enable arbitrary p and x hybrids (#177)

* enable arbitrary p and x hybrids

* tested cloudflare config (weak classic hybrid) OK

.gitignore

@@ -1,5 +1,6 @@
 # checked out OSSL variants
 openssl*/* 
+openssl
 # checked out liboqs
 liboqs
 # installed SW

ALGORITHMS.md

@@ -10,49 +10,50 @@ As standardization for these algorithms within TLS is not done, all TLS code poi
 # Code points / algorithm IDs
 
 <!--- OQS_TEMPLATE_FRAGMENT_IDS_START -->
-
 |Algorithm name | default ID | enabled | environment variable |
 |---------------|:----------:|:-------:|----------------------|
-| frodo640aes | 0x0200 | Yes | OQS_CODEPOINT_FRODO640AES 
-| p256_frodo640aes | 0x2F00 | Yes | OQS_CODEPOINT_P256_FRODO640AES
-| x25519_frodo640aes | 0x2F80 | Yes | OQS_CODEPOINT_X25519_FRODO640AES
-| frodo640shake | 0x0201 | Yes | OQS_CODEPOINT_FRODO640SHAKE 
-| p256_frodo640shake | 0x2F01 | Yes | OQS_CODEPOINT_P256_FRODO640SHAKE
-| x25519_frodo640shake | 0x2F81 | Yes | OQS_CODEPOINT_X25519_FRODO640SHAKE
-| frodo976aes | 0x0202 | Yes | OQS_CODEPOINT_FRODO976AES 
-| p384_frodo976aes | 0x2F02 | Yes | OQS_CODEPOINT_P384_FRODO976AES
-| x448_frodo976aes | 0x2F82 | Yes | OQS_CODEPOINT_X448_FRODO976AES
-| frodo976shake | 0x0203 | Yes | OQS_CODEPOINT_FRODO976SHAKE 
-| p384_frodo976shake | 0x2F03 | Yes | OQS_CODEPOINT_P384_FRODO976SHAKE
-| x448_frodo976shake | 0x2F83 | Yes | OQS_CODEPOINT_X448_FRODO976SHAKE
-| frodo1344aes | 0x0204 | Yes | OQS_CODEPOINT_FRODO1344AES 
-| p521_frodo1344aes | 0x2F04 | Yes | OQS_CODEPOINT_P521_FRODO1344AES
-| frodo1344shake | 0x0205 | Yes | OQS_CODEPOINT_FRODO1344SHAKE 
-| p521_frodo1344shake | 0x2F05 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE
-| kyber512 | 0x023A | Yes | OQS_CODEPOINT_KYBER512 
-| p256_kyber512 | 0x2F3A | Yes | OQS_CODEPOINT_P256_KYBER512
-| x25519_kyber512 | 0x2F39 | Yes | OQS_CODEPOINT_X25519_KYBER512
-| kyber768 | 0x023C | Yes | OQS_CODEPOINT_KYBER768 
-| p384_kyber768 | 0x2F3C | Yes | OQS_CODEPOINT_P384_KYBER768
-| x448_kyber768 | 0x2F90 | Yes | OQS_CODEPOINT_X448_KYBER768
-| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 
-| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024
-| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 
-| p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1
-| x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1
-| bikel3 | 0x0242 | Yes | OQS_CODEPOINT_BIKEL3 
-| p384_bikel3 | 0x2F42 | Yes | OQS_CODEPOINT_P384_BIKEL3
-| x448_bikel3 | 0x2FAF | Yes | OQS_CODEPOINT_X448_BIKEL3
-| bikel5 | 0x0243 | Yes | OQS_CODEPOINT_BIKEL5 
-| p521_bikel5 | 0x2F43 | Yes | OQS_CODEPOINT_P521_BIKEL5
-| hqc128 | 0x022C | Yes | OQS_CODEPOINT_HQC128 
-| p256_hqc128 | 0x2F2C | Yes | OQS_CODEPOINT_P256_HQC128
-| x25519_hqc128 | 0x2FAC | Yes | OQS_CODEPOINT_X25519_HQC128
-| hqc192 | 0x022D | Yes | OQS_CODEPOINT_HQC192 
-| p384_hqc192 | 0x2F2D | Yes | OQS_CODEPOINT_P384_HQC192
-| x448_hqc192 | 0x2FAD | Yes | OQS_CODEPOINT_X448_HQC192
-| hqc256 | 0x022E | Yes | OQS_CODEPOINT_HQC256 
-| p521_hqc256 | 0x2F2E | Yes | OQS_CODEPOINT_P521_HQC256
+| frodo640aes | 0x0200 | Yes | OQS_CODEPOINT_FRODO640AES |
+| p256_frodo640aes | 0x2F00 | Yes | OQS_CODEPOINT_P256_FRODO640AES |
+| x25519_frodo640aes | 0x2F80 | Yes | OQS_CODEPOINT_X25519_FRODO640AES |
+| frodo640shake | 0x0201 | Yes | OQS_CODEPOINT_FRODO640SHAKE |
+| p256_frodo640shake | 0x2F01 | Yes | OQS_CODEPOINT_P256_FRODO640SHAKE |
+| x25519_frodo640shake | 0x2F81 | Yes | OQS_CODEPOINT_X25519_FRODO640SHAKE |
+| frodo976aes | 0x0202 | Yes | OQS_CODEPOINT_FRODO976AES |
+| p384_frodo976aes | 0x2F02 | Yes | OQS_CODEPOINT_P384_FRODO976AES |
+| x448_frodo976aes | 0x2F82 | Yes | OQS_CODEPOINT_X448_FRODO976AES |
+| frodo976shake | 0x0203 | Yes | OQS_CODEPOINT_FRODO976SHAKE |
+| p384_frodo976shake | 0x2F03 | Yes | OQS_CODEPOINT_P384_FRODO976SHAKE |
+| x448_frodo976shake | 0x2F83 | Yes | OQS_CODEPOINT_X448_FRODO976SHAKE |
+| frodo1344aes | 0x0204 | Yes | OQS_CODEPOINT_FRODO1344AES |
+| p521_frodo1344aes | 0x2F04 | Yes | OQS_CODEPOINT_P521_FRODO1344AES |
+| frodo1344shake | 0x0205 | Yes | OQS_CODEPOINT_FRODO1344SHAKE |
+| p521_frodo1344shake | 0x2F05 | Yes | OQS_CODEPOINT_P521_FRODO1344SHAKE |
+| kyber512 | 0x023A | Yes | OQS_CODEPOINT_KYBER512 |
+| p256_kyber512 | 0x2F3A | Yes | OQS_CODEPOINT_P256_KYBER512 |
+| x25519_kyber512 | 0x2F39 | Yes | OQS_CODEPOINT_X25519_KYBER512 |
+| kyber768 | 0x023C | Yes | OQS_CODEPOINT_KYBER768 |
+| p384_kyber768 | 0x2F3C | Yes | OQS_CODEPOINT_P384_KYBER768 |
+| x448_kyber768 | 0x2F90 | Yes | OQS_CODEPOINT_X448_KYBER768 |
+| x25519_kyber768 | 25497 | Yes | OQS_CODEPOINT_X25519_KYBER768 |
+| p256_kyber768 | 25498 | Yes | OQS_CODEPOINT_P256_KYBER768 |
+| kyber1024 | 0x023D | Yes | OQS_CODEPOINT_KYBER1024 |
+| p521_kyber1024 | 0x2F3D | Yes | OQS_CODEPOINT_P521_KYBER1024 |
+| bikel1 | 0x0241 | Yes | OQS_CODEPOINT_BIKEL1 |
+| p256_bikel1 | 0x2F41 | Yes | OQS_CODEPOINT_P256_BIKEL1 |
+| x25519_bikel1 | 0x2FAE | Yes | OQS_CODEPOINT_X25519_BIKEL1 |
+| bikel3 | 0x0242 | Yes | OQS_CODEPOINT_BIKEL3 |
+| p384_bikel3 | 0x2F42 | Yes | OQS_CODEPOINT_P384_BIKEL3 |
+| x448_bikel3 | 0x2FAF | Yes | OQS_CODEPOINT_X448_BIKEL3 |
+| bikel5 | 0x0243 | Yes | OQS_CODEPOINT_BIKEL5 |
+| p521_bikel5 | 0x2F43 | Yes | OQS_CODEPOINT_P521_BIKEL5 |
+| hqc128 | 0x022C | Yes | OQS_CODEPOINT_HQC128 |
+| p256_hqc128 | 0x2F2C | Yes | OQS_CODEPOINT_P256_HQC128 |
+| x25519_hqc128 | 0x2FAC | Yes | OQS_CODEPOINT_X25519_HQC128 |
+| hqc192 | 0x022D | Yes | OQS_CODEPOINT_HQC192 |
+| p384_hqc192 | 0x2F2D | Yes | OQS_CODEPOINT_P384_HQC192 |
+| x448_hqc192 | 0x2FAD | Yes | OQS_CODEPOINT_X448_HQC192 |
+| hqc256 | 0x022E | Yes | OQS_CODEPOINT_HQC256 |
+| p521_hqc256 | 0x2F2E | Yes | OQS_CODEPOINT_P521_HQC256 |
 | dilithium2 | 0xfea0 |Yes| OQS_CODEPOINT_DILITHIUM2
 | p256_dilithium2 | 0xfea1 |Yes| OQS_CODEPOINT_P256_DILITHIUM2
 | rsa3072_dilithium2 | 0xfea2 |Yes| OQS_CODEPOINT_RSA3072_DILITHIUM2
@@ -194,4 +195,4 @@ By setting `OQS_ENCODING_<ALGORITHM>_ALGNAME` environment variables, the corresp
 
 If no environment variable is set, or if an unknown value is set, the default is 'no' encoding, meaning that key serialization uses the 'raw' keys of the crypto implementations. If unknown values are set as environment variables, a run-time error will be raised.
 
-The test script `scripts/runtests_encodings.sh` (instead of `scripts/runtests.sh`) can be used for a test run with all supported encodings activated.
+The test script `scripts/runtests_encodings.sh` (instead of `scripts/runtests.sh`) can be used for a test run with all supported encodings activated.

README.md

@@ -21,7 +21,7 @@ Status
 Currently this provider fully enables quantum-safe cryptography for KEM
 key establishment in TLS1.3 including management of such keys via the
 OpenSSL (3.0) provider interface and hybrid KEM schemes. Also, QSC
-signatures including CMS functionality are available via the OpenSSL
+signatures including CMS and CMP functionality are available via the OpenSSL
 EVP interface. Key persistence is provided via the encode/decode
 mechanism and X.509 data structures. Also available is support for 
 TLS1.3 signature functionality via the [OpenSSL3 fetchable signature
@@ -33,15 +33,15 @@ Algorithms
 This implementation makes available the following quantum safe algorithms:
 
 <!--- OQS_TEMPLATE_FRAGMENT_ALGS_START -->
-- **BIKE**: `bikel1`, `bikel3`, `bikel5`
-- **CRYSTALS-Kyber**: `kyber512`, `kyber768`, `kyber1024`
-- **FrodoKEM**: `frodo640aes`, `frodo640shake`, `frodo976aes`, `frodo976shake`, `frodo1344aes`, `frodo1344shake`
-- **HQC**: `hqc128`, `hqc192`, `hqc256`†
-- **CRYSTALS-Dilithium**:`dilithium2`\*, `dilithium3`\*, `dilithium5`\*
-- **Falcon**:`falcon512`\*, `falcon1024`\*
+- **BIKE**: `bikel1`, `p256_bikel1`, `x25519_bikel1`, `bikel3`, `p384_bikel3`, `x448_bikel3`, `bikel5`, `p521_bikel5`
+- **CRYSTALS-Kyber**: `kyber512`, `p256_kyber512`, `x25519_kyber512`, `kyber768`, `p384_kyber768`, `x448_kyber768`, `x25519_kyber768`, `p256_kyber768`, `kyber1024`, `p521_kyber1024`
+- **FrodoKEM**: `frodo640aes`, `p256_frodo640aes`, `x25519_frodo640aes`, `frodo640shake`, `p256_frodo640shake`, `x25519_frodo640shake`, `frodo976aes`, `p384_frodo976aes`, `x448_frodo976aes`, `frodo976shake`, `p384_frodo976shake`, `x448_frodo976shake`, `frodo1344aes`, `p521_frodo1344aes`, `frodo1344shake`, `p521_frodo1344shake`
+- **HQC**: `hqc128`, `p256_hqc128`, `x25519_hqc128`, `hqc192`, `p384_hqc192`, `x448_hqc192`, `hqc256`, `p521_hqc256`†
+- **CRYSTALS-Dilithium**:`dilithium2`\*, `p256_dilithium2`\*, `rsa3072_dilithium2`\*, `dilithium3`\*, `p384_dilithium3`\*, `dilithium5`\*, `p521_dilithium5`\*
+- **Falcon**:`falcon512`\*, `p256_falcon512`\*, `rsa3072_falcon512`\*, `falcon1024`\*, `p521_falcon1024`\*
 
-- **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `sphincssha2256fsimple`, `sphincssha2256ssimple`
-- **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `sphincsshake192fsimple`, `sphincsshake192ssimple`, `sphincsshake256fsimple`, `sphincsshake256ssimple`
+- **SPHINCS-SHA2**:`sphincssha2128fsimple`\*, `p256_sphincssha2128fsimple`\*, `rsa3072_sphincssha2128fsimple`\*, `sphincssha2128ssimple`\*, `p256_sphincssha2128ssimple`\*, `rsa3072_sphincssha2128ssimple`\*, `sphincssha2192fsimple`\*, `p384_sphincssha2192fsimple`\*, `sphincssha2192ssimple`, `p384_sphincssha2192ssimple`, `sphincssha2256fsimple`, `p521_sphincssha2256fsimple`, `sphincssha2256ssimple`, `p521_sphincssha2256ssimple`
+- **SPHINCS-SHAKE**:`sphincsshake128fsimple`\*, `p256_sphincsshake128fsimple`\*, `rsa3072_sphincsshake128fsimple`\*, `sphincsshake128ssimple`, `p256_sphincsshake128ssimple`, `rsa3072_sphincsshake128ssimple`, `sphincsshake192fsimple`, `p384_sphincsshake192fsimple`, `sphincsshake192ssimple`, `p384_sphincsshake192ssimple`, `sphincsshake256fsimple`, `p521_sphincsshake256fsimple`, `sphincsshake256ssimple`, `p521_sphincsshake256ssimple`
 
 <!--- OQS_TEMPLATE_FRAGMENT_ALGS_END -->
 
@@ -57,23 +57,24 @@ TLS operations. This designation can be changed by modifying the
 "enabled" flags in the main [algorithm configuration file](oqs-template/generate.yml)
 and re-running the generator script `python3 oqs-template/generate.py`.
 
+It is possible to select only algorithms of a specific bit strength by using
+the openssl property selection mechanism on the key "oqsprovider.security_bits",
+e.g., as such: `openssl list -kem-algorithms -propquery oqsprovider.security_bits=256`.
+The bit strength of hybrid algorithms is always defined by the bit strength
+of the classic algorithm.
+
 In order to enable parallel use of classic and quantum-safe cryptography 
 this provider also provides different hybrid algorithms, combining classic
-and quantum-safe methods at their respective bit strength:
-
-- if `<KEX>` claims NIST L1 or L2 security, oqs-provider provides the methods `p256_<KEX>` and `x25519_<KEX>`, which combines `<KEX>` with EC curve p256 and X25519, respectively.
-- if `<KEX>` claims NIST L3 or L4 security, oqs-provider provides the methods `p384_<KEX>` and `x448_<KEX>`, which combines `<KEX>` with EC curve p384 and X448, respectively.
-- if `<KEX>` claims NIST L5 security, oqs-provider provides the method `p521_<KEX>`, which combines `<KEX>` with EC curve p521.
-
-For example, since `kyber768` [claims NIST L3 security](https://github.com/open-quantum-safe/liboqs/blob/main/docs/algorithms/kem/kyber.md), the hybrids `x448_kyber768` and `p384_kyber768` are available.
+and quantum-safe methods: These are listed above with a prefix denoting a
+classic algorithm, e.g., for elliptic curve: "p256_".
 
 A full list of algorithms, their interoperability code points and OIDs as well
 as a method to dynamically adapt them are documented in [ALGORITHMS.md](ALGORITHMS.md).
 
 *Note:* `oqsprovider` depends for TLS session setup and hybrid operations
 on OpenSSL providers for classic crypto operations. Therefore it is essential
 that a provider such as `default` or `fips` is configured to be active. See
-`tests/oqs.cnf` for an example.
+`tests/oqs.cnf` or `scripts/openssl-ca.cnf` for examples.
 
 Building and testing -- Quick start
 -----------------------------------

oqs-template/ALGORITHMS.md/ids.fragment

@@ -1,23 +1,11 @@
-{% macro ecx_name(bits) -%}
-{%- if bits == 128 -%} x25519 {%- endif -%}
-{%- if bits == 192 -%} x448 {%- endif -%}
-{%- if bits == 256 -%} {%- print("Impossible bit setting for ECX hybrid") -%} {%- endif -%}
-{%- endmacro -%}
-
-{% macro ecp_name(bits) -%}
-{%- if bits == 128 -%} p256 {%- endif -%}
-{%- if bits == 192 -%} p384 {%- endif -%}
-{%- if bits == 256 -%} p521 {%- endif -%}
-{%- endmacro %}
 
 |Algorithm name | default ID | enabled | environment variable |
 |---------------|:----------:|:-------:|----------------------|
 {%- for kem in config['kems']  %}
-| {{ kem['name_group'] }} | {{ kem['nid'] }} | Yes | OQS_CODEPOINT_{{ kem['name_group']|upper }} 
-| {{ ecp_name(kem['bit_security']) }}_{{ kem['name_group'] }} | {{ kem['nid_hybrid'] }} | Yes | OQS_CODEPOINT_{{ ecp_name(kem['bit_security'])|upper }}_{{ kem['name_group']|upper }}
-{%- if 'nid_ecx_hybrid' in kem %}
-| {{ ecx_name(kem['bit_security']) }}_{{ kem['name_group'] }} | {{ kem['nid_ecx_hybrid'] }} | Yes | OQS_CODEPOINT_{{ ecx_name(kem['bit_security'])|upper }}_{{ kem['name_group']|upper }}
-{%- endif -%}
+| {{ kem['name_group'] }} | {{ kem['nid'] }} | Yes | OQS_CODEPOINT_{{ kem['name_group']|upper }} |
+{%- for hybrid in kem['hybrids'] %}
+| {{ hybrid['hybrid_group'] }}_{{ kem['name_group'] }} | {{ hybrid['nid'] }} | Yes | OQS_CODEPOINT_{{ hybrid['hybrid_group']|upper }}_{{ kem['name_group']|upper }} |
+{%- endfor %}
 {%- endfor %}
 {%- for sig in config['sigs'] %}
    {%- for variant in sig['variants'] %}

oqs-template/README.md/algs.fragment

@@ -1,12 +1,13 @@
 {%- for family, kems in config['kems'] | groupby('family') %}
-- **{{ family }}**: {% for kem in kems -%} `{{ kem['name_group'] }}` {%- if not loop.last %}, {% endif -%}{%- if loop.last and family == 'HQC' -%}†{%- endif -%}{%- endfor -%}
+- **{{ family }}**: {% for kem in kems -%} `{{ kem['name_group'] }}` {%- for hybrid in kem['hybrids'] -%}, `{{ hybrid['hybrid_group']}}_{{ kem['name_group'] }}`{%- endfor -%}{%- if not loop.last %}, {% endif -%}{%- if loop.last and family == 'HQC' -%}†{%- endif -%}{%- endfor -%}
 {%- endfor %}
 {%- for sig in config['sigs'] %}
 {% if sig['variants']|length > 0 -%}
 - **{{ sig['family'] }}**:
     {%- for variant in sig['variants'] -%}
 `{{ variant['name'] }}`
 {%- if variant['enable'] -%} \* {%- endif -%}
+{%- for classical_alg in variant['mix_with'] -%} , `{{ classical_alg['name']}}_{{ variant['name'] }}`{%- if variant['enable'] -%} \*  {%- endif -%}{%- endfor -%}
 {%- if not loop.last %}, {% endif -%}
     {%- endfor -%}
 {%- endif -%}

oqs-template/generate.py

@@ -97,6 +97,22 @@ def complete_config(config):
           print("Cannot find security level for {:s} {:s}".format(kem['family'], kem['name_group']))
           exit(1)
       kem['bit_security'] = bits_level
+
+      # now add hybrid_nid to hybrid_groups
+      phyb = {}
+      if (bits_level == 128):
+          phyb['hybrid_group']='p256'
+      elif (bits_level == 192):
+          phyb['hybrid_group']='p384'
+      elif (bits_level == 256):
+          phyb['hybrid_group']='p521'
+      else:
+          print("Warning: Unknown bit level for %s. Cannot assign hybrid." % (kem['group_name']))
+          exit(1)
+      phyb['bit_security']=bits_level
+      phyb['nid']=kem['nid_hybrid']
+      kem['hybrids'].insert(0, phyb)
+
    for famsig in config['sigs']:
       for sig in famsig['variants']:
          bits_level = nist_to_bits(get_sig_nistlevel(famsig, sig))
@@ -176,21 +192,33 @@ def load_config(include_disabled_sigs=False):
         sig['variants']=newvars
 
     for kem in config['kems']:
+        kem['hybrids'] = []
         try:
             for extra_nid_current in kem['extra_nids']['current']:
+                extra_hybrid = extra_nid_current
+                if extra_nid_current['hybrid_group'] == "x25519" or extra_nid_current['hybrid_group'] == "p256":
+                   extra_hybrid['bit_security']=128
+                if extra_nid_current['hybrid_group'] == "x448" or extra_nid_current['hybrid_group'] == "p384":
+                   extra_hybrid['bit_security']=192
+                if extra_nid_current['hybrid_group'] == "p521":
+                   extra_hybrid['bit_security']=256
+                kem['hybrids'].append(extra_hybrid)
                 if 'hybrid_group' in extra_nid_current and extra_nid_current['hybrid_group'] in ["x25519", "x448"]:
                     extra_hyb_nid = extra_nid_current['nid']
                     if 'nid_ecx_hybrid' in kem:
                         print("Warning, duplicate nid_ecx_hybrid for",
                               kem['name_group'], ":", extra_hyb_nid, "in generate.yml,",
                               kem['nid_ecx_hybrid'], "in generate_extras.yml, using generate.yml entry.")
                     kem['nid_ecx_hybrid'] = extra_hyb_nid
-                    break
-        except:
+        except KeyError as ke:
             pass
     return config
 
-config = load_config()
+# extend config with "hybrid_groups" array:
+config = load_config() # extend config with "hybrid_groups" array
+
+# complete config with "bit_security" and "hybrid_group from 
+# nid_hybrid information
 config = complete_config(config)
 
 

oqs-template/generate.yml

@@ -112,6 +112,10 @@ kems:
       current:
         - hybrid_group: "x448"
           nid: '0x2F90'
+        - hybrid_group: "x25519"
+          nid: '25497'
+        - hybrid_group: "p256"
+          nid: '25498'
       old:
         - implementation_version: NIST Round 2 submission
           nist-round: 2

oqs-template/oqs-kem-info.md

@@ -43,6 +43,8 @@
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber768       |            3 |                    3 | 0x023C       |                                  |
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber768       |            3 |                    3 | 0x2F3C       | secp384_r1                       |
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber768       |            3 |                    3 | 0x2F90       | x448                             |
+| CRYSTALS-Kyber | NIST Round 3 submission  | kyber768       |            3 |                    3 | 25497        | x25519                           |
+| CRYSTALS-Kyber | NIST Round 3 submission  | kyber768       |            3 |                    3 | 25498        | p256                             |
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber90s1024   |            3 |                    5 | 0x0240       |                                  |
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber90s1024   |            3 |                    5 | 0x2F40       | secp521_r1                       |
 | CRYSTALS-Kyber | NIST Round 3 submission  | kyber90s512    |            3 |                    1 | 0x023E       |                                  |

oqs-template/oqsprov/oqs_kmgmt.c/keymgmt_functions.fragment

@@ -8,5 +8,12 @@ MAKE_SIG_KEYMGMT_FUNCTIONS({{ classical_alg['name'] }}_{{variant['name']}})
 {%- endfor %}
 {% for kem in config['kems'] %}
 MAKE_KEM_KEYMGMT_FUNCTIONS({{kem['name_group']}}, {{kem['oqs_alg']}}, {{kem['bit_security']}})
+{% for hybrid in kem['hybrids'] %}
+{% if hybrid['hybrid_group'].startswith('p') -%}
+MAKE_KEM_ECP_KEYMGMT_FUNCTIONS({{hybrid['hybrid_group']}}_{{kem['name_group']}}, {{kem['oqs_alg']}}, {{hybrid['bit_security']}})
+{%- else %}
+MAKE_KEM_ECX_KEYMGMT_FUNCTIONS({{hybrid['hybrid_group']}}_{{kem['name_group']}}, {{kem['oqs_alg']}}, {{hybrid['bit_security']}})
+{%- endif %}
+{%- endfor %}
 {%- endfor %}
 

oqs-template/oqsprov/oqs_prov.h/alg_functions.fragment

@@ -8,11 +8,12 @@ extern const OSSL_DISPATCH oqs_{{ classical_alg['name'] }}_{{ variant['name'] }}
 {%- endfor %}
 {% for kem in config['kems'] %}
 extern const OSSL_DISPATCH oqs_{{ kem['name_group'] }}_keymgmt_functions[];
+{% for hybrid in kem['hybrids'] %}
+{% if hybrid['hybrid_group'].startswith('p') -%}
+extern const OSSL_DISPATCH oqs_ecp_{{ hybrid['hybrid_group']}}_{{ kem['name_group'] }}_keymgmt_functions[];
+{%- else -%}
+extern const OSSL_DISPATCH oqs_ecx_{{ hybrid['hybrid_group']}}_{{ kem['name_group'] }}_keymgmt_functions[];
+{%- endif %}
 {%- endfor %}
-{% for kem in config['kems'] %}
-extern const OSSL_DISPATCH oqs_ecp_{{ kem['name_group'] }}_keymgmt_functions[];
-{%- endfor %}
-{% for kem in config['kems'] %}
-extern const OSSL_DISPATCH oqs_ecx_{{ kem['name_group'] }}_keymgmt_functions[];
 {%- endfor %}