	Include stories about projects I am a member of.

Oct 16 2023

fse added a comment to T6637: PQC for Libgcrypt.

OK, fine, however, in order to be able keep an overview of our tasks I would still keep track of them in our GitHub, where I can create a sub-issue from the list of tasks with one click. But we will post our comments and results here as well as far relevant for the purpose of documentation. I think most of the points Jussi raised are more or less clear to me anyway.

Oct 16 2023, 12:07 PM · PQC, libgcrypt

fse added a comment to T6755: libgcrypt: KEM API.

With respect to the function signatures, I see the following issues with the API you reference via the provided link:

Oct 16 2023, 12:01 PM · PQC, libgcrypt

• werner added a comment to T6637: PQC for Libgcrypt.

@fse: Github is not an option here. We don't use it and thus everything relevant to Libgcrypt needs to be documented here and not at some external platform.

Oct 16 2023, 11:53 AM · PQC, libgcrypt

• gniibe added a comment to T6755: libgcrypt: KEM API.

For length information, we can find that Simon's patch (let me call it v1) has length argument:
https://gitlab.com/jas/libgcrypt/-/commit/3af635afca052a9575912b257fe7518a58bfe810

Oct 16 2023, 10:24 AM · PQC, libgcrypt

fse added a comment to T6637: PQC for Libgcrypt.

Hi Jussi,

Oct 16 2023, 8:37 AM · PQC, libgcrypt

Oct 15 2023

jukivili added a comment to T6637: PQC for Libgcrypt.

There's many functions that use buffers on stack. Do those contain secrets? Should those buffers be wiped before returning from function (with wipememory())? For example, "mlkem_check_secret_key" has two buffers "shared_secret_1" and "shared_secret_2" which are not wiped.
mlkem.c: mlkem_check_secret_key: "memcmp" is used to compare shared secrets. Should this use constant time comparison instead?
mlkem-common.c: _gcry_mlkem_mlkem_shake256_rkprf:
- _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close.
mlkem-symmetric.c: _gcry_mlkem_shake256_prf:
- _gcry_md_hash_buffers_extract can be used here instead of _gcry_md_open&write&extract&close. Temporary buffer usage can be avoided by passing input buffers through two IOV to _gcry_md_hash_buffers_extract.

Oct 15 2023, 5:08 PM · PQC, libgcrypt

jukivili added a comment to T6637: PQC for Libgcrypt.

Few comments on the patches.

Oct 15 2023, 4:38 PM · PQC, libgcrypt

Oct 11 2023

fse added a comment to T6755: libgcrypt: KEM API.

Our own internal function signatures is not necessarily a good refernce. The main objection to all what you list above is the lack of explicit length information. For each uint8_t* there should also be a size_t ...len in my opinion. Otherwise the API will be highly prone to memory access errors.

Oct 11 2023, 8:34 AM · PQC, libgcrypt

• gniibe added a comment to T6755: libgcrypt: KEM API.

@fse Thank you for your comment (quick ! :-).

Oct 11 2023, 6:47 AM · PQC, libgcrypt

Oct 10 2023

fse added a comment to T6755: libgcrypt: KEM API.

The API that you quote at the end is indeed what is comonly understood as how a KEM functions and is exactly what fits to ML-KEM.

Oct 10 2023, 9:11 AM · PQC, libgcrypt

• gniibe triaged T6755: libgcrypt: KEM API as Wishlist priority.

Oct 10 2023, 8:23 AM · PQC, libgcrypt

Oct 9 2023

• gniibe added a comment to T6637: PQC for Libgcrypt.

Please send us patches (to this branch).

Oct 9 2023, 10:29 AM · PQC, libgcrypt

fse added a comment to T6637: PQC for Libgcrypt.

One question on the future cooperation: is it from now on possible to directly commit to these branches or will we continue to work with uploading patches to this task?

Oct 9 2023, 8:18 AM · PQC, libgcrypt