Address review comments

2023-07-10 14:00:52 +01:00 · 2023-07-10 14:00:52 +01:00 · 0b542999d4
parent d59d170c4d
commit 0b542999d4
9 changed files with 108 additions and 79 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -210,7 +210,7 @@ jobs:
      shell: bash
    - run: cargo test --features rpk
      name: Run `rpk` tests
-    - run: cargo test --features post-quantum
+    - run: cargo test --features pq-experimental
-      name: Run `post-quantum` tests
+      name: Run `pq-experimental` tests
-    - run: cargo test --features post-quantum,rpk
+    - run: cargo test --features pq-experimental,rpk
-      name: Run `post-quantum,rpk` tests
+      name: Run `pq-experimental,rpk` tests
--- a/boring-sys/Cargo.toml
+++ b/boring-sys/Cargo.toml
@ -29,7 +29,7 @@ include = [
 ]
 [package.metadata.docs.rs]
-features = ["rpk", "post-quantum"]
+features = ["rpk", "pq-experimental"]
 rustdoc-args = ["--cfg", "docsrs"]
 [features]
@ -39,8 +39,8 @@ fips = []
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = []
-# Enables post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
+# Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
-post-quantum = []
+pq-experimental = []
 [build-dependencies]
 bindgen = { workspace = true }
--- a/boring-sys/build.rs
+++ b/boring-sys/build.rs
@ -347,14 +347,14 @@ fn ensure_patches_applied() -> io::Result<()> {
    run_command(&mut cmd)?;
-    if cfg!(feature = "post-quantum") {
+    if cfg!(feature = "pq-experimental") {
-        println!("cargo:warning=applying post quantum crypto patch to boringssl");
+        println!("cargo:warning=applying experimental post quantum crypto patch to boringssl");
-        run_apply_patch_script("scripts/apply_pq_patch.sh", "")?;
+        run_apply_patch_script("scripts/apply_pq_patch.sh")?;
    }
    if cfg!(feature = "rpk") {
        println!("cargo:warning=applying RPK patch to boringssl");
-        run_apply_patch_script("scripts/apply_rpk_patch.sh", "")?;
+        run_apply_patch_script("scripts/apply_rpk_patch.sh")?;
    }
    Ok(())
@ -375,17 +375,9 @@ fn run_command(command: &mut Command) -> io::Result<()> {
    Ok(())
 }
-fn run_apply_patch_script(
+fn run_apply_patch_script(script_path: impl AsRef<Path>) -> io::Result<()> {
    script_path: impl AsRef<Path>,
    from_dir: impl AsRef<Path>,
 ) -> io::Result<()> {
    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-
+    let src_path = manifest_dir.join(BORING_SSL_PATH).canonicalize()?;
    let src_path = manifest_dir
        .join(BORING_SSL_PATH)
        .join(from_dir)
        .canonicalize()?;
    let cmd_path = manifest_dir.join(script_path).canonicalize()?;
    let mut cmd = Command::new(cmd_path);
@ -395,12 +387,7 @@ fn run_apply_patch_script(
    Ok(())
 }
-fn main() {
+fn build_boring_from_sources() -> String {
    println!("cargo:rerun-if-env-changed=BORING_BSSL_PATH");
    #[cfg(all(feature = "fips", feature = "rpk"))]
    compile_error!("`fips` and `rpk` features are mutually exclusive");
    if !Path::new(BORING_SSL_PATH).join("CMakeLists.txt").exists() {
        println!("cargo:warning=fetching boringssl git submodule");
        // fetch the boringssl submodule
@ -421,7 +408,6 @@ fn main() {
    ensure_patches_applied().unwrap();
    let bssl_dir = std::env::var("BORING_BSSL_PATH").unwrap_or_else(|_| {
    let mut cfg = get_boringssl_cmake_config();
    if cfg!(feature = "fuzzing") {
@ -438,9 +424,24 @@ fn main() {
    cfg.build_target("ssl").build();
    cfg.build_target("crypto").build().display().to_string()
-    });
+}
 fn main() {
    println!("cargo:rerun-if-env-changed=BORING_BSSL_PATH");
    #[cfg(all(feature = "fips", feature = "rpk"))]
    compile_error!("`fips` and `rpk` features are mutually exclusive");
    let bssl_dir = std::env::var("BORING_BSSL_PATH");
    if bssl_dir.is_ok() && cfg!(any(feature = "rpk", feature = "pq-experimental")) {
        panic!("precompiled BoringSSL was provided, optional patches can't be applied to it");
    }
    let bssl_dir = bssl_dir.unwrap_or_else(|_| build_boring_from_sources());
    let build_path = get_boringssl_platform_output_path();
    if cfg!(feature = "fips") {
        println!(
            "cargo:rustc-link-search=native={}/build/crypto/{}",
--- a/boring-sys/patches/boring-pq.patch
+++ b/boring-sys/patches/boring-pq.patch
@ -1,4 +1,4 @@
-From 968000d0f6c94f49fa9b1dc4d0acadca9fd78f58 Mon Sep 17 00:00:00 2001
+From 4cba2164726c8d2647e38548a266a70c4942d567 Mon Sep 17 00:00:00 2001
 From: Bas Westerbaan <bas@cloudflare.com>
 Date: Fri, 22 Jul 2022 16:43:48 +0200
 Subject: [PATCH] Add temporary post-quantum key agreements
@ -39,11 +39,11 @@ Cf RTG-2076 RTG-2051 RTG-2508 RTG-2707 RTG-2607
 src/crypto/kyber/kyber768.c       |    4 +
 src/crypto/kyber/kyber_test.cc    |  229 ---
 src/crypto/kyber/kyber_tests.txt  |  905 ---------
- src/crypto/obj/obj_dat.h          |   10 +-
+ src/crypto/obj/obj_dat.h          |   14 +-
- src/crypto/obj/obj_mac.num        |    2 +
+ src/crypto/obj/obj_mac.num        |    3 +
- src/crypto/obj/objects.txt        |    4 +-
+ src/crypto/obj/objects.txt        |    5 +-
 src/include/openssl/kyber.h       |  199 +-
- src/include/openssl/nid.h         |    6 +
+ src/include/openssl/nid.h         |    9 +
 src/include/openssl/ssl.h         |    3 +
 src/sources.cmake                 |    2 -
 src/ssl/extensions.cc             |    3 +
@ -51,7 +51,7 @@ Cf RTG-2076 RTG-2051 RTG-2508 RTG-2707 RTG-2607
 src/ssl/ssl_lib.cc                |    2 +-
 src/ssl/ssl_test.cc               |   25 +-
 src/tool/speed.cc                 |  162 +-
- 26 files changed, 2788 insertions(+), 5447 deletions(-)
+ 26 files changed, 2797 insertions(+), 5447 deletions(-)
 delete mode 100644 src/crypto/kyber/internal.h
 delete mode 100644 src/crypto/kyber/keccak.c
 delete mode 100644 src/crypto/kyber/keccak_tests.txt
@ -7743,7 +7743,7 @@ index 486b163ea..000000000
 -ct = 7F60D2E6EE01AE6FBB198364141AF9A1AC4BA1B161CBDB16B86224FA77129864F00B71AA221DD1F300BA3EAFB2694610CA8F27C24CDFCD240961C27CF42D01561CCAF742379B19085C462270636676D6DCC5786E23D3881C83CD5FFD667C017FCA1F404A15A5BD368CD95A8FBDEBCCB9771B95958BDE3F65533190C0A758586094EBB86101582DC69FCCD7C2C1900D30648F360B4C805F143C8FE201D2DE242C66378439CBD304A30C67213F364F8FCBB202FFDCC290E85E8F0F718677FF8CB81D4AB3CF0DA5640C5F61B11A240099201D0BFAABECBBBB27A4623D77860BF52DC53A3AFB65ED2FCD4E9C9B1D1A996A643140CCE0D8B801728ED51BC3A47C9003375D8B19401E1C6841379A45BD2BE02A41222C4FE63E19C978D480E2D4E353AB957A1B81B74BBC7655A3D0261C8B2B06F6642BA4A5F8DD87B98B9AE355F57F8A5F978C6372BF594DF54DD8BF7650803EE13D9094B3EE86A1C3E2C21E4FD1F143D8A95CCE869DD365C29FA004070B0BDB899138FBF1D83EB9F76CBC112016C8CE1118FBDF76C3C907D1D3CAE2BA0BA5E419814DADEF0887CDC5817CA9C7B050574CF84009A6731136B39807687D3C3D6863C5D780BD6303F10A7D311D1C2A1C87039C17C6668501D572FC9D56B249ED0E95E17851AEBB45E288A32A1206C4FA475455309CD3D759CA19C47C0128A95DBD07E67937C0324B4B53BAB7402363FB32606387E2C419C0350943C8CB4760C2AA7D2FF9B1392E528B98493A61D2DC6D85CBF9E5759106D6BD1DAD276FB3AA45AAF75EB80BDB5D83AFFD7880371562100226B4E373B421B9EB3032938205012C6C083DD9E44BDFA842E280F03373F6E7E4DB5A50B4AA0B34789AF9AD051709B1E9ABDD71AD733DCC021DFA3A63609994F0FAFC5C1D88A39D46F81FA70E6164575321C2EBBB71F32893348AF887BAD2B1720CD5A86EA3774C1EBD53B15B9F01A4B5542A5F54053107E38ACE2594170B81DCD98D1CC47FEE808BE78DEBA05491F913ADE44B8914D65865EB0EB0F7E02DCBA1DE0D4B34E70485F83F96A5E41BBC064E3458473F43A70D51593F442EE2BD5B39E2C77C53BE83B9188101E3455C513BF4B8F744286BD529DA2804F804CE48E864A15F391A6793E4609279EAD144CDA084F3087678CA971EB22ED3B4B7FB740BE0407571F58DDE930D895140AD8EA096F06A3E255CD95AD48C4A46B99FF777B16452123A28D73B4A0CC0899C0CDAA1286FBE1C5FE95FA9418B5A473CC6ADBA14AFB06F080A544E49E148E492A8CE4BA9F4B5F781436F8FE30058A46F4D49A44E1FDE1B6F07E2A247CD3973AD76D3F473CAE88A2BAB3BEB78BD1875B240B23A901A9AD3F4421E5E355EAB0D3E1E197B246EB4F0861AEFB55BFD3BB54BF2CD6FFDCDFA0B78BAA674130CA2512B7069E7C33903A0A5EEEE7AF46FAFA52DD3F2E952CF909806B9CD2AA6826E823959A4BF03847BA50A4026FA0A72B78CBF6AA7FCD4908BA3BBCBDDE68708EC0AEC44B1E35C4E9E1EB7F01AFF0D9CE48F99BA01D78CEE
 -ss = 4793F705AED572ACE61DB13BEDE3900F2538EADDB904988C1F015BAC605A1093
 diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h
-index 654b3c08e..851e27ec3 100644
+index 654b3c08e..06f80f971 100644
 --- a/src/crypto/obj/obj_dat.h
 +++ b/src/crypto/obj/obj_dat.h
@@ -57,7 +57,7 @@
@ -7751,11 +7751,11 @@ index 654b3c08e..851e27ec3 100644
 -#define NUM_NID 965
-+#define NUM_NID 967
+#define NUM_NID 968
 static const uint8_t kObjectData[] = {
     /* NID_rsadsi */
-@@ -8784,6 +8784,10 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
+@@ -8784,6 +8784,12 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
     {"HKDF", "hkdf", NID_hkdf, 0, NULL, 0},
     {"X25519Kyber768Draft00", "X25519Kyber768Draft00",
      NID_X25519Kyber768Draft00, 0, NULL, 0},
@ -7763,10 +7763,12 @@ index 654b3c08e..851e27ec3 100644
 +     NID_X25519Kyber512Draft00, 0, NULL, 0},
 +    {"P256Kyber768Draft00", "P256Kyber768Draft00", NID_P256Kyber768Draft00, 0,
 +     NULL, 0},
 +    {"X25519Kyber768Draft00Old", "X25519Kyber768Draft00Old",
 +     NID_X25519Kyber768Draft00Old, 0, NULL, 0},
 };
 static const uint16_t kNIDsInShortNameOrder[] = {
-@@ -8916,6 +8920,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
+@@ -8916,6 +8922,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     18 /* OU */,
     749 /* Oakley-EC2N-3 */,
     750 /* Oakley-EC2N-4 */,
@ -7774,15 +7776,17 @@ index 654b3c08e..851e27ec3 100644
     9 /* PBE-MD2-DES */,
     168 /* PBE-MD2-RC2-64 */,
     10 /* PBE-MD5-DES */,
-@@ -8982,6 +8987,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
+@@ -8982,7 +8989,9 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     458 /* UID */,
     0 /* UNDEF */,
     948 /* X25519 */,
 +    965 /* X25519Kyber512Draft00 */,
     964 /* X25519Kyber768Draft00 */,
 +    967 /* X25519Kyber768Draft00Old */,
     961 /* X448 */,
     11 /* X500 */,
-@@ -9829,6 +9835,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
+     378 /* X500algorithms */,
@@ -9829,6 +9838,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     366 /* OCSP Nonce */,
     371 /* OCSP Service Locator */,
     180 /* OCSP Signing */,
@ -7790,29 +7794,32 @@ index 654b3c08e..851e27ec3 100644
     161 /* PBES2 */,
     69 /* PBKDF2 */,
     162 /* PBMAC1 */,
-@@ -9853,6 +9860,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
+@@ -9853,7 +9863,9 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     133 /* Time Stamping */,
     375 /* Trust Root */,
     948 /* X25519 */,
 +    965 /* X25519Kyber512Draft00 */,
     964 /* X25519Kyber768Draft00 */,
 +    967 /* X25519Kyber768Draft00Old */,
     961 /* X448 */,
     12 /* X509 */,
     402 /* X509v3 AC Targeting */,
 diff --git a/src/crypto/obj/obj_mac.num b/src/crypto/obj/obj_mac.num
-index a0519acee..239780c9f 100644
+index a0519acee..caeb5eaed 100644
 --- a/src/crypto/obj/obj_mac.num
 +++ b/src/crypto/obj/obj_mac.num
-@@ -952,3 +952,5 @@ X448		961
+@@ -952,3 +952,6 @@ X448		961
 sha512_256		962
 hkdf		963
 X25519Kyber768Draft00		964
 +X25519Kyber512Draft00		965
 +P256Kyber768Draft00		966
 +X25519Kyber768Draft00Old		967
 diff --git a/src/crypto/obj/objects.txt b/src/crypto/obj/objects.txt
-index 3ad32ea3d..a5d786a8e 100644
+index 3ad32ea3d..aa1404d83 100644
 --- a/src/crypto/obj/objects.txt
 +++ b/src/crypto/obj/objects.txt
-@@ -1332,8 +1332,10 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
+@@ -1332,8 +1332,11 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
                  : dh-std-kdf
                  : dh-cofactor-kdf
@ -7821,6 +7828,7 @@ index 3ad32ea3d..a5d786a8e 100644
 + : X25519Kyber512Draft00
  : X25519Kyber768Draft00
 + : P256Kyber768Draft00
 + : X25519Kyber768Draft00Old
 # See RFC 8410.
 1 3 101 110 : X25519
@ -8043,10 +8051,10 @@ index cafae9d17..074ac5906 100644
 #if defined(__cplusplus)
 }  // extern C
 diff --git a/src/include/openssl/nid.h b/src/include/openssl/nid.h
-index 4dd8841b1..78747f437 100644
+index 4dd8841b1..8237efb74 100644
 --- a/src/include/openssl/nid.h
 +++ b/src/include/openssl/nid.h
-@@ -4255,6 +4255,12 @@ extern "C" {
+@@ -4255,6 +4255,15 @@ extern "C" {
 #define SN_X25519Kyber768Draft00 "X25519Kyber768Draft00"
 #define NID_X25519Kyber768Draft00 964
@ -8055,6 +8063,9 @@ index 4dd8841b1..78747f437 100644
 +
 +#define SN_P256Kyber768Draft00 "P256Kyber768Draft00"
 +#define NID_P256Kyber768Draft00 966
 +
 +#define SN_X25519Kyber768Draft00Old "X25519Kyber768Draft00Old"
 +#define NID_X25519Kyber768Draft00Old 967
 +
 #if defined(__cplusplus)
@ -8101,7 +8112,7 @@ index 5ee280221..0a706c411 100644
     default:
       return false;
 diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc
-index 09a9ad380..4e28112f4 100644
+index 09a9ad380..f7d2226e3 100644
 --- a/src/ssl/ssl_key_share.cc
 +++ b/src/ssl/ssl_key_share.cc
@@ -26,6 +26,7 @@
@ -8574,7 +8585,7 @@ index 09a9ad380..4e28112f4 100644
     {NID_X25519Kyber768Draft00, SSL_CURVE_X25519_KYBER768_DRAFT00,
 -     "X25519Kyber768Draft00", ""},
 +        "X25519Kyber768Draft00", "Xyber768D00"},
-+    {NID_X25519Kyber768Draft00, SSL_CURVE_X25519_KYBER768_DRAFT00_OLD,
+    {NID_X25519Kyber768Draft00Old, SSL_CURVE_X25519_KYBER768_DRAFT00_OLD,
 +        "X25519Kyber768Draft00Old", "Xyber768D00Old"},
 +    {NID_P256Kyber768Draft00, SSL_CURVE_P256_KYBER768_DRAFT00,
 +        "P256Kyber768Draft00", "P256Kyber768D00"}
--- a/boring/Cargo.toml
+++ b/boring/Cargo.toml
@ -12,7 +12,7 @@ categories = ["cryptography", "api-bindings"]
 edition = { workspace = true }
 [package.metadata.docs.rs]
-features = ["rpk", "post-quantum"]
+features = ["rpk", "pq-experimental"]
 rustdoc-args = ["--cfg", "docsrs"]
 [features]
@ -22,8 +22,8 @@ fips = ["boring-sys/fips"]
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["boring-sys/rpk"]
-# Enables post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
+# Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
-post-quantum = ["boring-sys/post-quantum"]
+pq-experimental = ["boring-sys/pq-experimental"]
 [dependencies]
 bitflags = { workspace = true }
--- a/boring/src/lib.rs
+++ b/boring/src/lib.rs
@ -48,10 +48,24 @@
 //! The crate can be compiled with [RawPublicKey](https://datatracker.ietf.org/doc/html/rfc7250)
 //! support by turning on `rpk` compilation feature.
 //!
-//! ## Post-quantum cryptography
+//! ## Experimental post-quantum cryptography
 //!
 //! The crate can be compiled with [post-quantum cryptography](https://blog.cloudflare.com/post-quantum-for-all/)
 //! support by turning on `post-quantum` compilation feature.
 //!
 //! Upstream BoringSSL support the post-quantum hybrid key agreement `X25519Kyber768Draft00`. Most
 //! users should stick to that one. Enabling this feature, adds a few other post-quantum key
 //! agreements:
 //!
 //! - `X25519Kyber768Draft00Old` is the same as `X25519Kyber768Draft00`, but under its old codepoint.
 //! -`X25519Kyber512Draft00`. Similar to `X25519Kyber768Draft00`, but uses level 1 parameter set for
 //! Kyber. Not recommended. It's useful to test whether the shorter ClientHello upsets fewer middle
 //! boxes.
 //! - `P256Kyber768Draft00`. Similar again to `X25519Kyber768Draft00`, but uses P256 as classical
 //! part. It uses a non-standard codepoint. Not recommended.
 //!
 //! Presently all these key agreements are deployed by Cloudflare, but we do not guarantee continued
 //! support for them.
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -633,14 +633,17 @@ impl SslCurve {
    pub const X25519: SslCurve = SslCurve(ffi::NID_X25519);
-    #[cfg(feature = "post-quantum")]
+    #[cfg(not(feature = "fips"))]
    pub const X25519_KYBER768_DRAFT00: SslCurve = SslCurve(ffi::NID_X25519Kyber768Draft00);
    #[cfg(feature = "pq-experimental")]
    pub const X25519_KYBER768_DRAFT00_OLD: SslCurve = SslCurve(ffi::NID_X25519Kyber768Draft00Old);
    #[cfg(feature = "pq-experimental")]
    pub const X25519_KYBER512_DRAFT00: SslCurve = SslCurve(ffi::NID_X25519Kyber512Draft00);
-    #[cfg(feature = "post-quantum")]
+    #[cfg(feature = "pq-experimental")]
    pub const P256_KYBER768_DRAFT00: SslCurve = SslCurve(ffi::NID_P256Kyber768Draft00);
    #[cfg(feature = "post-quantum")]
    pub const X25519_KYBER768_DRAFT00: SslCurve = SslCurve(ffi::NID_X25519Kyber768Draft00);
 }
 /// A standard implementation of protocol selection for Application Layer Protocol Negotiation
--- a/hyper-boring/Cargo.toml
+++ b/hyper-boring/Cargo.toml
@ -11,7 +11,7 @@ readme = "README.md"
 exclude = ["test/*"]
 [package.metadata.docs.rs]
-features = ["rpk", "post-quantum"]
+features = ["rpk", "pq-experimental"]
 rustdoc-args = ["--cfg", "docsrs"]
 [features]
@ -25,8 +25,8 @@ fips = ["tokio-boring/fips"]
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["tokio-boring/rpk"]
-# Enables post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
+# Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
-post-quantum = ["tokio-boring/post-quantum"]
+pq-experimental = ["tokio-boring/pq-experimental"]
 [dependencies]
--- a/tokio-boring/Cargo.toml
+++ b/tokio-boring/Cargo.toml
@ -12,7 +12,7 @@ An implementation of SSL streams for Tokio backed by BoringSSL
 """
 [package.metadata.docs.rs]
-features = ["rpk", "post-quantum"]
+features = ["rpk", "pq-experimental"]
 rustdoc-args = ["--cfg", "docsrs"]
 [features]
@ -22,8 +22,8 @@ fips = ["boring/fips"]
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["boring/rpk"]
-# Enables post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
+# Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
-post-quantum = ["boring/post-quantum"]
+pq-experimental = ["boring/pq-experimental"]
 [dependencies]
 boring = { workspace = true }