diff --git a/src/lib/pubkey/frodokem/frodo_constants.cpp b/src/lib/pubkey/frodokem/frodo_constants.cpp index b98277bc355..ad810077d35 100644 --- a/src/lib/pubkey/frodokem/frodo_constants.cpp +++ b/src/lib/pubkey/frodokem/frodo_constants.cpp @@ -17,6 +17,10 @@ namespace Botan { FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode) { +#if !defined(BOTAN_HAS_AES) + BOTAN_ARG_CHECK(!mode.is_aes(), "cannot instantiate AES-based FrodoKEM: This build does not support AES"); +#endif + //Common for all parameter sets: m_n_bar = 8; m_len_a = 128; diff --git a/src/lib/pubkey/frodokem/frodo_matrix.cpp b/src/lib/pubkey/frodokem/frodo_matrix.cpp index dee9b21283b..02c7233cdb0 100644 --- a/src/lib/pubkey/frodokem/frodo_matrix.cpp +++ b/src/lib/pubkey/frodokem/frodo_matrix.cpp @@ -11,11 +11,12 @@ */ #include -#include #include #include #include -#include +#if defined(BOTAN_HAS_AES) + #include +#endif #include #include #include @@ -41,10 +42,9 @@ std::vector make_elements_vector(const FrodoMatrix::Dimensions& dimens return std::vector(static_cast(std::get<0>(dimensions)) * std::get<1>(dimensions)); } -// TODO: Probably we want to split AES-support into an extra botan module -// For that, this function will need to be refactored. std::function out, uint16_t i)> make_row_generator(const FrodoKEMConstants& constants, StrongSpan seed_a) { +#if defined(BOTAN_HAS_AES) if(constants.mode().is_aes()) { // precondition the block cipher for "seed a" to avoid // regenerating the AES' key schedule for each matrix row @@ -69,7 +69,10 @@ std::function out, uint16_t i)> make_row_generator(const aes.encrypt(out_coefs); } }; - } else if(constants.mode().is_shake()) { + } +#endif + + if(constants.mode().is_shake()) { SHAKE_128_XOF xof; return [xof, a = FrodoSeedA(seed_a)](std::span out, uint16_t i) mutable { xof.clear(); @@ -83,6 +86,8 @@ std::function out, uint16_t i)> make_row_generator(const }; } + // If we don't have AES in this build, the instantiation of the FrodoKEM instance + // is blocked upstream already. Hence, assert is save here. BOTAN_ASSERT_UNREACHABLE(); } diff --git a/src/lib/pubkey/frodokem/info.txt b/src/lib/pubkey/frodokem/info.txt index e6aedb64e40..648413f2e77 100644 --- a/src/lib/pubkey/frodokem/info.txt +++ b/src/lib/pubkey/frodokem/info.txt @@ -7,9 +7,7 @@ name -> "FrodoKEM" -aes shake_xof -sha3 diff --git a/src/tests/test_frodokem.cpp b/src/tests/test_frodokem.cpp index d9c0feaee18..cb88b03ba6f 100644 --- a/src/tests/test_frodokem.cpp +++ b/src/tests/test_frodokem.cpp @@ -68,6 +68,7 @@ decltype(auto) sha3(std::span data) { return Botan::HashFunction::create_or_throw("SHA-3(256)")->process>(data); } + #if defined(BOTAN_HAS_AES) class Frodo_KAT_Tests final : public Text_Based_Test { public: Frodo_KAT_Tests() : Text_Based_Test("pubkey/frodokem_kat.vec", "seed,ss,pk,sk,ct") {} @@ -112,22 +113,21 @@ class Frodo_KAT_Tests final : public Text_Based_Test { return result; } }; + #endif std::vector test_frodo_roundtrips() { auto& rng = Test::rng(); - auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE, - Botan::FrodoKEMMode::eFrodoKEM976_SHAKE, - Botan::FrodoKEMMode::eFrodoKEM640_SHAKE, - Botan::FrodoKEMMode::eFrodoKEM1344_AES, - Botan::FrodoKEMMode::eFrodoKEM976_AES, - Botan::FrodoKEMMode::eFrodoKEM640_AES, - Botan::FrodoKEMMode::FrodoKEM1344_SHAKE, - Botan::FrodoKEMMode::FrodoKEM976_SHAKE, - Botan::FrodoKEMMode::FrodoKEM640_SHAKE, - Botan::FrodoKEMMode::FrodoKEM1344_AES, - Botan::FrodoKEMMode::FrodoKEM976_AES, - Botan::FrodoKEMMode::FrodoKEM640_AES}; + auto modes = std::vector { + Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE, Botan::FrodoKEMMode::eFrodoKEM976_SHAKE, + Botan::FrodoKEMMode::eFrodoKEM640_SHAKE, Botan::FrodoKEMMode::FrodoKEM1344_SHAKE, + Botan::FrodoKEMMode::FrodoKEM976_SHAKE, Botan::FrodoKEMMode::FrodoKEM640_SHAKE, + #if defined(BOTAN_HAS_AES) + Botan::FrodoKEMMode::eFrodoKEM1344_AES, Botan::FrodoKEMMode::eFrodoKEM976_AES, + Botan::FrodoKEMMode::eFrodoKEM640_AES, Botan::FrodoKEMMode::FrodoKEM1344_AES, + Botan::FrodoKEMMode::FrodoKEM976_AES, Botan::FrodoKEMMode::FrodoKEM640_AES + #endif + }; auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts, std::span encaps_value, @@ -195,14 +195,10 @@ class Frodo_Keygen_Tests final : public PK_Key_Generation_Test { public: std::vector keygen_params() const override { return { - "FrodoKEM-640-SHAKE", - "FrodoKEM-976-SHAKE", - "eFrodoKEM-640-SHAKE", - "eFrodoKEM-976-SHAKE", - "FrodoKEM-640-AES", - "FrodoKEM-976-AES", - "eFrodoKEM-640-AES", - "eFrodoKEM-976-AES", + "FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE", + #if defined(BOTAN_HAS_AES) + "FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES", + #endif }; } @@ -211,7 +207,10 @@ class Frodo_Keygen_Tests final : public PK_Key_Generation_Test { } // namespace + #if defined(BOTAN_HAS_AES) BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests); + #endif + BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips); BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);