Skip to content

Commit

Permalink
Merge pull request #195 from expressvpn/CVPN-1445-enable-mlkem-and-kyber
Browse files Browse the repository at this point in the history
CVPN-1445 Add ML-KEM groups
  • Loading branch information
kp-thomas-yau authored Nov 26, 2024
2 parents 4ebd1ba + ad3519d commit 1e40355
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 6 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions wolfssl-sys/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,14 @@ bindgen = "0.70"
autotools = "0.2"
build-target = "0.4.0"

[dev-dependencies]
test-case = "3.0"

[features]
default = ["postquantum"]
debug = []
postquantum = []
kyber_only = ["postquantum"]

[[example]]
name = "connect_pq"
Expand Down
7 changes: 6 additions & 1 deletion wolfssl-sys/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,13 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {
}

if cfg!(feature = "postquantum") {
let flags = if cfg!(feature = "kyber_only") {
"all,original"
} else {
"all,original,ml-kem"
};
// Enable Kyber
conf.enable("kyber", Some("all,original"))
conf.enable("kyber", Some(flags))
// SHA3 is needed for using WolfSSL's implementation of Kyber/ML-KEM
.enable("sha3", None);
}
Expand Down
11 changes: 6 additions & 5 deletions wolfssl-sys/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ pub use bindings::*;
#[cfg(test)]
mod tests {
use std::os::raw::c_int;
use test_case::test_case;

use super::*;
#[test]
Expand All @@ -17,9 +18,10 @@ mod tests {
}
}

#[test]
#[cfg(feature = "postquantum")]
fn test_post_quantum_available() {
#[test_case(WOLFSSL_P521_KYBER_LEVEL5)]
#[cfg_attr(not(feature = "kyber_only"), test_case(WOLFSSL_P521_ML_KEM_1024))]
fn test_post_quantum_available(group: std::os::raw::c_uint) {
unsafe {
// Init WolfSSL
let res = wolfSSL_Init();
Expand All @@ -34,10 +36,9 @@ mod tests {
// Create new SSL stream
let ssl = wolfSSL_new(context);

// Enable Kyber
let res = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5.try_into().unwrap());
let res = wolfSSL_UseKeyShare(ssl, group.try_into().unwrap());

// Check that Kyber was enabled
// Check that Kyber/ML-KEM was enabled
assert_eq!(res, WOLFSSL_SUCCESS as c_int);
}
}
Expand Down
1 change: 1 addition & 0 deletions wolfssl/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ keywords = ["wolfssl", "vpn", "lightway", "post-quantum", "cryptography"]
default = ["postquantum"]
postquantum = ["wolfssl-sys/postquantum"]
debug = ["wolfssl-sys/debug"] # Note that application code must also call wolfssl::enable_debugging(true)
kyber_only = ["wolfssl-sys/kyber_only"]

[lints.rust]
missing_docs = "deny"
Expand Down
16 changes: 16 additions & 0 deletions wolfssl/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,16 @@ pub enum CurveGroup {
/// `WOLFSSL_P521_KYBER_LEVEL5`
#[cfg(feature = "postquantum")]
P521KyberLevel5,

/// `WOLFSSL_P256_ML_KEM_512`
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P256MLKEM512,
/// `WOLFSSL_P384_ML_KEM_768`
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P384MLKEM768,
/// `WOLFSSL_P521_ML_KEM_1024`
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P521MLKEM1024,
}

impl CurveGroup {
Expand All @@ -250,6 +260,12 @@ impl CurveGroup {
P384KyberLevel3 => wolfssl_sys::WOLFSSL_P384_KYBER_LEVEL3,
#[cfg(feature = "postquantum")]
P521KyberLevel5 => wolfssl_sys::WOLFSSL_P521_KYBER_LEVEL5,
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P256MLKEM512 => wolfssl_sys::WOLFSSL_P256_ML_KEM_512,
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P384MLKEM768 => wolfssl_sys::WOLFSSL_P384_ML_KEM_768,
#[cfg(all(feature = "postquantum", not(feature = "kyber_only")))]
P521MLKEM1024 => wolfssl_sys::WOLFSSL_P521_ML_KEM_1024,
}
}
}
Expand Down

0 comments on commit 1e40355

Please sign in to comment.