Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
140afbe
Include experimental primitives
fpseverino Apr 22, 2024
3b41fd7
Test implementation of SPHINCS+
fpseverino Apr 22, 2024
5f3d032
Update SPX implementation with more features and tests
fpseverino Apr 22, 2024
52d7f6c
Add publicKey computed from privateKey and SPX.Signature
fpseverino Apr 23, 2024
a416c1e
Make the SPX message conform to Digest or DataProtocol
fpseverino Apr 24, 2024
77a7f84
Add seed init for PublicKey
fpseverino May 5, 2024
365eda1
Add ASN1 support to SPX
fpseverino May 14, 2024
7925200
Set development flag to false
fpseverino May 15, 2024
3c44463
Added SPX test vectors
fpseverino May 21, 2024
aa0b274
Merge pull request #1 from apple/main
fpseverino May 21, 2024
1c25a05
Fix testing
fpseverino May 25, 2024
c530f73
Add constants for keys, seed and signature size
fpseverino Jun 14, 2024
ed0dac7
Merge pull request #3 from apple/main
fpseverino Aug 27, 2024
98f7db1
Merge pull request #5 from apple/main
fpseverino Oct 7, 2024
dca0e4e
Initial commit
fpseverino Oct 7, 2024
57c0ec8
Add some DocC
fpseverino Oct 8, 2024
8ef5ee5
Fix tests
fpseverino Oct 8, 2024
0369513
Remove unused test vectors
fpseverino Oct 8, 2024
643d07c
Add `Backing`
fpseverino Oct 8, 2024
25199fc
Properly encode and decode ASN1
fpseverino Oct 15, 2024
385bba7
Add more asserts to tests
fpseverino Oct 15, 2024
dd451f9
Add DocC
fpseverino Oct 16, 2024
af0edd9
Various improvements
fpseverino Oct 20, 2024
39b0b23
Remove ASN.1
fpseverino Oct 21, 2024
9f394a0
Fix documentation to clarify key size error messages and adjust raw r…
fpseverino Nov 16, 2024
2f05d99
Merge branch 'main' into slh-dsa
fpseverino Nov 20, 2024
dee8cae
Update CMake lists and license headers
fpseverino Nov 20, 2024
da39d26
Merge branch 'main' into slh-dsa
fpseverino Nov 22, 2024
571fd4b
Merge branch 'main' into slh-dsa
fpseverino Nov 27, 2024
a975178
Refactor `bytesCount`
fpseverino Nov 27, 2024
2e217ac
Try to remove unmodified file from git
fpseverino Nov 27, 2024
4a3718d
Merge branch 'main' into slh-dsa
fpseverino Nov 30, 2024
b6a93d6
Swift Format
fpseverino Nov 30, 2024
bf40b76
Add proper namespace for SHA2_128s parameter set
fpseverino Dec 12, 2024
7e89717
Swift Format
fpseverino Dec 12, 2024
e9d5a61
Merge branch 'main' into slh-dsa
fpseverino Dec 12, 2024
b6cfd8c
Merge branch 'main' into slh-dsa
fpseverino Dec 14, 2024
06d74f2
Merge branch 'main' into slh-dsa
fpseverino Dec 16, 2024
9f6d5b6
Merge branch 'main' into slh-dsa
fpseverino Dec 22, 2024
5750f5a
Add more testing
fpseverino Dec 22, 2024
a2fd7f7
Remove `Signature` struct
fpseverino Jan 3, 2025
5e4e825
Merge branch 'main' into slh-dsa
fpseverino Apr 3, 2025
e649513
Merge branch 'main' into slh-dsa
fpseverino Apr 30, 2025
599ae88
Add `@available` decorators and use `withUnsafeBytes` for context
fpseverino Apr 30, 2025
ae02c71
Split `signature` and `isValidSignature` methods
fpseverino Apr 30, 2025
92eac82
Add SLH-DSA and ML-KEM to DocC landing page
fpseverino Apr 30, 2025
e57e550
Merge branch 'main' into slh-dsa
fpseverino May 16, 2025
7503dff
Remove ML-KEM from DocC
fpseverino Jun 4, 2025
96347a7
Merge branch 'main' into slh-dsa
fpseverino Jun 10, 2025
c5390c8
Merge branch 'main' into slh-dsa
fpseverino Jun 23, 2025
75742e9
Merge branch 'main' into slh-dsa
fpseverino Jul 25, 2025
a833fc9
Merge branch 'main' into slh-dsa
fpseverino Aug 7, 2025
851571e
Merge branch 'main' into slh-dsa
fpseverino Aug 18, 2025
24a9387
Merge branch 'main' into slh-dsa
fpseverino Sep 7, 2025
2a9bba3
Merge branch 'main' into slh-dsa
fpseverino Sep 9, 2025
a9da481
Use `UnsafeMutableBufferPointer`
fpseverino Sep 12, 2025
6907a6c
Merge branch 'main' into slh-dsa
fpseverino Sep 15, 2025
2923f12
Formatting
fpseverino Sep 15, 2025
cf81d30
Move `withUnsafeBytes` to CryptoBoringWrapper
fpseverino Sep 16, 2025
5551690
Merge branch 'main' into slh-dsa
fpseverino Sep 17, 2025
bd2e0e6
Merge remote-tracking branch 'origin/main' into slh-dsa
fpseverino Sep 29, 2025
5a20cd8
Remove old `Optional+withUnsafeBytes`
fpseverino Oct 8, 2025
6f18dcd
Merge branch 'main' into slh-dsa
fpseverino Oct 8, 2025
49e6e44
Update CMakeLists
fpseverino Oct 23, 2025
11f5705
Merge branch 'main' into slh-dsa
fpseverino Oct 23, 2025
e129e79
Merge branch 'main' into slh-dsa
fpseverino Oct 23, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Sources/CCryptoBoringSSL/include/CCryptoBoringSSL.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
#include "CCryptoBoringSSL_safestack.h"
#include "CCryptoBoringSSL_sha.h"
#include "CCryptoBoringSSL_siphash.h"
#include "CCryptoBoringSSL_slhdsa.h"
#include "CCryptoBoringSSL_trust_token.h"
#include "CCryptoBoringSSL_x509v3.h"
#include "CCryptoBoringSSL_xwing.h"
Expand Down
1 change: 0 additions & 1 deletion Sources/Crypto/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ add_library(Crypto
"Signatures/MLDSA.swift"
"Signatures/Signature.swift"
"Util/BoringSSL/CryptoKitErrors_boring.swift"
"Util/BoringSSL/Optional+withUnsafeBytes_boring.swift"
"Util/BoringSSL/RNG_boring.swift"
"Util/BoringSSL/SafeCompare_boring.swift"
"Util/BoringSSL/Zeroization_boring.swift"
Expand Down
1 change: 1 addition & 0 deletions Sources/CryptoBoringWrapper/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ add_library(CryptoBoringWrapper STATIC
"EC/EllipticCurvePoint.swift"
"Util/ArbitraryPrecisionInteger.swift"
"Util/FiniteFieldArithmeticContext.swift"
"Util/Optional+withUnsafeBytes.swift"
"Util/RandomBytes.swift"
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ import Foundation
#endif

extension Optional where Wrapped: DataProtocol {
func withUnsafeBytes<ReturnValue>(_ body: (UnsafeRawBufferPointer) throws -> ReturnValue) rethrows -> ReturnValue {
package func withUnsafeBytes<ReturnValue>(
_ body: (UnsafeRawBufferPointer) throws -> ReturnValue
) rethrows -> ReturnValue {
if let self {
let bytes: ContiguousBytes = self.regions.count == 1 ? self.regions.first! : Array(self)
return try bytes.withUnsafeBytes { try body($0) }
Expand Down
1 change: 1 addition & 0 deletions Sources/CryptoExtras/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ add_library(CryptoExtras
"RSA/RSA.swift"
"RSA/RSA_boring.swift"
"Reexport.swift"
"SLHDSA/SLHDSA_boring.swift"
"Util/BoringSSLHelpers.swift"
"Util/CryptoKitErrors_boring.swift"
"Util/Data+Extensions.swift"
Expand Down
1 change: 1 addition & 0 deletions Sources/CryptoExtras/Docs.docc/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Provides additional cryptographic APIs that are not available in CryptoKit (and
### Public key cryptography

- ``_RSA``
- ``SLHDSA``

### Key derivation functions

Expand Down
314 changes: 314 additions & 0 deletions Sources/CryptoExtras/SLHDSA/SLHDSA_boring.swift
Original file line number Diff line number Diff line change
@@ -0,0 +1,314 @@
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCrypto open source project
//
// Copyright (c) 2024 Apple Inc. and the SwiftCrypto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftCrypto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

@_implementationOnly import CCryptoBoringSSL
import Crypto
import CryptoBoringWrapper

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif

/// A stateless hash-based digital signature algorithm that provides security against quantum computing attacks.
@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
public enum SLHDSA {}

@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
extension SLHDSA {
/// The SLH-DSA-SHA2-128s parameter set.
public enum SHA2_128s {}
}

@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
extension SLHDSA.SHA2_128s {
/// A SLH-DSA-SHA2-128s private key.
public struct PrivateKey: @unchecked Sendable {
private var backing: Backing

/// Initialize a SLH-DSA-SHA2-128s private key from a random seed.
public init() {
self.backing = Backing()
}

/// Initialize a SLH-DSA-SHA2-128s private key from a raw representation.
///
/// - Parameter rawRepresentation: The private key bytes.
///
/// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
public init(rawRepresentation: some DataProtocol) throws {
self.backing = try Backing(rawRepresentation: rawRepresentation)
}

/// The raw representation of the private key.
public var rawRepresentation: Data {
self.backing.rawRepresentation
}

/// The public key associated with this private key.
public var publicKey: PublicKey {
self.backing.publicKey
}

/// Generate a signature for the given data.
///
/// - Parameter data: The message to sign.
///
/// - Returns: The signature of the message.
public func signature<D: DataProtocol>(for data: D) throws -> Data {
let context: Data? = nil
return try self.backing.signature(for: data, context: context)
}

/// Generate a signature for the given data.
///
/// - Parameters:
/// - data: The message to sign.
/// - context: The context to use for the signature.
///
/// - Returns: The signature of the message.
public func signature<D: DataProtocol, C: DataProtocol>(for data: D, context: C) throws -> Data {
try self.backing.signature(for: data, context: context)
}

fileprivate final class Backing {
private let pointer: UnsafeMutableBufferPointer<UInt8>

func withUnsafePointer<T>(_ body: (UnsafePointer<UInt8>) throws -> T) rethrows -> T {
try body(self.pointer.baseAddress!)
}

/// Initialize a SLH-DSA-SHA2-128s private key from a random seed.
init() {
self.pointer = UnsafeMutableBufferPointer<UInt8>.allocate(
capacity: SLHDSA.SHA2_128s.PrivateKey.Backing.byteCount
)

withUnsafeTemporaryAllocation(
of: UInt8.self,
capacity: SLHDSA.SHA2_128s.PublicKey.Backing.byteCount
) { publicKeyPtr in
CCryptoBoringSSL_SLHDSA_SHA2_128S_generate_key(publicKeyPtr.baseAddress, self.pointer.baseAddress)
}
}

/// Initialize a SLH-DSA-SHA2-128s private key from a raw representation.
///
/// - Parameter rawRepresentation: The private key bytes.
///
/// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
init(rawRepresentation: some DataProtocol) throws {
guard rawRepresentation.count == SLHDSA.SHA2_128s.PrivateKey.Backing.byteCount else {
throw CryptoKitError.incorrectKeySize
}

self.pointer = UnsafeMutableBufferPointer<UInt8>.allocate(
capacity: SLHDSA.SHA2_128s.PrivateKey.Backing.byteCount
)
_ = self.pointer.initialize(fromContentsOf: rawRepresentation)
}

/// The raw representation of the private key.
var rawRepresentation: Data {
Data(
UnsafeBufferPointer(
start: self.pointer.baseAddress,
count: SLHDSA.SHA2_128s.PrivateKey.Backing.byteCount
)
)
}

/// The public key associated with this private key.
var publicKey: PublicKey {
PublicKey(privateKeyBacking: self)
}

/// Generate a signature for the given data.
///
/// - Parameters:
/// - data: The message to sign.
/// - context: The context to use for the signature.
///
/// - Returns: The signature of the message.
func signature<D: DataProtocol, C: DataProtocol>(for data: D, context: C?) throws -> Data {
var signature = Data(repeating: 0, count: SLHDSA.SHA2_128s.signatureByteCount)

let rc: CInt = signature.withUnsafeMutableBytes { signaturePtr in
let bytes: ContiguousBytes = data.regions.count == 1 ? data.regions.first! : Array(data)
return bytes.withUnsafeBytes { dataPtr in
context.withUnsafeBytes { contextPtr in
CCryptoBoringSSL_SLHDSA_SHA2_128S_sign(
signaturePtr.baseAddress,
self.pointer.baseAddress,
dataPtr.baseAddress,
dataPtr.count,
contextPtr.baseAddress,
contextPtr.count
)
}
}
}

guard rc == 1 else {
throw CryptoKitError.internalBoringSSLError()
}

return signature
}

/// The size of the private key in bytes.
static let byteCount = 64
}
}
}

@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
extension SLHDSA.SHA2_128s {
/// A SLH-DSA-SHA2-128s public key.
public struct PublicKey: @unchecked Sendable {
private var backing: Backing

fileprivate init(privateKeyBacking: PrivateKey.Backing) {
self.backing = Backing(privateKeyBacking: privateKeyBacking)
}

/// Initialize a SLH-DSA-SHA2-128s public key from a raw representation.
///
/// - Parameter rawRepresentation: The public key bytes.
///
/// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
public init(rawRepresentation: some DataProtocol) throws {
self.backing = try Backing(rawRepresentation: rawRepresentation)
}

/// The raw representation of the public key.
public var rawRepresentation: Data {
self.backing.rawRepresentation
}

/// Verify a signature for the given data.
///
/// - Parameters:
/// - signature: The signature to verify.
/// - data: The message to verify the signature against.
///
/// - Returns: `true` if the signature is valid, `false` otherwise.
public func isValidSignature<S: DataProtocol, D: DataProtocol>(
_ signature: S,
for data: D
) -> Bool {
let context: Data? = nil
return self.backing.isValidSignature(signature, for: data, context: context)
}

/// Verify a signature for the given data.
///
/// - Parameters:
/// - signature: The signature to verify.
/// - data: The message to verify the signature against.
/// - context: The context to use for the signature verification.
///
/// - Returns: `true` if the signature is valid, `false` otherwise.
public func isValidSignature<S: DataProtocol, D: DataProtocol, C: DataProtocol>(
_ signature: S,
for data: D,
context: C
) -> Bool {
self.backing.isValidSignature(signature, for: data, context: context)
}

fileprivate final class Backing {
private let pointer: UnsafeMutableBufferPointer<UInt8>

init(privateKeyBacking: PrivateKey.Backing) {
self.pointer = UnsafeMutableBufferPointer<UInt8>.allocate(
capacity: SLHDSA.SHA2_128s.PublicKey.Backing.byteCount
)
privateKeyBacking.withUnsafePointer { privateKeyPtr in
CCryptoBoringSSL_SLHDSA_SHA2_128S_public_from_private(self.pointer.baseAddress, privateKeyPtr)
}
}

/// Initialize a SLH-DSA-SHA2-128s public key from a raw representation.
///
/// - Parameter rawRepresentation: The public key bytes.
///
/// - Throws: `CryptoKitError.incorrectKeySize` if the raw representation is not the correct size.
init(rawRepresentation: some DataProtocol) throws {
guard rawRepresentation.count == SLHDSA.SHA2_128s.PublicKey.Backing.byteCount else {
throw CryptoKitError.incorrectKeySize
}

self.pointer = UnsafeMutableBufferPointer<UInt8>.allocate(
capacity: SLHDSA.SHA2_128s.PublicKey.Backing.byteCount
)
_ = self.pointer.initialize(fromContentsOf: rawRepresentation)
}

/// The raw representation of the public key.
var rawRepresentation: Data {
Data(
UnsafeBufferPointer(
start: self.pointer.baseAddress,
count: SLHDSA.SHA2_128s.PublicKey.Backing.byteCount
)
)
}

/// Verify a signature for the given data.
///
/// - Parameters:
/// - signature: The signature to verify.
/// - data: The message to verify the signature against.
/// - context: The context to use for the signature verification.
///
/// - Returns: `true` if the signature is valid, `false` otherwise.
func isValidSignature<S: DataProtocol, D: DataProtocol, C: DataProtocol>(
_ signature: S,
for data: D,
context: C?
) -> Bool {
let signatureBytes: ContiguousBytes =
signature.regions.count == 1 ? signature.regions.first! : Array(signature)
return signatureBytes.withUnsafeBytes { signaturePtr in
let dataBytes: ContiguousBytes = data.regions.count == 1 ? data.regions.first! : Array(data)
let rc: CInt = dataBytes.withUnsafeBytes { dataPtr in
context.withUnsafeBytes { contextPtr in
CCryptoBoringSSL_SLHDSA_SHA2_128S_verify(
signaturePtr.baseAddress,
signaturePtr.count,
self.pointer.baseAddress,
dataPtr.baseAddress,
dataPtr.count,
contextPtr.baseAddress,
contextPtr.count
)
}
}
return rc == 1
}
}

/// The size of the public key in bytes.
static let byteCount = 32
}
}
}

@available(macOS 10.15, iOS 13, watchOS 6, tvOS 13, macCatalyst 13, visionOS 1.0, *)
extension SLHDSA.SHA2_128s {
/// The size of the signature in bytes.
private static let signatureByteCount = 7856
}
Loading