From: Sergey Matveev Date: Wed, 12 Feb 2025 14:02:53 +0000 (+0300) Subject: Move cm-encrypted constants to the library X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b9a20e83722dd4949ef5c987007344b2b33bf631349263c227df8f074c4b9979;p=keks.git Move cm-encrypted constants to the library --- diff --git a/go/cm/cmd/enctool/main.go b/go/cm/cmd/enctool/main.go index df1b304..cbf11ca 100644 --- a/go/cm/cmd/enctool/main.go +++ b/go/cm/cmd/enctool/main.go @@ -39,49 +39,13 @@ import ( "go.cypherpunks.su/keks" "go.cypherpunks.su/keks/cm" + cmenc "go.cypherpunks.su/keks/cm/encrypted" cmhash "go.cypherpunks.su/keks/cm/hash" "go.cypherpunks.su/keks/cm/utils" "go.cypherpunks.su/keks/types" ) -const ( - BalloonSaltLen = 8 - BalloonHKDFSalt = "keks/cm/encrypted/balloon-blake2b-hkdf" - SNTRUP4591761X25519Salt = "keks/cm/encrypted/sntrup4591761-x25519-hkdf-blake2b" - ClassicMcEliece6960119X25519Salt = "keks/cm/encrypted/mceliece6960119-x25519-hkdf-shake256" - - BindFdNum = 3 + 1 -) - -type BalloonCost struct { - S uint64 `keks:"s"` - T uint64 `keks:"t"` - P uint64 `keks:"p"` -} - -type KEM struct { - A string `keks:"a"` - CEK []byte `keks:"cek"` - To *uuid.UUID `keks:"to,omitempty"` - - // balloon-blake2b-hkdf related - Cost *BalloonCost `keks:"cost,omitempty"` - Salt *[]byte `keks:"salt,omitempty"` - - Encap *[]byte `keks:"encap,omitempty"` -} - -type DEM struct { - A string `keks:"a"` -} - -type Encrypted struct { - DEM DEM `keks:"dem"` - KEM []KEM `keks:"kem"` - Bind uuid.UUID `keks:"bind"` - - Ciphertext *keks.BlobChunked `keks:"ciphertext,omitempty"` -} +const BindFdNum = 3 + 1 func blake2b256() hash.Hash { h, err := blake2b.New256(nil) @@ -175,7 +139,7 @@ func main() { log.Fatal("wrong magic") } } - var encrypted Encrypted + var encrypted cmenc.Encrypted { d := keks.NewDecoderFromReader(os.Stdin, nil) err = d.DecodeStruct(&encrypted) @@ -216,7 +180,7 @@ func main() { passwd, append(encrypted.Bind[:], *kem.Salt...), int(kem.Cost.S), int(kem.Cost.T), int(kem.Cost.P), - ), []byte(BalloonHKDFSalt)) + ), []byte(cmenc.BalloonHKDFSalt)) if err != nil { log.Fatal(err) } @@ -284,7 +248,7 @@ func main() { }, []byte{}) var kek []byte kek, err = hkdf.Extract(blake2b256, - ikm, []byte(SNTRUP4591761X25519Salt)) + ikm, []byte(cmenc.SNTRUP4591761X25519Salt)) if err != nil { log.Fatal(err) } @@ -363,7 +327,7 @@ func main() { }, []byte{}) var kek []byte kek, err = hkdf.Extract(cmhash.NewSHAKE256, - ikm, []byte(ClassicMcEliece6960119X25519Salt)) + ikm, []byte(cmenc.ClassicMcEliece6960119X25519Salt)) if err != nil { log.Fatal(err) } @@ -409,7 +373,7 @@ func main() { bindFd.WriteString(binding.String() + "\n") bindFd.Close() } - var kems []KEM + var kems []cmenc.KEM cek = make([]byte, chacha20poly1305.KeySize) _, err = io.ReadFull(rand.Reader, cek) if err != nil { @@ -423,14 +387,14 @@ func main() { log.Fatal("passphrases do not match") } } - salt := make([]byte, BalloonSaltLen) + salt := make([]byte, cmenc.BalloonSaltLen) if _, err = io.ReadFull(rand.Reader, salt); err != nil { log.Fatal(err) } - kem := KEM{ + kem := cmenc.KEM{ A: cm.BalloonBLAKE2bHKDF, Salt: &salt, - Cost: &BalloonCost{ + Cost: &cmenc.BalloonCost{ S: uint64(*balloonS), T: uint64(*balloonT), P: uint64(*balloonP), @@ -442,7 +406,7 @@ func main() { passwd, append(binding[:], salt...), *balloonS, *balloonT, *balloonP, - ), []byte(BalloonHKDFSalt)) + ), []byte(cmenc.BalloonHKDFSalt)) if err != nil { log.Fatal(err) } @@ -488,7 +452,7 @@ func main() { if err != nil { log.Fatal(err) } - kem := KEM{A: cm.SNTRUP4591761X25519HKDFBLAKE2b} + kem := cmenc.KEM{A: cm.SNTRUP4591761X25519HKDFBLAKE2b} encap := append(ciphertext[:], ourPubX25519.Bytes()...) kem.Encap = &encap { @@ -499,7 +463,7 @@ func main() { }, []byte{}) var kek []byte kek, err = hkdf.Extract(blake2b256, - ikm, []byte(SNTRUP4591761X25519Salt)) + ikm, []byte(cmenc.SNTRUP4591761X25519Salt)) if err != nil { log.Fatal(err) } @@ -547,7 +511,7 @@ func main() { if err != nil { log.Fatal(err) } - kem := KEM{A: cm.ClassicMcEliece6960119X25519HKDFSHAKE256} + kem := cmenc.KEM{A: cm.ClassicMcEliece6960119X25519HKDFSHAKE256} encap := append(ciphertext[:], ourPubX25519.Bytes()...) kem.Encap = &encap { @@ -558,7 +522,7 @@ func main() { }, []byte{}) var kek []byte kek, err = hkdf.Extract(cmhash.NewSHAKE256, - ikm, []byte(ClassicMcEliece6960119X25519Salt)) + ikm, []byte(cmenc.ClassicMcEliece6960119X25519Salt)) if err != nil { log.Fatal(err) } @@ -583,10 +547,10 @@ func main() { if _, err = keks.Encode(&hdr, cm.EncryptedMagic, nil); err != nil { log.Fatal(err) } - if _, err = keks.Encode(&hdr, &Encrypted{ + if _, err = keks.Encode(&hdr, &cmenc.Encrypted{ Bind: binding, KEM: kems, - DEM: DEM{A: cm.ChaCha20Poly1305}, + DEM: cmenc.DEM{A: cm.ChaCha20Poly1305}, }, nil); err != nil { log.Fatal(err) } diff --git a/go/cm/encrypted/balloon.go b/go/cm/encrypted/balloon.go new file mode 100644 index 0000000..1d8c9fc --- /dev/null +++ b/go/cm/encrypted/balloon.go @@ -0,0 +1,12 @@ +package encrypted + +const ( + BalloonSaltLen = 8 + BalloonHKDFSalt = "keks/cm/encrypted/balloon-blake2b-hkdf" +) + +type BalloonCost struct { + S uint64 `keks:"s"` + T uint64 `keks:"t"` + P uint64 `keks:"p"` +} diff --git a/go/cm/encrypted/kem.go b/go/cm/encrypted/kem.go new file mode 100644 index 0000000..ff092f3 --- /dev/null +++ b/go/cm/encrypted/kem.go @@ -0,0 +1,35 @@ +package encrypted + +import ( + "github.com/google/uuid" + "go.cypherpunks.su/keks" +) + +const ( + SNTRUP4591761X25519Salt = "keks/cm/encrypted/sntrup4591761-x25519-hkdf-blake2b" + ClassicMcEliece6960119X25519Salt = "keks/cm/encrypted/mceliece6960119-x25519-hkdf-shake256" +) + +type KEM struct { + A string `keks:"a"` + CEK []byte `keks:"cek"` + To *uuid.UUID `keks:"to,omitempty"` + + // balloon-blake2b-hkdf related + Cost *BalloonCost `keks:"cost,omitempty"` + Salt *[]byte `keks:"salt,omitempty"` + + Encap *[]byte `keks:"encap,omitempty"` +} + +type DEM struct { + A string `keks:"a"` +} + +type Encrypted struct { + DEM DEM `keks:"dem"` + KEM []KEM `keks:"kem"` + Bind uuid.UUID `keks:"bind"` + + Ciphertext *keks.BlobChunked `keks:"ciphertext,omitempty"` +}