6421338519

Committed 05 Oct 2023 03:44PM UTC coverage: 91.703% (-0.08%) from 91.783%

Build # 6421338519

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #3609 from Rohde-Schwarz/tls13/kem_establishment

[TLS 1.3] Hybrid PQ/T key establishment

Run Details

79958 of 87192 relevant lines covered (91.7%)

8521367.99 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

67.43

/src/lib/tls/tls_algos.cpp

/*
* (C) 2017 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_algos.h>

#include <botan/ec_group.h>
#include <botan/exceptn.h>
#include <botan/internal/fmt.h>

namespace Botan::TLS {

std::string kdf_algo_to_string(KDF_Algo algo) {
   switch(algo) {
      case KDF_Algo::SHA_1:
         return "SHA-1";
      case KDF_Algo::SHA_256:
         return "SHA-256";
      case KDF_Algo::SHA_384:
         return "SHA-384";
   }

   throw Invalid_State("kdf_algo_to_string unknown enum value");
}

std::string kex_method_to_string(Kex_Algo method) {
   switch(method) {
      case Kex_Algo::STATIC_RSA:
         return "RSA";
      case Kex_Algo::DH:
         return "DH";
      case Kex_Algo::ECDH:
         return "ECDH";
      case Kex_Algo::PSK:
         return "PSK";
      case Kex_Algo::ECDHE_PSK:
         return "ECDHE_PSK";
      case Kex_Algo::DHE_PSK:
         return "DHE_PSK";
      case Kex_Algo::KEM:
         return "KEM";
      case Kex_Algo::KEM_PSK:
         return "KEM_PSK";
      case Kex_Algo::HYBRID:
         return "HYBRID";
      case Kex_Algo::HYBRID_PSK:
         return "HYBRID_PSK";
      case Kex_Algo::UNDEFINED:
         return "UNDEFINED";
   }

   throw Invalid_State("kex_method_to_string unknown enum value");
}

Kex_Algo kex_method_from_string(std::string_view str) {
   if(str == "RSA") {
      return Kex_Algo::STATIC_RSA;
   }

   if(str == "DH") {
      return Kex_Algo::DH;
   }

   if(str == "ECDH") {
      return Kex_Algo::ECDH;
   }

   if(str == "PSK") {
      return Kex_Algo::PSK;
   }

   if(str == "ECDHE_PSK") {
      return Kex_Algo::ECDHE_PSK;
   }

   if(str == "DHE_PSK") {
      return Kex_Algo::DHE_PSK;
   }

   if(str == "KEM") {
      return Kex_Algo::KEM;
   }

   if(str == "KEM_PSK") {
      return Kex_Algo::KEM_PSK;
   }

   if(str == "HYBRID") {
      return Kex_Algo::HYBRID;
   }

   if(str == "HYBRID_PSK") {
      return Kex_Algo::HYBRID_PSK;
   }

   if(str == "UNDEFINED") {
      return Kex_Algo::UNDEFINED;
   }

   throw Invalid_Argument(fmt("Unknown kex method '{}'", str));
}

std::string auth_method_to_string(Auth_Method method) {
   switch(method) {
      case Auth_Method::RSA:
         return "RSA";
      case Auth_Method::ECDSA:
         return "ECDSA";
      case Auth_Method::IMPLICIT:
         return "IMPLICIT";
      case Auth_Method::UNDEFINED:
         return "UNDEFINED";
   }

   throw Invalid_State("auth_method_to_string unknown enum value");
}

Auth_Method auth_method_from_string(std::string_view str) {
   if(str == "RSA") {
      return Auth_Method::RSA;
   }
   if(str == "ECDSA") {
      return Auth_Method::ECDSA;
   }
   if(str == "IMPLICIT") {
      return Auth_Method::IMPLICIT;
   }
   if(str == "UNDEFINED") {
      return Auth_Method::UNDEFINED;
   }

   throw Invalid_Argument(fmt("Unknown TLS signature method '{}'", str));
}

bool group_param_is_dh(Group_Params group) {
   uint16_t group_id = static_cast<uint16_t>(group);
   return (group_id >= 256 && group_id < 512);
}

Group_Params group_param_from_string(std::string_view group_name) {
   if(group_name == "secp256r1") {
      return Group_Params::SECP256R1;
   }
   if(group_name == "secp384r1") {
      return Group_Params::SECP384R1;
   }
   if(group_name == "secp521r1") {
      return Group_Params::SECP521R1;
   }
   if(group_name == "brainpool256r1") {
      return Group_Params::BRAINPOOL256R1;
   }
   if(group_name == "brainpool384r1") {
      return Group_Params::BRAINPOOL384R1;
   }
   if(group_name == "brainpool512r1") {
      return Group_Params::BRAINPOOL512R1;
   }
   if(group_name == "x25519") {
      return Group_Params::X25519;
   }

   if(group_name == "ffdhe/ietf/2048") {
      return Group_Params::FFDHE_2048;
   }
   if(group_name == "ffdhe/ietf/3072") {
      return Group_Params::FFDHE_3072;
   }
   if(group_name == "ffdhe/ietf/4096") {
      return Group_Params::FFDHE_4096;
   }
   if(group_name == "ffdhe/ietf/6144") {
      return Group_Params::FFDHE_6144;
   }
   if(group_name == "ffdhe/ietf/8192") {
      return Group_Params::FFDHE_8192;
   }

   if(group_name == "Kyber-512-r3") {
      return Group_Params::KYBER_512_R3;
   }
   if(group_name == "Kyber-768-r3") {
      return Group_Params::KYBER_768_R3;
   }
   if(group_name == "Kyber-1024-r3") {
      return Group_Params::KYBER_1024_R3;
   }

   if(group_name == "x25519/Kyber-512-r3/cloudflare") {
      return Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE;
   }
   if(group_name == "x25519/Kyber-768-r3/cloudflare") {
      return Group_Params::HYBRID_X25519_KYBER_768_R3_CLOUDFLARE;
   }

   if(group_name == "x25519/Kyber-512-r3") {
      return Group_Params::HYBRID_X25519_KYBER_512_R3_OQS;
   }
   if(group_name == "x25519/Kyber-768-r3") {
      return Group_Params::HYBRID_X25519_KYBER_768_R3_OQS;
   }

   if(group_name == "secp256r1/Kyber-512-r3") {
      return Group_Params::HYBRID_SECP256R1_KYBER_512_R3_OQS;
   }
   if(group_name == "secp384r1/Kyber-768-r3") {
      return Group_Params::HYBRID_SECP384R1_KYBER_768_R3_OQS;
   }
   if(group_name == "secp521r1/Kyber-1024-r3") {
      return Group_Params::HYBRID_SECP521R1_KYBER_1024_R3_OQS;
   }

   return Group_Params::NONE;  // unknown
}

std::string group_param_to_string(Group_Params group) {
   switch(group) {
      case Group_Params::SECP256R1:
         return "secp256r1";
      case Group_Params::SECP384R1:
         return "secp384r1";
      case Group_Params::SECP521R1:
         return "secp521r1";
      case Group_Params::BRAINPOOL256R1:
         return "brainpool256r1";
      case Group_Params::BRAINPOOL384R1:
         return "brainpool384r1";
      case Group_Params::BRAINPOOL512R1:
         return "brainpool512r1";
      case Group_Params::X25519:
         return "x25519";

      case Group_Params::FFDHE_2048:
         return "ffdhe/ietf/2048";
      case Group_Params::FFDHE_3072:
         return "ffdhe/ietf/3072";
      case Group_Params::FFDHE_4096:
         return "ffdhe/ietf/4096";
      case Group_Params::FFDHE_6144:
         return "ffdhe/ietf/6144";
      case Group_Params::FFDHE_8192:
         return "ffdhe/ietf/8192";

      case Group_Params::KYBER_512_R3:
         return "Kyber-512-r3";
      case Group_Params::KYBER_768_R3:
         return "Kyber-768-r3";
      case Group_Params::KYBER_1024_R3:
         return "Kyber-1024-r3";

      case Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE:
         return "x25519/Kyber-512-r3/cloudflare";
      case Group_Params::HYBRID_X25519_KYBER_768_R3_CLOUDFLARE:
         return "x25519/Kyber-768-r3/cloudflare";

      case Group_Params::HYBRID_X25519_KYBER_512_R3_OQS:
         return "x25519/Kyber-512-r3";
      case Group_Params::HYBRID_X25519_KYBER_768_R3_OQS:
         return "x25519/Kyber-768-r3";

      case Group_Params::HYBRID_SECP256R1_KYBER_512_R3_OQS:
         return "secp256r1/Kyber-512-r3";
      case Group_Params::HYBRID_SECP384R1_KYBER_768_R3_OQS:
         return "secp384r1/Kyber-768-r3";
      case Group_Params::HYBRID_SECP521R1_KYBER_1024_R3_OQS:
         return "secp521r1/Kyber-1024-r3";

      default:
         return "";
   }
}

}  // namespace Botan::TLS

1	/*
2	* (C) 2017 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include <botan/tls_algos.h>
8
9	#include <botan/ec_group.h>
10	#include <botan/exceptn.h>
11	#include <botan/internal/fmt.h>
12
13	namespace Botan::TLS {
14
15	std::string kdf_algo_to_string(KDF_Algo algo) {	198,717✔
16	switch(algo) {	198,717✔
17	case KDF_Algo::SHA_1:	36,781✔
18	return "SHA-1";	36,781✔
19	case KDF_Algo::SHA_256:	119,958✔
20	return "SHA-256";	119,958✔
21	case KDF_Algo::SHA_384:	41,978✔
22	return "SHA-384";	41,978✔
23	}
24
25	throw Invalid_State("kdf_algo_to_string unknown enum value");	×
26	}
27
28	std::string kex_method_to_string(Kex_Algo method) {	7,528✔
29	switch(method) {	7,528✔
30	case Kex_Algo::STATIC_RSA:	722✔
31	return "RSA";	722✔
32	case Kex_Algo::DH:	1,065✔
33	return "DH";	1,065✔
34	case Kex_Algo::ECDH:	4,056✔
35	return "ECDH";	4,056✔
36	case Kex_Algo::PSK:	832✔
37	return "PSK";	832✔
38	case Kex_Algo::ECDHE_PSK:	846✔
39	return "ECDHE_PSK";	846✔
40	case Kex_Algo::DHE_PSK:	×
41	return "DHE_PSK";	×
42	case Kex_Algo::KEM:	2✔
43	return "KEM";	2✔
44	case Kex_Algo::KEM_PSK:	×
45	return "KEM_PSK";	×
46	case Kex_Algo::HYBRID:	5✔
47	return "HYBRID";	5✔
48	case Kex_Algo::HYBRID_PSK:	×
49	return "HYBRID_PSK";	×
50	case Kex_Algo::UNDEFINED:	×
51	return "UNDEFINED";	×
52	}
53
54	throw Invalid_State("kex_method_to_string unknown enum value");	×
55	}
56
57	Kex_Algo kex_method_from_string(std::string_view str) {	5✔
58	if(str == "RSA") {	6✔
59	return Kex_Algo::STATIC_RSA;	1✔
60	}
61
62	if(str == "DH") {	4✔
63	return Kex_Algo::DH;	1✔
64	}
65
66	if(str == "ECDH") {	3✔
67	return Kex_Algo::ECDH;	1✔
68	}
69
70	if(str == "PSK") {	2✔
71	return Kex_Algo::PSK;	1✔
72	}
73
74	if(str == "ECDHE_PSK") {	1✔
75	return Kex_Algo::ECDHE_PSK;	1✔
76	}
77
78	if(str == "DHE_PSK") {	×
79	return Kex_Algo::DHE_PSK;	×
80	}
81
82	if(str == "KEM") {	×
83	return Kex_Algo::KEM;	×
84	}
85
86	if(str == "KEM_PSK") {	×
87	return Kex_Algo::KEM_PSK;	×
88	}
89
90	if(str == "HYBRID") {	×
91	return Kex_Algo::HYBRID;	×
92	}
93
94	if(str == "HYBRID_PSK") {	×
95	return Kex_Algo::HYBRID_PSK;	×
96	}
97
98	if(str == "UNDEFINED") {	×
99	return Kex_Algo::UNDEFINED;	×
100	}
101
102	throw Invalid_Argument(fmt("Unknown kex method '{}'", str));	×
103	}
104
105	std::string auth_method_to_string(Auth_Method method) {	9,010✔
106	switch(method) {	9,010✔
107	case Auth_Method::RSA:	6,101✔
108	return "RSA";	6,101✔
109	case Auth_Method::ECDSA:	2,759✔
110	return "ECDSA";	2,759✔
111	case Auth_Method::IMPLICIT:	150✔
112	return "IMPLICIT";	150✔
113	case Auth_Method::UNDEFINED:	×
114	return "UNDEFINED";	×
115	}
116
117	throw Invalid_State("auth_method_to_string unknown enum value");	×
118	}
119
120	Auth_Method auth_method_from_string(std::string_view str) {	3✔
121	if(str == "RSA") {	3✔
122	return Auth_Method::RSA;	1✔
123	}
124	if(str == "ECDSA") {	2✔
125	return Auth_Method::ECDSA;	1✔
126	}
127	if(str == "IMPLICIT") {	1✔
128	return Auth_Method::IMPLICIT;	1✔
129	}
130	if(str == "UNDEFINED") {	×
131	return Auth_Method::UNDEFINED;	×
132	}
133
134	throw Invalid_Argument(fmt("Unknown TLS signature method '{}'", str));	×
135	}
136
137	bool group_param_is_dh(Group_Params group) {	58,442✔
138	uint16_t group_id = static_cast<uint16_t>(group);	58,442✔
139	return (group_id >= 256 && group_id < 512);	58,442✔
140	}
141
142	Group_Params group_param_from_string(std::string_view group_name) {	467✔
143	if(group_name == "secp256r1") {	542✔
144	return Group_Params::SECP256R1;	68✔
145	}
146	if(group_name == "secp384r1") {	437✔
147	return Group_Params::SECP384R1;	37✔
148	}
149	if(group_name == "secp521r1") {	362✔
150	return Group_Params::SECP521R1;	38✔
151	}
152	if(group_name == "brainpool256r1") {	340✔
153	return Group_Params::BRAINPOOL256R1;	24✔
154	}
155	if(group_name == "brainpool384r1") {	308✔
156	return Group_Params::BRAINPOOL384R1;	8✔
157	}
158	if(group_name == "brainpool512r1") {	292✔
159	return Group_Params::BRAINPOOL512R1;	8✔
160	}
161	if(group_name == "x25519") {	296✔
162	return Group_Params::X25519;	83✔
163	}
164
165	if(group_name == "ffdhe/ietf/2048") {	296✔
166	return Group_Params::FFDHE_2048;	56✔
167	}
168	if(group_name == "ffdhe/ietf/3072") {	216✔
169	return Group_Params::FFDHE_3072;	24✔
170	}
171	if(group_name == "ffdhe/ietf/4096") {	165✔
172	return Group_Params::FFDHE_4096;	27✔
173	}
174	if(group_name == "ffdhe/ietf/6144") {	116✔
175	return Group_Params::FFDHE_6144;	22✔
176	}
177	if(group_name == "ffdhe/ietf/8192") {	72✔
178	return Group_Params::FFDHE_8192;	22✔
179	}
180
181	if(group_name == "Kyber-512-r3") {	50✔
182	return Group_Params::KYBER_512_R3;	19✔
183	}
184	if(group_name == "Kyber-768-r3") {	31✔
185	return Group_Params::KYBER_768_R3;	×
186	}
187	if(group_name == "Kyber-1024-r3") {	31✔
188	return Group_Params::KYBER_1024_R3;	×
189	}
190
191	if(group_name == "x25519/Kyber-512-r3/cloudflare") {	31✔
192	return Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE;	×
193	}
194	if(group_name == "x25519/Kyber-768-r3/cloudflare") {	31✔
195	return Group_Params::HYBRID_X25519_KYBER_768_R3_CLOUDFLARE;	×
196	}
197
198	if(group_name == "x25519/Kyber-512-r3") {	31✔
199	return Group_Params::HYBRID_X25519_KYBER_512_R3_OQS;	19✔
200	}
201	if(group_name == "x25519/Kyber-768-r3") {	12✔
202	return Group_Params::HYBRID_X25519_KYBER_768_R3_OQS;	×
203	}
204
205	if(group_name == "secp256r1/Kyber-512-r3") {	12✔
206	return Group_Params::HYBRID_SECP256R1_KYBER_512_R3_OQS;	×
207	}
208	if(group_name == "secp384r1/Kyber-768-r3") {	12✔
209	return Group_Params::HYBRID_SECP384R1_KYBER_768_R3_OQS;	×
210	}
211	if(group_name == "secp521r1/Kyber-1024-r3") {	12✔
212	return Group_Params::HYBRID_SECP521R1_KYBER_1024_R3_OQS;	×
213	}
214
215	return Group_Params::NONE; // unknown
216	}
217
218	std::string group_param_to_string(Group_Params group) {	262✔
219	switch(group) {	262✔
220	case Group_Params::SECP256R1:	61✔
221	return "secp256r1";	61✔
222	case Group_Params::SECP384R1:	67✔
223	return "secp384r1";	67✔
224	case Group_Params::SECP521R1:	30✔
225	return "secp521r1";	30✔
226	case Group_Params::BRAINPOOL256R1:	24✔
227	return "brainpool256r1";	24✔
228	case Group_Params::BRAINPOOL384R1:	8✔
229	return "brainpool384r1";	8✔
230	case Group_Params::BRAINPOOL512R1:	10✔
231	return "brainpool512r1";	10✔
232	case Group_Params::X25519:	12✔
233	return "x25519";	12✔
234
235	case Group_Params::FFDHE_2048:	20✔
236	return "ffdhe/ietf/2048";	20✔
237	case Group_Params::FFDHE_3072:	8✔
238	return "ffdhe/ietf/3072";	8✔
239	case Group_Params::FFDHE_4096:	8✔
240	return "ffdhe/ietf/4096";	8✔
241	case Group_Params::FFDHE_6144:	6✔
242	return "ffdhe/ietf/6144";	6✔
243	case Group_Params::FFDHE_8192:	6✔
244	return "ffdhe/ietf/8192";	6✔
245
246	case Group_Params::KYBER_512_R3:	2✔
247	return "Kyber-512-r3";	2✔
248	case Group_Params::KYBER_768_R3:	×
249	return "Kyber-768-r3";	×
250	case Group_Params::KYBER_1024_R3:	×
251	return "Kyber-1024-r3";	×
252
253	case Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE:	×
254	return "x25519/Kyber-512-r3/cloudflare";	×
255	case Group_Params::HYBRID_X25519_KYBER_768_R3_CLOUDFLARE:	×
256	return "x25519/Kyber-768-r3/cloudflare";	×
257
258	case Group_Params::HYBRID_X25519_KYBER_512_R3_OQS:	×
259	return "x25519/Kyber-512-r3";	×
260	case Group_Params::HYBRID_X25519_KYBER_768_R3_OQS:	×
261	return "x25519/Kyber-768-r3";	×
262
263	case Group_Params::HYBRID_SECP256R1_KYBER_512_R3_OQS:	×
264	return "secp256r1/Kyber-512-r3";	×
265	case Group_Params::HYBRID_SECP384R1_KYBER_768_R3_OQS:	×
266	return "secp384r1/Kyber-768-r3";	×
267	case Group_Params::HYBRID_SECP521R1_KYBER_1024_R3_OQS:	×
268	return "secp521r1/Kyber-1024-r3";	×
269
270	default:	×
271	return "";	×
272	}
273	}
274
275	} // namespace Botan::TLS

randombit / botan / 6421338519

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous