mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-03 00:00:24 -04:00
key-exchange: Add identifiers for ML-KEM algorithms
This commit is contained in:
Tobias Brunner
parent
8ea6997482
commit
47de9ef9a1
@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2010-2020 Tobias Brunner
|
||||
* Copyright (C) 2016-2024 Andreas Steffen
|
||||
* Copyright (C) 2010-2024 Tobias Brunner
|
||||
* Copyright (C) 2005-2010 Martin Willi
|
||||
* Copyright (C) 2005 Jan Hutter
|
||||
*
|
||||
@ -36,7 +37,7 @@ ENUM_NEXT(key_exchange_method_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
|
||||
"ECP_256",
|
||||
"ECP_384",
|
||||
"ECP_521");
|
||||
ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
|
||||
ENUM_NEXT(key_exchange_method_names, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
|
||||
"MODP_1024_160",
|
||||
"MODP_2048_224",
|
||||
"MODP_2048_256",
|
||||
@ -47,8 +48,13 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
|
||||
"ECP_384_BP",
|
||||
"ECP_512_BP",
|
||||
"CURVE_25519",
|
||||
"CURVE_448");
|
||||
ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
|
||||
"CURVE_448",
|
||||
"GOST3410_256",
|
||||
"GOST3410_512",
|
||||
"ML_KEM_512",
|
||||
"ML_KEM_768",
|
||||
"ML_KEM_1024");
|
||||
ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, ML_KEM_1024,
|
||||
"MODP_NULL");
|
||||
ENUM_NEXT(key_exchange_method_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
|
||||
"NTRU_112",
|
||||
@ -76,7 +82,7 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_2048_BIT, ECP_521_BIT, MODP_1536
|
||||
"ecp256",
|
||||
"ecp384",
|
||||
"ecp521");
|
||||
ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT,
|
||||
ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
|
||||
"modp1024s160",
|
||||
"modp2048s224",
|
||||
"modp2048s256",
|
||||
@ -87,8 +93,13 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT
|
||||
"ecp384bp",
|
||||
"ecp512bp",
|
||||
"curve25519",
|
||||
"curve448");
|
||||
ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
|
||||
"curve448",
|
||||
"gost256",
|
||||
"gost512",
|
||||
"mlkem512",
|
||||
"mlkem768",
|
||||
"mlkem1024");
|
||||
ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, ML_KEM_1024,
|
||||
"modpnull");
|
||||
ENUM_NEXT(key_exchange_method_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
|
||||
"ntru112",
|
||||
@ -610,6 +621,24 @@ bool key_exchange_is_ecdh(key_exchange_method_t ke)
|
||||
case ECP_512_BP:
|
||||
case CURVE_25519:
|
||||
case CURVE_448:
|
||||
case GOST3410_256:
|
||||
case GOST3410_512:
|
||||
return TRUE;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
bool key_exchange_is_kem(key_exchange_method_t ke)
|
||||
{
|
||||
switch (ke)
|
||||
{
|
||||
case ML_KEM_512:
|
||||
case ML_KEM_768:
|
||||
case ML_KEM_1024:
|
||||
return TRUE;
|
||||
default:
|
||||
return FALSE;
|
||||
@ -670,11 +699,20 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
|
||||
case CURVE_448:
|
||||
valid = value.len == 56;
|
||||
break;
|
||||
case GOST3410_256:
|
||||
valid = value.len == 64;
|
||||
break;
|
||||
case GOST3410_512:
|
||||
valid = value.len == 128;
|
||||
break;
|
||||
case NTRU_112_BIT:
|
||||
case NTRU_128_BIT:
|
||||
case NTRU_192_BIT:
|
||||
case NTRU_256_BIT:
|
||||
case NH_128_BIT:
|
||||
case ML_KEM_512:
|
||||
case ML_KEM_768:
|
||||
case ML_KEM_1024:
|
||||
/* verification currently not supported, do in plugin */
|
||||
valid = FALSE;
|
||||
break;
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2010-2020 Tobias Brunner
|
||||
* Copyright (C) 2016-2024 Andreas Steffen
|
||||
* Copyright (C) 2010-2024 Tobias Brunner
|
||||
* Copyright (C) 2005-2007 Martin Willi
|
||||
* Copyright (C) 2005 Jan Hutter
|
||||
*
|
||||
@ -40,6 +41,8 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t;
|
||||
* ECP groups are defined in RFC 4753 and RFC 5114.
|
||||
* ECC Brainpool groups are defined in RFC 6954.
|
||||
* Curve25519 and Curve448 groups are defined in RFC 8031.
|
||||
* GOST R 34.10-2012 groups are defined in RFC 9385.
|
||||
* ML-KEM methods are defined in draft-ipsecme-ml-kem-ikev2.
|
||||
*/
|
||||
enum key_exchange_method_t {
|
||||
KE_NONE = 0,
|
||||
@ -65,18 +68,23 @@ enum key_exchange_method_t {
|
||||
ECP_512_BP = 30,
|
||||
CURVE_25519 = 31,
|
||||
CURVE_448 = 32,
|
||||
GOST3410_256 = 33,
|
||||
GOST3410_512 = 34,
|
||||
ML_KEM_512 = 35,
|
||||
ML_KEM_768 = 36,
|
||||
ML_KEM_1024 = 37,
|
||||
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
|
||||
MODP_NULL = 1024,
|
||||
/** MODP group with custom generator/prime */
|
||||
MODP_NULL = 1024,
|
||||
/** Parameters defined by IEEE 1363.1, in PRIVATE USE */
|
||||
NTRU_112_BIT = 1030,
|
||||
NTRU_128_BIT = 1031,
|
||||
NTRU_192_BIT = 1032,
|
||||
NTRU_256_BIT = 1033,
|
||||
NH_128_BIT = 1040,
|
||||
NTRU_112_BIT = 1030,
|
||||
NTRU_128_BIT = 1031,
|
||||
NTRU_192_BIT = 1032,
|
||||
NTRU_256_BIT = 1033,
|
||||
NH_128_BIT = 1040,
|
||||
/** MODP group with custom generator/prime */
|
||||
/** internally used DH group with additional parameters g and p, outside
|
||||
* of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
|
||||
MODP_CUSTOM = 65536,
|
||||
MODP_CUSTOM = 65536,
|
||||
};
|
||||
|
||||
/**
|
||||
@ -104,7 +112,7 @@ struct key_exchange_t {
|
||||
__attribute__((warn_unused_result));
|
||||
|
||||
/**
|
||||
* Sets the public key from the peer.
|
||||
* Sets the public key received from the peer.
|
||||
*
|
||||
* @note This operation should be relatively quick. Costly public key
|
||||
* validation operations or key derivation should be implemented in
|
||||
@ -206,6 +214,13 @@ diffie_hellman_params_t *diffie_hellman_get_params(key_exchange_method_t ke);
|
||||
*/
|
||||
bool key_exchange_is_ecdh(key_exchange_method_t ke);
|
||||
|
||||
/**
|
||||
* Check if the key exchange method is a Key Encapsulation Mechanism (KEM).
|
||||
*
|
||||
* @return TRUE if KEM used
|
||||
*/
|
||||
bool key_exchange_is_kem(key_exchange_method_t ke);
|
||||
|
||||
/**
|
||||
* Check if a public key is valid for given key exchange method.
|
||||
*
|
||||
|
||||
@ -176,6 +176,11 @@ curve25519, KEY_EXCHANGE_METHOD, CURVE_25519, 0
|
||||
x25519, KEY_EXCHANGE_METHOD, CURVE_25519, 0
|
||||
curve448, KEY_EXCHANGE_METHOD, CURVE_448, 0
|
||||
x448, KEY_EXCHANGE_METHOD, CURVE_448, 0
|
||||
gost256, KEY_EXCHANGE_METHOD, GOST3410_256, 0
|
||||
gost512, KEY_EXCHANGE_METHOD, GOST3410_512, 0
|
||||
mlkem512, KEY_EXCHANGE_METHOD, ML_KEM_512, 0
|
||||
mlkem768, KEY_EXCHANGE_METHOD, ML_KEM_768, 0
|
||||
mlkem1024, KEY_EXCHANGE_METHOD, ML_KEM_1024, 0
|
||||
ntru112, KEY_EXCHANGE_METHOD, NTRU_112_BIT, 0
|
||||
ntru128, KEY_EXCHANGE_METHOD, NTRU_128_BIT, 0
|
||||
ntru192, KEY_EXCHANGE_METHOD, NTRU_192_BIT, 0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user