Skip to content

Commit bc9f59a

Browse files
skmcgrailskmcgrail
authored
KDF in Counter Mode and One-Step KDF API (#482)
* KDF in Counter Mode and One-Step KDF API * Feedback * Latest feedback * cargo fmt
1 parent 3d028a9 commit bc9f59a

File tree

9 files changed

+2552
-51
lines changed

9 files changed

+2552
-51
lines changed

aws-lc-rs/src/agreement/ephemeral.rs

Lines changed: 41 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -362,59 +362,50 @@ mod tests {
362362
let peer_public =
363363
agreement::UnparsedPublicKey::new(alg, test_case.consume_bytes("PeerQ"));
364364

365-
match test_case.consume_optional_string("Error") {
366-
None => {
367-
let my_private_bytes = test_case.consume_bytes("D");
368-
let my_private = {
369-
let rng = test::rand::FixedSliceRandom {
370-
bytes: &my_private_bytes,
371-
};
372-
agreement::EphemeralPrivateKey::generate_for_test(alg, &rng)?
365+
if test_case.consume_optional_string("Error").is_none() {
366+
let my_private_bytes = test_case.consume_bytes("D");
367+
let my_private = {
368+
let rng = test::rand::FixedSliceRandom {
369+
bytes: &my_private_bytes,
373370
};
374-
let my_public = test_case.consume_bytes("MyQ");
375-
let output = test_case.consume_bytes("Output");
376-
377-
assert_eq!(my_private.algorithm(), alg);
378-
379-
let computed_public = my_private.compute_public_key().unwrap();
380-
assert_eq!(computed_public.as_ref(), &my_public[..]);
381-
382-
assert_eq!(my_private.algorithm(), alg);
383-
384-
let result = agreement::agree_ephemeral(
385-
my_private,
386-
&peer_public,
387-
(),
388-
|key_material| {
389-
assert_eq!(key_material, &output[..]);
390-
Ok(())
391-
},
392-
);
393-
assert_eq!(
394-
result,
395-
Ok(()),
396-
"Failed on private key: {:?}",
397-
test::to_hex(my_private_bytes)
398-
);
399-
}
400-
401-
Some(_) => {
402-
fn kdf_not_called(_: &[u8]) -> Result<(), ()> {
403-
panic!(
404-
"The KDF was called during ECDH when the peer's \
371+
agreement::EphemeralPrivateKey::generate_for_test(alg, &rng)?
372+
};
373+
let my_public = test_case.consume_bytes("MyQ");
374+
let output = test_case.consume_bytes("Output");
375+
376+
assert_eq!(my_private.algorithm(), alg);
377+
378+
let computed_public = my_private.compute_public_key().unwrap();
379+
assert_eq!(computed_public.as_ref(), &my_public[..]);
380+
381+
assert_eq!(my_private.algorithm(), alg);
382+
383+
let result =
384+
agreement::agree_ephemeral(my_private, &peer_public, (), |key_material| {
385+
assert_eq!(key_material, &output[..]);
386+
Ok(())
387+
});
388+
assert_eq!(
389+
result,
390+
Ok(()),
391+
"Failed on private key: {:?}",
392+
test::to_hex(my_private_bytes)
393+
);
394+
} else {
395+
fn kdf_not_called(_: &[u8]) -> Result<(), ()> {
396+
panic!(
397+
"The KDF was called during ECDH when the peer's \
405398
public key is invalid."
406-
);
407-
}
408-
let dummy_private_key =
409-
agreement::EphemeralPrivateKey::generate(alg, &rng)?;
410-
assert!(agreement::agree_ephemeral(
411-
dummy_private_key,
412-
&peer_public,
413-
(),
414-
kdf_not_called
415-
)
416-
.is_err());
399+
);
417400
}
401+
let dummy_private_key = agreement::EphemeralPrivateKey::generate(alg, &rng)?;
402+
assert!(agreement::agree_ephemeral(
403+
dummy_private_key,
404+
&peer_public,
405+
(),
406+
kdf_not_called
407+
)
408+
.is_err());
418409
}
419410

420411
Ok(())

aws-lc-rs/src/digest.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -304,7 +304,7 @@ impl Algorithm {
304304
}
305305
}
306306

307-
#[derive(Debug, Eq, PartialEq)]
307+
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
308308
pub(crate) enum AlgorithmID {
309309
SHA1,
310310
SHA224,

aws-lc-rs/src/unstable.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,5 @@
99
//! Features contained within this module, or child modules are subject to changes, relocation,
1010
//! or removal across minor releases, and thus are not subject to semantic versioning policies.
1111
12+
pub mod kdf;
1213
pub mod kem;

0 commit comments

Comments
 (0)