Add ML-KEM Feature Probe and Test (#4823)

aws · Oct 9, 2024 · ce0234e · ce0234e
1 parent 4a1bfee
commit ce0234e
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 0 deletions.
diff --git a/crypto/s2n_libcrypto.h b/crypto/s2n_libcrypto.h
@@ -17,6 +17,7 @@
 
 #include "utils/s2n_result.h"
 
+uint64_t s2n_libcrypto_awslc_api_version(void);
 S2N_RESULT s2n_libcrypto_validate_runtime(void);
 const char *s2n_libcrypto_get_version_name(void);
 bool s2n_libcrypto_supports_flag_no_check_time();
diff --git a/crypto/s2n_pq.c b/crypto/s2n_pq.c
@@ -33,3 +33,15 @@ bool s2n_pq_is_enabled()
 {
     return s2n_libcrypto_supports_evp_kem();
 }
+
+bool s2n_libcrypto_supports_mlkem()
+{
+    /* S2N_LIBCRYPTO_SUPPORTS_MLKEM will be auto-detected and #defined if
+     * ./tests/features/S2N_LIBCRYPTO_SUPPORTS_MLKEM.c successfully compiles
+     */
+#if defined(S2N_LIBCRYPTO_SUPPORTS_MLKEM)
+    return true;
+#else
+    return false;
+#endif
+}
diff --git a/crypto/s2n_pq.h b/crypto/s2n_pq.h
@@ -23,3 +23,4 @@
 
 bool s2n_pq_is_enabled(void);
 bool s2n_libcrypto_supports_evp_kem(void);
+bool s2n_libcrypto_supports_mlkem(void);
diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_MLKEM.c b/tests/features/S2N_LIBCRYPTO_SUPPORTS_MLKEM.c
@@ -0,0 +1,31 @@
+/*
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+*/
+
+#include <openssl/evp.h>
+#include <openssl/nid.h>
+
+int main()
+{
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_KEM, NULL);
+    if (ctx == NULL) {
+        return 1;
+    }
+    if (!EVP_PKEY_CTX_kem_set_params(ctx, NID_MLKEM768)) {
+        EVP_PKEY_CTX_free(ctx);
+        return 1;
+    }
+    EVP_PKEY_CTX_free(ctx);
+    return 0;
+}
diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_MLKEM.flags b/tests/features/S2N_LIBCRYPTO_SUPPORTS_MLKEM.flags
diff --git a/tests/unit/s2n_pq_mlkem_test.c b/tests/unit/s2n_pq_mlkem_test.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include "api/s2n.h"
+#include "crypto/s2n_libcrypto.h"
+#include "crypto/s2n_openssl.h"
+#include "crypto/s2n_pq.h"
+#include "s2n_test.h"
+#include "testlib/s2n_testlib.h"
+
+int main()
+{
+    BEGIN_TEST();
+    /* MLKEM Support was added to AWSLC when AWSLC_API_VERSION == 29 */
+    if (s2n_libcrypto_is_awslc() && s2n_libcrypto_awslc_api_version() >= 30) {
+        EXPECT_TRUE(s2n_libcrypto_supports_mlkem());
+    } else if (s2n_libcrypto_is_awslc() && s2n_libcrypto_awslc_api_version() < 29) {
+        EXPECT_FALSE(s2n_libcrypto_supports_mlkem());
+    }
+
+    END_TEST();
+}