diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml index 3b724a30ba8..cabd5f367c4 100644 --- a/.github/workflows/pq-all.yml +++ b/.github/workflows/pq-all.yml @@ -27,6 +27,9 @@ jobs: '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"', '--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', '--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', ] name: make check if: github.repository_owner == 'wolfssl' diff --git a/examples/client/client.c b/examples/client/client.c index 112d2aee219..c3f8d67d535 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -557,6 +557,18 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, else { err_sys("unable to use post-quantum KEM"); } + + #ifdef WOLFSSL_DTLS13 + if (wolfSSL_dtls(ssl)) { + /* When the KeyShare is too large for an unfragmented + * ClientHello, DTLS sends an empty KeyShare extension to + * use the Hello Retry Request to enable fragmentation. + * In order to enforce our desired PQC algorithm in the + * second ClientHello, we need to set it as the only one + * allowed in the SupportedGroups extension. */ + setGroups = 1; + } + #endif /* WOLFSSL_DTLS13 */ } } #endif @@ -2299,8 +2311,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef WOLFSSL_STATIC_MEMORY - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ - || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) /* big enough to handle most cases including session certs */ byte memory[320000]; #else diff --git a/examples/server/server.c b/examples/server/server.c index 07e480eb558..e642b695092 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1763,8 +1763,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) /* Note: Actual memory used is much less, this is the entire buffer buckets, * which is partitioned into pools of common sizes. To adjust the buckets * sizes see WOLFMEM_BUCKETS in memory.h */ - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ - || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) /* big enough to handle most cases including session certs */ #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ diff --git a/src/internal.c b/src/internal.c index 7897a294bfa..652b9895caf 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2251,6 +2251,26 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) WOLFSSL_MSG("DTLS Cookie Secret error"); return ret; } + #if defined(WOLFSSL_DTLS13) + if (IsAtLeastTLSv1_3(ssl->version)) { + #if defined(WOLFSSL_SEND_HRR_COOKIE) + ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 Cookie secret error"); + return ret; + } + #endif /* WOLFSSL_SEND_HRR_COOKIE */ + #if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) + /* Allow fragmentation of the second ClientHello due to the + * large PQC key share. */ + ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 CH frag error"); + return ret; + } + #endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */ + } + #endif /* WOLFSSL_DTLS13 */ } #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ @@ -8006,15 +8026,26 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) WOLFSSL_MSG("DTLS Cookie Secret error"); return ret; } -#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) + #if defined(WOLFSSL_DTLS13) if (IsAtLeastTLSv1_3(ssl->version)) { + #if defined(WOLFSSL_SEND_HRR_COOKIE) ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("DTLS1.3 Cookie secret error"); return ret; } + #endif /* WOLFSSL_SEND_HRR_COOKIE */ + #if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) + /* Allow fragmentation of the second ClientHello due to the + * large PQC key share. */ + ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 CH frag error"); + return ret; + } + #endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */ } -#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE */ + #endif /* WOLFSSL_DTLS13 */ } #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ diff --git a/src/tls.c b/src/tls.c index 011c22eee6f..a4dc98e592b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -10534,6 +10534,7 @@ static int TLSX_KeyShare_HandlePqcKeyServer(WOLFSSL* ssl, keyShareEntry->ke = NULL; keyShareEntry->keLen = 0; + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->pubKey = ciphertext; keyShareEntry->pubKeyLen = ctSz; ciphertext = NULL; @@ -10770,6 +10771,7 @@ static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz); } + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->pubKey = ciphertext; keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz; ciphertext = NULL; @@ -10859,21 +10861,35 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) if (ssl->options.side == WOLFSSL_SERVER_END && WOLFSSL_NAMED_GROUP_IS_PQC(group)) { - ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len, - ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz); - if (ret != 0) - return ret; + if (TLSX_IsGroupSupported(group)) { + ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); + if (ret != 0) + return ret; + } + else { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + } } else if (ssl->options.side == WOLFSSL_SERVER_END && WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { - ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len); - if (ret != 0) - return ret; + if (TLSX_IsGroupSupported(group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len); + if (ret != 0) + return ret; + } + else { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + } } else #endif diff --git a/tests/api.c b/tests/api.c index f256c068141..573a916a678 100644 --- a/tests/api.c +++ b/tests/api.c @@ -259,7 +259,8 @@ #endif #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) #ifdef OPENSSL_EXTRA #define TEST_TLS_STATIC_MEMSZ (400000) #else @@ -32014,7 +32015,7 @@ static int test_dtls13_frag_ch_pq(void) { EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ - && defined(WOLFSSL_DTLS_CH_FRAG) && defined(HAVE_LIBOQS) + && defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_s = NULL; WOLFSSL *ssl_c = NULL; @@ -32023,10 +32024,28 @@ static int test_dtls13_frag_ch_pq(void) const char *test_str = "test"; int test_str_size; byte buf[255]; -#ifdef WOLFSSL_MLKEM_KYBER +#if defined(WOLFSSL_MLKEM_KYBER) + #if !defined(WOLFSSL_NO_KYBER1024) int group = WOLFSSL_KYBER_LEVEL5; + const char *group_name = "KYBER_LEVEL5"; + #elif !defined(WOLFSSL_NO_KYBER768) + int group = WOLFSSL_KYBER_LEVEL3; + const char *group_name = "KYBER_LEVEL3"; + #else + int group = WOLFSSL_KYBER_LEVEL1; + const char *group_name = "KYBER_LEVEL1"; + #endif #else + #if !defined(WOLFSSL_NO_ML_KEM_1024) int group = WOLFSSL_ML_KEM_1024; + const char *group_name = "ML_KEM_1024"; + #elif !defined(WOLFSSL_NO_ML_KEM_768) + int group = WOLFSSL_ML_KEM_768; + const char *group_name = "ML_KEM_768"; + #else + int group = WOLFSSL_ML_KEM_512; + const char *group_name = "ML_KEM_512"; + #endif #endif XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -32037,13 +32056,8 @@ static int test_dtls13_frag_ch_pq(void) ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); -#ifdef WOLFSSL_MLKEM_KYBER - ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5"); - ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5"); -#else - ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024"); - ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024"); -#endif + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), group_name); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), group_name); test_str_size = XSTRLEN("test") + 1; ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c index c2ab5873830..6e5b1930e5d 100644 --- a/tests/api/test_tls13.c +++ b/tests/api/test_tls13.c @@ -149,15 +149,15 @@ int test_tls13_apis(void) ":P256_KYBER_LEVEL1" #elif !defined(WOLFSSL_NO_KYBER768) ":P256_KYBER_LEVEL3" - #else + #elif !defined(WOLFSSL_NO_KYBER1024) ":P256_KYBER_LEVEL5" #endif #else - #ifndef WOLFSSL_NO_KYBER512 + #ifndef WOLFSSL_NO_ML_KEM_512 ":SecP256r1MLKEM512" - #elif !defined(WOLFSSL_NO_KYBER768) + #elif !defined(WOLFSSL_NO_ML_KEM_768) ":SecP384r1MLKEM768" - #else + #elif !defined(WOLFSSL_NO_ML_KEM_1024) ":SecP521r1MLKEM1024" #endif #endif @@ -173,15 +173,15 @@ int test_tls13_apis(void) ":KYBER_LEVEL1" #elif !defined(WOLFSSL_NO_KYBER768) ":KYBER_LEVEL3" - #else + #elif !defined(WOLFSSL_NO_KYBER1024) ":KYBER_LEVEL5" #endif #else - #ifndef WOLFSSL_NO_KYBER512 + #ifndef WOLFSSL_NO_ML_KEM_512 ":ML_KEM_512" - #elif !defined(WOLFSSL_NO_KYBER768) + #elif !defined(WOLFSSL_NO_ML_KEM_768) ":ML_KEM_768" - #else + #elif !defined(WOLFSSL_NO_ML_KEM_1024) ":ML_KEM_1024" #endif #endif diff --git a/tests/suites.c b/tests/suites.c index b0cbca6ff7b..3b461b77691 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -169,57 +169,151 @@ static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc) } #if defined(WOLFSSL_HAVE_MLKEM) + +#define MATCH_PQC(b, s, l) ((l) == sizeof(s) - 1 && \ + XSTRNCMP((b), (s), sizeof(s) - 1) == 0) + static int IsKyberLevelAvailable(const char* line) { int available = 0; - const char* find = "--pqc "; - const char* begin = strstr(line, find); - const char* end; + const char* begin = XSTRSTR(line, "--pqc"); + size_t len = 0; if (begin != NULL) { - begin += 6; - end = XSTRSTR(begin, " "); + begin += XSTRLEN("--pqc"); + while (*begin == ' ' || *begin == '\t') { + begin++; + } - #ifndef WOLFSSL_NO_ML_KEM - if ((size_t)end - (size_t)begin == 10) { + if (*begin != '\0') { + const char* end = begin; + while (*end != '\0' && *end != ' ' && *end != '\t') { + end++; + } + len = (size_t)(end - begin); + } + } + + if (begin != NULL && len > 0) { +#ifndef WOLFSSL_NO_ML_KEM #ifndef WOLFSSL_NO_ML_KEM_512 - if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) { + if (MATCH_PQC(begin, "ML_KEM_512", len)) { available = 1; } #endif #ifndef WOLFSSL_NO_ML_KEM_768 - if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) { + if (MATCH_PQC(begin, "ML_KEM_768", len)) { available = 1; } #endif - } #ifndef WOLFSSL_NO_ML_KEM_1024 - if ((size_t)end - (size_t)begin == 11) { - if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) { + if (MATCH_PQC(begin, "ML_KEM_1024", len)) { available = 1; } - } #endif - #endif - #ifdef WOLFSSL_MLKEM_KYBER - if ((size_t)end - (size_t)begin == 12) { + + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP256r1MLKEM512", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P256_ML_KEM_512_OLD", len)) { + available = 1; + } + #endif + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP384r1MLKEM768", len)) { + available = 1; + } + if (MATCH_PQC(begin, "SecP256r1MLKEM768", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P384_ML_KEM_768_OLD", len)) { + available = 1; + } + #endif + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519MLKEM768", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP521r1MLKEM1024", len)) { + available = 1; + } + if (MATCH_PQC(begin, "SecP384r1MLKEM1024", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P521_ML_KEM_1024_OLD", len)) { + available = 1; + } + #endif + #endif + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519MLKEM512", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + if (MATCH_PQC(begin, "X448MLKEM768", len)) { + available = 1; + } + #endif +#endif /* !WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_MLKEM_KYBER #ifndef WOLFSSL_NO_KYBER512 - if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL1", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P256_KYBER_LEVEL1", len)) { available = 1; } #endif + #endif #ifndef WOLFSSL_NO_KYBER768 - if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL3", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P384_KYBER_LEVEL3", len)) { available = 1; } + if (MATCH_PQC(begin, "P256_KYBER_LEVEL3", len)) { + available = 1; + } + #endif #endif #ifndef WOLFSSL_NO_KYBER1024 - if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL5", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P521_KYBER_LEVEL5", len)) { available = 1; } #endif - } - #endif + #endif + #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519_KYBER_LEVEL1", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519_KYBER_LEVEL3", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448) + if (MATCH_PQC(begin, "X448_KYBER_LEVEL3", len)) { + available = 1; + } + #endif +#endif /* WOLFSSL_MLKEM_KYBER */ } #if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \ @@ -910,7 +1004,7 @@ int SuiteTest(int argc, char** argv) char* myArgv[3]; #ifdef WOLFSSL_STATIC_MEMORY - byte memory[200000]; + byte memory[320000]; #endif printf(" Begin Cipher Suite Tests\n"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 74c65432dec..e40ded4e7d8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1742,7 +1742,7 @@ enum Misc { ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ #endif MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */ - MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ + MAX_CURVE_NAME_SZ = 20, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ RSA_PSS_RSAE_SHA256_MINOR = 0x04, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e5df24edf63..631f7632486 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4750,16 +4750,15 @@ enum { WOLFSSL_P256_KYBER_LEVEL3 = 25498, #endif /* WOLFSSL_MLKEM_KYBER */ #ifndef WOLFSSL_NO_ML_KEM - /* Taken from draft-connolly-tls-mlkem-key-agreement, see: - * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/ + /* Taken from draft-ietf-tls-mlkem, see: + * https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/ */ WOLFSSL_ML_KEM_512 = 512, WOLFSSL_ML_KEM_768 = 513, WOLFSSL_ML_KEM_1024 = 514, - /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see: - * https://github.com/post-quantum-cryptography/ - * draft-kwiatkowski-tls-ecdhe-mlkem/ + /* Taken from draft-ietf-tls-ecdhe-mlkem. see: + * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ */ WOLFSSL_SECP256R1MLKEM768 = 4587, WOLFSSL_X25519MLKEM768 = 4588, diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 268a233f0af..1ea303a4e11 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -175,15 +175,25 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #define WOLFMEM_BUCKETS 64,128,256,512,1024,8192,32768,\ 65536,LARGEST_MEM_BUCKET #endif + #elif defined(WOLFSSL_HAVE_MLKEM) + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,4096,8192,\ + LARGEST_MEM_BUCKET #else /* default size of chunks of memory to separate into */ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET #endif #elif defined(OPENSSL_EXTRA) - /* extra storage in structs for multiple attributes and order */ - #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ - LARGEST_MEM_BUCKET + #ifdef WOLFSSL_HAVE_MLKEM + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,4096,8192,\ + LARGEST_MEM_BUCKET + #else + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ + LARGEST_MEM_BUCKET + #endif #elif defined(WOLFSSL_CERT_EXT) #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET @@ -203,6 +213,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #else #define WOLFMEM_DIST 30,10,8,15,8,10,8,5,1 #endif + #elif defined(WOLFSSL_HAVE_MLKEM) + #define WOLFMEM_DIST 49,10,6,14,5,6,14,1,1 #elif !defined(WOLFSSL_STATIC_MEMORY_SMALL) #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 #else diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 66ed85d6ee6..be31fa63abb 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4549,10 +4549,10 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC #endif -#if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \ - !defined(WOLFSSL_DTLS_CH_FRAG) -#warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \ - "fail.Use --enable-dtls-frag-ch to enable it." +#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_MLKEM) && \ + defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS_CH_FRAG) +#define WOLFSSL_DTLS_CH_FRAG +#warning "WOLFSSL_DTLS_CH_FRAG is enabled to support PQC in DTLS 1.3" #endif #if !defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS_CH_FRAG) #error "WOLFSSL_DTLS_CH_FRAG only works with DTLS 1.3"