diff --git a/benches/bench.rs b/benches/bench.rs index 1518129..c82d1b4 100644 --- a/benches/bench.rs +++ b/benches/bench.rs @@ -24,8 +24,9 @@ const KDF_IDS: [KdfAlgorithm; 3] = [ KdfAlgorithm::HkdfSha384, KdfAlgorithm::HkdfSha512, ]; -const KEM_IDS: [KemAlgorithm; 5] = [ +const KEM_IDS: [KemAlgorithm; 6] = [ KemAlgorithm::DhKemP256, + KemAlgorithm::DhKemK256, KemAlgorithm::DhKemP384, KemAlgorithm::DhKemP521, KemAlgorithm::DhKem25519, diff --git a/benches/manual_benches.rs b/benches/manual_benches.rs index cf759b2..4210cf8 100644 --- a/benches/manual_benches.rs +++ b/benches/manual_benches.rs @@ -29,8 +29,9 @@ const KDF_IDS: [KdfAlgorithm; 3] = [ KdfAlgorithm::HkdfSha384, KdfAlgorithm::HkdfSha512, ]; -const KEM_IDS: [KemAlgorithm; 5] = [ +const KEM_IDS: [KemAlgorithm; 6] = [ KemAlgorithm::DhKemP256, + KemAlgorithm::DhKemK256, KemAlgorithm::DhKemP384, KemAlgorithm::DhKemP521, KemAlgorithm::DhKem25519, diff --git a/fuzz/fuzz_targets/base.rs b/fuzz/fuzz_targets/base.rs index 32e1cfc..469ca33 100644 --- a/fuzz/fuzz_targets/base.rs +++ b/fuzz/fuzz_targets/base.rs @@ -8,6 +8,7 @@ fuzz_target!(|data: &[u8]| { let mut hpke = Hpke::::new( HpkeMode::Base, KemAlgorithm::DhKemP256, + KemAlgorithm::DhKemK256, KdfAlgorithm::HkdfSha256, AeadAlgorithm::Aes128Gcm, ); diff --git a/rust_crypto_provider/Cargo.toml b/rust_crypto_provider/Cargo.toml index e46dcb8..1a0b293 100644 --- a/rust_crypto_provider/Cargo.toml +++ b/rust_crypto_provider/Cargo.toml @@ -18,6 +18,10 @@ p256 = { version = "0.13", features = [ "arithmetic", "ecdh", ], default-features = false } +k256 = { version = "0.13", features = [ + "arithmetic", + "ecdh", +], default-features = false } p384 = { version = "0.13", default-features = false } x25519-dalek = { version = "2", features = ["static_secrets"] } chacha20poly1305 = { version = "0.10", default-features = false, features = [ @@ -46,6 +50,10 @@ harness = false name = "bench_p256" harness = false +[[bench]] +name = "bench_k256" +harness = false + [[bench]] name = "bench_x25519" harness = false diff --git a/rust_crypto_provider/Readme.md b/rust_crypto_provider/Readme.md index 3e059cc..a543dd5 100644 --- a/rust_crypto_provider/Readme.md +++ b/rust_crypto_provider/Readme.md @@ -5,13 +5,14 @@ ![Rust Version][rustc-image] This crate provides an implementation of the [HpkeCrypto] trait using native Rust crypto implementations -([hkdf], [sha2], [p256], [p384], [x25519-dalek], [chacha20poly1305], [aes-gcm]). +([hkdf], [sha2], [p256], [k256], [p384], [x25519-dalek], [chacha20poly1305], [aes-gcm]). Please see [hpke-rs] for more details. [hkdf]: https://docs.rs/hkdf/ [sha2]: https://docs.rs/sha2 [p256]: https://docs.rs/p256 +[k256]: https://docs.rs/k256 [p384]: https://docs.rs/p384 [x25519-dalek]: https://docs.rs/x25519-dalek [chacha20poly1305]: https://docs.rs/chacha20poly1305 diff --git a/rust_crypto_provider/benches/bench_k256.rs b/rust_crypto_provider/benches/bench_k256.rs new file mode 100644 index 0000000..aaf5b3a --- /dev/null +++ b/rust_crypto_provider/benches/bench_k256.rs @@ -0,0 +1,42 @@ +use criterion::{criterion_group, criterion_main, BatchSize, Criterion}; +use hpke_rs_crypto::{types::KemAlgorithm, HpkeCrypto}; +use hpke_rs_rust_crypto::*; + +fn criterion_benchmark(c: &mut Criterion) { + c.bench_function(&format!("K256 Derive"), |b| { + b.iter_batched( + || { + let sk = HpkeRustCrypto::kem_key_gen( + KemAlgorithm::DhKemK256, + &mut HpkeRustCrypto::prng(), + ) + .unwrap(); + let pk = HpkeRustCrypto::kem_derive_base(KemAlgorithm::DhKemK256, &sk).unwrap(); + (sk.clone(), pk.clone()) + }, + |(sk, pk)| { + let _ = HpkeRustCrypto::kem_derive(KemAlgorithm::DhKemK256, &pk, &sk); + }, + BatchSize::SmallInput, + ) + }); + c.bench_function(&format!("K256 Derive Base"), |b| { + b.iter_batched( + || { + let sk = HpkeRustCrypto::kem_key_gen( + KemAlgorithm::DhKemK256, + &mut HpkeRustCrypto::prng(), + ) + .unwrap(); + sk.clone() + }, + |sk| { + let _pk = HpkeRustCrypto::kem_derive_base(KemAlgorithm::DhKemK256, &sk).unwrap(); + }, + BatchSize::SmallInput, + ) + }); +} + +criterion_group!(benches, criterion_benchmark,); +criterion_main!(benches); diff --git a/rust_crypto_provider/src/lib.rs b/rust_crypto_provider/src/lib.rs index 90c006d..6559708 100644 --- a/rust_crypto_provider/src/lib.rs +++ b/rust_crypto_provider/src/lib.rs @@ -12,9 +12,15 @@ use hpke_rs_crypto::{ CryptoRng, HpkeCrypto, HpkeTestRng, RngCore, }; use p256::{ - elliptic_curve::{ecdh::diffie_hellman, sec1::ToEncodedPoint}, - PublicKey, SecretKey, + elliptic_curve::ecdh::diffie_hellman as p256diffie_hellman, PublicKey as p256PublicKey, + SecretKey as p256SecretKey, }; + +use k256::{ + elliptic_curve::{ecdh::diffie_hellman as k256diffie_hellman, sec1::ToEncodedPoint}, + PublicKey as k256PublicKey, SecretKey as k256SecretKey, +}; + use rand_core::SeedableRng; use x25519_dalek::{PublicKey as X25519PublicKey, StaticSecret as X25519StaticSecret}; @@ -80,9 +86,19 @@ impl HpkeCrypto for HpkeRustCrypto { .to_vec()) } KemAlgorithm::DhKemP256 => { - let sk = SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; - let pk = PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?; - Ok(diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine()) + let sk = p256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; + let pk = + p256PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?; + Ok(p256diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine()) + .raw_secret_bytes() + .as_slice() + .into()) + } + KemAlgorithm::DhKemK256 => { + let sk = k256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; + let pk = + k256PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?; + Ok(k256diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine()) .raw_secret_bytes() .as_slice() .into()) @@ -103,7 +119,11 @@ impl HpkeCrypto for HpkeRustCrypto { Ok(X25519PublicKey::from(&sk).as_bytes().to_vec()) } KemAlgorithm::DhKemP256 => { - let sk = SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; + let sk = p256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; + Ok(sk.public_key().to_encoded_point(false).as_bytes().into()) + } + KemAlgorithm::DhKemK256 => { + let sk = k256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?; Ok(sk.public_key().to_encoded_point(false).as_bytes().into()) } _ => Err(Error::UnknownKemAlgorithm), @@ -116,16 +136,24 @@ impl HpkeCrypto for HpkeRustCrypto { KemAlgorithm::DhKem25519 => Ok(X25519StaticSecret::random_from_rng(&mut *rng) .to_bytes() .to_vec()), - KemAlgorithm::DhKemP256 => { - Ok(SecretKey::random(&mut *rng).to_bytes().as_slice().into()) - } + KemAlgorithm::DhKemP256 => Ok(p256SecretKey::random(&mut *rng) + .to_bytes() + .as_slice() + .into()), + KemAlgorithm::DhKemK256 => Ok(k256SecretKey::random(&mut *rng) + .to_bytes() + .as_slice() + .into()), _ => Err(Error::UnknownKemAlgorithm), } } fn kem_validate_sk(alg: KemAlgorithm, sk: &[u8]) -> Result, Error> { match alg { - KemAlgorithm::DhKemP256 => SecretKey::from_slice(sk) + KemAlgorithm::DhKemP256 => p256SecretKey::from_slice(sk) + .map_err(|_| Error::KemInvalidSecretKey) + .map(|_| sk.into()), + KemAlgorithm::DhKemK256 => k256SecretKey::from_slice(sk) .map_err(|_| Error::KemInvalidSecretKey) .map(|_| sk.into()), _ => Err(Error::UnknownKemAlgorithm), @@ -188,7 +216,7 @@ impl HpkeCrypto for HpkeRustCrypto { /// Returns an error if the KEM algorithm is not supported by this crypto provider. fn supports_kem(alg: KemAlgorithm) -> Result<(), Error> { match alg { - KemAlgorithm::DhKem25519 | KemAlgorithm::DhKemP256 => Ok(()), + KemAlgorithm::DhKem25519 | KemAlgorithm::DhKemP256 | KemAlgorithm::DhKemK256 => Ok(()), _ => Err(Error::UnknownKemAlgorithm), } } diff --git a/src/dh_kem.rs b/src/dh_kem.rs index dfdaab5..12dfbc3 100755 --- a/src/dh_kem.rs +++ b/src/dh_kem.rs @@ -94,8 +94,36 @@ pub(super) fn derive_key_pair( ctr += 1; } } + KemAlgorithm::DhKemK256 => { + let mut ctr = 0u8; + // Do rejection sampling trying to find a valid key. + // It is expected that there aren't too many iteration and that + // the loop will always terminate. + loop { + let candidate = labeled_expand::( + alg.into(), + &dkp_prk, + suite_id, + "candidate", + &ctr.to_be_bytes(), + alg.private_key_len(), + ); + if let Ok(sk) = &candidate { + if let Ok(sk) = Crypto::kem_validate_sk(alg, sk) { + break sk; + } + } + if ctr == u8::MAX { + // If we get here we lost. This should never happen. + return Err(Error::CryptoLibraryError( + "Unable to generate a valid K256 private key".to_string(), + )); + } + ctr += 1; + } + } _ => { - panic!("This should be unreachable. Only x25519 and P256 KEMs are implemented") + panic!("This should be unreachable. Only x25519, P256, and K256 KEMs are implemented") } }; Ok((Crypto::kem_derive_base(alg, &sk)?, sk)) diff --git a/src/kem.rs b/src/kem.rs index a3b332e..83db5a1 100755 --- a/src/kem.rs +++ b/src/kem.rs @@ -20,6 +20,7 @@ pub(crate) fn encaps( ) -> Result<(Vec, Vec), Error> { match alg { KemAlgorithm::DhKemP256 + | KemAlgorithm::DhKemK256 | KemAlgorithm::DhKemP384 | KemAlgorithm::DhKemP521 | KemAlgorithm::DhKem25519 @@ -36,6 +37,7 @@ pub(crate) fn decaps( ) -> Result, Error> { match alg { KemAlgorithm::DhKemP256 + | KemAlgorithm::DhKemK256 | KemAlgorithm::DhKemP384 | KemAlgorithm::DhKemP521 | KemAlgorithm::DhKem25519 @@ -51,6 +53,7 @@ pub(crate) fn auth_encaps( ) -> Result<(Vec, Vec), Error> { match alg { KemAlgorithm::DhKemP256 + | KemAlgorithm::DhKemK256 | KemAlgorithm::DhKemP384 | KemAlgorithm::DhKemP521 | KemAlgorithm::DhKem25519 @@ -68,6 +71,7 @@ pub(crate) fn auth_decaps( ) -> Result, Error> { match alg { KemAlgorithm::DhKemP256 + | KemAlgorithm::DhKemK256 | KemAlgorithm::DhKemP384 | KemAlgorithm::DhKemP521 | KemAlgorithm::DhKem25519 @@ -83,6 +87,7 @@ pub(crate) fn key_gen( ) -> Result<(Vec, Vec), Error> { match alg { KemAlgorithm::DhKemP256 + | KemAlgorithm::DhKemK256 | KemAlgorithm::DhKemP384 | KemAlgorithm::DhKemP521 | KemAlgorithm::DhKem25519 diff --git a/tests/test_hpke.rs b/tests/test_hpke.rs index 03e8b99..db95b94 100644 --- a/tests/test_hpke.rs +++ b/tests/test_hpke.rs @@ -121,6 +121,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha256_Aes128Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha256_Aes128Gcm, HpkeMode::Base, @@ -137,6 +145,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha384_Aes128Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha384_Aes128Gcm, HpkeMode::Base, @@ -153,6 +169,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha512_Aes128Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha512_Aes128Gcm, HpkeMode::Base, @@ -169,6 +193,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha256_Aes256Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha256_Aes256Gcm, HpkeMode::Base, @@ -185,6 +217,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkempk256_hkdfsha384_Aes256Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha384_Aes256Gcm, HpkeMode::Base, @@ -201,6 +241,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha512_Aes256Gcm, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha512_Aes256Gcm, HpkeMode::Base, @@ -217,6 +265,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha256_chacha20poly1305, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); // generate_test_case!( // base_dhkemp256_hkdfsha256_chacha20poly1305_evercrypt, // HpkeMode::Base, @@ -249,6 +305,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha384_chacha20poly1305, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha384_chacha20poly1305, HpkeMode::Base, @@ -265,6 +329,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + base_dhkemk256_hkdfsha512_chacha20poly1305, + HpkeMode::Base, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( base_dhkem25519_hkdfsha512_chacha20poly1305, HpkeMode::Base, @@ -281,6 +353,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha256_Aes128Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha256_Aes128Gcm, HpkeMode::Psk, @@ -297,6 +377,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha384_Aes128Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha384_Aes128Gcm, HpkeMode::Psk, @@ -313,6 +401,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkempk256_hkdfsha512_Aes128Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha512_Aes128Gcm, HpkeMode::Psk, @@ -329,6 +425,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha256_Aes256Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha256_Aes256Gcm, HpkeMode::Psk, @@ -345,6 +449,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha384_Aes256Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha384_Aes256Gcm, HpkeMode::Psk, @@ -361,6 +473,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha512_Aes256Gcm, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha512_Aes256Gcm, HpkeMode::Psk, @@ -377,6 +497,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha256_chacha20poly1305, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha256_chacha20poly1305, HpkeMode::Psk, @@ -393,6 +521,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha384_chacha20poly1305, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha384_chacha20poly1305, HpkeMode::Psk, @@ -409,6 +545,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + psk_dhkemk256_hkdfsha512_chacha20poly1305, + HpkeMode::Psk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( psk_dhkem25519_hkdfsha512_chacha20poly1305, HpkeMode::Psk, @@ -425,6 +569,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha256_Aes128Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha256_Aes128Gcm, HpkeMode::Auth, @@ -441,6 +593,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha384_Aes128Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha384_Aes128Gcm, HpkeMode::Auth, @@ -457,6 +617,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha512_Aes128Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha512_Aes128Gcm, HpkeMode::Auth, @@ -473,6 +641,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha256_Aes256Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha256_Aes256Gcm, HpkeMode::Auth, @@ -489,6 +665,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha384_Aes256Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha384_Aes256Gcm, HpkeMode::Auth, @@ -505,6 +689,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha512_Aes256Gcm, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha512_Aes256Gcm, HpkeMode::Auth, @@ -521,6 +713,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha256_chacha20poly1305, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha256_chacha20poly1305, HpkeMode::Auth, @@ -537,6 +737,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha384_chacha20poly1305, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha384_chacha20poly1305, HpkeMode::Auth, @@ -553,6 +761,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + auth_dhkemk256_hkdfsha512_chacha20poly1305, + HpkeMode::Auth, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( auth_dhkem25519_hkdfsha512_chacha20poly1305, HpkeMode::Auth, @@ -569,6 +785,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha256_Aes128Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha256_Aes128Gcm, HpkeMode::AuthPsk, @@ -585,6 +809,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha384_Aes128Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha384_Aes128Gcm, HpkeMode::AuthPsk, @@ -601,6 +833,14 @@ generate_test_case!( AeadAlgorithm::Aes128Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha512_Aes128Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes128Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha512_Aes128Gcm, HpkeMode::AuthPsk, @@ -617,6 +857,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha256_Aes256Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha256_Aes256Gcm, HpkeMode::AuthPsk, @@ -633,6 +881,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha384_Aes256Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha384_Aes256Gcm, HpkeMode::AuthPsk, @@ -649,6 +905,14 @@ generate_test_case!( AeadAlgorithm::Aes256Gcm, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha512_Aes256Gcm, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::Aes256Gcm, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha512_Aes256Gcm, HpkeMode::AuthPsk, @@ -665,6 +929,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha256_chacha20poly1305, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha256, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha256_chacha20poly1305, HpkeMode::AuthPsk, @@ -681,6 +953,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha384_chacha20poly1305, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha384, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha384_chacha20poly1305, HpkeMode::AuthPsk, @@ -697,6 +977,14 @@ generate_test_case!( AeadAlgorithm::ChaCha20Poly1305, HpkeRustCrypto ); +generate_test_case!( + authpsk_dhkemk256_hkdfsha512_chacha20poly1305, + HpkeMode::AuthPsk, + KemAlgorithm::DhKemK256, + KdfAlgorithm::HkdfSha512, + AeadAlgorithm::ChaCha20Poly1305, + HpkeRustCrypto +); generate_test_case!( authpsk_dhkem25519_hkdfsha512_chacha20poly1305, HpkeMode::AuthPsk, diff --git a/traits/src/types.rs b/traits/src/types.rs index c5c3282..1ec6175 100644 --- a/traits/src/types.rs +++ b/traits/src/types.rs @@ -21,6 +21,9 @@ pub enum KemAlgorithm { /// DH KEM on P521 DhKemP521 = 0x0012, + /// DH KEM on secp256k1 + DhKemK256 = 0x0016, + /// DH KEM on x25519 DhKem25519 = 0x0020, @@ -41,6 +44,7 @@ impl core::convert::TryFrom for KemAlgorithm { 0x0010 => Ok(KemAlgorithm::DhKemP256), 0x0011 => Ok(KemAlgorithm::DhKemP384), 0x0012 => Ok(KemAlgorithm::DhKemP521), + 0x0016 => Ok(KemAlgorithm::DhKemK256), 0x0020 => Ok(KemAlgorithm::DhKem25519), 0x0021 => Ok(KemAlgorithm::DhKem448), _ => Err(Self::Error::UnknownKemAlgorithm), @@ -55,6 +59,7 @@ impl KemAlgorithm { KemAlgorithm::DhKemP256 => 32, KemAlgorithm::DhKemP384 => 48, KemAlgorithm::DhKemP521 => 66, + KemAlgorithm::DhKemK256 => 32, KemAlgorithm::DhKem25519 => 32, KemAlgorithm::DhKem448 => 56, } @@ -66,6 +71,7 @@ impl KemAlgorithm { KemAlgorithm::DhKemP256 => 32, KemAlgorithm::DhKemP384 => 48, KemAlgorithm::DhKemP521 => 64, + KemAlgorithm::DhKemK256 => 32, KemAlgorithm::DhKem25519 => 32, KemAlgorithm::DhKem448 => 64, } @@ -195,6 +201,7 @@ impl From for KdfAlgorithm { KemAlgorithm::DhKemP256 => KdfAlgorithm::HkdfSha256, KemAlgorithm::DhKemP384 => KdfAlgorithm::HkdfSha384, KemAlgorithm::DhKemP521 => KdfAlgorithm::HkdfSha512, + KemAlgorithm::DhKemK256 => KdfAlgorithm::HkdfSha256, KemAlgorithm::DhKem25519 => KdfAlgorithm::HkdfSha256, KemAlgorithm::DhKem448 => KdfAlgorithm::HkdfSha512, }