From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 10 Oct 2024 11:53:40 +0000 (+0200)
Subject: wip: key-exchange: Add identifiers for FrodoKEM
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bcbd242510c769afecc5641f72fc47efa5457d7;p=thirdparty%2Fstrongswan.git

wip: key-exchange: Add identifiers for FrodoKEM

wip: we have to wait for (pre-)allocation of identifiers
---

diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c
index 1abcb85dd7..f54ff76d32 100644
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@@ -56,7 +56,14 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
 	"ML_KEM_1024");
 ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, ML_KEM_1024,
 	"MODP_NULL");
-ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names, KE_FRODO_AES_L1, KE_FRODO_SHAKE_L5, MODP_NULL,
+	"FRODO_AES_L1",
+	"FRODO_AES_L3",
+	"FRODO_AES_L5",
+	"FRODO_SHAKE_L1",
+	"FRODO_SHAKE_L3",
+	"FRODO_SHAKE_L5");
+ENUM_NEXT(key_exchange_method_names, MODP_CUSTOM, MODP_CUSTOM, KE_FRODO_SHAKE_L5,
 	"MODP_CUSTOM");
 ENUM_END(key_exchange_method_names, MODP_CUSTOM);
 
@@ -94,7 +101,14 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, ML_KEM_1024, ECP_521_B
 	"mlkem1024");
 ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, ML_KEM_1024,
 	"modpnull");
-ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, MODP_NULL,
+ENUM_NEXT(key_exchange_method_names_short, KE_FRODO_AES_L1, KE_FRODO_SHAKE_L5, MODP_NULL,
+	"frodoa1",
+	"frodoa3",
+	"frodoa5",
+	"frodos1",
+	"frodos3",
+	"frodos5");
+ENUM_NEXT(key_exchange_method_names_short, MODP_CUSTOM, MODP_CUSTOM, KE_FRODO_SHAKE_L5,
 	"modpcustom");
 ENUM_END(key_exchange_method_names_short, MODP_CUSTOM);
 
@@ -625,6 +639,12 @@ bool key_exchange_is_kem(key_exchange_method_t ke)
 		case ML_KEM_512:
 		case ML_KEM_768:
 		case ML_KEM_1024:
+		case KE_FRODO_AES_L1:
+		case KE_FRODO_AES_L3:
+		case KE_FRODO_AES_L5:
+		case KE_FRODO_SHAKE_L1:
+		case KE_FRODO_SHAKE_L3:
+		case KE_FRODO_SHAKE_L5:
 			return TRUE;
 		default:
 			return FALSE;
@@ -694,6 +714,12 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 		case ML_KEM_512:
 		case ML_KEM_768:
 		case ML_KEM_1024:
+		case KE_FRODO_AES_L1:
+		case KE_FRODO_AES_L3:
+		case KE_FRODO_AES_L5:
+		case KE_FRODO_SHAKE_L1:
+		case KE_FRODO_SHAKE_L3:
+		case KE_FRODO_SHAKE_L5:
 			/* verification currently not supported, do in plugin */
 			valid = FALSE;
 			break;
diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h
index bf369c9d03..e1dc6604e4 100644
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@@ -74,11 +74,18 @@ enum key_exchange_method_t {
 	ML_KEM_768    = 36,
 	ML_KEM_1024   = 37,
 	/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
-	MODP_NULL     = 1024,
+	MODP_NULL         = 1024,
+	/** KEM algorithms recommended by BSI, in PRIVATE USE */
+	KE_FRODO_AES_L1   = 1083,
+	KE_FRODO_AES_L3   = 1084,
+	KE_FRODO_AES_L5   = 1085,
+	KE_FRODO_SHAKE_L1 = 1086,
+	KE_FRODO_SHAKE_L3 = 1087,
+	KE_FRODO_SHAKE_L5 = 1088,
 	/** MODP group with custom generator/prime */
 	/** internally used DH group with additional parameters g and p, outside
 	 * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
-	MODP_CUSTOM   = 65536,
+	MODP_CUSTOM       = 65536,
 };
 
 /**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index ff661e346c..527a5b48a6 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -181,5 +181,11 @@ gost512,          KEY_EXCHANGE_METHOD, GOST3410_512,               0
 mlkem512,         KEY_EXCHANGE_METHOD, ML_KEM_512,                 0
 mlkem768,         KEY_EXCHANGE_METHOD, ML_KEM_768,                 0
 mlkem1024,        KEY_EXCHANGE_METHOD, ML_KEM_1024,                0
+frodoa1,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L1,            0
+frodoa3,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L3,            0
+frodoa5,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L5,            0
+frodos1,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L1,          0
+frodos3,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L3,          0
+frodos5,          KEY_EXCHANGE_METHOD, KE_FRODO_SHAKE_L5,          0
 noesn,            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0
 esn,              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0