Revert "runner: Switch back to filippo.io/mlkem768 for now"
This reverts commit 8c6b0c04f19f5a6a13af3e29a6a4bb6784cb2bd7. The copy
of Go has since been updated.
Change-Id: I1da2a640b6dc6197f6767faa5085127efb9eb489
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/76407
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/go.mod b/go.mod
index b308b1e..811bf7d 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,6 @@
require (
filippo.io/edwards25519 v1.1.0
- filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039
golang.org/x/crypto v0.31.0
golang.org/x/net v0.27.0
)
diff --git a/go.sum b/go.sum
index 5683f99..3b0bcfc 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,5 @@
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039 h1:I/alPPIVzEkPeQKVU7Sl5gv/sQ0IC4zgqHiACrSgUW8=
-filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039/go.mod h1:IkpYfciLz5fI/S4/Z0NlhR4cpv6ubCMDnIwAe0XiojA=
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 7732867..a65e771 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -10,6 +10,7 @@
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
+ "crypto/mlkem"
"crypto/rsa"
"crypto/x509"
"errors"
@@ -19,7 +20,6 @@
"slices"
"boringssl.googlesource.com/boringssl.git/ssl/test/runner/kyber"
- "filippo.io/mlkem768"
)
type keyType int
@@ -439,26 +439,24 @@
}
// mlkem768KEM implements ML-KEM-768
-//
-// TODO(davidben): Switch this to crypto/mlkem from the standard library.
type mlkem768KEM struct {
- decapKey *mlkem768.DecapsulationKey
+ decapKey *mlkem.DecapsulationKey768
}
func (e *mlkem768KEM) encapsulationKeySize() int {
- return mlkem768.EncapsulationKeySize
+ return mlkem.EncapsulationKeySize768
}
func (e *mlkem768KEM) ciphertextSize() int {
- return mlkem768.CiphertextSize
+ return mlkem.CiphertextSize768
}
func (m *mlkem768KEM) generate(config *Config) (publicKey []byte, err error) {
- m.decapKey, err = mlkem768.GenerateKey()
+ m.decapKey, err = mlkem.GenerateKey768()
if err != nil {
return
}
- publicKey = m.decapKey.EncapsulationKey()
+ publicKey = m.decapKey.EncapsulationKey().Bytes()
if config.Bugs.MLKEMEncapKeyNotReduced {
// Set the first 12 bits so that the first word is definitely
// not reduced.
@@ -469,11 +467,16 @@
}
func (m *mlkem768KEM) encap(config *Config, peerKey []byte) (ciphertext []byte, secret []byte, err error) {
- return mlkem768.Encapsulate(peerKey)
+ key, err := mlkem.NewEncapsulationKey768(peerKey)
+ if err != nil {
+ return nil, nil, err
+ }
+ secret, ciphertext = key.Encapsulate()
+ return
}
func (m *mlkem768KEM) decap(config *Config, ciphertext []byte) (secret []byte, err error) {
- return mlkem768.Decapsulate(m.decapKey, ciphertext)
+ return m.decapKey.Decapsulate(ciphertext)
}
// concatKEM concatenates two kemImplementations.
