-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial support for MLKEM768 (without any new Security Policies) #4816
Conversation
316df93
to
19fcae8
Compare
a4cf925
to
d07f333
Compare
a592e1e
to
90ec719
Compare
8e227ab
to
128df67
Compare
#include "crypto/s2n_libcrypto.h" | ||
#include "s2n_test.h" | ||
#include "testlib/s2n_testlib.h" | ||
|
||
bool s2n_libcrypto_supports_flag_no_check_time(); | ||
uint64_t s2n_libcrypto_awslc_api_version(void); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is this change related to the rest of this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not, this change is a cleanup that probably should have been included in the previous PR. This is the only other use of s2n_libcrypto_awslc_api_version()
in the s2n unit tests. Now that this API was added to s2n_libcrypto.h
I updated this test to include the header instead of declaring the API itself.
Resolved issues:
None
Note: PR #4823 should be reviewed and merged before this PR.
Description of changes:
Part 3 in a multi-part series to add
X25519MLKEM768
support to s2n.This PR includes the following changes:
send_kem_first
boolean parameter for Hybrid PQ KeyShares (needed forX25519MLKEM768
).MLKEM768
X25519MLKEM768
andSecP256r1MLKEM768
X25519MLKEM768
and confirm shared secret calculation is correct.Call-outs:
No new s2n-tls security policies with
X25519MLKEM768
have been added (other thantest_all
Policy). These new MLKEM-768 security policies will be coming in a later PR.Previous PR's must be merged first:
Testing:
X25519MLKEM768
Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.