Add DHKEM ciphersuites (P-256, P-384) per RFC 9180#35
Open
AlfioEmanueleFresta wants to merge 8 commits into
Open
Add DHKEM ciphersuites (P-256, P-384) per RFC 9180#35AlfioEmanueleFresta wants to merge 8 commits into
AlfioEmanueleFresta wants to merge 8 commits into
Conversation
Move the macro from xwing.rs to src/util.rs so it can be reused by upcoming DHKEM ciphersuite implementations.
Add elliptic-curve, hkdf, p256, p384, p521, sha2 as optional deps with dhkem-p256, dhkem-p384, dhkem-p521 feature flags.
Add DHKEM ciphersuites with HKDF-based ExtractAndExpand producing uniform shared secrets (IND-CCA). Drops P-521 to keep scope focused.
Roundtrip, serialization, invalid point rejection, and shared secret uniqueness tests for both curves.
Full roundtrip, commitment mismatch, and cross-session SAS tests for P-256 and P-384, using a shared test macro.
Validate ExtractAndExpand against RFC 9180 Appendix A.3.1 known-answer vector. Add deterministic pinned vectors for DhkemP256Sha256 and DhkemP384Sha384 protocol outputs.
Serde round-trip tests for Initiator/Responder state with DHKEM suites. Zeroize verification for DK, SharedSecret, and Initiator state.
Add dhkem-p256 and dhkem-p384 to test and no_std build matrices. Document new features in lib.rs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
DhkemP256Sha256— DHKEM(P-256, HKDF-SHA256) + SHA-256 (128-bit security)DhkemP384Sha384— DHKEM(P-384, HKDF-SHA384) + SHA-384 (192-bit security)byte_array_newtype!macro tosrc/util.rsfor reuse across ciphersuite modulesDesign decisions
Test plan
[0u8; 32]) catch non-backwards-compatible changesdhkem-p256anddhkem-p384feature combinations + no_std build