Added HQC variants. (#63)

README.md

@@ -58,19 +58,22 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h
 - `oqsdefault` (see [here](https://github.com/open-quantum-safe/openssh-portable/wiki/Using-liboqs-supported-algorithms-in-the-fork) for what this denotes)
 - **BIKE**:`bike1-l1-cpa`, `bike1-l3-cpa`, `bike1-l1-fo`, `bike2-l3-fo`
 - **Classic McEliece**: `classic-mceliece-348864`, `classic-mceliece-348864f`, `classic-mceliece-460896`, `classic-mceliece-460896f`, `classic-mceliece-6688128`, `classic-mceliece-6688128f`, `classic-mceliece-6960119`, `classic-mceliece-6960119f`, `classic-mceliece-8192128`, `classic-mceliece-8192128f`
-- **FrodoKEM**:`frodo-640-aes`, `frodo-976-aes`
+- **FrodoKEM**:`frodo-640-aes`, `frodo-640-shake`, `frodo-976-aes`, `frodo-976-shake`, `frodo-1344-aes`, `frodo-1344-shake`
+- **HQC**: `hqc-128-1-cca2`, `hqc-192-1-cca2`, `hqc-192-2-cca2`, `hqc-256-1-cca2`†, `hqc-256-2-cca2`†, `hqc-256-3-cca2`†
 - **Kyber**:`kyber-512`, `kyber-768`, `kyber-1024`, `kyber-512-90s`, `kyber-768-90s`, `kyber-1024-90s`
 - **NewHope**:`newhope-512`, `newhope-1024`
 - **NTRU**:`ntru-hps-2048-509`, `ntru-hps-2048-677`
 - **Saber**:`saber-lightsaber`, `saber-saber`, `saber-firesaber`
 - **SIDH**:`sidh-p434`, `sidh-p503`, `sidh-p610`, `sidh-p751`, `sidh-p434-compressed`, `sidh-p503-compressed`, `sidh-p610-compressed`, `sidh-p751-compressed`
 - **SIKE**:`sike-p434`, `sike-p503`, `sike-p610`, `sike-p751`, `sike-p434-compressed`, `sike-p503-compressed`, `sike-p610-compressed`, `sike-p751-compressed`
-- **ThreeBears**:`babybear`, `mamabear`, `papabear`, `babybear_ephem`, `mamabear_ephem`, `papabear_ephem`
+- **ThreeBears**:`babybear`, `mamabear`, `papabear`, `babybear-ephem`, `mamabear-ephem`, `papabear-ephem`
 
 The following hybrid algorithms are supported; they combine a quantum-safe algorithm listed above with ECDH that uses NIST's P384 curve:
 
 - `ecdh-nistp384-<KEX>`, where ``<KEX>`` is any one of the algorithms listed above.
 
+Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments.
+
 #### Digital Signature
 
 The following digital signature algorithms from liboqs are supported (assuming they have been enabled in liboqs). Note that only L1 signature and all **Rainbow** variants are enabled by default, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-for://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork#code-generation).

configure.ac

@@ -3713,6 +3713,20 @@ if test "x$with_liboqs" = "xyes" ; then
 			], [AC_MSG_RESULT([no])
 	])
 
+	AC_MSG_CHECKING([for libOQS HQC support])
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+				#include <oqs/oqs.h>
+			]], [[
+					#if defined(OQS_ENABLE_KEM_HQC) || (defined(OQS_ENABLE_KEM_hqc_128_1_cca2) && defined(OQS_ENABLE_KEM_hqc_192_1_cca2) && defined(OQS_ENABLE_KEM_hqc_192_2_cca2) && defined(OQS_ENABLE_KEM_hqc_256_1_cca2) && defined(OQS_ENABLE_KEM_hqc_256_2_cca2) && defined(OQS_ENABLE_KEM_hqc_256_3_cca2))
+					#else
+					#error "HQC is not supported"
+					#endif
+			]])],
+			[ AC_MSG_RESULT([yes])
+				AC_DEFINE([HAVE_HQC], [1], [Define to 1 if LibOQS library is compiled with support for HQC])
+			], [AC_MSG_RESULT([no])
+	])
+
 
 	AC_MSG_CHECKING([for libOQS DILITHIUM support])
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

kex.c

@@ -181,6 +181,14 @@ static const struct kexalg kexalgs[] = {
 	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_PAPABEAR_SHA384)
 	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_PAPABEAR_EPHEM_SHA384)
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_128_1_CCA2_SHA384)
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_192_1_CCA2_SHA384)
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_192_2_CCA2_SHA384)
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_256_1_CCA2_SHA384)
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_256_2_CCA2_SHA384)
+	HYBRID_ECDH_OQS_KEX(KEX_ECDH_NISTP384_HQC_256_3_CCA2_SHA384)
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_HYBRID_KEXS_END
 #endif /* defined(WITH_OQS) && defined(WITH_HYBRID_KEX) */
 # ifdef OPENSSL_HAS_NISTP521
@@ -269,6 +277,14 @@ static const struct kexalg kexalgs[] = {
 	PQ_OQS_KEX(KEX_PAPABEAR_SHA384)
 	PQ_OQS_KEX(KEX_PAPABEAR_EPHEM_SHA384)
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+	PQ_OQS_KEX(KEX_HQC_128_1_CCA2_SHA384)
+	PQ_OQS_KEX(KEX_HQC_192_1_CCA2_SHA384)
+	PQ_OQS_KEX(KEX_HQC_192_2_CCA2_SHA384)
+	PQ_OQS_KEX(KEX_HQC_256_1_CCA2_SHA384)
+	PQ_OQS_KEX(KEX_HQC_256_2_CCA2_SHA384)
+	PQ_OQS_KEX(KEX_HQC_256_3_CCA2_SHA384)
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_PQ_KEXS_END
 #endif /* defined(WITH_OQS) && defined(WITH_PQ_KEX) */
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)

kex.h

@@ -128,6 +128,12 @@
 #define KEX_MAMABEAR_EPHEM_SHA384 PQ_OQS_KEX_SUFFIX("mamabear-ephem-sha384")
 #define KEX_PAPABEAR_SHA384 PQ_OQS_KEX_SUFFIX("papabear-sha384")
 #define KEX_PAPABEAR_EPHEM_SHA384 PQ_OQS_KEX_SUFFIX("papabear-ephem-sha384")
+#define KEX_HQC_128_1_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-128-1-cca2-sha384")
+#define KEX_HQC_192_1_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-192-1-cca2-sha384")
+#define KEX_HQC_192_2_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-192-2-cca2-sha384")
+#define KEX_HQC_256_1_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-256-1-cca2-sha384")
+#define KEX_HQC_256_2_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-256-2-cca2-sha384")
+#define KEX_HQC_256_3_CCA2_SHA384 PQ_OQS_KEX_SUFFIX("hqc-256-3-cca2-sha384")
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_PQ_KEXS_END
 
 #endif /* defined(WITH_OQS) && defined(WITH_PQ_KEX) */
@@ -193,6 +199,12 @@
 #define KEX_ECDH_NISTP384_MAMABEAR_EPHEM_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-mamabear-ephem-sha384")
 #define KEX_ECDH_NISTP384_PAPABEAR_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-papabear-sha384")
 #define KEX_ECDH_NISTP384_PAPABEAR_EPHEM_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-papabear-ephem-sha384")
+#define KEX_ECDH_NISTP384_HQC_128_1_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-128-1-cca2-sha384")
+#define KEX_ECDH_NISTP384_HQC_192_1_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-192-1-cca2-sha384")
+#define KEX_ECDH_NISTP384_HQC_192_2_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-192-2-cca2-sha384")
+#define KEX_ECDH_NISTP384_HQC_256_1_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-1-cca2-sha384")
+#define KEX_ECDH_NISTP384_HQC_256_2_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-2-cca2-sha384")
+#define KEX_ECDH_NISTP384_HQC_256_3_CCA2_SHA384 HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-3-cca2-sha384")
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_HYBRID_KEXS_END
 
 #endif /* defined(WITH_OQS) && defined(WITH_HYBRID_KEX) */

kexoqs.c

@@ -177,6 +177,20 @@ static const OQS_ALG oqs_alg_mapping[] = {
 	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-papabear-ephem-sha384"), OQS_KEM_alg_threebears_papabear_ephem,
 	SSH2_MSG_HY_ECDH_THREEBEARS_INIT, SSH2_MSG_HY_ECDH_THREEBEARS_REPLY},
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-128-1-cca2-sha384"), OQS_KEM_alg_hqc_128_1_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-192-1-cca2-sha384"), OQS_KEM_alg_hqc_192_1_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-192-2-cca2-sha384"), OQS_KEM_alg_hqc_192_2_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-1-cca2-sha384"), OQS_KEM_alg_hqc_256_1_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-2-cca2-sha384"), OQS_KEM_alg_hqc_256_2_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+	{HYBRID_ECDH_OQS_KEX_SUFFIX("ecdh-nistp384-hqc-256-3-cca2-sha384"), OQS_KEM_alg_hqc_256_3_cca2,
+	SSH2_MSG_HY_ECDH_HQC_INIT, SSH2_MSG_HY_ECDH_HQC_REPLY},
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_HYBRID_KEXS_END
 #endif /* defined(OPENSSL_HAS_ECC) && defined(WITH_HYBRID_KEX) */
 /* PQ-only key exchange methods */
@@ -318,6 +332,20 @@ static const OQS_ALG oqs_alg_mapping[] = {
 	{PQ_OQS_KEX_SUFFIX("papabear-ephem-sha384"), OQS_KEM_alg_threebears_papabear_ephem,
 	SSH2_MSG_PQ_THREEBEARS_INIT, SSH2_MSG_PQ_THREEBEARS_REPLY},
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+	{PQ_OQS_KEX_SUFFIX("hqc-128-1-cca2-sha384"), OQS_KEM_alg_hqc_128_1_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+	{PQ_OQS_KEX_SUFFIX("hqc-192-1-cca2-sha384"), OQS_KEM_alg_hqc_192_1_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+	{PQ_OQS_KEX_SUFFIX("hqc-192-2-cca2-sha384"), OQS_KEM_alg_hqc_192_2_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+	{PQ_OQS_KEX_SUFFIX("hqc-256-1-cca2-sha384"), OQS_KEM_alg_hqc_256_1_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+	{PQ_OQS_KEX_SUFFIX("hqc-256-2-cca2-sha384"), OQS_KEM_alg_hqc_256_2_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+	{PQ_OQS_KEX_SUFFIX("hqc-256-3-cca2-sha384"), OQS_KEM_alg_hqc_256_3_cca2,
+	SSH2_MSG_PQ_HQC_INIT, SSH2_MSG_PQ_HQC_REPLY},
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_PQ_KEXS_END
 #endif /* WITH_PQ_KEX */
 	{NULL,NULL,0,0} /* End of list */

myproposal.h

@@ -138,6 +138,17 @@
 #else
 #define KEX_PQ_METHOD_THREEBEARS ""
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+#define KEX_PQ_METHOD_HQC \
+    PQ_OQS_KEX_METHOD("hqc-128-1-cca2-sha384") \
+    PQ_OQS_KEX_METHOD("hqc-192-1-cca2-sha384") \
+    PQ_OQS_KEX_METHOD("hqc-192-2-cca2-sha384") \
+    PQ_OQS_KEX_METHOD("hqc-256-1-cca2-sha384") \
+    PQ_OQS_KEX_METHOD("hqc-256-2-cca2-sha384") \
+    PQ_OQS_KEX_METHOD("hqc-256-3-cca2-sha384")
+#else
+#define KEX_PQ_METHOD_HQC ""
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_PQ_KEXS_END
 #else /* defined(WITH_OQS) && defined(WITH_PQ_KEX) */
 ///// OQS_TEMPLATE_FRAGMENT_UNDEFINE_PQ_KEXS_START
@@ -151,6 +162,7 @@
 #define KEX_PQ_METHOD_SIDH ""
 #define KEX_PQ_METHOD_SIKE ""
 #define KEX_PQ_METHOD_THREEBEARS ""
+#define KEX_PQ_METHOD_HQC ""
 ///// OQS_TEMPLATE_FRAGMENT_UNDEFINE_PQ_KEXS_END
 #endif /* defined(WITH_OQS) && defined(WITH_PQ_KEX) */
 
@@ -166,7 +178,8 @@
     KEX_PQ_METHOD_SABER \
     KEX_PQ_METHOD_SIDH \
     KEX_PQ_METHOD_SIKE \
-    KEX_PQ_METHOD_THREEBEARS
+    KEX_PQ_METHOD_THREEBEARS \
+    KEX_PQ_METHOD_HQC
 ///// OQS_TEMPLATE_FRAGMENT_LIST_PQ_KEXS_END
 
 #ifdef OPENSSL_HAS_ECC
@@ -280,6 +293,17 @@
 #else
 #define KEX_HYBRID_METHOD_THREEBEARS ""
 #endif /* HAVE_THREEBEARS */
+#ifdef HAVE_HQC
+#define KEX_HYBRID_METHOD_HQC \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-128-1-cca2-sha384") \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-192-1-cca2-sha384") \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-192-2-cca2-sha384") \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-256-1-cca2-sha384") \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-256-2-cca2-sha384") \
+    HYBRID_ECDH_OQS_METHOD("ecdh-nistp384-hqc-256-3-cca2-sha384")
+#else
+#define KEX_HYBRID_METHOD_HQC ""
+#endif /* HAVE_HQC */
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_HYBRID_KEXS_END
 #else /* defined(WITH_OQS) && defined(WITH_HYBRID_KEX) */
 ///// OQS_TEMPLATE_FRAGMENT_UNDEFINE_HYBRID_KEXS_START
@@ -293,6 +317,7 @@
 #define KEX_HYBRID_METHOD_SIDH ""
 #define KEX_HYBRID_METHOD_SIKE ""
 #define KEX_HYBRID_METHOD_THREEBEARS ""
+#define KEX_HYBRID_METHOD_HQC ""
 ///// OQS_TEMPLATE_FRAGMENT_UNDEFINE_HYBRID_KEXS_END
 #endif /* defined(WITH_OQS) && defined(WITH_HYBRID_KEX) */
 
@@ -308,7 +333,8 @@
     KEX_HYBRID_METHOD_SABER \
     KEX_HYBRID_METHOD_SIDH \
     KEX_HYBRID_METHOD_SIKE \
-    KEX_HYBRID_METHOD_THREEBEARS
+    KEX_HYBRID_METHOD_THREEBEARS \
+    KEX_HYBRID_METHOD_HQC
 ///// OQS_TEMPLATE_FRAGMENT_LIST_HYBRID_KEXS_END
 
 #ifdef OPENSSL_HAS_NISTP521

oqs-template/generate.yml

@@ -591,3 +591,24 @@ kems:
       -
         name: "PAPABEAR_EPHEM"
         oqs_meth: "OQS_KEM_alg_threebears_papabear_ephem"
+  -
+    family: "HQC"
+    variants:
+      -
+        name: "HQC_128_1_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_128_1_cca2'
+      -
+        name: "HQC_192_1_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_192_1_cca2'
+      -
+        name: "HQC_192_2_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_192_2_cca2'
+      -
+        name: "HQC_256_1_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_256_1_cca2'
+      -
+        name: "HQC_256_2_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_256_2_cca2'
+      -
+        name: "HQC_256_3_CCA2"
+        oqs_meth: 'OQS_KEM_alg_hqc_256_3_cca2'