Fix compatibility issues with PQ TLS 1.3 Security Policies found duri…

…ng integration testing (#2974) * Fix compatibility issues with PQ TLS 1.3 Security Policies * Address Feedback * Address Feedback v2
aws · Jul 23, 2021 · 6634572 · 6634572
1 parent d756aa2
commit 6634572
Show file tree

Hide file tree

Showing 7 changed files with 195 additions and 11 deletions.
diff --git a/tests/unit/s2n_kex_with_kem_test.c b/tests/unit/s2n_kex_with_kem_test.c
@@ -198,6 +198,10 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-23", &s2n_sike_p434_r3));
         EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_sike_p503_r1));
         EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_sike_p434_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_sike_p503_r1));
+        EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_sike_p434_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_sike_p503_r1));
+        EXPECT_SUCCESS(do_kex_with_kem(&sike_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_sike_p434_r3));
 
         EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "KMS-PQ-TLS-1-0-2019-06", &s2n_bike1_l1_r1));
         EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "KMS-PQ-TLS-1-0-2020-02", &s2n_bike1_l1_r1));
@@ -229,6 +233,12 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_bike1_l1_r1));
         EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_bike1_l1_r2));
         EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_bike_l1_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_bike1_l1_r1));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_bike1_l1_r2));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_bike_l1_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_bike1_l1_r1));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_bike1_l1_r2));
+        EXPECT_SUCCESS(do_kex_with_kem(&bike_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_bike_l1_r3));
 
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "KMS-PQ-TLS-1-0-2020-07", &s2n_kyber_512_r2));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-1-2021-05-17", &s2n_kyber_512_r2));
@@ -243,10 +253,14 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-22", &s2n_kyber_512_r2));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-23", &s2n_kyber_512_r2));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_kyber_512_r2));
+        EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_kyber_512_r2));
+        EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_kyber_512_r2));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-1-2021-05-21", &s2n_kyber_512_r3));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-22", &s2n_kyber_512_r3));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-23", &s2n_kyber_512_r3));
         EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-24", &s2n_kyber_512_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-25", &s2n_kyber_512_r3));
+        EXPECT_SUCCESS(do_kex_with_kem(&kyber_test_suite, "PQ-TLS-1-0-2021-05-26", &s2n_kyber_512_r3));
 
         /* Test Failure cases */
         EXPECT_FAILURE_WITH_ERRNO(do_kex_with_kem(&sike_test_suite, "KMS-PQ-TLS-1-0-2019-06", &s2n_sike_p434_r3), S2N_ERR_KEM_UNSUPPORTED_PARAMS);

diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c
@@ -36,19 +36,52 @@ int main(int argc, char **argv)
             EXPECT_TRUE(security_policy->kem_preferences->tls13_kem_group_count <= S2N_SUPPORTED_KEM_GROUPS_COUNT);
 
             /* Ensure all TLS 1.3 KEM groups in all policies are in the global list of all supported KEM groups */
-            for(int i = 0; i < security_policy->kem_preferences->tls13_kem_group_count; i++) {
+            for(size_t i = 0; i < security_policy->kem_preferences->tls13_kem_group_count; i++) {
                 const struct s2n_kem_group *kem_group = security_policy->kem_preferences->tls13_kem_groups[i];
 
-                int kem_group_is_supported = 0;
-                for (int j = 0; j < S2N_SUPPORTED_KEM_GROUPS_COUNT; j++) {
+                bool kem_group_is_supported = false;
+                for (size_t j = 0; j < S2N_SUPPORTED_KEM_GROUPS_COUNT; j++) {
                     if (kem_group->iana_id == ALL_SUPPORTED_KEM_GROUPS[j]->iana_id) {
-                        kem_group_is_supported = 1;
+                        kem_group_is_supported = true;
                         break;
                     }
                 }
                 EXPECT_TRUE(kem_group_is_supported);
             }
         }
+
+        /* TLS 1.3 Cipher suites have TLS 1.3 Signature Algorithms Test */
+        bool has_tls_13_cipher = false;
+        for(size_t i = 0; i < security_policy->cipher_preferences->count; i++){
+            if (security_policy->cipher_preferences->suites[i]->minimum_required_tls_version == S2N_TLS13) {
+                has_tls_13_cipher = true;
+                break;
+            }
+        }
+
+        /* If a TLS 1.3 Cipher is present in the Security Policy, then the minimum required TLS 1.3 signature algorithms
+         * must be present as well. */
+        if (has_tls_13_cipher) {
+            bool has_tls_13_sig_alg = false;
+            bool has_rsa_pss = false;
+
+            for(size_t i = 0; i < security_policy->signature_preferences->count; i++) {
+                int min = security_policy->signature_preferences->signature_schemes[i]->minimum_protocol_version;
+                int max = security_policy->signature_preferences->signature_schemes[i]->maximum_protocol_version;
+                s2n_signature_algorithm sig_alg = security_policy->signature_preferences->signature_schemes[i]->sig_alg;
+
+                if (min == S2N_TLS13 || max >= S2N_TLS13) {
+                    has_tls_13_sig_alg = true;
+                }
+
+                if (sig_alg == S2N_SIGNATURE_RSA_PSS_PSS || sig_alg == S2N_SIGNATURE_RSA_PSS_RSAE) {
+                    has_rsa_pss = true;
+                }
+            }
+
+            EXPECT_TRUE(has_tls_13_sig_alg);
+            EXPECT_TRUE(has_rsa_pss);
+        }
     }
 
     const struct s2n_security_policy *security_policy = NULL;
@@ -167,6 +200,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-18", &security_policy));
@@ -177,6 +211,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-19", &security_policy));
@@ -187,6 +222,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-20", &security_policy));
@@ -197,6 +233,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-1-2021-05-21", &security_policy));
@@ -207,6 +244,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-22", &security_policy));
@@ -217,6 +255,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-23", &security_policy));
@@ -227,6 +266,7 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-24", &security_policy));
@@ -237,6 +277,29 @@ int main(int argc, char **argv)
         EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
         EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
         EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207);
+
+        security_policy = NULL;
+        EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-25", &security_policy));
+        EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy));
+        EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy));
+        EXPECT_EQUAL(7, security_policy->kem_preferences->kem_count);
+        EXPECT_NOT_NULL(security_policy->kem_preferences->kems);
+        EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
+        EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
+        EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20140601);
+
+        security_policy = NULL;
+        EXPECT_SUCCESS(s2n_find_security_policy_from_version("PQ-TLS-1-0-2021-05-26", &security_policy));
+        EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy));
+        EXPECT_TRUE(s2n_pq_kem_is_extension_required(security_policy));
+        EXPECT_EQUAL(7, security_policy->kem_preferences->kem_count);
+        EXPECT_NOT_NULL(security_policy->kem_preferences->kems);
+        EXPECT_EQUAL(security_policy->kem_preferences->kems, pq_kems_r3r2r1_2021_05);
+        EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups);
+        EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3r2);
+        EXPECT_EQUAL(security_policy->signature_preferences, &s2n_signature_preferences_20200207);
 
         security_policy = NULL;
         EXPECT_SUCCESS(s2n_find_security_policy_from_version("20141001", &security_policy));

diff --git a/tests/unit/s2n_tls13_pq_handshake_test.c b/tests/unit/s2n_tls13_pq_handshake_test.c
@@ -348,6 +348,13 @@ int main() {
                     .expected_curve = NULL,
                     .hrr_expected = false,
             },
+            {
+                    .client_policy = &security_policy_pq_tls_1_0_2021_05_26,
+                    .server_policy = &security_policy_pq_tls_1_0_2021_05_26,
+                    .expected_kem_group = expected_kyber_r3_group,
+                    .expected_curve = NULL,
+                    .hrr_expected = false,
+            },
 
             /* Server supports all KEM groups; client sends a PQ key share and an EC key
              * share; server chooses to negotiate client's first choice PQ without HRR. */

diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c
@@ -1180,7 +1180,7 @@ const struct s2n_cipher_preferences cipher_preferences_pq_sike_test_tls_1_0_2020
     .suites = cipher_suites_pq_sike_test_tls_1_0_2019_11,
 };
 
-/* Includes Both Round 2 and Round 1 PQ Ciphers */
+/* Includes Kyber, BIKE, and SIKE PQ Ciphers */
 struct s2n_cipher_suite *cipher_suites_kms_pq_tls_1_0_2020_07[] = {
     &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
@@ -1324,7 +1324,7 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_19 = {
 /* Same as ELBSecurityPolicy-TLS-1-1-2017-01, but with TLS 1.3 and PQ Ciphers appended to top of preference list */
 struct s2n_cipher_suite *cipher_suites_pq_tls_1_1_2021_05_21[] = {
     /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */
-    S2N_TLS13_CIPHER_SUITES_20190801,
+    S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716,
     &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_sike_rsa_with_aes_256_gcm_sha384,
@@ -1356,7 +1356,7 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05_21 = {
 /* Same as cipher_preferences_20190214, but with TLS 1.3 and PQ Ciphers appended to top of preference list */
 struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_22[] = {
     /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */
-    S2N_TLS13_CIPHER_SUITES_20190801,
+    S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716,
     &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_sike_rsa_with_aes_256_gcm_sha384,
@@ -1395,7 +1395,7 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22 = {
 /* Same as ELBSecurityPolicy-2016-08, but with TLS 1.3 and PQ Ciphers appended to top of preference list */
 struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_23[] = {
     /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */
-    S2N_TLS13_CIPHER_SUITES_20190801,
+    S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716,
     &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_sike_rsa_with_aes_256_gcm_sha384,
@@ -1448,6 +1448,82 @@ const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24 = {
     .suites = cipher_suites_pq_tls_1_0_2021_05_24,
 };
 
+/* Same as 20190214_gcm, but with PQ Ciphers appended to top of preference list */
+struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_25[] = {
+    &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_sike_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_rsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha,
+    &s2n_ecdhe_rsa_with_aes_128_cbc_sha,
+    &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256,
+    &s2n_ecdhe_rsa_with_aes_128_cbc_sha256,
+    &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha,
+    &s2n_ecdhe_rsa_with_aes_256_cbc_sha,
+    &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384,
+    &s2n_ecdhe_rsa_with_aes_256_cbc_sha384,
+    &s2n_rsa_with_aes_128_gcm_sha256,
+    &s2n_rsa_with_aes_256_gcm_sha384,
+    &s2n_rsa_with_aes_128_cbc_sha,
+    &s2n_rsa_with_aes_128_cbc_sha256,
+    &s2n_rsa_with_aes_256_cbc_sha,
+    &s2n_rsa_with_aes_256_cbc_sha256,
+    &s2n_rsa_with_3des_ede_cbc_sha,
+    &s2n_dhe_rsa_with_aes_128_gcm_sha256,
+    &s2n_dhe_rsa_with_aes_256_gcm_sha384,
+    &s2n_dhe_rsa_with_aes_128_cbc_sha,
+    &s2n_dhe_rsa_with_aes_128_cbc_sha256,
+    &s2n_dhe_rsa_with_aes_256_cbc_sha,
+    &s2n_dhe_rsa_with_aes_256_cbc_sha256,
+};
+
+const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25 = {
+    .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_25),
+    .suites = cipher_suites_pq_tls_1_0_2021_05_25,
+};
+
+/* Same as 20190214_gcm, but with TLS 1.3 and PQ Ciphers appended to top of preference list */
+struct s2n_cipher_suite *cipher_suites_pq_tls_1_0_2021_05_26[] = {
+    /* TLS 1.3 Ciphers don't specify their Key exchange method, allowing for Hybrid PQ KEMs to be negotiated separately */
+    S2N_TLS13_CLOUDFRONT_CIPHER_SUITES_20200716,
+    &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_bike_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_sike_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_rsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_rsa_with_aes_256_gcm_sha384,
+    &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha,
+    &s2n_ecdhe_rsa_with_aes_128_cbc_sha,
+    &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256,
+    &s2n_ecdhe_rsa_with_aes_128_cbc_sha256,
+    &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha,
+    &s2n_ecdhe_rsa_with_aes_256_cbc_sha,
+    &s2n_ecdhe_ecdsa_with_aes_256_cbc_sha384,
+    &s2n_ecdhe_rsa_with_aes_256_cbc_sha384,
+    &s2n_rsa_with_aes_128_gcm_sha256,
+    &s2n_rsa_with_aes_256_gcm_sha384,
+    &s2n_rsa_with_aes_128_cbc_sha,
+    &s2n_rsa_with_aes_128_cbc_sha256,
+    &s2n_rsa_with_aes_256_cbc_sha,
+    &s2n_rsa_with_aes_256_cbc_sha256,
+    &s2n_rsa_with_3des_ede_cbc_sha,
+    &s2n_dhe_rsa_with_aes_128_gcm_sha256,
+    &s2n_dhe_rsa_with_aes_256_gcm_sha384,
+    &s2n_dhe_rsa_with_aes_128_cbc_sha,
+    &s2n_dhe_rsa_with_aes_128_cbc_sha256,
+    &s2n_dhe_rsa_with_aes_256_cbc_sha,
+    &s2n_dhe_rsa_with_aes_256_cbc_sha256,
+};
+
+const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26 = {
+    .count = s2n_array_len(cipher_suites_pq_tls_1_0_2021_05_26),
+    .suites = cipher_suites_pq_tls_1_0_2021_05_26,
+};
+
 struct s2n_cipher_suite *cipher_suites_kms_fips_tls_1_2_2018_10[] = {
     &s2n_ecdhe_rsa_with_aes_256_gcm_sha384,
     &s2n_ecdhe_rsa_with_aes_128_gcm_sha256,

diff --git a/tls/s2n_cipher_preferences.h b/tls/s2n_cipher_preferences.h
@@ -105,6 +105,8 @@ extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_1_2021_05
 extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_22;
 extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_23;
 extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_24;
+extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_25;
+extern const struct s2n_cipher_preferences cipher_preferences_pq_tls_1_0_2021_05_26;
 
 extern const struct s2n_cipher_preferences cipher_preferences_kms_fips_tls_1_2_2018_10;
 extern const struct s2n_cipher_preferences cipher_preferences_null;