Kyber with DTLS 1.3 tests

anhu · anhu · commit ad6d6be6205c · 2022-12-14T12:46:24.000-05:00
diff --git a/src/tls.c b/src/tls.c
@@ -8454,7 +8454,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
 
     if (ret == 0) {
         ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
-        if (ret == 0) {
+        if (ret != 0) {
             WOLFSSL_MSG("Error creating Kyber KEM");
         }
     }
diff --git a/tests/suites.c b/tests/suites.c
@@ -927,6 +927,50 @@ int SuiteTest(int argc, char** argv)
     }
     #endif
     #endif
+    #ifdef HAVE_PQC
+    /* add TLSv13 pq tests */
+    XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1]));
+    printf("starting TLSv13 post-quantum groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+    #ifdef HAVE_LIBOQS
+    /* add TLSv13 pq tests */
+    XSTRLCPY(argv0[1], "tests/test-tls13-pq-2.conf", sizeof(argv0[1]));
+    printf("starting TLSv13 post-quantum groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+    #endif
+    #endif
+    #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13)
+    /* add DTLSv13 pq tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1]));
+    printf("starting DTLSv13 post-quantum groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+    #ifdef HAVE_LIBOQS
+    /* add DTLSv13 pq tests */
+    XSTRLCPY(argv0[1], "tests/test-dtls13-pq-2.conf", sizeof(argv0[1]));
+    printf("starting DTLSv13 post-quantum groups tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+    #endif
+    #endif
 #endif
 #if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
      (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
diff --git a/tests/test-dtls13-pq-2.conf b/tests/test-dtls13-pq-2.conf
@@ -0,0 +1,13 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc P256_KYBER_LEVEL1
+
+# P384_KYBER_LEVEL3 and P521_KYBER_LEVEL5 would fragment the ClientHello.
diff --git a/tests/test-dtls13-pq.conf b/tests/test-dtls13-pq.conf
@@ -0,0 +1,13 @@
+# server DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc KYBER_LEVEL1
+
+# client DTLSv1.3 with post-quantum group
+-u
+-v 4
+-l TLS13-AES256-GCM-SHA384
+--pqc KYBER_LEVEL1
+
+# KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello.

Original file line number	Diff line number	Diff line change
`@@ -8454,7 +8454,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,`
`8454`	`8454`
`8455`	`8455`	`if (ret == 0) {`
`8456`	`8456`	`ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);`
`8457`		`- if (ret == 0) {`
	`8457`	`+ if (ret != 0) {`
`8458`	`8458`	`WOLFSSL_MSG("Error creating Kyber KEM");`
`8459`	`8459`	`}`
`8460`	`8460`	`}`