Allow for compilation without AES

randombit · Oct 5, 2023 · 1ae5b96 · 1ae5b96
1 parent ad660cc
commit 1ae5b96
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 27 deletions.
diff --git a/src/lib/pubkey/frodokem/frodo_constants.cpp b/src/lib/pubkey/frodokem/frodo_constants.cpp
@@ -17,6 +17,10 @@
 namespace Botan {
 
 FrodoKEMConstants::FrodoKEMConstants(FrodoKEMMode mode) : m_mode(mode) {
+#if !defined(BOTAN_HAS_AES)
+ BOTAN_ARG_CHECK(!mode.is_aes(), "cannot instantiate AES-based FrodoKEM: This build does not support AES");
+#endif
+
  //Common for all parameter sets:
  m_n_bar = 8;
  m_len_a = 128;

diff --git a/src/lib/pubkey/frodokem/frodo_matrix.cpp b/src/lib/pubkey/frodokem/frodo_matrix.cpp
@@ -11,11 +11,12 @@
 */
 
 #include <botan/assert.h>
-#include <botan/block_cipher.h>
 #include <botan/frodokem.h>
 #include <botan/hex.h>
 #include <botan/mem_ops.h>
-#include <botan/internal/aes.h>
+#if defined(BOTAN_HAS_AES)
+ #include <botan/internal/aes.h>
+#endif
 #include <botan/internal/bit_ops.h>
 #include <botan/internal/ct_utils.h>
 #include <botan/internal/frodo_constants.h>
@@ -41,10 +42,9 @@ std::vector<uint16_t> make_elements_vector(const FrodoMatrix::Dimensions& dimens
  return std::vector<uint16_t>(static_cast<size_t>(std::get<0>(dimensions)) * std::get<1>(dimensions));
 }
 
-// TODO: Probably we want to split AES-support into an extra botan module
-// For that, this function will need to be refactored.
 std::function<void(std::span<uint8_t> out, uint16_t i)> make_row_generator(const FrodoKEMConstants& constants,
  StrongSpan<const FrodoSeedA> seed_a) {
+#if defined(BOTAN_HAS_AES)
  if(constants.mode().is_aes()) {
  // precondition the block cipher for "seed a" to avoid
  // regenerating the AES' key schedule for each matrix row
@@ -69,7 +69,10 @@ std::function<void(std::span<uint8_t> out, uint16_t i)> make_row_generator(const
  aes.encrypt(out_coefs);
  }
  };
- } else if(constants.mode().is_shake()) {
+ }
+#endif
+
+ if(constants.mode().is_shake()) {
  SHAKE_128_XOF xof;
  return [xof, a = FrodoSeedA(seed_a)](std::span<uint8_t> out, uint16_t i) mutable {
  xof.clear();
@@ -83,6 +86,8 @@ std::function<void(std::span<uint8_t> out, uint16_t i)> make_row_generator(const
  };
  }
 
+ // If we don't have AES in this build, the instantiation of the FrodoKEM instance
+ // is blocked upstream already. Hence, assert is save here.
  BOTAN_ASSERT_UNREACHABLE();
 }
 

diff --git a/src/lib/pubkey/frodokem/info.txt b/src/lib/pubkey/frodokem/info.txt
@@ -7,9 +7,7 @@ name -> "FrodoKEM"
 </module_info>
 
 <requires>
-aes
 shake_xof
-sha3
 </requires>
 
 <header:public>

diff --git a/src/tests/test_frodokem.cpp b/src/tests/test_frodokem.cpp
@@ -68,6 +68,7 @@ decltype(auto) sha3(std::span<const uint8_t> data) {
  return Botan::HashFunction::create_or_throw("SHA-3(256)")->process<std::vector<uint8_t>>(data);
 }
 
+ #if defined(BOTAN_HAS_AES)
 class Frodo_KAT_Tests final : public Text_Based_Test {
  public:
  Frodo_KAT_Tests() : Text_Based_Test("pubkey/frodokem_kat.vec", "seed,ss,pk,sk,ct") {}
@@ -112,22 +113,21 @@ class Frodo_KAT_Tests final : public Text_Based_Test {
  return result;
  }
 };
+ #endif
 
 std::vector<Test::Result> test_frodo_roundtrips() {
  auto& rng = Test::rng();
 
- auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,
- Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
- Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,
- Botan::FrodoKEMMode::eFrodoKEM1344_AES,
- Botan::FrodoKEMMode::eFrodoKEM976_AES,
- Botan::FrodoKEMMode::eFrodoKEM640_AES,
- Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
- Botan::FrodoKEMMode::FrodoKEM976_SHAKE,
- Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
- Botan::FrodoKEMMode::FrodoKEM1344_AES,
- Botan::FrodoKEMMode::FrodoKEM976_AES,
- Botan::FrodoKEMMode::FrodoKEM640_AES};
+ auto modes = std::vector {
+ Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE, Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
+ Botan::FrodoKEMMode::eFrodoKEM640_SHAKE, Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
+ Botan::FrodoKEMMode::FrodoKEM976_SHAKE, Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
+ #if defined(BOTAN_HAS_AES)
+ Botan::FrodoKEMMode::eFrodoKEM1344_AES, Botan::FrodoKEMMode::eFrodoKEM976_AES,
+ Botan::FrodoKEMMode::eFrodoKEM640_AES, Botan::FrodoKEMMode::FrodoKEM1344_AES,
+ Botan::FrodoKEMMode::FrodoKEM976_AES, Botan::FrodoKEMMode::FrodoKEM640_AES
+ #endif
+ };
 
  auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,
  std::span<const uint8_t> encaps_value,
@@ -195,14 +195,10 @@ class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {
  public:
  std::vector<std::string> keygen_params() const override {
  return {
- "FrodoKEM-640-SHAKE",
- "FrodoKEM-976-SHAKE",
- "eFrodoKEM-640-SHAKE",
- "eFrodoKEM-976-SHAKE",
- "FrodoKEM-640-AES",
- "FrodoKEM-976-AES",
- "eFrodoKEM-640-AES",
- "eFrodoKEM-976-AES",
+ "FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",
+ #if defined(BOTAN_HAS_AES)
+ "FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",
+ #endif
  };
  }
 
@@ -211,7 +207,10 @@ class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {
 
 } // namespace
 
+ #if defined(BOTAN_HAS_AES)
 BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);
+ #endif
+
 BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);
 BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);