From: Sergey Matveev Date: Sun, 30 Nov 2025 08:11:45 +0000 (+0300) Subject: /kem/*/auth instead of zero-filled /kem/*/from X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;ds=sidebyside;p=keks.git /kem/*/auth instead of zero-filled /kem/*/from --- diff --git a/go/cm/cmd/cmenctool/main.go b/go/cm/cmd/cmenctool/main.go index ebde3ea..f3fadc0 100644 --- a/go/cm/cmd/cmenctool/main.go +++ b/go/cm/cmd/cmenctool/main.go @@ -332,8 +332,8 @@ func main() { log.Fatalln("invalid private keys len") } var from *sign.PubData - if kem.From != nil { - if bytes.Equal(kem.From, bytes.Repeat([]byte{0}, 32)) { + if kem.Auth != nil && *kem.Auth { + if kem.From == nil { kem.From = assumeFrom } var signed *sign.Signed @@ -481,8 +481,8 @@ func main() { log.Fatalln("invalid private keys len") } var from *sign.PubData - if kem.From != nil { - if bytes.Equal(kem.From, bytes.Repeat([]byte{0}, 32)) { + if kem.Auth != nil && *kem.Auth { + if kem.From == nil { kem.From = assumeFrom } var signed *sign.Signed @@ -794,9 +794,11 @@ func main() { if err != nil { log.Fatal(err) } - if *noFrom { - kem.From = bytes.Repeat([]byte{0}, 32) - } else { + { + t := true + kem.Auth = &t + } + if !*noFrom { kem.From = fromId } } @@ -923,9 +925,11 @@ func main() { if err != nil { log.Fatal(err) } - if *noFrom { - kem.From = bytes.Repeat([]byte{0}, 32) - } else { + { + t := true + kem.Auth = &t + } + if !*noFrom { kem.From = fromId } } diff --git a/go/cm/enc/kem.go b/go/cm/enc/kem.go index 1a42145..ee7d37e 100644 --- a/go/cm/enc/kem.go +++ b/go/cm/enc/kem.go @@ -17,6 +17,7 @@ type KEM struct { A string `keks:"a"` CEK []byte `keks:"cek"` To []byte `keks:"to,omitempty"` + Auth *bool `keks:"auth,omitempty"` From []byte `keks:"from,omitempty"` // balloon-blake2b-hkdf related diff --git a/spec/cm/encrypted/authcrypt b/spec/cm/encrypted/authcrypt index b7d7ceb..e10ff4b 100644 --- a/spec/cm/encrypted/authcrypt +++ b/spec/cm/encrypted/authcrypt @@ -1,10 +1,9 @@ -Public-key based [cm/kem/]s provides sender authentication -*only* if "/kem/*/from" field is specified. It should contain public -key's "/data/id", but may be equal to 256-bit zeros, to explicitly -specify that sender's public key is used, but it is anonymous and -hidden. It is not specified how recipient should find corresponding -sender's key that way -- implementation/protocol specific. +Public-key based [cm/kem/]s provides sender authentication *only* if +"/kem/*/auth" field is set. "/kem/*/from" field may contain public +key's "/data/id", otherwise sender is hidden. It is not specified +how recipient should find corresponding sender's key that way -- +implementation/protocol specific. Optional "/pubs" is a list public keys, which may be used to supply -sender's public key(s). Public keys may be encrypted, to hide the actual -deanonymisation contents. +sender's public key(s). Public keys may be encrypted, to hide the +actual deanonymisation contents. diff --git a/tcl/schemas/kem-gost3410-hkdf.tcl b/tcl/schemas/kem-gost3410-hkdf.tcl index 59a6e3d..91e352c 100644 --- a/tcl/schemas/kem-gost3410-hkdf.tcl +++ b/tcl/schemas/kem-gost3410-hkdf.tcl @@ -5,5 +5,6 @@ kem-gost3410-hkdf { {field ukm {bin} len=16} {# additional keying material} {field pub {bin} >0} {# sender's ephemeral public key} {field to {with fpr} optional} {# recipient's public key} + {field auth {bool} optional} {field from {with fpr} optional} {# sender's public key} } diff --git a/tcl/schemas/kem-with-encap.tcl b/tcl/schemas/kem-with-encap.tcl index 0db2b68..48c8750 100644 --- a/tcl/schemas/kem-with-encap.tcl +++ b/tcl/schemas/kem-with-encap.tcl @@ -5,5 +5,6 @@ kem-with-encap { {field cek {bin} >0} {# wrapped CEK} {field encap {bin} >0} {field to {with fpr} optional} {# recipient's public key} + {field auth {bool} optional} {field from {with fpr} optional} {# sender's public key} }