From f7e6832fe0a0356e1c96f920ac8e8fc844ad91c4 Mon Sep 17 00:00:00 2001 From: DanGould Date: Wed, 14 Aug 2024 15:01:56 -0400 Subject: [PATCH] Remove SHA384 and SHA512 Bitcoin apps don't use them --- README.md | 2 -- src/dhkex/secp256k1.rs | 4 ++++ src/kat_tests.rs | 4 ++-- src/kdf.rs | 24 +----------------------- src/test_util.rs | 4 ++-- 5 files changed, 9 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 93d1077..e6c1150 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,6 @@ Here are all the primitives listed in the spec. The primitives with checked boxe - [X] DHKEM(secp256k1, HKDF-SHA256) * KDFs - [X] HKDF-SHA256 - - [X] HKDF-SHA384 - - [X] HKDF-SHA512 * AEADs - [X] ChaCha20Poly1305 diff --git a/src/dhkex/secp256k1.rs b/src/dhkex/secp256k1.rs index 4c4db68..9edd398 100644 --- a/src/dhkex/secp256k1.rs +++ b/src/dhkex/secp256k1.rs @@ -221,6 +221,10 @@ mod tests { const K256_DH_RES_XCOORD: &[u8] = &hex!("3ADDFBC2 B30E3D1B 1DF262A4 D6CECF73 A11DF8BD 93E0EB21 FC11847C 6F3DDBE2"); + #[cfg(feature = "secp")] + const K256_SHARED_SECRET: &[u8] = + &hex!("7eabf4bab973fc9cc8b3bb2fdaa4d7f154309c31d11214cc48b4a8f3d65236f7"); + /// Tests the ECDH op against a known answer #[allow(dead_code)] fn test_vector_ecdh( diff --git a/src/kat_tests.rs b/src/kat_tests.rs index 32bb29f..c3d027f 100644 --- a/src/kat_tests.rs +++ b/src/kat_tests.rs @@ -1,6 +1,6 @@ use crate::{ aead::{Aead, ChaCha20Poly1305, ExportOnlyAead}, - kdf::{HkdfSha256, HkdfSha384, HkdfSha512, Kdf as KdfTrait}, + kdf::{HkdfSha256, Kdf as KdfTrait}, kem::{self, Kem as KemTrait, SecpK256HkdfSha256, SharedSecret}, op_mode::{OpModeR, PskBundle}, setup::setup_receiver, @@ -346,7 +346,7 @@ fn kat_test() { dispatch_testcase!( tv, (ChaCha20Poly1305, ExportOnlyAead), - (HkdfSha256, HkdfSha384, HkdfSha512), + (HkdfSha256), (SecpK256HkdfSha256) ); diff --git a/src/kdf.rs b/src/kdf.rs index e10ecd1..0ce4df1 100644 --- a/src/kdf.rs +++ b/src/kdf.rs @@ -5,7 +5,7 @@ use crate::util::write_u16_be; use digest::{core_api::BlockSizeUser, Digest, OutputSizeUser}; use generic_array::GenericArray; use hmac::SimpleHmac; -use sha2::{Sha256, Sha384, Sha512}; +use sha2::Sha256; const VERSION_LABEL: &[u8] = b"HPKE-v1"; @@ -46,28 +46,6 @@ impl KdfTrait for HkdfSha256 { const KDF_ID: u16 = 0x0001; } -/// The implementation of HKDF-SHA384 -pub struct HkdfSha384 {} - -impl KdfTrait for HkdfSha384 { - #[doc(hidden)] - type HashImpl = Sha384; - - // RFC 9180 §7.2: HKDF-SHA384 - const KDF_ID: u16 = 0x0002; -} - -/// The implementation of HKDF-SHA512 -pub struct HkdfSha512 {} - -impl KdfTrait for HkdfSha512 { - #[doc(hidden)] - type HashImpl = Sha512; - - // RFC 9180 §7.2: HKDF-SHA512 - const KDF_ID: u16 = 0x0003; -} - // RFC 9180 §4.1 // def ExtractAndExpand(dh, kem_context): // eae_prk = LabeledExtract("", "eae_prk", dh) diff --git a/src/test_util.rs b/src/test_util.rs index b9ba81d..beadf01 100644 --- a/src/test_util.rs +++ b/src/test_util.rs @@ -28,8 +28,8 @@ pub(crate) fn dhkex_gen_keypair( GenericArray::default(); // Fill it with randomness csprng.fill_bytes(&mut ikm); - // Run derive_keypair with a nonsense ciphersuite. We use SHA-512 to satisfy any security level - Kex::derive_keypair::(b"31337", &ikm) + // Run derive_keypair with a nonsense ciphersuite. We use SHA-256 because it's bitcoin. + Kex::derive_keypair::(b"31337", &ikm) } /// Creates a pair of `AeadCtx`s without doing a key exchange