Merge branch 'kats_v1.2.x' into 'master'

# Default target

all: update install setup openssl liboqs oqs-provider test-oqs compile run

# all: update install setup openssl liboqs oqs-provider test-oqs compile 

# Update and install necessary packages (OS-specific)

		cd openssl && \

		./Configure \

			--prefix=$(BUILD_DIR) \

			--libdir=lib \

			no-ssl no-tls1 no-tls1_1 no-afalgeng \

			no-shared threads -lm && \

		make && \

		make install_sw && \

		echo "OpenSSL cloned and built successfully."; \

	else \

		echo "OpenSSL directory already exists. Skipping clone and build."; \

		cd $(WORKSPACE) && \

		git clone https://github.com/open-quantum-safe/liboqs  && \

		cd liboqs  && \

		git checkout 0.13.0-release && \

		git checkout 0.13.0 && \

		mkdir build && cd build  && \

		cmake \

			-DBUILD_SHARED_LIBS=ON \

			-DCMAKE_BUILD_TYPE=Release \

			-DOQS_BUILD_ONLY_LIB=ON \

			-DOQS_DIST_BUILD=ON \

			-DCMAKE_INSTALL_PREFIX=$(BUILD_DIR) \

			..   && \

		make && \

		make install && \

		echo "liboqs cloned and built successfully."; \

	else \

		echo "liboqs directory already exists. Skipping clone and build."; \

		cd $(WORKSPACE) && \

		git clone https://github.com/open-quantum-safe/oqs-provider  && \

		cd oqs-provider && \

		git checkout 0.7.0-release && \

		liboqs_DIR=$(BUILD_DIR) cmake \

			-DOPENSSL_ROOT_DIR=$(WORKSPACE)/openssl/ \

		git checkout 0.7.0 && \

		liboqs_DIR=$(BUILD_DIR)/lib/cmake/liboqs cmake \

			-DOPENSSL_ROOT_DIR=$(BUILD_DIR) \

			-DCMAKE_BUILD_TYPE=Release \

			-S . \

			-B $(BUILD_DIR)  && \

		sudo cmake --build $(BUILD_DIR) ; \

		cmake --build $(BUILD_DIR) ; \

		echo "oqs-provider cloned, built, and configured successfully."; \

	else \

		echo "oqs-provider directory already exists. Skipping clone and build."; \

# Compile the project

compile:

	@echo "Compiling the project..."

	gcc -Wall -o etsi-hkex-test main.c crypto.c qshkex.c -lcrypto -loqs \

		-I$(WORKSPACE)/liboqs/build/include/ \

		-L$(BUILD_DIR)/lib

	$(CC) $(CFLAGS) -o etsi-hkex-test main.c crypto.c qshkex.c $(LDFLAGS) \

		-I$(BUILD_DIR)/include \

		-L$(BUILD_DIR)/lib -L$(BUILD_DIR)/lib64

	@echo "Compilation completed. Executable: etsi-hkex-test"

run: compile

	@echo "Running etsi-hkex-test..."

ifeq ($(UNAME_S),Linux)

	@export OPENSSL_MODULES=$(BUILD_DIR)/lib  && ./etsi-hkex-test

	@LD_LIBRARY_PATH=$(BUILD_DIR)/lib:$(BUILD_DIR)/lib64 OPENSSL_MODULES=$(BUILD_DIR)/lib ./etsi-hkex-test

else ifeq ($(UNAME_S),Darwin)

	@DYLD_LIBRARY_PATH=$(BUILD_DIR)/lib:$$DYLD_LIBRARY_PATH ./etsi-hkex-test

	@DYLD_LIBRARY_PATH=$(BUILD_DIR)/lib:$$DYLD_LIBRARY_PATH OPENSSL_MODULES=$(BUILD_DIR)/lib ./etsi-hkex-test

endif

# Clean up

## TS 103 744 Quantum-safe Hybrid Key Exchanges ##

Informative reference implementation as reported in Annex C of ETSI TS 103 744,

 "CYBER; Quantum-safe Hybrid Key Exchanges. The code is not intended for production use.

 It is intended to be a reference implementation for test.

"CYBER; Quantum-safe Hybrid Key Exchanges". The code is not intended for production use.

It is intended to be a reference implementation for test vector generation.

More information and standards download at the [work item page](https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=56901).

### Usage ###

This code is provided as an informative implementation of the Quantum-safe Hybrid Key Exchanges for the Concatenate

 KDF (CatKDF) and Cascade KDF (CasKDF).  It generates the test vectors contained in the TS.

KDF (CatKDF) and Cascade KDF (CasKDF). It generates the test vectors for the TS.

This is not intended for production use. It is intended to be a reference

implementation for test vectors for the specification.

  git clone ssh://git.amazon.com/pkg/Etsi-hkex-test

  git checkout 

### Prerequisites ###

- GCC compiler

- GNU Make

- OpenSSL 3.2 (cloned and built automatically by the Makefile)

- [liboqs](https://github.com/open-quantum-safe/liboqs) v0.13.0 (cloned and built automatically)

- [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) v0.7.0 (cloned and built automatically)

On Linux, the following packages are required and will be installed by `make`:

`git`, `build-essential`, `perl`, `cmake`, `autoconf`, `libtool`, `zlib1g-dev`

### Build instructions ###

This library requires OpenSSL version 3.2.4-dev libcrypto.

To clone and build all dependencies (OpenSSL, liboqs, and oqs-provider), compile, and run:

    To clone and build dependencies (openssl, liboqs, and oqs-provider), run:

    make

    To build and run etsi-hkex-test:

To build and run etsi-hkex-test only (after dependencies are built):

    make run

    Or:

Or compile manually (with appropriate include and library paths):

    gcc -Wall -o etsi-hkex-test main.c crypto.c qshkex.c -lcrypto -loqs

    ./etsi-hkex-test

### Repository ###

Source code is hosted at the ETSI forge:

    git clone https://forge.etsi.org/rep/cyber/103744_QHKEX.git

### License ###

The content of this repository and the files

contained are released under the BSD-3-Clause license.

See the attached LICENSE file or visit https://forge.etsi.org/legal-matters.

/*

    This file implements ETSI TC CYBER QSC Quantum-safe Hybrid Key Exchanges

    (Version 1.1.1)

    (Version 1.2.1)

    This is not intended for production use.  It is intended to be a reference

    implementation for test vectors for the specification.

    It uses OpenSSL version 3.4.0 libcrypto.

    It uses OpenSSL version 3.2 libcrypto.

    gcc -Wall -o etsi-hkex-test main.c crypto.c qshkex.c -lcrypto -loqs

    ./etsi-hkex-test

        if (EVP_PKEY_keygen_init(ctxA) <= 0) {

            break;

        }

        if (curve != EVP_PKEY_X25519 || curve != EVP_PKEY_X448) {

        if (curve != EVP_PKEY_X25519 && curve != EVP_PKEY_X448) {

            if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctxA, curve) <= 0) {

                break;

            }

        if (EVP_PKEY_keygen(ctxA, &pkeyA) <= 0) {

            break;

        }

        if (curve != EVP_PKEY_X25519 || curve != EVP_PKEY_X448) {

        if (curve != EVP_PKEY_X25519 && curve != EVP_PKEY_X448) {

            if (EVP_PKEY_get_octet_string_param(pkeyA, "pub", pubA, MAX_KEY_BYTE_LEN, &pubA_len) <= 0) {

                break;

            }

        } else {

            pubA_len = MAX_KEY_BYTE_LEN;

            if (EVP_PKEY_get_raw_public_key(pkeyA, pubA, &pubA_len) <= 0) {

                break;

            }

        if (EVP_PKEY_keygen_init(ctxB) <= 0) {

            break;

        }

        if (curve != EVP_PKEY_X25519 && curve != EVP_PKEY_X448) {

            if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctxB, curve) <= 0) {

                break;

            }

        }

        if (EVP_PKEY_keygen(ctxB, &pkeyB) <= 0) {

            break;

        }

        if (curve != EVP_PKEY_X25519 || curve != EVP_PKEY_X448) {

        if (curve != EVP_PKEY_X25519 && curve != EVP_PKEY_X448) {

            if (EVP_PKEY_get_octet_string_param(pkeyB, "pub", pubB, MAX_KEY_BYTE_LEN, &pubB_len) <= 0) {

                break;

            }

        } else {

            pubB_len = MAX_KEY_BYTE_LEN;

            if (EVP_PKEY_get_raw_public_key(pkeyB, pubB, &pubB_len) <= 0) {

                break;

            }

        *PB1length = pubB_len;

        // Derive entity A shared secret

        EVP_PKEY_CTX_free(ctxA);

        ctxA = EVP_PKEY_CTX_new(pkeyA, NULL);

        if (!ctxA) {

            break;

        }

        // Derive entity B shared secret

        EVP_PKEY_CTX_free(ctxB);

        ctxB = EVP_PKEY_CTX_new(pkeyB, NULL);

        if (!ctxB) {

            break;

/*

    Header file for a reference implementation of

    ETSI TC CYBER QSC Quantum-safe Hybrid Key Exchanges (Version 1.1.1)

    ETSI TC CYBER QSC Quantum-safe Hybrid Key Exchanges (Version 1.2.1)

    This is not intended for production use.  It is intended to be a reference

    implementation for test vectors for the specification.