mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 04:00:50 +02:00
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
AKA: The Great Rename of December 2021
This commit is contained in:
@@ -168,13 +168,13 @@
|
||||
|
||||
For a quick start, you can run the client and server like this:
|
||||
|
||||
$ ./examples/server/server -v 4 --oqs P521_KYBER_LEVEL5
|
||||
$ ./examples/client/client -v 4 --oqs P521_KYBER_LEVEL5
|
||||
$ ./examples/server/server -v 4 --pqc P521_KYBER_LEVEL5
|
||||
$ ./examples/client/client -v 4 --pqc P521_KYBER_LEVEL5
|
||||
|
||||
Look for the following line in the output of the server and client:
|
||||
|
||||
```
|
||||
Using OQS KEM: P521_KYBER_LEVEL5
|
||||
Using Post-Quantum KEM: P521_KYBER_LEVEL5
|
||||
```
|
||||
|
||||
For authentication, you can generate a certificate chain using the Open
|
||||
@@ -208,13 +208,13 @@
|
||||
-A certs/falcon_level5_root_cert.pem \
|
||||
-c certs/falcon_level1_entity_cert.pem \
|
||||
-k certs/falcon_level1_entity_key.pem \
|
||||
--oqs P521_KYBER_LEVEL5
|
||||
--pqc P521_KYBER_LEVEL5
|
||||
|
||||
$ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
|
||||
-A certs/falcon_level1_root_cert.pem \
|
||||
-c certs/falcon_level5_entity_cert.pem \
|
||||
-k certs/falcon_level5_entity_key.pem \
|
||||
--oqs P521_KYBER_LEVEL5
|
||||
--pqc P521_KYBER_LEVEL5
|
||||
|
||||
Congratulations! You have just achieved a fully quantum-safe TLS 1.3
|
||||
connection!
|
||||
|
||||
@@ -12,8 +12,9 @@ standard operating environments as well because of its royalty-free pricing
|
||||
and excellent cross platform support. wolfSSL supports industry standards up
|
||||
to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to
|
||||
20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20,
|
||||
Curve25519, Blake2b and OQS TLS 1.3 groups. User benchmarking and feedback
|
||||
reports dramatically better performance when using wolfSSL over OpenSSL.
|
||||
Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User benchmarking and
|
||||
feedback reports dramatically better performance when using wolfSSL over
|
||||
OpenSSL.
|
||||
|
||||
wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
|
||||
wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and
|
||||
|
||||
@@ -271,7 +271,7 @@ static struct group_info groups[] = {
|
||||
{ WOLFSSL_FFDHE_4096, "FFDHE_4096" },
|
||||
{ WOLFSSL_FFDHE_6144, "FFDHE_6144" },
|
||||
{ WOLFSSL_FFDHE_8192, "FFDHE_8192" },
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
{ WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
|
||||
{ WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
|
||||
{ WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
|
||||
|
||||
+69
-69
@@ -286,7 +286,7 @@ static void ShowVersions(void)
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
#define MAX_GROUP_NUMBER 4
|
||||
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
int useX448, int useLibOqs, char* oqsAlg, int setGroups)
|
||||
int useX448, int usePqc, char* pqcAlg, int setGroups)
|
||||
{
|
||||
int ret;
|
||||
int groups[MAX_GROUP_NUMBER] = {0};
|
||||
@@ -294,8 +294,8 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
|
||||
(void)useX25519;
|
||||
(void)useX448;
|
||||
(void)useLibOqs;
|
||||
(void)oqsAlg;
|
||||
(void)usePqc;
|
||||
(void)pqcAlg;
|
||||
|
||||
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
||||
@@ -362,120 +362,120 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
} while (ret == WC_PENDING_E);
|
||||
#endif
|
||||
}
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (onlyKeyShare == 0 || onlyKeyShare == 3) {
|
||||
if (useLibOqs) {
|
||||
if (usePqc) {
|
||||
int group = 0;
|
||||
|
||||
if (XSTRNCMP(oqsAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) {
|
||||
if (XSTRNCMP(pqcAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_KYBER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_LEVEL3",
|
||||
XSTRLEN("KYBER_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_KYBER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_LEVEL5",
|
||||
XSTRLEN("KYBER_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_KYBER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL1",
|
||||
XSTRLEN("NTRU_HPS_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_NTRU_HPS_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL3",
|
||||
XSTRLEN("NTRU_HPS_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_NTRU_HPS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL5",
|
||||
XSTRLEN("NTRU_HPS_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_NTRU_HPS_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HRSS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HRSS_LEVEL3",
|
||||
XSTRLEN("NTRU_HRSS_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_NTRU_HRSS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL1",
|
||||
XSTRLEN("SABER_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_SABER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL3",
|
||||
XSTRLEN("SABER_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_SABER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL5",
|
||||
XSTRLEN("SABER_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_SABER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL1",
|
||||
XSTRLEN("KYBER_90S_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_KYBER_90S_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL3",
|
||||
XSTRLEN("KYBER_90S_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_KYBER_90S_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL5",
|
||||
XSTRLEN("KYBER_90S_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_KYBER_90S_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_NTRU_HPS_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_NTRU_HPS_LEVEL1",
|
||||
XSTRLEN("P256_NTRU_HPS_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_P256_NTRU_HPS_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_NTRU_HPS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_NTRU_HPS_LEVEL3",
|
||||
XSTRLEN("P384_NTRU_HPS_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_P384_NTRU_HPS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_NTRU_HPS_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_NTRU_HPS_LEVEL5",
|
||||
XSTRLEN("P521_NTRU_HPS_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_P521_NTRU_HPS_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_NTRU_HRSS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_NTRU_HRSS_LEVEL3",
|
||||
XSTRLEN("P384_NTRU_HRSS_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_P384_NTRU_HRSS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_SABER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_SABER_LEVEL1",
|
||||
XSTRLEN("P256_SABER_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_P256_SABER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_SABER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_SABER_LEVEL3",
|
||||
XSTRLEN("P384_SABER_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_P384_SABER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_SABER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_SABER_LEVEL5",
|
||||
XSTRLEN("P521_SABER_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_P521_SABER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_KYBER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_KYBER_LEVEL1",
|
||||
XSTRLEN("P256_KYBER_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_P256_KYBER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_KYBER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_KYBER_LEVEL3",
|
||||
XSTRLEN("P384_KYBER_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_P384_KYBER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_KYBER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_KYBER_LEVEL5",
|
||||
XSTRLEN("P521_KYBER_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_P521_KYBER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_KYBER_90S_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_KYBER_90S_LEVEL1",
|
||||
XSTRLEN("P256_KYBER_90S_LEVEL1")) == 0) {
|
||||
group = WOLFSSL_P256_KYBER_90S_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_KYBER_90S_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_KYBER_90S_LEVEL3",
|
||||
XSTRLEN("P384_KYBER_90S_LEVEL3")) == 0) {
|
||||
group = WOLFSSL_P384_KYBER_90S_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_KYBER_90S_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_KYBER_90S_LEVEL5",
|
||||
XSTRLEN("P521_KYBER_90S_LEVEL5")) == 0) {
|
||||
group = WOLFSSL_P521_KYBER_90S_LEVEL5;
|
||||
} else {
|
||||
err_sys("invalid OQS KEM specified");
|
||||
err_sys("invalid post-quantum KEM specified");
|
||||
}
|
||||
|
||||
printf("Using OQS KEM: %s\n", oqsAlg);
|
||||
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
|
||||
if (wolfSSL_UseKeyShare(ssl, group) != WOLFSSL_SUCCESS) {
|
||||
err_sys("unable to use oqs KEM");
|
||||
err_sys("unable to use post-quantum KEM");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -560,7 +560,7 @@ static const char* client_bench_conmsg[][5] = {
|
||||
|
||||
static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519,
|
||||
int useX448, int useLibOqs, char* oqsAlg, int helloRetry, int onlyKeyShare,
|
||||
int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare,
|
||||
int version, int earlyData)
|
||||
{
|
||||
/* time passed in number of connects give average */
|
||||
@@ -578,8 +578,8 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
(void)resumeSession;
|
||||
(void)useX25519;
|
||||
(void)useX448;
|
||||
(void)useLibOqs;
|
||||
(void)oqsAlg;
|
||||
(void)usePqc;
|
||||
(void)pqcAlg;
|
||||
(void)helloRetry;
|
||||
(void)onlyKeyShare;
|
||||
(void)version;
|
||||
@@ -610,7 +610,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
else if (version >= 4) {
|
||||
if (!helloRetry)
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448,
|
||||
useLibOqs, oqsAlg, 1);
|
||||
usePqc, pqcAlg, 1);
|
||||
else
|
||||
wolfSSL_NoKeyShares(ssl);
|
||||
}
|
||||
@@ -694,7 +694,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
/* Measures throughput in mbps. Throughput = number of bytes */
|
||||
static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519,
|
||||
int useX448, int useLibOqs, char* oqsAlg, int exitWithRet, int version,
|
||||
int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version,
|
||||
int onlyKeyShare)
|
||||
{
|
||||
double start, conn_time = 0, tx_time = 0, rx_time = 0;
|
||||
@@ -714,14 +714,14 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
|
||||
|
||||
(void)useX25519;
|
||||
(void)useX448;
|
||||
(void)useLibOqs;
|
||||
(void)oqsAlg;
|
||||
(void)usePqc;
|
||||
(void)pqcAlg;
|
||||
(void)version;
|
||||
(void)onlyKeyShare;
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (version >= 4) {
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, useLibOqs,
|
||||
oqsAlg, 1);
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
|
||||
pqcAlg, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -1303,8 +1303,8 @@ static const char* client_usage_msg[][70] = {
|
||||
"-7 Set minimum downgrade protocol version [0-4] "
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
"--oqs <alg> Key Share with specified liboqs algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n",
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n",
|
||||
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n",
|
||||
" NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n",
|
||||
" SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
|
||||
@@ -1513,8 +1513,8 @@ static const char* client_usage_msg[][70] = {
|
||||
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 69 */
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
"--oqs <alg> liboqs 名前付きグループとの鍵共有のみ\n",
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ\n",
|
||||
"[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n",
|
||||
" NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n",
|
||||
" LIGHTSABER, SABER, FIRESABER, P256_NTRU_HPS_LEVEL1,\n"
|
||||
@@ -1740,11 +1740,11 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("%s", msg[++msgid]); /* -7 */
|
||||
printf("%s", msg[++msgid]); /* Examples repo link */
|
||||
#ifdef HAVE_LIBOQS
|
||||
printf("%s", msg[++msgid]); /* --oqs */
|
||||
printf("%s", msg[++msgid]); /* --oqs options */
|
||||
printf("%s", msg[++msgid]); /* more --oqs options */
|
||||
printf("%s", msg[++msgid]); /* more --oqs options */
|
||||
#ifdef HAVE_PQC
|
||||
printf("%s", msg[++msgid]); /* --pqc */
|
||||
printf("%s", msg[++msgid]); /* --pqc options */
|
||||
printf("%s", msg[++msgid]); /* more --pqc options */
|
||||
printf("%s", msg[++msgid]); /* more --pqc options */
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -1784,8 +1784,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
{ "help", 0, 257 },
|
||||
{ "ヘルプ", 0, 258 },
|
||||
#if defined(HAVE_LIBOQS)
|
||||
{ "oqs", 1, 259 },
|
||||
#if defined(HAVE_PQC)
|
||||
{ "pqc", 1, 259 },
|
||||
#endif
|
||||
{ 0, 0, 0 }
|
||||
};
|
||||
@@ -1891,8 +1891,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
int useX25519 = 0;
|
||||
int useX448 = 0;
|
||||
int useLibOqs = 0;
|
||||
char* oqsAlg = NULL;
|
||||
int usePqc = 0;
|
||||
char* pqcAlg = NULL;
|
||||
int exitWithRet = 0;
|
||||
int loadCertKeyIntoSSLObj = 0;
|
||||
|
||||
@@ -1981,8 +1981,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
(void)onlyKeyShare;
|
||||
(void)useSupCurve;
|
||||
(void)loadCertKeyIntoSSLObj;
|
||||
(void)useLibOqs;
|
||||
(void)oqsAlg;
|
||||
(void)usePqc;
|
||||
(void)pqcAlg;
|
||||
StackTrap();
|
||||
|
||||
/* Reinitialize the global myVerifyAction. */
|
||||
@@ -2541,11 +2541,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) && \
|
||||
defined(HAVE_LIBOQS)
|
||||
defined(HAVE_PQC)
|
||||
case 259:
|
||||
useLibOqs = 1;
|
||||
usePqc = 1;
|
||||
onlyKeyShare = 3;
|
||||
oqsAlg = myoptarg;
|
||||
pqcAlg = myoptarg;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@@ -2664,14 +2664,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
err_sys("can't load whitewood net random config file");
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (useLibOqs) {
|
||||
#ifdef HAVE_PQC
|
||||
if (usePqc) {
|
||||
if (version == CLIENT_DOWNGRADE_VERSION ||
|
||||
version == EITHER_DOWNGRADE_VERSION)
|
||||
printf("WARNING: If a TLS 1.3 connection is not negotiated, you "
|
||||
"will not be using a liboqs group.\n");
|
||||
"will not be using a post-quantum group.\n");
|
||||
else if (version != 4)
|
||||
err_sys("can only use liboqs groups with TLS 1.3");
|
||||
err_sys("can only use post-quantum groups with TLS 1.3");
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -3205,7 +3205,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
((func_args*)args)->return_code =
|
||||
ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP,
|
||||
benchmark, resumeSession, useX25519,
|
||||
useX448, useLibOqs, oqsAlg, helloRetry,
|
||||
useX448, usePqc, pqcAlg, helloRetry,
|
||||
onlyKeyShare, version, earlyData);
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
XEXIT_T(EXIT_SUCCESS);
|
||||
@@ -3215,7 +3215,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
((func_args*)args)->return_code =
|
||||
ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP,
|
||||
block, throughput, useX25519, useX448,
|
||||
useLibOqs, oqsAlg, exitWithRet, version,
|
||||
usePqc, pqcAlg, exitWithRet, version,
|
||||
onlyKeyShare);
|
||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||
if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet)
|
||||
@@ -3340,8 +3340,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (!helloRetry && version >= 4) {
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, useLibOqs,
|
||||
oqsAlg, 0);
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
|
||||
pqcAlg, 0);
|
||||
}
|
||||
else {
|
||||
wolfSSL_NoKeyShares(ssl);
|
||||
|
||||
+58
-58
@@ -586,7 +586,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
#define MAX_GROUP_NUMBER 4
|
||||
static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
int useX448, int useLibOqs, char* oqsAlg)
|
||||
int useX448, int usePqc, char* pqcAlg)
|
||||
{
|
||||
int ret;
|
||||
int groups[MAX_GROUP_NUMBER] = {0};
|
||||
@@ -594,8 +594,8 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
|
||||
(void)useX25519;
|
||||
(void)useX448;
|
||||
(void)useLibOqs;
|
||||
(void)oqsAlg;
|
||||
(void)usePqc;
|
||||
(void)pqcAlg;
|
||||
|
||||
WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
|
||||
if (onlyKeyShare == 2) {
|
||||
@@ -629,124 +629,124 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
|
||||
} while (ret == WC_PENDING_E);
|
||||
#endif
|
||||
}
|
||||
else if (useLibOqs == 1) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
else if (usePqc == 1) {
|
||||
#ifdef HAVE_PQC
|
||||
groups[count] = 0;
|
||||
if (XSTRNCMP(oqsAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) {
|
||||
if (XSTRNCMP(pqcAlg, "KYBER_LEVEL1", XSTRLEN("KYBER_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_LEVEL3",
|
||||
XSTRLEN("KYBER_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_LEVEL5",
|
||||
XSTRLEN("KYBER_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL1",
|
||||
XSTRLEN("NTRU_HPS_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_NTRU_HPS_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL3",
|
||||
XSTRLEN("NTRU_HPS_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_NTRU_HPS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HPS_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HPS_LEVEL5",
|
||||
XSTRLEN("NTRU_HPS_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_NTRU_HPS_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "NTRU_HRSS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "NTRU_HRSS_LEVEL3",
|
||||
XSTRLEN("NTRU_HRSS_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_NTRU_HRSS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL1",
|
||||
XSTRLEN("SABER_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_SABER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL3",
|
||||
XSTRLEN("SABER_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_SABER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "SABER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "SABER_LEVEL5",
|
||||
XSTRLEN("SABER_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_SABER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL1",
|
||||
XSTRLEN("KYBER_90S_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_90S_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL3",
|
||||
XSTRLEN("KYBER_90S_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_90S_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "KYBER_90S_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "KYBER_90S_LEVEL5",
|
||||
XSTRLEN("KYBER_90S_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_KYBER_90S_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_NTRU_HPS_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_NTRU_HPS_LEVEL1",
|
||||
XSTRLEN("P256_NTRU_HPS_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_P256_NTRU_HPS_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_NTRU_HPS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_NTRU_HPS_LEVEL3",
|
||||
XSTRLEN("P384_NTRU_HPS_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_P384_NTRU_HPS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_NTRU_HPS_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_NTRU_HPS_LEVEL5",
|
||||
XSTRLEN("P521_NTRU_HPS_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_P521_NTRU_HPS_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_NTRU_HRSS_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_NTRU_HRSS_LEVEL3",
|
||||
XSTRLEN("P384_NTRU_HRSS_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_P384_NTRU_HRSS_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_SABER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_SABER_LEVEL1",
|
||||
XSTRLEN("P256_SABER_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_P256_SABER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_SABER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_SABER_LEVEL3",
|
||||
XSTRLEN("P384_SABER_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_P384_SABER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_SABER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_SABER_LEVEL5",
|
||||
XSTRLEN("P521_SABER_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_P521_SABER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_KYBER_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_KYBER_LEVEL1",
|
||||
XSTRLEN("P256_KYBER_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_KYBER_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_KYBER_LEVEL3",
|
||||
XSTRLEN("P384_KYBER_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_P384_KYBER_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_KYBER_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_KYBER_LEVEL5",
|
||||
XSTRLEN("P521_KYBER_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P256_KYBER_90S_LEVEL1",
|
||||
else if (XSTRNCMP(pqcAlg, "P256_KYBER_90S_LEVEL1",
|
||||
XSTRLEN("P256_KYBER_90S_LEVEL1")) == 0) {
|
||||
groups[count] = WOLFSSL_P256_KYBER_90S_LEVEL1;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P384_KYBER_90S_LEVEL3",
|
||||
else if (XSTRNCMP(pqcAlg, "P384_KYBER_90S_LEVEL3",
|
||||
XSTRLEN("P384_KYBER_90S_LEVEL3")) == 0) {
|
||||
groups[count] = WOLFSSL_P384_KYBER_90S_LEVEL3;
|
||||
}
|
||||
else if (XSTRNCMP(oqsAlg, "P521_KYBER_90S_LEVEL5",
|
||||
else if (XSTRNCMP(pqcAlg, "P521_KYBER_90S_LEVEL5",
|
||||
XSTRLEN("P521_KYBER_90S_LEVEL5")) == 0) {
|
||||
groups[count] = WOLFSSL_P521_KYBER_90S_LEVEL5;
|
||||
}
|
||||
|
||||
if (groups[count] == 0) {
|
||||
err_sys("invalid OQS KEM specified");
|
||||
err_sys("invalid post-quantum KEM specified");
|
||||
}
|
||||
else {
|
||||
if (wolfSSL_UseKeyShare(ssl, groups[count]) == WOLFSSL_SUCCESS) {
|
||||
printf("Using OQS KEM: %s\n", oqsAlg);
|
||||
printf("Using Post-Quantum KEM: %s\n", pqcAlg);
|
||||
count++;
|
||||
}
|
||||
else {
|
||||
groups[count] = 0;
|
||||
err_sys("unable to use oqs algorithm");
|
||||
err_sys("unable to use post-quantum algorithm");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -945,8 +945,8 @@ static const char* server_usage_msg[][60] = {
|
||||
"-7 Set minimum downgrade protocol version [0-4] "
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 59 */
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
"--oqs <alg> Key Share with specified liboqs algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n",
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n",
|
||||
" KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n",
|
||||
" NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n",
|
||||
" SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
|
||||
@@ -1109,8 +1109,8 @@ static const char* server_usage_msg[][60] = {
|
||||
"-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] "
|
||||
" SSLv3(0) - TLS1.3(4)\n", /* 59 */
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
"--oqs <alg> liboqs 名前付きグループとの鍵共有のみ\n",
|
||||
#ifdef HAVE_PQC
|
||||
"--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ\n",
|
||||
"[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n",
|
||||
" NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n",
|
||||
" SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
|
||||
@@ -1260,11 +1260,11 @@ static void Usage(void)
|
||||
#endif
|
||||
printf("%s", msg[++msgId]); /* -7 */
|
||||
printf("%s", msg[++msgId]); /* Examples repo link */
|
||||
#ifdef HAVE_LIBOQS
|
||||
printf("%s", msg[++msgId]); /* --oqs */
|
||||
printf("%s", msg[++msgId]); /* --oqs options */
|
||||
printf("%s", msg[++msgId]); /* more --oqs options */
|
||||
printf("%s", msg[++msgId]); /* more --oqs options */
|
||||
#ifdef HAVE_PQC
|
||||
printf("%s", msg[++msgId]); /* --pqc */
|
||||
printf("%s", msg[++msgId]); /* --pqc options */
|
||||
printf("%s", msg[++msgId]); /* more --pqc options */
|
||||
printf("%s", msg[++msgId]); /* more --pqc options */
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -1293,8 +1293,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
{ "help", 0, 257 },
|
||||
{ "ヘルプ", 0, 258 },
|
||||
#if defined(HAVE_LIBOQS)
|
||||
{ "oqs", 1, 259 },
|
||||
#if defined(HAVE_PQC)
|
||||
{ "pqc", 1, 259 },
|
||||
#endif
|
||||
{ 0, 0, 0 }
|
||||
};
|
||||
@@ -1447,8 +1447,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
#endif
|
||||
int useX25519 = 0;
|
||||
int useX448 = 0;
|
||||
int useLibOqs = 0;
|
||||
char* oqsAlg = NULL;
|
||||
int usePqc = 0;
|
||||
char* pqcAlg = NULL;
|
||||
int exitWithRet = 0;
|
||||
int loadCertKeyIntoSSLObj = 0;
|
||||
|
||||
@@ -1508,8 +1508,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
(void)mcastID;
|
||||
(void)loadCertKeyIntoSSLObj;
|
||||
(void)nonBlocking;
|
||||
(void)oqsAlg;
|
||||
(void)useLibOqs;
|
||||
(void)pqcAlg;
|
||||
(void)usePqc;
|
||||
|
||||
#ifdef WOLFSSL_TIRTOS
|
||||
fdOpenSession(Task_self());
|
||||
@@ -2022,11 +2022,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case 259:
|
||||
useLibOqs = 1;
|
||||
usePqc = 1;
|
||||
onlyKeyShare = 2;
|
||||
oqsAlg = myoptarg;
|
||||
pqcAlg = myoptarg;
|
||||
break;
|
||||
#endif
|
||||
|
||||
@@ -2070,14 +2070,14 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
"file");
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (useLibOqs) {
|
||||
#ifdef HAVE_PQC
|
||||
if (usePqc) {
|
||||
if (version == SERVER_DOWNGRADE_VERSION ||
|
||||
version == EITHER_DOWNGRADE_VERSION) {
|
||||
printf("WARNING: If a TLS 1.3 connection is not negotiated, you "
|
||||
"will not be using a liboqs group.\n");
|
||||
"will not be using a post-quantum group.\n");
|
||||
} else if (version != 4) {
|
||||
err_sys("can only use liboqs groups with TLS 1.3");
|
||||
err_sys("can only use post-quantum groups with TLS 1.3");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -2775,8 +2775,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
if (version >= 4) {
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, useLibOqs,
|
||||
oqsAlg);
|
||||
SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc,
|
||||
pqcAlg);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
+3
-3
@@ -99,7 +99,7 @@ my @fileList_4096 = (
|
||||
);
|
||||
|
||||
#Falcon Post-Quantum Keys
|
||||
#Used with HAVE_LIBOQS
|
||||
#Used with HAVE_PQC
|
||||
my @fileList_falcon = (
|
||||
["certs/falcon/bench_falcon_level1_key.der", "bench_falcon_level1_key" ],
|
||||
["certs/falcon/bench_falcon_level5_key.der", "bench_falcon_level5_key" ],
|
||||
@@ -194,7 +194,7 @@ for (my $i = 0; $i < $num_4096; $i++) {
|
||||
print OUT_FILE "#endif /* USE_CERT_BUFFERS_4096 */\n\n";
|
||||
|
||||
# convert and print falcon keys
|
||||
print OUT_FILE "#ifdef HAVE_LIBOQS\n\n";
|
||||
print OUT_FILE "#ifdef HAVE_PQC\n\n";
|
||||
for (my $i = 0; $i < $num_falcon; $i++) {
|
||||
|
||||
my $fname = $fileList_falcon[$i][0];
|
||||
@@ -208,7 +208,7 @@ for (my $i = 0; $i < $num_falcon; $i++) {
|
||||
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
|
||||
}
|
||||
|
||||
print OUT_FILE "#endif /* HAVE_LIBOQS */\n\n";
|
||||
print OUT_FILE "#endif /* HAVE_PQC */\n\n";
|
||||
|
||||
# convert and print 256-bit cert/keys
|
||||
print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
|
||||
|
||||
+29
-29
@@ -2012,7 +2012,7 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
|
||||
ssl->options.haveECC = 1; /* server turns on with ECC key cert */
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
ssl->options.haveFalconSig = 1; /* always on client side */
|
||||
}
|
||||
@@ -2080,7 +2080,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
ctx->minEccKeySz = MIN_ECCKEY_SZ;
|
||||
ctx->eccTempKeySz = ECDHE_SIZE;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
|
||||
#endif
|
||||
ctx->verifyDepth = MAX_CHAIN_DEPTH;
|
||||
@@ -2140,7 +2140,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
ctx->CBIOSend = GNRC_SendTo;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (method->side == WOLFSSL_CLIENT_END)
|
||||
ctx->haveFalconSig = 1; /* always on client side */
|
||||
/* server can turn on by loading key */
|
||||
@@ -2683,7 +2683,7 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (sigAlgo == falcon_level1_sa_algo) {
|
||||
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MAJOR;
|
||||
*inOutIdx += 1;
|
||||
@@ -2760,10 +2760,10 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
|
||||
}
|
||||
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
|
||||
if (haveFalconSig) {
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
AddSuiteHashSigAlgo(suites, no_mac, falcon_level1_sa_algo, keySz, &idx);
|
||||
AddSuiteHashSigAlgo(suites, no_mac, falcon_level5_sa_algo, keySz, &idx);
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
}
|
||||
if (haveRSAsig) {
|
||||
#ifdef WC_RSA_PSS
|
||||
@@ -3830,8 +3830,8 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy
|
||||
*hashAlgo = input[1];
|
||||
}
|
||||
break;
|
||||
#ifdef HAVE_LIBOQS
|
||||
case OQS_SA_MAJOR:
|
||||
#ifdef HAVE_PQC
|
||||
case PQC_SA_MAJOR:
|
||||
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
|
||||
*hsType = falcon_level1_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
@@ -6000,7 +6000,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
#ifdef HAVE_ECC
|
||||
ssl->options.minEccKeySz = ctx->minEccKeySz;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
ssl->options.minFalconKeySz = ctx->minFalconKeySz;
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
@@ -6736,11 +6736,11 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
wc_curve448_free((curve448_key*)*pKey);
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case DYNAMIC_TYPE_FALCON:
|
||||
wc_falcon_free((falcon_key*)*pKey);
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
wc_FreeDhKey((DhKey*)*pKey);
|
||||
@@ -6803,11 +6803,11 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
sz = sizeof(curve448_key);
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case DYNAMIC_TYPE_FALCON:
|
||||
sz = sizeof(falcon_key);
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
sz = sizeof(DhKey);
|
||||
@@ -6853,7 +6853,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
ret = 0;
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case DYNAMIC_TYPE_FALCON:
|
||||
wc_falcon_init((falcon_key*)*pKey);
|
||||
ret = 0;
|
||||
@@ -6884,7 +6884,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_LIBOQS)
|
||||
defined(HAVE_CURVE448) || defined(HAVE_PQC)
|
||||
static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -6930,12 +6930,12 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
|
||||
ret = wc_curve448_init((curve448_key*)pKey);
|
||||
break;
|
||||
#endif /* HAVE_CURVE448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case DYNAMIC_TYPE_FALCON:
|
||||
wc_falcon_free((falcon_key*)pKey);
|
||||
ret = wc_falcon_init((falcon_key*)pKey);
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
wc_FreeDhKey((DhKey*)pKey);
|
||||
@@ -7173,7 +7173,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
#endif
|
||||
@@ -7396,10 +7396,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key);
|
||||
ssl->peerEd448KeyPresent = 0;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
@@ -11860,7 +11860,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
if (ssl->options.minFalconKeySz < 0 ||
|
||||
FALCON_LEVEL1_KEY_SIZE < (word16)ssl->options.minFalconKeySz) {
|
||||
@@ -11877,7 +11877,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
ret = FALCON_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
default:
|
||||
WOLFSSL_MSG("Key size not checked");
|
||||
/* key not being checked for size if not in
|
||||
@@ -13080,7 +13080,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
case FALCON_LEVEL5k:
|
||||
{
|
||||
@@ -13125,7 +13125,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
WOLFSSL_MSG("Peer Falcon key is too small");
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -21703,7 +21703,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
||||
defined(HAVE_ED448)
|
||||
haveECDSAsig = 1;
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
haveFalconSig = 1;
|
||||
#endif
|
||||
}
|
||||
@@ -21922,7 +21922,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
|
||||
return sigAlgo == ed448_sa_algo;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1) {
|
||||
/* Certificate has Falcon level 1 key, only match with Falcon level 1
|
||||
* sig alg */
|
||||
@@ -22036,7 +22036,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 ||
|
||||
ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) {
|
||||
/* Matched Falcon - set chosen and finished. */
|
||||
@@ -22702,7 +22702,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->buffers.keyType == falcon_level1_sa_algo ||
|
||||
ssl->buffers.keyType == falcon_level5_sa_algo ||
|
||||
ssl->buffers.keyType == 0) {
|
||||
@@ -22762,7 +22762,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
goto exit_dpk;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
(void)idx;
|
||||
(void)keySz;
|
||||
|
||||
@@ -117,7 +117,7 @@
|
||||
#include <wolfssl/wolfcrypt/curve25519.h>
|
||||
#include <wolfssl/wolfcrypt/ed25519.h>
|
||||
#include <wolfssl/wolfcrypt/curve448.h>
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
|
||||
@@ -208,7 +208,7 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
|
||||
{XSTR_SIZEOF("B-320"), "B-320", NID_brainpoolP320r1},
|
||||
{XSTR_SIZEOF("B-384"), "B-384", NID_brainpoolP384r1},
|
||||
{XSTR_SIZEOF("B-512"), "B-512", NID_brainpoolP512r1},
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
{XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1},
|
||||
{XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3},
|
||||
{XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5},
|
||||
@@ -2615,7 +2615,7 @@ static int isValidCurveGroup(word16 name)
|
||||
case WOLFSSL_FFDHE_6144:
|
||||
case WOLFSSL_FFDHE_8192:
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case WOLFSSL_KYBER_LEVEL1:
|
||||
case WOLFSSL_KYBER_LEVEL3:
|
||||
case WOLFSSL_KYBER_LEVEL5:
|
||||
@@ -3939,7 +3939,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
|
||||
#ifdef HAVE_ECC
|
||||
cm->minEccKeySz = MIN_ECCKEY_SZ;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
cm->minFalconKeySz = MIN_FALCONKEY_SZ;
|
||||
#endif
|
||||
|
||||
@@ -4887,7 +4887,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
if (cm->minFalconKeySz < 0 ||
|
||||
FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
|
||||
@@ -4902,7 +4902,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
WOLFSSL_MSG("\tCA Falcon level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("\tNo key size check done on CA");
|
||||
@@ -5442,7 +5442,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
#if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
|
||||
!defined(HAVE_ED448) && !defined(HAVE_LIBOQS)
|
||||
!defined(HAVE_ED448) && !defined(HAVE_PQC)
|
||||
WOLFSSL_MSG("RSA decode failed and other algorithms "
|
||||
"not enabled to try");
|
||||
ret = WOLFSSL_BAD_FILE;
|
||||
@@ -5675,7 +5675,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
#endif
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ret == 0 && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
|
||||
(*keyFormat == FALCON_LEVEL5k))) {
|
||||
/* make sure Falcon key can be used */
|
||||
@@ -5739,7 +5739,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
}
|
||||
XFREE(key, heap, DYNAMIC_TYPE_FALCON);
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -6087,7 +6087,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
}
|
||||
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_LIBOQS)
|
||||
defined(HAVE_PQC)
|
||||
if (ssl) {
|
||||
ssl->pkCurveOID = cert->pkCurveOID;
|
||||
#ifndef WC_STRICT_SIG
|
||||
@@ -6104,7 +6104,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
ssl->options.haveECC = 1;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
else if (cert->keyOID == FALCON_LEVEL1k ||
|
||||
cert->keyOID == FALCON_LEVEL5k) {
|
||||
ssl->options.haveFalconSig = 1;
|
||||
@@ -6130,7 +6130,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
ctx->haveECC = 1;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
else if (cert->keyOID == FALCON_LEVEL1k ||
|
||||
cert->keyOID == FALCON_LEVEL5k) {
|
||||
ctx->haveFalconSig = 1;
|
||||
@@ -6243,7 +6243,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
case FALCON_LEVEL5k:
|
||||
/* Falcon is fixed key size */
|
||||
@@ -6263,7 +6263,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
}
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("No key size check done on certificate");
|
||||
@@ -8524,7 +8524,7 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
{
|
||||
int isFalcon = 0;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -8584,7 +8584,7 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
|
||||
}
|
||||
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
if (pkey == NULL) {
|
||||
WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
|
||||
@@ -32216,7 +32216,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
#ifdef HAVE_ED25519
|
||||
{ NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"},
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
{ CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1",
|
||||
"Falcon Level 1"},
|
||||
{ CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5",
|
||||
@@ -36959,7 +36959,7 @@ struct WOLFSSL_HashSigInfo {
|
||||
#ifdef HAVE_ED448
|
||||
{ no_mac, ed448_sa_algo, CTC_ED448 },
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
{ no_mac, falcon_level1_sa_algo, CTC_FALCON_LEVEL1 },
|
||||
{ no_mac, falcon_level5_sa_algo, CTC_FALCON_LEVEL5 },
|
||||
#endif
|
||||
|
||||
@@ -48,9 +48,11 @@
|
||||
#ifdef HAVE_CURVE448
|
||||
#include <wolfssl/wolfcrypt/curve448.h>
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
#include <oqs/kem.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
|
||||
static int TLSX_KeyShare_IsSupported(int namedGroup);
|
||||
@@ -3800,7 +3802,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
|
||||
#ifdef HAVE_SUPPORTED_CURVES
|
||||
|
||||
#if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \
|
||||
&& !defined(HAVE_FFDHE) && !defined(HAVE_LIBOQS)
|
||||
&& !defined(HAVE_FFDHE) && !defined(HAVE_PQC)
|
||||
#error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \
|
||||
Use --enable-ecc and/or --enable-liboqs in the configure script or \
|
||||
define HAVE_ECC. Alternatively use FFDHE for DH ciphersuites.
|
||||
@@ -6633,6 +6635,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
/* Transform a group ID into an OQS Algorithm name as a string. */
|
||||
static const char* OQS_ID2name(int id)
|
||||
@@ -6655,73 +6658,75 @@ static const char* OQS_ID2name(int id)
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
|
||||
typedef struct OqsHybridMapping {
|
||||
typedef struct PqcHybridMapping {
|
||||
int hybrid;
|
||||
int ecc;
|
||||
int oqs;
|
||||
} OqsHybridMapping;
|
||||
int pqc;
|
||||
} PqcHybridMapping;
|
||||
|
||||
static const OqsHybridMapping oqs_hybrid_mapping[] = {
|
||||
{.hybrid = WOLFSSL_P256_NTRU_HPS_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.oqs = WOLFSSL_NTRU_HPS_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_NTRU_HPS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.oqs = WOLFSSL_NTRU_HPS_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_NTRU_HPS_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.oqs = WOLFSSL_NTRU_HPS_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P384_NTRU_HRSS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.oqs = WOLFSSL_NTRU_HRSS_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P256_SABER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.oqs = WOLFSSL_SABER_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_SABER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.oqs = WOLFSSL_SABER_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_SABER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.oqs = WOLFSSL_SABER_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.oqs = WOLFSSL_KYBER_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.oqs = WOLFSSL_KYBER_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.oqs = WOLFSSL_KYBER_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P256_KYBER_90S_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.oqs = WOLFSSL_KYBER_90S_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_KYBER_90S_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.oqs = WOLFSSL_KYBER_90S_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_KYBER_90S_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.oqs = WOLFSSL_KYBER_90S_LEVEL5},
|
||||
{.hybrid = 0, .ecc = 0, .oqs = 0}
|
||||
static const PqcHybridMapping pqc_hybrid_mapping[] = {
|
||||
{.hybrid = WOLFSSL_P256_NTRU_HPS_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.pqc = WOLFSSL_NTRU_HPS_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_NTRU_HPS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.pqc = WOLFSSL_NTRU_HPS_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_NTRU_HPS_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.pqc = WOLFSSL_NTRU_HPS_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P384_NTRU_HRSS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.pqc = WOLFSSL_NTRU_HRSS_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P256_SABER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.pqc = WOLFSSL_SABER_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_SABER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.pqc = WOLFSSL_SABER_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_SABER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.pqc = WOLFSSL_SABER_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.pqc = WOLFSSL_KYBER_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.pqc = WOLFSSL_KYBER_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.pqc = WOLFSSL_KYBER_LEVEL5},
|
||||
{.hybrid = WOLFSSL_P256_KYBER_90S_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1,
|
||||
.pqc = WOLFSSL_KYBER_90S_LEVEL1},
|
||||
{.hybrid = WOLFSSL_P384_KYBER_90S_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
|
||||
.pqc = WOLFSSL_KYBER_90S_LEVEL3},
|
||||
{.hybrid = WOLFSSL_P521_KYBER_90S_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1,
|
||||
.pqc = WOLFSSL_KYBER_90S_LEVEL5},
|
||||
{.hybrid = 0, .ecc = 0, .pqc = 0}
|
||||
};
|
||||
|
||||
/* This will map an ecc-oqs hybrid group into its ecc group and oqs group.
|
||||
* If it cannot find a mapping then *oqs is set to group. ecc is optional. */
|
||||
static void findEccOqs(int *ecc, int *oqs, int group)
|
||||
/* This will map an ecc-pqs hybrid group into its ecc group and pqc kem group.
|
||||
* If it cannot find a mapping then *pqc is set to group. ecc is optional. */
|
||||
static void findEccPqc(int *ecc, int *pqc, int group)
|
||||
{
|
||||
int i;
|
||||
if (oqs == NULL) {
|
||||
if (pqc == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
*oqs = 0;
|
||||
*pqc = 0;
|
||||
if (ecc != NULL) {
|
||||
*ecc = 0;
|
||||
}
|
||||
|
||||
for (i = 0; oqs_hybrid_mapping[i].hybrid != 0; i++) {
|
||||
if (oqs_hybrid_mapping[i].hybrid == group) {
|
||||
*oqs = oqs_hybrid_mapping[i].oqs;
|
||||
for (i = 0; pqc_hybrid_mapping[i].hybrid != 0; i++) {
|
||||
if (pqc_hybrid_mapping[i].hybrid == group) {
|
||||
*pqc = pqc_hybrid_mapping[i].pqc;
|
||||
if (ecc != NULL) {
|
||||
*ecc = oqs_hybrid_mapping[i].ecc;
|
||||
*ecc = pqc_hybrid_mapping[i].ecc;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (*oqs == 0) {
|
||||
if (*pqc == 0) {
|
||||
/* It is not a hybrid, so maybe its simple. */
|
||||
*oqs = group;
|
||||
*pqc = group;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
/* Create a key share entry using liboqs parameters group.
|
||||
* Generates a key pair.
|
||||
*
|
||||
@@ -6740,7 +6745,7 @@ static int TLSX_KeyShare_GenOqsKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
int oqs_group = 0;
|
||||
int ecc_group = 0;
|
||||
|
||||
findEccOqs(&ecc_group, &oqs_group, kse->group);
|
||||
findEccPqc(&ecc_group, &oqs_group, kse->group);
|
||||
algName = OQS_ID2name(oqs_group);
|
||||
if (algName == NULL) {
|
||||
WOLFSSL_MSG("Invalid OQS algorithm specified.");
|
||||
@@ -6830,7 +6835,8 @@ static int TLSX_KeyShare_GenOqsKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
/* Generate a secret/key using the key share entry.
|
||||
*
|
||||
@@ -6847,9 +6853,11 @@ static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
|
||||
ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
|
||||
else if (kse->group == WOLFSSL_ECC_X448)
|
||||
ret = TLSX_KeyShare_GenX448Key(ssl, kse);
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
else if (kse->group >= WOLFSSL_OQS_MIN && kse->group <= WOLFSSL_OQS_MAX)
|
||||
else if (kse->group >= WOLFSSL_PQC_MIN && kse->group <= WOLFSSL_PQC_MAX)
|
||||
ret = TLSX_KeyShare_GenOqsKey(ssl, kse);
|
||||
#endif
|
||||
#endif
|
||||
else
|
||||
ret = TLSX_KeyShare_GenEccKey(ssl, kse);
|
||||
@@ -6886,9 +6894,9 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
|
||||
wc_curve448_free((curve448_key*)current->key);
|
||||
#endif
|
||||
}
|
||||
#ifdef HAVE_LIBOQS
|
||||
else if (current->group >= WOLFSSL_OQS_MIN &&
|
||||
current->group <= WOLFSSL_OQS_MAX &&
|
||||
#ifdef HAVE_PQC
|
||||
else if (current->group >= WOLFSSL_PQC_MIN &&
|
||||
current->group <= WOLFSSL_PQC_MAX &&
|
||||
current->key != NULL) {
|
||||
ForceZero((byte*)current->key, current->keyLen);
|
||||
}
|
||||
@@ -7408,6 +7416,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
/* Process the liboqs key share extension on the client side.
|
||||
*
|
||||
@@ -7450,7 +7459,7 @@ static int TLSX_KeyShare_ProcessOqs(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
}
|
||||
|
||||
/* I am the client, the ciphertext is in keyShareEntry->ke */
|
||||
findEccOqs(&ecc_group, &oqs_group, keyShareEntry->group);
|
||||
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
|
||||
|
||||
algName = OQS_ID2name(oqs_group);
|
||||
if (algName == NULL) {
|
||||
@@ -7559,6 +7568,7 @@ static int TLSX_KeyShare_ProcessOqs(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Process the key share extension on the client side.
|
||||
*
|
||||
@@ -7581,10 +7591,12 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
|
||||
ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
|
||||
else if (keyShareEntry->group == WOLFSSL_ECC_X448)
|
||||
ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
else if (keyShareEntry->group >= WOLFSSL_OQS_MIN &&
|
||||
keyShareEntry->group <= WOLFSSL_OQS_MAX)
|
||||
else if (keyShareEntry->group >= WOLFSSL_PQC_MIN &&
|
||||
keyShareEntry->group <= WOLFSSL_PQC_MAX)
|
||||
ret = TLSX_KeyShare_ProcessOqs(ssl, keyShareEntry);
|
||||
#endif
|
||||
#endif
|
||||
else
|
||||
ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry);
|
||||
@@ -7633,9 +7645,9 @@ static int TLSX_KeyShareEntry_Parse(WOLFSSL* ssl, const byte* input,
|
||||
if (keLen > length - offset)
|
||||
return BUFFER_ERROR;
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (group >= WOLFSSL_OQS_MIN &&
|
||||
group <= WOLFSSL_OQS_MAX &&
|
||||
#ifdef HAVE_PQC
|
||||
if (group >= WOLFSSL_PQC_MIN &&
|
||||
group <= WOLFSSL_PQC_MAX &&
|
||||
ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
/* For KEMs, the public key is not stored. Casting away const because
|
||||
* we know for KEMs, it will be read-only.*/
|
||||
@@ -7800,7 +7812,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||
|
||||
/* Not in list sent if there isn't a private key. */
|
||||
if (keyShareEntry == NULL || (keyShareEntry->key == NULL
|
||||
#if !defined(NO_DH) || defined(HAVE_LIBOQS)
|
||||
#if !defined(NO_DH) || defined(HAVE_PQC)
|
||||
&& keyShareEntry->privKey == NULL
|
||||
#endif
|
||||
)) {
|
||||
@@ -7838,9 +7850,9 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
/* For oqs groups, do this in TLSX_PopulateExtensions(). */
|
||||
if (group < WOLFSSL_OQS_MIN || group > WOLFSSL_OQS_MAX)
|
||||
#ifdef HAVE_PQC
|
||||
/* For post-quantum groups, do this in TLSX_PopulateExtensions(). */
|
||||
if (group < WOLFSSL_PQC_MIN || group > WOLFSSL_PQC_MAX)
|
||||
#endif
|
||||
ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
|
||||
}
|
||||
@@ -7888,6 +7900,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
static int server_generate_oqs_ciphertext(WOLFSSL* ssl,
|
||||
KeyShareEntry* keyShareEntry,
|
||||
@@ -7908,7 +7921,7 @@ static int server_generate_oqs_ciphertext(WOLFSSL* ssl,
|
||||
ecc_key eccpubkey;
|
||||
word32 outlen = 0;
|
||||
|
||||
findEccOqs(&ecc_group, &oqs_group, keyShareEntry->group);
|
||||
findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group);
|
||||
algName = OQS_ID2name(oqs_group);
|
||||
if (algName == NULL) {
|
||||
WOLFSSL_MSG("Invalid OQS algorithm specified.");
|
||||
@@ -8034,6 +8047,7 @@ static int server_generate_oqs_ciphertext(WOLFSSL* ssl,
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Use the data to create a new key share object in the extensions.
|
||||
*
|
||||
@@ -8082,9 +8096,10 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_PQC
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (group >= WOLFSSL_OQS_MIN &&
|
||||
group <= WOLFSSL_OQS_MAX &&
|
||||
if (group >= WOLFSSL_PQC_MIN &&
|
||||
group <= WOLFSSL_PQC_MAX &&
|
||||
ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
ret = server_generate_oqs_ciphertext(ssl, keyShareEntry, data,
|
||||
len);
|
||||
@@ -8092,6 +8107,7 @@ int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len, byte* data,
|
||||
return ret;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#endif
|
||||
if (data != NULL) {
|
||||
if (keyShareEntry->ke != NULL) {
|
||||
@@ -8243,7 +8259,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case WOLFSSL_KYBER_LEVEL1:
|
||||
case WOLFSSL_KYBER_LEVEL3:
|
||||
case WOLFSSL_KYBER_LEVEL5:
|
||||
@@ -8270,10 +8286,12 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
||||
case WOLFSSL_P256_KYBER_90S_LEVEL1:
|
||||
case WOLFSSL_P384_KYBER_90S_LEVEL3:
|
||||
case WOLFSSL_P521_KYBER_90S_LEVEL5:
|
||||
findEccOqs(NULL, &namedGroup, namedGroup);
|
||||
#ifdef HAVE_LIBOQS
|
||||
findEccPqc(NULL, &namedGroup, namedGroup);
|
||||
if (! OQS_KEM_alg_is_enabled(OQS_ID2name(namedGroup))) {
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@@ -8341,7 +8359,7 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
|
||||
#ifdef HAVE_FFDHE_8192
|
||||
ssl->group[ssl->numGroups++] = WOLFSSL_FFDHE_8192;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* For the liboqs groups we need to do a runtime check because
|
||||
* liboqs could be compiled to make an algorithm unavailable.
|
||||
*/
|
||||
@@ -8524,9 +8542,9 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry)
|
||||
clientKSE->group > MAX_FFHDE_GROUP) {
|
||||
/* Check max value supported. */
|
||||
if (clientKSE->group > WOLFSSL_ECC_MAX) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (clientKSE->group < WOLFSSL_OQS_MIN ||
|
||||
clientKSE->group > WOLFSSL_OQS_MAX )
|
||||
#ifdef HAVE_PQC
|
||||
if (clientKSE->group < WOLFSSL_PQC_MIN ||
|
||||
clientKSE->group > WOLFSSL_PQC_MAX )
|
||||
#endif
|
||||
continue;
|
||||
}
|
||||
@@ -8566,9 +8584,9 @@ int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry)
|
||||
return ret;
|
||||
|
||||
if (clientKSE->key == NULL) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (clientKSE->group >= WOLFSSL_OQS_MIN &&
|
||||
clientKSE->group <= WOLFSSL_OQS_MAX ) {
|
||||
#ifdef HAVE_PQC
|
||||
if (clientKSE->group >= WOLFSSL_PQC_MIN &&
|
||||
clientKSE->group <= WOLFSSL_PQC_MAX ) {
|
||||
/* Going to need the public key (AKA ciphertext). */
|
||||
serverKSE->pubKey = clientKSE->pubKey;
|
||||
clientKSE->pubKey = NULL;
|
||||
@@ -10220,7 +10238,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
|
||||
if (ret == WOLFSSL_SUCCESS)
|
||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3,
|
||||
@@ -10298,7 +10316,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
|
||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_90S_LEVEL5,
|
||||
ssl->heap);
|
||||
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
(void)ssl;
|
||||
(void)extensions;
|
||||
@@ -10469,9 +10487,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
||||
namedGroup = kse->group;
|
||||
}
|
||||
if (namedGroup > 0) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* For KEMs, the key share has already been generated. */
|
||||
if (namedGroup < WOLFSSL_OQS_MIN || namedGroup > WOLFSSL_OQS_MAX)
|
||||
if (namedGroup < WOLFSSL_PQC_MIN || namedGroup > WOLFSSL_PQC_MAX)
|
||||
#endif
|
||||
ret = TLSX_KeyShare_Use(ssl, namedGroup, 0, NULL, NULL);
|
||||
if (ret != 0)
|
||||
|
||||
+19
-19
@@ -5241,7 +5241,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_LIBOQS)
|
||||
defined(HAVE_ED448) || defined(HAVE_PQC)
|
||||
/* Encode the signature algorithm into buffer.
|
||||
*
|
||||
* hashalgo The hash algorithm.
|
||||
@@ -5280,7 +5280,7 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
|
||||
output[1] = hashAlgo;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case falcon_level1_sa_algo:
|
||||
output[0] = FALCON_LEVEL1_SA_MAJOR;
|
||||
output[1] = FALCON_LEVEL1_SA_MINOR;
|
||||
@@ -5333,8 +5333,8 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
|
||||
else
|
||||
ret = INVALID_PARAMETER;
|
||||
break;
|
||||
#ifdef HAVE_LIBOQS
|
||||
case OQS_SA_MAJOR:
|
||||
#ifdef HAVE_PQC
|
||||
case PQC_SA_MAJOR:
|
||||
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
|
||||
*hsType = falcon_level1_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
@@ -5967,7 +5967,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_LIBOQS)) && \
|
||||
defined(HAVE_ED448) || defined(HAVE_PQC)) && \
|
||||
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
|
||||
typedef struct Scv13Args {
|
||||
byte* output; /* not allocated */
|
||||
@@ -6112,7 +6112,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_ED448)
|
||||
args->sigAlgo = ed448_sa_algo;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
|
||||
falcon_key* fkey = (falcon_key*)ssl->hsKey;
|
||||
byte level = 0;
|
||||
@@ -6206,11 +6206,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
sig->length = ED448_SIG_SIZE;
|
||||
}
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
|
||||
sig->length = FALCON_MAX_SIG_SIZE;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_DO;
|
||||
@@ -6262,7 +6262,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
args->length = (word16)sig->length;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
|
||||
ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
|
||||
args->verify + HASH_SIG_SIZE +
|
||||
@@ -6270,7 +6270,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
(falcon_key*)ssl->hsKey);
|
||||
args->length = (word16)sig->length;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_RSA
|
||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||
ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
|
||||
@@ -6581,7 +6581,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
goto exit_dcv;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (args->sigAlgo == falcon_level1_sa_algo && !ssl->peerFalconKeyPresent) {
|
||||
WOLFSSL_MSG("Peer sent Falcon Level 1 sig but different cert");
|
||||
ret = SIG_VERIFY_E;
|
||||
@@ -6664,7 +6664,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->peerFalconKeyPresent) {
|
||||
WOLFSSL_MSG("Doing Falcon peer cert verify");
|
||||
|
||||
@@ -6758,7 +6758,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (ssl->peerFalconKeyPresent) {
|
||||
int res = 0;
|
||||
WOLFSSL_MSG("Doing Falcon peer cert verify");
|
||||
@@ -8141,7 +8141,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_LIBOQS)
|
||||
defined(HAVE_ED448) || defined(HAVE_PQC)
|
||||
case certificate_verify:
|
||||
WOLFSSL_MSG("processing certificate verify");
|
||||
ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size);
|
||||
@@ -8579,7 +8579,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
case FIRST_REPLY_THIRD:
|
||||
#if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_LIBOQS))) && (!defined(NO_WOLFSSL_SERVER) || \
|
||||
defined(HAVE_PQC))) && (!defined(NO_WOLFSSL_SERVER) || \
|
||||
!defined(WOLFSSL_NO_CLIENT_AUTH))
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
ssl->error = SendTls13CertificateVerify(ssl);
|
||||
@@ -8740,9 +8740,9 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
if (group >= WOLFSSL_OQS_MIN &&
|
||||
group <= WOLFSSL_OQS_MAX) {
|
||||
#ifdef HAVE_PQC
|
||||
if (group >= WOLFSSL_PQC_MIN &&
|
||||
group <= WOLFSSL_PQC_MAX) {
|
||||
|
||||
if (ssl->ctx != NULL && ssl->ctx->method != NULL &&
|
||||
ssl->ctx->method->version.minor != TLSv1_3_MINOR) {
|
||||
@@ -9525,7 +9525,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
||||
|
||||
case TLS13_CERT_SENT :
|
||||
#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_LIBOQS))
|
||||
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_PQC))
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
|
||||
+4
-4
@@ -47079,7 +47079,7 @@ static int test_tls13_apis(void)
|
||||
#endif
|
||||
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
|
||||
int groups[2] = { WOLFSSL_ECC_SECP256R1,
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
WOLFSSL_SABER_LEVEL3
|
||||
#else
|
||||
WOLFSSL_ECC_SECP256R1
|
||||
@@ -47099,11 +47099,11 @@ static int test_tls13_apis(void)
|
||||
#endif
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
|
||||
"P-256"
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
":P256_SABER_LEVEL1"
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
":KYBER_LEVEL1"
|
||||
#endif
|
||||
"";
|
||||
@@ -47209,7 +47209,7 @@ static int test_tls13_apis(void)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
|
||||
|
||||
+1
-1
@@ -877,7 +877,7 @@ int SuiteTest(int argc, char** argv)
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* add TLSv13 pq tests */
|
||||
strcpy(argv0[1], "tests/test-tls13-pq.conf");
|
||||
printf("starting TLSv13 post-quantum groups tests\n");
|
||||
|
||||
+52
-52
@@ -1,260 +1,260 @@
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL1
|
||||
--pqc KYBER_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL1
|
||||
--pqc KYBER_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL3
|
||||
--pqc KYBER_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL3
|
||||
--pqc KYBER_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL5
|
||||
--pqc KYBER_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_LEVEL5
|
||||
--pqc KYBER_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL1
|
||||
--pqc KYBER_90S_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL1
|
||||
--pqc KYBER_90S_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL3
|
||||
--pqc KYBER_90S_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL3
|
||||
--pqc KYBER_90S_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL5
|
||||
--pqc KYBER_90S_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs KYBER_90S_LEVEL5
|
||||
--pqc KYBER_90S_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL1
|
||||
--pqc NTRU_HPS_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL1
|
||||
--pqc NTRU_HPS_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL3
|
||||
--pqc NTRU_HPS_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL3
|
||||
--pqc NTRU_HPS_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL5
|
||||
--pqc NTRU_HPS_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HPS_LEVEL5
|
||||
--pqc NTRU_HPS_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HRSS_LEVEL3
|
||||
--pqc NTRU_HRSS_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs NTRU_HRSS_LEVEL3
|
||||
--pqc NTRU_HRSS_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL1
|
||||
--pqc SABER_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL1
|
||||
--pqc SABER_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL3
|
||||
--pqc SABER_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL3
|
||||
--pqc SABER_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL5
|
||||
--pqc SABER_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs SABER_LEVEL5
|
||||
--pqc SABER_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_NTRU_HPS_LEVEL1
|
||||
--pqc P256_NTRU_HPS_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_NTRU_HPS_LEVEL1
|
||||
--pqc P256_NTRU_HPS_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_NTRU_HPS_LEVEL3
|
||||
--pqc P384_NTRU_HPS_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_NTRU_HPS_LEVEL3
|
||||
--pqc P384_NTRU_HPS_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_NTRU_HPS_LEVEL5
|
||||
--pqc P521_NTRU_HPS_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_NTRU_HPS_LEVEL5
|
||||
--pqc P521_NTRU_HPS_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_NTRU_HRSS_LEVEL3
|
||||
--pqc P384_NTRU_HRSS_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_NTRU_HRSS_LEVEL3
|
||||
--pqc P384_NTRU_HRSS_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_SABER_LEVEL1
|
||||
--pqc P256_SABER_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_SABER_LEVEL1
|
||||
--pqc P256_SABER_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_SABER_LEVEL3
|
||||
--pqc P384_SABER_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_SABER_LEVEL3
|
||||
--pqc P384_SABER_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_SABER_LEVEL5
|
||||
--pqc P521_SABER_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_SABER_LEVEL5
|
||||
--pqc P521_SABER_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_KYBER_LEVEL1
|
||||
--pqc P256_KYBER_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_KYBER_LEVEL1
|
||||
--pqc P256_KYBER_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_KYBER_LEVEL3
|
||||
--pqc P384_KYBER_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_KYBER_LEVEL3
|
||||
--pqc P384_KYBER_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_KYBER_LEVEL5
|
||||
--pqc P521_KYBER_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_KYBER_LEVEL5
|
||||
--pqc P521_KYBER_LEVEL5
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_KYBER_90S_LEVEL1
|
||||
--pqc P256_KYBER_90S_LEVEL1
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P256_KYBER_90S_LEVEL1
|
||||
--pqc P256_KYBER_90S_LEVEL1
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_KYBER_90S_LEVEL3
|
||||
--pqc P384_KYBER_90S_LEVEL3
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P384_KYBER_90S_LEVEL3
|
||||
--pqc P384_KYBER_90S_LEVEL3
|
||||
|
||||
# server TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_KYBER_90S_LEVEL5
|
||||
--pqc P521_KYBER_90S_LEVEL5
|
||||
|
||||
# client TLSv1.3 with post-quantum group
|
||||
-v 4
|
||||
-l TLS13-AES256-GCM-SHA384
|
||||
--oqs P521_KYBER_90S_LEVEL5
|
||||
--pqc P521_KYBER_90S_LEVEL5
|
||||
|
||||
|
||||
@@ -200,6 +200,8 @@
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#include <oqs/kem.h>
|
||||
#endif
|
||||
#ifdef HAVE_PQC
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
|
||||
@@ -612,7 +614,7 @@ typedef struct bench_pq_alg {
|
||||
const char* str;
|
||||
/* Bit values to set. */
|
||||
word32 val;
|
||||
const char* oqs_name;
|
||||
const char* pqc_name;
|
||||
} bench_pq_alg;
|
||||
|
||||
/* All recognized post-quantum asymmetric algorithm choosing command line
|
||||
@@ -1500,7 +1502,7 @@ static void bench_stats_asym_finish(const char* algo, int strength,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
static void bench_stats_pq_asym_finish(const char* algo, int doAsync, int count,
|
||||
double start, int ret)
|
||||
{
|
||||
@@ -2160,63 +2162,63 @@ static void* benchmarks_do(void* args)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
|
||||
bench_falconKeySign(1);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN))
|
||||
bench_falconKeySign(5);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL1_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER_LEVEL1_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER_LEVEL1_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL1_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER_LEVEL1_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER_LEVEL1_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL3_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER_LEVEL3_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER_LEVEL3_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL3_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER_LEVEL3_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER_LEVEL3_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL5_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER_LEVEL5_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER_LEVEL5_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL5_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER_LEVEL5_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER_LEVEL5_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER90S_LEVEL1_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL1_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER90S_LEVEL1_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL1_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER90S_LEVEL3_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL3_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER90S_LEVEL3_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL3_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_KYBER90S_LEVEL5_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL5_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_KYBER90S_LEVEL5_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL5_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL1_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_SABER_LEVEL1_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_SABER_LEVEL1_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL1_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_SABER_LEVEL1_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_SABER_LEVEL1_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL3_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_SABER_LEVEL3_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_SABER_LEVEL3_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL3_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_SABER_LEVEL3_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_SABER_LEVEL3_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL5_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_SABER_LEVEL5_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_SABER_LEVEL5_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL5_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_SABER_LEVEL5_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_SABER_LEVEL5_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL1_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_NTRUHPS_LEVEL1_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL1_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL1_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_NTRUHPS_LEVEL1_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL1_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL3_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_NTRUHPS_LEVEL3_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL3_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL3_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_NTRUHPS_LEVEL3_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL3_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL5_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_NTRUHPS_LEVEL5_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL5_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL5_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_NTRUHPS_LEVEL5_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL5_ENCAP);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHRSS_LEVEL3_KEYGEN))
|
||||
bench_oqsKemKeygen(BENCH_NTRUHRSS_LEVEL3_KEYGEN);
|
||||
bench_pqcKemKeygen(BENCH_NTRUHRSS_LEVEL3_KEYGEN);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHRSS_LEVEL3_ENCAP))
|
||||
bench_oqsKemEncapDecap(BENCH_NTRUHRSS_LEVEL3_ENCAP);
|
||||
bench_pqcKemEncapDecap(BENCH_NTRUHRSS_LEVEL3_ENCAP);
|
||||
#endif
|
||||
|
||||
#ifdef WOLFCRYPT_HAVE_SAKKE
|
||||
@@ -6656,34 +6658,36 @@ void bench_sakke(void)
|
||||
#endif /* WOLFCRYPT_SAKKE_CLIENT */
|
||||
#endif /* WOLFCRYPT_HAVE_SAKKE */
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
static void bench_oqsKemInit(word32 alg, byte **priv_key, byte **pub_key,
|
||||
#ifdef HAVE_PQC
|
||||
static void bench_pqcKemInit(word32 alg, byte **priv_key, byte **pub_key,
|
||||
const char **wolf_name, OQS_KEM **kem)
|
||||
{
|
||||
int i;
|
||||
const char *oqs_name = NULL;
|
||||
const char *pqc_name = NULL;
|
||||
|
||||
*pub_key = NULL;
|
||||
*priv_key = NULL;
|
||||
|
||||
for (i=0; bench_pq_asym_opt[i].str != NULL; i++) {
|
||||
if (alg == bench_pq_asym_opt[i].val) {
|
||||
oqs_name = bench_pq_asym_opt[i].oqs_name;
|
||||
pqc_name = bench_pq_asym_opt[i].pqc_name;
|
||||
*wolf_name = bench_pq_asym_opt[i].str;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (oqs_name == NULL) {
|
||||
if (pqc_name == NULL) {
|
||||
printf("Bad OQS Alg specified\n");
|
||||
return;
|
||||
}
|
||||
|
||||
*kem = OQS_KEM_new(oqs_name);
|
||||
#ifdef HAVE_LIBOQS
|
||||
*kem = OQS_KEM_new(pqc_name);
|
||||
if (*kem == NULL) {
|
||||
printf("OQS_KEM_new() failed\n");
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
*pub_key = (byte*)XMALLOC((*kem)->length_public_key, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -6694,7 +6698,7 @@ static void bench_oqsKemInit(word32 alg, byte **priv_key, byte **pub_key,
|
||||
|
||||
}
|
||||
|
||||
void bench_oqsKemKeygen(word32 alg)
|
||||
void bench_pqcKemKeygen(word32 alg)
|
||||
{
|
||||
const char *wolf_name = NULL;
|
||||
OQS_KEM* kem = NULL;
|
||||
@@ -6703,22 +6707,24 @@ void bench_oqsKemKeygen(word32 alg)
|
||||
byte *priv_key;
|
||||
byte *pub_key;
|
||||
|
||||
bench_oqsKemInit(alg, &priv_key, &pub_key, &wolf_name, &kem);
|
||||
bench_pqcKemInit(alg, &priv_key, &pub_key, &wolf_name, &kem);
|
||||
|
||||
if (wolf_name == NULL || kem == NULL || pub_key == NULL ||
|
||||
priv_key == NULL) {
|
||||
printf("bench_oqsKemInit() failed\n");
|
||||
printf("bench_pqcKemInit() failed\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < genTimes; i++) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
ret = OQS_KEM_keypair(kem, pub_key, priv_key);
|
||||
if (ret != OQS_SUCCESS) {
|
||||
printf("OQS_KEM_keypair() failed: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
@@ -6733,7 +6739,7 @@ exit:
|
||||
|
||||
}
|
||||
|
||||
void bench_oqsKemEncapDecap(word32 alg)
|
||||
void bench_pqcKemEncapDecap(word32 alg)
|
||||
{
|
||||
const char *wolf_name = NULL;
|
||||
OQS_KEM* kem = NULL;
|
||||
@@ -6744,19 +6750,21 @@ void bench_oqsKemEncapDecap(word32 alg)
|
||||
byte *ciphertext = NULL;
|
||||
byte *shared_secret = NULL;
|
||||
|
||||
bench_oqsKemInit(alg, &priv_key, &pub_key, &wolf_name, &kem);
|
||||
bench_pqcKemInit(alg, &priv_key, &pub_key, &wolf_name, &kem);
|
||||
|
||||
if (wolf_name == NULL || kem == NULL || pub_key == NULL ||
|
||||
priv_key == NULL) {
|
||||
printf("bench_oqsKemInit() failed\n");
|
||||
printf("bench_pqcKemInit() failed\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
ret = OQS_KEM_keypair(kem, pub_key, priv_key);
|
||||
if (ret != OQS_SUCCESS) {
|
||||
printf("OQS_KEM_keypair() failed: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
shared_secret = (byte*)XMALLOC(kem->length_shared_secret, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -6773,6 +6781,7 @@ void bench_oqsKemEncapDecap(word32 alg)
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < agreeTimes; i++) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
ret = OQS_KEM_encaps(kem, ciphertext, shared_secret, pub_key);
|
||||
if (ret != OQS_SUCCESS) {
|
||||
printf("OQS_KEM_encaps() failed: %d\n", ret);
|
||||
@@ -6784,6 +6793,7 @@ void bench_oqsKemEncapDecap(word32 alg)
|
||||
printf("OQS_KEM_decaps() failed: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
@@ -6898,7 +6908,7 @@ void bench_falconKeySign(byte level)
|
||||
|
||||
wc_falcon_free(&key);
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#ifndef HAVE_STACK_SIZE
|
||||
#if defined(_WIN32) && !defined(INTIME_RTOS)
|
||||
|
||||
@@ -107,8 +107,8 @@ void bench_blake2b(void);
|
||||
void bench_blake2s(void);
|
||||
void bench_pbkdf2(void);
|
||||
void bench_falconKeySign(byte level);
|
||||
void bench_oqsKemKeygen(word32 alg);
|
||||
void bench_oqsKemEncapDecap(word32 alg);
|
||||
void bench_pqcKemKeygen(word32 alg);
|
||||
void bench_pqcKemEncapDecap(word32 alg);
|
||||
|
||||
void bench_stats_print(void);
|
||||
|
||||
|
||||
+39
-39
@@ -133,7 +133,7 @@ ASN Options:
|
||||
#include <wolfssl/wolfcrypt/curve448.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
|
||||
@@ -3822,13 +3822,13 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
#ifdef HAVE_ED448
|
||||
static const byte sigEd448Oid[] = {43, 101, 113};
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* Falcon Level 1: 1 3 9999 3 1 */
|
||||
static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
|
||||
|
||||
/* Falcon Level 5: 1 3 9999 3 4 */
|
||||
static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
/* keyType */
|
||||
#ifndef NO_DSA
|
||||
@@ -3855,13 +3855,13 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
#ifndef NO_DH
|
||||
static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1};
|
||||
#endif /* !NO_DH */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* Falcon Level 1: 1 3 9999 3 1 */
|
||||
static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
|
||||
|
||||
/* Falcon Level 5: 1 3 9999 3 4 */
|
||||
static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
/* curveType */
|
||||
#ifdef HAVE_ECC
|
||||
@@ -4286,7 +4286,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
||||
*oidSz = sizeof(sigEd448Oid);
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case CTC_FALCON_LEVEL1:
|
||||
oid = sigFalcon_Level1Oid;
|
||||
*oidSz = sizeof(sigFalcon_Level1Oid);
|
||||
@@ -4351,7 +4351,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
||||
*oidSz = sizeof(keyDhOid);
|
||||
break;
|
||||
#endif /* !NO_DH */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
oid = keyFalcon_Level1Oid;
|
||||
*oidSz = sizeof(keyFalcon_Level1Oid);
|
||||
@@ -6189,7 +6189,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if ((ks == FALCON_LEVEL1k) || (ks == FALCON_LEVEL5k)) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
falcon_key* key_pair = NULL;
|
||||
@@ -6242,7 +6242,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
|
||||
#endif
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
{
|
||||
ret = 0;
|
||||
}
|
||||
@@ -6544,7 +6544,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if (*algoID == 0) {
|
||||
falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(*falcon), heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -6578,7 +6578,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
}
|
||||
XFREE(falcon, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
/* if flag is not set then this is not a key that we understand. */
|
||||
if (*algoID == 0) {
|
||||
@@ -9657,7 +9657,7 @@ static int GetCertHeader(DecodedCert* cert)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_PQC)
|
||||
/* Store the key data under the BIT_STRING in dynamicly allocated data.
|
||||
*
|
||||
* @param [in, out] cert Certificate object.
|
||||
@@ -10087,7 +10087,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
cert->pkCurveOID = FALCON_LEVEL1k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
@@ -10096,7 +10096,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
|
||||
cert->pkCurveOID = FALCON_LEVEL5k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_DSA
|
||||
case DSAk:
|
||||
cert->publicKey = source + pubIdx;
|
||||
@@ -12710,7 +12710,7 @@ static WC_INLINE int IsSigAlgoECC(int algoOID)
|
||||
#ifdef HAVE_CURVE448
|
||||
|| (algoOID == X448k)
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
|| (algoOID == FALCON_LEVEL1k)
|
||||
|| (algoOID == FALCON_LEVEL5k)
|
||||
#endif
|
||||
@@ -12992,7 +12992,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
|
||||
sigCtx->key.ed448 = NULL;
|
||||
break;
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
case FALCON_LEVEL5k:
|
||||
wc_falcon_free(sigCtx->key.falcon);
|
||||
@@ -13000,7 +13000,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
|
||||
DYNAMIC_TYPE_FALCON);
|
||||
sigCtx->key.falcon = NULL;
|
||||
break;
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
default:
|
||||
break;
|
||||
} /* switch (keyOID) */
|
||||
@@ -13138,7 +13138,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
|
||||
*/
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case CTC_FALCON_LEVEL1:
|
||||
case CTC_FALCON_LEVEL5:
|
||||
/* Hashes done in signing operation. */
|
||||
@@ -13444,7 +13444,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
case FALCON_LEVEL1k:
|
||||
{
|
||||
sigCtx->verify = 0;
|
||||
@@ -13614,7 +13614,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
case FALCON_LEVEL1k:
|
||||
case FALCON_LEVEL5k:
|
||||
{
|
||||
@@ -13737,7 +13737,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_ED448 */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1k:
|
||||
{
|
||||
if (sigCtx->verify == 1) {
|
||||
@@ -13760,7 +13760,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
default:
|
||||
break;
|
||||
} /* switch (keyOID) */
|
||||
@@ -18741,7 +18741,7 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
|
||||
wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
|
||||
wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
|
||||
wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
|
||||
wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----";
|
||||
@@ -18841,7 +18841,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
|
||||
ret = 0;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
case FALCON_LEVEL1_TYPE:
|
||||
if (header) *header = BEGIN_FALCON_LEVEL1_PRIV;
|
||||
if (footer) *footer = END_FALCON_LEVEL1_PRIV;
|
||||
@@ -21070,7 +21070,7 @@ int wc_Ed448PublicKeyToDer(ed448_key* key, byte* output, word32 inLen,
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT */
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
/* Encode the public part of an Falcon key in DER.
|
||||
*
|
||||
* Pass NULL for output to get the size of the encoding.
|
||||
@@ -21113,7 +21113,7 @@ int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output, word32 inLen,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
|
||||
@@ -23149,7 +23149,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if ((cert->keyType == FALCON_LEVEL1_KEY) ||
|
||||
(cert->keyType == FALCON_LEVEL5_KEY)) {
|
||||
if (falconKey == NULL)
|
||||
@@ -23627,14 +23627,14 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz,
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_SIGN */
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
|
||||
word32 outSz = sigSz;
|
||||
ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
break;
|
||||
}
|
||||
@@ -23824,7 +23824,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = ED25519_KEY;
|
||||
else if (ed448Key)
|
||||
cert->keyType = ED448_KEY;
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
else if ((falconKey != NULL) && (falconKey->level == 1))
|
||||
cert->keyType = FALCON_LEVEL1_KEY;
|
||||
else if ((falconKey != NULL) && (falconKey->level == 5))
|
||||
@@ -23885,7 +23885,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = ED448_KEY;
|
||||
}
|
||||
else if (falconKey != NULL) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (falconKey->level == 1)
|
||||
cert->keyType = FALCON_LEVEL1_KEY;
|
||||
else if (falconKey->level == 5)
|
||||
@@ -24353,7 +24353,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
(word32)sizeof(der->publicKey), 1);
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if ((cert->keyType == FALCON_LEVEL1_KEY) ||
|
||||
(cert->keyType == FALCON_LEVEL5_KEY)) {
|
||||
if (falconKey == NULL)
|
||||
@@ -24626,7 +24626,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = ED25519_KEY;
|
||||
else if (ed448Key)
|
||||
cert->keyType = ED448_KEY;
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
else if ((falconKey != NULL) && (falconKey->level == 1))
|
||||
cert->keyType = FALCON_LEVEL1_KEY;
|
||||
else if ((falconKey != NULL) && (falconKey->level == 5))
|
||||
@@ -24686,7 +24686,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = ED448_KEY;
|
||||
}
|
||||
else if (falconKey != NULL) {
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
if (falconKey->level == 1)
|
||||
cert->keyType = FALCON_LEVEL1_KEY;
|
||||
else if (falconKey->level == 5)
|
||||
@@ -25040,7 +25040,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
|
||||
bufferSz = wc_Ed448PublicKeyToDer(ed448Key, buf, MAX_PUBLIC_KEY_SZ, 0);
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
if (falconKey != NULL) {
|
||||
bufferSz = wc_Falcon_PublicKeyToDer(falconKey, buf, MAX_PUBLIC_KEY_SZ,
|
||||
0);
|
||||
@@ -28252,7 +28252,7 @@ int wc_Ed448PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
|
||||
falcon_key* key, word32 inSz)
|
||||
{
|
||||
@@ -28319,7 +28319,7 @@ int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)
|
||||
int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx,
|
||||
@@ -28386,7 +28386,7 @@ int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, word32 inLen)
|
||||
|
||||
#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT */
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
int wc_Falcon_KeyToDer(falcon_key* key, byte* output, word32 inLen)
|
||||
{
|
||||
if (key == NULL) {
|
||||
@@ -28425,7 +28425,7 @@ int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output, word32 inLen)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)
|
||||
/* Write private Curve448 key to DER format,
|
||||
|
||||
@@ -25,15 +25,16 @@
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
/* in case user set HAVE_LIBOQS there */
|
||||
/* in case user set HAVE_PQC there */
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
|
||||
#ifdef HAVE_PQC
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
|
||||
#include <oqs/oqs.h>
|
||||
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
@@ -61,6 +62,7 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
||||
falcon_key* key)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef HAVE_LIBOQS
|
||||
OQS_SIG *oqssig = NULL;
|
||||
size_t localOutLen = 0;
|
||||
|
||||
@@ -112,7 +114,7 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
||||
if (oqssig != NULL) {
|
||||
OQS_SIG_free(oqssig);
|
||||
}
|
||||
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -132,6 +134,7 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
||||
word32 msgLen, int* res, falcon_key* key)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef HAVE_LIBOQS
|
||||
OQS_SIG *oqssig = NULL;
|
||||
|
||||
if (key == NULL || sig == NULL || msg == NULL || res == NULL) {
|
||||
@@ -168,6 +171,7 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
||||
if (oqssig != NULL) {
|
||||
OQS_SIG_free(oqssig);
|
||||
}
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -683,4 +687,4 @@ int wc_falcon_sig_size(falcon_key* key)
|
||||
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
@@ -3332,7 +3332,7 @@ static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096);
|
||||
|
||||
#endif /* USE_CERT_BUFFERS_4096 */
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
|
||||
/* certs/falcon/bench_falcon_level1_key.der */
|
||||
static const unsigned char bench_falcon_level1_key[] =
|
||||
@@ -3980,7 +3980,7 @@ static const unsigned char bench_falcon_level5_key[] =
|
||||
};
|
||||
static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key);
|
||||
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
|
||||
|
||||
|
||||
+14
-14
@@ -116,7 +116,7 @@
|
||||
#ifdef HAVE_CURVE448
|
||||
#include <wolfssl/wolfcrypt/curve448.h>
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
#ifdef HAVE_HKDF
|
||||
@@ -1235,7 +1235,7 @@ enum Misc {
|
||||
HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
|
||||
SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
|
||||
/* pre RSA and all master */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
ENCRYPT_LEN = 1500, /* allow 1500 bit static buffer for falcon */
|
||||
#else
|
||||
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
|
||||
@@ -1458,7 +1458,7 @@ enum Misc {
|
||||
ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
|
||||
ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
|
||||
|
||||
OQS_SA_MAJOR = 0xFE,/* Most significant byte used with OQS sig algos
|
||||
PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algos
|
||||
*/
|
||||
/* These match what OQS has defined in their OpenSSL fork. */
|
||||
FALCON_LEVEL1_SA_MAJOR = 0xFE,
|
||||
@@ -1470,7 +1470,7 @@ enum Misc {
|
||||
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
|
||||
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
MAX_CERT_VERIFY_SZ = 1600, /* For Falcon */
|
||||
#elif !defined(NO_RSA)
|
||||
MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
|
||||
@@ -1501,7 +1501,7 @@ enum Misc {
|
||||
MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
MAX_X509_SIZE = 5120, /* max static x509 buffer size; falcon is big */
|
||||
#elif defined(WOLFSSL_HAPROXY)
|
||||
MAX_X509_SIZE = 3072, /* max static x509 buffer size */
|
||||
@@ -1572,7 +1572,7 @@ enum Misc {
|
||||
#endif
|
||||
#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
/* set minimum Falcon key size allowed */
|
||||
#ifndef MIN_FALCONKEY_SZ
|
||||
#define MIN_FALCONKEY_SZ 897
|
||||
@@ -2123,7 +2123,7 @@ struct WOLFSSL_CERT_MANAGER {
|
||||
wolfSSL_Mutex refMutex; /* reference count mutex */
|
||||
#endif
|
||||
int refCount; /* reference count */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
short minFalconKeySz; /* minimum allowed Falcon key size */
|
||||
#endif
|
||||
|
||||
@@ -2622,7 +2622,7 @@ typedef struct KeyShareEntry {
|
||||
word32 keyLen; /* Key size (bytes) */
|
||||
byte* pubKey; /* Public key */
|
||||
word32 pubKeyLen; /* Public key length */
|
||||
#if !defined(NO_DH) || defined(HAVE_LIBOQS)
|
||||
#if !defined(NO_DH) || defined(HAVE_PQC)
|
||||
byte* privKey; /* Private key - DH ond PQ KEMs only */
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
@@ -2873,7 +2873,7 @@ struct WOLFSSL_CTX {
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
short minEccKeySz; /* minimum ECC key size */
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
short minFalconKeySz; /* minimum Falcon key size */
|
||||
#endif
|
||||
unsigned long mask; /* store SSL_OP_ flags */
|
||||
@@ -3733,7 +3733,7 @@ typedef struct Options {
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
short minEccKeySz; /* minimum ECC key size */
|
||||
#endif
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#if defined(HAVE_PQC)
|
||||
short minFalconKeySz; /* minimum Falcon key size */
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
@@ -3908,9 +3908,9 @@ struct WOLFSSL_X509 {
|
||||
int pubKeyOID;
|
||||
DNS_entry* altNamesNext; /* hint for retrieval */
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_LIBOQS)
|
||||
defined(HAVE_PQC)
|
||||
word32 pkCurveOID;
|
||||
#endif /* HAVE_ECC || HAVE_LIBOQS */
|
||||
#endif /* HAVE_ECC || HAVE_PQC */
|
||||
#ifndef NO_CERTS
|
||||
DerBuffer* derCert; /* may need */
|
||||
#endif
|
||||
@@ -4318,7 +4318,7 @@ struct WOLFSSL {
|
||||
curve448_key* peerX448Key;
|
||||
byte peerX448KeyPresent;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
falcon_key* peerFalconKey;
|
||||
byte peerFalconKeyPresent;
|
||||
#endif
|
||||
@@ -4695,7 +4695,7 @@ extern const WOLF_EC_NIST_NAME kNistCurves[];
|
||||
/* This is the longest and shortest curve name in the kNistCurves list. Note we
|
||||
* also have quantum-safe group names as well. */
|
||||
#define kNistCurves_MIN_NAME_LEN 5
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
#define kNistCurves_MAX_NAME_LEN 32
|
||||
#else
|
||||
#define kNistCurves_MAX_NAME_LEN 7
|
||||
|
||||
+9
-9
@@ -794,7 +794,7 @@ enum SNICbReturn {
|
||||
/* Maximum master key length (SECRET_LEN) */
|
||||
#define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
|
||||
/* Maximum number of groups that can be set */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
#define WOLFSSL_MAX_GROUP_COUNT 36
|
||||
#else
|
||||
#define WOLFSSL_MAX_GROUP_COUNT 10
|
||||
@@ -3638,8 +3638,8 @@ enum {
|
||||
WOLFSSL_FFDHE_6144 = 259,
|
||||
WOLFSSL_FFDHE_8192 = 260,
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
/* These group numbers were taken from liboqs' openssl fork, see:
|
||||
#ifdef HAVE_PQC
|
||||
/* These group numbers were taken from OQS's openssl fork, see:
|
||||
* https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/
|
||||
* oqs-template/oqs-kem-info.md.
|
||||
*
|
||||
@@ -3655,8 +3655,8 @@ enum {
|
||||
* algorithms have LEVEL2 and LEVEL4 because none of these submissions
|
||||
* included them. */
|
||||
|
||||
WOLFSSL_OQS_MIN = 532,
|
||||
WOLFSSL_OQS_SIMPLE_MIN = 532,
|
||||
WOLFSSL_PQC_MIN = 532,
|
||||
WOLFSSL_PQC_SIMPLE_MIN = 532,
|
||||
WOLFSSL_NTRU_HPS_LEVEL1 = 532, /* NTRU_HPS2048509 */
|
||||
WOLFSSL_NTRU_HPS_LEVEL3 = 533, /* NTRU_HPS2048677 */
|
||||
WOLFSSL_NTRU_HPS_LEVEL5 = 534, /* NTRU_HPS4096821 */
|
||||
@@ -3670,9 +3670,9 @@ enum {
|
||||
WOLFSSL_KYBER_90S_LEVEL1 = 574, /* KYBER_90S_512 */
|
||||
WOLFSSL_KYBER_90S_LEVEL3 = 575, /* KYBER_90S_768 */
|
||||
WOLFSSL_KYBER_90S_LEVEL5 = 576, /* KYBER_90S_1024 */
|
||||
WOLFSSL_OQS_SIMPLE_MAX = 576,
|
||||
WOLFSSL_PQC_SIMPLE_MAX = 576,
|
||||
|
||||
WOLFSSL_OQS_HYBRID_MIN = 12052,
|
||||
WOLFSSL_PQC_HYBRID_MIN = 12052,
|
||||
WOLFSSL_P256_NTRU_HPS_LEVEL1 = 12052,
|
||||
WOLFSSL_P384_NTRU_HPS_LEVEL3 = 12053,
|
||||
WOLFSSL_P521_NTRU_HPS_LEVEL5 = 12054,
|
||||
@@ -3686,8 +3686,8 @@ enum {
|
||||
WOLFSSL_P256_KYBER_90S_LEVEL1 = 12094,
|
||||
WOLFSSL_P384_KYBER_90S_LEVEL3 = 12095,
|
||||
WOLFSSL_P521_KYBER_90S_LEVEL5 = 12096,
|
||||
WOLFSSL_OQS_HYBRID_MAX = 12096,
|
||||
WOLFSSL_OQS_MAX = 12096,
|
||||
WOLFSSL_PQC_HYBRID_MAX = 12096,
|
||||
WOLFSSL_PQC_MAX = 12096,
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
@@ -1262,7 +1262,7 @@ struct SignatureCtx {
|
||||
#ifdef HAVE_ED448
|
||||
struct ed448_key* ed448;
|
||||
#endif
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
struct falcon_key* falcon;
|
||||
#endif
|
||||
void* ptr;
|
||||
|
||||
@@ -640,7 +640,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
|
||||
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
|
||||
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
|
||||
(defined(HAVE_LIBOQS)))
|
||||
(defined(HAVE_PQC)))
|
||||
#define WC_ENABLE_ASYM_KEY_EXPORT
|
||||
#endif
|
||||
|
||||
@@ -649,7 +649,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
|
||||
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \
|
||||
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \
|
||||
(defined(HAVE_LIBOQS)))
|
||||
(defined(HAVE_PQC)))
|
||||
#define WC_ENABLE_ASYM_KEY_IMPORT
|
||||
#endif
|
||||
|
||||
@@ -688,13 +688,13 @@ WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte*, word32, int);
|
||||
#endif
|
||||
#endif /* HAVE_ED448 */
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte*, word32*, falcon_key*, word32);
|
||||
WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte*, word32*, falcon_key*, word32);
|
||||
WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key*, byte*, word32);
|
||||
WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key*, byte*, word32);
|
||||
WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key*, byte*, word32, int);
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
#ifdef HAVE_CURVE448
|
||||
#ifdef HAVE_CURVE448_KEY_IMPORT
|
||||
|
||||
@@ -31,9 +31,11 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#ifdef HAVE_PQC
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#include <oqs/oqs.h>
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@@ -41,6 +43,7 @@
|
||||
|
||||
/* Macros Definitions */
|
||||
|
||||
#ifdef HAVE_LIBOQS
|
||||
#define FALCON_LEVEL1_KEY_SIZE OQS_SIG_falcon_512_length_secret_key
|
||||
#define FALCON_LEVEL1_SIG_SIZE OQS_SIG_falcon_512_length_signature
|
||||
#define FALCON_LEVEL1_PUB_KEY_SIZE OQS_SIG_falcon_512_length_public_key
|
||||
@@ -50,6 +53,7 @@
|
||||
#define FALCON_LEVEL5_SIG_SIZE OQS_SIG_falcon_1024_length_signature
|
||||
#define FALCON_LEVEL5_PUB_KEY_SIZE OQS_SIG_falcon_1024_length_public_key
|
||||
#define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE)
|
||||
#endif
|
||||
|
||||
#define FALCON_MAX_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE
|
||||
#define FALCON_MAX_SIG_SIZE FALCON_LEVEL5_SIG_SIZE
|
||||
@@ -125,5 +129,5 @@ int wc_falcon_sig_size(falcon_key* key);
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#endif /* HAVE_PQC */
|
||||
#endif /* WOLF_CRYPT_FALCON_H */
|
||||
|
||||
@@ -2585,6 +2585,11 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Enable Post-Quantum Cryptography if we have liboqs from the OpenQuantumSafe
|
||||
* group */
|
||||
#ifdef HAVE_LIBOQS
|
||||
#define HAVE_PQC
|
||||
#endif
|
||||
|
||||
/* ---------------------------------------------------------------------------
|
||||
* Depricated Algorithm Handling
|
||||
|
||||
Reference in New Issue
Block a user