From: Sergey Matveev Date: Thu, 29 May 2025 11:06:14 +0000 (+0300) Subject: Post-quantum confidentiality X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=579c93db5b2c90454ffce2efbb6441387ba70f07298dff0ede9c31a6f50619eb;p=vors.git Post-quantum confidentiality --- diff --git a/cmd/client/audio.go b/cmd/client/audio.go index be17aed..44031a0 100644 --- a/cmd/client/audio.go +++ b/cmd/client/audio.go @@ -19,7 +19,7 @@ import ( "log" "go.stargrave.org/opus/v2" - vors "go.stargrave.org/vors/v3/internal" + vors "go.stargrave.org/vors/v4/internal" ) func newOpusEnc() *opus.Encoder { diff --git a/cmd/client/gui.go b/cmd/client/gui.go index 059aaf7..6a6d866 100644 --- a/cmd/client/gui.go +++ b/cmd/client/gui.go @@ -21,7 +21,7 @@ import ( "sort" "github.com/jroimartin/gocui" - vors "go.stargrave.org/vors/v3/internal" + vors "go.stargrave.org/vors/v4/internal" ) var ( diff --git a/cmd/client/main.go b/cmd/client/main.go index 9ff8be6..134d84d 100644 --- a/cmd/client/main.go +++ b/cmd/client/main.go @@ -34,12 +34,12 @@ import ( "github.com/aead/chacha20" "github.com/dchest/siphash" - "github.com/flynn/noise" "github.com/jroimartin/gocui" + "github.com/katzenpost/noise" "go.cypherpunks.su/netstring/v3" "go.stargrave.org/opus/v2" - vors "go.stargrave.org/vors/v3/internal" - "golang.org/x/crypto/blake2s" + vors "go.stargrave.org/vors/v4/internal" + "golang.org/x/crypto/blake2b" ) type Stream struct { @@ -135,7 +135,7 @@ Magenta "S" means that peer is locally muted.`) var passwdHsh []byte if *passwd != "" { - hsh := blake2s.Sum256([]byte(*passwd)) + hsh := blake2b.Sum256([]byte(*passwd)) passwdHsh = hsh[:] } @@ -315,8 +315,8 @@ Magenta "S" means that peer is locally muted.`) var keyCiphOur []byte var keyMACOur []byte { - var xof blake2s.XOF - xof, err = blake2s.NewXOF(vors.ChaCha20KeySize+vors.SipHash24KeySize, nil) + var xof blake2b.XOF + xof, err = blake2b.NewXOF(vors.ChaCha20KeySize+vors.SipHash24KeySize, nil) if err != nil { log.Fatalln(err) } diff --git a/cmd/client/stats.go b/cmd/client/stats.go index 03f8bb3..a7b03be 100644 --- a/cmd/client/stats.go +++ b/cmd/client/stats.go @@ -24,7 +24,7 @@ import ( "github.com/dustin/go-humanize" "github.com/jroimartin/gocui" - vors "go.stargrave.org/vors/v3/internal" + vors "go.stargrave.org/vors/v4/internal" ) type Stats struct { diff --git a/cmd/keygen/main.go b/cmd/keygen/main.go index 461de7d..31c06b3 100644 --- a/cmd/keygen/main.go +++ b/cmd/keygen/main.go @@ -9,8 +9,8 @@ import ( "log" "os" - "github.com/flynn/noise" - vors "go.stargrave.org/vors/v3/internal" + "github.com/katzenpost/noise" + vors "go.stargrave.org/vors/v4/internal" ) func main() { diff --git a/cmd/server/main.go b/cmd/server/main.go index a7af83d..6c62117 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -32,10 +32,10 @@ import ( "time" "github.com/dchest/siphash" - "github.com/flynn/noise" "github.com/jroimartin/gocui" - vors "go.stargrave.org/vors/v3/internal" - "golang.org/x/crypto/blake2s" + "github.com/katzenpost/noise" + vors "go.stargrave.org/vors/v4/internal" + "golang.org/x/crypto/blake2b" ) var ( @@ -269,7 +269,7 @@ func newPeer(conn *net.TCPConn) { room.peersM.RUnlock() { - xof, err := blake2s.NewXOF(vors.ChaCha20KeySize+vors.SipHash24KeySize, nil) + xof, err := blake2b.NewXOF(vors.ChaCha20KeySize+vors.SipHash24KeySize, nil) if err != nil { log.Fatalln(err) } diff --git a/cmd/server/peer.go b/cmd/server/peer.go index bb72759..288b4d6 100644 --- a/cmd/server/peer.go +++ b/cmd/server/peer.go @@ -7,8 +7,8 @@ import ( "sync" "time" - "github.com/flynn/noise" - vors "go.stargrave.org/vors/v3/internal" + "github.com/katzenpost/noise" + vors "go.stargrave.org/vors/v4/internal" ) var ( diff --git a/cmd/server/room.go b/cmd/server/room.go index bee217c..5e40cac 100644 --- a/cmd/server/room.go +++ b/cmd/server/room.go @@ -8,7 +8,7 @@ import ( "time" "github.com/dustin/go-humanize" - vors "go.stargrave.org/vors/v3/internal" + vors "go.stargrave.org/vors/v4/internal" ) var ( diff --git a/cmd/vad/main.go b/cmd/vad/main.go index 10d17cb..dc44b39 100644 --- a/cmd/vad/main.go +++ b/cmd/vad/main.go @@ -23,7 +23,7 @@ import ( "os" "strconv" - vors "go.stargrave.org/vors/v3/internal" + vors "go.stargrave.org/vors/v4/internal" ) func usage() { diff --git a/doc/Features b/doc/Features index cefbcea..fe75832 100644 --- a/doc/Features +++ b/doc/Features @@ -5,10 +5,11 @@ and DTX (discontinuous transmission) features enabled. Optional [VAD] (voice activity detection). => https://opus-codec.org/ Opus codec -* Noise-NK protocol-based 0-RTT single round-trip handshake over TCP +* Noise-NKhfs protocol-based 0-RTT single round-trip handshake over TCP between client and server for creating authenticated encrypted channel and authentication based on server's public key knowledge. => http://noiseprotocol.org/ Noise protocol framework + => https://github.com/noiseprotocol/noise_hfs_spec KEM-based hybrid forward secrecy * Fast ChaCha20 encryption with SipHash24 message authentication. * Rooms, optionally password protected. Peers are able to broadcast text message to everyone in the room. diff --git a/doc/Install b/doc/Install index 444f952..7f3a47a 100644 --- a/doc/Install +++ b/doc/Install @@ -16,7 +16,7 @@ them with -rec and -play options to vors-client. => https://sourceforge.net/projects/sox/ SoX - $ version=3.1.0 + $ version=4.0.0 $ [fetch|wget] http://www.vors.stargrave.org/download/vors-$version.tar.zst $ [fetch|wget] http://www.vors.stargrave.org/download/vors-$version.tar.zst.sig [verify signature] diff --git a/doc/Protocol b/doc/Protocol index 34ed3d6..09d8030 100644 --- a/doc/Protocol +++ b/doc/Protocol @@ -13,7 +13,7 @@ ability to distinguish jitters and delays from lack of audio transmission. Each packet is encrypted with ChaCha20 and authenticated with SipHash24. -Their keys are generated from BLAKE2s-XOF, which is fed with completed +Their keys are generated from BLAKE2b-XOF, which is fed with completed handshake's binding value. Then they are shared among the other participants. The stream identifier together with the packet counter is used as a nonce. @@ -22,11 +22,12 @@ It is tuned for 24Kbps bandwidth. But remember that it has additional 8B of MAC tag, 7B VoRS, 8B UDP and 40B IPv6 headers. Each client handshakes with the server over TCP connection using the -Noise-NK protocol pattern with curve25519, ChaCha20-Poly1305 and BLAKE2s -algorithms. +Noise-NKhfs protocol pattern with curve25519, Kyber-1024, ChaCha20-Poly1305 +and BLAKE2b algorithms. => http://noiseprotocol.org/ Noise protocol framework +=> https://github.com/noiseprotocol/noise_hfs_spec KEM-based hybrid forward secrecy -* Client sends "VoRS v3" to the socket. Just a magic number. +* Client sends "VoRS v4" to the socket. Just a magic number. * All next messages are Netstring encoded strings. Most of them contain netstring encoded sequence of netstrings if multiple values are expected: @@ -34,7 +35,7 @@ algorithms. => http://cr.yp.to/proto/netstrings.txt Netstring * Client sends initial Noise handshake message with his username, room - name and optional BLAKE2s-256 hash of the room's password (or an empty + name and optional BLAKE2b-256 hash of the room's password (or an empty string) as a payload: [USERNAME, ROOM, hash(PASSWD)]. * Server answers with final noise handshake message with the @@ -57,8 +58,8 @@ algorithms. * ["PING"] and ["PONG"] messages are then sent every ten seconds as a heartbeat. - S <- C : e, es, NS(NS(USERNAME) || NS(ROOM) || NS(hash(PASSWD))) - S -> C : e, ee, NS(NS("COOKIE") || NS(COOKIE)) + S <- C : e, es, e1, NS(NS(USERNAME) || NS(ROOM) || NS(hash(PASSWD))) + S -> C : e, ee, ekem1, NS(NS("COOKIE") || NS(COOKIE)) S <- C : UDP(COOKIE) S -> C : NS(NS("SID") || NS(SID)) diff --git a/go.mod b/go.mod index b73f35c..b2177e7 100644 --- a/go.mod +++ b/go.mod @@ -1,24 +1,27 @@ -module go.stargrave.org/vors/v3 +module go.stargrave.org/vors/v4 -go 1.21 +go 1.23.0 + +toolchain go1.24.3 require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da github.com/dchest/siphash v1.2.3 github.com/dustin/go-humanize v1.0.1 - github.com/flynn/noise v1.1.0 github.com/jroimartin/gocui v0.5.0 + github.com/katzenpost/noise v0.0.3 go.cypherpunks.su/netstring/v3 v3.0.0 go.stargrave.org/opus/v2 v2.1.0 - golang.org/x/term v0.27.0 + golang.org/x/term v0.32.0 ) require ( + github.com/cloudflare/circl v1.6.1 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/nsf/termbox-go v1.1.1 // indirect ) require ( - golang.org/x/crypto v0.31.0 - golang.org/x/sys v0.28.0 // indirect + golang.org/x/crypto v0.38.0 + golang.org/x/sys v0.33.0 // indirect ) diff --git a/go.sum b/go.sum index 1b2db1b..1cbbddf 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,17 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= +github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/cloudflare/circl v1.0.1-0.20210824050549-9b4298fa53ce/go.mod h1:wqo+yhCGS0T5Ldpb0f4hdJqVGwsEBYDE3MrO6W/RACc= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA= github.com/dchest/siphash v1.2.3/go.mod h1:0NvQU092bT0ipiFN++/rXm69QG9tVxLAlQHIXMPAkHc= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= -github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/jroimartin/gocui v0.5.0 h1:DCZc97zY9dMnHXJSJLLmx9VqiEnAj0yh0eTNpuEtG/4= github.com/jroimartin/gocui v0.5.0/go.mod h1:l7Hz8DoYoL6NoYnlnaX6XCNR62G7J5FfSW5jEogzaxE= +github.com/katzenpost/noise v0.0.3 h1:bpYnozkk8j0XE1FAX9iRYgKtfIywuAINF+vMdBOidrM= +github.com/katzenpost/noise v0.0.3/go.mod h1:+3UhOI7g4gXPlAdRKdgMKmxZmK/PP1/3sCnX20SA/vQ= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -21,16 +25,20 @@ go.cypherpunks.su/netstring/v3 v3.0.0 h1:wwFjxTb/LZM8cQN/UiOPMO5wcuq4xCQWdLAYz74 go.cypherpunks.su/netstring/v3 v3.0.0/go.mod h1:S9pYNVqT6kL2uXbdHz+yxc+A4sAFxBkjSzu+g6KD0QE= go.stargrave.org/opus/v2 v2.1.0 h1:WwyMf76wcIWEPIQlU2UI5V9YkqXRHQhq6wfZGslcMFc= go.stargrave.org/opus/v2 v2.1.0/go.mod h1:Y57qgcaXH7jBvKW89fscWOT/Wd3MYfhXUbYUcOMV0A8= -golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= +golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/internal/crypto.go b/internal/crypto.go new file mode 100644 index 0000000..27fa5fd --- /dev/null +++ b/internal/crypto.go @@ -0,0 +1,6 @@ +package internal + +const ( + ChaCha20KeySize = 32 + SipHash24KeySize = 16 +) diff --git a/internal/noise.go b/internal/noise.go index bd073a1..36e7eb8 100644 --- a/internal/noise.go +++ b/internal/noise.go @@ -1,13 +1,14 @@ package internal import ( - "github.com/flynn/noise" + "github.com/katzenpost/noise" ) -const NoisePrologue = "VoRS v3" +const NoisePrologue = "VoRS v4" -var NoiseCipherSuite = noise.NewCipherSuite( +var NoiseCipherSuite = noise.NewCipherSuiteHFS( noise.DH25519, noise.CipherChaChaPoly, - noise.HashBLAKE2s, + noise.HashBLAKE2b, + noise.HFSKyber, ) diff --git a/internal/version.go b/internal/version.go index 02ce60e..a31d3e5 100644 --- a/internal/version.go +++ b/internal/version.go @@ -3,7 +3,7 @@ package internal import "runtime" const ( - Version = "3.1.0" + Version = "4.0.0" Warranty = `Copyright (C) 2024-2025 Sergey Matveev This program is free software: you can redistribute it and/or modify