I2P_Developers/i2p.i2p
3
1
Fork 11
Code Issues 340 Pull Requests 7 Actions 2 Packages Projects Releases Wiki Activity

WIP: Draft: PQ #497

Draft
zzz wants to merge 6 commits from zzz/i2p.i2p:pq-wip into master
pull from: zzz/i2p.i2p:pq-wip
merge into: I2P_Developers:master
Conversation 1 Commits 6 Files Changed 117 +10326 -157

6 Commits

Author SHA1 Message Date
zzz
5c29d88c7e Move file to correct package 2025-06-13 07:49:11 -04:00
zzz
e3b3deac69 Muxed fixes after testing 2025-05-07 11:23:03 -04:00
zzz
786ba8e190 Fix copy/paste error that broke enctypes 6 and 7 2025-04-15 16:24:51 -04:00
zzz
c1ca38dca2 Fixes after testing 
- NSR corruption
- Track SKM key type
- Implement cloning of hybrid keys
- Min size checks
- Session validation fix
- Logging in HandshakeState, probably temporary
- Don't clone destroyed state
- Javadoc fixes
 2025-04-14 13:55:01 -04:00
zzz
d06b776189 Don't pass in MLKEM key factory on Bob side, not required 
Fix NPE in MLKEMDHState.destroy()
 2025-03-27 12:45:40 -04:00
zzz
6afd938c53 Draft: WIP: Preliminary implementation of proposal 169 
This MR is for review and testing only. Do not merge.
The final code may be split up into multiple MRs
(for example one for MLDSA and one for MLKEM)
over the next 6-12 months,
and will also start with a revision containing unmodified
bouncycastle code as a base for future merges.

This MR bundles code from bouncycastle 1.80 (license: MIT),
modified to reduce and eliminate unneeded dependencies.
There is no support for building with an external bouncycastle
jar for Debian yet, as 1.80 is only in sid.

The MLDSA code is in core and the MLKEM code is in router.
Small wrappers are provided to bridge between our data structures
and the bouncycastle API.

Implemented portions of proposal 169, briefly tested unless otherwise noted:

- SigType/EncType/SigAlgo/EncAlgo enums for new types
- KeyGenerator and DSAEngine support
- Hybrid handshake support in Noise
- SHA3-128, SHA3-256, SHAKE128, SHAKE256
- All three MLKEM variants 512/768/1024 (only 512 tested)
- All six MLDSA variants 44/56/87 hybrid/PQ-only
- MLKEM hybrid ratchet
- MLKEM types in leasesets
- MLDSA and hybrid signatures for destinations and private key files
- MLDSA and hybrid signature handling in streaming
- MLKEM-only and muxed destination types (5; 6; 7; 5,4; 6,4; 7,4) (muxed untested, probably broken)
- i2ptunnel UI support for selecting new types (requires routerconsole.advanced=true)
- Addressbook support for MLDSA dests
- Repliable datagram support (untested)
- SAM support (untested)

Live network test considerations:

MLKEM hybrid ratchet is backward compatible with the current network and may
be tested today, either with MLKEM-only or MLKEM + X25519 dual support.

MLDSA destinations may be used for clients and for connections to compatible servers
running this code.
MLDSA server destinations cannot be tested (except in loopback) because their leasesets
cannot be published to floodfills, as the floodfills cannot verify the signatures.

Unimplemented portions of proposal 169:

- MLKEM or MLDSA routers
- NTCP2 mods for routers
- SSU2 mods for routers
- MLDSA or hybrid-signed SU3 files (ph variant)

TODO:

- Test vectors, unit tests
- MLKEM KeyFactory threads
- Debian bouncycastle dependency

Standalone tests:

A standalone ratchet test with hybrid support is in
i2p.scripts java-utils/RatchetTest.java

Private key files and leasesets for MLDSA and hybrid signatures
are linked from http://zzz.i2p/topics/3294
 2025-03-24 08:11:52 -04:00