Merge pull request wolfSSL#736 from wolfSSL/rm_oqs_kyber

Purge OQS from wolfSSH. Use kyber from wolfssl.
jefferyq2 · Oct 29, 2024 · 7e768ea · 7e768ea
1 parent b947684
commit 7e768ea
Showing 1 changed file with 139 additions and 27 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -5138,20 +5138,23 @@ static int KeyAgreeCurve25519_client(WOLFSSH* ssh, byte hashId,
 #endif /* WOLFSSH_NO_CURVE25519_SHA256 */
 
 
-/* KeyAgreeEcdhKyber1_client
+/* KeyAgreeEcdhKyber512_client
  * hashId - wolfCrypt hash type ID used
  * f - peer public key
  * fSz - peer public key size
  */
-static int KeyAgreeEcdhKyber1_client(WOLFSSH* ssh, byte hashId,
+static int KeyAgreeEcdhKyber512_client(WOLFSSH* ssh, byte hashId,
         const byte* f, word32 fSz)
 #ifndef WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256
 {
     int ret = WS_SUCCESS;
     byte sharedSecretHashSz = 0;
     byte *sharedSecretHash = NULL;
     ecc_key *key_ptr = NULL;
-    OQS_KEM *kem;
+    KyberKey kem = {0};
+    word32 length_ciphertext = 0;
+    word32 length_sharedsecret = 0;
+    word32 length_privatekey = 0;
 
     #ifndef WOLFSSH_SMALL_STACK
         ecc_key key_s;
@@ -5166,17 +5169,33 @@ static int KeyAgreeEcdhKyber1_client(WOLFSSH* ssh, byte hashId,
         key_ptr = &key_s;
     #endif /* WOLFSSH_SMALL_STACK */
 
-    WLOG(WS_LOG_DEBUG, "Entering KeyAgreeEcdhKyber1_client()");
+    WLOG(WS_LOG_DEBUG, "Entering KeyAgreeEcdhKyber512_client()");
 
     /* This is a a hybrid of ECDHE and a post-quantum KEM. In this
      * case, I need to generated the ECC shared secret and
      * decapsulate the ciphertext of the post-quantum KEM. */
-    kem = OQS_KEM_new(OQS_KEM_alg_kyber_512);
-    if (kem == NULL) {
-        ret = WS_MEMORY_E;
+
+    if (ret == 0) {
+        ret = wc_KyberKey_Init(KYBER512, &kem, ssh->ctx->heap, INVALID_DEVID);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_CipherTextSize(&kem, &length_ciphertext);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_SharedSecretSize(&kem, &length_sharedsecret);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_PrivateKeySize(&kem, &length_privatekey);
+    }
+
+    if ((ret == 0) && (ssh->handshake->xSz < length_privatekey)) {
+        ret = WS_BUFFER_E;
     }
 
-    if ((ret == 0) && (fSz <= (word32)kem->length_ciphertext)) {
+    if ((ret == 0) && (fSz < length_ciphertext)) {
         ret = WS_BUFFER_E;
     }
 
@@ -5189,16 +5208,15 @@ static int KeyAgreeEcdhKyber1_client(WOLFSSH* ssh, byte hashId,
     }
     #endif
     if (ret == 0) {
-        ret = wc_ecc_import_x963(f + kem->length_ciphertext,
-                  fSz - (word32)kem->length_ciphertext,
-                  key_ptr);
+        ret = wc_ecc_import_x963(f + length_ciphertext, fSz - length_ciphertext,
+                                 key_ptr);
     }
 
     if (ret == 0) {
         PRIVATE_KEY_UNLOCK();
         ret = wc_ecc_shared_secret(&ssh->handshake->privKey.ecc,
-                   key_ptr, ssh->k + kem->length_shared_secret,
-                   &ssh->kSz);
+                                   key_ptr, ssh->k + length_sharedsecret,
+                                   &ssh->kSz);
         PRIVATE_KEY_LOCK();
     }
     wc_ecc_free(key_ptr);
@@ -5210,24 +5228,24 @@ static int KeyAgreeEcdhKyber1_client(WOLFSSH* ssh, byte hashId,
     wc_ecc_free(&ssh->handshake->privKey.ecc);
 
     if (ret == 0) {
-        if (OQS_KEM_decaps(kem, ssh->k, f, ssh->handshake->x)
-            != OQS_SUCCESS) {
-            ret = WS_ERROR;
-        }
+        wc_KyberKey_DecodePrivateKey(&kem, ssh->handshake->x,
+                                     length_privatekey);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_Decapsulate(&kem, ssh->k, f, length_ciphertext);
     }
 
     if (ret == 0) {
-        ssh->kSz += kem->length_shared_secret;
+        ssh->kSz += length_sharedsecret;
     } else {
         ssh->kSz = 0;
         WLOG(WS_LOG_ERROR,
              "Generate ECC-kyber (decap) shared secret failed, %d",
              ret);
     }
 
-    if (kem != NULL) {
-        OQS_KEM_free(kem);
-    }
+    wc_KyberKey_Free(&kem);
 
     /* Replace the concatenated shared secrets with the hash. That
      * will become the new shared secret. */
@@ -5256,7 +5274,7 @@ static int KeyAgreeEcdhKyber1_client(WOLFSSH* ssh, byte hashId,
         WFREE(sharedSecretHash, ssh->ctx->heap, DYNTYPE_PRIVKEY);
     }
 
-    WLOG(WS_LOG_DEBUG, "Leaving KeyAgreeEcdhKyber1_client(), ret = %d", ret);
+    WLOG(WS_LOG_DEBUG, "Leaving KeyAgreeEcdhKyber512_client(), ret = %d", ret);
     return ret;
 }
 #else /* WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256 */
@@ -5294,7 +5312,7 @@ static int KeyAgree_client(WOLFSSH* ssh, byte hashId, const byte* f, word32 fSz)
         ret = KeyAgreeCurve25519_client(ssh, hashId, f, fSz);
     }
     else if (ssh->handshake->useEccKyber) {
-        ret = KeyAgreeEcdhKyber1_client(ssh, hashId, f, fSz);
+        ret = KeyAgreeEcdhKyber512_client(ssh, hashId, f, fSz);
     }
     else {
         ret = WS_INVALID_ALGO_ID;
@@ -12211,7 +12229,7 @@ static int KeyAgreeCurve25519_server(WOLFSSH* ssh, byte hashId,
 #endif /* WOLFSSH_NO_CURVE25519_SHA256 */
 
 
-/* KeyAgreeEcdhKyber1_server
+/* KeyAgreeEcdhKyber512_server
  * hashId - wolfCrypt hash type ID used
  * f - peer public key
  * fSz - peer public key size
@@ -12222,22 +12240,25 @@ static int KeyAgreeCurve25519_server(WOLFSSH* ssh, byte hashId,
  * generate and encapsulate the shared secret and send the
  * ciphertext.
  */
-static int KeyAgreeEcdhKyber1_server(WOLFSSH* ssh, byte hashId,
+static int KeyAgreeEcdhKyber512_server(WOLFSSH* ssh, byte hashId,
         byte* f, word32* fSz)
 #ifndef WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256
 {
     int ret = WS_SUCCESS;
     byte sharedSecretHashSz = 0;
     byte *sharedSecretHash = NULL;
-    OQS_KEM* kem = NULL;
+    KyberKey kem = {0};
+    word32 length_publickey = 0;
+    word32 length_ciphertext = 0;
+    word32 length_sharedsecret = 0;
     ecc_key* pubKey = NULL;
     ecc_key* privKey = NULL;
     int primeId;
 #ifndef WOLFSSH_SMALL_STACK
     ecc_key eccKeys[2];
 #endif
 
-    WLOG(WS_LOG_DEBUG, "Entering KeyAgreeEcdhKyber1_server()");
+    WLOG(WS_LOG_DEBUG, "Entering KeyAgreeEcdhKyber512_server()");
 
 #ifdef WOLFSSH_SMALL_STACK
     pubKey = (ecc_key*)WMALLOC(sizeof(ecc_key),
@@ -13027,6 +13048,88 @@ static int SignHEcdsa(WOLFSSH* ssh, byte* sig, word32* sigSz,
     }
 
     if (ret == WS_SUCCESS) {
+    if (ret == 0) {
+        ret = wc_KyberKey_Init(KYBER512, &kem, ssh->ctx->heap,
+                               INVALID_DEVID);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_CipherTextSize(&kem, &length_ciphertext);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_SharedSecretSize(&kem, &length_sharedsecret);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_PublicKeySize(&kem, &length_publickey);
+    }
+
+    if ((ret == 0) && (ssh->handshake->eSz <= length_publickey)) {
+        ret = WS_BUFFER_E;
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_DecodePublicKey(&kem, ssh->handshake->e,
+                                          length_publickey);
+    }
+
+    if (ret == 0) {
+        ret = wc_KyberKey_Encapsulate(&kem, f, ssh->k, ssh->rng);
+    }
+
+    if (ret == 0) {
+        *fSz -= length_ciphertext;
+        ssh->kSz -= length_sharedsecret;
+    }
+    else {
+        ret = WS_PUBKEY_REJECTED_E;
+        WLOG(WS_LOG_ERROR,
+             "Generate ECC-kyber (encap) shared secret failed, %d", ret);
+        *fSz = 0;
+        ssh->kSz = 0;
+    }
+
+    wc_KyberKey_Free(&kem);
+
+    if (ret == 0) {
+        ret = wc_ecc_init_ex(pubKey, ssh->ctx->heap, INVALID_DEVID);
+    }
+    if (ret == 0) {
+        ret = wc_ecc_init_ex(privKey, ssh->ctx->heap, INVALID_DEVID);
+    }
+#ifdef HAVE_WC_ECC_SET_RNG
+    if (ret == 0) {
+        ret = wc_ecc_set_rng(privKey, ssh->rng);
+    }
+#endif
+    if (ret == 0) {
+        ret = wc_ecc_import_x963_ex(
+            ssh->handshake->e + length_publickey,
+            ssh->handshake->eSz - length_publickey,
+            pubKey, primeId);
+    }
+    if (ret == 0) {
+        ret = wc_ecc_make_key_ex(ssh->rng,
+                  wc_ecc_get_curve_size_from_id(primeId),
+                  privKey, primeId);
+    }
+    if (ret == 0) {
+        PRIVATE_KEY_UNLOCK();
+        ret = wc_ecc_export_x963(privKey, f + length_ciphertext, fSz);
+        PRIVATE_KEY_LOCK();
+        *fSz += length_ciphertext;
+    }
+    if (ret == 0) {
+        word32 tmp_kSz = ssh->kSz;
+        PRIVATE_KEY_UNLOCK();
+        ret = wc_ecc_shared_secret(privKey, pubKey,
+                  ssh->k + length_sharedsecret, &tmp_kSz);
+        PRIVATE_KEY_LOCK();
+        ssh->kSz = length_sharedsecret + tmp_kSz;
+    }
+    wc_ecc_free(privKey);
+    wc_ecc_free(pubKey);
 #ifdef WOLFSSH_SMALL_STACK
         heap = ssh->ctx->heap;
         r = (byte*)WMALLOC(rSz, heap, DYNTYPE_BUFFER);
@@ -13103,6 +13206,7 @@ static int SignHEd25519(WOLFSSH* ssh, byte* sig, word32* sigSz,
     }
 
     WLOG(WS_LOG_DEBUG, "Leaving SignHEd25519(), ret = %d", ret);
+    WLOG(WS_LOG_DEBUG, "Leaving KeyAgreeEcdhKyber512_server(), ret = %d", ret);
     return ret;
 }
 #else /* WOLFSSH_NO_ED25519 */
@@ -14241,6 +14345,14 @@ int SendKexDhInit(WOLFSSH* ssh)
                 ssh->handshake->xSz = length_privatekey;
             }
 
+            }
+
+            if (ret == 0) {
+                ret = wc_KyberKey_EncodePrivateKey(&kem, ssh->handshake->x,
+                                                   length_privatekey);
+                ssh->handshake->xSz = length_privatekey;
+            }
+
             wc_KyberKey_Free(&kem);
         }
 #endif /* ! WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256 */