Stabilize ML-KEM & KDFs; bump to v1.12.0 (#628)

* Stabilize ML-KEM; bump to v1.12.0 * Stabilize KDF APIs * Drop support for Kyber Round 3 * Only need to test prebuilt nasm w/ aws-lc-sys
aws · Dec 16, 2024 · 809cd7d · 809cd7d
1 parent c75bc5c
commit 809cd7d
Show file tree

Hide file tree

Showing 13 changed files with 531 additions and 897 deletions.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -149,7 +149,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        crate: [ aws-lc-sys, aws-lc-rs ]
         args:
           - publish --dry-run
     steps:
@@ -170,8 +169,7 @@ jobs:
           else
             exit 0;
           fi
-      - name: ${{ matrix.crate }}
-        working-directory: ./${{ matrix.crate }}
+      - working-directory: ./aws-lc-sys
         shell: bash
         run: AWS_LC_SYS_PREBUILT_NASM=1 cargo publish --dry-run
 

diff --git a/aws-lc-rs-testing/benches/kem_benchmark.rs b/aws-lc-rs-testing/benches/kem_benchmark.rs
@@ -3,20 +3,14 @@
 
 use aws_lc_rs::{
     kem::DecapsulationKey,
-    unstable::kem::{get_algorithm, AlgorithmId},
+    kem::{Algorithm, ML_KEM_1024, ML_KEM_512, ML_KEM_768},
 };
 use criterion::{criterion_group, criterion_main, Criterion};
 
-#[allow(deprecated)]
-const UNSTABLE_ALGORITHMS: &[Option<&aws_lc_rs::kem::Algorithm<AlgorithmId>>] = &[
-    get_algorithm(AlgorithmId::Kyber512_R3),
-    get_algorithm(AlgorithmId::Kyber768_R3),
-    get_algorithm(AlgorithmId::Kyber1024_R3),
-];
+const KEM_ALGORITHMS: &[Algorithm; 3] = &[ML_KEM_512, ML_KEM_768, ML_KEM_1024];
 
 fn bench_kem_keygen(c: &mut Criterion) {
-    for ele in UNSTABLE_ALGORITHMS {
-        let ele = ele.unwrap();
+    for ele in KEM_ALGORITHMS {
         let bench_group_name = format!("KEM/{:?}/keygen", ele.id());
         let mut group = c.benchmark_group(bench_group_name);
         group.bench_function("AWS-LC", |b| {
@@ -28,8 +22,7 @@ fn bench_kem_keygen(c: &mut Criterion) {
 }
 
 fn bench_kem_encapsulate(c: &mut Criterion) {
-    for ele in UNSTABLE_ALGORITHMS {
-        let ele = ele.unwrap();
+    for ele in KEM_ALGORITHMS {
         let bench_group_name = format!("KEM/{:?}/encapsulate", ele.id());
         let mut group = c.benchmark_group(bench_group_name);
         group.bench_function("AWS-LC", |b| {
@@ -46,8 +39,7 @@ fn bench_kem_encapsulate(c: &mut Criterion) {
 }
 
 fn bench_kem_decapsulate(c: &mut Criterion) {
-    for ele in UNSTABLE_ALGORITHMS {
-        let ele = ele.unwrap();
+    for ele in KEM_ALGORITHMS {
         let bench_group_name = format!("KEM/{:?}/decapsulate", ele.id());
         let mut group = c.benchmark_group(bench_group_name);
         group.bench_function("AWS-LC", |b| {

diff --git a/aws-lc-rs/Cargo.toml b/aws-lc-rs/Cargo.toml
@@ -1,9 +1,9 @@
 [package]
 name = "aws-lc-rs"
 authors = ["AWS-LibCrypto"]
-version = "1.11.1"
+version = "1.12.0"
 # this crate re-exports whatever sys crate that was selected
-links = "aws_lc_rs_1_11_1_sys"
+links = "aws_lc_rs_1_12_0_sys"
 edition = "2021"
 rust-version = "1.63.0"
 keywords = ["crypto", "cryptography", "security"]

diff --git a/aws-lc-rs/Makefile b/aws-lc-rs/Makefile
@@ -32,14 +32,12 @@ test:
 	cargo test --all-targets --features unstable
 	cargo test --release --all-targets
 	cargo test --release --all-targets --features bindgen,unstable
-ifeq ($(UNAME_S),Linux)
 	cargo test --release --all-targets --features fips,unstable
-	cargo test --no-default-features --features fips,unstable
-endif
-	cargo test --no-default-features --features aws-lc-sys,unstable
-	cargo test --no-default-features --features aws-lc-sys,ring-sig-verify,unstable
-	cargo test --no-default-features --features aws-lc-sys,ring-io,unstable
-	cargo test --no-default-features --features aws-lc-sys,alloc,unstable
+	cargo test --no-default-features --all-targets --features fips,unstable
+	cargo test --no-default-features --all-targets --features aws-lc-sys,unstable
+	cargo test --no-default-features --all-targets --features aws-lc-sys,ring-sig-verify,unstable
+	cargo test --no-default-features --all-targets --features aws-lc-sys,ring-io,unstable
+	cargo test --no-default-features --all-targets --features aws-lc-sys,alloc,unstable
 
 msrv:
 	cargo msrv verify