oqs: Updated ML-KEM algorithms to liboqs-0.10.0

The liboqs-0.10.0 library implements the NIST FIPS 203 ML-KEM
draft standard. strongSwan now uses the mlkem512 (ML_KEM_512),
mlkem768 (ML_KEM_768) and mlkem1024 (ML_KEM_1024) KE identifiers
but is still assigning private KE codepoints.

src/libstrongswan/crypto/key_exchange.c

@@ -51,10 +51,10 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
 	"CURVE_448");
 ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
 	"MODP_NULL");
-ENUM_NEXT(key_exchange_method_names, KE_KYBER_L1, KE_HQC_L5, MODP_NULL,
-	"KYBER_L1",
-	"KYBER_L3",
-	"KYBER_L5",
+ENUM_NEXT(key_exchange_method_names, ML_KEM_512, KE_HQC_L5, MODP_NULL,
+	"ML_KEM_512",
+	"ML_KEM_768",
+	"ML_KEM_1024",
 	"FRODO_AES_L1",
 	"FRODO_AES_L3",
 	"FRODO_AES_L5",
@@ -100,10 +100,10 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT
 	"curve448");
 ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
 	"modpnull");
-ENUM_NEXT(key_exchange_method_names_short, KE_KYBER_L1, KE_HQC_L5, MODP_NULL,
-	"kyber1",
-	"kyber3",
-	"kyber5",
+ENUM_NEXT(key_exchange_method_names_short, ML_KEM_512, KE_HQC_L5, MODP_NULL,
+	"mlkem512",
+	"mlkem768",
+	"mlkem1024",
 	"frodoa1",
 	"frodoa3",
 	"frodoa5",
@@ -642,9 +642,9 @@ bool key_exchange_is_kem(key_exchange_method_t ke)
 {
 	switch (ke)
 	{
-		case KE_KYBER_L1:
-		case KE_KYBER_L3:
-		case KE_KYBER_L5:
+		case ML_KEM_512:
+		case ML_KEM_768:
+		case ML_KEM_1024:
 		case KE_FRODO_AES_L1:
 		case KE_FRODO_AES_L3:
 		case KE_FRODO_AES_L5:
@@ -717,9 +717,9 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 		case CURVE_448:
 			valid = value.len == 56;
 			break;
-		case KE_KYBER_L1:
-		case KE_KYBER_L3:
-		case KE_KYBER_L5:
+		case ML_KEM_512:
+		case ML_KEM_768:
+		case ML_KEM_1024:
 		case KE_FRODO_AES_L1:
 		case KE_FRODO_AES_L3:
 		case KE_FRODO_AES_L5:

src/libstrongswan/crypto/key_exchange.h

@@ -67,11 +67,11 @@ enum key_exchange_method_t {
 	CURVE_25519   = 31,
 	CURVE_448     = 32,
 	/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
-	MODP_NULL          = 1024,
-	/** NIST selected KEM algorithms 2022, in PRIVATE USE */
-	KE_KYBER_L1        = 1080,
-	KE_KYBER_L3        = 1081,
-	KE_KYBER_L5        = 1082,
+	MODP_NULL     = 1024,
+	/** NIST selected KEM algorithms 2022, currently still in PRIVATE USE */
+	ML_KEM_512    = 1080,
+	ML_KEM_768    = 1081,
+	ML_KEM_1024   = 1082,
 	/** KEM algorithms recommended by BSI, in PRIVATE USE */
 	KE_FRODO_AES_L1    = 1083,
 	KE_FRODO_AES_L3    = 1084,

src/libstrongswan/crypto/proposal/proposal_keywords_static.txt

@@ -176,9 +176,9 @@ curve25519,       KEY_EXCHANGE_METHOD, CURVE_25519,                0
 x25519,           KEY_EXCHANGE_METHOD, CURVE_25519,                0
 curve448,         KEY_EXCHANGE_METHOD, CURVE_448,                  0
 x448,             KEY_EXCHANGE_METHOD, CURVE_448,                  0
-kyber1,           KEY_EXCHANGE_METHOD, KE_KYBER_L1,                0
-kyber3,           KEY_EXCHANGE_METHOD, KE_KYBER_L3,                0
-kyber5,           KEY_EXCHANGE_METHOD, KE_KYBER_L5,                0
+mlkem512,         KEY_EXCHANGE_METHOD, ML_KEM_512,                 0
+mlkem768,         KEY_EXCHANGE_METHOD, ML_KEM_768,                 0
+mlkem1024,        KEY_EXCHANGE_METHOD, ML_KEM_1024,                0
 frodoa1,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L1,            0
 frodoa3,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L3,            0
 frodoa5,          KEY_EXCHANGE_METHOD, KE_FRODO_AES_L5,            0

src/libstrongswan/plugins/oqs/oqs_kem.c

@@ -232,14 +232,14 @@ oqs_kem_t *oqs_kem_create(key_exchange_method_t method)
 
 	switch (method)
 	{
-		case KE_KYBER_L1:
-			kem_alg = OQS_KEM_alg_kyber_512;
+		case ML_KEM_512:
+			kem_alg = OQS_KEM_alg_ml_kem_512;
 			break;
-		case KE_KYBER_L3:
-			kem_alg = OQS_KEM_alg_kyber_768;
+		case ML_KEM_768:
+			kem_alg = OQS_KEM_alg_ml_kem_768;
 			break;
-		case KE_KYBER_L5:
-			kem_alg = OQS_KEM_alg_kyber_1024;
+		case ML_KEM_1024:
+			kem_alg = OQS_KEM_alg_ml_kem_1024;
 			break;
 		case KE_BIKE_L1:
 			kem_alg = OQS_KEM_alg_bike_l1;

src/libstrongswan/plugins/oqs/oqs_plugin.c

@@ -48,9 +48,9 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		/* KEM-based key exchange methods */
 		PLUGIN_REGISTER(KE, oqs_kem_create),
-			PLUGIN_PROVIDE(KE, KE_KYBER_L1),
-			PLUGIN_PROVIDE(KE, KE_KYBER_L3),
-			PLUGIN_PROVIDE(KE, KE_KYBER_L5),
+			PLUGIN_PROVIDE(KE, ML_KEM_512),
+			PLUGIN_PROVIDE(KE, ML_KEM_768),
+			PLUGIN_PROVIDE(KE, ML_KEM_1024),
 			PLUGIN_PROVIDE(KE, KE_FRODO_AES_L1),
 			PLUGIN_PROVIDE(KE, KE_FRODO_AES_L3),
 			PLUGIN_PROVIDE(KE, KE_FRODO_AES_L5),

src/libstrongswan/plugins/oqs/tests/suites/test_oqs.c

@@ -118,7 +118,7 @@ START_TEST(test_oqs_wrong)
 	}
 
 	/* test non-kem method */
-	if (method == KE_KYBER_L1)
+	if (method == ML_KEM_512)
 	{
 		ck_assert(!oqs_kem_create(CURVE_25519));
 	}
@@ -254,19 +254,19 @@ Suite *oqs_suite_create()
 
 	tc = tcase_create("good");
 	test_case_set_timeout(tc, 30);
-	tcase_add_loop_test(tc, test_oqs_good, KE_KYBER_L1, KE_HQC_L5 + 1);
+	tcase_add_loop_test(tc, test_oqs_good, ML_KEM_512, KE_HQC_L5 + 1);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("wrong");
-	tcase_add_loop_test(tc, test_oqs_wrong, KE_KYBER_L1, KE_HQC_L5 + 1);
+	tcase_add_loop_test(tc, test_oqs_wrong, ML_KEM_512, KE_HQC_L5 + 1);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("fail_i");
-	tcase_add_loop_test(tc, test_oqs_fail_i, KE_KYBER_L1, KE_HQC_L5 + 1);
+	tcase_add_loop_test(tc, test_oqs_fail_i, ML_KEM_512, KE_HQC_L5 + 1);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("fail_r");
-	tcase_add_loop_test(tc, test_oqs_fail_r, KE_KYBER_L1, KE_HQC_L5 + 1);
+	tcase_add_loop_test(tc, test_oqs_fail_r, ML_KEM_512, KE_HQC_L5 + 1);
 	suite_add_tcase(s, tc);
 
 	return s;

src/libstrongswan/plugins/test_vectors/Makefile.am

@@ -54,7 +54,7 @@ libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors/ecpbp.c \
 	test_vectors/curve25519.c \
 	test_vectors/curve448.c \
-	test_vectors/ke_kyber.c \
+	test_vectors/ml_kem.c \
 	test_vectors/ke_frodo.c \
 	test_vectors/ke_bike.c \
 	test_vectors/ke_hqc.c \

src/libstrongswan/plugins/test_vectors/test_vectors.h

@@ -375,18 +375,18 @@ TEST_VECTOR_KE(ecp512bp)
 TEST_VECTOR_KE(curve25519_1)
 TEST_VECTOR_KE(curve25519_2)
 TEST_VECTOR_KE(curve448_1)
-TEST_VECTOR_KE(ke_kyber_l1_0)
-TEST_VECTOR_KE(ke_kyber_l1_1)
-TEST_VECTOR_KE(ke_kyber_l1_2)
-TEST_VECTOR_KE(ke_kyber_l1_3)
-TEST_VECTOR_KE(ke_kyber_l3_0)
-TEST_VECTOR_KE(ke_kyber_l3_1)
-TEST_VECTOR_KE(ke_kyber_l3_2)
-TEST_VECTOR_KE(ke_kyber_l3_3)
-TEST_VECTOR_KE(ke_kyber_l5_0)
-TEST_VECTOR_KE(ke_kyber_l5_1)
-TEST_VECTOR_KE(ke_kyber_l5_2)
-TEST_VECTOR_KE(ke_kyber_l5_3)
+TEST_VECTOR_KE(mlkem512_0)
+TEST_VECTOR_KE(mlkem512_1)
+TEST_VECTOR_KE(mlkem512_2)
+TEST_VECTOR_KE(mlkem512_3)
+TEST_VECTOR_KE(mlkem768_0)
+TEST_VECTOR_KE(mlkem768_1)
+TEST_VECTOR_KE(mlkem768_2)
+TEST_VECTOR_KE(mlkem768_3)
+TEST_VECTOR_KE(mlkem1024_0)
+TEST_VECTOR_KE(mlkem1024_1)
+TEST_VECTOR_KE(mlkem1024_2)
+TEST_VECTOR_KE(mlkem1024_3)
 TEST_VECTOR_KE(ke_frodo_aes_l1_0)
 TEST_VECTOR_KE(ke_frodo_aes_l1_1)
 TEST_VECTOR_KE(ke_frodo_aes_l1_2)