From 896b2425a406f39b555b6f3d32e069bf29fba015 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Wed, 11 Sep 2024 19:32:40 +0100 Subject: [PATCH] xrcp: use SHA3-256 in hybrid key agreement (#1302) This reverts commit 62133ceb24b2ccccd2a8e17a22beee1449b2bd27. --- protocol/xrcp.md | 4 ++-- src/Simplex/Messaging/Crypto/SNTRUP761.hs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/protocol/xrcp.md b/protocol/xrcp.md index 9f7187e66..2ed2c8d62 100644 --- a/protocol/xrcp.md +++ b/protocol/xrcp.md @@ -250,7 +250,7 @@ In pseudo-code: ``` // session 1 hostHelloSecret(1) = dhSecret(1) -sessionSecret(1) = sha256(dhSecret(1) || kemSecret(1)) // to encrypt session 1 data, incl. controller hello +sessionSecret(1) = sha3-256(dhSecret(1) || kemSecret(1)) // to encrypt session 1 data, incl. controller hello dhSecret(1) = dh(hostHelloDhKey(1), controllerInvitationDhKey(1)) kemCiphertext(1) = enc(kemSecret(1), kemEncKey(1)) // kemEncKey is included in host HELLO, kemCiphertext - in controller HELLO @@ -262,7 +262,7 @@ dhSecret(n') = dh(hostHelloDhKey(n - 1), controllerDhKey(n)) // session n hostHelloSecret(n) = dhSecret(n) -sessionSecret(n) = sha256(dhSecret(n) || kemSecret(n)) // to encrypt session n data, incl. controller hello +sessionSecret(n) = sha3-256(dhSecret(n) || kemSecret(n)) // to encrypt session n data, incl. controller hello dhSecret(n) = dh(hostHelloDhKey(n), controllerDhKey(n)) // controllerDhKey(n) is either from invitation or from multicast announcement kemCiphertext(n) = enc(kemSecret(n), kemEncKey(n)) diff --git a/src/Simplex/Messaging/Crypto/SNTRUP761.hs b/src/Simplex/Messaging/Crypto/SNTRUP761.hs index 99b2771f6..6f903804e 100644 --- a/src/Simplex/Messaging/Crypto/SNTRUP761.hs +++ b/src/Simplex/Messaging/Crypto/SNTRUP761.hs @@ -4,7 +4,7 @@ module Simplex.Messaging.Crypto.SNTRUP761 where -import Crypto.Hash (Digest, SHA256, hash) +import Crypto.Hash (Digest, SHA3_256, hash) import Data.ByteArray (ScrubbedBytes) import qualified Data.ByteArray as BA import Data.ByteString (ByteString) @@ -28,4 +28,4 @@ kcbEncrypt (KEMHybridSecret k) = sbEncrypt_ k kemHybridSecret :: PublicKeyX25519 -> PrivateKeyX25519 -> KEMSharedKey -> KEMHybridSecret kemHybridSecret k pk (KEMSharedKey kem) = let DhSecretX25519 dh = C.dh' k pk - in KEMHybridSecret $ BA.convert (hash $ BA.convert dh <> kem :: Digest SHA256) + in KEMHybridSecret $ BA.convert (hash $ BA.convert dh <> kem :: Digest SHA3_256)