Skip to content

Commit

Permalink
Add TLS 1.3 groups ML-KEM-512, -768 and -1024
Browse files Browse the repository at this point in the history
Those groups are described in draft-connolly-tls-mlkem-key-agreement and
request registration of code points 0x0512, 0x0768 and 0x1024 from IANA.
  • Loading branch information
reneme committed Dec 11, 2024
1 parent 281c779 commit a4b222d
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 3 deletions.
17 changes: 17 additions & 0 deletions src/lib/tls/tls_algos.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,16 @@ std::optional<Group_Params> Group_Params::from_string(std::string_view group_nam
return Group_Params::KYBER_1024_R3_OQS;
}

if(group_name == "ML-KEM-512") {
return Group_Params::ML_KEM_512;
}
if(group_name == "ML-KEM-768") {
return Group_Params::ML_KEM_768;
}
if(group_name == "ML-KEM-1024") {
return Group_Params::ML_KEM_1024;
}

if(group_name == "eFrodoKEM-640-SHAKE") {
return Group_Params::eFRODOKEM_640_SHAKE_OQS;
}
Expand Down Expand Up @@ -311,6 +321,13 @@ std::optional<std::string> Group_Params::to_string() const {
case Group_Params::KYBER_1024_R3_OQS:
return "Kyber-1024-r3";

case Group_Params::ML_KEM_512:
return "ML-KEM-512";
case Group_Params::ML_KEM_768:
return "ML-KEM-768";
case Group_Params::ML_KEM_1024:
return "ML-KEM-1024";

case Group_Params::eFRODOKEM_640_SHAKE_OQS:
return "eFrodoKEM-640-SHAKE";
case Group_Params::eFRODOKEM_976_SHAKE_OQS:
Expand Down
16 changes: 13 additions & 3 deletions src/lib/tls/tls_algos.h
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ Auth_Method BOTAN_TEST_API auth_method_from_string(std::string_view str);

#define BOTAN_TLS_KYBER_R3_DEPRECATED \
BOTAN_DEPRECATED( \
"Kyber r3 TLS support will be removed completely in Botan 3.7.0 (early 2025) see https://github.com/randombit/botan/issues/4403")
"Kyber r3 TLS support will be removed completely in Botan 3.7.0 (early 2025) use ML-KEM and see https://github.com/randombit/botan/issues/4403")

/*
* Matches with wire encoding
Expand Down Expand Up @@ -108,6 +108,11 @@ enum class Group_Params_Code : uint16_t {
KYBER_768_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x023C,
KYBER_1024_R3_OQS BOTAN_TLS_KYBER_R3_DEPRECATED = 0x023D,

// https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/05/
ML_KEM_512 = 0x0512,
ML_KEM_768 = 0x0513,
ML_KEM_1024 = 0x0514,

eFRODOKEM_640_SHAKE_OQS = 0x0201,
eFRODOKEM_976_SHAKE_OQS = 0x0203,
eFRODOKEM_1344_SHAKE_OQS = 0x0205,
Expand Down Expand Up @@ -202,6 +207,11 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final {
m_code == Group_Params_Code::FFDHE_8192;
}

constexpr bool is_pure_ml_kem() const {
return m_code == Group_Params_Code::ML_KEM_512 || m_code == Group_Params_Code::ML_KEM_768 ||
m_code == Group_Params_Code::ML_KEM_1024;
}

BOTAN_TLS_KYBER_R3_DEPRECATED constexpr bool is_pure_kyber() const {
BOTAN_DIAGNOSTIC_PUSH
BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
Expand All @@ -227,7 +237,7 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final {
BOTAN_DIAGNOSTIC_PUSH
BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS

return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid();
return is_pure_kyber() || is_pure_ml_kem() || is_pure_frodokem() || is_pqc_hybrid();

BOTAN_DIAGNOSTIC_POP
}
Expand Down Expand Up @@ -264,7 +274,7 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final {
BOTAN_DIAGNOSTIC_PUSH
BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS

return is_pure_kyber() || is_pure_frodokem() || is_pqc_hybrid();
return is_pure_kyber() || is_pure_ml_kem() || is_pure_frodokem() || is_pqc_hybrid();

BOTAN_DIAGNOSTIC_POP
}
Expand Down
16 changes: 16 additions & 0 deletions src/lib/tls/tls_callbacks.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@
#include <botan/kyber.h>
#endif

#if defined(BOTAN_HAS_ML_KEM)
#include <botan/ml_kem.h>
#endif

#if defined(BOTAN_HAS_FRODOKEM)
#include <botan/frodokem.h>
#endif
Expand Down Expand Up @@ -228,6 +232,12 @@ std::unique_ptr<Public_Key> TLS::Callbacks::tls_deserialize_peer_public_key(
}
#endif

#if defined(BOTAN_HAS_ML_KEM)
if(group_params.is_pure_ml_kem()) {
return std::make_unique<ML_KEM_PublicKey>(key_bits, ML_KEM_Mode(group_params.to_string().value()));
}
#endif

#if defined(BOTAN_HAS_KYBER)
if(group_params.is_pure_kyber()) {
return std::make_unique<Kyber_PublicKey>(key_bits, KyberMode(group_params.to_string().value()));
Expand All @@ -244,6 +254,12 @@ std::unique_ptr<Public_Key> TLS::Callbacks::tls_deserialize_peer_public_key(
}

std::unique_ptr<Private_Key> TLS::Callbacks::tls_kem_generate_key(TLS::Group_Params group, RandomNumberGenerator& rng) {
#if defined(BOTAN_HAS_ML_KEM)
if(group.is_pure_ml_kem()) {
return std::make_unique<ML_KEM_PrivateKey>(rng, ML_KEM_Mode(group.to_string().value()));
}
#endif

#if defined(BOTAN_HAS_KYBER)
if(group.is_pure_kyber()) {
return std::make_unique<Kyber_PrivateKey>(rng, KyberMode(group.to_string().value()));
Expand Down
5 changes: 5 additions & 0 deletions src/scripts/test_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -1350,6 +1350,11 @@ def get_oqs_rootca():
TestConfig("test.openquantumsafe.org", "secp256r1/Kyber-768-r3", port=oqsp['p256_kyber768'], ca=oqs_test_ca),
TestConfig("test.openquantumsafe.org", "secp384r1/Kyber-768-r3", port=oqsp['p384_kyber768'], ca=oqs_test_ca),
TestConfig("test.openquantumsafe.org", "secp521r1/Kyber-1024-r3", port=oqsp['p521_kyber1024'], ca=oqs_test_ca),
# Currently oqs did not adopt the 0x0512, 0x0513 and 0x0514 code point defined in draft-connolly-tls-mlkem-key-agreement-05.
# TODO: enable this test once the code point is adopted by oqs
# TestConfig("test.openquantumsafe.org", "ML-KEM-512", port=oqsp['mlkem512'], ca=oqs_test_ca),
# TestConfig("test.openquantumsafe.org", "ML-KEM-768", port=oqsp['mlkem768'], ca=oqs_test_ca),
# TestConfig("test.openquantumsafe.org", "ML-KEM-1024", port=oqsp['mlkem1024'], ca=oqs_test_ca),
TestConfig("test.openquantumsafe.org", "Kyber-512-r3", port=oqsp['kyber512'], ca=oqs_test_ca),
TestConfig("test.openquantumsafe.org", "Kyber-768-r3", port=oqsp['kyber768'], ca=oqs_test_ca),
TestConfig("test.openquantumsafe.org", "Kyber-1024-r3", port=oqsp['kyber1024'], ca=oqs_test_ca),
Expand Down

0 comments on commit a4b222d

Please sign in to comment.