update MLKEM code points (#511)

* update X25519-MLKEM768 code point Signed-off-by: Michael Baentsch <[email protected]> * further MLKEM (O)ID updates Signed-off-by: Michael Baentsch <[email protected]> * set p256_mlkem768 code point as per standard Signed-off-by: Michael Baentsch <[email protected]> --------- Signed-off-by: Michael Baentsch <[email protected]>
open-quantum-safe · Sep 11, 2024 · 8abfecd · tigrand · Nov 23, 2024 · baentsch
1 parent 2cdbc17
commit 8abfecd
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 54 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -38,17 +38,17 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 | p256_kyber768 | 0x639A | Yes | OQS_CODEPOINT_P256_KYBER768 |
 | kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
 | p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
-| mlkem512 | 0x0247 | Yes | OQS_CODEPOINT_MLKEM512 |
-| p256_mlkem512 | 0x2F47 | Yes | OQS_CODEPOINT_P256_MLKEM512 |
-| x25519_mlkem512 | 0x2FB2 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
-| mlkem768 | 0x0248 | Yes | OQS_CODEPOINT_MLKEM768 |
-| p384_mlkem768 | 0x2F48 | Yes | OQS_CODEPOINT_P384_MLKEM768 |
-| x448_mlkem768 | 0x2FB3 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
-| x25519_mlkem768 | 0x2FB4 | Yes | OQS_CODEPOINT_X25519_MLKEM768 |
-| p256_mlkem768 | 0x2FB5 | Yes | OQS_CODEPOINT_P256_MLKEM768 |
-| mlkem1024 | 0x0249 | Yes | OQS_CODEPOINT_MLKEM1024 |
-| p521_mlkem1024 | 0x2F49 | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
-| p384_mlkem1024 | 0x2F4A | Yes | OQS_CODEPOINT_P384_MLKEM1024 |
+| mlkem512 | 0x024A | Yes | OQS_CODEPOINT_MLKEM512 |
+| p256_mlkem512 | 0x2F4B | Yes | OQS_CODEPOINT_P256_MLKEM512 |
+| x25519_mlkem512 | 0x2FB6 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
+| mlkem768 | 0x0768 | Yes | OQS_CODEPOINT_MLKEM768 |
+| p384_mlkem768 | 0x2F4C | Yes | OQS_CODEPOINT_P384_MLKEM768 |
+| x448_mlkem768 | 0x2FB7 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
+| x25519_mlkem768 | 0x2FB8 | Yes | OQS_CODEPOINT_X25519_MLKEM768 |
+| p256_mlkem768 | 4587 | Yes | OQS_CODEPOINT_P256_MLKEM768 |
+| mlkem1024 | 0x1024 | Yes | OQS_CODEPOINT_MLKEM1024 |
+| p521_mlkem1024 | 0x2F4D | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
+| p384_mlkem1024 | 0x2F4E | Yes | OQS_CODEPOINT_P384_MLKEM1024 |
 | bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
 | p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
 | x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
@@ -254,15 +254,15 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li
 | p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768
 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024
 | p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024
-| mlkem512 | 1.3.6.1.4.1.22554.5.6.1 | OQS_OID_MLKEM512
+| mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512
 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512
 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512
-| mlkem768 | 1.3.6.1.4.1.22554.5.6.2 | OQS_OID_MLKEM768
+| mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768
 | p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768
 | x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768
 | x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768
 | p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768
-| mlkem1024 | 1.3.6.1.4.1.22554.5.6.3 | OQS_OID_MLKEM1024
+| mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024
 | p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024
 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024
 | bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1

diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -1,5 +1,5 @@
 # This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
-# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4B, X-hybrid: 0x2FB6
+# Next free plain KEM ID: 0x024D, p-hybrid: 0x2F4F, X-hybrid: 0x2FB9
 kems:
   -
     family: 'FrodoKEM'
@@ -143,49 +143,69 @@ kems:
           hybrid_group: secp521_r1
           nid: '0x2F11'
     oqs_alg: 'OQS_KEM_alg_kyber_1024'
+# end of IBM support section
+# NIST OIDs see https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
+# KEM prefix 2.16.840.1.101.3.4.4.
   -
     family: 'ML-KEM'
     name_group: 'mlkem512'
-    nid: '0x0247'
-    oid: '1.3.6.1.4.1.22554.5.6.1'
-    nid_hybrid: '0x2F47'
+# code point not standardized: Why? XXX
+    nid: '0x024A'
+# NIST kem 1
+    oid: '2.16.840.1.101.3.4.4.1'
+# code point not standardized: Why? XXX
+    nid_hybrid: '0x2F4B'
+# retain OIDs of the Legion of the BouncyCastle: XXX check if OK
     hybrid_oid: '1.3.6.1.4.1.22554.5.7.1'
     oqs_alg: 'OQS_KEM_alg_ml_kem_512'
     extra_nids:
       current:
         - hybrid_group: "x25519"
+# retain OIDs of the Legion of the BouncyCastle: XXX check if OK
           hybrid_oid: '1.3.6.1.4.1.22554.5.8.1'
-          nid: '0x2FB2'
+# code point not standardized: Why? XXX
+          nid: '0x2FB6'
   -
     family: 'ML-KEM'
     name_group: 'mlkem768'
-    nid: '0x0248'
-    oid: '1.3.6.1.4.1.22554.5.6.2'
-    nid_hybrid: '0x2F48'
+# https://www.ietf.org/archive/id/draft-connolly-tls-mlkem-key-agreement-01.html
+    nid: '0x0768'
+# NIST kem 2
+    oid: '2.16.840.1.101.3.4.4.2'
+# code point not standardized: Why? XXX
+    nid_hybrid: '0x2F4C'
     oqs_alg: 'OQS_KEM_alg_ml_kem_768'
     extra_nids:
       current:
         - hybrid_group: "x448"
-          nid: '0x2FB3'
+# code point not standardized: Why? XXX
+          nid: '0x2FB7'
+# To change when hybrid order change implemented, see https://github.com/open-quantum-safe/oqs-provider/issues/503
         - hybrid_group: "x25519"
-          nid: '0x2FB4'
+          nid: '0x2FB8'
         - hybrid_group: "p256"
-          nid: '0x2FB5'
+# https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-01.html#name-iana-considerations
+          nid: '4587'
   -
     family: 'ML-KEM'
     name_group: 'mlkem1024'
-    nid: '0x0249'
-    oid: '1.3.6.1.4.1.22554.5.6.3'
-    nid_hybrid: '0x2F49'
+# https://www.ietf.org/archive/id/draft-connolly-tls-mlkem-key-agreement-01.html
+    nid: '0x1024'
+# NIST kem 3
+    oid: '2.16.840.1.101.3.4.4.3'
+# code point not standardized: Why? XXX
+    nid_hybrid: '0x2F4D'
     oqs_alg: 'OQS_KEM_alg_ml_kem_1024'
     extra_nids:
       current:
         # p384_mlkem1024 hybrid doesn't appear in any standardization drafts
         # this oid is proposed by Tresorit
         # if the hybrid combination is standardized, feel free to change it
         - hybrid_group: "p384"
+# does Tresorit want to update?
           hybrid_oid: '1.3.6.1.4.1.42235.6'
-          nid: '0x2F4A'
+# code point not standardized: Why? XXX
+          nid: '0x2F4E'
   -
     family: 'BIKE'
     name_group: 'bike1l1fo'

diff --git a/oqs-template/oqs-kem-info.md b/oqs-template/oqs-kem-info.md
@@ -85,14 +85,14 @@
 | HQC            | 2023-04-30               | hqc192         | 4            |                    3 | 0x2FB1       | x448                             |
 | HQC            | 2023-04-30               | hqc256         | 4            |                    5 | 0x0246       |                                  |
 | HQC            | 2023-04-30               | hqc256         | 4            |                    5 | 0x2F46       | secp521_r1                       |
-| ML-KEM         | ML-KEM-ipd               | mlkem1024      | ipd          |                    5 | 0x0249       |                                  |
-| ML-KEM         | ML-KEM-ipd               | mlkem1024      | ipd          |                    5 | 0x2F49       | secp521_r1                       |
-| ML-KEM         | ML-KEM-ipd               | mlkem1024      | ipd          |                    5 | 0x2F4A       | p384                             |
-| ML-KEM         | ML-KEM-ipd               | mlkem512       | ipd          |                    1 | 0x0247       |                                  |
-| ML-KEM         | ML-KEM-ipd               | mlkem512       | ipd          |                    1 | 0x2F47       | secp256_r1                       |
-| ML-KEM         | ML-KEM-ipd               | mlkem512       | ipd          |                    1 | 0x2FB2       | x25519                           |
-| ML-KEM         | ML-KEM-ipd               | mlkem768       | ipd          |                    3 | 0x0248       |                                  |
-| ML-KEM         | ML-KEM-ipd               | mlkem768       | ipd          |                    3 | 0x2F48       | secp384_r1                       |
-| ML-KEM         | ML-KEM-ipd               | mlkem768       | ipd          |                    3 | 0x2FB3       | x448                             |
-| ML-KEM         | ML-KEM-ipd               | mlkem768       | ipd          |                    3 | 0x2FB4       | x25519                           |
-| ML-KEM         | ML-KEM-ipd               | mlkem768       | ipd          |                    3 | 0x2FB5       | p256                             |
+| ML-KEM         | ML-KEM                   | mlkem1024      | FIPS203      |                    5 | 0x1024       |                                  |
+| ML-KEM         | ML-KEM                   | mlkem1024      | FIPS203      |                    5 | 0x2F4D       | secp521_r1                       |
+| ML-KEM         | ML-KEM                   | mlkem1024      | FIPS203      |                    5 | 0x2F4E       | p384                             |
+| ML-KEM         | ML-KEM                   | mlkem512       | FIPS203      |                    1 | 0x024A       |                                  |
+| ML-KEM         | ML-KEM                   | mlkem512       | FIPS203      |                    1 | 0x2F4B       | secp256_r1                       |
+| ML-KEM         | ML-KEM                   | mlkem512       | FIPS203      |                    1 | 0x2FB6       | x25519                           |
+| ML-KEM         | ML-KEM                   | mlkem768       | FIPS203      |                    3 | 0x0768       |                                  |
+| ML-KEM         | ML-KEM                   | mlkem768       | FIPS203      |                    3 | 0x2F4C       | secp384_r1                       |
+| ML-KEM         | ML-KEM                   | mlkem768       | FIPS203      |                    3 | 0x2FB7       | x448                             |
+| ML-KEM         | ML-KEM                   | mlkem768       | FIPS203      |                    3 | 0x2FB8       | x25519                           |
+| ML-KEM         | ML-KEM                   | mlkem768       | FIPS203      |                    3 | 4587         | p256                             |
diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
@@ -111,13 +111,13 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = {
     "kyber1024",
     "1.3.9999.99.30",
     "p521_kyber1024",
-    "1.3.6.1.4.1.22554.5.6.1",
+    "2.16.840.1.101.3.4.4.1",
     "mlkem512",
     "1.3.6.1.4.1.22554.5.7.1",
     "p256_mlkem512",
     "1.3.6.1.4.1.22554.5.8.1",
     "x25519_mlkem512",
-    "1.3.6.1.4.1.22554.5.6.2",
+    "2.16.840.1.101.3.4.4.2",
     "mlkem768",
     "1.3.9999.99.31",
     "p384_mlkem768",
@@ -127,7 +127,7 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = {
     "x25519_mlkem768",
     "1.3.9999.99.11",
     "p256_mlkem768",
-    "1.3.6.1.4.1.22554.5.6.3",
+    "2.16.840.1.101.3.4.4.3",
     "mlkem1024",
     "1.3.9999.99.32",
     "p521_mlkem1024",

diff --git a/oqsprov/oqsprov_capabilities.c b/oqsprov/oqsprov_capabilities.c
@@ -70,20 +70,20 @@ static OQS_GROUP_CONSTANTS oqs_group_list[] = {
     {0x023D, 256, TLS1_3_VERSION, 0, -1, -1, 1},
 
     {0x2F3D, 256, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x0247, 128, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x024A, 128, TLS1_3_VERSION, 0, -1, -1, 1},
 
-    {0x2F47, 128, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x2FB2, 128, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x0248, 192, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2F4B, 128, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2FB6, 128, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x0768, 192, TLS1_3_VERSION, 0, -1, -1, 1},
 
-    {0x2F48, 192, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x2FB3, 192, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x2FB4, 192, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x2FB5, 192, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x0249, 256, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2F4C, 192, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2FB7, 192, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2FB8, 192, TLS1_3_VERSION, 0, -1, -1, 1},
+    {4587, 192, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x1024, 256, TLS1_3_VERSION, 0, -1, -1, 1},
 
-    {0x2F49, 256, TLS1_3_VERSION, 0, -1, -1, 1},
-    {0x2F4A, 256, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2F4D, 256, TLS1_3_VERSION, 0, -1, -1, 1},
+    {0x2F4E, 256, TLS1_3_VERSION, 0, -1, -1, 1},
     {0x0241, 128, TLS1_3_VERSION, 0, -1, -1, 1},
 
     {0x2F41, 128, TLS1_3_VERSION, 0, -1, -1, 1},