Skip to content

Add Key Security Strength Check Logic#56

Open
Guiliano99 wants to merge 21 commits intosiemens:mainfrom
Guiliano99:AddKeySecStrengthCheck
Open

Add Key Security Strength Check Logic#56
Guiliano99 wants to merge 21 commits intosiemens:mainfrom
Guiliano99:AddKeySecStrengthCheck

Conversation

@Guiliano99
Copy link
Contributor

@Guiliano99 Guiliano99 commented Feb 6, 2026
edited
Loading

Add functionality for estimating the security strength (in bits) of various cryptographic key types, including post-quantum, traditional, and hybrid keys. Other small fixes.

Description

  • Added security_utils.py for the checks, but only exposes one function inside the keyutils.
  • Introduced the Get Key Security Strength Robot Framework keyword in resources/keyutils.py, which uses the new utility to return the estimated security strength for a given key.
  • Add not_keyword decorator to compute_hss_signature_index function.
  • Added nist_level properties to several PQ key classes (PQSignaturePublicKey, PQSignaturePrivateKey, MLDSAPublicKey, SLHDSAPublicKey) to expose claimed or derived NIST security levels. [
  • Added key_bit_security properties to stateful hash signature key classes (PQHashStatefulSigPublicKey, PQHashStatefulSigPrivateKey, XMSSPublicKey, XMSSMTPublicKey, HSSPublicKey) to provide estimated security strength in bits, based on algorithm parameters.
  • Added type annotations for algorithm OID mappings in resources/oidutils.py.
  • Updated OID name mappings to include additional hash algorithms.

Motivation and Context

  • Better Policy check tests for hybrid certificates and RFC 9883.

How Has This Been Tested?

unit tests

Verified with

NIST guidelines: NIST SP 800-57 Part 1 Rev. 5, NIST SP 800-227 (KEMs Recommendations)

@Guiliano99 Guiliano99 requested a review from ralienpp as a code owner February 6, 2026 07:58
@Guiliano99 Guiliano99 marked this pull request as draft February 9, 2026 17:53
@Guiliano99
Update ALL_KNOWN_OIDS_2_NAME to update with OID_HASH_MAP.
d963607
@Guiliano99
Add security_utils with NIST level to strength mapping
220fd94
@Guiliano99
Add HASH_ALG_TO_STRENGTH mapping in security_utils
6ab92fe
@Guiliano99
Add _rsa_security_strength function to map RSA key sizes to security …
921b8ae 
…strength levels
@Guiliano99
Add _ecc_security_strength function to map ECC key sizes to security …
5744345 
…strength levels
@Guiliano99
Add _get_pq_stfl_nist_security_strength and _nist_level_strength util…
79e911a 
…ity functions for PQ keys
@Guiliano99
Implement estimate_key_security_strength to calculate security stre…
222b183 
…ngth for various key types
@Guiliano99
Reorder asymmetric imports in security_utils.py for consistency.
deed3c0
@Guiliano99
Expose get_key_security_strength keyword to estimate key security s…
c30e07a 
…trength via `security_utils`.
@Guiliano99
Add unit tests for get_key_security_strength with various key types…
bc87132 
… and sizes.
@Guiliano99
Add type annotations to KM_KD_ALG and KDF_OID_2_NAME for stricter…
c89a0fe 
… type checking in `oidutils.py`.
@Guiliano99
Fix invalid doc for the PQ keys nist_level attribute.
70344b2
@Guiliano99
Add nist_level method to ML-DSA and SLH-DSA classes for better doc de…
6803a7f 
…scription.
@Guiliano99
Run ruff format.
0f8acd6
@Guiliano99 Guiliano99 force-pushed the AddKeySecStrengthCheck branch from 2840450 to 0f8acd6 Compare February 10, 2026 12:34
@Guiliano99 Guiliano99 force-pushed the AddKeySecStrengthCheck branch from aab976b to 2780266 Compare February 10, 2026 12:50
@Guiliano99 Guiliano99 marked this pull request as ready for review February 10, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ralienpp ralienpp Awaiting requested review from ralienpp ralienpp is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Guiliano99