MastersThesis/TIIGER_TLS/PQ_TIIGER_TLS/CHANGES.md
2024-04-15 12:18:26 +02:00

243 lines
10 KiB
Markdown

# Change Log
All notable changes to this project will be documented in this file.
## 2023-11-20
### Added
- support for Windows platform:
- pre-processor condition with Windows headers *winsock2.h*, *afunix.h*, *ws2tcpip.h* in tls_sockets.h
- pre-processor condition in *int setclientsock()* function - changing input argument in *setsockopt()* function for Windows compatibility in tls_sockets.cpp
- WSA structure inicialization and cleanup in client.cpp file
- linking *-lws2_32* in CMakeLists.txt
- *-lstdc++* in CMakeLists.txt for compatibility with gcc
## 2023-11-20
### Added
- Header file *oqs/oqs.h* and *oqs/oqsconfig.h* from liboqs library
- linking liboqs library with *-loqs* in CMakeLists.txt
### Changed
- Library name in *char *SAL_name()*
- Random number generator *OQS_randombytes()* in *bool SAL_initLib()*
### Removed
- Unused conditions and functions
## 2023-12-22
### Added
- Notes for dilithium3 functions from liboqs
## 2024-01-13
### Changed
- *void SAL_generateKeyPair()* for kyber768 now working with function from liboqs
- both *static bool DILITHIUM3_VERIFY()* and *static void DILITHIUM3_SIGN()* now working with functions from liboqs
### Removed
- Unused declarations and variables
## 2024-01-15
### Changed
- *bool SAL_generateSharedSecret()* for kyber768 now working with function from liboqs
### Removed
- Header file *kyber.h*
- Unused declarations and variables
## 2024-01-25
### Added
- New CA certificate for https://test.openquantumsafe.org/ in tls_cacerts.cpp
### Changed
- Client certificate update
## 2024-02-17
### Added
- TLS IDs for PQ KEM algorithms based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md in tls1_3.h
- new PQ KEM algorithms in *int SAL_groups()*
- functions for key generating for kyber512, kyber1024, bikel1, bikel3, bikel5, hqc128, hqc192, hqc256, FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE in *void SAL_generateKeyPair()* function
- decapsulation functions for kyber512, kyber1024, bikel1, bikel3, bikel5, hqc128, hqc192, hqc256, FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE in *bool SAL_generateSharedSecret()*
### Changed
- variables for PQ crypto_setting in tls1_3.h file:
- TLS_MAX_KEX_PUB_KEY_SIZE - according the biggest public key size from all available KEM algorithm (FrodoKEM-1344-SHAKE)
- TLS_MAX_KEX_CIPHERTEXT_SIZE - according the biggest ciphertext size from all available KEM algorithm (FrodoKEM-1344-SHAKE)
- TLS_MAX_KEX_SECRET_KEY_SIZE - according the biggest secret key size from all available KEM algorithm (FrodoKEM-1344-SHAKE)
- TLS_MAX_SUPPORTED_GROUPS - need to raise the variable because of adding more KEM algorithms
27-29
## 2024-02-26
### Added
- listing of KEM key sizes (public and private keys) in client.cpp
- TLS IDs for PQ signature algorithms in tls1_3.h based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
- Object IDs for dilitihum2 and dilitihum3 in tls_x509.cpp based on https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
- PQ curve variables for dilitihum2, dilitihum3 and dilitihum5 in tls_x509.h for recognizing used algorithm in further processing
- PQ signature algorithms dilithium2 and dilithium5 in *int SAL_sigs()* and *int SAL_sigCerts()*
- verification functions for PQ signature algorithms dilithium2, dilithium5; calling them in *bool SAL_tlsSignatureVerify()*
- signing functions for PQ signature algorithms dilithium2, dilithium5; calling them in *void SAL_tlsSignature()*
- listing of all new KEM and dilithium signature algorithms in tls_logger.cpp and client.cpp
- conditions for certificate verification for dilitihum2, dilithium3 and dilithium5 in tls_cert_chain.cpp
- functions for public and private key from PQ certificates, setting PQ curve for further processing
## 2024-02-27
### Added
- verification functions for PQ signature algorithms falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple; ; calling them in *bool SAL_tlsSignatureVerify()*
- signing functions for PQ signature algorithms falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple; ; calling them in *void SAL_tlsSignature()*
## 2024-02-28
### Added
- PQ curve variables for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple
- Object IDs for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple
- conditions for certificate verification for falcon512, falcon1024, SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHA2-192f-simple
- functions for public and private key from PQ certificates, setting PQ curve for further processing
- listing of all new PQ signature algorithms in tls_logger.cpp and client.cpp
### Removed
- TLS IDs for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
- verification functions for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
- signing functions for unsupported PQ signature algorithms (unsupported by oqsprovider (unable to test them)) - SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
### Changed
- Linux pre-processor condition for BIKE signature algorithm (BIKE is not supported on Windows platform (yet)) in *void SAL_generateKeyPair()*
- variables for PQ crypto_setting in tls1_3.h file:
- TLS_MAX_SIG_PUB_KEY_SIZE - according the biggest public key size from all available signature algorithms (dilithium5)
- TLS_MAX_SIG_SECRET_KEY_SIZE - according the biggest secret key size from all available signature algorithms (dilithium5)
- TLS_MAX_SIGNATURE_SIZE - according the biggest signature size from all available signature algorithms (SPHINCS+-SHA2-128f-simple or SPHINCS+-SHAKE-128f-simple)
- TLS_MAX_SUPPORTED_SIGS - need to raise the variable because of adding more signature algorithms
- MAX_IBUFF_SIZE - need to raise the variable because of bigger size of certchain (SPHINCS+-SHAKE-128f-simple)
- TLS_X509_MAX_FIELD - need to raise the variable because of bigger size of certchain (SPHINCS+-SHAKE-128f-simple)
### Tested
- all KEM protocols and signature algorithms with OpenSSL native server and test.openquantumsafe.org server
- correct behaviour on Linux and Windows x64 platform
## 2024-02-29
### Changed
- same PQ curve for SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple (same size)
- calling verification functions for both SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple
### Removed
- sign and verify function for SPHINCS+-SHA2-192f-simple (return of wrong expiration date; bug?)
- removed all added changes associated with SPHINCS+-SHA2-192f-simple (ID, OID, curve, conditions)
## 2024-03-01
### Added
- *OQS_TEST_results.txt* with results of testing on test.openquantumsafe.org server
### Removed
- unused functions and variables for unsupported algorithms by liboqs or oqsprovider (unable to test them)
## 2024-03-03
### Added
- comments about changes of functions and variables
- comments on the beggining of every changed file
- readme with information about building and using the client, summary of all changes, details of testing
### Removed
- arduino conditions in files: tls_octads.h, tls_sockets.h, tls_logger.cpp, tls_octads.cpp, tls_sockets.cpp
- files for arduino - arduino/client.cpp, wifi.h
- removed unnecessery files: blogs, unused .xpp files
## 2024-03-03
### Changed
- *OQS_randombytes()* used as seed for original miracl rng
## 2024-03-04
### Added
- .exe file for Windows x64 generated with CMake 'MinGW file' instead 'Unix MakeFile'
- miracl core folders for Windows x64, Windows x86 and Linux Ubuntu 22.04 in sal folder
- readme in sal folder with guideline for generating miracl core files
- permanent library linking *-lws2_32* in CMakeLists.txt for Windows compatibility (remove in case of Linux platform)
### Removed
- unused conditions and variables from CMakeLists.txt
## 2024-04-14
### Added
- IDs for ML-KEM and ML-DSA
- functions for key generating for ml-kem512, ml-kem768, ml-kem1024
- decapsulation functions for ml-kem512, ml-kem768, ml-kem1024
- object IDs for ML-KEM and ML-DSA
- signing functions for PQ signature algorithms ml-dsa44, ml-dsa65, ml-dsa87; calling them in *void SAL_tlsSignature()*
- listing of ML-KEMs and ML-DSAs in tls_logger.cpp and client.cpp
- conditions for certificate verification for ml-dsa44, ml-dsa65, ml-dsa87 in tls_cert_chain.cpp
- functions for public and private key from PQ certificates, setting PQ curve for further processing
- new PQ curve to distinguish SPHINCS+-SHA2-128f-simple and SPHINCS+-SHAKE-128f-simple
### Changed
- IDs for HQC and Falcon algorithms according to https://github.com/open-quantum-safe/oqs-provider/releases/tag/0.6.0
- PQ curves for all PQ signature schemes
## 2024-04-15
### Added
- *OQS_TEST_results2.txt* with results of testing on test.openquantumsafe.org server with new