wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adjust Espressif Examples for Post Quantum ML-KEM

Browse Source
This commit is contained in:
gojimmypi
2025-06-02 15:11:53 -07:00
parent ecb8cb744e
commit a9db6d08f7
15 changed files with 421 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.wolfssl_known_macro_extras
View File

@ -87,6 +87,7 @@ CONFIG_ESP_TLS_USING_WOLFSSL
CONFIG_ESP_WIFI_PASSWORD
CONFIG_ESP_WIFI_SSID
CONFIG_ESP_WOLFSSL_ENABLE_KYBER
CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
CONFIG_ESP_WOLFSSL_NO_HW_AES
@ -674,6 +675,7 @@ WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
WOLFSSL_EMNET
WOLFSSL_ESPWROOM32
WOLFSSL_EVP_PRINT
WOLFSSL_EXPERIMENTAL_SETTINGS
WOLFSSL_EXPORT_INT
WOLFSSL_EXPORT_SPC_SZ
WOLFSSL_EXTRA
@ -690,6 +692,7 @@ WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
WOLFSSL_HAVE_MLKEM
WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
WOLFSSL_I2D_ECDSA_SIG_ALLOC
WOLFSSL_IAR_ARM_TIME
@ -702,6 +705,9 @@ WOLFSSL_IMXRT_DCP
WOLFSSL_ISOTP
WOLFSSL_KEIL
WOLFSSL_KEIL_NET
WOLFSSL_KYBER1024
WOLFSSL_KYBER512
WOLFSSL_KYBER768
WOLFSSL_KYBER_NO_DECAPSULATE
WOLFSSL_KYBER_NO_ENCAPSULATE
WOLFSSL_KYBER_NO_MAKE_KEY
@ -754,6 +760,9 @@ WOLFSSL_NO_KCAPI_HMAC_SHA256
WOLFSSL_NO_KCAPI_HMAC_SHA384
WOLFSSL_NO_KCAPI_HMAC_SHA512
WOLFSSL_NO_KCAPI_SHA224
WOLFSSL_NO_ML_KEM_1024
WOLFSSL_NO_ML_KEM_512
WOLFSSL_NO_ML_KEM_768
WOLFSSL_NO_OCSP_DATE_CHECK
WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
WOLFSSL_NO_OCSP_OPTIONAL_CERTS
@ -816,6 +825,8 @@ WOLFSSL_SERVER_EXAMPLE
WOLFSSL_SETTINGS_FILE
WOLFSSL_SH224
WOLFSSL_SHA256_ALT_CH_MAJ
WOLFSSL_SHAKE128
WOLFSSL_SHAKE256
WOLFSSL_SHUTDOWNONCE
WOLFSSL_SILABS_TRNG
WOLFSSL_SM4_EBC
@ -857,6 +868,7 @@ WOLFSSL_USE_FLASHMEM
WOLFSSL_USE_OPTIONS_H
WOLFSSL_USE_POPEN_HOST
WOLFSSL_VALIDATE_DH_KEYGEN
WOLFSSL_WC_MLKEM
WOLFSSL_WC_XMSS_NO_SHA256
WOLFSSL_WC_XMSS_NO_SHAKE256
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME

22
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig
View File

@ -401,24 +401,25 @@ menu "wolfSSL"
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
menu "wolfSSL Post Quantum Kyber KEM PQ"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
config ESP_WOLFSSL_ENABLE_MLKEM
bool "Enable ML-KEM (Kyber Post Quantum)"
default n
help
Enables experimental settings for wolfSSL. See documentation.
bool "Enable wolfSSL ML-KEM"
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
config WOLFSSL_ENABLE_KYBER
bool "Enable Kyber (Round 3)"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
Enable old compatibility with Kyber Round 3 (enables experimental settings)
endmenu # wolfSSL Experimental Options
endmenu # wolfSSL Post Quantum Kyber KEM PQ
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
@ -435,6 +436,11 @@ menu "wolfSSL"
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------

54
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -532,7 +554,7 @@
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
@ -560,8 +582,6 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -936,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1027,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1049,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

22
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig
View File

@ -401,24 +401,25 @@ menu "wolfSSL"
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
menu "wolfSSL Post Quantum Kyber KEM PQ"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
config ESP_WOLFSSL_ENABLE_MLKEM
bool "Enable ML-KEM (Kyber Post Quantum)"
default n
help
Enables experimental settings for wolfSSL. See documentation.
bool "Enable wolfSSL ML-KEM"
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
config WOLFSSL_ENABLE_KYBER
bool "Enable Kyber (Round 3)"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
Enable old compatibility with Kyber Round 3 (enables experimental settings)
endmenu # wolfSSL Experimental Options
endmenu # wolfSSL Post Quantum Kyber KEM PQ
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
@ -435,6 +436,11 @@ menu "wolfSSL"
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------

54
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -532,7 +554,7 @@
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
@ -560,8 +582,6 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -936,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1027,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1049,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

22
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig
View File

@ -401,24 +401,25 @@ menu "wolfSSL"
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
menu "wolfSSL Post Quantum Kyber KEM PQ"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
config ESP_WOLFSSL_ENABLE_MLKEM
bool "Enable ML-KEM (Kyber Post Quantum)"
default n
help
Enables experimental settings for wolfSSL. See documentation.
bool "Enable wolfSSL ML-KEM"
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
config WOLFSSL_ENABLE_KYBER
bool "Enable Kyber (Round 3)"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
Enable old compatibility with Kyber Round 3 (enables experimental settings)
endmenu # wolfSSL Experimental Options
endmenu # wolfSSL Post Quantum Kyber KEM PQ
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
@ -435,6 +436,11 @@ menu "wolfSSL"
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------

54
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
View File

@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -532,7 +554,7 @@
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
@ -560,8 +582,6 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -936,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1027,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1049,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

47
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@ -397,20 +397,47 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
&this_heap, this_heap);
#endif
#if defined(CONFIG_ESP_WOLFSSL_ENABLE_MLKEM)
/* Kconfig ESP_WOLFSSL_ENABLE_MLKEM triggers settings in user_setting.h */
ESP_LOGI(TAG, "Espressif CONFIG_ESP_WOLFSSL_ENABLE_MLKEM is defined");
#endif
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_KYBER1024)
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL5");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
#elif defined(WOLFSSL_KYBER768)
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_MLKEM_KYBER is defined");
#if defined(WOLFSSL_KYBER1024) || !defined(WOLFSSL_NO_ML_KEM_1024)
#if defined(WOLFSSL_MLKEM_KYBER)
ESP_LOGW(TAG, "WOLFSSL_MLKEM_KYBER is enabled, setting key share: "
"WOLFSSL_P521_KYBER_LEVEL5");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_ML_KEM_1024");
ESP_LOGW(TAG, "Note: Wireshark as of 4.4.6 reports as frodo976aes");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_1024);
#endif
#elif defined(WOLFSSL_KYBER768) || !defined(WOLFSSL_NO_ML_KEM_768)
#if defined(WOLFSSL_MLKEM_KYBER)
ESP_LOGW(TAG, "WOLFSSL_MLKEM_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL3");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
#elif defined(WOLFSSL_KYBER512)
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_ML_KEM_768");
ESP_LOGW(TAG, "Note: Wireshark as of 4.4.6 reports as frodo976aes");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_768);
#endif
#elif defined(WOLFSSL_KYBER512) || !defined(WOLFSSL_NO_ML_KEM_512)
/* This will typically be a low memory situation, such as ESP8266 */
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
#if defined(WOLFSSL_MLKEM_KYBER)
ESP_LOGW(TAG, "WOLFSSL_MLKEM_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL1");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_ML_KEM_512");
ESP_LOGW(TAG, "Note: Wireshark as of 4.4.6 reports as frodo976aes");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512);
#endif
#else
ESP_LOGW(TAG, "WOLFSSL_HAVE_MLKEM enabled but no key size available.");
ret_i = ESP_FAIL;

22
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig
View File

@ -401,24 +401,25 @@ menu "wolfSSL"
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
menu "wolfSSL Post Quantum Kyber KEM PQ"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
config ESP_WOLFSSL_ENABLE_MLKEM
bool "Enable ML-KEM (Kyber Post Quantum)"
default n
help
Enables experimental settings for wolfSSL. See documentation.
bool "Enable wolfSSL ML-KEM"
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
config WOLFSSL_ENABLE_KYBER
bool "Enable Kyber (Round 3)"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
Enable old compatibility with Kyber Round 3 (enables experimental settings)
endmenu # wolfSSL Experimental Options
endmenu # wolfSSL Post Quantum Kyber KEM PQ
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
@ -435,6 +436,11 @@ menu "wolfSSL"
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------

54
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
View File

@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -532,7 +554,7 @@
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
@ -560,8 +582,6 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -936,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1027,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1049,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

41
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
View File

@ -130,6 +130,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
int connd;
int shutdown = 0;
int ret;
int ret_i; /* interim return values */
socklen_t size = sizeof(clientAddr);
size_t len;
#if 0
@ -329,20 +330,40 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
if ((ssl = wolfSSL_new(ctx)) == NULL) {
ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
}
#if defined(WOLFSSL_HAVE_MLKEM)
else {
/* If success creating CTX and Kyber enabled, set key share: */
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
if (ret == SSL_SUCCESS) {
ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
}
else {
ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
}
#ifdef DEBUG_WOLFSSL
ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
ShowCiphers(ssl);
this_heap = esp_get_free_heap_size();
ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
&this_heap, this_heap);
#endif
#if defined(WOLFSSL_HAVE_MLKEM)
/* Client sets the keyshare; we at the server only need to enable it. */
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled");
ret_i = WOLFSSL_SUCCESS;
#if defined(WOLFSSL_KYBER1024)
ESP_LOGI(TAG, "WOLFSSL_KYBER1024 is enabled");
#elif defined(WOLFSSL_KYBER768)
ESP_LOGI(TAG, "WOLFSSL_KYBER768 is enabled");
#elif defined(WOLFSSL_KYBER512)
ESP_LOGI(TAG, "WOLFSSL_KYBER512 is enabled");
#else
ESP_LOGW(TAG, "WOLFSSL_HAVE_MLKEM enabled but no key size available.");
ret_i = ESP_FAIL;
#endif
if (ret_i == WOLFSSL_SUCCESS) {
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM success");
}
else {
ESP_LOGE(TAG, "WOLFSSL_HAVE_MLKEM failed");
}
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled, not using PQ.");
#endif
}
/* show what cipher connected for this WOLFSSL* object */
ShowCiphers(ssl);
@ -353,6 +374,8 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
ret = wolfSSL_accept(ssl);
if (ret == SSL_SUCCESS) {
ShowCiphers(ssl);
const char* curve = wolfSSL_get_curve_name(ssl);
ESP_LOGI(TAG, "Server negotiated key share group: %s", curve);
}
else {
ESP_LOGE(TAG, "wolfSSL_accept error %d",

22
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig
View File

@ -401,24 +401,25 @@ menu "wolfSSL"
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
menu "wolfSSL Post Quantum Kyber KEM PQ"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
config ESP_WOLFSSL_ENABLE_MLKEM
bool "Enable ML-KEM (Kyber Post Quantum)"
default n
help
Enables experimental settings for wolfSSL. See documentation.
bool "Enable wolfSSL ML-KEM"
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
config WOLFSSL_ENABLE_KYBER
bool "Enable Kyber (Round 3)"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
Enable old compatibility with Kyber Round 3 (enables experimental settings)
endmenu # wolfSSL Experimental Options
endmenu # wolfSSL Post Quantum Kyber KEM PQ
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
@ -435,6 +436,11 @@ menu "wolfSSL"
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------

53
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
View File

@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -532,7 +554,7 @@
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
@ -560,6 +582,7 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -933,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1024,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1046,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

63
examples/configs/user_settings_espressif.h
View File

@ -110,7 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#define HAVE_HKDF
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@ -209,18 +209,40 @@
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Optional MLKEM (Kyber Post Quantum) */
/* ./configure --enable-mlkem */
/* See Kconfig / menuconfig ESP_WOLFSSL_ENABLE_MLKEM */
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
/* Old code points to keep compatibility with Kyber Round 3. */
/* ./configure --enable-kyber=all --enable-experimental */
#if defined(CONFIG_WOLFSSL_ENABLE_KYBER)
#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#endif
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define WOLFSSL_NO_ML_KEM_1024
#define WOLFSSL_NO_ML_KEM_768
#define NO_SESSION_CACHE
#else
/* Only needed for older wolfssl versions, see mlkem.h */
#define WOLFSSL_KYBER1024
/* optional alternative sizes: */
/* #define WOLFSSL_KYBER768 */
/* #define WOLFSSL_KYBER512 */
/* -- or disable a specific one: */
/* #define WOLFSSL_NO_ML_KEM_1024 */
/* #define WOLFSSL_NO_ML_KEM_768 */
/* #define WOLFSSL_NO_ML_KEM_512 */
#endif
#endif
@ -560,8 +582,6 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@ -784,6 +804,15 @@
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32P4)
#define WOLFSSL_ESP32
/* wolfSSL Hardware Acceleration not yet implemented */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP32P4 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8266)
#define WOLFSSL_ESP8266
@ -927,6 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See github.com/wolfSSL/wolfsm */
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
@ -1018,9 +1049,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -1040,9 +1076,14 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

4
wolfcrypt/src/wc_mlkem.c
View File

@ -674,8 +674,8 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
sword16 y[3 * WC_ML_KEM_MAX_K * MLKEM_N];
#endif
#endif
sword16* u;
sword16* v;
sword16* u = 0;
sword16* v = 0;
/* Establish parameters based on key type. */
switch (key->type) {