Add support for X25519MLKEM768. (#179)

cloudflare · Sep 6, 2024 · af19da5 · af19da5
1 parent f4334cd
commit af19da5
Show file tree

Hide file tree

Showing 60 changed files with 2,492 additions and 66 deletions.
diff --git a/src/crypto/tls/cfkem.go b/src/crypto/tls/cfkem.go
@@ -42,6 +42,7 @@ var (
 	X25519Kyber768Draft00    = CurveID(0x6399)
 	X25519Kyber768Draft00Old = CurveID(0xfe31)
 	P256Kyber768Draft00      = CurveID(0xfe32)
+	X25519MLKEM768           = CurveID(0x11ec)
 	invalidCurveID           = CurveID(0)
 
 	// A key agreeement similar in size but purposefully incompatible with
@@ -64,6 +65,8 @@ func curveIdToCirclScheme(id CurveID) kem.Scheme {
 		return hybrid.Kyber768X25519()
 	case P256Kyber768Draft00:
 		return hybrid.P256Kyber768Draft00()
+	case X25519MLKEM768:
+		return hybrid.X25519MLKEM768()
 	case DummyKex:
 		return hpke.KEM_X25519_HKDF_SHA256.Scheme()
 	}

diff --git a/src/crypto/tls/cfkem_test.go b/src/crypto/tls/cfkem_test.go
@@ -95,6 +95,7 @@ func TestHybridKEX(t *testing.T) {
 		X25519Kyber768Draft00,
 		X25519Kyber768Draft00Old,
 		P256Kyber768Draft00,
+		X25519MLKEM768,
 		DummyKex,
 	} {
 		run(curveID, true, true, false, false)

diff --git a/src/go.mod b/src/go.mod
@@ -3,7 +3,7 @@ module std
 go 1.22
 
 require (
-	github.com/cloudflare/circl v1.3.8-0.20240208083452-454cfdc0f6c7
+	github.com/cloudflare/circl v1.4.1-0.20240905130006-2d6cd9871f69
 	golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb
 	golang.org/x/net v0.19.1-0.20240412193750-db050b07227e
 )

diff --git a/src/go.sum b/src/go.sum
@@ -1,5 +1,5 @@
-github.com/cloudflare/circl v1.3.8-0.20240208083452-454cfdc0f6c7 h1:nRedc5Iqg+cBRSKkA3c7+IUFgK9qdw87kz/McP3HnLs=
-github.com/cloudflare/circl v1.3.8-0.20240208083452-454cfdc0f6c7/go.mod h1:uAwUTm6m3uQF5fuJKR6LvFqgxn2wyID+kF6KJAUcZl8=
+github.com/cloudflare/circl v1.4.1-0.20240905130006-2d6cd9871f69 h1:AYiEIB+pGooAgRNMQtk3dCcp+D2x0UioEaKELFIxkx4=
+github.com/cloudflare/circl v1.4.1-0.20240905130006-2d6cd9871f69/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
 golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb h1:1ceSY7sk6sJuiDREHpfyrqDnDljsLfEP2GuTClhBBfI=
 golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/net v0.19.1-0.20240412193750-db050b07227e h1:oDnvqaqHo3ho8OChMtkQbQAyp9eqnm3J7JRtt0+Cabc=

diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
@@ -455,6 +455,9 @@ var depsRules = `
 	crypto/boring, crypto/internal/edwards25519/field
 	< crypto/ecdh;
 
+	# Unfortunately, stuck with reflect via encoding/binary.
+	encoding/binary, crypto/boring < golang.org/x/crypto/sha3;
+
 	crypto/aes,
 	crypto/des,
 	crypto/ecdh,
@@ -464,7 +467,8 @@ var depsRules = `
 	crypto/rc4,
 	crypto/sha1,
 	crypto/sha256,
-	crypto/sha512
+	crypto/sha512,
+	golang.org/x/crypto/sha3
 	< CRYPTO;
 
 	CGO, fmt, net !< CRYPTO;

diff --git a/src/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s b/src/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
diff --git a/src/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s b/src/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/arith.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/arith.go
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_amd64.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_amd64.go
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_amd64.s b/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_amd64.s
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_arm64.s b/src/vendor/github.com/cloudflare/circl/ecc/p384/arith_arm64.s
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/p384_generic.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/p384_generic.go
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/p384opt.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/p384opt.go
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/point.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/point.go
diff --git a/src/vendor/github.com/cloudflare/circl/ecc/p384/tableBase.go b/src/vendor/github.com/cloudflare/circl/ecc/p384/tableBase.go
diff --git a/src/vendor/github.com/cloudflare/circl/kem/hybrid/hybrid.go b/src/vendor/github.com/cloudflare/circl/kem/hybrid/hybrid.go
diff --git a/src/vendor/github.com/cloudflare/circl/kem/kem.go b/src/vendor/github.com/cloudflare/circl/kem/kem.go
diff --git a/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber1024/kyber.go b/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber1024/kyber.go
diff --git a/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber512/kyber.go b/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber512/kyber.go
diff --git a/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber768/kyber.go b/src/vendor/github.com/cloudflare/circl/kem/kyber/kyber768/kyber.go