Browse Source

Purge NTRU and SABER. Not going to be standardized.

Anthony Hu 1 year ago
parent
commit
0bfa5c9836
10 changed files with 14 additions and 513 deletions
  1. 2 2
      INSTALL
  2. 0 14
      examples/benchmark/tls_bench.c
  3. 4 54
      examples/client/client.c
  4. 4 54
      examples/server/server.c
  5. 0 62
      src/ssl.c
  6. 0 105
      src/tls.c
  7. 2 6
      tests/api.c
  8. 0 140
      tests/test-tls13-pq-2.conf
  9. 0 60
      wolfcrypt/benchmark/benchmark.c
  10. 2 16
      wolfssl/ssl.h

+ 2 - 2
INSTALL

@@ -221,8 +221,8 @@
     - FALCON (signature scheme)
     - SPHINCS+ (signature scheme)
 
-    The following NIST Competition Round 3 finalist algorithms are supported,
-    but are deprecated and will be removed soon:
+    The following NIST Competition Round 3 finalist algorithms were supported,
+    but have been removed after 5.3.3
     - SABER (KEM)
     - NTRU (KEM)
 

+ 0 - 14
examples/benchmark/tls_bench.c

@@ -273,26 +273,12 @@ static struct group_info groups[] = {
     { WOLFSSL_FFDHE_6144, "FFDHE_6144" },
     { WOLFSSL_FFDHE_8192, "FFDHE_8192" },
 #ifdef HAVE_PQC
-    { WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
-    { WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
-    { WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
-    { WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
-    { WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
-    { WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
-    { WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
     { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
     { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
     { WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
     { WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
     { WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
-    { WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
-    { WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
-    { WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
-    { WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
-    { WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
-    { WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
-    { WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
     { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
     { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
     { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },

+ 4 - 54
examples/client/client.c

@@ -385,27 +385,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL1") == 0) {
-                group = WOLFSSL_NTRU_HPS_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL3") == 0) {
-                group = WOLFSSL_NTRU_HPS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL5") == 0) {
-                group = WOLFSSL_NTRU_HPS_LEVEL5;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HRSS_LEVEL3") == 0) {
-                group = WOLFSSL_NTRU_HRSS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL1") == 0) {
-                group = WOLFSSL_SABER_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL3") == 0) {
-                group = WOLFSSL_SABER_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL5") == 0) {
-                group = WOLFSSL_SABER_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
                 group = WOLFSSL_KYBER_90S_LEVEL1;
             }
@@ -415,27 +394,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_90S_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_NTRU_HPS_LEVEL1") == 0) {
-                group = WOLFSSL_P256_NTRU_HPS_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_NTRU_HPS_LEVEL3") == 0) {
-                group = WOLFSSL_P384_NTRU_HPS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_NTRU_HPS_LEVEL5") == 0) {
-                group = WOLFSSL_P521_NTRU_HPS_LEVEL5;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_NTRU_HRSS_LEVEL3") == 0) {
-                group = WOLFSSL_P384_NTRU_HRSS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P256_SABER_LEVEL1") == 0) {
-                group = WOLFSSL_P256_SABER_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_SABER_LEVEL3") == 0) {
-                group = WOLFSSL_P384_SABER_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_SABER_LEVEL5") == 0) {
-                group = WOLFSSL_P521_SABER_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_P256_KYBER_LEVEL1;
             }
@@ -1308,12 +1266,8 @@ static const char* client_usage_msg[][70] = {
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
             "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n"
-            "            SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
-            "            P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
-            "            P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
-            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
-            "            P521_KYBER_90S_LEVEL5]\n",                         /* 70 */
+            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
+            "            P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n",  /* 70 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 71 */
@@ -1532,12 +1486,8 @@ static const char* client_usage_msg[][70] = {
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
             "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n"
-            "            SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
-            "            P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
-            "            P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
-            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
-            "            P521_KYBER_90S_LEVEL5]\n",                  /* 70 */
+            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
+            "            P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 70 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */

+ 4 - 54
examples/server/server.c

@@ -707,27 +707,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL1") == 0)  {
-                groups[count] = WOLFSSL_NTRU_HPS_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_NTRU_HPS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HPS_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_NTRU_HPS_LEVEL5;
-            }
-            else if (XSTRCMP(pqcAlg, "NTRU_HRSS_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_NTRU_HRSS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL1") == 0) {
-                groups[count] = WOLFSSL_SABER_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_SABER_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "SABER_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_SABER_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_KYBER_90S_LEVEL1;
             }
@@ -737,27 +716,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_90S_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_NTRU_HPS_LEVEL1") == 0) {
-                groups[count] = WOLFSSL_P256_NTRU_HPS_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_NTRU_HPS_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_P384_NTRU_HPS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_NTRU_HPS_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_P521_NTRU_HPS_LEVEL5;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_NTRU_HRSS_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_P384_NTRU_HRSS_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P256_SABER_LEVEL1") == 0) {
-                groups[count] = WOLFSSL_P256_SABER_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_SABER_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_P384_SABER_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_SABER_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_P521_SABER_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
             }
@@ -995,12 +953,8 @@ static const char* server_usage_msg[][65] = {
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
             "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n"
-            "            SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
-            "            P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
-            "            P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
-            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
-            "            P521_KYBER_90S_LEVEL5]\n",                          /* 60 */
+            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
+            "            P384_KYBER_90S_LEVEL3,  P521_KYBER_90S_LEVEL5]\n", /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -1186,12 +1140,8 @@ static const char* server_usage_msg[][65] = {
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
             "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            NTRU_HPS_LEVEL1, NTRU_HPS_LEVEL3, NTRU_HPS_LEVEL5, NTRU_HRSS_LEVEL3,\n"
-            "            SABER_LEVEL1, SABER_LEVEL3, SABER_LEVEL5, P256_NTRU_HPS_LEVEL1,\n"
-            "            P384_NTRU_HPS_LEVEL3, P521_NTRU_HPS_LEVEL5, P384_NTRU_HRSS_LEVEL3,\n"
-            "            P256_SABER_LEVEL1, P384_SABER_LEVEL3, P521_SABER_LEVEL5, P256_KYBER_LEVEL1,\n"
-            "            P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3,\n"
-            "            P521_KYBER_90S_LEVEL5]\n",                          /* 60 */
+            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
+            "            P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n",       /* 61 */

+ 0 - 62
src/ssl.c

@@ -246,23 +246,6 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
     {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3},
     {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5},
 #ifdef HAVE_LIBOQS
-    {XSTR_SIZEOF("NTRU_HPS_LEVEL1"), "NTRU_HPS_LEVEL1", WOLFSSL_NTRU_HPS_LEVEL1},
-    {XSTR_SIZEOF("NTRU_HPS_LEVEL3"), "NTRU_HPS_LEVEL3", WOLFSSL_NTRU_HPS_LEVEL3},
-    {XSTR_SIZEOF("NTRU_HPS_LEVEL5"), "NTRU_HPS_LEVEL5", WOLFSSL_NTRU_HPS_LEVEL5},
-    {XSTR_SIZEOF("NTRU_HRSS_LEVEL3"), "NTRU_HRSS_LEVEL3", WOLFSSL_NTRU_HRSS_LEVEL3},
-    {XSTR_SIZEOF("SABER_LEVEL1"), "SABER_LEVEL1", WOLFSSL_SABER_LEVEL1},
-    {XSTR_SIZEOF("SABER_LEVEL3"), "SABER_LEVEL3", WOLFSSL_SABER_LEVEL3},
-    {XSTR_SIZEOF("SABER_LEVEL5"), "SABER_LEVEL5", WOLFSSL_SABER_LEVEL5},
-    {XSTR_SIZEOF("KYBER_90S_LEVEL1"), "KYBER_90S_LEVEL1", WOLFSSL_KYBER_90S_LEVEL1},
-    {XSTR_SIZEOF("KYBER_90S_LEVEL3"), "KYBER_90S_LEVEL3", WOLFSSL_KYBER_90S_LEVEL3},
-    {XSTR_SIZEOF("KYBER_90S_LEVEL5"), "KYBER_90S_LEVEL5", WOLFSSL_KYBER_90S_LEVEL5},
-    {XSTR_SIZEOF("P256_NTRU_HPS_LEVEL1"), "P256_NTRU_HPS_LEVEL1", WOLFSSL_P256_NTRU_HPS_LEVEL1},
-    {XSTR_SIZEOF("P384_NTRU_HPS_LEVEL3"), "P384_NTRU_HPS_LEVEL3", WOLFSSL_P384_NTRU_HPS_LEVEL3},
-    {XSTR_SIZEOF("P521_NTRU_HPS_LEVEL5"), "P521_NTRU_HPS_LEVEL5", WOLFSSL_P521_NTRU_HPS_LEVEL5},
-    {XSTR_SIZEOF("P384_NTRU_HRSS_LEVEL3"), "P384_NTRU_HRSS_LEVEL3", WOLFSSL_P384_NTRU_HRSS_LEVEL3},
-    {XSTR_SIZEOF("P256_SABER_LEVEL1"), "P256_SABER_LEVEL1", WOLFSSL_P256_SABER_LEVEL1},
-    {XSTR_SIZEOF("P384_SABER_LEVEL3"), "P384_SABER_LEVEL3", WOLFSSL_P384_SABER_LEVEL3},
-    {XSTR_SIZEOF("P521_SABER_LEVEL5"), "P521_SABER_LEVEL5", WOLFSSL_P521_SABER_LEVEL5},
     {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1},
     {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3},
     {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5},
@@ -2945,26 +2928,9 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
     #ifdef HAVE_LIBOQS
-        case WOLFSSL_NTRU_HPS_LEVEL1:
-        case WOLFSSL_NTRU_HPS_LEVEL3:
-        case WOLFSSL_NTRU_HPS_LEVEL5:
-        case WOLFSSL_NTRU_HRSS_LEVEL3:
-        case WOLFSSL_SABER_LEVEL1:
-        case WOLFSSL_SABER_LEVEL3:
-        case WOLFSSL_SABER_LEVEL5:
         case WOLFSSL_KYBER_90S_LEVEL1:
         case WOLFSSL_KYBER_90S_LEVEL3:
         case WOLFSSL_KYBER_90S_LEVEL5:
-        case WOLFSSL_P256_NTRU_HPS_LEVEL1:
-        case WOLFSSL_P384_NTRU_HPS_LEVEL3:
-        case WOLFSSL_P521_NTRU_HPS_LEVEL5:
-        case WOLFSSL_P384_NTRU_HRSS_LEVEL3:
-        case WOLFSSL_P256_SABER_LEVEL1:
-        case WOLFSSL_P384_SABER_LEVEL3:
-        case WOLFSSL_P521_SABER_LEVEL5:
-        case WOLFSSL_P256_KYBER_LEVEL1:
-        case WOLFSSL_P384_KYBER_LEVEL3:
-        case WOLFSSL_P521_KYBER_LEVEL5:
         case WOLFSSL_P256_KYBER_90S_LEVEL1:
         case WOLFSSL_P384_KYBER_90S_LEVEL3:
         case WOLFSSL_P521_KYBER_90S_LEVEL5:
@@ -21341,40 +21307,12 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "KYBER_LEVEL3";
         case WOLFSSL_KYBER_LEVEL5:
             return "KYBER_LEVEL5";
-        case WOLFSSL_NTRU_HPS_LEVEL1:
-            return "NTRU_HPS_LEVEL1";
-        case WOLFSSL_NTRU_HPS_LEVEL3:
-            return "NTRU_HPS_LEVEL3";
-        case WOLFSSL_NTRU_HPS_LEVEL5:
-            return "NTRU_HPS_LEVEL5";
-        case WOLFSSL_NTRU_HRSS_LEVEL3:
-            return "NTRU_HRSS_LEVEL3";
-        case WOLFSSL_SABER_LEVEL1:
-            return "SABER_LEVEL1";
-        case WOLFSSL_SABER_LEVEL3:
-            return "SABER_LEVEL3";
-        case WOLFSSL_SABER_LEVEL5:
-            return "SABER_LEVEL5";
         case WOLFSSL_KYBER_90S_LEVEL1:
             return "KYBER_90S_LEVEL1";
         case WOLFSSL_KYBER_90S_LEVEL3:
             return "KYBER_90S_LEVEL3";
         case WOLFSSL_KYBER_90S_LEVEL5:
             return "KYBER_90S_LEVEL5";
-        case WOLFSSL_P256_NTRU_HPS_LEVEL1:
-            return "P256_NTRU_HPS_LEVEL1";
-        case WOLFSSL_P384_NTRU_HPS_LEVEL3:
-            return "P384_NTRU_HPS_LEVEL3";
-        case WOLFSSL_P521_NTRU_HPS_LEVEL5:
-            return "P521_NTRU_HPS_LEVEL5";
-        case WOLFSSL_P384_NTRU_HRSS_LEVEL3:
-            return "P384_NTRU_HRSS_LEVEL3";
-        case WOLFSSL_P256_SABER_LEVEL1:
-            return "P256_SABER_LEVEL1";
-        case WOLFSSL_P384_SABER_LEVEL3:
-            return "P384_SABER_LEVEL3";
-        case WOLFSSL_P521_SABER_LEVEL5:
-            return "P521_SABER_LEVEL5";
         case WOLFSSL_P256_KYBER_LEVEL1:
             return "P256_KYBER_LEVEL1";
         case WOLFSSL_P384_KYBER_LEVEL3:

+ 0 - 105
src/tls.c

@@ -7138,13 +7138,6 @@ static const char* OQS_ID2name(int id)
         case WOLFSSL_KYBER_LEVEL1:     return OQS_KEM_alg_kyber_512;
         case WOLFSSL_KYBER_LEVEL3:     return OQS_KEM_alg_kyber_768;
         case WOLFSSL_KYBER_LEVEL5:     return OQS_KEM_alg_kyber_1024;
-        case WOLFSSL_NTRU_HPS_LEVEL1:  return OQS_KEM_alg_ntru_hps2048509;
-        case WOLFSSL_NTRU_HPS_LEVEL3:  return OQS_KEM_alg_ntru_hps2048677;
-        case WOLFSSL_NTRU_HPS_LEVEL5:  return OQS_KEM_alg_ntru_hps4096821;
-        case WOLFSSL_NTRU_HRSS_LEVEL3: return OQS_KEM_alg_ntru_hrss701;
-        case WOLFSSL_SABER_LEVEL1:     return OQS_KEM_alg_saber_lightsaber;
-        case WOLFSSL_SABER_LEVEL3:     return OQS_KEM_alg_saber_saber;
-        case WOLFSSL_SABER_LEVEL5:     return OQS_KEM_alg_saber_firesaber;
         case WOLFSSL_KYBER_90S_LEVEL1: return OQS_KEM_alg_kyber_512_90s;
         case WOLFSSL_KYBER_90S_LEVEL3: return OQS_KEM_alg_kyber_768_90s;
         case WOLFSSL_KYBER_90S_LEVEL5: return OQS_KEM_alg_kyber_1024_90s;
@@ -7161,20 +7154,6 @@ typedef struct PqcHybridMapping {
 } PqcHybridMapping;
 
 static const PqcHybridMapping pqc_hybrid_mapping[] = {
-    {.hybrid = WOLFSSL_P256_NTRU_HPS_LEVEL1,  .ecc = WOLFSSL_ECC_SECP256R1,
-     .pqc = WOLFSSL_NTRU_HPS_LEVEL1},
-    {.hybrid = WOLFSSL_P384_NTRU_HPS_LEVEL3,  .ecc = WOLFSSL_ECC_SECP384R1,
-     .pqc = WOLFSSL_NTRU_HPS_LEVEL3},
-    {.hybrid = WOLFSSL_P521_NTRU_HPS_LEVEL5,  .ecc = WOLFSSL_ECC_SECP521R1,
-     .pqc = WOLFSSL_NTRU_HPS_LEVEL5},
-    {.hybrid = WOLFSSL_P384_NTRU_HRSS_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1,
-     .pqc = WOLFSSL_NTRU_HRSS_LEVEL3},
-    {.hybrid = WOLFSSL_P256_SABER_LEVEL1,     .ecc = WOLFSSL_ECC_SECP256R1,
-     .pqc = WOLFSSL_SABER_LEVEL1},
-    {.hybrid = WOLFSSL_P384_SABER_LEVEL3,     .ecc = WOLFSSL_ECC_SECP384R1,
-     .pqc = WOLFSSL_SABER_LEVEL3},
-    {.hybrid = WOLFSSL_P521_SABER_LEVEL5,     .ecc = WOLFSSL_ECC_SECP521R1,
-     .pqc = WOLFSSL_SABER_LEVEL5},
     {.hybrid = WOLFSSL_P256_KYBER_LEVEL1,     .ecc = WOLFSSL_ECC_SECP256R1,
      .pqc = WOLFSSL_KYBER_LEVEL1},
     {.hybrid = WOLFSSL_P384_KYBER_LEVEL3,     .ecc = WOLFSSL_ECC_SECP384R1,
@@ -9593,23 +9572,9 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
         case WOLFSSL_KYBER_LEVEL1:
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
-        case WOLFSSL_NTRU_HPS_LEVEL1:
-        case WOLFSSL_NTRU_HPS_LEVEL3:
-        case WOLFSSL_NTRU_HPS_LEVEL5:
-        case WOLFSSL_NTRU_HRSS_LEVEL3:
-        case WOLFSSL_SABER_LEVEL1:
-        case WOLFSSL_SABER_LEVEL3:
-        case WOLFSSL_SABER_LEVEL5:
         case WOLFSSL_KYBER_90S_LEVEL1:
         case WOLFSSL_KYBER_90S_LEVEL3:
         case WOLFSSL_KYBER_90S_LEVEL5:
-        case WOLFSSL_P256_NTRU_HPS_LEVEL1:
-        case WOLFSSL_P384_NTRU_HPS_LEVEL3:
-        case WOLFSSL_P521_NTRU_HPS_LEVEL5:
-        case WOLFSSL_P384_NTRU_HRSS_LEVEL3:
-        case WOLFSSL_P256_SABER_LEVEL1:
-        case WOLFSSL_P384_SABER_LEVEL3:
-        case WOLFSSL_P521_SABER_LEVEL5:
         case WOLFSSL_P256_KYBER_LEVEL1:
         case WOLFSSL_P384_KYBER_LEVEL3:
         case WOLFSSL_P521_KYBER_LEVEL5:
@@ -9715,40 +9680,12 @@ static int TLSX_KeyShare_GroupRank(WOLFSSL* ssl, int group)
                 ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL3;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_LEVEL5))
                 ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_LEVEL5;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL1))
-                ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL1;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HPS_LEVEL5))
-                ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HPS_LEVEL5;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_NTRU_HRSS_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_NTRU_HRSS_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL1))
-                ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL1;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_SABER_LEVEL5))
-                ssl->group[ssl->numGroups++] = WOLFSSL_SABER_LEVEL5;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL1))
                 ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL1;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL3))
                 ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL3;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_KYBER_90S_LEVEL5))
                 ssl->group[ssl->numGroups++] = WOLFSSL_KYBER_90S_LEVEL5;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_NTRU_HPS_LEVEL1))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P256_NTRU_HPS_LEVEL1;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HPS_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HPS_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_NTRU_HPS_LEVEL5))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P521_NTRU_HPS_LEVEL5;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_NTRU_HRSS_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P384_NTRU_HRSS_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_SABER_LEVEL1))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P256_SABER_LEVEL1;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_SABER_LEVEL3))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P384_SABER_LEVEL3;
-            if (TLSX_KeyShare_IsSupported(WOLFSSL_P521_SABER_LEVEL5))
-                ssl->group[ssl->numGroups++] = WOLFSSL_P521_SABER_LEVEL5;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_P256_KYBER_LEVEL1))
                 ssl->group[ssl->numGroups++] = WOLFSSL_P256_KYBER_LEVEL1;
             if (TLSX_KeyShare_IsSupported(WOLFSSL_P384_KYBER_LEVEL3))
@@ -11801,27 +11738,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
                                      ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL1,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HPS_LEVEL5,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_NTRU_HRSS_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL1,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SABER_LEVEL5,
-                                     ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL1,
                                      ssl->heap);
@@ -11831,27 +11747,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_90S_LEVEL5,
                                      ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_NTRU_HPS_LEVEL1,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HPS_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_NTRU_HPS_LEVEL5,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_NTRU_HRSS_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_SABER_LEVEL1,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_SABER_LEVEL3,
-                                     ssl->heap);
-    if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_SABER_LEVEL5,
-                                     ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1,
                                      ssl->heap);

+ 2 - 6
tests/api.c

@@ -50957,9 +50957,7 @@ static int test_tls13_apis(void)
 #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
     int          groups[2] = { WOLFSSL_ECC_SECP256R1,
 #ifdef HAVE_PQC
-    #ifndef WOLFSSL_WC_KYBER
-                               WOLFSSL_SABER_LEVEL3
-    #else
+    #ifdef WOLFSSL_WC_KYBER
                                WOLFSSL_KYBER_LEVEL1
     #endif
 #else
@@ -50983,9 +50981,7 @@ static int test_tls13_apis(void)
 #if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
             "P-256"
 #ifdef HAVE_PQC
-    #ifndef WOLFSSL_WC_KYBER
-            ":P256_SABER_LEVEL1"
-    #else
+    #ifdef WOLFSSL_WC_KYBER
             ":P256_KYBER_LEVEL1"
     #endif
 #endif

+ 0 - 140
tests/test-tls13-pq-2.conf

@@ -28,146 +28,6 @@
 -l TLS13-AES256-GCM-SHA384
 --pqc KYBER_90S_LEVEL5
 
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HPS_LEVEL5
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HRSS_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc NTRU_HRSS_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc SABER_LEVEL5
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_NTRU_HPS_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_NTRU_HPS_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_NTRU_HPS_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_NTRU_HPS_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_NTRU_HPS_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_NTRU_HPS_LEVEL5
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_NTRU_HRSS_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_NTRU_HRSS_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_SABER_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_SABER_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_SABER_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_SABER_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_SABER_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_SABER_LEVEL5
-
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384

+ 0 - 60
wolfcrypt/benchmark/benchmark.c

@@ -453,18 +453,6 @@ static const char err_prefix[] = "";
 #define BENCH_KYBER90S_LEVEL3_ENCAP     0x00000800
 #define BENCH_KYBER90S_LEVEL5_KEYGEN    0x00001000
 #define BENCH_KYBER90S_LEVEL5_ENCAP     0x00002000
-#define BENCH_SABER_LEVEL1_KEYGEN       0x00004000
-#define BENCH_SABER_LEVEL1_ENCAP        0x00008000
-#define BENCH_SABER_LEVEL3_KEYGEN       0x00010000
-#define BENCH_SABER_LEVEL3_ENCAP        0x00020000
-#define BENCH_SABER_LEVEL5_KEYGEN       0x00040000
-#define BENCH_SABER_LEVEL5_ENCAP        0x00080000
-#define BENCH_NTRUHPS_LEVEL1_KEYGEN     0x00100000
-#define BENCH_NTRUHPS_LEVEL1_ENCAP      0x00200000
-#define BENCH_NTRUHPS_LEVEL3_KEYGEN     0x00400000
-#define BENCH_NTRUHPS_LEVEL3_ENCAP      0x00800000
-#define BENCH_NTRUHPS_LEVEL5_KEYGEN     0x01000000
-#define BENCH_NTRUHPS_LEVEL5_ENCAP      0x02000000
 #define BENCH_DILITHIUM_LEVEL2_SIGN     0x04000000
 #define BENCH_DILITHIUM_LEVEL3_SIGN     0x08000000
 #define BENCH_DILITHIUM_LEVEL5_SIGN     0x10000000
@@ -813,30 +801,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
       OQS_KEM_alg_kyber_1024_90s},
     { "-kyber90s_level5-ed",    BENCH_KYBER90S_LEVEL5_ENCAP,
       OQS_KEM_alg_kyber_1024_90s },
-    { "-saber_level1-kg",    BENCH_SABER_LEVEL1_KEYGEN,
-      OQS_KEM_alg_saber_lightsaber },
-    { "-saber_level1-ed",       BENCH_SABER_LEVEL1_ENCAP,
-      OQS_KEM_alg_saber_lightsaber },
-    { "-saber_level3-kg",    BENCH_SABER_LEVEL3_KEYGEN,
-      OQS_KEM_alg_saber_saber },
-    { "-saber_level3-ed",       BENCH_SABER_LEVEL3_ENCAP,
-      OQS_KEM_alg_saber_saber },
-    { "-saber_level5-kg",    BENCH_SABER_LEVEL5_KEYGEN,
-      OQS_KEM_alg_saber_firesaber },
-    { "-saber_level5-ed",       BENCH_SABER_LEVEL5_ENCAP,
-      OQS_KEM_alg_saber_firesaber },
-    { "-ntruHPS_level1-kg",  BENCH_NTRUHPS_LEVEL1_KEYGEN,
-      OQS_KEM_alg_ntru_hps2048509 },
-    { "-ntruHPS_level1-ed",     BENCH_NTRUHPS_LEVEL1_ENCAP,
-      OQS_KEM_alg_ntru_hps2048509 },
-    { "-ntruHPS_level3-kg",  BENCH_NTRUHPS_LEVEL3_KEYGEN,
-      OQS_KEM_alg_ntru_hps2048677 },
-    { "-ntruHPS_level3-ed",     BENCH_NTRUHPS_LEVEL3_ENCAP,
-      OQS_KEM_alg_ntru_hps2048677 },
-    { "-ntruHPS_level5-kg",  BENCH_NTRUHPS_LEVEL5_KEYGEN,
-      OQS_KEM_alg_ntru_hps4096821 },
-    { "-ntruHPS_level5-ed",     BENCH_NTRUHPS_LEVEL5_ENCAP,
-      OQS_KEM_alg_ntru_hps4096821 },
 #endif /* HAVE_LIBOQS */
     { NULL, 0, NULL }
 };
@@ -2630,30 +2594,6 @@ static void* benchmarks_do(void* args)
         bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL5_KEYGEN);
     if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_ENCAP))
         bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL5_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL1_KEYGEN))
-        bench_pqcKemKeygen(BENCH_SABER_LEVEL1_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL1_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_SABER_LEVEL1_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL3_KEYGEN))
-        bench_pqcKemKeygen(BENCH_SABER_LEVEL3_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL3_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_SABER_LEVEL3_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL5_KEYGEN))
-        bench_pqcKemKeygen(BENCH_SABER_LEVEL5_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_SABER_LEVEL5_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_SABER_LEVEL5_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL1_KEYGEN))
-        bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL1_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL1_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL1_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL3_KEYGEN))
-        bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL3_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL3_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL3_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL5_KEYGEN))
-        bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL5_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL5_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL5_ENCAP);
 #ifdef HAVE_FALCON
     if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
         bench_falconKeySign(1);

+ 2 - 16
wolfssl/ssl.h

@@ -3940,15 +3940,8 @@ enum {
      * algorithms have LEVEL2 and LEVEL4 because none of these submissions
      * included them. */
 
-    WOLFSSL_PQC_MIN               = 532,
-    WOLFSSL_PQC_SIMPLE_MIN        = 532,
-    WOLFSSL_NTRU_HPS_LEVEL1       = 532, /* NTRU_HPS2048509 */
-    WOLFSSL_NTRU_HPS_LEVEL3       = 533, /* NTRU_HPS2048677 */
-    WOLFSSL_NTRU_HPS_LEVEL5       = 534, /* NTRU_HPS4096821 */
-    WOLFSSL_NTRU_HRSS_LEVEL3      = 535, /* NTRU_HRSS701 */
-    WOLFSSL_SABER_LEVEL1          = 536, /* LIGHTSABER */
-    WOLFSSL_SABER_LEVEL3          = 537, /* SABER */
-    WOLFSSL_SABER_LEVEL5          = 538, /* FIRESABER */
+    WOLFSSL_PQC_MIN               = 570,
+    WOLFSSL_PQC_SIMPLE_MIN        = 570,
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
     WOLFSSL_KYBER_LEVEL3          = 572, /* KYBER_768 */
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
@@ -3958,13 +3951,6 @@ enum {
     WOLFSSL_PQC_SIMPLE_MAX        = 576,
 
     WOLFSSL_PQC_HYBRID_MIN        = 12052,
-    WOLFSSL_P256_NTRU_HPS_LEVEL1  = 12052,
-    WOLFSSL_P384_NTRU_HPS_LEVEL3  = 12053,
-    WOLFSSL_P521_NTRU_HPS_LEVEL5  = 12054,
-    WOLFSSL_P384_NTRU_HRSS_LEVEL3 = 12055,
-    WOLFSSL_P256_SABER_LEVEL1     = 12056,
-    WOLFSSL_P384_SABER_LEVEL3     = 12057,
-    WOLFSSL_P521_SABER_LEVEL5     = 12058,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,