mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5836 from anhu/kyber_cleanup

Browse Source 
Remove kyber-90s and route all kyber through wolfcrypt.
This commit is contained in:
David Garske 2022-12-05 13:18:44 -08:00 committed by GitHub
commit 9d9549fbd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 38 additions and 2853 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
configure.ac
View File

@ -1030,10 +1030,6 @@ do
ENABLED_WC_KYBER=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
;;
90s)
ENABLED_KYBER_90S=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_90S"
;;
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
;;
@ -1067,15 +1063,9 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
fi
if test "$ENABLED_KYBER_90S" != "yes"; then
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
else
test "$enable_sha256" = "" && enable_sha256=yes
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_aesctr" = "" && enable_aesctr=yes
fi
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
else
# Default is to use liboqs. Make sure its enabled.
if test "$ENABLED_LIBOQS" = "no"; then

6
examples/benchmark/tls_bench.c
View File

@ -276,15 +276,9 @@ static struct group_info groups[] = {
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
{ WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
{ WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
{ WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
{ WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
{ WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
{ WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
{ WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
{ WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
{ WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
{ WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
{ WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
#endif
{ 0, NULL }
};

26
examples/client/client.c
View File

@ -385,15 +385,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
group = WOLFSSL_KYBER_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
group = WOLFSSL_KYBER_90S_LEVEL1;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL3") == 0) {
group = WOLFSSL_KYBER_90S_LEVEL3;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
group = WOLFSSL_KYBER_90S_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
group = WOLFSSL_P256_KYBER_LEVEL1;
}
@ -402,15 +393,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
}
else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
group = WOLFSSL_P521_KYBER_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "P256_KYBER_90S_LEVEL1") == 0) {
group = WOLFSSL_P256_KYBER_90S_LEVEL1;
}
else if (XSTRCMP(pqcAlg, "P384_KYBER_90S_LEVEL3") == 0) {
group = WOLFSSL_P384_KYBER_90S_LEVEL3;
}
else if (XSTRCMP(pqcAlg, "P521_KYBER_90S_LEVEL5") == 0) {
group = WOLFSSL_P521_KYBER_90S_LEVEL5;
} else {
err_sys("invalid post-quantum KEM specified");
}
@ -1265,9 +1247,7 @@ static const char* client_usage_msg[][70] = {
#endif
#ifdef HAVE_PQC
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
" P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
" P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 70 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */
@ -1485,9 +1465,7 @@ static const char* client_usage_msg[][70] = {
#endif
#ifdef HAVE_PQC
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
" P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
" P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 70 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */

26
examples/server/server.c
View File

@ -707,15 +707,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
groups[count] = WOLFSSL_KYBER_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
groups[count] = WOLFSSL_KYBER_90S_LEVEL1;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL3") == 0) {
groups[count] = WOLFSSL_KYBER_90S_LEVEL3;
}
else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
groups[count] = WOLFSSL_KYBER_90S_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
}
@ -725,15 +716,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
}
else if (XSTRCMP(pqcAlg, "P256_KYBER_90S_LEVEL1") == 0) {
groups[count] = WOLFSSL_P256_KYBER_90S_LEVEL1;
}
else if (XSTRCMP(pqcAlg, "P384_KYBER_90S_LEVEL3") == 0) {
groups[count] = WOLFSSL_P384_KYBER_90S_LEVEL3;
}
else if (XSTRCMP(pqcAlg, "P521_KYBER_90S_LEVEL5") == 0) {
groups[count] = WOLFSSL_P521_KYBER_90S_LEVEL5;
}
if (groups[count] == 0) {
err_sys("invalid post-quantum KEM specified");
@ -952,9 +934,7 @@ static const char* server_usage_msg[][65] = {
#endif
#ifdef HAVE_PQC
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
" P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
" P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 60 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 61 */
@ -1139,9 +1119,7 @@ static const char* server_usage_msg[][65] = {
#endif
#ifdef HAVE_PQC
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
" P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
" P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 60 */
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
#endif
#ifdef WOLFSSL_SRTP
"--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n", /* 61 */

21
src/ssl.c
View File

@ -249,9 +249,6 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
{XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1},
{XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3},
{XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5},
{XSTR_SIZEOF("P256_KYBER_90S_LEVEL1"), "P256_KYBER_90S_LEVEL1", WOLFSSL_P256_KYBER_90S_LEVEL1},
{XSTR_SIZEOF("P384_KYBER_90S_LEVEL3"), "P384_KYBER_90S_LEVEL3", WOLFSSL_P384_KYBER_90S_LEVEL3},
{XSTR_SIZEOF("P521_KYBER_90S_LEVEL5"), "P521_KYBER_90S_LEVEL5", WOLFSSL_P521_KYBER_90S_LEVEL5},
#endif
#endif
{0, NULL, 0},
@ -2928,15 +2925,9 @@ static int isValidCurveGroup(word16 name)
case WOLFSSL_KYBER_LEVEL3:
case WOLFSSL_KYBER_LEVEL5:
#ifdef HAVE_LIBOQS
case WOLFSSL_KYBER_90S_LEVEL1:
case WOLFSSL_KYBER_90S_LEVEL3:
case WOLFSSL_KYBER_90S_LEVEL5:
case WOLFSSL_P256_KYBER_LEVEL1:
case WOLFSSL_P384_KYBER_LEVEL3:
case WOLFSSL_P521_KYBER_LEVEL5:
case WOLFSSL_P256_KYBER_90S_LEVEL1:
case WOLFSSL_P384_KYBER_90S_LEVEL3:
case WOLFSSL_P521_KYBER_90S_LEVEL5:
#endif
#endif
return 1;
@ -21334,24 +21325,12 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
return "KYBER_LEVEL3";
case WOLFSSL_KYBER_LEVEL5:
return "KYBER_LEVEL5";
case WOLFSSL_KYBER_90S_LEVEL1:
return "KYBER_90S_LEVEL1";
case WOLFSSL_KYBER_90S_LEVEL3:
return "KYBER_90S_LEVEL3";
case WOLFSSL_KYBER_90S_LEVEL5:
return "KYBER_90S_LEVEL5";
case WOLFSSL_P256_KYBER_LEVEL1:
return "P256_KYBER_LEVEL1";
case WOLFSSL_P384_KYBER_LEVEL3:
return "P384_KYBER_LEVEL3";
case WOLFSSL_P521_KYBER_LEVEL5:
return "P521_KYBER_LEVEL5";
case WOLFSSL_P256_KYBER_90S_LEVEL1:
return "P256_KYBER_90S_LEVEL1";
case WOLFSSL_P384_KYBER_90S_LEVEL3:
return "P384_KYBER_90S_LEVEL3";
case WOLFSSL_P521_KYBER_90S_LEVEL5:
return "P521_KYBER_90S_LEVEL5";
#elif defined(HAVE_PQM4)
case WOLFSSL_KYBER_LEVEL1:
return "KYBER_LEVEL1";

848
src/tls.c
View File

@ -52,15 +52,7 @@
#include <wolfssl/wolfcrypt/kyber.h>
#ifdef WOLFSSL_WC_KYBER
#include <wolfssl/wolfcrypt/wc_kyber.h>
#elif defined(HAVE_LIBOQS)
#include <oqs/kem.h>
#include <wolfssl/wolfcrypt/ext_kyber.h>
#elif defined(HAVE_PQM4)
#include "api_kyber.h"
#define PQM4_PUBLIC_KEY_LENGTH CRYPTO_PUBLICKEYBYTES
#define PQM4_PRIVATE_KEY_LENGTH CRYPTO_SECRETKEYBYTES
#define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES
#define PQM4_CIPHERTEXT_LENGTH CRYPTO_CIPHERTEXTBYTES
#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
#include <wolfssl/wolfcrypt/ext_kyber.h>
#endif
#endif
@ -7102,7 +7094,6 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_WC_KYBER
static int kyber_id2type(int id, int *type)
{
int ret = 0;
@ -7130,22 +7121,6 @@ static int kyber_id2type(int id, int *type)
return ret;
}
#elif defined(HAVE_LIBOQS)
/* Transform a group ID into an OQS Algorithm name as a string. */
static const char* OQS_ID2name(int id)
{
switch (id) {
case WOLFSSL_KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
case WOLFSSL_KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
case WOLFSSL_KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
case WOLFSSL_KYBER_90S_LEVEL1: return OQS_KEM_alg_kyber_512_90s;
case WOLFSSL_KYBER_90S_LEVEL3: return OQS_KEM_alg_kyber_768_90s;
case WOLFSSL_KYBER_90S_LEVEL5: return OQS_KEM_alg_kyber_1024_90s;
default: break;
}
return NULL;
}
#endif /* HAVE_LIBOQS */
typedef struct PqcHybridMapping {
int hybrid;
@ -7160,12 +7135,6 @@ static const PqcHybridMapping pqc_hybrid_mapping[] = {
.pqc = WOLFSSL_KYBER_LEVEL3},
{.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
.pqc = WOLFSSL_KYBER_LEVEL5},
{.hybrid = WOLFSSL_P256_KYBER_90S_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
.pqc = WOLFSSL_KYBER_90S_LEVEL1},
{.hybrid = WOLFSSL_P384_KYBER_90S_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
.pqc = WOLFSSL_KYBER_90S_LEVEL3},
{.hybrid = WOLFSSL_P521_KYBER_90S_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
.pqc = WOLFSSL_KYBER_90S_LEVEL5},
{.hybrid = 0, .ecc = 0, .pqc = 0}
};
@ -7206,7 +7175,6 @@ static void findEccPqc(int *ecc, int *pqc, int group)
* kse The key share entry object.
* returns 0 on success, otherwise failure.
*/
#ifdef WOLFSSL_WC_KYBER
static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
{
int ret = 0;
@ -7278,7 +7246,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
if (ret == 0) {
ret = wc_KyberKey_MakeKey(kem, ssl->rng);
if (ret != 0) {
WOLFSSL_MSG("lKyber keygen failure");
WOLFSSL_MSG("Kyber keygen failure");
}
}
if (ret == 0) {
@ -7319,198 +7287,6 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
return ret;
}
#elif defined(HAVE_LIBOQS)
static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
{
int ret = 0;
const char* algName = NULL;
OQS_KEM* kem = NULL;
byte* pubKey = NULL;
byte* privKey = NULL;
KeyShareEntry *ecc_kse = NULL;
int oqs_group = 0;
int ecc_group = 0;
findEccPqc(&ecc_group, &oqs_group, kse->group);
algName = OQS_ID2name(oqs_group);
if (algName == NULL) {
WOLFSSL_MSG("Invalid OQS algorithm specified.");
return BAD_FUNC_ARG;
}
kem = OQS_KEM_new(algName);
if (kem == NULL) {
WOLFSSL_MSG("Error creating OQS KEM, ensure algorithm support"
"was enabled in liboqs.");
return BAD_FUNC_ARG;
}
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
DYNAMIC_TYPE_TLSX);
if (ecc_kse == NULL) {
WOLFSSL_MSG("ecc_kse memory allocation failure");
ret = MEMORY_ERROR;
}
if (ret == 0) {
XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
}
if (ret == 0 && ecc_group != 0) {
ecc_kse->group = ecc_group;
ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
/* If fail, no error message, TLSX_KeyShare_GenEccKey will do it. */
}
if (ret == 0) {
pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + kem->length_public_key,
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (pubKey == NULL) {
WOLFSSL_MSG("pubkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
privKey = (byte*)XMALLOC(kem->length_secret_key,
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (privKey == NULL) {
WOLFSSL_MSG("privkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
if (OQS_KEM_keypair(kem, pubKey + ecc_kse->pubKeyLen, privKey) ==
OQS_SUCCESS) {
XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
kse->pubKey = pubKey;
kse->pubKeyLen = ecc_kse->pubKeyLen +
(word32) kem->length_public_key;
pubKey = NULL;
/* Note we are saving the OQS private key and ECC private key
* separately. That's because the ECC private key is not simply a
* buffer. Its is an ecc_key struct.
*/
kse->privKey = privKey;
privKey = NULL;
kse->key = ecc_kse->key;
ecc_kse->key = NULL;
ret = 0;
}
else {
WOLFSSL_MSG("liboqs keygen failure");
ret = BAD_FUNC_ARG;
WOLFSSL_ERROR_VERBOSE(ret);
}
}
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Public liboqs Key");
WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen);
#endif
OQS_KEM_free(kem);
TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
if (pubKey != NULL)
XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (privKey != NULL)
XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
return ret;
}
#elif defined(HAVE_PQM4)
static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
{
/* This assumes KYBER LEVEL 1 (512) implementation is compiled in. */
int ret = 0;
byte* pubKey = NULL;
byte* privKey = NULL;
KeyShareEntry *ecc_kse = NULL;
int oqs_group = 0;
int ecc_group = 0;
findEccPqc(&ecc_group, &oqs_group, kse->group);
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap,
DYNAMIC_TYPE_TLSX);
if (ecc_kse == NULL) {
WOLFSSL_MSG("ecc_kse memory allocation failure");
ret = MEMORY_ERROR;
}
if (ret == 0) {
XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
}
if (ret == 0 && ecc_group != 0) {
ecc_kse->group = ecc_group;
ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
/* If fail, no error message, TLSX_KeyShare_GenEccKey will do it. */
}
if (ret == 0) {
pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + PQM4_PUBLIC_KEY_LENGTH,
ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (pubKey == NULL) {
WOLFSSL_MSG("pubkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
privKey = (byte*)XMALLOC(PQM4_PRIVATE_KEY_LENGTH,
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (privKey == NULL) {
WOLFSSL_MSG("privkey memory allocation failure");
ret = MEMORY_ERROR;
}
}
if (ret == 0) {
if (crypto_kem_keypair(pubKey + ecc_kse->pubKeyLen, privKey) == 0) {
XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen);
kse->pubKey = pubKey;
kse->pubKeyLen = ecc_kse->pubKeyLen +
(word32) PQM4_PUBLIC_KEY_LENGTH;
pubKey = NULL;
/* Note we are saving the PQ private key and ECC private key
* separately. That's because the ECC private key is not simply a
* buffer. Its is an ecc_key struct.
*/
kse->privKey = privKey;
privKey = NULL;
kse->key = ecc_kse->key;
ecc_kse->key = NULL;
ret = 0;
}
else {
WOLFSSL_MSG("liboqs keygen failure");
ret = BAD_FUNC_ARG;
WOLFSSL_ERROR_VERBOSE(ret);
}
}
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG("Public PQM4 Key");
WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen );
#endif
TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
if (pubKey != NULL)
XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (privKey != NULL)
XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
return ret;
}
#endif /* HAVE_PQM4 */
#endif /* HAVE_PQC */
/* Generate a secret/key using the key share entry.
@ -8107,7 +7883,6 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_WC_KYBER
/* Process the Kyber key share extension on the client side.
*
* ssl The SSL/TLS object.
@ -8274,294 +8049,6 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wc_KyberKey_Free(kem);
return ret;
}
#elif defined(HAVE_LIBOQS)
/* Process the liboqs key share extension on the client side.
*
* ssl The SSL/TLS object.
* keyShareEntry The key share entry object to use to calculate shared secret.
* returns 0 on success and other values indicate failure.
*/
static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
{
int ret = 0;
const char* algName = NULL;
OQS_KEM* kem = NULL;
byte* sharedSecret = NULL;
word32 sharedSecretLen = 0;
int oqs_group = 0;
int ecc_group = 0;
ecc_key eccpubkey;
word32 outlen = 0;
if (keyShareEntry->ke == NULL) {
WOLFSSL_MSG("Invalid OQS algorithm specified.");
return BAD_FUNC_ARG;
}
if (ssl->options.side == WOLFSSL_SERVER_END) {
/* I am the server, the shared secret has already been generated and
* is in keyShareEntry->ke; copy it to the pre-master secret
* pre-allocated buffer. */
if (keyShareEntry->keLen > ENCRYPT_LEN) {
WOLFSSL_MSG("shared secret is too long.");
WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR);
return LENGTH_ERROR;
}
XMEMCPY(ssl->arrays->preMasterSecret, keyShareEntry->ke, keyShareEntry->keLen);
ssl->arrays->preMasterSz = keyShareEntry->keLen;
XFREE(keyShareEntry->ke, sl->heap, DYNAMIC_TYPE_SECRET)
keyShareEntry->ke = NULL;
keyShareEntry->keLen = 0;
return 0;
}
/* I am the client, the ciphertext is in keyShareEntry->ke */
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
algName = OQS_ID2name(oqs_group);
if (algName == NULL) {
WOLFSSL_MSG("Invalid OQS algorithm specified.");
WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG);
return BAD_FUNC_ARG;
}
kem = OQS_KEM_new(algName);
if (kem == NULL) {
WOLFSSL_MSG("Error creating OQS KEM, ensure algorithm support"
"was enabled in liboqs.");
return MEMORY_E;
}
sharedSecretLen = (word32)kem->length_shared_secret;
switch (ecc_group) {
case WOLFSSL_ECC_SECP256R1:
sharedSecretLen += 32;
outlen = 32;
break;
case WOLFSSL_ECC_SECP384R1:
sharedSecretLen += 48;
outlen = 48;
break;
case WOLFSSL_ECC_SECP521R1:
sharedSecretLen += 66;
outlen = 66;
break;
default:
break;
}
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Memory allocation error.");
return MEMORY_E;
}
sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap,
DYNAMIC_TYPE_TLSX);
if (sharedSecret == NULL) {
WOLFSSL_MSG("Memory allocation error.");
ret = MEMORY_E;
}
if (ret == 0 && OQS_KEM_decaps(kem, sharedSecret + outlen,
keyShareEntry->ke + keyShareEntry->keLen -
kem->length_ciphertext,
keyShareEntry->privKey) != OQS_SUCCESS) {
WOLFSSL_MSG("Liboqs decapsulation failure.");
ret = BAD_FUNC_ARG;
WOLFSSL_ERROR_VERBOSE(ret);
}
if (ecc_group != 0) {
if (ret == 0) {
/* Point is validated by import function. */
ret = wc_ecc_import_x963(keyShareEntry->ke,
keyShareEntry->keLen -
(word32)kem->length_ciphertext,
&eccpubkey);
if (ret != 0) {
WOLFSSL_ERROR_VERBOSE(ret);
WOLFSSL_MSG("ECC Public key import error.");
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng);
if (ret != 0) {
WOLFSSL_MSG("Failure to set the ECC private key RNG.");
}
}
#endif
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey, sharedSecret, &outlen);
PRIVATE_KEY_LOCK();
if (outlen != sharedSecretLen - kem->length_shared_secret) {
WOLFSSL_MSG("ECC shared secret derivation error.");
ret = BAD_FUNC_ARG;
WOLFSSL_ERROR_VERBOSE(ret);
}
}
}
if (sharedSecretLen > ENCRYPT_LEN) {
WOLFSSL_MSG("shared secret is too long.");
ret = LENGTH_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
}
if (ret == 0) {
/* Copy the shared secret to the pre-master secret pre-allocated
* buffer. */
XMEMCPY(ssl->arrays->preMasterSecret, sharedSecret, sharedSecretLen);
ssl->arrays->preMasterSz = (word32) sharedSecretLen;
}
if (sharedSecret != NULL) {
XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
}
wc_ecc_free(&eccpubkey);
OQS_KEM_free(kem);
return ret;
}
#elif defined(HAVE_PQM4)
static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
{
int ret = 0;
byte* sharedSecret = NULL;
word32 sharedSecretLen = 0;
int oqs_group = 0;
int ecc_group = 0;
ecc_key eccpubkey;
word32 outlen = 0;
if (keyShareEntry->ke == NULL) {
WOLFSSL_MSG("Invalid OQS algorithm specified.");
return BAD_FUNC_ARG;
}
if (ssl->options.side == WOLFSSL_SERVER_END) {
/* I am the server, the shared secret has already been generated and
* is in keyShareEntry->ke; copy it to the pre-master secret
* pre-allocated buffer. */
if (keyShareEntry->keLen > ENCRYPT_LEN) {
WOLFSSL_MSG("shared secret is too long.");
WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR);
return LENGTH_ERROR;
}
XMEMCPY(ssl->arrays->preMasterSecret, keyShareEntry->ke, keyShareEntry->keLen);
ssl->arrays->preMasterSz = keyShareEntry->keLen;
XFREE(keyShareEntry->ke, sl->heap, DYNAMIC_TYPE_SECRET);
keyShareEntry->ke = NULL;
keyShareEntry->keLen = 0;
return 0;
}
/* I am the client, the ciphertext is in keyShareEntry->ke */
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
sharedSecretLen = (word32)PQM4_SHARED_SECRET_LENGTH;
switch (ecc_group) {
case WOLFSSL_ECC_SECP256R1:
sharedSecretLen += 32;
outlen = 32;
break;
case WOLFSSL_ECC_SECP384R1:
sharedSecretLen += 48;
outlen = 48;
break;
case WOLFSSL_ECC_SECP521R1:
sharedSecretLen += 66;
outlen = 66;
break;
default:
break;
}
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Memory allocation error.");
return MEMORY_E;
}
sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap,
DYNAMIC_TYPE_TLSX);
if (sharedSecret == NULL) {
WOLFSSL_MSG("Memory allocation error.");
ret = MEMORY_E;
}
if (ret == 0 && crypto_kem_dec(sharedSecret + outlen,
keyShareEntry->ke + keyShareEntry->keLen -
PQM4_CIPHERTEXT_LENGTH,
keyShareEntry->privKey) != 0) {
WOLFSSL_MSG("PQM4 decapsulation failure.");
ret = BAD_FUNC_ARG;
} else {
WOLFSSL_MSG("PQM4 decapsulation SUCCESS!!!!!");
}
if (ecc_group != 0) {
if (ret == 0) {
/* Point is validated by import function. */
ret = wc_ecc_import_x963(keyShareEntry->ke,
keyShareEntry->keLen -
(word32)PQM4_CIPHERTEXT_LENGTH,
&eccpubkey);
if (ret != 0) {
WOLFSSL_MSG("ECC Public key import error.");
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng);
if (ret != 0) {
WOLFSSL_MSG("Failure to set the ECC private key RNG.");
}
}
#endif
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey, sharedSecret, &outlen);
PRIVATE_KEY_LOCK();
if (outlen != sharedSecretLen - PQM4_SHARED_SECRET_LENGTH) {
WOLFSSL_MSG("ECC shared secret derivation error.");
ret = BAD_FUNC_ARG;
}
}
}
if (sharedSecretLen > ENCRYPT_LEN) {
WOLFSSL_MSG("shared secret is too long.\n");
ret = LENGTH_ERROR;
}
if (ret == 0) {
/* Copy the shared secret to the pre-master secret pre-allocated
* buffer. */
XMEMCPY(ssl->arrays->preMasterSecret, sharedSecret, sharedSecretLen);
ssl->arrays->preMasterSz = (word32) sharedSecretLen;
}
if (sharedSecret != NULL) {
XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
}
wc_ecc_free(&eccpubkey);
return ret;
}
#endif /* HAVE_PQM4 */
#endif /* HAVE_PQC */
/* Process the key share extension on the client side.
@ -8904,7 +8391,6 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_WC_KYBER
static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry, byte* data, word16 len)
{
@ -9064,289 +8550,6 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
wc_KyberKey_Free(kem);
return ret;
}
#elif defined(HAVE_LIBOQS)
static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry,
byte* data, word16 len)
{
/* I am the server. The data parameter is the client's public key. I need
* to generate the public information (AKA ciphertext) and shared secret
* here. Note the "public information" is equivalent to a the public key in
* key exchange parlance. That's why it is being assigned to pubKey.
*/
const char* algName = NULL;
OQS_KEM* kem = NULL;
byte* sharedSecret = NULL;
byte* ciphertext = NULL;
int ret = 0;
int oqs_group = 0;
int ecc_group = 0;
KeyShareEntry *ecc_kse = NULL;
ecc_key eccpubkey;
word32 outlen = 0;
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
algName = OQS_ID2name(oqs_group);
if (algName == NULL) {
WOLFSSL_MSG("Invalid OQS algorithm specified.");
return BAD_FUNC_ARG;
}
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Could not do ECC public key initialization.");
return MEMORY_E;
}
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, DYNAMIC_TYPE_TLSX);
if (ecc_kse == NULL) {
WOLFSSL_MSG("ecc_kse memory allocation failure");
ret = MEMORY_ERROR;
}
if (ret == 0) {
XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
}
if (ret == 0 && ecc_group != 0) {
ecc_kse->group = ecc_group;
ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
if (ret != 0) {
/* No message, TLSX_KeyShare_GenEccKey() will do it. */
return ret;
}
ret = 0;
}
if (ret == 0) {
kem = OQS_KEM_new(algName);
if (kem == NULL) {
WOLFSSL_MSG("Error creating OQS KEM, ensure algorithm support "
"was enabled in liboqs.");
ret = MEMORY_E;
}
}
if (ret == 0 && len != kem->length_public_key + ecc_kse->pubKeyLen) {
WOLFSSL_MSG("Invalid public key.");
WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG);
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
sharedSecret = (byte*)XMALLOC(ecc_kse->keyLen +
kem->length_shared_secret,
ssl->heap, DYNAMIC_TYPE_TLSX);
ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + kem->length_ciphertext,
ssl->heap, DYNAMIC_TYPE_TLSX);
if (sharedSecret == NULL || ciphertext == NULL) {
WOLFSSL_MSG("Ciphertext/shared secret memory allocation failure.");
ret = MEMORY_E;
}
}
if (ecc_group != 0) {
if (ret == 0) {
/* Point is validated by import function. */
ret = wc_ecc_import_x963(data, len - (word32)kem->length_public_key,
&eccpubkey);
if (ret != 0) {
WOLFSSL_MSG("Bad ECC public key.");
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng);
}
#endif
if (ret == 0) {
outlen = ecc_kse->keyLen;
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey,
sharedSecret,
&outlen);
PRIVATE_KEY_LOCK();
if (outlen != ecc_kse->keyLen) {
WOLFSSL_MSG("Data length mismatch.");
ret = BAD_FUNC_ARG;
}
}
}
if (ret == 0 &&
OQS_KEM_encaps(kem, ciphertext + ecc_kse->pubKeyLen,
sharedSecret + outlen,
data + ecc_kse->pubKeyLen) != OQS_SUCCESS) {
WOLFSSL_MSG("OQS Encapsulation failure.");
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
if (keyShareEntry->ke != NULL) {
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
keyShareEntry->ke = sharedSecret;
keyShareEntry->keLen = outlen + (word32)kem->length_shared_secret;
sharedSecret = NULL;
XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
keyShareEntry->pubKey = ciphertext;
keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen +
kem->length_ciphertext);
ciphertext = NULL;
/* Set namedGroup so wolfSSL_get_curve_name() can function properly on
* the server side. */
ssl->namedGroup = keyShareEntry->group;
}
TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
if (sharedSecret != NULL)
XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_TLSX);
if (ciphertext != NULL)
XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
wc_ecc_free(&eccpubkey);
OQS_KEM_free(kem);
return ret;
}
#elif defined(HAVE_PQM4)
static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry,
byte* data, word16 len)
{
/* I am the server. The data parameter is the client's public key. I need
* to generate the public information (AKA ciphertext) and shared secret
* here. Note the "public information" is equivalent to a the public key in
* key exchange parlance. That's why it is being assigned to pubKey.
*/
byte* sharedSecret = NULL;
byte* ciphertext = NULL;
int ret = 0;
int oqs_group = 0;
int ecc_group = 0;
KeyShareEntry *ecc_kse = NULL;
ecc_key eccpubkey;
word32 outlen = 0;
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId);
if (ret != 0) {
WOLFSSL_MSG("Could not do ECC public key initialization.");
return MEMORY_E;
}
ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, DYNAMIC_TYPE_TLSX);
if (ecc_kse == NULL) {
WOLFSSL_MSG("ecc_kse memory allocation failure");
ret = MEMORY_ERROR;
}
if (ret == 0) {
XMEMSET(ecc_kse, 0, sizeof(*ecc_kse));
}
if (ret == 0 && ecc_group != 0) {
ecc_kse->group = ecc_group;
ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse);
if (ret != 0) {
/* No message, TLSX_KeyShare_GenEccKey() will do it. */
return ret;
}
ret = 0;
}
if (ret == 0 && len != PQM4_PUBLIC_KEY_LENGTH + ecc_kse->pubKeyLen) {
WOLFSSL_MSG("Invalid public key.");
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
sharedSecret = (byte*)XMALLOC(ecc_kse->keyLen + PQM4_SHARED_SECRET_LENGTH,
ssl->heap, DYNAMIC_TYPE_TLSX);
ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + PQM4_CIPHERTEXT_LENGTH,
ssl->heap, DYNAMIC_TYPE_TLSX);
if (sharedSecret == NULL || ciphertext == NULL) {
WOLFSSL_MSG("Ciphertext/shared secret memory allocation failure.");
ret = MEMORY_E;
}
}
if (ecc_group != 0) {
if (ret == 0) {
/* Point is validated by import function. */
ret = wc_ecc_import_x963(data, len - PQM4_PUBLIC_KEY_LENGTH,
&eccpubkey);
if (ret != 0) {
WOLFSSL_MSG("Bad ECC public key.");
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng);
}
#endif
if (ret == 0) {
outlen = ecc_kse->keyLen;
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey,
sharedSecret,
&outlen);
PRIVATE_KEY_LOCK();
if (outlen != ecc_kse->keyLen) {
WOLFSSL_MSG("Data length mismatch.");
ret = BAD_FUNC_ARG;
}
}
}
if (ret == 0 &&
crypto_kem_enc(ciphertext + ecc_kse->pubKeyLen,
sharedSecret + outlen,
data + ecc_kse->pubKeyLen) != 0) {
WOLFSSL_MSG("PQM4 Encapsulation failure.");
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
if (keyShareEntry->ke != NULL) {
XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
keyShareEntry->ke = sharedSecret;
keyShareEntry->keLen = outlen + (word32)PQM4_SHARED_SECRET_LENGTH;
sharedSecret = NULL;
XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen);
keyShareEntry->pubKey = ciphertext;
keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen +
PQM4_CIPHERTEXT_LENGTH);
ciphertext = NULL;
/* Set namedGroup so wolfSSL_get_curve_name() can function properly on
* the server side. */
ssl->namedGroup = keyShareEntry->group;
}
TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
if (sharedSecret != NULL)
XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_TLSX);
if (ciphertext != NULL)
XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX);
wc_ecc_free(&eccpubkey);
return ret;
}
#endif /* HAVE_PQM4 */
#endif /* HAVE_PQC */
/* Use the data to create a new key share object in the extensions.
@ -9572,20 +8775,23 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
case WOLFSSL_KYBER_LEVEL1:
case WOLFSSL_KYBER_LEVEL3:
case WOLFSSL_KYBER_LEVEL5:
case WOLFSSL_KYBER_90S_LEVEL1:
case WOLFSSL_KYBER_90S_LEVEL3:
case WOLFSSL_KYBER_90S_LEVEL5:
case WOLFSSL_P256_KYBER_LEVEL1:
case WOLFSSL_P384_KYBER_LEVEL3:
case WOLFSSL_P521_KYBER_LEVEL5:
case WOLFSSL_P256_KYBER_90S_LEVEL1:
case WOLFSSL_P384_KYBER_90S_LEVEL3:
case WOLFSSL_P521_KYBER_90S_LEVEL5:
{
int ret;
int id;
findEccPqc(NULL, &namedGroup, namedGroup);
if (! OQS_KEM_alg_is_enabled(OQS_ID2name(namedGroup))) {
ret = kyber_id2type(namedGroup, &id);
if (ret == NOT_COMPILED_IN) {
return 0;
}
if (! ext_kyber_enabled(id)) {
return 0;
}
break;
}
#elif defined(HAVE_PQM4)
case WOLFSSL_KYBER_LEVEL1:
break;
@ -9680,24 +8886,12 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL3;
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL5))
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL5;
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL1))
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL1;
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL3))
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL3;
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL5))
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL5;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_LEVEL1))
ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_LEVEL1;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_LEVEL3))
ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER_LEVEL3;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER_LEVEL5))
ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER_LEVEL5;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_90S_LEVEL1))
ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_90S_LEVEL1;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_90S_LEVEL3))
ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER_90S_LEVEL3;
if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER_90S_LEVEL5))
ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER_90S_LEVEL5;
#elif defined(HAVE_PQM4)
if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL1))
ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL1;
@ -11742,15 +10936,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL1,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL3,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL5,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1,
ssl->heap);
@ -11760,15 +10945,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_90S_LEVEL1,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_90S_LEVEL3,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_90S_LEVEL5,
ssl->heap);
#elif defined(HAVE_PQM4)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
#endif /* HAVE_LIBOQS */

61
tests/test-tls13-pq-2.conf
View File

@ -1,33 +1,3 @@
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL1
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL1
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL3
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL3
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL5
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc KYBER_90S_LEVEL5
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
@ -57,34 +27,3 @@
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_90S_LEVEL1
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_90S_LEVEL1
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_90S_LEVEL3
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_90S_LEVEL3
# server TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_90S_LEVEL5
# client TLSv1.3 with post-quantum group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_90S_LEVEL5

30
wolfcrypt/benchmark/benchmark.c
View File

@ -447,12 +447,6 @@ static const char err_prefix[] = "";
#define BENCH_KYBER_LEVEL3_ENCAP 0x00000020
#define BENCH_KYBER_LEVEL5_KEYGEN 0x00000040
#define BENCH_KYBER_LEVEL5_ENCAP 0x00000080
#define BENCH_KYBER90S_LEVEL1_KEYGEN 0x00000100
#define BENCH_KYBER90S_LEVEL1_ENCAP 0x00000200
#define BENCH_KYBER90S_LEVEL3_KEYGEN 0x00000400
#define BENCH_KYBER90S_LEVEL3_ENCAP 0x00000800
#define BENCH_KYBER90S_LEVEL5_KEYGEN 0x00001000
#define BENCH_KYBER90S_LEVEL5_ENCAP 0x00002000
#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000
#define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000
#define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000
@ -789,18 +783,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
OQS_KEM_alg_kyber_1024 },
{ "-kyber_level5-ed", BENCH_KYBER_LEVEL5_ENCAP,
OQS_KEM_alg_kyber_1024 },
{ "-kyber90s_level1-kg", BENCH_KYBER90S_LEVEL1_KEYGEN,
OQS_KEM_alg_kyber_512_90s },
{ "-kyber90s_level1-ed", BENCH_KYBER90S_LEVEL1_ENCAP,
OQS_KEM_alg_kyber_512_90s },
{ "-kyber90s_level3-kg", BENCH_KYBER90S_LEVEL3_KEYGEN,
OQS_KEM_alg_kyber_768_90s },
{ "-kyber90s_level3-ed", BENCH_KYBER90S_LEVEL3_ENCAP,
OQS_KEM_alg_kyber_768_90s },
{ "-kyber90s_level5-kg", BENCH_KYBER90S_LEVEL5_KEYGEN,
OQS_KEM_alg_kyber_1024_90s},
{ "-kyber90s_level5-ed", BENCH_KYBER90S_LEVEL5_ENCAP,
OQS_KEM_alg_kyber_1024_90s },
#endif /* HAVE_LIBOQS */
{ NULL, 0, NULL }
};
@ -2583,18 +2565,6 @@ static void* benchmarks_do(void* args)
bench_pqcKemKeygen(BENCH_KYBER_LEVEL5_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL5_ENCAP))
bench_pqcKemEncapDecap(BENCH_KYBER_LEVEL5_ENCAP);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_KEYGEN))
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL1_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_ENCAP))
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL1_ENCAP);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_KEYGEN))
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL3_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_ENCAP))
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL3_ENCAP);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_KEYGEN))
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL5_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_ENCAP))
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL5_ENCAP);
#ifdef HAVE_FALCON
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
bench_falconKeySign(1);

17
wolfcrypt/src/ext_kyber.c
View File

@ -26,10 +26,6 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#if defined(WOLFSSL_KYBER_90S) && defined(HAVE_PQM4)
#error "KYBER-90s is not supported when building PQM4"
#endif
#ifdef WOLFSSL_HAVE_KYBER
#include <wolfssl/wolfcrypt/ext_kyber.h>
@ -41,21 +37,22 @@
#endif
#if defined (HAVE_LIBOQS)
static const char* OQS_ID2name(int id) {
switch (id) {
#ifdef WOLFSSL_KYBER_90S
case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512_90s;
case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768_90s;
case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024_90s;
#else
case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
#endif
default: break;
}
return NULL;
}
int ext_kyber_enabled(int id)
{
const char * name = OQS_ID2name(id);
return OQS_KEM_alg_is_enabled(name);
}
#endif
/******************************************************************************/

1818
wolfcrypt/test/test.c
View File

File diff suppressed because it is too large Load Diff

12
wolfssl/ssl.h
View File

@ -3945,20 +3945,14 @@ enum {
WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */
WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */
WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */
WOLFSSL_KYBER_90S_LEVEL1 = 574, /* KYBER_90S_512 */
WOLFSSL_KYBER_90S_LEVEL3 = 575, /* KYBER_90S_768 */
WOLFSSL_KYBER_90S_LEVEL5 = 576, /* KYBER_90S_1024 */
WOLFSSL_PQC_SIMPLE_MAX = 576,
WOLFSSL_PQC_SIMPLE_MAX = 573,
WOLFSSL_PQC_HYBRID_MIN = 12052,
WOLFSSL_P256_KYBER_LEVEL1 = 12090,
WOLFSSL_P384_KYBER_LEVEL3 = 12092,
WOLFSSL_P521_KYBER_LEVEL5 = 12093,
WOLFSSL_P256_KYBER_90S_LEVEL1 = 12094,
WOLFSSL_P384_KYBER_90S_LEVEL3 = 12095,
WOLFSSL_P521_KYBER_90S_LEVEL5 = 12096,
WOLFSSL_PQC_HYBRID_MAX = 12096,
WOLFSSL_PQC_MAX = 12096,
WOLFSSL_PQC_HYBRID_MAX = 12093,
WOLFSSL_PQC_MAX = 12093,
#endif
};

4
wolfssl/wolfcrypt/ext_kyber.h
View File

@ -22,7 +22,6 @@
#ifndef EXT_KYBER_H
#define EXT_KYBER_H
#ifdef WOLFSSL_HAVE_KYBER
#include <wolfssl/wolfcrypt/kyber.h>
@ -61,5 +60,8 @@ struct KyberKey {
byte pub[EXT_KYBER_MAX_PUB_SZ];
};
#if defined (HAVE_LIBOQS)
WOLFSSL_LOCAL int ext_kyber_enabled(int id);
#endif
#endif /* WOLFSSL_HAVE_KYBER */
#endif /* EXT_KYBER_H */

6
wolfssl/wolfcrypt/settings.h
View File

@ -2785,12 +2785,16 @@ extern void uITRON4_free(void *p) ;
#define HAVE_FALCON
#define HAVE_DILITHIUM
#define HAVE_SPHINCS
#define HAVE_KYBER
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_KYBER512
#define WOLFSSL_KYBER768
#define WOLFSSL_KYBER1024
#endif
#ifdef HAVE_PQM4
#define HAVE_PQC
#define HAVE_KYBER
#define WOLFSSL_KYBER512
#endif
#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \