Add X25519MLKEM768, X25519MLKEM512 codepoint

Summary: - As part of the migration from Kyber to ML-KEM -> Add X25519MLKEM768 named group and ML-KEM support to `MultiBackendFactory` in Fizz. - X25519MLKEM512 has not been officially released yet by IANA, using codepoint reserved for Private Use and marking it FB specific. Reviewed By: zxjtan Differential Revision: D65647954 fbshipit-source-id: e59f31e4cab3ce3920aee8dcbc31dd5ad2d11e17
facebookincubator · Nov 23, 2024 · 38928c3 · 38928c3
1 parent 06fbb1b
commit 38928c3
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 0 deletions.
diff --git a/fizz/backend/liboqs/LibOQS.h b/fizz/backend/liboqs/LibOQS.h
@@ -26,6 +26,16 @@ struct Properties<fizz::Kyber768> {
   static constexpr const char* id = OQS_KEM_alg_kyber_768;
 };
 
+template <>
+struct Properties<fizz::MLKEM512> {
+  static constexpr const char* id = OQS_KEM_alg_ml_kem_512;
+};
+
+template <>
+struct Properties<fizz::MLKEM768> {
+  static constexpr const char* id = OQS_KEM_alg_ml_kem_768;
+};
+
 template <class T>
 std::unique_ptr<fizz::KeyExchange> makeKeyExchange(KeyExchangeRole role) {
   return OQSKeyExchange::createOQSKeyExchange(role, Properties<T>::id);

diff --git a/fizz/crypto/Crypto.h b/fizz/crypto/Crypto.h
@@ -131,6 +131,8 @@ struct X25519 {};
 // KEMs
 struct Kyber512 {};
 struct Kyber768 {};
+struct MLKEM512 {};
+struct MLKEM768 {};
 
 constexpr size_t kEcMaxPublicKeyshareLength =
     256; // The max possible size of a buffer storing an EC keyshare. Please

diff --git a/fizz/protocol/MultiBackendFactory.cpp b/fizz/protocol/MultiBackendFactory.cpp
@@ -39,6 +39,14 @@ std::unique_ptr<KeyExchange> MultiBackendFactory::makeKeyExchange(
       return std::make_unique<HybridKeyExchange>(
           fizz::libsodium::makeKeyExchange<fizz::X25519>(),
           fizz::liboqs::makeKeyExchange<Kyber512>(role));
+    case NamedGroup::X25519MLKEM768:
+      return std::make_unique<HybridKeyExchange>(
+          fizz::liboqs::makeKeyExchange<MLKEM768>(role),
+          fizz::libsodium::makeKeyExchange<fizz::X25519>());
+    case NamedGroup::X25519MLKEM512_FB:
+      return std::make_unique<HybridKeyExchange>(
+          fizz::liboqs::makeKeyExchange<MLKEM512>(role),
+          fizz::libsodium::makeKeyExchange<fizz::X25519>());
     case NamedGroup::secp256r1_kyber512:
       return std::make_unique<HybridKeyExchange>(
           fizz::openssl::makeKeyExchange<fizz::P256>(),

diff --git a/fizz/protocol/test/MultiBackendFactoryTest.cpp b/fizz/protocol/test/MultiBackendFactoryTest.cpp
@@ -48,6 +48,8 @@ INSTANTIATE_TEST_SUITE_P(
         NamedGroup::x25519_kyber768_draft00,
         NamedGroup::x25519_kyber768_experimental,
         NamedGroup::x25519_kyber512_experimental,
+        NamedGroup::X25519MLKEM512_FB,
+        NamedGroup::X25519MLKEM768,
         NamedGroup::secp256r1_kyber768_draft00,
         NamedGroup::secp384r1_kyber768
 #endif

diff --git a/fizz/record/Types.cpp b/fizz/record/Types.cpp
@@ -251,6 +251,8 @@ std::string toString(NamedGroup group) {
       return "x25519";
     case NamedGroup::SecP256r1MLKEM768:
       return "SecP256r1MLKEM768";
+    case fizz::NamedGroup::X25519MLKEM512_FB:
+      return "X25519MLKEM512_FB";
     case NamedGroup::X25519MLKEM768:
       return "X25519MLKEM768";
     case NamedGroup::secp521r1_x25519:

diff --git a/fizz/record/Types.h b/fizz/record/Types.h
@@ -346,6 +346,7 @@ enum class NamedGroup : uint16_t {
   secp521r1 = 25,
   x25519 = 29,
   SecP256r1MLKEM768 = 4587,
+  X25519MLKEM512_FB = 65026,
   X25519MLKEM768 = 4588,
 
   /**

diff --git a/fizz/util/Parse-inl.h b/fizz/util/Parse-inl.h
@@ -65,6 +65,8 @@ inline NamedGroup parse(folly::StringPiece s) {
        NamedGroup::x25519_kyber768_experimental},
       {"x25519_kyber512_experimental",
        NamedGroup::x25519_kyber512_experimental},
+      {"X25519MLKEM512_FB", NamedGroup::X25519MLKEM512_FB},
+      {"X25519MLKEM768", NamedGroup::X25519MLKEM768},
       {"secp256r1_kyber768_draft00", NamedGroup::secp256r1_kyber768_draft00},
       {"secp384r1_kyber768", NamedGroup::secp384r1_kyber768}};