Upgrade wire to use latest Noise kyber changes

katzenpost · Feb 13, 2021 · 344a96a · 344a96a
1 parent b9edb76
commit 344a96a
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/fxamacker/cbor/v2 v2.2.0
 	github.com/katzenpost/chacha20 v0.0.0-20190910113340-7ce890d6a556
 	github.com/katzenpost/newhope v0.0.0-20190907181500-0c77ddcb510f // indirect
-	github.com/katzenpost/noise v0.0.1
+	github.com/katzenpost/noise v0.0.2
 	github.com/stretchr/testify v1.4.0
 	github.com/ugorji/go/codec v1.1.7
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad

diff --git a/go.sum b/go.sum
@@ -23,6 +23,8 @@ github.com/katzenpost/noise v0.0.0-20210124214301-a4fefc0ffd7f h1:kxk/WPxabKtj5/
 github.com/katzenpost/noise v0.0.0-20210124214301-a4fefc0ffd7f/go.mod h1:L6ioEZo4vpnAgdh4x8qenV7T0/k8mltat1EjxQO0TNA=
 github.com/katzenpost/noise v0.0.1 h1:xdabBTuulwwspmuvCHx25GffA+We14RaVLQadOcGiW8=
 github.com/katzenpost/noise v0.0.1/go.mod h1:L6ioEZo4vpnAgdh4x8qenV7T0/k8mltat1EjxQO0TNA=
+github.com/katzenpost/noise v0.0.2 h1:5ljIHIlgf/XL0kFKijcq5pUBrYJUpmDYmk2zWDanqy0=
+github.com/katzenpost/noise v0.0.2/go.mod h1:L6ioEZo4vpnAgdh4x8qenV7T0/k8mltat1EjxQO0TNA=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=

diff --git a/wire/session.go b/wire/session.go
@@ -146,7 +146,7 @@ func (s *Session) handshake() error {
 		s.authenticationKey.Reset() // Don't need this anymore, and s has a copy.
 		atomic.CompareAndSwapUint32(&s.state, stateInit, stateInvalid)
 	}()
-	prologue := []byte{0x01} // Prologue indicates version 1. Version 0 uses NewHope Simple not Kyber.
+	prologue := []byte{0x02} // Prologue indicates version 2.
 
 	// Convert to the noise library's idea of a X25519 key.
 	dhKey := noise.DHKey{
@@ -171,11 +171,10 @@ func (s *Session) handshake() error {
 	const (
 		prologueLen = 1
 		keyLen      = 32
-		sendALen    = 1600
-		sendBLen    = 1568
-		msg1Len     = prologueLen + sendALen                 // -> (prologue), e, e1
-		msg2Len     = 1680 + authLen                         // <- e, ee, ekem1, s, es, (auth)
-		msg3Len     = (macLen + keyLen) + (macLen + authLen) // -> s, se, (auth)
+		kyberLen    = 1568                                                            // Length of Kyber1024 public key and KEM ciphertext.
+		msg1Len     = prologueLen + kyberLen + keyLen                                 // -> (prologue), e, e1
+		msg2Len     = keyLen + macLen + macLen + kyberLen + keyLen + macLen + authLen // <- e, ee, ekem1, s, es, (auth)
+		msg3Len     = (macLen + keyLen) + (macLen + authLen)                          // -> s, se, (auth)
 	)
 
 	if s.isInitiator {