Added HQC variants. (#227)

xvzcf · web-flow · commit a924d21c22fc · 2020-08-05T16:03:25.000-04:00
diff --git a/README.md b/README.md
@@ -77,6 +77,7 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h
 - `oqs_kem_default` (see [here](https://github.com/open-quantum-safe/openssl/wiki/Using-liboqs-algorithms-that-are-not-in-the-forks#oqsdefault) for what this denotes)
 - **BIKE**: `bike1l1cpa`, `bike1l3cpa`, `bike1l1fo`, `bike1l3fo`
 - **FrodoKEM**: `frodo640aes`, `frodo640shake`, `frodo976aes`, `frodo976shake`, `frodo1344aes`, `frodo1344shake`
+- **HQC**: `hqc128_1_cca2`, `hqc192_1_cca2`, `hqc192_2_cca2`, `hqc256_1_cca2`† , `hqc256_2_cca2`†, `hqc256_3_cca2`†
 - **Kyber**: `kyber512`, `kyber768`, `kyber1024`, `kyber90s512`, `kyber90s768`, `kyber90s1024`
 - **LEDA**: `ledacryptkemlt12`, `ledacryptkemlt32`, `ledacryptkemlt52`
 - **NewHope**: `newhope512cca`, `newhope1024cca`
@@ -93,6 +94,8 @@ If ``<KEX>`` is any of the algorithms listed above, the following hybrid algorit
 
 For example, since `kyber768` claims L3 security, the hybrid `p384_kyber768` is available.
 
+Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments.
+
 #### Authentication
 
 The following digital signature algorithms from liboqs are supported by the fork. **Note that not all variants of all algorithms are enabled by default; algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssl/wiki/Using-liboqs-algorithms-not-in-the-fork#code-generation)**.
diff --git a/apps/s_cb.c b/apps/s_cb.c
@@ -515,6 +515,12 @@ static const char* OQS_CURVE_ID_NAME_STR(int id) {
   case 0x022F: return "babybearephem";
   case 0x0230: return "mamabearephem";
   case 0x0231: return "papabearephem";
+  case 0x0232: return "hqc128_1_cca2";
+  case 0x0233: return "hqc192_1_cca2";
+  case 0x0234: return "hqc192_2_cca2";
+  case 0x0235: return "hqc256_1_cca2";
+  case 0x0236: return "hqc256_2_cca2";
+  case 0x0237: return "hqc256_3_cca2";
   ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_END
   case 0x2FFF: return "p256_oqs_kem_default hybrid";
   ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_HYBRID_START
@@ -557,6 +563,12 @@ static const char* OQS_CURVE_ID_NAME_STR(int id) {
    case 0x2F2F: return "p256_babybearephem hybrid";
    case 0x2F30: return "p384_mamabearephem hybrid";
    case 0x2F31: return "p521_papabearephem hybrid";
+   case 0x2F32: return "p256_hqc128_1_cca2 hybrid";
+   case 0x2F33: return "p384_hqc192_1_cca2 hybrid";
+   case 0x2F34: return "p384_hqc192_2_cca2 hybrid";
+   case 0x2F35: return "p521_hqc256_1_cca2 hybrid";
+   case 0x2F36: return "p521_hqc256_2_cca2 hybrid";
+   case 0x2F37: return "p521_hqc256_3_cca2 hybrid";
   ///// OQS_TEMPLATE_FRAGMENT_OQS_CURVE_ID_NAME_STR_HYBRID_END
   default: return "";
   }
diff --git a/crypto/ec/oqs_meth.c b/crypto/ec/oqs_meth.c
@@ -157,6 +157,12 @@ int oqssl_kem_nids_list[] = {
         NID_babybearephem,
         NID_mamabearephem,
         NID_papabearephem,
+        NID_hqc128_1_cca2,
+        NID_hqc192_1_cca2,
+        NID_hqc192_2_cca2,
+        NID_hqc256_1_cca2,
+        NID_hqc256_2_cca2,
+        NID_hqc256_3_cca2,
 /////// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_KEM_NIDS_END
 };
 
@@ -358,6 +364,24 @@ char* get_oqs_alg_name(int openssl_nid)
     case NID_papabearephem:
     case NID_p521_papabearephem:
       return OQS_KEM_alg_threebears_papabear_ephem;
+    case NID_hqc128_1_cca2:
+    case NID_p256_hqc128_1_cca2:
+      return OQS_KEM_alg_hqc_128_1_cca2;
+    case NID_hqc192_1_cca2:
+    case NID_p384_hqc192_1_cca2:
+      return OQS_KEM_alg_hqc_192_1_cca2;
+    case NID_hqc192_2_cca2:
+    case NID_p384_hqc192_2_cca2:
+      return OQS_KEM_alg_hqc_192_2_cca2;
+    case NID_hqc256_1_cca2:
+    case NID_p521_hqc256_1_cca2:
+      return OQS_KEM_alg_hqc_256_1_cca2;
+    case NID_hqc256_2_cca2:
+    case NID_p521_hqc256_2_cca2:
+      return OQS_KEM_alg_hqc_256_2_cca2;
+    case NID_hqc256_3_cca2:
+    case NID_p521_hqc256_3_cca2:
+      return OQS_KEM_alg_hqc_256_3_cca2;
 ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_ALG_END
     default:
       return NULL;
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
@@ -1116,7 +1116,7 @@ static const unsigned char so[8044] = {
     0x2B,0xCE,0x0F,0x06,0x01,0x03,                 /* [ 8037] OBJ_rsa3072_sphincsharaka128frobust */
 };
 
-#define NUM_NID 1313
+#define NUM_NID 1325
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2431,9 +2431,21 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"p384_mamabearephem", "p384_mamabearephem", NID_p384_mamabearephem},
     {"papabearephem", "papabearephem", NID_papabearephem},
     {"p521_papabearephem", "p521_papabearephem", NID_p521_papabearephem},
+    {"hqc128_1_cca2", "hqc128_1_cca2", NID_hqc128_1_cca2},
+    {"p256_hqc128_1_cca2", "p256_hqc128_1_cca2", NID_p256_hqc128_1_cca2},
+    {"hqc192_1_cca2", "hqc192_1_cca2", NID_hqc192_1_cca2},
+    {"p384_hqc192_1_cca2", "p384_hqc192_1_cca2", NID_p384_hqc192_1_cca2},
+    {"hqc192_2_cca2", "hqc192_2_cca2", NID_hqc192_2_cca2},
+    {"p384_hqc192_2_cca2", "p384_hqc192_2_cca2", NID_p384_hqc192_2_cca2},
+    {"hqc256_1_cca2", "hqc256_1_cca2", NID_hqc256_1_cca2},
+    {"p521_hqc256_1_cca2", "p521_hqc256_1_cca2", NID_p521_hqc256_1_cca2},
+    {"hqc256_2_cca2", "hqc256_2_cca2", NID_hqc256_2_cca2},
+    {"p521_hqc256_2_cca2", "p521_hqc256_2_cca2", NID_p521_hqc256_2_cca2},
+    {"hqc256_3_cca2", "hqc256_3_cca2", NID_hqc256_3_cca2},
+    {"p521_hqc256_3_cca2", "p521_hqc256_3_cca2", NID_p521_hqc256_3_cca2},
 };
 
-#define NUM_SN 1304
+#define NUM_SN 1316
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2945,6 +2957,12 @@ static const unsigned int sn_objs[NUM_SN] = {
      473,    /* "homeTelephoneNumber" */
      466,    /* "host" */
      889,    /* "houseIdentifier" */
+    1313,    /* "hqc128_1_cca2" */
+    1315,    /* "hqc192_1_cca2" */
+    1317,    /* "hqc192_2_cca2" */
+    1319,    /* "hqc256_1_cca2" */
+    1321,    /* "hqc256_2_cca2" */
+    1323,    /* "hqc256_3_cca2" */
      442,    /* "iA5StringSyntax" */
      783,    /* "id-DHBasedMac" */
      824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
@@ -3352,6 +3370,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1207,    /* "p256_falcon512" */
     1236,    /* "p256_frodo640aes" */
     1238,    /* "p256_frodo640shake" */
+    1314,    /* "p256_hqc128_1_cca2" */
     1256,    /* "p256_kyber512" */
     1296,    /* "p256_kyber90s512" */
     1274,    /* "p256_lightsaber" */
@@ -3374,6 +3393,8 @@ static const unsigned int sn_objs[NUM_SN] = {
     1205,    /* "p384_dilithium4" */
     1240,    /* "p384_frodo976aes" */
     1242,    /* "p384_frodo976shake" */
+    1316,    /* "p384_hqc192_1_cca2" */
+    1318,    /* "p384_hqc192_2_cca2" */
     1258,    /* "p384_kyber768" */
     1298,    /* "p384_kyber90s768" */
     1304,    /* "p384_mamabear" */
@@ -3388,6 +3409,9 @@ static const unsigned int sn_objs[NUM_SN] = {
     1278,    /* "p521_firesaber" */
     1244,    /* "p521_frodo1344aes" */
     1246,    /* "p521_frodo1344shake" */
+    1320,    /* "p521_hqc256_1_cca2" */
+    1322,    /* "p521_hqc256_2_cca2" */
+    1324,    /* "p521_hqc256_3_cca2" */
     1260,    /* "p521_kyber1024" */
     1300,    /* "p521_kyber90s1024" */
     1264,    /* "p521_newhope1024cca" */
@@ -3741,7 +3765,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1304
+#define NUM_LN 1316
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4285,6 +4309,12 @@ static const unsigned int ln_objs[NUM_LN] = {
      473,    /* "homeTelephoneNumber" */
      466,    /* "host" */
      889,    /* "houseIdentifier" */
+    1313,    /* "hqc128_1_cca2" */
+    1315,    /* "hqc192_1_cca2" */
+    1317,    /* "hqc192_2_cca2" */
+    1319,    /* "hqc256_1_cca2" */
+    1321,    /* "hqc256_2_cca2" */
+    1323,    /* "hqc256_3_cca2" */
      442,    /* "iA5StringSyntax" */
      381,    /* "iana" */
      824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
@@ -4633,6 +4663,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     1207,    /* "p256_falcon512" */
     1236,    /* "p256_frodo640aes" */
     1238,    /* "p256_frodo640shake" */
+    1314,    /* "p256_hqc128_1_cca2" */
     1256,    /* "p256_kyber512" */
     1296,    /* "p256_kyber90s512" */
     1274,    /* "p256_lightsaber" */
@@ -4655,6 +4686,8 @@ static const unsigned int ln_objs[NUM_LN] = {
     1205,    /* "p384_dilithium4" */
     1240,    /* "p384_frodo976aes" */
     1242,    /* "p384_frodo976shake" */
+    1316,    /* "p384_hqc192_1_cca2" */
+    1318,    /* "p384_hqc192_2_cca2" */
     1258,    /* "p384_kyber768" */
     1298,    /* "p384_kyber90s768" */
     1304,    /* "p384_mamabear" */
@@ -4669,6 +4702,9 @@ static const unsigned int ln_objs[NUM_LN] = {
     1278,    /* "p521_firesaber" */
     1244,    /* "p521_frodo1344aes" */
     1246,    /* "p521_frodo1344shake" */
+    1320,    /* "p521_hqc256_1_cca2" */
+    1322,    /* "p521_hqc256_2_cca2" */
+    1324,    /* "p521_hqc256_3_cca2" */
     1260,    /* "p521_kyber1024" */
     1300,    /* "p521_kyber90s1024" */
     1264,    /* "p521_newhope1024cca" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
@@ -1310,3 +1310,15 @@ mamabearephem		1309
 p384_mamabearephem		1310
 papabearephem		1311
 p521_papabearephem		1312
+hqc128_1_cca2		1313
+p256_hqc128_1_cca2		1314
+hqc192_1_cca2		1315
+p384_hqc192_1_cca2		1316
+hqc192_2_cca2		1317
+p384_hqc192_2_cca2		1318
+hqc256_1_cca2		1319
+p521_hqc256_1_cca2		1320
+hqc256_2_cca2		1321
+p521_hqc256_2_cca2		1322
+hqc256_3_cca2		1323
+p521_hqc256_3_cca2		1324
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
@@ -1757,6 +1757,18 @@ dstu4145le 2 9 : uacurve9 : DSTU curve 9
  : p384_mamabearephem : p384_mamabearephem
  : papabearephem : papabearephem
  : p521_papabearephem : p521_papabearephem
+ : hqc128_1_cca2 : hqc128_1_cca2
+ : p256_hqc128_1_cca2 : p256_hqc128_1_cca2
+ : hqc192_1_cca2 : hqc192_1_cca2
+ : p384_hqc192_1_cca2 : p384_hqc192_1_cca2
+ : hqc192_2_cca2 : hqc192_2_cca2
+ : p384_hqc192_2_cca2 : p384_hqc192_2_cca2
+ : hqc256_1_cca2 : hqc256_1_cca2
+ : p521_hqc256_1_cca2 : p521_hqc256_1_cca2
+ : hqc256_2_cca2 : hqc256_2_cca2
+ : p521_hqc256_2_cca2 : p521_hqc256_2_cca2
+ : hqc256_3_cca2 : hqc256_3_cca2
+ : p521_hqc256_3_cca2 : p521_hqc256_3_cca2
 ##### OQS_TEMPLATE_FRAGMENT_LIST_KEMS_END
 
 ##### OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_OIDS_START
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -103,8 +103,8 @@
 # define EVP_PKEY_P256_SPHINCSHARAKA128FROBUST NID_p256_sphincsharaka128frobust
 # define EVP_PKEY_RSA3072_SPHINCSHARAKA128FROBUST NID_rsa3072_sphincsharaka128frobust
 #define OQS_OPENSSL_SIG_algs_length 38
-#define OQS_OPENSSL_KEM_algs_length 39
-#define IS_OQS_OPENSSL_KEM_NID(a) ((a >= NID_oqs_kem_default) && (a <= NID_p521_papabearephem))
+#define OQS_OPENSSL_KEM_algs_length 45
+#define IS_OQS_OPENSSL_KEM_NID(a) ((a >= NID_oqs_kem_default) && (a <= NID_p521_hqc256_3_cca2))
 #define IS_OQS_OPENSSL_SIG_NID(a) ((a >= NID_oqs_sig_default) && (a <= NID_rsa3072_sphincsharaka128frobust))
 /////// OQS_TEMPLATE_FRAGMENT_DEFINE_EVP_PKEYS_END
 const char *OQSKEM_options(void);
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
@@ -5517,6 +5517,54 @@
 #define LN_p521_papabearephem           "p521_papabearephem"
 #define NID_p521_papabearephem          1312
 
+#define SN_hqc128_1_cca2                "hqc128_1_cca2"
+#define LN_hqc128_1_cca2                "hqc128_1_cca2"
+#define NID_hqc128_1_cca2               1313
+
+#define SN_p256_hqc128_1_cca2           "p256_hqc128_1_cca2"
+#define LN_p256_hqc128_1_cca2           "p256_hqc128_1_cca2"
+#define NID_p256_hqc128_1_cca2          1314
+
+#define SN_hqc192_1_cca2                "hqc192_1_cca2"
+#define LN_hqc192_1_cca2                "hqc192_1_cca2"
+#define NID_hqc192_1_cca2               1315
+
+#define SN_p384_hqc192_1_cca2           "p384_hqc192_1_cca2"
+#define LN_p384_hqc192_1_cca2           "p384_hqc192_1_cca2"
+#define NID_p384_hqc192_1_cca2          1316
+
+#define SN_hqc192_2_cca2                "hqc192_2_cca2"
+#define LN_hqc192_2_cca2                "hqc192_2_cca2"
+#define NID_hqc192_2_cca2               1317
+
+#define SN_p384_hqc192_2_cca2           "p384_hqc192_2_cca2"
+#define LN_p384_hqc192_2_cca2           "p384_hqc192_2_cca2"
+#define NID_p384_hqc192_2_cca2          1318
+
+#define SN_hqc256_1_cca2                "hqc256_1_cca2"
+#define LN_hqc256_1_cca2                "hqc256_1_cca2"
+#define NID_hqc256_1_cca2               1319
+
+#define SN_p521_hqc256_1_cca2           "p521_hqc256_1_cca2"
+#define LN_p521_hqc256_1_cca2           "p521_hqc256_1_cca2"
+#define NID_p521_hqc256_1_cca2          1320
+
+#define SN_hqc256_2_cca2                "hqc256_2_cca2"
+#define LN_hqc256_2_cca2                "hqc256_2_cca2"
+#define NID_hqc256_2_cca2               1321
+
+#define SN_p521_hqc256_2_cca2           "p521_hqc256_2_cca2"
+#define LN_p521_hqc256_2_cca2           "p521_hqc256_2_cca2"
+#define NID_p521_hqc256_2_cca2          1322
+
+#define SN_hqc256_3_cca2                "hqc256_3_cca2"
+#define LN_hqc256_3_cca2                "hqc256_3_cca2"
+#define NID_hqc256_3_cca2               1323
+
+#define SN_p521_hqc256_3_cca2           "p521_hqc256_3_cca2"
+#define LN_p521_hqc256_3_cca2           "p521_hqc256_3_cca2"
+#define NID_p521_hqc256_3_cca2          1324
+
 #define SN_oqs_sig_default              "oqs_sig_default"
 #define LN_oqs_sig_default              "oqs_sig_default"
 #define NID_oqs_sig_default             1195
diff --git a/oqs-interop-test/ossl_algorithms.py b/oqs-interop-test/ossl_algorithms.py
@@ -2,9 +2,9 @@
     'oqs_kem_default', 'p256_oqs_kem_default',
 ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_START
     # post-quantum key exchanges
-    'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem',
+    'frodo640aes','frodo640shake','frodo976aes','frodo976shake','frodo1344aes','frodo1344shake','bike1l1cpa','bike1l3cpa','bike1l1fo','bike1l3fo','kyber512','kyber768','kyber1024','newhope512cca','newhope1024cca','ntru_hps2048509','ntru_hps2048677','ntru_hps4096821','ntru_hrss701','lightsaber','saber','firesaber','sidhp434','sidhp503','sidhp610','sidhp751','sikep434','sikep503','sikep610','sikep751','kyber90s512','kyber90s768','kyber90s1024','babybear','mamabear','papabear','babybearephem','mamabearephem','papabearephem','hqc128_1_cca2','hqc192_1_cca2','hqc192_2_cca2','hqc256_1_cca2','hqc256_2_cca2','hqc256_3_cca2',
     # post-quantum + classical key exchanges
-    'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem',
+    'p256_frodo640aes','p256_frodo640shake','p384_frodo976aes','p384_frodo976shake','p521_frodo1344aes','p521_frodo1344shake','p256_bike1l1cpa','p384_bike1l3cpa','p256_bike1l1fo','p384_bike1l3fo','p256_kyber512','p384_kyber768','p521_kyber1024','p256_newhope512cca','p521_newhope1024cca','p256_ntru_hps2048509','p384_ntru_hps2048677','p521_ntru_hps4096821','p384_ntru_hrss701','p256_lightsaber','p384_saber','p521_firesaber','p256_sidhp434','p256_sidhp503','p384_sidhp610','p521_sidhp751','p256_sikep434','p256_sikep503','p384_sikep610','p521_sikep751','p256_kyber90s512','p384_kyber90s768','p521_kyber90s1024','p256_babybear','p384_mamabear','p521_papabear','p256_babybearephem','p384_mamabearephem','p521_papabearephem','p256_hqc128_1_cca2','p384_hqc192_1_cca2','p384_hqc192_2_cca2','p521_hqc256_1_cca2','p521_hqc256_2_cca2','p521_hqc256_3_cca2',
 ##### OQS_TEMPLATE_FRAGMENT_KEX_ALGS_END
 ]
 signatures = [
diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml
@@ -235,6 +235,43 @@ kems:
     nid_hybrid: "0x2F31"
     oqs_alg: "OQS_KEM_alg_threebears_papabear_ephem"
     bit_security: 256
+  -
+    name_group: "hqc128_1_cca2"
+    nid: "0x0232"
+    nid_hybrid: "0x2F32"
+    oqs_alg: 'OQS_KEM_alg_hqc_128_1_cca2'
+    bit_security: 128
+  -
+    name_group: 'hqc192_1_cca2'
+    nid: "0x0233"
+    nid_hybrid: "0x2F33"
+    oqs_alg: 'OQS_KEM_alg_hqc_192_1_cca2'
+    bit_security: 192
+  -
+    name_group: 'hqc192_2_cca2'
+    nid: "0x0234"
+    nid_hybrid: "0x2F34"
+    oqs_alg: 'OQS_KEM_alg_hqc_192_2_cca2'
+    bit_security: 192
+  -
+    name_group: 'hqc256_1_cca2'
+    nid: "0x0235"
+    nid_hybrid: "0x2F35"
+    oqs_alg: 'OQS_KEM_alg_hqc_256_1_cca2'
+    bit_security: 256
+  -
+    name_group: 'hqc256_2_cca2'
+    nid: "0x0236"
+    nid_hybrid: "0x2F36"
+    oqs_alg: 'OQS_KEM_alg_hqc_256_2_cca2'
+    bit_security: 256
+  -
+    name_group: 'hqc256_3_cca2'
+    nid: "0x0237"
+    nid_hybrid: "0x2F37"
+    oqs_alg: 'OQS_KEM_alg_hqc_256_3_cca2'
+    bit_security: 256
+
 kem_nid_end: "0x0250"
 kem_nid_hybrid_end: "0x2FFF"
 # need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values
diff --git a/oqs-test/common.py b/oqs-test/common.py
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
