mceliece6960119-x25519 public key prehash support

diff --git a/go/cm/cmd/cmenctool/main.go b/go/cm/cmd/cmenctool/main.go
index f3fadc0f1588e0cb555a2421de58191247680f21d581cc8910dd0469bfb97343..50d624e6e7aa11e4e00a443ef8b4d19715ccd68e8f3f03ef09de8f20c5533abb 100644 (file)
--- a/go/cm/cmd/cmenctool/main.go
+++ b/go/cm/cmd/cmenctool/main.go
@@ -165,6 +165,7 @@ func main() {
        PubDir.Dir = *PubDirPth
        var pubs []cm.AV
        var pubIds [][]byte
+       var pubPrehashes [][][]byte
        for _, pth := range flag.Args() {
                pubData, err := pubParse(pth)
                if err != nil {
@@ -172,6 +173,7 @@ func main() {
                }
                pubs = append(pubs, pubData.Pub[0])
                pubIds = append(pubIds, pubData.Id)
+               pubPrehashes = append(pubPrehashes, pubData.Prehash)
        }
 
        var err error
@@ -561,19 +563,32 @@ func main() {
                                        log.Fatal(err)
                                }
                                {
-                                       ourMcEliecePub := ourMcEliece.Public()
-                                       var ourMcEliecePubRaw []byte
-                                       ourMcEliecePubRaw, err = ourMcEliecePub.MarshalBinary()
-                                       if err != nil {
-                                               log.Fatal(err)
+                                       var pkHash []byte
+                                       if signed, _ := PubDir.Get(kem.To); signed != nil {
+                                               ourPub, err := pubDataFromSigned(signed)
+                                               if err != nil {
+                                                       log.Fatalln("our from:", err)
+                                               }
+                                               if len(ourPub.Prehash) > 0 {
+                                                       pkHash = ourPub.Prehash[0]
+                                               }
+                                       }
+                                       if pkHash == nil {
+                                               ourMcEliecePub := ourMcEliece.Public()
+                                               var ourMcEliecePubRaw []byte
+                                               ourMcEliecePubRaw, err = ourMcEliecePub.MarshalBinary()
+                                               if err != nil {
+                                                       log.Fatal(err)
+                                               }
+                                               hasher := cmhash.NewSHAKE256()
+                                               hasher.Write(ourMcEliecePubRaw)
+                                               hasher.Write(ourX25519.PublicKey().Bytes())
+                                               pkHash = hasher.Sum(nil)
                                        }
-                                       pkHash := cmhash.NewSHAKE256()
-                                       pkHash.Write(ourMcEliecePubRaw)
-                                       pkHash.Write(ourX25519.PublicKey().Bytes())
                                        ikm := bytes.Join([][]byte{
                                                keyMcEliece, keyX25519,
                                                sha3.SumSHAKE256(kem.Encap, 64),
-                                               pkHash.Sum(nil),
+                                               pkHash,
                                        }, []byte{})
                                        var prk []byte
                                        prk, err = hkdf.Extract(cmhash.NewSHAKE256, ikm, nil)
@@ -887,10 +902,16 @@ func main() {
                                        log.Fatal(err)
                                }
                                {
+                                       var pkHash []byte
+                                       if len(pubPrehashes[pubId]) > 0 {
+                                               pkHash = pubPrehashes[pubId][0]
+                                       } else {
+                                               pkHash = sha3.SumSHAKE256(pub.V, 64)
+                                       }
                                        ikm := bytes.Join([][]byte{
                                                keyMcEliece[:], keyX25519,
                                                sha3.SumSHAKE256(kem.Encap, 64),
-                                               sha3.SumSHAKE256(pub.V, 64),
+                                               pkHash,
                                        }, []byte{})
                                        var prk []byte
                                        prk, err = hkdf.Extract(cmhash.NewSHAKE256, ikm, nil)

diff --git a/go/cm/cmd/cmkeytool/main.go b/go/cm/cmd/cmkeytool/main.go
index f21f9fdd06fe5673800034133ee868eaffe24cc58ede5a0862ef7cb07cd8e174..9adc1f530f8e956ac0962ff41f2bcd7a478a61f18f9096e6a9330447646c79aa 100644 (file)
--- a/go/cm/cmd/cmkeytool/main.go
+++ b/go/cm/cmd/cmkeytool/main.go
@@ -225,8 +225,19 @@ func main() {
                        }
                        pubId = hasher.Sum(nil)
                        pubData["id"] = pubId
-                       if err != nil {
-                               log.Fatal(err)
+                       hasher = nil
+                       switch *algo {
+                       case sntrup761x25519.SNTRUP761X25519:
+                               hasher = cmhash.ByName(cmhash.BLAKE2b)
+                       case mceliece6960119x25519.ClassicMcEliece6960119X25519:
+                               hasher = cmhash.ByName(cmhash.SHAKE256)
+                       }
+                       if hasher != nil {
+                               _, err = hasher.Write(pub)
+                               if err != nil {
+                                       log.Fatal(err)
+                               }
+                               pubData["prehash"] = [][]byte{hasher.Sum(nil)}
                        }
                }
                if len(ku) > 0 {

diff --git a/go/cm/sign/pub.go b/go/cm/sign/pub.go
index 5e8cb01dcb476e2e8f7829dc9a7f70f639f9beadffcb869efd30c45eb7a41bb1..b5e8f5c0aab39b0e65d74d43db569ce3b1bc920aac1b29b3af8b499235e57aea 100644 (file)
--- a/go/cm/sign/pub.go
+++ b/go/cm/sign/pub.go
@@ -48,11 +48,12 @@ var (
 
 // Public key' contents.
 type PubData struct {
-       KU   map[string]*struct{} `keks:"ku"`
-       Sub  map[string]string    `keks:"sub"`
-       Crit []map[string]any     `keks:"crit"`
-       Pub  []cm.AV              `keks:"pub"`
-       Id   []byte               `keks:"id"`
+       KU      map[string]*struct{} `keks:"ku"`
+       Sub     map[string]string    `keks:"sub"`
+       Crit    []map[string]any     `keks:"crit"`
+       Pub     []cm.AV              `keks:"pub"`
+       Id      []byte               `keks:"id"`
+       Prehash [][]byte             `keks:"prehash"`
 }
 
 // Parse KEKS-encoded data as Signed with the PubData (certificate) contents.
@@ -83,9 +84,10 @@ func PubParse(data []byte) (signed *Signed, tail []byte, err error) {
        if err != nil {
                return
        }
-       tail = d.B
-       signed = &sd
-       if sd.TBS.T != "pub" {
+       if sd.TBS.T == "pub" {
+               tail = d.B
+               signed = &sd
+       } else {
                err = errors.New("PubParse: wrong load type")
        }
        return

diff --git a/go/cm/sign/storage.go b/go/cm/sign/storage.go
index d1efcb2b2ffcf1b75b8bffc0d7c9f17f70ac43ab6bea7c377d69bc325e8a7f96..810be75ba1804965a5c068ffaee12aeb5494a714d330a1c38e76ad584009a430 100644 (file)
--- a/go/cm/sign/storage.go
+++ b/go/cm/sign/storage.go
@@ -39,10 +39,10 @@ func (s *PubStorageDir) Get(id []byte) (signed *Signed, err error) {
        ))
        if err != nil {
                if errors.Is(err, fs.ErrNotExist) {
-                       return nil, nil
+                       return
                }
-               return nil, err
+               return
        }
        signed, _, err = PubParse(data)
-       return signed, err
+       return
 }

diff --git a/tcl/schemas/encrypted.tcl b/tcl/schemas/encrypted.tcl
index 3dbae4d5612b2058960f2654b15e4b72e4ec4854a49b4066cea9a14c215d4c1d..6e9ec8f12475a4f34c3a4f092a509c7177d5dae5dee06b4ae8ccaa3ca9d5d820 100644 (file)
--- a/tcl/schemas/encrypted.tcl
+++ b/tcl/schemas/encrypted.tcl
@@ -1,5 +1,5 @@
 encrypted {
-    {field . {map}}
+    {field . {map} len=~}
     {field dem {with dem}}
     {field kem {list} {of kem} >0}
     {field id {hexlet} optional}

diff --git a/tcl/schemas/pub-data.tcl b/tcl/schemas/pub-data.tcl
index 3bdfcf1a11171d8d252e5c7f7c3d0b82c6a5894c827a0a19738af89e2bb14c18..7a65c0d7be079acee4c093cc7532e48443fed3d7b2a59019627df9ec2f8f665f 100644 (file)
--- a/tcl/schemas/pub-data.tcl
+++ b/tcl/schemas/pub-data.tcl
@@ -1,8 +1,9 @@
 pub-data {
-    {field . {map}}
+    {field . {map} len=~}
     {field id {with fpr}}
     {field crit {} !exists}
     {field ku {set} >0 optional}
     {field pub {list} {of av} >0}
     {field sub {map} {of type str} >0}
+    {field prehash {list} {of type bin} >0 optional}
 }

diff --git a/tcl/schemas/signed.tcl b/tcl/schemas/signed.tcl
index da545bbfc6a991acfae9769a696b466774196a3272182814a2223e26722893de..dc6247ff4fa34d1e30698d4c59078db36fb64842174fd7bc5e8f6d9d4202a1a2 100644 (file)
--- a/tcl/schemas/signed.tcl
+++ b/tcl/schemas/signed.tcl
@@ -16,7 +16,7 @@ tbs {
 }
 
 sig {
-    {field . {map}}
+    {field . {map} len=~}
     {field tbs {with sig-tbs}}
     {field sign {with av}}
 }