-
Notifications
You must be signed in to change notification settings - Fork 820
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more PQC hybrid key exchange algorithms #7821
base: master
Are you sure you want to change the base?
Add more PQC hybrid key exchange algorithms #7821
Conversation
Can one of the admins verify this patch? |
Okay to test. Contributor agreement on file. @anhu please review. Thanks |
Seems to be consistently failing with:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be sure to test against --enable-kyber
{ WOLFSSL_X25519_KYBER_LEVEL1, "X25519_KYBER_LEVEL1" }, | ||
{ WOLFSSL_X448_KYBER_LEVEL3, "X448_KYBER_LEVEL3" }, | ||
{ WOLFSSL_X25519_KYBER_LEVEL3, "X25519_KYBER_LEVEL3" }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its interesting.
You are adding :
- WOLFSSL_X25519_KYBER_LEVEL1
- WOLFSSL_X448_KYBER_LEVEL3
- WOLFSSL_X25519_KYBER_LEVEL3
- WOLFSSL_P256_KYBER_LEVEL3
- WOLFSSL_P384_KYBER_LEVEL5
Can you let us know why you are adding these? I suppose they are to interop with other places, but can you let us know specifically (ie which ones are mozilla and which ones are liboqs)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am currently investigating the real-world performance impact of various PQC deployments in different embedded context (for my PhD). As hybrid constellations using X25519
and X448
are pretty popular in other projects, I wanted to test them, too. That's why I started this work in the first place.
The compatibility with the web browsers is based on the use case to access a web-based management interface of an embedded device and to make that PQC secure. For that, WOLFSSL_X25519_KYBER_LEVEL3
is the relevant hybrid constellation (that is what browser vendors are currently settled on).
The other constellations are based on what OQS has defined. I added them (besides my internal performance tests) for general interoperability with OQS and because it wasn't much overhead anyway.
ca3082c
to
cab79bc
Compare
Updated the PR with a fix for the failing tests.
The tests now properly work with Furthermore, I updated the unit tests to also test the new changes. The only thing I had to test manually are the new hybrid curves with DTLS (when also enabled with |
Hi @Frauschi we had some issues with our GitHub CI actions. If you rebase this to latest master it should resolve the errors you are seeing. Thank you |
cab79bc
to
817d95e
Compare
Rebased to current master. Thanks for the hint. FYI, I'm on vacation for the next two weeks, so any upcoming work on this will probably be delayed until afterward. |
817d95e
to
418b80e
Compare
Rebased to current master (since #7807 has been merged). I also think that the one NGINX test that has been failing wasn't related to this PR's changes? Can someone retest this please? |
retest this please. |
This says the branch has conflicts that must be resolved. Could you rebase on top of wolfssl/master please? |
Add support for all remaining hybrid PQC + ECC hybrid key exchange groups to match OQS. Next to two new combinations with SECP curves, this mainly also adds support for combinations with X25519 and X448. This also enables compatability with the PQC key exchange support in Chromium browsers and Mozilla Firefox (hybrid Kyber768 and X25519; when `WOLFSSL_KYBER_ORIGINAL` is defined). In the process of extending support, some code and logic cleanup happened. Furthermore, two memory leaks within the hybrid code path have been fixed. Signed-off-by: Tobias Frauenschläger <[email protected]>
418b80e
to
6d0774b
Compare
Rebased to current master. I also updated the PR to reflect the latest Code Point changes in OQS and also incorporated the new Code Points currently set in draft-kwiatkowski-tls-ecdhe-mlkem. The only thing that is not done yet is the proposed swap of classic and PQC key material within draft-kwiatkowski-tls-ecdhe-mlkem in the key share in case of X25519 hybrids. This is done to always have a FIPS approved algorithms first in case of hybrids (and X25519 is not FIPS approved). See here. This swap still has to be implemented. However, that will require more thorough code changes. I think I can tackle that around next week. You can decide if this should also go into this PR, or if that should go in a separate one. |
Hi,
This PR adds support for all remaining hybrid PQC + ECC hybrid key exchange groups to match OQS. Next to two new combinations with SECP curves, this mainly also adds support for combinations with X25519 and X448.
This also enables compatibility with the PQC key exchange support in Chromium browsers and Mozilla Firefox (hybrid Kyber768 and X25519; when
WOLFSSL_ML_KEM
is not defined).In the process of extending support, some code and logic cleanup happened. Furthermore, two memory leaks within the hybrid code path have been fixed.
Looking forward to your feedback.