# Change Log All notable changes to this project will be documented in this file. ## 2023-11-20 ### Added - support for Windows platform: - pre-processor condition with Windows headers *winsock2.h*, *afunix.h*, *ws2tcpip.h* in tls_sockets.h - pre-processor condition in *int setclientsock()* function - changing input argument in *setsockopt()* function for Windows compatibility in tls_sockets.cpp - WSA structure inicialization and cleanup in client.cpp file - linking *-lws2_32* in CMakeLists.txt - *-lstdc++* in CMakeLists.txt for compatibility with gcc ## 2023-11-20 ### Added - Header file *oqs/oqs.h* and *oqs/oqsconfig.h* from liboqs library - linking liboqs library with *-loqs* in CMakeLists.txt ### Changed - Library name in *char *SAL_name()* - Random number generator *OQS_randombytes()* in *bool SAL_initLib()* ### Removed - Unused conditions and functions ## 2023-12-22 ### Added - Notes for dilithium3 functions from liboqs ## 2024-01-13 ### Changed - *void SAL_generateKeyPair()* for kyber768 now working with function from liboqs - both *static bool DILITHIUM3_VERIFY()* and *static void DILITHIUM3_SIGN()* now working with functions from liboqs ### Removed - Unused declarations and variables ## 2024-01-15 ### Changed - *bool SAL_generateSharedSecret()* for kyber768 now working with function from liboqs ### Removed - Header file *kyber.h* - Unused declarations and variables ## 2024-01-25 ### Added - New CA certificate for https://test.openquantumsafe.org/ in tls_cacerts.cpp ### Changed - Client certificate update ## 2024-02-17 ### Added - TLS IDs for PQ KEM algorithms based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md in tls1_3.h - new PQ KEM algorithms in *int SAL_groups()* - functions for key generating for kyber512, kyber1024, bikel1, bikel3, bikel5, hqc128, hqc192, hqc256, FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE in *void SAL_generateKeyPair()* function - decapsulation functions for kyber512, kyber1024, bikel1, bikel3, bikel5, hqc128, hqc192, hqc256, FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE in *bool SAL_generateSharedSecret()* ### Changed - variables for PQ crypto_setting in tls1_3.h file: - TLS_MAX_KEX_PUB_KEY_SIZE - according the biggest public key size from all available KEM algorithm (FrodoKEM-1344-SHAKE) - TLS_MAX_KEX_CIPHERTEXT_SIZE - according the biggest ciphertext size from all available KEM algorithm (FrodoKEM-1344-SHAKE) - TLS_MAX_KEX_SECRET_KEY_SIZE - according the biggest secret key size from all available KEM algorithm (FrodoKEM-1344-SHAKE) - TLS_MAX_SUPPORTED_GROUPS - need to raise the variable because of adding more KEM algorithms 27-29 ## 2024-02-26 ### Added - listing of KEM key sizes (public and private keys) in client.cpp - TLS IDs for PQ signature algorithms in tls1_3.h based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md - Object IDs for dilitihum2 and dilitihum3 in tls_x509.cpp based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md - PQ curve variables for dilitihum2, dilitihum3 and dilitihum5 in tls_x509.h for recognizing used algorithm in further processing - PQ signature algorithms dilithium2 and dilithium5 in *int SAL_sigs()* and *int SAL_sigCerts()* - verification functions for PQ signature algorithms dilithium2, dilithium5; calling them in *bool SAL_tlsSignatureVerify()* - signing functions for PQ signature algorithms dilithium2, dilithium5; calling them in *void SAL_tlsSignature()* - listing of all new KEM and dilithium signature algorithms in tls_logger.cpp and client.cpp - conditions for certificate verification for dilitihum2, dilithium3 and dilithium5 in tls_cert_chain.cpp - functions for public and private key from PQ certificates, setting PQ curve for further processing ## 2024-02-27 ### Added - verification functions for PQ signature algorithms falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple; ; calling them in *bool SAL_tlsSignatureVerify()* - signing functions for PQ signature algorithms falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple; ; calling them in *void SAL_tlsSignature()* ## 2024-02-28 ### Added - PQ curve variables for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple - Object IDs for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple - conditions for certificate verification for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple - functions for public and private key from PQ certificates, setting PQ curve for further processing - listing of all new PQ signature algorithms in tls_logger.cpp and client.cpp ### Removed - TLS IDs for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple - verification functions for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple - signing functions for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple ### Changed - Linux pre-processor condition for BIKE signature algorithm (BIKE is not supported on Windows platform (yet)) in *void SAL_generateKeyPair()* - variables for PQ crypto_setting in tls1_3.h file: - TLS_MAX_SIG_PUB_KEY_SIZE - according the biggest public key size from all available signature algorithms (dilithium5) - TLS_MAX_SIG_SECRET_KEY_SIZE - according the biggest secret key size from all available signature algorithms (dilithium5) - TLS_MAX_SIGNATURE_SIZE - according the biggest signature size from all available signature algorithms (SPHINCS+-SHA2-128f-simple or SPHINCS+-SHAKE-128f-simple) - TLS_MAX_SUPPORTED_SIGS - need to raise the variable because of adding more signature algorithms - MAX_IBUFF_SIZE - need to raise the variable because of bigger size of certchain (SPHINCS+-SHAKE-128f-simple) - TLS_X509_MAX_FIELD - need to raise the variable because of bigger size of certchain (SPHINCS+-SHAKE-128f-simple) ### Tested - all KEM protocols and signature algorithms with OpenSSL native server and test.openquantumsafe.org server - correct behaviour on Linux and Windows x64 platform ## 2024-02-29 ### Changed - same PQ curve for SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple (same size) - calling verification functions for both SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple ### Removed - sign and verify function for SPHINCS+-SHA2-192f-simple (return of wrong expiration date; bug?) - removed all added changes associated with SPHINCS+-SHA2-192f-simple (ID, OID, curve, conditions) ## 2024-03-01 ### Added - *OQS_TEST_results.txt* with results of testing on test.openquantumsafe.org server ### Removed - unused functions and variables for unsupported algorithms by liboqs or oqsprovider (unable to test them) ## 2024-03-03 ### Added - comments about changes of functions and variables - comments on the beggining of every changed file - readme with information about building and using the client, summary of all changes, details of testing ### Removed - arduino conditions in files: tls_octads.h, tls_sockets.h, tls_logger.cpp, tls_octads.cpp, tls_sockets.cpp - files for arduino - arduino/client.cpp, wifi.h - removed unnecessery files: blogs, unused .xpp files ## 2024-03-03 ### Changed - *OQS_randombytes()* used as seed for original miracl rng ## 2024-03-04 ### Added - .exe file for Windows x64 generated with CMake 'MinGW file' instead 'Unix MakeFile' - miracl core folders for Windows x64, Windows x86 and Linux Ubuntu 22.04 in sal folder - readme in sal folder with guideline for generating miracl core files - permanent library linking *-lws2_32* in CMakeLists.txt for Windows compatibility (remove in case of Linux platform) ### Removed - unused conditions and variables from CMakeLists.txt ## 2024-04-14 ### Added - IDs for ML-KEM and ML-DSA - functions for key generating for ml-kem512, ml-kem768, ml-kem1024 - decapsulation functions for ml-kem512, ml-kem768, ml-kem1024 - object IDs for ML-KEM and ML-DSA - signing functions for PQ signature algorithms ml-dsa44, ml-dsa65, ml-dsa87; calling them in *void SAL_tlsSignature()* - listing of ML-KEMs and ML-DSAs in tls_logger.cpp and client.cpp - conditions for certificate verification for ml-dsa44, ml-dsa65, ml-dsa87 in tls_cert_chain.cpp - functions for public and private key from PQ certificates, setting PQ curve for further processing - new PQ curve to distinguish SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple ### Changed - IDs for HQC and Falcon algorithms according to https://github.com/open-quantum-safe/oqs-provider/releases/tag/0.6.0 - PQ curves for all PQ signature schemes ## 2024-04-15 ### Added - *OQS_TEST_results2.txt* with results of testing on test.openquantumsafe.org server with new