Add support for hybrid forward secrecy (hfs) modifier
#2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This takes a crack at implementing the hybrid forward secrecy (
hfs) modifier as described in the draft Noise HFS specification as of025f0f60.This whole thing is built on a slightly shaky foundation in that the HFS modifier specification is still very much a draft and leaves some important details (what are the acceptable cipher suites? what are their names? how does this interact with the
fallbackmodifier?) up for discussion. I've done my best to make reasonable decisions on my own, but recognize that reasonable minds may disagree with some of them.The Java ecosystem still doesn't—yet!—have well-established patterns for KEMs yet. I think the interpretation provided in kyberJCE makes sense, but recognize it may change as KEMs (and post-quantum cryptography more broadly) gain better adoption in the JDK. I also couldn't find a straightforward ML-KEM implementation, and so stuck with Kyber for now.
There's a lot to discuss and iterate on in here, and also a lot of more straightforward TODOs (e.g. write docs) to address, but I think this gives a pretty good idea of what things might look like if this were to make its way into
main.This closes #1.
TODO:
NoiseHandshakeBuilder#setComponentsFromProtocolNamecan't handle handshake modifiers (an existing issue!)hfsandfallbackmodifiers