diff options
| author | Linus Färnstrand <faern@faern.net> | 2023-01-26 09:56:07 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2023-01-30 13:57:17 +0100 |
| commit | 8172f2f63fbb1731b0a696179144cf650bcbf154 (patch) | |
| tree | bb68cc6dc30e4d49a1b4671429ac49f671aa3a5d | |
| parent | 0eb32c405c6539e63ac9ad75cf949b1ba32c6a3a (diff) | |
| download | mullvadvpn-8172f2f63fbb1731b0a696179144cf650bcbf154.tar.xz mullvadvpn-8172f2f63fbb1731b0a696179144cf650bcbf154.zip | |
Upgrade PQ gRPC endpoint to PskExchangeV1
| -rw-r--r-- | talpid-tunnel-config-client/proto/tunnel_config.proto | 30 | ||||
| -rw-r--r-- | talpid-tunnel-config-client/src/kyber.rs | 7 | ||||
| -rw-r--r-- | talpid-tunnel-config-client/src/lib.rs | 14 |
3 files changed, 19 insertions, 32 deletions
diff --git a/talpid-tunnel-config-client/proto/tunnel_config.proto b/talpid-tunnel-config-client/proto/tunnel_config.proto index 215aa941c8..af7f7f158e 100644 --- a/talpid-tunnel-config-client/proto/tunnel_config.proto +++ b/talpid-tunnel-config-client/proto/tunnel_config.proto @@ -5,11 +5,6 @@ option go_package = "github.com/mullvad/wg-manager/server/tuncfg"; package tunnel_config; service PostQuantumSecure { - // PskExchangeExperimentalV0 uses the common API defined by LibOQS. See: - // https://github.com/open-quantum-safe/liboqs - // This endpoint is deprecated in favor for `PskExchangeExperimentalV1`. Please use that instead. - rpc PskExchangeExperimentalV0(PskRequestExperimentalV0) returns (PskResponseExperimentalV0) {} - // Allows deriving a preshared key (PSK) using one or multiple PQ-secure key-encapsulation // mechanisms (KEM). The preshared key is added to WireGuard's preshared-key field in a new // ephemeral peer (PQ-peer). This makes the tunnel resistant towards attacks using @@ -71,35 +66,20 @@ service PostQuantumSecure { // Mixing with XOR (A = B ^ C) is fine since nothing about A is revealed even if one of B or C // is known. Both B *and* C must be known to compute any bit in A. This means all involved // KEM algorithms must be broken before the PSK can be computed by an attacker. - rpc PskExchangeExperimentalV1(PskRequestExperimentalV1) returns (PskResponseExperimentalV1) {} -} - -message PskRequestExperimentalV0 { - bytes wg_pubkey = 1; - bytes wg_psk_pubkey = 2; - KemPubkeyExperimentalV0 kem_pubkey = 3; -} - -message KemPubkeyExperimentalV0 { - string algorithm_name = 1; - bytes key_data = 2; -} - -message PskResponseExperimentalV0 { - bytes ciphertext = 1; + rpc PskExchangeV1(PskRequestV1) returns (PskResponseV1) {} } -message PskRequestExperimentalV1 { +message PskRequestV1 { bytes wg_pubkey = 1; bytes wg_psk_pubkey = 2; - repeated KemPubkeyExperimentalV1 kem_pubkeys = 3; + repeated KemPubkeyV1 kem_pubkeys = 3; } -message KemPubkeyExperimentalV1 { +message KemPubkeyV1 { string algorithm_name = 1; bytes key_data = 2; } -message PskResponseExperimentalV1 { +message PskResponseV1 { repeated bytes ciphertexts = 1; } diff --git a/talpid-tunnel-config-client/src/kyber.rs b/talpid-tunnel-config-client/src/kyber.rs index 273bfd1225..19cc3f338c 100644 --- a/talpid-tunnel-config-client/src/kyber.rs +++ b/talpid-tunnel-config-client/src/kyber.rs @@ -1,7 +1,10 @@ use pqc_kyber::SecretKey; -pub use pqc_kyber::{keypair, KYBER_CIPHERTEXTBYTES, KyberError}; +pub use pqc_kyber::{keypair, KyberError, KYBER_CIPHERTEXTBYTES}; -pub fn decapsulate(secret_key: SecretKey, ciphertext: [u8; KYBER_CIPHERTEXTBYTES]) -> Result<[u8; 32], KyberError> { +pub fn decapsulate( + secret_key: SecretKey, + ciphertext: [u8; KYBER_CIPHERTEXTBYTES], +) -> Result<[u8; 32], KyberError> { pqc_kyber::decapsulate(ciphertext.as_slice(), secret_key.as_slice()) } diff --git a/talpid-tunnel-config-client/src/lib.rs b/talpid-tunnel-config-client/src/lib.rs index b8db6820f5..e7d8e766ca 100644 --- a/talpid-tunnel-config-client/src/lib.rs +++ b/talpid-tunnel-config-client/src/lib.rs @@ -54,7 +54,11 @@ pub const CONFIG_SERVICE_PORT: u16 = 1337; /// Use the smallest CME variant with NIST security level 3. This variant has significantly smaller /// keys than the larger variants, and is considered safe. -const CLASSIC_MCELIECE_VARIANT: &str = "Classic-McEliece-460896f"; +const CLASSIC_MCELIECE_VARIANT: &str = "Classic-McEliece-460896f-round3"; + +/// Use the strongest variant of Kyber. It is fast and the keys are small, so there is no practical +/// benefit of going with anything lower. +const KYBER_VARIANT: &str = "Kyber1024"; /// Generates a new WireGuard key pair and negotiates a PSK with the relay in a PQ-safe /// manner. This creates a peer on the relay with the new WireGuard pubkey and PSK, @@ -70,16 +74,16 @@ pub async fn push_pq_key( let mut client = new_client(service_address).await?; let response = client - .psk_exchange_experimental_v1(proto::PskRequestExperimentalV1 { + .psk_exchange_v1(proto::PskRequestV1 { wg_pubkey: wg_pubkey.as_bytes().to_vec(), wg_psk_pubkey: wg_psk_privkey.public_key().as_bytes().to_vec(), kem_pubkeys: vec![ - proto::KemPubkeyExperimentalV1 { + proto::KemPubkeyV1 { algorithm_name: CLASSIC_MCELIECE_VARIANT.to_owned(), key_data: cme_kem_pubkey.as_array().to_vec(), }, - proto::KemPubkeyExperimentalV1 { - algorithm_name: "Kyber1024".to_owned(), + proto::KemPubkeyV1 { + algorithm_name: KYBER_VARIANT.to_owned(), key_data: kyber_keypair.public.to_vec(), }, ], |