Merge branch 'main' into franziskus/drop-tests-from-package

.github/workflows/benches.yml

@@ -16,7 +16,8 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - macos-11
+          - macos-13
+          - macos-latest
           - ubuntu-latest
           - windows-latest
 

.github/workflows/ios.yml

@@ -12,14 +12,12 @@ env:
 
 jobs:
   build:
-    runs-on: macos-11
+    runs-on: macos-13
 
     steps:
     - uses: actions/checkout@v2
     - name: Setup MacOS
       run: |
-        sudo rm -Rf /Library/Developer/CommandLineTools/SDKs/*
-        sudo xcode-select -s /Applications/Xcode_12.4.app
         rustup target install aarch64-apple-darwin
         rustup target install aarch64-apple-ios
     - name: Apple Silicon Build

.github/workflows/rust.yml

@@ -16,7 +16,8 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - macos-11
+          - macos-13
+          - macos-latest
           - ubuntu-latest
           - windows-latest
 
@@ -41,23 +42,20 @@ jobs:
       working-directory: rust_crypto_provider
       run: cargo build --verbose --all-features
     # Apple Silicon
-    - if: matrix.os == 'macos-11'
+    - if: matrix.os == 'macos-13'
       run: |
-        brew install pkg-config
-        sudo rm -Rf /Library/Developer/CommandLineTools/SDKs/*
-        sudo xcode-select -s /Applications/Xcode_12.4.app
         rustup target install aarch64-apple-darwin
         rustup target install aarch64-apple-ios
     - name: Build
       run: cargo build --verbose
     - name: Apple Silicon Build
-      if: matrix.os == 'macos-11'
+      if: matrix.os == 'macos-13'
       run: |
         cargo build --target aarch64-apple-darwin --tests --verbose
         cargo build --release --target aarch64-apple-darwin --tests --verbose
     # ARM64 iOS
     - name: iOS aarch64
-      if: matrix.os == 'macos-11'
+      if: matrix.os == 'macos-13'
       run: |
         cargo build --target aarch64-apple-ios --tests --verbose
         cargo build --release --target aarch64-apple-ios --tests --verbose
@@ -96,7 +94,7 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - macos-11
+          - macos-13
           - ubuntu-latest
     runs-on: ${{ matrix.os }}
     steps:

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.1] - Unreleased
+
+- [#66](https://github.com/franziskuskiefer/hpke-rs/pull/66): add support for secp256k1 curve. This adds `DhKemK256 = 0x0016` to the `KemAlgorithms`
+
 ## [0.2.0] - 2023-12-01
 
 - [#59](https://github.com/franziskuskiefer/hpke-rs/pull/59): hpke-rs-rust-crypto: make deterministic-prng enable the std feature

benches/bench.rs

@@ -24,8 +24,9 @@ const KDF_IDS: [KdfAlgorithm; 3] = [
     KdfAlgorithm::HkdfSha384,
     KdfAlgorithm::HkdfSha512,
 ];
-const KEM_IDS: [KemAlgorithm; 5] = [
+const KEM_IDS: [KemAlgorithm; 6] = [
     KemAlgorithm::DhKemP256,
+    KemAlgorithm::DhKemK256,
     KemAlgorithm::DhKemP384,
     KemAlgorithm::DhKemP521,
     KemAlgorithm::DhKem25519,

benches/manual_benches.rs

@@ -29,8 +29,9 @@ const KDF_IDS: [KdfAlgorithm; 3] = [
     KdfAlgorithm::HkdfSha384,
     KdfAlgorithm::HkdfSha512,
 ];
-const KEM_IDS: [KemAlgorithm; 5] = [
+const KEM_IDS: [KemAlgorithm; 6] = [
     KemAlgorithm::DhKemP256,
+    KemAlgorithm::DhKemK256,
     KemAlgorithm::DhKemP384,
     KemAlgorithm::DhKemP521,
     KemAlgorithm::DhKem25519,

rust_crypto_provider/Cargo.toml

@@ -18,6 +18,10 @@ p256 = { version = "0.13", features = [
     "arithmetic",
     "ecdh",
 ], default-features = false }
+k256 = { version = "0.13", features = [
+    "arithmetic",
+    "ecdh",
+], default-features = false }
 p384 = { version = "0.13", default-features = false }
 x25519-dalek = { version = "2", features = ["static_secrets"] }
 chacha20poly1305 = { version = "0.10", default-features = false, features = [
@@ -46,6 +50,10 @@ harness = false
 name = "bench_p256"
 harness = false
 
+[[bench]]
+name = "bench_k256"
+harness = false
+
 [[bench]]
 name = "bench_x25519"
 harness = false

rust_crypto_provider/Readme.md

@@ -5,13 +5,14 @@
 ![Rust Version][rustc-image]
 
 This crate provides an implementation of the [HpkeCrypto] trait using native Rust crypto implementations
-([hkdf], [sha2], [p256], [p384], [x25519-dalek], [chacha20poly1305], [aes-gcm]).
+([hkdf], [sha2], [p256], [k256], [p384], [x25519-dalek], [chacha20poly1305], [aes-gcm]).
 
 Please see [hpke-rs] for more details.
 
 [hkdf]: https://docs.rs/hkdf/
 [sha2]: https://docs.rs/sha2
 [p256]: https://docs.rs/p256
+[k256]: https://docs.rs/k256
 [p384]: https://docs.rs/p384
 [x25519-dalek]: https://docs.rs/x25519-dalek
 [chacha20poly1305]: https://docs.rs/chacha20poly1305

rust_crypto_provider/benches/bench_k256.rs

@@ -0,0 +1,42 @@
+use criterion::{criterion_group, criterion_main, BatchSize, Criterion};
+use hpke_rs_crypto::{types::KemAlgorithm, HpkeCrypto};
+use hpke_rs_rust_crypto::*;
+
+fn criterion_benchmark(c: &mut Criterion) {
+    c.bench_function(&format!("K256 Derive"), |b| {
+        b.iter_batched(
+            || {
+                let sk = HpkeRustCrypto::kem_key_gen(
+                    KemAlgorithm::DhKemK256,
+                    &mut HpkeRustCrypto::prng(),
+                )
+                .unwrap();
+                let pk = HpkeRustCrypto::kem_derive_base(KemAlgorithm::DhKemK256, &sk).unwrap();
+                (sk.clone(), pk.clone())
+            },
+            |(sk, pk)| {
+                let _ = HpkeRustCrypto::kem_derive(KemAlgorithm::DhKemK256, &pk, &sk);
+            },
+            BatchSize::SmallInput,
+        )
+    });
+    c.bench_function(&format!("K256 Derive Base"), |b| {
+        b.iter_batched(
+            || {
+                let sk = HpkeRustCrypto::kem_key_gen(
+                    KemAlgorithm::DhKemK256,
+                    &mut HpkeRustCrypto::prng(),
+                )
+                .unwrap();
+                sk.clone()
+            },
+            |sk| {
+                let _pk = HpkeRustCrypto::kem_derive_base(KemAlgorithm::DhKemK256, &sk).unwrap();
+            },
+            BatchSize::SmallInput,
+        )
+    });
+}
+
+criterion_group!(benches, criterion_benchmark,);
+criterion_main!(benches);

rust_crypto_provider/src/lib.rs

@@ -12,9 +12,15 @@ use hpke_rs_crypto::{
     CryptoRng, HpkeCrypto, HpkeTestRng, RngCore,
 };
 use p256::{
-    elliptic_curve::{ecdh::diffie_hellman, sec1::ToEncodedPoint},
-    PublicKey, SecretKey,
+    elliptic_curve::ecdh::diffie_hellman as p256diffie_hellman, PublicKey as p256PublicKey,
+    SecretKey as p256SecretKey,
 };
+
+use k256::{
+    elliptic_curve::{ecdh::diffie_hellman as k256diffie_hellman, sec1::ToEncodedPoint},
+    PublicKey as k256PublicKey, SecretKey as k256SecretKey,
+};
+
 use rand_core::SeedableRng;
 use x25519_dalek::{PublicKey as X25519PublicKey, StaticSecret as X25519StaticSecret};
 
@@ -80,9 +86,19 @@ impl HpkeCrypto for HpkeRustCrypto {
                     .to_vec())
             }
             KemAlgorithm::DhKemP256 => {
-                let sk = SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
-                let pk = PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?;
-                Ok(diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine())
+                let sk = p256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
+                let pk =
+                    p256PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?;
+                Ok(p256diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine())
+                    .raw_secret_bytes()
+                    .as_slice()
+                    .into())
+            }
+            KemAlgorithm::DhKemK256 => {
+                let sk = k256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
+                let pk =
+                    k256PublicKey::from_sec1_bytes(pk).map_err(|_| Error::KemInvalidPublicKey)?;
+                Ok(k256diffie_hellman(sk.to_nonzero_scalar(), pk.as_affine())
                     .raw_secret_bytes()
                     .as_slice()
                     .into())
@@ -103,7 +119,11 @@ impl HpkeCrypto for HpkeRustCrypto {
                 Ok(X25519PublicKey::from(&sk).as_bytes().to_vec())
             }
             KemAlgorithm::DhKemP256 => {
-                let sk = SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
+                let sk = p256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
+                Ok(sk.public_key().to_encoded_point(false).as_bytes().into())
+            }
+            KemAlgorithm::DhKemK256 => {
+                let sk = k256SecretKey::from_slice(sk).map_err(|_| Error::KemInvalidSecretKey)?;
                 Ok(sk.public_key().to_encoded_point(false).as_bytes().into())
             }
             _ => Err(Error::UnknownKemAlgorithm),
@@ -116,16 +136,24 @@ impl HpkeCrypto for HpkeRustCrypto {
             KemAlgorithm::DhKem25519 => Ok(X25519StaticSecret::random_from_rng(&mut *rng)
                 .to_bytes()
                 .to_vec()),
-            KemAlgorithm::DhKemP256 => {
-                Ok(SecretKey::random(&mut *rng).to_bytes().as_slice().into())
-            }
+            KemAlgorithm::DhKemP256 => Ok(p256SecretKey::random(&mut *rng)
+                .to_bytes()
+                .as_slice()
+                .into()),
+            KemAlgorithm::DhKemK256 => Ok(k256SecretKey::random(&mut *rng)
+                .to_bytes()
+                .as_slice()
+                .into()),
             _ => Err(Error::UnknownKemAlgorithm),
         }
     }
 
     fn kem_validate_sk(alg: KemAlgorithm, sk: &[u8]) -> Result<Vec<u8>, Error> {
         match alg {
-            KemAlgorithm::DhKemP256 => SecretKey::from_slice(sk)
+            KemAlgorithm::DhKemP256 => p256SecretKey::from_slice(sk)
+                .map_err(|_| Error::KemInvalidSecretKey)
+                .map(|_| sk.into()),
+            KemAlgorithm::DhKemK256 => k256SecretKey::from_slice(sk)
                 .map_err(|_| Error::KemInvalidSecretKey)
                 .map(|_| sk.into()),
             _ => Err(Error::UnknownKemAlgorithm),
@@ -188,7 +216,7 @@ impl HpkeCrypto for HpkeRustCrypto {
     /// Returns an error if the KEM algorithm is not supported by this crypto provider.
     fn supports_kem(alg: KemAlgorithm) -> Result<(), Error> {
         match alg {
-            KemAlgorithm::DhKem25519 | KemAlgorithm::DhKemP256 => Ok(()),
+            KemAlgorithm::DhKem25519 | KemAlgorithm::DhKemP256 | KemAlgorithm::DhKemK256 => Ok(()),
             _ => Err(Error::UnknownKemAlgorithm),
         }
     }

src/dh_kem.rs

@@ -66,7 +66,7 @@ pub(super) fn derive_key_pair<Crypto: HpkeCrypto>(
             &[],
             alg.private_key_len(),
         )?,
-        KemAlgorithm::DhKemP256 => {
+        KemAlgorithm::DhKemP256 | KemAlgorithm::DhKemK256 => {
             let mut ctr = 0u8;
             // Do rejection sampling trying to find a valid key.
             // It is expected that there aren't too many iteration and that
@@ -88,14 +88,14 @@ pub(super) fn derive_key_pair<Crypto: HpkeCrypto>(
                 if ctr == u8::MAX {
                     // If we get here we lost. This should never happen.
                     return Err(Error::CryptoLibraryError(
-                        "Unable to generate a valid P256 private key".to_string(),
+                        "Unable to generate a valid private key".to_string(),
                     ));
                 }
                 ctr += 1;
             }
         }
         _ => {
-            panic!("This should be unreachable. Only x25519 and P256 KEMs are implemented")
+            panic!("This should be unreachable. Only x25519, P256, and K256 KEMs are implemented")
         }
     };
     Ok((Crypto::kem_derive_base(alg, &sk)?, sk))

src/kem.rs

@@ -20,6 +20,7 @@ pub(crate) fn encaps<Crypto: HpkeCrypto>(
 ) -> Result<(Vec<u8>, Vec<u8>), Error> {
     match alg {
         KemAlgorithm::DhKemP256
+        | KemAlgorithm::DhKemK256
         | KemAlgorithm::DhKemP384
         | KemAlgorithm::DhKemP521
         | KemAlgorithm::DhKem25519
@@ -36,6 +37,7 @@ pub(crate) fn decaps<Crypto: HpkeCrypto>(
 ) -> Result<Vec<u8>, Error> {
     match alg {
         KemAlgorithm::DhKemP256
+        | KemAlgorithm::DhKemK256
         | KemAlgorithm::DhKemP384
         | KemAlgorithm::DhKemP521
         | KemAlgorithm::DhKem25519
@@ -51,6 +53,7 @@ pub(crate) fn auth_encaps<Crypto: HpkeCrypto>(
 ) -> Result<(Vec<u8>, Vec<u8>), Error> {
     match alg {
         KemAlgorithm::DhKemP256
+        | KemAlgorithm::DhKemK256
         | KemAlgorithm::DhKemP384
         | KemAlgorithm::DhKemP521
         | KemAlgorithm::DhKem25519
@@ -68,6 +71,7 @@ pub(crate) fn auth_decaps<Crypto: HpkeCrypto>(
 ) -> Result<Vec<u8>, Error> {
     match alg {
         KemAlgorithm::DhKemP256
+        | KemAlgorithm::DhKemK256
         | KemAlgorithm::DhKemP384
         | KemAlgorithm::DhKemP521
         | KemAlgorithm::DhKem25519
@@ -83,6 +87,7 @@ pub(crate) fn key_gen<Crypto: HpkeCrypto>(
 ) -> Result<(Vec<u8>, Vec<u8>), Error> {
     match alg {
         KemAlgorithm::DhKemP256
+        | KemAlgorithm::DhKemK256
         | KemAlgorithm::DhKemP384
         | KemAlgorithm::DhKemP521
         | KemAlgorithm::DhKem25519