Skip to content

Add XWingDraft06 KEM support to hpke-rs, and replace evercrypt provider with new libcrux provider #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 57 commits into from
Apr 16, 2025
Merged

Add XWingDraft06 KEM support to hpke-rs, and replace evercrypt provider with new libcrux provider #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
d2eaab6
move evercrypt_provider to libcrux_provider
wysiwys Apr 10, 2025
fb358ee
update Cargo.toml
wysiwys Apr 10, 2025
525bcb9
add `.gitignore`
wysiwys Apr 10, 2025
cfdb846
begin replacing with pure Rust crates
wysiwys Apr 10, 2025
0d76c01
formatting
wysiwys Apr 10, 2025
2b9e49d
clarify documentation
wysiwys Apr 10, 2025
88737df
update rand dependency, traits, and provider
wysiwys Apr 10, 2025
77a6305
documentation
wysiwys Apr 10, 2025
453cbea
use provided prng
wysiwys Apr 10, 2025
92f78eb
formatting
wysiwys Apr 10, 2025
91b8ca5
add todo for HpkeExport
wysiwys Apr 10, 2025
89432d1
fixup tests and providers
franziskuskiefer Apr 11, 2025
d9de081
wip: add xwing-06; bug in p256
franziskuskiefer Apr 14, 2025
d9e5fb7
generate pk and sk separately in `kem_key_gen()`
wysiwys Apr 14, 2025
d98e874
documentation
wysiwys Apr 14, 2025
853a5cd
support XWingKemDraft06 in `kem_key_gen()`
wysiwys Apr 14, 2025
401eda0
add error handling
wysiwys Apr 14, 2025
fcbadf3
update benchmarks
wysiwys Apr 14, 2025
1224350
update benchmarks
wysiwys Apr 14, 2025
681e598
more concise way to get rng from `rand` in benchmarks
wysiwys Apr 14, 2025
293988d
remove debugging statements
wysiwys Apr 14, 2025
a3d706e
wrap sha algorithm conversion
wysiwys Apr 14, 2025
07e54d2
error handling
wysiwys Apr 14, 2025
1b5b33f
fix lints
wysiwys Apr 14, 2025
b590d42
only convert enum types when needed
wysiwys Apr 14, 2025
5f225b5
inline internal `secret_to_public` function
wysiwys Apr 14, 2025
f0e0c29
remove `TODO`
wysiwys Apr 14, 2025
0e632a5
feature-gate rand std features
wysiwys Apr 15, 2025
524cb3c
feature-gate hpke-rs-crypto std feature in hpke-rs
wysiwys Apr 15, 2025
4d68e4b
remove unused dependency
wysiwys Apr 15, 2025
cacc7fc
replace documentation link
wysiwys Apr 15, 2025
3f5d823
remove commented line
wysiwys Apr 15, 2025
7316f7a
update Cargo.toml
wysiwys Apr 15, 2025
1ba1d73
enable custom getrandom backend
wysiwys Apr 15, 2025
cd4157b
support no-std in provider
wysiwys Apr 15, 2025
10877b6
no-std rand dependencies (mostly)
wysiwys Apr 15, 2025
7f60260
depend on updated libcrux dependencies in new dev branch
wysiwys Apr 15, 2025
c9219a1
documentation
wysiwys Apr 15, 2025
d002455
update repo links in `Cargo.toml` files
wysiwys Apr 15, 2025
323f152
replace references to evercrypt
wysiwys Apr 15, 2025
9f571f0
remove executable permission on files
wysiwys Apr 16, 2025
a838a0a
test that libcrux provider does not support these algorithms
wysiwys Apr 16, 2025
6e2c5d6
add chacha20poly1305 test
wysiwys Apr 16, 2025
3a17447
add std feature to libcrux provider
wysiwys Apr 16, 2025
897dadb
depend on `main` branch of libcrux
wysiwys Apr 16, 2025
bec5f3a
Merge branch 'main' into wysiwys/hpke-rs-libcrux
wysiwys Apr 16, 2025
3f5df73
fix permissions on `.gitignore`
wysiwys Apr 16, 2025
77295cd
error handling
wysiwys Apr 16, 2025
75c93ae
update CHANGELOG
wysiwys Apr 16, 2025
4ad195f
clarify text
wysiwys Apr 16, 2025
57d0917
update version and changelog
wysiwys Apr 16, 2025
8fa0bb8
minor version
wysiwys Apr 16, 2025
2d1e833
more changelog updates
wysiwys Apr 16, 2025
d575b2b
update version
wysiwys Apr 16, 2025
5d93351
reset changelog for new crate
wysiwys Apr 16, 2025
6c9ae94
formatting
wysiwys Apr 16, 2025
7688297
remove unimplemented item
wysiwys Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
100755 → 100644
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Cargo.lock
**/*.rs.bk
.vscode/
evercrypt_provider/target
libcrux_provider/target
no-std-support-check/target
rust_crypto_provider/target
traits/target/
Expand Down
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [0.2.1] - Unreleased

- [#72](https://github.com/cryspen/hpke-rs/pull/72):
- add support for X-Wing KEM
- upgrade rand dependency from 0.8 -> 0.9
- replace Evercrypt provider with Libcrux provider
- [#66](https://github.com/franziskuskiefer/hpke-rs/pull/66): add support for secp256k1 curve. This adds `DhKemK256 = 0x0016` to the `KemAlgorithms`

## [0.2.0] - 2023-12-01
Expand Down
24 changes: 15 additions & 9 deletions Cargo.toml
100755 → 100644
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,42 +1,48 @@
[package]
name = "hpke-rs"
version = "0.2.1-pre.1"
version = "0.2.1-alpha.1"
authors = ["Franziskus Kiefer <[email protected]>"]
edition = "2021"
license = "MPL-2.0"
documentation = "https://docs.rs/hpke-rs"
description = "HPKE Implementation"
readme = "Readme.md"
repository = "https://github.com/franziskuskiefer/hpke-rs"
repository = "https://github.com/cryspen/hpke-rs"
exclude = ["/tests"]

[dependencies]
log = "0.4"
serde = { version = "1.0", features = ["derive"], optional = true }
tls_codec = { version = "0.4.1-pre.1", features = ["derive"], optional = true }
zeroize = { version = "1.5", features = ["zeroize_derive"] }
hpke-rs-crypto = { version = "0.2.0", path = "./traits" }
hpke-rs-crypto = { version = "0.3.0-alpha.1", path = "./traits", default-features = false }
rand_core = { version = "0.9", default-features = false}
libcrux-sha3 = { version = "0.0.2" }

[features]
default = []
std = []
std = ["rand_core/std", "hpke-rs-crypto/std"]
serialization = ["serde", "tls_codec", "tls_codec/serde", "std"]
hazmat = []
hpke-test = ["std"]
hpke-test-prng = [] # ⚠️ Enable testing PRNG - DO NOT USE
hpke-test-prng = [] # ⚠️ Enable testing PRNG - DO NOT USE

[dev-dependencies]
hpke-rs-crypto = { version = "0.2.0", path = "./traits", features = ["std"] }
hpke-rs-crypto = { version = "0.3.0-alpha.1", path = "./traits", features = [
"std",
] }
serde_json = "1.0"
serde = { version = "1.0", features = ["derive"] }
lazy_static = "1.4"
rayon = "1.5"
hpke-rs = { path = ".", features = ["hpke-test", "hazmat"] }
hpke-rs-rust-crypto = { version = "0.2.0", path = "./rust_crypto_provider", features = [
hpke-rs-rust-crypto = { version = "0.3.0-alpha.1", path = "./rust_crypto_provider", features = [
"deterministic-prng",
] }
hpke-rs-libcrux = { version = "0.2.0-alpha.1", path = "./libcrux_provider", features = [
"deterministic-prng",
] }
# hpke-rs-evercrypt = { version = "0.1.3-pre.1", path = "./evercrypt_provider", features = ["deterministic-prng"] }
rand = { version = "0.8" }
rand = { version = "0.9" }
pretty_env_logger = "0.5"
criterion = { version = "0.5", features = ["html_reports"] }

Expand Down
2 changes: 1 addition & 1 deletion Readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Instead it expects an implementation of the [HpkeCrypto] trait.
[crate-link]: https://crates.io/crates/hpke-rs
[docs-badge]: https://img.shields.io/badge/docs-rs-blue.svg?style=for-the-badge
[docs-link]: https://docs.rs/hpke-rs
[evercrypt]: https://github.com/franziskuskiefer/evercrypt-rust
[libcrux]: https://github.com/cryspen/libcrux
[hpke (RFC 9180)]: https://www.rfc-editor.org/rfc/rfc9180.html
[hpkecrypto]: https://docs.rs/hpke-rs-crypto
[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg?style=for-the-badge
47 changes: 23 additions & 24 deletions benches/bench.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,8 @@ use hpke_rs_crypto::{
types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm},
HpkeCrypto, RngCore,
};
// use hpke_rs_evercrypt::*;
use hpke_rs_libcrux::HpkeLibcrux;
use hpke_rs_rust_crypto::*;
use rand::rngs::OsRng;

const MODES: [Mode; 4] = [
HpkeMode::Base,
Expand Down Expand Up @@ -81,13 +80,13 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
(None, None)
};

let mut group = c.benchmark_group(format!("{}", label));
let mut group = c.benchmark_group(label.to_string());
group.bench_function("Setup Sender", |b| {
b.iter(|| {
let mut hpke =
Hpke::<Crypto>::new(hpke_mode, kem_mode, kdf_mode, aead_mode);
hpke.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -102,7 +101,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
Hpke::<Crypto>::new(hpke_mode, kem_mode, kdf_mode, aead_mode);
hpke.setup_receiver(
enc,
&sk_rm,
sk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -112,24 +111,24 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
})
});

group.bench_function(&format!("Seal {}({})", AEAD_PAYLOAD, AEAD_AAD), |b| {
group.bench_function(format!("Seal {}({})", AEAD_PAYLOAD, AEAD_AAD), |b| {
b.iter_batched(
|| {
let mut hpke =
Hpke::<Crypto>::new(hpke_mode, kem_mode, kdf_mode, aead_mode);
let (_enc, context) = hpke
.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
sk_sm.as_ref(),
)
.unwrap();
let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);
(context, aad, ptxt)
},
|(mut context, aad, ptxt)| {
Expand All @@ -138,30 +137,30 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
BatchSize::SmallInput,
)
});
group.bench_function(&format!("Open {}({})", AEAD_PAYLOAD, AEAD_AAD), |b| {
group.bench_function(format!("Open {}({})", AEAD_PAYLOAD, AEAD_AAD), |b| {
b.iter_batched(
|| {
let mut hpke =
Hpke::<Crypto>::new(hpke_mode, kem_mode, kdf_mode, aead_mode);
let (enc, mut sender_context) = hpke
.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
sk_sm.as_ref(),
)
.unwrap();
let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);
let ctxt = sender_context.seal(&aad, &ptxt).unwrap();

let context = hpke
.setup_receiver(
&enc,
&sk_rm,
sk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -178,23 +177,23 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
});

group.bench_function(
&format!("Single-Shot Seal {}({})", AEAD_PAYLOAD, AEAD_AAD),
format!("Single-Shot Seal {}({})", AEAD_PAYLOAD, AEAD_AAD),
|b| {
b.iter_batched(
|| {
let hpke = Hpke::<Crypto>::new(
hpke_mode, kem_mode, kdf_mode, aead_mode,
);
let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);
(hpke, aad, ptxt)
},
|(mut hpke, aad, ptxt)| {
let _ctxt = hpke
.seal(
&pk_rm,
pk_rm,
&info,
&aad,
&ptxt,
Expand All @@ -209,7 +208,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
},
);
group.bench_function(
&format!("Single-Shot Open {}({})", AEAD_PAYLOAD, AEAD_AAD),
format!("Single-Shot Open {}({})", AEAD_PAYLOAD, AEAD_AAD),
|b| {
b.iter_batched(
|| {
Expand All @@ -218,17 +217,17 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
);
let (enc, mut sender_context) = hpke
.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
sk_sm.as_ref(),
)
.unwrap();
let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);
let ctxt = sender_context.seal(&aad, &ptxt).unwrap();

(hpke, aad, ctxt, enc)
Expand All @@ -237,7 +236,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {
let _ctxt_out = hpke
.open(
&enc,
&sk_rm,
sk_rm,
&info,
&aad,
&ctxt,
Expand All @@ -259,7 +258,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>(c: &mut Criterion) {

criterion_group!(
benches,
// benchmark::<HpkeEvercrypt>,
benchmark::<HpkeLibcrux>,
benchmark::<HpkeRustCrypto>,
);
criterion_main!(benches);
25 changes: 12 additions & 13 deletions benches/manual_benches.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@ use hpke_rs_crypto::{
types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm},
HpkeCrypto, RngCore,
};
// use hpke_rs_evercrypt::*;
use hpke_rs_libcrux::HpkeLibcrux;
use hpke_rs_rust_crypto::*;
use rand::rngs::OsRng;

fn duration(d: Duration) -> f64 {
((d.as_secs() as f64) + (d.subsec_nanos() as f64 * 1e-9)) * 1000000f64
Expand Down Expand Up @@ -103,7 +102,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
Hpke::<Crypto>::new(hpke_mode, kem_mode, kdf_mode, aead_mode);
let _sender = hpke
.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -121,7 +120,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
let _receiver = hpke
.setup_receiver(
enc,
&sk_rm,
sk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -135,17 +134,17 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {

let (enc, mut context) = hpke
.setup_sender(
&pk_rm,
pk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
sk_sm.as_ref(),
)
.unwrap();
let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);

let mut ctxts = Vec::with_capacity((AEAD_PAYLOAD + 16) * ITERATIONS);
let start = Instant::now();
Expand All @@ -165,7 +164,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
let mut context = hpke
.setup_receiver(
&enc,
&sk_rm,
sk_rm,
&info,
psk.as_ref().map(Vec::as_ref),
psk_id.as_ref().map(Vec::as_ref),
Expand All @@ -190,17 +189,17 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
assert_eq!(ptxts[0], ptxt);

let mut aad = vec![0u8; AEAD_AAD];
OsRng.fill_bytes(&mut aad);
rand::rng().fill_bytes(&mut aad);
let mut ptxt = vec![0u8; AEAD_PAYLOAD];
OsRng.fill_bytes(&mut ptxt);
rand::rng().fill_bytes(&mut ptxt);

let mut enc = Vec::<u8>::new();
let mut ctxt = Vec::<u8>::new();
let start = Instant::now();
for _ in 0..ITERATIONS {
let (new_enc, new_ctxt) = hpke
.seal(
&pk_rm,
pk_rm,
&info,
&aad,
&ptxt,
Expand All @@ -227,7 +226,7 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
ptxt_out = hpke
.open(
&enc,
&sk_rm,
sk_rm,
&info,
&aad,
&ctxt,
Expand All @@ -253,6 +252,6 @@ fn benchmark<Crypto: HpkeCrypto + 'static>() {
}

fn main() {
// benchmark::<HpkeEvercrypt>();
benchmark::<HpkeLibcrux>();
benchmark::<HpkeRustCrypto>();
}
36 changes: 0 additions & 36 deletions evercrypt_provider/Cargo.toml
View file
Open in desktop

This file was deleted.

Loading
Loading