From 60005e90646f7734704cac1643aec208716af3f1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 21 Nov 2024 13:48:01 +0100 Subject: [PATCH 1/7] Fix X25519Kyber768Draft00 build error --- libcrux-kem/src/kem.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 7ad465ce4..17ae8bf48 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -444,7 +444,7 @@ pub enum Ss { X25519PublicKey, // pk_X ), #[cfg(feature = "kyber")] - X25519Kyber768Draft00(MlKemSharedSecret, X25519PublicKey), + X25519Kyber768Draft00(MlKemSharedSecret, X25519SharedSecret), #[cfg(feature = "kyber")] XWingKyberDraft02( MlKemSharedSecret, // ss_M From 47a82420e729b55a95b290bb9c8825ae50430890 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 21 Nov 2024 13:49:21 +0100 Subject: [PATCH 2/7] Swap order of ML-KEM and X25519 parts in `MlKem768Draft00` hybrid KEM --- libcrux-kem/src/kem.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 17ae8bf48..b71f7ff2b 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -218,14 +218,14 @@ impl X25519MlKem768Draft00PublicKey { pub fn decode(bytes: &[u8]) -> Result { Ok(Self { mlkem: { - let key = MlKem768PublicKey::try_from(&bytes[32..]) + let key = MlKem768PublicKey::try_from(&bytes[..1184]) .map_err(|_| Error::InvalidPublicKey)?; if !mlkem768::validate_public_key(&key) { return Err(Error::InvalidPublicKey); } key }, - x25519: bytes[0..32] + x25519: bytes[1184..] .try_into() .map_err(|_| Error::InvalidPublicKey)?, }) @@ -716,8 +716,8 @@ impl Ss { Ss::MlKem512(k) => k.as_ref().to_vec(), Ss::MlKem768(k) => k.as_ref().to_vec(), Ss::X25519MlKem768Draft00(kk, xk) => { - let mut out = xk.0.to_vec(); - out.extend_from_slice(kk.as_ref()); + let mut out = kk.to_vec(); + out.extend_from_slice(xk.0.as_ref()); out } Ss::XWingKemDraft02(ss_m, ss_x, ct_x, pk_x) => { @@ -763,8 +763,8 @@ impl Ct { Ct::MlKem512(k) => k.as_ref().to_vec(), Ct::MlKem768(k) => k.as_ref().to_vec(), Ct::X25519MlKem768Draft00(kk, xk) => { - let mut out = xk.0.to_vec(); - out.extend_from_slice(kk.as_ref()); + let mut out = kk.as_ref().to_vec(); + out.extend_from_slice(xk.0.as_ref()); out } Ct::XWingKemDraft02(ct_m, ct_x) => { From 49efbc898a446702617f128130238c7f3e7b9140 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 21 Nov 2024 18:07:59 +0100 Subject: [PATCH 3/7] Public Key Encoding --- libcrux-kem/src/kem.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index b71f7ff2b..2b00f813b 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -232,8 +232,8 @@ impl X25519MlKem768Draft00PublicKey { } pub fn encode(&self) -> Vec { - let mut out = self.x25519.0.to_vec(); - out.extend_from_slice(self.mlkem.as_ref()); + let mut out = self.mlkem.as_ref().to_vec(); + out.extend_from_slice(&self.x25519.0); out } } From beaad0ba811fb5cbb93bf4f5d74d0652fccdbfa4 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 21 Nov 2024 19:05:26 +0100 Subject: [PATCH 4/7] Private Key encoding --- libcrux-kem/src/kem.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 2b00f813b..4e9258fc6 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -147,18 +147,18 @@ pub struct X25519MlKem768Draft00PrivateKey { impl X25519MlKem768Draft00PrivateKey { pub fn decode(bytes: &[u8]) -> Result { Ok(Self { - mlkem: bytes[32..] + mlkem: bytes[..2400] .try_into() .map_err(|_| Error::InvalidPrivateKey)?, - x25519: bytes[..32] + x25519: bytes[2400..] .try_into() .map_err(|_| Error::InvalidPrivateKey)?, }) } pub fn encode(&self) -> Vec { - let mut out = self.x25519.0.to_vec(); - out.extend_from_slice(self.mlkem.as_ref()); + let mut out = self.mlkem.as_ref().to_vec(); + out.extend_from_slice(&self.x25519.0); out } } From e11adfb25f00aa89c922ec4c770f7cc069c0ec21 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 22 Nov 2024 07:30:57 +0100 Subject: [PATCH 5/7] fixup hpke mlkem --- src/hpke/hpke.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/hpke/hpke.rs b/src/hpke/hpke.rs index 455343ec7..01c416780 100644 --- a/src/hpke/hpke.rs +++ b/src/hpke/hpke.rs @@ -519,8 +519,8 @@ pub fn SetupBaseR( mlkem: kyber, x25519, } = X25519MlKem768Draft00PrivateKey::decode(skR).unwrap(); - let ss1 = Decap(KEM::DHKEM_X25519_HKDF_SHA256, &enc[0..32], &x25519.0)?; - let ss2 = Kyber768Draft00_Decap(kyber.as_ref(), &enc[32..])?; + let ss1 = Decap(KEM::DHKEM_X25519_HKDF_SHA256, &enc[1088..], &x25519.0)?; + let ss2 = Kyber768Draft00_Decap(kyber.as_ref(), &enc[..1088])?; let ss = crate::kem::Ss::X25519MlKem768Draft00( ss2.as_slice().try_into().unwrap(), libcrux_ecdh::X25519SharedSecret(ss1.try_into().unwrap()), From 24f31570160c157d4de48f5378bdc3d197fd130e Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Fri, 22 Nov 2024 07:32:57 +0100 Subject: [PATCH 6/7] Fix ciphertext encoding --- libcrux-kem/src/kem.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-kem/src/kem.rs b/libcrux-kem/src/kem.rs index 4e9258fc6..39d102435 100644 --- a/libcrux-kem/src/kem.rs +++ b/libcrux-kem/src/kem.rs @@ -810,7 +810,7 @@ impl Ct { Algorithm::X25519MlKem768Draft00 => { let key: [u8; MlKem768Ciphertext::len() + 32] = bytes.try_into().map_err(|_| Error::InvalidCiphertext)?; - let (xct, kct) = key.split_at(32); + let (kct, xct) = key.split_at(1088); Ok(Self::X25519MlKem768Draft00( kct.try_into().map_err(|_| Error::InvalidCiphertext)?, xct.try_into().map_err(|_| Error::InvalidCiphertext)?, From c19ab7f5608d8468a8d6925429658e21845c354c Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Fri, 22 Nov 2024 07:43:38 +0100 Subject: [PATCH 7/7] Replace manual ciphertext decoding --- src/hpke/hpke.rs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/hpke/hpke.rs b/src/hpke/hpke.rs index 455343ec7..e42bbeebc 100644 --- a/src/hpke/hpke.rs +++ b/src/hpke/hpke.rs @@ -519,8 +519,14 @@ pub fn SetupBaseR( mlkem: kyber, x25519, } = X25519MlKem768Draft00PrivateKey::decode(skR).unwrap(); - let ss1 = Decap(KEM::DHKEM_X25519_HKDF_SHA256, &enc[0..32], &x25519.0)?; - let ss2 = Kyber768Draft00_Decap(kyber.as_ref(), &enc[32..])?; + let Ct::X25519MlKem768Draft00(ct_mlkem, ct_x25519) = + Ct::decode(libcrux_kem::Algorithm::X25519MlKem768Draft00, &enc).unwrap() + else { + return Err(HpkeError::CryptoError); + }; + + let ss1 = Decap(KEM::DHKEM_X25519_HKDF_SHA256, &ct_x25519.0, &x25519.0)?; + let ss2 = Kyber768Draft00_Decap(kyber.as_ref(), ct_mlkem.as_ref())?; let ss = crate::kem::Ss::X25519MlKem768Draft00( ss2.as_slice().try_into().unwrap(), libcrux_ecdh::X25519SharedSecret(ss1.try_into().unwrap()),