Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ML-KEM Feature Probe and Test #4823

Merged
merged 4 commits into from
Oct 9, 2024

Conversation

alexw91
Copy link
Contributor

@alexw91 alexw91 commented Oct 4, 2024

Resolved issues:

N/A

Description of changes:

Part 2 in a multi-part series to add X25519MLKEM768 support to s2n. This PR adds a LibCrypto feature probe for ML-KEM Support, and unit test that confirms feature probe works as expected.

Call-outs:

  • Docker Containers in CI do not yet have a new enough version of AWS-LC

Previous PR's must be merged first:

Testing:

Tested locally against AWS-LC built from the tip of their main branch.

-- The C compiler identification is GNU 9.5.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/gcc-9 - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detected CMAKE_SYSTEM_PROCESSOR as x86_64
-- Detected 64-Bit system
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Success
-- Found Threads: TRUE  
-- FOUND AWS-LC CRYPTO cmake config - static
-- Using libcrypto from the cmake path
-- Enabling libcrypto interning
-- CMAKE_AR found: /usr/bin/ar
-- CMAKE_RANLIB found: /usr/bin/ranlib
-- CMAKE_OBJCOPY found: /usr/bin/objcopy
-- feature S2N_ATOMIC_SUPPORTED: TRUE
-- feature S2N_CLOEXEC_SUPPORTED: TRUE
-- feature S2N_CLOEXEC_XOPEN_SUPPORTED: TRUE
-- feature S2N_CLONE_SUPPORTED: TRUE
-- feature S2N_CPUID_AVAILABLE: TRUE
-- feature S2N_DIAGNOSTICS_POP_SUPPORTED: TRUE
-- feature S2N_DIAGNOSTICS_PUSH_SUPPORTED: TRUE
-- feature S2N_EXECINFO_AVAILABLE: TRUE
-- feature S2N_FALL_THROUGH_SUPPORTED: TRUE
-- feature S2N_FEATURES_AVAILABLE: TRUE
-- feature S2N_KTLS_SUPPORTED: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EC_KEY_CHECK_FIPS: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_AEAD_TLS: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_KEM: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD5_SHA1_HASH: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_MD_CTX_SET_PKEY_CTX: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_EVP_RC4: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_FLAG_NO_CHECK_TIME: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_HKDF: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_MLKEM: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_RSA_PSS_SIGNING: TRUE
-- feature S2N_LIBCRYPTO_SUPPORTS_X509_STORE_LIST: TRUE
-- feature S2N_LINUX_SENDFILE: TRUE
-- feature S2N_MADVISE_SUPPORTED: TRUE
-- feature S2N_MINHERIT_SUPPORTED: FALSE
-- feature S2N_STACKTRACE: TRUE
-- AWS::crypto target type: STATIC_LIBRARY
-- crypto_STATIC_LIBRARY: /home/ANT.AMAZON.COM/aweibel/workspace/aws-sdks/local-c-install/lib/libcrypto.a
-- crypto_INCLUDE_DIR: /home/ANT.AMAZON.COM/aweibel/workspace/aws-sdks/local-c-install/include
-- Running tests with environment: S2N_DONT_MLOCK=1
-- Configuring done
-- Generating done
-- Build files have been written to: /home/ANT.AMAZON.COM/aweibel/workspace/github/s2n/build
[  0%] Generating libcrypto.symbols
[  0%] Built target s2n_libcrypto
...

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Copy link
Contributor

@lrstewart lrstewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to confirm that S2N_LIBCRYPTO_SUPPORTS_MLKEM is true for at least a subset of the CI (and at least one asan or valgrind test) before merging this.

tests/unit/s2n_mlkem_test.c Outdated Show resolved Hide resolved
@alexw91 alexw91 force-pushed the mlkem-feature-detection branch from 08e7a8e to f3e8f82 Compare October 7, 2024 19:04
@alexw91 alexw91 force-pushed the mlkem-feature-detection branch from f3e8f82 to 59554b6 Compare October 8, 2024 16:19
@alexw91
Copy link
Contributor Author

alexw91 commented Oct 8, 2024

We need to confirm that S2N_LIBCRYPTO_SUPPORTS_MLKEM is true for at least a subset of the CI (and at least one asan or valgrind test) before merging this.

The AWS CodeBuild BuildBatch us-west-2 (AddressSanitizer) CI Build passed with feature S2N_LIBCRYPTO_SUPPORTS_MLKEM: TRUE.

https://us-west-2.codebuild.aws.amazon.com/project/eyJlbmNyeXB0ZWREYXRhIjoiZUNRMGVsWlRzOEZndkRTUHZ6Vk93Mlp1cnJYQzJBOUVDRHdaN1ZSNDE1RktMNjNIWHNYQVkwU01sdnBodWJVRW91ZDlqZzBlWUNRZGdQVGt6cEJvangxWEYwdzFBbXVVT00xMWJUb0Q4UHdsIiwiaXZQYXJhbWV0ZXJTcGVjIjoiWFQvNll0cFZOdmVsWGdVSyIsIm1hdGVyaWFsU2V0U2VyaWFsIjoxfQ%3D%3D/build/cd7aab2e-2276-4c3f-9925-7baa3e81feb7

@alexw91 alexw91 requested a review from goatgoose October 8, 2024 21:34
@goatgoose goatgoose enabled auto-merge (squash) October 8, 2024 21:38
@goatgoose goatgoose merged commit ce0234e into aws:main Oct 9, 2024
37 of 38 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants