Add Frodo to TLS (WIP)

randombit · Oct 9, 2023 · bb53614 · bb53614
1 parent 3a043ff
commit bb53614
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 1 deletion.
diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp
@@ -183,6 +183,10 @@ std::optional<Group_Params> Group_Params::from_string(std::string_view group_nam
       return Group_Params::KYBER_1024_R3_OQS;
    }
 
+   if(group_name == "eFrodoKEM-640-SHAKE") {
+      return Group_Params::FRODOKEM_640;
+   }
+
    if(group_name == "x25519/Kyber-512-r3/cloudflare") {
       return Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE;
    }
@@ -245,6 +249,9 @@ std::optional<std::string> Group_Params::to_string() const {
       case Group_Params::KYBER_1024_R3_OQS:
          return "Kyber-1024-r3";
 
+      case Group_Params::FRODOKEM_640:
+         return "eFrodoKEM-640-SHAKE";
+
       case Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE:
          return "x25519/Kyber-512-r3/cloudflare";
 

diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h
@@ -103,6 +103,8 @@ enum class Group_Params_Code : uint16_t {
    KYBER_768_R3_OQS = 0x023C,
    KYBER_1024_R3_OQS = 0x023D,
 
+   FRODOKEM_640 = 0x020,
+
    // Cloudflare code points for hybrid PQC
    // https://blog.cloudflare.com/post-quantum-for-all/
    HYBRID_X25519_KYBER_512_R3_CLOUDFLARE = 0xFE30,
@@ -165,9 +167,11 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final {
                 m_code == Group_Params_Code::KYBER_1024_R3_OQS;
       }
 
+      constexpr bool is_pure_frodokem() const { return m_code == Group_Params_Code::FRODOKEM_640; }
+
       constexpr bool is_pure_ecc_group() const { return is_x25519() || is_ecdh_named_curve(); }
 
-      constexpr bool is_post_quantum() const { return is_pure_kyber() || is_pqc_hybrid(); }
+      constexpr bool is_post_quantum() const { return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid(); }
 
       constexpr bool is_pqc_hybrid() const {
          return m_code == Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE ||

diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp
@@ -30,6 +30,10 @@
    #include <botan/kyber.h>
 #endif
 
+#if defined(BOTAN_HAS_FRODOKEM)
+   #include <botan/frodokem.h>
+#endif
+
 #if defined(BOTAN_HAS_TLS_13_PQC)
    #include <botan/internal/hybrid_public_key.h>
 #endif
@@ -147,6 +151,12 @@ std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Par
    }
 #endif
 
+#if defined(BOTAN_HAS_FRODOKEM)
+   if(group.is_pure_frodokem()) {
+      return std::make_unique<FrodoKEM_PrivateKey>(rng, FrodoKEMMode(group.to_string().value()));
+   }
+#endif
+
 #if defined(BOTAN_HAS_TLS_13_PQC)
    if(group.is_pqc_hybrid()) {
       return Hybrid_KEM_PrivateKey::generate_from_group(group, rng);

diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
@@ -1154,6 +1154,7 @@ def get_oqs_ports():
             TestConfig("test.openquantumsafe.org", "Kyber-512-r3", port=oqsp['kyber512'], ca=oqs_test_ca),
             TestConfig("test.openquantumsafe.org", "Kyber-768-r3", port=oqsp['kyber768'], ca=oqs_test_ca),
             TestConfig("test.openquantumsafe.org", "Kyber-1024-r3", port=oqsp['kyber1024'], ca=oqs_test_ca),
+            TestConfig("test.openquantumsafe.org", "eFrodoKEM-640-SHAKE", port=oqsp['frodo640shake'], ca=oqs_test_ca),
         ]
     else:
         logging.info("failed to pull OQS port assignment, skipping OQS...")