You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → How to use Kyber Post Quantum Krypto?
I would like to try Kyber key generation and I am wondering where to set this in my application.
I have set #define HAVE_KYBER and now I want my client to use it. Is that done via setting a special cipher suite with wolfSSL_CTX_set_cipher_list() or via elliptic curve groups or some other way?
Hi Sunnysunday,
Did you mean ML-KEM?
You can use
WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);The following values for group are good:
WOLFSSL_ML_KEM_512
WOLFSSL_ML_KEM_768
WOLFSSL_ML_KEM_1024
WOLFSSL_SECP256R1MLKEM768
WOLFSSL_X25519MLKEM768
WOLFSSL_SECP384R1MLKEM1024
WOLFSSL_SECP256R1MLKEM512
WOLFSSL_SECP384R1MLKEM768
WOLFSSL_SECP521R1MLKEM1024
WOLFSSL_X25519MLKEM512
WOLFSSL_X448MLKEM768
Warm regards, Anthony
Thank you.
I am trying this on Zephyr but I can't get it to compile with any of the groups you suggested. I used e.g.
wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512);To include Wolfssl in my Zephyr build I was following the official Wolfssl Zephyr Documentation on https://github.com/wolfSSL/wolfssl/tree/master/zephyr and have the settings under manifest in west.yml as described there.
Are there any specific includes I need to use?
I tried those:
#define HAVE_KYBER
#define HAVE_ML_KEM
#define WOLFSSL_HAVE_HYBRID
#define HAVE_ML_DSA
#define WOLFSSL_DTLS_CH_FRAGThose don't throw an error but
wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512)
does:
error: 'WOLFSSL_ML_KEM_512' undeclared.
I tried #define HAVE_PQC which also throws an error:
#error Please do not define HAVE_PQC yourself.
Are there any other includes I need to use?
Or do I need to intregrate LIBOQS in some way?
These should be sufficient:
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
I have tried the algorithms you mentioned. Some of them work, most of them throw errors.
These throw missing extension errors, as the client sends no key in the client hello:
WOLFSSL_ML_KEM_1024
WOLFSSL_SECP256R1MLKEM768
These return bad function argument errors:
WOLFSSL_SECP384R1MLKEM768
WOLFSSL_X25519MLKEM768
WOLFSSL_SECP384R1MLKEM1024
WOLFSSL_SECP521R1MLKEM1024
WOLFSSL_X448MLKEM768
These work:
WOLFSSL_SECP256R1MLKEM512
WOLFSSL_ML_KEM_512
WOLFSSL_X25519MLKEM512
WOLFSSL_ML_KEM_768
What could be the reason for the client sending no key in the client hello and for the bad function argument errors?
wolfSSL - Embedded SSL Library → wolfSSL → How to use Kyber Post Quantum Krypto?
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.009 seconds (48% PHP - 52% DB) with 11 queries