mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/internal/mlkem768: move to crypto/internal/fips/mlkem
In the process, replace out-of-module imports with their FIPS versions. For #69536 Change-Id: I83e900b7c38ecf760382e5dca7fd0b1eaa5a5589 Reviewed-on: https://go-review.googlesource.com/c/go/+/626879 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Michael Knyszek <mknyszek@google.com>
This commit is contained in:
Filippo Valsorda
Gopher Robot
parent
d1f74ada56
commit
0eeabaa9d7
5 changed files with 18 additions and 18 deletions
|
|
@ -7,13 +7,12 @@ package tls
|
|||
import (
|
||||
"crypto/ecdh"
|
||||
"crypto/hmac"
|
||||
"crypto/internal/fips/mlkem"
|
||||
"crypto/internal/fips/sha3"
|
||||
"crypto/internal/fips/tls13"
|
||||
"crypto/internal/mlkem768"
|
||||
"errors"
|
||||
"hash"
|
||||
"io"
|
||||
|
||||
"golang.org/x/crypto/sha3"
|
||||
)
|
||||
|
||||
// This file contains the functions necessary to compute the TLS 1.3 key
|
||||
|
|
@ -54,11 +53,11 @@ func (c *cipherSuiteTLS13) exportKeyingMaterial(s *tls13.MasterSecret, transcrip
|
|||
type keySharePrivateKeys struct {
|
||||
curveID CurveID
|
||||
ecdhe *ecdh.PrivateKey
|
||||
kyber *mlkem768.DecapsulationKey768
|
||||
kyber *mlkem.DecapsulationKey768
|
||||
}
|
||||
|
||||
// kyberDecapsulate implements decapsulation according to Kyber Round 3.
|
||||
func kyberDecapsulate(dk *mlkem768.DecapsulationKey768, c []byte) ([]byte, error) {
|
||||
func kyberDecapsulate(dk *mlkem.DecapsulationKey768, c []byte) ([]byte, error) {
|
||||
K, err := dk.Decapsulate(c)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -68,7 +67,7 @@ func kyberDecapsulate(dk *mlkem768.DecapsulationKey768, c []byte) ([]byte, error
|
|||
|
||||
// kyberEncapsulate implements encapsulation according to Kyber Round 3.
|
||||
func kyberEncapsulate(ek []byte) (c, ss []byte, err error) {
|
||||
k, err := mlkem768.NewEncapsulationKey768(ek)
|
||||
k, err := mlkem.NewEncapsulationKey768(ek)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
|
@ -77,13 +76,14 @@ func kyberEncapsulate(ek []byte) (c, ss []byte, err error) {
|
|||
}
|
||||
|
||||
func kyberSharedSecret(c, K []byte) []byte {
|
||||
// Package mlkem768 implements ML-KEM, which compared to Kyber removed a
|
||||
// Package mlkem implements ML-KEM, which compared to Kyber removed a
|
||||
// final hashing step. Compute SHAKE-256(K || SHA3-256(c), 32) to match Kyber.
|
||||
// See https://words.filippo.io/mlkem768/#bonus-track-using-a-ml-kem-implementation-as-kyber-v3.
|
||||
h := sha3.NewShake256()
|
||||
h.Write(K)
|
||||
ch := sha3.Sum256(c)
|
||||
h.Write(ch[:])
|
||||
ch := sha3.New256()
|
||||
ch.Write(c)
|
||||
h.Write(ch.Sum(nil))
|
||||
out := make([]byte, 32)
|
||||
h.Read(out)
|
||||
return out
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue