Update PQ code to be generic over EVP_KEM API's instead of Kyber-spec…

…ific
aws · Oct 1, 2024 · ca9d20c · ca9d20c
1 parent 5f6bb25
commit ca9d20c
Show file tree

Hide file tree

Showing 14 changed files with 193 additions and 183 deletions.
diff --git a/crypto/s2n_evp_kem.c b/crypto/s2n_evp_kem.c
@@ -0,0 +1,128 @@
+/*
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#include <openssl/evp.h>
+#include <stddef.h>
+
+#include "crypto/s2n_pq.h"
+#include "error/s2n_errno.h"
+#include "tls/s2n_kem.h"
+#include "utils/s2n_safety.h"
+#include "utils/s2n_safety_macros.h"
+
+int s2n_evp_kem_stub_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key,
+        OUT uint8_t *private_key)
+{
+    POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
+}
+
+int s2n_evp_kem_stub_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret,
+        IN const uint8_t *public_key)
+{
+    POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
+}
+
+int s2n_evp_kem_stub_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext,
+        IN const uint8_t *private_key)
+{
+    POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
+}
+
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_KEM)
+
+DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY *, EVP_PKEY_free);
+DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY_CTX *, EVP_PKEY_CTX_free);
+
+int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key,
+        OUT uint8_t *secret_key)
+{
+    DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, NULL), EVP_PKEY_CTX_free_pointer);
+    POSIX_GUARD_PTR(kem_pkey_ctx);
+    POSIX_GUARD_OSSL(EVP_PKEY_CTX_kem_set_params(kem_pkey_ctx, kem->kem_nid), S2N_ERR_PQ_CRYPTO);
+    POSIX_GUARD_OSSL(EVP_PKEY_keygen_init(kem_pkey_ctx), S2N_ERR_PQ_CRYPTO);
+
+    DEFER_CLEANUP(EVP_PKEY *kem_pkey = NULL, EVP_PKEY_free_pointer);
+    POSIX_GUARD_OSSL(EVP_PKEY_keygen(kem_pkey_ctx, &kem_pkey), S2N_ERR_PQ_CRYPTO);
+    POSIX_GUARD_PTR(kem_pkey);
+
+    size_t public_key_size = kem->public_key_length;
+    POSIX_GUARD_OSSL(EVP_PKEY_get_raw_public_key(kem_pkey, public_key, &public_key_size), S2N_ERR_PQ_CRYPTO);
+    POSIX_ENSURE_EQ(kem->public_key_length, public_key_size);
+    size_t private_key_size = kem->private_key_length;
+    POSIX_GUARD_OSSL(EVP_PKEY_get_raw_private_key(kem_pkey, secret_key, &private_key_size), S2N_ERR_PQ_CRYPTO);
+    POSIX_ENSURE_EQ(kem->private_key_length, private_key_size);
+
+    return S2N_SUCCESS;
+}
+
+int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret,
+        IN const uint8_t *public_key)
+{
+    DEFER_CLEANUP(EVP_PKEY *kem_pkey = EVP_PKEY_kem_new_raw_public_key(kem->kem_nid, public_key, kem->public_key_length), EVP_PKEY_free_pointer);
+    POSIX_GUARD_PTR(kem_pkey);
+
+    DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new(kem_pkey, NULL), EVP_PKEY_CTX_free_pointer);
+    POSIX_GUARD_PTR(kem_pkey_ctx);
+
+    size_t ciphertext_size = kem->ciphertext_length;
+    size_t shared_secret_size = kem->shared_secret_key_length;
+    POSIX_GUARD_OSSL(EVP_PKEY_encapsulate(kem_pkey_ctx, ciphertext, &ciphertext_size, shared_secret,
+                             &shared_secret_size),
+            S2N_ERR_PQ_CRYPTO);
+    POSIX_ENSURE_EQ(kem->ciphertext_length, ciphertext_size);
+    POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size);
+
+    return S2N_SUCCESS;
+}
+
+int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext,
+        IN const uint8_t *private_key)
+{
+    DEFER_CLEANUP(EVP_PKEY *kem_pkey = EVP_PKEY_kem_new_raw_secret_key(kem->kem_nid, private_key, kem->private_key_length), EVP_PKEY_free_pointer);
+    POSIX_GUARD_PTR(kem_pkey);
+
+    DEFER_CLEANUP(EVP_PKEY_CTX *kem_pkey_ctx = EVP_PKEY_CTX_new(kem_pkey, NULL), EVP_PKEY_CTX_free_pointer);
+    POSIX_GUARD_PTR(kem_pkey_ctx);
+
+    size_t shared_secret_size = kem->shared_secret_key_length;
+    POSIX_GUARD_OSSL(EVP_PKEY_decapsulate(kem_pkey_ctx, shared_secret, &shared_secret_size,
+                             (uint8_t *) ciphertext, kem->ciphertext_length),
+            S2N_ERR_PQ_CRYPTO);
+    POSIX_ENSURE_EQ(kem->shared_secret_key_length, shared_secret_size);
+
+    return S2N_SUCCESS;
+}
+
+#else /* If !S2N_LIBCRYPTO_SUPPORTS_EVP_KEM, we won't have a kem impl so define relevant stubs here. */
+
+int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key,
+        OUT uint8_t *private_key)
+{
+    return s2n_evp_kem_stub_generate_keypair(kem, public_key, private_key);
+}
+
+int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret,
+        IN const uint8_t *public_key)
+{
+    return s2n_evp_kem_stub_encapsulate(kem, ciphertext, shared_secret, public_key);
+}
+
+int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext,
+        IN const uint8_t *private_key)
+{
+    return s2n_evp_kem_stub_decapsulate(kem, shared_secret, ciphertext, private_key);
+}
+
+#endif
diff --git a/crypto/s2n_evp_kem.h b/crypto/s2n_evp_kem.h
@@ -0,0 +1,26 @@
+/*
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#pragma once
+
+#include "tls/s2n_kem.h"
+
+int s2n_evp_kem_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, OUT uint8_t *private_key);
+int s2n_evp_kem_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key);
+int s2n_evp_kem_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key);
+
+int s2n_evp_kem_stub_generate_keypair(IN const struct s2n_kem *kem, OUT uint8_t *public_key, OUT uint8_t *private_key);
+int s2n_evp_kem_stub_encapsulate(IN const struct s2n_kem *kem, OUT uint8_t *ciphertext, OUT uint8_t *shared_secret, IN const uint8_t *public_key);
+int s2n_evp_kem_stub_decapsulate(IN const struct s2n_kem *kem, OUT uint8_t *shared_secret, IN const uint8_t *ciphertext, IN const uint8_t *private_key);
diff --git a/crypto/s2n_kyber_evp.c b/crypto/s2n_kyber_evp.c
diff --git a/crypto/s2n_kyber_evp.h b/crypto/s2n_kyber_evp.h
diff --git a/crypto/s2n_pq.c b/crypto/s2n_pq.c
@@ -17,12 +17,12 @@
 
 #include "crypto/s2n_openssl.h"
 
-bool s2n_libcrypto_supports_kyber()
+bool s2n_libcrypto_supports_evp_kem()
 {
-    /* S2N_LIBCRYPTO_SUPPORTS_KYBER will be auto-detected and #defined if
-     * ./tests/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c successfully compiles
+    /* S2N_LIBCRYPTO_SUPPORTS_EVP_KEM will be auto-detected and #defined if
+     * ./tests/features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c successfully compiles
      */
-#if defined(S2N_LIBCRYPTO_SUPPORTS_KYBER)
+#if defined(S2N_LIBCRYPTO_SUPPORTS_EVP_KEM)
     return true;
 #else
     return false;
@@ -31,5 +31,5 @@ bool s2n_libcrypto_supports_kyber()
 
 bool s2n_pq_is_enabled()
 {
-    return s2n_libcrypto_supports_kyber();
+    return s2n_libcrypto_supports_evp_kem();
 }
diff --git a/crypto/s2n_pq.h b/crypto/s2n_pq.h
@@ -22,4 +22,4 @@
 #include "utils/s2n_safety.h"
 
 bool s2n_pq_is_enabled(void);
-bool s2n_libcrypto_supports_kyber(void);
+bool s2n_libcrypto_supports_evp_kem(void);
diff --git a/...s/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c → ...features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c b/...s/features/S2N_LIBCRYPTO_SUPPORTS_KYBER.c → ...features/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.c
diff --git a/...atures/S2N_LIBCRYPTO_SUPPORTS_KYBER.flags → ...ures/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags b/...atures/S2N_LIBCRYPTO_SUPPORTS_KYBER.flags → ...ures/S2N_LIBCRYPTO_SUPPORTS_EVP_KEM.flags
diff --git a/tests/fuzz/s2n_kyber_r3_recv_public_key_fuzz_test.c b/tests/fuzz/s2n_kyber_r3_recv_public_key_fuzz_test.c
@@ -31,7 +31,7 @@ static struct s2n_kem_params kyber1024_r3_draft5_params = { .kem = &s2n_kyber_10
 
 int s2n_fuzz_test(const uint8_t *buf, size_t len)
 {
-    if (s2n_libcrypto_supports_kyber()) {
+    if (s2n_libcrypto_supports_evp_kem()) {
         POSIX_GUARD(s2n_kem_recv_public_key_fuzz_test(buf, len, &kyber512_r3_draft0_params));
         POSIX_GUARD(s2n_kem_recv_public_key_fuzz_test(buf, len, &kyber512_r3_draft5_params));
         POSIX_GUARD(s2n_kem_recv_public_key_fuzz_test(buf, len, &kyber768_r3_draft5_params));

diff --git a/tests/unit/s2n_kem_preferences_test.c b/tests/unit/s2n_kem_preferences_test.c
@@ -56,29 +56,28 @@ int main(int argc, char **argv)
         EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP384R1_KYBER_768_R3));
         EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP521R1_KYBER_1024_R3));
 
-        if (s2n_pq_is_enabled()) {
+        if (s2n_libcrypto_supports_evp_kem()) {
             EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_512_r3));
             if (s2n_is_evp_apis_supported()) {
                 EXPECT_TRUE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3));
             } else {
                 EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3));
             }
-            if (s2n_libcrypto_supports_kyber()) {
-                EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3));
-                EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3));
-                EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3));
-            } else {
-                EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3));
-                EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3));
-                EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3));
-            }
-            if (s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) {
+            EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3));
+            EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3));
+            EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3));
+            if (s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) {
                 EXPECT_TRUE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3));
             } else {
                 EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3));
             }
         } else {
             EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_512_r3));
+            EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3));
+            EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3));
+            EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3));
+            EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3));
+            EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3));
         }
     };
 

diff --git a/tests/unit/s2n_pq_kem_test.c b/tests/unit/s2n_pq_kem_test.c
@@ -41,7 +41,7 @@ int main()
 #if defined(OPENSSL_IS_AWSLC) && defined(AWSLC_API_VERSION)
     /* If using non-FIPS AWS-LC >= v1.6 (API vers. 21), expect Kyber512 KEM from AWS-LC */
     if (!s2n_libcrypto_is_fips() && AWSLC_API_VERSION >= 21) {
-        EXPECT_TRUE(s2n_libcrypto_supports_kyber());
+        EXPECT_TRUE(s2n_libcrypto_supports_evp_kem());
     }
 #endif