integrating qkd-kem, work in progress

configure.ac

@@ -156,6 +156,7 @@ ARG_DISBL_SET([nonce],          [disable nonce generation plugin.])
 ARG_ENABL_SET([frodo],          [enable FrodoKEM Post Quantum Safe plugin.])
 ARG_ENABL_SET([oqs],            [enable Open Quantum Safe (liboqs) plugin.])
 ARG_ENABL_SET([qkd],            [enable QKD plugin.])
+ARG_ENABL_SET([qkd-kem],            [enable QKD-KEM plugin.])
 ARG_DISBL_SET([openssl],        [disable the OpenSSL crypto plugin.])
 ARG_ENABL_SET([wolfssl],        [enables the wolfSSL crypto plugin.])
 ARG_ENABL_SET([padlock],        [enables VIA Padlock crypto plugin.])
@@ -1600,6 +1601,7 @@ ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([frodo],                [s charon scripts nm cmd])
 ADD_PLUGIN([oqs],                  [s charon scripts nm cmd])
 ADD_PLUGIN([qkd],                  [s charon scripts nm cmd])
+ADD_PLUGIN([qkd-kem],                  [s charon scripts nm cmd])
 ADD_PLUGIN([drbg],                 [s charon pki scripts nm cmd])
 ADD_PLUGIN([curl],                 [s charon pki scripts nm cmd])
 ADD_PLUGIN([files],                [s charon pki scripts nm cmd])
@@ -1770,6 +1772,7 @@ AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
 AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
 AM_CONDITIONAL(USE_OQS, test x$oqs = xtrue)
 AM_CONDITIONAL(USE_QKD, test x$qkd = xtrue)
+AM_CONDITIONAL(USE_QKD_KEM, test x$qkd_kem = xtrue)
 AM_CONDITIONAL(USE_FRODO, test x$frodo = xtrue)
 
 #  charon plugins
@@ -2054,6 +2057,7 @@ AC_CONFIG_FILES([
 	src/libstrongswan/plugins/oqs/Makefile
 	src/libstrongswan/plugins/oqs/tests/Makefile
 	src/libstrongswan/plugins/qkd/Makefile
+	src/libstrongswan/plugins/qkd-kem/Makefile
 	src/libstrongswan/plugins/test_vectors/Makefile
 	src/libstrongswan/tests/Makefile
 	src/libipsec/Makefile

src/libstrongswan/Makefile.am

@@ -686,6 +686,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_QKD_KEM
+  SUBDIRS += plugins/qkd-kem
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/qkd-kem/libstrongswan-qkd_kem.la
+endif
+endif
+
 if USE_FRODO
   SUBDIRS += plugins/frodo
 if MONOLITHIC

src/libstrongswan/crypto/key_exchange.c

@@ -733,6 +733,7 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 		case KE_HQC_L3:
 		case KE_HQC_L5:
 		case KE_QKD: // TODO_QKD: implement verification in plugin
+		case KE_QKD_KYBER_L3:
 			/* verification currently not supported, do in plugin */
 			valid = FALSE;
 			break;

src/libstrongswan/crypto/key_exchange.h

@@ -88,6 +88,7 @@ enum key_exchange_method_t {
 	KE_HQC_L5          = 1094,
 	/** QKD KEX */
 	KE_QKD			   = 1095,
+	KE_QKD_KYBER_L3		   = 1096,
 	/** MODP group with custom generator/prime */
 	/** internally used DH group with additional parameters g and p, outside
 	 * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */

src/libstrongswan/crypto/proposal/proposal_keywords_static.txt

@@ -192,5 +192,6 @@ hqc1,             KEY_EXCHANGE_METHOD, KE_HQC_L1,                  0
 hqc3,             KEY_EXCHANGE_METHOD, KE_HQC_L3,                  0
 hqc5,             KEY_EXCHANGE_METHOD, KE_HQC_L5,                  0
 qkd,              KEY_EXCHANGE_METHOD, KE_QKD,                     0
+qkd_kyber3,       KEY_EXCHANGE_METHOD, KE_QKD_KYBER_L3,            0
 noesn,            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0
 esn,              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0

src/libstrongswan/plugins/qkd-kem/Makefile.am

@@ -0,0 +1,19 @@
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+	$(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-qkd-kem.la
+else
+plugin_LTLIBRARIES = libstrongswan-qkd-kem.la
+endif
+
+libstrongswan_qkd_kem_la_SOURCES = \
+	qkd_kem_plugin.h qkd_kem_plugin.c \
+	qkd_kem.h qkd_kem.c
+
+libstrongswan_qkd_kem_la_LDFLAGS = -module -avoid-version
+
+libstrongswan_qkd_kem_la_LIBADD = $(OPENSSL_LIB)