runner: Switch back to filippo.io/mlkem768 for now
One of our environments is using a slightly older development snapshot
leading to Go 1.24, which seems to be slightly incompatible with the
final crypto/mlkem API. Until that gets updated, revert back to the
external module.
Change-Id: I5715a6800219dc0a42bca1022fdc992a8bcbdfa3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/76327
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/go.mod b/go.mod
index 811bf7d..b308b1e 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@
require (
filippo.io/edwards25519 v1.1.0
+ filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039
golang.org/x/crypto v0.31.0
golang.org/x/net v0.27.0
)
diff --git a/go.sum b/go.sum
index 3b0bcfc..5683f99 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039 h1:I/alPPIVzEkPeQKVU7Sl5gv/sQ0IC4zgqHiACrSgUW8=
+filippo.io/mlkem768 v0.0.0-20241021091500-d85de16e2039/go.mod h1:IkpYfciLz5fI/S4/Z0NlhR4cpv6ubCMDnIwAe0XiojA=
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index a65e771..7732867 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -10,7 +10,6 @@
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
- "crypto/mlkem"
"crypto/rsa"
"crypto/x509"
"errors"
@@ -20,6 +19,7 @@
"slices"
"boringssl.googlesource.com/boringssl.git/ssl/test/runner/kyber"
+ "filippo.io/mlkem768"
)
type keyType int
@@ -439,24 +439,26 @@
}
// mlkem768KEM implements ML-KEM-768
+//
+// TODO(davidben): Switch this to crypto/mlkem from the standard library.
type mlkem768KEM struct {
- decapKey *mlkem.DecapsulationKey768
+ decapKey *mlkem768.DecapsulationKey
}
func (e *mlkem768KEM) encapsulationKeySize() int {
- return mlkem.EncapsulationKeySize768
+ return mlkem768.EncapsulationKeySize
}
func (e *mlkem768KEM) ciphertextSize() int {
- return mlkem.CiphertextSize768
+ return mlkem768.CiphertextSize
}
func (m *mlkem768KEM) generate(config *Config) (publicKey []byte, err error) {
- m.decapKey, err = mlkem.GenerateKey768()
+ m.decapKey, err = mlkem768.GenerateKey()
if err != nil {
return
}
- publicKey = m.decapKey.EncapsulationKey().Bytes()
+ publicKey = m.decapKey.EncapsulationKey()
if config.Bugs.MLKEMEncapKeyNotReduced {
// Set the first 12 bits so that the first word is definitely
// not reduced.
@@ -467,16 +469,11 @@
}
func (m *mlkem768KEM) encap(config *Config, peerKey []byte) (ciphertext []byte, secret []byte, err error) {
- key, err := mlkem.NewEncapsulationKey768(peerKey)
- if err != nil {
- return nil, nil, err
- }
- secret, ciphertext = key.Encapsulate()
- return
+ return mlkem768.Encapsulate(peerKey)
}
func (m *mlkem768KEM) decap(config *Config, ciphertext []byte) (secret []byte, err error) {
- return m.decapKey.Decapsulate(ciphertext)
+ return mlkem768.Decapsulate(m.decapKey, ciphertext)
}
// concatKEM concatenates two kemImplementations.
