Remove PQ TLS 1.2 Support

bin/policy.c

@@ -102,10 +102,6 @@ int main(int argc, char *const *argv)
     if (policy->kem_preferences && policy->kem_preferences != &kem_preferences_null) {
         printf("pq:\n");
         printf("- revision: %i\n", policy->kem_preferences->tls13_pq_hybrid_draft_revision);
-        printf("- kems:\n");
-        for (size_t i = 0; i < policy->kem_preferences->kem_count; i++) {
-            printf("-- %s\n", policy->kem_preferences->kems[i]->name);
-        }
         printf("- kem groups:\n");
         for (size_t i = 0; i < policy->kem_preferences->tls13_kem_group_count; i++) {
             printf("-- %s\n", policy->kem_preferences->tls13_kem_groups[i]->name);

bindings/rust/extended/s2n-tls/src/connection.rs

@@ -1000,6 +1000,34 @@ impl Connection {
         }
     }
 
+    pub fn kem_group_name(&self) -> Option<&str> {
+            let name_bytes = {
+                let name = unsafe { s2n_connection_get_kem_group_name(self.connection.as_ptr()) };
+                if name.is_null() {
+                    return None;
+                }
+                name
+            };
+
+            let name_str = unsafe {
+                // SAFETY: The data is null terminated because it is declared as a C
+                //         string literal.
+                // SAFETY: kem_name has a static lifetime because it lives on a const
+                //         struct s2n_kem with file scope.
+                const_str!(name_bytes)
+            };
+
+            match name_str {
+                Ok("NONE") => None,
+                Ok(name) => Some(name),
+                Err(_) => {
+                    // Unreachable: This would indicate a non-utf-8 string literal in
+                    // the s2n-tls C codebase.
+                    None
+                }
+            }
+        }
+
     pub fn selected_curve(&self) -> Result<&str, Error> {
         let curve = unsafe { s2n_connection_get_curve(self.connection.as_ptr()).into_result()? };
         unsafe {

bindings/rust/extended/s2n-tls/src/testing/s2n_tls.rs

@@ -44,12 +44,12 @@ mod tests {
 
         // PQ is supported
         {
-            let policy = Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?;
+            let policy = Policy::from_version("default_pq")?;
             let config = build_config(&policy)?;
             let mut pair = TestPair::from_config(&config);
 
             pair.handshake().unwrap();
-            assert_eq!(pair.client.kem_name(), Some("kyber512r3"));
+            assert_eq!(pair.client.kem_group_name(), Some("X25519MLKEM768"));
         }
 
         Ok(())

bindings/rust/standard/integration/src/lib.rs

@@ -16,11 +16,11 @@ mod tests {
     #[cfg(feature = "pq")]
     #[test]
     fn pq_sanity_check() -> Result<(), Box<dyn std::error::Error>> {
-        let config = testing::build_config(&Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?)?;
+        let config = testing::build_config(&Policy::from_version("default_pq")?)?;
         let mut pair = TestPair::from_config(&config);
         pair.handshake()?;
 
-        if pair.client.kem_name().is_none() {
+        if pair.client.kem_group_name().is_none() {
             panic!(
                 "PQ tests are enabled, but PQ functionality is unavailable. \
                 Are you sure that the libcrypto supports PQ?"

bindings/rust/standard/integration/src/network/tls_client.rs

@@ -46,40 +46,18 @@ mod kms_pq {
     // supports ML-KEM.
     #[test_log::test(tokio::test)]
     async fn pq_handshake() -> Result<(), Box<dyn std::error::Error>> {
-        let policy = Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?;
+        let policy = Policy::from_version("PQ-TLS-1-2-2023-10-09")?;
         let tls = handshake_with_domain(DOMAIN, &policy).await?;
 
         assert_eq!(
             tls.as_ref().cipher_suite()?,
-            "ECDHE-KYBER-RSA-AES256-GCM-SHA384"
+            "TLS_AES_256_GCM_SHA384"
         );
-        assert_eq!(tls.as_ref().kem_name(), Some("kyber512r3"));
+        assert_eq!(tls.as_ref().kem_group_name(), Some("secp256r1_kyber-512-r3"));
 
         Ok(())
     }
 
-    // We want to confirm that non-supported kyber drafts successfully fall
-    // back to a full handshake.
-    #[test_log::test(tokio::test)]
-    async fn early_draft_falls_back_to_classical() -> Result<(), Box<dyn std::error::Error>> {
-        const EARLY_DRAFT_PQ_POLICIES: &[&str] = &[
-            "KMS-PQ-TLS-1-0-2019-06",
-            "PQ-SIKE-TEST-TLS-1-0-2019-11",
-            "KMS-PQ-TLS-1-0-2020-02",
-            "PQ-SIKE-TEST-TLS-1-0-2020-02",
-        ];
-
-        for security_policy in EARLY_DRAFT_PQ_POLICIES {
-            let policy = Policy::from_version(security_policy)?;
-            let tls = handshake_with_domain(DOMAIN, &policy).await?;
-
-            assert_eq!(tls.as_ref().cipher_suite()?, "ECDHE-RSA-AES256-GCM-SHA384");
-            assert_eq!(tls.as_ref().kem_name(), None);
-        }
-        Ok(())
-    }
-}
-
 #[test_log::test(tokio::test)]
 async fn tls_client() -> Result<(), Box<dyn std::error::Error>> {
     // The akamai request should be in internet_https_client.rs but Akamai

error/s2n_errno.c

@@ -255,6 +255,7 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_UNSUPPORTED_EXTENSION, "Illegal use of a known, supported extension") \
     ERR_ENTRY(S2N_ERR_MISSING_EXTENSION, "Mandatory extension not received") \
     ERR_ENTRY(S2N_ERR_DUPLICATE_EXTENSION, "Extension block contains two or more extensions of the same type") \
+    ERR_ENTRY(S2N_ERR_DEPRECATED_SECURITY_POLICY, "Deprecated security policy") \
     ERR_ENTRY(S2N_ERR_INVALID_SECURITY_POLICY, "Invalid security policy") \
     ERR_ENTRY(S2N_ERR_INVALID_KEM_PREFERENCES, "Invalid kem preferences version") \
     ERR_ENTRY(S2N_ERR_INVALID_PARSED_EXTENSIONS, "Invalid parsed extension data") \

error/s2n_errno.h

@@ -295,6 +295,7 @@ typedef enum {
     S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES,
     S2N_ERR_RSA_PSS_NOT_SUPPORTED,
     S2N_ERR_INVALID_ECC_PREFERENCES,
+    S2N_ERR_DEPRECATED_SECURITY_POLICY,
     S2N_ERR_INVALID_SECURITY_POLICY,
     S2N_ERR_INVALID_KEM_PREFERENCES,
     S2N_ERR_ASYNC_ALREADY_PERFORMED,

tests/cbmc/sources/make_common_datastructures.c

@@ -599,9 +599,7 @@ void cbmc_populate_s2n_kex_parameters(struct s2n_kex_parameters *s2n_kex_paramet
 	 * If required, these initializations should be done in the proof harness.
 	 */
 	cbmc_populate_s2n_kem_group_params(&(s2n_kex_parameters->server_kem_group_params));
-	cbmc_populate_s2n_kem_params(&(s2n_kex_parameters->kem_params));
 	cbmc_populate_s2n_blob(&(s2n_kex_parameters->client_key_exchange_message));
-	cbmc_populate_s2n_blob(&(s2n_kex_parameters->client_pq_kem_extension));
 }
 
 void cbmc_populate_s2n_crypto_parameters(struct s2n_crypto_parameters *s2n_crypto_parameters)

tests/fuzz/s2n_client_key_recv_fuzz_test.c

@@ -121,15 +121,11 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
     POSIX_GUARD(s2n_connection_get_ecc_preferences(server_conn, &ecc_preferences));
     POSIX_ENSURE_REF(ecc_preferences);
 
-    if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
+    if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv) {
         server_conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_preferences->ecc_curves[0];
         s2n_ecc_evp_generate_ephemeral_key(&server_conn->kex_params.server_ecc_evp_params);
     }
 
-    if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_kem_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
-        server_conn->kex_params.kem_params.kem = &s2n_kyber_512_r3;
-    }
-
     /* Run Test
      * Do not use GUARD macro here since the connection memory hasn't been freed.
      */

tests/unit/s2n_choose_supported_group_test.c

@@ -142,8 +142,6 @@ int main()
     /* Test for PQ */
     {
         const struct s2n_kem_preferences test_kem_prefs = {
-            .kem_count = 0,
-            .kems = NULL,
             .tls13_kem_group_count = kem_preferences_all.tls13_kem_group_count,
             .tls13_kem_groups = kem_preferences_all.tls13_kem_groups,
         };