@@ -648,121 +648,178 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
648648 } while (ret == WC_PENDING_E );
649649 #endif
650650 }
651- #if defined(HAVE_PQC ) && defined( WOLFSSL_MLKEM_KYBER )
651+ #if defined(HAVE_PQC )
652652 if (onlyKeyShare == 0 || onlyKeyShare == 3 ) {
653653 if (usePqc ) {
654654 int group = 0 ;
655655
656- if (XSTRNCMP (pqcAlg , "KYBER_LEVEL1" , XSTRLEN ("KYBER_LEVEL1" )) == 0 ) {
657- group = WOLFSSL_KYBER_LEVEL1 ;
658- }
659- else if (XSTRNCMP (pqcAlg , "KYBER_LEVEL3" ,
660- XSTRLEN ("KYBER_LEVEL3" )) == 0 ) {
661- group = WOLFSSL_KYBER_LEVEL3 ;
662- }
663- else if (XSTRNCMP (pqcAlg , "KYBER_LEVEL5" ,
664- XSTRLEN ("KYBER_LEVEL5" )) == 0 ) {
665- group = WOLFSSL_KYBER_LEVEL5 ;
666- }
667- else if (XSTRNCMP (pqcAlg , "NTRU_HPS_LEVEL1" ,
668- XSTRLEN ("NTRU_HPS_LEVEL1" )) == 0 ) {
669- group = WOLFSSL_NTRU_HPS_LEVEL1 ;
670- }
671- else if (XSTRNCMP (pqcAlg , "NTRU_HPS_LEVEL3" ,
672- XSTRLEN ("NTRU_HPS_LEVEL3" )) == 0 ) {
673- group = WOLFSSL_NTRU_HPS_LEVEL3 ;
674- }
675- else if (XSTRNCMP (pqcAlg , "NTRU_HPS_LEVEL5" ,
676- XSTRLEN ("NTRU_HPS_LEVEL5" )) == 0 ) {
677- group = WOLFSSL_NTRU_HPS_LEVEL5 ;
656+ #ifndef WOLFSSL_NO_ML_KEM
657+ #if !defined(WOLFSSL_NO_ML_KEM_512 ) && \
658+ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE )
659+ if (XSTRCMP (pqcAlg , "ML_KEM_512" ) == 0 ) {
660+ group = WOLFSSL_ML_KEM_512 ;
678661 }
679- else if (XSTRNCMP (pqcAlg , "NTRU_HRSS_LEVEL3" ,
680- XSTRLEN ("NTRU_HRSS_LEVEL3" )) == 0 ) {
681- group = WOLFSSL_NTRU_HRSS_LEVEL3 ;
682- }
683- else if (XSTRNCMP (pqcAlg , "SABER_LEVEL1" ,
684- XSTRLEN ("SABER_LEVEL1" )) == 0 ) {
685- group = WOLFSSL_SABER_LEVEL1 ;
662+ else
663+ #endif
664+ #if !defined(WOLFSSL_NO_ML_KEM_768 ) && \
665+ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE )
666+ if (XSTRCMP (pqcAlg , "ML_KEM_768" ) == 0 ) {
667+ group = WOLFSSL_ML_KEM_768 ;
686668 }
687- else if (XSTRNCMP (pqcAlg , "SABER_LEVEL3" ,
688- XSTRLEN ("SABER_LEVEL3" )) == 0 ) {
689- group = WOLFSSL_SABER_LEVEL3 ;
669+ else
670+ #endif
671+ #if !defined(WOLFSSL_NO_ML_KEM_1024 ) && \
672+ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE )
673+ if (XSTRCMP (pqcAlg , "ML_KEM_1024" ) == 0 ) {
674+ group = WOLFSSL_ML_KEM_1024 ;
690675 }
691- else if (XSTRNCMP (pqcAlg , "SABER_LEVEL5" ,
692- XSTRLEN ("SABER_LEVEL5" )) == 0 ) {
693- group = WOLFSSL_SABER_LEVEL5 ;
676+ else
677+ #endif
678+ #if !defined(WOLFSSL_NO_ML_KEM_512 ) && \
679+ defined(WOLFSSL_EXTRA_PQC_HYBRIDS )
680+ if (XSTRCMP (pqcAlg , "SecP256r1MLKEM512" ) == 0 ) {
681+ group = WOLFSSL_SECP256R1MLKEM512 ;
694682 }
695- else if (XSTRNCMP (pqcAlg , "KYBER_90S_LEVEL1" ,
696- XSTRLEN ("KYBER_90S_LEVEL1" )) == 0 ) {
697- group = WOLFSSL_KYBER_90S_LEVEL1 ;
683+ else
684+ #endif
685+ #ifndef WOLFSSL_NO_ML_KEM_768
686+ #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
687+ if (XSTRCMP (pqcAlg , "SecP384r1MLKEM768" ) == 0 ) {
688+ group = WOLFSSL_SECP384R1MLKEM768 ;
698689 }
699- else if (XSTRNCMP (pqcAlg , "KYBER_90S_LEVEL3" ,
700- XSTRLEN ("KYBER_90S_LEVEL3" )) == 0 ) {
701- group = WOLFSSL_KYBER_90S_LEVEL3 ;
690+ else
691+ #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
692+ #ifdef WOLFSSL_PQC_HYBRIDS
693+ if (XSTRCMP (pqcAlg , "SecP256r1MLKEM768" ) == 0 ) {
694+ group = WOLFSSL_SECP256R1MLKEM768 ;
702695 }
703- else if (XSTRNCMP (pqcAlg , "KYBER_90S_LEVEL5" ,
704- XSTRLEN ("KYBER_90S_LEVEL5" )) == 0 ) {
705- group = WOLFSSL_KYBER_90S_LEVEL5 ;
696+ else
697+ #endif /* WOLFSSL_PQC_HYBRIDS */
698+ #endif
699+ #ifndef WOLFSSL_NO_ML_KEM_1024
700+ #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS
701+ if (XSTRCMP (pqcAlg , "SecP521r1MLKEM1024" ) == 0 ) {
702+ group = WOLFSSL_SECP521R1MLKEM1024 ;
706703 }
707- else if (XSTRNCMP (pqcAlg , "P256_NTRU_HPS_LEVEL1" ,
708- XSTRLEN ("P256_NTRU_HPS_LEVEL1" )) == 0 ) {
709- group = WOLFSSL_P256_NTRU_HPS_LEVEL1 ;
704+ else
705+ #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */
706+ #ifdef WOLFSSL_PQC_HYBRIDS
707+ if (XSTRCMP (pqcAlg , "SecP384r1MLKEM1024" ) == 0 ) {
708+ group = WOLFSSL_SECP384R1MLKEM1024 ;
710709 }
711- else if (XSTRNCMP (pqcAlg , "P384_NTRU_HPS_LEVEL3" ,
712- XSTRLEN ("P384_NTRU_HPS_LEVEL3" )) == 0 ) {
713- group = WOLFSSL_P384_NTRU_HPS_LEVEL3 ;
710+ else
711+ #endif /* WOLFSSL_PQC_HYBRIDS */
712+ #endif
713+ #if !defined(WOLFSSL_NO_ML_KEM_512 ) && defined(HAVE_CURVE25519 ) && \
714+ defined(WOLFSSL_EXTRA_PQC_HYBRIDS )
715+ if (XSTRCMP (pqcAlg , "X25519MLKEM512" ) == 0 ) {
716+ group = WOLFSSL_X25519MLKEM512 ;
714717 }
715- else if (XSTRNCMP (pqcAlg , "P521_NTRU_HPS_LEVEL5" ,
716- XSTRLEN ("P521_NTRU_HPS_LEVEL5" )) == 0 ) {
717- group = WOLFSSL_P521_NTRU_HPS_LEVEL5 ;
718+ else
719+ #endif
720+ #if !defined(WOLFSSL_NO_ML_KEM_768 ) && defined(HAVE_CURVE25519 ) && \
721+ defined(WOLFSSL_PQC_HYBRIDS )
722+ if (XSTRCMP (pqcAlg , "X25519MLKEM768" ) == 0 ) {
723+ group = WOLFSSL_X25519MLKEM768 ;
718724 }
719- else if (XSTRNCMP (pqcAlg , "P384_NTRU_HRSS_LEVEL3" ,
720- XSTRLEN ("P384_NTRU_HRSS_LEVEL3" )) == 0 ) {
721- group = WOLFSSL_P384_NTRU_HRSS_LEVEL3 ;
725+ else
726+ #endif
727+ #if !defined(WOLFSSL_NO_ML_KEM_768 ) && defined(HAVE_CURVE448 ) && \
728+ defined(WOLFSSL_EXTRA_PQC_HYBRIDS )
729+ if (XSTRCMP (pqcAlg , "X448MLKEM768" ) == 0 ) {
730+ group = WOLFSSL_X448MLKEM768 ;
722731 }
723- else if (XSTRNCMP (pqcAlg , "P256_SABER_LEVEL1" ,
724- XSTRLEN ("P256_SABER_LEVEL1" )) == 0 ) {
725- group = WOLFSSL_P256_SABER_LEVEL1 ;
732+ else
733+ #endif
734+ #endif /* WOLFSSL_NO_ML_KEM */
735+ #ifdef WOLFSSL_MLKEM_KYBER
736+ #ifndef WOLFSSL_NO_KYBER512
737+ if (XSTRCMP (pqcAlg , "KYBER_LEVEL1" ) == 0 ) {
738+ group = WOLFSSL_KYBER_LEVEL1 ;
726739 }
727- else if (XSTRNCMP (pqcAlg , "P384_SABER_LEVEL3" ,
728- XSTRLEN ("P384_SABER_LEVEL3" )) == 0 ) {
729- group = WOLFSSL_P384_SABER_LEVEL3 ;
740+ else
741+ #endif
742+ #ifndef WOLFSSL_NO_KYBER768
743+ if (XSTRCMP (pqcAlg , "KYBER_LEVEL3" ) == 0 ) {
744+ group = WOLFSSL_KYBER_LEVEL3 ;
730745 }
731- else if (XSTRNCMP (pqcAlg , "P521_SABER_LEVEL5" ,
732- XSTRLEN ("P521_SABER_LEVEL5" )) == 0 ) {
733- group = WOLFSSL_P521_SABER_LEVEL5 ;
746+ else
747+ #endif
748+ #ifndef WOLFSSL_NO_KYBER1024
749+ if (XSTRCMP (pqcAlg , "KYBER_LEVEL5" ) == 0 ) {
750+ group = WOLFSSL_KYBER_LEVEL5 ;
734751 }
735- else if (XSTRNCMP (pqcAlg , "P256_KYBER_LEVEL1" ,
736- XSTRLEN ("P256_KYBER_LEVEL1" )) == 0 ) {
752+ else
753+ #endif
754+ #ifndef WOLFSSL_NO_KYBER512
755+ if (XSTRCMP (pqcAlg , "P256_KYBER_LEVEL1" ) == 0 ) {
737756 group = WOLFSSL_P256_KYBER_LEVEL1 ;
738757 }
739- else if (XSTRNCMP (pqcAlg , "P384_KYBER_LEVEL3" ,
740- XSTRLEN ("P384_KYBER_LEVEL3" )) == 0 ) {
758+ else
759+ #endif
760+ #ifndef WOLFSSL_NO_KYBER768
761+ if (XSTRCMP (pqcAlg , "P384_KYBER_LEVEL3" ) == 0 ) {
741762 group = WOLFSSL_P384_KYBER_LEVEL3 ;
742763 }
743- else if (XSTRNCMP (pqcAlg , "P521_KYBER_LEVEL5" ,
744- XSTRLEN ("P521_KYBER_LEVEL5" )) == 0 ) {
764+ else if (XSTRCMP (pqcAlg , "P256_KYBER_LEVEL3" ) == 0 ) {
765+ group = WOLFSSL_P256_KYBER_LEVEL3 ;
766+ }
767+ else
768+ #endif
769+ #ifndef WOLFSSL_NO_KYBER1024
770+ if (XSTRCMP (pqcAlg , "P521_KYBER_LEVEL5" ) == 0 ) {
745771 group = WOLFSSL_P521_KYBER_LEVEL5 ;
746772 }
747- else if (XSTRNCMP (pqcAlg , "P256_KYBER_90S_LEVEL1" ,
748- XSTRLEN ("P256_KYBER_90S_LEVEL1" )) == 0 ) {
749- group = WOLFSSL_P256_KYBER_90S_LEVEL1 ;
773+ else
774+ #endif
775+ #if !defined(WOLFSSL_NO_KYBER512 ) && defined(HAVE_CURVE25519 )
776+ if (XSTRCMP (pqcAlg , "X25519_KYBER_LEVEL1" ) == 0 ) {
777+ group = WOLFSSL_X25519_KYBER_LEVEL1 ;
750778 }
751- else if (XSTRNCMP (pqcAlg , "P384_KYBER_90S_LEVEL3" ,
752- XSTRLEN ("P384_KYBER_90S_LEVEL3" )) == 0 ) {
753- group = WOLFSSL_P384_KYBER_90S_LEVEL3 ;
779+ else
780+ #endif
781+ #if !defined(WOLFSSL_NO_KYBER768 ) && defined(HAVE_CURVE25519 )
782+ if (XSTRCMP (pqcAlg , "X25519_KYBER_LEVEL3" ) == 0 ) {
783+ group = WOLFSSL_X25519_KYBER_LEVEL3 ;
754784 }
755- else if (XSTRNCMP (pqcAlg , "P521_KYBER_90S_LEVEL5" ,
756- XSTRLEN ("P521_KYBER_90S_LEVEL5" )) == 0 ) {
757- group = WOLFSSL_P521_KYBER_90S_LEVEL5 ;
758- } else {
785+ else
786+ #endif
787+ #if !defined(WOLFSSL_NO_KYBER768 ) && defined(HAVE_CURVE448 )
788+ if (XSTRCMP (pqcAlg , "X448_KYBER_LEVEL3" ) == 0 ) {
789+ group = WOLFSSL_X448_KYBER_LEVEL3 ;
790+ }
791+ else
792+ #endif
793+ #endif /* WOLFSSL_MLKEM_KYBER */
794+ {
759795 err_sys ("invalid post-quantum KEM specified" );
760796 }
761797
762- printf ("Using Post-Quantum KEM: %s\n" , pqcAlg );
763- if (wolfSSL_UseKeyShare (ssl , group ) != WOLFSSL_SUCCESS ) {
764- err_sys ("unable to use post-quantum KEM" );
798+ do {
799+ ret = wolfSSL_UseKeyShare (ssl , group );
800+ if (ret == WOLFSSL_SUCCESS ) {
801+ printf ("Using Post-Quantum KEM: %s\n" , pqcAlg );
802+ groups [count ++ ] = group ;
803+ }
804+ #ifdef WOLFSSL_ASYNC_CRYPT
805+ else if (ret == WC_NO_ERR_TRACE (WC_PENDING_E ))
806+ wolfSSL_AsyncPoll (ssl , WOLF_POLL_FLAG_CHECK_HW );
807+ #endif
808+ else
809+ err_sys ("unable to use post-quantum KEM" );
810+ } while (ret == WC_NO_ERR_TRACE (WC_PENDING_E ));
811+
812+ #ifdef WOLFSSL_DTLS13
813+ if (wolfSSL_dtls (ssl )) {
814+ /* When the KeyShare is too large for an unfragmented
815+ * ClientHello, DTLS sends an empty KeyShare extension to
816+ * use the Hello Retry Request to enable fragmentation.
817+ * In order to enforce our desired PQC algorithm in the
818+ * second ClientHello, we need to set it as the only one
819+ * allowed in the SupportedGroups extension. */
820+ setGroups = 1 ;
765821 }
822+ #endif /* WOLFSSL_DTLS13 */
766823 }
767824 }
768825 #endif
@@ -1590,14 +1647,12 @@ static const char* client_usage_msg[][70] = {
15901647 " SSLv3(0) - TLS1.3(4)\n" , /* 69 */
15911648#endif
15921649#ifdef HAVE_PQC
1593- "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" ,
1594- " KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n" ,
1595- " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n" ,
1596- " SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
1597- " P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
1598- " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
1599- " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
1600- " P521_KYBER_90S_LEVEL5]\n\n" , /* 70 */
1650+ "--pqc <alg> Key Share with specified post-quantum algorithm only [ML_KEM_512, ML_KEM_768,\n" ,
1651+ " ML_KEM_1024, SecP256r1MLKEM512, SecP384r1MLKEM768, SecP256r1MLKEM768,\n" ,
1652+ " SecP521r1MLKEM1024, SecP384r1MLKEM1024, X25519MLKEM512, X25519MLKEM768,\n" ,
1653+ " X448MLKEM768, KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, P256_KYBER_LEVEL1,\n"
1654+ " P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, P521_KYBER_LEVEL5, X25519_KYBER_LEVEL1,\n"
1655+ " X25519_KYBER_LEVEL3, X448_KYBER_LEVEL3]\n\n" , /* 70 */
16011656#endif
16021657 "For simpler wolfSSL TLS client examples, visit\n"
16031658 "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n" , /* 71 */
@@ -1801,13 +1856,11 @@ static const char* client_usage_msg[][70] = {
18011856#endif
18021857#ifdef HAVE_PQC
18031858 "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ\n" ,
1804- "[KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n" ,
1805- " NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n" ,
1806- " LIGHTSABER, SABER, FIRESABER, P256_NTRU_HPS_LEVEL1,\n"
1807- " P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
1808- " P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
1809- " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
1810- " P521_KYBER_90S_LEVEL5]\n\n" , /* 70 */
1859+ "[ML_KEM_512, ML_KEM_768, ML_KEM_1024, SecP256r1MLKEM512, SecP384r1MLKEM768,\n" ,
1860+ " SecP256r1MLKEM768, SecP521r1MLKEM1024, SecP384r1MLKEM1024, X25519MLKEM512,\n" ,
1861+ " X25519MLKEM768, X448MLKEM768, KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5,\n"
1862+ " P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
1863+ " X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, X448_KYBER_LEVEL3]\n\n" , /* 70 */
18111864#endif
18121865 "For simpler wolfSSL TLS client examples, visit\n"
18131866 "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n" , /* 71 */
0 commit comments