Closed Bug 1631890 Opened 1 year ago Closed 1 year ago

HPKE (draft-irtf-cfrg-hpke) support for ESNI

Categories

(NSS :: Libraries, enhancement, P2)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kjacobs, Assigned: kjacobs)

References

Details

Attachments

(1 file)

The latest ESNI draft [0] relies on HPKE [1] to create the encrypted CH. This bug tracks implementation of the latter.

[0] https://tools.ietf.org/html/draft-ietf-tls-esni-06
[1] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-02

Priority: -- → P2
Assignee: nobody → kjacobs.bugzilla
Status: NEW → ASSIGNED

I've started an implementation of this in cryptohi which would use individual PK11 functions, mechanisms, and keys as necessary (similar to the TLS13 key scheduling). It was brought to my attention that HACL* has an implementation that would push this down into freebl, at the cost of plumbing it through PK11 with custom mechanisms.

Bob, do you have a strong opinion on which path we take?

Flags: needinfo?(rrelyea)

So it looks like HPKE is built on basic crypto primitives without directly accessing the underlying CSPs (that is you don' need to actually extract a key). PKCS #11 already has all the primitives it needs except the generic KEM interface. It might be worth exploring defining the KEM basic API for PKCS #11 (C_GenerateKeyPair () for GenerateKeyPair, maybe wrap/unwrap for Marshall, unmarshal, derive for encap/decap, etc), and mechanisms for KEM. I don't hink the entire HPKE should be pushed to the PKCS #11 layer.

Upshot, ideally we should pushd the KEM under PKCS #11. For now you can probably just implement a pk11wrap interface for KEM and we can look into pushing KEM lower at a later data. Probably implement HPKE at the pk11wrap layer itself because it's likely to have other users than tls.

bob

Flags: needinfo?(rrelyea)
Severity: -- → S3
Blocks: 1654332
Attachment #9145968 - Attachment description: Bug 1631890 - WIP draft-irtf-cfrg-hpke → Bug 1631890 - WIP draft-irtf-cfrg-hpke-04
Attachment #9145968 - Attachment description: Bug 1631890 - WIP draft-irtf-cfrg-hpke-04 → Bug 1631890 - WIP draft-irtf-cfrg-hpke-05
Depends on: 1658992
Attachment #9145968 - Attachment description: Bug 1631890 - WIP draft-irtf-cfrg-hpke-05 → Bug 1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).
Depends on: 1667153
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 3.58
You need to log in before you can comment on or make changes to this bug.