Use pure-Go KEM implementations from cloudflare/circl

.github/workflows/test.yaml

@@ -11,8 +11,16 @@ on:
 
 jobs:
   test:
-    name: Tests
+    name: Test ${{ matrix.cgo && 'with' || 'without' }} Cgo
     runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        cgo: [true, false]
+
+    env:
+      CGO_ENABLED: ${{ matrix.cgo && '1' || '0' }}
+
     steps:
     - uses: actions/checkout@v3
 
@@ -37,6 +45,7 @@ jobs:
         repository: open-quantum-safe/liboqs
         ref: 0.8.0
         path: liboqs
+      if: ${{ matrix.cgo }}
 
     - name: Install liboqs
       run: |
@@ -47,6 +56,7 @@ jobs:
           -DBUILD_SHARED_LIBS=ON \
           -DCMAKE_INSTALL_PREFIX=/usr ..
         sudo ninja install
+      if: ${{ matrix.cgo }}
 
     - name: Set up Go
       uses: actions/setup-go@v4

crypto_circl.go

@@ -0,0 +1,77 @@
+// SPDX-FileCopyrightText: 2023 Steffen Vogel <[email protected]>
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !cgo
+
+package rosenpass
+
+import (
+	"github.com/cloudflare/circl/kem"
+	"github.com/cloudflare/circl/kem/kyber/kyber512"
+	"github.com/cloudflare/circl/kem/mceliece/mceliece460896"
+)
+
+type kemType = kem.Scheme
+
+var (
+	kemStatic    kemType = mceliece460896.Scheme()
+	kemEphemeral kemType = kyber512.Scheme()
+)
+
+func generateStaticKeyPair() (spk, ssk, error) {
+	if pk, sk, err := generateKeyPair(kemStatic); err != nil {
+		return nil, nil, err
+	} else {
+		return spk(pk), ssk(sk), nil
+	}
+}
+
+func generateEphemeralKeyPair() (epk, esk, error) {
+	if pk, sk, err := generateKeyPair(kemEphemeral); err != nil {
+		return nil, nil, err
+	} else {
+		return epk(pk), esk(sk), nil
+	}
+}
+
+func generateKeyPair(typ kem.Scheme) ([]byte, []byte, error) {
+	pk, sk, err := typ.GenerateKeyPair()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pk2, _ := pk.MarshalBinary()
+	sk2, _ := sk.MarshalBinary()
+
+	return pk2, sk2, nil
+}
+
+func newKEM(typ kemType, key []byte) (keyEncapsulation, error) {
+	return &circlKeyEncapsulation{
+		key:    key,
+		scheme: typ,
+	}, nil
+}
+
+type circlKeyEncapsulation struct {
+	scheme kem.Scheme
+	key    []byte
+}
+
+func (ke *circlKeyEncapsulation) EncapSecret(pk []byte) (ct []byte, ss []byte, err error) {
+	cpk, err := ke.scheme.UnmarshalBinaryPublicKey(pk)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return ke.scheme.Encapsulate(cpk)
+}
+
+func (ke *circlKeyEncapsulation) DecapSecret(ct []byte) (ss []byte, err error) {
+	csk, err := ke.scheme.UnmarshalBinaryPrivateKey(ke.key)
+	if err != nil {
+		return nil, err
+	}
+
+	return ke.scheme.Decapsulate(csk, ct)
+}

go.mod

@@ -3,7 +3,7 @@ module github.com/stv0g/go-rosenpass
 go 1.20
 
 require (
-	github.com/open-quantum-safe/liboqs-go v0.0.0-20230705192921-cf9c63b76ce6
+	github.com/cloudflare/circl v0.0.0-00010101000000-000000000000
 	github.com/pelletier/go-toml/v2 v2.0.9
 	github.com/spf13/cobra v1.7.0
 	golang.org/x/crypto v0.11.0
@@ -22,6 +22,7 @@ require (
 	github.com/mdlayher/genetlink v1.3.2 // indirect
 	github.com/mdlayher/netlink v1.7.2 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
+	github.com/open-quantum-safe/liboqs-go v0.0.0-20230705192921-cf9c63b76ce6 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
@@ -31,3 +32,8 @@ require (
 	golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+// For Classic McEliece support
+// Based on older version of https://github.com/cloudflare/circl/pull/378
+// implementing the round 3 version of Classic McEliece without plaintext confirmation
+replace github.com/cloudflare/circl => github.com/stv0g/circl v0.0.0-20230801113412-fec58fc7b5f6

go.sum

@@ -35,6 +35,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stv0g/circl v0.0.0-20230801113412-fec58fc7b5f6 h1:+lCakOkbjp3Qcc73KlV8sHoxTGfBA9VA22J1s3mVwaM=
+github.com/stv0g/circl v0.0.0-20230801113412-fec58fc7b5f6/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=

server_test.go

@@ -41,7 +41,7 @@ func TestServer(t *testing.T) {
 		})
 
 		t.Run("Go-to-Rust", func(t *testing.T) {
-			testHandshake(t, newGoServer, newRustServer, rp.GenerateRound2KeyPair, rp.GenerateKeyPair, numHandshakes)
+			testHandshake(t, newGoServer, newRustServer, rp.GenerateKeyPair, rp.GenerateRound2KeyPair, numHandshakes)
 		})
 	}