diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index d7a68aac42..d565bb4971 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -334,15 +334,6 @@ extern ${variable.value} ${variable.name}; #define NO_SESSION_CACHE #endif -/* Post Quantum - * Note: PQM4 is compatible with STM32. The project can be found at: - * https://github.com/mupq/pqm4 - */ -#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1 - #define HAVE_PQM4 -#endif - - /* ------------------------------------------------------------------------- */ /* Crypto */ /* ------------------------------------------------------------------------- */ @@ -534,6 +525,33 @@ extern ${variable.value} ${variable.name}; #define NO_MD5 #endif +/* ------------------------------------------------------------------------- */ +/* Post-Quantum Crypto */ +/* ------------------------------------------------------------------------- */ +/* NOTE: this is after the hashing section to override the potential SHA3 undef + * above. */ +#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1 +#undef WOLFSSL_EXPERIMENTAL_SETTINGS +#define WOLFSSL_EXPERIMENTAL_SETTINGS + +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_NO_SHAKE128 +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_NO_SHAKE256 +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 +#endif /* WOLF_CONF_KYBER */ + /* ------------------------------------------------------------------------- */ /* Crypto Acceleration */ /* ------------------------------------------------------------------------- */ diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index d356af5e7b..342e8ee9d0 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -1750,7 +1750,7 @@ static int tls13_uart_client(void) wolfSSL_SetIOReadCtx(ssl, tbuf); -#ifdef HAVE_PQC +#ifdef WOLFSSL_HAVE_KYBER if (wolfSSL_UseKeyShare(ssl, WOLFSSL_KYBER_LEVEL1) != WOLFSSL_SUCCESS) { printf("wolfSSL_UseKeyShare Error!!"); } diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h index 20f0d5cfa7..c3fdcfffb3 100644 --- a/examples/configs/user_settings_stm32.h +++ b/examples/configs/user_settings_stm32.h @@ -119,8 +119,8 @@ extern "C" { /*---------- WOLF_CONF_TEST -----------*/ #define WOLF_CONF_TEST 1 -/*---------- WOLF_CONF_PQM4 -----------*/ -#define WOLF_CONF_PQM4 0 +/*---------- WOLF_CONF_KYBER -----------*/ +#define WOLF_CONF_kYBER 0 /* ------------------------------------------------------------------------- */ /* Hardware platform */ @@ -373,14 +373,6 @@ extern "C" { #define NO_SESSION_CACHE #endif -/* Post Quantum - * Note: PQM4 is compatible with STM32. The project can be found at: - * https://github.com/mupq/pqm4 - */ -#if defined(WOLF_CONF_PQM4) && WOLF_CONF_PQM4 == 1 - #define HAVE_PQM4 -#endif - /* ------------------------------------------------------------------------- */ /* Crypto */ /* ------------------------------------------------------------------------- */ @@ -576,6 +568,35 @@ extern "C" { #define NO_MD5 #endif +/* ------------------------------------------------------------------------- */ +/* Post-Quantum Crypto */ +/* ------------------------------------------------------------------------- */ + +/* + * NOTE: this is after the hashing section to override the potential SHA3 undef + * above. */ +#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1 +#undef WOLFSSL_EXPERIMENTAL_SETTINGS +#define WOLFSSL_EXPERIMENTAL_SETTINGS + +#undef WOLFSSL_HAVE_KYBER +#define WOLFSSL_HAVE_KYBER + +#undef WOLFSSL_WC_KYBER +#define WOLFSSL_WC_KYBER + +#undef WOLFSSL_NO_SHAKE128 +#undef WOLFSSL_SHAKE128 +#define WOLFSSL_SHAKE128 + +#undef WOLFSSL_NO_SHAKE256 +#undef WOLFSSL_SHAKE256 +#define WOLFSSL_SHAKE256 + +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 +#endif /* WOLF_CONF_KYBER */ + /* ------------------------------------------------------------------------- */ /* Benchmark / Test */ /* ------------------------------------------------------------------------- */ diff --git a/src/ssl.c b/src/ssl.c index b1583e4e0c..164ab5ff27 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14367,9 +14367,6 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "P384_KYBER_LEVEL3"; case WOLFSSL_P521_KYBER_LEVEL5: return "P521_KYBER_LEVEL5"; -#elif defined(HAVE_PQM4) - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; #elif defined(WOLFSSL_WC_KYBER) #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: diff --git a/src/tls.c b/src/tls.c index f625d7039d..da850ed434 100644 --- a/src/tls.c +++ b/src/tls.c @@ -52,7 +52,7 @@ #include #ifdef WOLFSSL_WC_KYBER #include -#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4) +#elif defined(HAVE_LIBOQS) #include #endif #endif @@ -9458,9 +9458,6 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) } break; } - #elif defined(HAVE_PQM4) - case WOLFSSL_KYBER_LEVEL1: - break; #endif #endif default: @@ -9529,8 +9526,6 @@ static const word16 preferredGroup[] = { WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P521_KYBER_LEVEL5, -#elif defined(HAVE_PQM4) - WOLFSSL_KYBER_LEVEL1, #endif WOLFSSL_NAMED_GROUP_INVALID }; @@ -13166,8 +13161,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, ssl->heap); -#elif defined(HAVE_PQM4) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); #endif /* HAVE_LIBOQS */ #endif /* WOLFSSL_HAVE_KYBER */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index f92fdf4593..445081d5d8 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -172,7 +172,7 @@ #ifdef WOLFSSL_WC_KYBER #include #endif - #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4) + #if defined(HAVE_LIBOQS) #include #endif #endif diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c index 4f1a754df7..0c2cb2b437 100644 --- a/wolfcrypt/src/ext_kyber.c +++ b/wolfcrypt/src/ext_kyber.c @@ -168,12 +168,6 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_PRIVATE_KEY_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -216,12 +210,6 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_PUBLIC_KEY_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -264,12 +252,6 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_CIPHERTEXT_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -301,7 +283,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len) /** * Make a Kyber key object using a random number generator. * - * NOTE: rng is ignored. OQS and PQM4 don't use our RNG. + * NOTE: rng is ignored. OQS doesn't use our RNG. * * @param [in, out] key Kyber key ovject. * @param [in] rng Random number generator. @@ -362,14 +344,6 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng) wolfSSL_liboqsRngMutexUnlock(); OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_keypair(key->pub, key->priv) != 0) { - WOLFSSL_MSG("PQM4 keygen failure"); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ if (ret != 0) { ForceZero(key, sizeof(*key)); @@ -394,7 +368,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, { (void)rand; (void)len; - /* OQS and PQM4 don't support external randomness. */ + /* OQS doesn't support external randomness. */ return wc_KyberKey_MakeKey(key, NULL); } @@ -471,14 +445,6 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss, wolfSSL_liboqsRngMutexUnlock(); OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_enc(ct, ss, key->pub) != 0) { - WOLFSSL_MSG("PQM4 Encapsulation failure."); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ return ret; } @@ -501,7 +467,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, { (void)rand; (void)len; - /* OQS and PQM4 don't support external randomness. */ + /* OQS doesn't support external randomness. */ return wc_KyberKey_Encapsulate(key, ct, ss, NULL); } @@ -577,14 +543,6 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_dec(ss, ct, key->priv) != 0) { - WOLFSSL_MSG("PQM4 Decapsulation failure."); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ return ret; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2971be18ec..c54a8be2b6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -314,7 +314,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef WOLFSSL_WC_KYBER #include #endif -#if defined(HAVE_LIBOQS) || defined(HAVE_PQM4) +#if defined(HAVE_LIBOQS) #include #endif #endif @@ -37758,7 +37758,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) #endif /* HAVE_ED448 */ #ifdef WOLFSSL_HAVE_KYBER -#ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */ +#ifdef WOLFSSL_WC_KYBER /* OQS does not support KATs */ #ifdef WOLFSSL_KYBER512 static wc_test_ret_t kyber512_kat(void) { diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 4b53db9d36..72e5cca34c 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -75,7 +75,7 @@ #include #ifdef WOLFSSL_WC_KYBER #include -#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4) +#elif defined(HAVE_LIBOQS) #include #endif #endif diff --git a/wolfssl/wolfcrypt/ext_kyber.h b/wolfssl/wolfcrypt/ext_kyber.h index 95b22a1a84..6e7f6908ec 100644 --- a/wolfssl/wolfcrypt/ext_kyber.h +++ b/wolfssl/wolfcrypt/ext_kyber.h @@ -29,8 +29,8 @@ #ifdef WOLFSSL_HAVE_KYBER #include -#if !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) -#error "This code requires liboqs or pqm4" +#if !defined(HAVE_LIBOQS) +#error "This code requires liboqs" #endif #if defined(WOLFSSL_WC_KYBER) @@ -41,15 +41,6 @@ #include #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key #define EXT_KYBER_MAX_PUB_SZ OQS_KEM_kyber_1024_length_public_key -#elif defined(HAVE_PQM4) - #include "api_kyber.h" - #define PQM4_PUBLIC_KEY_LENGTH CRYPTO_PUBLICKEYBYTES - #define PQM4_PRIVATE_KEY_LENGTH CRYPTO_SECRETKEYBYTES - #define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES - #define PQM4_CIPHERTEXT_LENGTH CRYPTO_CIPHERTEXTBYTES - - #define EXT_KYBER_MAX_PRIV_SZ PQM4_PRIVATE_KEY_LENGTH - #define EXT_KYBER_MAX_PUB_SZ PQM4_PUBLIC_KEY_LENGTH #endif struct KyberKey { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 60562d321e..9c25c8b901 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3514,14 +3514,6 @@ extern void uITRON4_free(void *p) ; #endif #endif -#ifdef HAVE_PQM4 -#define HAVE_PQC -#define WOLFSSL_HAVE_KYBER -#define WOLFSSL_KYBER512 -#define WOLFSSL_NO_KYBER768 -#define WOLFSSL_NO_KYBER1024 -#endif - #if (defined(HAVE_LIBOQS) || \ defined(HAVE_LIBXMSS) || \ defined(HAVE_LIBLMS) || \ @@ -3530,15 +3522,10 @@ extern void uITRON4_free(void *p) ; #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS #endif -#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \ - !defined(WOLFSSL_HAVE_KYBER) +#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_KYBER) #error Please do not define HAVE_PQC yourself. #endif -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4) -#error Please do not define both HAVE_LIBOQS and HAVE_PQM4. -#endif - #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \ !defined(WOLFSSL_DTLS_CH_FRAG) #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \