Skip to content

Commit 1049a71

Browse files
larabrlarabr
committed
PQC: update KEM key combiner (draft-08)
1 parent 3e394a1 commit 1049a71

1 file changed

Lines changed: 9 additions & 10 deletions

File tree

  • src/crypto/public_key/post_quantum/kem

src/crypto/public_key/post_quantum/kem/kem.js

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,33 +15,32 @@ export async function generate(algo) {
1515
export async function encrypt(algo, eccPublicKey, mlkemPublicKey, sessioneKeyData) {
1616
const { eccKeyShare, eccCipherText } = await eccKem.encaps(algo, eccPublicKey);
1717
const { mlkemKeyShare, mlkemCipherText } = await mlKem.encaps(algo, mlkemPublicKey);
18-
const kek = await multiKeyCombine(algo, eccKeyShare, eccCipherText, eccPublicKey, mlkemKeyShare, mlkemCipherText, mlkemPublicKey);
18+
const kek = await multiKeyCombine(algo, mlkemKeyShare, eccKeyShare, eccCipherText, eccPublicKey);
1919
const wrappedKey = await aesKW.wrap(enums.symmetric.aes256, kek, sessioneKeyData); // C
2020
return { eccCipherText, mlkemCipherText, wrappedKey };
2121
}
2222

2323
export async function decrypt(algo, eccCipherText, mlkemCipherText, eccSecretKey, eccPublicKey, mlkemSecretKey, mlkemPublicKey, encryptedSessionKeyData) {
2424
const eccKeyShare = await eccKem.decaps(algo, eccCipherText, eccSecretKey, eccPublicKey);
2525
const mlkemKeyShare = await mlKem.decaps(algo, mlkemCipherText, mlkemSecretKey);
26-
const kek = await multiKeyCombine(algo, eccKeyShare, eccCipherText, eccPublicKey, mlkemKeyShare, mlkemCipherText, mlkemPublicKey);
26+
const kek = await multiKeyCombine(algo, mlkemKeyShare, eccKeyShare, eccCipherText, eccPublicKey);
2727
const sessionKey = await aesKW.unwrap(enums.symmetric.aes256, kek, encryptedSessionKeyData);
2828
return sessionKey;
2929
}
3030

31-
async function multiKeyCombine(algo, ecdhKeyShare, ecdhCipherText, ecdhPublicKey, mlkemKeyShare, mlkemCipherText, mlkemPublicKey) {
32-
// LAMPS-aligned and NIST compatible combiner, proposed in: https://mailarchive.ietf.org/arch/msg/openpgp/NMTCy707LICtxIhP3Xt1U5C8MF0/
33-
// 2a. KDF(mlkemSS || tradSS || tradCT || tradPK || Domain)
34-
// where Domain is "Domain" for LAMPS, and "mlkemCT || mlkemPK || algId || const" for OpenPGP
31+
/**
32+
* KEM key combiner
33+
*/
34+
async function multiKeyCombine(algo, mlkemKeyShare, ecdhKeyShare, ecdhCipherText, ecdhPublicKey) {
35+
const domSep = util.encodeUTF8('OpenPGPCompositeKDFv1');
3536
const encData = util.concatUint8Array([
3637
mlkemKeyShare,
3738
ecdhKeyShare,
3839
ecdhCipherText,
3940
ecdhPublicKey,
40-
// domSep
41-
mlkemCipherText,
42-
mlkemPublicKey,
4341
new Uint8Array([algo]),
44-
util.encodeUTF8('OpenPGPCompositeKDFv1')
42+
domSep,
43+
new Uint8Array([domSep.length])
4544
]);
4645

4746
const kek = await computeDigest(enums.hash.sha3_256, encData);

0 commit comments

Comments
 (0)