Remove unmanaged KEM OIDs (#522)

* disable tmp OID generation

Signed-off-by: Michael Baentsch <[email protected]>

* Update test/oqs_test_endecode.c

Co-authored-by: Spencer Wilson <[email protected]>
Signed-off-by: Michael Baentsch <[email protected]>

* Handle skipped tests

Signed-off-by: Spencer Wilson <[email protected]>

---------

Signed-off-by: Michael Baentsch <[email protected]>
Signed-off-by: Spencer Wilson <[email protected]>
Co-authored-by: Spencer Wilson <[email protected]>

ALGORITHMS.md

@@ -162,6 +162,10 @@ OQS_CODEPOINT_X25519_KYBER512=65072  ./openssl/apps/openssl s_client -groups x25
 Along the same lines as the code points, X.509 OIDs may be subject to change
 prior to final standardization. The environment variables below permit
 adapting the OIDs of all supported signature algorithms as per the table below.
+OIDs denoted with NULL are not maintained and may lead to errors in code
+execution. Anyone interested in using an algorithm with such designation is
+requested to contribute to the maintenance of these OIDs along the lines
+discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351.
 
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_START -->
 |Algorithm name |    default OID    | enabled | environment variable |
@@ -260,58 +264,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li
 
 |Algorithm name |    default OID    | environment variable |
 |---------------|:-----------------:|----------------------|
-| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES
-| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES
-| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES
-| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE
-| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE
-| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE
-| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES
-| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES
-| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES
-| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE
-| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE
-| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE
-| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES
-| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES
-| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE
-| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE
+| frodo640aes | NULL | OQS_OID_FRODO640AES
+| p256_frodo640aes | NULL | OQS_OID_P256_FRODO640AES
+| x25519_frodo640aes | NULL | OQS_OID_X25519_FRODO640AES
+| frodo640shake | NULL | OQS_OID_FRODO640SHAKE
+| p256_frodo640shake | NULL | OQS_OID_P256_FRODO640SHAKE
+| x25519_frodo640shake | NULL | OQS_OID_X25519_FRODO640SHAKE
+| frodo976aes | NULL | OQS_OID_FRODO976AES
+| p384_frodo976aes | NULL | OQS_OID_P384_FRODO976AES
+| x448_frodo976aes | NULL | OQS_OID_X448_FRODO976AES
+| frodo976shake | NULL | OQS_OID_FRODO976SHAKE
+| p384_frodo976shake | NULL | OQS_OID_P384_FRODO976SHAKE
+| x448_frodo976shake | NULL | OQS_OID_X448_FRODO976SHAKE
+| frodo1344aes | NULL | OQS_OID_FRODO1344AES
+| p521_frodo1344aes | NULL | OQS_OID_P521_FRODO1344AES
+| frodo1344shake | NULL | OQS_OID_FRODO1344SHAKE
+| p521_frodo1344shake | NULL | OQS_OID_P521_FRODO1344SHAKE
 | kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512
-| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512
-| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512
+| p256_kyber512 | NULL | OQS_OID_P256_KYBER512
+| x25519_kyber512 | NULL | OQS_OID_X25519_KYBER512
 | kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768
-| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768
-| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768
-| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768
-| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768
+| p384_kyber768 | NULL | OQS_OID_P384_KYBER768
+| x448_kyber768 | NULL | OQS_OID_X448_KYBER768
+| x25519_kyber768 | NULL | OQS_OID_X25519_KYBER768
+| p256_kyber768 | NULL | OQS_OID_P256_KYBER768
 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024
-| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024
+| p521_kyber1024 | NULL | OQS_OID_P521_KYBER1024
 | mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512
 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512
 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512
 | mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768
-| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768
-| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768
-| X25519MLKEM768 | 1.3.9999.99.54 | OQS_OID_X25519MLKEM768
-| SecP256r1MLKEM768 | 1.3.9999.99.55 | OQS_OID_SECP256R1MLKEM768
+| p384_mlkem768 | NULL | OQS_OID_P384_MLKEM768
+| x448_mlkem768 | NULL | OQS_OID_X448_MLKEM768
+| X25519MLKEM768 | NULL | OQS_OID_X25519MLKEM768
+| SecP256r1MLKEM768 | NULL | OQS_OID_SECP256R1MLKEM768
 | mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024
-| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024
+| p521_mlkem1024 | NULL | OQS_OID_P521_MLKEM1024
 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024
-| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1
-| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1
-| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1
-| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3
-| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3
-| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3
-| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5
-| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5
-| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128
-| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128
-| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128
-| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192
-| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192
-| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192
-| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256
-| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256
+| bikel1 | NULL | OQS_OID_BIKEL1
+| p256_bikel1 | NULL | OQS_OID_P256_BIKEL1
+| x25519_bikel1 | NULL | OQS_OID_X25519_BIKEL1
+| bikel3 | NULL | OQS_OID_BIKEL3
+| p384_bikel3 | NULL | OQS_OID_P384_BIKEL3
+| x448_bikel3 | NULL | OQS_OID_X448_BIKEL3
+| bikel5 | NULL | OQS_OID_BIKEL5
+| p521_bikel5 | NULL | OQS_OID_P521_BIKEL5
+| hqc128 | NULL | OQS_OID_HQC128
+| p256_hqc128 | NULL | OQS_OID_P256_HQC128
+| x25519_hqc128 | NULL | OQS_OID_X25519_HQC128
+| hqc192 | NULL | OQS_OID_HQC192
+| p384_hqc192 | NULL | OQS_OID_P384_HQC192
+| x448_hqc192 | NULL | OQS_OID_X448_HQC192
+| hqc256 | NULL | OQS_OID_HQC256
+| p521_hqc256 | NULL | OQS_OID_P521_HQC256
 <!--- OQS_TEMPLATE_FRAGMENT_OIDS_END -->
 

oqs-template/generate.py

@@ -93,9 +93,11 @@ def nist_to_bits(nistlevel):
       return None
 
 def get_tmp_kem_oid():
-   global kemoidcnt
-   kemoidcnt = kemoidcnt+1
-   return "1.3.9999.99."+str(kemoidcnt)
+   # doesn't work for runs on different files:
+   # global kemoidcnt
+   # kemoidcnt = kemoidcnt+1
+   # return "1.3.9999.99."+str(kemoidcnt)
+   return "NULL"
 
 def complete_config(config):
    for kem in config['kems']:

oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment

@@ -29,9 +29,17 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] =
 
 #ifdef OQS_KEM_ENCODERS
 {% for kem in config['kems'] %}
+{%- if kem['oid'] == "NULL" -%}
+NULL, "{{ kem['name_group'] }}",
+{%- else -%}
 "{{ kem['oid'] }}", "{{ kem['name_group'] }}",
+{%- endif -%}
 {%- for hybrid in kem['hybrids'] %}
+{%- if hybrid['hybrid_oid'] == "NULL" -%}
+NULL, "{% if 'standard_name' in hybrid %}{{hybrid['standard_name']}}{% else %}{{ hybrid['hybrid_group'] }}_{{ kem['name_group'] }}{% endif %}",
+{%- else -%}
 "{{hybrid['hybrid_oid']}}", "{% if 'standard_name' in hybrid %}{{hybrid['standard_name']}}{% else %}{{ hybrid['hybrid_group'] }}_{{ kem['name_group'] }}{% endif %}",
+{%- endif -%}
 {%- endfor -%}
 {%- endfor %}