Fix for PQC enabled handshake

Frauschi · Frauschi · commit 403fcc5a4b4d · 2024-02-28T17:52:38.000+01:00
When PQC Kyber support is enabled, incoming KeyShare messages are tested
regarding the named group is a PQC Kyber group (pure or hybrid). The
boundaries of this test are way too loose (large gap between the pure
ones and the hybrid ones). This could result in failing handshakes in
case a client uses GREASE (Generate Random Extensions And Sustain
Extensibility), as there group numbers in the large gap are used.

The fix is just to make sure that the PQC test uses the two small
boundaries of the PQC named groups.

The lower bound for the hybrid groups has also been updated to reflect
the current OQS definition.

Signed-off-by: Tobias Frauenschläger &lt;t.frauenschlaeger@me.com&gt;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -1850,7 +1850,8 @@ enum Misc {
     (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
 #ifdef HAVE_PQC
 #define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
-    (WOLFSSL_PQC_MIN <= (group) && (group) <= WOLFSSL_PQC_MAX)
+    ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \
+     (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX))
 #else
 #define WOLFSSL_NAMED_GROUP_IS_PQC(group)    ((void)(group), 0)
 #endif /* HAVE_PQC */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
@@ -4004,7 +4004,7 @@ enum {
     WOLFSSL_KYBER_LEVEL5          = 573, /* KYBER_1024 */
     WOLFSSL_PQC_SIMPLE_MAX        = 573,
 
-    WOLFSSL_PQC_HYBRID_MIN        = 12052,
+    WOLFSSL_PQC_HYBRID_MIN        = 12090,
     WOLFSSL_P256_KYBER_LEVEL1     = 12090,
     WOLFSSL_P384_KYBER_LEVEL3     = 12092,
     WOLFSSL_P521_KYBER_LEVEL5     = 12093,
