Closed sgmenda-aws closed 1 month ago
Attention: Patch coverage is 75.58685%
with 52 lines
in your changes missing coverage. Please review.
Project coverage is 78.33%. Comparing base (
1d0fb39
) to head (e4d7872
).
Files | Patch % | Lines |
---|---|---|
crypto/hpke/hpke.c | 65.75% | 50 Missing :warning: |
crypto/hpke/hpke_test.cc | 97.01% | 1 Missing and 1 partial :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Description of changes:
Add experimental support for using AWS-LC KEMs from the
hpke.h
interface:KEM
toEVP_HPKE_KEM
and instantiate it for ML-KEM and PQ/T KEMs.find_by_id
for kem, kdf, and aead to simplify use from ACCP.speed.cc
to enable benchmarking of single-shot encrypt/decrypt.kem_id
Call-outs:
I tried to unify the
EVP_HPKE_KEM
API and the existingKEM
API, but they are incomparable.EVP_HPKE_KEM
does length-checking and supports authentication (auth_encaps
andauth_decaps
methods), whileKEM
does not. One approach to unify would be to combineEVP_HPKE_KEM
with the KEM portion ofEVP_PKEY_METHOD
(inp_kem.c
), but that would have required a lot of refactoring and introduce lots of merge conflicts between this experimental branch andmain
. And even if we did all that refactoring, it would only be slightly cleaner to look at, not significantly improve performance or maintainability.Testing:
HPKETest
is updated to test correctness with the new added KEMs and to test the newly added single-shot andfind_by_id
APIs.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.