From 1e47a16ca01e9eb5259bca7b3b002027eac692fc Mon Sep 17 00:00:00 2001 From: Thomas Yau Date: Mon, 25 Nov 2024 12:27:54 +0800 Subject: [PATCH] Remove liboqs and use WolfSSL's Kyber implementation Remove references to liboqs and edit build flag/configs for each of the platform. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release. The patch consists of the commits and code changes from the following PR from WolfSSL: - https://github.com/wolfSSL/wolfssl/pull/8143 - https://github.com/wolfSSL/wolfssl/pull/8172 - https://github.com/wolfSSL/wolfssl/pull/8183 - https://github.com/wolfSSL/wolfssl/pull/8185 Configuration for enabling ML-KEM/Kyber: 1. For only ML-KEM: ./configure --enable-kyber ./configure --enable-kyber=all,ml-kem 2. For just Kyber: ./configure --enable-kyber=all,original 3. For ML-KEM and Kyber ./configure --enable-kyber=all,original,ml-kem ./configure --enable-kyber=all,ml-kem,original --- 3rd_party_deps.yml | 6 +- Earthfile | 2 +- android.yml | 25 +- ios.yml | 23 +- .../Lightway.xcodeproj/project.pbxproj | 4 - ios/autotools-ios-helper.sh | 8 +- ios/liboqs-helper.sh | 96 - linux.yml | 25 +- linux_386.yml | 25 +- linux_arm.yml | 25 +- linux_arm64.yml | 25 +- linux_arm_no_pqc.yml | 6 +- linux_riscv64.yml | 6 +- macos.yml | 27 +- macos_arm64.yml | 27 +- tvos.yml | 22 +- windows/wolfssl-user_settings-32.h | 25 +- windows/wolfssl-user_settings-64.h | 25 +- windows/wolfssl-user_settings-arm-64.h | 25 +- windows/wolfssl.vcxproj | 24 +- windows_32.yml | 21 +- windows_64.yml | 21 +- windows_arm64.yml | 21 +- wolfssl/fix-falcon-dilithm-flags.patch | 32 - wolfssl/fix-kyber-get-curve-name.patch | 40 + wolfssl/fix-kyber-mlkem-benchmark.patch | 86 + wolfssl/fix-mlkem-get-curve-name.patch | 200 + ...include-private-key-fields-for-kyber.patch | 25 + wolfssl/make-kyber-mlkem-available.patch | 3228 +++++++++++++++++ 29 files changed, 3746 insertions(+), 379 deletions(-) delete mode 100755 ios/liboqs-helper.sh delete mode 100644 wolfssl/fix-falcon-dilithm-flags.patch create mode 100644 wolfssl/fix-kyber-get-curve-name.patch create mode 100644 wolfssl/fix-kyber-mlkem-benchmark.patch create mode 100644 wolfssl/fix-mlkem-get-curve-name.patch create mode 100644 wolfssl/include-private-key-fields-for-kyber.patch create mode 100644 wolfssl/make-kyber-mlkem-available.patch diff --git a/3rd_party_deps.yml b/3rd_party_deps.yml index 23e3a2e1..6ceb1905 100644 --- a/3rd_party_deps.yml +++ b/3rd_party_deps.yml @@ -6,7 +6,6 @@ --disable-dh --disable-examples --disable-oldtls - --disable-sha3 --disable-shared --disable-sys-ca-certs --disable-dilithium @@ -23,6 +22,5 @@ --enable-static --enable-tls13 --enable-experimental - - :HE_LIBOQS_SOURCE: https://github.com/open-quantum-safe/liboqs - - :HE_LIBOQS_TAG: 0.9.2 - - :HE_LIBOQS_BUILD_FLAGS: -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD='KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5;SIG_falcon_512;SIG_falcon_1024' + --enable-sha3 + --enable-kyber=all,original diff --git a/Earthfile b/Earthfile index bf9d72ee..b2f6fd7f 100644 --- a/Earthfile +++ b/Earthfile @@ -18,7 +18,7 @@ libhelium-deps: # Make the directory structure so that the config can be parsed # To improve caching we want to separate this out as the WolfSSL dependency # fetch and build are the slowest parts of the process. - RUN mkdir -p src include test/support third_party/wolfssl third_party/liboqs + RUN mkdir -p src include test/support third_party/wolfssl # Copy the patch files COPY --dir wolfssl ./ # Build and fetch the dependencies diff --git a/android.yml b/android.yml index 01501f38..5e1fb27b 100644 --- a/android.yml +++ b/android.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DANDROID_ABI=$ARCH -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -36,9 +19,13 @@ - C_EXTRA_FLAGS= -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -fomit-frame-pointer -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - LIBS=-llog -landroid :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - - ./configure $CROSS_OPTS C_EXTRA_FLAGS="$C_EXTRA_FLAGS" --prefix=$(pwd)/../builds/wolfssl_build $HE_WOLFSSL_CONF_FLAGS --with-liboqs=$(pwd)/../liboqs/build --disable-crypttests + - ./configure $CROSS_OPTS C_EXTRA_FLAGS="$C_EXTRA_FLAGS" --prefix=$(pwd)/../builds/wolfssl_build $HE_WOLFSSL_CONF_FLAGS --disable-crypttests - make - make install :artifacts: diff --git a/ios.yml b/ios.yml index b9578549..91a9b843 100644 --- a/ios.yml +++ b/ios.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build_universal - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - cp ../../cmake/apple.cmake ./apple.cmake - - cp ../../ios/liboqs-helper.sh ./liboqs-helper.sh - - "./liboqs-helper.sh -iphoneuniversal" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_ios @@ -33,7 +16,11 @@ :source: $HE_WOLFSSL_SOURCE :tag: $HE_WOLFSSL_TAG :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - "cp ../../ios/autotools-ios-helper.sh ./autotools-ios-helper.sh" - "./autotools-ios-helper.sh -iphoneuniversal" diff --git a/ios/Lightway/Lightway.xcodeproj/project.pbxproj b/ios/Lightway/Lightway.xcodeproj/project.pbxproj index 4ce1fe5d..6f3088c0 100644 --- a/ios/Lightway/Lightway.xcodeproj/project.pbxproj +++ b/ios/Lightway/Lightway.xcodeproj/project.pbxproj @@ -471,12 +471,10 @@ ); LIBRARY_SEARCH_PATHS = ( "$(PROJECT_DIR)/../../third_party/builds/wolfssl_ios/Release$(EFFECTIVE_PLATFORM_NAME)/lib", - "$(PROJECT_DIR)/../../third_party/liboqs/build_universal/lib", ); OTHER_CFLAGS = ""; OTHER_LDFLAGS = ( "-lwolfssl", - "-loqs", ); PRODUCT_BUNDLE_IDENTIFIER = com.expressvpn.Lightway; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; @@ -514,12 +512,10 @@ ); LIBRARY_SEARCH_PATHS = ( "$(PROJECT_DIR)/../../third_party/builds/wolfssl_ios/Release$(EFFECTIVE_PLATFORM_NAME)/lib", - "$(PROJECT_DIR)/../../third_party/liboqs/build_universal/lib", ); OTHER_CFLAGS = ""; OTHER_LDFLAGS = ( "-lwolfssl", - "-loqs", ); PRODUCT_BUNDLE_IDENTIFIER = com.expressvpn.Lightway; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; diff --git a/ios/autotools-ios-helper.sh b/ios/autotools-ios-helper.sh index e8a50c97..9922c135 100755 --- a/ios/autotools-ios-helper.sh +++ b/ios/autotools-ios-helper.sh @@ -20,8 +20,6 @@ set -e export MIN_IOS_VERSION=12.0 export MIN_TVOS_VERSION=17.0 -OQS_BUILD=${OQS_BUILD:-"$(pwd)/../liboqs/build_universal"} - build() { # Compiler options export OPT_FLAGS="-O3" @@ -57,10 +55,8 @@ build() { --enable-dtls-mtu \ --enable-dtls-frag-ch \ --enable-sp=yes,4096 \ - --disable-sha3 \ --disable-dh \ --enable-curve25519 \ - --with-liboqs="${OQS_BUILD}" \ --enable-secure-renegotiation \ --disable-shared \ --disable-examples \ @@ -68,7 +64,9 @@ build() { --enable-sni \ --disable-crypttests \ --enable-aes-bitsliced \ - --enable-experimental + --enable-experimental \ + --enable-sha3 \ + --enable-kyber=all,original make clean mkdir -p "${EXEC_PREFIX}" make V=1 -j"${MAKE_JOBS}" --debug=j diff --git a/ios/liboqs-helper.sh b/ios/liboqs-helper.sh deleted file mode 100755 index aa594798..00000000 --- a/ios/liboqs-helper.sh +++ /dev/null @@ -1,96 +0,0 @@ -export MIN_IOS_VERSION=12.0 -export MIN_TVOS_VERSION=17.0 - -PREFIX=${PREFIX:-"$(pwd)"} - -LIBOQS_CMAKE_FLAGS="-DCMAKE_TOOLCHAIN_FILE=apple.cmake -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD='KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5;SIG_falcon_512;SIG_falcon_1024'" - -build_iphoneos() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-iphoneos -DPLATFORM=OS64 -DDEPLOYMENT_TARGET=$MIN_IOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-iphoneos --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk iphoneos - cp ${PREFIX}/build-iphoneos/lib/Release/${LIB_NAME} ${PREFIX}/build-iphoneos/lib -} - -build_iphonesimulator() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-iphonesimulator -DPLATFORM=SIMULATOR64 -DDEPLOYMENT_TARGET=$MIN_IOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-iphonesimulator --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk iphonesimulator - cp ${PREFIX}/build-iphonesimulator/lib/Release/${LIB_NAME} ${PREFIX}/build-iphonesimulator/lib -} - -build_tvos() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-appletvos -DPLATFORM=TVOS -DDEPLOYMENT_TARGET=$MIN_TVOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-appletvos --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk appletvos - cp ${PREFIX}/build-appletvos/lib/Release/${LIB_NAME} ${PREFIX}/build-appletvos/lib -} - -build_tvsimulator() { - LIB_NAME="liboqs.a" - cmake -G Xcode -B ${PREFIX}/build-appletvsimulator -DPLATFORM=SIMULATOR_TVOS -DDEPLOYMENT_TARGET=$MIN_TVOS_VERSION $LIBOQS_CMAKE_FLAGS . - cmake --build ${PREFIX}/build-appletvsimulator --config Release --target oqs -- -j $(/usr/sbin/sysctl -n hw.ncpu) -sdk appletvsimulator - cp ${PREFIX}/build-appletvsimulator/lib/Release/${LIB_NAME} ${PREFIX}/build-appletvsimulator/lib -} - -build_ios_universal_binary() { - # Create ios universal binary - LIB_NAME="liboqs.a" - mkdir -p ${PREFIX}/build_universal/lib - cp -r ${PREFIX}/build-iphoneos/include ${PREFIX}/build_universal - lipo -create -output "${PREFIX}/build_universal/lib/${LIB_NAME}" \ - "${PREFIX}/build-iphoneos/lib/Release/${LIB_NAME}" \ - "${PREFIX}/build-iphonesimulator/lib/Release/${LIB_NAME}" -} - -build_tvos_universal_binary() { - # Create ios universal binary - LIB_NAME="liboqs.a" - mkdir -p ${PREFIX}/build_universal/lib - cp -r ${PREFIX}/build-appletvos/include build_universal - lipo -create -output "${PREFIX}/build_universal/lib/${LIB_NAME}" \ - "${PREFIX}/build-appletvos/lib/Release/${LIB_NAME}" \ - "${PREFIX}/build-appletvsimulator/lib/Release/${LIB_NAME}" -} - -TARGET=${1:-"-all"} -echo "Building liboqs for ${TARGET}..." - -case "${TARGET}" in --iphoneos) - build_iphoneos - ;; --iphonesimulator) - build_iphonesimulator - ;; --iphoneuniversal) - build_iphoneos - build_iphonesimulator - build_ios_universal_binary - ;; --appletvos) - build_tvos - ;; --appletvsimulator) - build_tvsimulator - ;; --appletvuniversal) - build_tvos - build_tvsimulator - build_tvos_universal_binary - ;; --all) - build_iphoneos - build_iphonesimulator - build_ios_universal_binary - build_tvos - build_tvsimulator - build_tvos_universal_binary - ;; -*) - echo "Unsupport target: ${TARGET}" - exit 64 - ;; -esac - -echo "Building liboqs for ${TARGET}... Done." diff --git a/linux.yml b/linux.yml index 8ff83bc4..f0509168 100644 --- a/linux.yml +++ b/linux.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT -Wno-error=stringop-overflow :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-aesni --enable-sp-asm --enable-intelasm" + - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-aesni --enable-sp-asm --enable-intelasm" - "make" - "make install" :artifacts: diff --git a/linux_386.yml b/linux_386.yml index b9481c57..13788f56 100644 --- a/linux_386.yml +++ b/linux_386.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_x86.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -36,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -m32 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - LDFLAGS= -m32 :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --disable-asm --disable-sp-asm --disable-intelasm" + - "./configure $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" - "make install" :artifacts: diff --git a/linux_arm.yml b/linux_arm.yml index d67ad702..971b514a 100644 --- a/linux_arm.yml +++ b/linux_arm.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_armhf.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build" + - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" - "make install" :artifacts: diff --git a/linux_arm64.yml b/linux_arm64.yml index c7ecd368..c88c759b 100644 --- a/linux_arm64.yml +++ b/linux_arm64.yml @@ -8,23 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_arm64.cmake $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -35,9 +18,13 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-sp-asm --enable-armasm" + - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-sp-asm --enable-armasm" - "make" - "make install" :artifacts: diff --git a/linux_arm_no_pqc.yml b/linux_arm_no_pqc.yml index f44c1c36..f1e87414 100644 --- a/linux_arm_no_pqc.yml +++ b/linux_arm_no_pqc.yml @@ -26,7 +26,11 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT -Werror -Wno-pragmas -Wall -Wextra -Wno-strict-aliasing :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" diff --git a/linux_riscv64.yml b/linux_riscv64.yml index e51b4824..810bf76d 100644 --- a/linux_riscv64.yml +++ b/linux_riscv64.yml @@ -26,7 +26,11 @@ :environment: - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DUSE_CERT_BUFFERS_4096 -DUSE_CERT_BUFFERS_256 -DWOLFSSL_NO_ATOMICS -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch || true + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - "./configure --host=$CROSS_COMPILE $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build" - "make" diff --git a/macos.yml b/macos.yml index 557020e1..3027bf5c 100644 --- a/macos.yml +++ b/macos.yml @@ -8,25 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :environment: - - CC=clang - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=../../cmake/apple.cmake -DPLATFORM=MAC -DDEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET -DCMAKE_REQUIRED_FLAGS=\"-Werror=unguarded-availability-new\" $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -38,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -target x86_64-apple-darwin -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - CC=clang :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=x86_64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-aesni --enable-sp-asm --enable-intelasm" + - "./configure --host=x86_64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-aesni --enable-sp-asm --enable-intelasm" - "make" - "make install" :artifacts: diff --git a/macos_arm64.yml b/macos_arm64.yml index 27e721a8..dbd4fc0a 100644 --- a/macos_arm64.yml +++ b/macos_arm64.yml @@ -8,25 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :environment: - - CC=clang - :build: - - "mkdir -p build" - - "cd build && cmake -DCMAKE_TOOLCHAIN_FILE=../../cmake/apple.cmake -DPLATFORM=MAC_ARM64 -DDEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET -DCMAKE_REQUIRED_FLAGS=\"-Werror=unguarded-availability-new\" $HE_LIBOQS_BUILD_FLAGS .." - - "cd build && make all" - :artifacts: - :includes: - - include - - include/oqs - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_build @@ -38,9 +19,13 @@ - CFLAGS=-O3 -fPIC -D_FORTIFY_SOURCE=2 -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -target arm64-apple-darwin -DWOLFSSL_NO_SPHINCS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT - CC=clang :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "autoreconf -i" - - "./configure --host=aarch64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --with-liboqs=$(pwd)/../liboqs/build --enable-sp-asm --enable-armasm" + - "./configure --host=aarch64-apple-darwin $HE_WOLFSSL_CONF_FLAGS --prefix=$(pwd)/../builds/wolfssl_build --enable-sp-asm --enable-armasm" - "make" - "make install" :artifacts: diff --git a/tvos.yml b/tvos.yml index 6aa829b4..050cf458 100644 --- a/tvos.yml +++ b/tvos.yml @@ -8,22 +8,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build_universal - :fetch: - :method: :git - :source: $HE_LIBOQS_SOURCE - :tag: $HE_LIBOQS_TAG - :build: - - cp ../../cmake/apple.cmake ./apple.cmake - - cp ../../ios/liboqs-helper.sh ./liboqs-helper.sh - - "./liboqs-helper.sh -appletvuniversal" - :artifacts: - :includes: - - include - :static_libraries: - - lib/liboqs.a - :name: WolfSSL :source_path: third_party/wolfssl :artifact_path: third_party/builds/wolfssl_tvos @@ -32,7 +16,11 @@ :source: $HE_WOLFSSL_SOURCE :tag: $HE_WOLFSSL_TAG :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - autoreconf -i - cp ../../ios/autotools-ios-helper.sh ./autotools-ios-helper.sh - PREFIX=$(pwd)/../builds/wolfssl_tvos ./autotools-ios-helper.sh -appletvuniversal diff --git a/windows/wolfssl-user_settings-32.h b/windows/wolfssl-user_settings-32.h index dfd00166..6e6a68ef 100644 --- a/windows/wolfssl-user_settings-32.h +++ b/windows/wolfssl-user_settings-32.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl-user_settings-64.h b/windows/wolfssl-user_settings-64.h index 8df6ef82..9c79d837 100644 --- a/windows/wolfssl-user_settings-64.h +++ b/windows/wolfssl-user_settings-64.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl-user_settings-arm-64.h b/windows/wolfssl-user_settings-arm-64.h index 08dcf492..2dc2e5c2 100644 --- a/windows/wolfssl-user_settings-arm-64.h +++ b/windows/wolfssl-user_settings-arm-64.h @@ -190,7 +190,7 @@ // #define WOLFSSL_SYS_CA_CERTS #undef HAVE_LIBOQS -#define HAVE_LIBOQS +// #define HAVE_LIBOQS #undef WOLFSSL_NO_SPHINCS #define WOLFSSL_NO_SPHINCS @@ -198,4 +198,27 @@ #undef WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_EXPERIMENTAL_SETTINGS +// Post-quantum settings +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_KYBER_ORIGINAL +#define WOLFSSL_KYBER_ORIGINAL + +#undef WOLFSSL_NO_ML_KEM +#define WOLFSSL_NO_ML_KEM + +// Needed for using WolfSSL's Kyber implementation +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + #endif /* _WIN_USER_SETTINGS_H_ */ diff --git a/windows/wolfssl.vcxproj b/windows/wolfssl.vcxproj index bc3eb3bd..cc3978da 100644 --- a/windows/wolfssl.vcxproj +++ b/windows/wolfssl.vcxproj @@ -201,7 +201,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) true EnableFastChecks @@ -215,7 +215,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) true EnableFastChecks @@ -236,7 +236,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -250,7 +250,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -269,7 +269,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -283,7 +283,7 @@ Disabled - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -303,7 +303,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -316,7 +316,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -334,7 +334,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -348,7 +348,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -366,7 +366,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true @@ -380,7 +380,7 @@ MaxSpeed true - ./;./IDE/WIN;../liboqs/build/include;%(AdditionalIncludeDirectories) + ./;./IDE/WIN;%(AdditionalIncludeDirectories) WOLFSSL_MIN_RSA_BITS=2048;WOLFSSL_MIN_ECC_BITS=256;HAVE_SECURE_RENEGOTIATION;WOLFSSL_DTLS_CH_FRAG;WOLFSSL_TLS13_MIDDLEBOX_COMPAT;WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) MultiThreadedDLL true diff --git a/windows_32.yml b/windows_32.yml index 8aa57006..6ac54ea4 100644 --- a/windows_32.yml +++ b/windows_32.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_windows_x86.cmake %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-32.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-32.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/windows_64.yml b/windows_64.yml index 7f405f82..05bfb708 100644 --- a/windows_64.yml +++ b/windows_64.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-64.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-64.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/windows_arm64.yml b/windows_arm64.yml index 4cf420c4..dc7d9c20 100644 --- a/windows_arm64.yml +++ b/windows_arm64.yml @@ -5,21 +5,6 @@ :dependencies: :libraries: - - :name: liboqs - :source_path: third_party/liboqs - :artifact_path: third_party/liboqs/build - :fetch: - :method: :git - :source: "%HE_LIBOQS_SOURCE%" - :tag: "%HE_LIBOQS_TAG%" - :build: - - "cmake -B build -DCMAKE_TOOLCHAIN_FILE=.CMake/toolchain_windows_arm64.cmake %HE_LIBOQS_BUILD_FLAGS% ." - - "cmake --build build --config Release --target oqs --" - :artifacts: - :includes: - - include - :static_libraries: - - lib/Release/oqs.lib - :name: WolfSSL :source_path: third_party/wolfssl :fetch: @@ -27,7 +12,11 @@ :source: "%HE_WOLFSSL_SOURCE%" :tag: "%HE_WOLFSSL_TAG%" :build: - - git apply ../../wolfssl/fix-falcon-dilithm-flags.patch + - git apply ../../wolfssl/include-private-key-fields-for-kyber.patch + - git apply ../../wolfssl/make-kyber-mlkem-available.patch + - git apply ../../wolfssl/fix-kyber-mlkem-benchmark.patch + - git apply ../../wolfssl/fix-mlkem-get-curve-name.patch + - git apply ../../wolfssl/fix-kyber-get-curve-name.patch - "cp ../../windows/wolfssl-user_settings-arm-64.h wolfssl/user_settings.h" - "cp -f ../../windows/wolfssl-user_settings-arm-64.h IDE/WIN/user_settings.h" - "cp -f ../../windows/wolfssl.vcxproj ./wolfssl.vcxproj" diff --git a/wolfssl/fix-falcon-dilithm-flags.patch b/wolfssl/fix-falcon-dilithm-flags.patch deleted file mode 100644 index 722f8689..00000000 --- a/wolfssl/fix-falcon-dilithm-flags.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/wolfssl/internal.h b/wolfssl/internal.h -index c62ef351c..336bf1988 100644 ---- a/wolfssl/internal.h -+++ b/wolfssl/internal.h -@@ -3572,7 +3572,7 @@ typedef struct KeyShareEntry { - word32 keyLen; /* Key size (bytes) */ - byte* pubKey; /* Public key */ - word32 pubKeyLen; /* Public key length */ --#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) -+#if !defined(NO_DH) || defined(HAVE_PQC) - byte* privKey; /* Private key - DH and PQ KEMs only */ - word32 privKeyLen;/* Only for PQ KEMs. */ - #endif -diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h -index e02870c13..430734846 100644 ---- a/wolfssl/wolfcrypt/settings.h -+++ b/wolfssl/wolfcrypt/settings.h -@@ -3912,10 +3912,10 @@ extern void uITRON4_free(void *p) ; - * group */ - #ifdef HAVE_LIBOQS - #define HAVE_PQC --#define HAVE_FALCON --#ifndef HAVE_DILITHIUM -- #define HAVE_DILITHIUM --#endif -+// #define HAVE_FALCON -+// #ifndef HAVE_DILITHIUM -+// #define HAVE_DILITHIUM -+// #endif - #ifndef WOLFSSL_NO_SPHINCS - #define HAVE_SPHINCS - #endif diff --git a/wolfssl/fix-kyber-get-curve-name.patch b/wolfssl/fix-kyber-get-curve-name.patch new file mode 100644 index 00000000..b4a2e077 --- /dev/null +++ b/wolfssl/fix-kyber-get-curve-name.patch @@ -0,0 +1,40 @@ +From a8f88e38e24f7f3f0b5d2a552a59954594b79c08 Mon Sep 17 00:00:00 2001 +From: David Garske +Date: Thu, 14 Nov 2024 17:57:24 -0800 +Subject: [PATCH 4/4] Merge pull request #8185 from SparkiDev/kyber_fixes_4 + +Kyber: Fix wolfSSL_get_curve_name() +--- + src/ssl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index edcd5d9df1..559c977c61 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -14602,19 +14602,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #elif defined(WOLFSSL_WC_KYBER) +- #ifdef WOLFSSL_KYBER512 ++ #ifndef WOLFSSL_NO_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + #endif +- #ifdef WOLFSSL_KYBER768 ++ #ifndef WOLFSSL_NO_KYBER768 + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #ifndef WOLFSSL_NO_KYBER1024 + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_P521_KYBER_LEVEL5: +-- +2.43.0 + diff --git a/wolfssl/fix-kyber-mlkem-benchmark.patch b/wolfssl/fix-kyber-mlkem-benchmark.patch new file mode 100644 index 00000000..cb22fa05 --- /dev/null +++ b/wolfssl/fix-kyber-mlkem-benchmark.patch @@ -0,0 +1,86 @@ +From 4d81279e8982840d47e1719a5a5ba827c930b5a2 Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Mon, 11 Nov 2024 23:00:51 -0600 +Subject: [PATCH 2/4] Merge pull request #8172 from SparkiDev/kyber_bench_fix + +Kyber benchmark: allow ML-KEM and Kyber +--- + wolfcrypt/benchmark/benchmark.c | 41 +++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c +index a242ad9f2b..2a8a511643 100644 +--- a/wolfcrypt/benchmark/benchmark.c ++++ b/wolfcrypt/benchmark/benchmark.c +@@ -3652,6 +3652,24 @@ static void* benchmarks_do(void* args) + + #ifdef WOLFSSL_HAVE_KYBER + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_KYBER512 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { ++ bench_kyber(WC_ML_KEM_512); ++ } ++ #endif ++ #ifdef WOLFSSL_KYBER768 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) { ++ bench_kyber(WC_ML_KEM_768); ++ } ++ #endif ++ #ifdef WOLFSSL_KYBER1024 ++ if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) { ++ bench_kyber(WC_ML_KEM_1024); ++ } ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { + bench_kyber(KYBER512); +@@ -3667,6 +3685,7 @@ static void* benchmarks_do(void* args) + bench_kyber(KYBER1024); + } + #endif ++#endif + } + #endif + +@@ -9471,6 +9490,27 @@ void bench_kyber(int type) + int keySize = 0; + + switch (type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ name = "ML-KEM 512 "; ++ keySize = 128; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ name = "ML-KEM 768 "; ++ keySize = 192; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ name = "ML-KEM 1024 "; ++ keySize = 256; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + name = "KYBER512 "; +@@ -9488,6 +9528,7 @@ void bench_kyber(int type) + name = "KYBER1024"; + keySize = 256; + break; ++#endif + #endif + } + +-- +2.43.0 + diff --git a/wolfssl/fix-mlkem-get-curve-name.patch b/wolfssl/fix-mlkem-get-curve-name.patch new file mode 100644 index 00000000..e0e4bfb4 --- /dev/null +++ b/wolfssl/fix-mlkem-get-curve-name.patch @@ -0,0 +1,200 @@ +From bb3822635b481f00099374d4cc7358b8c90a01fd Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Thu, 14 Nov 2024 12:47:09 -0600 +Subject: [PATCH 3/4] Merge pull request #8183 from SparkiDev/kyber_fixes_3 + +Kyber: fixes to configure and wolfSSL_get_curve_name +--- + configure.ac | 13 +++++++++---- + src/ssl.c | 6 +++--- + src/tls.c | 24 ++++++++++++------------ + tests/api.c | 9 +++++++++ + 4 files changed, 33 insertions(+), 19 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 94a1d33e02..56aa878fd9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1276,7 +1276,7 @@ AC_ARG_ENABLE([kyber], + ) + + ENABLED_WC_KYBER=no +-ENABLED_ML_KEM=yes ++ENABLED_ML_KEM=unset + for v in `echo $ENABLED_KYBER | tr "," " "` + do + case $v in +@@ -1302,9 +1302,8 @@ do + original) + ENABLED_ORIGINAL=yes + ;; +- original-only) +- ENABLED_ORIGINAL=yes +- ENABLED_ML_KEM=no ++ ml-kem) ++ ENABLED_ML_KEM=yes + ;; + *) + AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.]) +@@ -1333,6 +1332,12 @@ then + if test "$ENABLED_KYBER1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" + fi ++ if test "$ENABLED_ML_KEM" = "unset"; then ++ ENABLED_ML_KEM=no ++ fi ++ fi ++ if test "$ENABLED_ML_KEM" = "unset"; then ++ ENABLED_ML_KEM=yes + fi + if test "$ENABLED_ML_KEM" = "yes"; then + if test "$ENABLED_KYBER512" = ""; then +diff --git a/src/ssl.c b/src/ssl.c +index d9a53dfd53..edcd5d9df1 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -14567,19 +14567,19 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_ML_KEM_1024: + return "P521_ML_KEM_1024"; + #elif defined(WOLFSSL_WC_KYBER) +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + return "ML_KEM_512"; + case WOLFSSL_P256_ML_KEM_512: + return "P256_ML_KEM_512"; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + return "ML_KEM_768"; + case WOLFSSL_P384_ML_KEM_768: + return "P384_ML_KEM_768"; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + return "ML_KEM_1024"; + case WOLFSSL_P521_ML_KEM_1024: +diff --git a/src/tls.c b/src/tls.c +index 0c69c079e3..25b7f03dfc 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -7983,17 +7983,17 @@ static int kyber_id2type(int id, int *type) + + switch (id) { + #ifndef WOLFSSL_NO_ML_KEM +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + *type = WC_ML_KEM_512; + break; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + *type = WC_ML_KEM_768; + break; + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + *type = WC_ML_KEM_1024; + break; +@@ -9693,15 +9693,15 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + #ifdef WOLFSSL_HAVE_KYBER + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + case WOLFSSL_P256_ML_KEM_512: + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + case WOLFSSL_P384_ML_KEM_768: + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + case WOLFSSL_P521_ML_KEM_1024: + #endif +@@ -9815,15 +9815,15 @@ static const word16 preferredGroup[] = { + #endif + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +- #ifdef WOLFSSL_WC_ML_KEM_512 ++ #ifndef WOLFSSL_NO_ML_KEM_512 + WOLFSSL_ML_KEM_512, + WOLFSSL_P256_ML_KEM_512, + #endif +- #ifdef WOLFSSL_WC_ML_KEM_768 ++ #ifndef WOLFSSL_NO_ML_KEM_768 + WOLFSSL_ML_KEM_768, + WOLFSSL_P384_ML_KEM_768, + #endif +- #ifdef WOLFSSL_WC_ML_KEM_1024 ++ #ifndef WOLFSSL_NO_ML_KEM_1024 + WOLFSSL_ML_KEM_1024, + WOLFSSL_P521_ML_KEM_1024, + #endif +@@ -13473,7 +13473,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + #ifdef WOLFSSL_HAVE_KYBER + #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER +-#ifdef WOLFSSL_WC_ML_KEM_512 ++#ifndef WOLFSSL_NO_ML_KEM_512 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, + ssl->heap); +@@ -13481,7 +13481,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ssl->heap); + #endif +-#ifdef WOLFSSL_WC_ML_KEM_768 ++#ifndef WOLFSSL_NO_ML_KEM_768 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, + ssl->heap); +@@ -13489,7 +13489,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ssl->heap); + #endif +-#ifdef WOLFSSL_WC_ML_KEM_1024 ++#ifndef WOLFSSL_NO_ML_KEM_1024 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, + ssl->heap); +diff --git a/tests/api.c b/tests/api.c +index 283ff6026e..82129aa561 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -95513,7 +95513,11 @@ static int test_dtls13_frag_ch_pq(void) + const char *test_str = "test"; + int test_str_size; + byte buf[255]; ++#ifdef WOLFSSL_KYBER_ORIGINAL + int group = WOLFSSL_KYBER_LEVEL5; ++#else ++ int group = WOLFSSL_ML_KEM_1024; ++#endif + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, +@@ -95523,8 +95527,13 @@ static int test_dtls13_frag_ch_pq(void) + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); ++#ifdef WOLFSSL_KYBER_ORIGINAL + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5"); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5"); ++#else ++ ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024"); ++ ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024"); ++#endif + test_str_size = XSTRLEN("test") + 1; + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); +-- +2.43.0 diff --git a/wolfssl/include-private-key-fields-for-kyber.patch b/wolfssl/include-private-key-fields-for-kyber.patch new file mode 100644 index 00000000..c7076297 --- /dev/null +++ b/wolfssl/include-private-key-fields-for-kyber.patch @@ -0,0 +1,25 @@ +From 5d61ca94c05561aefb11dfab4e15682c249c3746 Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Mon, 18 Nov 2024 08:29:16 +1000 +Subject: [PATCH] KeyShareEntry: include private key fields for KYBER + +Originallt HAVE_PQC and then changed to HAVE_FALCON and HAVE_DILITHIUM. +The KEM PQC algorithm is actually KYBER. +--- + wolfssl/internal.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wolfssl/internal.h b/wolfssl/internal.h +index 70c99818e5..2519f09d8c 100644 +--- a/wolfssl/internal.h ++++ b/wolfssl/internal.h +@@ -3539,7 +3539,7 @@ typedef struct KeyShareEntry { + word32 keyLen; /* Key size (bytes) */ + byte* pubKey; /* Public key */ + word32 pubKeyLen; /* Public key length */ +-#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) ++#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) + byte* privKey; /* Private key - DH and PQ KEMs only */ + word32 privKeyLen;/* Only for PQ KEMs. */ + #endif + \ No newline at end of file diff --git a/wolfssl/make-kyber-mlkem-available.patch b/wolfssl/make-kyber-mlkem-available.patch new file mode 100644 index 00000000..b9f3a1e3 --- /dev/null +++ b/wolfssl/make-kyber-mlkem-available.patch @@ -0,0 +1,3228 @@ +From bb142c730cfc40463341ccce21546cf939581096 Mon Sep 17 00:00:00 2001 +From: Daniel Pouzzner +Date: Sat, 9 Nov 2024 00:09:51 -0600 +Subject: [PATCH 1/4] Merge pull request #8143 from SparkiDev/kyber_plus_mlkem + +Kyber/ML-KEM: make both available +--- + IDE/STM32Cube/wolfssl_example.c | 5 + + configure.ac | 36 ++- + examples/benchmark/tls_bench.c | 10 + + examples/client/client.c | 70 +++++- + examples/server/server.c | 70 +++++- + src/ssl.c | 66 ++++- + src/tls.c | 142 +++++++++++ + tests/api.c | 220 +++++++++------- + tests/suites.c | 23 ++ + tests/test-dtls13-pq-2.conf | 14 ++ + tests/test-dtls13-pq.conf | 18 +- + tests/test-tls13-pq-2.conf | 30 +++ + tests/test-tls13-pq.conf | 30 +++ + wolfcrypt/src/ext_kyber.c | 59 ++++- + wolfcrypt/src/wc_kyber.c | 431 ++++++++++++++++++++++++++++---- + wolfcrypt/src/wc_kyber_poly.c | 71 +++--- + wolfcrypt/test/test.c | 277 ++++++++++++++++---- + wolfssl/ssl.h | 27 +- + wolfssl/wolfcrypt/kyber.h | 49 +++- + 19 files changed, 1395 insertions(+), 253 deletions(-) + +diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c +index 342e8ee9d0..be6195a60a 100644 +--- a/IDE/STM32Cube/wolfssl_example.c ++++ b/IDE/STM32Cube/wolfssl_example.c +@@ -1751,6 +1751,11 @@ static int tls13_uart_client(void) + wolfSSL_SetIOReadCtx(ssl, tbuf); + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) { ++ printf("wolfSSL_UseKeyShare Error!!"); ++ } ++#else + if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) { + printf("wolfSSL_UseKeyShare Error!!"); + } +diff --git a/configure.ac b/configure.ac +index 67298c4cd1..94a1d33e02 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1276,6 +1276,7 @@ AC_ARG_ENABLE([kyber], + ) + + ENABLED_WC_KYBER=no ++ENABLED_ML_KEM=yes + for v in `echo $ENABLED_KYBER | tr "," " "` + do + case $v in +@@ -1301,6 +1302,10 @@ do + original) + ENABLED_ORIGINAL=yes + ;; ++ original-only) ++ ENABLED_ORIGINAL=yes ++ ENABLED_ML_KEM=no ++ ;; + *) + AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.]) + break;; +@@ -1317,17 +1322,30 @@ then + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER" + fi + +- if test "$ENABLED_KYBER512" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" +- fi +- if test "$ENABLED_KYBER768" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" +- fi +- if test "$ENABLED_KYBER1024" = ""; then +- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" +- fi + if test "$ENABLED_ORIGINAL" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_ORIGINAL" ++ if test "$ENABLED_KYBER512" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" ++ fi ++ if test "$ENABLED_KYBER768" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" ++ fi ++ if test "$ENABLED_KYBER1024" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" ++ fi ++ fi ++ if test "$ENABLED_ML_KEM" = "yes"; then ++ if test "$ENABLED_KYBER512" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" ++ fi ++ if test "$ENABLED_KYBER768" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" ++ fi ++ if test "$ENABLED_KYBER1024" = ""; then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" ++ fi ++ else ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" + fi + + if test "$ENABLED_WC_KYBER" = "yes" +diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c +index 609481a3e0..321ab5c066 100644 +--- a/examples/benchmark/tls_bench.c ++++ b/examples/benchmark/tls_bench.c +@@ -288,12 +288,22 @@ static struct group_info groups[] = { + { WOLFSSL_FFDHE_6144, "FFDHE_6144" }, + { WOLFSSL_FFDHE_8192, "FFDHE_8192" }, + #ifdef HAVE_PQC ++#ifndef WOLFSSL_NO_ML_KEM ++ { WOLFSSL_ML_KEM_512, "ML_KEM_512" }, ++ { WOLFSSL_ML_KEM_768, "ML_KEM_768" }, ++ { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" }, ++ { WOLFSSL_P256_ML_KEM_512, "P256_ML_KEM_512" }, ++ { WOLFSSL_P384_ML_KEM_768, "P384_ML_KEM_768" }, ++ { WOLFSSL_P521_ML_KEM_1024, "P521_ML_KEM_1024" }, ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" }, + { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" }, + { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" }, + { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" }, + { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" }, + { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" }, ++#endif + #endif + { 0, NULL } + }; +diff --git a/examples/client/client.c b/examples/client/client.c +index f50f67fbb4..44306454b1 100644 +--- a/examples/client/client.c ++++ b/examples/client/client.c +@@ -398,6 +398,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + if (usePqc) { + int group = 0; + ++ #ifndef WOLFSSL_NO_ML_KEM ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { ++ group = WOLFSSL_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { ++ group = WOLFSSL_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { ++ group = WOLFSSL_ML_KEM_1024; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { ++ group = WOLFSSL_P256_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { ++ group = WOLFSSL_P384_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { ++ group = WOLFSSL_P521_ML_KEM_1024; ++ } ++ else ++ #endif ++ #endif /* WOLFSSL_NO_ML_KEM */ ++ #ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + group = WOLFSSL_KYBER_LEVEL1; +@@ -434,6 +473,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + } + else + #endif ++ #endif /* WOLFSSL_KYBER_ORIGINAL */ + { + err_sys("invalid post-quantum KEM specified"); + } +@@ -1330,8 +1370,19 @@ static const char* client_usage_msg[][77] = { + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ + #endif + #ifdef HAVE_PQC +- "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ ++ "--pqc Key Share with specified post-quantum algorithm only:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 69 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +@@ -1564,8 +1615,19 @@ static const char* client_usage_msg[][77] = { + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ + #endif + #ifdef HAVE_PQC +- "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ ++ "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 69 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +diff --git a/examples/server/server.c b/examples/server/server.c +index bc3e1509f7..1592a1d1eb 100644 +--- a/examples/server/server.c ++++ b/examples/server/server.c +@@ -712,6 +712,45 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + else if (usePqc == 1) { + #ifdef HAVE_PQC + groups[count] = 0; ++ #ifndef WOLFSSL_NO_ML_KEM ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { ++ groups[count] = WOLFSSL_ML_KEM_1024; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) { ++ groups[count] = WOLFSSL_P256_ML_KEM_512; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) { ++ groups[count] = WOLFSSL_P384_ML_KEM_768; ++ } ++ else ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) { ++ groups[count] = WOLFSSL_P521_ML_KEM_1024; ++ } ++ else ++ #endif ++ #endif /* WOLFSSL_NO_ML_KEM */ ++ #ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL1; +@@ -748,6 +787,7 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + } + else + #endif ++ #endif + { + err_sys("invalid post-quantum KEM specified"); + } +@@ -980,8 +1020,19 @@ static const char* server_usage_msg[][65] = { + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ + #endif + #ifdef HAVE_PQC +- "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */ ++ "--pqc Key Share with specified post-quantum algorithm only:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 60 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 61 */ +@@ -1172,8 +1223,19 @@ static const char* server_usage_msg[][65] = { + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ + #endif + #ifdef HAVE_PQC +- "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" +- " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */ ++ "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" ++#ifndef WOLFSSL_NO_ML_KEM ++ " ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512," ++ "\n" ++ " P384_ML_KEM_768, P521_ML_KEM_1024\n" ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL ++ " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " ++ "P256_KYBER_LEVEL1,\n" ++ " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" ++#endif ++ "", ++ /* 60 */ + #endif + #ifdef WOLFSSL_SRTP + "--srtp (デフォルトはSRTP_AES128_CM_SHA1_80)\n", /* 61 */ +diff --git a/src/ssl.c b/src/ssl.c +index fe81193482..d9a53dfd53 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -3297,6 +3297,17 @@ static int isValidCurveGroup(word16 name) + case WOLFSSL_FFDHE_8192: + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_ML_KEM_1024: ++ #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) ++ case WOLFSSL_P256_ML_KEM_512: ++ case WOLFSSL_P384_ML_KEM_768: ++ case WOLFSSL_P521_ML_KEM_1024: ++ #endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: +@@ -3305,6 +3316,7 @@ static int isValidCurveGroup(word16 name) + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + #endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + #endif + return 1; + +@@ -14540,6 +14552,42 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + * check to override this result in the case of a hybrid. */ + if (IsAtLeastTLSv1_3(ssl->version)) { + switch (ssl->namedGroup) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef HAVE_LIBOQS ++ case WOLFSSL_ML_KEM_512: ++ return "ML_KEM_512"; ++ case WOLFSSL_ML_KEM_768: ++ return "ML_KEM_768"; ++ case WOLFSSL_ML_KEM_1024: ++ return "ML_KEM_1024"; ++ case WOLFSSL_P256_ML_KEM_512: ++ return "P256_ML_KEM_512"; ++ case WOLFSSL_P384_ML_KEM_768: ++ return "P384_ML_KEM_768"; ++ case WOLFSSL_P521_ML_KEM_1024: ++ return "P521_ML_KEM_1024"; ++#elif defined(WOLFSSL_WC_KYBER) ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ return "ML_KEM_512"; ++ case WOLFSSL_P256_ML_KEM_512: ++ return "P256_ML_KEM_512"; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ return "ML_KEM_768"; ++ case WOLFSSL_P384_ML_KEM_768: ++ return "P384_ML_KEM_768"; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ return "ML_KEM_1024"; ++ case WOLFSSL_P521_ML_KEM_1024: ++ return "P521_ML_KEM_1024"; ++ #endif ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef HAVE_LIBOQS + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; +@@ -14572,6 +14620,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #endif ++#endif + #endif + } + } +@@ -21898,6 +21947,20 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { + {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448}, + #endif + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512}, ++ {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, ++ {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, ++#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) ++ {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512, ++ WOLFSSL_P256_ML_KEM_512}, ++ {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768, ++ WOLFSSL_P384_ML_KEM_768}, ++ {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024, ++ WOLFSSL_P521_ML_KEM_1024}, ++#endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, +@@ -21906,7 +21969,8 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, + #endif +-#endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ ++#endif /* WOLFSSL_HAVE_KYBER */ + #ifdef WOLFSSL_SM2 + {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, + #endif +diff --git a/src/tls.c b/src/tls.c +index 8441acf522..0c69c079e3 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -7982,6 +7982,24 @@ static int kyber_id2type(int id, int *type) + int ret = 0; + + switch (id) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ *type = WC_ML_KEM_512; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ *type = WC_ML_KEM_768; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ *type = WC_ML_KEM_1024; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + *type = KYBER512; +@@ -7997,6 +8015,7 @@ static int kyber_id2type(int id, int *type) + *type = KYBER1024; + break; + #endif ++#endif + default: + ret = NOT_COMPILED_IN; + break; +@@ -8012,12 +8031,22 @@ typedef struct PqcHybridMapping { + } PqcHybridMapping; + + static const PqcHybridMapping pqc_hybrid_mapping[] = { ++#ifndef WOLFSSL_NO_ML_KEM ++ {.hybrid = WOLFSSL_P256_ML_KEM_512, .ecc = WOLFSSL_ECC_SECP256R1, ++ .pqc = WOLFSSL_ML_KEM_512}, ++ {.hybrid = WOLFSSL_P384_ML_KEM_768, .ecc = WOLFSSL_ECC_SECP384R1, ++ .pqc = WOLFSSL_ML_KEM_768}, ++ {.hybrid = WOLFSSL_P521_ML_KEM_1024, .ecc = WOLFSSL_ECC_SECP521R1, ++ .pqc = WOLFSSL_ML_KEM_1024}, ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + {.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, + .pqc = WOLFSSL_KYBER_LEVEL1}, + {.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, + .pqc = WOLFSSL_KYBER_LEVEL3}, + {.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, + .pqc = WOLFSSL_KYBER_LEVEL5}, ++#endif + {.hybrid = 0, .ecc = 0, .pqc = 0} + }; + +@@ -9662,6 +9691,45 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + #endif + #endif + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_KYBER ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_P256_ML_KEM_512: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_P384_ML_KEM_768: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WOLFSSL_ML_KEM_1024: ++ case WOLFSSL_P521_ML_KEM_1024: ++ #endif ++ break; ++ #elif defined(HAVE_LIBOQS) ++ case WOLFSSL_ML_KEM_512: ++ case WOLFSSL_ML_KEM_768: ++ case WOLFSSL_ML_KEM_1024: ++ case WOLFSSL_P256_ML_KEM_512: ++ case WOLFSSL_P384_ML_KEM_768: ++ case WOLFSSL_P521_ML_KEM_1024: ++ { ++ int ret; ++ int id; ++ findEccPqc(NULL, &namedGroup, namedGroup); ++ ret = kyber_id2type(namedGroup, &id); ++ if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { ++ return 0; ++ } ++ ++ if (! ext_kyber_enabled(id)) { ++ return 0; ++ } ++ break; ++ } ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: +@@ -9699,6 +9767,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) + } + #endif + #endif ++#endif /* WOLFSSL_HAVE_KYBER */ + default: + return 0; + } +@@ -9744,6 +9813,31 @@ static const word16 preferredGroup[] = { + #if defined(HAVE_FFDHE_8192) + WOLFSSL_FFDHE_8192, + #endif ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_KYBER ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ WOLFSSL_ML_KEM_512, ++ WOLFSSL_P256_ML_KEM_512, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ WOLFSSL_ML_KEM_768, ++ WOLFSSL_P384_ML_KEM_768, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ WOLFSSL_ML_KEM_1024, ++ WOLFSSL_P521_ML_KEM_1024, ++ #endif ++#elif defined(HAVE_LIBOQS) ++ /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ ++ WOLFSSL_ML_KEM_512, ++ WOLFSSL_ML_KEM_768, ++ WOLFSSL_ML_KEM_1024, ++ WOLFSSL_P256_ML_KEM_512, ++ WOLFSSL_P384_ML_KEM_768, ++ WOLFSSL_P521_ML_KEM_1024, ++#endif ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + WOLFSSL_KYBER_LEVEL1, +@@ -9766,6 +9860,7 @@ static const word16 preferredGroup[] = { + WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P521_KYBER_LEVEL5, + #endif ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + WOLFSSL_NAMED_GROUP_INVALID + }; + +@@ -13376,6 +13471,52 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + #endif + + #ifdef WOLFSSL_HAVE_KYBER ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_KYBER ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, ++ ssl->heap); ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ++ ssl->heap); ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ++ ssl->heap); ++#endif ++#elif defined(HAVE_LIBOQS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ++ ssl->heap); ++ if (ret == WOLFSSL_SUCCESS) ++ ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ++ ssl->heap); ++#endif /* HAVE_LIBOQS */ ++#endif /* !WOLFSSL_NO_ML_KEM */ ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_KYBER512 + if (ret == WOLFSSL_SUCCESS) +@@ -13419,6 +13560,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, + ssl->heap); + #endif /* HAVE_LIBOQS */ ++#endif /* WOLFSSL_KYBER_ORIGINAL */ + #endif /* WOLFSSL_HAVE_KYBER */ + + (void)ssl; +diff --git a/tests/api.c b/tests/api.c +index c15e431b1e..283ff6026e 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -28113,10 +28113,10 @@ static int test_wc_kyber_make_key_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte seed_512[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1, + 0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4, +@@ -28128,7 +28128,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD, + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; +- static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { ++ static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2, + 0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA, + 0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69, +@@ -28230,7 +28230,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E, + 0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B + }; +- static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { ++ static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64, + 0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC, + 0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E, +@@ -28437,8 +28437,8 @@ static int test_wc_kyber_make_key_kats(void) + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte seed_768[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F, + 0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84, +@@ -28450,7 +28450,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C, + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; +- static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { ++ static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25, + 0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62, + 0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46, +@@ -28600,7 +28600,7 @@ static int test_wc_kyber_make_key_kats(void) + 0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41, + 0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68 + }; +- static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { ++ static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5, + 0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB, + 0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B, +@@ -28903,8 +28903,8 @@ static int test_wc_kyber_make_key_kats(void) + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte seed_1024[KYBER_MAKEKEY_RAND_SZ] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E, + 0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE, +@@ -28916,7 +28916,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E, + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; +- static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { ++ static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A, + 0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6, + 0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B, +@@ -29114,7 +29114,7 @@ static int test_wc_kyber_make_key_kats(void) + 0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E, + 0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21 + }; +- static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { ++ static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05, + 0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07, + 0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02, +@@ -29513,8 +29513,8 @@ static int test_wc_kyber_make_key_kats(void) + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; + #endif +- static byte pubKey[KYBER_MAX_PUBLIC_KEY_SIZE]; +- static byte privKey[KYBER_MAX_PRIVATE_KEY_SIZE]; ++ static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; ++ static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -29522,40 +29522,40 @@ static int test_wc_kyber_make_key_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)), + 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER512_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER512_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_512, KYBER512_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_512, KYBER512_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)), + 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER768_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER768_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_768, KYBER768_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_768, KYBER768_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_MakeKeyWithRandom(key, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncodePublicKey(key, pubKey, +- KYBER1024_PUBLIC_KEY_SIZE), 0); ++ WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_KyberKey_EncodePrivateKey(key, privKey, +- KYBER1024_PRIVATE_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(pubKey, ek_1024, KYBER1024_PUBLIC_KEY_SIZE), 0); +- ExpectIntEQ(XMEMCMP(privKey, dk_1024, KYBER1024_PRIVATE_KEY_SIZE), 0); ++ WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); + wc_KyberKey_Free(key); + #endif + +@@ -29568,10 +29568,10 @@ static int test_wc_kyber_encapsulate_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte ek_512[KYBER512_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17, + 0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72, + 0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44, +@@ -29673,13 +29673,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E, + 0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB + }; +- static const byte seed_512[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = { + 0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B, + 0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C, + 0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92, + 0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA + }; +- static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { ++ static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C, + 0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB, + 0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB, +@@ -29777,15 +29777,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F, + 0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62 + }; +- static const byte k_512[KYBER_SS_SZ] = { ++ static const byte k_512[WC_ML_KEM_SS_SZ] = { + 0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21, + 0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71, + 0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF, + 0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte ek_768[KYBER768_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC, + 0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38, + 0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24, +@@ -29935,13 +29935,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08, + 0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4 + }; +- static const byte seed_768[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = { + 0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18, + 0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D, + 0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C, + 0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7 + }; +- static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { ++ static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87, + 0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3, + 0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B, +@@ -30079,15 +30079,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B, + 0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6 + }; +- static const byte k_768[KYBER_SS_SZ] = { ++ static const byte k_768[WC_ML_KEM_SS_SZ] = { + 0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0, + 0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29, + 0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE, + 0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte ek_1024[KYBER1024_PUBLIC_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B, + 0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23, + 0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08, +@@ -30285,13 +30285,13 @@ static int test_wc_kyber_encapsulate_kats(void) + 0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF, + 0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83 + }; +- static const byte seed_1024[KYBER_ENC_RAND_SZ] = { ++ static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = { + 0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA, + 0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38, + 0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B, + 0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72 + }; +- static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { ++ static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5, + 0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5, + 0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2, +@@ -30489,15 +30489,15 @@ static int test_wc_kyber_encapsulate_kats(void) + 0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02, + 0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C + }; +- static const byte k_1024[KYBER_SS_SZ] = { ++ static const byte k_1024[WC_ML_KEM_SS_SZ] = { + 0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48, + 0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F, + 0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69, + 0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3 + }; + #endif +- static byte ct[KYBER_MAX_CIPHER_TEXT_SIZE]; +- static byte ss[KYBER_SS_SZ]; ++ static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; ++ static byte ss[WC_ML_KEM_SS_SZ]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -30505,31 +30505,31 @@ static int test_wc_kyber_encapsulate_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_512, + sizeof(seed_512)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_512, KYBER512_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_512, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_768, + sizeof(seed_768)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_768, KYBER768_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_768, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0); + ExpectIntEQ(wc_KyberKey_EncapsulateWithRandom(key, ct, ss, seed_1024, + sizeof(seed_1024)), 0); +- ExpectIntEQ(XMEMCMP(ct, c_1024, KYBER1024_CIPHER_TEXT_SIZE), 0); +- ExpectIntEQ(XMEMCMP(ss, k_1024, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0); ++ ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif + +@@ -30542,10 +30542,10 @@ static int test_wc_kyber_decapsulate_kats(void) + { + EXPECT_DECLS; + #if defined(WOLFSSL_HAVE_KYBER) && defined(WOLFSSL_WC_KYBER) && \ +- !defined(WOLFSSL_KYBER_ORIGINAL) ++ !defined(WOLFSSL_NO_ML_KEM) + KyberKey* key; +-#ifndef WOLFSSL_NO_KYBER512 +- static const byte dk_512[KYBER512_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16, + 0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6, + 0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E, +@@ -30751,7 +30751,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88, + 0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04 + }; +- static const byte c_512[KYBER512_CIPHER_TEXT_SIZE] = { ++ static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6, + 0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8, + 0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD, +@@ -30849,15 +30849,15 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F, + 0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D + }; +- static const byte kprime_512[KYBER_SS_SZ] = { ++ static const byte kprime_512[WC_ML_KEM_SS_SZ] = { + 0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97, + 0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B, + 0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73, + 0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- static const byte dk_768[KYBER768_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52, + 0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D, + 0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC, +@@ -31159,7 +31159,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8, + 0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F + }; +- static const byte c_768[KYBER768_CIPHER_TEXT_SIZE] = { ++ static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1, + 0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68, + 0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D, +@@ -31297,15 +31297,15 @@ static int test_wc_kyber_decapsulate_kats(void) + 0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00, + 0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA + }; +- static const byte kprime_768[KYBER_SS_SZ] = { ++ static const byte kprime_768[WC_ML_KEM_SS_SZ] = { + 0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C, + 0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2, + 0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26, + 0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4 + }; + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- static const byte dk_1024[KYBER1024_PRIVATE_KEY_SIZE] = { ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29, + 0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79, + 0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61, +@@ -31703,7 +31703,7 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58, + 0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6 + }; +- static const byte c_1024[KYBER1024_CIPHER_TEXT_SIZE] = { ++ static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD, + 0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6, + 0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9, +@@ -31901,14 +31901,14 @@ static int test_wc_kyber_decapsulate_kats(void) + 0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1, + 0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F + }; +- static const byte kprime_1024[KYBER_SS_SZ] = { ++ static const byte kprime_1024[WC_ML_KEM_SS_SZ] = { + 0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E, + 0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F, + 0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF, + 0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94 + }; + #endif +- static byte ss[KYBER_SS_SZ]; ++ static byte ss[WC_ML_KEM_SS_SZ]; + + key = (KyberKey*)XMALLOC(sizeof(KyberKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); +@@ -31916,25 +31916,25 @@ static int test_wc_kyber_decapsulate_kats(void) + XMEMSET(key, 0, sizeof(KyberKey)); + } + +-#ifndef WOLFSSL_NO_KYBER512 +- ExpectIntEQ(wc_KyberKey_Init(KYBER512, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_512 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_512, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_512, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER768 +- ExpectIntEQ(wc_KyberKey_Init(KYBER768, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_768, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_768, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif +-#ifndef WOLFSSL_NO_KYBER1024 +- ExpectIntEQ(wc_KyberKey_Init(KYBER1024, key, NULL, INVALID_DEVID), 0); ++#ifndef WOLFSSL_NO_ML_KEM_1024 ++ ExpectIntEQ(wc_KyberKey_Init(WC_ML_KEM_1024, key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_KyberKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0); + ExpectIntEQ(wc_KyberKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0); +- ExpectIntEQ(XMEMCMP(ss, kprime_1024, KYBER_SS_SZ), 0); ++ ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0); + wc_KyberKey_Free(key); + #endif + +@@ -79236,6 +79236,7 @@ static int test_tls13_apis(void) + #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + int groups[2] = { WOLFSSL_ECC_SECP256R1, + #ifdef WOLFSSL_HAVE_KYBER ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + WOLFSSL_KYBER_LEVEL1 + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79243,6 +79244,15 @@ static int test_tls13_apis(void) + #else + WOLFSSL_KYBER_LEVEL5 + #endif ++#else ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ WOLFSSL_ML_KEM_512 ++ #elif !defined(WOLFSSL_NO_ML_KEM_768) ++ WOLFSSL_ML_KEM_768 ++ #else ++ WOLFSSL_ML_KEM_1024 ++ #endif ++#endif + #else + WOLFSSL_ECC_SECP256R1 + #endif +@@ -79270,6 +79280,7 @@ static int test_tls13_apis(void) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + "P-256:secp256r1" + #if defined(WOLFSSL_HAVE_KYBER) ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + ":P256_KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79277,10 +79288,20 @@ static int test_tls13_apis(void) + #else + ":P256_KYBER_LEVEL5" + #endif ++#else ++ #ifndef WOLFSSL_NO_KYBER512 ++ ":P256_ML_KEM_512" ++ #elif !defined(WOLFSSL_NO_KYBER768) ++ ":P256_ML_KEM_768" ++ #else ++ ":P256_ML_KEM_1024" ++ #endif ++#endif + #endif + #endif + #endif /* !defined(NO_ECC_SECP) */ + #if defined(WOLFSSL_HAVE_KYBER) ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifndef WOLFSSL_NO_KYBER512 + ":KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) +@@ -79288,6 +79309,15 @@ static int test_tls13_apis(void) + #else + ":KYBER_LEVEL5" + #endif ++#else ++ #ifndef WOLFSSL_NO_KYBER512 ++ ":ML_KEM_512" ++ #elif !defined(WOLFSSL_NO_KYBER768) ++ ":ML_KEM_768" ++ #else ++ ":ML_KEM_1024" ++ #endif ++#endif + #endif + ""; + #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ +@@ -79423,12 +79453,22 @@ static int test_tls13_apis(void) + #endif + + #if defined(WOLFSSL_HAVE_KYBER) ++#ifndef WOLFSSL_NO_ML_KEM ++#ifndef WOLFSSL_NO_ML_KEM_768 ++ kyberLevel = WOLFSSL_ML_KEM_768; ++#elif !defined(WOLFSSL_NO_ML_KEM_1024) ++ kyberLevel = WOLFSSL_ML_KEM_1024; ++#else ++ kyberLevel = WOLFSSL_ML_KEM_512; ++#endif ++#else + #ifndef WOLFSSL_NO_KYBER768 + kyberLevel = WOLFSSL_KYBER_LEVEL3; + #elif !defined(WOLFSSL_NO_KYBER1024) + kyberLevel = WOLFSSL_KYBER_LEVEL5; + #else + kyberLevel = WOLFSSL_KYBER_LEVEL1; ++#endif + #endif + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, kyberLevel), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #ifndef NO_WOLFSSL_SERVER +@@ -96286,13 +96326,21 @@ static int test_dtls13_basic_connection_id(void) + defined(HAVE_LIBOQS) + static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) + { ++#ifdef WOLFSSL_KYBER_ORIGINAL + int group = WOLFSSL_KYBER_LEVEL5; ++#else ++ int group = WOLFSSL_ML_KEM_1024; ++#endif + AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); + } + + static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) + { ++#ifdef WOLFSSL_KYBER_ORIGINAL + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); ++#else ++ AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); ++#endif + } + #endif + +diff --git a/tests/suites.c b/tests/suites.c +index 7328789f46..a22002036d 100644 +--- a/tests/suites.c ++++ b/tests/suites.c +@@ -184,6 +184,28 @@ static int IsKyberLevelAvailable(const char* line) + begin += 6; + end = XSTRSTR(begin, " "); + ++ #ifndef WOLFSSL_NO_ML_KEM ++ if ((size_t)end - (size_t)begin == 10) { ++ #ifndef WOLFSSL_NO_ML_KEM_512 ++ if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) { ++ available = 1; ++ } ++ #endif ++ #ifndef WOLFSSL_NO_ML_KEM_768 ++ if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) { ++ available = 1; ++ } ++ #endif ++ } ++ #ifndef WOLFSSL_NO_ML_KEM_1024 ++ if ((size_t)end - (size_t)begin == 11) { ++ if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) { ++ available = 1; ++ } ++ } ++ #endif ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + if ((size_t)end - (size_t)begin == 12) { + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) { +@@ -201,6 +223,7 @@ static int IsKyberLevelAvailable(const char* line) + } + #endif + } ++ #endif + } + + return (begin == NULL) || available; +diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf +index 6a4bfac084..bd5e32697d 100644 +--- a/tests/test-dtls13-pq-2.conf ++++ b/tests/test-dtls13-pq-2.conf +@@ -1,3 +1,17 @@ ++# server DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# client DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# P384_ML_KEM_768 and P521_ML_KEM_1024 would fragment the ClientHello. ++ + # server DTLSv1.3 with post-quantum group + -u + -v 4 +diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf +index c84ab819dd..37abf2c77a 100644 +--- a/tests/test-dtls13-pq.conf ++++ b/tests/test-dtls13-pq.conf +@@ -2,12 +2,26 @@ + -u + -v 4 + -l TLS13-AES256-GCM-SHA384 +---pqc KYBER_LEVEL1 ++--pqc ML_KEM_512 + + # client DTLSv1.3 with post-quantum group + -u + -v 4 + -l TLS13-AES256-GCM-SHA384 +---pqc KYBER_LEVEL1 ++--pqc ML_KEM_512 ++ ++# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. ++ ++# server DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# client DTLSv1.3 with post-quantum group ++-u ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 + + # KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. +diff --git a/tests/test-tls13-pq-2.conf b/tests/test-tls13-pq-2.conf +index ff09d72a71..26f5f525d8 100644 +--- a/tests/test-tls13-pq-2.conf ++++ b/tests/test-tls13-pq-2.conf +@@ -1,3 +1,33 @@ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P256_ML_KEM_512 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P384_ML_KEM_768 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P384_ML_KEM_768 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P521_ML_KEM1024 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc P521_ML_KEM1024 ++ + # server TLSv1.3 with post-quantum group + -v 4 + -l TLS13-AES256-GCM-SHA384 +diff --git a/tests/test-tls13-pq.conf b/tests/test-tls13-pq.conf +index 9d2b218deb..ac8164e995 100644 +--- a/tests/test-tls13-pq.conf ++++ b/tests/test-tls13-pq.conf +@@ -1,3 +1,33 @@ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_512 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_768 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_768 ++ ++# server TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_1024 ++ ++# client TLSv1.3 with post-quantum group ++-v 4 ++-l TLS13-AES256-GCM-SHA384 ++--pqc ML_KEM_1024 ++ + # server TLSv1.3 with post-quantum group + -v 4 + -l TLS13-AES256-GCM-SHA384 +diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c +index 0c2cb2b437..44ec893ffc 100644 +--- a/wolfcrypt/src/ext_kyber.c ++++ b/wolfcrypt/src/ext_kyber.c +@@ -43,9 +43,16 @@ + + static const char* OQS_ID2name(int id) { + switch (id) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: return OQS_KEM_alg_ml_kem_512; ++ case WC_ML_KEM_768: return OQS_KEM_alg_ml_kem_768; ++ case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512; + case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768; + case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024; ++ #endif + default: break; + } + return NULL; +@@ -83,11 +90,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + if (ret == 0) { + /* Validate type. */ + switch (type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ #ifdef HAVE_LIBOQS ++ case WC_ML_KEM_768: ++ case WC_ML_KEM_1024: ++ #endif /* HAVE_LIBOQS */ ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: +-#ifdef HAVE_LIBOQS ++ #ifdef HAVE_LIBOQS + case KYBER_LEVEL3: + case KYBER_LEVEL5: +-#endif /* HAVE_LIBOQS */ ++ #endif /* HAVE_LIBOQS */ ++#endif + break; + default: + /* No other values supported. */ +@@ -152,6 +168,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length private key. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_secret_key; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_secret_key; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_secret_key; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_secret_key; + break; +@@ -161,6 +189,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_secret_key; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -194,6 +223,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length public key. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_public_key; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_public_key; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_public_key; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_public_key; + break; +@@ -203,6 +244,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_public_key; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -236,6 +278,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + /* NOTE: SHAKE and AES variants have the same length ciphertext. */ + if (ret == 0) { + switch (key->type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ *len = OQS_KEM_ml_kem_512_length_ciphertext; ++ break; ++ case WC_ML_KEM_768: ++ *len = OQS_KEM_ml_kem_768_length_ciphertext; ++ break; ++ case WC_ML_KEM_1024: ++ *len = OQS_KEM_ml_kem_1024_length_ciphertext; ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_ciphertext; + break; +@@ -245,6 +299,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_ciphertext; + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c +index bca5e1ff8b..040c4f0123 100644 +--- a/wolfcrypt/src/wc_kyber.c ++++ b/wolfcrypt/src/wc_kyber.c +@@ -68,7 +68,9 @@ volatile sword16 kyber_opt_blocker = 0; + /** + * Initialize the Kyber key. + * +- * @param [in] type Type of key: KYBER512, KYBER768, KYBER1024. ++ * @param [in] type Type of key: ++ * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, ++ * KYBER512, KYBER768, KYBER1024. + * @param [out] key Kyber key object to initialize. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. +@@ -87,6 +89,27 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + if (ret == 0) { + /* Validate type. */ + switch (type) { ++ #ifndef WOLFSSL_NO_ML_KEM ++ case WC_ML_KEM_512: ++ #ifndef WOLFSSL_WC_ML_KEM_512 ++ /* Code not compiled in for Kyber-512. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ case WC_ML_KEM_768: ++ #ifndef WOLFSSL_WC_ML_KEM_768 ++ /* Code not compiled in for Kyber-768. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ case WC_ML_KEM_1024: ++ #ifndef WOLFSSL_WC_ML_KEM_1024 ++ /* Code not compiled in for Kyber-1024. */ ++ ret = NOT_COMPILED_IN; ++ #endif ++ break; ++ #endif ++ #ifdef WOLFSSL_KYBER_ORIGINAL + case KYBER512: + #ifndef WOLFSSL_KYBER512 + /* Code not compiled in for Kyber-512. */ +@@ -105,6 +128,7 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) + ret = NOT_COMPILED_IN; + #endif + break; ++ #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; +@@ -230,6 +254,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -245,6 +287,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + kp = KYBER1024_K; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -266,13 +309,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, + /* Error vector allocated at end of a. */ + e = a + (kp * kp * KYBER_N); + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- /* Expand 32 bytes of random to 32. */ +- ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); +-#else +- buf[0] = kp; +- /* Expand 33 bytes of random to 32. */ +- ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); ++ { ++ /* Expand 32 bytes of random to 32. */ ++ ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ buf[0] = kp; ++ /* Expand 33 bytes of random to 32. */ ++ ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); ++ } + #endif + } + if (ret == 0) { +@@ -333,6 +387,24 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + if (ret == 0) { + /* Return in 'len' size of the cipher text for the type of this key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_CIPHER_TEXT_SIZE; +@@ -348,6 +420,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) + *len = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -398,6 +471,27 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -415,6 +509,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + kp = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; ++#endif + #endif + default: + /* No other values supported. */ +@@ -463,19 +558,19 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, + /* Perform encapsulation maths. */ + kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp); + +- #ifdef WOLFSSL_KYBER512 ++ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + kyber_vec_compress_10(ct, bp, kp); + kyber_compress_4(ct + compVecSz, v); + } + #endif +- #ifdef WOLFSSL_KYBER768 ++ #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + kyber_vec_compress_10(ct, bp, kp); + kyber_compress_4(ct + compVecSz, v); + } + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + kyber_vec_compress_11(ct, bp); + kyber_compress_5(ct + compVecSz, v); +@@ -562,6 +657,18 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ #endif ++ break; ++#endif + #ifdef WOLFSSL_KYBER512 + case KYBER512: + ctSz = KYBER512_CIPHER_TEXT_SIZE; +@@ -614,42 +721,80 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, + + #ifdef WOLFSSL_KYBER_ORIGINAL + if (ret == 0) { +- /* Hash random to anonymize as seed data. */ +- ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); ++#ifndef WOLFSSL_NO_ML_KEM ++ if (key->type & KYBER_ORIGINAL) ++#endif ++ { ++ /* Hash random to anonymize as seed data. */ ++ ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); ++ } + } + #endif + if (ret == 0) { + /* Hash message into seed buffer. */ ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, +- kr); +-#else +- ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, +- kr); ++ { ++ ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, ++ KYBER_SYM_SZ, kr); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, ++ KYBER_SYM_SZ, kr); ++ } + #endif + } + + if (ret == 0) { + /* Encapsulate the message using the key and the seed (coins). */ ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); +-#else +- ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); ++ { ++ ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); ++ } ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); ++ } + #endif + } + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- if (ret == 0) { +- /* Hash the cipher text after the seed. */ +- ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); +- } +- if (ret == 0) { +- /* Derive the secret from the seed and hash of cipher text. */ +- ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ { ++ if (ret == 0) { ++ /* Hash the cipher text after the seed. */ ++ ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); ++ } ++ if (ret == 0) { ++ /* Derive the secret from the seed and hash of cipher text. */ ++ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ } + } +-#else +- if (ret == 0) { +- XMEMCPY(ss, kr, KYBER_SS_SZ); ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ if (ret == 0) { ++ XMEMCPY(ss, kr, KYBER_SS_SZ); ++ } + } + #endif + +@@ -683,6 +828,27 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++#ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ kp = WC_ML_KEM_512_K; ++ compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ kp = WC_ML_KEM_768_K; ++ compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ kp = WC_ML_KEM_1024_K; ++ compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; ++ break; ++#endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + kp = KYBER512_K; +@@ -700,6 +866,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + kp = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; ++#endif + #endif + default: + /* No other values supported. */ +@@ -723,19 +890,19 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + v = bp + kp * KYBER_N; + mp = v + KYBER_N; + +- #ifdef WOLFSSL_KYBER512 ++ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + kyber_vec_decompress_10(bp, ct, kp); + kyber_decompress_4(v, ct + compVecSz); + } + #endif +- #ifdef WOLFSSL_KYBER768 ++ #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + kyber_vec_decompress_10(bp, ct, kp); + kyber_decompress_4(v, ct + compVecSz); + } + #endif +- #ifdef WOLFSSL_KYBER1024 ++ #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + kyber_vec_decompress_11(bp, ct); + kyber_decompress_5(v, ct + compVecSz); +@@ -757,7 +924,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, + return ret; + } + +-#ifndef WOLFSSL_KYBER_ORIGINAL ++#ifndef WOLFSSL_NO_ML_KEM + /* Derive the secret from z and cipher text. + * + * @param [in] z Implicit rejection value. +@@ -828,6 +995,24 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + if (ret == 0) { + /* Establish cipher text size based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + ctSz = KYBER512_CIPHER_TEXT_SIZE; +@@ -843,6 +1028,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + ctSz = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -882,25 +1068,36 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, + /* Compare generated cipher text with that passed in. */ + fail = kyber_cmp(ct, cmp, ctSz); + ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ if (key->type & KYBER_ORIGINAL) ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL +- /* Hash the cipher text after the seed. */ +- ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); +- } +- if (ret == 0) { +- /* Change seed to z on comparison failure. */ +- for (i = 0; i < KYBER_SYM_SZ; i++) { +- kr[i] ^= (kr[i] ^ key->z[i]) & fail; ++ { ++ /* Hash the cipher text after the seed. */ ++ ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); ++ if (ret == 0) { ++ /* Change seed to z on comparison failure. */ ++ for (i = 0; i < KYBER_SYM_SZ; i++) { ++ kr[i] ^= (kr[i] ^ key->z[i]) & fail; ++ } ++ ++ /* Derive the secret from the seed and hash of cipher text. */ ++ ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); ++ } + } +- +- /* Derive the secret from the seed and hash of cipher text. */ +- ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); +-#else +- ret = kyber_derive_secret(key->z, ct, ctSz, msg); +- } +- if (ret == 0) { +- /* Change seed to z on comparison failure. */ +- for (i = 0; i < KYBER_SYM_SZ; i++) { +- ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); ++#endif ++#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) ++ else ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ { ++ ret = kyber_derive_secret(key->z, ct, ctSz, msg); ++ if (ret == 0) { ++ /* Change seed to z on comparison failure. */ ++ for (i = 0; i < KYBER_SYM_SZ; i++) { ++ ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); ++ } ++ } + } + #endif + } +@@ -947,6 +1144,30 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -968,6 +1189,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1030,6 +1252,27 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1048,6 +1291,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1103,6 +1347,24 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + /* Return in 'len' size of the encoded private key for the type of this + * key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PRIVATE_KEY_SIZE; +@@ -1118,6 +1380,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) + *len = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1150,6 +1413,24 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + /* Return in 'len' size of the encoded public key for the type of this + * key. */ + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PUBLIC_KEY_SIZE; +@@ -1165,6 +1446,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) + *len = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1206,6 +1488,30 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) + + if (ret == 0) { + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1227,6 +1533,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) + privLen = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +@@ -1293,6 +1600,27 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) + + if (ret == 0) { + switch (key->type) { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ case WC_ML_KEM_512: ++ k = WC_ML_KEM_512_K; ++ pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ case WC_ML_KEM_768: ++ k = WC_ML_KEM_768_K; ++ pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ case WC_ML_KEM_1024: ++ k = WC_ML_KEM_1024_K; ++ pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; ++ break; ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; +@@ -1311,6 +1639,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif ++#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; +diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c +index 52c8af356f..f7cb6056c7 100644 +--- a/wolfcrypt/src/wc_kyber_poly.c ++++ b/wolfcrypt/src/wc_kyber_poly.c +@@ -33,6 +33,12 @@ + * WOLFSSL_WC_KYBER Default: OFF + * Enables this code, wolfSSL implementation, to be built. + * ++ * WOLFSSL_WC_ML_KEM_512 Default: OFF ++ * Enables the ML-KEM 512 parameter implementations. ++ * WOLFSSL_WC_ML_KEM_768 Default: OFF ++ * Enables the ML-KEM 768 parameter implementations. ++ * WOLFSSL_WC_ML_KEM_1024 Default: OFF ++ * Enables the ML-KEM 1024 parameter implementations. + * WOLFSSL_KYBER512 Default: OFF + * Enables the KYBER512 parameter implementations. + * WOLFSSL_KYBER768 Default: OFF +@@ -1402,7 +1408,7 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, + /******************************************************************************/ + + #ifdef USE_INTEL_SPEEDUP +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1492,7 +1498,7 @@ static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1617,7 +1623,7 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) + return 0; + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1706,9 +1712,9 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) + + return 0; + } +-#endif /* KYBER1024 */ ++#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */ + #elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1782,7 +1788,7 @@ static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -1848,7 +1854,7 @@ static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. +@@ -2381,7 +2387,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + { + int ret; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); +@@ -2400,7 +2406,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + } + else + #endif +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); +@@ -2419,7 +2425,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, + } + else + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); +@@ -2556,7 +2562,7 @@ static void kyber_cbd_eta2(sword16* p, const byte* r) + #endif + } + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Subtract one 3 bit value from another out of a larger number. + * + * @param [in] d Value containing sequential 3 bit values. +@@ -2726,7 +2732,7 @@ static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p, + + (void)eta1; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (eta1 == KYBER_CBD_ETA3) { + byte rand[ETA3_RAND_SIZE]; + +@@ -2781,7 +2787,8 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p, + #ifdef USE_INTEL_SPEEDUP + #define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +-#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024) ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \ ++ defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -2804,7 +2811,7 @@ static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o) + } + #endif + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -2890,7 +2897,7 @@ static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1, + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -2921,7 +2928,7 @@ static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly, + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -2981,7 +2988,7 @@ static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) + kyber_shake256_blocksx3_seed_neon(state, seed); + } + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -3068,7 +3075,7 @@ static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, + } + #endif + +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. +@@ -3122,7 +3129,7 @@ static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * +@@ -3221,7 +3228,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + { + int ret; + +-#ifdef WOLFSSL_KYBER512 ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (kp == KYBER512_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); +@@ -3245,7 +3252,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + } + else + #endif +-#ifdef WOLFSSL_KYBER768 ++#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (kp == KYBER768_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); +@@ -3265,7 +3272,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, + } + else + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (kp == KYBER1024_K) { + #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); +@@ -3475,7 +3482,8 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) + + #endif /* CONV_WITH_DIV */ + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Compress the vector of polynomials into a byte array with 10 bits each. + * + * @param [out] b Array of bytes. +@@ -3593,7 +3601,7 @@ void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp) + } + #endif + +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Compress the vector of polynomials into a byte array with 11 bits each. + * + * @param [out] b Array of bytes. +@@ -3713,7 +3721,8 @@ void kyber_vec_compress_11(byte* r, sword16* v) + v[(i) * KYBER_N + 8 * (j) + (k)] = \ + (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11) + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Decompress the byte array of packed 10 bits into vector of polynomials. + * + * @param [out] v Vector of polynomials. +@@ -3785,7 +3794,7 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b, + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Decompress the byte array of packed 11 bits into vector of polynomials. + * + * @param [out] v Vector of polynomials. +@@ -3948,7 +3957,8 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b) + + #endif /* CONV_WITH_DIV */ + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Compress a polynomial into byte array - on coefficients into 4 bits. + * + * @param [out] b Array of bytes. +@@ -4020,7 +4030,7 @@ void kyber_compress_4(byte* b, sword16* p) + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Compress a polynomial into byte array - on coefficients into 5 bits. + * + * @param [out] b Array of bytes. +@@ -4117,7 +4127,8 @@ void kyber_compress_5(byte* b, sword16* p) + #define DECOMP_5(p, i, j, t) \ + p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5 + +-#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) ++#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ ++ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + /* Decompress the byte array of packed 4 bits into polynomial. + * + * @param [out] p Polynomial. +@@ -4155,7 +4166,7 @@ void kyber_decompress_4(sword16* p, const unsigned char* b) + } + } + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + /* Decompress the byte array of packed 5 bits into polynomial. + * + * @param [out] p Polynomial. +diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c +index 5b15367f8e..b293e8a93c 100644 +--- a/wolfcrypt/test/test.c ++++ b/wolfcrypt/test/test.c +@@ -38138,7 +38138,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) + + #ifdef WOLFSSL_HAVE_KYBER + #ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */ +-#ifdef WOLFSSL_KYBER512 ++#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) + static wc_test_ret_t kyber512_kat(void) + { + wc_test_ret_t ret; +@@ -38174,8 +38174,8 @@ static wc_test_ret_t kyber512_kat(void) + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { + 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB, + 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05, + 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA, +@@ -38276,7 +38276,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = { + 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, + 0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57, + 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, +@@ -38377,10 +38380,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42, + 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, + 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { + 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64, + 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE, + 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33, +@@ -38585,7 +38588,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = { + 0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c, + 0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e, + 0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a, +@@ -38790,10 +38796,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { + 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D, + 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA, + 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9, +@@ -38890,7 +38896,10 @@ static wc_test_ret_t kyber512_kat(void) + 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23, + 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81, + 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = { + 0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35, + 0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f, + 0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3, +@@ -38987,21 +38996,24 @@ static wc_test_ret_t kyber512_kat(void) + 0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe, + 0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6, + 0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { + 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C, + 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC, + 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02, + 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = { + 0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22, + 0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91, + 0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49, + 0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -39021,6 +39033,7 @@ static wc_test_ret_t kyber512_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -39063,6 +39076,52 @@ static wc_test_ret_t kyber512_kat(void) + + if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_512, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand, ++ sizeof(kyber512_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_512_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand, ++ sizeof(kyber512enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_512_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -39082,7 +39141,7 @@ out: + } + #endif /* WOLFSSL_KYBER512 */ + +-#ifdef WOLFSSL_KYBER768 ++#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) + static wc_test_ret_t kyber768_kat(void) + { + wc_test_ret_t ret; +@@ -39119,8 +39178,8 @@ static wc_test_ret_t kyber768_kat(void) + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; + +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { + 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8, + 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D, + 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E, +@@ -39269,7 +39328,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = { + 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, + 0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71, + 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, +@@ -39418,10 +39480,10 @@ static wc_test_ret_t kyber768_kat(void) + 0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d, + 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, + 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, +@@ -39722,7 +39784,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = { + 0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61, + 0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d, + 0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a, +@@ -40023,10 +40088,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { + 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9, + 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67, + 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A, +@@ -40163,7 +40228,10 @@ static wc_test_ret_t kyber768_kat(void) + 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10, + 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D, + 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = { + 0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97, + 0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08, + 0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad, +@@ -40300,21 +40368,24 @@ static wc_test_ret_t kyber768_kat(void) + 0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84, + 0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33, + 0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64 +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { + 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73, + 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28, + 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7, + 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = { + 0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70, + 0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29, + 0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4, + 0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68 +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -40334,6 +40405,7 @@ static wc_test_ret_t kyber768_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -40376,6 +40448,52 @@ static wc_test_ret_t kyber768_kat(void) + + if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_768, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand, ++ sizeof(kyber768_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_768_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand, ++ sizeof(kyber768enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_768_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -40395,7 +40513,7 @@ out: + } + #endif /* WOLFSSL_KYBER768 */ + +-#ifdef WOLFSSL_KYBER1024 ++#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) + static wc_test_ret_t kyber1024_kat(void) + { + wc_test_ret_t ret; +@@ -40431,8 +40549,8 @@ static wc_test_ret_t kyber1024_kat(void) + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { + 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC, + 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB, + 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78, +@@ -40629,7 +40747,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = { + 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, + 0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0, + 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, +@@ -40826,10 +40947,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38, + 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, + 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, +@@ -41226,7 +41347,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = { + 0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88, + 0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8, + 0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77, +@@ -41623,10 +41747,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { + 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1, + 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1, + 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE, +@@ -41823,7 +41947,10 @@ static wc_test_ret_t kyber1024_kat(void) + 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4, + 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7, + 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = { + 0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38, + 0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95, + 0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb, +@@ -42020,21 +42147,24 @@ static wc_test_ret_t kyber1024_kat(void) + 0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf, + 0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e, + 0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee +-#endif + }; +- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { ++#endif + #ifdef WOLFSSL_KYBER_ORIGINAL ++ WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { + 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4, + 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5, + 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55, + 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19 +-#else ++ }; ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = { + 0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3, + 0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76, + 0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48, + 0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6 +-#endif + }; ++#endif + + #ifdef WOLFSSL_SMALL_STACK + key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT, +@@ -42054,6 +42184,7 @@ static wc_test_ret_t kyber1024_kat(void) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif + ++#ifdef WOLFSSL_KYBER_ORIGINAL + ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +@@ -42096,6 +42227,52 @@ static wc_test_ret_t kyber1024_kat(void) + + if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++ ret = wc_KyberKey_Init(WC_ML_KEM_1024, key, HEAP_HINT, INVALID_DEVID); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ else ++ key_inited = 1; ++ ++ ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand, ++ sizeof(kyber1024_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ ret = wc_KyberKey_EncodePrivateKey(key, priv, ++ WC_ML_KEM_MAX_PRIVATE_KEY_SIZE); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand, ++ sizeof(kyber1024enc_rand)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++ ++ ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(ml_kem_1024_ct)); ++ if (ret != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ++ ++ if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) ++ ERROR_OUT(WC_TEST_RET_ENC_NC, out); ++#endif + + out: + +@@ -42142,6 +42319,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + #endif + int key_inited = 0; + static const int testData[][4] = { ++#ifndef WOLFSSL_NO_ML_KEM ++ #ifdef WOLFSSL_WC_ML_KEM_512 ++ { WC_ML_KEM_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_512_PUBLIC_KEY_SIZE, WC_ML_KEM_512_CIPHER_TEXT_SIZE }, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_768 ++ { WC_ML_KEM_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_768_PUBLIC_KEY_SIZE, WC_ML_KEM_768_CIPHER_TEXT_SIZE }, ++ #endif ++ #ifdef WOLFSSL_WC_ML_KEM_1024 ++ { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE, ++ WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE }, ++ #endif ++#endif ++#ifdef WOLFSSL_KYBER_ORIGINAL + #ifdef WOLFSSL_KYBER512 + { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE, + KYBER512_CIPHER_TEXT_SIZE }, +@@ -42154,6 +42346,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE, + KYBER1024_CIPHER_TEXT_SIZE }, + #endif ++#endif + }; + WOLFSSL_ENTER("kyber_test"); + +@@ -42251,17 +42444,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) + wc_FreeRng(&rng); + + #ifdef WOLFSSL_WC_KYBER +-#ifdef WOLFSSL_KYBER512 ++#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) + ret = kyber512_kat(); + if (ret != 0) + goto out; + #endif +-#ifdef WOLFSSL_KYBER768 ++#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) + ret = kyber768_kat(); + if (ret != 0) + goto out; + #endif +-#ifdef WOLFSSL_KYBER1024 ++#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) + ret = kyber1024_kat(); + if (ret != 0) + goto out; +diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h +index 4bbdf6565c..d0efd488df 100644 +--- a/wolfssl/ssl.h ++++ b/wolfssl/ssl.h +@@ -4177,35 +4177,44 @@ enum { + * algorithms have LEVEL2 and LEVEL4 because none of these submissions + * included them. */ + +-#ifndef WOLFSSL_ML_KEM ++#ifdef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_MIN = 570, + WOLFSSL_PQC_SIMPLE_MIN = 570, + WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ + WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ + WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ ++#ifdef WOLFSSL_NO_ML_KEM + WOLFSSL_PQC_SIMPLE_MAX = 573, ++#endif + + WOLFSSL_PQC_HYBRID_MIN = 12090, + WOLFSSL_P256_KYBER_LEVEL1 = 12090, + WOLFSSL_P384_KYBER_LEVEL3 = 12092, + WOLFSSL_P521_KYBER_LEVEL5 = 12093, ++#ifdef WOLFSSL_NO_ML_KEM + WOLFSSL_PQC_HYBRID_MAX = 12093, + WOLFSSL_PQC_MAX = 12093, +-#else ++#endif ++#endif ++#ifndef WOLFSSL_NO_ML_KEM ++#ifndef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_MIN = 583, + WOLFSSL_PQC_SIMPLE_MIN = 583, +- WOLFSSL_KYBER_LEVEL1 = 583, /* ML-KEM 512 */ +- WOLFSSL_KYBER_LEVEL3 = 584, /* ML-KEM 768 */ +- WOLFSSL_KYBER_LEVEL5 = 585, /* ML-KEM 1024 */ ++#endif ++ WOLFSSL_ML_KEM_512 = 583, /* ML-KEM 512 */ ++ WOLFSSL_ML_KEM_768 = 584, /* ML-KEM 768 */ ++ WOLFSSL_ML_KEM_1024 = 585, /* ML-KEM 1024 */ + WOLFSSL_PQC_SIMPLE_MAX = 585, + ++#ifndef WOLFSSL_KYBER_ORIGINAL + WOLFSSL_PQC_HYBRID_MIN = 12103, +- WOLFSSL_P256_KYBER_LEVEL1 = 12103, +- WOLFSSL_P384_KYBER_LEVEL3 = 12104, +- WOLFSSL_P521_KYBER_LEVEL5 = 12105, ++#endif ++ WOLFSSL_P256_ML_KEM_512 = 12103, ++ WOLFSSL_P384_ML_KEM_768 = 12104, ++ WOLFSSL_P521_ML_KEM_1024 = 12105, + WOLFSSL_PQC_HYBRID_MAX = 12105, + WOLFSSL_PQC_MAX = 12105, +-#endif /* WOLFSSL_ML_KEM */ ++#endif /* !WOLFSSL_NO_ML_KEM */ + #endif /* HAVE_PQC */ + }; + +diff --git a/wolfssl/wolfcrypt/kyber.h b/wolfssl/wolfcrypt/kyber.h +index 93b502223a..3fb1a231ee 100644 +--- a/wolfssl/wolfcrypt/kyber.h ++++ b/wolfssl/wolfcrypt/kyber.h +@@ -153,9 +153,14 @@ + + enum { + /* Types of Kyber keys. */ +- KYBER512 = 0, +- KYBER768 = 1, +- KYBER1024 = 2, ++ WC_ML_KEM_512 = 0, ++ WC_ML_KEM_768 = 1, ++ WC_ML_KEM_1024 = 2, ++ ++ KYBER_ORIGINAL = 0x10, ++ KYBER512 = 0 | KYBER_ORIGINAL, ++ KYBER768 = 1 | KYBER_ORIGINAL, ++ KYBER1024 = 2 | KYBER_ORIGINAL, + + KYBER_LEVEL1 = KYBER512, + KYBER_LEVEL3 = KYBER768, +@@ -215,30 +220,48 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, + + + ++#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_512 ++#endif ++#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_768 ++#endif ++#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM) ++#define WOLFSSL_WC_ML_KEM_1024 ++#endif ++ ++#ifdef WOLFSSL_WC_ML_KEM_512 + #define WC_ML_KEM_512_K KYBER512_K + #define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \ ++ KYBER512_POLY_VEC_COMPRESSED_SZ ++#endif + ++#ifdef WOLFSSL_WC_ML_KEM_768 + #define WC_ML_KEM_768_K KYBER768_K + #define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \ ++ KYBER768_POLY_VEC_COMPRESSED_SZ ++#endif + ++#ifdef WOLFSSL_WC_ML_KEM_1024 + #define WC_ML_KEM_1024_K KYBER1024_K + #define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE +-#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE +-#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE ++#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE ++#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \ ++ KYBER1024_POLY_VEC_COMPRESSED_SZ ++#endif + + #define WC_ML_KEM_MAX_K KYBER_MAX_K + #define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE + #define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE + #define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE KYBER_MAX_CIPHER_TEXT_SIZE + +-#define WC_ML_KEM_512 KYBER512 +-#define WC_ML_KEM_768 KYBER768 +-#define WC_ML_KEM_1024 KYBER1024 +- + #define WC_ML_KEM_SYM_SZ KYBER_SYM_SZ + #define WC_ML_KEM_SS_SZ KYBER_SS_SZ + #define WC_ML_KEM_MAKEKEY_RAND_SZ KYBER_MAKEKEY_RAND_SZ +-- +2.43.0 +