Update KEM code points to IANA compliance (open-quantum-safe#561)

Signed-off-by: RodriM11 <[email protected]>
RodriM11 · Feb 20, 2025 · 50ce4dc · 50ce4dc
1 parent db9c2a0
commit 50ce4dc
Show file tree

Hide file tree

Showing 6 changed files with 483 additions and 778 deletions.
diff --git a/ALGORITHMS.md b/ALGORITHMS.md
@@ -13,48 +13,48 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 |Algorithm name | default ID | enabled | environment variable |
 |---------------|:----------:|:-------:|----------------------|
 | frodo640aes | 65024 | Yes | OQS_CODEPOINT_FRODO640AES |
-| p256_frodo640aes | 0x2F00 | Yes | OQS_CODEPOINT_P256_FRODO640AES |
-| x25519_frodo640aes | 0x2F80 | Yes | OQS_CODEPOINT_X25519_FRODO640AES |
+| p256_frodo640aes | 65027 | Yes | OQS_CODEPOINT_P256_FRODO640AES |
+| x25519_frodo640aes | 65028 | Yes | OQS_CODEPOINT_X25519_FRODO640AES |
 | frodo640shake | 65025 | Yes | OQS_CODEPOINT_FRODO640SHAKE |
-| p256_frodo640shake | 0x2F01 | Yes | OQS_CODEPOINT_P256_FRODO640SHAKE |
-| x25519_frodo640shake | 0x2F81 | Yes | OQS_CODEPOINT_X25519_FRODO640SHAKE |
+| p256_frodo640shake | 65029 | Yes | OQS_CODEPOINT_P256_FRODO640SHAKE |
+| x25519_frodo640shake | 65030 | Yes | OQS_CODEPOINT_X25519_FRODO640SHAKE |
 | frodo976aes | 65026 | Yes | OQS_CODEPOINT_FRODO976AES |
-| p384_frodo976aes | 0x2F02 | Yes | OQS_CODEPOINT_P384_FRODO976AES |
-| x448_frodo976aes | 0x2F82 | Yes | OQS_CODEPOINT_X448_FRODO976AES |
-| frodo976shake | 0x0203 | Yes | OQS_CODEPOINT_FRODO976SHAKE |
-| p384_frodo976shake | 0x2F03 | Yes | OQS_CODEPOINT_P384_FRODO976SHAKE |
-| x448_frodo976shake | 0x2F83 | Yes | OQS_CODEPOINT_X448_FRODO976SHAKE |
-| frodo1344aes | 0x0204 | Yes | OQS_CODEPOINT_FRODO1344AES |
-| p521_frodo1344aes | 0x2F04 | Yes | OQS_CODEPOINT_P521_FRODO1344AES |
-| frodo1344shake | 0x0205 | Yes | OQS_CODEPOINT_FRODO1344SHAKE |
-| p521_frodo1344shake | 0x2F05 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE |
+| p384_frodo976aes | 65031 | Yes | OQS_CODEPOINT_P384_FRODO976AES |
+| x448_frodo976aes | 65032 | Yes | OQS_CODEPOINT_X448_FRODO976AES |
+| frodo976shake | 65033 | Yes | OQS_CODEPOINT_FRODO976SHAKE |
+| p384_frodo976shake | 65034 | Yes | OQS_CODEPOINT_P384_FRODO976SHAKE |
+| x448_frodo976shake | 65035 | Yes | OQS_CODEPOINT_X448_FRODO976SHAKE |
+| frodo1344aes | 65036 | Yes | OQS_CODEPOINT_FRODO1344AES |
+| p521_frodo1344aes | 65037 | Yes | OQS_CODEPOINT_P521_FRODO1344AES |
+| frodo1344shake | 65038 | Yes | OQS_CODEPOINT_FRODO1344SHAKE |
+| p521_frodo1344shake | 65039 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE |
 | mlkem512 | 512 | Yes | OQS_CODEPOINT_MLKEM512 |
-| p256_mlkem512 | 0x2F4B | Yes | OQS_CODEPOINT_P256_MLKEM512 |
-| x25519_mlkem512 | 0x2FB6 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
+| p256_mlkem512 | 65040 | Yes | OQS_CODEPOINT_P256_MLKEM512 |
+| x25519_mlkem512 | 65041 | Yes | OQS_CODEPOINT_X25519_MLKEM512 |
 | mlkem768 | 513 | Yes | OQS_CODEPOINT_MLKEM768 |
-| p384_mlkem768 | 0x2F4C | Yes | OQS_CODEPOINT_P384_MLKEM768 |
-| x448_mlkem768 | 0x2FB7 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
+| p384_mlkem768 | 65042 | Yes | OQS_CODEPOINT_P384_MLKEM768 |
+| x448_mlkem768 | 65043 | Yes | OQS_CODEPOINT_X448_MLKEM768 |
 | X25519MLKEM768 | 0x11ec | Yes | OQS_CODEPOINT_X25519MLKEM768 |
 | SecP256r1MLKEM768 | 0x11eb | Yes | OQS_CODEPOINT_SECP256R1MLKEM768 |
 | mlkem1024 | 514 | Yes | OQS_CODEPOINT_MLKEM1024 |
-| p521_mlkem1024 | 0x2F4D | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
+| p521_mlkem1024 | 65044 | Yes | OQS_CODEPOINT_P521_MLKEM1024 |
 | SecP384r1MLKEM1024 | 0x11ED | Yes | OQS_CODEPOINT_SECP384R1MLKEM1024 |
-| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
-| p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
-| x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
-| bikel3 | 0x0242 | Yes | OQS_CODEPOINT_BIKEL3 |
-| p384_bikel3 | 0x2F42 | Yes | OQS_CODEPOINT_P384_BIKEL3 |
-| x448_bikel3 | 0x2FAF | Yes | OQS_CODEPOINT_X448_BIKEL3 |
-| bikel5 | 0x0243 | Yes | OQS_CODEPOINT_BIKEL5 |
-| p521_bikel5 | 0x2F43 | Yes | OQS_CODEPOINT_P521_BIKEL5 |
-| hqc128 | 0x0244 | Yes | OQS_CODEPOINT_HQC128 |
-| p256_hqc128 | 0x2F44 | Yes | OQS_CODEPOINT_P256_HQC128 |
-| x25519_hqc128 | 0x2FB0 | Yes | OQS_CODEPOINT_X25519_HQC128 |
-| hqc192 | 0x0245 | Yes | OQS_CODEPOINT_HQC192 |
-| p384_hqc192 | 0x2F45 | Yes | OQS_CODEPOINT_P384_HQC192 |
-| x448_hqc192 | 0x2FB1 | Yes | OQS_CODEPOINT_X448_HQC192 |
-| hqc256 | 0x0246 | Yes | OQS_CODEPOINT_HQC256 |
-| p521_hqc256 | 0x2F46 | Yes | OQS_CODEPOINT_P521_HQC256 |
+| bikel1 | 65045 | Yes | OQS_CODEPOINT_BIKEL1 |
+| p256_bikel1 | 65046 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
+| x25519_bikel1 | 65047 | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
+| bikel3 | 65048 | Yes | OQS_CODEPOINT_BIKEL3 |
+| p384_bikel3 | 65049 | Yes | OQS_CODEPOINT_P384_BIKEL3 |
+| x448_bikel3 | 65050 | Yes | OQS_CODEPOINT_X448_BIKEL3 |
+| bikel5 | 65051 | Yes | OQS_CODEPOINT_BIKEL5 |
+| p521_bikel5 | 65052 | Yes | OQS_CODEPOINT_P521_BIKEL5 |
+| hqc128 | 65053 | Yes | OQS_CODEPOINT_HQC128 |
+| p256_hqc128 | 65054 | Yes | OQS_CODEPOINT_P256_HQC128 |
+| x25519_hqc128 | 65055 | Yes | OQS_CODEPOINT_X25519_HQC128 |
+| hqc192 | 65056 | Yes | OQS_CODEPOINT_HQC192 |
+| p384_hqc192 | 65057 | Yes | OQS_CODEPOINT_P384_HQC192 |
+| x448_hqc192 | 65058 | Yes | OQS_CODEPOINT_X448_HQC192 |
+| hqc256 | 65059 | Yes | OQS_CODEPOINT_HQC256 |
+| p521_hqc256 | 65060 | Yes | OQS_CODEPOINT_P521_HQC256 |
 | mldsa44 | 0x0904 |Yes| OQS_CODEPOINT_MLDSA44
 | p256_mldsa44 | 0xff06 |Yes| OQS_CODEPOINT_P256_MLDSA44
 | rsa3072_mldsa44 | 0xff07 |Yes| OQS_CODEPOINT_RSA3072_MLDSA44

diff --git a/oqs-template/generate.py b/oqs-template/generate.py
@@ -8,6 +8,7 @@
 import shutil
 import subprocess
 import yaml
+from ruamel.yaml import YAML
 
 kemoidcnt=0
 
@@ -229,6 +230,62 @@ def load_config(include_disabled_sigs=False):
                 hybrid_nids.add(extra_hybrid_nid)
     return config
 
+def complete_kem_nids():
+    yaml = YAML()
+    yaml.indent(mapping=2, sequence=4, offset=2)
+    yaml.preserve_quotes = True
+
+    with open(os.path.join('oqs-template', 'generate.yml'), "r") as f:
+        config = yaml.load(f)
+
+    remainder_kem_nids = [str(x) for x in range(65024, 65280)]
+    def assignNid():
+        if len(remainder_kem_nids) == 0:
+            print(f'Surpassed number of available nids. Exiting process now.')
+            exit(1)
+        nid = remainder_kem_nids[0]
+        remainder_kem_nids.pop(0)
+        return nid
+
+    # remove established NIDs for KEMs (nid, hybrid_nid)
+    for kem in config['kems']:
+        # 'nid'
+        if 'nid' in kem:
+            nid = kem['nid']
+            if nid in remainder_kem_nids:
+                remainder_kem_nids.remove(nid)
+        # 'nid_hybrid'
+        if 'nid_hybrid' in kem:
+            nid_hybrid = kem['nid_hybrid']
+            if nid_hybrid in remainder_kem_nids:
+                remainder_kem_nids.remove(nid_hybrid)
+        # 'extra_nids.current.nid'
+        if 'extra_nids' not in kem or 'current' not in kem['extra_nids']:
+            continue
+        for extra_hybrid in kem['extra_nids']['current']:
+            if 'nid' in extra_hybrid:
+                nid = extra_hybrid['nid']
+                if nid in remainder_kem_nids:
+                    remainder_kem_nids.remove(nid)
+
+    for kem in config['kems']:
+        if 'extra_nids' in kem and 'old' in kem['extra_nids'] and 'current' not in kem['extra_nids']:
+            continue
+        if not 'nid' in kem:
+            kem['nid'] = assignNid()
+        if not 'nid_hybrid' in kem:
+            kem['nid_hybrid'] = assignNid()
+        if 'extra_nids' not in kem or 'current' not in kem['extra_nids']:
+            continue
+        for extra_hybrid in kem['extra_nids']['current']:
+            if not 'nid' in extra_hybrid:
+                extra_hybrid['nid'] = assignNid()
+
+    with open(os.path.join('oqs-template', 'generate.yml'), mode='w', encoding='utf-8') as f:
+        yaml.dump(config, f)
+
+complete_kem_nids()
+
 # extend config with "hybrid_groups" array:
 config = load_config() # extend config with "hybrid_groups" array