COVPN-32: Support X25519 x ML-KEM-768 hybrid method

[kp-samuel-tam]

Description

Support one additional post-quantum key exchange method, X25519 with ML-KEM-768.

Motivation and Context

The method is drafted in IETF's Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3.

How Has This Been Tested?

This PR only changes the server-side groups, to test this effectively we need to change the client's as well.

lightway/lightway-core/src/connection/builders.rs

Line 174 in 7c9eec9

let curve = wolfssl::CurveGroup::P521MLKEM1024;

Change this to X25519MLKEM768. Running earthly --allow-privileged +e2e succeeds.

Related

• COVPN-32: Support X25519 x ML-KEM-768 hybrid method wolfssl-rs#311

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• The correct base branch is being used, if not main

[github-actions]

Code coverage summary for c2c20f5:

Filename                                                     Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover    Branches   Missed Branches     Cover
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
lightway-app-utils/src/args/cipher.rs                              5                 5     0.00%           1                 1     0.00%           5                 5     0.00%           0                 0         -
lightway-app-utils/src/args/connection_type.rs                     5                 5     0.00%           1                 1     0.00%           5                 5     0.00%           0                 0         -
lightway-app-utils/src/args/duration.rs                           22                18    18.18%           5                 4    20.00%          15                12    20.00%           0                 0         -
lightway-app-utils/src/args/ip_map.rs                             19                19     0.00%           3                 3     0.00%          13                13     0.00%           0                 0         -
lightway-app-utils/src/args/logging.rs                            37                37     0.00%           3                 3     0.00%          31                31     0.00%           0                 0         -
lightway-app-utils/src/args/nonzero_duration.rs                   24                16    33.33%           4                 3    25.00%          16                10    37.50%           0                 0         -
lightway-app-utils/src/connection_ticker.rs                      236                24    89.83%          28                 4    85.71%         126                15    88.10%           0                 0         -
lightway-app-utils/src/dplpmtud_timer.rs                         212                16    92.45%          22                 4    81.82%         117                11    90.60%           0                 0         -
lightway-app-utils/src/event_stream.rs                            19                 0   100.00%           3                 0   100.00%          11                 0   100.00%           0                 0         -
lightway-app-utils/src/sockopt/ip_mtu_discover.rs                 78                78     0.00%           6                 6     0.00%          68                68     0.00%           0                 0         -
lightway-app-utils/src/sockopt/ip_pktinfo.rs                      14                14     0.00%           1                 1     0.00%          16                16     0.00%           0                 0         -
lightway-app-utils/src/tun.rs                                    281               281     0.00%          31                31     0.00%         175               175     0.00%           0                 0         -
lightway-app-utils/src/utils.rs                                   21                21     0.00%           1                 1     0.00%          11                11     0.00%           0                 0         -
lightway-client/src/args.rs                                       35                14    60.00%           2                 1    50.00%          17                 8    52.94%           0                 0         -
lightway-client/src/dns_manager.rs                                16                16     0.00%           3                 3     0.00%          11                11     0.00%           0                 0         -
lightway-client/src/io/inside/tun.rs                              78                78     0.00%          11                11     0.00%          57                57     0.00%           0                 0         -
lightway-client/src/io/outside/tcp.rs                             80                80     0.00%          11                11     0.00%          48                48     0.00%           0                 0         -
lightway-client/src/io/outside/udp.rs                            123               123     0.00%          13                13     0.00%          74                74     0.00%           0                 0         -
lightway-client/src/keepalive.rs                                 624                53    91.51%          55                 6    89.09%         330                25    92.42%           0                 0         -
lightway-client/src/lib.rs                                       796               660    17.09%          59                48    18.64%         550               460    16.36%           0                 0         -
lightway-client/src/main.rs                                      189               189     0.00%          12                12     0.00%         147               147     0.00%           0                 0         -
lightway-client/src/platform/linux/dns_manager.rs                144                64    55.56%          16                 6    62.50%          94                40    57.45%           0                 0         -
lightway-client/src/route_manager.rs                            1010               214    78.81%          63                 7    88.89%         551               115    79.13%           0                 0         -
lightway-core/src/borrowed_bytesmut.rs                           378                 1    99.74%          24                 0   100.00%         189                 1    99.47%           0                 0         -
lightway-core/src/builder_predicates.rs                           24                12    50.00%           4                 2    50.00%          24                12    50.00%           0                 0         -
lightway-core/src/cipher.rs                                       13                 0   100.00%           2                 0   100.00%          10                 0   100.00%           0                 0         -
lightway-core/src/connection.rs                                 1617               942    41.74%          70                30    57.14%        1127               625    44.54%           0                 0         -
lightway-core/src/connection/builders.rs                         247                49    80.16%          21                 8    61.90%         249                55    77.91%           0                 0         -
lightway-core/src/connection/dplpmtud.rs                        1755                95    94.59%          63                 0   100.00%         832                 9    98.92%           0                 0         -
lightway-core/src/connection/fragment_map.rs                     380                15    96.05%          25                 0   100.00%         258                 7    97.29%           0                 0         -
lightway-core/src/connection/io_adapter.rs                       529                26    95.09%          34                 5    85.29%         276                21    92.39%           0                 0         -
lightway-core/src/connection/key_update.rs                        34                13    61.76%           5                 0   100.00%          38                19    50.00%           0                 0         -
lightway-core/src/context.rs                                     202                51    74.75%          26                11    57.69%         213                64    69.95%           0                 0         -
lightway-core/src/context/ip_pool.rs                               8                 3    62.50%           1                 0   100.00%           5                 0   100.00%           0                 0         -
lightway-core/src/context/server_auth.rs                          35                27    22.86%           4                 3    25.00%          24                20    16.67%           0                 0         -
lightway-core/src/encoding_request_states.rs                       3                 0   100.00%           1                 0   100.00%           3                 0   100.00%           0                 0         -
lightway-core/src/io.rs                                           10                10     0.00%           3                 3     0.00%           9                 9     0.00%           0                 0         -
lightway-core/src/lib.rs                                           9                 0   100.00%           3                 0   100.00%           9                 0   100.00%           0                 0         -
lightway-core/src/metrics.rs                                      55                45    18.18%          21                17    19.05%          48                38    20.83%           0                 0         -
lightway-core/src/packet.rs                                       38                10    73.68%           4                 1    75.00%          30                 6    80.00%           0                 0         -
lightway-core/src/plugin.rs                                      304                13    95.72%          21                 3    85.71%         145                 7    95.17%           0                 0         -
lightway-core/src/utils.rs                                       339                31    90.86%          22                 2    90.91%         165                17    89.70%           0                 0         -
lightway-core/src/version.rs                                      94                 0   100.00%          17                 0   100.00%          82                 0   100.00%           0                 0         -
lightway-core/src/wire.rs                                        441                44    90.02%          28                 0   100.00%         233                10    95.71%           0                 0         -
lightway-core/src/wire/auth_failure.rs                            27                 1    96.30%           3                 0   100.00%          17                 0   100.00%           0                 0         -
lightway-core/src/wire/auth_request.rs                           472                12    97.46%          26                 0   100.00%         241                 0   100.00%           0                 0         -
lightway-core/src/wire/auth_success_with_config_ipv4.rs          223                 4    98.21%          11                 0   100.00%         124                 0   100.00%           0                 0         -
lightway-core/src/wire/data.rs                                    52                 1    98.08%           5                 0   100.00%          34                 0   100.00%           0                 0         -
lightway-core/src/wire/data_frag.rs                              131                 1    99.24%          14                 0   100.00%          82                 0   100.00%           0                 0         -
lightway-core/src/wire/encoding_request.rs                        82                 2    97.56%           6                 0   100.00%          42                 1    97.62%           0                 0         -
lightway-core/src/wire/encoding_response.rs                       82                 2    97.56%           6                 0   100.00%          42                 1    97.62%           0                 0         -
lightway-core/src/wire/expresslane_config.rs                     167                 2    98.80%           8                 0   100.00%          92                 0   100.00%           0                 0         -
lightway-core/src/wire/expresslane_data.rs                       938                71    92.43%          36                 7    80.56%         467                38    91.86%           0                 0         -
lightway-core/src/wire/ping.rs                                    96                 3    96.88%           7                 0   100.00%          59                 0   100.00%           0                 0         -
lightway-core/src/wire/pong.rs                                   110                 3    97.27%           8                 0   100.00%          72                 0   100.00%           0                 0         -
lightway-core/src/wire/server_config.rs                           69                 2    97.10%           4                 0   100.00%          37                 0   100.00%           0                 0         -
lightway-server/src/auth.rs                                      282                55    80.50%          22                 6    72.73%         171                28    83.63%           0                 0         -
lightway-server/src/connection.rs                                141               141     0.00%          11                11     0.00%         110               110     0.00%           0                 0         -
lightway-server/src/connection_manager.rs                        348               348     0.00%          41                41     0.00%         281               281     0.00%           0                 0         -
lightway-server/src/connection_manager/connection_map.rs         409                18    95.60%          21                 1    95.24%         228                 7    96.93%           0                 0         -
lightway-server/src/io/inside/tun.rs                              44                44     0.00%           9                 9     0.00%          30                30     0.00%           0                 0         -
lightway-server/src/io/outside/tcp.rs                             90                90     0.00%           9                 9     0.00%          65                65     0.00%           0                 0         -
lightway-server/src/io/outside/udp.rs                            320               320     0.00%          16                16     0.00%         205               205     0.00%           0                 0         -
lightway-server/src/io/outside/udp/cmsg.rs                       197                53    73.10%          14                 5    64.29%         158                43    72.78%           0                 0         -
lightway-server/src/ip_manager.rs                                550                58    89.45%          22                 4    81.82%         247                28    88.66%           0                 0         -
lightway-server/src/ip_manager/ip_pool.rs                        542                 1    99.82%          27                 0   100.00%         252                 0   100.00%           0                 0         -
lightway-server/src/lib.rs                                       260               260     0.00%          14                14     0.00%         169               169     0.00%           0                 0         -
lightway-server/src/main.rs                                      233               233     0.00%          11                11     0.00%         123               123     0.00%           0                 0         -
lightway-server/src/metrics.rs                                   257               253     1.56%          85                83     2.35%         215               211     1.86%           0                 0         -
lightway-server/src/statistics.rs                                138                62    55.07%           8                 4    50.00%          89                37    58.43%           0                 0         -
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                                                          16843              5452    67.63%        1197               486    59.40%       10109              3654    63.85%           0                 0         -

✅ Region coverage 67% passes
✅ Line coverage 63% passes

[kp-thomas-yau]

For other reviewers: This also includes WolfSSL upgrade to 5.8.2 and WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS.

[kp-mariappan-ramasamy]

@kp-samuel-tam The issue with WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS has been resolved and wolfssl updated to 5.8.2 version

#314 (comment)

You can rebase on top of latest main branch and remove the unnecessary changes.