It looks like seeds will be the official private key format for ML-DSA
and ML-KEM. Thus parsing the weird private key format will only be
needed for processing NIST's test vectors.
Change-Id: Id6273214ba98b73aaf96640ec25ea289801b9bd7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73848
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Following the guidance in
https://opensource.google/documentation/reference/releasing/authors,
start maintaining an AUTHORS file.
Update all existing Google copyright lines to 'The BoringSSL Authors'
per the document. This CL also changes the styling to match the new
guidance: removed the '(c)' and the comma.
All other existing copyright lines are left unmodified. Going forward,
our preference will be that new contributions to BoringSSL use 'The
BoringSSL Authors', optionally adding to the AUTHORS file if the
contributor desires.
To avoid being presumptuous, this CL does *not* proactively list every
past contributor in the BoringSSL half of the AUTHORS file. Past
contributors are welcome to send us a patch to be added, or request that
we add you. (Listed or not, the commit log continues to be a more
accurate record, and any existing non-Google copyright lines were left
unmodified.)
The OpenSSL half of the AUTHORS file is seeded with the contents of the
current OpenSSL AUTHORS file, as of writing. The current contents in the
latest revision of the 1.1.1 branch
(b372b1f76450acdfed1e2301a39810146e28b02c) and master
(d992e8729ee38b082482dc010e090bb20d1c7bd5) are identical, just formatted
in text vs Markdown.
Note when reviewing: CONTRIBUTING.md and AUTHORS contain non-mechanical
changes.
Bug: 364634028
Change-Id: I319d0ee63ec021ad85e248e8e3304b9cf9566681
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74149
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This appears to perhaps have been a pasto and is confusing
to consumers of this API.
You share the same size secret with any mlkem
Change-Id: I6ddfa21b4f8d293f990064a2a54cda9ba6119d5a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70527
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
This change implements FIPS 203.
This marks the first use of C++ in libcrypto. If you can't compile C++
in this context, please reach out to boringssl@ and filter out the .cc
files for now.
This also makes marshaling a private key an internal function and,
instead, exposes the seed from the generation process and a function to
calculate a private key from a seed. Seeds are significantly smaller
than NIST's format for private keys and don't require validation.
On an M1 Pro:
Did 22320 Kyber generate + decap operations in 1001900us (22277.7 ops/sec)
Did 39000 Kyber parse + encap operations in 1005523us (38785.8 ops/sec)
Did 22608 ML-KEM-768 generate + decap operations in 1010509us (22372.9 ops/sec)
Did 44000 ML-KEM-768 parse + encap operations in 1013729us (43404.1 ops/sec)
Did 15410 ML-KEM-1024 generate + decap operations in 1011500us (15234.8 ops/sec)
Did 29000 ML-KEM-1024 parse + encap operations in 1003919us (28886.8 ops/sec)
Change-Id: Ib563bd4d45228237b55cedbe7d7fdf0f0221a3cc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69928
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Adam Langley
David Benjamin
Bob Beck