mirror of https://gogs.blitter.com/RLabs/xs
Added FrodoKEM
This commit is contained in:
parent
d0f76fd3b4
commit
5f42894ac2
2
Makefile
2
Makefile
|
@ -1,4 +1,4 @@
|
||||||
VERSION := 0.8.25
|
VERSION := 0.8.26
|
||||||
.PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
|
.PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
|
||||||
|
|
||||||
## Tag version of binaries with build info wrt.
|
## Tag version of binaries with build info wrt.
|
||||||
|
|
|
@ -27,7 +27,7 @@ Currently supported exchanges are:
|
||||||
[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx);
|
[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx);
|
||||||
* The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/) :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber)
|
* The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/) :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber)
|
||||||
* The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope)
|
* The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope)
|
||||||
|
* The FrodoKEM algorithm [frodokem.org](https://frodokem.org/) :: Go version by [Eduardo E. S. Riccardi](https://github.com/kuking/go-frodokem)
|
||||||
|
|
||||||
Currently supported session algorithms:
|
Currently supported session algorithms:
|
||||||
|
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -13,6 +13,7 @@ require (
|
||||||
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
|
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
|
||||||
github.com/klauspost/reedsolomon v1.9.9 // indirect
|
github.com/klauspost/reedsolomon v1.9.9 // indirect
|
||||||
github.com/kr/pty v1.1.8
|
github.com/kr/pty v1.1.8
|
||||||
|
github.com/kuking/go-frodokem v1.0.1
|
||||||
github.com/mattn/go-isatty v0.0.12
|
github.com/mattn/go-isatty v0.0.12
|
||||||
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
|
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
|
||||||
github.com/pkg/errors v0.9.1 // indirect
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
|
|
3
go.sum
3
go.sum
|
@ -33,6 +33,8 @@ github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2
|
||||||
github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
|
github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
|
||||||
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
|
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
|
||||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
||||||
|
github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o=
|
||||||
|
github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI=
|
||||||
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
|
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
|
||||||
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
|
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
|
||||||
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8=
|
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8=
|
||||||
|
@ -50,6 +52,7 @@ github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA=
|
||||||
github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
||||||
github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
|
github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
|
||||||
github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
|
||||||
|
github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
|
||||||
github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
|
github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
|
||||||
github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
|
github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
|
||||||
github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=
|
github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=
|
||||||
|
|
18
xs/xs.go
18
xs/xs.go
|
@ -64,22 +64,22 @@ const bob = string("\r\n\r\n" +
|
||||||
"@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" +
|
"@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" +
|
||||||
"@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" +
|
"@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" +
|
||||||
"@@@@@ ~ ~~ ~I @@@@@\r\n" +
|
"@@@@@ ~ ~~ ~I @@@@@\r\n" +
|
||||||
"@@@@' ' _,w@< @@@@\r\n" +
|
"@@@@' ' _,w@< @@@@ .\r\n" +
|
||||||
"@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" +
|
"@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" +
|
||||||
"@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@\r\n" +
|
"@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@ Bob\r\n" +
|
||||||
"@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" +
|
"@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" +
|
||||||
"@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@\r\n" +
|
"@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@ bOb\r\n" +
|
||||||
"@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" +
|
"@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" +
|
||||||
"@@@@ _~ , , `@@@~ _ _`@ ]L J@@@\r\n" +
|
"@@@@ _~ , , `@@@~ _ _`@ ]L J@@@ o\r\n" +
|
||||||
"@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" +
|
"@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" +
|
||||||
"@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@\r\n" +
|
"@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@ BOB\r\n" +
|
||||||
"@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" +
|
"@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" +
|
||||||
"@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@\r\n" +
|
"@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@ . o\r\n" +
|
||||||
"@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" +
|
"@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" +
|
||||||
"@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" +
|
"@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" +
|
||||||
"@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@\r\n" +
|
"@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@ o .\r\n" +
|
||||||
"@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" +
|
"@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" +
|
||||||
"@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@\r\n" +
|
"@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@ B o B\r\n" +
|
||||||
"@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" +
|
"@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" +
|
||||||
"@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" +
|
"@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" +
|
||||||
"@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
|
"@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
|
||||||
|
@ -712,7 +712,7 @@ func main() {
|
||||||
flag.BoolVar(&dbg, "d", false, "debug logging")
|
flag.BoolVar(&dbg, "d", false, "debug logging")
|
||||||
flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]")
|
flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]")
|
||||||
flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]")
|
flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]")
|
||||||
flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE]")
|
flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]")
|
||||||
flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP")
|
flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP")
|
||||||
flag.UintVar(&port, "p", 2000, "``port")
|
flag.UintVar(&port, "p", 2000, "``port")
|
||||||
//flag.StringVar(&authCookie, "a", "", "auth cookie")
|
//flag.StringVar(&authCookie, "a", "", "auth cookie")
|
||||||
|
|
|
@ -29,6 +29,10 @@ const (
|
||||||
KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
|
KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
|
||||||
KEX_resvd14
|
KEX_resvd14
|
||||||
KEX_resvd15
|
KEX_resvd15
|
||||||
|
KEX_FRODOKEM_1344AES
|
||||||
|
KEX_FRODOKEM_1344SHAKE
|
||||||
|
KEX_FRODOKEM_976AES
|
||||||
|
KEX_FRODOKEM_976SHAKE
|
||||||
KEX_invalid = 255
|
KEX_invalid = 255
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
210
xsnet/net.go
210
xsnet/net.go
|
@ -44,6 +44,7 @@ import (
|
||||||
"blitter.com/go/kyber"
|
"blitter.com/go/kyber"
|
||||||
"blitter.com/go/newhope"
|
"blitter.com/go/newhope"
|
||||||
"blitter.com/go/xs/logger"
|
"blitter.com/go/xs/logger"
|
||||||
|
frodo "github.com/kuking/go-frodokem"
|
||||||
)
|
)
|
||||||
|
|
||||||
/*---------------------------------------------------------------------*/
|
/*---------------------------------------------------------------------*/
|
||||||
|
@ -126,6 +127,14 @@ func (k *KEXAlg) String() string {
|
||||||
return "KEX_NEWHOPE"
|
return "KEX_NEWHOPE"
|
||||||
case KEX_NEWHOPE_SIMPLE:
|
case KEX_NEWHOPE_SIMPLE:
|
||||||
return "KEX_NEWHOPE_SIMPLE"
|
return "KEX_NEWHOPE_SIMPLE"
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
return "KEX_FRODOKEM_1344AES"
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
return "KEX_FRODOKEM_1344SHAKE"
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
return "KEX_FRODOKEM_976AES"
|
||||||
|
case KEX_FRODOKEM_976SHAKE:
|
||||||
|
return "KEX_FRODOKEM_976SHAKE"
|
||||||
default:
|
default:
|
||||||
return "KEX_ERR_UNK"
|
return "KEX_ERR_UNK"
|
||||||
}
|
}
|
||||||
|
@ -276,6 +285,14 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
|
||||||
case KEX_NEWHOPE:
|
case KEX_NEWHOPE:
|
||||||
fallthrough
|
fallthrough
|
||||||
case KEX_NEWHOPE_SIMPLE:
|
case KEX_NEWHOPE_SIMPLE:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_976SHAKE:
|
||||||
log.Printf("[KEx alg %d accepted]\n", kexAlg)
|
log.Printf("[KEx alg %d accepted]\n", kexAlg)
|
||||||
default:
|
default:
|
||||||
// UNREACHABLE: _getkexalgnum() guarantees a valid KEX value
|
// UNREACHABLE: _getkexalgnum() guarantees a valid KEX value
|
||||||
|
@ -375,11 +392,86 @@ func getkexalgnum(extensions ...string) (k KEXAlg) {
|
||||||
case "KEX_NEWHOPE_SIMPLE":
|
case "KEX_NEWHOPE_SIMPLE":
|
||||||
k = KEX_NEWHOPE_SIMPLE
|
k = KEX_NEWHOPE_SIMPLE
|
||||||
break //out of for
|
break //out of for
|
||||||
|
case "KEX_FRODOKEM_1344AES":
|
||||||
|
k = KEX_FRODOKEM_1344AES
|
||||||
|
break //out of for
|
||||||
|
case "KEX_FRODOKEM_1344SHAKE":
|
||||||
|
k = KEX_FRODOKEM_1344SHAKE
|
||||||
|
break //out of for
|
||||||
|
case "KEX_FRODOKEM_976AES":
|
||||||
|
k = KEX_FRODOKEM_976AES
|
||||||
|
break //out of for
|
||||||
|
case "KEX_FRODOKEM_976SHAKE":
|
||||||
|
k = KEX_FRODOKEM_976SHAKE
|
||||||
|
break //out of for
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
||||||
|
// Send xsnet.Conn parameters to remote side
|
||||||
|
|
||||||
|
// Alice, step 1: Generate a key pair.
|
||||||
|
var kem frodo.FrodoKEM
|
||||||
|
|
||||||
|
switch hc.kex {
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
kem = frodo.Frodo1344AES()
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
kem = frodo.Frodo1344SHAKE()
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
kem = frodo.Frodo976AES()
|
||||||
|
default:
|
||||||
|
kem = frodo.Frodo976SHAKE()
|
||||||
|
}
|
||||||
|
pubA, secA := kem.Keygen() // pA
|
||||||
|
//log.Printf("[pubKeyAlice: %v]\n", pubA)
|
||||||
|
|
||||||
|
// Alice, step 2: Send the public key (na,ea) to Bob
|
||||||
|
fmt.Fprintf(c, "0x%x\n", pubA)
|
||||||
|
|
||||||
|
// (... and cipher, connection opts)
|
||||||
|
fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
|
// [Bob does the same and sends use a public key (nb, eb)
|
||||||
|
pubB_bigint := big.NewInt(0)
|
||||||
|
_, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint)
|
||||||
|
pubB := pubB_bigint.Bytes()
|
||||||
|
//log.Printf("[Got pubKeyBob[]:%v]\n", pubB)
|
||||||
|
|
||||||
|
// (... and cipher, connection opts)
|
||||||
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
|
&hc.cipheropts, &hc.opts)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Alice, step 3: Create ctAtoB, shareA
|
||||||
|
ctAtoB, shareA, err := kem.Encapsulate(pubB)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Alice, step 4: Send ctAtoB to Bob
|
||||||
|
fmt.Fprintf(c, "0x%x\n", ctAtoB)
|
||||||
|
|
||||||
|
// Alice, step 5: Receive ctBtoA from Bob
|
||||||
|
ctBtoA_bigint := big.NewInt(0)
|
||||||
|
_, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint)
|
||||||
|
ctBtoA := ctBtoA_bigint.Bytes()
|
||||||
|
log.Printf("[Got ctBob[]:%v]\n", ctBtoA)
|
||||||
|
|
||||||
|
// Alice, step 6: compute Bob's share
|
||||||
|
shareB, err := kem.Dencapsulate(secA, ctBtoA)
|
||||||
|
sessionKey := append(shareA, shareB...)
|
||||||
|
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
|
||||||
|
|
||||||
|
hc.r, hc.rm, err = hc.getStream(sessionKey)
|
||||||
|
hc.w, hc.wm, err = hc.getStream(sessionKey)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// randReader wraps rand.Read() in a struct that implements io.Reader
|
// randReader wraps rand.Read() in a struct that implements io.Reader
|
||||||
// for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods.
|
// for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods.
|
||||||
type randReader struct {
|
type randReader struct {
|
||||||
|
@ -413,7 +505,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
||||||
for i := range pubKeyBob.Send {
|
for i := range pubKeyBob.Send {
|
||||||
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
|
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
|
||||||
}
|
}
|
||||||
log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
|
//log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
|
||||||
|
|
||||||
// Read cipheropts, session opts
|
// Read cipheropts, session opts
|
||||||
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
|
@ -429,7 +521,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -457,7 +549,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
||||||
for i := range pubKeyBob.Send {
|
for i := range pubKeyBob.Send {
|
||||||
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
|
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
|
||||||
}
|
}
|
||||||
log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
|
//log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
|
||||||
|
|
||||||
// Read cipheropts, session opts
|
// Read cipheropts, session opts
|
||||||
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
|
@ -473,7 +565,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -512,7 +604,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
|
||||||
//if err != nil {
|
//if err != nil {
|
||||||
// return err
|
// return err
|
||||||
//}
|
//}
|
||||||
log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB)
|
//log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB)
|
||||||
|
|
||||||
// Read cipheropts, session opts
|
// Read cipheropts, session opts
|
||||||
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
|
||||||
|
@ -524,7 +616,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
|
||||||
// Alice, step 3: Decrypt the KEM cipher text.
|
// Alice, step 3: Decrypt the KEM cipher text.
|
||||||
aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)
|
aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -573,13 +665,74 @@ func HKExDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
|
// Bob, step 1: Generate a key pair.
|
||||||
|
var kem frodo.FrodoKEM
|
||||||
|
|
||||||
|
switch hc.kex {
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
kem = frodo.Frodo1344AES()
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
kem = frodo.Frodo1344SHAKE()
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
kem = frodo.Frodo976AES()
|
||||||
|
default:
|
||||||
|
kem = frodo.Frodo976SHAKE()
|
||||||
|
}
|
||||||
|
pubB, secB := kem.Keygen()
|
||||||
|
//log.Printf("[pubKeyBob: %v]\n", pubB)
|
||||||
|
|
||||||
|
// Bob, step 2: Send the public key (nb,eb) to Alice
|
||||||
|
fmt.Fprintf(*c, "0x%x\n", pubB)
|
||||||
|
|
||||||
|
// (... and cipher, connection opts)
|
||||||
|
fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
|
// [Alice does the same and sends use a public key (na, ea)
|
||||||
|
pubA_bigint := big.NewInt(0)
|
||||||
|
_, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint)
|
||||||
|
pubA := pubA_bigint.Bytes()
|
||||||
|
//log.Printf("[Got pubKeyAlice[]:%v]\n", pubA)
|
||||||
|
|
||||||
|
// (... and cipher, connection opts)
|
||||||
|
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
|
||||||
|
&hc.cipheropts, &hc.opts)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Bob, step 3: Create ctBtoA, shareB
|
||||||
|
ctBtoA, shareB, err := kem.Encapsulate(pubA)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Bob, step 4: Send ctBtoA to Alice
|
||||||
|
fmt.Fprintf(*c, "0x%x\n", ctBtoA)
|
||||||
|
|
||||||
|
// Bob, step 5: Receive ctAtoB from Alice
|
||||||
|
ctAtoB_bigint := big.NewInt(0)
|
||||||
|
_, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint)
|
||||||
|
ctAtoB := ctAtoB_bigint.Bytes()
|
||||||
|
log.Printf("[Got ctAlice[]:%v]\n", ctAtoB)
|
||||||
|
|
||||||
|
// Alice, step 6: compute Bob's share
|
||||||
|
shareA, err := kem.Dencapsulate(secB, ctAtoB)
|
||||||
|
sessionKey := append(shareA, shareB...)
|
||||||
|
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
|
||||||
|
|
||||||
|
hc.r, hc.rm, err = hc.getStream(sessionKey)
|
||||||
|
hc.w, hc.wm, err = hc.getStream(sessionKey)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
r := new(randReader)
|
r := new(randReader)
|
||||||
rand.Seed(time.Now().UnixNano())
|
rand.Seed(time.Now().UnixNano())
|
||||||
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
||||||
alicePublicKey := big.NewInt(0)
|
alicePublicKey := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(*c, alicePublicKey)
|
_, err = fmt.Fscanln(*c, alicePublicKey)
|
||||||
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -606,7 +759,7 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -618,7 +771,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
||||||
alicePublicKey := big.NewInt(0)
|
alicePublicKey := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(*c, alicePublicKey)
|
_, err = fmt.Fscanln(*c, alicePublicKey)
|
||||||
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -645,7 +798,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -655,7 +808,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
// Bob, step 1: Deserialize Alice's public key from the binary encoding.
|
||||||
alicePublicKey := big.NewInt(0)
|
alicePublicKey := big.NewInt(0)
|
||||||
_, err = fmt.Fscanln(*c, alicePublicKey)
|
_, err = fmt.Fscanln(*c, alicePublicKey)
|
||||||
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
//log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -694,7 +847,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
|
||||||
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
|
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
|
||||||
hc.cipheropts, hc.opts)
|
hc.cipheropts, hc.opts)
|
||||||
|
|
||||||
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
//log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
|
||||||
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
|
||||||
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
|
||||||
return
|
return
|
||||||
|
@ -817,6 +970,17 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er
|
||||||
if NewHopeSimpleDialSetup(c, &hc) != nil {
|
if NewHopeSimpleDialSetup(c, &hc) != nil {
|
||||||
return Conn{}, nil
|
return Conn{}, nil
|
||||||
}
|
}
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
fallthrough
|
||||||
|
case KEX_FRODOKEM_976SHAKE:
|
||||||
|
log.Printf("[Setting up for KEX_FRODOKEM %d]\n", hc.kex)
|
||||||
|
if FrodoKEMDialSetup(c, &hc) != nil {
|
||||||
|
return Conn{}, nil
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
return Conn{}, err
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
|
@ -1000,6 +1164,26 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
|
||||||
if NewHopeSimpleAcceptSetup(&c, &hc) != nil {
|
if NewHopeSimpleAcceptSetup(&c, &hc) != nil {
|
||||||
return Conn{}, err
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
|
case KEX_FRODOKEM_1344AES:
|
||||||
|
log.Printf("[Setting up for KEX_FRODOKEM_1344AES %d]\n", hc.kex)
|
||||||
|
if FrodoKEMAcceptSetup(&c, &hc) != nil {
|
||||||
|
return Conn{}, err
|
||||||
|
}
|
||||||
|
case KEX_FRODOKEM_1344SHAKE:
|
||||||
|
log.Printf("[Setting up for KEX_FRODOKEM_1344SHAKE %d]\n", hc.kex)
|
||||||
|
if FrodoKEMAcceptSetup(&c, &hc) != nil {
|
||||||
|
return Conn{}, err
|
||||||
|
}
|
||||||
|
case KEX_FRODOKEM_976AES:
|
||||||
|
log.Printf("[Setting up for KEX_FRODOKEM_976AES %d]\n", hc.kex)
|
||||||
|
if FrodoKEMAcceptSetup(&c, &hc) != nil {
|
||||||
|
return Conn{}, err
|
||||||
|
}
|
||||||
|
case KEX_FRODOKEM_976SHAKE:
|
||||||
|
log.Printf("[Setting up for KEX_FRODOKEM_976SHAKE %d]\n", hc.kex)
|
||||||
|
if FrodoKEMAcceptSetup(&c, &hc) != nil {
|
||||||
|
return Conn{}, err
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
return Conn{}, err
|
return Conn{}, err
|
||||||
}
|
}
|
||||||
|
@ -1235,7 +1419,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
|
hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
|
||||||
log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
|
//log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
|
||||||
|
|
||||||
if *hc.closeStat == CSETruncCSO {
|
if *hc.closeStat == CSETruncCSO {
|
||||||
logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))
|
logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))
|
||||||
|
|
Loading…
Reference in New Issue