Browse Source

Merge pull request #5836 from anhu/kyber_cleanup

Remove kyber-90s and route all kyber through wolfcrypt.
David Garske 1 year ago
parent
commit
9d9549fbd3

+ 3 - 13
configure.ac

@@ -1030,10 +1030,6 @@ do
     ENABLED_WC_KYBER=yes
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
     ;;
-  90s)
-    ENABLED_KYBER_90S=yes
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_90S"
-    ;;
   small)
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
     ;;
@@ -1067,15 +1063,9 @@ then
             AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
         fi
 
-        if test "$ENABLED_KYBER_90S" != "yes"; then
-            test "$enable_sha3" = "" && enable_sha3=yes
-            test "$enable_shake128" = "" && enable_shake128=yes
-            test "$enable_shake256" = "" && enable_shake256=yes
-        else
-            test "$enable_sha256" = "" && enable_sha256=yes
-            test "$enable_sha512" = "" && enable_sha512=yes
-            test "$enable_aesctr" = "" && enable_aesctr=yes
-        fi
+        test "$enable_sha3" = "" && enable_sha3=yes
+        test "$enable_shake128" = "" && enable_shake128=yes
+        test "$enable_shake256" = "" && enable_shake256=yes
     else
         # Default is to use liboqs. Make sure its enabled.
         if test "$ENABLED_LIBOQS" = "no"; then

+ 0 - 6
examples/benchmark/tls_bench.c

@@ -276,15 +276,9 @@ static struct group_info groups[] = {
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
     { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
     { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
-    { WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
-    { WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
-    { WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
     { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
     { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
     { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
-    { WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
-    { WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
-    { WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
 #endif
     { 0, NULL }
 };

+ 2 - 24
examples/client/client.c

@@ -385,15 +385,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
-                group = WOLFSSL_KYBER_90S_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL3") == 0) {
-                group = WOLFSSL_KYBER_90S_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
-                group = WOLFSSL_KYBER_90S_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 group = WOLFSSL_P256_KYBER_LEVEL1;
             }
@@ -402,15 +393,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             }
             else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 group = WOLFSSL_P521_KYBER_LEVEL5;
-            }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_90S_LEVEL1") == 0) {
-                group = WOLFSSL_P256_KYBER_90S_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_90S_LEVEL3") == 0) {
-                group = WOLFSSL_P384_KYBER_90S_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_90S_LEVEL5") == 0) {
-                group = WOLFSSL_P521_KYBER_90S_LEVEL5;
             } else {
                 err_sys("invalid post-quantum KEM specified");
             }
@@ -1265,9 +1247,7 @@ static const char* client_usage_msg[][70] = {
 #endif
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
-            "            P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n",  /* 70 */
+            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n",  /* 70 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 71 */
@@ -1485,9 +1465,7 @@ static const char* client_usage_msg[][70] = {
 #endif
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
-            "            P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 70 */
+            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */

+ 2 - 24
examples/server/server.c

@@ -707,15 +707,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL1") == 0) {
-                groups[count] = WOLFSSL_KYBER_90S_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_KYBER_90S_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "KYBER_90S_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_KYBER_90S_LEVEL5;
-            }
             else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) {
                 groups[count] = WOLFSSL_P256_KYBER_LEVEL1;
             }
@@ -725,15 +716,6 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) {
                 groups[count] = WOLFSSL_P521_KYBER_LEVEL5;
             }
-            else if (XSTRCMP(pqcAlg, "P256_KYBER_90S_LEVEL1") == 0) {
-                groups[count] = WOLFSSL_P256_KYBER_90S_LEVEL1;
-            }
-            else if (XSTRCMP(pqcAlg, "P384_KYBER_90S_LEVEL3") == 0) {
-                groups[count] = WOLFSSL_P384_KYBER_90S_LEVEL3;
-            }
-            else if (XSTRCMP(pqcAlg, "P521_KYBER_90S_LEVEL5") == 0) {
-                groups[count] = WOLFSSL_P521_KYBER_90S_LEVEL5;
-            }
 
             if (groups[count] == 0) {
                 err_sys("invalid post-quantum KEM specified");
@@ -952,9 +934,7 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5, P256_KYBER_90S_LEVEL1,\n"
-            "            P384_KYBER_90S_LEVEL3,  P521_KYBER_90S_LEVEL5]\n", /* 60 */
+            "            KYBER_LEVEL5,  P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5] \n", /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (default is SRTP_AES128_CM_SHA1_80)\n",       /* 61 */
@@ -1139,9 +1119,7 @@ static const char* server_usage_msg[][65] = {
 #endif
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n"
-            "            KYBER_LEVEL5, KYBER_90S_LEVEL1, KYBER_90S_LEVEL3, KYBER_90S_LEVEL5,\n"
-            "            P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5,\n"
-            "            P256_KYBER_90S_LEVEL1, P384_KYBER_90S_LEVEL3, P521_KYBER_90S_LEVEL5]\n", /* 60 */
+            "            KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 60 */
 #endif
 #ifdef WOLFSSL_SRTP
         "--srtp <profile> (デフォルトはSRTP_AES128_CM_SHA1_80)\n",       /* 61 */

+ 0 - 21
src/ssl.c

@@ -249,9 +249,6 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
     {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1},
     {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3},
     {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5},
-    {XSTR_SIZEOF("P256_KYBER_90S_LEVEL1"), "P256_KYBER_90S_LEVEL1", WOLFSSL_P256_KYBER_90S_LEVEL1},
-    {XSTR_SIZEOF("P384_KYBER_90S_LEVEL3"), "P384_KYBER_90S_LEVEL3", WOLFSSL_P384_KYBER_90S_LEVEL3},
-    {XSTR_SIZEOF("P521_KYBER_90S_LEVEL5"), "P521_KYBER_90S_LEVEL5", WOLFSSL_P521_KYBER_90S_LEVEL5},
 #endif
 #endif
     {0, NULL, 0},
@@ -2928,15 +2925,9 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_KYBER_LEVEL3:
         case WOLFSSL_KYBER_LEVEL5:
     #ifdef HAVE_LIBOQS
-        case WOLFSSL_KYBER_90S_LEVEL1:
-        case WOLFSSL_KYBER_90S_LEVEL3:
-        case WOLFSSL_KYBER_90S_LEVEL5:
         case WOLFSSL_P256_KYBER_LEVEL1:
         case WOLFSSL_P384_KYBER_LEVEL3:
         case WOLFSSL_P521_KYBER_LEVEL5:
-        case WOLFSSL_P256_KYBER_90S_LEVEL1:
-        case WOLFSSL_P384_KYBER_90S_LEVEL3:
-        case WOLFSSL_P521_KYBER_90S_LEVEL5:
     #endif
 #endif
             return 1;
@@ -21334,24 +21325,12 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "KYBER_LEVEL3";
         case WOLFSSL_KYBER_LEVEL5:
             return "KYBER_LEVEL5";
-        case WOLFSSL_KYBER_90S_LEVEL1:
-            return "KYBER_90S_LEVEL1";
-        case WOLFSSL_KYBER_90S_LEVEL3:
-            return "KYBER_90S_LEVEL3";
-        case WOLFSSL_KYBER_90S_LEVEL5:
-            return "KYBER_90S_LEVEL5";
         case WOLFSSL_P256_KYBER_LEVEL1:
             return "P256_KYBER_LEVEL1";
         case WOLFSSL_P384_KYBER_LEVEL3:
             return "P384_KYBER_LEVEL3";
         case WOLFSSL_P521_KYBER_LEVEL5:
             return "P521_KYBER_LEVEL5";
-        case WOLFSSL_P256_KYBER_90S_LEVEL1:
-            return "P256_KYBER_90S_LEVEL1";
-        case WOLFSSL_P384_KYBER_90S_LEVEL3:
-            return "P384_KYBER_90S_LEVEL3";
-        case WOLFSSL_P521_KYBER_90S_LEVEL5:
-            return "P521_KYBER_90S_LEVEL5";
 #elif defined(HAVE_PQM4)
         case WOLFSSL_KYBER_LEVEL1:
             return "KYBER_LEVEL1";

File diff suppressed because it is too large
+ 81 - 878
src/tls.c


+ 0 - 61
tests/test-tls13-pq-2.conf

@@ -1,33 +1,3 @@
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc KYBER_90S_LEVEL5
-
 # server TLSv1.3 with post-quantum group
 -v 4
 -l TLS13-AES256-GCM-SHA384
@@ -57,34 +27,3 @@
 -v 4
 -l TLS13-AES256-GCM-SHA384
 --pqc P521_KYBER_LEVEL5
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_90S_LEVEL1
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P256_KYBER_90S_LEVEL1
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_90S_LEVEL3
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P384_KYBER_90S_LEVEL3
-
-# server TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_90S_LEVEL5
-
-# client TLSv1.3 with post-quantum group
--v 4
--l TLS13-AES256-GCM-SHA384
---pqc P521_KYBER_90S_LEVEL5
-

+ 0 - 30
wolfcrypt/benchmark/benchmark.c

@@ -447,12 +447,6 @@ static const char err_prefix[] = "";
 #define BENCH_KYBER_LEVEL3_ENCAP        0x00000020
 #define BENCH_KYBER_LEVEL5_KEYGEN       0x00000040
 #define BENCH_KYBER_LEVEL5_ENCAP        0x00000080
-#define BENCH_KYBER90S_LEVEL1_KEYGEN    0x00000100
-#define BENCH_KYBER90S_LEVEL1_ENCAP     0x00000200
-#define BENCH_KYBER90S_LEVEL3_KEYGEN    0x00000400
-#define BENCH_KYBER90S_LEVEL3_ENCAP     0x00000800
-#define BENCH_KYBER90S_LEVEL5_KEYGEN    0x00001000
-#define BENCH_KYBER90S_LEVEL5_ENCAP     0x00002000
 #define BENCH_DILITHIUM_LEVEL2_SIGN     0x04000000
 #define BENCH_DILITHIUM_LEVEL3_SIGN     0x08000000
 #define BENCH_DILITHIUM_LEVEL5_SIGN     0x10000000
@@ -789,18 +783,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
       OQS_KEM_alg_kyber_1024 },
     { "-kyber_level5-ed",       BENCH_KYBER_LEVEL5_ENCAP,
       OQS_KEM_alg_kyber_1024 },
-    { "-kyber90s_level1-kg", BENCH_KYBER90S_LEVEL1_KEYGEN,
-      OQS_KEM_alg_kyber_512_90s },
-    { "-kyber90s_level1-ed",    BENCH_KYBER90S_LEVEL1_ENCAP,
-      OQS_KEM_alg_kyber_512_90s },
-    { "-kyber90s_level3-kg", BENCH_KYBER90S_LEVEL3_KEYGEN,
-      OQS_KEM_alg_kyber_768_90s },
-    { "-kyber90s_level3-ed",    BENCH_KYBER90S_LEVEL3_ENCAP,
-      OQS_KEM_alg_kyber_768_90s },
-    { "-kyber90s_level5-kg", BENCH_KYBER90S_LEVEL5_KEYGEN,
-      OQS_KEM_alg_kyber_1024_90s},
-    { "-kyber90s_level5-ed",    BENCH_KYBER90S_LEVEL5_ENCAP,
-      OQS_KEM_alg_kyber_1024_90s },
 #endif /* HAVE_LIBOQS */
     { NULL, 0, NULL }
 };
@@ -2583,18 +2565,6 @@ static void* benchmarks_do(void* args)
         bench_pqcKemKeygen(BENCH_KYBER_LEVEL5_KEYGEN);
     if (bench_all || (bench_pq_asym_algs & BENCH_KYBER_LEVEL5_ENCAP))
         bench_pqcKemEncapDecap(BENCH_KYBER_LEVEL5_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_KEYGEN))
-        bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL1_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL1_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL1_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_KEYGEN))
-        bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL3_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL3_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL3_ENCAP);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_KEYGEN))
-        bench_pqcKemKeygen(BENCH_KYBER90S_LEVEL5_KEYGEN);
-    if (bench_all || (bench_pq_asym_algs & BENCH_KYBER90S_LEVEL5_ENCAP))
-        bench_pqcKemEncapDecap(BENCH_KYBER90S_LEVEL5_ENCAP);
 #ifdef HAVE_FALCON
     if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
         bench_falconKeySign(1);

+ 7 - 10
wolfcrypt/src/ext_kyber.c

@@ -26,10 +26,6 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
-#if defined(WOLFSSL_KYBER_90S) && defined(HAVE_PQM4)
-#error "KYBER-90s is not supported when building PQM4"
-#endif
-
 #ifdef WOLFSSL_HAVE_KYBER
 #include <wolfssl/wolfcrypt/ext_kyber.h>
 
@@ -41,21 +37,22 @@
 #endif
 
 #if defined (HAVE_LIBOQS)
+
 static const char* OQS_ID2name(int id) {
     switch (id) {
-#ifdef WOLFSSL_KYBER_90S
-        case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512_90s;
-        case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768_90s;
-        case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024_90s;
-#else
         case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
         case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768;
         case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024;
-#endif
         default:           break;
     }
     return NULL;
 }
+
+int ext_kyber_enabled(int id)
+{
+    const char * name = OQS_ID2name(id);
+    return OQS_KEM_alg_is_enabled(name);
+}   
 #endif
 
 /******************************************************************************/

File diff suppressed because it is too large
+ 1 - 1014
wolfcrypt/test/test.c


+ 3 - 9
wolfssl/ssl.h

@@ -3945,20 +3945,14 @@ enum {
     WOLFSSL_KYBER_LEVEL1          = 570, /* KYBER_512 */
     WOLFSSL_KYBER_LEVEL3          = 572, /* KYBER_768 */
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
-    WOLFSSL_KYBER_90S_LEVEL1      = 574, /* KYBER_90S_512 */
-    WOLFSSL_KYBER_90S_LEVEL3      = 575, /* KYBER_90S_768 */
-    WOLFSSL_KYBER_90S_LEVEL5      = 576, /* KYBER_90S_1024 */
-    WOLFSSL_PQC_SIMPLE_MAX        = 576,
+    WOLFSSL_PQC_SIMPLE_MAX        = 573,
 
     WOLFSSL_PQC_HYBRID_MIN        = 12052,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
-    WOLFSSL_P256_KYBER_90S_LEVEL1 = 12094,
-    WOLFSSL_P384_KYBER_90S_LEVEL3 = 12095,
-    WOLFSSL_P521_KYBER_90S_LEVEL5 = 12096,
-    WOLFSSL_PQC_HYBRID_MAX        = 12096,
-    WOLFSSL_PQC_MAX               = 12096,
+    WOLFSSL_PQC_HYBRID_MAX        = 12093,
+    WOLFSSL_PQC_MAX               = 12093,
 #endif
 };
 

+ 3 - 1
wolfssl/wolfcrypt/ext_kyber.h

@@ -22,7 +22,6 @@
 #ifndef EXT_KYBER_H
 #define EXT_KYBER_H
 
-
 #ifdef WOLFSSL_HAVE_KYBER
 #include <wolfssl/wolfcrypt/kyber.h>
 
@@ -61,5 +60,8 @@ struct KyberKey {
     byte pub[EXT_KYBER_MAX_PUB_SZ];
 };
 
+#if defined (HAVE_LIBOQS)
+WOLFSSL_LOCAL int ext_kyber_enabled(int id);
+#endif
 #endif /* WOLFSSL_HAVE_KYBER */
 #endif /* EXT_KYBER_H */

+ 5 - 1
wolfssl/wolfcrypt/settings.h

@@ -2785,12 +2785,16 @@ extern void uITRON4_free(void *p) ;
 #define HAVE_FALCON
 #define HAVE_DILITHIUM
 #define HAVE_SPHINCS
-#define HAVE_KYBER
+#define WOLFSSL_HAVE_KYBER
+#define WOLFSSL_KYBER512
+#define WOLFSSL_KYBER768
+#define WOLFSSL_KYBER1024
 #endif
 
 #ifdef HAVE_PQM4
 #define HAVE_PQC
 #define HAVE_KYBER
+#define WOLFSSL_KYBER512
 #endif
 
 #if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \

Some files were not shown because too many files changed in this diff