Building S2N-TLS with AWS libcrypto with PQ support

0

I built S2N-TLS with AWS libcrypto with PQ support as provided below. When I connect to KMS endpoint I need to choose a weird policy to have PQ cipers negotiated. How to connect over TLS 1.3 and PQ support properly? Also KEM Group is NONE.

[ec2-user@ip-172-31-0-117 bin]$ ./s2nc -c KMS-PQ-TLS-1-0-2020-07 kms.eu-central-2.amazonaws.com
CONNECTED:
Handshake: NEGOTIATED|FULL_HANDSHAKE|TLS12_PERFECT_FORWARD_SECRECY
Client hello version: 33
Client protocol version: 33
Server protocol version: 33
Actual protocol version: 33
Server name: kms.eu-central-2.amazonaws.com
Curve: secp256r1
KEM: kyber512r3
KEM Group: NONE
Cipher negotiated: ECDHE-KYBER-RSA-AES256-GCM-SHA384
Server signature negotiated: RSA+SHA256
Early Data status: NOT REQUESTED
Wire bytes in: 6565
Wire bytes out: 1099
s2n is ready
Connected to kms.eu-central-2.amazonaws.com:443

Here is how I built it. I used a t3.small (smaller instance types have too less memory to compile) instance with Amazon Linux 2023.

1/ Building libcrypto

git clone https://github.com/aws/aws-lc 
cd aws-lc
mkdir build
cd build
cmake -G Ninja \
        -DBUILD_SHARED_LIBS=ON \
        -DCMAKE_INSTALL_LIBDIR=lib \
        -DCMAKE_INSTALL_PREFIX=/lc-install ..
cmake --build .
sudo cmake --install . 

2/ Building s2n-tls

# clone s2n-tls
git clone https://github.com/aws/s2n-tls.git
cd s2n-tls

# install build dependencies
sudo yum groupinstall "Development Tools"
sudo yum install cmake3

# build s2n-tls
cmake . -Bbuild \
    -DCMAKE_BUILD_TYPE=Release \
    -DCMAKE_INSTALL_PREFIX=./s2n-tls-install \
    -DCMAKE_PREFIX_PATH=/lc-install
cmake --build build -j $(nproc)
CTEST_PARALLEL_LEVEL=$(nproc) ctest --test-dir build
cmake --install build
AWS
preguntada hace 2 meses155 visualizaciones
2 Respuestas
2
Respuesta aceptada

PQ key exchange is different in TLS1.2 vs TLS1.3.

The old TLS1.2 mechanism involved a cipher suite (ECDHE-KYBER-RSA-AES256-GCM-SHA384 in your example) and a KEM (kyber512r3 in your example). In TLS1.2, the key exchange method is defined by the cipher suite. The old TLS1.2 mechanism is not recommended and may be removed from s2n-tls.

The new TLS1.3 mechanism only involves a KEM group (x25519_kyber-512-r3 in your example). In TLS1.3, key exchange and cipher suite are independent, so PQ key exchange is unrelated to the cipher suite negotiated. Notice that the negotiated cipher suite (TLS_AES_256_GCM_SHA384) only defines an encryption algorithm ("AES256-GCM") and a hash algorithm ("SHA384"). In TLS1.3, key exchange method is defined by the "supported_groups" extension instead of the cipher suite. For PQ support, "hybrid PQ key exchange" is used, which means negotiating a PQ algorithm alongside the classical group. Notice that the "KEM group" includes both the classical "x25519" and the PQ "kyber512" options. That ensures you get the benefits of both classical and PQ key exchange, which is safer than using either alone.

So it looks to me like both your handshakes successfully used PQ, but you should prefer the TLS1.3 one.

AWS
respondido hace 2 meses
0

Found another cipher suite that is working.

It seem to use TLS1.3 now (proto version and MIDDLEBOX_COMPAT), however the negotiated cipher is no longer consist of Kyber. Also, the KEM (Key Encapsulation Mechnism) is set to NONE but there is now a KEM Group.

Potentially, this lacks only the proper explanation, but how do I connect to an KMS endpoint by using TLS1.3 and PQ-Ciphers?

[ec2-user@ip-172-31-0-117 bin]$ ./s2nc -c PQ-TLS-1-0-2021-05-23 kms.eu-central-2.amazonaws.com
CONNECTED:
Handshake: NEGOTIATED|FULL_HANDSHAKE|MIDDLEBOX_COMPAT
Client hello version: 33
Client protocol version: 34
Server protocol version: 34
Actual protocol version: 34
Server name: kms.eu-central-2.amazonaws.com
Curve: NONE
KEM: NONE
KEM Group: x25519_kyber-512-r3
Cipher negotiated: TLS_AES_256_GCM_SHA384
Server signature negotiated: RSA-PSS-RSAE+SHA256
Early Data status: NOT REQUESTED
Wire bytes in: 6586
Wire bytes out: 1224
s2n is ready
Connected to kms.eu-central-2.amazonaws.com:443
AWS
respondido hace 2 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas