From bb536142e52d7d22ee8daf4df596892d30882fd4 Mon Sep 17 00:00:00 2001 From: Amos Treiber Date: Mon, 9 Oct 2023 14:06:01 +0200 Subject: [PATCH] Add Frodo to TLS (WIP) --- src/lib/tls/tls_algos.cpp | 7 +++++++ src/lib/tls/tls_algos.h | 6 +++++- src/lib/tls/tls_callbacks.cpp | 10 ++++++++++ src/scripts/test_cli.py | 1 + 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index 41958402c0a..082f7b3ca8e 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -183,6 +183,10 @@ std::optional Group_Params::from_string(std::string_view group_nam return Group_Params::KYBER_1024_R3_OQS; } + if(group_name == "eFrodoKEM-640-SHAKE") { + return Group_Params::FRODOKEM_640; + } + if(group_name == "x25519/Kyber-512-r3/cloudflare") { return Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE; } @@ -245,6 +249,9 @@ std::optional Group_Params::to_string() const { case Group_Params::KYBER_1024_R3_OQS: return "Kyber-1024-r3"; + case Group_Params::FRODOKEM_640: + return "eFrodoKEM-640-SHAKE"; + case Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE: return "x25519/Kyber-512-r3/cloudflare"; diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index e3f84533817..22451334051 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -103,6 +103,8 @@ enum class Group_Params_Code : uint16_t { KYBER_768_R3_OQS = 0x023C, KYBER_1024_R3_OQS = 0x023D, + FRODOKEM_640 = 0x020, + // Cloudflare code points for hybrid PQC // https://blog.cloudflare.com/post-quantum-for-all/ HYBRID_X25519_KYBER_512_R3_CLOUDFLARE = 0xFE30, @@ -165,9 +167,11 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final { m_code == Group_Params_Code::KYBER_1024_R3_OQS; } + constexpr bool is_pure_frodokem() const { return m_code == Group_Params_Code::FRODOKEM_640; } + constexpr bool is_pure_ecc_group() const { return is_x25519() || is_ecdh_named_curve(); } - constexpr bool is_post_quantum() const { return is_pure_kyber() || is_pqc_hybrid(); } + constexpr bool is_post_quantum() const { return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid(); } constexpr bool is_pqc_hybrid() const { return m_code == Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE || diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index faf0e82fb1a..ae384427d36 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -30,6 +30,10 @@ #include #endif +#if defined(BOTAN_HAS_FRODOKEM) + #include +#endif + #if defined(BOTAN_HAS_TLS_13_PQC) #include #endif @@ -147,6 +151,12 @@ std::unique_ptr TLS::Callbacks::tls_kem_generate_key(TLS::Group_Par } #endif +#if defined(BOTAN_HAS_FRODOKEM) + if(group.is_pure_frodokem()) { + return std::make_unique(rng, FrodoKEMMode(group.to_string().value())); + } +#endif + #if defined(BOTAN_HAS_TLS_13_PQC) if(group.is_pqc_hybrid()) { return Hybrid_KEM_PrivateKey::generate_from_group(group, rng); diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 7da461850aa..4bc9bd7bbd4 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -1154,6 +1154,7 @@ def get_oqs_ports(): TestConfig("test.openquantumsafe.org", "Kyber-512-r3", port=oqsp['kyber512'], ca=oqs_test_ca), TestConfig("test.openquantumsafe.org", "Kyber-768-r3", port=oqsp['kyber768'], ca=oqs_test_ca), TestConfig("test.openquantumsafe.org", "Kyber-1024-r3", port=oqsp['kyber1024'], ca=oqs_test_ca), + TestConfig("test.openquantumsafe.org", "eFrodoKEM-640-SHAKE", port=oqsp['frodo640shake'], ca=oqs_test_ca), ] else: logging.info("failed to pull OQS port assignment, skipping OQS...")