Skip to content

Commit

Permalink
Add initial support for MLKEM768 (without any new Security Policies) (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
alexw91 authored Oct 11, 2024
1 parent 6dadf04 commit 5a2fdf6
Show file tree
Hide file tree
Showing 15 changed files with 602 additions and 197 deletions.
31 changes: 31 additions & 0 deletions tests/unit/kats/generate_pq_hybrid_tls13_handshake_kats.py
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,34 @@
"pq_shared_secret": "B10F7394926AD3B49C5D62D5AEB531D5757538BCC0DA9E550D438F1B61BD7419",
"transcript_hash": "35412cebcf35cb8a7af8f78278a486fc798f8702eaebd067c97acb27bffe13524d8426a4ed57956b4fd0ffdc4c90be52",
},
{
"group_name": "X25519MLKEM768",
"cipher_suite": "TLS_AES_128_GCM_SHA256",
"ec_shared_secret": "519be87fa0599077e5673d6f2d910aa150d7fef783c5e1491961fdf63b255910",
"pq_shared_secret": "B408D5D115713F0A93047DBBEA832E4340787686D59A9A2D106BD662BA0AA035",
"transcript_hash": "f5f7f7867668be4b792159d4d194a03ec5cfa238b6409b5ca2ddccfddcc92a2b",
},
{
"group_name": "X25519MLKEM768",
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"ec_shared_secret": "519be87fa0599077e5673d6f2d910aa150d7fef783c5e1491961fdf63b255910",
"pq_shared_secret": "B408D5D115713F0A93047DBBEA832E4340787686D59A9A2D106BD662BA0AA035",
"transcript_hash": "35412cebcf35cb8a7af8f78278a486fc798f8702eaebd067c97acb27bffe13524d8426a4ed57956b4fd0ffdc4c90be52",
},
{
"group_name": "SecP256r1MLKEM768",
"cipher_suite": "TLS_AES_128_GCM_SHA256",
"ec_shared_secret": "9348e27655539e08fffe46b35f863dd634e7437cc6bc11c7d329ef5484ec3b60",
"pq_shared_secret": "B408D5D115713F0A93047DBBEA832E4340787686D59A9A2D106BD662BA0AA035",
"transcript_hash": "f5f7f7867668be4b792159d4d194a03ec5cfa238b6409b5ca2ddccfddcc92a2b",
},
{
"group_name": "SecP256r1MLKEM768",
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"ec_shared_secret": "9348e27655539e08fffe46b35f863dd634e7437cc6bc11c7d329ef5484ec3b60",
"pq_shared_secret": "B408D5D115713F0A93047DBBEA832E4340787686D59A9A2D106BD662BA0AA035",
"transcript_hash": "35412cebcf35cb8a7af8f78278a486fc798f8702eaebd067c97acb27bffe13524d8426a4ed57956b4fd0ffdc4c90be52",
},
]


Expand All @@ -233,6 +261,9 @@ def hkdf_expand_label(key: bytes, label: str, context: bytes, hash_alg: str):

def compute_secrets(input_vector: dict):
shared_secret = bytes.fromhex(input_vector["ec_shared_secret"] + input_vector["pq_shared_secret"])
if (input_vector["group_name"] == "X25519MLKEM768"):
shared_secret = bytes.fromhex(input_vector["pq_shared_secret"] + input_vector["ec_shared_secret"])

hash_alg = input_vector["cipher_suite"].split("_")[-1].lower()
zeros = bytearray([0] * hashlib.new(hash_alg).digest_size)
transcript_hash = bytes.fromhex(input_vector["transcript_hash"])
Expand Down
221 changes: 147 additions & 74 deletions tests/unit/s2n_client_key_share_extension_pq_test.c

Large diffs are not rendered by default.

28 changes: 17 additions & 11 deletions tests/unit/s2n_kem_preferences_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ int main(int argc, char **argv)
BEGIN_TEST();
EXPECT_SUCCESS(s2n_disable_tls13_in_test());

EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_SECP256R1_MLKEM_768));
EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_X25519_MLKEM_768));
EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3));
EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_X25519_KYBER_768_R3));
EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3));
Expand All @@ -33,22 +35,15 @@ int main(int argc, char **argv)
EXPECT_FALSE(s2n_kem_preferences_includes_tls13_kem_group(&kem_preferences_null, TLS_PQ_KEM_GROUP_ID_SECP521R1_KYBER_1024_R3));

{
const struct s2n_kem_group *test_kem_groups[] = {
&s2n_secp256r1_kyber_512_r3,
&s2n_x25519_kyber_512_r3,
&s2n_secp384r1_kyber_768_r3,
&s2n_secp256r1_kyber_768_r3,
&s2n_x25519_kyber_768_r3,
&s2n_secp521r1_kyber_1024_r3,
};

const struct s2n_kem_preferences test_prefs = {
.kem_count = 0,
.kems = NULL,
.tls13_kem_group_count = s2n_array_len(test_kem_groups),
.tls13_kem_groups = test_kem_groups,
.tls13_kem_group_count = S2N_KEM_GROUPS_COUNT,
.tls13_kem_groups = ALL_SUPPORTED_KEM_GROUPS,
};

EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP256R1_MLKEM_768));
EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_X25519_MLKEM_768));
EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_X25519_KYBER_512_R3));
EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_X25519_KYBER_768_R3));
EXPECT_TRUE(s2n_kem_preferences_includes_tls13_kem_group(&test_prefs, TLS_PQ_KEM_GROUP_ID_SECP256R1_KYBER_512_R3));
Expand All @@ -69,13 +64,24 @@ int main(int argc, char **argv)
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3));
}

if (s2n_libcrypto_supports_mlkem()) {
EXPECT_TRUE(s2n_kem_group_is_available(&s2n_secp256r1_mlkem_768));
if (s2n_is_evp_apis_supported()) {
EXPECT_TRUE(s2n_kem_group_is_available(&s2n_x25519_mlkem_768));
} else {
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_mlkem_768));
}
}
} else {
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_512_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_512_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_kyber_768_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_kyber_768_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp384r1_kyber_768_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp521r1_kyber_1024_r3));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_secp256r1_mlkem_768));
EXPECT_FALSE(s2n_kem_group_is_available(&s2n_x25519_mlkem_768));
}
};

Expand Down
32 changes: 17 additions & 15 deletions tests/unit/s2n_pq_kem_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
#include "utils/s2n_safety.h"

static const struct s2n_kem *test_vectors[] = {
&s2n_mlkem_768,
&s2n_kyber_512_r3,
&s2n_kyber_768_r3,
&s2n_kyber_1024_r3,
Expand Down Expand Up @@ -63,25 +64,26 @@ int main()
DEFER_CLEANUP(struct s2n_blob ciphertext = { 0 }, s2n_free);
EXPECT_SUCCESS(s2n_alloc(&ciphertext, kem->ciphertext_length));

if (s2n_pq_is_enabled()) {
/* Test a successful round-trip: keygen->enc->dec */
EXPECT_PQ_KEM_SUCCESS(kem->generate_keypair(kem, public_key.data, private_key.data));
EXPECT_PQ_KEM_SUCCESS(kem->encapsulate(kem, ciphertext.data, client_shared_secret.data, public_key.data));
EXPECT_PQ_KEM_SUCCESS(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data));
EXPECT_BYTEARRAY_EQUAL(server_shared_secret.data, client_shared_secret.data, kem->shared_secret_key_length);

/* By design, if an invalid private key + ciphertext pair is provided to decapsulate(),
* the function should still succeed (return S2N_SUCCESS); however, the shared secret
* that was "decapsulated" will be a garbage random value. */
ciphertext.data[0] ^= 1; /* Flip a bit to invalidate the ciphertext */

EXPECT_PQ_KEM_SUCCESS(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data));
EXPECT_BYTEARRAY_NOT_EQUAL(server_shared_secret.data, client_shared_secret.data, kem->shared_secret_key_length);
} else {
if (!s2n_kem_is_available(kem)) {
EXPECT_FAILURE_WITH_ERRNO(kem->generate_keypair(kem, public_key.data, private_key.data), S2N_ERR_UNIMPLEMENTED);
EXPECT_FAILURE_WITH_ERRNO(kem->encapsulate(kem, ciphertext.data, client_shared_secret.data, public_key.data), S2N_ERR_UNIMPLEMENTED);
EXPECT_FAILURE_WITH_ERRNO(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data), S2N_ERR_UNIMPLEMENTED);
continue;
}

/* Test a successful round-trip: keygen->enc->dec */
EXPECT_PQ_KEM_SUCCESS(kem->generate_keypair(kem, public_key.data, private_key.data));
EXPECT_PQ_KEM_SUCCESS(kem->encapsulate(kem, ciphertext.data, client_shared_secret.data, public_key.data));
EXPECT_PQ_KEM_SUCCESS(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data));
EXPECT_BYTEARRAY_EQUAL(server_shared_secret.data, client_shared_secret.data, kem->shared_secret_key_length);

/* By design, if an invalid private key + ciphertext pair is provided to decapsulate(),
* the function should still succeed (return S2N_SUCCESS); however, the shared secret
* that was "decapsulated" will be a garbage random value. */
ciphertext.data[0] ^= 1; /* Flip a bit to invalidate the ciphertext */

EXPECT_PQ_KEM_SUCCESS(kem->decapsulate(kem, server_shared_secret.data, ciphertext.data, private_key.data));
EXPECT_BYTEARRAY_NOT_EQUAL(server_shared_secret.data, client_shared_secret.data, kem->shared_secret_key_length);
}

END_TEST();
Expand Down
16 changes: 12 additions & 4 deletions tests/unit/s2n_security_policies_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -198,15 +198,23 @@ int main(int argc, char **argv)
EXPECT_EQUAL(1, security_policy->kem_preferences->kem_count);
EXPECT_NOT_NULL(security_policy->kem_preferences->kems);
EXPECT_EQUAL(&s2n_kyber_512_r3, security_policy->kem_preferences->kems[0]);
EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2023_06);
EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, ALL_SUPPORTED_KEM_GROUPS);
/* All supported kem groups should be in the preference list, but not all of them may be available. */
EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count);
EXPECT_EQUAL(S2N_KEM_GROUPS_COUNT, security_policy->kem_preferences->tls13_kem_group_count);
uint32_t available_groups = 0;
EXPECT_OK(s2n_kem_preferences_groups_available(security_policy->kem_preferences, &available_groups));
if (s2n_libcrypto_supports_evp_kem() && s2n_is_evp_apis_supported()) {
EXPECT_EQUAL(6, available_groups);
if (s2n_libcrypto_supports_mlkem()) {
EXPECT_EQUAL(S2N_KEM_GROUPS_COUNT, available_groups);
} else {
EXPECT_EQUAL(6, available_groups);
}
} else if (s2n_libcrypto_supports_evp_kem() && !s2n_is_evp_apis_supported()) {
EXPECT_EQUAL(4, available_groups);
if (s2n_libcrypto_supports_mlkem()) {
EXPECT_EQUAL(5, available_groups);
} else {
EXPECT_EQUAL(4, available_groups);
}
} else {
EXPECT_EQUAL(0, available_groups);
}
Expand Down
16 changes: 12 additions & 4 deletions tests/unit/s2n_server_key_share_extension_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -885,15 +885,23 @@ int main(int argc, char **argv)
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, kem_group->iana_id, uint16);
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, expected_hybrid_share_size, uint16);

uint16_t expected_first_share_size = kem_group->curve->share_size;
uint16_t expected_second_share_size = kem_group->kem->ciphertext_length;

if (kem_group->send_kem_first) {
expected_first_share_size = kem_group->kem->ciphertext_length;
expected_second_share_size = kem_group->curve->share_size;
}

if (len_prefixed) {
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, kem_group->curve->share_size, uint16);
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, expected_first_share_size, uint16);
}
EXPECT_SUCCESS(s2n_stuffer_skip_read(&stuffer, kem_group->curve->share_size));
EXPECT_SUCCESS(s2n_stuffer_skip_read(&stuffer, expected_first_share_size));

if (len_prefixed) {
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, kem_group->kem->ciphertext_length, uint16);
S2N_STUFFER_READ_EXPECT_EQUAL(&stuffer, expected_second_share_size, uint16);
}
S2N_STUFFER_LENGTH_WRITTEN_EXPECT_EQUAL(&stuffer, kem_group->kem->ciphertext_length);
S2N_STUFFER_LENGTH_WRITTEN_EXPECT_EQUAL(&stuffer, expected_second_share_size);

EXPECT_NULL(conn->kex_params.server_ecc_evp_params.negotiated_curve);
EXPECT_EQUAL(server_params->kem_group, kem_group);
Expand Down
82 changes: 81 additions & 1 deletion tests/unit/s2n_tls13_hybrid_shared_secret_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -137,14 +137,16 @@ struct hybrid_test_vector {
#define KYBER512R3_SECRET "0A6925676F24B22C286F4C81A4224CEC506C9B257D480E02E3B49F44CAA3237F"
#define KYBER768R3_SECRET "914CB67FE5C38E73BF74181C0AC50428DEDF7750A98058F7D536708774535B29"
#define KYBER1024R3_SECRET "B10F7394926AD3B49C5D62D5AEB531D5757538BCC0DA9E550D438F1B61BD7419"
#define MLKEM768_SECRET "B408D5D115713F0A93047DBBEA832E4340787686D59A9A2D106BD662BA0AA035"

/* Hybrid shared secrets are the concatenation: ECDHE || PQ */
#define X25519_KYBER512R3_HYBRID_SECRET (X25519_SHARED_SECRET KYBER512R3_SECRET)
#define X25519_KYBER768R3_HYBRID_SECRET (X25519_SHARED_SECRET KYBER768R3_SECRET)
#define SECP256R1_KYBER512R3_HYBRID_SECRET (SECP256R1_SHARED_SECRET KYBER512R3_SECRET)
#define SECP256R1_KYBER768R3_HYBRID_SECRET (SECP256R1_SHARED_SECRET KYBER768R3_SECRET)
#define SECP384R1_KYBER768R3_HYBRID_SECRET (SECP384R1_SHARED_SECRET KYBER768R3_SECRET)
#define SECP521R1_KYBER1024R3_HYBRID_SECRET (SECP521R1_SHARED_SECRET KYBER1024R3_SECRET)
#define X25519_MLKEM768_HYBRID_SECRET (MLKEM768_SECRET X25519_SHARED_SECRET)
#define SECP256R1_MLKEM768_HYBRID_SECRET (SECP256R1_SHARED_SECRET MLKEM768_SECRET)

/* The expected traffic secrets were calculated from an independent Python implementation located in the KAT directory,
* using the ECDHE & PQ secrets defined above. */
Expand Down Expand Up @@ -178,6 +180,16 @@ struct hybrid_test_vector {
#define AES_256_SECP521R1_KYBER1024R3_CLIENT_TRAFFIC_SECRET "660838cb79c4852258346112f481b75463b39aec83b961cd999741d720b18c95df0c3eabc1ec6b1505703ce1925bf396"
#define AES_256_SECP521R1_KYBER1024R3_SERVER_TRAFFIC_SECRET "19cb80a0d66c0e616891370273b92cf700d1cf32146be6402eb3de62eab6d1ce2d259b404ff29249e8c2af6df416d503"

#define AES_128_SECP256R1_MLKEM768_CLIENT_TRAFFIC_SECRET "e3b086562f8dc237a9dc8710f345821c871417bd57a64a1966860f1f06bcd5dc"
#define AES_128_SECP256R1_MLKEM768_SERVER_TRAFFIC_SECRET "eb3f47d5cc09234957543e1160dde10cc86b817f31c43d5e8af8cdd6167b0336"
#define AES_256_SECP256R1_MLKEM768_CLIENT_TRAFFIC_SECRET "9e65803eeb8324eb5faea82be52c266e0bf8ac398f091db73a48e68ee2ff0a91915b3f1f4e9907e33543a9ebb1f7a748"
#define AES_256_SECP256R1_MLKEM768_SERVER_TRAFFIC_SECRET "cb8fc8707f294e3ab9b98f0d873b1e1c5d740ecd254c67fcca44b5444742bf958102be17beb5c89ae08b8b31191d9137"

#define AES_128_X25519_MLKEM768_CLIENT_TRAFFIC_SECRET "8bf7f5f36cdece4ca1439e14e9b585cd5c2c11753ce53733da771c89ba7d8162"
#define AES_128_X25519_MLKEM768_SERVER_TRAFFIC_SECRET "c9221c9f9fad66ac7ae568e46695229eaf95196819c2bb997469f010075b953e"
#define AES_256_X25519_MLKEM768_CLIENT_TRAFFIC_SECRET "44eb9e15ef082936fe7a2c169be644ff16b47fb2a91f7223069cbd8d9b063a034f0936234e60a733a30db6d7226d984d"
#define AES_256_X25519_MLKEM768_SERVER_TRAFFIC_SECRET "852b46f0e3cdc222badc0b85f4cfb4f332c2d8ea8c9695d6024e129b5056d2c534191ee76bff50148f19a88f81897112"

/* A fake transcript string to hash when deriving handshake secrets */
#define FAKE_TRANSCRIPT "client_hello || server_hello"

Expand Down Expand Up @@ -385,6 +397,70 @@ int main(int argc, char **argv)
.expected_server_traffic_secret = &aes_256_x25519_kyber768r3_server_secret,
};

S2N_BLOB_FROM_HEX(mlkem768_secret, MLKEM768_SECRET);
S2N_BLOB_FROM_HEX(secp256r1_mlkem768_hybrid_secret, SECP256R1_MLKEM768_HYBRID_SECRET);
S2N_BLOB_FROM_HEX(x25519_mlkem768_hybrid_secret, X25519_MLKEM768_HYBRID_SECRET);

S2N_BLOB_FROM_HEX(aes_128_secp256r1_mlkem768_client_secret, AES_128_SECP256R1_MLKEM768_CLIENT_TRAFFIC_SECRET);
S2N_BLOB_FROM_HEX(aes_128_secp256r1_mlkem768_server_secret, AES_128_SECP256R1_MLKEM768_SERVER_TRAFFIC_SECRET);

const struct hybrid_test_vector aes_128_sha_256_secp256r1_mlkem768_vector = {
.cipher_suite = &s2n_tls13_aes_128_gcm_sha256,
.transcript = FAKE_TRANSCRIPT,
.kem_group = &s2n_secp256r1_mlkem_768,
.client_ecc_key = CLIENT_SECP256R1_PRIV_KEY,
.server_ecc_key = SERVER_SECP256R1_PRIV_KEY,
.pq_secret = &mlkem768_secret,
.expected_hybrid_secret = &secp256r1_mlkem768_hybrid_secret,
.expected_client_traffic_secret = &aes_128_secp256r1_mlkem768_client_secret,
.expected_server_traffic_secret = &aes_128_secp256r1_mlkem768_server_secret,
};

S2N_BLOB_FROM_HEX(aes_256_secp256r1_mlkem768_client_secret, AES_256_SECP256R1_MLKEM768_CLIENT_TRAFFIC_SECRET);
S2N_BLOB_FROM_HEX(aes_256_secp256r1_mlkem768_server_secret, AES_256_SECP256R1_MLKEM768_SERVER_TRAFFIC_SECRET);

const struct hybrid_test_vector aes_256_sha_384_secp256r1_mlkem768_vector = {
.cipher_suite = &s2n_tls13_aes_256_gcm_sha384,
.transcript = FAKE_TRANSCRIPT,
.kem_group = &s2n_secp256r1_mlkem_768,
.client_ecc_key = CLIENT_SECP256R1_PRIV_KEY,
.server_ecc_key = SERVER_SECP256R1_PRIV_KEY,
.pq_secret = &mlkem768_secret,
.expected_hybrid_secret = &secp256r1_mlkem768_hybrid_secret,
.expected_client_traffic_secret = &aes_256_secp256r1_mlkem768_client_secret,
.expected_server_traffic_secret = &aes_256_secp256r1_mlkem768_server_secret,
};

S2N_BLOB_FROM_HEX(aes_128_x25519_mlkem768_client_secret, AES_128_X25519_MLKEM768_CLIENT_TRAFFIC_SECRET);
S2N_BLOB_FROM_HEX(aes_128_x25519_mlkem768_server_secret, AES_128_X25519_MLKEM768_SERVER_TRAFFIC_SECRET);

const struct hybrid_test_vector aes_128_sha_256_x25519_mlkem768_vector = {
.cipher_suite = &s2n_tls13_aes_128_gcm_sha256,
.transcript = FAKE_TRANSCRIPT,
.kem_group = &s2n_x25519_mlkem_768,
.client_ecc_key = CLIENT_X25519_PRIV_KEY,
.server_ecc_key = SERVER_X25519_PRIV_KEY,
.pq_secret = &mlkem768_secret,
.expected_hybrid_secret = &x25519_mlkem768_hybrid_secret,
.expected_client_traffic_secret = &aes_128_x25519_mlkem768_client_secret,
.expected_server_traffic_secret = &aes_128_x25519_mlkem768_server_secret,
};

S2N_BLOB_FROM_HEX(aes_256_x25519_mlkem768_client_secret, AES_256_X25519_MLKEM768_CLIENT_TRAFFIC_SECRET);
S2N_BLOB_FROM_HEX(aes_256_x25519_mlkem768_server_secret, AES_256_X25519_MLKEM768_SERVER_TRAFFIC_SECRET);

const struct hybrid_test_vector aes_256_sha_384_x25519_mlkem768_vector = {
.cipher_suite = &s2n_tls13_aes_256_gcm_sha384,
.transcript = FAKE_TRANSCRIPT,
.kem_group = &s2n_x25519_mlkem_768,
.client_ecc_key = CLIENT_X25519_PRIV_KEY,
.server_ecc_key = SERVER_X25519_PRIV_KEY,
.pq_secret = &mlkem768_secret,
.expected_hybrid_secret = &x25519_mlkem768_hybrid_secret,
.expected_client_traffic_secret = &aes_256_x25519_mlkem768_client_secret,
.expected_server_traffic_secret = &aes_256_x25519_mlkem768_server_secret,
};

const struct hybrid_test_vector *all_test_vectors[] = {
&aes_128_sha_256_secp256r1_kyber512r3_vector,
&aes_256_sha_384_secp256r1_kyber512r3_vector,
Expand All @@ -398,6 +474,10 @@ int main(int argc, char **argv)
&aes_256_sha_384_secp521r1_kyber1024r3_vector,
&aes_128_sha_256_x25519_kyber768r3_vector,
&aes_256_sha_384_x25519_kyber768r3_vector,
&aes_128_sha_256_secp256r1_mlkem768_vector,
&aes_256_sha_384_secp256r1_mlkem768_vector,
&aes_128_sha_256_x25519_mlkem768_vector,
&aes_256_sha_384_x25519_mlkem768_vector,
};

EXPECT_EQUAL(s2n_array_len(all_test_vectors), (2 * S2N_KEM_GROUPS_COUNT));
Expand Down
Loading

0 comments on commit 5a2fdf6

Please sign in to comment.