Integrating OpenSSL & Liboqs in Python - SSL Unexpected Message

[LeShadow]

Hey!

So for the last few days I have been trying to integrate liboqs and this version of OpenSSL in Python 3.8.11. This is basically what I am doing:

• Configure and compile liboqs with the following configure settings: cmake -GNinja -DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=../../openssl/oqs ..
• Configure and compile openssl with the following configure settings: ./Configure shared linux-x86_64 -lm --prefix=/opt/openssl_installed --openssldir=/opt/openssl_installed

Now when I compile Python, it finds that custom openssl installation, I added the paths to my PATH as well.

However, when I then use Python, every SSL connection (even the ones without PQC) are getting an error with SSL "UNEXPECTED MESSAGE".

Example:

Starting new HTTPS connection (1): pypi.org:443
Incremented Retry for (url='/simple/requests/'): Retry(total=4, connect=None, read=None, redirect=None, status=None)
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1131)'))': /simple/requests/

I was wondering if anyone could give me pointers, or get me on the right path, on how to fix this?

Thank you!

[LeShadow]

Can I assume that this is potentially because you can't just integrate the library? You have to make changes in the Python source code as well?

[dstebila]

Hi Sebastiaan, we have not at all tested whether compiling Python against an OQS-enabled OpenSSL yields post-quantum support in Python or not. For OpenSSL-reliant applications, sometimes it's really easy (if memory serves, Apache and nginx just basically worked), sometimes there's a small patch (e.g., wireshark), and sometimes it's a massive undertaking (e.g., OpenSSH).

[baentsch]

I'd personally start by taking a look at the file and line number mentioned in the error message "_ssl.c:1131": What file is that? Is that provided by python? If it has a file named "ssl.c" what is it's relationship to openssl? Which code provides the TLS/SSL logic? If it's (oqs-)openssl, things may be simple, if python does its own crypto (?) things look bleak. To judge this seriously, one would need to know a bit more about python. Do you, @LeShadow ? I never tried to build it :-(

[LeShadow]

@baentsch I don't really know the ins and outs of Python, but I should have looked at the file (that you mentioned) first before posting here! I was a little bit lazy and my apologies for that!

I would like to try to figure out if I can make Python work with oqs-openssl, so I might give it a go. If I have any findings, or any progress, can I let you know anywhere?

[LeShadow]

Current "findings" so far:

If we run the tests, after compiling Python 3.8.11, then we get the message I mentioned earlier. Strace doesn't really show us what is going wrong, but I am also not the best at interpreting that either.

Example strace:

...
write(2, "\33[33mWARNING: Retrying (Retry(to"..., 229WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1131)'))': /simple/requests/
) = 229
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=340, ...}) = 0
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR)                   = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=221, ...}) = 0
read(3, "127.0.0.1\tlocalhost\n\n# The follo"..., 4096) = 221
lseek(3, 0, SEEK_CUR)                   = 221
read(3, "", 4096)                       = 0
close(3)                                = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 3
setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("161.97.189.51")}, 16) = 0
poll([{fd=3, events=POLLOUT}], 1, 0)    = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "\340\31\1\0\0\1\0\0\0\0\0\0\4pypi\3org\0\0\1\0\1", 26, MSG_NOSIGNAL, NULL, 0) = 26
poll([{fd=3, events=POLLIN}], 1, 5000)  = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [90])                = 0
recvfrom(3, "\340\31\201\200\0\1\0\4\0\0\0\0\4pypi\3org\0\0\1\0\1\300\f\0\1\0\1"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("161.97.189.51")}, [28->16]) = 90
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3
bind(3, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, nl_pid=512471, nl_groups=00000000}, [12]) = 0
sendto(3, {{len=20, type=RTM_GETADDR, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1644200649, pid=0}, {ifa_family=AF_UNSPEC, ...}}, 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[{{len=76, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1644200649, pid=512471}, {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, [{{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")}, {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")}, {{nla_len=7, nla_type=IFA_LABEL}, "lo"}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=1174, tstamp=1174}}]}, {{len=88, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1644200649, pid=512471}, {ifa_family=AF_INET, ifa_prefixlen=20, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("eth0")}, [{{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("38.242.200.39")}, {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("38.242.200.39")}, {{nla_len=8, nla_type=IFA_BROADCAST}, inet_addr("38.242.207.255")}, {{nla_len=9, nla_type=IFA_LABEL}, "eth0"}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=1390, tstamp=1390}}]}], iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=20, type=NLMSG_DONE, flags=NLM_F_MULTI, seq=1644200649, pid=512471}, 0}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.0.223")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(44318), sin_addr=inet_addr("38.242.200.39")}, [28->16]) = 0
connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.192.223")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(48850), sin_addr=inet_addr("38.242.200.39")}, [28->16]) = 0
connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.128.223")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(33378), sin_addr=inet_addr("38.242.200.39")}, [28->16]) = 0
connect(3, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.64.223")}, 16) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(48784), sin_addr=inet_addr("38.242.200.39")}, [28->16]) = 0
close(3)                                = 0
socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
ioctl(3, FIONBIO, [1])                  = 0
connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.0.223")}, 16) = -1 EINPROGRESS (Operation now in progress)
poll([{fd=3, events=POLLOUT|POLLERR}], 1, 15000) = 1 ([{fd=3, revents=POLLOUT}])
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
openat(AT_FDCWD, "/opt/python_installed/lib/python3.8/site-packages/pip/_vendor/certifi/cacert.pem", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=263774, ...}) = 0
read(4, "\n# Issuer: CN=GlobalSign Root CA"..., 4096) = 4096
read(4, ": 6d:c4:71:72:e0:1c:bc:b0:bf:62:"..., 4096) = 4096
read(4, "ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ"..., 4096) = 4096
read(4, "9vdCBDZXJ0\naWZpY2F0aW9uIEF1dGhvc"..., 4096) = 4096
read(4, "LYmYjgahwz46P0u05B/B5EqHdZ+XIWD\n"..., 4096) = 4096
read(4, "CMwhwFY9k6+HGhWZq/N\nQV3Is00qVUar"..., 4096) = 4096
read(4, "+HBvbaoAPIbzp26a3QPSy\ni6mx5O+aGt"..., 4096) = 4096
read(4, "ect: CN=DigiCert Assured ID Root"..., 4096) = 4096
read(4, "0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:"..., 4096) = 4096
read(4, "k1ZIzUd6+jbqE\nemA8atufK+ze3gE/bk"..., 4096) = 4096
read(4, "7788362757014266862032\n# MD5 Fin"..., 4096) = 4096
read(4, "BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N"..., 4096) = 4096
read(4, "R0IxGzAZBgNVBAgTEkdy\nZWF0ZXIgTWF"..., 4096) = 4096
read(4, ": O=Chunghwa Telecom Co., Ltd. O"..., 4096) = 4096
read(4, "D CERTIFICATE-----\n\n# Issuer: CN"..., 4096) = 4096
brk(0x55fdca46a000)                     = 0x55fdca46a000
read(4, " Kft. OU=Tan\\xfas\\xedtv\\xe1nykia"..., 4096) = 4096
read(4, "ICATE-----\nMIIDbTCCAlWgAwIBAgIBA"..., 4096) = 4096
read(4, "uzsT\ngHeMCOFJ0mpiLx9e+pZo34knlTi"..., 4096) = 4096
read(4, "uQS4xEzARBgNVBAMMCkl6ZW5wZS5j\nb2"..., 4096) = 4096
read(4, "MCAQYwPQYDVR0gBDYwNDAyBgRV\nHSAAM"..., 4096) = 4096
read(4, " Serial: 0\n# MD5 Fingerprint: 80"..., 4096) = 4096
read(4, "ATE-----\nMIID7zCCAtegAwIBAgIBADA"..., 4096) = 4096
read(4, "0twmQVGeFDdCBKNwV6gbh+0t+nvujArj"..., 4096) = 4096
read(4, "tum Trusted Network CA O=Unizeto"..., 4096) = 4096
read(4, "dzCCAl+gAwIBAgIBADANBgkqhkiG9w0B"..., 4096) = 4096
read(4, " Research Institutions Cert. Aut"..., 4096) = 4096
read(4, "Ok\nfcvHlXHo2qN8xcL4dJIEG4aspCJTQ"..., 4096) = 4096
read(4, "9qzo6ysmD0oyLQ\nI+uUWnpp3Q+/QFesa"..., 4096) = 4096
brk(0x55fdca48b000)                     = 0x55fdca48b000
read(4, "2O2GCahKqGFPrAyGUv/7OyjANBgkqhki"..., 4096) = 4096
read(4, "dzes05\nnsKtjHEh8lprr988TlWvsoRlF"..., 4096) = 4096
read(4, "KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAC"..., 4096) = 4096
read(4, " v1 O=TeliaSonera\n# Label: \"Teli"..., 4096) = 4096
read(4, "f6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7"..., 4096) = 4096
read(4, "UdIwQYMBaAFKelBrEspglg7tGX6XCuvD"..., 4096) = 4096
read(4, "IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJu"..., 4096) = 4096
read(4, "ATE-----\nMIIDljCCAn6gAwIBAgIQC5M"..., 4096) = 4096
read(4, "wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGE"..., 4096) = 4096
read(4, "6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+"..., 4096) = 4096
read(4, "c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs"..., 4096) = 4096
read(4, "ba:17:74:38:81:0c:a2:bc:08\n# SHA"..., 4096) = 4096
brk(0x55fdca4ac000)                     = 0x55fdca4ac000
read(4, "W4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxM"..., 4096) = 4096
read(4, "RtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+"..., 4096) = 4096
read(4, "LrpxR57d+tVOxMyLlbc9wPBr64ptntoP"..., 4096) = 4096
read(4, "XiObT\nej/tUxPQ4i9qecsAIyjmHjdXNY"..., 4096) = 4096
read(4, "grHXXu3UNLUYfrVFdvXn4dRVOul4+vJh"..., 4096) = 4096
read(4, "8ZEA\n4yjsriFBzh/a/X0SWwGDD7mwX5n"..., 4096) = 4096
read(4, "mZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6"..., 4096) = 4096
read(4, "91:0f:1c:6e:59:fd:c1:cc:6a:6e:de"..., 4096) = 4096
read(4, "RTIFICATE-----\nMIIBtjCCAVugAwIBA"..., 4096) = 4096
read(4, "ERTIFICATE AUTHORITY CO.,LTD.\n# "..., 4096) = 4096
read(4, "PE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVx"..., 4096) = 4096
read(4, "N0Q29yIENlcnRpZmljYXRlIEF1dGhvcm"..., 4096) = 4096
brk(0x55fdca4cd000)                     = 0x55fdca4cd000
read(4, "IN CERTIFICATE-----\nMIICjTCCAhSg"..., 4096) = 4096
read(4, "DCCAhqgAwIBAgIILCmcWxbtBZUwCgYIK"..., 4096) = 4096
read(4, "EUgV0lTZUtleSBHbG9iYWwg\nUm9vdCBH"..., 4096) = 4096
read(4, "K3ofmZemde4wj7I0BOd\nre7kRXuJVfeK"..., 4096) = 4096
read(4, "1:c9:76:fe:01:47:64:c1:be:56:a6:"..., 4096) = 4096
read(4, "vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0"..., 4096) = 4096
read(4, "bTI0Aq\nd7OvPAEsbO2ZLIvZTmmYsvePQ"..., 4096) = 4096
read(4, "1f:60:15:0c:ee:48:66\n# SHA256 Fi"..., 4096) = 4096
read(4, "a:2d:5a:b9:7c:53:3e:c7:07:79:ee:"..., 4096) = 4096
read(4, " 73:a5:e6:4a:3b:ff:83:16:ff:0e:d"..., 4096) = 4096
read(4, "3MzVaFw00MjAyMDYwOTI3MzVaMEExCzA"..., 4096) = 4096
brk(0x55fdca4ee000)                     = 0x55fdca4ee000
read(4, "C/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfR"..., 4096) = 4096
read(4, "xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbi"..., 4096) = 1630
read(4, "", 4096)                       = 0
close(4)                                = 0
getsockopt(3, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(43612), sin_addr=inet_addr("38.242.200.39")}, [128->16]) = 0
ioctl(3, FIONBIO, [1])                  = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("151.101.0.223")}, [16]) = 0
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
getpid()                                = 512471
write(3, "\26\3\1\2\0\1\0\1\374\3\3\4\252\340]Ujy*W\307\365Wi\371\257\333\311~\303M\33"..., 517) = 517
read(3, 0x55fdca4db2c3, 5)              = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, 14999) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\27\3\3\0\23", 5)              = 5
read(3, "\202a\230}(s\33|e\334\254\374\366\10%\351?8\2", 19) = 19
write(3, "\25\3\1\0\2\2\n", 7)          = 7
ioctl(3, FIONBIO, [1])                  = 0
close(3)                                = 0
select(0, NULL, NULL, NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
getpid()                                = 512471
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
...

Now I created a very simple python script that basically just tries a connection to one of the test servers, like this:

import urllib.request
with urllib.request.urlopen('https://test.openquantumsafe.org:6017') as response:
   html = response.read()

Now, instead of getting the above error, we are getting the following error:

Traceback (most recent call last):
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 1354, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/opt/python_installed/lib/python3.8/http/client.py", line 1256, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/opt/python_installed/lib/python3.8/http/client.py", line 1302, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/opt/python_installed/lib/python3.8/http/client.py", line 1251, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/opt/python_installed/lib/python3.8/http/client.py", line 1011, in _send_output
    self.send(msg)
  File "/opt/python_installed/lib/python3.8/http/client.py", line 951, in send
    self.connect()
  File "/opt/python_installed/lib/python3.8/http/client.py", line 1425, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/opt/python_installed/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/opt/python_installed/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/opt/python_installed/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1131)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "test_seb.py", line 2, in <module>
    with urllib.request.urlopen('https://test.openquantumsafe.org:6017') as response:
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 542, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 502, in _call_chain
    result = func(*args)
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 1397, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/opt/python_installed/lib/python3.8/urllib/request.py", line 1357, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1131)>

I looked at how Python is implementing Openssl, and if we look at the following line: https://github.com/python/cpython/blob/f4c03484da59049eb62a9bf7777b963e2267d187/Modules/_ssl.c#L960

Then we see that it is using SSL_do_handshake, which it inherits from the included openssl/ssl.h file. (If the function returns a 0, it is apparently also a failure) So we know that Python does not use its own implementation of the do_handshake-function, so the next step is to understand why the handshake goes wrong.

Like I said before, I am not the best at this, but I like challenges! So Tomorrow or Tuesday, I will continue 😊

[baentsch]

@LeShadow Thanks very much for your interest to merge liboqs and python as well as your analysis above. The error message in your latter try above (assuming you correctly built and linked liboqs and oqs-openssl (in)to python) looks very familiar in an OpenSSL setting: It always happens when client and server don't agree on the KEM group to be used. When trying to contact "https://test.openquantumsafe.org:6017" a client needs to request "saber" (as per the algorithm/port mapping table at https://test.openquantumsafe.org) to establish a connection. By default, an OpenSSL client (such as python in this case) only requests the use of classic crypto KEM groups, so the error is expected.

There are two ways to change this: One is to change the list of default KEM groups (of which "saber" in this example needs to be a member) requested by the client. This is done by setting "saber" as part of OQS_DEFAULT_GROUPS configure parameter. This requires a re-build of oqs-openssl but no code change to the client (python in this case). It is a very limiting approach for trying different algorithms, though.

The second option is much more flexible, but possibly requires a change to the python client source code: In this case, the OpenSSL function SSL_CTX_set1_groups_list needs to be called with such a KEM groups list (again, containing "saber" in this example). You may want to check the python source code whether it already contains a call to this function and thus permits setting the KEM groups (and ideally, exposes this to users of python such as to allow you to request "saber" explicitly when contacting port 6017 of our test server).

Now, when reading the python SSL documentation it might be such that the function SSLContext.set_ecdh_curve might already provide this capability: It might be a bit surprising as OQS algorithms are not ECDH algorithms, but historically, the TLS 1.3 concept of KEM groups (which OQS uses) has its roots in the TLS1.2 concept of different (ECDH) curves. Long story short: You might want to try calling SSLContext.set_ecdh_curve("saber") before trying the SSL handshake. (python urllib.request.urlopen permits setting such "SSLContext") -- and things just might immediately work: In case I'm not clear, the suggestion is to amend your code above as follows:

import urllib.request
import ssl
ctx = ssl.SSLContext()
ctx.set_ecdh_curve("saber")

with urllib.request.urlopen('https://test.openquantumsafe.org:6017', context=ctx) as response:
   html = response.read()

Good luck with your further tests! Please let us know how they go.

[LeShadow]

@baentsch Thank you for your explanation! I will have a look at it tonight, with your input!

Just to clarify how I built liboqs and oqs-openssl:

I have a directory /opt, in there I have cloned both liboqs and openssl in respectively:

• /opt/liboqs
• /opt/openssl

In /opt/liboqs I used the following commands to configure and compile liboqs: mkdir build && cd build && cmake -GNinja -DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=../../openssl/oqs .. && ninja && ninja install

In /opt/openssl I used the following commands to configure and compile oqs-openssl: ./Configure shared linux-x86_64 -lm --prefix=/opt/openssl_installed --openssldir=/opt/openssl_installed && make -j && make install

Afterwards I executed /opt/openssl_installed/apps/openssl speed oqssig to verify it was working.

I will continue this evening and let you know what I can find!

[LeShadow]

Small status update:

@baentsch

After a few days of being ill, I thought I'd continue on my journey to get this to work!

So, first I discovered that the version of Python that I was compiling (3.8.11) didn't have the same implementation of SSL (or not entirely the same, there are differences on how things are defined or executed) as the current version (which is Python 3.10.2). So I was also looking at the wrong code in Github to understand errors etc...

So I compiled Python 3.10.2 with the oqs-openssl, as described above, and now I get a different error. For a test connection on port 6058, which uses p256_lightsaber instead of saber, I get this:

Traceback (most recent call last):
  File "/opt/python310_installed/bin/test_seb.py", line 11, in <module>
    sslSettings.set_ecdh_curve("p256_lightsaber")
ssl.SSLError: [EC: UNKNOWN_GROUP] unknown group (_ssl.c:4331)

This error is caused in the following function (can also be found here):

static PyObject *
_ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
/*[clinic end generated code: output=23022c196e40d7d2 input=c2bafb6f6e34726b]*/
{
    PyObject *name_bytes;
    int nid;
    EC_KEY *key;

    if (!PyUnicode_FSConverter(name, &name_bytes))
        return NULL;
    assert(PyBytes_Check(name_bytes));
    nid = OBJ_sn2nid(PyBytes_AS_STRING(name_bytes));
    Py_DECREF(name_bytes);
    if (nid == 0) {
        PyErr_Format(PyExc_ValueError,
                     "unknown elliptic curve name %R", name);
        return NULL; ==> **THIS IS LINE 4331**
    }
    key = EC_KEY_new_by_curve_name(nid);
    if (key == NULL) {
        _setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__);
        return NULL;
    }
    SSL_CTX_set_tmp_ecdh(self->ctx, key);
    EC_KEY_free(key);
    Py_RETURN_NONE;
}

I went to the include files for oqs-openssl, and behold, that is defined in obj_mac.h (here). So now I am trying to figure out why it can't find that group, yet it exists. Maybe I am missing something? I'll keep you posted!

To be continued...

EDIT: I also did a test by selecting the very last group in obj_mac.h in a clean openssl installation, just to see if it would try to get that group to decide on a curve. This does not seem to work either, it errors out on the same line as before. (Group I tried is uacurve9, line 5195 in obj_mac.h)

EDIT 2: I did an strace of the execution of my script, and saw the following:

openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\354\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=867608, ...}) = 0
mmap(NULL, 763832, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feeebe4e000
mprotect(0x7feeebe6b000, 589824, PROT_NONE) = 0
mmap(0x7feeebe6b000, 466944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d000) = 0x7feeebe6b000
mmap(0x7feeebedd000, 118784, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8f000) = 0x7feeebedd000
mmap(0x7feeebefb000, 57344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xac000) = 0x7feeebefb000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0 \10\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=3873744, ...}) = 0
mmap(NULL, 3469360, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feeebafe000
mmap(0x7feeebb7f000, 2097152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x7feeebb7f000
mmap(0x7feeebd7f000, 614400, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x281000) = 0x7feeebd7f000
mmap(0x7feeebe15000, 212992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x316000) = 0x7feeebe15000
mmap(0x7feeebe49000, 16432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feeebe49000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@n\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1839792, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feeebafc000
mmap(NULL, 1852680, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feeeb937000
mprotect(0x7feeeb95c000, 1662976, PROT_NONE) = 0
mmap(0x7feeeb95c000, 1355776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7feeeb95c000
mmap(0x7feeebaa7000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x170000) = 0x7feeebaa7000
mmap(0x7feeebaf2000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7feeebaf2000
mmap(0x7feeebaf8000, 13576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feeebaf8000
close(3)                                = 0

You can see that Python loads the wrong SSL libraries. So I will need to fix first :).

My apologies for all the confusion, my mistake!

[LeShadow]

@baentsch My initial assessment was wrong, because of the following reasons:

(in my explanation, every time I say a function name, the name is clickable!)

• Python was using the correct compiled openssl libraries
• on the function I posted above, where it says "this is line 4331", the function actually gives an error where it states _setSSLError

Now I tracked down why it kept saying "UNKNOWN GROUP", which is an error thrown on that line.

If we have a look at that function again, _ssl__SSLContext_set_ecdh_curve:

static PyObject *
_ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
/*[clinic end generated code: output=23022c196e40d7d2 input=c2bafb6f6e34726b]*/
{
    PyObject *name_bytes;
    int nid;
    EC_KEY *key;

    if (!PyUnicode_FSConverter(name, &name_bytes))
        return NULL;
    assert(PyBytes_Check(name_bytes));
    nid = OBJ_sn2nid(PyBytes_AS_STRING(name_bytes));
    Py_DECREF(name_bytes);
    if (nid == 0) {
        PyErr_Format(PyExc_ValueError,
                     "unknown elliptic curve name %R", name);
        return NULL;
    }
    key = EC_KEY_new_by_curve_name(nid); ===> THIS LINE
    if (key == NULL) {
        _setSSLError(get_state_ctx(self), NULL, 0, __FILE__, __LINE__);
        return NULL;
    }
    SSL_CTX_set_tmp_ecdh(self->ctx, key);
    EC_KEY_free(key);
    Py_RETURN_NONE;
}

The line where I say, THIS LINE, calls the openssl function EC_KEY_new_by_curve_name. Now this function contains the following:

EC_KEY *EC_KEY_new_by_curve_name(int nid)
{
    EC_KEY *ret = EC_KEY_new();
    if (ret == NULL)
        return NULL;
    ret->group = EC_GROUP_new_by_curve_name(nid);
    if (ret->group == NULL) {
        EC_KEY_free(ret);
        return NULL;
    }
    if (ret->meth->set_group != NULL
        && ret->meth->set_group(ret, ret->group) == 0) {
        EC_KEY_free(ret);
        return NULL;
    }
    return ret;
}

We can see it calls EC_GROUP_new_by_curve_name which in itself contains:

EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
    size_t i;
    EC_GROUP *ret = NULL;

    if (nid <= 0)
        return NULL;

    for (i = 0; i < curve_list_length; i++)
        if (curve_list[i].nid == nid) {
            ret = ec_group_new_from_data(curve_list[i]);
            break;
        }

    if (ret == NULL) {
        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
        return NULL;
    }

    return ret;
}

As we can see, this function depends on curve_list, which is a defined list of curves that can be used by OpenSSL in all its functions. Since saber is missing from the list (can be found here), this is why it will always say "UNKNOWN GROUP" when we try to use saber, by using set_ecdh_curve.

I would like to see if we can get past this, but at this moment my knowledge is quite limited on how we can achieve this. Maybe you have an idea, or anyone else for that matter, that might get me on the right path?

Edit: Credit where credit is due, I managed to get to this conclusion after long searching with help from a friend, @AtomicNicos

[baentsch]

Thanks for this summary. The moment the code goes down the "EC" (elliptic curve) API route, things are doomed as OQS crypto does not provide EC curves (but TLS 1.3 groups -- which in TLS 1.2 were identical with EC curves, admittedly). My hope had been that the Python code just uses the higher-level OpenSSL EVP TLS APIs (under "the hood" of which we hide OQS crypto in oqs-openssl).

However, this now interests me a bit: Could you share where you obtained the python code from, what --beyond liboqs and oqs-openssl-- you compiled (and how/config options, platform, compiler, etc) and how you integrated oqs-openssl in order to trigger the tests above? I'd like to understand why Python uses these comparatively low-level APIs (and whether there may be a way around them).

[LeShadow]

@baentsch

I have to apologise again, with all my focus on trying to set that ecdh curve, I forgot to test if it would work without setting the curve. My apologies for wasting your time before on this.

So I wrote a small script that checked which key exchange algorithms worked without any issue when using the urllib library in Python.

This is the list of signature algorithms and key exchange algorithms that worked without any issue:

**ecdsap256**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium2**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium3**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium5**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium2_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium3_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**dilithium5_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**falcon512**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**falcon1024**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**picnicl1full**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**picnic3l1**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rainbowIclassic**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rainbowVclassic**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**sphincsharaka128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**sphincssha256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**sphincsshake256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_dilithium2**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_dilithium2**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p384_dilithium3**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p521_dilithium5**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_dilithium2_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_dilithium2_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p384_dilithium3_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p521_dilithium5_aes**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_falcon512**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_falcon512**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p521_falcon1024**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_picnicl1full**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_picnicl1full**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_picnic3l1**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_picnic3l1**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_rainbowIclassic**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_rainbowIclassic**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p521_rainbowVclassic**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_sphincsharaka128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_sphincsharaka128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_sphincssha256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_sphincssha256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**p256_sphincsshake256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

**rsa3072_sphincsshake256128frobust**: *,p256_frodo640aes,p256_frodo640shake,p256_kyber512,p256_ntru_hps2048509,p256_lightsaber,p256_sidhp434,p256_sidhp503,p256_sikep434,p256_sikep503,p256_bikel1,p256_kyber90s512,p256_hqc128,p256_ntrulpr653,p256_ntrulpr761,p256_sntrup653,p256_sntrup761

What I did to get Python (3.10.2) to work with oqs-openssl and liboqs is the following:

(At this point, my oqs-openssl is installed in /opt/openssl_installed/)

• Get Python source from: here
• Add the openssl library to the LD_LIBRARY_PATH: export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/openssl_installed/lib
• Unpack Python-3.10.2.tgz in /opt/
• mkdir /opt/python310_installed
• Go into /opt/Python-3.10.2
• Open file Modules/Setup and change line 211->217 to the following:

  OPENSSL=/opt/openssl_installed
  _ssl _ssl.c \
   -I$(OPENSSL)/include -I$(OPENSSL)/include/openssl -I$(OPENSSL)/include/oqs -L$(OPENSSL)/lib \
   -lssl -lcrypto -loqs
  _hashlib _hashopenssl.c \
   -I$(OPENSSL)/include -I$(OPENSSL)/include/openssl -I$(OPENSSL)/include/oqs -L$(OPENSSL)/lib \
   -lcrypto -loqs

• Execute: ./configure --prefix=/opt/python310_installed/ --with-openssl=/opt/openssl_installed/ --with-ensurepip=install
• Execute: make && make test (Some tests will fail, the ones with urllib/https connections)
• Execute: make install

To make this work, since I compiled liboqs and oqs-openssl with shared libs, I copied /opt/openssl_installed/lib/* to /lib/x86_64-linux-gnu.

And then I used the following script, copied to /opt/python310_installed/bin, to test every connection (command: ./python3.10 main.py):

import json
import sys 
import urllib.request 
import ssl 

good_dict = {}
bad_dict = {}
with open('assignments.json') as json_file:
    algos = json.load(json_file)

sslSettings= ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
sslSettings.verify_mode = ssl.CERT_REQUIRED

sslSettings.load_verify_locations(cafile="CA.crt")

for sig, kexalgos in algos.items():
    print("Testing for Signature Algorithm: " + sig)
    good_dict[sig] = []
    bad_dict[sig] = []
    for kexalgo, port in kexalgos.items():
        try:
            with urllib.request.urlopen('https://test.openquantumsafe.org:' + str(port), context=sslSettings) as response:
                if response.getcode() == 200:
                    good_dict[sig].append(kexalgo)
                    print("Test successful for: " + kexalgo)
                    continue
                bad_dict[sig].append(kexalgo)
                print("Test failed with code " + str(response.getcode()) + " for algo: " + kexalgo)
        except urllib.error.URLError as e:
            bad_dict[sig].append(kexalgo)
            print("Failed for algo:" + kexalgo)
            #print(e)
        except Exception as e:
            bad_dict[sig].append(kexalgo)
            print("General error:" + kexalgo)
            #print(e)
    print("Done testing for: " + sig)

for siggie,algos in good_dict.items():
    print(siggie + ": " + ','.join(algos))
for siggie,algos in bad_dict.items():
    print(siggie + ": " + ','.join(algos))

Now, this is all built with shared libraries.

If you want to do it with statically linked OpenSSL Libraries, instead of changing line 211->217 in Modules/Setup, change line 211 (the correct path to your openssl installation) and then line 220->226 into the following:

 _ssl _ssl.c \
     -I$(OPENSSL)/include -I$(OPENSSL)/include/openssl -I$(OPENSSL)/include/oqs -L$(OPENSSL)/lib \
     -l:libssl.a -Wl,--exclude-libs,libssl.a \
     -l:libcrypto.a -Wl,--exclude-libs,libcrypto.a \
      -l:liboqs.a -Wl,--exclude-libs,liboqs.a
_hashlib _hashopenssl.c \
     -I$(OPENSSL)/include -I$(OPENSSL)/include/openssl -I$(OPENSSL)/include/oqs -L$(OPENSSL)/lib \
     -l:libcrypto.a -Wl,--exclude-libs,libcrypto.a \
      -l:liboqs.a -Wl,--exclude-libs,liboqs.a

[baentsch]

@LeShadow Thanks very much for this very positive update! Also thanks for the build instructions. The test code looks good, too (iterating over the interop test server's assignments.json): At first glance, then, all NIST level 1 hybrid KEMS and all QSC sigs work out of the box. This begs the question: What's happening with the other KEMs? I'd have expected plain QSC KEMs to work with a higher likelihood than the hybrid versions... Did they wind up in the "bad_dict" (presumably not output)? Any common error messages showing why this may be so?

[LeShadow]

@baentsch I will do more tests, and see where I need to tweak the build. I will keep you in the loop!

If I can get it all working, is it something that might be put in the liboqs-demos repo or can I blog about this? (ofcourse mentioning the entire project that your team has been working on for so long!)

[LeShadow]

@baentsch it seems that every error is the same: ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:999)

Any input from you maybe? (In the meantime, I am going through the source codes again to try to figure this out)

[LeShadow]

It looks like the problem lies with oqs-openssl I think?

(Port 6006 equates to the signature algorithm ecdsap256 and the Key exchange algorithm frodo1344shake)

root@vmi787755:/opt/openssl_installed/bin# ./openssl s_client -host test.openquantumsafe.org -port 6006
CONNECTED(00000003)
139929043433280:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 436 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

[LeShadow]

After some more reading of the source code, I discovered that this is happening because of the following situation:

On line 295 from ssl/t1_lib.c, a list of default curves is being defined (OQS Hybrid ones).

When openssl or Python for that matter (as I did a test with openssl and with python) make a connection, they will assume they have to use one of the KEM's defined in that default list. Only when you define -curve (which we can do with openssl s_client, but we cannot (yet) with Python), then it won't throw the error, but it will work out of the box.

So a temporary fix for Python would be is to alter ssl/t1_lib.c and to add all other Kex's to the eccurves_default[] list.

Result with ./openssl s_client -host test.openquantumsafe.org -port 6006:

./openssl s_client -host test.openquantumsafe.org -port 6006 -CAfile /opt/openssl_installed/bin/CA.crt
CONNECTED(00000003)
depth=1 CN = oqstest_CA
verify return:1
depth=0 CN = test.openquantumsafe.org
verify return:1
---
Certificate chain
 0 s:CN = test.openquantumsafe.org
   i:CN = oqstest_CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDRDCCASygAwIBAgIUDEbPtFJQgLPNoYlQp3g/y3FfsfEwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKb3FzdGVzdF9DQTAeFw0yMjAxMTQwNTIzMTFaFw0yMzAx
MTQwNTIzMTFaMCMxITAfBgNVBAMMGHRlc3Qub3BlbnF1YW50dW1zYWZlLm9yZzBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGSFUiAqGapGM6QN0gIdVFnwa/NUcCC+
oPgWtI5Id3UqvAAoWNezkTCZmGMx1NXWrUcFXmw1pvJiLRhngPIm5ZajSTBHMAsG
A1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAaghh0ZXN0
Lm9wZW5xdWFudHVtc2FmZS5vcmcwDQYJKoZIhvcNAQELBQADggIBAJ4GoN50CZJa
6ZznZ/FbyVzkKigeylVFfpaPuOk9rQ0Gc4wwIPIa9aAIfhcNehTkzYIR7bxVSGZ4
G5HQq+mHKUnYwz+eEcDLLP1472xc8uaGj8BnKt8vCndQqEibN8iijAx40jU0HJYk
YNmyRavPKY4tjJh9NKJjBbY27rqa0HqcHxQ4hTDGT+TtKtpKymfBiRqxwaA/E5Ag
LCelUJXv3//fvJtVuN2m3DHJ/iGDJsPT2/zcUfXnEcP5pqEuy/pTFHyBBNQlg3JB
ALNO3tyxXV0LeUQcA1WKzRbzrlSKW582TJZa3h2Q2sDR5b89imZ0rUsIQ/Yh24Ci
tkqRdVGcSQBKS9Xo4sDhKXKEQ6m1kSSA55FntHBzuboXTL5QKYL82Hyca2PD/29Q
Iw3lSxlgd++oVKc/7YDQ6m8SjnYLtif3ATELtyUiIRaUgBV5GGwraGavOg1IVJLJ
JrRvhvyYHuegNNJRywE8WQEZdsUJY0Ph5oFVH5W6cr8gzb4cGmHqf8J6ieMN5x+p
GN2FJVsCwhjJgIhhY8r8dAluTQBd5nAKx+rdu0CW19IroR1QtrCsqioE3O0/0WDn
0772BTnHe2uPwqVX0WkLi/NKLOHR9x+V5s/2wPYLTLASVFHt6srGhDT/el7zdGIm
2GrRkYTzQ2CBnQoC0h0o0afMwXuk7GvA
-----END CERTIFICATE-----
subject=CN = test.openquantumsafe.org

issuer=CN = oqstest_CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: frodo1344shake
---
SSL handshake has read 22912 bytes and written 22717 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6C77473B107088BAB5158A002164D89E7C0A8B7E512D7E95B41BC0F7C53364BC
    Session-ID-ctx:
    Resumption PSK: 6572B6D276381FFC5D28ECC39B44516C5839A7D9E154BD9D5C2CAAD3684644FDF496A53A21E49CF4A18A4027497BD2CA
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 10 13 44 18 a3 7b fc 3d-9e f4 1c f1 96 9d fc fb   ..D..{.=........
    0010 - 41 91 7f 65 c2 39 6a 37-0a 94 9e 96 2c c7 3b 7c   A..e.9j7....,.;|
    0020 - 2c df 2c 6c 4b 16 c5 85-b1 c9 b6 14 69 aa 55 b4   ,.,lK.......i.U.
    0030 - 13 08 c7 c8 ab f9 8a b0-59 10 fc 12 44 ff b2 f6   ........Y...D...
    0040 - 2e 2d b2 be 0d 75 f8 05-37 6a f9 34 52 e7 c7 86   .-...u..7j.4R...
    0050 - de b6 4d a6 25 f6 48 02-20 26 b9 6f b8 ad ce cb   ..M.%.H. &.o....
    0060 - 37 af 4b c3 13 54 ff 56-b8 da b9 df a5 ce 93 d7   7.K..T.V........
    0070 - e0 3f 94 47 e2 00 cb f0-de c2 5d 53 1d f6 65 4f   .?.G......]S..eO
    0080 - b3 fe 21 5a f9 7e 7f 20-83 c1 8f 46 07 46 dc e9   ..!Z.~. ...F.F..
    0090 - eb 72 f9 6a 86 84 dc 90-bd 73 d4 86 3e e8 38 79   .r.j.....s..>.8y
    00a0 - 15 96 6f 07 90 8b 88 6e-a7 72 a9 f8 59 05 d1 c2   ..o....n.r..Y...
    00b0 - ff 2b e2 35 d6 2f c2 d7-3c 1d 20 c2 79 a9 a3 48   .+.5./..<. .y..H
    00c0 - e8 13 f7 6f 3e 99 dd 85-9d ae 7d d5 a4 90 f5 e3   ...o>.....}.....
    00d0 - ea 97 a9 e2 08 5e 37 e9-5c 29 cf 8e d2 81 e5 0c   .....^7.\)......
    00e0 - 11 09 3e c2 66 b6 cf 56-ea e3 0f 85 66 69 44 26   ..>.f..V....fiD&

    Start Time: 1644464565
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: E656039E4364CB22344B9F14E961526DB091BD03CBFA60F0D3F00DCB549A2718
    Session-ID-ctx:
    Resumption PSK: F62A58DE807EBBB616F26FCDD541DDDE6D07A4B9037E77A70E6BE144E08B08B1547BC97197B66D36751EEAE67C987AC4
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 10 13 44 18 a3 7b fc 3d-9e f4 1c f1 96 9d fc fb   ..D..{.=........
    0010 - 9c 4d 89 35 70 e5 0a 9c-5d ee 37 1a 82 aa 98 a7   .M.5p...].7.....
    0020 - 21 e7 18 84 c9 76 cc d0-68 7b 18 34 9c 39 30 9f   !....v..h{.4.90.
    0030 - 73 64 b8 df 70 df 1f 39-c7 84 8f 2c 4e 15 a2 f3   sd..p..9...,N...
    0040 - 29 40 e5 7c 48 3f b0 67-da 63 eb 1b 21 39 70 8a   )@.|H?.g.c..!9p.
    0050 - 4d 99 25 b8 bd c4 29 1e-b6 f3 88 b3 c7 32 ef 6b   M.%...)......2.k
    0060 - 33 f5 cd 36 46 b0 82 8a-a4 6d 3b 37 b1 eb f3 a6   3..6F....m;7....
    0070 - 06 83 7d ec 33 98 ef 77-db 6a d1 56 61 f9 c7 c9   ..}.3..w.j.Va...
    0080 - b6 5d 97 4e 6f db 3d 50-dd 17 3a bb 44 75 f8 be   .].No.=P..:.Du..
    0090 - c5 76 e8 65 46 47 bd 83-78 ab a3 3a ca 59 a1 cf   .v.eFG..x..:.Y..
    00a0 - e0 32 b0 01 25 03 74 f3-33 63 d9 e3 9e 92 1f 0f   .2..%.t.3c......
    00b0 - f7 d6 ae 80 10 53 7c 0f-f1 af 43 72 ed 8d 5a 25   .....S|...Cr..Z%
    00c0 - 32 50 34 ba 86 77 9e f5-8f 3f 15 5c 75 f6 5c b9   2P4..w...?.\u.\.
    00d0 - 00 cc 8c e7 b2 31 9b c9-aa 62 70 70 a4 9b 39 c1   .....1...bpp..9.
    00e0 - a3 f5 7b 0a b8 30 1b 4a-61 78 b8 b0 96 a3 de 25   ..{..0.Jax.....%

    Start Time: 1644464565
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Now the results with Python, after the change to openssl, are what we were looking for! Although we had to adapt the default list, so maybe we need to find a better solution, but if we adapt the defaults list I spoke about earlier, this is our result:

========== Succesfully tested ==========

ecdsap256: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium2: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium3: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium5: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium2_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium3_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
dilithium5_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
falcon512: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
falcon1024: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
picnicl1full: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
picnic3l1: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rainbowIclassic: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rainbowVclassic: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
sphincsharaka128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
sphincssha256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
sphincsshake256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_dilithium2: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_dilithium2: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p384_dilithium3: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p521_dilithium5: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_dilithium2_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_dilithium2_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p384_dilithium3_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p521_dilithium5_aes: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_falcon512: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_falcon512: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p521_falcon1024: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_picnicl1full: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_picnicl1full: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_picnic3l1: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_picnic3l1: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_rainbowIclassic: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_rainbowIclassic: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p521_rainbowVclassic: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_sphincsharaka128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_sphincsharaka128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_sphincssha256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_sphincssha256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
p256_sphincsshake256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277
rsa3072_sphincsshake256128frobust: *,frodo640aes,frodo640shake,frodo976aes,frodo976shake,frodo1344aes,frodo1344shake,kyber512,kyber768,kyber1024,ntru_hps2048509,ntru_hps2048677,ntru_hps4096821,ntru_hps40961229,ntru_hrss701,ntru_hrss1373,lightsaber,saber,firesaber,sidhp434,sidhp503,sidhp610,sidhp751,sikep434,sikep503,sikep610,sikep751,bikel1,bikel3,kyber90s512,kyber90s768,kyber90s1024,hqc128,hqc192,hqc256,ntrulpr653,ntrulpr761,ntrulpr857,ntrulpr1277,sntrup653,sntrup761,sntrup857,sntrup1277,p256_frodo640aes,p256_frodo640shake,p384_frodo976aes,p384_frodo976shake,p521_frodo1344aes,p521_frodo1344shake,p256_kyber512,p384_kyber768,p521_kyber1024,p256_ntru_hps2048509,p384_ntru_hps2048677,p521_ntru_hps4096821,p521_ntru_hps40961229,p384_ntru_hrss701,p521_ntru_hrss1373,p256_lightsaber,p384_saber,p521_firesaber,p256_sidhp434,p256_sidhp503,p384_sidhp610,p521_sidhp751,p256_sikep434,p256_sikep503,p384_sikep610,p521_sikep751,p256_bikel1,p384_bikel3,p256_kyber90s512,p384_kyber90s768,p521_kyber90s1024,p256_hqc128,p384_hqc192,p521_hqc256,p256_ntrulpr653,p256_ntrulpr761,p384_ntrulpr857,p521_ntrulpr1277,p256_sntrup653,p256_sntrup761,p384_sntrup857,p521_sntrup1277

========== Unsuccesfully tested =========
ecdsap256:
rsa3072:
dilithium2:
dilithium3:
dilithium5:
dilithium2_aes:
dilithium3_aes:
dilithium5_aes:
falcon512:
falcon1024:
picnicl1full:
picnic3l1:
rainbowIclassic:
rainbowVclassic:
sphincsharaka128frobust:
sphincssha256128frobust:
sphincsshake256128frobust:
p256_dilithium2:
rsa3072_dilithium2:
p384_dilithium3:
p521_dilithium5:
p256_dilithium2_aes:
rsa3072_dilithium2_aes:
p384_dilithium3_aes:
p521_dilithium5_aes:
p256_falcon512:
rsa3072_falcon512:
p521_falcon1024:
p256_picnicl1full:
rsa3072_picnicl1full:
p256_picnic3l1:
rsa3072_picnic3l1:
p256_rainbowIclassic:
rsa3072_rainbowIclassic:
p521_rainbowVclassic:
p256_sphincsharaka128frobust:
rsa3072_sphincsharaka128frobust:
p256_sphincssha256128frobust:
rsa3072_sphincssha256128frobust:
p256_sphincsshake256128frobust:
rsa3072_sphincsshake256128frobust:

========== Statistics =========
Amount of succesful connections: 3485
Amount of unsuccesful connections: 0

Is there anything else you can think of that I could look at to improve this?

Edit: I added an updated script, with the little counter :):

import json
import sys 
import urllib.request 
import ssl 

good_dict = {}
bad_dict = {}

good_count = 0
bad_count = 0
with open('assignments.json') as json_file:
    algos = json.load(json_file)

sslSettings= ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
sslSettings.verify_mode = ssl.CERT_REQUIRED

sslSettings.load_verify_locations(cafile="CA.crt")

for sig, kexalgos in algos.items():
    print("Testing for Signature Algorithm: " + sig)
    good_dict[sig] = []
    bad_dict[sig] = []
    for kexalgo, port in kexalgos.items():
        try:
            with urllib.request.urlopen('https://test.openquantumsafe.org:' + str(port), context=sslSettings) as response:
                if response.getcode() == 200:
                    good_dict[sig].append(kexalgo)
                    good_count +=1
                    print("Test successful for: " + kexalgo)
                    continue
                bad_dict[sig].append(kexalgo)
                bad_count +=1
                print("Test failed with code " + str(response.getcode()) + " for algo: " + kexalgo)
        except urllib.error.URLError as e:
            bad_dict[sig].append(kexalgo)
            bad_count +=1
            print("Failed for algo:" + kexalgo)
            #print(e)
        except Exception as e:
            bad_dict[sig].append(kexalgo)
            bad_count +=1
            print("General error:" + kexalgo)
            #print(e)
    print("Done testing for: " + sig)

for siggie,algos in good_dict.items():
    print(siggie + ": " + ','.join(algos))
for siggie,algos in bad_dict.items():
    print(siggie + ": " + ','.join(algos))

print("Amount of succesful connections: " + str(good_count))
print("Amount of unsuccesful connections: " + str(bad_count))

[LeShadow]

Since this was for Python 3.10.2, and the Modules/Setup file is slightly different in 3.9.x and 3.8.x, I will try to build those two as well in the coming days!

[baentsch]

@LeShadow Thanks again for keeping up the work. Your results are expected, indeed: The situation where one cannot pass the -groups parameter (i.e., call SSL_CTX_set1_groups_list) is exactly the reason why we introduced the OQS_DEFAULT_GROUPS build option: I assume you used that in your build and did not alter ssl/t1_lib.c as per this:

So a temporary fix for Python would be is to alter ssl/t1_lib.c and to add all other Kex's to the eccurves_default[] list.

(Historical side note: (EC)"curves" were the only entities that could be configured in TLS1.2; with TLS1.3 this changed to the more general "groups" concept (that both EC and OQS use) -- hence the somewhat "overloaded" --but outdated-- term "curves").

Is there anything else you can think of that I could look at to improve this?

Yes, introduce an option to set the specific group to be used: The approach above has the big drawback that openssl always transfers during the handshake the huge list of groups (2 bytes per group) - pretty inefficient. So, a) either introduce by PR to Python-ssl the option to configure the group one wants to use or b) introduce to (oqs-)openssl a more dynamic option to do so, e.g., by environment variable. I think I'll go about "b)" anyway as I have the same issue in another integration case (msquic) where I don't want to submit to a pretty one-sided Microsoft legal document (giving one the "privilege" to contribute code for free to that poor company.... :).

Maybe together we could try "a)", too, as adding this functionality to Python (basically a way to call SSL_CTX_set1_groups_list) does make sense in general, e.g., if a user wants to specifically request more secure key exchange algorithms --classic or quantum-safe.

If I can get it all working, is it something that might be put in the liboqs-demos repo or can I blog about this?

Most definitely. You could do a blog at any venue of your liking (LinkedIn?) and we'll gladly create a back-link to that from www.openquantumsafe.org. I'd definitely (also) invite you to do a PR to the oqs-demos project in which it's shown how such integrations are done and also bring them in the form of an easy-to-use/readily-built docker image: That way the more deeply interested person can learn how to integrate OQS and the not so technically adept person can simply run things. In this case, an OQS-enabled python3 ubuntu image could indeed be pretty interesting to quite some "pythonistas" not overly motivated to compile everything... You might want to have a look at this PR how this can get started.

Second thought: We could introduce the "groups-setting" mechanism (option a above) into this oqs-demos image until upstream Python picks it up.

[LeShadow]

@baentsch

Thank you for your feedback on my findings. Based on your feedback, I would like to propose that a patch is created for Python (with first a focus on version 3.10.2, the first version I got it all working on) where a function is added on SSLContext objects, much like set_ecdh_curve(), one that could bare the name set_group() maybe?

I think this is the most sensible thing to do in this instance, since this would potentially prepare Python already for the arrival of a version of OpenSSL with Quantum Resistant algorithms in the future? If the patch eventually works, this could be a something that can be picked up by upstream Python later on as well.

I can generate the oqs-demos docker images afterwards as well and make a PR to the respective PR.

What do you think? If this path is one you'd agree with (and @dstebila as well?), I'd like to take this on as well :)

[baentsch]

That sounds like a great plan forward. Please let me know if I can be of assistance in some area. Otherwise I'll keep watching out for the PR.

Regarding the "dockerization" please take a look at our examples and create separate README.md (for explaining the general integration & building the docker image) and USAGE.md (explaining how to use the imagem e.g., if there'd be runtime config params): The latter file we then also post on hub.docker.com, e.g., oqs-nginx.

Final comment:

that could bare the name set_group() maybe?

Please consider the name set_tls_groups_list(string), possibly set_tls13_groups_list as that's (a colon-separated list of KEM group names) what the openssl function SSL_CTX_set1_groups_list takes as parameter. Again the suggestion to first implement this API as a python code patch in the docker image before submitting a python upstream PR.

[LeShadow]

@baentsch I will gladly move ahead with this plan!

I'll have a look tomorrow on how this can be accomplished and will let you know of my progress. (I will also create a docker image with the python code patch first before submitting a python upstream PR.

Is this to work in tandem with #352 or separately?

[baentsch]

Is this to work in tandem with https://github.com/open-quantum-safe/openssl/issues/352 or separately?

Both options will work independently: The default group list set via API will rule. If not set(table) via API, #352 will provide a (re)solution.

[baentsch]

@LeShadow FYI, as #352 has landed, if you now re-build (oqs-)openssl, all you need to change in your test code above to successfully exercise all algorithms is if kexalgo != "*": os.environ["TLS_DEFAULT_GROUPS"] = kexalgo (right before the urllib.request.urlopen('https://test.openquantumsafe.org:' + str(port) call). I also tested this successfully with a stock python3 (alpine docker image): Works like a charm, no need to compile python.

[baentsch]

@LeShadow Another FYI, I added the above-mentioned Dockerfile in https://github.com/open-quantum-safe/oqs-demos/tree/mb-python/python: If you want, feel free to build on this to include your python upstream patch. I won't work on this further (or merge to main) as I only used it as a "test bed" for #354 and keep looking forward to your PR as discussed above.

Would you be OK with closing this issue then?

[LeShadow]

@baentsch hey, my apologies, been offline for a little bit due to social obligations!

That sounds great, awesome job on #354 and #352! I am looking forward to build on your work to create the python upstream patch.

Would you like me to open a new issue to track work on the patch for Python, or should I just open a PR/issue when the patch is ready?

[baentsch]

I am looking forward to build on your work to create the python upstream patch. Would you like me to open a new issue to track work on the patch for Python, or should I just open a PR/issue when the patch is ready?

It may be sensible to track this via an issue in oqs-demos pointing to this discussion thread so no context gets lost.