"go.cypherpunks.su/keks"
"go.cypherpunks.su/keks/cm"
+ cmenc "go.cypherpunks.su/keks/cm/encrypted"
cmhash "go.cypherpunks.su/keks/cm/hash"
"go.cypherpunks.su/keks/cm/utils"
"go.cypherpunks.su/keks/types"
)
-const (
- BalloonSaltLen = 8
- BalloonHKDFSalt = "keks/cm/encrypted/balloon-blake2b-hkdf"
- SNTRUP4591761X25519Salt = "keks/cm/encrypted/sntrup4591761-x25519-hkdf-blake2b"
- ClassicMcEliece6960119X25519Salt = "keks/cm/encrypted/mceliece6960119-x25519-hkdf-shake256"
-
- BindFdNum = 3 + 1
-)
-
-type BalloonCost struct {
- S uint64 `keks:"s"`
- T uint64 `keks:"t"`
- P uint64 `keks:"p"`
-}
-
-type KEM struct {
- A string `keks:"a"`
- CEK []byte `keks:"cek"`
- To *uuid.UUID `keks:"to,omitempty"`
-
- // balloon-blake2b-hkdf related
- Cost *BalloonCost `keks:"cost,omitempty"`
- Salt *[]byte `keks:"salt,omitempty"`
-
- Encap *[]byte `keks:"encap,omitempty"`
-}
-
-type DEM struct {
- A string `keks:"a"`
-}
-
-type Encrypted struct {
- DEM DEM `keks:"dem"`
- KEM []KEM `keks:"kem"`
- Bind uuid.UUID `keks:"bind"`
-
- Ciphertext *keks.BlobChunked `keks:"ciphertext,omitempty"`
-}
+const BindFdNum = 3 + 1
func blake2b256() hash.Hash {
h, err := blake2b.New256(nil)
log.Fatal("wrong magic")
}
}
- var encrypted Encrypted
+ var encrypted cmenc.Encrypted
{
d := keks.NewDecoderFromReader(os.Stdin, nil)
err = d.DecodeStruct(&encrypted)
passwd,
append(encrypted.Bind[:], *kem.Salt...),
int(kem.Cost.S), int(kem.Cost.T), int(kem.Cost.P),
- ), []byte(BalloonHKDFSalt))
+ ), []byte(cmenc.BalloonHKDFSalt))
if err != nil {
log.Fatal(err)
}
}, []byte{})
var kek []byte
kek, err = hkdf.Extract(blake2b256,
- ikm, []byte(SNTRUP4591761X25519Salt))
+ ikm, []byte(cmenc.SNTRUP4591761X25519Salt))
if err != nil {
log.Fatal(err)
}
}, []byte{})
var kek []byte
kek, err = hkdf.Extract(cmhash.NewSHAKE256,
- ikm, []byte(ClassicMcEliece6960119X25519Salt))
+ ikm, []byte(cmenc.ClassicMcEliece6960119X25519Salt))
if err != nil {
log.Fatal(err)
}
bindFd.WriteString(binding.String() + "\n")
bindFd.Close()
}
- var kems []KEM
+ var kems []cmenc.KEM
cek = make([]byte, chacha20poly1305.KeySize)
_, err = io.ReadFull(rand.Reader, cek)
if err != nil {
log.Fatal("passphrases do not match")
}
}
- salt := make([]byte, BalloonSaltLen)
+ salt := make([]byte, cmenc.BalloonSaltLen)
if _, err = io.ReadFull(rand.Reader, salt); err != nil {
log.Fatal(err)
}
- kem := KEM{
+ kem := cmenc.KEM{
A: cm.BalloonBLAKE2bHKDF,
Salt: &salt,
- Cost: &BalloonCost{
+ Cost: &cmenc.BalloonCost{
S: uint64(*balloonS),
T: uint64(*balloonT),
P: uint64(*balloonP),
passwd,
append(binding[:], salt...),
*balloonS, *balloonT, *balloonP,
- ), []byte(BalloonHKDFSalt))
+ ), []byte(cmenc.BalloonHKDFSalt))
if err != nil {
log.Fatal(err)
}
if err != nil {
log.Fatal(err)
}
- kem := KEM{A: cm.SNTRUP4591761X25519HKDFBLAKE2b}
+ kem := cmenc.KEM{A: cm.SNTRUP4591761X25519HKDFBLAKE2b}
encap := append(ciphertext[:], ourPubX25519.Bytes()...)
kem.Encap = &encap
{
}, []byte{})
var kek []byte
kek, err = hkdf.Extract(blake2b256,
- ikm, []byte(SNTRUP4591761X25519Salt))
+ ikm, []byte(cmenc.SNTRUP4591761X25519Salt))
if err != nil {
log.Fatal(err)
}
if err != nil {
log.Fatal(err)
}
- kem := KEM{A: cm.ClassicMcEliece6960119X25519HKDFSHAKE256}
+ kem := cmenc.KEM{A: cm.ClassicMcEliece6960119X25519HKDFSHAKE256}
encap := append(ciphertext[:], ourPubX25519.Bytes()...)
kem.Encap = &encap
{
}, []byte{})
var kek []byte
kek, err = hkdf.Extract(cmhash.NewSHAKE256,
- ikm, []byte(ClassicMcEliece6960119X25519Salt))
+ ikm, []byte(cmenc.ClassicMcEliece6960119X25519Salt))
if err != nil {
log.Fatal(err)
}
if _, err = keks.Encode(&hdr, cm.EncryptedMagic, nil); err != nil {
log.Fatal(err)
}
- if _, err = keks.Encode(&hdr, &Encrypted{
+ if _, err = keks.Encode(&hdr, &cmenc.Encrypted{
Bind: binding,
KEM: kems,
- DEM: DEM{A: cm.ChaCha20Poly1305},
+ DEM: cmenc.DEM{A: cm.ChaCha20Poly1305},
}, nil); err != nil {
log.Fatal(err)
}