diff --git a/examples/client/client.c b/examples/client/client.c index 8b3d37b72..01cad65a8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -365,108 +365,108 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, if (useLibOqs) { int group = 0; - if (XSTRNCMP(oqsAlg, "KYBER512", XSTRLEN("KYBER512")) == 0) { - group = WOLFSSL_KYBER512; + if (XSTRNCMP(oqsAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) { + group = WOLFSSL_KYBER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "KYBER768", - XSTRLEN("KYBER768")) == 0) { - group = WOLFSSL_KYBER768; + else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL3", + XSTRLEN("KYBER_LEVEL3")) == 0) { + group = WOLFSSL_KYBER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "KYBER1024", - XSTRLEN("KYBER1024")) == 0) { - group = WOLFSSL_KYBER1024; + else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL5", + XSTRLEN("KYBER_LEVEL5")) == 0) { + group = WOLFSSL_KYBER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS2048509", - XSTRLEN("NTRU_HPS2048509")) == 0) { - group = WOLFSSL_NTRU_HPS2048509; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL1", + XSTRLEN("NTRU_HPS_LEVEL1")) == 0) { + group = WOLFSSL_NTRU_HPS_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS2048677", - XSTRLEN("NTRU_HPS2048677")) == 0) { - group = WOLFSSL_NTRU_HPS2048677; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL3", + XSTRLEN("NTRU_HPS_LEVEL3")) == 0) { + group = WOLFSSL_NTRU_HPS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS4096821", - XSTRLEN("NTRU_HPS4096821")) == 0) { - group = WOLFSSL_NTRU_HPS4096821; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL5", + XSTRLEN("NTRU_HPS_LEVEL5")) == 0) { + group = WOLFSSL_NTRU_HPS_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "NTRU_HRSS701", - XSTRLEN("NTRU_HRSS701")) == 0) { - group = WOLFSSL_NTRU_HRSS701; + else if (XSTRNCMP(oqsAlg, "NTRU_HRSS_LEVEL3", + XSTRLEN("NTRU_HRSS_LEVEL3")) == 0) { + group = WOLFSSL_NTRU_HRSS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "LIGHTSABER", - XSTRLEN("LIGHTSABER")) == 0) { - group = WOLFSSL_LIGHTSABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL1", + XSTRLEN("SABER_LEVEL1")) == 0) { + group = WOLFSSL_SABER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "SABER", - XSTRLEN("SABER")) == 0) { - group = WOLFSSL_SABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL3", + XSTRLEN("SABER_LEVEL3")) == 0) { + group = WOLFSSL_SABER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "FIRESABER", - XSTRLEN("FIRESABER")) == 0) { - group = WOLFSSL_FIRESABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL5", + XSTRLEN("SABER_LEVEL5")) == 0) { + group = WOLFSSL_SABER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "KYBER90S512", - XSTRLEN("KYBER90S512")) == 0) { - group = WOLFSSL_KYBER90S512; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL1", + XSTRLEN("KYBER_90S_LEVEL1")) == 0) { + group = WOLFSSL_KYBER_90S_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "KYBER90S768", - XSTRLEN("KYBER90S768")) == 0) { - group = WOLFSSL_KYBER90S768; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL3", + XSTRLEN("KYBER_90S_LEVEL3")) == 0) { + group = WOLFSSL_KYBER_90S_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "KYBER90S1024", - XSTRLEN("KYBER90S1024")) == 0) { - group = WOLFSSL_KYBER90S1024; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL5", + XSTRLEN("KYBER_90S_LEVEL5")) == 0) { + group = WOLFSSL_KYBER_90S_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_NTRUHPS2048509", - XSTRLEN("P256_NTRUHPS2048509")) == 0) { - group = WOLFSSL_P256_NTRU_HPS2048509; + else if (XSTRNCMP(oqsAlg, "P256_NTRU_HPS_LEVEL1", + XSTRLEN("P256_NTRU_HPS_LEVEL1")) == 0) { + group = WOLFSSL_P256_NTRU_HPS_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_NTRUHPS2048677", - XSTRLEN("P384_NTRUHPS2048677")) == 0) { - group = WOLFSSL_P384_NTRU_HPS2048677; + else if (XSTRNCMP(oqsAlg, "P384_NTRU_HPS_LEVEL3", + XSTRLEN("P384_NTRU_HPS_LEVEL3")) == 0) { + group = WOLFSSL_P384_NTRU_HPS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_NTRUHPS4096821", - XSTRLEN("P521_NTRUHPS4096821")) == 0) { - group = WOLFSSL_P521_NTRU_HPS4096821; + else if (XSTRNCMP(oqsAlg, "P521_NTRU_HPS_LEVEL5", + XSTRLEN("P521_NTRU_HPS_LEVEL5")) == 0) { + group = WOLFSSL_P521_NTRU_HPS_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P384_NTRUHRSS701", - XSTRLEN("P384_NTRUHRSS701")) == 0) { - group = WOLFSSL_P384_NTRU_HRSS701; + else if (XSTRNCMP(oqsAlg, "P384_NTRU_HRSS_LEVEL3", + XSTRLEN("P384_NTRU_HRSS_LEVEL3")) == 0) { + group = WOLFSSL_P384_NTRU_HRSS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P256_LIGHTSABER", - XSTRLEN("P256_LIGHTSABER")) == 0) { - group = WOLFSSL_P256_LIGHTSABER; + else if (XSTRNCMP(oqsAlg, "P256_SABER_LEVEL1", + XSTRLEN("P256_SABER_LEVEL1")) == 0) { + group = WOLFSSL_P256_SABER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_SABER", - XSTRLEN("P384_SABER")) == 0) { - group = WOLFSSL_P384_SABER; + else if (XSTRNCMP(oqsAlg, "P384_SABER_LEVEL3", + XSTRLEN("P384_SABER_LEVEL3")) == 0) { + group = WOLFSSL_P384_SABER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_FIRESABER", - XSTRLEN("P521_FIRESABER")) == 0) { - group = WOLFSSL_P521_FIRESABER; + else if (XSTRNCMP(oqsAlg, "P521_SABER_LEVEL5", + XSTRLEN("P521_SABER_LEVEL5")) == 0) { + group = WOLFSSL_P521_SABER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_KYBER512", - XSTRLEN("P256_KYBER512")) == 0) { - group = WOLFSSL_P256_KYBER512; + else if (XSTRNCMP(oqsAlg, "P256_KYBER_LEVEL1", + XSTRLEN("P256_KYBER_LEVEL1")) == 0) { + group = WOLFSSL_P256_KYBER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_KYBER768", - XSTRLEN("P384_KYBER768")) == 0) { - group = WOLFSSL_P384_KYBER768; + else if (XSTRNCMP(oqsAlg, "P384_KYBER_LEVEL3", + XSTRLEN("P384_KYBER_LEVEL3")) == 0) { + group = WOLFSSL_P384_KYBER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_KYBER1024", - XSTRLEN("P521_KYBER1024")) == 0) { - group = WOLFSSL_P521_KYBER1024; + else if (XSTRNCMP(oqsAlg, "P521_KYBER_LEVEL5", + XSTRLEN("P521_KYBER_LEVEL5")) == 0) { + group = WOLFSSL_P521_KYBER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_KYBER90S512", - XSTRLEN("P256_KYBER90S512")) == 0) { - group = WOLFSSL_P256_KYBER90S512; + else if (XSTRNCMP(oqsAlg, "P256_KYBER_90S_LEVEL1", + XSTRLEN("P256_KYBER_90S_LEVEL1")) == 0) { + group = WOLFSSL_P256_KYBER_90S_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_KYBER90S768", - XSTRLEN("P384_KYBER90S768")) == 0) { - group = WOLFSSL_P384_KYBER90S768; + else if (XSTRNCMP(oqsAlg, "P384_KYBER_90S_LEVEL3", + XSTRLEN("P384_KYBER_90S_LEVEL3")) == 0) { + group = WOLFSSL_P384_KYBER_90S_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_KYBER90S1024", - XSTRLEN("P521_KYBER90S1024")) == 0) { - group = WOLFSSL_P521_KYBER90S1024; + else if (XSTRNCMP(oqsAlg, "P521_KYBER_90S_LEVEL5", + XSTRLEN("P521_KYBER_90S_LEVEL5")) == 0) { + group = WOLFSSL_P521_KYBER_90S_LEVEL5; } else { err_sys("invalid OQS KEM specified"); } @@ -1303,13 +1303,13 @@ static const char* client_usage_msg[][70] = { #endif #ifdef HAVE_LIBOQS "--oqs Key Share with specified liboqs algorithm only\n", - "[KYBER512, KYBER768, KYBER1024, KYBER90S512, KYBER90S768, KYBER90S1024,\n", - " NTRU_HPS2048509, NTRU_HPS2048677, NTRU_HPS4096821, NTRU_HRSS701,\n", - " LIGHTSABER, SABER, FIRESABER, P256_NTRUHPS2048509,\n" - " P384_NTRUHPS2048677, P521_NTRUHPS4096821, P384_NTRUHRSS701,\n" - " P256_LIGHTSABER, P384_SABER, P521_FIRESABER, P256_KYBER512,\n" - " P384_KYBER768, P521_KYBER1024, P256_KYBER90S512, P384_KYBER90S768,\n" - " P521_KYBER90S1024]\n\n", /* 70 */ + "[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n", + " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n", + " SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n" + " P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n" + " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n" + " P521_KYBER_90S_LEVEL5]\n\n", /* 70 */ #endif "For simpler wolfSSL TLS client examples, visit\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 71 */ @@ -1513,13 +1513,13 @@ static const char* client_usage_msg[][70] = { #endif #ifdef HAVE_LIBOQS "--oqs liboqs 名前付きグループとの鍵共有のみ\n", - "[KYBER512, KYBER768, KYBER1024, KYBER90S512, KYBER90S768, KYBER90S1024,\n", - " NTRU_HPS2048509, NTRU_HPS2048677, NTRU_HPS4096821, NTRU_HRSS701,\n", - " LIGHTSABER, SABER, FIRESABER, P256_NTRUHPS2048509,\n" - " P384_NTRUHPS2048677, P521_NTRUHPS4096821, P384_NTRUHRSS701,\n" - " P256_LIGHTSABER, P384_SABER, P521_FIRESABER, P256_KYBER512,\n" - " P384_KYBER768, P521_KYBER1024, P256_KYBER90S512, P384_KYBER90S768,\n" - " P521_KYBER90S1024]\n\n", /* 70 */ + "[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n", + " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n", + " LIGHTSABER, SABER, FIRESABER, P256_NTRU_HPS_LEVEL1,\n" + " P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n" + " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n" + " P521_KYBER_90S_LEVEL5]\n\n", /* 70 */ #endif "For simpler wolfSSL TLS client examples, visit\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 71 */ diff --git a/examples/server/server.c b/examples/server/server.c index 0a558ed6d..3bd37116e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -632,108 +632,108 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, else if (useLibOqs == 1) { #ifdef HAVE_LIBOQS groups[count] = 0; - if (XSTRNCMP(oqsAlg, "KYBER512", XSTRLEN("KYBER512")) == 0) { - groups[count] = WOLFSSL_KYBER512; + if (XSTRNCMP(oqsAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "KYBER768", - XSTRLEN("KYBER768")) == 0) { - groups[count] = WOLFSSL_KYBER768; + else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL3", + XSTRLEN("KYBER_LEVEL3")) == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "KYBER1024", - XSTRLEN("KYBER1024")) == 0) { - groups[count] = WOLFSSL_KYBER1024; + else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL5", + XSTRLEN("KYBER_LEVEL5")) == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS2048509", - XSTRLEN("NTRU_HPS2048509")) == 0) { - groups[count] = WOLFSSL_NTRU_HPS2048509; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL1", + XSTRLEN("NTRU_HPS_LEVEL1")) == 0) { + groups[count] = WOLFSSL_NTRU_HPS_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS2048677", - XSTRLEN("NTRU_HPS2048677")) == 0) { - groups[count] = WOLFSSL_NTRU_HPS2048677; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL3", + XSTRLEN("NTRU_HPS_LEVEL3")) == 0) { + groups[count] = WOLFSSL_NTRU_HPS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "NTRU_HPS4096821", - XSTRLEN("NTRU_HPS4096821")) == 0) { - groups[count] = WOLFSSL_NTRU_HPS4096821; + else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL5", + XSTRLEN("NTRU_HPS_LEVEL5")) == 0) { + groups[count] = WOLFSSL_NTRU_HPS_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "NTRU_HRSS701", - XSTRLEN("NTRU_HRSS701")) == 0) { - groups[count] = WOLFSSL_NTRU_HRSS701; + else if (XSTRNCMP(oqsAlg, "NTRU_HRSS_LEVEL3", + XSTRLEN("NTRU_HRSS_LEVEL3")) == 0) { + groups[count] = WOLFSSL_NTRU_HRSS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "LIGHTSABER", - XSTRLEN("LIGHTSABER")) == 0) { - groups[count] = WOLFSSL_LIGHTSABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL1", + XSTRLEN("SABER_LEVEL1")) == 0) { + groups[count] = WOLFSSL_SABER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "SABER", - XSTRLEN("SABER")) == 0) { - groups[count] = WOLFSSL_SABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL3", + XSTRLEN("SABER_LEVEL3")) == 0) { + groups[count] = WOLFSSL_SABER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "FIRESABER", - XSTRLEN("FIRESABER")) == 0) { - groups[count] = WOLFSSL_FIRESABER; + else if (XSTRNCMP(oqsAlg, "SABER_LEVEL5", + XSTRLEN("SABER_LEVEL5")) == 0) { + groups[count] = WOLFSSL_SABER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "KYBER90S512", - XSTRLEN("KYBER90S512")) == 0) { - groups[count] = WOLFSSL_KYBER90S512; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL1", + XSTRLEN("KYBER_90S_LEVEL1")) == 0) { + groups[count] = WOLFSSL_KYBER_90S_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "KYBER90S768", - XSTRLEN("KYBER90S768")) == 0) { - groups[count] = WOLFSSL_KYBER90S768; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL3", + XSTRLEN("KYBER_90S_LEVEL3")) == 0) { + groups[count] = WOLFSSL_KYBER_90S_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "KYBER90S1024", - XSTRLEN("KYBER90S1024")) == 0) { - groups[count] = WOLFSSL_KYBER90S1024; + else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL5", + XSTRLEN("KYBER_90S_LEVEL5")) == 0) { + groups[count] = WOLFSSL_KYBER_90S_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_NTRUHPS2048509", - XSTRLEN("P256_NTRUHPS2048509")) == 0) { - groups[count] = WOLFSSL_P256_NTRU_HPS2048509; + else if (XSTRNCMP(oqsAlg, "P256_NTRU_HPS_LEVEL1", + XSTRLEN("P256_NTRU_HPS_LEVEL1")) == 0) { + groups[count] = WOLFSSL_P256_NTRU_HPS_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_NTRUHPS2048677", - XSTRLEN("P384_NTRUHPS2048677")) == 0) { - groups[count] = WOLFSSL_P384_NTRU_HPS2048677; + else if (XSTRNCMP(oqsAlg, "P384_NTRU_HPS_LEVEL3", + XSTRLEN("P384_NTRU_HPS_LEVEL3")) == 0) { + groups[count] = WOLFSSL_P384_NTRU_HPS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_NTRUHPS4096821", - XSTRLEN("P521_NTRUHPS4096821")) == 0) { - groups[count] = WOLFSSL_P521_NTRU_HPS4096821; + else if (XSTRNCMP(oqsAlg, "P521_NTRU_HPS_LEVEL5", + XSTRLEN("P521_NTRU_HPS_LEVEL5")) == 0) { + groups[count] = WOLFSSL_P521_NTRU_HPS_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P384_NTRUHRSS701", - XSTRLEN("P384_NTRUHRSS701")) == 0) { - groups[count] = WOLFSSL_P384_NTRU_HRSS701; + else if (XSTRNCMP(oqsAlg, "P384_NTRU_HRSS_LEVEL3", + XSTRLEN("P384_NTRU_HRSS_LEVEL3")) == 0) { + groups[count] = WOLFSSL_P384_NTRU_HRSS_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P256_LIGHTSABER", - XSTRLEN("P256_LIGHTSABER")) == 0) { - groups[count] = WOLFSSL_P256_LIGHTSABER; + else if (XSTRNCMP(oqsAlg, "P256_SABER_LEVEL1", + XSTRLEN("P256_SABER_LEVEL1")) == 0) { + groups[count] = WOLFSSL_P256_SABER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_SABER", - XSTRLEN("P384_SABER")) == 0) { - groups[count] = WOLFSSL_P384_SABER; + else if (XSTRNCMP(oqsAlg, "P384_SABER_LEVEL3", + XSTRLEN("P384_SABER_LEVEL3")) == 0) { + groups[count] = WOLFSSL_P384_SABER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_FIRESABER", - XSTRLEN("P521_FIRESABER")) == 0) { - groups[count] = WOLFSSL_P521_FIRESABER; + else if (XSTRNCMP(oqsAlg, "P521_SABER_LEVEL5", + XSTRLEN("P521_SABER_LEVEL5")) == 0) { + groups[count] = WOLFSSL_P521_SABER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_KYBER512", - XSTRLEN("P256_KYBER512")) == 0) { - groups[count] = WOLFSSL_P256_KYBER512; + else if (XSTRNCMP(oqsAlg, "P256_KYBER_LEVEL1", + XSTRLEN("P256_KYBER_LEVEL1")) == 0) { + groups[count] = WOLFSSL_P256_KYBER_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_KYBER768", - XSTRLEN("P384_KYBER768")) == 0) { - groups[count] = WOLFSSL_P384_KYBER768; + else if (XSTRNCMP(oqsAlg, "P384_KYBER_LEVEL3", + XSTRLEN("P384_KYBER_LEVEL3")) == 0) { + groups[count] = WOLFSSL_P384_KYBER_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_KYBER1024", - XSTRLEN("P521_KYBER1024")) == 0) { - groups[count] = WOLFSSL_P521_KYBER1024; + else if (XSTRNCMP(oqsAlg, "P521_KYBER_LEVEL5", + XSTRLEN("P521_KYBER_LEVEL5")) == 0) { + groups[count] = WOLFSSL_P521_KYBER_LEVEL5; } - else if (XSTRNCMP(oqsAlg, "P256_KYBER90S512", - XSTRLEN("P256_KYBER90S512")) == 0) { - groups[count] = WOLFSSL_P256_KYBER90S512; + else if (XSTRNCMP(oqsAlg, "P256_KYBER_90S_LEVEL1", + XSTRLEN("P256_KYBER_90S_LEVEL1")) == 0) { + groups[count] = WOLFSSL_P256_KYBER_90S_LEVEL1; } - else if (XSTRNCMP(oqsAlg, "P384_KYBER90S768", - XSTRLEN("P384_KYBER90S768")) == 0) { - groups[count] = WOLFSSL_P384_KYBER90S768; + else if (XSTRNCMP(oqsAlg, "P384_KYBER_90S_LEVEL3", + XSTRLEN("P384_KYBER_90S_LEVEL3")) == 0) { + groups[count] = WOLFSSL_P384_KYBER_90S_LEVEL3; } - else if (XSTRNCMP(oqsAlg, "P521_KYBER90S1024", - XSTRLEN("P521_KYBER90S1024")) == 0) { - groups[count] = WOLFSSL_P521_KYBER90S1024; + else if (XSTRNCMP(oqsAlg, "P521_KYBER_90S_LEVEL5", + XSTRLEN("P521_KYBER_90S_LEVEL5")) == 0) { + groups[count] = WOLFSSL_P521_KYBER_90S_LEVEL5; } if (groups[count] == 0) { @@ -950,13 +950,13 @@ static const char* server_usage_msg[][60] = { #endif #ifdef HAVE_LIBOQS "--oqs Key Share with specified liboqs algorithm only\n", - "[KYBER512, KYBER768, KYBER1024, KYBER90S512, KYBER90S768, KYBER90S1024,\n", - " NTRU_HPS2048509, NTRU_HPS2048677, NTRU_HPS4096821, NTRU_HRSS701,\n", - " LIGHTSABER, SABER, FIRESABER, P256_NTRUHPS2048509,\n" - " P384_NTRUHPS2048677, P521_NTRUHPS4096821, P384_NTRUHRSS701,\n" - " P256_LIGHTSABER, P384_SABER, P521_FIRESABER, P256_KYBER512,\n" - " P384_KYBER768, P521_KYBER1024, P256_KYBER90S512, P384_KYBER90S768,\n" - " P521_KYBER90S1024]\n\n", /* 60 */ + "[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n", + " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n", + " SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n" + " P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n" + " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n" + " P521_KYBER_90S_LEVEL5]\n\n", /* 60 */ #endif "For simpler wolfSSL TLS server examples, visit\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 61 */ @@ -1117,13 +1117,13 @@ static const char* server_usage_msg[][60] = { #endif #ifdef HAVE_LIBOQS "--oqs liboqs 名前付きグループとの鍵共有のみ\n", - "[KYBER512, KYBER768, KYBER1024, KYBER90S512, KYBER90S768, KYBER90S1024,\n", - " NTRU_HPS2048509, NTRU_HPS2048677, NTRU_HPS4096821, NTRU_HRSS701,\n", - " LIGHTSABER, SABER, FIRESABER, P256_NTRUHPS2048509,\n" - " P384_NTRUHPS2048677, P521_NTRUHPS4096821, P384_NTRUHRSS701,\n" - " P256_LIGHTSABER, P384_SABER, P521_FIRESABER, P256_KYBER512,\n" - " P384_KYBER768, P521_KYBER1024, P256_KYBER90S512, P384_KYBER90S768,\n" - " P521_KYBER90S1024]\n\n", /* 60 */ + "[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n", + " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n", + " SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n" + " P384_NTRU_HPS_LEVEL1, P521_NTRU_HPS_LEVEL3, P384_NTRU_HRS_LEVEL5,\n" + " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n" + " P521_KYBER_90S_LEVEL5]\n\n", /* 60 */ #endif "For simpler wolfSSL TLS server examples, visit\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 61 */ diff --git a/src/ssl.c b/src/ssl.c index 5938d669f..36b5141e8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2527,32 +2527,32 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_FFDHE_8192: #ifdef HAVE_LIBOQS - case WOLFSSL_KYBER512: - case WOLFSSL_KYBER768: - case WOLFSSL_KYBER1024: - case WOLFSSL_NTRU_HPS2048509: - case WOLFSSL_NTRU_HPS2048677: - case WOLFSSL_NTRU_HPS4096821: - case WOLFSSL_NTRU_HRSS701: - case WOLFSSL_LIGHTSABER: - case WOLFSSL_SABER: - case WOLFSSL_FIRESABER: - case WOLFSSL_KYBER90S512: - case WOLFSSL_KYBER90S768: - case WOLFSSL_KYBER90S1024: - case WOLFSSL_P256_NTRU_HPS2048509: - case WOLFSSL_P384_NTRU_HPS2048677: - case WOLFSSL_P521_NTRU_HPS4096821: - case WOLFSSL_P384_NTRU_HRSS701: - case WOLFSSL_P256_LIGHTSABER: - case WOLFSSL_P384_SABER: - case WOLFSSL_P521_FIRESABER: - case WOLFSSL_P256_KYBER512: - case WOLFSSL_P384_KYBER768: - case WOLFSSL_P521_KYBER1024: - case WOLFSSL_P256_KYBER90S512: - case WOLFSSL_P384_KYBER90S768: - case WOLFSSL_P521_KYBER90S1024: + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: + case WOLFSSL_NTRU_HPS_LEVEL1: + case WOLFSSL_NTRU_HPS_LEVEL3: + case WOLFSSL_NTRU_HPS_LEVEL5: + case WOLFSSL_NTRU_HRSS_LEVEL3: + case WOLFSSL_SABER_LEVEL1: + case WOLFSSL_SABER_LEVEL3: + case WOLFSSL_SABER_LEVEL5: + case WOLFSSL_KYBER_90S_LEVEL1: + case WOLFSSL_KYBER_90S_LEVEL3: + case WOLFSSL_KYBER_90S_LEVEL5: + case WOLFSSL_P256_NTRU_HPS_LEVEL1: + case WOLFSSL_P384_NTRU_HPS_LEVEL3: + case WOLFSSL_P521_NTRU_HPS_LEVEL5: + case WOLFSSL_P384_NTRU_HRSS_LEVEL3: + case WOLFSSL_P256_SABER_LEVEL1: + case WOLFSSL_P384_SABER_LEVEL3: + case WOLFSSL_P521_SABER_LEVEL5: + case WOLFSSL_P256_KYBER_LEVEL1: + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_P256_KYBER_90S_LEVEL1: + case WOLFSSL_P384_KYBER_90S_LEVEL3: + case WOLFSSL_P521_KYBER_90S_LEVEL5: #endif return 1; diff --git a/src/tls.c b/src/tls.c index 85e8c88d0..43945a4db 100644 --- a/src/tls.c +++ b/src/tls.c @@ -7137,20 +7137,20 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) static const char* OQS_ID2name(int id) { switch (id) { - case WOLFSSL_KYBER512: return OQS_KEM_alg_kyber_512; - case WOLFSSL_KYBER768: return OQS_KEM_alg_kyber_768; - case WOLFSSL_KYBER1024: return OQS_KEM_alg_kyber_1024; - case WOLFSSL_NTRU_HPS2048509: return OQS_KEM_alg_ntru_hps2048509; - case WOLFSSL_NTRU_HPS2048677: return OQS_KEM_alg_ntru_hps2048677; - case WOLFSSL_NTRU_HPS4096821: return OQS_KEM_alg_ntru_hps4096821; - case WOLFSSL_NTRU_HRSS701: return OQS_KEM_alg_ntru_hrss701; - case WOLFSSL_LIGHTSABER: return OQS_KEM_alg_saber_lightsaber; - case WOLFSSL_SABER: return OQS_KEM_alg_saber_saber; - case WOLFSSL_FIRESABER: return OQS_KEM_alg_saber_firesaber; - case WOLFSSL_KYBER90S512: return OQS_KEM_alg_kyber_512_90s; - case WOLFSSL_KYBER90S768: return OQS_KEM_alg_kyber_768_90s; - case WOLFSSL_KYBER90S1024: return OQS_KEM_alg_kyber_1024_90s; - default: break; + case WOLFSSL_KYBER_LEVEL1: return OQS_KEM_alg_kyber_512; + case WOLFSSL_KYBER_LEVEL3: return OQS_KEM_alg_kyber_768; + case WOLFSSL_KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024; + case WOLFSSL_NTRU_HPS_LEVEL1: return OQS_KEM_alg_ntru_hps2048509; + case WOLFSSL_NTRU_HPS_LEVEL3: return OQS_KEM_alg_ntru_hps2048677; + case WOLFSSL_NTRU_HPS_LEVEL5: return OQS_KEM_alg_ntru_hps4096821; + case WOLFSSL_NTRU_HRSS_LEVEL3: return OQS_KEM_alg_ntru_hrss701; + case WOLFSSL_SABER_LEVEL1: return OQS_KEM_alg_saber_lightsaber; + case WOLFSSL_SABER_LEVEL3: return OQS_KEM_alg_saber_saber; + case WOLFSSL_SABER_LEVEL5: return OQS_KEM_alg_saber_firesaber; + case WOLFSSL_KYBER_90S_LEVEL1: return OQS_KEM_alg_kyber_512_90s; + case WOLFSSL_KYBER_90S_LEVEL3: return OQS_KEM_alg_kyber_768_90s; + case WOLFSSL_KYBER_90S_LEVEL5: return OQS_KEM_alg_kyber_1024_90s; + default: break; } return NULL; } @@ -7162,32 +7162,32 @@ typedef struct OqsHybridMapping { } OqsHybridMapping; static const OqsHybridMapping oqs_hybrid_mapping[] = { - {.hybrid = WOLFSSL_P256_NTRU_HPS2048509, .ecc = WOLFSSL_ECC_SECP256R1, - .oqs = WOLFSSL_NTRU_HPS2048509}, - {.hybrid = WOLFSSL_P384_NTRU_HPS2048677, .ecc = WOLFSSL_ECC_SECP384R1, - .oqs = WOLFSSL_NTRU_HPS2048677}, - {.hybrid = WOLFSSL_P521_NTRU_HPS4096821, .ecc = WOLFSSL_ECC_SECP521R1, - .oqs = WOLFSSL_NTRU_HPS4096821}, - {.hybrid = WOLFSSL_P384_NTRU_HRSS701, .ecc = WOLFSSL_ECC_SECP384R1, - .oqs = WOLFSSL_NTRU_HRSS701}, - {.hybrid = WOLFSSL_P256_LIGHTSABER, .ecc = WOLFSSL_ECC_SECP256R1, - .oqs = WOLFSSL_LIGHTSABER}, - {.hybrid = WOLFSSL_P384_SABER, .ecc = WOLFSSL_ECC_SECP384R1, - .oqs = WOLFSSL_SABER}, - {.hybrid = WOLFSSL_P521_FIRESABER, .ecc = WOLFSSL_ECC_SECP521R1, - .oqs = WOLFSSL_FIRESABER}, - {.hybrid = WOLFSSL_P256_KYBER512, .ecc = WOLFSSL_ECC_SECP256R1, - .oqs = WOLFSSL_KYBER512}, - {.hybrid = WOLFSSL_P384_KYBER768, .ecc = WOLFSSL_ECC_SECP384R1, - .oqs = WOLFSSL_KYBER768}, - {.hybrid = WOLFSSL_P521_KYBER1024, .ecc = WOLFSSL_ECC_SECP521R1, - .oqs = WOLFSSL_KYBER1024}, - {.hybrid = WOLFSSL_P256_KYBER90S512, .ecc = WOLFSSL_ECC_SECP256R1, - .oqs = WOLFSSL_KYBER90S512}, - {.hybrid = WOLFSSL_P384_KYBER90S768, .ecc = WOLFSSL_ECC_SECP384R1, - .oqs = WOLFSSL_KYBER90S768}, - {.hybrid = WOLFSSL_P521_KYBER90S1024, .ecc = WOLFSSL_ECC_SECP521R1, - .oqs = WOLFSSL_KYBER90S1024}, + {.hybrid = WOLFSSL_P256_NTRU_HPS_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .oqs = WOLFSSL_NTRU_HPS_LEVEL1}, + {.hybrid = WOLFSSL_P384_NTRU_HPS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .oqs = WOLFSSL_NTRU_HPS_LEVEL3}, + {.hybrid = WOLFSSL_P521_NTRU_HPS_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .oqs = WOLFSSL_NTRU_HPS_LEVEL5}, + {.hybrid = WOLFSSL_P384_NTRU_HRSS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .oqs = WOLFSSL_NTRU_HRSS_LEVEL3}, + {.hybrid = WOLFSSL_P256_SABER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .oqs = WOLFSSL_SABER_LEVEL1}, + {.hybrid = WOLFSSL_P384_SABER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .oqs = WOLFSSL_SABER_LEVEL3}, + {.hybrid = WOLFSSL_P521_SABER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .oqs = WOLFSSL_SABER_LEVEL5}, + {.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .oqs = WOLFSSL_KYBER_LEVEL1}, + {.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .oqs = WOLFSSL_KYBER_LEVEL3}, + {.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .oqs = WOLFSSL_KYBER_LEVEL5}, + {.hybrid = WOLFSSL_P256_KYBER_90S_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .oqs = WOLFSSL_KYBER_90S_LEVEL1}, + {.hybrid = WOLFSSL_P384_KYBER_90S_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .oqs = WOLFSSL_KYBER_90S_LEVEL3}, + {.hybrid = WOLFSSL_P521_KYBER_90S_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .oqs = WOLFSSL_KYBER_90S_LEVEL5}, {.hybrid = 0, .ecc = 0, .oqs = 0} }; @@ -8700,32 +8700,32 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) #endif #endif #ifdef HAVE_LIBOQS - case WOLFSSL_KYBER512: - case WOLFSSL_KYBER768: - case WOLFSSL_KYBER1024: - case WOLFSSL_NTRU_HPS2048509: - case WOLFSSL_NTRU_HPS2048677: - case WOLFSSL_NTRU_HPS4096821: - case WOLFSSL_NTRU_HRSS701: - case WOLFSSL_LIGHTSABER: - case WOLFSSL_SABER: - case WOLFSSL_FIRESABER: - case WOLFSSL_KYBER90S512: - case WOLFSSL_KYBER90S768: - case WOLFSSL_KYBER90S1024: - case WOLFSSL_P256_NTRU_HPS2048509: - case WOLFSSL_P384_NTRU_HPS2048677: - case WOLFSSL_P521_NTRU_HPS4096821: - case WOLFSSL_P384_NTRU_HRSS701: - case WOLFSSL_P256_LIGHTSABER: - case WOLFSSL_P384_SABER: - case WOLFSSL_P521_FIRESABER: - case WOLFSSL_P256_KYBER512: - case WOLFSSL_P384_KYBER768: - case WOLFSSL_P521_KYBER1024: - case WOLFSSL_P256_KYBER90S512: - case WOLFSSL_P384_KYBER90S768: - case WOLFSSL_P521_KYBER90S1024: + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: + case WOLFSSL_NTRU_HPS_LEVEL1: + case WOLFSSL_NTRU_HPS_LEVEL3: + case WOLFSSL_NTRU_HPS_LEVEL5: + case WOLFSSL_NTRU_HRSS_LEVEL3: + case WOLFSSL_SABER_LEVEL1: + case WOLFSSL_SABER_LEVEL3: + case WOLFSSL_SABER_LEVEL5: + case WOLFSSL_KYBER_90S_LEVEL1: + case WOLFSSL_KYBER_90S_LEVEL3: + case WOLFSSL_KYBER_90S_LEVEL5: + case WOLFSSL_P256_NTRU_HPS_LEVEL1: + case WOLFSSL_P384_NTRU_HPS_LEVEL3: + case WOLFSSL_P521_NTRU_HPS_LEVEL5: + case WOLFSSL_P384_NTRU_HRSS_LEVEL3: + case WOLFSSL_P256_SABER_LEVEL1: + case WOLFSSL_P384_SABER_LEVEL3: + case WOLFSSL_P521_SABER_LEVEL5: + case WOLFSSL_P256_KYBER_LEVEL1: + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_P256_KYBER_90S_LEVEL1: + case WOLFSSL_P384_KYBER_90S_LEVEL3: + case WOLFSSL_P521_KYBER_90S_LEVEL5: findEccOqs(NULL, &namedGroup, namedGroup); if (! OQS_KEM_alg_is_enabled(OQS_ID2name(namedGroup))) { return 0; @@ -8801,58 +8801,58 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group) /* For the liboqs groups we need to do a runtime check because * liboqs could be compiled to make an algorithm unavailable. */ - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER512)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER512; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER768)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER768; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER1024)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER1024; - if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048509)) - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048509; - if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS2048677)) - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS2048677; - if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS4096821)) - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS4096821; - if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HRSS701)) - ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS701; - if (TLSX_KeyShare_IsSupported(WOLFSSL_LIGHTSABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_LIGHTSABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_SABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_FIRESABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_FIRESABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S512)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S512; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S768)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S768; - if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER90S1024)) - ssl->group[ssl->numGroups++] = WOLFSSL_KYBER90S1024; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_NTRU_HPS2048509)) - ssl->group[ssl->numGroups++] = WOLFSSL_P256_NTRU_HPS2048509; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HPS2048677)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HPS2048677; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_NTRU_HPS4096821)) - ssl->group[ssl->numGroups++] = WOLFSSL_P521_NTRU_HPS4096821; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HRSS701)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HRSS701; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_LIGHTSABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_P256_LIGHTSABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_SABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_SABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_FIRESABER)) - ssl->group[ssl->numGroups++] = WOLFSSL_P521_FIRESABER; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER512)) - ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER512; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER768)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER768; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER1024)) - ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER1024; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER90S512)) - ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER90S512; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER90S768)) - ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER90S768; - if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER90S1024)) - ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER90S1024; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HRSS_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_NTRU_HPS_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_P256_NTRU_HPS_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HPS_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HPS_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_NTRU_HPS_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_P521_NTRU_HPS_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HRSS_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HRSS_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_SABER_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_P256_SABER_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_SABER_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_P384_SABER_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_SABER_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_P521_SABER_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER_LEVEL5; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_90S_LEVEL1)) + ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_90S_LEVEL1; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_90S_LEVEL3)) + ssl->group[ssl->numGroups++] = WOLFSSL_P384_KYBER_90S_LEVEL3; + if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_KYBER_90S_LEVEL5)) + ssl->group[ssl->numGroups++] = WOLFSSL_P521_KYBER_90S_LEVEL5; #endif } @@ -10885,75 +10885,81 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #endif #ifdef HAVE_LIBOQS - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER512, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER768, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER1024, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS2048509, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS2048677, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS4096821, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HRSS701, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_LIGHTSABER, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FIRESABER, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER90S512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL5, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER90S768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HRSS_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER90S1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_NTRU_HPS2048509, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HPS2048677, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL5, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_NTRU_HPS4096821, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HRSS701, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_LIGHTSABER, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL5, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_SABER, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_FIRESABER, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_NTRU_HPS_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HPS_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_NTRU_HPS_LEVEL5, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HRSS_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER90S512, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_SABER_LEVEL1, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER90S768, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_SABER_LEVEL3, ssl->heap); if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER90S1024, + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_SABER_LEVEL5, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_90S_LEVEL1, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_90S_LEVEL3, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_90S_LEVEL5, ssl->heap); #endif /* HAVE_LIBOQS */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 60c77f888..24582b027 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3509,40 +3509,53 @@ enum { #ifdef HAVE_LIBOQS /* These group numbers were taken from liboqs' openssl fork, see: * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/ - * oqs-template/oqs-kem-info.md */ - WOLFSSL_OQS_MIN = 532, - WOLFSSL_OQS_SIMPLE_MIN = 532, - WOLFSSL_NTRU_HPS2048509 = 532, - WOLFSSL_NTRU_HPS2048677 = 533, - WOLFSSL_NTRU_HPS4096821 = 534, - WOLFSSL_NTRU_HRSS701 = 535, - WOLFSSL_LIGHTSABER = 536, - WOLFSSL_SABER = 537, - WOLFSSL_FIRESABER = 538, - WOLFSSL_KYBER512 = 570, - WOLFSSL_KYBER768 = 572, - WOLFSSL_KYBER1024 = 573, - WOLFSSL_KYBER90S512 = 574, - WOLFSSL_KYBER90S768 = 575, - WOLFSSL_KYBER90S1024 = 576, - WOLFSSL_OQS_SIMPLE_MAX = 576, + * oqs-template/oqs-kem-info.md. + * + * The levels in the group name refer to the claimed NIST level of each + * parameter set. The associated parameter set name is listed as a comment + * beside the group number. Please see the NIST PQC Competition's submitted + * papers for more details. + * + * LEVEL1 means that an attack on that parameter set would reqire the same + * or more resources as a key search on AES 128. LEVEL3 would reqire the + * same or more resources as a key search on AES 192. LEVEL5 would require + * the same or more resources as a key search on AES 256. None of the + * algorithms have LEVEL2 and LEVEL4 because none of these submissions + * included them. */ - WOLFSSL_OQS_HYBRID_MIN = 12052, - WOLFSSL_P256_NTRU_HPS2048509 = 12052, - WOLFSSL_P384_NTRU_HPS2048677 = 12053, - WOLFSSL_P521_NTRU_HPS4096821 = 12054, - WOLFSSL_P384_NTRU_HRSS701 = 12055, - WOLFSSL_P256_LIGHTSABER = 12056, - WOLFSSL_P384_SABER = 12057, - WOLFSSL_P521_FIRESABER = 12058, - WOLFSSL_P256_KYBER512 = 12090, - WOLFSSL_P384_KYBER768 = 12092, - WOLFSSL_P521_KYBER1024 = 12093, - WOLFSSL_P256_KYBER90S512 = 12094, - WOLFSSL_P384_KYBER90S768 = 12095, - WOLFSSL_P521_KYBER90S1024 = 12096, - WOLFSSL_OQS_HYBRID_MAX = 12096, - WOLFSSL_OQS_MAX = 12096, + WOLFSSL_OQS_MIN = 532, + WOLFSSL_OQS_SIMPLE_MIN = 532, + WOLFSSL_NTRU_HPS_LEVEL1 = 532, /* NTRU_HPS2048509 */ + WOLFSSL_NTRU_HPS_LEVEL3 = 533, /* NTRU_HPS2048677 */ + WOLFSSL_NTRU_HPS_LEVEL5 = 534, /* NTRU_HPS4096821 */ + WOLFSSL_NTRU_HRSS_LEVEL3 = 535, /* NTRU_HRSS701 */ + WOLFSSL_SABER_LEVEL1 = 536, /* LIGHTSABER */ + WOLFSSL_SABER_LEVEL3 = 537, /* SABER */ + WOLFSSL_SABER_LEVEL5 = 538, /* FIRESABER */ + WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ + WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ + WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ + WOLFSSL_KYBER_90S_LEVEL1 = 574, /* KYBER_90S_512 */ + WOLFSSL_KYBER_90S_LEVEL3 = 575, /* KYBER_90S_768 */ + WOLFSSL_KYBER_90S_LEVEL5 = 576, /* KYBER_90S_1024 */ + WOLFSSL_OQS_SIMPLE_MAX = 576, + + WOLFSSL_OQS_HYBRID_MIN = 12052, + WOLFSSL_P256_NTRU_HPS_LEVEL1 = 12052, + WOLFSSL_P384_NTRU_HPS_LEVEL3 = 12053, + WOLFSSL_P521_NTRU_HPS_LEVEL5 = 12054, + WOLFSSL_P384_NTRU_HRSS_LEVEL3 = 12055, + WOLFSSL_P256_SABER_LEVEL1 = 12056, + WOLFSSL_P384_SABER_LEVEL3 = 12057, + WOLFSSL_P521_SABER_LEVEL5 = 12058, + WOLFSSL_P256_KYBER_LEVEL1 = 12090, + WOLFSSL_P384_KYBER_LEVEL3 = 12092, + WOLFSSL_P521_KYBER_LEVEL5 = 12093, + WOLFSSL_P256_KYBER_90S_LEVEL1 = 12094, + WOLFSSL_P384_KYBER_90S_LEVEL3 = 12095, + WOLFSSL_P521_KYBER_90S_LEVEL5 = 12096, + WOLFSSL_OQS_HYBRID_MAX = 12096, + WOLFSSL_OQS_MAX = 12096, #endif };