From 3856d9ca21cef2e7ceb936fbf89575f55283ac20 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 30 Sep 2024 16:20:19 -0700 Subject: [PATCH] Update PQ code to be generic over EVP_KEM API's instead of Kyber-specific --- crypto/s2n_evp_kem.c | 128 ++++++++++++++++++ crypto/s2n_evp_kem.h | 26 ++++ crypto/s2n_kyber_evp.c | 110 --------------- crypto/s2n_kyber_evp.h | 22 --- crypto/s2n_pq.c | 10 +- crypto/s2n_pq.h | 2 +- ...BER.c => S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c} | 0 ...s => S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags} | 0 tests/unit/s2n_kem_preferences_test.c | 21 ++- tests/unit/s2n_pq_kem_test.c | 2 +- tests/unit/s2n_security_policies_test.c | 20 ++- tls/s2n_kem.c | 28 ++-- tls/s2n_kem.h | 5 +- 13 files changed, 192 insertions(+), 182 deletions(-) create mode 100644 crypto/s2n_evp_kem.c create mode 100644 crypto/s2n_evp_kem.h delete mode 100644 crypto/s2n_kyber_evp.c delete mode 100644 crypto/s2n_kyber_evp.h rename tests/features/{S2N_LIBCRYPTO_SUPPORTS_KYBER.c => S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c} (100%) rename tests/features/{S2N_LIBCRYPTO_SUPPORTS_KYBER.flags => S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags} (100%) diff --git a/crypto/s2n_evp_kem.c b/crypto/s2n_evp_kem.c new file mode 100644 index 00000000000..b608c6d3a15 --- /dev/null +++ b/crypto/s2n_evp_kem.c @@ -0,0 +1,128 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#include +#include + +#include "crypto/s2n_pq.h" +#include "error/s2n_errno.h" +#include "tls/s2n_kem.h" +#include "utils/s2n_safety.h" +#include "utils/s2n_safety_macros.h" + +int s2n_evp_kem_stub_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, + OUT uint8_t *private_key) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} + +int s2n_evp_kem_stub_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, + IN const uint8_t *public_key) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} + +int s2n_evp_kem_stub_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, + IN const uint8_t *private_key) +{ + POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); +} + +#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_KEM) + +DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY *, EVP_PKEY_free); +DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY_CTX *, EVP_PKEY_CTX_free); + +int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, + OUT uint8_t *secret_key) +{ + DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, NULL), EVP_PKEY_CTX_free_pointer); + POSIX_GUARD_PTR(kem_pkey_ctx); + POSIX_GUARD_OSSL(EVP_PKEY_CTX_kem_set_params(kem_pkey_ctx, kem->kem_nid), S2N_ERR_PQ_CRYPTO); + POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(kem_pkey_ctx), S2N_ERR_PQ_CRYPTO); + + DEFER_CLEANUP(EVP_PKEY *kem_pkey = NULL, EVP_PKEY_free_pointer); + POSIX_GUARD_OSSL(EVP_PKEY_keygen(kem_pkey_ctx, &kem_pkey), S2N_ERR_PQ_CRYPTO); + POSIX_GUARD_PTR(kem_pkey); + + size_t public_key_size = kem->public_key_length; + POSIX_GUARD_OSSL(EVP_PKEY_get_raw_public_key(kem_pkey, public_key, &public_key_size), S2N_ERR_PQ_CRYPTO); + POSIX_ENSURE_EQ(kem->public_key_length, public_key_size); + size_t private_key_size = kem->private_key_length; + POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kem_pkey, secret_key, &private_key_size), S2N_ERR_PQ_CRYPTO); + POSIX_ENSURE_EQ(kem->private_key_length, private_key_size); + + return S2N_SUCCESS; +} + +int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, + IN const uint8_t *public_key) +{ + DEFER_CLEANUP(EVP_PKEY *kem_pkey = EVP_PKEY_kem_new_raw_public_key(kem->kem_nid, public_key, kem->public_key_length), EVP_PKEY_free_pointer); + POSIX_GUARD_PTR(kem_pkey); + + DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new(kem_pkey, NULL), EVP_PKEY_CTX_free_pointer); + POSIX_GUARD_PTR(kem_pkey_ctx); + + size_t ciphertext_size = kem->ciphertext_length; + size_t shared_secret_size = kem->shared_secret_key_length; + POSIX_GUARD_OSSL(EVP_PKEY_encapsulate(kem_pkey_ctx, ciphertext, &ciphertext_size, shared_secret, + &shared_secret_size), + S2N_ERR_PQ_CRYPTO); + POSIX_ENSURE_EQ(kem->ciphertext_length, ciphertext_size); + POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size); + + return S2N_SUCCESS; +} + +int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, + IN const uint8_t *private_key) +{ + DEFER_CLEANUP(EVP_PKEY *kem_pkey = EVP_PKEY_kem_new_raw_secret_key(kem->kem_nid, private_key, kem->private_key_length), EVP_PKEY_free_pointer); + POSIX_GUARD_PTR(kem_pkey); + + DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new(kem_pkey, NULL), EVP_PKEY_CTX_free_pointer); + POSIX_GUARD_PTR(kem_pkey_ctx); + + size_t shared_secret_size = kem->shared_secret_key_length; + POSIX_GUARD_OSSL(EVP_PKEY_decapsulate(kem_pkey_ctx, shared_secret, &shared_secret_size, + (uint8_t *) ciphertext, kem->ciphertext_length), + S2N_ERR_PQ_CRYPTO); + POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size); + + return S2N_SUCCESS; +} + +#else /* If !S2N_LIBCRYPTO_SUPPORTS_EVP_KEM, we won't have a kem impl so define relevant stubs here. */ + +int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, + OUT uint8_t *private_key) +{ + return s2n_evp_kem_stub_generate_keypair(kem, public_key, private_key); +} + +int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, + IN const uint8_t *public_key) +{ + return s2n_evp_kem_stub_encapsulate(kem, ciphertext, shared_secret, public_key); +} + +int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, + IN const uint8_t *private_key) +{ + return s2n_evp_kem_stub_decapsulate(kem, shared_secret, ciphertext, private_key); +} + +#endif diff --git a/crypto/s2n_evp_kem.h b/crypto/s2n_evp_kem.h new file mode 100644 index 00000000000..f0c5e03a123 --- /dev/null +++ b/crypto/s2n_evp_kem.h @@ -0,0 +1,26 @@ +/* +* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +* +* Licensed under the Apache License, Version 2.0 (the "License"). +* You may not use this file except in compliance with the License. +* A copy of the License is located at +* +* http://aws.amazon.com/apache2.0 +* +* or in the "license" file accompanying this file. This file is distributed +* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +* express or implied. See the License for the specific language governing +* permissions and limitations under the License. +*/ + +#pragma once + +#include "tls/s2n_kem.h" + +int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, OUT uint8_t *private_key); +int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key); +int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key); + +int s2n_evp_kem_stub_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, OUT uint8_t *private_key); +int s2n_evp_kem_stub_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key); +int s2n_evp_kem_stub_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key); diff --git a/crypto/s2n_kyber_evp.c b/crypto/s2n_kyber_evp.c deleted file mode 100644 index d1e45838dbf..00000000000 --- a/crypto/s2n_kyber_evp.c +++ /dev/null @@ -1,110 +0,0 @@ -/* -* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"). -* You may not use this file except in compliance with the License. -* A copy of the License is located at -* -* http://aws.amazon.com/apache2.0 -* -* or in the "license" file accompanying this file. This file is distributed -* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -* express or implied. See the License for the specific language governing -* permissions and limitations under the License. -*/ - -#include -#include - -#include "crypto/s2n_pq.h" -#include "error/s2n_errno.h" -#include "tls/s2n_kem.h" -#include "utils/s2n_safety.h" -#include "utils/s2n_safety_macros.h" - -#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER) - -DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY *, EVP_PKEY_free); -DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY_CTX *, EVP_PKEY_CTX_free); - -int s2n_kyber_evp_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, - OUT uint8_t *secret_key) -{ - DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, NULL), EVP_PKEY_CTX_free_pointer); - POSIX_GUARD_PTR(kyber_pkey_ctx); - POSIX_GUARD_OSSL(EVP_PKEY_CTX_kem_set_params(kyber_pkey_ctx, kem->kem_nid), S2N_ERR_PQ_CRYPTO); - POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(kyber_pkey_ctx), S2N_ERR_PQ_CRYPTO); - - DEFER_CLEANUP(EVP_PKEY *kyber_pkey = NULL, EVP_PKEY_free_pointer); - POSIX_GUARD_OSSL(EVP_PKEY_keygen(kyber_pkey_ctx, &kyber_pkey), S2N_ERR_PQ_CRYPTO); - POSIX_GUARD_PTR(kyber_pkey); - - size_t public_key_size = kem->public_key_length; - POSIX_GUARD_OSSL(EVP_PKEY_get_raw_public_key(kyber_pkey, public_key, &public_key_size), S2N_ERR_PQ_CRYPTO); - POSIX_ENSURE_EQ(kem->public_key_length, public_key_size); - size_t private_key_size = kem->private_key_length; - POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kyber_pkey, secret_key, &private_key_size), S2N_ERR_PQ_CRYPTO); - POSIX_ENSURE_EQ(kem->private_key_length, private_key_size); - - return S2N_SUCCESS; -} - -int s2n_kyber_evp_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, - IN const uint8_t *public_key) -{ - DEFER_CLEANUP(EVP_PKEY *kyber_pkey = EVP_PKEY_kem_new_raw_public_key(kem->kem_nid, public_key, kem->public_key_length), EVP_PKEY_free_pointer); - POSIX_GUARD_PTR(kyber_pkey); - - DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL), EVP_PKEY_CTX_free_pointer); - POSIX_GUARD_PTR(kyber_pkey_ctx); - - size_t ciphertext_size = kem->ciphertext_length; - size_t shared_secret_size = kem->shared_secret_key_length; - POSIX_GUARD_OSSL(EVP_PKEY_encapsulate(kyber_pkey_ctx, ciphertext, &ciphertext_size, shared_secret, - &shared_secret_size), - S2N_ERR_PQ_CRYPTO); - POSIX_ENSURE_EQ(kem->ciphertext_length, ciphertext_size); - POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size); - - return S2N_SUCCESS; -} - -int s2n_kyber_evp_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, - IN const uint8_t *private_key) -{ - DEFER_CLEANUP(EVP_PKEY *kyber_pkey = EVP_PKEY_kem_new_raw_secret_key(kem->kem_nid, private_key, kem->private_key_length), EVP_PKEY_free_pointer); - POSIX_GUARD_PTR(kyber_pkey); - - DEFER_CLEANUP(EVP_PKEY_CTX *kyber_pkey_ctx = EVP_PKEY_CTX_new(kyber_pkey, NULL), EVP_PKEY_CTX_free_pointer); - POSIX_GUARD_PTR(kyber_pkey_ctx); - - size_t shared_secret_size = kem->shared_secret_key_length; - POSIX_GUARD_OSSL(EVP_PKEY_decapsulate(kyber_pkey_ctx, shared_secret, &shared_secret_size, - (uint8_t *) ciphertext, kem->ciphertext_length), - S2N_ERR_PQ_CRYPTO); - POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size); - - return S2N_SUCCESS; -} - -#else /* If !S2N_LIBCRYPTO_SUPPORTS_KYBER, we won't have a Kyber impl so define relevant stubs here. */ - -int s2n_kyber_evp_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, - OUT uint8_t *secret_key) -{ - POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); -} - -int s2n_kyber_evp_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, - IN const uint8_t *public_key) -{ - POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); -} - -int s2n_kyber_evp_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, - IN const uint8_t *secret_key) -{ - POSIX_BAIL(S2N_ERR_UNIMPLEMENTED); -} - -#endif diff --git a/crypto/s2n_kyber_evp.h b/crypto/s2n_kyber_evp.h deleted file mode 100644 index f624f4436cb..00000000000 --- a/crypto/s2n_kyber_evp.h +++ /dev/null @@ -1,22 +0,0 @@ -/* -* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -* -* Licensed under the Apache License, Version 2.0 (the "License"). -* You may not use this file except in compliance with the License. -* A copy of the License is located at -* -* http://aws.amazon.com/apache2.0 -* -* or in the "license" file accompanying this file. This file is distributed -* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -* express or implied. See the License for the specific language governing -* permissions and limitations under the License. -*/ - -#pragma once - -#include "tls/s2n_kem.h" - -int s2n_kyber_evp_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, OUT uint8_t *private_key); -int s2n_kyber_evp_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key); -int s2n_kyber_evp_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key); diff --git a/crypto/s2n_pq.c b/crypto/s2n_pq.c index 2f00663142d..ed902095adb 100644 --- a/crypto/s2n_pq.c +++ b/crypto/s2n_pq.c @@ -17,12 +17,12 @@ #include "crypto/s2n_openssl.h" -bool s2n_libcrypto_supports_kyber() +bool s2n_libcrypto_supports_evp_kem() { - /* S2N_LIBCRYPTO_SUPPORTS_KYBER will be auto-detected and #defined if - * ./tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c successfully compiles + /* S2N_LIBCRYPTO_SUPPORTS_EVP_KEM will be auto-detected and #defined if + * ./tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c successfully compiles */ -#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER) +#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_KEM) return true; #else return false; @@ -31,5 +31,5 @@ bool s2n_libcrypto_supports_kyber() bool s2n_pq_is_enabled() { - return s2n_libcrypto_supports_kyber(); + return s2n_libcrypto_supports_evp_kem(); } diff --git a/crypto/s2n_pq.h b/crypto/s2n_pq.h index cd7b59ffa4b..650f1c11344 100644 --- a/crypto/s2n_pq.h +++ b/crypto/s2n_pq.h @@ -22,4 +22,4 @@ #include "utils/s2n_safety.h" bool s2n_pq_is_enabled(void); -bool s2n_libcrypto_supports_kyber(void); +bool s2n_libcrypto_supports_evp_kem(void); diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c b/tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c similarity index 100% rename from tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c rename to tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.flags b/tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags similarity index 100% rename from tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.flags rename to tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags diff --git a/tests/unit/s2n_kem_preferences_test.c b/tests/unit/s2n_kem_preferences_test.c index d4f938b9b40..a1a166f76a6 100644 --- a/tests/unit/s2n_kem_preferences_test.c +++ b/tests/unit/s2n_kem_preferences_test.c @@ -56,29 +56,28 @@ int main(int argc, char **argv) EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP384R1_KYBER_768_R3)); EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP521R1_KYBER_1024_R3)); - if (s2n_pq_is_enabled()) { + if (s2n_libcrypto_supports_evp_kem()) { EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_512_r3)); if (s2n_is_evp_apis_supported()) { EXPECT_TRUE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3)); } else { EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3)); } - if (s2n_libcrypto_supports_kyber()) { - EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3)); - EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3)); - EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3)); - } else { - EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3)); - EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3)); - EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3)); - } - if (s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { + EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3)); + EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3)); + EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3)); + if (s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) { EXPECT_TRUE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3)); } else { EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3)); } } else { EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_512_r3)); + EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3)); + EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3)); + EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3)); + EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3)); + EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3)); } }; diff --git a/tests/unit/s2n_pq_kem_test.c b/tests/unit/s2n_pq_kem_test.c index a61fbf46cb9..44d1da247cc 100644 --- a/tests/unit/s2n_pq_kem_test.c +++ b/tests/unit/s2n_pq_kem_test.c @@ -41,7 +41,7 @@ int main() #if defined(OPENSSL_IS_AWSLC) && defined(AWSLC_API_VERSION) /* If using non-FIPS AWS-LC >= v1.6 (API vers. 21), expect Kyber512 KEM from AWS-LC */ if (!s2n_libcrypto_is_fips() && AWSLC_API_VERSION >= 21) { - EXPECT_TRUE(s2n_libcrypto_supports_kyber()); + EXPECT_TRUE(s2n_libcrypto_supports_evp_kem()); } #endif diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c index 10d1176db94..17b87755398 100644 --- a/tests/unit/s2n_security_policies_test.c +++ b/tests/unit/s2n_security_policies_test.c @@ -203,14 +203,12 @@ int main(int argc, char **argv) EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); uint32_t available_groups = 0; EXPECT_OK(s2n_kem_preferences_groups_available(security_policy->kem_preferences, &available_groups)); - if (s2n_pq_is_enabled() && s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { + if (s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) { EXPECT_EQUAL(6, available_groups); - } else if (s2n_pq_is_enabled() && s2n_libcrypto_supports_kyber() && !s2n_is_evp_apis_supported()) { + } else if (s2n_libcrypto_supports_evp_kem() && !s2n_is_evp_apis_supported()) { EXPECT_EQUAL(4, available_groups); - } else if (s2n_pq_is_enabled() && !s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(2, available_groups); - } else if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(1, available_groups); + } else if (!s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) { + EXPECT_EQUAL(0, available_groups); } else { EXPECT_EQUAL(0, available_groups); } @@ -419,14 +417,12 @@ int main(int argc, char **argv) /* All supported kem groups should be in the preference list, but not all of them may be available. */ EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); EXPECT_OK(s2n_kem_preferences_groups_available(security_policy->kem_preferences, &available_groups)); - if (s2n_pq_is_enabled() && s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { + if (s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) { EXPECT_EQUAL(6, available_groups); - } else if (s2n_pq_is_enabled() && s2n_libcrypto_supports_kyber() && !s2n_is_evp_apis_supported()) { + } else if (s2n_libcrypto_supports_evp_kem() && !s2n_is_evp_apis_supported()) { EXPECT_EQUAL(4, available_groups); - } else if (s2n_pq_is_enabled() && !s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(2, available_groups); - } else if (s2n_pq_is_enabled()) { - EXPECT_EQUAL(1, available_groups); + } else if (!s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) { + EXPECT_EQUAL(0, available_groups); } else { EXPECT_EQUAL(0, available_groups); } diff --git a/tls/s2n_kem.c b/tls/s2n_kem.c index 5d7c38363cc..13ea2c7c129 100644 --- a/tls/s2n_kem.c +++ b/tls/s2n_kem.c @@ -15,7 +15,7 @@ #include "tls/s2n_kem.h" -#include "crypto/s2n_kyber_evp.h" +#include "crypto/s2n_evp_kem.h" #include "crypto/s2n_pq.h" #include "stuffer/s2n_stuffer.h" #include "tls/extensions/s2n_key_share.h" @@ -33,9 +33,9 @@ const struct s2n_kem s2n_kyber_512_r3 = { .private_key_length = S2N_KYBER_512_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_512_R3_SHARED_SECRET_BYTES, .ciphertext_length = S2N_KYBER_512_R3_CIPHERTEXT_BYTES, - .generate_keypair = &s2n_kyber_evp_generate_keypair, - .encapsulate = &s2n_kyber_evp_encapsulate, - .decapsulate = &s2n_kyber_evp_decapsulate, + .generate_keypair = &s2n_evp_kem_generate_keypair, + .encapsulate = &s2n_evp_kem_encapsulate, + .decapsulate = &s2n_evp_kem_decapsulate, }; const struct s2n_kem s2n_kyber_768_r3 = { @@ -46,9 +46,9 @@ const struct s2n_kem s2n_kyber_768_r3 = { .private_key_length = S2N_KYBER_768_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_768_R3_SHARED_SECRET_BYTES, .ciphertext_length = S2N_KYBER_768_R3_CIPHERTEXT_BYTES, - .generate_keypair = &s2n_kyber_evp_generate_keypair, - .encapsulate = &s2n_kyber_evp_encapsulate, - .decapsulate = &s2n_kyber_evp_decapsulate, + .generate_keypair = &s2n_evp_kem_generate_keypair, + .encapsulate = &s2n_evp_kem_encapsulate, + .decapsulate = &s2n_evp_kem_decapsulate, }; const struct s2n_kem s2n_kyber_1024_r3 = { @@ -59,9 +59,9 @@ const struct s2n_kem s2n_kyber_1024_r3 = { .private_key_length = S2N_KYBER_1024_R3_SECRET_KEY_BYTES, .shared_secret_key_length = S2N_KYBER_1024_R3_SHARED_SECRET_BYTES, .ciphertext_length = S2N_KYBER_1024_R3_CIPHERTEXT_BYTES, - .generate_keypair = &s2n_kyber_evp_generate_keypair, - .encapsulate = &s2n_kyber_evp_encapsulate, - .decapsulate = &s2n_kyber_evp_decapsulate, + .generate_keypair = &s2n_evp_kem_generate_keypair, + .encapsulate = &s2n_evp_kem_encapsulate, + .decapsulate = &s2n_evp_kem_decapsulate, }; const struct s2n_kem *tls12_kyber_kems[] = { @@ -427,12 +427,8 @@ bool s2n_kem_group_is_available(const struct s2n_kem_group *kem_group) if (kem_group == NULL) { return false; } - bool available = s2n_pq_is_enabled(); - /* Only Kyber768+ requires s2n_libcrypto_supports_kyber() */ - /* TODO: remove the conditional guard when we remove the interned Kyber512 impl. */ - if (kem_group->kem != &s2n_kyber_512_r3) { - available &= s2n_libcrypto_supports_kyber(); - } + bool available = s2n_libcrypto_supports_evp_kem(); + /* x25519 based tls13_kem_groups require EVP_APIS_SUPPORTED */ if (kem_group->curve == NULL) { available = false; diff --git a/tls/s2n_kem.h b/tls/s2n_kem.h index 2d45bc9e46c..bb5ba5ff94a 100644 --- a/tls/s2n_kem.h +++ b/tls/s2n_kem.h @@ -31,7 +31,7 @@ typedef uint16_t kem_ciphertext_key_size; #define IN /* Indicates a necessary function input */ #define OUT /* Indicates a function output */ -#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER) +#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_KEM) #define S2N_NID_KYBER512 NID_KYBER512_R3 #define S2N_NID_KYBER768 NID_KYBER768_R3 #define S2N_NID_KYBER1024 NID_KYBER1024_R3 @@ -149,9 +149,6 @@ bool s2n_kem_group_is_available(const struct s2n_kem_group *kem_group); #define S2N_KYBER_512_R3_SECRET_KEY_BYTES 1632 #define S2N_KYBER_512_R3_CIPHERTEXT_BYTES 768 #define S2N_KYBER_512_R3_SHARED_SECRET_BYTES 32 -int s2n_kyber_512_r3_crypto_kem_keypair(IN const struct s2n_kem *kem, OUT uint8_t *pk, OUT uint8_t *sk); -int s2n_kyber_512_r3_crypto_kem_enc(IN const struct s2n_kem *kem, OUT uint8_t *ct, OUT uint8_t *ss, IN const uint8_t *pk); -int s2n_kyber_512_r3_crypto_kem_dec(IN const struct s2n_kem *kem, OUT uint8_t *ss, IN const uint8_t *ct, IN const uint8_t *sk); /* kyber768r3 */ #define S2N_KYBER_768_R3_PUBLIC_KEY_BYTES 1184