Skip to content

FIX: Kyber KEM with a KDF + some nitpicks#2982

Merged
reneme merged 5 commits intomasterfrom
fix/kyber_kem_details
Jun 1, 2022
Merged

FIX: Kyber KEM with a KDF + some nitpicks#2982
reneme merged 5 commits intomasterfrom
fix/kyber_kem_details

Conversation

@reneme
Copy link
Copy Markdown
Collaborator

@reneme reneme commented May 31, 2022
edited
Loading

Turns out that the implementation of Kyber needed a bit more polishing:

  • KEM operations did not inherit from KEM_XXcryption_with_KDF
    Hence, the interface would simply ignore the KDF and provider preferences of the user and always return the "Raw" shared secret.
  • Kyber...::algo_name() incorporated the algorithm parameters
    I.e. the algo name would be reported as "Kyber-1024-90s-r3". This is not in line with the rest of the library's algorithms. Now, algo_name() will always report "Kyber-r3" and the key classes provide an additional ::mode() accessor to investigate the algorithm parameters. To integrate with Kyber's preliminary OIDs, the KyberMode enum is now a small class that can perform the translation from and to OIDs.
  • "Raw" KDF resulted in an exception
    In contrast to PK_Ops::Key_Agreement_with_KDF the respective KEM operations did not allow for a "Raw" KDF. This is needed though, e.g. to implement TLS 1.3 hybrid key exchange.
  • Partially disabling 90s or modern kyber resulted in a failing text-based test

@reneme reneme force-pushed the fix/kyber_kem_details branch from 36ea33c to da1d605 Compare May 31, 2022 12:31
@randombit randombit self-requested a review May 31, 2022 12:40
reneme added 5 commits May 31, 2022 14:42
@reneme
Kyber_...Key::algo_name() always returns 'Kyber-r3' (without parameters)
1c1d451 
Previously, ::algo_name() contained the algorithm parameters (e.g. -90s-512)
as well. This was impractical and did not align with other algorithms in the
library. Instead, Kyber_...::mode() now gives acces to the specific algorithm
parameters used.
@reneme
FIX: Use KEM_Encryption_with_KDF as base class for Kyber Encap/Decap
708240c 
Previously, the KEM operations would simply assume "Raw" and ignore KDF as well
as provider parameters.
@reneme
FIX: Allow using KEM_Enc/Dec with a "Raw" KDF
acf7473 
This would have resulted in an exception before. Similar behaviour was already
implemented for the key agreement public key operation.
@reneme
Use PK_KEM_XXcryptor adapters in Kyber tests
f82a5a0
@reneme
FIX: encoding test failure with partial kyber support
0b2242a 
When either kyber or kyber_90s was disabled at build time we caused a test failure.
@reneme reneme force-pushed the fix/kyber_kem_details branch from da1d605 to 0b2242a Compare May 31, 2022 12:43
reneme added a commit that referenced this pull request May 31, 2022
@reneme
Fixes to Kyber, from GH #2982
7a286bc
@reneme reneme mentioned this pull request May 31, 2022
Closed
2 tasks
@reneme reneme merged commit 8739125 into master Jun 1, 2022
@randombit randombit deleted the fix/kyber_kem_details branch June 1, 2022 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@randombit randombit randombit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@reneme @randombit