Merge pull request #37 from katzenpost/fixup_x448.1

Use fork of circl's x448

go.mod

@@ -12,7 +12,6 @@ require (
 	github.com/katzenpost/circl v1.3.9-0.20240222183521-1cd9a34e9a0c
 	github.com/katzenpost/sntrup4591761 v0.0.0-20231024131303-8755eb1986b8
 	github.com/katzenpost/sphincsplus v0.0.2-0.20240114192234-1dc77b544e31
-	github.com/katzenpost/x448 v0.0.0-20240620191025-0d4bb125d9c5
 	github.com/stretchr/testify v1.8.4
 	gitlab.com/elixxir/crypto v0.0.9
 	gitlab.com/xx_network/crypto v0.0.6

go.sum

@@ -21,8 +21,6 @@ github.com/katzenpost/sntrup4591761 v0.0.0-20231024131303-8755eb1986b8 h1:TsKxH0
 github.com/katzenpost/sntrup4591761 v0.0.0-20231024131303-8755eb1986b8/go.mod h1:Hmcrwom7jcEmGdo0CsyuJNnldPeyS+M07FuCbo7I8fw=
 github.com/katzenpost/sphincsplus v0.0.2-0.20240114192234-1dc77b544e31 h1:fKGa/too1Br31gmoYmV2kE61gydj47Ed5K/g/CE+3Bs=
 github.com/katzenpost/sphincsplus v0.0.2-0.20240114192234-1dc77b544e31/go.mod h1:VFrCPnmbxQLBi+qJfWHUqvpvTMZrYBMZEEy0AidY0nE=
-github.com/katzenpost/x448 v0.0.0-20240620191025-0d4bb125d9c5 h1:Fm37ij52IlyluXORZNZhsZLDqGQJWEn/HsRc+j3DPLM=
-github.com/katzenpost/x448 v0.0.0-20240620191025-0d4bb125d9c5/go.mod h1:uarhuUIBAXxePfmhwjLRE44Ht4rh6HRVzAfqnbQ3cUk=
 github.com/mattn/go-pointer v0.0.1 h1:n+XhsuGeVO6MEAp7xyEukFINEa+Quek5psIR/ylA6o0=
 github.com/mattn/go-pointer v0.0.1/go.mod h1:2zXcozF6qYGgmsG+SeTZz3oAbFLdD3OWqnUbNvJZAlc=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

kem/schemes/kem_test.go

@@ -59,6 +59,10 @@ func TestKEMTextUnmarshal(t *testing.T) {
 	}
 
 	for _, scheme := range todo {
+		if scheme.Name() == "DH4096_RFC3526" {
+			t.Logf("skipping %s", scheme.Name())
+			continue
+		}
 		t.Logf("testing KEM Scheme: %s", scheme.Name())
 		t.Logf("PublicKeySize %d PrivateKeySize %d CiphertextSize %d", scheme.PublicKeySize(), scheme.PrivateKeySize(), scheme.CiphertextSize())
 		testkem(scheme)

nike/x448/x448.go

@@ -8,7 +8,7 @@ import (
 	"errors"
 	"io"
 
-	"github.com/katzenpost/x448"
+	"github.com/katzenpost/circl/dh/x448"
 
 	"github.com/katzenpost/hpqc/nike"
 	"github.com/katzenpost/hpqc/rand"
@@ -89,7 +89,7 @@ func (e *scheme) PrivateKeySize() int {
 // or FromPEMFile methods.
 func (e *scheme) NewEmptyPublicKey() nike.PublicKey {
 	return &PublicKey{
-		pubBytes: new([56]byte),
+		pubBytes: new(x448.Key),
 	}
 }
 
@@ -99,7 +99,7 @@ func (e *scheme) NewEmptyPublicKey() nike.PublicKey {
 // or FromPEMFile methods.
 func (e *scheme) NewEmptyPrivateKey() nike.PrivateKey {
 	return &PrivateKey{
-		privBytes: new([56]byte),
+		privBytes: new(x448.Key),
 	}
 }
 
@@ -147,11 +147,11 @@ func (e *scheme) UnmarshalBinaryPrivateKey(b []byte) (nike.PrivateKey, error) {
 }
 
 type PrivateKey struct {
-	privBytes *[56]byte
+	privBytes *x448.Key
 }
 
 func NewKeypair(rng io.Reader) (nike.PrivateKey, error) {
-	privkey := new([56]byte)
+	privkey := new(x448.Key)
 	count, err := rng.Read(privkey[:])
 	if err != nil {
 		return nil, err
@@ -189,7 +189,7 @@ func (p *PrivateKey) FromBytes(data []byte) error {
 		return errInvalidKey
 	}
 
-	p.privBytes = new([56]byte)
+	p.privBytes = new(x448.Key)
 	copy(p.privBytes[:], data)
 
 	return nil
@@ -216,7 +216,7 @@ func (p *PrivateKey) UnmarshalText(data []byte) error {
 }
 
 type PublicKey struct {
-	pubBytes *[56]byte
+	pubBytes *x448.Key
 }
 
 func (p *PublicKey) Blind(blindingFactor nike.PrivateKey) error {
@@ -249,7 +249,7 @@ func (p *PublicKey) FromBytes(data []byte) error {
 		return errInvalidKey
 	}
 
-	p.pubBytes = new([56]byte)
+	p.pubBytes = new(x448.Key)
 	copy(p.pubBytes[:], data)
 
 	return nil
@@ -276,12 +276,15 @@ func (p *PublicKey) UnmarshalText(data []byte) error {
 }
 
 // Exp returns the group element, the result of x^y, over the ECDH group.
-func Exp(x, y *[56]byte) []byte {
-	sharedSecret := new([56]byte)
-	x448.ScalarMult(sharedSecret, x, y)
+func Exp(x, y *x448.Key) []byte {
+	sharedSecret := new(x448.Key)
+	ok := x448.Shared(sharedSecret, x, y)
+	if !ok {
+		panic("x448.Shared failed")
+	}
 	return sharedSecret[:]
 }
 
-func expG(dst, y *[56]byte) {
-	x448.ScalarBaseMult(dst, y)
+func expG(dst, y *x448.Key) {
+	x448.KeyGen(dst, y)
 }