Skip to content

Commit

Permalink
Refactor and add tests (#29)
Browse files Browse the repository at this point in the history
* run license check before linter

* refactor test files

* fix forgotten group identifier in messages for serialization and added runtime test to fail

* move some things around

* add tests, rework fake credentials, refine examples, add licence headers

* don't check for identity point on deserialization as it's now integrated in Decode()

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>
  • Loading branch information
bytemare authored Apr 4, 2022
1 parent 90c2e04 commit d51f93e
Show file tree
Hide file tree
Showing 21 changed files with 1,645 additions and 1,117 deletions.
12 changes: 10 additions & 2 deletions client.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,11 @@ func (c *Client) buildPRK(evaluation *group.Point) []byte {
// RegistrationInit returns a RegistrationRequest message blinding the given password.
func (c *Client) RegistrationInit(password []byte) *message.RegistrationRequest {
m := c.OPRF.Blind(password)
return &message.RegistrationRequest{BlindedMessage: m}

return &message.RegistrationRequest{
C: c.conf.OPRF,
BlindedMessage: m,
}
}

// RegistrationFinalizeWithNonce returns a RegistrationRecord message given the identities, server's
Expand Down Expand Up @@ -120,6 +124,7 @@ func (c *Client) registrationFinalize(
)

return &message.RegistrationRecord{
G: c.conf.Group,
PublicKey: clientPublicKey,
MaskingKey: maskingKey,
Envelope: envelope.Serialize(),
Expand All @@ -130,7 +135,10 @@ func (c *Client) registrationFinalize(
// clientInfo is optional client information sent in clear, and only authenticated in KE3.
func (c *Client) LoginInit(password []byte) *message.KE1 {
m := c.OPRF.Blind(password)
credReq := &message.CredentialRequest{BlindedMessage: m}
credReq := &message.CredentialRequest{
C: c.conf.OPRF,
BlindedMessage: m,
}
ke1 := c.Ake.Start(c.conf.Group)
ke1.CredentialRequest = credReq
c.Ake.Ke1 = ke1.Serialize()
Expand Down
35 changes: 4 additions & 31 deletions deserializer.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ package opaque

import (
"errors"
"log"

"github.com/bytemare/crypto/group"

Expand Down Expand Up @@ -44,10 +45,6 @@ func (d *Deserializer) RegistrationRequest(registrationRequest []byte) (*message
return nil, errInvalidBlindedData
}

if blindedMessage.IsIdentity() {
return nil, errInvalidBlindedData
}

return &message.RegistrationRequest{C: d.conf.OPRF, BlindedMessage: blindedMessage}, nil
}

Expand All @@ -69,19 +66,11 @@ func (d *Deserializer) RegistrationResponse(registrationResponse []byte) (*messa
return nil, errInvalidEvaluatedData
}

if evaluatedMessage.IsIdentity() {
return nil, errInvalidEvaluatedData
}

pks, err := d.conf.Group.NewElement().Decode(registrationResponse[d.conf.OPRFPointLength:])
if err != nil {
return nil, errInvalidServerPK
}

if pks.IsIdentity() {
return nil, errInvalidServerPK
}

return &message.RegistrationResponse{
C: d.conf.OPRF,
G: d.conf.Group,
Expand Down Expand Up @@ -110,10 +99,6 @@ func (d *Deserializer) RegistrationRecord(record []byte) (*message.RegistrationR
return nil, errInvalidClientPK
}

if pku.IsIdentity() {
return nil, errInvalidClientPK
}

return &message.RegistrationRecord{
G: d.conf.Group,
PublicKey: pku,
Expand All @@ -131,10 +116,6 @@ func (d *Deserializer) deserializeCredentialResponse(
return nil, errInvalidEvaluatedData
}

if data.IsIdentity() {
return nil, errInvalidEvaluatedData
}

return &message.CredentialResponse{
C: d.conf.OPRF,
EvaluatedMessage: data,
Expand All @@ -158,22 +139,15 @@ func (d *Deserializer) KE1(ke1 []byte) (*message.KE1, error) {
return nil, errInvalidBlindedData
}

if blindedMessage.IsIdentity() {
return nil, errInvalidBlindedData
}

nonceU := ke1[d.conf.OPRFPointLength : d.conf.OPRFPointLength+d.conf.NonceLen]

epku, err := d.conf.Group.NewElement().Decode(ke1[d.conf.OPRFPointLength+d.conf.NonceLen:])
if err != nil {
return nil, errInvalidClientEPK
}

if epku.IsIdentity() {
return nil, errInvalidClientEPK
}

return &message.KE1{
G: d.conf.Group,
CredentialRequest: &message.CredentialRequest{
C: d.conf.OPRF,
BlindedMessage: blindedMessage,
Expand Down Expand Up @@ -217,11 +191,10 @@ func (d *Deserializer) KE2(ke2 []byte) (*message.KE2, error) {
return nil, errInvalidServerEPK
}

if epks.IsIdentity() {
return nil, errInvalidServerEPK
}
log.Printf("group %v", d.conf.Group)

return &message.KE2{
G: d.conf.Group,
CredentialResponse: cresp,
NonceS: nonceS,
EpkS: epks,
Expand Down
Loading

0 comments on commit d51f93e

Please sign in to comment.