Skip to content

Commit

Permalink
Merge pull request #184 from expressvpn/CVPN-1636-mlkem-kyber-server
Browse files Browse the repository at this point in the history 
CVPN-1636 Supports both ML-KEM and Kyber in server
  • Loading branch information
@kp-thomas-yau
kp-thomas-yau authored Dec 5, 2024
2 parents 3c442d1 + e8dcbd0 commit 53bbe8a
Show file tree
Hide file tree
Showing 7 changed files with 11 additions and 10 deletions.
2 changes: 1 addition & 1 deletion 3rd_party_deps.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@
--enable-tls13
--enable-experimental
--enable-sha3
--enable-kyber=all,original
--enable-kyber=all,original,ml-kem
2 changes: 1 addition & 1 deletion ios/autotools-ios-helper.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ build() {
--enable-aes-bitsliced \
--enable-experimental \
--enable-sha3 \
--enable-kyber=all,original
--enable-kyber=all,original,ml-kem
make clean
mkdir -p "${EXEC_PREFIX}"
make V=1 -j"${MAKE_JOBS}" --debug=j
Expand Down
7 changes: 4 additions & 3 deletions src/he/ssl_ctx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,10 +289,11 @@ he_return_code_t he_ssl_ctx_start_server(he_ssl_ctx_t *ctx) {
}

#ifndef HE_NO_PQC
int SERVER_CURVE_PQC_GROUPS[4] = {WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1,
WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519};
int SERVER_CURVE_PQC_GROUPS[5] = {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_P521_KYBER_LEVEL5,
WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1,
WOLFSSL_ECC_X25519};

res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 4);
res = wolfSSL_CTX_set_groups(ctx->wolf_ctx, SERVER_CURVE_PQC_GROUPS, 5);
#else
int SERVER_CURVE_BASE_GROUPS[2] = {WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_X25519};

Expand Down
4 changes: 2 additions & 2 deletions test/he/test_ssl_ctx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ void test_he_server_connect_succeeds(void) {
SSL_SUCCESS);

#ifndef HE_NO_PQC
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS);
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS);
#else
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS);
#endif
Expand Down Expand Up @@ -486,7 +486,7 @@ void test_he_server_connect_succeeds_streaming(void) {
my_ctx, "TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256", SSL_SUCCESS);

#ifndef HE_NO_PQC
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 4, SSL_SUCCESS);
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 5, SSL_SUCCESS);
#else
wolfSSL_CTX_set_groups_ExpectAndReturn(my_ctx, NULL, 2, SSL_SUCCESS);
#endif
Expand Down
2 changes: 1 addition & 1 deletion windows/wolfssl-user_settings-32.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
#define WOLFSSL_KYBER_ORIGINAL

#undef WOLFSSL_NO_ML_KEM
#define WOLFSSL_NO_ML_KEM
// #define WOLFSSL_NO_ML_KEM

// Needed for using WolfSSL's Kyber implementation
#undef WOLFSSL_SHA3
Expand Down
2 changes: 1 addition & 1 deletion windows/wolfssl-user_settings-64.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
#define WOLFSSL_KYBER_ORIGINAL

#undef WOLFSSL_NO_ML_KEM
#define WOLFSSL_NO_ML_KEM
// #define WOLFSSL_NO_ML_KEM

// Needed for using WolfSSL's Kyber implementation
#undef WOLFSSL_SHA3
Expand Down
2 changes: 1 addition & 1 deletion windows/wolfssl-user_settings-arm-64.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
#define WOLFSSL_KYBER_ORIGINAL

#undef WOLFSSL_NO_ML_KEM
#define WOLFSSL_NO_ML_KEM
// #define WOLFSSL_NO_ML_KEM

// Needed for using WolfSSL's Kyber implementation
#undef WOLFSSL_SHA3
Expand Down

0 comments on commit 53bbe8a

Please sign in to comment.