Skip to content

Commit

Permalink
Purge OQS from wolfSSH. Use kyber from wolfssl.
Browse files Browse the repository at this point in the history
  • Loading branch information
anhu committed Aug 20, 2024
1 parent d57f53b commit 20287f5
Show file tree
Hide file tree
Showing 5 changed files with 132 additions and 143 deletions.
32 changes: 10 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -450,33 +450,22 @@ The wolfSSH client and server will automatically negotiate using Curve25519.
POST-QUANTUM
============

wolfSSH now supports the post-quantum algorithm Kyber. It uses the NIST
submission's Level 1 parameter set implemented by liboqs via an integration
with wolfSSH. It is hybridized with ECDHE over the P-256 ECC curve.
wolfSSH now supports the post-quantum algorithm ML-DSA (also known as Kyber).
It uses the KYBER512 parameter set and is hybridized with ECDHE over the P-256
ECC curve.

In order be able to use liboqs, you must have it built and installed on your
system. We support the 0.7.0 release of liboqs. You can download it from the
following link:
In order to use this key exchange you must build and install wolfSSL on your
system. Here is an example of an effective configuration:

https://github.com/open-quantum-safe/liboqs/archive/refs/tags/0.7.0.tar.gz
$ ./configure --enable-wolfssh --enable-experimental --enable-kyber

Once unpacked, this would be sufficient:
After that, simply configure and build wolfssh as usual:

$ cd liboqs-0.7.0
$ mkdir build
$ cd build
$ cmake -DOQS_USE_OPENSSL=0 ..
$ ./configure
$ make all
$ sudo make install


In order to enable support for Kyber Level1 hybridized with ECDHE over the P-256
ECC curve in wolfSSH, use the `--with-liboqs` build option during configuration:

$ ./configure --with-liboqs

The wolfSSH client and server will automatically negotiate using Kyber Level1
hybridized with ECDHE over the P-256 ECC curve if this feature is enabled.
The wolfSSH client and server will automatically negotiate using KYBER512
hybridized with ECDHE over the P-256 ECC curve.

$ ./examples/echoserver/echoserver -f

Expand Down Expand Up @@ -508,7 +497,6 @@ NOTE: when prompted, enter the password which is "upthehill".
You can type a line of text and when you press enter, the line will be echoed
back. Use CTRL-C to terminate the connection.


CERTIFICATE SUPPORT
===================

Expand Down
41 changes: 0 additions & 41 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -60,46 +60,6 @@ AC_CHECK_HEADERS([limits.h sys/select.h sys/time.h sys/ioctl.h pty.h util.h term
AC_CHECK_LIB([network],[socket])
AC_CHECK_LIB([util],[forkpty])

# liboqs
ENABLED_LIBOQS="no"
tryliboqsdir=""
AC_ARG_WITH([liboqs],
[AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])],
[
AC_MSG_CHECKING([for liboqs])
CPPFLAGS="$CPPFLAGS -DWOLFSSH_HAVE_LIBOQS"
LIBS="$LIBS -loqs"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
if test "x$liboqs_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
tryliboqsdir=$withval
fi
if test "x$withval" = "xyes" ; then
tryliboqsdir="/usr/local"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
CPPFLAGS="$CPPFLAGS -I$tryliboqsdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
if test "x$liboqs_linked" = "xno" ; then
AC_MSG_ERROR([liboqs isn't found.
If it's already installed, specify its path using --with-liboqs=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSH_HAVE_LIBOQS"
ENABLED_LIBOQS="yes"
]
)

#wolfssl
AC_MSG_CHECKING([for wolfSSL])
if test "x$prefix" = "xNONE"
Expand Down Expand Up @@ -365,4 +325,3 @@ AS_ECHO([" * agent: $ENABLED_AGENT"])
AS_ECHO([" * TCP/IP Forwarding: $ENABLED_FWD"])
AS_ECHO([" * X.509 Certs: $ENABLED_CERTS"])
AS_ECHO([" * Examples: $ENABLED_EXAMPLES"])
AS_ECHO([" * liboqs Integration: $ENABLED_LIBOQS"])
Loading

0 comments on commit 20287f5

Please sign in to comment.