Skip to content

refactor(aws-kms-tls-auth): add hmac based psk derivation#5519

Merged
jmayclin merged 7 commits intoaws:mainfrom
jmayclin:2025-09-19-psk-derivation
Sep 25, 2025
Merged

refactor(aws-kms-tls-auth): add hmac based psk derivation#5519
jmayclin merged 7 commits intoaws:mainfrom
jmayclin:2025-09-19-psk-derivation

Conversation

@jmayclin
Copy link
Copy Markdown
Contributor

@jmayclin jmayclin commented Sep 19, 2025

Description of changes:

This adds a new method for deriving PSK's from the KMS generateMac API.

This significantly reduces the required TPS to KMS, and will allow O(N) scaling characteristics.

Derivation and Epoch structures is described in module documentation.

Testing:

New unit tests are added.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jmayclin jmayclin requested a review from lrstewart September 19, 2025 22:31
@github-actions github-actions bot added the s2n-core team label Sep 19, 2025
@jmayclin jmayclin requested a review from goatgoose September 19, 2025 22:31
lrstewart
lrstewart reviewed Sep 22, 2025
View reviewed changes
goatgoose
goatgoose reviewed Sep 23, 2025
View reviewed changes
jmayclin and others added 2 commits September 23, 2025 09:59
@jmayclin @goatgoose @lrstewart
Apply suggestions from code review
e2bc098 
Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com>
Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com>
@jmayclin
address pr feedback
2573433 
* fix leftover stuff from refactor
@jmayclin
address ci failure
937a1e8 
* remove unused import
goatgoose
goatgoose approved these changes Sep 24, 2025
View reviewed changes
jmayclin and others added 3 commits September 24, 2025 15:42
@jmayclin @goatgoose
Update bindings/rust/aws-kms-tls-auth/src/psk_derivation.rs
9c0ddd0 
Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com>
@jmayclin
addres pr feedback
3c3803b 
* remove outdated comment
@jmayclin
Merge branch 'main' into 2025-09-19-psk-derivation
e33917d
@jmayclin jmayclin enabled auto-merge September 25, 2025 21:52
@jmayclin jmayclin added this pull request to the merge queue Sep 25, 2025
Merged via the queue into aws:main with commit 7236227 Sep 25, 2025
50 checks passed
@jmayclin jmayclin deleted the 2025-09-19-psk-derivation branch September 25, 2025 22:56
dougch pushed a commit to dougch/s2n-tls that referenced this pull request Sep 26, 2025
@jmayclin @goatgoose
@lrstewart @dougch
refactor(aws-kms-tls-auth): add hmac based psk derivation (aws#5519)
9179962 
Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com>
Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com>
@dougch dougch mentioned this pull request Oct 28, 2025
Closed
@BrewTestBot BrewTestBot mentioned this pull request Oct 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@goatgoose goatgoose goatgoose approved these changes

@lrstewart lrstewart lrstewart approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

s2n-core team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jmayclin @goatgoose @lrstewart