Add msrcln16 & sidh to openssl

README.md

@@ -32,7 +32,9 @@ liboqs currently supports the following key exchange mechanisms:
 
 - `RLWE-BCNS15`: key exchange from the ring learning with errors problem (Bos, Costello, Naehrig, Stebila, *IEEE Symposium on Security & Privacy 2015*, [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599))
 - `RLWE-NEWHOPE`: "NewHope": key exchange from the ring learning with errors problem (Alkim, Ducas, Pöppelmann, Schwabe, *USENIX Security 2016*, [https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092)) (using the reference C implementation of NewHope from [https://github.com/tpoeppelmann/newhope](https://github.com/tpoeppelmann/newhope))
+- `RLWE-MSRLN16`: "MSR CLN16": Longa and Naehrig NTT improvements on NewHope, [https://www.microsoft.com/en-us/research/wp-content/uploads/2016/05/RLWE-1.pdf](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/05/RLWE-1.pdf)) (using the reference C implementation from [https://www.microsoft.com/en-us/research/project/lattice-cryptography-library/](https://www.microsoft.com/en-us/research/project/lattice-cryptography-library/))
 - `LWE-FRODO-RECOMMENDED`: "Frodo": key exchange from the learning with errors problem (Bos, Costello, Ducas, Mironov, Naehrig, Nikolaenko, Raghunathan, Stebila, *ACM Conference on Computer and Communications Security 2016*, [http://eprint.iacr.org/2016/659](http://eprint.iacr.org/2016/659)); using the "recommended" parameter set
+- `SIDH-CLN16`: "SIDH": key exchange from the supersingular isogeny Diffie-Hellman problem (Costello, Longa, Naehrig, *Crypto 2016*, [https://eprint.iacr.org/2016/413](https://eprint.iacr.org/2016/413)) (using the reference C implementation from [https://www.microsoft.com/en-us/research/project/sidh-library/](https://www.microsoft.com/en-us/research/project/sidh-library/))
 
 ### Ciphersuites
 
@@ -98,7 +100,7 @@ OpenSSL contains a basic TLS server (`s_server`) and TLS client (`s_client`) whi
 
 To see the list of supported ciphersuites from OQS, type:
 
-	apps/openssl ciphers OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE
+	apps/openssl ciphers OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-RLWE-MSRLN16:OQSKEX-RLWE-MSRLN16-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE:OQSKEX-SIDH-CLN16:OQSKEX-SIDH-CLN16-ECDHE
 
 To run a server, we first need to generate a self-signed X.509 certificate.  Run the following command:
 
@@ -112,7 +114,7 @@ When done, type to combine the key and certificate (as required by `s_server`):
 
 To run a basic TLS server with all OQS ciphersuites enabled:
 
-	apps/openssl s_server -cipher OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE
+	apps/openssl s_server -cipher OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-RLWE-MSRLN16:OQSKEX-RLWE-MSRLN16-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE:OQSKEX-SIDH-CLN16:OQSKEX-SIDH-CLN16-ECDHE
 
 In another terminal window, you can run a TLS client for any or all of the supported ciphersuites, for example:
 
@@ -122,8 +124,12 @@ In another terminal window, you can run a TLS client for any or all of the suppo
 	apps/openssl s_client -cipher OQSKEX-RLWE-BCNS15-ECDHE
 	apps/openssl s_client -cipher OQSKEX-RLWE-NEWHOPE
 	apps/openssl s_client -cipher OQSKEX-RLWE-NEWHOPE-ECDHE
+	apps/openssl s_client -cipher OQSKEX-RLWE-MSRLN16
+	apps/openssl s_client -cipher OQSKEX-RLWE-MSRLN16-ECDHE
 	apps/openssl s_client -cipher OQSKEX-LWE-FRODO-RECOMMENDED
 	apps/openssl s_client -cipher OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE
+	apps/openssl s_client -cipher OQSKEX-SIDH-CLN16
+	apps/openssl s_client -cipher OQSKEX-SIDH-CLN16-ECDHE
 
 Current status and plans
 ------------------------

apps/speed.c

@@ -250,7 +250,7 @@ static int do_multi(int multi);
 # define SIZE_NUM        5
 # define RSA_NUM         4
 # define DSA_NUM         3
-# define OQSKEX_NUM      4
+# define OQSKEX_NUM      6
 
 # define EC_NUM       16
 # define MAX_ECDH_SIZE 256
@@ -556,7 +556,9 @@ int MAIN(int argc, char **argv)
 # define R_OQSKEX_GENERIC        0
 # define R_OQSKEX_RLWE_BCNS15    1
 # define R_OQSKEX_RLWE_NEWHOPE   2
-# define R_OQSKEX_LWE_FRODO_RECOMMENDED     3
+# define R_OQSKEX_RLWE_MSRLN16   3
+# define R_OQSKEX_LWE_FRODO_RECOMMENDED     4
+# define R_OQSKEX_SIDH_CLN16   5
 
 # ifndef OPENSSL_NO_RSA
     RSA *rsa_key[RSA_NUM];
@@ -636,7 +638,9 @@ int MAIN(int argc, char **argv)
         "generic",
         "rlwe_bcns15",
         "rlwe_newhope",
+	"rlwe_msrln16",
         "lwe_frodo_recommended",
+	"sidh_cln16",
     };
 # endif
 
@@ -1125,8 +1129,12 @@ int MAIN(int argc, char **argv)
             oqskex_doit[R_OQSKEX_RLWE_BCNS15] = 2;
         else if (strcmp(*argv, "oqskex_rlwe_newhope") == 0)
             oqskex_doit[R_OQSKEX_RLWE_NEWHOPE] = 2;
+        else if (strcmp(*argv, "oqskex_rlwe_msrln16") == 0)
+            oqskex_doit[R_OQSKEX_RLWE_MSRLN16] = 2;
         else if (strcmp(*argv, "oqskex_lwe_frodo_recommended") == 0)
             oqskex_doit[R_OQSKEX_LWE_FRODO_RECOMMENDED] = 3;
+        else if (strcmp(*argv, "oqskex_sidh_cln16") == 0)
+            oqskex_doit[R_OQSKEX_SIDH_CLN16] = 2;
         else if (strcmp(*argv, "oqskex") == 0) {
             for (i = 0; i < OQSKEX_NUM; i++)
                 oqskex_doit[i] = 1;
@@ -1236,7 +1244,8 @@ int MAIN(int argc, char **argv)
 # endif
 # ifndef OPENSSL_NO_OQSKEX
             BIO_printf(bio_err, "oqskex_generic  oqskex_rlwe_bcns15  oqskex_rlwe_newhope\n");
-            BIO_printf(bio_err, "oqskex_lwe_frodo_recommended\n");
+            BIO_printf(bio_err, "oqskex_rlwe_msrln16  oqskex_lwe_frodo_recommended\n");
+            BIO_printf(bio_err, "oqskex_sidh_cln16\n");
             BIO_printf(bio_err, "oqskex\n");
 # endif
 
@@ -2459,9 +2468,13 @@ int MAIN(int argc, char **argv)
                 oqskex_kex[j] = OQS_KEX_new(oqskex_rand[j], OQS_KEX_alg_rlwe_bcns15, NULL, 0, NULL);
             } else if (j == R_OQSKEX_RLWE_NEWHOPE) {
                 oqskex_kex[j] = OQS_KEX_new(oqskex_rand[j], OQS_KEX_alg_rlwe_newhope, NULL, 0, NULL);
+            } else if (j == R_OQSKEX_RLWE_MSRLN16) {
+                oqskex_kex[j] = OQS_KEX_new(oqskex_rand[j], OQS_KEX_alg_rlwe_msrln16, NULL, 0, NULL);
             } else if (j == R_OQSKEX_LWE_FRODO_RECOMMENDED) {
                 oqskex_kex[j] = OQS_KEX_new(oqskex_rand[j], OQS_KEX_alg_lwe_frodo, (unsigned char *) "0123456789ABCDEF", 16, "recommended");
-            }
+            } else if (j == R_OQSKEX_SIDH_CLN16) {
+                oqskex_kex[j] = OQS_KEX_new(oqskex_rand[j], OQS_KEX_alg_sidh_cln16, NULL, 0, NULL);
+	    }
             if (oqskex_kex[j] == NULL) {
                 BIO_printf(bio_err,"OQSKEX failure - OQS_KEX_new.\n");
                 ERR_print_errors(bio_err);

ssl/s3_clnt.c

@@ -1810,7 +1810,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif                          /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_OQSKEX
-    else if (((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED)) && !(alg_k & SSL_kEECDH)) {
+    else if (((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_CLN16)) && !(alg_k & SSL_kEECDH)) {
         /* Get the OQSKEX message */
         srvr_oqskex_msg_len = (p[0] << 8) | p[1];
         p += 2;
@@ -1934,7 +1934,7 @@ int ssl3_get_key_exchange(SSL *s)
         p += encoded_pt_len;
 
 #ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
-        if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED)) {
+        if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_CLN16)) {
             /* Get the OQSKEX message */
             srvr_oqskex_msg_len = (p[0] << 8) | p[1];
             p += 2;
@@ -3001,7 +3001,7 @@ int ssl3_send_client_key_exchange(SSL *s)
             }
 
 #ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
-            if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED)) {
+            if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_CLN16)) {
                 srvr_oqskex_msg = s->session->sess_cert->peer_oqskex_msg_tmp;
                 srvr_oqskex_msg_len = s->session->sess_cert->peer_oqskex_msg_len_tmp;
 
@@ -3029,6 +3029,11 @@ int ssl3_send_client_key_exchange(SSL *s)
                         SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
                         goto err;
                     }
+                } else if (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) {
+                    if ((oqskex_kex = OQS_KEX_new(oqskex_rand, OQS_KEX_alg_rlwe_msrln16, NULL, 0, NULL)) == NULL) {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
                 } else if (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) {
                     SHA256_CTX sha256_ctx;
                     unsigned char frodo_seed[SHA256_DIGEST_LENGTH];
@@ -3040,6 +3045,11 @@ int ssl3_send_client_key_exchange(SSL *s)
                         SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
                         goto err;
                     }
+                } else if (alg_k & SSL_kOQSKEX_SIDH_CLN16) {
+                    if ((oqskex_kex = OQS_KEX_new(oqskex_rand, OQS_KEX_alg_sidh_cln16, NULL, 0, NULL)) == NULL) {
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
                 }
 
                 if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
@@ -3105,7 +3115,7 @@ int ssl3_send_client_key_exchange(SSL *s)
             }
 
 #ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
-            if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED)) {
+            if ((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_CLN16)) {
                 p[0] = (clnt_oqskex_msg_len >> 8) & 0xFF;
                 p[1] =  clnt_oqskex_msg_len       & 0xFF;
                 p += 2;
@@ -3131,7 +3141,7 @@ int ssl3_send_client_key_exchange(SSL *s)
         }
 #endif                          /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_OQSKEX
-        else if (((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED)) && !(alg_k & SSL_kEECDH)) {
+        else if (((alg_k & SSL_kOQSKEX_GENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15) || (alg_k & SSL_kOQSKEX_RLWE_NEWHOPE) || (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) || (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) || (alg_k & SSL_kOQSKEX_SIDH_CLN16)) && !(alg_k & SSL_kEECDH)) {
             srvr_oqskex_msg = s->session->sess_cert->peer_oqskex_msg_tmp;
             srvr_oqskex_msg_len = s->session->sess_cert->peer_oqskex_msg_len_tmp;
 
@@ -3159,6 +3169,11 @@ int ssl3_send_client_key_exchange(SSL *s)
                     SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
                     goto err;
                 }
+            } else if (alg_k & SSL_kOQSKEX_RLWE_MSRLN16) {
+                if ((oqskex_kex = OQS_KEX_new(oqskex_rand, OQS_KEX_alg_rlwe_msrln16, NULL, 0, NULL)) == NULL) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
             } else if (alg_k & SSL_kOQSKEX_LWE_FRODO_RECOMMENDED) {
                 SHA256_CTX sha256_ctx;
                 unsigned char frodo_seed[SHA256_DIGEST_LENGTH];
@@ -3170,6 +3185,11 @@ int ssl3_send_client_key_exchange(SSL *s)
                     SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
                     goto err;
                 }
+            } else if (alg_k & SSL_kOQSKEX_SIDH_CLN16) {
+                if ((oqskex_kex = OQS_KEX_new(oqskex_rand, OQS_KEX_alg_sidh_cln16, NULL, 0, NULL)) == NULL) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
             }
 
             if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {