diff --git a/.github/workflows/kyber.yml b/.github/workflows/kyber.yml new file mode 100644 index 000000000..787ec060b --- /dev/null +++ b/.github/workflows/kyber.yml @@ -0,0 +1,58 @@ +name: Kyber tests + +on: + push: + branches: [ '*' ] + pull_request: + branches: [ '*' ] + +jobs: + run_test: + name: Build and run + strategy: + matrix: + config: + - liboqs-url: https://github.com/open-quantum-safe/liboqs + - liboqs-ver: 0.10.0 + - wolfssl-url: https://github.com/wolfssl/wolfssl + - wolfssl-ver: v5.7.0-stable + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 15 + steps: + - name: Install dependencies + run: sudo apt-get update && \ + sudo apt-get install -y build-essential autoconf automake libtool \ + git cmake make + + - name: Install liboqs source + run: git clone --depth 1 --branch ${{ matrix.config.liboqs-ver }} \ + ${{ matrix.config.liboqs-url }} + + - name: Build and install liboqs + working-directory: liboqs + run: mkdir build && cd build && \ + cmake -DOQS_MINIMAL_BUILD=KEM_kyber_512 -DOQS_USE_OPENSSL=0 .. && \ + make && sudo make install + + - name: Install wolfSSL source + run: git clone --depth 1 --branch ${{ matrix.config.wolfssl-ver }} \ + ${{ matrix.config.wolfssl-url }} + + - name: Build and install wolfSSL + working-directory: wolfssl + run: autoreconf -ivf && \ + ./configure --enable-wolfssh --enable-kyber --enable-experimental \ + --enable-cryptonly --disable-examples --disable-crypttests && \ + make && sudo make install + + - name: Install wolfSSH + run: git clone --depth 1 https://github.com/wolfssl/wolfssh + + - name: Build wolfSSH + working-directory: wolfssh + run: autoreconf -ivf && ./configure --with-liboqs && make + + - name: Run wolfssh tests + working-directory: wolfssh + run: make check diff --git a/src/internal.c b/src/internal.c index 4df487807..c4d3688c6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5133,7 +5133,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx) if (ret == WS_SUCCESS) { int useKeyPadding = 1; #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256) - doKeyPadding = !ssh->handshake->useEccKyber; + useKeyPadding = !ssh->handshake->useEccKyber; #endif ret = GenerateKeys(ssh, hashId, useKeyPadding); } @@ -10639,7 +10639,7 @@ int SendKexDhReply(WOLFSSH* ssh) if (ret == WS_SUCCESS) { int doKeyPadding = 1; #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256) - doKeyPadding = !ssh->handshake->useEccKyber; + doKeyPadding = !useEccKyber; #endif ret = GenerateKeys(ssh, hashId, doKeyPadding); }