search

aws / aws-lc

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Other
354 stars 111 forks source link

Add PQ key exchange OIDs #1730

Closed WillChilds-Klein closed 1 month ago

WillChilds-Klein commented 2 months ago

Description of changes:

The OID values are taken from OQS's openssl provider.

The only manual changes in this PR were to crypto/obj/objects.txt. The rest were generated by running go run objects.go in the crypto/obj/ directory.

Call-outs:

n/a

Testing:

# tested using this python fork https://github.com/WillChilds-Klein/cpython/tree/pq-tls

$ cat test.py
import ssl
import socket

assert "AWS-LC" in ssl.OPENSSL_VERSION

ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ctx.set_ecdh_curve("X25519Kyber768Draft00")
ctx.load_verify_locations("/etc/ssl/certs/ca-certificates.crt")

host = "secretsmanager.us-east-1.amazonaws.com"
sock = socket.create_connection((host, 443))
ssock = ctx.wrap_socket(sock, server_hostname=host)
ssock.close()
print("success!")

$ ./python test.py
success!
Screenshot 2024-07-31 at 8 08 58 PM

pcap screenshot of above client Hello:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

codecov-commenter commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.30%. Comparing base (b929d74) to head (0ac3576).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1730 +/- ## ======================================= Coverage 78.30% 78.30% ======================================= Files 580 580 Lines 96624 96623 -1 Branches 13853 13853 ======================================= + Hits 75661 75662 +1 + Misses 20347 20346 -1 + Partials 616 615 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.