Added support for P-384

Also massively refactored the NIST P-XXX key derivation process to make
it generic over the key length. This prepares the groundwork for when
the `p521` crate will be ready for consumption.

Cargo.toml

@@ -7,15 +7,19 @@ readme = "README.md"
 version = "0.10.0"
 authors = ["Michael Rosenberg <michael@mrosenberg.pub>"]
 edition = "2021"
+resolver = "2"
 license = "MIT/Apache-2.0"
 keywords = ["cryptography", "crypto", "key-exchange", "encryption", "aead"]
 categories = ["cryptography", "no-std"]
 
 [features]
 # "p256" enables the use of ECDH-NIST-P256 as a KEM
+# "p384" enables the use of ECDH-NIST-P384 as a KEM
 # "x25519" enables the use of the X25519 as a KEM
-default = ["alloc", "p256", "x25519"]
-x25519 = ["x25519-dalek"]
+default = ["alloc", "p256", "p384", "x25519"]
+x25519 = ["dep:x25519-dalek"]
+p384 = ["dep:p384"]
+p256 = ["dep:p256"]
 # Include serde Serialize/Deserialize impls for all relevant types
 serde_impls = ["serde", "generic-array/serde"]
 # Include allocating methods like open() and seal()
@@ -33,7 +37,8 @@ digest = "0.10"
 hkdf = "0.12"
 hmac = "0.12"
 rand_core = { version = "0.6", default-features = false }
-p256 = { version = "0.11", default-features = false, features = ["arithmetic", "ecdh" ], optional = true}
+p256 = { version = "0.12", default-features = false, features = ["arithmetic", "ecdh" ], optional = true}
+p384 = { version = "0.12", default-features = false, features = ["arithmetic", "ecdh" ], optional = true}
 sha2 = { version = "0.10", default-features = false }
 serde = { version = "1.0", default-features = false, optional = true }
 subtle = { version = "2.4", default-features = false }
@@ -48,8 +53,7 @@ optional = true
 [dev-dependencies]
 criterion = { version = "0.4", features = ["html_reports"] }
 hex = "0.4"
-serde = "1.0"
-serde_derive = "1.0"
+serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rand = { version = "0.8", default-features = false, features = ["getrandom", "std_rng"] }
 
@@ -59,7 +63,7 @@ required-features = ["x25519"]
 
 [[example]]
 name = "agility"
-required-features = ["p256", "x25519"]
+required-features = ["p256", "p384", "x25519"]
 
 # Tell docs.rs to build docs with `--all-features` and `--cfg docsrs` (for nightly docs features)
 [package.metadata.docs.rs]

examples/agility.rs

@@ -15,7 +15,7 @@
 use hpke::{
     aead::{Aead, AeadCtxR, AeadCtxS, AeadTag, AesGcm128, AesGcm256, ChaCha20Poly1305},
     kdf::{HkdfSha256, HkdfSha384, HkdfSha512, Kdf as KdfTrait},
-    kem::{DhP256HkdfSha256, Kem as KemTrait, X25519HkdfSha256},
+    kem::{DhP256HkdfSha256, DhP384HkdfSha384, Kem as KemTrait, X25519HkdfSha256},
     setup_receiver, setup_sender, Deserializable, HpkeError, OpModeR, OpModeS, PskBundle,
     Serializable,
 };
@@ -308,6 +308,7 @@ fn agile_gen_keypair<R: CryptoRng + RngCore>(kem_alg: KemAlg, csprng: &mut R) ->
     match kem_alg {
         KemAlg::X25519HkdfSha256 => do_gen_keypair!(X25519HkdfSha256, kem_alg, csprng),
         KemAlg::DhP256HkdfSha256 => do_gen_keypair!(DhP256HkdfSha256, kem_alg, csprng),
+        KemAlg::DhP384HkdfSha384 => do_gen_keypair!(DhP384HkdfSha384, kem_alg, csprng),
         _ => unimplemented!(),
     }
 }
@@ -678,7 +679,11 @@ fn main() {
         AeadAlg::AesGcm256,
         AeadAlg::ChaCha20Poly1305,
     ];
-    let supported_kem_algs = &[KemAlg::X25519HkdfSha256, KemAlg::DhP256HkdfSha256];
+    let supported_kem_algs = &[
+        KemAlg::X25519HkdfSha256,
+        KemAlg::DhP256HkdfSha256,
+        KemAlg::DhP384HkdfSha384,
+    ];
     let supported_kdf_algs = &[KdfAlg::HkdfSha256, KdfAlg::HkdfSha384, KdfAlg::HkdfSha512];
 
     // For every combination of supported algorithms, test an encryption-decryption round trip

src/aead.rs

@@ -730,4 +730,33 @@ mod test {
             crate::kem::DhP256HkdfSha256
         );
     }
+
+    #[cfg(all(feature = "p384", any(feature = "alloc", feature = "std")))]
+    mod p384_tests {
+        use super::*;
+
+        test_export_idempotence!(test_export_idempotence_p384, crate::kem::DhP384HkdfSha384);
+        test_exportonly_panics!(
+            test_exportonly_panics_p384_seal,
+            test_exportonly_panics_p384_open,
+            crate::kem::DhP384HkdfSha384
+        );
+        test_overflow!(test_overflow_p384, crate::kem::DhP384HkdfSha384);
+
+        test_ctx_correctness!(
+            test_ctx_correctness_aes128_p384,
+            AesGcm128,
+            crate::kem::DhP384HkdfSha384
+        );
+        test_ctx_correctness!(
+            test_ctx_correctness_aes256_p384,
+            AesGcm256,
+            crate::kem::DhP384HkdfSha384
+        );
+        test_ctx_correctness!(
+            test_ctx_correctness_chacha_p384,
+            ChaCha20Poly1305,
+            crate::kem::DhP384HkdfSha384
+        );
+    }
 }

src/dhkex.rs

@@ -67,12 +67,14 @@ pub trait DhKeyExchange {
     ) -> (Self::PrivateKey, Self::PublicKey);
 }
 
-#[cfg(feature = "p256")]
+#[cfg(any(feature = "p256", feature = "p384"))]
 pub(crate) mod ecdh_nistp;
 #[cfg(feature = "p256")]
-pub use ecdh_nistp::DhP256;
+pub use ecdh_nistp::p256::DhP256;
+#[cfg(feature = "p384")]
+pub use ecdh_nistp::p384::DhP384;
 
-#[cfg(feature = "x25519-dalek")]
+#[cfg(feature = "x25519")]
 pub(crate) mod x25519;
-#[cfg(feature = "x25519-dalek")]
+#[cfg(feature = "x25519")]
 pub use x25519::X25519;