Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v1] Re-export curve25519-dalek #348

Merged
merged 1 commit into from
Nov 9, 2023
Merged

[v1] Re-export curve25519-dalek #348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
branches:
- master
pull_request:
types: [opened, repoened, synchronize]
types: [opened, reopened, synchronize]

jobs:
test:
Expand All @@ -17,7 +17,7 @@ jobs:
- u32_backend
toolchain:
- stable
- 1.51.0
- 1.65
name: test
steps:
- name: Checkout sources
Expand Down Expand Up @@ -87,7 +87,7 @@ jobs:
matrix:
toolchain:
- stable
- 1.51.0
- 1.65
name: test simple_login command-line example
steps:
- name: install expect
Expand All @@ -111,7 +111,7 @@ jobs:
matrix:
toolchain:
- stable
- 1.51.0
- 1.65
name: test digital_locker command-line example
steps:
- name: install expect
Expand Down
24 changes: 12 additions & 12 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
[package]
name = "opaque-ke"
version = "1.2.0"
repository = "https://github.com/novifinancial/opaque-ke"
keywords = ["cryptography", "crypto", "opaque", "passwords", "authentication"]
authors = ["Kevin Lewi <[email protected]>", "François Garillot <[email protected]>"]
categories = ["no-std"]
description = "An implementation of the OPAQUE password-authenticated key exchange protocol"
authors = ["Kevin Lewi <[email protected]>", "François Garillot <[email protected]>"]
edition = "2021"
keywords = ["cryptography", "crypto", "opaque", "passwords", "authentication"]
license = "MIT"
edition = "2018"
name = "opaque-ke"
readme = "README.md"
resolver = "2"
repository = "https://github.com/novifinancial/opaque-ke"
rust-version = "1.65"
version = "1.2.0"

[features]
bench = []
default = ["u64_backend"]
slow-hash = ["scrypt"]
std = ["curve25519-dalek/std", "getrandom", "rand/std", "rand/std_rng"]
bench = []
u64_backend = ["curve25519-dalek/u64_backend"]
u32_backend = ["curve25519-dalek/u32_backend"]
u64_backend = ["curve25519-dalek/u64_backend"]

[dependencies]
constant_time_eq = "0.1"
Expand All @@ -44,12 +44,12 @@ criterion = "0.3"
hex = "0.4"
lazy_static = "1"
opaque-ke = { path = "", default-features = false, features = ["std"] }
serde_json = "1"
sha2 = "0.9"
proptest = "1"
rustyline = "8"
serde_json = "1"
sha2 = "0.9"

[[bench]]
name = "oprf"
harness = false
name = "oprf"
required-features = ["bench"]
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ opaque-ke = "1"

### Minimum Supported Rust Version

Rust **1.51** or higher.
Rust **1.65** or higher.

Resources
---------
Expand Down
2 changes: 1 addition & 1 deletion examples/digital_locker.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ fn open_locker(
let server_login_start_result = ServerLogin::start(
&mut server_rng,
password_file,
&server_kp.private(),
server_kp.private(),
CredentialRequest::deserialize(&credential_request_bytes[..]).unwrap(),
ServerLoginStartParameters::default(),
)
Expand Down
2 changes: 1 addition & 1 deletion examples/simple_login.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ fn account_login(
let server_login_start_result = ServerLogin::start(
&mut server_rng,
password_file,
&server_kp.private(),
server_kp.private(),
CredentialRequest::deserialize(&credential_request_bytes[..]).unwrap(),
ServerLoginStartParameters::default(),
)
Expand Down
16 changes: 8 additions & 8 deletions src/key_exchange/tripledh.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,12 +89,12 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {

let mut transcript_hasher = D::new()
.chain(STR_3DH)
.chain(&serialize(&id_u, 2)?)
.chain(serialize(&id_u, 2)?)
.chain(&serialized_credential_request[..])
.chain(&serialize(&id_s, 2)?)
.chain(serialize(&id_s, 2)?)
.chain(&l2_bytes[..])
.chain(&server_nonce[..])
.chain(&server_e_kp.public().to_arr());
.chain(server_e_kp.public().to_arr());

let (session_key, km2, ke2, km3) = derive_3dh_keys::<D, G>(
TripleDHComponents {
Expand Down Expand Up @@ -157,11 +157,11 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {
) -> Result<(Vec<u8>, Vec<u8>, Self::KE3Message), ProtocolError> {
let mut transcript_hasher = D::new()
.chain(STR_3DH)
.chain(&serialize(&id_u, 2)?)
.chain(&serialized_credential_request)
.chain(&serialize(&id_s, 2)?)
.chain(serialize(&id_u, 2)?)
.chain(serialized_credential_request)
.chain(serialize(&id_s, 2)?)
.chain(&l2_component[..])
.chain(&ke2_message.to_bytes_without_info_or_mac());
.chain(ke2_message.to_bytes_without_info_or_mac());

let (session_key, km2, ke2, km3) = derive_3dh_keys::<D, G>(
TripleDHComponents {
Expand All @@ -187,7 +187,7 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {
));
}

transcript_hasher.update(ke2_message.mac.to_vec());
transcript_hasher.update(&ke2_message.mac);

let mut client_mac =
Hmac::<D>::new_from_slice(&km3).map_err(|_| InternalPakeError::HmacError)?;
Expand Down
1 change: 1 addition & 0 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -759,6 +759,7 @@ mod tests;

// Exports

pub use curve25519_dalek;
pub use rand;

pub use crate::messages::{
Expand Down
4 changes: 2 additions & 2 deletions src/opaque.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ impl<CS: CipherSuite> ClientRegistration<CS> {
/// Serialization into bytes
pub fn serialize(&self) -> Vec<u8> {
let output: Vec<u8> = [
&self.alpha.to_arr().to_vec(),
&self.alpha.to_arr(),
&CS::Group::scalar_as_bytes(&self.token.blind)[..],
&self.token.data,
]
Expand Down Expand Up @@ -217,7 +217,7 @@ impl<CS: CipherSuite> ClientRegistration<CS> {
let (envelope, export_key) = Envelope::<CS::Hash>::seal(
rng,
&password_derived_key,
&client_static_keypair.private().to_arr().to_vec(),
&client_static_keypair.private().to_arr(),
&r2.server_s_pk,
optional_ids,
)?;
Expand Down
6 changes: 3 additions & 3 deletions src/oprf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ fn finalize_after_unblind<G: GroupWithMapToCurve, H: Hash>(
let finalize_dst = [STR_VOPRF_FINALIZE, &G::get_context_string(MODE_BASE)?].concat();
let hash_input = [
serialize(input, 2)?,
serialize(&unblinded_element.to_arr().to_vec(), 2)?,
serialize(&unblinded_element.to_arr(), 2)?,
serialize(&finalize_dst, 2)?,
]
.concat();
Expand Down Expand Up @@ -130,7 +130,7 @@ mod tests {
RistrettoPoint::from_scalar_slice(GenericArray::from_slice(&oprf_key[..])).unwrap();
let res = point * scalar;

finalize_after_unblind::<RistrettoPoint, sha2::Sha512>(&input, res).unwrap()
finalize_after_unblind::<RistrettoPoint, sha2::Sha512>(input, res).unwrap()
}

#[test]
Expand All @@ -146,7 +146,7 @@ mod tests {
let beta = evaluate::<RistrettoPoint>(alpha, &oprf_key);
let res =
finalize::<RistrettoPoint, sha2::Sha512>(&token.data, &token.blind, beta).unwrap();
let res2 = prf(&input[..], &oprf_key.as_bytes());
let res2 = prf(&input[..], oprf_key.as_bytes());
assert_eq!(res, res2);
}

Expand Down
2 changes: 1 addition & 1 deletion src/serialization/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ pub(crate) fn i2osp(input: usize, length: usize) -> Result<Vec<u8>, PakeError> {
}

if length <= sizeof_usize {
return Ok((&input.to_be_bytes()[sizeof_usize - length..]).to_vec());
return Ok(input.to_be_bytes()[sizeof_usize - length..].to_vec());
}

let mut output = alloc::vec![0u8; length];
Expand Down
32 changes: 16 additions & 16 deletions src/serialization/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ fn registration_response_roundtrip() {

let mut input = Vec::new();
input.extend_from_slice(beta_bytes.as_slice());
input.extend_from_slice(&pubkey_bytes.as_slice());
input.extend_from_slice(pubkey_bytes.as_slice());

let r2 = RegistrationResponse::<Default>::deserialize(input.as_slice()).unwrap();
let r2_bytes = r2.serialize();
Expand Down Expand Up @@ -200,7 +200,7 @@ fn credential_request_roundtrip() {

let ke1m: Vec<u8> = [
&client_nonce[..],
&serialize(&info.to_vec(), 2).unwrap(),
&serialize(info.as_ref(), 2).unwrap(),
&client_e_kp.public(),
]
.concat();
Expand Down Expand Up @@ -261,7 +261,7 @@ fn credential_response_roundtrip() {
let ke2m: Vec<u8> = [
&server_nonce[..],
&server_e_kp.public(),
&serialize(&e_info.to_vec(), 2).unwrap(),
&serialize(e_info.as_ref(), 2).unwrap(),
&mac[..],
]
.concat();
Expand All @@ -270,7 +270,7 @@ fn credential_response_roundtrip() {

let mut input = Vec::new();
input.extend_from_slice(pt_bytes.as_slice());
input.extend_from_slice(&pubkey_bytes.as_slice());
input.extend_from_slice(pubkey_bytes.as_slice());
input.extend_from_slice(&serialized_envelope);
input.extend_from_slice(&ke2m[..]);

Expand Down Expand Up @@ -348,7 +348,7 @@ fn ke1_message_roundtrip() {

let ke1m: Vec<u8> = [
&client_nonce[..],
&serialize(&info.to_vec(), 2).unwrap(),
&serialize(info.as_ref(), 2).unwrap(),
&client_e_kp.public(),
]
.concat();
Expand All @@ -374,7 +374,7 @@ fn ke2_message_roundtrip() {
let ke2m: Vec<u8> = [
&server_nonce[..],
&server_e_kp.public(),
&serialize(&e_info.to_vec(), 2).unwrap(),
&serialize(e_info.as_ref(), 2).unwrap(),
&mac[..],
]
.concat();
Expand Down Expand Up @@ -410,52 +410,52 @@ fn test_i2osp_os2ip(bytes in vec(any::<u8>(), 0..core::mem::size_of::<usize>()))

#[test]
fn test_nocrash_registration_request(bytes in vec(any::<u8>(), 0..200)) {
RegistrationRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =RegistrationRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_registration_response(bytes in vec(any::<u8>(), 0..200)) {
RegistrationResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =RegistrationResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_registration_upload(bytes in vec(any::<u8>(), 0..200)) {
RegistrationUpload::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =RegistrationUpload::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_credential_request(bytes in vec(any::<u8>(), 0..500)) {
CredentialRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =CredentialRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_credential_response(bytes in vec(any::<u8>(), 0..500)) {
CredentialResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =CredentialResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_credential_finalization(bytes in vec(any::<u8>(), 0..500)) {
CredentialFinalization::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =CredentialFinalization::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_client_registration(bytes in vec(any::<u8>(), 0..700)) {
ClientRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =ClientRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_server_registration(bytes in vec(any::<u8>(), 0..700)) {
ServerRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =ServerRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_client_login(bytes in vec(any::<u8>(), 0..700)) {
ClientLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =ClientLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

#[test]
fn test_nocrash_server_login(bytes in vec(any::<u8>(), 0..700)) {
ServerLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
let _ =ServerLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
}

}
Loading
Loading