Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PQC: Add hybrid groups x25519/ML-KEM-768 and secp256r1/ML-KEM-768 #4375

Merged
merged 3 commits into from
Oct 19, 2024
Merged

PQC: Add hybrid groups x25519/ML-KEM-768 and secp256r1/ML-KEM-768 #4375

merged 3 commits into from
Oct 19, 2024

Conversation

reneme
Copy link
Collaborator

@reneme reneme commented Oct 15, 2024
edited
Loading

Pull Request Dependencies

Description

Those groups are described in draft-kwiatkowski-tls-ecdhe-mlkem and the code points are registered by IANA.

@reneme reneme added this to the Botan 3.6.0 milestone Oct 15, 2024
@reneme reneme requested a review from randombit October 15, 2024 15:55
@reneme reneme self-assigned this Oct 15, 2024
@coveralls
Copy link

coveralls commented Oct 15, 2024
edited
Loading

Coverage Status

coverage: 91.133% (-0.007%) from 91.14%
when pulling 59abd7a on Rohde-Schwarz:tls/ml_kem_hybrids
into 3a62c9a on randombit:master.

@reneme reneme mentioned this pull request Oct 15, 2024
Open
randombit
randombit approved these changes Oct 15, 2024
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@reneme
Copy link
Collaborator Author

reneme commented Oct 16, 2024

Thanks for the reviews. I'm holding back on merging that because I'd like to update bogo (which I believe has test cases for those groups already).

@reneme reneme mentioned this pull request Oct 17, 2024
Merged
@reneme
Copy link
Collaborator Author

reneme commented Oct 17, 2024

Enabling relevant BoGo tests revealed something that we might want to have a look at here (or independently):

  FAILED (CurveTest-Invalid-MLKEMEncapKeyNotReduced-Server-MLKEM-TLS13)
  bad error (wanted ":BAD_ECPOINT:" / "remote error: illegal parameter"): local error "EOF", child error "signal: aborted (core dumped)", stdout:
  
  stderr:
  False assertion mapped_coeff <= range in unpack @/home/runner/work/botan/botan/build/build/include/internal/botan/internal/pqcrystals_encoding.h:206

@reneme reneme mentioned this pull request Oct 17, 2024
Merged
@reneme
Add TLS 1.3 groups x25519/ML-KEM-768 and secp256r1/ML-KEM-768
ab5790b 
Those groups are described in draft-kwiatkowski-tls-ecdhe-mlkem and
the code points are officially provided by IANA. Therefore they
can be seen as 'fit for production use'.
@reneme
enable BoGo tests for X25519/ML-KEM hybrid
25134d3
@reneme
Update example to prefer ML-KEM over Kyber-R3
59abd7a
reneme
reneme commented Oct 17, 2024
View reviewed changes
src/bogo_shim/bogo_shim.cpp
Comment on lines 1008 to 1014
// TODO: once `TLS::Policy::key_exchange_groups()` contains it by
// default, remove this explicit check.
if(group == Botan::TLS::Group_Params::HYBRID_X25519_KYBER_768_R3_OQS) {
//
// See: https://github.com/randombit/botan/pull/4305
if(group == Botan::TLS::Group_Params::HYBRID_X25519_ML_KEM_768) {
groups.push_back(group);
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also: #4305 (comment)

@reneme
Copy link
Collaborator Author

reneme commented Oct 17, 2024

Should be ready for merge now.

@reneme reneme requested a review from randombit October 18, 2024 14:37
@reneme reneme merged commit 6babd82 into randombit:master Oct 19, 2024
38 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FAlbertDev FAlbertDev FAlbertDev approved these changes

@randombit randombit randombit approved these changes

Assignees

@reneme reneme

Labels
None yet
Projects
None yet
Milestone
Botan 3.6.0
Development

Successfully merging this pull request may close these issues.
4 participants
@reneme @coveralls @randombit @FAlbertDev