Added FrodoKEM

Makefile

@@ -1,4 +1,4 @@
-VERSION := 0.8.25
+VERSION := 0.8.26
 .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
 
 ## Tag version of binaries with build info wrt.

README.md

@@ -27,7 +27,7 @@ Currently supported exchanges are:
 [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx);
 * The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/)  :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber)
 * The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope)
-
+* The FrodoKEM algorithm [frodokem.org](https://frodokem.org/) :: Go version by [Eduardo E. S. Riccardi](https://github.com/kuking/go-frodokem)
 
 Currently supported session algorithms:
 

go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
 	github.com/klauspost/reedsolomon v1.9.9 // indirect
 	github.com/kr/pty v1.1.8
+	github.com/kuking/go-frodokem v1.0.1
 	github.com/mattn/go-isatty v0.0.12
 	github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
 	github.com/pkg/errors v0.9.1 // indirect

go.sum

@@ -33,6 +33,8 @@ github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2
 github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
 github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
+github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o=
+github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8=
@@ -50,6 +52,7 @@ github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA=
 github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
 github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
 github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
 github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
 github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=

xs/xs.go

@@ -64,22 +64,22 @@ const bob = string("\r\n\r\n" +
 	"@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" +
 	"@@@@@@^     ~^  @  @@ @ @ @ I  ~^@@@@@@\r\n" +
 	"@@@@@            ~ ~~ ~I          @@@@@\r\n" +
-	"@@@@'                  '  _,w@<    @@@@\r\n" +
+	"@@@@'                  '  _,w@<    @@@@    .\r\n" +
 	"@@@@     @@@@@@@@w___,w@@@@@@@@  @  @@@\r\n" +
-	"@@@@     @@@@@@@@@@@@@@@@@@@@@@  I  @@@\r\n" +
+	"@@@@     @@@@@@@@@@@@@@@@@@@@@@  I  @@@   Bob\r\n" +
 	"@@@@     @@@@@@@@@@@@@@@@@@@@*@[ i  @@@\r\n" +
-	"@@@@     @@@@@@@@@@@@@@@@@@@@[][ | ]@@@\r\n" +
+	"@@@@     @@@@@@@@@@@@@@@@@@@@[][ | ]@@@           bOb\r\n" +
 	"@@@@     ~_,,_ ~@@@@@@@~ ____~ @    @@@\r\n" +
-	"@@@@    _~ ,  ,  `@@@~  _  _`@ ]L  J@@@\r\n" +
+	"@@@@    _~ ,  ,  `@@@~  _  _`@ ]L  J@@@    o\r\n" +
 	"@@@@  , @@w@ww+   @@@ww``,,@w@ ][  @@@@\r\n" +
-	"@@@@,  @@@@www@@@ @@@@@@@ww@@@@@[  @@@@\r\n" +
+	"@@@@,  @@@@www@@@ @@@@@@@ww@@@@@[  @@@@      BOB\r\n" +
 	"@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" +
-	"@@@@@@w| '@@P~  P]@@@-~, ~Y@@^'],@@@@@@\r\n" +
+	"@@@@@@w| '@@P~  P]@@@-~, ~Y@@^'],@@@@@@           . o\r\n" +
 	"@@@@@@@[   _        _J@@Tk     ]]@@@@@@\r\n" +
 	"@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" +
-	"@@@@@@@@@ i @w   ====--_@@@@@  @@@@@@@@\r\n" +
+	"@@@@@@@@@ i @w   ====--_@@@@@  @@@@@@@@       o .\r\n" +
 	"@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@  @@@@@@@@@\r\n" +
-	"@@@@^^=^@@^   ^' ,ww,w@@@@@ _@@@@@@@@@@\r\n" +
+	"@@@@^^=^@@^   ^' ,ww,w@@@@@ _@@@@@@@@@@    B   o   B\r\n" +
 	"@@@_xJ~ ~   ,    @@@@@@@P~_@@@@@@@@@@@@\r\n" +
 	"@@   @,   ,@@@,_____   _,J@@@@@@@@@@@@@\r\n" +
 	"@@L  `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
@@ -712,7 +712,7 @@ func main() {
 	flag.BoolVar(&dbg, "d", false, "debug logging")
 	flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]")
 	flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]")
-	flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE]")
+	flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]")
 	flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP")
 	flag.UintVar(&port, "p", 2000, "``port")
 	//flag.StringVar(&authCookie, "a", "", "auth cookie")

xsnet/consts.go

@@ -29,6 +29,10 @@ const (
 	KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
 	KEX_resvd14
 	KEX_resvd15
+	KEX_FRODOKEM_1344AES
+	KEX_FRODOKEM_1344SHAKE
+	KEX_FRODOKEM_976AES
+	KEX_FRODOKEM_976SHAKE
 	KEX_invalid = 255
 )
 

xsnet/net.go

@@ -44,6 +44,7 @@ import (
 	"blitter.com/go/kyber"
 	"blitter.com/go/newhope"
 	"blitter.com/go/xs/logger"
+	frodo "github.com/kuking/go-frodokem"
 )
 
 /*---------------------------------------------------------------------*/
@@ -126,6 +127,14 @@ func (k *KEXAlg) String() string {
 		return "KEX_NEWHOPE"
 	case KEX_NEWHOPE_SIMPLE:
 		return "KEX_NEWHOPE_SIMPLE"
+	case KEX_FRODOKEM_1344AES:
+		return "KEX_FRODOKEM_1344AES"
+	case KEX_FRODOKEM_1344SHAKE:
+		return "KEX_FRODOKEM_1344SHAKE"
+	case KEX_FRODOKEM_976AES:
+		return "KEX_FRODOKEM_976AES"
+	case KEX_FRODOKEM_976SHAKE:
+		return "KEX_FRODOKEM_976SHAKE"
 	default:
 		return "KEX_ERR_UNK"
 	}
@@ -276,6 +285,14 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
 	case KEX_NEWHOPE:
 		fallthrough
 	case KEX_NEWHOPE_SIMPLE:
+		fallthrough
+	case KEX_FRODOKEM_1344AES:
+		fallthrough
+	case KEX_FRODOKEM_1344SHAKE:
+		fallthrough
+	case KEX_FRODOKEM_976AES:
+		fallthrough
+	case KEX_FRODOKEM_976SHAKE:
 		log.Printf("[KEx alg %d accepted]\n", kexAlg)
 	default:
 		// UNREACHABLE: _getkexalgnum() guarantees a valid KEX value
@@ -375,11 +392,86 @@ func getkexalgnum(extensions ...string) (k KEXAlg) {
 		case "KEX_NEWHOPE_SIMPLE":
 			k = KEX_NEWHOPE_SIMPLE
 			break //out of for
+		case "KEX_FRODOKEM_1344AES":
+			k = KEX_FRODOKEM_1344AES
+			break //out of for
+		case "KEX_FRODOKEM_1344SHAKE":
+			k = KEX_FRODOKEM_1344SHAKE
+			break //out of for
+		case "KEX_FRODOKEM_976AES":
+			k = KEX_FRODOKEM_976AES
+			break //out of for
+		case "KEX_FRODOKEM_976SHAKE":
+			k = KEX_FRODOKEM_976SHAKE
+			break //out of for
 		}
 	}
 	return
 }
 
+func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
+	// Send xsnet.Conn parameters to remote side
+
+	// Alice, step 1: Generate a key pair.
+	var kem frodo.FrodoKEM
+
+	switch hc.kex {
+	case KEX_FRODOKEM_1344AES:
+		kem = frodo.Frodo1344AES()
+	case KEX_FRODOKEM_1344SHAKE:
+		kem = frodo.Frodo1344SHAKE()
+	case KEX_FRODOKEM_976AES:
+		kem = frodo.Frodo976AES()
+	default:
+		kem = frodo.Frodo976SHAKE()
+	}
+	pubA, secA := kem.Keygen() // pA
+	//log.Printf("[pubKeyAlice: %v]\n", pubA)
+	
+	// Alice, step 2: Send the public key (na,ea) to Bob
+	fmt.Fprintf(c, "0x%x\n", pubA)
+	
+	// (... and cipher, connection opts)
+	fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
+	
+	// [Bob does the same and sends use a public key (nb, eb)
+	pubB_bigint := big.NewInt(0)
+	_, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint)
+	pubB := pubB_bigint.Bytes()
+	//log.Printf("[Got pubKeyBob[]:%v]\n", pubB)
+
+	// (... and cipher, connection opts)
+	_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
+		&hc.cipheropts, &hc.opts)
+	if err != nil {
+		return err
+	}
+	
+	// Alice, step 3: Create ctAtoB, shareA
+	ctAtoB, shareA, err := kem.Encapsulate(pubB)
+	if err != nil {
+		return err
+	}
+	
+	// Alice, step 4: Send ctAtoB to Bob
+	fmt.Fprintf(c, "0x%x\n", ctAtoB)
+	
+	// Alice, step 5: Receive ctBtoA from Bob
+	ctBtoA_bigint := big.NewInt(0)
+	_, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint)
+	ctBtoA := ctBtoA_bigint.Bytes()
+	log.Printf("[Got ctBob[]:%v]\n", ctBtoA)
+	
+	// Alice, step 6: compute Bob's share
+	shareB, err := kem.Dencapsulate(secA, ctBtoA)
+	sessionKey := append(shareA, shareB...)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
+	
+	hc.r, hc.rm, err = hc.getStream(sessionKey)
+	hc.w, hc.wm, err = hc.getStream(sessionKey)
+	return
+}
+
 // randReader wraps rand.Read() in a struct that implements io.Reader
 // for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods.
 type randReader struct {
@@ -413,7 +505,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	for i := range pubKeyBob.Send {
 		pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
 	}
-	log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
+	//log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
 
 	// Read cipheropts, session opts
 	_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@@ -429,7 +521,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	if err != nil {
 		panic(err)
 	}
-	log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@@ -457,7 +549,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	for i := range pubKeyBob.Send {
 		pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
 	}
-	log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
+	//log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
 
 	// Read cipheropts, session opts
 	_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@@ -473,7 +565,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	if err != nil {
 		panic(err)
 	}
-	log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@@ -512,7 +604,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 	//if err != nil {
 	//	return err
 	//}
-	log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB)
+	//log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB)
 
 	// Read cipheropts, session opts
 	_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@@ -524,7 +616,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 	// Alice, step 3: Decrypt the KEM cipher text.
 	aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)
 
-	log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
 	return
@@ -573,13 +665,74 @@ func HKExDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 	return
 }
 
+func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
+	// Bob, step 1: Generate a key pair.
+	var kem frodo.FrodoKEM
+
+	switch hc.kex {
+	case KEX_FRODOKEM_1344AES:
+		kem = frodo.Frodo1344AES()
+	case KEX_FRODOKEM_1344SHAKE:
+		kem = frodo.Frodo1344SHAKE()
+	case KEX_FRODOKEM_976AES:
+		kem = frodo.Frodo976AES()
+	default:
+		kem = frodo.Frodo976SHAKE()
+	}
+	pubB, secB := kem.Keygen()
+	//log.Printf("[pubKeyBob: %v]\n", pubB)
+	
+	// Bob, step 2: Send the public key (nb,eb) to Alice
+	fmt.Fprintf(*c, "0x%x\n", pubB)
+	
+	// (... and cipher, connection opts)
+	fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
+	
+	// [Alice does the same and sends use a public key (na, ea)
+	pubA_bigint := big.NewInt(0)
+	_, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint)
+	pubA := pubA_bigint.Bytes()
+	//log.Printf("[Got pubKeyAlice[]:%v]\n", pubA)
+
+	// (... and cipher, connection opts)
+	_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
+		&hc.cipheropts, &hc.opts)
+	if err != nil {
+		return err
+	}
+	
+	// Bob, step 3: Create ctBtoA, shareB
+	ctBtoA, shareB, err := kem.Encapsulate(pubA)
+	if err != nil {
+		return err
+	}
+	
+	// Bob, step 4: Send ctBtoA to Alice
+	fmt.Fprintf(*c, "0x%x\n", ctBtoA)
+	
+	// Bob, step 5: Receive ctAtoB from Alice
+	ctAtoB_bigint := big.NewInt(0)
+	_, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint)
+	ctAtoB := ctAtoB_bigint.Bytes()
+	log.Printf("[Got ctAlice[]:%v]\n", ctAtoB)
+	
+	// Alice, step 6: compute Bob's share
+	shareA, err := kem.Dencapsulate(secB, ctAtoB)
+	sessionKey := append(shareA, shareB...)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
+	
+	hc.r, hc.rm, err = hc.getStream(sessionKey)
+	hc.w, hc.wm, err = hc.getStream(sessionKey)
+	return
+}
+
 func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	r := new(randReader)
 	rand.Seed(time.Now().UnixNano())
 	// Bob, step 1: Deserialize Alice's public key from the binary encoding.
 	alicePublicKey := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, alicePublicKey)
-	log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
+	//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
 	if err != nil {
 		return err
 	}
@@ -606,7 +759,7 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
 		hc.cipheropts, hc.opts)
 
-	log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@@ -618,7 +771,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	// Bob, step 1: Deserialize Alice's public key from the binary encoding.
 	alicePublicKey := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, alicePublicKey)
-	log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
+	//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
 	if err != nil {
 		return err
 	}
@@ -645,7 +798,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
 		hc.cipheropts, hc.opts)
 
-	log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@@ -655,7 +808,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	// Bob, step 1: Deserialize Alice's public key from the binary encoding.
 	alicePublicKey := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, alicePublicKey)
-	log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
+	//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
 	if err != nil {
 		return err
 	}
@@ -694,7 +847,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
 		hc.cipheropts, hc.opts)
 
-	log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
+	//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
 	hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
 	hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
 	return
@@ -817,6 +970,17 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er
 		if NewHopeSimpleDialSetup(c, &hc) != nil {
 			return Conn{}, nil
 		}
+	case KEX_FRODOKEM_1344AES:
+		fallthrough
+	case KEX_FRODOKEM_1344SHAKE:
+		fallthrough
+	case KEX_FRODOKEM_976AES:
+		fallthrough
+	case KEX_FRODOKEM_976SHAKE:
+		log.Printf("[Setting up for KEX_FRODOKEM %d]\n", hc.kex)
+		if FrodoKEMDialSetup(c, &hc) != nil {
+			return Conn{}, nil
+		}
 	default:
 		return Conn{}, err
 	}
@@ -1000,6 +1164,26 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
 		if NewHopeSimpleAcceptSetup(&c, &hc) != nil {
 			return Conn{}, err
 		}
+	case KEX_FRODOKEM_1344AES:
+		log.Printf("[Setting up for KEX_FRODOKEM_1344AES %d]\n", hc.kex)
+		if FrodoKEMAcceptSetup(&c, &hc) != nil {
+			return Conn{}, err
+		}
+	case KEX_FRODOKEM_1344SHAKE:
+		log.Printf("[Setting up for KEX_FRODOKEM_1344SHAKE %d]\n", hc.kex)
+		if FrodoKEMAcceptSetup(&c, &hc) != nil {
+			return Conn{}, err
+		}
+	case KEX_FRODOKEM_976AES:
+		log.Printf("[Setting up for KEX_FRODOKEM_976AES %d]\n", hc.kex)
+		if FrodoKEMAcceptSetup(&c, &hc) != nil {
+			return Conn{}, err
+		}
+	case KEX_FRODOKEM_976SHAKE:
+		log.Printf("[Setting up for KEX_FRODOKEM_976SHAKE %d]\n", hc.kex)
+		if FrodoKEMAcceptSetup(&c, &hc) != nil {
+			return Conn{}, err
+		}
 	default:
 		return Conn{}, err
 	}
@@ -1235,7 +1419,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 			}
 
 			hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
-			log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
+			//log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
 
 			if *hc.closeStat == CSETruncCSO {
 				logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))