Fixes PQC cert chains (issue #68) (PR #69)

Fixes PQC cert chains (issue 68)

crypto/objects/obj_dat.h

@@ -2289,16 +2289,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
     {"Microsoft", "Microsoft", NID_Microsoft, 7, &so[7761]},
     {"MSRPQC", "MSRPQC", NID_MSRPQC, 9, &so[7768]},
-    {"picnicL1FS", "Picnic L1 FS", NID_picnicL1FS, 11, &so[7777]},
-    {"p256-picnicL1FS", "p256 Picnic L1 FS hybrid", NID_p256_picnicL1FS, 11, &so[7788]},
-    {"rsa3072-picnicL1FS", "rsa3072 Picnic L1 FS hybrid", NID_rsa3072_picnicL1FS, 11, &so[7799]},
-    {"qteslaI", "qTESLA I", NID_qteslaI, 11, &so[7810]},
-    {"p256-qteslaI", "p256 qTESLA I hybrid", NID_p256_qteslaI, 11, &so[7821]},
-    {"rsa3072-qteslaI", "rsa3072 qTESLA I hybrid", NID_rsa3072_qteslaI, 11, &so[7832]},
-    {"qteslaIIIsize", "qTESLA III size", NID_qteslaIIIsize, 11, &so[7843]},
-    {"p384-qteslaIIIsize", "p384 qTESLA III size hybrid", NID_p384_qteslaIIIsize, 11, &so[7854]},
-    {"qteslaIIIspeed", "qTESLA III speed", NID_qteslaIIIspeed, 11, &so[7865]},
-    {"p384-qteslaIIIspeed", "p384 qTESLA III speed hybrid", NID_p384_qteslaIIIspeed, 11, &so[7876]},
+    {"picnicL1FS", "picnicL1FS", NID_picnicL1FS, 11, &so[7777]},
+    {"p256_picnicL1FS", "p256_picnicL1FS", NID_p256_picnicL1FS, 11, &so[7788]},
+    {"rsa3072_picnicL1FS", "rsa3072_picnicL1FS", NID_rsa3072_picnicL1FS, 11, &so[7799]},
+    {"qteslaI", "qteslaI", NID_qteslaI, 11, &so[7810]},
+    {"p256_qteslaI", "p256_qteslaI", NID_p256_qteslaI, 11, &so[7821]},
+    {"rsa3072_qteslaI", "rsa3072_qteslaI", NID_rsa3072_qteslaI, 11, &so[7832]},
+    {"qteslaIIIsize", "qteslaIIIsize", NID_qteslaIIIsize, 11, &so[7843]},
+    {"p384_qteslaIIIsize", "p384_qteslaIIIsize", NID_p384_qteslaIIIsize, 11, &so[7854]},
+    {"qteslaIIIspeed", "qteslaIIIspeed", NID_qteslaIIIspeed, 11, &so[7865]},
+    {"p384_qteslaIIIspeed", "p384_qteslaIIIspeed", NID_p384_qteslaIIIspeed, 11, &so[7876]},
 };
 
 #define NUM_SN 1198
@@ -3177,10 +3177,10 @@ static const unsigned int sn_objs[NUM_SN] = {
     1141,    /* "oscca" */
      475,    /* "otherMailbox" */
      876,    /* "owner" */
-    1198,    /* "p256-picnicL1FS" */
-    1201,    /* "p256-qteslaI" */
-    1204,    /* "p384-qteslaIIIsize" */
-    1206,    /* "p384-qteslaIIIspeed" */
+    1198,    /* "p256_picnicL1FS" */
+    1201,    /* "p256_qteslaI" */
+    1204,    /* "p384_qteslaIIIsize" */
+    1206,    /* "p384_qteslaIIIspeed" */
      489,    /* "pagerTelephoneNumber" */
      374,    /* "path" */
      112,    /* "pbeWithMD5AndCast5CBC" */
@@ -3248,8 +3248,8 @@ static const unsigned int sn_objs[NUM_SN] = {
      877,    /* "roleOccupant" */
      448,    /* "room" */
      463,    /* "roomNumber" */
-    1199,    /* "rsa3072-picnicL1FS" */
-    1202,    /* "rsa3072-qteslaI" */
+    1199,    /* "rsa3072_picnicL1FS" */
+    1202,    /* "rsa3072_qteslaI" */
        6,    /* "rsaEncryption" */
      644,    /* "rsaOAEPEncryptionSET" */
      377,    /* "rsaSignature" */
@@ -3648,7 +3648,6 @@ static const unsigned int ln_objs[NUM_LN] = {
     1032,    /* "PKINIT Client Auth" */
      127,    /* "PKIX" */
      858,    /* "Permanent Identifier" */
-    1197,    /* "Picnic L1 FS" */
      164,    /* "Policy Qualifier CPS" */
      165,    /* "Policy Qualifier User Notice" */
      385,    /* "Private" */
@@ -4353,10 +4352,10 @@ static const unsigned int ln_objs[NUM_LN] = {
     1141,    /* "oscca" */
      475,    /* "otherMailbox" */
      876,    /* "owner" */
-    1198,    /* "p256 Picnic L1 FS hybrid" */
-    1201,    /* "p256 qTESLA I hybrid" */
-    1204,    /* "p384 qTESLA III size hybrid" */
-    1206,    /* "p384 qTESLA III speed hybrid" */
+    1198,    /* "p256_picnicL1FS" */
+    1201,    /* "p256_qteslaI" */
+    1204,    /* "p384_qteslaIIIsize" */
+    1206,    /* "p384_qteslaIIIspeed" */
      935,    /* "pSpecified" */
      489,    /* "pagerTelephoneNumber" */
      782,    /* "password based MAC" */
@@ -4379,6 +4378,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      487,    /* "personalTitle" */
      464,    /* "photo" */
      863,    /* "physicalDeliveryOfficeName" */
+    1197,    /* "picnicL1FS" */
      437,    /* "pilot" */
      439,    /* "pilotAttributeSyntax" */
      438,    /* "pilotAttributeType" */
@@ -4419,10 +4419,10 @@ static const unsigned int ln_objs[NUM_LN] = {
      886,    /* "protocolInformation" */
      510,    /* "pseudonym" */
      435,    /* "pss" */
-    1200,    /* "qTESLA I" */
-    1203,    /* "qTESLA III size" */
-    1205,    /* "qTESLA III speed" */
      286,    /* "qcStatements" */
+    1200,    /* "qteslaI" */
+    1203,    /* "qteslaIIIsize" */
+    1205,    /* "qteslaIIIspeed" */
      457,    /* "qualityLabelledData" */
      450,    /* "rFC822localPart" */
       98,    /* "rc2-40-cbc" */
@@ -4447,8 +4447,8 @@ static const unsigned int ln_objs[NUM_LN] = {
      448,    /* "room" */
      463,    /* "roomNumber" */
       19,    /* "rsa" */
-    1199,    /* "rsa3072 Picnic L1 FS hybrid" */
-    1202,    /* "rsa3072 qTESLA I hybrid" */
+    1199,    /* "rsa3072_picnicL1FS" */
+    1202,    /* "rsa3072_qteslaI" */
        6,    /* "rsaEncryption" */
      644,    /* "rsaOAEPEncryptionSET" */
      377,    /* "rsaSignature" */

crypto/objects/obj_xref.h

@@ -79,6 +79,16 @@ static const nid_triple sigoid_srt[] = {
     {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
     {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
     {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
+    {NID_picnicL1FS, NID_undef, NID_picnicL1FS},
+    {NID_p256_picnicL1FS, NID_undef, NID_p256_picnicL1FS},
+    {NID_rsa3072_picnicL1FS, NID_undef, NID_rsa3072_picnicL1FS},
+    {NID_qteslaI, NID_undef, NID_qteslaI},
+    {NID_p256_qteslaI, NID_undef, NID_p256_qteslaI},
+    {NID_rsa3072_qteslaI, NID_undef, NID_rsa3072_qteslaI},
+    {NID_qteslaIIIsize, NID_undef, NID_qteslaIIIsize},
+    {NID_p384_qteslaIIIsize, NID_undef, NID_p384_qteslaIIIsize},
+    {NID_qteslaIIIspeed, NID_undef, NID_qteslaIIIspeed},
+    {NID_p384_qteslaIIIspeed, NID_undef, NID_p384_qteslaIIIspeed},
 };
 
 static const nid_triple *const sigoid_srt_xref[] = {

crypto/objects/obj_xref.txt

@@ -23,6 +23,19 @@ RSA_SHA3_512		sha3_512 rsaEncryption
 rsassaPss		undef	rsaEncryption
 ED25519		    undef	ED25519
 ED448		    undef	ED448
+# OQS signature schemes
+picnicL1FS          undef     picnicL1FS
+p256_picnicL1FS     undef     p256_picnicL1FS
+rsa3072_picnicL1FS  undef     rsa3072_picnicL1FS
+qteslaI             undef     qteslaI
+p256_qteslaI        undef     p256_qteslaI
+rsa3072_qteslaI     undef     rsa3072_qteslaI
+qteslaIIIsize       undef     qteslaIIIsize
+p384_qteslaIIIsize  undef     p384_qteslaIIIsize
+qteslaIIIspeed      undef     qteslaIIIspeed
+p384_qteslaIIIspeed undef     p384_qteslaIIIspeed
+# ADD_MORE_OQS_SIG_HERE
+
 
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.

crypto/objects/objects.txt

@@ -1680,13 +1680,13 @@ dstu4145le 2 9 : uacurve9 : DSTU curve 9
 # iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) Microsoft(311) MSRCrypto (89)
 identified-organization 6 1 4 1 311 : Microsoft
 Microsoft 89 2                      : MSRPQC
-MSRPQC 1 1                          : picnicL1FS : Picnic L1 FS
-MSRPQC 1 2                          : p256-picnicL1FS : p256 Picnic L1 FS hybrid
-MSRPQC 1 3                          : rsa3072-picnicL1FS : rsa3072 Picnic L1 FS hybrid
-MSRPQC 2 1                          : qteslaI : qTESLA I
-MSRPQC 2 2                          : p256-qteslaI : p256 qTESLA I hybrid
-MSRPQC 2 3                          : rsa3072-qteslaI : rsa3072 qTESLA I hybrid
-MSRPQC 2 4                          : qteslaIIIsize : qTESLA III size
-MSRPQC 2 5                          : p384-qteslaIIIsize : p384 qTESLA III size hybrid
-MSRPQC 2 6                          : qteslaIIIspeed : qTESLA III speed
-MSRPQC 2 7                          : p384-qteslaIIIspeed : p384 qTESLA III speed hybrid
+MSRPQC 1 1                          : picnicL1FS : picnicL1FS
+MSRPQC 1 2                          : p256_picnicL1FS : p256_picnicL1FS
+MSRPQC 1 3                          : rsa3072_picnicL1FS : rsa3072_picnicL1FS
+MSRPQC 2 1                          : qteslaI : qteslaI
+MSRPQC 2 2                          : p256_qteslaI : p256_qteslaI
+MSRPQC 2 3                          : rsa3072_qteslaI : rsa3072_qteslaI
+MSRPQC 2 4                          : qteslaIIIsize : qteslaIIIsize
+MSRPQC 2 5                          : p384_qteslaIIIsize : p384_qteslaIIIsize
+MSRPQC 2 6                          : qteslaIIIspeed : qteslaIIIspeed
+MSRPQC 2 7                          : p384_qteslaIIIspeed : p384_qteslaIIIspeed

include/openssl/obj_mac.h

@@ -5206,51 +5206,51 @@
 #define OBJ_MSRPQC              OBJ_Microsoft,89L,2L
 
 #define SN_picnicL1FS           "picnicL1FS"
-#define LN_picnicL1FS           "Picnic L1 FS"
+#define LN_picnicL1FS           "picnicL1FS"
 #define NID_picnicL1FS          1197
 #define OBJ_picnicL1FS          OBJ_MSRPQC,1L,1L
 
-#define SN_p256_picnicL1FS              "p256-picnicL1FS"
-#define LN_p256_picnicL1FS              "p256 Picnic L1 FS hybrid"
+#define SN_p256_picnicL1FS              "p256_picnicL1FS"
+#define LN_p256_picnicL1FS              "p256_picnicL1FS"
 #define NID_p256_picnicL1FS             1198
 #define OBJ_p256_picnicL1FS             OBJ_MSRPQC,1L,2L
 
-#define SN_rsa3072_picnicL1FS           "rsa3072-picnicL1FS"
-#define LN_rsa3072_picnicL1FS           "rsa3072 Picnic L1 FS hybrid"
+#define SN_rsa3072_picnicL1FS           "rsa3072_picnicL1FS"
+#define LN_rsa3072_picnicL1FS           "rsa3072_picnicL1FS"
 #define NID_rsa3072_picnicL1FS          1199
 #define OBJ_rsa3072_picnicL1FS          OBJ_MSRPQC,1L,3L
 
 #define SN_qteslaI              "qteslaI"
-#define LN_qteslaI              "qTESLA I"
+#define LN_qteslaI              "qteslaI"
 #define NID_qteslaI             1200
 #define OBJ_qteslaI             OBJ_MSRPQC,2L,1L
 
-#define SN_p256_qteslaI         "p256-qteslaI"
-#define LN_p256_qteslaI         "p256 qTESLA I hybrid"
+#define SN_p256_qteslaI         "p256_qteslaI"
+#define LN_p256_qteslaI         "p256_qteslaI"
 #define NID_p256_qteslaI                1201
 #define OBJ_p256_qteslaI                OBJ_MSRPQC,2L,2L
 
-#define SN_rsa3072_qteslaI              "rsa3072-qteslaI"
-#define LN_rsa3072_qteslaI              "rsa3072 qTESLA I hybrid"
+#define SN_rsa3072_qteslaI              "rsa3072_qteslaI"
+#define LN_rsa3072_qteslaI              "rsa3072_qteslaI"
 #define NID_rsa3072_qteslaI             1202
 #define OBJ_rsa3072_qteslaI             OBJ_MSRPQC,2L,3L
 
 #define SN_qteslaIIIsize                "qteslaIIIsize"
-#define LN_qteslaIIIsize                "qTESLA III size"
+#define LN_qteslaIIIsize                "qteslaIIIsize"
 #define NID_qteslaIIIsize               1203
 #define OBJ_qteslaIIIsize               OBJ_MSRPQC,2L,4L
 
-#define SN_p384_qteslaIIIsize           "p384-qteslaIIIsize"
-#define LN_p384_qteslaIIIsize           "p384 qTESLA III size hybrid"
+#define SN_p384_qteslaIIIsize           "p384_qteslaIIIsize"
+#define LN_p384_qteslaIIIsize           "p384_qteslaIIIsize"
 #define NID_p384_qteslaIIIsize          1204
 #define OBJ_p384_qteslaIIIsize          OBJ_MSRPQC,2L,5L
 
 #define SN_qteslaIIIspeed               "qteslaIIIspeed"
-#define LN_qteslaIIIspeed               "qTESLA III speed"
+#define LN_qteslaIIIspeed               "qteslaIIIspeed"
 #define NID_qteslaIIIspeed              1205
 #define OBJ_qteslaIIIspeed              OBJ_MSRPQC,2L,6L
 
-#define SN_p384_qteslaIIIspeed          "p384-qteslaIIIspeed"
-#define LN_p384_qteslaIIIspeed          "p384 qTESLA III speed hybrid"
+#define SN_p384_qteslaIIIspeed          "p384_qteslaIIIspeed"
+#define LN_p384_qteslaIIIspeed          "p384_qteslaIIIspeed"
 #define NID_p384_qteslaIIIspeed         1206
 #define OBJ_p384_qteslaIIIspeed         OBJ_MSRPQC,2L,7L