wip: key-exchange: Add identifiers for FrodoKEM

author Tobias Brunner <tobias@strongswan.org>

Thu, 10 Oct 2024 11:53:40 +0000 (13:53 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 23 May 2025 09:10:40 +0000 (11:10 +0200)
author Tobias Brunner <tobias@strongswan.org>
Thu, 10 Oct 2024 11:53:40 +0000 (13:53 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 23 May 2025 09:10:40 +0000 (11:10 +0200)
diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c

index 1abcb85dd7c6b00462e5e0d5b596a0974c5bf42d..f54ff76d320a4e69c46064483ee5dfe45d769a17 100644 (file)
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@@ -56,7 +56,14 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
         "ML_KEM_1024");
  ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, ML_KEM_1024,
         "MODP_NULL");
-ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names, KE_FRODO_AES_L1, KE_FRODO_SHAKE_L5, MODP_NULL,
+       "FRODO_AES_L1",
+       "FRODO_AES_L3",
+       "FRODO_AES_L5",
+       "FRODO_SHAKE_L1",
+       "FRODO_SHAKE_L3",
+       "FRODO_SHAKE_L5");
+ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, KE_FRODO_SHAKE_L5,
         "MODP_CUSTOM");
  ENUM_END(key_exchange_method_names, MODP_CUSTOM);
  
@@ -94,7 +101,14 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, ML_KEM_1024, ECP_521_B
         "mlkem1024");
  ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, ML_KEM_1024,
         "modpnull");
-ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names_short, KE_FRODO_AES_L1, KE_FRODO_SHAKE_L5, MODP_NULL,
+       "frodoa1",
+       "frodoa3",
+       "frodoa5",
+       "frodos1",
+       "frodos3",
+       "frodos5");
+ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, KE_FRODO_SHAKE_L5,
         "modpcustom");
  ENUM_END(key_exchange_method_names_short, MODP_CUSTOM);
  
@@ -625,6 +639,12 @@ bool key_exchange_is_kem(key_exchange_method_t ke)
                 case ML_KEM_512:
                 case ML_KEM_768:
                 case ML_KEM_1024:
+               case KE_FRODO_AES_L1:
+               case KE_FRODO_AES_L3:
+               case KE_FRODO_AES_L5:
+               case KE_FRODO_SHAKE_L1:
+               case KE_FRODO_SHAKE_L3:
+               case KE_FRODO_SHAKE_L5:
                         return TRUE;
                 default:
                         return FALSE;
@@ -694,6 +714,12 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
                 case ML_KEM_512:
                 case ML_KEM_768:
                 case ML_KEM_1024:
+               case KE_FRODO_AES_L1:
+               case KE_FRODO_AES_L3:
+               case KE_FRODO_AES_L5:
+               case KE_FRODO_SHAKE_L1:
+               case KE_FRODO_SHAKE_L3:
+               case KE_FRODO_SHAKE_L5:
                         /* verification currently not supported, do in plugin */
                         valid = FALSE;
                         break;
diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h

index bf369c9d03b558f3dbace1ded219969f0b2e8e04..e1dc6604e46f47f29eb41f0b3a74192fd3376eaf 100644 (file)
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@@ -74,11 +74,18 @@ enum key_exchange_method_t {
         ML_KEM_768    = 36,
         ML_KEM_1024   = 37,
         /** insecure NULL diffie hellman group for testing, in PRIVATE USE */
-       MODP_NULL     = 1024,
+       MODP_NULL         = 1024,
+       /** KEM algorithms recommended by BSI, in PRIVATE USE */
+       KE_FRODO_AES_L1   = 1083,
+       KE_FRODO_AES_L3   = 1084,
+       KE_FRODO_AES_L5   = 1085,
+       KE_FRODO_SHAKE_L1 = 1086,
+       KE_FRODO_SHAKE_L3 = 1087,
+       KE_FRODO_SHAKE_L5 = 1088,
         /** MODP group with custom generator/prime */
         /** internally used DH group with additional parameters g and p, outside
          * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
-       MODP_CUSTOM   = 65536,
+       MODP_CUSTOM       = 65536,
  };
  
  /**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt

index ff661e346ca43fa59b801cf545b4441a39416f9b..527a5b48a62d8a4e3640d76b54b7d37f6a77e09a 100644 (file)
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -181,5 +181,11 @@ gost512,          KEY_EXCHANGE_METHOD, GOST3410_512,               0
  mlkem512,         KEY_EXCHANGE_METHOD, ML_KEM_512,                 0
  mlkem768,         KEY_EXCHANGE_METHOD, ML_KEM_768,                 0
  mlkem1024,        KEY_EXCHANGE_METHOD, ML_KEM_1024,                0
+frodoa1,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L1,            0
+frodoa3,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L3,            0
+frodoa5,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L5,            0
+frodos1,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L1,          0
+frodos3,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L3,          0
+frodos5,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L5,          0
  noesn,            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0
  esn,              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0
author	Tobias Brunner <tobias@strongswan.org>
	Thu, 10 Oct 2024 11:53:40 +0000 (13:53 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 23 May 2025 09:10:40 +0000 (11:10 +0200)
src/libstrongswan/crypto/key_exchange.c		patch \| blob \| blame \| history
src/libstrongswan/crypto/key_exchange.h		patch \| blob \| blame \| history
src/libstrongswan/crypto/proposal/proposal_keywords_static.txt		patch \| blob \| blame \| history