Moving to SHAKE256 in progress

Author: tomekmarchi

cspell.json

@@ -19,11 +19,13 @@
 		"cbor",
 		"cldmv",
 		"daisyui",
+		"decapsulated",
+		"decapsulates",
 		"iife",
 		"sarif",
 		"simc",
 		"uwrl"
 	],
 	"ignoreWords": [],
 	"import": []
-}
+}

udsp/cryptoMiddleware/cipherSuite/Kyber768_xChaCha.js

@@ -20,8 +20,8 @@ import {
 import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
 import { extendedHandshakeHeaderRPC, introHeaderRPC } from '../../protocolHeaderRPCs.js';
 import { extendedHandshakeRPC, introRPC } from '../../protocolFrameRPCs.js';
-import { blake3 } from '@noble/hashes/blake3';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem';
+import { shake256 } from '@noble/hashes/sha3';
 const {
 	randomBuffer,
 	toBase64,
@@ -31,11 +31,11 @@ const {
 	clearBuffers
 } = defaultCrypto;
 const { id: encryptionKeypairID, } = kyber768;
-const hash = blake3;
+const hashFunction = shake256;
 export const kyber768_xChaCha = {
 	name: 'kyber768_xChaCha',
 	alias: 'kyber768',
-	description: 'Crystals-Kyber768 with XChaCha20 and Blake3.',
+	description: 'Crystals-Kyber768 with XChaCha20 and SHAKE256.',
 	id: 2,
 	preferred: true,
 	speed: 0,
@@ -53,7 +53,7 @@ export const kyber768_xChaCha = {
 		const sharedSecret = await decapsulate(cipherData, kyberPrivateKey);
 		console.log('clientSetSession kyberSharedSecret', sharedSecret[0], sharedSecret.length);
 		source.transmitKey = sharedSecret;
-		source.receiveKey = hash(sharedSecret);
+		source.receiveKey = hashFunction(sharedSecret);
 		console.log('New Session Keys', source.transmitKey[0], source.receiveKey[0]);
 	},
 	async sendClientExtendedHandshake(source, destination, frame, header) {
@@ -107,7 +107,7 @@ export const kyber768_xChaCha = {
 		} = await encapsulate(destinationPublicKey);
 		destination.publicKey = destinationPublicKey;
 		source.cipherData = cipherText;
-		source.transmitKey = hash(sharedSecret);
+		source.transmitKey = hashFunction(sharedSecret);
 		source.receiveKey = sharedSecret;
 		console.log('server kyberSharedSecret', sharedSecret[0], sharedSecret.length);
 		console.log('destinationPublicKey', destinationPublicKey[0]);
@@ -171,7 +171,7 @@ export const kyber768_xChaCha = {
 	decrypt,
 	encrypt,
 	ml_kem768,
-	hash,
+	hash: hashFunction,
 	extendedHandshake: true,
 	encryptionKeypairID,
 	encryptionOverhead

udsp/cryptoMiddleware/cipherSuite/x25519_Kyber768Half_xChaCha.js

@@ -2,7 +2,6 @@
 import * as defaultCrypto from '#crypto';
 import { assign, clear, isBuffer } from '@universalweb/acid';
 import {
-	clearSession,
 	clientSetSession,
 	encryptionKeypair as encryptionKeypair25519,
 	get25519KeyCopy,
@@ -12,15 +11,16 @@ import {
 } from '../keyExchange/x25519.js';
 import { decapsulate, encapsulate } from '../keyExchange/kyber768.js';
 import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
-import { blake3 } from '@noble/hashes/blake3';
 import { kyber768Half_x25519 } from '../keyExchange/kyber768Half_x25519.js';
 const {
 	randomBuffer,
 	toBase64,
 	toHex,
 	combineKeys,
 	clearBuffers,
-	clearBuffer
+	clearBuffer,
+	clearSessionKeys,
+	clearSessionWithSharedSecret,
 } = defaultCrypto;
 const {
 	generateSeed,
@@ -35,7 +35,7 @@ const {
 export const x25519_kyber768Half_xchacha20 = {
 	name: 'x25519_kyber768Half_xchacha20',
 	alias: 'hpqthalf',
-	description: 'Hybrid Post Quantum Key Exchange using both Crystals-Kyber768 and X25519 with XChaCha20 and Blake3 but certification verification only occurs with x25519.',
+	description: 'Hybrid Post Quantum Key Exchange using both Crystals-Kyber768 and X25519 with XChaCha20 and SHAKE256 but certification verification only occurs with x25519.',
 	id: 1,
 	ml_kem768,
 	preferred: true,
@@ -76,7 +76,7 @@ export const x25519_kyber768Half_xchacha20 = {
 		const newTransmitKey = combineKeys(oldTransmitKey, sourceKeypair25519.transmitKey, sharedSecret);
 		const newReceiveKey = combineKeys(oldReceiveKey, sourceKeypair25519.receiveKey, sharedSecret);
 		clearBuffer(cipherData);
-		await clearSession(sourceKeypair25519);
+		await clearSessionWithSharedSecret(sourceKeypair25519);
 		clearBuffers(oldSharedSecret, sharedSecret);
 		source.transmitKey = newTransmitKey;
 		source.receiveKey = newReceiveKey;
@@ -111,7 +111,7 @@ export const x25519_kyber768Half_xchacha20 = {
 		const sharedSecret = nextSession.sharedSecret;
 		const newTransmitKey = combineKeys(oldTransmitKey, x25519SessionKeys.transmitKey, sharedSecret);
 		const newReceiveKey = combineKeys(oldReceiveKey, x25519SessionKeys.receiveKey, sharedSecret);
-		await clearSession(nextSessionKeypair25519);
+		await clearSessionWithSharedSecret(nextSessionKeypair25519);
 		clearBuffers(oldSharedSecret, sharedSecret, destination.publicKey);
 		source.transmitKey = newTransmitKey;
 		source.receiveKey = newReceiveKey;

udsp/cryptoMiddleware/cipherSuite/x25519_Kyber768_xChaCha.js

@@ -23,13 +23,12 @@ import * as defaultCrypto from '#crypto';
 import { assign, clearBuffer, isBuffer } from '@universalweb/acid';
 import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
 import { get25519KeyCopy, x25519 } from '../keyExchange/x25519.js';
-import { blake3 } from '@noble/hashes/blake3';
 import { encapsulate } from '../keyExchange/kyber768.js';
 import { extendedHandshakeRPC } from '../../protocolFrameRPCs.js';
-import { kyber768Half_x25519 } from '../keyExchange/kyber768Half_x25519.js';
 import { kyber768_x25519 } from '../keyExchange/kyber768_x25519.js';
+import { shake256 } from '@noble/hashes/sha3';
 import { x25519_kyber768Half_xchacha20 } from './x25519_Kyber768Half_xChaCha.js';
-const hash = blake3;
+const hashFunction = shake256;
 const { clientSetSession } = x25519_kyber768Half_xchacha20;
 const {
 	serverSetSessionAttach,
@@ -66,7 +65,7 @@ const {
 export const x25519_kyber768_xchacha20 = {
 	name: 'x25519_kyber768_xchacha20',
 	alias: 'hpqt',
-	description: 'Hybrid Post Quantum Key Exchange using both Crystals-Kyber768 and X25519 with XChaCha20 and Blake3.',
+	description: 'Hybrid Post Quantum Key Exchange using both Crystals-Kyber768 + X25519 with XChaCha20 and SHAKE256.',
 	id: 3,
 	ml_kem768,
 	preferred: true,
@@ -97,7 +96,7 @@ export const x25519_kyber768_xchacha20 = {
 		console.log('serverInitializeSession CIPHER', toHex(cipherData));
 		destination.publicKey = get25519KeyCopy(cipherData);
 		await serverSetSessionAttach(source, destination);
-		source.nextSession = await kyber768Half_x25519.serverEphemeralKeypair(source, destination, cipherData);
+		source.nextSession = await kyber768_x25519.serverEphemeralKeypair(source, destination, cipherData);
 		clearBuffer(cipherData);
 		console.log('nextSession', source.nextSession);
 	},
@@ -120,7 +119,7 @@ export const x25519_kyber768_xchacha20 = {
 	clientPrivateKeySize,
 	serverPublicKeySize,
 	serverPrivateKeySize,
-	hash,
+	hash: hashFunction,
 	encrypt,
 	decrypt,
 	encryptionOverhead

udsp/cryptoMiddleware/cipherSuite/x25519_xChaCha.js

@@ -32,7 +32,7 @@ const {
 	combineSessionKeys
 } = defaultCrypto;
 const { id: encryptionKeypairID } = x25519;
-const hash = blake3.hash;
+const hashFunction = blake3.hash;
 export const x25519_xChaCha = {
 	name: 'x25519_xChaCha',
 	alias: 'default',
@@ -154,5 +154,5 @@ export const x25519_xChaCha = {
 	encrypt,
 	encryptionOverhead,
 	preferred: true,
-	hash
+	hash: hashFunction
 };

udsp/cryptoMiddleware/keyExchange/kyber768.js

@@ -1,19 +1,69 @@
-import * as defaultCrypto from '#crypto';
-import { clearBuffer, isBuffer } from '@universalweb/acid';
+import {
+	clearBuffer,
+	int32,
+	randomBuffer
+} from '#crypto';
+import { isBuffer } from '@universalweb/acid';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem';
-import { encryptionKeypair as x25519Keypair } from './x25519.js';
-const { randomBuffer } = defaultCrypto;
+import { shake256 } from '@noble/hashes/sha3';
+const hashFunction = shake256;
+const sessionKeySize = int32;
+const hashSettings = {
+	dkLen: 64
+};
 export async function encryptionKeypair(seed) {
 	const kyberKeypair = ml_kem768.keygen(seed);
 	return {
 		publicKey: kyberKeypair.publicKey,
 		privateKey: kyberKeypair.secretKey
 	};
 }
-export async function decapsulate(cipherText, sourceKeypairKyber) {
-	const decapsulated = ml_kem768.decapsulate(cipherText, sourceKeypairKyber?.privateKey || sourceKeypairKyber);
+export async function decapsulate(cipherData, sourceKeypairKyber) {
+	const decapsulated = ml_kem768.decapsulate(cipherData, sourceKeypairKyber?.privateKey || sourceKeypairKyber);
 	return decapsulated;
 }
+export function clientSetSession(client, server, target, cipherData) {
+	const sharedSecret = decapsulate(cipherData, client.privateKey);
+	const hashSharedSecret = hashFunction(Buffer.concat([
+		sharedSecret,
+		client.publicKey,
+		server?.publicKey || server
+	]), hashSettings);
+	const transmitKey = hashSharedSecret.subarray(sessionKeySize);
+	const receiveKey = hashSharedSecret.subarray(0, sessionKeySize);
+	if (target) {
+		target.sharedSecret = hashSharedSecret;
+		target.receiveKey = receiveKey;
+		target.transmitKey = transmitKey;
+		return target;
+	}
+	return {
+		sharedSecret: hashSharedSecret,
+		receiveKey,
+		transmitKey
+	};
+}
+export function serverSetSession(server, client, target, cipherData) {
+	const sharedSecret = decapsulate(cipherData, server.privateKey);
+	const hashSharedSecret = hashFunction(Buffer.concat([
+		sharedSecret,
+		client?.publicKey || client,
+		server.publicKey
+	]), hashSettings);
+	const transmitKey = hashSharedSecret.subarray(0, sessionKeySize);
+	const receiveKey = hashSharedSecret.subarray(sessionKeySize);
+	if (target) {
+		target.sharedSecret = hashSharedSecret;
+		target.receiveKey = receiveKey;
+		target.transmitKey = transmitKey;
+		return target;
+	}
+	return {
+		sharedSecret: hashSharedSecret,
+		receiveKey,
+		transmitKey
+	};
+}
 export async function encapsulate(sourceKeypair) {
 	// { cipherText, sharedSecret }
 	const encapsulated = ml_kem768.encapsulate(sourceKeypair?.publicKey || sourceKeypair);
@@ -32,6 +82,7 @@ export const kyber768 = {
 	clientPrivateKeySize: privateKeySize,
 	serverPublicKeySize: publicKeySize,
 	serverPrivateKeySize: privateKeySize,
+	sessionKeySize,
 	ml_kem768,
 	decapsulate,
 	encapsulate,

udsp/cryptoMiddleware/keyExchange/kyber768Half_x25519.js

@@ -12,8 +12,9 @@ import {
 } from './kyber768.js';
 import { decrypt, encrypt } from '../encryption/XChaCha.js';
 import { assign } from '@universalweb/acid';
-import { blake3 } from '@noble/hashes/blake3';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem';
+import { shake256 } from '@noble/hashes/sha3';
+const hashFunction = shake256;
 const {
 	randomBuffer,
 	toBase64,
@@ -86,7 +87,7 @@ export const kyber768Half_x25519 = {
 		return x25519Keypair;
 	},
 	ml_kem768,
-	hash: blake3,
+	hash: hashFunction,
 	getKyberKey
 };
 export default kyber768Half_x25519;

udsp/cryptoMiddleware/keyExchange/kyber768_x25519.js

@@ -12,8 +12,8 @@ import {
 } from '../keyExchange/kyber768.js';
 import { decrypt, encrypt } from '../encryption/XChaCha.js';
 import { assign } from '@universalweb/acid';
-import { blake3 } from '@noble/hashes/blake3';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem';
+import { shake256 } from '@noble/hashes/sha3';
 const {
 	randomBuffer,
 	toBase64,
@@ -25,10 +25,11 @@ const {
 } = defaultCrypto;
 const publicKeySize = x25519.publicKeySize + kyber768.publicKeySize;
 const privateKeySize = x25519.privateKeySize + kyber768.privateKeySize;
+const hashFunction = shake256;
 export const kyber768_x25519 = {
 	name: 'kyber768_x25519',
 	alias: 'kyber768_x25519',
-	description: 'Crystals-Kyber768 with X25519 and Blake3.',
+	description: 'Crystals-Kyber768 with X25519 and SHAKE256.',
 	id: 3,
 	// partial initial encryption on first packet
 	async clientInitializeSession(source, destination) {
@@ -137,7 +138,7 @@ export const kyber768_x25519 = {
 			}
 		}
 	},
-	hash: blake3,
+	hash: hashFunction,
 	ml_kem768,
 	noneQuatumPublicKeySize: x25519.publicKeySize,
 	noneQuatumPrivateKeySize: x25519.privateKeySize,