diff --git a/README.md b/README.md index 607cf5e761..c2abeaf991 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ The following quantum-safe digital signature algorithms from liboqs are supporte - **CRYSTALS-DILITHIUM**: `dilithium3`, `dilithium5` -- **Falcon**: `falcon512`, `falcon1024` +- **Falcon**: `falcon512`, `falconpadded512`, `falcon1024`, `falconpadded1024` - **ML-DSA**: `mldsa44`, `mldsa65`, `mldsa87` - **SPHINCS-SHA2**: `sphincssha2128fsimple`, `sphincssha2128ssimple`, `sphincssha2192fsimple`, `sphincssha2192ssimple`, `sphincssha2256fsimple`, `sphincssha2256ssimple` - **SPHINCS-SHAKE**: `sphincsshake128fsimple`, `sphincsshake128ssimple`, `sphincsshake192fsimple`, `sphincsshake192ssimple`, `sphincsshake256fsimple`, `sphincsshake256ssimple` diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c index 8a2d00559e..fd52ea3331 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.c @@ -238,8 +238,12 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) { return &mldsa87_asn1_meth; case EVP_PKEY_FALCON512: return &falcon512_asn1_meth; + case EVP_PKEY_FALCONPADDED512: + return &falconpadded512_asn1_meth; case EVP_PKEY_FALCON1024: return &falcon1024_asn1_meth; + case EVP_PKEY_FALCONPADDED1024: + return &falconpadded1024_asn1_meth; case EVP_PKEY_SPHINCSSHA2128FSIMPLE: return &sphincssha2128fsimple_asn1_meth; case EVP_PKEY_SPHINCSSHA2128SSIMPLE: diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c index 459d0ba71b..c8c3d09d92 100644 --- a/crypto/evp/evp_asn1.c +++ b/crypto/evp/evp_asn1.c @@ -82,7 +82,9 @@ static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = { &mldsa65_asn1_meth, &mldsa87_asn1_meth, &falcon512_asn1_meth, + &falconpadded512_asn1_meth, &falcon1024_asn1_meth, + &falconpadded1024_asn1_meth, &sphincssha2128fsimple_asn1_meth, &sphincssha2128ssimple_asn1_meth, &sphincssha2192fsimple_asn1_meth, diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c index 79a591a9d4..3cadbe1005 100644 --- a/crypto/evp/evp_ctx.c +++ b/crypto/evp/evp_ctx.c @@ -79,7 +79,9 @@ static const EVP_PKEY_METHOD *const evp_methods[] = { &mldsa65_pkey_meth, &mldsa87_pkey_meth, &falcon512_pkey_meth, + &falconpadded512_pkey_meth, &falcon1024_pkey_meth, + &falconpadded1024_pkey_meth, &sphincssha2128fsimple_pkey_meth, &sphincssha2128ssimple_pkey_meth, &sphincssha2192fsimple_pkey_meth, diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h index a20f3ea9cb..0064209149 100644 --- a/crypto/evp/internal.h +++ b/crypto/evp/internal.h @@ -308,7 +308,9 @@ extern const EVP_PKEY_ASN1_METHOD mldsa44_asn1_meth; extern const EVP_PKEY_ASN1_METHOD mldsa65_asn1_meth; extern const EVP_PKEY_ASN1_METHOD mldsa87_asn1_meth; extern const EVP_PKEY_ASN1_METHOD falcon512_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD falconpadded512_asn1_meth; extern const EVP_PKEY_ASN1_METHOD falcon1024_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD falconpadded1024_asn1_meth; extern const EVP_PKEY_ASN1_METHOD sphincssha2128fsimple_asn1_meth; extern const EVP_PKEY_ASN1_METHOD sphincssha2128ssimple_asn1_meth; extern const EVP_PKEY_ASN1_METHOD sphincssha2192fsimple_asn1_meth; @@ -336,7 +338,9 @@ extern const EVP_PKEY_METHOD mldsa44_pkey_meth; extern const EVP_PKEY_METHOD mldsa65_pkey_meth; extern const EVP_PKEY_METHOD mldsa87_pkey_meth; extern const EVP_PKEY_METHOD falcon512_pkey_meth; +extern const EVP_PKEY_METHOD falconpadded512_pkey_meth; extern const EVP_PKEY_METHOD falcon1024_pkey_meth; +extern const EVP_PKEY_METHOD falconpadded1024_pkey_meth; extern const EVP_PKEY_METHOD sphincssha2128fsimple_pkey_meth; extern const EVP_PKEY_METHOD sphincssha2128ssimple_pkey_meth; extern const EVP_PKEY_METHOD sphincssha2192fsimple_pkey_meth; diff --git a/crypto/evp/p_oqs.c b/crypto/evp/p_oqs.c index c5d8b4001c..496c93b6d2 100644 --- a/crypto/evp/p_oqs.c +++ b/crypto/evp/p_oqs.c @@ -154,7 +154,9 @@ DEFINE_OQS_PKEY_METHODS(mldsa44, OQS_SIG_alg_ml_dsa_44, EVP_PKEY_MLDSA44) DEFINE_OQS_PKEY_METHODS(mldsa65, OQS_SIG_alg_ml_dsa_65, EVP_PKEY_MLDSA65) DEFINE_OQS_PKEY_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87) DEFINE_OQS_PKEY_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512) +DEFINE_OQS_PKEY_METHODS(falconpadded512, OQS_SIG_alg_falcon_padded_512, EVP_PKEY_FALCONPADDED512) DEFINE_OQS_PKEY_METHODS(falcon1024, OQS_SIG_alg_falcon_1024, EVP_PKEY_FALCON1024) +DEFINE_OQS_PKEY_METHODS(falconpadded1024, OQS_SIG_alg_falcon_padded_1024, EVP_PKEY_FALCONPADDED1024) DEFINE_OQS_PKEY_METHODS(sphincssha2128fsimple, OQS_SIG_alg_sphincs_sha2_128f_simple, EVP_PKEY_SPHINCSSHA2128FSIMPLE) DEFINE_OQS_PKEY_METHODS(sphincssha2128ssimple, OQS_SIG_alg_sphincs_sha2_128s_simple, EVP_PKEY_SPHINCSSHA2128SSIMPLE) DEFINE_OQS_PKEY_METHODS(sphincssha2192fsimple, OQS_SIG_alg_sphincs_sha2_192f_simple, EVP_PKEY_SPHINCSSHA2192FSIMPLE) diff --git a/crypto/evp/p_oqs_asn1.c b/crypto/evp/p_oqs_asn1.c index 702cd2c979..fe2b924eda 100644 --- a/crypto/evp/p_oqs_asn1.c +++ b/crypto/evp/p_oqs_asn1.c @@ -239,10 +239,16 @@ DEFINE_OQS_ASN1_METHODS(mldsa87, OQS_SIG_alg_ml_dsa_87, EVP_PKEY_MLDSA87) DEFINE_OQS_PKEY_ASN1_METHOD(mldsa87, EVP_PKEY_MLDSA87, OID(0x2B, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0B, 0x0C, 0x08, 0x07)) DEFINE_OQS_ASN1_METHODS(falcon512, OQS_SIG_alg_falcon_512, EVP_PKEY_FALCON512) -DEFINE_OQS_PKEY_ASN1_METHOD(falcon512, EVP_PKEY_FALCON512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x06)) +DEFINE_OQS_PKEY_ASN1_METHOD(falcon512, EVP_PKEY_FALCON512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x0B)) + +DEFINE_OQS_ASN1_METHODS(falconpadded512, OQS_SIG_alg_falcon_padded_512, EVP_PKEY_FALCONPADDED512) +DEFINE_OQS_PKEY_ASN1_METHOD(falconpadded512, EVP_PKEY_FALCONPADDED512, OID(0x2B, 0xCE, 0x0F, 0x03, 0x10)) DEFINE_OQS_ASN1_METHODS(falcon1024, OQS_SIG_alg_falcon_1024, EVP_PKEY_FALCON1024) -DEFINE_OQS_PKEY_ASN1_METHOD(falcon1024, EVP_PKEY_FALCON1024, OID(0x2B, 0xCE, 0x0F, 0x03, 0x09)) +DEFINE_OQS_PKEY_ASN1_METHOD(falcon1024, EVP_PKEY_FALCON1024, OID(0x2B, 0xCE, 0x0F, 0x03, 0x0E)) + +DEFINE_OQS_ASN1_METHODS(falconpadded1024, OQS_SIG_alg_falcon_padded_1024, EVP_PKEY_FALCONPADDED1024) +DEFINE_OQS_PKEY_ASN1_METHOD(falconpadded1024, EVP_PKEY_FALCONPADDED1024, OID(0x2B, 0xCE, 0x0F, 0x03, 0x13)) DEFINE_OQS_ASN1_METHODS(sphincssha2128fsimple, OQS_SIG_alg_sphincs_sha2_128f_simple, EVP_PKEY_SPHINCSSHA2128FSIMPLE) DEFINE_OQS_PKEY_ASN1_METHOD(sphincssha2128fsimple, EVP_PKEY_SPHINCSSHA2128FSIMPLE, OID(0x2B, 0xCE, 0x0F, 0x06, 0x04, 0x0D)) diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h index 931b72004e..be47ee3716 100644 --- a/crypto/obj/obj_dat.h +++ b/crypto/obj/obj_dat.h @@ -57,7 +57,7 @@ /* This file is generated by crypto/obj/objects.go. */ -#define NUM_NID 1243 +#define NUM_NID 1245 static const uint8_t kObjectData[] = { /* NID_rsadsi */ @@ -7166,13 +7166,13 @@ static const uint8_t kObjectData[] = { 0xce, 0x0f, 0x03, - 0x06, + 0x0b, /* NID_falcon1024 */ 0x2b, 0xce, 0x0f, 0x03, - 0x09, + 0x0e, /* NID_dilithium5 */ 0x2b, 0x06, @@ -7305,6 +7305,18 @@ static const uint8_t kObjectData[] = { 0x0c, 0x08, 0x07, + /* NID_falconpadded512 */ + 0x2b, + 0xce, + 0x0f, + 0x03, + 0x10, + /* NID_falconpadded1024 */ + 0x2b, + 0xce, + 0x0f, + 0x03, + 0x13, }; static const ASN1_OBJECT kObjects[NUM_NID] = { @@ -9247,6 +9259,10 @@ static const ASN1_OBJECT kObjects[NUM_NID] = { {"mldsa44", "mldsa44", NID_mldsa44, 11, &kObjectData[6311], 0}, {"mldsa65", "mldsa65", NID_mldsa65, 11, &kObjectData[6322], 0}, {"mldsa87", "mldsa87", NID_mldsa87, 11, &kObjectData[6333], 0}, + {"falconpadded512", "falconpadded512", NID_falconpadded512, 5, + &kObjectData[6344], 0}, + {"falconpadded1024", "falconpadded1024", NID_falconpadded1024, 5, + &kObjectData[6349], 0}, }; static const uint16_t kNIDsInShortNameOrder[] = { @@ -9596,6 +9612,8 @@ static const uint16_t kNIDsInShortNameOrder[] = { 867 /* facsimileTelephoneNumber */, 1146 /* falcon1024 */, 1145 /* falcon512 */, + 1244 /* falconpadded1024 */, + 1243 /* falconpadded512 */, 462 /* favouriteDrink */, 857 /* freshestCRL */, 453 /* friendlyCountry */, @@ -10621,6 +10639,8 @@ static const uint16_t kNIDsInLongNameOrder[] = { 867 /* facsimileTelephoneNumber */, 1146 /* falcon1024 */, 1145 /* falcon512 */, + 1244 /* falconpadded1024 */, + 1243 /* falconpadded512 */, 462 /* favouriteDrink */, 453 /* friendlyCountry */, 490 /* friendlyCountryName */, @@ -11286,8 +11306,8 @@ static const uint16_t kNIDsInLongNameOrder[] = { static const uint16_t kNIDsInOIDOrder[] = { 434 /* 0.9 (OBJ_data) */, 182 /* 1.2 (OBJ_member_body) */, - 379 /* 1.3 (OBJ_org) */, 676 /* 1.3 (OBJ_identified_organization) */, + 379 /* 1.3 (OBJ_org) */, 11 /* 2.5 (OBJ_X500) */, 647 /* 2.23 (OBJ_international_organizations) */, 380 /* 1.3.6 (OBJ_dod) */, @@ -11569,8 +11589,10 @@ static const uint16_t kNIDsInOIDOrder[] = { 732 /* 1.3.132.0.37 (OBJ_sect409r1) */, 733 /* 1.3.132.0.38 (OBJ_sect571k1) */, 734 /* 1.3.132.0.39 (OBJ_sect571r1) */, - 1145 /* 1.3.9999.3.6 (OBJ_falcon512) */, - 1146 /* 1.3.9999.3.9 (OBJ_falcon1024) */, + 1145 /* 1.3.9999.3.11 (OBJ_falcon512) */, + 1146 /* 1.3.9999.3.14 (OBJ_falcon1024) */, + 1243 /* 1.3.9999.3.16 (OBJ_falconpadded512) */, + 1244 /* 1.3.9999.3.19 (OBJ_falconpadded1024) */, 624 /* 2.23.42.3.0.0 (OBJ_set_rootKeyThumb) */, 625 /* 2.23.42.3.0.1 (OBJ_set_addPolicy) */, 626 /* 2.23.42.3.2.1 (OBJ_setAttr_Token_EMV) */, diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num index 024bf9c94e..4b3b70c624 100644 --- a/crypto/obj/obj_mac.num +++ b/crypto/obj/obj_mac.num @@ -1013,3 +1013,5 @@ p521_mlkem1024 1239 mldsa44 1240 mldsa65 1241 mldsa87 1242 +falconpadded512 1243 +falconpadded1024 1244 diff --git a/crypto/obj/obj_xref.c b/crypto/obj/obj_xref.c index 3ca93627f5..2b9f34d959 100644 --- a/crypto/obj/obj_xref.c +++ b/crypto/obj/obj_xref.c @@ -97,7 +97,9 @@ static const nid_triple kTriples[] = { {NID_mldsa65, NID_sha384, NID_mldsa65}, {NID_mldsa87, NID_sha512, NID_mldsa87}, {NID_falcon512, NID_sha256, NID_falcon512}, + {NID_falconpadded512, NID_sha256, NID_falconpadded512}, {NID_falcon1024, NID_sha512, NID_falcon1024}, + {NID_falconpadded1024, NID_sha512, NID_falconpadded1024}, {NID_sphincssha2128fsimple, NID_sha256, NID_sphincssha2128fsimple}, {NID_sphincssha2128ssimple, NID_sha256, NID_sphincssha2128ssimple}, {NID_sphincssha2192fsimple, NID_sha384, NID_sphincssha2192fsimple}, diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt index 4b50f07b26..4cc3262287 100644 --- a/crypto/obj/objects.txt +++ b/crypto/obj/objects.txt @@ -1410,8 +1410,10 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme 1 3 6 1 4 1 2 267 12 4 4 : mldsa44 : mldsa44 1 3 6 1 4 1 2 267 12 6 5 : mldsa65 : mldsa65 1 3 6 1 4 1 2 267 12 8 7 : mldsa87 : mldsa87 -1 3 9999 3 6 : falcon512 : falcon512 -1 3 9999 3 9 : falcon1024 : falcon1024 +1 3 9999 3 11 : falcon512 : falcon512 +1 3 9999 3 16 : falconpadded512 : falconpadded512 +1 3 9999 3 14 : falcon1024 : falcon1024 +1 3 9999 3 19 : falconpadded1024 : falconpadded1024 1 3 9999 6 4 13 : sphincssha2128fsimple : sphincssha2128fsimple 1 3 9999 6 4 16 : sphincssha2128ssimple : sphincssha2128ssimple 1 3 9999 6 5 10 : sphincssha2192fsimple : sphincssha2192fsimple diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index 65bd6c97ef..d7b5191d3f 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -102,7 +102,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) { pkey_id == EVP_PKEY_MLDSA65 || pkey_id == EVP_PKEY_MLDSA87 || pkey_id == EVP_PKEY_FALCON512 || + pkey_id == EVP_PKEY_FALCONPADDED512 || pkey_id == EVP_PKEY_FALCON1024 || + pkey_id == EVP_PKEY_FALCONPADDED1024 || pkey_id == EVP_PKEY_SPHINCSSHA2128FSIMPLE || pkey_id == EVP_PKEY_SPHINCSSHA2128SSIMPLE || pkey_id == EVP_PKEY_SPHINCSSHA2192FSIMPLE || diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 024269ef06..3512a33fac 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -190,7 +190,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); #define EVP_PKEY_MLDSA65 NID_mldsa65 #define EVP_PKEY_MLDSA87 NID_mldsa87 #define EVP_PKEY_FALCON512 NID_falcon512 +#define EVP_PKEY_FALCONPADDED512 NID_falconpadded512 #define EVP_PKEY_FALCON1024 NID_falcon1024 +#define EVP_PKEY_FALCONPADDED1024 NID_falconpadded1024 #define EVP_PKEY_SPHINCSSHA2128FSIMPLE NID_sphincssha2128fsimple #define EVP_PKEY_SPHINCSSHA2128SSIMPLE NID_sphincssha2128ssimple #define EVP_PKEY_SPHINCSSHA2192FSIMPLE NID_sphincssha2192fsimple @@ -212,7 +214,9 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); (pkey_id == NID_mldsa65) || \ (pkey_id == NID_mldsa87) || \ (pkey_id == NID_falcon512) || \ + (pkey_id == NID_falconpadded512) || \ (pkey_id == NID_falcon1024) || \ + (pkey_id == NID_falconpadded1024) || \ (pkey_id == NID_sphincssha2128fsimple) || \ (pkey_id == NID_sphincssha2128ssimple) || \ (pkey_id == NID_sphincssha2192fsimple) || \ diff --git a/include/openssl/nid.h b/include/openssl/nid.h index dae9fc928b..0e443f0e30 100644 --- a/include/openssl/nid.h +++ b/include/openssl/nid.h @@ -4340,12 +4340,12 @@ extern "C" { #define SN_falcon512 "falcon512" #define LN_falcon512 "falcon512" #define NID_falcon512 1145 -#define OBJ_falcon512 1L, 3L, 9999L, 3L, 6L +#define OBJ_falcon512 1L, 3L, 9999L, 3L, 11L #define SN_falcon1024 "falcon1024" #define LN_falcon1024 "falcon1024" #define NID_falcon1024 1146 -#define OBJ_falcon1024 1L, 3L, 9999L, 3L, 9L +#define OBJ_falcon1024 1L, 3L, 9999L, 3L, 14L #define SN_dilithium5 "dilithium5" #define LN_dilithium5 "dilithium5" @@ -4478,6 +4478,16 @@ extern "C" { #define NID_mldsa87 1242 #define OBJ_mldsa87 1L, 3L, 6L, 1L, 4L, 1L, 2L, 267L, 12L, 8L, 7L +#define SN_falconpadded512 "falconpadded512" +#define LN_falconpadded512 "falconpadded512" +#define NID_falconpadded512 1243 +#define OBJ_falconpadded512 1L, 3L, 9999L, 3L, 16L + +#define SN_falconpadded1024 "falconpadded1024" +#define LN_falconpadded1024 "falconpadded1024" +#define NID_falconpadded1024 1244 +#define OBJ_falconpadded1024 1L, 3L, 9999L, 3L, 19L + #if defined(__cplusplus) } /* extern C */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d91aa19fa8..9699e262b0 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1077,8 +1077,10 @@ OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl, #define SSL_SIGN_MLDSA44 0xfed0 #define SSL_SIGN_MLDSA65 0xfed1 #define SSL_SIGN_MLDSA87 0xfed2 -#define SSL_SIGN_FALCON512 0xfeae -#define SSL_SIGN_FALCON1024 0xfeb1 +#define SSL_SIGN_FALCON512 0xfed7 +#define SSL_SIGN_FALCONPADDED512 0xfedc +#define SSL_SIGN_FALCON1024 0xfeda +#define SSL_SIGN_FALCONPADDED1024 0xfedf #define SSL_SIGN_SPHINCSSHA2128FSIMPLE 0xfeb3 #define SSL_SIGN_SPHINCSSHA2128SSIMPLE 0xfeb6 #define SSL_SIGN_SPHINCSSHA2192FSIMPLE 0xfeb9 diff --git a/oqs_scripts/test_with_interop_server.py b/oqs_scripts/test_with_interop_server.py index 939bf6d273..6e9c54a894 100644 --- a/oqs_scripts/test_with_interop_server.py +++ b/oqs_scripts/test_with_interop_server.py @@ -63,7 +63,9 @@ 'mldsa65', 'mldsa87', 'falcon512', + 'falconpadded512', 'falcon1024', + 'falconpadded1024', 'sphincssha2128fsimple', 'sphincssha2128ssimple', 'sphincssha2192fsimple', diff --git a/oqs_scripts/try_handshake.py b/oqs_scripts/try_handshake.py index 6b7c644174..afd5544e4b 100644 --- a/oqs_scripts/try_handshake.py +++ b/oqs_scripts/try_handshake.py @@ -66,7 +66,9 @@ 'mldsa65', 'mldsa87', 'falcon512', + 'falconpadded512', 'falcon1024', + 'falconpadded1024', 'sphincssha2128fsimple', 'sphincssha2128ssimple', 'sphincssha2192fsimple', diff --git a/oqs_template/generate.yml b/oqs_template/generate.yml index 110dd4c6ef..15c60dd43c 100644 --- a/oqs_template/generate.yml +++ b/oqs_template/generate.yml @@ -165,18 +165,34 @@ sigs: - family: 'Falcon' name: 'falcon512' - oid: '1 3 9999 3 6' - oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x06' + oid: '1 3 9999 3 11' + oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x0B' oqs_meth: 'OQS_SIG_alg_falcon_512' - code_point: '0xfeae' + code_point: '0xfed7' + claimed_security_level: '1' + - + family: 'Falcon' + name: 'falconpadded512' + oid: '1 3 9999 3 16' + oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x10' + oqs_meth: 'OQS_SIG_alg_falcon_padded_512' + code_point: '0xfedc' claimed_security_level: '1' - family: 'Falcon' name: 'falcon1024' - oid: '1 3 9999 3 9' - oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x09' + oid: '1 3 9999 3 14' + oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x0E' oqs_meth: 'OQS_SIG_alg_falcon_1024' - code_point: '0xfeb1' + code_point: '0xfeda' + claimed_security_level: '5' + - + family: 'Falcon' + name: 'falconpadded1024' + oid: '1 3 9999 3 19' + oid_encoded: '0x2B, 0xCE, 0x0F, 0x03, 0x13' + oqs_meth: 'OQS_SIG_alg_falcon_padded_1024' + code_point: '0xfedf' claimed_security_level: '5' - family: 'SPHINCS-SHA2' diff --git a/pki/signature_algorithm.cc b/pki/signature_algorithm.cc index ea50ebbd57..e444122282 100644 --- a/pki/signature_algorithm.cc +++ b/pki/signature_algorithm.cc @@ -130,8 +130,10 @@ const uint8_t kOidDilithium5[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b const uint8_t kOidMldsa44[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x04, 0x04}; const uint8_t kOidMldsa65[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x06, 0x05}; const uint8_t kOidMldsa87[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x0c, 0x08, 0x07}; -const uint8_t kOidFalcon512[] = {0x2b, 0xce, 0x0f, 0x03, 0x06}; -const uint8_t kOidFalcon1024[] = {0x2b, 0xce, 0x0f, 0x03, 0x09}; +const uint8_t kOidFalcon512[] = {0x2b, 0xce, 0x0f, 0x03, 0x0b}; +const uint8_t kOidFalconpadded512[] = {0x2b, 0xce, 0x0f, 0x03, 0x10}; +const uint8_t kOidFalcon1024[] = {0x2b, 0xce, 0x0f, 0x03, 0x0e}; +const uint8_t kOidFalconpadded1024[] = {0x2b, 0xce, 0x0f, 0x03, 0x13}; const uint8_t kOidSphincssha2128fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x04, 0x0d}; const uint8_t kOidSphincssha2128ssimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x04, 0x10}; const uint8_t kOidSphincssha2192fsimple[] = {0x2b, 0xce, 0x0f, 0x06, 0x05, 0x0a}; @@ -421,9 +423,15 @@ std::optional ParseSignatureAlgorithm( if (oid == der::Input(kOidFalcon512)) { return SignatureAlgorithm::kFalcon512; } + if (oid == der::Input(kOidFalconpadded512)) { + return SignatureAlgorithm::kFalconpadded512; + } if (oid == der::Input(kOidFalcon1024)) { return SignatureAlgorithm::kFalcon1024; } + if (oid == der::Input(kOidFalconpadded1024)) { + return SignatureAlgorithm::kFalconpadded1024; + } if (oid == der::Input(kOidSphincssha2128fsimple)) { return SignatureAlgorithm::kSphincssha2128fsimple; } @@ -499,6 +507,7 @@ std::optional GetTlsServerEndpointDigestAlgorithm( case SignatureAlgorithm::kDilithium2: case SignatureAlgorithm::kMldsa44: case SignatureAlgorithm::kFalcon512: + case SignatureAlgorithm::kFalconpadded512: case SignatureAlgorithm::kSphincssha2128fsimple: case SignatureAlgorithm::kSphincssha2128ssimple: case SignatureAlgorithm::kSphincsshake128fsimple: @@ -516,6 +525,7 @@ std::optional GetTlsServerEndpointDigestAlgorithm( case SignatureAlgorithm::kDilithium5: case SignatureAlgorithm::kMldsa87: case SignatureAlgorithm::kFalcon1024: + case SignatureAlgorithm::kFalconpadded1024: case SignatureAlgorithm::kSphincssha2256fsimple: case SignatureAlgorithm::kSphincssha2256ssimple: case SignatureAlgorithm::kSphincsshake256fsimple: diff --git a/pki/signature_algorithm.h b/pki/signature_algorithm.h index 807b2a2080..ad9e35f760 100644 --- a/pki/signature_algorithm.h +++ b/pki/signature_algorithm.h @@ -47,7 +47,9 @@ enum class SignatureAlgorithm { kMldsa65, kMldsa87, kFalcon512, + kFalconpadded512, kFalcon1024, + kFalconpadded1024, kSphincssha2128fsimple, kSphincssha2128ssimple, kSphincssha2192fsimple, diff --git a/pki/simple_path_builder_delegate.cc b/pki/simple_path_builder_delegate.cc index eff355bb8d..b0ea966209 100644 --- a/pki/simple_path_builder_delegate.cc +++ b/pki/simple_path_builder_delegate.cc @@ -85,7 +85,9 @@ bool SimplePathBuilderDelegate::IsSignatureAlgorithmAcceptable( case SignatureAlgorithm::kMldsa65: case SignatureAlgorithm::kMldsa87: case SignatureAlgorithm::kFalcon512: + case SignatureAlgorithm::kFalconpadded512: case SignatureAlgorithm::kFalcon1024: + case SignatureAlgorithm::kFalconpadded1024: case SignatureAlgorithm::kSphincssha2128fsimple: case SignatureAlgorithm::kSphincssha2128ssimple: case SignatureAlgorithm::kSphincssha2192fsimple: diff --git a/pki/verify_signed_data.cc b/pki/verify_signed_data.cc index bdca1560de..874ff877ba 100644 --- a/pki/verify_signed_data.cc +++ b/pki/verify_signed_data.cc @@ -238,11 +238,21 @@ bool VerifySignedData(SignatureAlgorithm algorithm, der::Input signed_data, digest = EVP_sha256(); cache_algorithm_name = "Falcon512"; break; + case SignatureAlgorithm::kFalconpadded512: + expected_pkey_id = EVP_PKEY_FALCONPADDED512; + digest = EVP_sha256(); + cache_algorithm_name = "Falconpadded512"; + break; case SignatureAlgorithm::kFalcon1024: expected_pkey_id = EVP_PKEY_FALCON1024; digest = EVP_sha512(); cache_algorithm_name = "Falcon1024"; break; + case SignatureAlgorithm::kFalconpadded1024: + expected_pkey_id = EVP_PKEY_FALCONPADDED1024; + digest = EVP_sha512(); + cache_algorithm_name = "Falconpadded1024"; + break; case SignatureAlgorithm::kSphincssha2128fsimple: expected_pkey_id = EVP_PKEY_SPHINCSSHA2128FSIMPLE; digest = EVP_sha256(); diff --git a/ssl/extensions.cc b/ssl/extensions.cc index 4ed00337d9..62b4101d65 100644 --- a/ssl/extensions.cc +++ b/ssl/extensions.cc @@ -545,7 +545,9 @@ static const uint16_t kVerifySignatureAlgorithms[] = { SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, SSL_SIGN_FALCON512, + SSL_SIGN_FALCONPADDED512, SSL_SIGN_FALCON1024, + SSL_SIGN_FALCONPADDED1024, SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, @@ -588,7 +590,9 @@ static const uint16_t kSignSignatureAlgorithms[] = { SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, SSL_SIGN_FALCON512, + SSL_SIGN_FALCONPADDED512, SSL_SIGN_FALCON1024, + SSL_SIGN_FALCONPADDED1024, SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, @@ -4362,7 +4366,9 @@ Span tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) { SSL_SIGN_MLDSA65, SSL_SIGN_MLDSA87, SSL_SIGN_FALCON512, + SSL_SIGN_FALCONPADDED512, SSL_SIGN_FALCON1024, + SSL_SIGN_FALCONPADDED1024, SSL_SIGN_SPHINCSSHA2128FSIMPLE, SSL_SIGN_SPHINCSSHA2128SSIMPLE, SSL_SIGN_SPHINCSSHA2192FSIMPLE, diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc index ffa4029ff5..a966069bc0 100644 --- a/ssl/ssl_privkey.cc +++ b/ssl/ssl_privkey.cc @@ -83,7 +83,9 @@ bool ssl_is_key_type_supported(int key_type) { key_type == EVP_PKEY_MLDSA65 || key_type == EVP_PKEY_MLDSA87 || key_type == EVP_PKEY_FALCON512 || + key_type == EVP_PKEY_FALCONPADDED512 || key_type == EVP_PKEY_FALCON1024 || + key_type == EVP_PKEY_FALCONPADDED1024 || key_type == EVP_PKEY_SPHINCSSHA2128FSIMPLE || key_type == EVP_PKEY_SPHINCSSHA2128SSIMPLE || key_type == EVP_PKEY_SPHINCSSHA2192FSIMPLE || @@ -163,7 +165,9 @@ static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = { {SSL_SIGN_MLDSA65, EVP_PKEY_MLDSA65, NID_undef, &EVP_sha384, false}, {SSL_SIGN_MLDSA87, EVP_PKEY_MLDSA87, NID_undef, &EVP_sha512, false}, {SSL_SIGN_FALCON512, EVP_PKEY_FALCON512, NID_undef, &EVP_sha256, false}, + {SSL_SIGN_FALCONPADDED512, EVP_PKEY_FALCONPADDED512, NID_undef, &EVP_sha256, false}, {SSL_SIGN_FALCON1024, EVP_PKEY_FALCON1024, NID_undef, &EVP_sha512, false}, + {SSL_SIGN_FALCONPADDED1024, EVP_PKEY_FALCONPADDED1024, NID_undef, &EVP_sha512, false}, {SSL_SIGN_SPHINCSSHA2128FSIMPLE, EVP_PKEY_SPHINCSSHA2128FSIMPLE, NID_undef, &EVP_sha256, false}, {SSL_SIGN_SPHINCSSHA2128SSIMPLE, EVP_PKEY_SPHINCSSHA2128SSIMPLE, NID_undef, &EVP_sha256, false}, {SSL_SIGN_SPHINCSSHA2192FSIMPLE, EVP_PKEY_SPHINCSSHA2192FSIMPLE, NID_undef, &EVP_sha384, false}, @@ -570,7 +574,9 @@ static const SignatureAlgorithmName kSignatureAlgorithmNames[] = { {SSL_SIGN_MLDSA65, "mldsa65"}, {SSL_SIGN_MLDSA87, "mldsa87"}, {SSL_SIGN_FALCON512, "falcon512"}, + {SSL_SIGN_FALCONPADDED512, "falconpadded512"}, {SSL_SIGN_FALCON1024, "falcon1024"}, + {SSL_SIGN_FALCONPADDED1024, "falconpadded1024"}, {SSL_SIGN_SPHINCSSHA2128FSIMPLE, "sphincssha2128fsimple"}, {SSL_SIGN_SPHINCSSHA2128SSIMPLE, "sphincssha2128ssimple"}, {SSL_SIGN_SPHINCSSHA2192FSIMPLE, "sphincssha2192fsimple"}, @@ -749,7 +755,9 @@ static constexpr struct { {EVP_PKEY_MLDSA65, NID_sha384, SSL_SIGN_MLDSA65}, {EVP_PKEY_MLDSA87, NID_sha512, SSL_SIGN_MLDSA87}, {EVP_PKEY_FALCON512, NID_sha256, SSL_SIGN_FALCON512}, + {EVP_PKEY_FALCONPADDED512, NID_sha256, SSL_SIGN_FALCONPADDED512}, {EVP_PKEY_FALCON1024, NID_sha512, SSL_SIGN_FALCON1024}, + {EVP_PKEY_FALCONPADDED1024, NID_sha512, SSL_SIGN_FALCONPADDED1024}, {EVP_PKEY_SPHINCSSHA2128FSIMPLE, NID_sha256, SSL_SIGN_SPHINCSSHA2128FSIMPLE}, {EVP_PKEY_SPHINCSSHA2128SSIMPLE, NID_sha256, SSL_SIGN_SPHINCSSHA2128SSIMPLE}, {EVP_PKEY_SPHINCSSHA2192FSIMPLE, NID_sha384, SSL_SIGN_SPHINCSSHA2192FSIMPLE}, diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index f0d61ea28f..19d6df2e87 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -5466,8 +5466,12 @@ TEST(SSLTest, SignatureAlgorithmProperties) { SSL_get_signature_algorithm_key_type(SSL_SIGN_MLDSA87)); EXPECT_EQ(EVP_PKEY_FALCON512, SSL_get_signature_algorithm_key_type(SSL_SIGN_FALCON512)); + EXPECT_EQ(EVP_PKEY_FALCONPADDED512, + SSL_get_signature_algorithm_key_type(SSL_SIGN_FALCONPADDED512)); EXPECT_EQ(EVP_PKEY_FALCON1024, SSL_get_signature_algorithm_key_type(SSL_SIGN_FALCON1024)); + EXPECT_EQ(EVP_PKEY_FALCONPADDED1024, + SSL_get_signature_algorithm_key_type(SSL_SIGN_FALCONPADDED1024)); EXPECT_EQ(EVP_PKEY_SPHINCSSHA2128FSIMPLE, SSL_get_signature_algorithm_key_type(SSL_SIGN_SPHINCSSHA2128FSIMPLE)); EXPECT_EQ(EVP_PKEY_SPHINCSSHA2128SSIMPLE, @@ -5825,7 +5829,9 @@ TEST(SSLTest, SigAlgs) { {{NID_sha384, EVP_PKEY_MLDSA65}, true, {SSL_SIGN_MLDSA65}}, {{NID_sha512, EVP_PKEY_MLDSA87}, true, {SSL_SIGN_MLDSA87}}, {{NID_sha256, EVP_PKEY_FALCON512}, true, {SSL_SIGN_FALCON512}}, + {{NID_sha256, EVP_PKEY_FALCONPADDED512}, true, {SSL_SIGN_FALCONPADDED512}}, {{NID_sha512, EVP_PKEY_FALCON1024}, true, {SSL_SIGN_FALCON1024}}, + {{NID_sha512, EVP_PKEY_FALCONPADDED1024}, true, {SSL_SIGN_FALCONPADDED1024}}, {{NID_sha256, EVP_PKEY_SPHINCSSHA2128FSIMPLE}, true, {SSL_SIGN_SPHINCSSHA2128FSIMPLE}}, {{NID_sha256, EVP_PKEY_SPHINCSSHA2128SSIMPLE}, true, {SSL_SIGN_SPHINCSSHA2128SSIMPLE}}, {{NID_sha384, EVP_PKEY_SPHINCSSHA2192FSIMPLE}, true, {SSL_SIGN_SPHINCSSHA2192FSIMPLE}}, @@ -5903,7 +5909,9 @@ TEST(SSLTest, SigAlgsList) { {"mldsa65", true, {SSL_SIGN_MLDSA65}}, {"mldsa87", true, {SSL_SIGN_MLDSA87}}, {"falcon512", true, {SSL_SIGN_FALCON512}}, + {"falconpadded512", true, {SSL_SIGN_FALCONPADDED512}}, {"falcon1024", true, {SSL_SIGN_FALCON1024}}, + {"falconpadded1024", true, {SSL_SIGN_FALCONPADDED1024}}, {"sphincssha2128fsimple", true, {SSL_SIGN_SPHINCSSHA2128FSIMPLE}}, {"sphincssha2128ssimple", true, {SSL_SIGN_SPHINCSSHA2128SSIMPLE}}, {"sphincssha2192fsimple", true, {SSL_SIGN_SPHINCSSHA2192FSIMPLE}}, @@ -8379,7 +8387,9 @@ INSTANTIATE_TEST_SUITE_P(WithSignatureNIDs, OQSHandshakeTest, NID_mldsa65, NID_mldsa87, NID_falcon512, + NID_falconpadded512, NID_falcon1024, + NID_falconpadded1024, NID_sphincssha2128fsimple, NID_sphincssha2128ssimple, NID_sphincssha2192fsimple, diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index d50e17b88d..fb75769f5a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -8537,8 +8537,13 @@ func addExtensionTests() { name: "ClientHelloPadding", config: Config{ Bugs: ProtocolBugs{ - // OQS note: the clienthello size of SSL_GROUP_X25519_FRODO640AES is 10026 - RequireClientHelloSize: 10026, + // OQS note: The size of the ClientHello message depends on the supported + // signature algorithms and default key exchange algorithms. + // Whenever the signature algorithms or default key exchange algorithms are updated, + // the ClientHello size needs to be recalculated. + // The calculation method can be found here: + // https://github.com/open-quantum-safe/boringssl/pull/100#issuecomment-1592853839 + RequireClientHelloSize: 10030, }, }, // This hostname just needs to be long enough to push the