Support for PQC Added with OQS

[AdityaMitra5102]

PQC Support Added with OQS. Followed draft at https://datatracker.ietf.org/doc/draft-ietf-cose-dilithium/ for COSE parameters and my draft https://datatracker.ietf.org/doc/draft-vitap-ml-dsa-webauthn/ for implementation. Tested with real responses with my under-development PQC Supported Key. The same has been added to examples as well.

Note that OQS needs to be installed. If all dependencies are there, the oqs python library automatically tries to compile OQS. If OQS is not present, it falls back to legacy,

[CLAassistant]

All committers have signed the CLA.

[MasterKale]

Hello @AdityaMitra5102 I apologize for the delayed review. This PR looks pretty good to me, I just had a few suggestions.

I also need to request the addition of some unit tests. It looks like you already have sample PQC responses as per the additions to the examples, but I wonder if those couldn't also become new tests added to the relevant files in tests/.

Based on how you try to detect the presence of oqs, does that mean liboqs-python can be considered an optional dependency of this project? I think it'd be great if, for now, py_webauthn users could continue to use the project with a simple pip install webauthn, then let them later opt into PQC use with pip install liboqs-python and then py_webauthn immediately starts using it.

[MasterKale]

This should raise something new in webauthn.helpers.exceptions instead of a generic exception.

[AdityaMitra5102]

Hi,
Thanks a lot for the review. And yes, oqs is an optional dependency. Users can just install py_webauthn and use it without oqs. Later when they install liboqs-python, this package will automatically detect it and use it (unless there is some version mismatch with the C bindings, in which case OQS will warn and this package will fall back to not using OQS.)

I have accepted the code changes and have added the unit tests. I have also confirmed that all unit tests are running, both with and without OQS being installed.

[MasterKale]

Hello @AdityaMitra5102 apologies for the suddenness of this but I've superseded this PR with #260 that uses Dilithium-py instead.

[AdityaMitra5102]

A yes. Even I thought of using Dilithium-py at the beginning but the way the author warned about the possibilities of side channel attack, that stopped me. Tbh in my own resource constrained environments, including in stuff like circuit-python where normal libraries dont run, and even dilithium-py failed because the circuit python hashlib didnt support shake3, I ported a custom version of dilithium-py. I replaced the aes from cryptography with pyaes and hashlib for sha3 and shake with py-keccak. You might want to check it out.

It has no dependencies except numpy (which can be replaced with ulab-numpy for resource constrained devices.)

https://github.com/AdityaMitra5102/ML-DSA-PurePy