Skip to content

Commit

Permalink
KDF in Counter Mode and One-Step KDF API (#482)
Browse files Browse the repository at this point in the history 
* KDF in Counter Mode and One-Step KDF API

* Feedback

* Latest feedback

* cargo fmt
  • Loading branch information
@skmcgrail
skmcgrail authored Aug 16, 2024
1 parent 3d028a9 commit bc9f59a
Show file tree
Hide file tree
Showing 9 changed files with 2,552 additions and 51 deletions.
91 changes: 41 additions & 50 deletions aws-lc-rs/src/agreement/ephemeral.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,59 +362,50 @@ mod tests {
let peer_public =
agreement::UnparsedPublicKey::new(alg, test_case.consume_bytes("PeerQ"));

match test_case.consume_optional_string("Error") {
None => {
let my_private_bytes = test_case.consume_bytes("D");
let my_private = {
let rng = test::rand::FixedSliceRandom {
bytes: &my_private_bytes,
};
agreement::EphemeralPrivateKey::generate_for_test(alg, &rng)?
if test_case.consume_optional_string("Error").is_none() {
let my_private_bytes = test_case.consume_bytes("D");
let my_private = {
let rng = test::rand::FixedSliceRandom {
bytes: &my_private_bytes,
};
let my_public = test_case.consume_bytes("MyQ");
let output = test_case.consume_bytes("Output");

assert_eq!(my_private.algorithm(), alg);

let computed_public = my_private.compute_public_key().unwrap();
assert_eq!(computed_public.as_ref(), &my_public[..]);

assert_eq!(my_private.algorithm(), alg);

let result = agreement::agree_ephemeral(
my_private,
&peer_public,
(),
|key_material| {
assert_eq!(key_material, &output[..]);
Ok(())
},
);
assert_eq!(
result,
Ok(()),
"Failed on private key: {:?}",
test::to_hex(my_private_bytes)
);
}

Some(_) => {
fn kdf_not_called(_: &[u8]) -> Result<(), ()> {
panic!(
"The KDF was called during ECDH when the peer's \
agreement::EphemeralPrivateKey::generate_for_test(alg, &rng)?
};
let my_public = test_case.consume_bytes("MyQ");
let output = test_case.consume_bytes("Output");

assert_eq!(my_private.algorithm(), alg);

let computed_public = my_private.compute_public_key().unwrap();
assert_eq!(computed_public.as_ref(), &my_public[..]);

assert_eq!(my_private.algorithm(), alg);

let result =
agreement::agree_ephemeral(my_private, &peer_public, (), |key_material| {
assert_eq!(key_material, &output[..]);
Ok(())
});
assert_eq!(
result,
Ok(()),
"Failed on private key: {:?}",
test::to_hex(my_private_bytes)
);
} else {
fn kdf_not_called(_: &[u8]) -> Result<(), ()> {
panic!(
"The KDF was called during ECDH when the peer's \
public key is invalid."
);
}
let dummy_private_key =
agreement::EphemeralPrivateKey::generate(alg, &rng)?;
assert!(agreement::agree_ephemeral(
dummy_private_key,
&peer_public,
(),
kdf_not_called
)
.is_err());
);
}
let dummy_private_key = agreement::EphemeralPrivateKey::generate(alg, &rng)?;
assert!(agreement::agree_ephemeral(
dummy_private_key,
&peer_public,
(),
kdf_not_called
)
.is_err());
}

Ok(())
Expand Down
2 changes: 1 addition & 1 deletion aws-lc-rs/src/digest.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,7 @@ impl Algorithm {
}
}

#[derive(Debug, Eq, PartialEq)]
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub(crate) enum AlgorithmID {
SHA1,
SHA224,
Expand Down
1 change: 1 addition & 0 deletions aws-lc-rs/src/unstable.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,5 @@
//! Features contained within this module, or child modules are subject to changes, relocation,
//! or removal across minor releases, and thus are not subject to semantic versioning policies.
pub mod kdf;
pub mod kem;
Loading

0 comments on commit bc9f59a

Please sign in to comment.