search

open-quantum-safe / openssl

UNSUPPORTED Fork of OpenSSL 1.1.1 that includes prototype quantum-resistant algorithms and ciphersuites based on liboqs PLEASE SWITCH TO OQS-Provider for OpenSSL 3
https://openquantumsafe.org/
Other
286 stars 124 forks source link

How to integrate a new post quantum certificate scheme with oqs-openssl? #421

Closed sandilya761 closed 1 year ago

sandilya761 commented 1 year ago

I am looking for documentation to integrate a new post quantum certificate scheme with oqs-openssl. I found one on integrating a symmetric block cipher with openssl (click here).

I am expecting a similar type of documentation for post quantum certificate schemes.

baentsch commented 1 year ago

oqs-openssl is based on OpenSSL1.1.1 and that code has not been designed for plug-in integration (of all aspects) of new algorithm types. You may want to take a look at https://www.openssl.org/docs/manmaster/man7/provider.html, though: This interface is used by oqs-provider.

Out of curiosity: Which "new PQ cert scheme" are you referring to?

sandilya761 commented 1 year ago

I want to integrate XMSS certificate scheme (not a new one) with openssl. I am referring this paper and I see that authors mentioned in one of the section about the procedure they followed to integrate XMSS scheme.

Hence, I would like to know if there is any standard procedure to integrate new schemes.

baentsch commented 1 year ago

There is a "standard procedure" to integrate algorithms using the liboqsAPIs: See here. In that library in turn there is an ongoing effort to finalize an XMSS implementation. Maybe you'd like to contribute to that? Otherwise I'm afraid the only suggestion I can make is to ask this question in the upstream openssl project.

sandilya761 commented 1 year ago

Thank You!!

sandilya761 commented 1 year ago

I am following this link. Here, we were asked to add the specifications of required variant of signature scheme in the oqs-template/generate.yml file.

All the algorithms are mentioned in the following format (as shown in the image)

image

I would like to know the significance of each parameter especially code_point. Also, I would like to know the values of code_point, oid for XMSS.

baentsch commented 1 year ago

I would like to know the significance of each parameter especially code_point. Also, I would like to know the values of code_point, oid for XMSS.

AFAIK they are not yet firmly specified. See the TLS spec for their meaning, so the values should probably be picked something from the unassigned range(s).

baentsch commented 1 year ago

Closing due to inactivity. Please re-open with new information if needed.