Skip to content

Commit 3ed052d

Browse files
FrauschiFrauschi
committed
Remove liboqs for ML-KEM and ML-DSA, update for Falcon
1 parent 31278ee commit 3ed052d

86 files changed

Lines changed: 1357 additions & 2973 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

CMakeLists.txt

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -625,20 +625,23 @@ add_option(WOLFSSL_OQS
625625
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
626626
"no" "yes;no")
627627

628+
# Falcon (provided via liboqs)
629+
add_option(WOLFSSL_FALCON
630+
"Enable Falcon post-quantum signatures via liboqs (default: disabled)"
631+
"no" "yes;no")
632+
628633
# ML-KEM/Kyber
629634
add_option(WOLFSSL_MLKEM
630635
"Enable the wolfSSL PQ ML-KEM library (default: disabled)"
631636
"yes" "yes;no")
632637

633638
if (WOLFSSL_MLKEM)
634639
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM")
635-
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_MLKEM")
636640
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3")
637641
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128")
638642
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256")
639643

640644
set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT)
641-
set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT)
642645
set_wolfssl_definitions("WOLFSSL_SHA3" RESULT)
643646
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT)
644647
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT)
@@ -677,13 +680,11 @@ add_option(WOLFSSL_DILITHIUM
677680

678681
if (WOLFSSL_DILITHIUM)
679682
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM")
680-
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_DILITHIUM")
681683
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3")
682684
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128")
683685
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256")
684686

685687
set_wolfssl_definitions("HAVE_DILITHIUM" RESULT)
686-
set_wolfssl_definitions("WOLFSSL_WC_DILITHIUM" RESULT)
687688
set_wolfssl_definitions("WOLFSSL_SHA3" RESULT)
688689
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT)
689690
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT)
@@ -733,6 +734,15 @@ if (WOLFSSL_EXPERIMENTAL)
733734

734735
set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT)
735736

737+
# Cross-validate WOLFSSL_OQS and WOLFSSL_FALCON: liboqs is only linked
738+
# when a liboqs-backed algorithm (Falcon) is actually enabled.
739+
if (WOLFSSL_FALCON AND NOT WOLFSSL_OQS)
740+
message(FATAL_ERROR "WOLFSSL_FALCON requires WOLFSSL_OQS.")
741+
endif()
742+
if (WOLFSSL_OQS AND NOT WOLFSSL_FALCON)
743+
message(FATAL_ERROR "WOLFSSL_OQS requires WOLFSSL_FALCON.")
744+
endif()
745+
736746
# Checking for experimental feature: OQS
737747
message(STATUS "Looking for WOLFSSL_OQS")
738748
if (WOLFSSL_OQS)
@@ -749,6 +759,7 @@ if (WOLFSSL_EXPERIMENTAL)
749759
set_wolfssl_definitions("HAVE_LIBOQS" RESULT)
750760
set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESULT)
751761
set_wolfssl_definitions("OPENSSL_EXTRA" RESULT)
762+
set_wolfssl_definitions("HAVE_FALCON" RESULT)
752763

753764
else()
754765
message(STATUS "Checking OQS - not found")
@@ -777,19 +788,15 @@ if (WOLFSSL_EXPERIMENTAL)
777788
message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
778789
endif()
779790

780-
# Sanity checks
781-
if(WOLFSSL_OQS AND WOLFSSL_MLKEM)
782-
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.")
783-
endif()
784-
if(WOLFSSL_OQS AND WOLFSSL_DILITHIUM)
785-
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_DILITHIUM at the same time.")
786-
endif()
787791
else()
788792
# Experimental mode not enabled, but were any experimental features enabled? Error out if so:
789793
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
790794
if (WOLFSSL_OQS)
791795
message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
792796
endif()
797+
if (WOLFSSL_FALCON)
798+
message(FATAL_ERROR "Error: WOLFSSL_FALCON requires WOLFSSL_EXPERIMENTAL at this time.")
799+
endif()
793800
endif()
794801

795802
# LMS

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
203203
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
204204
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
205205
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
206-
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
207206
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
208207
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
209208
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,6 @@
215215
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
216216
/* Kyber typically needs a minimum 10K stack */
217217
#define WOLFSSL_HAVE_MLKEM
218-
#define WOLFSSL_WC_MLKEM
219218
#define WOLFSSL_SHAKE128
220219
#define WOLFSSL_SHAKE256
221220

@@ -234,7 +233,7 @@
234233
#define WOLFSSL_NO_ML_KEM_768
235234
#define NO_SESSION_CACHE
236235
#else
237-
/* Only needed for older wolfssl versions, see mlkem.h */
236+
/* Only needed for older wolfssl versions, see wc_mlkem.h */
238237
#define WOLFSSL_KYBER1024
239238
/* optional alternative sizes: */
240239
/* #define WOLFSSL_KYBER768 */

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
203203
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
204204
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
205205
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
206-
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
207206
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
208207
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
209208
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,6 @@
215215
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
216216
/* Kyber typically needs a minimum 10K stack */
217217
#define WOLFSSL_HAVE_MLKEM
218-
#define WOLFSSL_WC_MLKEM
219218
#define WOLFSSL_SHAKE128
220219
#define WOLFSSL_SHAKE256
221220

@@ -234,7 +233,7 @@
234233
#define WOLFSSL_NO_ML_KEM_768
235234
#define NO_SESSION_CACHE
236235
#else
237-
/* Only needed for older wolfssl versions, see mlkem.h */
236+
/* Only needed for older wolfssl versions, see wc_mlkem.h */
238237
#define WOLFSSL_KYBER1024
239238
/* optional alternative sizes: */
240239
/* #define WOLFSSL_KYBER768 */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
203203
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
204204
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
205205
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
206-
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
207206
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
208207
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
209208
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,6 @@
215215
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
216216
/* Kyber typically needs a minimum 10K stack */
217217
#define WOLFSSL_HAVE_MLKEM
218-
#define WOLFSSL_WC_MLKEM
219218
#define WOLFSSL_SHAKE128
220219
#define WOLFSSL_SHAKE256
221220

@@ -234,7 +233,7 @@
234233
#define WOLFSSL_NO_ML_KEM_768
235234
#define NO_SESSION_CACHE
236235
#else
237-
/* Only needed for older wolfssl versions, see mlkem.h */
236+
/* Only needed for older wolfssl versions, see wc_mlkem.h */
238237
#define WOLFSSL_KYBER1024
239238
/* optional alternative sizes: */
240239
/* #define WOLFSSL_KYBER768 */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,7 @@
4141
#undef USE_WOLFSSL_ESP_SDK_WIFI
4242
#include <wolfssl/ssl.h>
4343

44-
#if defined(WOLFSSL_WC_MLKEM)
45-
#include <wolfssl/wolfcrypt/mlkem.h>
44+
#if defined(WOLFSSL_HAVE_MLKEM)
4645
#include <wolfssl/wolfcrypt/wc_mlkem.h>
4746
#endif
4847
#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
203203
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
204204
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
205205
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
206-
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
207206
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
208207
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
209208
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o

IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,6 @@
215215
#ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM
216216
/* Kyber typically needs a minimum 10K stack */
217217
#define WOLFSSL_HAVE_MLKEM
218-
#define WOLFSSL_WC_MLKEM
219218
#define WOLFSSL_SHAKE128
220219
#define WOLFSSL_SHAKE256
221220

@@ -234,7 +233,7 @@
234233
#define WOLFSSL_NO_ML_KEM_768
235234
#define NO_SESSION_CACHE
236235
#else
237-
/* Only needed for older wolfssl versions, see mlkem.h */
236+
/* Only needed for older wolfssl versions, see wc_mlkem.h */
238237
#define WOLFSSL_KYBER1024
239238
/* optional alternative sizes: */
240239
/* #define WOLFSSL_KYBER768 */

0 commit comments

Comments
 (0)