Merge pull request #9732 from Frauschi/pqc_first

Enable and use ML-KEM by default
This commit is contained in:
David Garske
2026-03-19 12:38:36 -07:00
committed by GitHub
38 changed files with 1450 additions and 864 deletions
+4
View File
@@ -18,6 +18,10 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-asynccrypt --enable-all --enable-dtls13 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
'--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-asynccrypt --enable-all --enable-dtls13 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
'--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-asynccrypt --enable-all --enable-dtls13 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"',
'--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
+1
View File
@@ -73,6 +73,7 @@ jobs:
-DWOLFSSL_X963KDF:BOOL=yes -DWOLFSSL_DILITHIUM:BOOL=yes -DWOLFSSL_PKCS11:BOOL=yes \
-DWOLFSSL_ECCSI:BOOL=yes -DWOLFSSL_SAKKE:BOOL=yes -DWOLFSSL_SIPHASH:BOOL=yes \
-DWOLFSSL_WC_RSA_DIRECT:BOOL=yes -DWOLFSSL_PUBLIC_MP:BOOL=yes \
-DWOLFSSL_EXTRA_PQC_HYBRIDS:BOOL=yes -DWOLFSSL_TLS_NO_MLKEM_STANDALONE:BOOL=no \
..
cmake --build .
ctest -j $(nproc)
+6
View File
@@ -38,6 +38,12 @@ jobs:
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch --disable-mlkem',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch
--enable-tls-mlkem-standalone',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch
--enable-tls-mlkem-standalone --enable-experimental
--enable-extra-pqc-hybrids',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
+5 -1
View File
@@ -27,9 +27,13 @@ jobs:
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"',
'--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
'--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
]
name: make check
if: github.repository_owner == 'wolfssl'
+4 -4
View File
@@ -18,10 +18,10 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-psk C_EXTRA_FLAGS="-DWOLFSSL_STATIC_PSK -DWOLFSSL_OLDTLS_SHA2_CIPHERSUITES"',
'--enable-psk C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-rsa --disable-ecc --disable-dh',
'--disable-oldtls --disable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all',
'--disable-oldtls --disable-tlsv12 --enable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all'
'--enable-psk --disable-mlkem C_EXTRA_FLAGS="-DWOLFSSL_STATIC_PSK -DWOLFSSL_OLDTLS_SHA2_CIPHERSUITES"',
'--enable-psk --disable-mlkem C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-rsa --disable-ecc --disable-dh',
'--disable-oldtls --disable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all --disable-mlkem',
'--disable-oldtls --disable-tlsv12 --enable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all --disable-mlkem'
]
name: make check
if: github.repository_owner == 'wolfssl'
+32 -32
View File
@@ -41,36 +41,36 @@ jobs:
'--enable-all --enable-dilithium',
'--enable-all --enable-mlkem',
'--enable-cryptonly --disable-examples',
'--enable-cryptonly --disable-examples --disable-aes --disable-aesgcm',
'--enable-cryptonly --disable-examples --disable-aescbc',
'--enable-cryptonly --disable-examples --disable-aeseax',
'--enable-cryptonly --disable-examples --disable-aesecb',
'--enable-cryptonly --disable-examples --disable-aesccm',
'--enable-cryptonly --disable-examples --disable-aescfb',
'--enable-cryptonly --disable-examples --disable-aesctr',
'--enable-cryptonly --disable-examples --disable-aescts',
'--enable-cryptonly --disable-examples --disable-aesgcm',
'--enable-cryptonly --disable-examples --disable-aesgcm-stream',
'--enable-cryptonly --disable-examples --disable-aesofb',
'--enable-cryptonly --disable-examples --disable-aesxts',
'--enable-cryptonly --disable-examples --disable-cmac',
'--enable-cryptonly --disable-examples --disable-dh',
'--enable-cryptonly --disable-examples --disable-ecc',
'--enable-cryptonly --disable-examples --disable-ed25519',
'--enable-cryptonly --disable-examples --disable-ed25519-stream',
'--enable-cryptonly --disable-examples --disable-ed448',
'--enable-cryptonly --disable-examples --disable-ed448-stream',
'--enable-cryptonly --disable-examples --disable-hkdf',
'--enable-cryptonly --disable-examples --disable-hmac',
'--enable-cryptonly --disable-examples --disable-rng',
'--enable-cryptonly --disable-examples --disable-rsa',
'--enable-cryptonly --disable-examples --disable-rsapss',
'--enable-cryptonly --disable-examples --disable-sha224',
'--enable-cryptonly --disable-examples --disable-sha3',
'--enable-cryptonly --disable-examples --disable-sha384',
'--enable-cryptonly --disable-examples --disable-sha512',
'--enable-cryptonly --disable-examples --disable-shake128',
'--enable-cryptonly --disable-examples --disable-shake256',
'--enable-cryptonly --disable-examples --disable-srtp-kdf',
'--enable-cryptonly --disable-examples --disable-x963kdf',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aes --disable-aesgcm',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aescbc',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aeseax',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesecb',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesccm',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aescfb',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesctr',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aescts',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesgcm',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesgcm-stream',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesofb',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-aesxts',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-cmac',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-dh',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-ecc',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-ed25519',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-ed25519-stream',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-ed448',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-ed448-stream',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-hkdf',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-hmac',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-rng',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-rsa',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-rsapss',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-sha224',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-sha3',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-sha384',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-sha512',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-shake128',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-shake256',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-srtp-kdf',
'--enable-cryptonly --disable-examples --disable-mlkem --disable-x963kdf',
]
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 25
timeout-minutes: 45
steps:
- name: Install dependencies
run: |
+1
View File
@@ -174,6 +174,7 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
CONFIG_WOLFSSL_HKDF
CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
CONFIG_WOLFSSL_MLKEM
CONFIG_WOLFSSL_NO_ASN_STRICT
CONFIG_WOLFSSL_PSK
CONFIG_WOLFSSL_RSA_PSS
+41 -1
View File
@@ -610,7 +610,7 @@ add_option(WOLFSSL_OQS
# ML-KEM/Kyber
add_option(WOLFSSL_MLKEM
"Enable the wolfSSL PQ ML-KEM library (default: disabled)"
"no" "yes;no")
"yes" "yes;no")
if (WOLFSSL_MLKEM)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM")
@@ -626,6 +626,32 @@ if (WOLFSSL_MLKEM)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT)
endif()
# When MLKEM and DTLS 1.3 are both enabled, DTLS ClientHello fragmenting is
# required (PQC keys in ClientHello can exceed MTU), so enable it automatically.
if(WOLFSSL_MLKEM AND WOLFSSL_DTLS13 AND NOT WOLFSSL_DTLS_CH_FRAG)
message(STATUS "MLKEM and DTLS 1.3 are enabled; enabling DTLS ClientHello fragmenting")
override_cache(WOLFSSL_DTLS_CH_FRAG "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG")
endif()
# Disable ML-KEM as standalone TLS key exchange (non-hybrid); when enabled (default), standalone is disabled
add_option(WOLFSSL_TLS_NO_MLKEM_STANDALONE
"Disable ML-KEM as standalone TLS key exchange (non-hybrid) (default: enabled, i.e. standalone disabled)"
"yes" "yes;no")
if (WOLFSSL_TLS_NO_MLKEM_STANDALONE)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_TLS_NO_MLKEM_STANDALONE")
endif()
# PQ/T hybrid combinations
add_option(WOLFSSL_PQC_HYBRIDS
"Enable PQ/T hybrid combinations (default: enabled)"
"yes" "yes;no")
if (WOLFSSL_PQC_HYBRIDS)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PQC_HYBRIDS")
endif()
# Dilithium
add_option(WOLFSSL_DILITHIUM
"Enable the wolfSSL PQ Dilithium (ML-DSA) implementation (default: disabled)"
@@ -675,6 +701,10 @@ add_option(WOLFSSL_EXPERIMENTAL
"Enable experimental features (default: disabled)"
"no" "yes;no")
add_option(WOLFSSL_EXTRA_PQC_HYBRIDS
"Enable extra PQ/T hybrid combinations (default: disabled)"
"no" "yes;no")
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
if (WOLFSSL_EXPERIMENTAL)
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
@@ -710,6 +740,16 @@ if (WOLFSSL_EXPERIMENTAL)
message(STATUS "Looking for WOLFSSL_OQS - not found")
endif()
# Checking for experimental feature: extra PQ/T hybrid combinations
message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS")
if (WOLFSSL_EXTRA_PQC_HYBRIDS)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS - found")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_EXTRA_PQC_HYBRIDS")
else()
message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS - not found")
endif()
# Other experimental feature detection can be added here...
# Were any experimental features found? Display a message.
+2
View File
@@ -292,6 +292,8 @@
<ClCompile Include="..\..\wolfcrypt\src\logging.c" />
<ClCompile Include="..\..\wolfcrypt\src\md5.c" />
<ClCompile Include="..\..\wolfcrypt\src\memory.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_mlkem.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_mlkem_poly.c" />
<ClCompile Include="..\..\src\ocsp.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+6
View File
@@ -380,6 +380,8 @@ extern "C" {
#cmakedefine WOLFSSL_HAVE_MLKEM
#undef WOLFSSL_WC_MLKEM
#cmakedefine WOLFSSL_WC_MLKEM
#undef WOLFSSL_TLS_NO_MLKEM_STANDALONE
#cmakedefine WOLFSSL_TLS_NO_MLKEM_STANDALONE
#undef WOLFSSL_WC_DILITHIUM
#cmakedefine WOLFSSL_WC_DILITHIUM
#undef NO_WOLFSSL_STUB
@@ -414,6 +416,10 @@ extern "C" {
#cmakedefine WOLFSSL_HAVE_SLHDSA
#undef WOLFSSL_WC_SLHDSA
#cmakedefine WOLFSSL_WC_SLHDSA
#undef WOLFSSL_PQC_HYBRIDS
#cmakedefine WOLFSSL_PQC_HYBRIDS
#undef WOLFSSL_EXTRA_PQC_HYBRIDS
#cmakedefine WOLFSSL_EXTRA_PQC_HYBRIDS
#ifdef __cplusplus
}
+113 -3
View File
@@ -1711,9 +1711,9 @@ AC_ARG_WITH([liboqs],
# Used:
# - SHA3, Shake128 and Shake256
AC_ARG_ENABLE([mlkem],
[AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: disabled)])],
[AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])],
[ ENABLED_MLKEM=$enableval ],
[ ENABLED_MLKEM=no ]
[ ENABLED_MLKEM=yes ]
)
# note, inherits default from "mlkem" clause above.
AC_ARG_ENABLE([kyber],
@@ -1721,6 +1721,13 @@ AC_ARG_ENABLE([kyber],
[ ENABLED_MLKEM=$enableval ]
)
# FIPS traditionally does not support SHAKE 128 and SHAKE 256 (v6 does), so disable
# ML-KEM if FIPS is enabled and version is less than 6
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],[
AC_MSG_NOTICE([Disabling MLKEM because FIPS < 6 does not support required SHAKE])
ENABLED_MLKEM="no"
])
ENABLED_WC_MLKEM=no
ENABLED_ML_KEM=unset
ENABLED_MLKEM_MAKE_KEY=no
@@ -1847,8 +1854,61 @@ then
fi
fi
AC_ARG_ENABLE([tls-mlkem-standalone],
[AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])],
[ ENABLED_MLKEM_STANDALONE=$enableval ],
[ ENABLED_MLKEM_STANDALONE=no ]
)
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
fi
AC_ARG_ENABLE([pqc-hybrids],
[AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])],
[ ENABLED_PQC_HYBRIDS=$enableval ],
[ ENABLED_PQC_HYBRIDS=yes ]
)
if test "$ENABLED_PQC_HYBRIDS" = "yes"
then
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
then
ENABLED_PQC_HYBRIDS=no
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
ENABLED_PQC_HYBRIDS=no
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
fi
fi
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
then
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
then
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
fi
fi
# Extra PQ/T Hybrid combinations
AC_ARG_ENABLE([extra-pqc-hybrids],
[AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])],
[ ENABLED_EXTRA_PQC_HYBRIDS=$enableval ],
[ ENABLED_EXTRA_PQC_HYBRIDS=no ]
)
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
then
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
fi
# Dilithium
# - SHA3, Shake128, Shake256 and AES-CTR
# - SHA3, Shake128 and Shake256
AC_ARG_ENABLE([mldsa],
[AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])],
[ ENABLED_DILITHIUM=$enableval ],
@@ -4628,6 +4688,17 @@ then
AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM"
fi
# MLKEM requires SHA-3. Force-enable SHA-3 when MLKEM is enabled.
if test "$ENABLED_MLKEM" != "no"
then
if test "$ENABLED_SHA3" = "no"
then
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
ENABLED_SHA3=yes
enable_sha3=yes
fi
fi
# SHAKE128
AC_ARG_ENABLE([shake128],
[AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])],
@@ -4635,6 +4706,17 @@ AC_ARG_ENABLE([shake128],
[ ENABLED_SHAKE128=no ]
)
# MLKEM requires SHAKE128. Force-enable when MLKEM is enabled.
if test "$ENABLED_MLKEM" != "no"
then
if test "$ENABLED_SHAKE128" = "no"
then
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
ENABLED_SHAKE128=yes
enable_shake128=yes
fi
fi
# SHAKE256
AC_ARG_ENABLE([shake256],
[AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
@@ -4642,6 +4724,17 @@ AC_ARG_ENABLE([shake256],
[ ENABLED_SHAKE256=no ]
)
# MLKEM requires SHAKE256. Force-enable when MLKEM is enabled.
if test "$ENABLED_MLKEM" != "no"
then
if test "$ENABLED_SHAKE256" = "no"
then
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
ENABLED_SHAKE256=yes
enable_shake256=yes
fi
fi
# SHA512
AC_ARG_ENABLE([sha512],
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
@@ -5828,6 +5921,15 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
fi
# When MLKEM and DTLS 1.3 are both enabled, DTLS ClientHello fragmenting is
# required (PQC keys in ClientHello can exceed MTU), so enable it automatically.
if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS13" = "xyes" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes"
then
AC_MSG_NOTICE([MLKEM and DTLS 1.3 are enabled; enabling DTLS ClientHello fragmenting])
ENABLED_DTLS_CH_FRAG=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
fi
# CODING
AC_ARG_ENABLE([coding],
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
@@ -7964,6 +8066,11 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
ENABLED_SEND_HRR_COOKIE="yes"
fi
if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
ENABLED_DTLS_CH_FRAG="yes"
fi
if test "x$ENABLED_AES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
@@ -12073,6 +12180,9 @@ echo " * ERR Queues per Thread: $ENABLED_ERRORQUEUEPERTHREAD"
echo " * rwlock: $ENABLED_RWLOCK"
echo " * keylog export: $ENABLED_KEYLOG_EXPORT"
echo " * AutoSAR : $ENABLED_AUTOSAR"
echo " * ML-KEM standalone: $ENABLED_MLKEM_STANDALONE"
echo " * PQ/T hybrids: $ENABLED_PQC_HYBRIDS"
echo " * Extra PQ/T hybrids: $ENABLED_EXTRA_PQC_HYBRIDS"
echo ""
echo "---"
+9 -3
View File
@@ -296,17 +296,23 @@ static struct group_info groups[] = {
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
#ifdef HAVE_PQC
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
{ WOLFSSL_ML_KEM_512, "ML_KEM_512" },
{ WOLFSSL_ML_KEM_768, "ML_KEM_768" },
{ WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
#endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#ifdef WOLFSSL_PQC_HYBRIDS
{ WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" },
{ WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" },
{ WOLFSSL_X25519MLKEM768, "X25519MLKEM768" },
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
{ WOLFSSL_SECP256R1MLKEM512, "SecP256r1MLKEM512" },
{ WOLFSSL_SECP384R1MLKEM768, "SecP384r1MLKEM768" },
{ WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" },
{ WOLFSSL_SECP521R1MLKEM1024, "SecP521r1MLKEM1024" },
{ WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" },
{ WOLFSSL_X25519MLKEM512, "X25519MLKEM512" },
{ WOLFSSL_X448MLKEM768, "X448MLKEM768" },
{ WOLFSSL_X25519MLKEM768, "X25519MLKEM768" },
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif
#ifdef WOLFSSL_MLKEM_KYBER
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
+37 -15
View File
@@ -426,61 +426,78 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
int group = 0;
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_NO_ML_KEM_512
#if !defined(WOLFSSL_NO_ML_KEM_512) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
group = WOLFSSL_ML_KEM_512;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_768
#if !defined(WOLFSSL_NO_ML_KEM_768) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
group = WOLFSSL_ML_KEM_768;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_1024
#if !defined(WOLFSSL_NO_ML_KEM_1024) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
group = WOLFSSL_ML_KEM_1024;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_512
#if !defined(WOLFSSL_NO_ML_KEM_512) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) {
group = WOLFSSL_SECP256R1MLKEM512;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_768
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) {
group = WOLFSSL_SECP384R1MLKEM768;
}
else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
else
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#ifdef WOLFSSL_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
group = WOLFSSL_SECP256R1MLKEM768;
}
else
#endif /* WOLFSSL_PQC_HYBRIDS */
#endif
#ifndef WOLFSSL_NO_ML_KEM_1024
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) {
group = WOLFSSL_SECP521R1MLKEM1024;
}
else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
else
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#ifdef WOLFSSL_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
group = WOLFSSL_SECP384R1MLKEM1024;
}
else
#endif /* WOLFSSL_PQC_HYBRIDS */
#endif
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) {
group = WOLFSSL_X25519MLKEM512;
}
else
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \
defined(WOLFSSL_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) {
group = WOLFSSL_X25519MLKEM768;
}
else
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) {
group = WOLFSSL_X448MLKEM768;
}
@@ -551,12 +568,17 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
}
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
if (wolfSSL_UseKeyShare(ssl, group) == WOLFSSL_SUCCESS) {
groups[count++] = group;
}
else {
err_sys("unable to use post-quantum KEM");
}
do {
ret = wolfSSL_UseKeyShare(ssl, group);
if (ret == WOLFSSL_SUCCESS)
groups[count++] = group;
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else
err_sys("unable to use post-quantum KEM");
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
#ifdef WOLFSSL_DTLS13
if (wolfSSL_dtls(ssl)) {
+41 -17
View File
@@ -717,61 +717,78 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
#ifdef HAVE_PQC
groups[count] = 0;
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_NO_ML_KEM_512
#if !defined(WOLFSSL_NO_ML_KEM_512) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
groups[count] = WOLFSSL_ML_KEM_512;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_768
#if !defined(WOLFSSL_NO_ML_KEM_768) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
groups[count] = WOLFSSL_ML_KEM_768;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_1024
#if !defined(WOLFSSL_NO_ML_KEM_1024) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
groups[count] = WOLFSSL_ML_KEM_1024;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_512
#if !defined(WOLFSSL_NO_ML_KEM_512) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) {
groups[count] = WOLFSSL_SECP256R1MLKEM512;
}
else
#endif
#ifndef WOLFSSL_NO_ML_KEM_768
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) {
groups[count] = WOLFSSL_SECP384R1MLKEM768;
}
else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
else
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#ifdef WOLFSSL_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
groups[count] = WOLFSSL_SECP256R1MLKEM768;
}
else
#endif /* WOLFSSL_PQC_HYBRIDS */
#endif
#ifndef WOLFSSL_NO_ML_KEM_1024
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) {
groups[count] = WOLFSSL_SECP521R1MLKEM1024;
}
else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
else
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#ifdef WOLFSSL_PQC_HYBRIDS
if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
groups[count] = WOLFSSL_SECP384R1MLKEM1024;
}
else
#endif /* WOLFSSL_PQC_HYBRIDS */
#endif
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) {
groups[count] = WOLFSSL_X25519MLKEM512;
}
else
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \
defined(WOLFSSL_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) {
groups[count] = WOLFSSL_X25519MLKEM768;
}
else
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \
defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) {
groups[count] = WOLFSSL_X448MLKEM768;
}
@@ -845,14 +862,21 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
err_sys("invalid post-quantum KEM specified");
}
else {
if (wolfSSL_UseKeyShare(ssl, groups[count]) == WOLFSSL_SUCCESS) {
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
count++;
}
else {
groups[count] = 0;
err_sys("unable to use post-quantum algorithm");
}
do {
ret = wolfSSL_UseKeyShare(ssl, groups[count]);
if (ret == WOLFSSL_SUCCESS) {
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
count++;
}
#ifdef WOLFSSL_ASYNC_CRYPT
else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
#endif
else {
groups[count] = 0;
err_sys("unable to use post-quantum algorithm");
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
}
#endif
}
+13 -2
View File
@@ -35180,21 +35180,28 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Returns 1 when the given group is a PQC hybrid group, 0 otherwise. */
int NamedGroupIsPqcHybrid(int group)
{
#if defined(WOLFSSL_PQC_HYBRIDS) || defined(WOLFSSL_EXTRA_PQC_HYBRIDS) || \
defined(WOLFSSL_MLKEM_KYBER)
switch (group) {
#ifndef WOLFSSL_NO_ML_KEM
#ifdef WOLFSSL_PQC_HYBRIDS
case WOLFSSL_SECP256R1MLKEM768:
case WOLFSSL_X25519MLKEM768:
case WOLFSSL_SECP384R1MLKEM1024:
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
case WOLFSSL_SECP256R1MLKEM512:
case WOLFSSL_SECP384R1MLKEM768:
case WOLFSSL_SECP521R1MLKEM1024:
case WOLFSSL_X25519MLKEM512:
case WOLFSSL_X448MLKEM768:
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P256_ML_KEM_512_OLD:
case WOLFSSL_P384_ML_KEM_768_OLD:
case WOLFSSL_P521_ML_KEM_1024_OLD:
#endif
#endif
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif
#ifdef WOLFSSL_MLKEM_KYBER
case WOLFSSL_P256_KYBER_LEVEL3:
@@ -35209,6 +35216,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
default:
return 0;
}
#else
(void)group;
return 0;
#endif
}
#endif /* WOLFSSL_HAVE_MLKEM */
+50 -30
View File
@@ -2967,18 +2967,24 @@ static int isValidCurveGroup(word16 name)
#ifdef WOLFSSL_HAVE_MLKEM
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
case WOLFSSL_ML_KEM_512:
case WOLFSSL_ML_KEM_768:
case WOLFSSL_ML_KEM_1024:
#endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)
#ifdef WOLFSSL_PQC_HYBRIDS
case WOLFSSL_SECP384R1MLKEM1024:
case WOLFSSL_X25519MLKEM768:
case WOLFSSL_SECP256R1MLKEM768:
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
case WOLFSSL_SECP256R1MLKEM512:
case WOLFSSL_SECP384R1MLKEM768:
case WOLFSSL_SECP521R1MLKEM1024:
case WOLFSSL_SECP384R1MLKEM1024:
case WOLFSSL_X25519MLKEM512:
case WOLFSSL_X448MLKEM768:
case WOLFSSL_X25519MLKEM768:
case WOLFSSL_SECP256R1MLKEM768:
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif
#endif /* !WOLFSSL_NO_ML_KEM */
#ifdef WOLFSSL_MLKEM_KYBER
@@ -10610,49 +10616,59 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
#ifndef WOLFSSL_NO_ML_KEM_512
case WOLFSSL_ML_KEM_512:
return "ML_KEM_512";
case WOLFSSL_SECP256R1MLKEM512:
return "SecP256r1MLKEM512";
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P256_ML_KEM_512_OLD:
return "P256_ML_KEM_512_OLD";
#endif
#endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */
case WOLFSSL_SECP256R1MLKEM512:
return "SecP256r1MLKEM512";
#ifdef HAVE_CURVE25519
case WOLFSSL_X25519MLKEM512:
return "X25519MLKEM512";
#endif
#endif
#endif /* HAVE_CURVE25519 */
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif /* WOLFSSL_NO_ML_KEM_512 */
#ifndef WOLFSSL_NO_ML_KEM_768
case WOLFSSL_ML_KEM_768:
return "ML_KEM_768";
case WOLFSSL_SECP384R1MLKEM768:
return "SecP384r1MLKEM768";
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P384_ML_KEM_768_OLD:
return "P384_ML_KEM_768_OLD";
#endif
#ifdef WOLFSSL_PQC_HYBRIDS
case WOLFSSL_SECP256R1MLKEM768:
return "SecP256r1MLKEM768";
#ifdef HAVE_CURVE25519
case WOLFSSL_X25519MLKEM768:
return "X25519MLKEM768";
#endif
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P384_ML_KEM_768_OLD:
return "P384_ML_KEM_768_OLD";
#endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */
case WOLFSSL_SECP384R1MLKEM768:
return "SecP384r1MLKEM768";
#ifdef HAVE_CURVE448
case WOLFSSL_X448MLKEM768:
return "X448MLKEM768";
#endif
#endif
#endif /* HAVE_CURVE448 */
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif /* WOLFSSL_NO_ML_KEM_768 */
#ifndef WOLFSSL_NO_ML_KEM_1024
case WOLFSSL_ML_KEM_1024:
return "ML_KEM_1024";
case WOLFSSL_SECP521R1MLKEM1024:
return "SecP521r1MLKEM1024";
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P521_ML_KEM_1024_OLD:
return "P521_ML_KEM_1024_OLD";
#endif
#ifdef WOLFSSL_PQC_HYBRIDS
case WOLFSSL_SECP384R1MLKEM1024:
return "SecP384r1MLKEM1024";
#endif
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
case WOLFSSL_P521_ML_KEM_1024_OLD:
return "P521_ML_KEM_1024_OLD";
#endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */
case WOLFSSL_SECP521R1MLKEM1024:
return "SecP521r1MLKEM1024";
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif /* WOLFSSL_NO_ML_KEM_1024 */
#elif defined(HAVE_LIBOQS)
case WOLFSSL_ML_KEM_512:
return "ML_KEM_512";
@@ -16847,22 +16863,26 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
{CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768},
{CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024},
#if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
#ifdef WOLFSSL_PQC_HYBRIDS
{CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768,
WOLFSSL_SECP256R1MLKEM768},
{CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024,
WOLFSSL_SECP384R1MLKEM1024},
{CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768,
WOLFSSL_X25519MLKEM768},
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
{CURVE_NAME("SecP256r1MLKEM512"), WOLFSSL_SECP256R1MLKEM512,
WOLFSSL_SECP256R1MLKEM512},
{CURVE_NAME("SecP384r1MLKEM768"), WOLFSSL_SECP384R1MLKEM768,
WOLFSSL_SECP384R1MLKEM768},
{CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768,
WOLFSSL_SECP256R1MLKEM768},
{CURVE_NAME("SecP521r1MLKEM1024"), WOLFSSL_SECP521R1MLKEM1024,
WOLFSSL_SECP521R1MLKEM1024},
{CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024,
WOLFSSL_SECP384R1MLKEM1024},
{CURVE_NAME("X25519MLKEM512"), WOLFSSL_X25519MLKEM512,
WOLFSSL_X25519MLKEM512},
{CURVE_NAME("X448MLKEM768"), WOLFSSL_X448MLKEM768,
WOLFSSL_X448MLKEM768},
{CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768,
WOLFSSL_X25519MLKEM768},
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif
#endif /* !WOLFSSL_NO_ML_KEM */
#ifdef WOLFSSL_MLKEM_KYBER
+579 -465
View File
File diff suppressed because it is too large Load Diff
+16 -1
View File
@@ -7366,7 +7366,16 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data;
if (serverKSE != NULL &&
serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = TLSX_KeyShare_GenKey(ssl, serverKSE);
#if defined(WOLFSSL_HAVE_MLKEM)
if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(serverKSE->group)) {
ret = TLSX_KeyShare_HandlePqcHybridKeyServer(ssl, serverKSE,
serverKSE->ke, serverKSE->keLen);
}
else
#endif
{
ret = TLSX_KeyShare_GenKey(ssl, serverKSE);
}
if (ret != 0)
goto exit_dch;
}
@@ -14034,6 +14043,12 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
(void)ret;
(void)group;
#else
/* Check if the group is supported. */
if (!TLSX_IsGroupSupported(group)) {
WOLFSSL_MSG("Group not supported.");
return BAD_FUNC_ARG;
}
ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL, &ssl->extensions);
if (ret != 0)
return ret;
+26 -1
View File
@@ -30439,6 +30439,10 @@ static int test_dtls13_bad_epoch_ch(void)
WOLFSSL *ssl_s = NULL;
struct test_memio_ctx test_ctx;
const int EPOCH_OFF = 3;
int groups[] = {
WOLFSSL_ECC_SECP256R1,
WOLFSSL_ECC_SECP384R1,
};
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
@@ -30448,6 +30452,9 @@ static int test_dtls13_bad_epoch_ch(void)
* with just one message */
ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
/* Set client groups to traditional only to avoid CH fragmentation */
ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS);
ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
WOLFSSL_ERROR_WANT_READ);
@@ -31062,6 +31069,10 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x06, 0x00,
0x04, 0x00, 0x03, 0x30, 0x00, 0x13, 0x94, 0x00, 0x06, 0x00, 0x04, 0x02
};
int groups[2] = {
WOLFSSL_ECC_SECP256R1,
WOLFSSL_ECC_SECP521R1,
};
int i = 0;
for (i = 0; i < 2; i++) {
@@ -31084,6 +31095,9 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
break;
}
/* Ensure the correct groups are used for the test */
ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(EXT_MISSING));
@@ -32037,7 +32051,7 @@ static int test_dtls13_frag_ch_pq(void)
int group = WOLFSSL_KYBER_LEVEL1;
const char *group_name = "KYBER_LEVEL1";
#endif
#else
#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
#if !defined(WOLFSSL_NO_ML_KEM_1024)
int group = WOLFSSL_ML_KEM_1024;
const char *group_name = "ML_KEM_1024";
@@ -32048,6 +32062,17 @@ static int test_dtls13_frag_ch_pq(void)
int group = WOLFSSL_ML_KEM_512;
const char *group_name = "ML_KEM_512";
#endif
#elif defined(WOLFSSL_PQC_HYBRIDS)
#if defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)
int group = WOLFSSL_X25519MLKEM768;
const char *group_name = "X25519MLKEM768";
#elif !defined(WOLFSSL_NO_ML_KEM_768)
int group = WOLFSSL_SECP256R1MLKEM768;
const char *group_name = "SecP256r1MLKEM768";
#else
int group = WOLFSSL_SECP384R1MLKEM1024;
const char *group_name = "SecP384r1MLKEM1024";
#endif
#endif
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+43 -1
View File
@@ -1614,6 +1614,43 @@ int test_dtls_rtx_across_epoch_change(void)
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;
#if defined(WOLFSSL_HAVE_MLKEM)
/* When ML-KEM is used in the key share, the hello messages are fragmented
*into two messages */
int helloMsgCount = 2;
int groups[2] = {
#if defined(HAVE_CURVE25519) && defined(WOLFSSL_PQC_HYBRIDS) && \
!defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768)
WOLFSSL_X25519MLKEM768,
#elif defined(HAVE_ECC) && defined(WOLFSSL_PQC_HYBRIDS) && \
!defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768)
WOLFSSL_SECP256R1MLKEM768,
#elif defined(HAVE_ECC) && defined(WOLFSSL_PQC_HYBRIDS) && \
!defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_1024)
WOLFSSL_SECP384R1MLKEM1024,
#elif !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
WOLFSSL_ML_KEM_1024,
#elif !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
WOLFSSL_ML_KEM_768,
#elif !defined(WOLFSSL_NO_ML_KEM_512) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
WOLFSSL_ML_KEM_512,
#elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER1024)
WOLFSSL_KYBER_LEVEL5,
#elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER768)
WOLFSSL_KYBER_LEVEL3,
#elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER512)
WOLFSSL_KYBER_LEVEL1,
#endif
WOLFSSL_ECC_SECP256R1,
};
#else
/* When ECC is used in the key share, the hello messages are not
* fragmented */
int helloMsgCount = 1;
#endif
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
@@ -1622,6 +1659,11 @@ int test_dtls_rtx_across_epoch_change(void)
wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method),
0);
#if defined(WOLFSSL_HAVE_MLKEM)
ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_set_groups(ssl_s, groups, 2), WOLFSSL_SUCCESS);
#endif
/* CH0 */
wolfSSL_SetLoggingPrefix("client:");
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
@@ -1646,7 +1688,7 @@ int test_dtls_rtx_across_epoch_change(void)
ExpectIntGE(test_ctx.c_msg_count, 2);
/* drop everything but the SH */
while (test_ctx.c_msg_count > 1 && EXPECT_SUCCESS()) {
while (test_ctx.c_msg_count > helloMsgCount && EXPECT_SUCCESS()) {
ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, test_ctx.c_msg_count - 1), 0);
}
+98 -38
View File
@@ -102,7 +102,7 @@ int test_tls13_apis(void)
#else
WOLFSSL_KYBER_LEVEL5
#endif
#else
#elif !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
#ifndef WOLFSSL_NO_ML_KEM_512
WOLFSSL_ML_KEM_512
#elif !defined(WOLFSSL_NO_ML_KEM_768)
@@ -110,6 +110,12 @@ int test_tls13_apis(void)
#else
WOLFSSL_ML_KEM_1024
#endif
#else
#ifndef WOLFSSL_NO_ML_KEM_768
WOLFSSL_SECP256R1MLKEM768
#else
WOLFSSL_ECC_SECP256R1
#endif
#endif
#else
WOLFSSL_ECC_SECP256R1
@@ -153,12 +159,18 @@ int test_tls13_apis(void)
":P256_KYBER_LEVEL5"
#endif
#else
#ifndef WOLFSSL_NO_ML_KEM_512
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(WOLFSSL_EXTRA_PQC_HYBRIDS)
":SecP256r1MLKEM512"
#elif !defined(WOLFSSL_NO_ML_KEM_768)
":SecP384r1MLKEM768"
#elif !defined(WOLFSSL_NO_ML_KEM_1024)
":SecP521r1MLKEM1024"
#elif !defined(WOLFSSL_NO_ML_KEM_768) && defined(WOLFSSL_PQC_HYBRIDS)
":SecP256r1MLKEM768"
#elif !defined(WOLFSSL_NO_ML_KEM_1024) && defined(WOLFSSL_PQC_HYBRIDS)
":SecP384r1MLKEM1024"
#elif !defined(WOLFSSL_NO_ML_KEM_1024) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
":ML_KEM_1024"
#elif !defined(WOLFSSL_NO_ML_KEM_768) && \
!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
":ML_KEM_768"
#endif
#endif
#endif
@@ -176,8 +188,8 @@ int test_tls13_apis(void)
#elif !defined(WOLFSSL_NO_KYBER1024)
":KYBER_LEVEL5"
#endif
#else
#ifndef WOLFSSL_NO_ML_KEM_512
#elif !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
#if !defined(WOLFSSL_NO_ML_KEM_512)
":ML_KEM_512"
#elif !defined(WOLFSSL_NO_ML_KEM_768)
":ML_KEM_768"
@@ -191,7 +203,11 @@ int test_tls13_apis(void)
#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
defined(HAVE_SUPPORTED_CURVES) && \
(!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \
(defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \
(defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768)))
int mlkemLevel;
#endif
@@ -354,8 +370,12 @@ int test_tls13_apis(void)
#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
(!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \
(defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \
(defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768)))
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
#ifndef WOLFSSL_NO_ML_KEM_768
mlkemLevel = WOLFSSL_ML_KEM_768;
#elif !defined(WOLFSSL_NO_ML_KEM_1024)
@@ -364,6 +384,13 @@ int test_tls13_apis(void)
mlkemLevel = WOLFSSL_ML_KEM_512;
#endif
#else
#if defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)
mlkemLevel = WOLFSSL_X25519MLKEM768;
#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768)
mlkemLevel = WOLFSSL_SECP256R1MLKEM768;
#endif
#endif
#else
#ifndef WOLFSSL_NO_KYBER768
mlkemLevel = WOLFSSL_KYBER_LEVEL3;
#elif !defined(WOLFSSL_NO_KYBER1024)
@@ -1933,27 +1960,34 @@ int test_tls13_rpk_handshake(void)
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
(!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \
(defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \
(defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768)))
static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
{
#ifndef WOLFSSL_NO_ML_KEM_1024
#ifdef WOLFSSL_MLKEM_KYBER
#if !defined(WOLFSSL_NO_KYBER1024)
int group = WOLFSSL_KYBER_LEVEL5;
#else
int group = WOLFSSL_ML_KEM_1024;
#endif /* WOLFSSL_MLKEM_KYBER */
#elif !defined(WOLFSSL_NO_ML_KEM_768)
#ifdef WOLFSSL_MLKEM_KYBER
#elif !defined(WOLFSSL_NO_KYBER768)
int group = WOLFSSL_KYBER_LEVEL3;
#else
int group = WOLFSSL_ML_KEM_768;
#endif /* WOLFSSL_MLKEM_KYBER */
#else
#ifdef WOLFSSL_MLKEM_KYBER
#else
int group = WOLFSSL_KYBER_LEVEL1;
#else
#endif
#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
#if !defined(WOLFSSL_NO_ML_KEM_1024)
int group = WOLFSSL_ML_KEM_1024;
#elif !defined(WOLFSSL_NO_ML_KEM_768)
int group = WOLFSSL_ML_KEM_768;
#else
int group = WOLFSSL_ML_KEM_512;
#endif /* WOLFSSL_MLKEM_KYBER */
#endif
#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768) && \
defined(WOLFSSL_PQC_HYBRIDS)
int group = WOLFSSL_SECP256R1MLKEM768;
#elif defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) && \
defined(WOLFSSL_PQC_HYBRIDS)
int group = WOLFSSL_X25519MLKEM768;
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
@@ -1961,24 +1995,28 @@ static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
{
#ifndef WOLFSSL_NO_ML_KEM_1024
#ifdef WOLFSSL_MLKEM_KYBER
#if !defined(WOLFSSL_NO_KYBER1024)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
#else
AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
#endif /* WOLFSSL_MLKEM_KYBER */
#elif !defined(WOLFSSL_NO_ML_KEM_768)
#ifdef WOLFSSL_MLKEM_KYBER
#elif !defined(WOLFSSL_NO_KYBER768)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL3");
#else
AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768");
#endif /* WOLFSSL_MLKEM_KYBER */
#else
#ifdef WOLFSSL_MLKEM_KYBER
#else
AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL1");
#else
#endif
#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE)
#if !defined(WOLFSSL_NO_ML_KEM_1024)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
#elif !defined(WOLFSSL_NO_ML_KEM_768)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768");
#else
AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_512");
#endif /* WOLFSSL_MLKEM_KYBER */
#endif
#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768) && \
defined(WOLFSSL_PQC_HYBRIDS)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "SecP256r1MLKEM768");
#elif defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) && \
defined(WOLFSSL_PQC_HYBRIDS)
AssertStrEQ(wolfSSL_get_curve_name(ssl), "X25519MLKEM768");
#endif
}
#endif
@@ -1989,7 +2027,10 @@ int test_tls13_pq_groups(void)
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
(!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \
(defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \
(defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768)))
callback_functions func_cb_client;
callback_functions func_cb_server;
@@ -2174,6 +2215,25 @@ int test_tls13_early_data(void)
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, params[i].client_meth, params[i].server_meth), 0);
if (params[i].isUdp) {
/* Early data is incompatible with HRR usage. Hence, we have to make
* sure a group is negotiated that does not cause a fragemented CH.
*/
int group[1] = {
#ifdef HAVE_ECC
WOLFSSL_ECC_SECP256R1,
#elif defined(HAVE_CURVE25519)
WOLFSSL_ECC_X25519,
#elif defined(HAVE_CURVE448)
WOLFSSL_ECC_X448,
#elif defined(HAVE_FFDHE_2048)
WOLFSSL_FFDHE_2048,
#endif
};
ExpectIntEQ(wolfSSL_set_groups(ssl_c, group, 1), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_set_groups(ssl_s, group, 1), WOLFSSL_SUCCESS);
}
/* Get a ticket so that we can do 0-RTT on the next connection */
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* Make sure we read the ticket */
+6 -4
View File
@@ -33,12 +33,14 @@ EXTRA_DIST += tests/unit.h \
tests/test-tls13-down.conf \
tests/test-tls13-ecc.conf \
tests/test-tls13-psk.conf \
tests/test-tls13-pq.conf \
tests/test-tls13-pq-standalone.conf \
tests/test-tls13-pq-hybrid.conf \
tests/test-dtls13-pq.conf \
tests/test-dtls13-pq-frag.conf \
tests/test-dtls13-pq-hybrid.conf \
tests/test-tls13-pq-hybrid-extra.conf \
tests/test-dtls13-pq-standalone.conf \
tests/test-dtls13-pq-standalone-frag.conf \
tests/test-dtls13-pq-hybrid-frag.conf \
tests/test-dtls13-pq-hybrid-extra.conf \
tests/test-dtls13-pq-hybrid-extra-frag.conf \
tests/test-psk.conf \
tests/test-psk-no-id.conf \
tests/test-psk-no-id-sha2.conf \
+71 -27
View File
@@ -196,6 +196,7 @@ static int IsKyberLevelAvailable(const char* line)
if (begin != NULL && len > 0) {
#ifndef WOLFSSL_NO_ML_KEM
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
#ifndef WOLFSSL_NO_ML_KEM_512
if (MATCH_PQC(begin, "ML_KEM_512", len)) {
available = 1;
@@ -211,7 +212,25 @@ static int IsKyberLevelAvailable(const char* line)
available = 1;
}
#endif
#endif /* WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#ifdef WOLFSSL_PQC_HYBRIDS
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC)
if (MATCH_PQC(begin, "SecP256r1MLKEM768", len)) {
available = 1;
}
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
if (MATCH_PQC(begin, "X25519MLKEM768", len)) {
available = 1;
}
#endif
#if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC)
if (MATCH_PQC(begin, "SecP384r1MLKEM1024", len)) {
available = 1;
}
#endif
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_ECC)
if (MATCH_PQC(begin, "SecP256r1MLKEM512", len)) {
available = 1;
@@ -222,11 +241,13 @@ static int IsKyberLevelAvailable(const char* line)
}
#endif
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC)
if (MATCH_PQC(begin, "SecP384r1MLKEM768", len)) {
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
if (MATCH_PQC(begin, "X25519MLKEM512", len)) {
available = 1;
}
if (MATCH_PQC(begin, "SecP256r1MLKEM768", len)) {
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC)
if (MATCH_PQC(begin, "SecP384r1MLKEM768", len)) {
available = 1;
}
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
@@ -235,8 +256,8 @@ static int IsKyberLevelAvailable(const char* line)
}
#endif
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
if (MATCH_PQC(begin, "X25519MLKEM768", len)) {
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
if (MATCH_PQC(begin, "X448MLKEM768", len)) {
available = 1;
}
#endif
@@ -244,26 +265,15 @@ static int IsKyberLevelAvailable(const char* line)
if (MATCH_PQC(begin, "SecP521r1MLKEM1024", len)) {
available = 1;
}
if (MATCH_PQC(begin, "SecP384r1MLKEM1024", len)) {
available = 1;
}
#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
if (MATCH_PQC(begin, "P521_ML_KEM_1024_OLD", len)) {
available = 1;
}
#endif
#endif
#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
if (MATCH_PQC(begin, "X25519MLKEM512", len)) {
available = 1;
}
#endif
#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
if (MATCH_PQC(begin, "X448MLKEM768", len)) {
available = 1;
}
#endif
#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
#endif /* !WOLFSSL_NO_ML_KEM */
#ifdef WOLFSSL_MLKEM_KYBER
#ifndef WOLFSSL_NO_KYBER512
if (MATCH_PQC(begin, "KYBER_LEVEL1", len)) {
@@ -1118,8 +1128,9 @@ int SuiteTest(int argc, char** argv)
}
#endif
#ifdef HAVE_PQC
/* add TLSv13 pq tests */
XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
/* add TLSv13 pq standalone tests */
XSTRLCPY(argv0[1], "tests/test-tls13-pq-standalone.conf", sizeof(argv0[1]));
printf("starting TLSv13 post-quantum groups tests\n");
test_harness(&args);
if (args.return_code != 0) {
@@ -1127,6 +1138,8 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#ifdef WOLFSSL_PQC_HYBRIDS
/* add TLSv13 pq hybrid tests */
XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid.conf", sizeof(argv0[1]));
printf("starting TLSv13 post-quantum groups tests\n");
@@ -1136,10 +1149,23 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
/* add TLSv13 pq extra hybrid tests */
XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid-extra.conf", sizeof(argv0[1]));
printf("starting TLSv13 post-quantum groups tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
/* add DTLSv13 pq tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
/* add DTLSv13 pq standalone tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-standalone.conf", sizeof(argv0[1]));
printf("starting DTLSv13 post-quantum groups tests\n");
test_harness(&args);
if (args.return_code != 0) {
@@ -1147,8 +1173,10 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
/* add DTLSv13 pq hybrid tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid.conf", sizeof(argv0[1]));
#endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
/* add DTLSv13 pq extra hybrid tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-extra.conf", sizeof(argv0[1]));
printf("starting DTLSv13 post-quantum 2 groups tests\n");
test_harness(&args);
if (args.return_code != 0) {
@@ -1156,9 +1184,11 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_DTLS_CH_FRAG
/* add DTLSv13 pq frag tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1]));
#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE
/* add DTLSv13 pq standalone frag tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-standalone-frag.conf", sizeof(argv0[1]));
printf("starting DTLSv13 post-quantum groups tests with fragmentation\n");
test_harness(&args);
if (args.return_code != 0) {
@@ -1166,6 +1196,8 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */
#ifdef WOLFSSL_PQC_HYBRIDS
/* add DTLSv13 pq hybrid frag tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-frag.conf", sizeof(argv0[1]));
printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
@@ -1175,6 +1207,18 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif /* WOLFSSL_PQC_HYBRIDS */
#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
/* add DTLSv13 pq extra hybrid frag tests */
XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-extra-frag.conf", sizeof(argv0[1]));
printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#endif
#endif
@@ -0,0 +1,95 @@
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
-96
View File
@@ -1,15 +1,3 @@
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
@@ -22,18 +10,6 @@
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
@@ -57,75 +33,3 @@
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# server DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
# client DTLSv1.3 with post-quantum hybrid group
-u
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
+119
View File
@@ -0,0 +1,119 @@
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM512
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM512
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM512
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM512
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL1
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL1
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL1
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL1
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
-120
View File
@@ -1,23 +1,3 @@
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM512
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM512
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
@@ -28,16 +8,6 @@
-l TLS13-AES256-GCM-SHA384
--pqc SecP256r1MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc SecP521r1MLKEM1024
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
@@ -48,16 +18,6 @@
-l TLS13-AES256-GCM-SHA384
--pqc SecP384r1MLKEM1024
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM512
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM512
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
@@ -67,83 +27,3 @@
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448MLKEM768
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL1
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL1
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P384_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P256_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc P521_KYBER_LEVEL5
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL1
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL1
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X25519_KYBER_LEVEL3
# server TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
# client TLSv1.3 with post-quantum hybrid group
-v 4
-l TLS13-AES256-GCM-SHA384
--pqc X448_KYBER_LEVEL3
+3
View File
@@ -3425,6 +3425,7 @@ WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
void* heap);
WOLFSSL_LOCAL int TLSX_IsGroupSupported(int namedGroup);
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first,
@@ -3675,6 +3676,8 @@ WOLFSSL_LOCAL int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input,
word16 length, byte msgType);
WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
const byte* input, word16 length, TLSX** extensions);
WOLFSSL_LOCAL int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry, byte* data, word16 len);
#ifdef WOLFSSL_DUAL_ALG_CERTS
WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input,
word16 length, TLSX** extensions);
+7
View File
@@ -4558,6 +4558,13 @@ extern void uITRON4_free(void *p) ;
#error "WOLFSSL_DTLS_CH_FRAG only works with DTLS 1.3"
#endif
#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_MLKEM) && \
!defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_PQC_HYBRIDS) && \
defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) && !defined(WOLFCRYPT_ONLY)
#error "Neither PQ/T hybrid combinations nor ML-KEM as standalone TLS key " \
"exchange are enabled"
#endif
/* SRTP requires DTLS */
#if defined(WOLFSSL_SRTP) && !defined(WOLFSSL_DTLS)
#error The SRTP extension requires DTLS
+5
View File
@@ -85,6 +85,11 @@ config WOLFSSL_PSK
help
Enable PSK support
config WOLFSSL_MLKEM
bool "wolfSSL PQC ML-KEM support"
help
Enable PQC ML-KEM support for Key Exchange
config WOLFSSL_MAX_FRAGMENT_LEN
int
default 3
+1
View File
@@ -45,3 +45,4 @@ CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
CONFIG_WOLFSSL_MLKEM=y
@@ -35,3 +35,4 @@ CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
CONFIG_WOLFSSL_MLKEM=y
+14 -2
View File
@@ -333,9 +333,21 @@ extern "C" {
#define NO_MD4
#define NO_MD5
//#define NO_DES3 /* Necessary for pkcs12 tests */
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256
/* PQC ML-KEM */
#if defined(CONFIG_WOLFSSL_MLKEM)
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_MLKEM_NO_LARGE_CODE
#define WOLFSSL_MLKEM_SMALL
#define WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
#define WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
#else
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256
#endif
/* ------------------------------------------------------------------------- */