"log"
"go.stargrave.org/opus/v2"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
func newOpusEnc() *opus.Encoder {
"sort"
"github.com/jroimartin/gocui"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
var (
"github.com/dchest/siphash"
"github.com/jroimartin/gocui"
"go.stargrave.org/opus/v2"
- vors "go.stargrave.org/vors/v5/internal"
- "go.stargrave.org/vors/v5/pqhs"
+ vors "go.stargrave.org/vors/v6/internal"
+ "go.stargrave.org/vors/v6/pqhs"
"golang.org/x/crypto/chacha20poly1305"
)
var txKey, rxKey, keyCiphOur, keyMACOur []byte
var txAEAD, rxAEAD cipher.AEAD
- keys := hs.Binding(3*chacha20poly1305.KeySize + vors.SipHash24KeySize)
+ keys := hs.Keymat(3*chacha20poly1305.KeySize + vors.SipHash24KeySize)
txKey, keys = keys[:chacha20poly1305.KeySize], keys[chacha20poly1305.KeySize:]
rxKey, keys = keys[:chacha20poly1305.KeySize], keys[chacha20poly1305.KeySize:]
keyCiphOur, keyMACOur = keys[:vors.ChaCha20KeySize], keys[vors.ChaCha20KeySize:]
"github.com/dustin/go-humanize"
"github.com/jroimartin/gocui"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
type Stats struct {
"log"
"os"
- vors "go.stargrave.org/vors/v5/internal"
- "go.stargrave.org/vors/v5/pqhs"
+ vors "go.stargrave.org/vors/v6/internal"
+ "go.stargrave.org/vors/v6/pqhs"
)
func usage() {
"github.com/dchest/siphash"
"github.com/jroimartin/gocui"
- vors "go.stargrave.org/vors/v5/internal"
- "go.stargrave.org/vors/v5/pqhs"
+ vors "go.stargrave.org/vors/v6/internal"
+ "go.stargrave.org/vors/v6/pqhs"
"golang.org/x/crypto/chacha20poly1305"
)
}
{
var rxKey, txKey []byte
- keys := hs.Binding(3*chacha20poly1305.KeySize + vors.SipHash24KeySize)
+ keys := hs.Keymat(3*chacha20poly1305.KeySize + vors.SipHash24KeySize)
rxKey, keys = keys[:chacha20poly1305.KeySize], keys[chacha20poly1305.KeySize:]
txKey, peer.key = keys[:chacha20poly1305.KeySize], keys[chacha20poly1305.KeySize:]
peer.mac = siphash.New(peer.key[vors.ChaCha20KeySize:])
"sync"
"time"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
var (
"time"
"github.com/dustin/go-humanize"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
var (
"os"
"strconv"
- vors "go.stargrave.org/vors/v5/internal"
+ vors "go.stargrave.org/vors/v6/internal"
)
func usage() {
Server has a long-term static Classic McEliece 6960-119 and X25519
keypairs. They are transferred to client outside the connection.
+hash = SHAKE256
+
Client:
* has: serverStaticPubMcEliece, serverStaticPubX25519
* clientEphPrvX25519, clientEphPubX25519 = Generate()
* ctMcElice, ssMcEliece = Encapsulate(serverStaticPubMcEliece)
- * H = SHAKE256("VoRS v5")
- * H = SHAKE256(H || serverStaticPubMcEliece || serverStaticPubX25519)
- * H = SHAKE256(H || ctMcElice)
- * CK = HKDF-Extract(SHAKE256, ikm=ssMcEliece, salt="")
- * k = HKDF-Expand(SHAKE256, prk=CK, info="VoRS v5 client x25519")
+ * H = hash("VoRS v6")
+ * H = hash(H || serverStaticPubMcEliece || serverStaticPubX25519)
+ * H = hash(H || ctMcElice)
+ * CK = HKDF-Expand(prk=HKDF-Extract(salt="", ikm=ssMcEliece),
+ info="VoRS v6 ck")
+ * k = HKDF-Expand(prk=CK, info="VoRS v6 client x25519")
* ctX25519 = ChaCha20-Poly1305(k, nonce=0, ad=H, pt=clientEphPubX25519)
- * H = SHAKE256(H || ctX25519)
+ * H = hash(H || ctX25519)
* ssX25519 = X25519(clientEphPrvX25519, serverStaticPubX25519)
- * CK = HKDF-Extract(SHAKE256, ikm=ssX25519, salt=CK)
+ * CK = HKDF-Expand(prk=HKDF-Extract(salt=CK, ikm=ssX25519),
+ info="VoRS v6 ck")
* sends: ctMcElice || ctX25519
Server:
* ...
* serverEphPrvX25519, serverEphPubX25519 = Generate()
- * k = HKDF-Expand(SHAKE256, prk=CK, info="VoRS v5 server x25519")
+ * k = HKDF-Expand(prk=CK, info="VoRS v6 server x25519")
* ctX25519 = ChaCha20-Poly1305(k, nonce=0, ad=H, pt=serverEphPubX25519)
- * H = SHAKE256(H || ctX25519)
+ * H = hash(H || ctX25519)
* ssX25519 = X25519(serverEphPrvX25519, clientEphPubX25519)
- * CK = HKDF-Extract(SHAKE256, ikm=ssX25519, salt=CK)
+ * CK = HKDF-Expand(prk=HKDF-Extract(salt=CK, ikm=ssX25519),
+ info="VoRS v6 ck")
* serverEphPrvSNTRUP761, serverEphPubSNTRUP761 = Generate()
- * k = HKDF-Expand(SHAKE256, prk=CK, info="VoRS v5 server sntrup761")
+ * k = HKDF-Expand(prk=CK, info="VoRS v6 server sntrup761")
* ctSNTRUP = ChaCha20-Poly1305(k, nonce=0, ad=H, pt=serverEphPubSNTRUP761)
- * H = SHAKE256(H || ctSNTRUP)
+ * H = hash(H || ctSNTRUP)
* sends: ctX25519 || ctSNTRUP
Client:
* has: prefinish message payload
* ...
* ctSNTRUP, ssSNTRUP = Encapsulate(serverEphPubSNTRUP761)
- * k = HKDF-Expand(SHAKE256, prk=CK, info="VoRS v5 client sntrup761")
+ * k = HKDF-Expand(prk=CK, info="VoRS v6 client sntrup761")
* ctSNTRUP = ChaCha20-Poly1305(k, nonce=0, ad=H, pt=ctSNTRUP)
- * H = SHAKE256(H || ctSNTRUP)
- * CK = HKDF-Extract(SHAKE256, ikm=ssSNTRUP, salt=CK)
- * k = HKDF-Expand(SHAKE256, prk=CK, info="VoRS v5 client prefinish")
+ * H = hash(H || ctSNTRUP)
+ * CK = HKDF-Expand(prk=HKDF-Extract(salt=CK, ikm=ssSNTRUP),
+ info="VoRS v6 ck")
+ * k = HKDF-Expand(prk=CK, info="VoRS v6 client prefinish")
* ctPrefinish = ChaCha20-Poly1305(k, nonce=0, ad=H, pt=prefinish)
- * H = SHAKE256(H || ctPrefinish)
+ * H = hash(H || ctPrefinish)
* sends: ctPrefinish
Server:
* ...
Both:
- clientChaPolyKey, serverChaPolyKey, VoIPKey =
- HKDF-Expand(SHAKE256, ikm=CK, salt=H)
+ clientChaPolyKey, serverChaPolyKey, VoIPKey = HKDF-Expand(
+ prk=CK, info="VoRS v6 keymat")
NS(NS(arg0) || NS(arg1) || ...)
=> http://cr.yp.to/proto/netstrings.txt Netstring\r
-* Client sends NS("VoRS v5") to the socket. Just a magic number.
+* Client sends NS("VoRS v6") to the socket. Just a magic number.
* Then it performs [PQHS].
* Server replies with ["SID", SID], where SID is single byte stream
number client must use.
-TODO
-
* ["PING"] and ["PONG"] messages are then sent every ten seconds as a heartbeat.
S <- C : hello
-module go.stargrave.org/vors/v5
+module go.stargrave.org/vors/v6
go 1.24.0
)
const (
- Magic = "VoRS v5"
+ Magic = "VoRS v6"
CmdErr = "ERR"
CmdCookie = "COOKIE"
CmdSID = "SID"
import "runtime"
const (
- Version = "4.0.0"
+ Version = "6.0.0"
Warranty = `Copyright (C) 2024-2025 Sergey Matveev
This program is free software: you can redistribute it and/or modify
"crypto/rand"
"crypto/sha3"
- vors "go.stargrave.org/vors/v5/internal"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119"
- sntrup761kem "go.stargrave.org/vors/v5/pqhs/sntrup761/kem"
- sntrup761 "go.stargrave.org/vors/v5/pqhs/sntrup761/kem/ntruprime/sntrup761"
+ vors "go.stargrave.org/vors/v6/internal"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119"
+ sntrup761kem "go.stargrave.org/vors/v6/pqhs/sntrup761/kem"
+ sntrup761 "go.stargrave.org/vors/v6/pqhs/sntrup761/kem/ntruprime/sntrup761"
"golang.org/x/crypto/chacha20poly1305"
)
package pqhs
const (
- CtxClientX25519 = "VoRS v5 client x25519"
- CtxServerX25519 = "VoRS v5 server x25519"
- CtxServerSNTRUP761 = "VoRS v5 server sntrup761"
- CtxClientSNTRUP761 = "VoRS v5 client sntrup761"
- CtxClientPrefinish = "VoRS v5 client prefinish"
+ CtxClientX25519 = "VoRS v6 client x25519"
+ CtxServerX25519 = "VoRS v6 server x25519"
+ CtxServerSNTRUP761 = "VoRS v6 server sntrup761"
+ CtxClientSNTRUP761 = "VoRS v6 client sntrup761"
+ CtxClientPrefinish = "VoRS v6 client prefinish"
+ CtxCK = "VoRS v6 ck"
+ CtxKeymat = "VoRS v6 keymat"
)
if string(prefinish) != "whatever" {
t.Fatal("prefinish differs")
}
- if !bytes.Equal(c.Binding(1234), s.Binding(1234)) {
+ if !bytes.Equal(c.Keymat(1234), s.Keymat(1234)) {
t.Fatal("bindings differs")
}
}
"crypto/ecdh"
"crypto/rand"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119"
)
func KeyGen() (
package mceliece6960119
-import "go.stargrave.org/vors/v5/pqhs/mceliece6960119/internal"
+import "go.stargrave.org/vors/v6/pqhs/mceliece6960119/internal"
func fft(out *[exponent][gfBits]uint64, in *[2][gfBits]uint64) {
radixConversions(in)
package internal
import (
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/math/gf2e12"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/math/gf2e13"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/math/gf2e12"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/math/gf2e13"
)
var ButterfliesReversal4096 = [64]byte{
package internal
import (
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/math/gf2e12"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/math/gf2e13"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/math/gf2e12"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/math/gf2e13"
)
var Powers4096 = [64][gf2e12.Bits]uint64{
"fmt"
"io"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/internal"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119/math/gf2e13"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/internal"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119/math/gf2e13"
)
const (
package mceliece6960119
-import "go.stargrave.org/vors/v5/pqhs/mceliece6960119/internal"
+import "go.stargrave.org/vors/v6/pqhs/mceliece6960119/internal"
const exponent = 128
"crypto/ecdh"
"crypto/rand"
- vors "go.stargrave.org/vors/v5/internal"
- "go.stargrave.org/vors/v5/pqhs/mceliece6960119"
- sntrup761kem "go.stargrave.org/vors/v5/pqhs/sntrup761/kem"
- sntrup761 "go.stargrave.org/vors/v5/pqhs/sntrup761/kem/ntruprime/sntrup761"
+ vors "go.stargrave.org/vors/v6/internal"
+ "go.stargrave.org/vors/v6/pqhs/mceliece6960119"
+ sntrup761kem "go.stargrave.org/vors/v6/pqhs/sntrup761/kem"
+ sntrup761 "go.stargrave.org/vors/v6/pqhs/sntrup761/kem/ntruprime/sntrup761"
"golang.org/x/crypto/chacha20poly1305"
)
"crypto/sha512"
"io"
- "go.stargrave.org/vors/v5/pqhs/sntrup761/kem"
- "go.stargrave.org/vors/v5/pqhs/sntrup761/kem/ntruprime/internal"
- sntrupKem "go.stargrave.org/vors/v5/pqhs/sntrup761/pke/ntruprime/kem"
- ntrup "go.stargrave.org/vors/v5/pqhs/sntrup761/pke/ntruprime/sntrup761"
+ "go.stargrave.org/vors/v6/pqhs/sntrup761/kem"
+ "go.stargrave.org/vors/v6/pqhs/sntrup761/kem/ntruprime/internal"
+ sntrupKem "go.stargrave.org/vors/v6/pqhs/sntrup761/pke/ntruprime/kem"
+ ntrup "go.stargrave.org/vors/v6/pqhs/sntrup761/pke/ntruprime/sntrup761"
)
type (
import (
"io"
- "go.stargrave.org/vors/v5/pqhs/sntrup761/kem"
+ "go.stargrave.org/vors/v6/pqhs/sntrup761/kem"
)
// A Scheme represents a specific instance of a NTRU PRIME KEM.
import (
"strings"
- "go.stargrave.org/vors/v5/pqhs/sntrup761/kem/ntruprime/sntrup761"
- "go.stargrave.org/vors/v5/pqhs/sntrup761/pke/ntruprime/kem"
+ "go.stargrave.org/vors/v6/pqhs/sntrup761/kem/ntruprime/sntrup761"
+ "go.stargrave.org/vors/v6/pqhs/sntrup761/pke/ntruprime/kem"
)
var allSchemes = [...]kem.Scheme{
if err != nil {
panic(err)
}
+ state.ck, err = hkdf.Expand(NewSHAKE256, state.ck, CtxCK, 64)
+ if err != nil {
+ panic(err)
+ }
}
func (state *SymmetricState) Seal(ctx string, data []byte) []byte {
return
}
-func (state *SymmetricState) Binding(l int) []byte {
- binding, err := hkdf.Expand(NewSHAKE256, state.ck, string(state.h), l)
+func (state *SymmetricState) Keymat(l int) []byte {
+ keymat, err := hkdf.Expand(NewSHAKE256, state.ck, CtxKeymat, l)
if err != nil {
panic(err)
}
- return binding
+ return keymat
}