Add "external mu" variant of ML-DSA (65 and 87) in CryptoExtras

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,7 +9,7 @@ _[One line description of your change]_
 - [ ] I've updated the documentation if necessary
 
 #### If you've made changes to `gyb` files
-- [ ] I've run `.script/generate_boilerplate_files_with_gyb` and included updated generated files in a commit of this pull request
+- [ ] I've run `./scripts/generate_boilerplate_files_with_gyb.sh` and included updated generated files in a commit of this pull request
 
 ### Motivation:
 
@@ -21,4 +21,4 @@ _[Describe the modifications you've done.]_
 
 ### Result:
 
-_[After your change, what will change.]_
+_[After your change, what will change.]_

.github/workflows/main.yml

@@ -16,11 +16,32 @@ jobs:
       linux_6_1_arguments_override: "--explicit-target-dependency-import-check error"
       linux_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
       linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
+      windows_6_0_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_6_1_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
+
+  release-builds:
+    name: Release builds
+    uses: apple/swift-nio/.github/workflows/release_builds.yml@main
+    with:
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
 
   cxx-interop:
     name: Cxx interop
     uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main
 
+  static-sdk:
+    name: Static SDK
+    uses: apple/swift-nio/.github/workflows/static_sdk.yml@main
+
   macos-tests:
     name: macOS tests
     uses: apple/swift-nio/.github/workflows/macos_tests.yml@main

.github/workflows/pull_request.yml

@@ -30,6 +30,15 @@ jobs:
       windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
       windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
 
+  release-builds:
+    name: Release builds
+    uses: apple/swift-nio/.github/workflows/release_builds.yml@main
+    with:
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
+
   cxx-interop:
     name: Cxx interop
     uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main
@@ -44,6 +53,8 @@ jobs:
             { "name": "CCryptoBoringSSL", "type": "source", "exceptions": [] },
             { "name": "CCryptoBoringSSLShims", "type": "source", "exceptions": [] },
             { "name": "CryptoBoringWrapper", "type": "source", "exceptions": [] },
+            { "name": "CXKCP", "type": "source", "exceptions": [] },
+            { "name": "CXKCPShims", "type": "source", "exceptions": [] },
             { "name": "Crypto", "type": "source", "exceptions": [] },
             { "name": "_CryptoExtras", "type": "source", "exceptions": [] },
             { "name": "CCryptoBoringSSL", "type": "assembly", "exceptions": [ "*/AES/*.swift" ] }
@@ -56,3 +67,7 @@ jobs:
     with:
       runner_pool: general
       build_scheme: swift-crypto-Package
+
+  static-sdk:
+    name: Static SDK
+    uses: apple/swift-nio/.github/workflows/static_sdk.yml@main

.licenseignore

@@ -43,6 +43,7 @@ dev/update-benchmark-thresholds
 **/*.der
 .swiftformat
 Sources/CCryptoBoringSSL/*
+Sources/CXKCP/*
 **/*.swift.gyb
 scripts/*.patch
 scripts/gyb

.swiftformatignore

@@ -25,6 +25,7 @@ Sources/Crypto/Digests/Digest.swift
 Sources/Crypto/Digests/Digests.swift
 Sources/Crypto/Digests/HashFunctions.swift
 Sources/Crypto/Digests/HashFunctions_SHA2.swift
+Sources/Crypto/Digests/HashFunctions_SHA3.swift
 Sources/Crypto/HPKE/Ciphersuite/HPKE-AEAD.swift
 Sources/Crypto/HPKE/Ciphersuite/HPKE-Ciphersuite.swift
 Sources/Crypto/HPKE/Ciphersuite/HPKE-KDF.swift
@@ -43,8 +44,12 @@ Sources/Crypto/HPKE/Modes/HPKE-Modes.swift
 Sources/Crypto/Insecure/Insecure.swift
 Sources/Crypto/Insecure/Insecure_HashFunctions.swift
 Sources/Crypto/KEM/KEM.swift
+Sources/Crypto/KEM/KEM-Errors.swift
+Sources/Crypto/KEM/MLKEM.swift
+Sources/Crypto/KEM/XWing.swift
 Sources/Crypto/Key Agreement/DH.swift
 Sources/Crypto/Key Agreement/ECDH.swift
+Sources/Crypto/Key Derivation/ANSIx963.swift
 Sources/Crypto/Key Derivation/HKDF.swift
 Sources/Crypto/Key Wrapping/AESWrap.swift
 Sources/Crypto/Keys/EC/Curve25519.swift
@@ -58,6 +63,7 @@ Sources/Crypto/Message Authentication Codes/MessageAuthenticationCode.swift
 Sources/Crypto/PRF/AES.swift
 Sources/Crypto/Signatures/ECDSA.swift
 Sources/Crypto/Signatures/Ed25519.swift
+Sources/Crypto/Signatures/MLDSA.swift
 Sources/Crypto/Signatures/Signature.swift
 Sources/Crypto/Util/PrettyBytes.swift
 Sources/Crypto/Util/SafeCompare.swift
@@ -94,7 +100,6 @@ Sources/_CryptoExtras/OPRFs/VOPRFClient.swift
 Sources/_CryptoExtras/OPRFs/VOPRFServer.swift
 Sources/_CryptoExtras/RSA/RSA+BlindSigning.swift
 Sources/_CryptoExtras/RSA/RSA.swift
-Sources/_CryptoExtras/RSA/RSA_security.swift
 Sources/_CryptoExtras/Util/BoringSSLHelpers.swift
 Sources/_CryptoExtras/Util/DigestType.swift
 Sources/_CryptoExtras/Util/Error.swift
@@ -116,6 +121,9 @@ Tests/CryptoTests/Encodings/DERTests.swift
 Tests/CryptoTests/Encodings/ECKeyEncodingsTests.swift
 Tests/CryptoTests/HPKE/HPKETests-TestVectors.swift
 Tests/CryptoTests/HPKE/HPKETests.swift
+Tests/CryptoTests/KEM/MLKEMKeyGenTests.swift
+Tests/CryptoTests/KEM/MLKEMTests.swift
+Tests/CryptoTests/KEM/XWingTests.swift
 Tests/CryptoTests/Key Derivation/ECprivateKeysFromSeeds.swift
 Tests/CryptoTests/Key Derivation/HKDFTests.swift
 Tests/CryptoTests/Key Derivation/SharedSecretTests.swift
@@ -126,6 +134,8 @@ Tests/CryptoTests/SecureBytes/SecureBytesTests.swift
 Tests/CryptoTests/Signatures/ECDSA/ECDSASignatureTests.swift
 Tests/CryptoTests/Signatures/ECDSA/RawECDSASignaturesTests.swift
 Tests/CryptoTests/Signatures/EdDSA/Ed25519-Runner.swift
+Tests/CryptoTests/Signatures/MLDSA/MLDSAKeyGenTests.swift
+Tests/CryptoTests/Signatures/MLDSA/MLDSATests.swift
 Tests/CryptoTests/Utils/PrettyBytes.swift
 Tests/CryptoTests/Utils/RFCVector.swift
 Tests/CryptoTests/Utils/SplitData.swift

.unacceptablelanguageignore

@@ -1 +1,2 @@
-Sources/CCryptoBoringSSL/*
+Sources/CCryptoBoringSSL/*
+Sources/CXKCP/*

Benchmarks/Benchmarks/Benchmarks.swift

@@ -13,12 +13,76 @@
 //===----------------------------------------------------------------------===//
 import Benchmark
 import Crypto
-import Foundation
 import _CryptoExtras
 
+#if canImport(FoundationEssentials)
+import FoundationEssentials
+#else
+import Foundation
+#endif
+
 let benchmarks = {
     let defaultMetrics: [BenchmarkMetric] = [.mallocCountTotal, .cpuTotal]
 
+    Benchmark(
+        "arc-issue-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 3
+        )
+    ) { benchmark in
+        let privateKey = P256._ARCV1.PrivateKey()
+        let publicKey = privateKey.publicKey
+        let requestContext = Data("shared request context".utf8)
+        let precredential = try publicKey.prepareCredentialRequest(requestContext: requestContext)
+        let credentialRequest = precredential.credentialRequest
+
+        benchmark.startMeasurement()
+
+        for _ in benchmark.scaledIterations {
+            blackHole(try privateKey.issue(credentialRequest))
+        }
+    }
+
+    Benchmark(
+        "arc-verify-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        let privateKey = P256._ARCV1.PrivateKey()
+        let publicKey = privateKey.publicKey
+        let requestContext = Data("shared request context".utf8)
+        let (presentationContext, presentationLimit) = (Data("shared presentation context".utf8), 2)
+        let precredential = try publicKey.prepareCredentialRequest(requestContext: requestContext)
+        let credentialRequest = precredential.credentialRequest
+        let credentialResponse = try privateKey.issue(credentialRequest)
+        var credential = try publicKey.finalize(credentialResponse, for: precredential)
+        let (presentation, nonce) = try credential.makePresentation(
+            context: presentationContext,
+            presentationLimit: presentationLimit
+        )
+
+        benchmark.startMeasurement()
+
+        for _ in benchmark.scaledIterations {
+            blackHole(
+                try privateKey.verify(
+                    presentation,
+                    requestContext: requestContext,
+                    presentationContext: presentationContext,
+                    presentationLimit: presentationLimit,
+                    nonce: nonce
+                )
+            )
+        }
+    }
+
     Benchmark(
         "arc-issue-p384",
         configuration: Benchmark.Configuration(
@@ -99,4 +163,49 @@ let benchmarks = {
             blackHole(try privateKey.evaluate(blindedElement))
         }
     }
+
+    Benchmark(
+        "key-exchange-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P256.KeyAgreement.PrivateKey(), P256.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
+
+    Benchmark(
+        "key-exchange-p384",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P384.KeyAgreement.PrivateKey(), P384.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
+
+    Benchmark(
+        "key-exchange-p521",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P521.KeyAgreement.PrivateKey(), P521.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
 }

CMakeLists.txt

@@ -14,6 +14,10 @@
 
 cmake_minimum_required(VERSION 3.15.1)
 
+if(POLICY CMP0157)
+  cmake_policy(SET CMP0157 NEW)
+endif()
+
 project(SwiftCrypto
   LANGUAGES ASM C CXX Swift)
 
@@ -47,6 +51,18 @@ if(CMAKE_SYSTEM_NAME STREQUAL Darwin AND NOT CMAKE_CROSSCOMPILING)
   set(CMAKE_RANLIB "/usr/bin/ranlib")
 endif()
 
+set(CMAKE_CXX_STANDARD 17)
+if(CMAKE_SYSTEM_NAME STREQUAL Windows)
+  # We need to ensure that we don't include the min/max macros from the Windows SDK.
+  add_compile_definitions(NOMINMAX)
+  # We can only link against the DLL version of the MSVC runtime library for now.
+  set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreadedDLL")
+  if(CMAKE_Swift_COMPILER_VERSION VERSION_EQUAL 0.0.0 OR CMAKE_Swift_COMPILER_VERSION VERSION_GREATER_EQUAL 6.2)
+    # We need to set the static library prefix to "lib" so that we can link against the static libraries.
+    set(CMAKE_STATIC_LIBRARY_PREFIX_Swift "lib")
+  endif()
+endif()
+
 if(NOT CMAKE_SYSTEM_NAME STREQUAL Darwin)
   find_package(dispatch CONFIG)
   find_package(Foundation CONFIG)

NOTICE.txt

@@ -34,7 +34,7 @@ This product contains test vectors from Google's wycheproof project.
 
 ---
 
-This product contains a derivation of various scripts from SwiftNIO.
+This product contains a derivation of various files from SwiftNIO.
 
   * LICENSE (Apache License 2.0):
     * https://www.apache.org/licenses/LICENSE-2.0