From ae0faa40cf6460f8640a47c9ce55c3abcdd04c2d Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Mon, 8 Aug 2022 17:51:45 -0400 Subject: [PATCH 1/2] Bugfix: wolfSSL_get_curve_name() will now print post-quantum group names. --- src/ssl.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/tls.c | 8 +++++++ 2 files changed, 76 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index c15a1e936..1a15f47d7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20228,6 +20228,74 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) if (ssl == NULL) return NULL; +#if defined(WOLFSSL_TLS13) && defined(HAVE_PQC) + /* Check for post-quantum groups. Return now because we do not want the ECC + * check to override this result in the case of a hybrid. */ + if (IsAtLeastTLSv1_3(ssl->version)) { + switch (ssl->namedGroup) { +#ifdef HAVE_LIBOQS + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_NTRU_HPS_LEVEL1: + return "NTRU_HPS_LEVEL1"; + case WOLFSSL_NTRU_HPS_LEVEL3: + return "NTRU_HPS_LEVEL3"; + case WOLFSSL_NTRU_HPS_LEVEL5: + return "NTRU_HPS_LEVEL5"; + case WOLFSSL_NTRU_HRSS_LEVEL3: + return "NTRU_HRSS_LEVEL3"; + case WOLFSSL_SABER_LEVEL1: + return "SABER_LEVEL1"; + case WOLFSSL_SABER_LEVEL3: + return "SABER_LEVEL3"; + case WOLFSSL_SABER_LEVEL5: + return "SABER_LEVEL5"; + case WOLFSSL_KYBER_90S_LEVEL1: + return "KYBER_90S_LEVEL1"; + case WOLFSSL_KYBER_90S_LEVEL3: + return "KYBER_90S_LEVEL3"; + case WOLFSSL_KYBER_90S_LEVEL5: + return "KYBER_90S_LEVEL5"; + case WOLFSSL_P256_NTRU_HPS_LEVEL1: + return "P256_NTRU_HPS_LEVEL1"; + case WOLFSSL_P384_NTRU_HPS_LEVEL3: + return "P384_NTRU_HPS_LEVEL3"; + case WOLFSSL_P521_NTRU_HPS_LEVEL5: + return "P521_NTRU_HPS_LEVEL5"; + case WOLFSSL_P384_NTRU_HRSS_LEVEL3: + return "P384_NTRU_HRSS_LEVEL3"; + case WOLFSSL_P256_SABER_LEVEL1: + return "P256_SABER_LEVEL1"; + case WOLFSSL_P384_SABER_LEVEL3: + return "P384_SABER_LEVEL3"; + case WOLFSSL_P521_SABER_LEVEL5: + return "P521_SABER_LEVEL5"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + case WOLFSSL_P256_KYBER_90S_LEVEL1: + return "P256_KYBER_90S_LEVEL1"; + case WOLFSSL_P384_KYBER_90S_LEVEL3: + return "P384_KYBER_90S_LEVEL3"; + case WOLFSSL_P521_KYBER_90S_LEVEL5: + return "P521_KYBER_90S_LEVEL5"; +#elif defined(HAVE_PQM4) + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; +#endif + default: + /* Fall through. */ + } + } + +#endif /* WOLFSSL_TLS13 && HAVE_PQC */ #ifdef HAVE_FFDHE if (ssl->namedGroup != 0) { cName = wolfssl_ffdhe_name(ssl->namedGroup); diff --git a/src/tls.c b/src/tls.c index 310f2421c..633593f65 100644 --- a/src/tls.c +++ b/src/tls.c @@ -8707,6 +8707,10 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + kem->length_ciphertext); ciphertext = NULL; + + /* Set namedGroup so wolfSSL_get_curve_name() can function properly on + * the server side. */ + ssl->namedGroup = keyShareEntry->group; } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); @@ -8834,6 +8838,10 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + PQM4_CIPHERTEXT_LENGTH); ciphertext = NULL; + + /* Set namedGroup so wolfSSL_get_curve_name() can function properly on + * the server side. */ + ssl->namedGroup = keyShareEntry->group; } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); From 57dc263d054bfea02f400f88191f334739098d78 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Tue, 9 Aug 2022 14:35:59 -0400 Subject: [PATCH 2/2] Make clang happy. --- src/ssl.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1a15f47d7..98b6790fa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20290,8 +20290,6 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) case WOLFSSL_KYBER_LEVEL1: return "KYBER_LEVEL1"; #endif - default: - /* Fall through. */ } }