LibOQS-Java will need to support passing in the Context String into the Sign API

[johngray-dev]

FIPS 204 and 205 uses a context string as part of their sign API. It was a last minute change in the final standard. Having an API to pass in this context will need to be added to this library.

In a similar vein, it doesn't look like liboqs support the context String yet at its API level. I see in this branch https://github.com/open-quantum-safe/liboqs/tree/bhe-fips204-final that the underlying sign.c in the ML-DSA algorithms support a context, but the higher level API and subsequent libOQS wrappers don't allow it to be passed in yet. It also looks like the regular sign() API just calls the sign_context() API and passes in NULL as the context. I imagine once that is all sorted out a context string can be passed into libOQS, then it will be possible to update this Java wrapper to support the context.

[johngray-dev]

I guess once liboqs sorts out the API in https://github.com/open-quantum-safe/liboqs/tree/bhe-fips204-final then this project can be updated.

[SWilson4]

I guess once liboqs sorts out the API in https://github.com/open-quantum-safe/liboqs/tree/bhe-fips204-final then this project can be updated.

I believe all of the language wrappers will need to be updated in order to support the new API. Any contributions in this regard would be very welcome and would speed the process up, as we will have quite a bit of work to do (not only in the wrappers but also in other integrations).

[dstebila]

open-quantum-safe/liboqs#1919 adds a new API for signing with a context string:

OQS_API OQS_STATUS OQS_SIG_sign_with_ctx_str(const OQS_SIG *sig, uint8_t *signature, 
    size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *ctx_str, 
    size_t ctx_str_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_verify_with_ctx_str(const OQS_SIG *sig, const uint8_t *message, 
    size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *ctx_str, 
    size_t ctx_str_len, const uint8_t *public_key);

Note there is also a discussion in open-quantum-safe/liboqs#2001 about whether to deprecate the old API.

[johngray-dev]

A member of our team added support for the context and we have verified it works. We can submit the change in a pull request if you like. I would have created a branch to do it, but no permission, so I think we can fork it in a repository and then submit a pull request. Thanks for adding the context in the 12rc1 branch!

[SWilson4]

A member of our team added support for the context and we have verified it works. We can submit the change in a pull request if you like. I would have created a branch to do it, but no permission, so I think we can fork it in a repository and then submit a pull request. Thanks for adding the context in the 12rc1 branch!

That would be great, thanks @johngray-dev! A PR from a fork is perfectly fine.