Building S2N-TLS with AWS libcrypto with PQ support

0

I built S2N-TLS with AWS libcrypto with PQ support as provided below. When I connect to KMS endpoint I need to choose a weird policy to have PQ cipers negotiated. How to connect over TLS 1.3 and PQ support properly? Also KEM Group is NONE.

[ec2-user@ip-172-31-0-117 bin]$ ./s2nc -c KMS-PQ-TLS-1-0-2020-07 kms.eu-central-2.amazonaws.com
CONNECTED:
Handshake: NEGOTIATED|FULL_HANDSHAKE|TLS12_PERFECT_FORWARD_SECRECY
Client hello version: 33
Client protocol version: 33
Server protocol version: 33
Actual protocol version: 33
Server name: kms.eu-central-2.amazonaws.com
Curve: secp256r1
KEM: kyber512r3
KEM Group: NONE
Cipher negotiated: ECDHE-KYBER-RSA-AES256-GCM-SHA384
Server signature negotiated: RSA+SHA256
Early Data status: NOT REQUESTED
Wire bytes in: 6565
Wire bytes out: 1099
s2n is ready
Connected to kms.eu-central-2.amazonaws.com:443

Here is how I built it. I used a t3.small (smaller instance types have too less memory to compile) instance with Amazon Linux 2023.

1/ Building libcrypto

git clone https://github.com/aws/aws-lc 
cd aws-lc
mkdir build
cd build
cmake -G Ninja \
        -DBUILD_SHARED_LIBS=ON \
        -DCMAKE_INSTALL_LIBDIR=lib \
        -DCMAKE_INSTALL_PREFIX=/lc-install ..
cmake --build .
sudo cmake --install . 

2/ Building s2n-tls

# clone s2n-tls
git clone https://github.com/aws/s2n-tls.git
cd s2n-tls

# install build dependencies
sudo yum groupinstall "Development Tools"
sudo yum install cmake3

# build s2n-tls
cmake . -Bbuild \
    -DCMAKE_BUILD_TYPE=Release \
    -DCMAKE_INSTALL_PREFIX=./s2n-tls-install \
    -DCMAKE_PREFIX_PATH=/lc-install
cmake --build build -j $(nproc)
CTEST_PARALLEL_LEVEL=$(nproc) ctest --test-dir build
cmake --install build
AWS
已提問 2 個月前檢視次數 151 次
2 個答案
2
已接受的答案

PQ key exchange is different in TLS1.2 vs TLS1.3.

The old TLS1.2 mechanism involved a cipher suite (ECDHE-KYBER-RSA-AES256-GCM-SHA384 in your example) and a KEM (kyber512r3 in your example). In TLS1.2, the key exchange method is defined by the cipher suite. The old TLS1.2 mechanism is not recommended and may be removed from s2n-tls.

The new TLS1.3 mechanism only involves a KEM group (x25519_kyber-512-r3 in your example). In TLS1.3, key exchange and cipher suite are independent, so PQ key exchange is unrelated to the cipher suite negotiated. Notice that the negotiated cipher suite (TLS_AES_256_GCM_SHA384) only defines an encryption algorithm ("AES256-GCM") and a hash algorithm ("SHA384"). In TLS1.3, key exchange method is defined by the "supported_groups" extension instead of the cipher suite. For PQ support, "hybrid PQ key exchange" is used, which means negotiating a PQ algorithm alongside the classical group. Notice that the "KEM group" includes both the classical "x25519" and the PQ "kyber512" options. That ensures you get the benefits of both classical and PQ key exchange, which is safer than using either alone.

So it looks to me like both your handshakes successfully used PQ, but you should prefer the TLS1.3 one.

AWS
已回答 2 個月前
0

Found another cipher suite that is working.

It seem to use TLS1.3 now (proto version and MIDDLEBOX_COMPAT), however the negotiated cipher is no longer consist of Kyber. Also, the KEM (Key Encapsulation Mechnism) is set to NONE but there is now a KEM Group.

Potentially, this lacks only the proper explanation, but how do I connect to an KMS endpoint by using TLS1.3 and PQ-Ciphers?

[ec2-user@ip-172-31-0-117 bin]$ ./s2nc -c PQ-TLS-1-0-2021-05-23 kms.eu-central-2.amazonaws.com
CONNECTED:
Handshake: NEGOTIATED|FULL_HANDSHAKE|MIDDLEBOX_COMPAT
Client hello version: 33
Client protocol version: 34
Server protocol version: 34
Actual protocol version: 34
Server name: kms.eu-central-2.amazonaws.com
Curve: NONE
KEM: NONE
KEM Group: x25519_kyber-512-r3
Cipher negotiated: TLS_AES_256_GCM_SHA384
Server signature negotiated: RSA-PSS-RSAE+SHA256
Early Data status: NOT REQUESTED
Wire bytes in: 6586
Wire bytes out: 1224
s2n is ready
Connected to kms.eu-central-2.amazonaws.com:443
AWS
已回答 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南