Add ML-DSA-44 to CryptoExtras #422
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR sets swift-crypto up for alignment with the WWDC 2025 CryptoKit APIs. This includes the parity APIs for MLKEM and MLDSA, as well as XWing. At this time the SHA3 APIs are disabled, as they require a novel implementation strategy. This will come later in the summer. All API features that require SHA3 are therefore also disabled at runtime.
…nts)" This reverts commit e9de693.
…nts)" This reverts commit e9de693.
…ft-crypto into mldsa-external-mu
### Motivation: FoundationEssentials produces smaller binaries on most platforms. ### Modifications: Where FoundationEssentials is available, import that. ### Result: Improved binary size
To keep the WWDC-25 branch from rotting too badly, we'll be doing regular catch-up merges. This is the first. Co-authored-by: YourMJK <[email protected]>
Co-authored-by: YourMJK <[email protected]>
Motivation The Swift 6 language mode adopts data-race safety by default. While Swift Crypto itself has no concurrent code, it is still useful to force us to ensure that our code is properly Sendable-correct. Modifications - @unchecked Sendable on several CoW data types - Some necessary Sendable constraints on ECToolbox protocols - Add some missing protocol constraints on ARC types. Result Swift 6 clean.
## Motivation CryptoKit is adding API for SHA-3, which BoringSSL does not support. To maintain API parity, we need to provide a backing implementation. For this, we can use XKCP[^1], which provides the reference implementation, as well as several optimized solutions, suitable for vendoring into other projects. ## Modifications The following changes have been made in separate commits to help with the review: - Add vendor-xkcp.sh script - Revendor xkcp#master (heads/master-0-g11297f5) - Add CXCKP target with modulemap and umbrella header - Add CXKCPTests test target with simple test vectors - Add CXKCPShims with function wrappers for macros to call from Swift - Remove #if false guard from HashFunctions_SHA3.swift - Add SHA-3 implementation backed by libXKCP - Add new DigestImplSHA3 platform-specific type alias - Remove #if false from DigestsTests.swift to get SHA-3 tests ## Result Swift Crypto provides functioning SHA-3 API. ## Notes This PR is for the `wwdc-25` side branch. [^1]: https://github.com/XKCP/XKCP
Co-authored-by: YourMJK <[email protected]> Co-authored-by: Rick Newton-Rogers <[email protected]> Co-authored-by: Raphael <[email protected]> Co-authored-by: Si Beaumont <[email protected]> Co-authored-by: Evan Wilde <[email protected]> Co-authored-by: Tim Condon <[email protected]> Co-authored-by: Gus Cairo <[email protected]> Co-authored-by: George Barnett <[email protected]> Co-authored-by: Fabrice de Gans <[email protected]> Co-authored-by: Wojciech Nagrodzki <[email protected]> Co-authored-by: Jesse L. Zamora <[email protected]> Co-authored-by: aryan-25 <[email protected]>
Following on from apple#281, opened as a new PR as the conflicts were too many ### Checklist - [x] I've run tests to see all new and existing tests pass - [x] I've followed the code style of the rest of the project - [x] I've read the [Contribution Guidelines](CONTRIBUTING.md) - [x] I've updated the documentation if necessary #### If you've made changes to `gyb` files - [ ] I've run `.script/generate_boilerplate_files_with_gyb` and included updated generated files in a commit of this pull request ### Motivation: _[Explain here the context, and why you're making that change. What is the problem you're trying to solve.]_ ### Modifications: _[Describe the modifications you've done.]_ ### Result: _[After your change, what will change.]_
Merge CryptoExtras rename
This convinience method will be used by SLHDSA, which will be located in `CryptoExtras`, and could also be used by `MLDSA44`, also to be located in `CryptoExtras`
This is the last catchup merge into the WWDC-25 branch required to get the two branches to line up. From here, it's a straightforward merge to `main` to get the WWDC-25 branch in. --------- Co-authored-by: YourMJK <[email protected]> Co-authored-by: Rick Newton-Rogers <[email protected]> Co-authored-by: Raphael <[email protected]> Co-authored-by: Si Beaumont <[email protected]> Co-authored-by: Evan Wilde <[email protected]> Co-authored-by: Tim Condon <[email protected]> Co-authored-by: Gus Cairo <[email protected]> Co-authored-by: George Barnett <[email protected]> Co-authored-by: Fabrice de Gans <[email protected]> Co-authored-by: Wojciech Nagrodzki <[email protected]> Co-authored-by: Jesse L. Zamora <[email protected]> Co-authored-by: aryan-25 <[email protected]> Co-authored-by: Gwynne Raskind <[email protected]> Co-authored-by: 3405691582 <[email protected]> Co-authored-by: Paul Toffoloni <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds the ML-DSA-44 parameter set to CryptoExtras
Important
This PR depends on #358
Checklist
If you've made changes to
gybfiles./scripts/generate_boilerplate_files_with_gyb.shand included updated generated files in a commit of this pull requestMotivation:
CryptoKit doesn't offer ML-DSA-44, but BoringSSL does, and there are some use cases, such as JWTs, that can take advantage of this additional parameter set.
Modifications:
This PR depends on the refactor of the MLDSA BoringSSL code inside CryptoBoringWrapper done in #358, which lets us easily add the internal implementation for the additional parameter set with GYB.
A wrapper, which uses the same exact API as the other parameter sets in Crypto, is then added to CryptoExtras.
External mu APIs for MLDSA44 are also added (see #358).
Result:
ML-DSA-44 is available inside CryptoExtras.