Added FrodoKEM

This commit is contained in:
Russ Magee 2020-12-10 19:21:04 -08:00
parent d0f76fd3b4
commit 5f42894ac2
7 changed files with 216 additions and 24 deletions

View file

@ -1,4 +1,4 @@
VERSION := 0.8.25 VERSION := 0.8.26
.PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
## Tag version of binaries with build info wrt. ## Tag version of binaries with build info wrt.

View file

@ -27,7 +27,7 @@ Currently supported exchanges are:
[Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx); [Omar Elejandro Herrera Reyna's HerraduraKEx project](http://github.com/Caume/HerraduraKEx);
* The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/) :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber) * The KYBER IND-CCA-2 secure key encapsulation mechanism, [pq-crystals Kyber](https://pq-crystals.org/kyber/) :: [Yawning/kyber golang implementation](https://git.schwanenlied.me/yawning/kyber)
* The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope) * The NEWHOPE algorithm [newhopecrypto.org](https://www.newhopecrypto.org/) :: [Yawning/go-newhope golang implementation](https://git.schwanenlied.me/yawning/newhope)
* The FrodoKEM algorithm [frodokem.org](https://frodokem.org/) :: Go version by [Eduardo E. S. Riccardi](https://github.com/kuking/go-frodokem)
Currently supported session algorithms: Currently supported session algorithms:

1
go.mod
View file

@ -13,6 +13,7 @@ require (
github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f github.com/jameskeane/bcrypt v0.0.0-20120420032655-c3cd44c1e20f
github.com/klauspost/reedsolomon v1.9.9 // indirect github.com/klauspost/reedsolomon v1.9.9 // indirect
github.com/kr/pty v1.1.8 github.com/kr/pty v1.1.8
github.com/kuking/go-frodokem v1.0.1
github.com/mattn/go-isatty v0.0.12 github.com/mattn/go-isatty v0.0.12
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/pkg/errors v0.9.1 // indirect

3
go.sum
View file

@ -33,6 +33,8 @@ github.com/klauspost/reedsolomon v1.9.9 h1:qCL7LZlv17xMixl55nq2/Oa1Y86nfO8EqDfv2
github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo= github.com/klauspost/reedsolomon v1.9.9/go.mod h1:O7yFFHiQwDR6b2t63KPUpccPtNdp5ADgh1gg4fd12wo=
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI= github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kuking/go-frodokem v1.0.1 h1:13bks3u4CPpvUtOLttT+A37j9myV4kLnS7Z3qDiTm4o=
github.com/kuking/go-frodokem v1.0.1/go.mod h1:TzD0W9QnVOcwigeSySEuNZfJaGxWRtFRb7hXe/w/waI=
github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8= github.com/mmcloughlin/avo v0.0.0-20200523190732-4439b6b2c061 h1:UCU8+cLbbvyxi0sQ9fSeoEhZgvrrD9HKMtX6Gmc1vk8=
@ -50,6 +52,7 @@ github.com/tjfoc/gmsm v1.3.0 h1:i7c6Za/IlgBvnGxYpfD7L3TGuaS+v6oGcgq+J9/ecEA=
github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.3.0/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo= github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ= github.com/xtaci/kcp-go v1.0.1 h1:SEZn2Iick6ualQpV8yY9cXdDTgbfBHPIwJl7UvxfxLQ=
github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg= github.com/xtaci/kcp-go v5.4.20+incompatible h1:TN1uey3Raw0sTz0Fg8GkfM0uH3YwzhnZWQ1bABv5xAg=
github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE= github.com/xtaci/kcp-go v5.4.20+incompatible/go.mod h1:bN6vIwHQbfHaHtFpEssmWsN45a+AZwO7eyRCmEIbtvE=

View file

@ -64,22 +64,22 @@ const bob = string("\r\n\r\n" +
"@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" + "@@@@@@@^^~~~~~~~~~~~~~~~~~~~~^@@@@@@@@@\r\n" +
"@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" + "@@@@@@^ ~^ @ @@ @ @ @ I ~^@@@@@@\r\n" +
"@@@@@ ~ ~~ ~I @@@@@\r\n" + "@@@@@ ~ ~~ ~I @@@@@\r\n" +
"@@@@' ' _,w@< @@@@\r\n" + "@@@@' ' _,w@< @@@@ .\r\n" +
"@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" + "@@@@ @@@@@@@@w___,w@@@@@@@@ @ @@@\r\n" +
"@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@\r\n" + "@@@@ @@@@@@@@@@@@@@@@@@@@@@ I @@@ Bob\r\n" +
"@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" + "@@@@ @@@@@@@@@@@@@@@@@@@@*@[ i @@@\r\n" +
"@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@\r\n" + "@@@@ @@@@@@@@@@@@@@@@@@@@[][ | ]@@@ bOb\r\n" +
"@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" + "@@@@ ~_,,_ ~@@@@@@@~ ____~ @ @@@\r\n" +
"@@@@ _~ , , `@@@~ _ _`@ ]L J@@@\r\n" + "@@@@ _~ , , `@@@~ _ _`@ ]L J@@@ o\r\n" +
"@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" + "@@@@ , @@w@ww+ @@@ww``,,@w@ ][ @@@@\r\n" +
"@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@\r\n" + "@@@@, @@@@www@@@ @@@@@@@ww@@@@@[ @@@@ BOB\r\n" +
"@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" + "@@@@@_|| @@@@@@P' @@P@@@@@@@@@@@[|c@@@@\r\n" +
"@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@\r\n" + "@@@@@@w| '@@P~ P]@@@-~, ~Y@@^'],@@@@@@ . o\r\n" +
"@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" + "@@@@@@@[ _ _J@@Tk ]]@@@@@@\r\n" +
"@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" + "@@@@@@@@,@ @@, c,,,,,,,y ,w@@[ ,@@@@@@@\r\n" +
"@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@\r\n" + "@@@@@@@@@ i @w ====--_@@@@@ @@@@@@@@ o .\r\n" +
"@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" + "@@@@@@@@@@`,P~ _ ~^^^^Y@@@@@ @@@@@@@@@\r\n" +
"@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@\r\n" + "@@@@^^=^@@^ ^' ,ww,w@@@@@ _@@@@@@@@@@ B o B\r\n" +
"@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" + "@@@_xJ~ ~ , @@@@@@@P~_@@@@@@@@@@@@\r\n" +
"@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" + "@@ @, ,@@@,_____ _,J@@@@@@@@@@@@@\r\n" +
"@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" + "@@L `' ,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n" +
@ -712,7 +712,7 @@ func main() {
flag.BoolVar(&dbg, "d", false, "debug logging") flag.BoolVar(&dbg, "d", false, "debug logging")
flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]") flag.StringVar(&cipherAlg, "c", "C_AES_256", "session `cipher` [C_AES_256 | C_TWOFISH_128 | C_BLOWFISH_64 | C_CRYPTMT1 | C_CHACHA20_12]")
flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]") flag.StringVar(&hmacAlg, "m", "H_SHA256", "session `HMAC` [H_SHA256 | H_SHA512]")
flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE]") flag.StringVar(&kexAlg, "k", "KEX_HERRADURA512", "KEx `alg` [KEX_HERRADURA{256/512/1024/2048} | KEX_KYBER{512/768/1024} | KEX_NEWHOPE | KEX_NEWHOPE_SIMPLE | KEX_FRODOKEM_{1344|976}{AES|SHAKE}]")
flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP") flag.StringVar(&kcpMode, "K", "unused", "KCP `alg`, one of [KCP_NONE | KCP_AES | KCP_BLOWFISH | KCP_CAST5 | KCP_SM4 | KCP_SALSA20 | KCP_SIMPLEXOR | KCP_TEA | KCP_3DES | KCP_TWOFISH | KCP_XTEA] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP")
flag.UintVar(&port, "p", 2000, "``port") flag.UintVar(&port, "p", 2000, "``port")
//flag.StringVar(&authCookie, "a", "", "auth cookie") //flag.StringVar(&authCookie, "a", "", "auth cookie")

View file

@ -29,6 +29,10 @@ const (
KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157 KEX_NEWHOPE_SIMPLE // 'NewHopeLP-Simple' - https://eprint.iacr.org/2016/1157
KEX_resvd14 KEX_resvd14
KEX_resvd15 KEX_resvd15
KEX_FRODOKEM_1344AES
KEX_FRODOKEM_1344SHAKE
KEX_FRODOKEM_976AES
KEX_FRODOKEM_976SHAKE
KEX_invalid = 255 KEX_invalid = 255
) )

View file

@ -44,6 +44,7 @@ import (
"blitter.com/go/kyber" "blitter.com/go/kyber"
"blitter.com/go/newhope" "blitter.com/go/newhope"
"blitter.com/go/xs/logger" "blitter.com/go/xs/logger"
frodo "github.com/kuking/go-frodokem"
) )
/*---------------------------------------------------------------------*/ /*---------------------------------------------------------------------*/
@ -126,6 +127,14 @@ func (k *KEXAlg) String() string {
return "KEX_NEWHOPE" return "KEX_NEWHOPE"
case KEX_NEWHOPE_SIMPLE: case KEX_NEWHOPE_SIMPLE:
return "KEX_NEWHOPE_SIMPLE" return "KEX_NEWHOPE_SIMPLE"
case KEX_FRODOKEM_1344AES:
return "KEX_FRODOKEM_1344AES"
case KEX_FRODOKEM_1344SHAKE:
return "KEX_FRODOKEM_1344SHAKE"
case KEX_FRODOKEM_976AES:
return "KEX_FRODOKEM_976AES"
case KEX_FRODOKEM_976SHAKE:
return "KEX_FRODOKEM_976SHAKE"
default: default:
return "KEX_ERR_UNK" return "KEX_ERR_UNK"
} }
@ -276,6 +285,14 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
case KEX_NEWHOPE: case KEX_NEWHOPE:
fallthrough fallthrough
case KEX_NEWHOPE_SIMPLE: case KEX_NEWHOPE_SIMPLE:
fallthrough
case KEX_FRODOKEM_1344AES:
fallthrough
case KEX_FRODOKEM_1344SHAKE:
fallthrough
case KEX_FRODOKEM_976AES:
fallthrough
case KEX_FRODOKEM_976SHAKE:
log.Printf("[KEx alg %d accepted]\n", kexAlg) log.Printf("[KEx alg %d accepted]\n", kexAlg)
default: default:
// UNREACHABLE: _getkexalgnum() guarantees a valid KEX value // UNREACHABLE: _getkexalgnum() guarantees a valid KEX value
@ -375,11 +392,86 @@ func getkexalgnum(extensions ...string) (k KEXAlg) {
case "KEX_NEWHOPE_SIMPLE": case "KEX_NEWHOPE_SIMPLE":
k = KEX_NEWHOPE_SIMPLE k = KEX_NEWHOPE_SIMPLE
break //out of for break //out of for
case "KEX_FRODOKEM_1344AES":
k = KEX_FRODOKEM_1344AES
break //out of for
case "KEX_FRODOKEM_1344SHAKE":
k = KEX_FRODOKEM_1344SHAKE
break //out of for
case "KEX_FRODOKEM_976AES":
k = KEX_FRODOKEM_976AES
break //out of for
case "KEX_FRODOKEM_976SHAKE":
k = KEX_FRODOKEM_976SHAKE
break //out of for
} }
} }
return return
} }
func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
// Send xsnet.Conn parameters to remote side
// Alice, step 1: Generate a key pair.
var kem frodo.FrodoKEM
switch hc.kex {
case KEX_FRODOKEM_1344AES:
kem = frodo.Frodo1344AES()
case KEX_FRODOKEM_1344SHAKE:
kem = frodo.Frodo1344SHAKE()
case KEX_FRODOKEM_976AES:
kem = frodo.Frodo976AES()
default:
kem = frodo.Frodo976SHAKE()
}
pubA, secA := kem.Keygen() // pA
//log.Printf("[pubKeyAlice: %v]\n", pubA)
// Alice, step 2: Send the public key (na,ea) to Bob
fmt.Fprintf(c, "0x%x\n", pubA)
// (... and cipher, connection opts)
fmt.Fprintf(c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
// [Bob does the same and sends use a public key (nb, eb)
pubB_bigint := big.NewInt(0)
_, err = fmt.Fscanf(c, "0x%x\n", pubB_bigint)
pubB := pubB_bigint.Bytes()
//log.Printf("[Got pubKeyBob[]:%v]\n", pubB)
// (... and cipher, connection opts)
_, err = fmt.Fscanf(c, "0x%x:0x%x\n",
&hc.cipheropts, &hc.opts)
if err != nil {
return err
}
// Alice, step 3: Create ctAtoB, shareA
ctAtoB, shareA, err := kem.Encapsulate(pubB)
if err != nil {
return err
}
// Alice, step 4: Send ctAtoB to Bob
fmt.Fprintf(c, "0x%x\n", ctAtoB)
// Alice, step 5: Receive ctBtoA from Bob
ctBtoA_bigint := big.NewInt(0)
_, err = fmt.Fscanf(c, "0x%x\n", ctBtoA_bigint)
ctBtoA := ctBtoA_bigint.Bytes()
log.Printf("[Got ctBob[]:%v]\n", ctBtoA)
// Alice, step 6: compute Bob's share
shareB, err := kem.Dencapsulate(secA, ctBtoA)
sessionKey := append(shareA, shareB...)
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
hc.r, hc.rm, err = hc.getStream(sessionKey)
hc.w, hc.wm, err = hc.getStream(sessionKey)
return
}
// randReader wraps rand.Read() in a struct that implements io.Reader // randReader wraps rand.Read() in a struct that implements io.Reader
// for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods. // for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods.
type randReader struct { type randReader struct {
@ -413,7 +505,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
for i := range pubKeyBob.Send { for i := range pubKeyBob.Send {
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i] pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
} }
log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) //log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
// Read cipheropts, session opts // Read cipheropts, session opts
_, err = fmt.Fscanf(c, "0x%x:0x%x\n", _, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@ -429,7 +521,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
if err != nil { if err != nil {
panic(err) panic(err)
} }
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
return return
@ -457,7 +549,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
for i := range pubKeyBob.Send { for i := range pubKeyBob.Send {
pubKeyBob.Send[i] = publicKeyBob.Bytes()[i] pubKeyBob.Send[i] = publicKeyBob.Bytes()[i]
} }
log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob) //log.Printf("[Got server pubKey[]:%v]\n", pubKeyBob)
// Read cipheropts, session opts // Read cipheropts, session opts
_, err = fmt.Fscanf(c, "0x%x:0x%x\n", _, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@ -473,7 +565,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
if err != nil { if err != nil {
panic(err) panic(err)
} }
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
return return
@ -512,7 +604,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
//if err != nil { //if err != nil {
// return err // return err
//} //}
log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB) //log.Printf("[Got server pubKeyB[]:%v]\n", pubKeyB)
// Read cipheropts, session opts // Read cipheropts, session opts
_, err = fmt.Fscanf(c, "0x%x:0x%x\n", _, err = fmt.Fscanf(c, "0x%x:0x%x\n",
@ -524,7 +616,7 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
// Alice, step 3: Decrypt the KEM cipher text. // Alice, step 3: Decrypt the KEM cipher text.
aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB) aliceSharedSecret := alicePrivateKey.KEMDecrypt(pubKeyB)
log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", aliceSharedSecret)
hc.r, hc.rm, err = hc.getStream(aliceSharedSecret) hc.r, hc.rm, err = hc.getStream(aliceSharedSecret)
hc.w, hc.wm, err = hc.getStream(aliceSharedSecret) hc.w, hc.wm, err = hc.getStream(aliceSharedSecret)
return return
@ -573,13 +665,74 @@ func HKExDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
return return
} }
func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
// Bob, step 1: Generate a key pair.
var kem frodo.FrodoKEM
switch hc.kex {
case KEX_FRODOKEM_1344AES:
kem = frodo.Frodo1344AES()
case KEX_FRODOKEM_1344SHAKE:
kem = frodo.Frodo1344SHAKE()
case KEX_FRODOKEM_976AES:
kem = frodo.Frodo976AES()
default:
kem = frodo.Frodo976SHAKE()
}
pubB, secB := kem.Keygen()
//log.Printf("[pubKeyBob: %v]\n", pubB)
// Bob, step 2: Send the public key (nb,eb) to Alice
fmt.Fprintf(*c, "0x%x\n", pubB)
// (... and cipher, connection opts)
fmt.Fprintf(*c, "0x%x:0x%x\n", hc.cipheropts, hc.opts)
// [Alice does the same and sends use a public key (na, ea)
pubA_bigint := big.NewInt(0)
_, err = fmt.Fscanf(*c, "0x%x\n", pubA_bigint)
pubA := pubA_bigint.Bytes()
//log.Printf("[Got pubKeyAlice[]:%v]\n", pubA)
// (... and cipher, connection opts)
_, err = fmt.Fscanf(*c, "0x%x:0x%x\n",
&hc.cipheropts, &hc.opts)
if err != nil {
return err
}
// Bob, step 3: Create ctBtoA, shareB
ctBtoA, shareB, err := kem.Encapsulate(pubA)
if err != nil {
return err
}
// Bob, step 4: Send ctBtoA to Alice
fmt.Fprintf(*c, "0x%x\n", ctBtoA)
// Bob, step 5: Receive ctAtoB from Alice
ctAtoB_bigint := big.NewInt(0)
_, err = fmt.Fscanf(*c, "0x%x\n", ctAtoB_bigint)
ctAtoB := ctAtoB_bigint.Bytes()
log.Printf("[Got ctAlice[]:%v]\n", ctAtoB)
// Alice, step 6: compute Bob's share
shareA, err := kem.Dencapsulate(secB, ctAtoB)
sessionKey := append(shareA, shareB...)
//log.Printf("[Derived sharedSecret:0x%x]\n", sessionKey)
hc.r, hc.rm, err = hc.getStream(sessionKey)
hc.w, hc.wm, err = hc.getStream(sessionKey)
return
}
func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) { func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
r := new(randReader) r := new(randReader)
rand.Seed(time.Now().UnixNano()) rand.Seed(time.Now().UnixNano())
// Bob, step 1: Deserialize Alice's public key from the binary encoding. // Bob, step 1: Deserialize Alice's public key from the binary encoding.
alicePublicKey := big.NewInt(0) alicePublicKey := big.NewInt(0)
_, err = fmt.Fscanln(*c, alicePublicKey) _, err = fmt.Fscanln(*c, alicePublicKey)
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
if err != nil { if err != nil {
return err return err
} }
@ -606,7 +759,7 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
hc.cipheropts, hc.opts) hc.cipheropts, hc.opts)
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
hc.w, hc.wm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
return return
@ -618,7 +771,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
// Bob, step 1: Deserialize Alice's public key from the binary encoding. // Bob, step 1: Deserialize Alice's public key from the binary encoding.
alicePublicKey := big.NewInt(0) alicePublicKey := big.NewInt(0)
_, err = fmt.Fscanln(*c, alicePublicKey) _, err = fmt.Fscanln(*c, alicePublicKey)
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
if err != nil { if err != nil {
return err return err
} }
@ -645,7 +798,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send, fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", pubKeyBob.Send,
hc.cipheropts, hc.opts) hc.cipheropts, hc.opts)
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
hc.w, hc.wm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
return return
@ -655,7 +808,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
// Bob, step 1: Deserialize Alice's public key from the binary encoding. // Bob, step 1: Deserialize Alice's public key from the binary encoding.
alicePublicKey := big.NewInt(0) alicePublicKey := big.NewInt(0)
_, err = fmt.Fscanln(*c, alicePublicKey) _, err = fmt.Fscanln(*c, alicePublicKey)
log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey) //log.Printf("[Got client pubKey:0x%x\n]", alicePublicKey)
if err != nil { if err != nil {
return err return err
} }
@ -694,7 +847,7 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText, fmt.Fprintf(*c, "0x%x\n0x%x:0x%x\n", cipherText,
hc.cipheropts, hc.opts) hc.cipheropts, hc.opts)
log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret) //log.Printf("[Derived sharedSecret:0x%x]\n", bobSharedSecret)
hc.r, hc.rm, err = hc.getStream(bobSharedSecret) hc.r, hc.rm, err = hc.getStream(bobSharedSecret)
hc.w, hc.wm, err = hc.getStream(bobSharedSecret) hc.w, hc.wm, err = hc.getStream(bobSharedSecret)
return return
@ -817,6 +970,17 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er
if NewHopeSimpleDialSetup(c, &hc) != nil { if NewHopeSimpleDialSetup(c, &hc) != nil {
return Conn{}, nil return Conn{}, nil
} }
case KEX_FRODOKEM_1344AES:
fallthrough
case KEX_FRODOKEM_1344SHAKE:
fallthrough
case KEX_FRODOKEM_976AES:
fallthrough
case KEX_FRODOKEM_976SHAKE:
log.Printf("[Setting up for KEX_FRODOKEM %d]\n", hc.kex)
if FrodoKEMDialSetup(c, &hc) != nil {
return Conn{}, nil
}
default: default:
return Conn{}, err return Conn{}, err
} }
@ -1000,6 +1164,26 @@ func (hl *HKExListener) Accept() (hc Conn, err error) {
if NewHopeSimpleAcceptSetup(&c, &hc) != nil { if NewHopeSimpleAcceptSetup(&c, &hc) != nil {
return Conn{}, err return Conn{}, err
} }
case KEX_FRODOKEM_1344AES:
log.Printf("[Setting up for KEX_FRODOKEM_1344AES %d]\n", hc.kex)
if FrodoKEMAcceptSetup(&c, &hc) != nil {
return Conn{}, err
}
case KEX_FRODOKEM_1344SHAKE:
log.Printf("[Setting up for KEX_FRODOKEM_1344SHAKE %d]\n", hc.kex)
if FrodoKEMAcceptSetup(&c, &hc) != nil {
return Conn{}, err
}
case KEX_FRODOKEM_976AES:
log.Printf("[Setting up for KEX_FRODOKEM_976AES %d]\n", hc.kex)
if FrodoKEMAcceptSetup(&c, &hc) != nil {
return Conn{}, err
}
case KEX_FRODOKEM_976SHAKE:
log.Printf("[Setting up for KEX_FRODOKEM_976SHAKE %d]\n", hc.kex)
if FrodoKEMAcceptSetup(&c, &hc) != nil {
return Conn{}, err
}
default: default:
return Conn{}, err return Conn{}, err
} }
@ -1235,7 +1419,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
} }
hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ] hTmp := hc.rm.Sum(nil)[0:HMAC_CHK_SZ]
log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp) //log.Printf("<%04x) HMAC:(i)%s (c)%02x\r\n", decryptN, hex.EncodeToString([]byte(hmacIn[0:])), hTmp)
if *hc.closeStat == CSETruncCSO { if *hc.closeStat == CSETruncCSO {
logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]")) logger.LogDebug(fmt.Sprintln("[cannot verify HMAC]"))