Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Kyber KEM with a KDF + some nitpicks #2982

Merged
merged 5 commits into from
Jun 1, 2022
Merged

FIX: Kyber KEM with a KDF + some nitpicks #2982

merged 5 commits into from
Jun 1, 2022

Conversation

reneme
Copy link
Collaborator

@reneme reneme commented May 31, 2022
edited
Loading

Turns out that the implementation of Kyber needed a bit more polishing:

  • KEM operations did not inherit from KEM_XXcryption_with_KDF
    Hence, the interface would simply ignore the KDF and provider preferences of the user and always return the "Raw" shared secret.
  • Kyber...::algo_name() incorporated the algorithm parameters
    I.e. the algo name would be reported as "Kyber-1024-90s-r3". This is not in line with the rest of the library's algorithms. Now, algo_name() will always report "Kyber-r3" and the key classes provide an additional ::mode() accessor to investigate the algorithm parameters. To integrate with Kyber's preliminary OIDs, the KyberMode enum is now a small class that can perform the translation from and to OIDs.
  • "Raw" KDF resulted in an exception
    In contrast to PK_Ops::Key_Agreement_with_KDF the respective KEM operations did not allow for a "Raw" KDF. This is needed though, e.g. to implement TLS 1.3 hybrid key exchange.
  • Partially disabling 90s or modern kyber resulted in a failing text-based test

@randombit randombit self-requested a review May 31, 2022 12:40
@reneme
Kyber_...Key::algo_name() always returns 'Kyber-r3' (without parameters)
1c1d451 
Previously, ::algo_name() contained the algorithm parameters (e.g. -90s-512)
as well. This was impractical and did not align with other algorithms in the
library. Instead, Kyber_...::mode() now gives acces to the specific algorithm
parameters used.
@reneme
FIX: Use KEM_Encryption_with_KDF as base class for Kyber Encap/Decap
708240c 
Previously, the KEM operations would simply assume "Raw" and ignore KDF as well
as provider parameters.
@reneme
FIX: Allow using KEM_Enc/Dec with a "Raw" KDF
acf7473 
This would have resulted in an exception before. Similar behaviour was already
implemented for the key agreement public key operation.
@reneme
Use PK_KEM_XXcryptor adapters in Kyber tests
f82a5a0
@reneme
FIX: encoding test failure with partial kyber support
0b2242a 
When either kyber or kyber_90s was disabled at build time we caused a test failure.
reneme added a commit that referenced this pull request May 31, 2022
@reneme
Fixes to Kyber, from GH #2982
7a286bc
@reneme reneme mentioned this pull request May 31, 2022
Closed
2 tasks
@reneme reneme merged commit 8739125 into master Jun 1, 2022
@randombit randombit deleted the fix/kyber_kem_details branch June 1, 2022 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@randombit randombit randombit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reneme @randombit