Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kyber: fixes to configure and wolfSSL_get_curve_name #8183

Merged
merged 1 commit into from
Nov 14, 2024

Conversation

SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Nov 13, 2024

Description

Remove original-only option for kyber in configure.ac. Default is ML-KEM only.
original is Kyber only.
ml-kem is ML-KEM.
to have both: all,original,ml-kem.

Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the inclusion of kyber headers.

Fixes zd#18923

Testing

For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
For just Kyber:
./configure --enable-kyber=all,original
For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original

To see which algorithms are enabled:
./wolfcrypt/benchmark/benchmark -kyber

To test wolfSSL_get_curve_name() change:
./configure --enable-kyber
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 --pqc P256_ML_KEM_512 &
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 --pqc P256_ML_KEM_512

Output contains

SSL curve name is P256_ML_KEM_512

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.

Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
@SparkiDev
Copy link
Contributor Author

retest this please

@douzzer douzzer merged commit 6af54d3 into wolfSSL:master Nov 14, 2024
143 checks passed
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags.
See: wolfSSL/wolfssl#8183
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags.
See: wolfSSL/wolfssl#8183
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags.
See: wolfSSL/wolfssl#8183
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 15, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaing support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 18, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaining support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 18, 2024
Remove liboqs and enable WolfSSL's own Kyber implementation via the flags.
See: wolfSSL/wolfssl#8183
kp-thomas-yau added a commit to expressvpn/wolfssl-rs that referenced this pull request Nov 18, 2024
We would use a patch to use WolfSSL's implementation of both Kyber and ML-KEM so that we can remove liboqs while maintaining support for Kyber at the moment. This patch uses commits and code changes from the following PR in WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185
kp-thomas-yau added a commit to expressvpn/lightway-core that referenced this pull request Nov 25, 2024
Remove references to liboqs and edit build flag/configs for each of the platform.

Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185

Configuration for enabling ML-KEM/Kyber:
1. For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
2. For just Kyber:
./configure --enable-kyber=all,original
3. For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
kp-thomas-yau added a commit to expressvpn/lightway-core that referenced this pull request Nov 26, 2024
Remove references to liboqs and edit build flag/configs for each of the platform.

Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185

Configuration for enabling ML-KEM/Kyber:
1. For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
2. For just Kyber:
./configure --enable-kyber=all,original
3. For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
kp-thomas-yau added a commit to expressvpn/lightway-core that referenced this pull request Dec 2, 2024
Remove references to liboqs and edit build flag/configs for each of the platform.

Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185

Configuration for enabling ML-KEM/Kyber:
1. For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
2. For just Kyber:
./configure --enable-kyber=all,original
3. For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
kp-thomas-yau added a commit to expressvpn/lightway-core that referenced this pull request Dec 3, 2024
Remove references to liboqs and edit build flag/configs for each of the platform.

Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185

Configuration for enabling ML-KEM/Kyber:
1. For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
2. For just Kyber:
./configure --enable-kyber=all,original
3. For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants