-
Notifications
You must be signed in to change notification settings - Fork 704
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial support for MLKEM768 (without any new Security Policies) #4816
base: main
Are you sure you want to change the base?
Conversation
316df93
to
19fcae8
Compare
a4cf925
to
d07f333
Compare
const struct s2n_kem_group *test_kem_groups[] = { | ||
&s2n_secp256r1_mlkem_768, | ||
&s2n_x25519_mlkem_768, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason this needs to be another separate list and can't be ALL_SUPPORTED_KEM_GROUPS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this missed?
eb04c73
to
a592e1e
Compare
/* MLKEM Support was added to AWSLC when AWSLC_API_VERSION == 29 */ | ||
if (s2n_libcrypto_is_awslc() && s2n_libcrypto_awslc_api_version() >= 30) { | ||
EXPECT_TRUE(s2n_libcrypto_supports_mlkem()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct? It looks like the NID_MLKEM768
field used in the feature probe was defined in aws/aws-lc#1797, which was API version 30. Or was NID_MLKEM768
somehow exposed earlier?
@@ -17,6 +17,8 @@ | |||
|
|||
#include "utils/s2n_result.h" | |||
|
|||
uint64_t s2n_libcrypto_awslc_api_version(void); | |||
bool s2n_libcrypto_is_awslc(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s2n_libcrypto_is_awslc()
is already defined in s2n_openssl.h:
Line 59 in 7324a33
bool s2n_libcrypto_is_awslc(); |
This header does seem like a more reasonable place to define the libcrypto_is
functions, but moving them may be out of scope for this PR.
@@ -34,6 +34,22 @@ const s2n_extension_type s2n_server_key_share_extension = { | |||
.if_missing = s2n_extension_noop_if_missing, | |||
}; | |||
|
|||
static int s2n_server_key_share_send_hybrid_partial_ecc(struct s2n_connection *conn, struct s2n_stuffer *out) | |||
{ | |||
struct s2n_kem_group_params *server_kem_group_params = &conn->kex_params.server_kem_group_params; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
struct s2n_kem_group_params *server_kem_group_params = &conn->kex_params.server_kem_group_params; | |
POSIX_ENSURE_REF(conn); | |
struct s2n_kem_group_params *server_kem_group_params = &conn->kex_params.server_kem_group_params; |
@@ -157,6 +171,27 @@ static int s2n_server_key_share_send(struct s2n_connection *conn, struct s2n_stu | |||
return S2N_SUCCESS; | |||
} | |||
|
|||
static int s2n_server_key_share_recv_hybrid_partial_ecc(struct s2n_connection *conn, struct s2n_stuffer *extension) | |||
{ | |||
struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; | |
POSIX_ENSURE_REF(conn); | |
struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; |
{ | ||
struct s2n_kem_params *client_kem_params = &conn->kex_params.client_kem_group_params.kem_params; | ||
struct s2n_kem_group_params *server_kem_group_params = &conn->kex_params.server_kem_group_params; | ||
uint16_t expected_ecc_share_size = server_kem_group_params->kem_group->curve->share_size; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit - I think kem_group
can be null:
uint16_t expected_ecc_share_size = server_kem_group_params->kem_group->curve->share_size; | |
const struct s2n_kem_group *server_kem_group = server_kem_group_params->kem_group; | |
POSIX_ENSURE_REF(server_kem_group); | |
uint16_t expected_ecc_share_size = server_kem_group->curve->share_size; |
const struct s2n_kem_group *test_kem_groups[] = { | ||
&s2n_secp256r1_mlkem_768, | ||
&s2n_x25519_mlkem_768, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this missed?
@@ -406,6 +406,27 @@ int main() | |||
.ecc_preferences = &s2n_ecc_preferences_20201021, | |||
}; | |||
|
|||
const struct s2n_kem_group *mlkem768_test_groups[] = { | |||
&s2n_x25519_mlkem_768, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I'm understanding this test correctly, I think this will only try to handshake with s2n_x25519_mlkem_768
? Would it be worth adding a self-talk test here or somewhere else that negotiates both of these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like our CI might be using an older version of AWS-LC:
-- feature S2N_LIBCRYPTO_SUPPORTS_MLKEM: FALSE
We may want to update that before merging so all of the tests can run.
Resolved issues:
None
Description of changes:
Part 2 in a multi-part series to add
X25519MLKEM768
support to s2n. (Previous PR is: #4810)This PR includes the following changes:
send_kem_first
boolean parameter for Hybrid PQ KeyShares (needed forX25519MLKEM768
).MLKEM768
X25519MLKEM768
andSecP256r1MLKEM768
X25519MLKEM768
and confirm shared secret calculation is correct.Call-outs:
No new s2n-tls security policies with
X25519MLKEM768
have been added (other thantest_all
Policy). These new MLKEM-768 security policies will be coming in a later PR.Testing:
X25519MLKEM768
Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.