CVPN-1445 Add ML-KEM group

kp-thomas-yau · kp-thomas-yau · commit 57d6cd910cc3 · 2024-11-18T16:50:14.000+08:00
Add relevant tests and different ML-KEM groups to be used in the Lightway. The config flags can be found here: #192
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/wolfssl-sys/Cargo.toml b/wolfssl-sys/Cargo.toml
@@ -16,6 +16,9 @@ bindgen = "0.70"
 autotools = "0.2"
 build-target = "0.4.0"
 
+[dev-dependencies]
+test-case = "3.0"
+
 [features]
 default = ["postquantum"]
 debug = []
diff --git a/wolfssl-sys/build.rs b/wolfssl-sys/build.rs
@@ -146,7 +146,7 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {
 
     if cfg!(feature = "postquantum") {
         // Enable Kyber
-        conf.enable("kyber", Some("all,original"))
+        conf.enable("kyber", Some("all,original,ml-kem"))
             // SHA3 is needed for using WolfSSL's implementation of Kyber/ML-KEM
             .enable("sha3", None);
     }
diff --git a/wolfssl-sys/src/lib.rs b/wolfssl-sys/src/lib.rs
@@ -7,6 +7,7 @@ pub use bindings::*;
 #[cfg(test)]
 mod tests {
     use std::os::raw::c_int;
+    use test_case::test_case;
 
     use super::*;
     #[test]
@@ -17,9 +18,10 @@ mod tests {
         }
     }
 
-    #[test]
     #[cfg(feature = "postquantum")]
-    fn test_post_quantum_available() {
+    #[test_case(WOLFSSL_P521_KYBER_LEVEL5)]
+    #[test_case(WOLFSSL_P521_ML_KEM_1024)]
+    fn test_post_quantum_available(group: std::os::raw::c_uint) {
         unsafe {
             // Init WolfSSL
             let res = wolfSSL_Init();
@@ -34,10 +36,9 @@ mod tests {
             // Create new SSL stream
             let ssl = wolfSSL_new(context);
 
-            // Enable Kyber
-            let res = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5.try_into().unwrap());
+            let res = wolfSSL_UseKeyShare(ssl, group.try_into().unwrap());
 
-            // Check that Kyber was enabled
+            // Check that Kyber/ML-KEM was enabled
             assert_eq!(res, WOLFSSL_SUCCESS as c_int);
         }
     }
diff --git a/wolfssl/src/lib.rs b/wolfssl/src/lib.rs
@@ -236,6 +236,16 @@ pub enum CurveGroup {
     /// `WOLFSSL_P521_KYBER_LEVEL5`
     #[cfg(feature = "postquantum")]
     P521KyberLevel5,
+
+    /// `WOLFSSL_P256_ML_KEM_512`
+    #[cfg(feature = "postquantum")]
+    P256MLKEM512,
+    /// `WOLFSSL_P384_ML_KEM_768`
+    #[cfg(feature = "postquantum")]
+    P384MLKEM768,
+    /// `WOLFSSL_P521_ML_KEM_1024`
+    #[cfg(feature = "postquantum")]
+    P521MLKEM1024,
 }
 
 impl CurveGroup {
@@ -250,6 +260,12 @@ impl CurveGroup {
             P384KyberLevel3 => wolfssl_sys::WOLFSSL_P384_KYBER_LEVEL3,
             #[cfg(feature = "postquantum")]
             P521KyberLevel5 => wolfssl_sys::WOLFSSL_P521_KYBER_LEVEL5,
+            #[cfg(feature = "postquantum")]
+            P256MLKEM512 => wolfssl_sys::WOLFSSL_P256_ML_KEM_512,
+            #[cfg(feature = "postquantum")]
+            P384MLKEM768 => wolfssl_sys::WOLFSSL_P384_ML_KEM_768,
+            #[cfg(feature = "postquantum")]
+            P521MLKEM1024 => wolfssl_sys::WOLFSSL_P521_ML_KEM_1024,
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ fn build_wolfssl(wolfssl_src: &Path) -> PathBuf {`
`146`	`146`
`147`	`147`	`if cfg!(feature = "postquantum") {`
`148`	`148`	`// Enable Kyber`
`149`		`- conf.enable("kyber", Some("all,original"))`
	`149`	`+ conf.enable("kyber", Some("all,original,ml-kem"))`
`150`	`150`	`// SHA3 is needed for using WolfSSL's implementation of Kyber/ML-KEM`
`151`	`151`	`.enable("sha3", None);`
`152`	`152`	`}`