From 5f42894ac2746f721971975ab56f44b0bd1cd608 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Thu, 10 Dec 2020 19:21:04 -0800 Subject: [PATCH] Added FrodoKEM --- Makefile | 2 +- README.md | 2 +- go.mod | 1 + go.sum | 3 + xs/xs.go | 18 ++--- xsnet/consts.go | 4 + xsnet/net.go | 210 +++++++++++++++++++++++++++++++++++++++++++++--- 7 files changed, 216 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index 0dd4328..3e28c7a 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := 0.8.25 +VERSION := 0.8.26 .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall ## Tag version of binaries with build info wrt. diff --git a/README.md b/README.md index 9ab7ffa..9a57e48 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Currently supported exchanges are: [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx); * The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/) :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber) * The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope) - +* The FrodoKEM algorithm [frodokem.org](https://frodokem.org/) :: Go version by [Eduardo E. S. Riccardi](https://github.com/kuking/go-frodokem) Currently supported session algorithms: diff --git a/go.mod b/go.mod index a141e77..ad14ca0 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f github.com/klauspost/reedsolomon v1.9.9 // indirect github.com/kr/pty v1.1.8 + github.com/kuking/go-frodokem v1.0.1 github.com/mattn/go-isatty v0.0.12 github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 32eeff6..c74f16f 100644 --- a/go.sum +++ b/go.sum @@ -33,6 +33,8 @@ github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2 github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo= github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= +github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o= +github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8= @@ -50,6 +52,7 @@ github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA= github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo= github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= +github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ= github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg= github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE= diff --git a/xs/xs.go b/xs/xs.go index 17d53b7..2eedb39 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -64,22 +64,22 @@ const bob = string("\r\n\r\n" + "@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" + "@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" + "@@@@@ ~ ~~ ~I @@@@@\r\n" + - "@@@@' ' _,w@< @@@@\r\n" + + "@@@@' ' _,w@< @@@@ .\r\n" + "@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" + - "@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@\r\n" + + "@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@ Bob\r\n" + "@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" + - "@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@\r\n" + + "@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@ bOb\r\n" + "@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" + - "@@@@ _~ , , `@@@~ _ _`@ ]L J@@@\r\n" + + "@@@@ _~ , , `@@@~ _ _`@ ]L J@@@ o\r\n" + "@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" + - "@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@\r\n" + + "@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@ BOB\r\n" + "@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" + - "@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@\r\n" + + "@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@ . o\r\n" + "@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" + "@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" + - "@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@\r\n" + + "@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@ o .\r\n" + "@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" + - "@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@\r\n" + + "@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@ B o B\r\n" + "@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" + "@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" + "@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" + @@ -712,7 +712,7 @@ func main() { flag.BoolVar(&dbg, "d", false, "debug logging") flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]") flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]") - flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE]") + flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]") flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP") flag.UintVar(&port, "p", 2000, "``port") //flag.StringVar(&authCookie, "a", "", "auth cookie") diff --git a/xsnet/consts.go b/xsnet/consts.go index 57144b4..c632198 100644 --- a/xsnet/consts.go +++ b/xsnet/consts.go @@ -29,6 +29,10 @@ const ( KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157 KEX_resvd14 KEX_resvd15 + KEX_FRODOKEM_1344AES + KEX_FRODOKEM_1344SHAKE + KEX_FRODOKEM_976AES + KEX_FRODOKEM_976SHAKE KEX_invalid = 255 ) diff --git a/xsnet/net.go b/xsnet/net.go index c559a72..afd79df 100644 --- a/xsnet/net.go +++ b/xsnet/net.go @@ -44,6 +44,7 @@ import ( "blitter.com/go/kyber" "blitter.com/go/newhope" "blitter.com/go/xs/logger" + frodo "github.com/kuking/go-frodokem" ) /*---------------------------------------------------------------------*/ @@ -126,6 +127,14 @@ func (k *KEXAlg) String() string { return "KEX_NEWHOPE" case KEX_NEWHOPE_SIMPLE: return "KEX_NEWHOPE_SIMPLE" + case KEX_FRODOKEM_1344AES: + return "KEX_FRODOKEM_1344AES" + case KEX_FRODOKEM_1344SHAKE: + return "KEX_FRODOKEM_1344SHAKE" + case KEX_FRODOKEM_976AES: + return "KEX_FRODOKEM_976AES" + case KEX_FRODOKEM_976SHAKE: + return "KEX_FRODOKEM_976SHAKE" default: return "KEX_ERR_UNK" } @@ -276,6 +285,14 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) { case KEX_NEWHOPE: fallthrough case KEX_NEWHOPE_SIMPLE: + fallthrough + case KEX_FRODOKEM_1344AES: + fallthrough + case KEX_FRODOKEM_1344SHAKE: + fallthrough + case KEX_FRODOKEM_976AES: + fallthrough + case KEX_FRODOKEM_976SHAKE: log.Printf("[KEx alg %d accepted]\n", kexAlg) default: // UNREACHABLE: _getkexalgnum() guarantees a valid KEX value @@ -375,11 +392,86 @@ func getkexalgnum(extensions ...string) (k KEXAlg) { case "KEX_NEWHOPE_SIMPLE": k = KEX_NEWHOPE_SIMPLE break //out of for + case "KEX_FRODOKEM_1344AES": + k = KEX_FRODOKEM_1344AES + break //out of for + case "KEX_FRODOKEM_1344SHAKE": + k = KEX_FRODOKEM_1344SHAKE + break //out of for + case "KEX_FRODOKEM_976AES": + k = KEX_FRODOKEM_976AES + break //out of for + case "KEX_FRODOKEM_976SHAKE": + k = KEX_FRODOKEM_976SHAKE + break //out of for } } return } +func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) { + // Send xsnet.Conn parameters to remote side + + // Alice, step 1: Generate a key pair. + var kem frodo.FrodoKEM + + switch hc.kex { + case KEX_FRODOKEM_1344AES: + kem = frodo.Frodo1344AES() + case KEX_FRODOKEM_1344SHAKE: + kem = frodo.Frodo1344SHAKE() + case KEX_FRODOKEM_976AES: + kem = frodo.Frodo976AES() + default: + kem = frodo.Frodo976SHAKE() + } + pubA, secA := kem.Keygen() // pA + //log.Printf("[pubKeyAlice: %v]\n", pubA) + + // Alice, step 2: Send the public key (na,ea) to Bob + fmt.Fprintf(c, "0x%x\n", pubA) + + // (... and cipher, connection opts) + fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts) + + // [Bob does the same and sends use a public key (nb, eb) + pubB_bigint := big.NewInt(0) + _, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint) + pubB := pubB_bigint.Bytes() + //log.Printf("[Got pubKeyBob[]:%v]\n", pubB) + + // (... and cipher, connection opts) + _, err = fmt.Fscanf(c, "0x%x:0x%x\n", + &hc.cipheropts, &hc.opts) + if err != nil { + return err + } + + // Alice, step 3: Create ctAtoB, shareA + ctAtoB, shareA, err := kem.Encapsulate(pubB) + if err != nil { + return err + } + + // Alice, step 4: Send ctAtoB to Bob + fmt.Fprintf(c, "0x%x\n", ctAtoB) + + // Alice, step 5: Receive ctBtoA from Bob + ctBtoA_bigint := big.NewInt(0) + _, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint) + ctBtoA := ctBtoA_bigint.Bytes() + log.Printf("[Got ctBob[]:%v]\n", ctBtoA) + + // Alice, step 6: compute Bob's share + shareB, err := kem.Dencapsulate(secA, ctBtoA) + sessionKey := append(shareA, shareB...) + //log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey) + + hc.r, hc.rm, err = hc.getStream(sessionKey) + hc.w, hc.wm, err = hc.getStream(sessionKey) + return +} + // randReader wraps rand.Read() in a struct that implements io.Reader // for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods. type randReader struct { @@ -413,7 +505,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) { for i := range pubKeyBob.Send { pubKeyBob.Send[i] = publicKeyBob.Bytes()[i] } - log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) + //log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) // Read cipheropts, session opts _, err = fmt.Fscanf(c, "0x%x:0x%x\n", @@ -429,7 +521,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) { if err != nil { panic(err) } - log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -457,7 +549,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) { for i := range pubKeyBob.Send { pubKeyBob.Send[i] = publicKeyBob.Bytes()[i] } - log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) + //log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) // Read cipheropts, session opts _, err = fmt.Fscanf(c, "0x%x:0x%x\n", @@ -473,7 +565,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) { if err != nil { panic(err) } - log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -512,7 +604,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) { //if err != nil { // return err //} - log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB) + //log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB) // Read cipheropts, session opts _, err = fmt.Fscanf(c, "0x%x:0x%x\n", @@ -524,7 +616,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) { // Alice, step 3: Decrypt the KEM cipher text. aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB) - log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) return @@ -573,13 +665,74 @@ func HKExDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) { return } +func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) { + // Bob, step 1: Generate a key pair. + var kem frodo.FrodoKEM + + switch hc.kex { + case KEX_FRODOKEM_1344AES: + kem = frodo.Frodo1344AES() + case KEX_FRODOKEM_1344SHAKE: + kem = frodo.Frodo1344SHAKE() + case KEX_FRODOKEM_976AES: + kem = frodo.Frodo976AES() + default: + kem = frodo.Frodo976SHAKE() + } + pubB, secB := kem.Keygen() + //log.Printf("[pubKeyBob: %v]\n", pubB) + + // Bob, step 2: Send the public key (nb,eb) to Alice + fmt.Fprintf(*c, "0x%x\n", pubB) + + // (... and cipher, connection opts) + fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts) + + // [Alice does the same and sends use a public key (na, ea) + pubA_bigint := big.NewInt(0) + _, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint) + pubA := pubA_bigint.Bytes() + //log.Printf("[Got pubKeyAlice[]:%v]\n", pubA) + + // (... and cipher, connection opts) + _, err = fmt.Fscanf(*c, "0x%x:0x%x\n", + &hc.cipheropts, &hc.opts) + if err != nil { + return err + } + + // Bob, step 3: Create ctBtoA, shareB + ctBtoA, shareB, err := kem.Encapsulate(pubA) + if err != nil { + return err + } + + // Bob, step 4: Send ctBtoA to Alice + fmt.Fprintf(*c, "0x%x\n", ctBtoA) + + // Bob, step 5: Receive ctAtoB from Alice + ctAtoB_bigint := big.NewInt(0) + _, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint) + ctAtoB := ctAtoB_bigint.Bytes() + log.Printf("[Got ctAlice[]:%v]\n", ctAtoB) + + // Alice, step 6: compute Bob's share + shareA, err := kem.Dencapsulate(secB, ctAtoB) + sessionKey := append(shareA, shareB...) + //log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey) + + hc.r, hc.rm, err = hc.getStream(sessionKey) + hc.w, hc.wm, err = hc.getStream(sessionKey) + return +} + func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) { r := new(randReader) rand.Seed(time.Now().UnixNano()) // Bob, step 1: Deserialize Alice's public key from the binary encoding. alicePublicKey := big.NewInt(0) _, err = fmt.Fscanln(*c, alicePublicKey) - log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) + //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) if err != nil { return err } @@ -606,7 +759,7 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, hc.cipheropts, hc.opts) - log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -618,7 +771,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) { // Bob, step 1: Deserialize Alice's public key from the binary encoding. alicePublicKey := big.NewInt(0) _, err = fmt.Fscanln(*c, alicePublicKey) - log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) + //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) if err != nil { return err } @@ -645,7 +798,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, hc.cipheropts, hc.opts) - log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -655,7 +808,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) { // Bob, step 1: Deserialize Alice's public key from the binary encoding. alicePublicKey := big.NewInt(0) _, err = fmt.Fscanln(*c, alicePublicKey) - log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) + //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) if err != nil { return err } @@ -694,7 +847,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) { fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText, hc.cipheropts, hc.opts) - log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) + //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret) return @@ -817,6 +970,17 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er if NewHopeSimpleDialSetup(c, &hc) != nil { return Conn{}, nil } + case KEX_FRODOKEM_1344AES: + fallthrough + case KEX_FRODOKEM_1344SHAKE: + fallthrough + case KEX_FRODOKEM_976AES: + fallthrough + case KEX_FRODOKEM_976SHAKE: + log.Printf("[Setting up for KEX_FRODOKEM %d]\n", hc.kex) + if FrodoKEMDialSetup(c, &hc) != nil { + return Conn{}, nil + } default: return Conn{}, err } @@ -1000,6 +1164,26 @@ func (hl *HKExListener) Accept() (hc Conn, err error) { if NewHopeSimpleAcceptSetup(&c, &hc) != nil { return Conn{}, err } + case KEX_FRODOKEM_1344AES: + log.Printf("[Setting up for KEX_FRODOKEM_1344AES %d]\n", hc.kex) + if FrodoKEMAcceptSetup(&c, &hc) != nil { + return Conn{}, err + } + case KEX_FRODOKEM_1344SHAKE: + log.Printf("[Setting up for KEX_FRODOKEM_1344SHAKE %d]\n", hc.kex) + if FrodoKEMAcceptSetup(&c, &hc) != nil { + return Conn{}, err + } + case KEX_FRODOKEM_976AES: + log.Printf("[Setting up for KEX_FRODOKEM_976AES %d]\n", hc.kex) + if FrodoKEMAcceptSetup(&c, &hc) != nil { + return Conn{}, err + } + case KEX_FRODOKEM_976SHAKE: + log.Printf("[Setting up for KEX_FRODOKEM_976SHAKE %d]\n", hc.kex) + if FrodoKEMAcceptSetup(&c, &hc) != nil { + return Conn{}, err + } default: return Conn{}, err } @@ -1235,7 +1419,7 @@ func (hc Conn) Read(b []byte) (n int, err error) { } hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ] - log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp) + //log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp) if *hc.closeStat == CSETruncCSO { logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))