Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVPN-1615 Remove liboqs and use WolfSSL's Kyber implementation #179

Merged
merged 2 commits into from
Dec 4, 2024
Merged

CVPN-1615 Remove liboqs and use WolfSSL's Kyber implementation #179

merged 2 commits into from
Dec 4, 2024

Conversation

kp-thomas-yau
Copy link
Contributor

@kp-thomas-yau kp-thomas-yau commented Nov 25, 2024
edited
Loading

Description

This PR removes liboqs and would instead use WolfSSL's implementation of Kyber. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:

Configuration for enabling ML-KEM/Kyber:

  1. For only ML-KEM:
    ./configure --enable-kyber
    ./configure --enable-kyber=all,ml-kem
  2. For just Kyber:
    ./configure --enable-kyber=all,original
  3. For ML-KEM and Kyber
    ./configure --enable-kyber=all,original,ml-kem
    ./configure --enable-kyber=all,ml-kem,original

Motivation and Context

Reduce external dependency, prepare migration to ML-KEM

How Has This Been Tested?

Tested with a UDP xv-helium-server with new lightway-core (aka NO LIBOQS) with

  1. xv-helium-cli that has OLD (the first connection) lightway-core WITH Liboqs--> Use Kyber Level 1, expected
  2. xv-helium-cli that has NEW (the second connection) lightway-core WITHOUT Liboqs --> Use Kyber Level 5, expected
    image

Also tested it with TCP, both uses Kyber level 5 as expected

Passes mac coverage test and other unit tests as well

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • All active GitHub checks are passing
  • The correct base branch is being used, if not main

@kp-thomas-yau kp-thomas-yau changed the title Remove liboqs and use WolfSSL's Kyber implementation CVPN-1615 Remove liboqs and use WolfSSL's Kyber implementation Nov 26, 2024
@kp-thomas-yau kp-thomas-yau force-pushed the remove-liboqs branch 2 times, most recently from f403a18 to 17b3f48 Compare December 2, 2024 03:03
@kp-thomas-yau
CVPN-1615 Remove liboqs and use WolfSSL's Kyber implementation
c590930 
Remove references to liboqs and edit build flag/configs for each of the platform.

Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

The patch consists of the commits and code changes from the following PR from WolfSSL:
- wolfSSL/wolfssl#8143
- wolfSSL/wolfssl#8172
- wolfSSL/wolfssl#8183
- wolfSSL/wolfssl#8185

Configuration for enabling ML-KEM/Kyber:
1. For only ML-KEM:
./configure --enable-kyber
./configure --enable-kyber=all,ml-kem
2. For just Kyber:
./configure --enable-kyber=all,original
3. For ML-KEM and Kyber
./configure --enable-kyber=all,original,ml-kem
./configure --enable-kyber=all,ml-kem,original
@kp-thomas-yau
CVPN-1615 Disable WolfSSL Kyber for unsupported platform
a52fe18
@kp-thomas-yau kp-thomas-yau marked this pull request as ready for review December 3, 2024 09:07
@kp-thomas-yau kp-thomas-yau requested a review from a team as a code owner December 3, 2024 09:07
@xv-raihaan-m
Copy link
Contributor

This PR removes liboqs and would instead use WolfSSL's implementation of Kyber. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

Does this mean the server needs to be rolled out first? i.e iss this change backwards compatible?

@kp-thomas-yau
Copy link
Contributor Author

This PR removes liboqs and would instead use WolfSSL's implementation of Kyber. Since WolfSSL would officially release their Kyber/ML-KEM implementations a few months later, we would use the git patch to essentially patch their PRs on top of the 5.7.4 release.

Does this mean the server needs to be rolled out first? i.e iss this change backwards compatible?

We will update the server first so that it can support older/new client as well. We would only update the clients after the server slowly rolls out.

@kp-thomas-yau kp-thomas-yau merged commit 3c442d1 into main Dec 4, 2024
20 checks passed
@xv-raihaan-m xv-raihaan-m deleted the remove-liboqs branch December 4, 2024 07:10
kp-thomas-yau added a commit that referenced this pull request Dec 4, 2024
@kp-thomas-yau
CVPN-1636 Compile WolfSSL with ML-KEM
d4f1f25 
Compile flags configuration can be found here:
#179
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xv-raihaan-m xv-raihaan-m xv-raihaan-m approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kp-thomas-yau @xv-raihaan-m