Add HPKE support for P-384/P-521 KEMs and HKDF-SHA384 (#14420)

* Expand HPKE with additional KEMs and HKDF-SHA384

* Document expanded HPKE KEM and KDF support

* Fix HPKE test typing compatibility on Python 3.8

* Add HPKE tests for helper edge paths and coverage

* Remove unreachable HPKE KEM branches for full coverage

* Limit HPKE expansion PR to HKDF-SHA384 only

* Define SHA384 lazy import for HPKE KDF

* Remove redundant HPKE KDF changelog entry

* Fix changelog list formatting for docs build

Author: bitloi

docs/hazmat/primitives/hpke.rst

@@ -89,6 +89,10 @@ specifying auxiliary authenticated information.
 
         HKDF-SHA256
 
+    .. attribute:: HKDF_SHA384
+
+        HKDF-SHA384
+
 .. class:: AEAD
 
     An enumeration of authenticated encryption algorithms.

src/cryptography/hazmat/bindings/_rust/openssl/hpke.pyi

@@ -10,6 +10,7 @@ class KEM:
 
 class KDF:
     HKDF_SHA256: KDF
+    HKDF_SHA384: KDF
     HKDF_SHA512: KDF
 
 class AEAD:

src/rust/src/backend/hpke.rs

@@ -22,6 +22,7 @@ mod kem_params {
 
 mod kdf_params {
     pub const HKDF_SHA256_ID: u16 = 0x0001;
+    pub const HKDF_SHA384_ID: u16 = 0x0002;
     pub const HKDF_SHA512_ID: u16 = 0x0003;
 }
 
@@ -67,13 +68,15 @@ pub(crate) enum KEM {
 #[derive(Clone, PartialEq, Eq, Hash)]
 pub(crate) enum KDF {
     HKDF_SHA256,
+    HKDF_SHA384,
     HKDF_SHA512,
 }
 
 impl KDF {
     fn id(&self) -> u16 {
         match self {
             KDF::HKDF_SHA256 => kdf_params::HKDF_SHA256_ID,
+            KDF::HKDF_SHA384 => kdf_params::HKDF_SHA384_ID,
             KDF::HKDF_SHA512 => kdf_params::HKDF_SHA512_ID,
         }
     }
@@ -84,6 +87,7 @@ impl KDF {
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
         match self {
             KDF::HKDF_SHA256 => Ok(types::SHA256.get(py)?.call0()?),
+            KDF::HKDF_SHA384 => Ok(types::SHA384.get(py)?.call0()?),
             KDF::HKDF_SHA512 => Ok(types::SHA512.get(py)?.call0()?),
         }
     }

src/rust/src/types.rs

@@ -308,6 +308,8 @@ pub static SHA1: LazyPyImport =
     LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA1"]);
 pub static SHA256: LazyPyImport =
     LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA256"]);
+pub static SHA384: LazyPyImport =
+    LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA384"]);
 pub static SHA512: LazyPyImport =
     LazyPyImport::new("cryptography.hazmat.primitives.hashes", &["SHA512"]);
 

tests/hazmat/primitives/test_hpke.py

@@ -25,7 +25,7 @@
 SUPPORTED_SUITES = list(
     itertools.product(
         [KEM.X25519],
-        [KDF.HKDF_SHA256, KDF.HKDF_SHA512],
+        [KDF.HKDF_SHA256, KDF.HKDF_SHA384, KDF.HKDF_SHA512],
         [AEAD.AES_128_GCM, AEAD.AES_256_GCM, AEAD.CHACHA20_POLY1305],
     )
 )