diff --git a/3rd_party_deps.yml b/3rd_party_deps.yml index 23e3a2e1..6ceb1905 100644 --- a/3rd_party_deps.yml +++ b/3rd_party_deps.yml @@ -6,7 +6,6 @@ --disable-dh --disable-examples --disable-oldtls - --disable-sha3 --disable-shared --disable-sys-ca-certs --disable-dilithium @@ -23,6 +22,5 @@ --enable-static --enable-tls13 --enable-experimental - - :HE_LIBOQS_SOURCE: https://github.com/open-quantum-safe/liboqs - - :HE_LIBOQS_TAG: 0.9.2 - - :HE_LIBOQS_BUILD_FLAGS: -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD='KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5;SIG_falcon_512;SIG_falcon_1024' + --enable-sha3 + --enable-kyber=all,original diff --git a/Earthfile b/Earthfile index bf9d72ee..b2f6fd7f 100644 --- a/Earthfile +++ b/Earthfile @@ -18,7 +18,7 @@ libhelium-deps: # Make the directory structure so that the config can be parsed # To improve caching we want to separate this out as the WolfSSL dependency # fetch and build are the slowest parts of the process. - RUN mkdir -p src include test/support third_party/wolfssl third_party/liboqs + RUN mkdir -p src include test/support third_party/wolfssl # Copy the patch files COPY --dir wolfssl ./ # Build and fetch the dependencies diff --git a/android.yml b/android.yml index 01501f38..5e1fb27b 100644 --- a/android.yml +++ b/android.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DANDROID_ABI=$ARCH -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -36,9 +19,13 @@ - C_EXTRA_FLAGS= -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -fomit-frame-pointer -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - LIBS=-llog -landroid :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - - ./configure $CROSS_OPTS C_EXTRA_FLAGS="$C_EXTRA_FLAGS" --prefix=$(pwd)/../builds/wolfssl_build $HE_WOLFSSL_CONF_FLAGS --with-liboqs=$(pwd)/../liboqs/build --disable-crypttests + - ./configure $CROSS_OPTS C_EXTRA_FLAGS="$C_EXTRA_FLAGS" --prefix=$(pwd)/../builds/wolfssl_build $HE_WOLFSSL_CONF_FLAGS --disable-crypttests - make - make install :artifacts: diff --git a/ios.yml b/ios.yml index b9578549..91a9b843 100644 --- a/ios.yml +++ b/ios.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build_universal - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - cp ../../cmake/apple.cmake ./apple.cmake - - cp ../../ios/liboqs-helper.sh ./liboqs-helper.sh - - "./liboqs-helper.sh -iphoneuniversal" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_ios @@ -33,7 +16,11 @@ :source: $HE_WOLFSSL_SOURCE :tag: $HE_WOLFSSL_TAG :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - "cp ../../ios/autotools-ios-helper.sh ./autotools-ios-helper.sh" - "./autotools-ios-helper.sh -iphoneuniversal" diff --git a/ios/Lightway/Lightway.xcodeproj/project.pbxproj b/ios/Lightway/Lightway.xcodeproj/project.pbxproj index 4ce1fe5d..6f3088c0 100644 --- a/ios/Lightway/Lightway.xcodeproj/project.pbxproj +++ b/ios/Lightway/Lightway.xcodeproj/project.pbxproj @@ -471,12 +471,10 @@ ); LIBRARY_SEARCH_PATHS = ( "$(PROJECT_DIR)/../../third_party/builds/wolfssl_ios/Release$(EFFECTIVE_PLATFORM_NAME)/lib", - "$(PROJECT_DIR)/../../third_party/liboqs/build_universal/lib", ); OTHER_CFLAGS = ""; OTHER_LDFLAGS = ( "-lwolfssl", - "-loqs", ); PRODUCT_BUNDLE_IDENTIFIER = com.expressvpn.Lightway; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; @@ -514,12 +512,10 @@ ); LIBRARY_SEARCH_PATHS = ( "$(PROJECT_DIR)/../../third_party/builds/wolfssl_ios/Release$(EFFECTIVE_PLATFORM_NAME)/lib", - "$(PROJECT_DIR)/../../third_party/liboqs/build_universal/lib", ); OTHER_CFLAGS = ""; OTHER_LDFLAGS = ( "-lwolfssl", - "-loqs", ); PRODUCT_BUNDLE_IDENTIFIER = com.expressvpn.Lightway; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; diff --git a/ios/autotools-ios-helper.sh b/ios/autotools-ios-helper.sh index e8a50c97..9922c135 100755 --- a/ios/autotools-ios-helper.sh +++ b/ios/autotools-ios-helper.sh @@ -20,8 +20,6 @@ set -e export MIN_IOS_VERSION=12.0 export MIN_TVOS_VERSION=17.0 -OQS_BUILD=${OQS_BUILD:-"$(pwd)/../liboqs/build_universal"} - build() { # Compiler options export OPT_FLAGS="-O3" @@ -57,10 +55,8 @@ build() { --enable-dtls-mtu \ --enable-dtls-frag-ch \ --enable-sp=yes,4096 \ - --disable-sha3 \ --disable-dh \ --enable-curve25519 \ - --with-liboqs="${OQS_BUILD}" \ --enable-secure-renegotiation \ --disable-shared \ --disable-examples \ @@ -68,7 +64,9 @@ build() { --enable-sni \ --disable-crypttests \ --enable-aes-bitsliced \ - --enable-experimental + --enable-experimental \ + --enable-sha3 \ + --enable-kyber=all,original make clean mkdir -p "${EXEC_PREFIX}" make V=1 -j"${MAKE_JOBS}" --debug=j diff --git a/ios/liboqs-helper.sh b/ios/liboqs-helper.sh deleted file mode 100755 index aa594798..00000000 --- a/ios/liboqs-helper.sh +++ /dev/null @@ -1,96 +0,0 @@ -export MIN_IOS_VERSION=12.0 -export MIN_TVOS_VERSION=17.0 - -PREFIX=${PREFIX:-"$(pwd)"} - -LIBOQS_CMAKE_FLAGS="-DCMAKE_TOOLCHAIN_FILE=apple.cmake -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD='KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5;SIG_falcon_512;SIG_falcon_1024'" - -build_iphoneos() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-iphoneos -DPLATFORM=OS64 -DDEPLOYMENT_TARGET=$MIN_IOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-iphoneos --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk iphoneos - cp ${PREFIX}/build-iphoneos/lib/Release/${LIB_NAME} ${PREFIX}/build-iphoneos/lib -} - -build_iphonesimulator() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-iphonesimulator -DPLATFORM=SIMULATOR64 -DDEPLOYMENT_TARGET=$MIN_IOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-iphonesimulator --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk iphonesimulator - cp ${PREFIX}/build-iphonesimulator/lib/Release/${LIB_NAME} ${PREFIX}/build-iphonesimulator/lib -} - -build_tvos() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-appletvos -DPLATFORM=TVOS -DDEPLOYMENT_TARGET=$MIN_TVOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-appletvos --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk appletvos - cp ${PREFIX}/build-appletvos/lib/Release/${LIB_NAME} ${PREFIX}/build-appletvos/lib -} - -build_tvsimulator() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-appletvsimulator -DPLATFORM=SIMULATOR_TVOS -DDEPLOYMENT_TARGET=$MIN_TVOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-appletvsimulator --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk appletvsimulator - cp ${PREFIX}/build-appletvsimulator/lib/Release/${LIB_NAME} ${PREFIX}/build-appletvsimulator/lib -} - -build_ios_universal_binary() { - # Create ios universal binary - LIB_NAME="liboqs.a" - mkdir -p ${PREFIX}/build_universal/lib - cp -r ${PREFIX}/build-iphoneos/include ${PREFIX}/build_universal - lipo -create -output "${PREFIX}/build_universal/lib/${LIB_NAME}" \ - "${PREFIX}/build-iphoneos/lib/Release/${LIB_NAME}" \ - "${PREFIX}/build-iphonesimulator/lib/Release/${LIB_NAME}" -} - -build_tvos_universal_binary() { - # Create ios universal binary - LIB_NAME="liboqs.a" - mkdir -p ${PREFIX}/build_universal/lib - cp -r ${PREFIX}/build-appletvos/include build_universal - lipo -create -output "${PREFIX}/build_universal/lib/${LIB_NAME}" \ - "${PREFIX}/build-appletvos/lib/Release/${LIB_NAME}" \ - "${PREFIX}/build-appletvsimulator/lib/Release/${LIB_NAME}" -} - -TARGET=${1:-"-all"} -echo "Building liboqs for ${TARGET}..." - -case "${TARGET}" in --iphoneos) - build_iphoneos - ;; --iphonesimulator) - build_iphonesimulator - ;; --iphoneuniversal) - build_iphoneos - build_iphonesimulator - build_ios_universal_binary - ;; --appletvos) - build_tvos - ;; --appletvsimulator) - build_tvsimulator - ;; --appletvuniversal) - build_tvos - build_tvsimulator - build_tvos_universal_binary - ;; --all) - build_iphoneos - build_iphonesimulator - build_ios_universal_binary - build_tvos - build_tvsimulator - build_tvos_universal_binary - ;; -*) - echo "Unsupport target: ${TARGET}" - exit 64 - ;; -esac - -echo "Building liboqs for ${TARGET}... Done." diff --git a/linux.yml b/linux.yml index 8ff83bc4..f0509168 100644 --- a/linux.yml +++ b/linux.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT -Wno-error=stringop-overflow :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-aesni --enable-sp-asm --enable-intelasm" + - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-aesni --enable-sp-asm --enable-intelasm" - "make" - "make install" :artifacts: diff --git a/linux_386.yml b/linux_386.yml index b9481c57..13788f56 100644 --- a/linux_386.yml +++ b/linux_386.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_x86.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -36,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -m32 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - LDFLAGS= -m32 :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --disable-asm --disable-sp-asm --disable-intelasm" + - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" - "make install" :artifacts: diff --git a/linux_arm.yml b/linux_arm.yml index d67ad702..971b514a 100644 --- a/linux_arm.yml +++ b/linux_arm.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_armhf.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build" + - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" - "make install" :artifacts: diff --git a/linux_arm64.yml b/linux_arm64.yml index c7ecd368..c88c759b 100644 --- a/linux_arm64.yml +++ b/linux_arm64.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_arm64.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-sp-asm --enable-armasm" + - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-sp-asm --enable-armasm" - "make" - "make install" :artifacts: diff --git a/linux_arm_no_pqc.yml b/linux_arm_no_pqc.yml index f44c1c36..f1e87414 100644 --- a/linux_arm_no_pqc.yml +++ b/linux_arm_no_pqc.yml @@ -26,7 +26,11 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT -Werror -Wno-pragmas -Wall -Wextra -Wno-strict-aliasing :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" diff --git a/linux_riscv64.yml b/linux_riscv64.yml index e51b4824..810bf76d 100644 --- a/linux_riscv64.yml +++ b/linux_riscv64.yml @@ -26,7 +26,11 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch || true + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" diff --git a/macos.yml b/macos.yml index 557020e1..3027bf5c 100644 --- a/macos.yml +++ b/macos.yml @@ -8,25 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :environment: - - CC=clang - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=../../cmake/apple.cmake -DPLATFORM=MAC -DDEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET -DCMAKE_REQUIRED_FLAGS=\"-Werror=unguarded-availability-new\" $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -38,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -target x86_64-apple-darwin -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - CC=clang :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=x86_64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-aesni --enable-sp-asm --enable-intelasm" + - "./configure --host=x86_64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-aesni --enable-sp-asm --enable-intelasm" - "make" - "make install" :artifacts: diff --git a/macos_arm64.yml b/macos_arm64.yml index 27e721a8..dbd4fc0a 100644 --- a/macos_arm64.yml +++ b/macos_arm64.yml @@ -8,25 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :environment: - - CC=clang - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=../../cmake/apple.cmake -DPLATFORM=MAC_ARM64 -DDEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET -DCMAKE_REQUIRED_FLAGS=\"-Werror=unguarded-availability-new\" $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -38,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -target arm64-apple-darwin -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - CC=clang :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=aarch64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-sp-asm --enable-armasm" + - "./configure --host=aarch64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-sp-asm --enable-armasm" - "make" - "make install" :artifacts: diff --git a/tvos.yml b/tvos.yml index 6aa829b4..050cf458 100644 --- a/tvos.yml +++ b/tvos.yml @@ -8,22 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build_universal - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - cp ../../cmake/apple.cmake ./apple.cmake - - cp ../../ios/liboqs-helper.sh ./liboqs-helper.sh - - "./liboqs-helper.sh -appletvuniversal" - :artifacts: - :includes: - - include - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_tvos @@ -32,7 +16,11 @@ :source: $HE_WOLFSSL_SOURCE :tag: $HE_WOLFSSL_TAG :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - cp ../../ios/autotools-ios-helper.sh ./autotools-ios-helper.sh - PREFIX=$(pwd)/../builds/wolfssl_tvos ./autotools-ios-helper.sh -appletvuniversal diff --git a/windows/wolfssl-user_settings-32.h b/windows/wolfssl-user_settings-32.h index dfd00166..6e6a68ef 100644 --- a/windows/wolfssl-user_settings-32.h +++ b/windows/wolfssl-user_settings-32.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl-user_settings-64.h b/windows/wolfssl-user_settings-64.h index 8df6ef82..9c79d837 100644 --- a/windows/wolfssl-user_settings-64.h +++ b/windows/wolfssl-user_settings-64.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl-user_settings-arm-64.h b/windows/wolfssl-user_settings-arm-64.h index 08dcf492..2dc2e5c2 100644 --- a/windows/wolfssl-user_settings-arm-64.h +++ b/windows/wolfssl-user_settings-arm-64.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl.vcxproj b/windows/wolfssl.vcxproj index bc3eb3bd..cc3978da 100644 --- a/windows/wolfssl.vcxproj +++ b/windows/wolfssl.vcxproj @@ -201,7 +201,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) true EnableFastChecks @@ -215,7 +215,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) true EnableFastChecks @@ -236,7 +236,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -250,7 +250,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -269,7 +269,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -283,7 +283,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -303,7 +303,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -316,7 +316,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -334,7 +334,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -348,7 +348,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -366,7 +366,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -380,7 +380,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true diff --git a/windows_32.yml b/windows_32.yml index 8aa57006..6ac54ea4 100644 --- a/windows_32.yml +++ b/windows_32.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_windows_x86.cmake %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-32.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-32.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/windows_64.yml b/windows_64.yml index 7f405f82..05bfb708 100644 --- a/windows_64.yml +++ b/windows_64.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-64.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-64.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/windows_arm64.yml b/windows_arm64.yml index 4cf420c4..dc7d9c20 100644 --- a/windows_arm64.yml +++ b/windows_arm64.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_windows_arm64.cmake %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-arm-64.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-arm-64.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/wolfssl/fix-falcon-dilithm-flags.patch b/wolfssl/fix-falcon-dilithm-flags.patch deleted file mode 100644 index 722f8689..00000000 --- a/wolfssl/fix-falcon-dilithm-flags.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/wolfssl/internal.h b/wolfssl/internal.h -index c62ef351c..336bf1988 100644 ---- a/wolfssl/internal.h -+++ b/wolfssl/internal.h -@@ -3572,7 +3572,7 @@ typedef struct KeyShareEntry { - word32 keyLen; /* Key size (bytes) */ - byte* pubKey; /* Public key */ - word32 pubKeyLen; /* Public key length */ --#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) -+#if !defined(NO_DH) || defined(HAVE_PQC) - byte* privKey; /* Private key - DH and PQ KEMs only */ - word32 privKeyLen;/* Only for PQ KEMs. */ - #endif -diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h -index e02870c13..430734846 100644 ---- a/wolfssl/wolfcrypt/settings.h -+++ b/wolfssl/wolfcrypt/settings.h -@@ -3912,10 +3912,10 @@ extern void uITRON4_free(void *p) ; - * group */ - #ifdef HAVE_LIBOQS - #define HAVE_PQC --#define HAVE_FALCON --#ifndef HAVE_DILITHIUM -- #define HAVE_DILITHIUM --#endif -+// #define HAVE_FALCON -+// #ifndef HAVE_DILITHIUM -+// #define HAVE_DILITHIUM -+// #endif - #ifndef WOLFSSL_NO_SPHINCS - #define HAVE_SPHINCS - #endif diff --git a/wolfssl/fix-kyber-get-curve-name.patch b/wolfssl/fix-kyber-get-curve-name.patch new file mode 100644 index 00000000..b4a2e077 --- /dev/null +++ b/wolfssl/fix-kyber-get-curve-name.patch @@ -0,0 +1,40 @@ +From a8f88e38e24f7f3f0b5d2a552a59954594b79c08 Mon Sep 17 00:00:00 2001 +From: David Garske +Date: Thu, 14 Nov 2024 17:57:24 -0800 +Subject: [PATCH 4/4] Merge pull request #8185 from SparkiDev/kyber_fixes_4 + +Kyber: Fix wolfSSL_get_curve_name() +--- + src/ssl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index edcd5d9df1..559c977c61 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -14602,19 +14602,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #elif defined(WOLFSSL_WC_KYBER) +- #ifdef WOLFSSL_KYBER512 ++ #ifndef WOLFSSL_NO_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + #endif +- #ifdef WOLFSSL_KYBER768 ++ #ifndef WOLFSSL_NO_KYBER768 + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #ifndef WOLFSSL_NO_KYBER1024 + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_P521_KYBER_LEVEL5: +-- +2.43.0 + diff --git a/wolfssl/fix-kyber-mlkem-benchmark.patch b/wolfssl/fix-kyber-mlkem-benchmark.patch new file mode 100644 index 00000000..cb22fa05 --- /dev/null +++ b/wolfssl/fix-kyber-mlkem-benchmark.patch @@ -0,0 +1,86 @@ +From 4d81279e8982840d47e1719a5a5ba827c930b5a2 Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Mon, 11 Nov 2024 23:00:51 -0600 +Subject: [PATCH 2/4] Merge pull request #8172 from SparkiDev/kyber_bench_fix + +Kyber benchmark: allow ML-KEM and Kyber +--- + wolfcrypt/benchmark/benchmark.c | 41 +++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c +index a242ad9f2b..2a8a511643 100644 +--- a/wolfcrypt/benchmark/benchmark.c ++++ b/wolfcrypt/benchmark/benchmark.c +@@ -3652,6 +3652,24 @@ static void* benchmarks_do(void* args) + + #ifdef WOLFSSL_HAVE_KYBER + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_KYBER512 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { ++ bench_kyber(WC_ML_KEM_512); ++ } ++ #endif ++ #ifdef WOLFSSL_KYBER768 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) { ++ bench_kyber(WC_ML_KEM_768); ++ } ++ #endif ++ #ifdef WOLFSSL_KYBER1024 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) { ++ bench_kyber(WC_ML_KEM_1024); ++ } ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { + bench_kyber(KYBER512); +@@ -3667,6 +3685,7 @@ static void* benchmarks_do(void* args) + bench_kyber(KYBER1024); + } + #endif ++#endif + } + #endif + +@@ -9471,6 +9490,27 @@ void bench_kyber(int type) + int keySize = 0; + + switch (type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ name = "ML-KEM 512 "; ++ keySize = 128; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ name = "ML-KEM 768 "; ++ keySize = 192; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ name = "ML-KEM 1024 "; ++ keySize = 256; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + name = "KYBER512 "; +@@ -9488,6 +9528,7 @@ void bench_kyber(int type) + name = "KYBER1024"; + keySize = 256; + break; ++#endif + #endif + } + +-- +2.43.0 + diff --git a/wolfssl/fix-mlkem-get-curve-name.patch b/wolfssl/fix-mlkem-get-curve-name.patch new file mode 100644 index 00000000..e0e4bfb4 --- /dev/null +++ b/wolfssl/fix-mlkem-get-curve-name.patch @@ -0,0 +1,200 @@ +From bb3822635b481f00099374d4cc7358b8c90a01fd Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Thu, 14 Nov 2024 12:47:09 -0600 +Subject: [PATCH 3/4] Merge pull request #8183 from SparkiDev/kyber_fixes_3 + +Kyber: fixes to configure and wolfSSL_get_curve_name +--- + configure.ac | 13 +++++++++---- + src/ssl.c | 6 +++--- + src/tls.c | 24 ++++++++++++------------ + tests/api.c | 9 +++++++++ + 4 files changed, 33 insertions(+), 19 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 94a1d33e02..56aa878fd9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1276,7 +1276,7 @@ AC_ARG_ENABLE([kyber], + ) + + ENABLED_WC_KYBER=no +-ENABLED_ML_KEM=yes ++ENABLED_ML_KEM=unset + for v in `echo $ENABLED_KYBER | tr "," " "` + do + case $v in +@@ -1302,9 +1302,8 @@ do + original) + ENABLED_ORIGINAL=yes + ;; +- original-only) +- ENABLED_ORIGINAL=yes +- ENABLED_ML_KEM=no ++ ml-kem) ++ ENABLED_ML_KEM=yes + ;; + *) + AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.]) +@@ -1333,6 +1332,12 @@ then + if test "$ENABLED_KYBER1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" + fi ++ if test "$ENABLED_ML_KEM" = "unset"; then ++ ENABLED_ML_KEM=no ++ fi ++ fi ++ if test "$ENABLED_ML_KEM" = "unset"; then ++ ENABLED_ML_KEM=yes + fi + if test "$ENABLED_ML_KEM" = "yes"; then + if test "$ENABLED_KYBER512" = ""; then +diff --git a/src/ssl.c b/src/ssl.c +index d9a53dfd53..edcd5d9df1 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -14567,19 +14567,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_ML_KEM_1024: + return "P521_ML_KEM_1024"; + #elif defined(WOLFSSL_WC_KYBER) +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + return "ML_KEM_512"; + case WOLFSSL_P256_ML_KEM_512: + return "P256_ML_KEM_512"; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + return "ML_KEM_768"; + case WOLFSSL_P384_ML_KEM_768: + return "P384_ML_KEM_768"; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + return "ML_KEM_1024"; + case WOLFSSL_P521_ML_KEM_1024: +diff --git a/src/tls.c b/src/tls.c +index 0c69c079e3..25b7f03dfc 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -7983,17 +7983,17 @@ static int kyber_id2type(int id, int *type) + + switch (id) { + #ifndef WOLFSSL_NO_ML_KEM +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + *type = WC_ML_KEM_512; + break; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + *type = WC_ML_KEM_768; + break; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + *type = WC_ML_KEM_1024; + break; +@@ -9693,15 +9693,15 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + #ifdef WOLFSSL_HAVE_KYBER + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + case WOLFSSL_P256_ML_KEM_512: + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + case WOLFSSL_P384_ML_KEM_768: + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + case WOLFSSL_P521_ML_KEM_1024: + #endif +@@ -9815,15 +9815,15 @@ static const word16 preferredGroup[] = { + #endif + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + WOLFSSL_ML_KEM_512, + WOLFSSL_P256_ML_KEM_512, + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + WOLFSSL_ML_KEM_768, + WOLFSSL_P384_ML_KEM_768, + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + WOLFSSL_ML_KEM_1024, + WOLFSSL_P521_ML_KEM_1024, + #endif +@@ -13473,7 +13473,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + #ifdef WOLFSSL_HAVE_KYBER + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +-#ifdef WOLFSSL_WC_ML_KEM_512 ++#ifndef WOLFSSL_NO_ML_KEM_512 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, + ssl->heap); +@@ -13481,7 +13481,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ssl->heap); + #endif +-#ifdef WOLFSSL_WC_ML_KEM_768 ++#ifndef WOLFSSL_NO_ML_KEM_768 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, + ssl->heap); +@@ -13489,7 +13489,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ssl->heap); + #endif +-#ifdef WOLFSSL_WC_ML_KEM_1024 ++#ifndef WOLFSSL_NO_ML_KEM_1024 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, + ssl->heap); +diff --git a/tests/api.c b/tests/api.c +index 283ff6026e..82129aa561 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -95513,7 +95513,11 @@ static int test_dtls13_frag_ch_pq(void) + const char *test_str = "test"; + int test_str_size; + byte buf[255]; ++#ifdef WOLFSSL_KYBER_ORIGINAL + int group = WOLFSSL_KYBER_LEVEL5; ++#else ++ int group = WOLFSSL_ML_KEM_1024; ++#endif + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, +@@ -95523,8 +95527,13 @@ static int test_dtls13_frag_ch_pq(void) + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); ++#ifdef WOLFSSL_KYBER_ORIGINAL + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5"); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5"); ++#else ++ ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024"); ++ ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024"); ++#endif + test_str_size = XSTRLEN("test") + 1; + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); +-- +2.43.0 diff --git a/wolfssl/include-private-key-fields-for-kyber.patch b/wolfssl/include-private-key-fields-for-kyber.patch new file mode 100644 index 00000000..c7076297 --- /dev/null +++ b/wolfssl/include-private-key-fields-for-kyber.patch @@ -0,0 +1,25 @@ +From 5d61ca94c05561aefb11dfab4e15682c249c3746 Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Mon, 18 Nov 2024 08:29:16 +1000 +Subject: [PATCH] KeyShareEntry: include private key fields for KYBER + +Originallt HAVE_PQC and then changed to HAVE_FALCON and HAVE_DILITHIUM. +The KEM PQC algorithm is actually KYBER. +--- + wolfssl/internal.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wolfssl/internal.h b/wolfssl/internal.h +index 70c99818e5..2519f09d8c 100644 +--- a/wolfssl/internal.h ++++ b/wolfssl/internal.h +@@ -3539,7 +3539,7 @@ typedef struct KeyShareEntry { + word32 keyLen; /* Key size (bytes) */ + byte* pubKey; /* Public key */ + word32 pubKeyLen; /* Public key length */ +-#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) ++#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) + byte* privKey; /* Private key - DH and PQ KEMs only */ + word32 privKeyLen;/* Only for PQ KEMs. */ + #endif + \ No newline at end of file diff --git a/wolfssl/make-kyber-mlkem-available.patch b/wolfssl/make-kyber-mlkem-available.patch new file mode 100644 index 00000000..b9f3a1e3 --- /dev/null +++ b/wolfssl/make-kyber-mlkem-available.patch @@ -0,0 +1,3228 @@ +From bb142c730cfc40463341ccce21546cf939581096 Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Sat, 9 Nov 2024 00:09:51 -0600 +Subject: [PATCH 1/4] Merge pull request #8143 from SparkiDev/kyber_plus_mlkem + +Kyber/ML-KEM: make both available +--- + IDE/STM32Cube/wolfssl_example.c | 5 + + configure.ac | 36 ++- + examples/benchmark/tls_bench.c | 10 + + examples/client/client.c | 70 +++++- + examples/server/server.c | 70 +++++- + src/ssl.c | 66 ++++- + src/tls.c | 142 +++++++++++ + tests/api.c | 220 +++++++++------- + tests/suites.c | 23 ++ + tests/test-dtls13-pq-2.conf | 14 ++ + tests/test-dtls13-pq.conf | 18 +- + tests/test-tls13-pq-2.conf | 30 +++ + tests/test-tls13-pq.conf | 30 +++ + wolfcrypt/src/ext_kyber.c | 59 ++++- + wolfcrypt/src/wc_kyber.c | 431 ++++++++++++++++++++++++++++---- + wolfcrypt/src/wc_kyber_poly.c | 71 +++--- + wolfcrypt/test/test.c | 277 ++++++++++++++++---- + wolfssl/ssl.h | 27 +- + wolfssl/wolfcrypt/kyber.h | 49 +++- + 19 files changed, 1395 insertions(+), 253 deletions(-) + +diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c +index 342e8ee9d0..be6195a60a 100644 +--- a/IDE/STM32Cube/wolfssl_example.c ++++ b/IDE/STM32Cube/wolfssl_example.c +@@ -1751,6 +1751,11 @@ static int tls13_uart_client(void) + wolfSSL_SetIOReadCtx(ssl, tbuf); + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) { ++ printf("wolfSSL_UseKeyShare Error!!"); ++ } ++#else + if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) { + printf("wolfSSL_UseKeyShare Error!!"); + } +diff --git a/configure.ac b/configure.ac +index 67298c4cd1..94a1d33e02 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1276,6 +1276,7 @@ AC_ARG_ENABLE([kyber], + ) + + ENABLED_WC_KYBER=no ++ENABLED_ML_KEM=yes + for v in `echo $ENABLED_KYBER | tr "," " "` + do + case $v in +@@ -1301,6 +1302,10 @@ do + original) + ENABLED_ORIGINAL=yes + ;; ++ original-only) ++ ENABLED_ORIGINAL=yes ++ ENABLED_ML_KEM=no ++ ;; + *) + AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.]) + break;; +@@ -1317,17 +1322,30 @@ then + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER" + fi + +- if test "$ENABLED_KYBER512" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" +- fi +- if test "$ENABLED_KYBER768" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" +- fi +- if test "$ENABLED_KYBER1024" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" +- fi + if test "$ENABLED_ORIGINAL" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL" ++ if test "$ENABLED_KYBER512" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" ++ fi ++ if test "$ENABLED_KYBER768" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" ++ fi ++ if test "$ENABLED_KYBER1024" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" ++ fi ++ fi ++ if test "$ENABLED_ML_KEM" = "yes"; then ++ if test "$ENABLED_KYBER512" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" ++ fi ++ if test "$ENABLED_KYBER768" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" ++ fi ++ if test "$ENABLED_KYBER1024" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" ++ fi ++ else ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" + fi + + if test "$ENABLED_WC_KYBER" = "yes" +diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c +index 609481a3e0..321ab5c066 100644 +--- a/examples/benchmark/tls_bench.c ++++ b/examples/benchmark/tls_bench.c +@@ -288,12 +288,22 @@ static struct group_info groups[] = { + { WOLFSSL_FFDHE_6144, "FFDHE_6144" }, + { WOLFSSL_FFDHE_8192, "FFDHE_8192" }, + #ifdef HAVE_PQC ++#ifndef WOLFSSL_NO_ML_KEM ++ { WOLFSSL_ML_KEM_512, "ML_KEM_512" }, ++ { WOLFSSL_ML_KEM_768, "ML_KEM_768" }, ++ { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" }, ++ { WOLFSSL_P256_ML_KEM_512, "P256_ML_KEM_512" }, ++ { WOLFSSL_P384_ML_KEM_768, "P384_ML_KEM_768" }, ++ { WOLFSSL_P521_ML_KEM_1024, "P521_ML_KEM_1024" }, ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" }, + { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" }, + { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" }, + { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" }, + { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" }, + { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" }, ++#endif + #endif + { 0, NULL } + }; +diff --git a/examples/client/client.c b/examples/client/client.c +index f50f67fbb4..44306454b1 100644 +--- a/examples/client/client.c ++++ b/examples/client/client.c +@@ -398,6 +398,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + if (usePqc) { + int group = 0; + ++ #ifndef WOLFSSL_NO_ML_KEM ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { ++ group = WOLFSSL_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { ++ group = WOLFSSL_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { ++ group = WOLFSSL_ML_KEM_1024; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { ++ group = WOLFSSL_P256_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { ++ group = WOLFSSL_P384_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { ++ group = WOLFSSL_P521_ML_KEM_1024; ++ } ++ else ++ #endif ++ #endif /* WOLFSSL_NO_ML_KEM */ ++ #ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + group = WOLFSSL_KYBER_LEVEL1; +@@ -434,6 +473,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + } + else + #endif ++ #endif /* WOLFSSL_KYBER_ORIGINAL */ + { + err_sys("invalid post-quantum KEM specified"); + } +@@ -1330,8 +1370,19 @@ static const char* client_usage_msg[][77] = { + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ + #endif + #ifdef HAVE_PQC +- "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ ++ "--pqc Key Share with specified post-quantum algorithm only:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 69 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +@@ -1564,8 +1615,19 @@ static const char* client_usage_msg[][77] = { + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ + #endif + #ifdef HAVE_PQC +- "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ ++ "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 69 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +diff --git a/examples/server/server.c b/examples/server/server.c +index bc3e1509f7..1592a1d1eb 100644 +--- a/examples/server/server.c ++++ b/examples/server/server.c +@@ -712,6 +712,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + else if (usePqc == 1) { + #ifdef HAVE_PQC + groups[count] = 0; ++ #ifndef WOLFSSL_NO_ML_KEM ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_1024; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { ++ groups[count] = WOLFSSL_P256_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { ++ groups[count] = WOLFSSL_P384_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { ++ groups[count] = WOLFSSL_P521_ML_KEM_1024; ++ } ++ else ++ #endif ++ #endif /* WOLFSSL_NO_ML_KEM */ ++ #ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL1; +@@ -748,6 +787,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + } + else + #endif ++ #endif + { + err_sys("invalid post-quantum KEM specified"); + } +@@ -980,8 +1020,19 @@ static const char* server_usage_msg[][65] = { + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ + #endif + #ifdef HAVE_PQC +- "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */ ++ "--pqc Key Share with specified post-quantum algorithm only:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 60 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 61 */ +@@ -1172,8 +1223,19 @@ static const char* server_usage_msg[][65] = { + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ + #endif + #ifdef HAVE_PQC +- "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */ ++ "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 60 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (デフォルトはSRTP_AES128_CM_SHA1_80)\n", /* 61 */ +diff --git a/src/ssl.c b/src/ssl.c +index fe81193482..d9a53dfd53 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -3297,6 +3297,17 @@ static int isValidCurveGroup(word16 name) + case WOLFSSL_FFDHE_8192: + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_ML_KEM_1024: ++ #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) ++ case WOLFSSL_P256_ML_KEM_512: ++ case WOLFSSL_P384_ML_KEM_768: ++ case WOLFSSL_P521_ML_KEM_1024: ++ #endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: +@@ -3305,6 +3316,7 @@ static int isValidCurveGroup(word16 name) + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + #endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + #endif + return 1; + +@@ -14540,6 +14552,42 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + * check to override this result in the case of a hybrid. */ + if (IsAtLeastTLSv1_3(ssl->version)) { + switch (ssl->namedGroup) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef HAVE_LIBOQS ++ case WOLFSSL_ML_KEM_512: ++ return "ML_KEM_512"; ++ case WOLFSSL_ML_KEM_768: ++ return "ML_KEM_768"; ++ case WOLFSSL_ML_KEM_1024: ++ return "ML_KEM_1024"; ++ case WOLFSSL_P256_ML_KEM_512: ++ return "P256_ML_KEM_512"; ++ case WOLFSSL_P384_ML_KEM_768: ++ return "P384_ML_KEM_768"; ++ case WOLFSSL_P521_ML_KEM_1024: ++ return "P521_ML_KEM_1024"; ++#elif defined(WOLFSSL_WC_KYBER) ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ return "ML_KEM_512"; ++ case WOLFSSL_P256_ML_KEM_512: ++ return "P256_ML_KEM_512"; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ return "ML_KEM_768"; ++ case WOLFSSL_P384_ML_KEM_768: ++ return "P384_ML_KEM_768"; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ return "ML_KEM_1024"; ++ case WOLFSSL_P521_ML_KEM_1024: ++ return "P521_ML_KEM_1024"; ++ #endif ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef HAVE_LIBOQS + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; +@@ -14572,6 +14620,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #endif ++#endif + #endif + } + } +@@ -21898,6 +21947,20 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { + {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448}, + #endif + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512}, ++ {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, ++ {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, ++#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) ++ {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512, ++ WOLFSSL_P256_ML_KEM_512}, ++ {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768, ++ WOLFSSL_P384_ML_KEM_768}, ++ {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024, ++ WOLFSSL_P521_ML_KEM_1024}, ++#endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, +@@ -21906,7 +21969,8 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, + #endif +-#endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ ++#endif /* WOLFSSL_HAVE_KYBER */ + #ifdef WOLFSSL_SM2 + {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, + #endif +diff --git a/src/tls.c b/src/tls.c +index 8441acf522..0c69c079e3 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -7982,6 +7982,24 @@ static int kyber_id2type(int id, int *type) + int ret = 0; + + switch (id) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ *type = WC_ML_KEM_512; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ *type = WC_ML_KEM_768; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ *type = WC_ML_KEM_1024; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + *type = KYBER512; +@@ -7997,6 +8015,7 @@ static int kyber_id2type(int id, int *type) + *type = KYBER1024; + break; + #endif ++#endif + default: + ret = NOT_COMPILED_IN; + break; +@@ -8012,12 +8031,22 @@ typedef struct PqcHybridMapping { + } PqcHybridMapping; + + static const PqcHybridMapping pqc_hybrid_mapping[] = { ++#ifndef WOLFSSL_NO_ML_KEM ++ {.hybrid = WOLFSSL_P256_ML_KEM_512, .ecc = WOLFSSL_ECC_SECP256R1, ++ .pqc = WOLFSSL_ML_KEM_512}, ++ {.hybrid = WOLFSSL_P384_ML_KEM_768, .ecc = WOLFSSL_ECC_SECP384R1, ++ .pqc = WOLFSSL_ML_KEM_768}, ++ {.hybrid = WOLFSSL_P521_ML_KEM_1024, .ecc = WOLFSSL_ECC_SECP521R1, ++ .pqc = WOLFSSL_ML_KEM_1024}, ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + {.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .pqc = WOLFSSL_KYBER_LEVEL1}, + {.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .pqc = WOLFSSL_KYBER_LEVEL3}, + {.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .pqc = WOLFSSL_KYBER_LEVEL5}, ++#endif + {.hybrid = 0, .ecc = 0, .pqc = 0} + }; + +@@ -9662,6 +9691,45 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + #endif + #endif + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_KYBER ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_P256_ML_KEM_512: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_P384_ML_KEM_768: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ case WOLFSSL_P521_ML_KEM_1024: ++ #endif ++ break; ++ #elif defined(HAVE_LIBOQS) ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_ML_KEM_1024: ++ case WOLFSSL_P256_ML_KEM_512: ++ case WOLFSSL_P384_ML_KEM_768: ++ case WOLFSSL_P521_ML_KEM_1024: ++ { ++ int ret; ++ int id; ++ findEccPqc(NULL, &namedGroup, namedGroup); ++ ret = kyber_id2type(namedGroup, &id); ++ if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { ++ return 0; ++ } ++ ++ if (! ext_kyber_enabled(id)) { ++ return 0; ++ } ++ break; ++ } ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: +@@ -9699,6 +9767,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + } + #endif + #endif ++#endif /* WOLFSSL_HAVE_KYBER */ + default: + return 0; + } +@@ -9744,6 +9813,31 @@ static const word16 preferredGroup[] = { + #if defined(HAVE_FFDHE_8192) + WOLFSSL_FFDHE_8192, + #endif ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_KYBER ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ WOLFSSL_ML_KEM_512, ++ WOLFSSL_P256_ML_KEM_512, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ WOLFSSL_ML_KEM_768, ++ WOLFSSL_P384_ML_KEM_768, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ WOLFSSL_ML_KEM_1024, ++ WOLFSSL_P521_ML_KEM_1024, ++ #endif ++#elif defined(HAVE_LIBOQS) ++ /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ ++ WOLFSSL_ML_KEM_512, ++ WOLFSSL_ML_KEM_768, ++ WOLFSSL_ML_KEM_1024, ++ WOLFSSL_P256_ML_KEM_512, ++ WOLFSSL_P384_ML_KEM_768, ++ WOLFSSL_P521_ML_KEM_1024, ++#endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + WOLFSSL_KYBER_LEVEL1, +@@ -9766,6 +9860,7 @@ static const word16 preferredGroup[] = { + WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P521_KYBER_LEVEL5, + #endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + WOLFSSL_NAMED_GROUP_INVALID + }; + +@@ -13376,6 +13471,52 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + #endif + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_KYBER ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, ++ ssl->heap); ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ++ ssl->heap); ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ++ ssl->heap); ++#endif ++#elif defined(HAVE_LIBOQS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ++ ssl->heap); ++#endif /* HAVE_LIBOQS */ ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + if (ret == WOLFSSL_SUCCESS) +@@ -13419,6 +13560,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, + ssl->heap); + #endif /* HAVE_LIBOQS */ ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + #endif /* WOLFSSL_HAVE_KYBER */ + + (void)ssl; +diff --git a/tests/api.c b/tests/api.c +index c15e431b1e..283ff6026e 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -28113,10 +28113,10 @@ static int test_wc_kyber_make_key_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1, + 0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4, +@@ -28128,7 +28128,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD, + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; +- static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { ++ static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2, + 0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA, + 0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69, +@@ -28230,7 +28230,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E, + 0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B + }; +- static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { ++ static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64, + 0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC, + 0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E, +@@ -28437,8 +28437,8 @@ static int test_wc_kyber_make_key_kats(void) + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F, + 0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84, +@@ -28450,7 +28450,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C, + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; +- static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { ++ static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25, + 0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62, + 0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46, +@@ -28600,7 +28600,7 @@ static int test_wc_kyber_make_key_kats(void) + 0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41, + 0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68 + }; +- static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { ++ static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5, + 0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB, + 0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B, +@@ -28903,8 +28903,8 @@ static int test_wc_kyber_make_key_kats(void) + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E, + 0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE, +@@ -28916,7 +28916,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E, + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; +- static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { ++ static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A, + 0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6, + 0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B, +@@ -29114,7 +29114,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E, + 0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21 + }; +- static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { ++ static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05, + 0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07, + 0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02, +@@ -29513,8 +29513,8 @@ static int test_wc_kyber_make_key_kats(void) + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; + #endif +- static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE]; +- static byte privKey[KYBER_MAX_PRIVATE_KEY_SIZE]; ++ static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; ++ static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -29522,40 +29522,40 @@ static int test_wc_kyber_make_key_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)), + 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER512_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER512_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_512, KYBER512_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_512, KYBER512_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)), + 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER768_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER768_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_768, KYBER768_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_768, KYBER768_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER1024_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER1024_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_1024, KYBER1024_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_1024, KYBER1024_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif + +@@ -29568,10 +29568,10 @@ static int test_wc_kyber_encapsulate_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17, + 0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72, + 0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44, +@@ -29673,13 +29673,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E, + 0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB + }; +- static const byte seed_512[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = { + 0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B, + 0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C, + 0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92, + 0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA + }; +- static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { ++ static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C, + 0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB, + 0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB, +@@ -29777,15 +29777,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F, + 0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62 + }; +- static const byte k_512[KYBER_SS_SZ] = { ++ static const byte k_512[WC_ML_KEM_SS_SZ] = { + 0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21, + 0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71, + 0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF, + 0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC, + 0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38, + 0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24, +@@ -29935,13 +29935,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08, + 0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4 + }; +- static const byte seed_768[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = { + 0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18, + 0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D, + 0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C, + 0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7 + }; +- static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { ++ static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87, + 0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3, + 0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B, +@@ -30079,15 +30079,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B, + 0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6 + }; +- static const byte k_768[KYBER_SS_SZ] = { ++ static const byte k_768[WC_ML_KEM_SS_SZ] = { + 0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0, + 0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29, + 0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE, + 0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B, + 0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23, + 0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08, +@@ -30285,13 +30285,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF, + 0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83 + }; +- static const byte seed_1024[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = { + 0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA, + 0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38, + 0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B, + 0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72 + }; +- static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { ++ static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5, + 0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5, + 0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2, +@@ -30489,15 +30489,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02, + 0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C + }; +- static const byte k_1024[KYBER_SS_SZ] = { ++ static const byte k_1024[WC_ML_KEM_SS_SZ] = { + 0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48, + 0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F, + 0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69, + 0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3 + }; + #endif +- static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE]; +- static byte ss[KYBER_SS_SZ]; ++ static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; ++ static byte ss[WC_ML_KEM_SS_SZ]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -30505,31 +30505,31 @@ static int test_wc_kyber_encapsulate_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512, + sizeof(seed_512)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_512, KYBER512_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_512, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768, + sizeof(seed_768)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_768, KYBER768_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_768, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024, + sizeof(seed_1024)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_1024, KYBER1024_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_1024, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif + +@@ -30542,10 +30542,10 @@ static int test_wc_kyber_decapsulate_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16, + 0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6, + 0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E, +@@ -30751,7 +30751,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88, + 0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04 + }; +- static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { ++ static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6, + 0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8, + 0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD, +@@ -30849,15 +30849,15 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F, + 0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D + }; +- static const byte kprime_512[KYBER_SS_SZ] = { ++ static const byte kprime_512[WC_ML_KEM_SS_SZ] = { + 0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97, + 0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B, + 0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73, + 0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52, + 0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D, + 0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC, +@@ -31159,7 +31159,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8, + 0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F + }; +- static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { ++ static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1, + 0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68, + 0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D, +@@ -31297,15 +31297,15 @@ static int test_wc_kyber_decapsulate_kats(void) + 0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00, + 0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA + }; +- static const byte kprime_768[KYBER_SS_SZ] = { ++ static const byte kprime_768[WC_ML_KEM_SS_SZ] = { + 0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C, + 0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2, + 0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26, + 0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29, + 0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79, + 0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61, +@@ -31703,7 +31703,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58, + 0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6 + }; +- static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { ++ static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD, + 0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6, + 0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9, +@@ -31901,14 +31901,14 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1, + 0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F + }; +- static const byte kprime_1024[KYBER_SS_SZ] = { ++ static const byte kprime_1024[WC_ML_KEM_SS_SZ] = { + 0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E, + 0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F, + 0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF, + 0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94 + }; + #endif +- static byte ss[KYBER_SS_SZ]; ++ static byte ss[WC_ML_KEM_SS_SZ]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -31916,25 +31916,25 @@ static int test_wc_kyber_decapsulate_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_512, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_768, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_1024, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif + +@@ -79236,6 +79236,7 @@ static int test_tls13_apis(void) + #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + int groups[2] = { WOLFSSL_ECC_SECP256R1, + #ifdef WOLFSSL_HAVE_KYBER ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + WOLFSSL_KYBER_LEVEL1 + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79243,6 +79244,15 @@ static int test_tls13_apis(void) + #else + WOLFSSL_KYBER_LEVEL5 + #endif ++#else ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ WOLFSSL_ML_KEM_512 ++ #elif !defined(WOLFSSL_NO_ML_KEM_768) ++ WOLFSSL_ML_KEM_768 ++ #else ++ WOLFSSL_ML_KEM_1024 ++ #endif ++#endif + #else + WOLFSSL_ECC_SECP256R1 + #endif +@@ -79270,6 +79280,7 @@ static int test_tls13_apis(void) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + "P-256:secp256r1" + #if defined(WOLFSSL_HAVE_KYBER) ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + ":P256_KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79277,10 +79288,20 @@ static int test_tls13_apis(void) + #else + ":P256_KYBER_LEVEL5" + #endif ++#else ++ #ifndef WOLFSSL_NO_KYBER512 ++ ":P256_ML_KEM_512" ++ #elif !defined(WOLFSSL_NO_KYBER768) ++ ":P256_ML_KEM_768" ++ #else ++ ":P256_ML_KEM_1024" ++ #endif ++#endif + #endif + #endif + #endif /* !defined(NO_ECC_SECP) */ + #if defined(WOLFSSL_HAVE_KYBER) ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + ":KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79288,6 +79309,15 @@ static int test_tls13_apis(void) + #else + ":KYBER_LEVEL5" + #endif ++#else ++ #ifndef WOLFSSL_NO_KYBER512 ++ ":ML_KEM_512" ++ #elif !defined(WOLFSSL_NO_KYBER768) ++ ":ML_KEM_768" ++ #else ++ ":ML_KEM_1024" ++ #endif ++#endif + #endif + ""; + #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ +@@ -79423,12 +79453,22 @@ static int test_tls13_apis(void) + #endif + + #if defined(WOLFSSL_HAVE_KYBER) ++#ifndef WOLFSSL_NO_ML_KEM ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ kyberLevel = WOLFSSL_ML_KEM_768; ++#elif !defined(WOLFSSL_NO_ML_KEM_1024) ++ kyberLevel = WOLFSSL_ML_KEM_1024; ++#else ++ kyberLevel = WOLFSSL_ML_KEM_512; ++#endif ++#else + #ifndef WOLFSSL_NO_KYBER768 + kyberLevel = WOLFSSL_KYBER_LEVEL3; + #elif !defined(WOLFSSL_NO_KYBER1024) + kyberLevel = WOLFSSL_KYBER_LEVEL5; + #else + kyberLevel = WOLFSSL_KYBER_LEVEL1; ++#endif + #endif + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, kyberLevel), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #ifndef NO_WOLFSSL_SERVER +@@ -96286,13 +96326,21 @@ static int test_dtls13_basic_connection_id(void) + defined(HAVE_LIBOQS) + static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) + { ++#ifdef WOLFSSL_KYBER_ORIGINAL + int group = WOLFSSL_KYBER_LEVEL5; ++#else ++ int group = WOLFSSL_ML_KEM_1024; ++#endif + AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); + } + + static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) + { ++#ifdef WOLFSSL_KYBER_ORIGINAL + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); ++#else ++ AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); ++#endif + } + #endif + +diff --git a/tests/suites.c b/tests/suites.c +index 7328789f46..a22002036d 100644 +--- a/tests/suites.c ++++ b/tests/suites.c +@@ -184,6 +184,28 @@ static int IsKyberLevelAvailable(const char* line) + begin += 6; + end = XSTRSTR(begin, " "); + ++ #ifndef WOLFSSL_NO_ML_KEM ++ if ((size_t)end - (size_t)begin == 10) { ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) { ++ available = 1; ++ } ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) { ++ available = 1; ++ } ++ #endif ++ } ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if ((size_t)end - (size_t)begin == 11) { ++ if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) { ++ available = 1; ++ } ++ } ++ #endif ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + if ((size_t)end - (size_t)begin == 12) { + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) { +@@ -201,6 +223,7 @@ static int IsKyberLevelAvailable(const char* line) + } + #endif + } ++ #endif + } + + return (begin == NULL) || available; +diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf +index 6a4bfac084..bd5e32697d 100644 +--- a/tests/test-dtls13-pq-2.conf ++++ b/tests/test-dtls13-pq-2.conf +@@ -1,3 +1,17 @@ ++# server DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# client DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# P384_ML_KEM_768 and P521_ML_KEM_1024 would fragment the ClientHello. ++ + # server DTLSv1.3 with post-quantum group + -u + -v 4 +diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf +index c84ab819dd..37abf2c77a 100644 +--- a/tests/test-dtls13-pq.conf ++++ b/tests/test-dtls13-pq.conf +@@ -2,12 +2,26 @@ + -u + -v 4 + -l TLS13-AES256-GCM-SHA384 +---pqc KYBER_LEVEL1 ++--pqc ML_KEM_512 + + # client DTLSv1.3 with post-quantum group + -u + -v 4 + -l TLS13-AES256-GCM-SHA384 +---pqc KYBER_LEVEL1 ++--pqc ML_KEM_512 ++ ++# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. ++ ++# server DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# client DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 + + # KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. +diff --git a/tests/test-tls13-pq-2.conf b/tests/test-tls13-pq-2.conf +index ff09d72a71..26f5f525d8 100644 +--- a/tests/test-tls13-pq-2.conf ++++ b/tests/test-tls13-pq-2.conf +@@ -1,3 +1,33 @@ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P384_ML_KEM_768 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P384_ML_KEM_768 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P521_ML_KEM1024 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P521_ML_KEM1024 ++ + # server TLSv1.3 with post-quantum group + -v 4 + -l TLS13-AES256-GCM-SHA384 +diff --git a/tests/test-tls13-pq.conf b/tests/test-tls13-pq.conf +index 9d2b218deb..ac8164e995 100644 +--- a/tests/test-tls13-pq.conf ++++ b/tests/test-tls13-pq.conf +@@ -1,3 +1,33 @@ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_768 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_768 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_1024 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_1024 ++ + # server TLSv1.3 with post-quantum group + -v 4 + -l TLS13-AES256-GCM-SHA384 +diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c +index 0c2cb2b437..44ec893ffc 100644 +--- a/wolfcrypt/src/ext_kyber.c ++++ b/wolfcrypt/src/ext_kyber.c +@@ -43,9 +43,16 @@ + + static const char* OQS_ID2name(int id) { + switch (id) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: return OQS_KEM_alg_ml_kem_512; ++ case WC_ML_KEM_768: return OQS_KEM_alg_ml_kem_768; ++ case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512; + case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768; + case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024; ++ #endif + default: break; + } + return NULL; +@@ -83,11 +90,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + if (ret == 0) { + /* Validate type. */ + switch (type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ #ifdef HAVE_LIBOQS ++ case WC_ML_KEM_768: ++ case WC_ML_KEM_1024: ++ #endif /* HAVE_LIBOQS */ ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: +-#ifdef HAVE_LIBOQS ++ #ifdef HAVE_LIBOQS + case KYBER_LEVEL3: + case KYBER_LEVEL5: +-#endif /* HAVE_LIBOQS */ ++ #endif /* HAVE_LIBOQS */ ++#endif + break; + default: + /* No other values supported. */ +@@ -152,6 +168,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length private key. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_secret_key; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_secret_key; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_secret_key; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_secret_key; + break; +@@ -161,6 +189,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_secret_key; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -194,6 +223,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length public key. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_public_key; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_public_key; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_public_key; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_public_key; + break; +@@ -203,6 +244,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_public_key; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -236,6 +278,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length ciphertext. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_ciphertext; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_ciphertext; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_ciphertext; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_ciphertext; + break; +@@ -245,6 +299,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_ciphertext; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c +index bca5e1ff8b..040c4f0123 100644 +--- a/wolfcrypt/src/wc_kyber.c ++++ b/wolfcrypt/src/wc_kyber.c +@@ -68,7 +68,9 @@ volatile sword16 kyber_opt_blocker = 0; + /** + * Initialize the Kyber key. + * +- * @param [in] type Type of key: KYBER512, KYBER768, KYBER1024. ++ * @param [in] type Type of key: ++ * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, ++ * KYBER512, KYBER768, KYBER1024. + * @param [out] key Kyber key object to initialize. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. +@@ -87,6 +89,27 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + if (ret == 0) { + /* Validate type. */ + switch (type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ #ifndef WOLFSSL_WC_ML_KEM_512 ++ /* Code not compiled in for Kyber-512. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ case WC_ML_KEM_768: ++ #ifndef WOLFSSL_WC_ML_KEM_768 ++ /* Code not compiled in for Kyber-768. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ case WC_ML_KEM_1024: ++ #ifndef WOLFSSL_WC_ML_KEM_1024 ++ /* Code not compiled in for Kyber-1024. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER512: + #ifndef WOLFSSL_KYBER512 + /* Code not compiled in for Kyber-512. */ +@@ -105,6 +128,7 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + ret = NOT_COMPILED_IN; + #endif + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -230,6 +254,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -245,6 +287,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + kp = KYBER1024_K; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -266,13 +309,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + /* Error vector allocated at end of a. */ + e = a + (kp * kp * KYBER_N); + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- /* Expand 32 bytes of random to 32. */ +- ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); +-#else +- buf[0] = kp; +- /* Expand 33 bytes of random to 32. */ +- ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); ++ { ++ /* Expand 32 bytes of random to 32. */ ++ ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ buf[0] = kp; ++ /* Expand 33 bytes of random to 32. */ ++ ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); ++ } + #endif + } + if (ret == 0) { +@@ -333,6 +387,24 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + if (ret == 0) { + /* Return in 'len' size of the cipher text for the type of this key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_CIPHER_TEXT_SIZE; +@@ -348,6 +420,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + *len = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -398,6 +471,27 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -415,6 +509,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + kp = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; ++#endif + #endif + default: + /* No other values supported. */ +@@ -463,19 +558,19 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + /* Perform encapsulation maths. */ + kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp); + +- #ifdef WOLFSSL_KYBER512 ++ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + kyber_vec_compress_10(ct, bp, kp); + kyber_compress_4(ct + compVecSz, v); + } + #endif +- #ifdef WOLFSSL_KYBER768 ++ #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + kyber_vec_compress_10(ct, bp, kp); + kyber_compress_4(ct + compVecSz, v); + } + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + kyber_vec_compress_11(ct, bp); + kyber_compress_5(ct + compVecSz, v); +@@ -562,6 +657,18 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ #endif ++ break; ++#endif + #ifdef WOLFSSL_KYBER512 + case KYBER512: + ctSz = KYBER512_CIPHER_TEXT_SIZE; +@@ -614,42 +721,80 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, + + #ifdef WOLFSSL_KYBER_ORIGINAL + if (ret == 0) { +- /* Hash random to anonymize as seed data. */ +- ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); ++#ifndef WOLFSSL_NO_ML_KEM ++ if (key->type & KYBER_ORIGINAL) ++#endif ++ { ++ /* Hash random to anonymize as seed data. */ ++ ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); ++ } + } + #endif + if (ret == 0) { + /* Hash message into seed buffer. */ ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, +- kr); +-#else +- ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, +- kr); ++ { ++ ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, ++ KYBER_SYM_SZ, kr); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, ++ KYBER_SYM_SZ, kr); ++ } + #endif + } + + if (ret == 0) { + /* Encapsulate the message using the key and the seed (coins). */ ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); +-#else +- ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); ++ { ++ ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); ++ } + #endif + } + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- if (ret == 0) { +- /* Hash the cipher text after the seed. */ +- ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); +- } +- if (ret == 0) { +- /* Derive the secret from the seed and hash of cipher text. */ +- ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ { ++ if (ret == 0) { ++ /* Hash the cipher text after the seed. */ ++ ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); ++ } ++ if (ret == 0) { ++ /* Derive the secret from the seed and hash of cipher text. */ ++ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ } + } +-#else +- if (ret == 0) { +- XMEMCPY(ss, kr, KYBER_SS_SZ); ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ if (ret == 0) { ++ XMEMCPY(ss, kr, KYBER_SS_SZ); ++ } + } + #endif + +@@ -683,6 +828,27 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -700,6 +866,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + kp = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; ++#endif + #endif + default: + /* No other values supported. */ +@@ -723,19 +890,19 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + v = bp + kp * KYBER_N; + mp = v + KYBER_N; + +- #ifdef WOLFSSL_KYBER512 ++ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + kyber_vec_decompress_10(bp, ct, kp); + kyber_decompress_4(v, ct + compVecSz); + } + #endif +- #ifdef WOLFSSL_KYBER768 ++ #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + kyber_vec_decompress_10(bp, ct, kp); + kyber_decompress_4(v, ct + compVecSz); + } + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + kyber_vec_decompress_11(bp, ct); + kyber_decompress_5(v, ct + compVecSz); +@@ -757,7 +924,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + return ret; + } + +-#ifndef WOLFSSL_KYBER_ORIGINAL ++#ifndef WOLFSSL_NO_ML_KEM + /* Derive the secret from z and cipher text. + * + * @param [in] z Implicit rejection value. +@@ -828,6 +995,24 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + if (ret == 0) { + /* Establish cipher text size based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + ctSz = KYBER512_CIPHER_TEXT_SIZE; +@@ -843,6 +1028,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + ctSz = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -882,25 +1068,36 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + /* Compare generated cipher text with that passed in. */ + fail = kyber_cmp(ct, cmp, ctSz); + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- /* Hash the cipher text after the seed. */ +- ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); +- } +- if (ret == 0) { +- /* Change seed to z on comparison failure. */ +- for (i = 0; i < KYBER_SYM_SZ; i++) { +- kr[i] ^= (kr[i] ^ key->z[i]) & fail; ++ { ++ /* Hash the cipher text after the seed. */ ++ ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); ++ if (ret == 0) { ++ /* Change seed to z on comparison failure. */ ++ for (i = 0; i < KYBER_SYM_SZ; i++) { ++ kr[i] ^= (kr[i] ^ key->z[i]) & fail; ++ } ++ ++ /* Derive the secret from the seed and hash of cipher text. */ ++ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ } + } +- +- /* Derive the secret from the seed and hash of cipher text. */ +- ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); +-#else +- ret = kyber_derive_secret(key->z, ct, ctSz, msg); +- } +- if (ret == 0) { +- /* Change seed to z on comparison failure. */ +- for (i = 0; i < KYBER_SYM_SZ; i++) { +- ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = kyber_derive_secret(key->z, ct, ctSz, msg); ++ if (ret == 0) { ++ /* Change seed to z on comparison failure. */ ++ for (i = 0; i < KYBER_SYM_SZ; i++) { ++ ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); ++ } ++ } + } + #endif + } +@@ -947,6 +1144,30 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -968,6 +1189,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1030,6 +1252,27 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1048,6 +1291,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1103,6 +1347,24 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + /* Return in 'len' size of the encoded private key for the type of this + * key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PRIVATE_KEY_SIZE; +@@ -1118,6 +1380,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + *len = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1150,6 +1413,24 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + /* Return in 'len' size of the encoded public key for the type of this + * key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PUBLIC_KEY_SIZE; +@@ -1165,6 +1446,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + *len = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1206,6 +1488,30 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) + + if (ret == 0) { + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1227,6 +1533,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) + privLen = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1293,6 +1600,27 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) + + if (ret == 0) { + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1311,6 +1639,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c +index 52c8af356f..f7cb6056c7 100644 +--- a/wolfcrypt/src/wc_kyber_poly.c ++++ b/wolfcrypt/src/wc_kyber_poly.c +@@ -33,6 +33,12 @@ + * WOLFSSL_WC_KYBER Default: OFF + * Enables this code, wolfSSL implementation, to be built. + * ++ * WOLFSSL_WC_ML_KEM_512 Default: OFF ++ * Enables the ML-KEM 512 parameter implementations. ++ * WOLFSSL_WC_ML_KEM_768 Default: OFF ++ * Enables the ML-KEM 768 parameter implementations. ++ * WOLFSSL_WC_ML_KEM_1024 Default: OFF ++ * Enables the ML-KEM 1024 parameter implementations. + * WOLFSSL_KYBER512 Default: OFF + * Enables the KYBER512 parameter implementations. + * WOLFSSL_KYBER768 Default: OFF +@@ -1402,7 +1408,7 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, + /******************************************************************************/ + + #ifdef USE_INTEL_SPEEDUP +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1492,7 +1498,7 @@ static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1617,7 +1623,7 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) + return 0; + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1706,9 +1712,9 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) + + return 0; + } +-#endif /* KYBER1024 */ ++#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */ + #elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1782,7 +1788,7 @@ static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1848,7 +1854,7 @@ static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -2381,7 +2387,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + { + int ret; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); +@@ -2400,7 +2406,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + } + else + #endif +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); +@@ -2419,7 +2425,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + } + else + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); +@@ -2556,7 +2562,7 @@ static void kyber_cbd_eta2(sword16* p, const byte* r) + #endif + } + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Subtract one 3 bit value from another out of a larger number. + * + * @param [in] d Value containing sequential 3 bit values. +@@ -2726,7 +2732,7 @@ static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p, + + (void)eta1; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (eta1 == KYBER_CBD_ETA3) { + byte rand[ETA3_RAND_SIZE]; + +@@ -2781,7 +2787,8 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p, + #ifdef USE_INTEL_SPEEDUP + #define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +-#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024) ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \ ++ defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -2804,7 +2811,7 @@ static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o) + } + #endif + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -2890,7 +2897,7 @@ static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1, + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -2921,7 +2928,7 @@ static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly, + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -2981,7 +2988,7 @@ static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) + kyber_shake256_blocksx3_seed_neon(state, seed); + } + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -3068,7 +3075,7 @@ static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -3122,7 +3129,7 @@ static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -3221,7 +3228,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + { + int ret; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); +@@ -3245,7 +3252,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + } + else + #endif +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); +@@ -3265,7 +3272,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + } + else + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); +@@ -3475,7 +3482,8 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) + + #endif /* CONV_WITH_DIV */ + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Compress the vector of polynomials into a byte array with 10 bits each. + * + * @param [out] b Array of bytes. +@@ -3593,7 +3601,7 @@ void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp) + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Compress the vector of polynomials into a byte array with 11 bits each. + * + * @param [out] b Array of bytes. +@@ -3713,7 +3721,8 @@ void kyber_vec_compress_11(byte* r, sword16* v) + v[(i) * KYBER_N + 8 * (j) + (k)] = \ + (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11) + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Decompress the byte array of packed 10 bits into vector of polynomials. + * + * @param [out] v Vector of polynomials. +@@ -3785,7 +3794,7 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b, + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Decompress the byte array of packed 11 bits into vector of polynomials. + * + * @param [out] v Vector of polynomials. +@@ -3948,7 +3957,8 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b) + + #endif /* CONV_WITH_DIV */ + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Compress a polynomial into byte array - on coefficients into 4 bits. + * + * @param [out] b Array of bytes. +@@ -4020,7 +4030,7 @@ void kyber_compress_4(byte* b, sword16* p) + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Compress a polynomial into byte array - on coefficients into 5 bits. + * + * @param [out] b Array of bytes. +@@ -4117,7 +4127,8 @@ void kyber_compress_5(byte* b, sword16* p) + #define DECOMP_5(p, i, j, t) \ + p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5 + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Decompress the byte array of packed 4 bits into polynomial. + * + * @param [out] p Polynomial. +@@ -4155,7 +4166,7 @@ void kyber_decompress_4(sword16* p, const unsigned char* b) + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Decompress the byte array of packed 5 bits into polynomial. + * + * @param [out] p Polynomial. +diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c +index 5b15367f8e..b293e8a93c 100644 +--- a/wolfcrypt/test/test.c ++++ b/wolfcrypt/test/test.c +@@ -38138,7 +38138,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) + + #ifdef WOLFSSL_HAVE_KYBER + #ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */ +-#ifdef WOLFSSL_KYBER512 ++#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) + static wc_test_ret_t kyber512_kat(void) + { + wc_test_ret_t ret; +@@ -38174,8 +38174,8 @@ static wc_test_ret_t kyber512_kat(void) + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { + 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB, + 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05, + 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA, +@@ -38276,7 +38276,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = { + 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, + 0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57, + 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, +@@ -38377,10 +38380,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42, + 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, + 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { + 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64, + 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE, + 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33, +@@ -38585,7 +38588,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = { + 0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c, + 0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e, + 0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a, +@@ -38790,10 +38796,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { + 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D, + 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA, + 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9, +@@ -38890,7 +38896,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23, + 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81, + 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = { + 0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35, + 0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f, + 0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3, +@@ -38987,21 +38996,24 @@ static wc_test_ret_t kyber512_kat(void) + 0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe, + 0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6, + 0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { + 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C, + 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC, + 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02, + 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = { + 0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22, + 0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91, + 0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49, + 0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -39021,6 +39033,7 @@ static wc_test_ret_t kyber512_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -39063,6 +39076,52 @@ static wc_test_ret_t kyber512_kat(void) + + if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand, ++ sizeof(kyber512_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_512_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand, ++ sizeof(kyber512enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_512_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -39082,7 +39141,7 @@ out: + } + #endif /* WOLFSSL_KYBER512 */ + +-#ifdef WOLFSSL_KYBER768 ++#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) + static wc_test_ret_t kyber768_kat(void) + { + wc_test_ret_t ret; +@@ -39119,8 +39178,8 @@ static wc_test_ret_t kyber768_kat(void) + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; + +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { + 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8, + 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D, + 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E, +@@ -39269,7 +39328,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = { + 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, + 0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71, + 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, +@@ -39418,10 +39480,10 @@ static wc_test_ret_t kyber768_kat(void) + 0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d, + 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, + 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, +@@ -39722,7 +39784,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = { + 0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61, + 0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d, + 0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a, +@@ -40023,10 +40088,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { + 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9, + 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67, + 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A, +@@ -40163,7 +40228,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10, + 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D, + 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = { + 0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97, + 0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08, + 0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad, +@@ -40300,21 +40368,24 @@ static wc_test_ret_t kyber768_kat(void) + 0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84, + 0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33, + 0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { + 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73, + 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28, + 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7, + 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = { + 0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70, + 0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29, + 0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4, + 0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68 +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -40334,6 +40405,7 @@ static wc_test_ret_t kyber768_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -40376,6 +40448,52 @@ static wc_test_ret_t kyber768_kat(void) + + if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand, ++ sizeof(kyber768_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_768_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand, ++ sizeof(kyber768enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_768_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -40395,7 +40513,7 @@ out: + } + #endif /* WOLFSSL_KYBER768 */ + +-#ifdef WOLFSSL_KYBER1024 ++#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) + static wc_test_ret_t kyber1024_kat(void) + { + wc_test_ret_t ret; +@@ -40431,8 +40549,8 @@ static wc_test_ret_t kyber1024_kat(void) + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { + 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC, + 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB, + 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78, +@@ -40629,7 +40747,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = { + 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, + 0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0, + 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, +@@ -40826,10 +40947,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38, + 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, + 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, +@@ -41226,7 +41347,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = { + 0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88, + 0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8, + 0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77, +@@ -41623,10 +41747,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { + 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1, + 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1, + 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE, +@@ -41823,7 +41947,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4, + 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7, + 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = { + 0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38, + 0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95, + 0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb, +@@ -42020,21 +42147,24 @@ static wc_test_ret_t kyber1024_kat(void) + 0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf, + 0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e, + 0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { + 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4, + 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5, + 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55, + 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = { + 0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3, + 0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76, + 0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48, + 0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6 +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -42054,6 +42184,7 @@ static wc_test_ret_t kyber1024_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -42096,6 +42227,52 @@ static wc_test_ret_t kyber1024_kat(void) + + if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand, ++ sizeof(kyber1024_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_MAX_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand, ++ sizeof(kyber1024enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_1024_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -42142,6 +42319,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + #endif + int key_inited = 0; + static const int testData[][4] = { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ { WC_ML_KEM_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_512_PUBLIC_KEY_SIZE, WC_ML_KEM_512_CIPHER_TEXT_SIZE }, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ { WC_ML_KEM_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_768_PUBLIC_KEY_SIZE, WC_ML_KEM_768_CIPHER_TEXT_SIZE }, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE }, ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE, + KYBER512_CIPHER_TEXT_SIZE }, +@@ -42154,6 +42346,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE, + KYBER1024_CIPHER_TEXT_SIZE }, + #endif ++#endif + }; + WOLFSSL_ENTER("kyber_test"); + +@@ -42251,17 +42444,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + wc_FreeRng(&rng); + + #ifdef WOLFSSL_WC_KYBER +-#ifdef WOLFSSL_KYBER512 ++#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) + ret = kyber512_kat(); + if (ret != 0) + goto out; + #endif +-#ifdef WOLFSSL_KYBER768 ++#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) + ret = kyber768_kat(); + if (ret != 0) + goto out; + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) + ret = kyber1024_kat(); + if (ret != 0) + goto out; +diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h +index 4bbdf6565c..d0efd488df 100644 +--- a/wolfssl/ssl.h ++++ b/wolfssl/ssl.h +@@ -4177,35 +4177,44 @@ enum { + * algorithms have LEVEL2 and LEVEL4 because none of these submissions + * included them. */ + +-#ifndef WOLFSSL_ML_KEM ++#ifdef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_MIN = 570, + WOLFSSL_PQC_SIMPLE_MIN = 570, + WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ + WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ + WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ ++#ifdef WOLFSSL_NO_ML_KEM + WOLFSSL_PQC_SIMPLE_MAX = 573, ++#endif + + WOLFSSL_PQC_HYBRID_MIN = 12090, + WOLFSSL_P256_KYBER_LEVEL1 = 12090, + WOLFSSL_P384_KYBER_LEVEL3 = 12092, + WOLFSSL_P521_KYBER_LEVEL5 = 12093, ++#ifdef WOLFSSL_NO_ML_KEM + WOLFSSL_PQC_HYBRID_MAX = 12093, + WOLFSSL_PQC_MAX = 12093, +-#else ++#endif ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++#ifndef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_MIN = 583, + WOLFSSL_PQC_SIMPLE_MIN = 583, +- WOLFSSL_KYBER_LEVEL1 = 583, /* ML-KEM 512 */ +- WOLFSSL_KYBER_LEVEL3 = 584, /* ML-KEM 768 */ +- WOLFSSL_KYBER_LEVEL5 = 585, /* ML-KEM 1024 */ ++#endif ++ WOLFSSL_ML_KEM_512 = 583, /* ML-KEM 512 */ ++ WOLFSSL_ML_KEM_768 = 584, /* ML-KEM 768 */ ++ WOLFSSL_ML_KEM_1024 = 585, /* ML-KEM 1024 */ + WOLFSSL_PQC_SIMPLE_MAX = 585, + ++#ifndef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_HYBRID_MIN = 12103, +- WOLFSSL_P256_KYBER_LEVEL1 = 12103, +- WOLFSSL_P384_KYBER_LEVEL3 = 12104, +- WOLFSSL_P521_KYBER_LEVEL5 = 12105, ++#endif ++ WOLFSSL_P256_ML_KEM_512 = 12103, ++ WOLFSSL_P384_ML_KEM_768 = 12104, ++ WOLFSSL_P521_ML_KEM_1024 = 12105, + WOLFSSL_PQC_HYBRID_MAX = 12105, + WOLFSSL_PQC_MAX = 12105, +-#endif /* WOLFSSL_ML_KEM */ ++#endif /* !WOLFSSL_NO_ML_KEM */ + #endif /* HAVE_PQC */ + }; + +diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h +index 93b502223a..3fb1a231ee 100644 +--- a/wolfssl/wolfcrypt/kyber.h ++++ b/wolfssl/wolfcrypt/kyber.h +@@ -153,9 +153,14 @@ + + enum { + /* Types of Kyber keys. */ +- KYBER512 = 0, +- KYBER768 = 1, +- KYBER1024 = 2, ++ WC_ML_KEM_512 = 0, ++ WC_ML_KEM_768 = 1, ++ WC_ML_KEM_1024 = 2, ++ ++ KYBER_ORIGINAL = 0x10, ++ KYBER512 = 0 | KYBER_ORIGINAL, ++ KYBER768 = 1 | KYBER_ORIGINAL, ++ KYBER1024 = 2 | KYBER_ORIGINAL, + + KYBER_LEVEL1 = KYBER512, + KYBER_LEVEL3 = KYBER768, +@@ -215,30 +220,48 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, + + + ++#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_512 ++#endif ++#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_768 ++#endif ++#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_1024 ++#endif ++ ++#ifdef WOLFSSL_WC_ML_KEM_512 + #define WC_ML_KEM_512_K KYBER512_K + #define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \ ++ KYBER512_POLY_VEC_COMPRESSED_SZ ++#endif + ++#ifdef WOLFSSL_WC_ML_KEM_768 + #define WC_ML_KEM_768_K KYBER768_K + #define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \ ++ KYBER768_POLY_VEC_COMPRESSED_SZ ++#endif + ++#ifdef WOLFSSL_WC_ML_KEM_1024 + #define WC_ML_KEM_1024_K KYBER1024_K + #define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \ ++ KYBER1024_POLY_VEC_COMPRESSED_SZ ++#endif + + #define WC_ML_KEM_MAX_K KYBER_MAX_K + #define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE + #define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE + #define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE KYBER_MAX_CIPHER_TEXT_SIZE + +-#define WC_ML_KEM_512 KYBER512 +-#define WC_ML_KEM_768 KYBER768 +-#define WC_ML_KEM_1024 KYBER1024 +- + #define WC_ML_KEM_SYM_SZ KYBER_SYM_SZ + #define WC_ML_KEM_SS_SZ KYBER_SS_SZ + #define WC_ML_KEM_MAKEKEY_RAND_SZ KYBER_MAKEKEY_RAND_SZ +-- +2.43.0 +