update to faster group backend, some clean up and minor optomisations (…

…#43)

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>

Makefile

@@ -26,7 +26,7 @@ fmt:
 .PHONY: license
 license:
 	@echo "Checking License headers ..."
-	@if addlicense -check -v -f .github/licence-header.tmpl *; then echo "License headers OK"; else return 1; fi;
+	@if addlicense -check -v -skip yaml -f .github/licence-header.tmpl *; then echo "License headers OK"; else return 1; fi;
 
 .PHONY: lint
 lint: license

client.go

@@ -20,7 +20,7 @@ import (
 	"github.com/bytemare/opaque/internal/tag"
 	"github.com/bytemare/opaque/message"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 var (
@@ -64,7 +64,7 @@ func (c *Client) GetConf() *internal.Configuration {
 }
 
 // buildPRK derives the randomized password from the OPRF output.
-func (c *Client) buildPRK(evaluation *group.Point) []byte {
+func (c *Client) buildPRK(evaluation *group.Element) []byte {
 	output := c.OPRF.Finalize(evaluation)
 	stretched := c.conf.KSF.Harden(output, nil, c.conf.OPRFPointLength)
 
@@ -109,19 +109,9 @@ func (c *Client) registrationFinalize(
 		EnvelopeNonce:  envelopeNonce,
 	}
 
-	// this check is very important: it verifies the server's public key validity in the group.
-	// if _, err := c.Group.NewElement().Decode(resp.Pks); err != nil {
-	//	return nil, nil, fmt.Errorf("%s : %w", errInvalidPKS, err)
-	// }
-
 	randomizedPwd := c.buildPRK(resp.EvaluatedMessage)
 	maskingKey := c.conf.KDF.Expand(randomizedPwd, []byte(tag.MaskingKey), c.conf.KDF.Size())
-	envelope, clientPublicKey, exportKey := keyrecovery.Store(
-		c.conf,
-		randomizedPwd,
-		encoding.SerializePoint(resp.Pks, c.conf.Group),
-		creds2,
-	)
+	envelope, clientPublicKey, exportKey := keyrecovery.Store(c.conf, randomizedPwd, resp.Pks, creds2)
 
 	return &message.RegistrationRecord{
 		G:          c.conf.Group,

deserializer.go

@@ -14,7 +14,7 @@ import (
 	"github.com/bytemare/opaque/internal"
 	"github.com/bytemare/opaque/message"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 var (
@@ -39,8 +39,8 @@ func (d *Deserializer) RegistrationRequest(registrationRequest []byte) (*message
 		return nil, errInvalidMessageLength
 	}
 
-	blindedMessage, err := d.conf.OPRF.Group().NewElement().Decode(registrationRequest[:d.conf.OPRFPointLength])
-	if err != nil {
+	blindedMessage := d.conf.OPRF.Group().NewElement()
+	if err := blindedMessage.Decode(registrationRequest[:d.conf.OPRFPointLength]); err != nil {
 		return nil, errInvalidBlindedData
 	}
 
@@ -58,15 +58,13 @@ func (d *Deserializer) RegistrationResponse(registrationResponse []byte) (*messa
 		return nil, errInvalidMessageLength
 	}
 
-	evaluatedMessage, err := d.conf.OPRF.Group().
-		NewElement().
-		Decode(registrationResponse[:d.conf.OPRFPointLength])
-	if err != nil {
+	evaluatedMessage := d.conf.OPRF.Group().NewElement()
+	if err := evaluatedMessage.Decode(registrationResponse[:d.conf.OPRFPointLength]); err != nil {
 		return nil, errInvalidEvaluatedData
 	}
 
-	pks, err := d.conf.Group.NewElement().Decode(registrationResponse[d.conf.OPRFPointLength:])
-	if err != nil {
+	pks := d.conf.Group.NewElement()
+	if err := pks.Decode(registrationResponse[d.conf.OPRFPointLength:]); err != nil {
 		return nil, errInvalidServerPK
 	}
 
@@ -93,8 +91,8 @@ func (d *Deserializer) RegistrationRecord(record []byte) (*message.RegistrationR
 	maskingKey := record[d.conf.AkePointLength : d.conf.AkePointLength+d.conf.Hash.Size()]
 	env := record[d.conf.AkePointLength+d.conf.Hash.Size():]
 
-	pku, err := d.conf.Group.NewElement().Decode(pk)
-	if err != nil {
+	pku := d.conf.Group.NewElement()
+	if err := pku.Decode(pk); err != nil {
 		return nil, errInvalidClientPK
 	}
 
@@ -107,8 +105,8 @@ func (d *Deserializer) RegistrationRecord(record []byte) (*message.RegistrationR
 }
 
 func (d *Deserializer) deserializeCredentialRequest(input []byte) (*message.CredentialRequest, error) {
-	blindedMessage, err := d.conf.OPRF.Group().NewElement().Decode(input[:d.conf.OPRFPointLength])
-	if err != nil {
+	blindedMessage := d.conf.OPRF.Group().NewElement()
+	if err := blindedMessage.Decode(input[:d.conf.OPRFPointLength]); err != nil {
 		return nil, errInvalidBlindedData
 	}
 
@@ -119,8 +117,8 @@ func (d *Deserializer) deserializeCredentialResponse(
 	input []byte,
 	maxResponseLength int,
 ) (*message.CredentialResponse, error) {
-	data, err := d.conf.OPRF.Group().NewElement().Decode(input[:d.conf.OPRFPointLength])
-	if err != nil {
+	data := d.conf.OPRF.Group().NewElement()
+	if err := data.Decode(input[:d.conf.OPRFPointLength]); err != nil {
 		return nil, errInvalidEvaluatedData
 	}
 
@@ -147,8 +145,8 @@ func (d *Deserializer) KE1(ke1 []byte) (*message.KE1, error) {
 
 	nonceU := ke1[d.conf.OPRFPointLength : d.conf.OPRFPointLength+d.conf.NonceLen]
 
-	epku, err := d.conf.Group.NewElement().Decode(ke1[d.conf.OPRFPointLength+d.conf.NonceLen:])
-	if err != nil {
+	epku := d.conf.Group.NewElement()
+	if err := epku.Decode(ke1[d.conf.OPRFPointLength+d.conf.NonceLen:]); err != nil {
 		return nil, errInvalidClientEPK
 	}
 
@@ -189,8 +187,8 @@ func (d *Deserializer) KE2(ke2 []byte) (*message.KE2, error) {
 	offset += d.conf.AkePointLength
 	mac := ke2[offset:]
 
-	epks, err := d.conf.Group.NewElement().Decode(epk)
-	if err != nil {
+	epks := d.conf.Group.NewElement()
+	if err := epks.Decode(epk); err != nil {
 		return nil, errInvalidServerEPK
 	}
 
@@ -214,10 +212,20 @@ func (d *Deserializer) KE3(ke3 []byte) (*message.KE3, error) {
 
 // DecodeAkePrivateKey takes a serialized private key (a scalar) and attempts to return it's decoded form.
 func (d *Deserializer) DecodeAkePrivateKey(encoded []byte) (*group.Scalar, error) {
-	return d.conf.Group.NewScalar().Decode(encoded)
+	sk := d.conf.Group.NewScalar()
+	if err := sk.Decode(encoded); err != nil {
+		return nil, err
+	}
+
+	return sk, nil
 }
 
 // DecodeAkePublicKey takes a serialized public key (a point) and attempts to return it's decoded form.
-func (d *Deserializer) DecodeAkePublicKey(encoded []byte) (*group.Point, error) {
-	return d.conf.Group.NewElement().Decode(encoded)
+func (d *Deserializer) DecodeAkePublicKey(encoded []byte) (*group.Element, error) {
+	pk := d.conf.Group.NewElement()
+	if err := pk.Decode(encoded); err != nil {
+		return nil, err
+	}
+
+	return pk, nil
 }

examples_test.go

@@ -18,7 +18,7 @@ import (
 
 	"github.com/bytemare/opaque"
 
-	"github.com/bytemare/crypto/ksf"
+	"github.com/bytemare/ksf"
 )
 
 var (
@@ -52,7 +52,7 @@ func Example_configuration() {
 		KDF:     crypto.SHA512,
 		MAC:     crypto.SHA512,
 		Hash:    crypto.SHA512,
-		KSF:     ksf.Scrypt,
+		KSF:     ksf.Argon2id,
 		AKE:     opaque.RistrettoSha512,
 		Context: nil,
 	}
@@ -79,7 +79,7 @@ func Example_configuration() {
 
 	fmt.Println("OPAQUE configuration is easy!")
 
-	// Output: Encoded Configuration: 0107070702010000
+	// Output: Encoded Configuration: 0107070701010000
 	// OPAQUE configuration is easy!
 }
 

go.mod

@@ -2,13 +2,16 @@ module github.com/bytemare/opaque
 
 go 1.18
 
-require github.com/bytemare/crypto v0.2.7
+require (
+	github.com/bytemare/crypto v0.3.2
+	github.com/bytemare/hash v0.1.3
+	github.com/bytemare/ksf v0.1.0
+)
 
 require (
-	filippo.io/edwards25519 v1.0.0-rc.1 // indirect
-	github.com/armfazh/h2c-go-ref v0.0.0-20220222212046-ff45165972af // indirect
-	github.com/armfazh/tozan-ecc v0.1.4 // indirect
+	filippo.io/nistec v0.0.0-20220513155737-c4b6d02e738c // indirect
+	github.com/bytemare/hash2curve v0.1.2 // indirect
 	github.com/gtank/ristretto255 v0.1.2 // indirect
-	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
-	golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e // indirect
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
+	golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
 )

go.sum

@@ -1,23 +1,16 @@
-filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU=
-filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-github.com/armfazh/h2c-go-ref v0.0.0-20220222212046-ff45165972af h1:3bAG1kgYCxLLKEwxRZUWAIxsSU6IETtVndByx8rY7wU=
-github.com/armfazh/h2c-go-ref v0.0.0-20220222212046-ff45165972af/go.mod h1:mtUQsERQBqNOHy8yMHF+K6tvXNgjPpTk8k7VYxKK6pU=
-github.com/armfazh/tozan-ecc v0.1.4 h1:PnCI4iLifKiXcDBVX6B5LqCWreN56lxlspgZdVdOhvA=
-github.com/armfazh/tozan-ecc v0.1.4/go.mod h1:u25eZC5Z8uJFQxJxGBz1Blfii/7m3DfmwX0vFnwtG9I=
-github.com/bytemare/crypto v0.2.7 h1:bh8gF/FthYyLzsRNDM/lthENPW6MvacQZ90eS8zUTrE=
-github.com/bytemare/crypto v0.2.7/go.mod h1:GRN/NPLEuubCbo8Ub8z2RdLJO9HvQDEaSZWbeSDVyJ4=
+filippo.io/nistec v0.0.0-20220513155737-c4b6d02e738c h1:x4epP2lA8b5UYoIFjcVpN+MfJQeX5M5Yilmc1VH0YDw=
+filippo.io/nistec v0.0.0-20220513155737-c4b6d02e738c/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
+github.com/bytemare/crypto v0.3.2 h1:dAt/68zVoYvSEQ8BbLvbbBjqMkuXuk9DTLxJBXpmM2E=
+github.com/bytemare/crypto v0.3.2/go.mod h1:hXn7dxdtvhvrrNb01IB/vJ/yQjIxkq5ZIJOuwTrxJ3k=
+github.com/bytemare/hash v0.1.3 h1:E2v/+gqvLTjaR8W2JdhqaB2L9161yFBlSXDnYEyMt94=
+github.com/bytemare/hash v0.1.3/go.mod h1:5WJSSK+ftRTLt9fOMHT+S4eXTTAb0Uz+NJJZKHLKovM=
+github.com/bytemare/hash2curve v0.1.2 h1:V/TSdU/WsfYS3Bk73ap+odLCOOm2/B02rKE8lb91djI=
+github.com/bytemare/hash2curve v0.1.2/go.mod h1:S+OcM3nIREThTmjkFa+nX6vqGH11nEzefaIYq7MVAp4=
+github.com/bytemare/ksf v0.1.0 h1:t0VobAtBVSb1SyX1RltuZ+c4gVVHLKQnUN5oYd3o3qc=
+github.com/bytemare/ksf v0.1.0/go.mod h1:wKBp7KmpY482R8lOfcGFh01MsJEU0vZHw8qFEMzNoRU=
 github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc=
 github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e h1:NHvCuwuS43lGnYhten69ZWqi2QOj/CiDNcKbVqwVoew=
-golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 h1:Y7NOhdqIOU8kYI7BxsgL38d0ot0raxvcW+EMQU2QrT4=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

internal/ake/3dh.go

@@ -15,13 +15,13 @@ import (
 	"github.com/bytemare/opaque/internal/tag"
 	"github.com/bytemare/opaque/message"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 // KeyGen returns private and public keys in the group.
 func KeyGen(id group.Group) (privateKey, publicKey []byte) {
 	scalar := id.NewScalar().Random()
-	point := id.Base().Mult(scalar)
+	point := id.Base().Multiply(scalar)
 
 	return encoding.SerializeScalar(scalar, id), encoding.SerializePoint(point, id)
 }
@@ -82,16 +82,16 @@ func deriveKeys(h *internal.KDF, ikm, context []byte) (serverMacKey, clientMacKe
 
 func k3dh(
 	g group.Group,
-	p1 *group.Point,
+	p1 *group.Element,
 	s1 *group.Scalar,
-	p2 *group.Point,
+	p2 *group.Element,
 	s2 *group.Scalar,
-	p3 *group.Point,
+	p3 *group.Element,
 	s3 *group.Scalar,
 ) []byte {
-	e1 := encoding.SerializePoint(p1.Mult(s1), g)
-	e2 := encoding.SerializePoint(p2.Mult(s2), g)
-	e3 := encoding.SerializePoint(p3.Mult(s3), g)
+	e1 := encoding.SerializePoint(p1.Copy().Multiply(s1), g)
+	e2 := encoding.SerializePoint(p2.Copy().Multiply(s2), g)
+	e3 := encoding.SerializePoint(p3.Copy().Multiply(s3), g)
 
 	return encoding.Concat3(e1, e2, e3)
 }

internal/ake/client.go

@@ -14,7 +14,7 @@ import (
 	"github.com/bytemare/opaque/internal"
 	"github.com/bytemare/opaque/message"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 var errAkeInvalidServerMac = errors.New(" AKE finalization: invalid server mac")
@@ -34,7 +34,7 @@ func NewClient() *Client {
 
 // SetValues - testing: integrated to support testing, to force values.
 // There's no effect if esk, epk, and nonce have already been set in a previous call.
-func (c *Client) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonceLen int) *group.Point {
+func (c *Client) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonceLen int) *group.Element {
 	s, nonce := setValues(g, esk, nonce, nonceLen)
 	if c.esk == nil || (esk != nil && c.esk != s) {
 		c.esk = s
@@ -44,7 +44,7 @@ func (c *Client) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonce
 		c.nonceU = nonce
 	}
 
-	return g.Base().Mult(c.esk)
+	return g.Base().Multiply(c.esk)
 }
 
 // Start initiates the 3DH protocol, and returns a KE1 message with clientInfo.
@@ -65,7 +65,7 @@ func (c *Client) Finalize(
 	clientIdentity []byte,
 	clientSecretKey *group.Scalar,
 	serverIdentity []byte,
-	serverPublicKey *group.Point,
+	serverPublicKey *group.Element,
 	ke2 *message.KE2,
 ) (*message.KE3, error) {
 	ikm := k3dh(conf.Group, ke2.EpkS, c.esk, serverPublicKey, c.esk, ke2.EpkS, clientSecretKey)

internal/ake/server.go

@@ -14,7 +14,7 @@ import (
 	"github.com/bytemare/opaque/internal"
 	"github.com/bytemare/opaque/message"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 var errStateNotEmpty = errors.New("existing state is not empty")
@@ -36,7 +36,7 @@ func NewServer() *Server {
 
 // SetValues - testing: integrated to support testing, to force values.
 // There's no effect if esk, epk, and nonce have already been set in a previous call.
-func (s *Server) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonceLen int) *group.Point {
+func (s *Server) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonceLen int) *group.Element {
 	es, nonce := setValues(g, esk, nonce, nonceLen)
 	if s.esk == nil || (esk != nil && s.esk != es) {
 		s.esk = es
@@ -46,7 +46,7 @@ func (s *Server) SetValues(g group.Group, esk *group.Scalar, nonce []byte, nonce
 		s.nonceS = nonce
 	}
 
-	return g.Base().Mult(s.esk)
+	return g.Base().Multiply(s.esk)
 }
 
 // Response produces a 3DH server response message.
@@ -55,7 +55,7 @@ func (s *Server) Response(
 	serverIdentity []byte,
 	serverSecretKey *group.Scalar,
 	clientIdentity []byte,
-	clientPublicKey *group.Point,
+	clientPublicKey *group.Element,
 	ke1 *message.KE1,
 	response *message.CredentialResponse,
 ) *message.KE2 {

internal/configuration.go

@@ -16,7 +16,7 @@ import (
 
 	"github.com/bytemare/opaque/internal/oprf"
 
-	"github.com/bytemare/crypto/group"
+	group "github.com/bytemare/crypto"
 )
 
 const (