diff options
| author | Bob Beck <bbe@google.com> | 2024-03-09 17:22:26 +0000 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-03-21 06:02:41 +0000 |
| commit | 06fb6e1b129d426b0f543e0e77890295175f012a (patch) | |
| tree | 25332a80d811e7317dc6cc61580c742a496999ca /tool | |
| parent | e57ab142c0cabf30b6d4e85b8038003cc179716b (diff) | |
| download | boringssl-06fb6e1b129d426b0f543e0e77890295175f012a.zip boringssl-06fb6e1b129d426b0f543e0e77890295175f012a.tar.gz boringssl-06fb6e1b129d426b0f543e0e77890295175f012a.tar.bz2 | |
Make it plainly obvious this is experimental code.
Since we are saying this will die when standardized, let us
ensure users of this code from this location take notice
and action before using it.
We then selectively allow it in the speed tool and in our tests.
If we like this approach, I'll go back and apply it to kyber
(which will have some other fallout consequences to fix) but this
one should be painless right now.
This can also be applied to Dilithium when it comes back.
Future experimentals could be added in this manner.
Change-Id: Ie3b41cf16278868562ef1c8b28f2caed5e0e2dd1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66887
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'tool')
| -rw-r--r-- | tool/speed.cc | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/tool/speed.cc b/tool/speed.cc index d524455..d3cc87e 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -25,6 +25,8 @@ #include <stdlib.h> #include <string.h> +#define OPENSSL_I_UNDERSTAND_EXPERIMENTAL_FUNCTION_RISK + #include <openssl/aead.h> #include <openssl/aes.h> #include <openssl/base64.h> @@ -38,6 +40,7 @@ #include <openssl/ecdsa.h> #include <openssl/err.h> #include <openssl/evp.h> +#define OPENSSL_UNSTABLE_EXPERIMENTAL_SPX #include <openssl/experimental/kyber.h> #include <openssl/experimental/spx.h> #include <openssl/hrss.h> @@ -1136,7 +1139,7 @@ static bool SpeedSpx(const std::string &selected) { TimeResults results; if (!TimeFunctionParallel(&results, []() -> bool { uint8_t public_key[32], private_key[64]; - spx_generate_key(public_key, private_key); + SPX_generate_key(public_key, private_key); return true; })) { return false; @@ -1145,12 +1148,12 @@ static bool SpeedSpx(const std::string &selected) { results.Print("SPHINCS+-SHA2-128s key generation"); uint8_t public_key[32], private_key[64]; - spx_generate_key(public_key, private_key); + SPX_generate_key(public_key, private_key); static const uint8_t kMessage[] = {0, 1, 2, 3, 4, 5}; if (!TimeFunctionParallel(&results, [&private_key]() -> bool { uint8_t out[SPX_SIGNATURE_BYTES]; - spx_sign(out, private_key, kMessage, sizeof(kMessage), true); + SPX_sign(out, private_key, kMessage, sizeof(kMessage), true); return true; })) { return false; @@ -1159,10 +1162,10 @@ static bool SpeedSpx(const std::string &selected) { results.Print("SPHINCS+-SHA2-128s signing"); uint8_t signature[SPX_SIGNATURE_BYTES]; - spx_sign(signature, private_key, kMessage, sizeof(kMessage), true); + SPX_sign(signature, private_key, kMessage, sizeof(kMessage), true); if (!TimeFunctionParallel(&results, [&public_key, &signature]() -> bool { - return spx_verify(signature, public_key, kMessage, sizeof(kMessage)) == + return SPX_verify(signature, public_key, kMessage, sizeof(kMessage)) == 1; })) { fprintf(stderr, "SPHINCS+-SHA2-128s verify failed.\n"); |