currently marked as experimental and can only be enabled when
compiled with --with-liboqs. Contributed by David Dudas.
+** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
+ The support for ML-KEM post-quantum key encapsulation mechanisms
+ has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
+ MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
+ draft-kwiatkowski-tls-ecdhe-mlkem-03.
+
** API and ABI modifications:
GNUTLS_PK_ML_DSA_44: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_ML_DSA_65: New enum member of gnutls_pk_algorithm_t
GNUTLS_SIGN_ML_DSA_44: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_ML_DSA_65: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_ML_DSA_87: New enum member of gnutls_sign_algorithm_t
-GNUTLS_PK_ML_KEM_768: Renamed from GNUTLS_PK_MLKEM768; compatibility macro is provided
-** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
- The support for ML-KEM post-quantum key encapsulation mechanisms
- has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
- MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
- draft-kwiatkowski-tls-ecdhe-mlkem-03.
-
* Version 3.8.8 (released 2024-11-05)
#define IS_ECDHX(x) \
(((x) == GNUTLS_PK_ECDH_X25519) || ((x) == GNUTLS_PK_ECDH_X448))
-#define IS_KEM(x) \
- (((x) == GNUTLS_PK_ML_KEM_768) || ((x) == GNUTLS_PK_ML_KEM_1024) || \
+#define IS_KEM(x) \
+ (((x) == GNUTLS_PK_MLKEM768) || ((x) == GNUTLS_PK_MLKEM1024) || \
((x) == GNUTLS_PK_EXP_KYBER768))
#define IS_ML_DSA(x) \
{
.name = "MLKEM768",
.id = GNUTLS_GROUP_EXP_MLKEM768,
- .pk = GNUTLS_PK_ML_KEM_768,
+ .pk = GNUTLS_PK_MLKEM768,
/* absense of .tls_id means that this group alone cannot be used in TLS */
},
{
.name = "MLKEM1024",
.id = GNUTLS_GROUP_EXP_MLKEM1024,
- .pk = GNUTLS_PK_ML_KEM_1024,
+ .pk = GNUTLS_PK_MLKEM1024,
/* absense of .tls_id means that this group alone cannot be used in TLS */
},
{
.curve = GNUTLS_ECC_CURVE_X448 },
{ .name = "ML-KEM-768",
.oid = NULL,
- .id = GNUTLS_PK_ML_KEM_768,
+ .id = GNUTLS_PK_MLKEM768,
.curve = GNUTLS_ECC_CURVE_INVALID },
{ .name = "ML-KEM-1024",
.oid = NULL,
- .id = GNUTLS_PK_ML_KEM_1024,
+ .id = GNUTLS_PK_MLKEM1024,
.curve = GNUTLS_ECC_CURVE_INVALID },
/* Hidden behind HAVE_LIBOQS as it will be removed in the future.
*/
ret = 0;
break;
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768:
gnutls_pk_params_release(&session->key.kshare.kem_params);
gnutls_pk_params_init(&session->key.kshare.kem_params);
ret = 0;
break;
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768:
ret = gnutls_buffer_append_data(
extdata, session->key.kshare.kem_params.raw_pub.data,
return 0;
case GNUTLS_PK_EXP_KYBER768:
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
switch (group->pk) {
case GNUTLS_PK_EXP_KYBER768:
- case GNUTLS_PK_ML_KEM_768:
+ case GNUTLS_PK_MLKEM768:
public_key_size = KYBER768_PUBLIC_KEY_SIZE;
break;
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM1024:
public_key_size = MLKEM1024_PUBLIC_KEY_SIZE;
break;
default:
return 0;
case GNUTLS_PK_EXP_KYBER768:
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
switch (group->pk) {
case GNUTLS_PK_EXP_KYBER768:
- case GNUTLS_PK_ML_KEM_768:
+ case GNUTLS_PK_MLKEM768:
public_key_size = KYBER768_CIPHERTEXT_SIZE;
break;
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM1024:
public_key_size = MLKEM1024_CIPHERTEXT_SIZE;
break;
default:
#define GNUTLS_PK_EC GNUTLS_PK_ECDSA
#define GNUTLS_PK_ECDHX GNUTLS_PK_ECDH_X25519
-#define GNUTLS_PK_MLKEM768 GNUTLS_PK_ML_KEM_768
/**
* gnutls_pk_algorithm_t:
* @GNUTLS_PK_GOST_12_512: GOST R 34.10-2012 algorithm, 512-bit key per rfc7091.
* @GNUTLS_PK_ECDH_X448: Elliptic curve algorithm, restricted to ECDH as per rfc7748.
* @GNUTLS_PK_EDDSA_ED448: Edwards curve Digital signature algorithm. Used with SHAKE256 on signatures.
- * @GNUTLS_PK_ML_KEM_768: ML-KEM-768 key encapsulation algorithm as per FIPS 203.
- * @GNUTLS_PK_ML_KEM_1024: ML-KEM-1024 key encapsulation algorithm as per FIPS 203.
+ * @GNUTLS_PK_MLKEM768: ML-KEM-768 key encapsulation algorithm as per FIPS 203.
+ * @GNUTLS_PK_MLKEM1024: ML-KEM-1024 key encapsulation algorithm as per FIPS 203.
* @GNUTLS_PK_ML_DSA_44: ML-DSA-44 digital signature algorithm as per FIPS 204.
* @GNUTLS_PK_ML_DSA_65: ML-DSA-65 digital signature algorithm as per FIPS 204.
* @GNUTLS_PK_ML_DSA_87: ML-DSA-87 digital signature algorithm as per FIPS 204.
GNUTLS_PK_ECDH_X448 = 11,
GNUTLS_PK_EDDSA_ED448 = 12,
GNUTLS_PK_RSA_OAEP = 13,
- GNUTLS_PK_ML_KEM_768 = 14,
+ GNUTLS_PK_MLKEM768 = 14,
GNUTLS_PK_ML_DSA_44 = 15,
GNUTLS_PK_ML_DSA_65 = 16,
GNUTLS_PK_ML_DSA_87 = 17,
- GNUTLS_PK_ML_KEM_1024 = 18,
- GNUTLS_PK_MAX = GNUTLS_PK_ML_KEM_1024,
+ GNUTLS_PK_MLKEM1024 = 18,
+ GNUTLS_PK_MAX = GNUTLS_PK_MLKEM1024,
/* Experimental algorithms */
GNUTLS_PK_EXP_KYBER768 = 256,
static const char *pk_to_liboqs_algo(gnutls_pk_algorithm_t algo)
{
switch (algo) {
- case GNUTLS_PK_ML_KEM_768:
+ case GNUTLS_PK_MLKEM768:
return OQS_KEM_alg_ml_kem_768;
case GNUTLS_PK_EXP_KYBER768:
return OQS_KEM_alg_kyber_768;
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM1024:
return OQS_KEM_alg_ml_kem_1024;
case GNUTLS_PK_ML_DSA_44:
return OQS_SIG_alg_ml_dsa_44;
switch (algo) {
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
const char *algo_name;
switch (algo) {
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
const char *algo_name;
case GNUTLS_PK_EDDSA_ED448:
return 1;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
const char *algo_name;
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
#endif
- case GNUTLS_PK_ML_KEM_768:
+ case GNUTLS_PK_MLKEM768:
case GNUTLS_PK_ML_DSA_44:
case GNUTLS_PK_ML_DSA_65:
case GNUTLS_PK_ML_DSA_87:
case GNUTLS_PK_ECDH_X448:
break;
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
const char *algo_name;
break;
}
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
OQS_KEM *kem = NULL;
const char *algo_name;
break;
}
#ifdef HAVE_LIBOQS
- case GNUTLS_PK_ML_KEM_768:
- case GNUTLS_PK_ML_KEM_1024:
+ case GNUTLS_PK_MLKEM768:
+ case GNUTLS_PK_MLKEM1024:
case GNUTLS_PK_EXP_KYBER768: {
const char *algo_name;
#endif
algorithm == GNUTLS_PK_ECDH_X25519 ||
algorithm == GNUTLS_PK_ECDH_X448 ||
- algorithm == GNUTLS_PK_ML_KEM_768 ||
- algorithm == GNUTLS_PK_ML_KEM_1024)
+ algorithm == GNUTLS_PK_MLKEM768 ||
+ algorithm == GNUTLS_PK_MLKEM1024)
continue;
if (algorithm == GNUTLS_PK_GOST_01 ||
projects / thirdparty / gnutls.git / commitdiff
