OQS_CODEPOINT_P521_MLDSA87
+| mldsa87 | 0xff08 |Yes| OQS_CODEPOINT_MLDSA87
+| p521_mldsa87 | 0xff0c |Yes| OQS_CODEPOINT_P521_MLDSA87
 | mldsa87_p384 | 0xfeeb |Yes| OQS_CODEPOINT_MLDSA87_p384
 | mldsa87_bp384 | 0xfeec |Yes| OQS_CODEPOINT_MLDSA87_bp384
 | mldsa87_ed448 | 0xfeed |Yes| OQS_CODEPOINT_MLDSA87_ed448
@@ -190,23 +190,23 @@ discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351.
 | p384_dilithium3 | 1.3.9999.2.7.3 |Yes| OQS_OID_P384_DILITHIUM3
 | dilithium5 | 1.3.6.1.4.1.2.267.7.8.7 |Yes| OQS_OID_DILITHIUM5
 | p521_dilithium5 | 1.3.9999.2.7.4 |Yes| OQS_OID_P521_DILITHIUM5
-| mldsa44 | 1.3.6.1.4.1.2.267.12.4.4 |Yes| OQS_OID_MLDSA44
-| p256_mldsa44 | 1.3.9999.7.1 |Yes| OQS_OID_P256_MLDSA44
-| rsa3072_mldsa44 | 1.3.9999.7.2 |Yes| OQS_OID_RSA3072_MLDSA44
+| mldsa44 | 2.16.840.1.101.3.4.3.17 |Yes| OQS_OID_MLDSA44
+| p256_mldsa44 | 1.3.9999.7.5 |Yes| OQS_OID_P256_MLDSA44
+| rsa3072_mldsa44 | 1.3.9999.7.6 |Yes| OQS_OID_RSA3072_MLDSA44
 | mldsa44_pss2048 | 2.16.840.1.114027.80.8.1.1 |Yes| OQS_OID_MLDSA44_pss2048
 | mldsa44_rsa2048 | 2.16.840.1.114027.80.8.1.2 |Yes| OQS_OID_MLDSA44_rsa2048
 | mldsa44_ed25519 | 2.16.840.1.114027.80.8.1.3 |Yes| OQS_OID_MLDSA44_ed25519
 | mldsa44_p256 | 2.16.840.1.114027.80.8.1.4 |Yes| OQS_OID_MLDSA44_p256
 | mldsa44_bp256 | 2.16.840.1.114027.80.8.1.5 |Yes| OQS_OID_MLDSA44_bp256
-| mldsa65 | 1.3.6.1.4.1.2.267.12.6.5 |Yes| OQS_OID_MLDSA65
-| p384_mldsa65 | 1.3.9999.7.3 |Yes| OQS_OID_P384_MLDSA65
+| mldsa65 | 2.16.840.1.101.3.4.3.18 |Yes| OQS_OID_MLDSA65
+| p384_mldsa65 | 1.3.9999.7.7 |Yes| OQS_OID_P384_MLDSA65
 | mldsa65_pss3072 | 2.16.840.1.114027.80.8.1.6 |Yes| OQS_OID_MLDSA65_pss3072
 | mldsa65_rsa3072 | 2.16.840.1.114027.80.8.1.7 |Yes| OQS_OID_MLDSA65_rsa3072
 | mldsa65_p256 | 2.16.840.1.114027.80.8.1.8 |Yes| OQS_OID_MLDSA65_p256
 | mldsa65_bp256 | 2.16.840.1.114027.80.8.1.9 |Yes| OQS_OID_MLDSA65_bp256
 | mldsa65_ed25519 | 2.16.840.1.114027.80.8.1.10 |Yes| OQS_OID_MLDSA65_ed25519
-| mldsa87 | 1.3.6.1.4.1.2.267.12.8.7 |Yes| OQS_OID_MLDSA87
-| p521_mldsa87 | 1.3.9999.7.4 |Yes| OQS_OID_P521_MLDSA87
+| mldsa87 | 2.16.840.1.101.3.4.3.19 |Yes| OQS_OID_MLDSA87
+| p521_mldsa87 | 1.3.9999.7.8 |Yes| OQS_OID_P521_MLDSA87
 | mldsa87_p384 | 2.16.840.1.114027.80.8.1.11 |Yes| OQS_OID_MLDSA87_p384
 | mldsa87_bp384 | 2.16.840.1.114027.80.8.1.12 |Yes| OQS_OID_MLDSA87_bp384
 | mldsa87_ed448 | 2.16.840.1.114027.80.8.1.13 |Yes| OQS_OID_MLDSA87_ed448

diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -424,7 +424,7 @@ kem_nid_end: '0x0250'
 kem_nid_hybrid_end: '0x2FFF'
 # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values
 
-# Next free signature ID: 0xff06
+# Next free signature ID: 0xff19
 sigs:
   # -
     # iso (1)
@@ -580,17 +580,17 @@ sigs:
         name: 'mldsa44'
         pretty_name: 'ML-DSA-44'
         oqs_meth: 'OQS_SIG_alg_ml_dsa_44'
-        oid: '1.3.6.1.4.1.2.267.12.4.4'
-        code_point: '0xfed0'
+        oid: '2.16.840.1.101.3.4.3.17'
+        code_point: '0xff06'
         enable: true
         mix_with: [{'name': 'p256',
                     'pretty_name': 'ECDSA p256',
-                    'oid': '1.3.9999.7.1',
-                    'code_point': '0xfed3'},
+                    'oid': '1.3.9999.7.5',
+                    'code_point': '0xff09'},
                    {'name': 'rsa3072',
                     'pretty_name': 'RSA3072',
-                    'oid': '1.3.9999.7.2',
-                    'code_point': '0xfed4'}]
+                    'oid': '1.3.9999.7.6',
+                    'code_point': '0xff0a'}]
         composite:  [{'name': 'pss2048',
                       'pretty_name': 'RSA PSS 2048',
                       'security': '112',
@@ -620,13 +620,13 @@ sigs:
         name: 'mldsa65'
         pretty_name: 'ML-DSA-65'
         oqs_meth: 'OQS_SIG_alg_ml_dsa_65'
-        oid: '1.3.6.1.4.1.2.267.12.6.5'
-        code_point: '0xfed1'
+        oid: '2.16.840.1.101.3.4.3.18'
+        code_point: '0xff07'
         enable: true
         mix_with: [{'name': 'p384',
                     'pretty_name': 'ECDSA p384',
-                    'oid': '1.3.9999.7.3',
-                    'code_point': '0xfed5'}]
+                    'oid': '1.3.9999.7.7',
+                    'code_point': '0xff0b'}]
         composite:  [{'name': 'pss3072',
                       'pretty_name': 'RSA PSS 3072',
                       'security': '128',
@@ -656,13 +656,13 @@ sigs:
         name: 'mldsa87'
         pretty_name: 'ML-DSA-87'
         oqs_meth: 'OQS_SIG_alg_ml_dsa_87'
-        oid: '1.3.6.1.4.1.2.267.12.8.7'
-        code_point: '0xfed2'
+        oid: '2.16.840.1.101.3.4.3.19'
+        code_point: '0xff08'
         enable: true
         mix_with: [{'name': 'p521',
                     'pretty_name': 'ECDSA p521',
-                    'oid': '1.3.9999.7.4',
-                    'code_point': '0xfed6'}]
+                    'oid': '1.3.9999.7.8',
+                    'code_point': '0xff0c'}]
         composite:  [{'name': 'p384',
                       'pretty_name': 'ECDSA p384',
                       'security': '192',

diff --git a/oqs-template/oqs-sig-info.md b/oqs-template/oqs-sig-info.md
@@ -58,26 +58,26 @@
 | mayo3 **hybrid with** p384                        | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1            |                    3 | 0xfef4       | 1.3.9999.8.3.2              |
 | mayo5                                             | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1            |                    5 | 0xfef1       | 1.3.9999.8.5.1              |
 | mayo5 **hybrid with** p521                        | https://doi.org/10.46586/tches.v2024.i2.252-275 | 1            |                    5 | 0xfef5       | 1.3.9999.8.5.2              |
-| mldsa44                                           | ML-DSA-ipd                                      | ipd          |                    1 | 0xfed0       | 1.3.6.1.4.1.2.267.12.4.4    |
-| mldsa44 **hybrid with** p256                      | ML-DSA-ipd                                      | ipd          |                    1 | 0xfed3       | 1.3.9999.7.1                |
-| mldsa44 **hybrid with** rsa3072                   | ML-DSA-ipd                                      | ipd          |                    1 | 0xfed4       | 1.3.9999.7.2                |
-| mldsa44 **composite with** pss2048                | ML-DSA-ipd                                      | ipd          |                    1 | 0xfee1       | 2.16.840.1.114027.80.8.1.1  |
-| mldsa44 **composite with** rsa2048                | ML-DSA-ipd                                      | ipd          |                    1 | 0xfee2       | 2.16.840.1.114027.80.8.1.2  |
-| mldsa44 **composite with** ed25519                | ML-DSA-ipd                                      | ipd          |                    1 | 0xfee3       | 2.16.840.1.114027.80.8.1.3  |
-| mldsa44 **composite with** p256                   | ML-DSA-ipd                                      | ipd          |                    1 | 0xfee4       | 2.16.840.1.114027.80.8.1.4  |
-| mldsa44 **composite with** bp256                  | ML-DSA-ipd                                      | ipd          |                    1 | 0xfee5       | 2.16.840.1.114027.80.8.1.5  |
-| mldsa65                                           | ML-DSA-ipd                                      | ipd          |                    3 | 0xfed1       | 1.3.6.1.4.1.2.267.12.6.5    |
-| mldsa65 **hybrid with** p384                      | ML-DSA-ipd                                      | ipd          |                    3 | 0xfed5       | 1.3.9999.7.3                |
-| mldsa65 **composite with** pss3072                | ML-DSA-ipd                                      | ipd          |                    3 | 0xfee6       | 2.16.840.1.114027.80.8.1.6  |
-| mldsa65 **composite with** rsa3072                | ML-DSA-ipd                                      | ipd          |                    3 | 0xfee7       | 2.16.840.1.114027.80.8.1.7  |
-| mldsa65 **composite with** p256                   | ML-DSA-ipd                                      | ipd          |                    3 | 0xfee8       | 2.16.840.1.114027.80.8.1.8  |
-| mldsa65 **composite with** bp256                  | ML-DSA-ipd                                      | ipd          |                    3 | 0xfee9       | 2.16.840.1.114027.80.8.1.9  |
-| mldsa65 **composite with** ed25519                | ML-DSA-ipd                                      | ipd          |                    3 | 0xfeea       | 2.16.840.1.114027.80.8.1.10 |
-| mldsa87                                           | ML-DSA-ipd                                      | ipd          |                    5 | 0xfed2       | 1.3.6.1.4.1.2.267.12.8.7    |
-| mldsa87 **hybrid with** p521                      | ML-DSA-ipd                                      | ipd          |                    5 | 0xfed6       | 1.3.9999.7.4                |
-| mldsa87 **composite with** p384                   | ML-DSA-ipd                                      | ipd          |                    5 | 0xfeeb       | 2.16.840.1.114027.80.8.1.11 |
-| mldsa87 **composite with** bp384                  | ML-DSA-ipd                                      | ipd          |                    5 | 0xfeec       | 2.16.840.1.114027.80.8.1.12 |
-| mldsa87 **composite with** ed448                  | ML-DSA-ipd                                      | ipd          |                    5 | 0xfeed       | 2.16.840.1.114027.80.8.1.13 |
+| mldsa44                                           | ML-DSA                                          | FIPS204      |                    1 | 0xff06       | 2.16.840.1.101.3.4.3.17     |
+| mldsa44 **hybrid with** p256                      | ML-DSA                                          | FIPS204      |                    1 | 0xff09       | 1.3.9999.7.5                |
+| mldsa44 **hybrid with** rsa3072                   | ML-DSA                                          | FIPS204      |                    1 | 0xff0a       | 1.3.9999.7.6                |
+| mldsa44 **composite with** pss2048                | ML-DSA                                          | FIPS204      |                    1 | 0xfee1       | 2.16.840.1.114027.80.8.1.1  |
+| mldsa44 **composite with** rsa2048                | ML-DSA                                          | FIPS204      |                    1 | 0xfee2       | 2.16.840.1.114027.80.8.1.2  |
+| mldsa44 **composite with** ed25519                | ML-DSA                                          | FIPS204      |                    1 | 0xfee3       | 2.16.840.1.114027.80.8.1.3  |
+| mldsa44 **composite with** p256                   | ML-DSA                                          | FIPS204      |                    1 | 0xfee4       | 2.16.840.1.114027.80.8.1.4  |
+| mldsa44 **composite with** bp256                  | ML-DSA                                          | FIPS204      |                    1 | 0xfee5       | 2.16.840.1.114027.80.8.1.5  |
+| mldsa65                                           | ML-DSA                                          | FIPS204      |                    3 | 0xff07       | 2.16.840.1.101.3.4.3.18     |
+| mldsa65 **hybrid with** p384                      | ML-DSA                                          | FIPS204      |                    3 | 0xff0b       | 1.3.9999.7.7                |
+| mldsa65 **composite with** pss3072                | ML-DSA                                          | FIPS204      |                    3 | 0xfee6       | 2.16.840.1.114027.80.8.1.6  |
+| mldsa65 **composite with** rsa3072                | ML-DSA                                          | FIPS204      |                    3 | 0xfee7       | 2.16.840.1.114027.80.8.1.7  |
+| mldsa65 **composite with** p256                   | ML-DSA                                          | FIPS204      |                    3 | 0xfee8       | 2.16.840.1.114027.80.8.1.8  |
+| mldsa65 **composite with** bp256                  | ML-DSA                                          | FIPS204      |                    3 | 0xfee9       | 2.16.840.1.114027.80.8.1.9  |
+| mldsa65 **composite with** ed25519                | ML-DSA                                          | FIPS204      |                    3 | 0xfeea       | 2.16.840.1.114027.80.8.1.10 |
+| mldsa87                                           | ML-DSA                                          | FIPS204      |                    5 | 0xff08       | 2.16.840.1.101.3.4.3.19     |
+| mldsa87 **hybrid with** p521                      | ML-DSA                                          | FIPS204      |                    5 | 0xff0c       | 1.3.9999.7.8                |
+| mldsa87 **composite with** p384                   | ML-DSA                                          | FIPS204      |                    5 | 0xfeeb       | 2.16.840.1.114027.80.8.1.11 |
+| mldsa87 **composite with** bp384                  | ML-DSA                                          | FIPS204      |                    5 | 0xfeec       | 2.16.840.1.114027.80.8.1.12 |
+| mldsa87 **composite with** ed448                  | ML-DSA                                          | FIPS204      |                    5 | 0xfeed       | 2.16.840.1.114027.80.8.1.13 |
 | sphincsharaka128frobust                           | NIST Round 3 submission                         | 3            |                    1 | 0xfe42       | 1.3.9999.6.1.1              |
 | sphincsharaka128frobust **hybrid with** p256      | NIST Round 3 submission                         | 3            |                    1 | 0xfe43       | 1.3.9999.6.1.2              |
 | sphincsharaka128frobust **hybrid with** rsa3072   | NIST Round 3 submission                         | 3            |                    1 | 0xfe44       | 1.3.9999.6.1.3              |

diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c
@@ -519,6 +519,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                 buf = OPENSSL_malloc(oqs_sig_len);
                 if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len,
                                  (const unsigned char *)final_tbs, final_tbslen,
+                                 NULL, 0,
                                  oqsxkey->comp_privkey[i]) != OQS_SUCCESS) {
                     ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED);
                     CompositeSignature_free(compsig);
@@ -667,6 +668,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
         CompositeSignature_free(compsig);
         OPENSSL_free(final_tbs);
     } else if (OQS_SIG_sign(oqs_key, sig + index, &oqs_sig_len, tbs, tbslen,
+                            NULL, 0,
                             oqsxkey->comp_privkey[oqsxkey->numkeys - 1]) !=
                OQS_SUCCESS) {
         ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED);
@@ -879,7 +881,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
 
             if (get_oqsname_fromtls(name)) {
                 if (OQS_SIG_verify(oqs_key, (const unsigned char *)final_tbs,
-                                   final_tbslen, buf, buf_len,
+                                   final_tbslen, buf, buf_len, NULL, 0,
                                    oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) {
                     ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
                     OPENSSL_free(name);
@@ -994,9 +996,10 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
             ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS);
             goto endverify;
         }
-        if (OQS_SIG_verify(
-                oqs_key, tbs, tbslen, sig + index, siglen - classical_sig_len,
-                oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) != OQS_SUCCESS) {
+        if (OQS_SIG_verify(oqs_key, tbs, tbslen, sig + index,
+                           siglen - classical_sig_len, NULL, 0,
+                           oqsxkey->comp_pubkey[oqsxkey->numkeys - 1]) !=
+            OQS_SUCCESS) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
             goto endverify;
         }