mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Kyber: fixes to configure and wolfSSL_get_curve_name
Remote original-only option for kyber in configure.ac. Default is ML-KEM only. original is Kyber only. ml-lem is ML-KEM. to have both: all,original,ml-kem. Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the inclusion of kyber headers.
This commit is contained in:
Sean Parkinson
13
configure.ac
13
configure.ac
@ -1309,7 +1309,7 @@ AC_ARG_ENABLE([kyber],
|
|||||||
)
|
)
|
||||||
|
|
||||||
ENABLED_WC_KYBER=no
|
ENABLED_WC_KYBER=no
|
||||||
ENABLED_ML_KEM=yes
|
ENABLED_ML_KEM=unset
|
||||||
for v in `echo $ENABLED_KYBER | tr "," " "`
|
for v in `echo $ENABLED_KYBER | tr "," " "`
|
||||||
do
|
do
|
||||||
case $v in
|
case $v in
|
||||||
@ -1335,9 +1335,8 @@ do
|
|||||||
original)
|
original)
|
||||||
ENABLED_ORIGINAL=yes
|
ENABLED_ORIGINAL=yes
|
||||||
;;
|
;;
|
||||||
original-only)
|
ml-kem)
|
||||||
ENABLED_ORIGINAL=yes
|
ENABLED_ML_KEM=yes
|
||||||
ENABLED_ML_KEM=no
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
|
AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
|
||||||
@ -1366,6 +1365,12 @@ then
|
|||||||
if test "$ENABLED_KYBER1024" = ""; then
|
if test "$ENABLED_KYBER1024" = ""; then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
||||||
fi
|
fi
|
||||||
|
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||||
|
ENABLED_ML_KEM=no
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if test "$ENABLED_ML_KEM" = "unset"; then
|
||||||
|
ENABLED_ML_KEM=yes
|
||||||
fi
|
fi
|
||||||
if test "$ENABLED_ML_KEM" = "yes"; then
|
if test "$ENABLED_ML_KEM" = "yes"; then
|
||||||
if test "$ENABLED_KYBER512" = ""; then
|
if test "$ENABLED_KYBER512" = ""; then
|
||||||
|
|||||||
@ -14572,19 +14572,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
|
|||||||
case WOLFSSL_P521_ML_KEM_1024:
|
case WOLFSSL_P521_ML_KEM_1024:
|
||||||
return "P521_ML_KEM_1024";
|
return "P521_ML_KEM_1024";
|
||||||
#elif defined(WOLFSSL_WC_KYBER)
|
#elif defined(WOLFSSL_WC_KYBER)
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_512
|
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||||
case WOLFSSL_ML_KEM_512:
|
case WOLFSSL_ML_KEM_512:
|
||||||
return "ML_KEM_512";
|
return "ML_KEM_512";
|
||||||
case WOLFSSL_P256_ML_KEM_512:
|
case WOLFSSL_P256_ML_KEM_512:
|
||||||
return "P256_ML_KEM_512";
|
return "P256_ML_KEM_512";
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_768
|
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||||
case WOLFSSL_ML_KEM_768:
|
case WOLFSSL_ML_KEM_768:
|
||||||
return "ML_KEM_768";
|
return "ML_KEM_768";
|
||||||
case WOLFSSL_P384_ML_KEM_768:
|
case WOLFSSL_P384_ML_KEM_768:
|
||||||
return "P384_ML_KEM_768";
|
return "P384_ML_KEM_768";
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_1024
|
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||||
case WOLFSSL_ML_KEM_1024:
|
case WOLFSSL_ML_KEM_1024:
|
||||||
return "ML_KEM_1024";
|
return "ML_KEM_1024";
|
||||||
case WOLFSSL_P521_ML_KEM_1024:
|
case WOLFSSL_P521_ML_KEM_1024:
|
||||||
|
|||||||
24
src/tls.c
24
src/tls.c
@ -7984,17 +7984,17 @@ static int kyber_id2type(int id, int *type)
|
|||||||
|
|
||||||
switch (id) {
|
switch (id) {
|
||||||
#ifndef WOLFSSL_NO_ML_KEM
|
#ifndef WOLFSSL_NO_ML_KEM
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_512
|
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||||
case WOLFSSL_ML_KEM_512:
|
case WOLFSSL_ML_KEM_512:
|
||||||
*type = WC_ML_KEM_512;
|
*type = WC_ML_KEM_512;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_768
|
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||||
case WOLFSSL_ML_KEM_768:
|
case WOLFSSL_ML_KEM_768:
|
||||||
*type = WC_ML_KEM_768;
|
*type = WC_ML_KEM_768;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_1024
|
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||||
case WOLFSSL_ML_KEM_1024:
|
case WOLFSSL_ML_KEM_1024:
|
||||||
*type = WC_ML_KEM_1024;
|
*type = WC_ML_KEM_1024;
|
||||||
break;
|
break;
|
||||||
@ -9694,15 +9694,15 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
|
|||||||
#ifdef WOLFSSL_HAVE_KYBER
|
#ifdef WOLFSSL_HAVE_KYBER
|
||||||
#ifndef WOLFSSL_NO_ML_KEM
|
#ifndef WOLFSSL_NO_ML_KEM
|
||||||
#ifdef WOLFSSL_WC_KYBER
|
#ifdef WOLFSSL_WC_KYBER
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_512
|
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||||
case WOLFSSL_ML_KEM_512:
|
case WOLFSSL_ML_KEM_512:
|
||||||
case WOLFSSL_P256_ML_KEM_512:
|
case WOLFSSL_P256_ML_KEM_512:
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_768
|
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||||
case WOLFSSL_ML_KEM_768:
|
case WOLFSSL_ML_KEM_768:
|
||||||
case WOLFSSL_P384_ML_KEM_768:
|
case WOLFSSL_P384_ML_KEM_768:
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_1024
|
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||||
case WOLFSSL_ML_KEM_1024:
|
case WOLFSSL_ML_KEM_1024:
|
||||||
case WOLFSSL_P521_ML_KEM_1024:
|
case WOLFSSL_P521_ML_KEM_1024:
|
||||||
#endif
|
#endif
|
||||||
@ -9816,15 +9816,15 @@ static const word16 preferredGroup[] = {
|
|||||||
#endif
|
#endif
|
||||||
#ifndef WOLFSSL_NO_ML_KEM
|
#ifndef WOLFSSL_NO_ML_KEM
|
||||||
#ifdef WOLFSSL_WC_KYBER
|
#ifdef WOLFSSL_WC_KYBER
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_512
|
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||||
WOLFSSL_ML_KEM_512,
|
WOLFSSL_ML_KEM_512,
|
||||||
WOLFSSL_P256_ML_KEM_512,
|
WOLFSSL_P256_ML_KEM_512,
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_768
|
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||||
WOLFSSL_ML_KEM_768,
|
WOLFSSL_ML_KEM_768,
|
||||||
WOLFSSL_P384_ML_KEM_768,
|
WOLFSSL_P384_ML_KEM_768,
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_1024
|
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||||
WOLFSSL_ML_KEM_1024,
|
WOLFSSL_ML_KEM_1024,
|
||||||
WOLFSSL_P521_ML_KEM_1024,
|
WOLFSSL_P521_ML_KEM_1024,
|
||||||
#endif
|
#endif
|
||||||
@ -13484,7 +13484,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
|
|||||||
#ifdef WOLFSSL_HAVE_KYBER
|
#ifdef WOLFSSL_HAVE_KYBER
|
||||||
#ifndef WOLFSSL_NO_ML_KEM
|
#ifndef WOLFSSL_NO_ML_KEM
|
||||||
#ifdef WOLFSSL_WC_KYBER
|
#ifdef WOLFSSL_WC_KYBER
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_512
|
#ifndef WOLFSSL_NO_ML_KEM_512
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
if (ret == WOLFSSL_SUCCESS)
|
||||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
|
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
|
||||||
ssl->heap);
|
ssl->heap);
|
||||||
@ -13492,7 +13492,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
|
|||||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
|
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
|
||||||
ssl->heap);
|
ssl->heap);
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_768
|
#ifndef WOLFSSL_NO_ML_KEM_768
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
if (ret == WOLFSSL_SUCCESS)
|
||||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
|
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
|
||||||
ssl->heap);
|
ssl->heap);
|
||||||
@ -13500,7 +13500,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
|
|||||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
|
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
|
||||||
ssl->heap);
|
ssl->heap);
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_WC_ML_KEM_1024
|
#ifndef WOLFSSL_NO_ML_KEM_1024
|
||||||
if (ret == WOLFSSL_SUCCESS)
|
if (ret == WOLFSSL_SUCCESS)
|
||||||
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
|
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
|
||||||
ssl->heap);
|
ssl->heap);
|
||||||
|
|||||||
@ -95512,7 +95512,11 @@ static int test_dtls13_frag_ch_pq(void)
|
|||||||
const char *test_str = "test";
|
const char *test_str = "test";
|
||||||
int test_str_size;
|
int test_str_size;
|
||||||
byte buf[255];
|
byte buf[255];
|
||||||
|
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||||
int group = WOLFSSL_KYBER_LEVEL5;
|
int group = WOLFSSL_KYBER_LEVEL5;
|
||||||
|
#else
|
||||||
|
int group = WOLFSSL_ML_KEM_1024;
|
||||||
|
#endif
|
||||||
|
|
||||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||||
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||||
@ -95522,8 +95526,13 @@ static int test_dtls13_frag_ch_pq(void)
|
|||||||
ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
|
ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
|
||||||
ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
|
ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
|
||||||
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||||
|
#ifdef WOLFSSL_KYBER_ORIGINAL
|
||||||
ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
|
ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
|
||||||
ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
|
ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
|
||||||
|
#else
|
||||||
|
ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024");
|
||||||
|
ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024");
|
||||||
|
#endif
|
||||||
test_str_size = XSTRLEN("test") + 1;
|
test_str_size = XSTRLEN("test") + 1;
|
||||||
ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
|
ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
|
||||||
ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
|
ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
|
||||||
|
|||||||
Reference in New Issue
Block a user