mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-01 03:34:39 +02:00
Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same time. Modified TLS layer to support both Kyber and ML-KEM. Added new identifiers in TLS layer for ML-KEM.
This commit is contained in:
@@ -288,12 +288,22 @@ static struct group_info groups[] = {
|
||||
{ WOLFSSL_FFDHE_6144, "FFDHE_6144" },
|
||||
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
|
||||
#ifdef HAVE_PQC
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
{ WOLFSSL_ML_KEM_512, "ML_KEM_512" },
|
||||
{ WOLFSSL_ML_KEM_768, "ML_KEM_768" },
|
||||
{ WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
|
||||
{ WOLFSSL_P256_ML_KEM_512, "P256_ML_KEM_512" },
|
||||
{ WOLFSSL_P384_ML_KEM_768, "P384_ML_KEM_768" },
|
||||
{ WOLFSSL_P521_ML_KEM_1024, "P521_ML_KEM_1024" },
|
||||
#endif
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
{ WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
|
||||
{ WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
|
||||
{ WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
|
||||
{ WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
|
||||
{ WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
|
||||
{ WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
|
||||
#endif
|
||||
#endif
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
@@ -398,6 +398,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
if (usePqc) {
|
||||
int group = 0;
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
|
||||
group = WOLFSSL_ML_KEM_512;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
|
||||
group = WOLFSSL_ML_KEM_768;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
|
||||
group = WOLFSSL_ML_KEM_1024;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||
if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
|
||||
group = WOLFSSL_P256_ML_KEM_512;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||
if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
|
||||
group = WOLFSSL_P384_ML_KEM_768;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||
if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
|
||||
group = WOLFSSL_P521_ML_KEM_1024;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif /* WOLFSSL_NO_ML_KEM */
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
#ifndef WOLFSSL_NO_KYBER512
|
||||
if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
|
||||
group = WOLFSSL_KYBER_LEVEL1;
|
||||
@@ -434,6 +473,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif /* WOLFSSL_KYBER_ORIGINAL */
|
||||
{
|
||||
err_sys("invalid post-quantum KEM specified");
|
||||
}
|
||||
@@ -1330,8 +1370,19 @@ static const char* client_usage_msg[][77] = {
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 68 */
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
|
||||
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
" ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
|
||||
"\n"
|
||||
" P384_ML_KEM_768, P521_ML_KEM_1024\n"
|
||||
#endif
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
" KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
|
||||
"P256_KYBER_LEVEL1,\n"
|
||||
" P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
|
||||
#endif
|
||||
"",
|
||||
/* 69 */
|
||||
#endif
|
||||
#ifdef WOLFSSL_SRTP
|
||||
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */
|
||||
@@ -1564,8 +1615,19 @@ static const char* client_usage_msg[][77] = {
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 68 */
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
|
||||
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
" ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
|
||||
"\n"
|
||||
" P384_ML_KEM_768, P521_ML_KEM_1024\n"
|
||||
#endif
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
" KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
|
||||
"P256_KYBER_LEVEL1,\n"
|
||||
" P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
|
||||
#endif
|
||||
"",
|
||||
/* 69 */
|
||||
#endif
|
||||
#ifdef WOLFSSL_SRTP
|
||||
"--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */
|
||||
|
@@ -712,6 +712,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
else if (usePqc == 1) {
|
||||
#ifdef HAVE_PQC
|
||||
groups[count] = 0;
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) {
|
||||
groups[count] = WOLFSSL_ML_KEM_512;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) {
|
||||
groups[count] = WOLFSSL_ML_KEM_768;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||
if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) {
|
||||
groups[count] = WOLFSSL_ML_KEM_1024;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||
if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
|
||||
groups[count] = WOLFSSL_P256_ML_KEM_512;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||
if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
|
||||
groups[count] = WOLFSSL_P384_ML_KEM_768;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||
if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
|
||||
groups[count] = WOLFSSL_P521_ML_KEM_1024;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif /* WOLFSSL_NO_ML_KEM */
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
#ifndef WOLFSSL_NO_KYBER512
|
||||
if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_LEVEL1;
|
||||
@@ -748,6 +787,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif
|
||||
{
|
||||
err_sys("invalid post-quantum KEM specified");
|
||||
}
|
||||
@@ -980,8 +1020,19 @@ static const char* server_usage_msg[][65] = {
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 59 */
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
|
||||
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
" ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
|
||||
"\n"
|
||||
" P384_ML_KEM_768, P521_ML_KEM_1024\n"
|
||||
#endif
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
" KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
|
||||
"P256_KYBER_LEVEL1,\n"
|
||||
" P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
|
||||
#endif
|
||||
"",
|
||||
/* 60 */
|
||||
#endif
|
||||
#ifdef WOLFSSL_SRTP
|
||||
"--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n", /* 61 */
|
||||
@@ -1172,8 +1223,19 @@ static const char* server_usage_msg[][65] = {
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 59 */
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
|
||||
" KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
|
||||
#ifndef WOLFSSL_NO_ML_KEM
|
||||
" ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
|
||||
"\n"
|
||||
" P384_ML_KEM_768, P521_ML_KEM_1024\n"
|
||||
#endif
|
||||
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||
" KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
|
||||
"P256_KYBER_LEVEL1,\n"
|
||||
" P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n"
|
||||
#endif
|
||||
"",
|
||||
/* 60 */
|
||||
#endif
|
||||
#ifdef WOLFSSL_SRTP
|
||||
"--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n", /* 61 */
|
||||
|
Reference in New Issue
Block a user