mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/internal/mlkem768: add EncapsulationKey type

Browse Source 
Change-Id: I3feacb044caa15ac9bbfc11f5d90bebf8a505510
Reviewed-on: https://go-review.googlesource.com/c/go/+/621980
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
yuhan6665 2025-05-04 17:04:23 -04:00
parent e449f03f32
commit b6a28bda36
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
handshake_client.go
View File

@ -164,7 +164,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
if _, err := io.ReadFull(config.rand(), seed); err != nil { if _, err := io.ReadFull(config.rand(), seed); err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
keyShareKeys.kyber, err = mlkem768.NewKeyFromSeed(seed) keyShareKeys.kyber, err = mlkem768.NewDecapsulationKey(seed)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
@ -174,7 +174,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
// both, as allowed by draft-ietf-tls-hybrid-design-09, Section 3.2. // both, as allowed by draft-ietf-tls-hybrid-design-09, Section 3.2.
hello.keyShares = []keyShare{ hello.keyShares = []keyShare{
{group: x25519Kyber768Draft00, data: append(keyShareKeys.ecdhe.PublicKey().Bytes(), {group: x25519Kyber768Draft00, data: append(keyShareKeys.ecdhe.PublicKey().Bytes(),
keyShareKeys.kyber.EncapsulationKey()...)}, keyShareKeys.kyber.EncapsulationKey().Bytes()...)},
{group: X25519, data: keyShareKeys.ecdhe.PublicKey().Bytes()}, {group: X25519, data: keyShareKeys.ecdhe.PublicKey().Bytes()},
} }
} else { } else {

9
key_schedule.go
View File

@ -64,19 +64,20 @@ func kyberDecapsulate(dk *mlkem768.DecapsulationKey, c []byte) ([]byte, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
return kyberSharedSecret(K, c), nil return kyberSharedSecret(c, K), nil
} }
// kyberEncapsulate implements encapsulation according to Kyber Round 3. // kyberEncapsulate implements encapsulation according to Kyber Round 3.
func kyberEncapsulate(ek []byte) (c, ss []byte, err error) { func kyberEncapsulate(ek []byte) (c, ss []byte, err error) {
c, ss, err = mlkem768.Encapsulate(ek) k, err := mlkem768.NewEncapsulationKey(ek)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
return c, kyberSharedSecret(ss, c), nil c, ss = k.Encapsulate()
return c, kyberSharedSecret(c, ss), nil
} }
func kyberSharedSecret(K, c []byte) []byte { func kyberSharedSecret(c, K []byte) []byte {
// Package mlkem768 implements ML-KEM, which compared to Kyber removed a // Package mlkem768 implements ML-KEM, which compared to Kyber removed a
// final hashing step. Compute SHAKE-256(K || SHA3-256(c), 32) to match Kyber. // final hashing step. Compute SHAKE-256(K || SHA3-256(c), 32) to match Kyber.
// See https://words.filippo.io/mlkem768/#bonus-track-using-a-ml-kem-implementation-as-kyber-v3. // See https://words.filippo.io/mlkem768/#bonus-track-using-a-ml-kem-implementation-as-kyber-v3.