s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard
verified publisher icon aws

Remove the length-prefixed logic for PQ key shares

Open CarolYeh910 opened this issue 2 months ago • 0 comments

Problem:

While working on the pure ML-KEM PR #5586, I learned from Alex that all of the length prefixing logic for PQ should eventually be removed from s2n-tls. It was only used in draft standards, and we have only promised customers to support PQ draft standards (i.e. tls13_pq_hybrid_draft_revision < 5) until the end of 2025. This means any values and logic that handles anything other than 5 can be removed eventually.

We should clean up the length-prefixed format for PQ and simplify the key share logic.

Need By Date:

N/A

Solution:

  • Remove the len_prefixed field from s2n_kem_params (added in #3800) and relevant logic. https://github.com/aws/s2n-tls/blob/cfa12ae6a9289e406483a0da2fbe8d0ac1521904/tls/s2n_kem.h#L73

  • Delete the length-prefixed tests in the key share unit tests: s2n_server_key_share_extension_test and s2n_client_key_share_extension_pq_test.

CarolYeh910 avatar Nov 07 '25 23:11 CarolYeh910