Fixing merge issues and recompiling test vectors

kevinlewi · kevinlewi · commit cab78712bd40 · 2023-05-21T02:08:18.000-07:00
diff --git a/poc/opaque_ake.sage b/poc/opaque_ake.sage
@@ -102,7 +102,7 @@ class OPAQUE3DH(KeyExchange):
     def auth_client_start(self):
         self.client_nonce = self.rng.random_bytes(OPAQUE_NONCE_LENGTH)
         self.client_private_keyshare = self.config.group.random_scalar(self.rng)
-        self.client_public_keyshare_bytes = self.config.group.scalar_mult(self.client_private_keyshare, self.config.group.generator())
+        self.client_public_keyshare_bytes = self.config.group.serialize(self.config.group.scalar_mult(self.client_private_keyshare, self.config.group.generator()))
         return TripleDHMessageInit(self.client_nonce, self.client_public_keyshare_bytes)
 
     def generate_ke1(self, password):
@@ -134,8 +134,8 @@ class OPAQUE3DH(KeyExchange):
 
     def auth_server_respond(self, cred_request, cred_response, ke1, cleartext_credentials, server_private_key, client_public_key):
         self.server_nonce = self.rng.random_bytes(OPAQUE_NONCE_LENGTH)
-        self.server_private_keyshare = ZZ(self.config.group.random_scalar(self.rng))
-        self.server_public_keyshare = self.server_private_keyshare * self.config.group.generator()
+        self.server_private_keyshare = self.config.group.random_scalar(self.rng)
+        self.server_public_keyshare = self.config.group.scalar_mult(self.server_private_keyshare, self.config.group.generator())
         server_public_keyshare_bytes = self.config.group.serialize(self.server_public_keyshare)
         client_public_keyshare = self.config.group.deserialize(ke1.client_public_keyshare)
 
@@ -200,11 +200,15 @@ class OPAQUE3DH(KeyExchange):
         cred_response, offset = deserialize_credential_response(self.config, msg)
         ake2 = deserialize_tripleDH_respond(self.config, msg[offset:])
         client_private_key_bytes, cleartext_credentials, export_key = self.core.recover_credentials(self.password, self.cred_metadata, cred_response, client_identity, server_identity)
-        client_private_key = OS2IP(client_private_key_bytes)
-        if "ristretto" in self.config.group.name or "decaf" in self.config.group.name:
+
+        if "curve25519" in self.config.group.name:
+            client_private_key = client_private_key_bytes
+        elif "ristretto" in self.config.group.name or "decaf" in self.config.group.name:
             client_private_key = OS2IP_le(client_private_key_bytes)
-        self.export_key = export_key
+        else:
+            client_private_key = OS2IP(client_private_key_bytes)
 
+        self.export_key = export_key
         ke3 = self.auth_client_finalize(cred_response, ake2, cleartext_credentials, client_private_key, client_public_key)
 
         return ke3.serialize()
diff --git a/poc/opaque_core.sage b/poc/opaque_core.sage
@@ -73,7 +73,7 @@ class OPAQUECore(object):
             client_identity = client_public_key_bytes
         return CleartextCredentials(server_public_key_bytes, client_identity, server_identity)
 
-    def create_envelope(self, randomized_password, server_public_key, client_identity, server_identity):
+    def create_envelope(self, randomized_password, encoded_server_public_key, client_identity, server_identity):
         envelope_nonce = self.rng.random_bytes(OPAQUE_NONCE_LENGTH)
         Nh = self.config.hash().digest_size
         auth_key = self.config.kdf.expand(randomized_password, envelope_nonce + _as_bytes("AuthKey"), Nh)
@@ -85,7 +85,7 @@ class OPAQUECore(object):
         pk_bytes = self.config.group.serialize(client_public_key)
         encoded_client_public_key = self.config.group.serialize(client_public_key)
 
-        cleartext_credentials = self.create_cleartext_credentials(server_public_key, client_public_key, server_identity, client_identity)
+        cleartext_credentials = self.create_cleartext_credentials(encoded_server_public_key, encoded_client_public_key, server_identity, client_identity)
         auth_tag = self.config.mac.mac(auth_key, envelope_nonce + cleartext_credentials.serialize())
         envelope = Envelope(envelope_nonce, auth_tag)
 
diff --git a/poc/vectors/formatted.txt b/poc/vectors/formatted.txt
@@ -272,10 +272,8 @@ server_nonce: 71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e
 138e3d4a1
 client_nonce: da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb38
 0cae6a6cc
-server_keyshare: 41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25
-d477f7205026
-client_keyshare: 10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78a
-ffd80026c911
+server_public_keyshare: 41f55f0bef355cfb34ccd468fdacad75865ee7efef95f
+4cb6c25d477f7205026
 server_private_keyshare: 00a4f54206eef1ba2f615bc0aa285cb22f26d1153b5b
 40a1e85ff80da12f986f
 client_private_keyshare: 80850a697b42a505f5b68fcdafce8c31f0af2b581f06
@@ -293,9 +291,9 @@ client_public_key: 0936ea94ab030ec332e29050d266c520e916731a052d05ced7
 e0cfe751142b48
 auth_key: 7e880ab484f750e80e6f839d975aff476070ce65066d85ea62523d1d576
 4739d91307fac47186a4ab935e6a5c7f70cb47faa9473311947502c022cc67ae9440c
-randomized_pwd: 3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844
-f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963
-fbb2e1
+randomized_password: 3a602c295a9c323d9362fe286f104567ed6862b25dbe30fa
+da844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8
+f3963fbb2e1
 envelope: 40d6b67fdd7da7c49894750754514dbd2070a407166bd2a5237cca9bf44
 d6e0b20c1e81fef28e92e897ca8287d49a55075b47c3988ff0fff367d79a3e350ccac
 150b4a3ff48b4770c8e84e437b3d4e68d2b95833f7788f7eb93fa6a8afb85ecb
@@ -391,10 +389,8 @@ server_nonce: 71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e
 138e3d4a1
 client_nonce: da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb38
 0cae6a6cc
-server_keyshare: 41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25
-d477f7205026
-client_keyshare: 10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78a
-ffd80026c911
+server_public_keyshare: 41f55f0bef355cfb34ccd468fdacad75865ee7efef95f
+4cb6c25d477f7205026
 server_private_keyshare: 00a4f54206eef1ba2f615bc0aa285cb22f26d1153b5b
 40a1e85ff80da12f986f
 client_private_keyshare: 80850a697b42a505f5b68fcdafce8c31f0af2b581f06
@@ -412,9 +408,9 @@ client_public_key: 0936ea94ab030ec332e29050d266c520e916731a052d05ced7
 e0cfe751142b48
 auth_key: 7e880ab484f750e80e6f839d975aff476070ce65066d85ea62523d1d576
 4739d91307fac47186a4ab935e6a5c7f70cb47faa9473311947502c022cc67ae9440c
-randomized_pwd: 3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844
-f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963
-fbb2e1
+randomized_password: 3a602c295a9c323d9362fe286f104567ed6862b25dbe30fa
+da844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8
+f3963fbb2e1
 envelope: 40d6b67fdd7da7c49894750754514dbd2070a407166bd2a5237cca9bf44
 d6e0bb4c0eab6143959a650c5f6b32acf162b1fbe95bb36c5c4f99df53865c4d3537d
 69061d80522d772cd0efdbe91f817f6bf7259a56e20b4eb9cbe9443702f4b759
@@ -787,8 +783,8 @@ server_public_key: 78b3040047ff26572a7619617601a61b9c81899bee92f00cfc
 aa5eed96863555
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
-server_keyshare: 2d9055eb8f83e1b497370adad5cc2a417bf9be436a792def0c7b
-7ccb92b9e275
+server_public_keyshare: 2d9055eb8f83e1b497370adad5cc2a417bf9be436a792
+def0c7b7ccb92b9e275
 server_private_keyshare: 300b0937f47d45f6123a4d8f0d0c0814b6120d840ebb
 8bc5b4f6b62df07f7842
 masking_key: 79ad2621b0757a447dff7108a8ae20a068ce67872095620f415ea611
diff --git a/poc/vectors/vectors.json b/poc/vectors/vectors.json
@@ -136,19 +136,19 @@
     "inputs": {
       "blind_login": "6ecc102d2e7a7cf49617aad7bbe188556792d4acd60a1a8a8d2b65d4b0790308",
       "blind_registration": "c575731ffe1cb0ca5ba63b42c4699767b8b9ab78ba39316ee04baddb2034a70a",
-      "client_keyshare": "10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78affd80026c911",
       "client_nonce": "da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb380cae6a6cc",
       "client_private_keyshare": "80850a697b42a505f5b68fcdafce8c31f0af2b581f063cf1091933541936304b",
+      "client_public_keyshare": "10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78affd80026c911",
       "credential_identifier": "31323334",
       "envelope_nonce": "40d6b67fdd7da7c49894750754514dbd2070a407166bd2a5237cca9bf44d6e0b",
       "masking_nonce": "38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80f612fdfc6d",
       "oprf_seed": "a78342ab84d3d30f08d5a9630c79bf311c31ed7f85d9d4959bf492ec67a0eec8a67dfbf4497248eebd49e878aab173e5e4ff76354288fdd53e949a5f7c9f7f1b",
       "password": "436f7272656374486f72736542617474657279537461706c65",
-      "server_keyshare": "41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25d477f7205026",
       "server_nonce": "71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e138e3d4a1",
       "server_private_key": "c06139381df63bfc91c850db0b9cfbec7a62e86d80040a41aa7725bf0e79d564",
       "server_private_keyshare": "00a4f54206eef1ba2f615bc0aa285cb22f26d1153b5b40a1e85ff80da12f986f",
-      "server_public_key": "a41e28269b4e97a66468cc00c5a57753e192e152766989770688aa90486ef031"
+      "server_public_key": "a41e28269b4e97a66468cc00c5a57753e192e152766989770688aa90486ef031",
+      "server_public_keyshare": "41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25d477f7205026"
     },
     "intermediates": {
       "auth_key": "7e880ab484f750e80e6f839d975aff476070ce65066d85ea62523d1d5764739d91307fac47186a4ab935e6a5c7f70cb47faa9473311947502c022cc67ae9440c",
@@ -158,7 +158,7 @@
       "handshake_secret": "6936d2b78f13d865997dd37c42c741dfe4c0297199e55d7f8891fa4771ed2357e990b44faec69733c607b7541442b5f27ea01513b4f0b84545e0ff7581ea7764",
       "masking_key": "6d23c6ed818882f9bdfdcf91389fcbc0b7a3faf92bd0bd6be4a1e7730277b694fc7c6ba327fbe786af18487688e0f7c148bbd54dc2fc80c28e7a976d9ef53c35",
       "oprf_key": "62ef7f7d9506a14600c34f642aaf6ef8019cc82a6755db4fded5248ea146030a",
-      "randomized_pwd": "3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963fbb2e1",
+      "randomized_password": "3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963fbb2e1",
       "server_mac_key": "62a11be878ecfcbd7c8875e86a0f479befcb4b1742480c9ac2d2a5fa8d9e96c3bf60edb953ba15e32dc3e2cba60029c0c61481fdc7a80946f596b77fff6b18ee"
     },
     "outputs": {
@@ -194,20 +194,20 @@
       "blind_login": "6ecc102d2e7a7cf49617aad7bbe188556792d4acd60a1a8a8d2b65d4b0790308",
       "blind_registration": "c575731ffe1cb0ca5ba63b42c4699767b8b9ab78ba39316ee04baddb2034a70a",
       "client_identity": "616c696365",
-      "client_keyshare": "10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78affd80026c911",
       "client_nonce": "da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb380cae6a6cc",
       "client_private_keyshare": "80850a697b42a505f5b68fcdafce8c31f0af2b581f063cf1091933541936304b",
+      "client_public_keyshare": "10a83b9117d3798cb2957fbdb0268a0d63dbf9d66bde5c00c78affd80026c911",
       "credential_identifier": "31323334",
       "envelope_nonce": "40d6b67fdd7da7c49894750754514dbd2070a407166bd2a5237cca9bf44d6e0b",
       "masking_nonce": "38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80f612fdfc6d",
       "oprf_seed": "a78342ab84d3d30f08d5a9630c79bf311c31ed7f85d9d4959bf492ec67a0eec8a67dfbf4497248eebd49e878aab173e5e4ff76354288fdd53e949a5f7c9f7f1b",
       "password": "436f7272656374486f72736542617474657279537461706c65",
       "server_identity": "626f62",
-      "server_keyshare": "41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25d477f7205026",
       "server_nonce": "71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e138e3d4a1",
       "server_private_key": "c06139381df63bfc91c850db0b9cfbec7a62e86d80040a41aa7725bf0e79d564",
       "server_private_keyshare": "00a4f54206eef1ba2f615bc0aa285cb22f26d1153b5b40a1e85ff80da12f986f",
-      "server_public_key": "a41e28269b4e97a66468cc00c5a57753e192e152766989770688aa90486ef031"
+      "server_public_key": "a41e28269b4e97a66468cc00c5a57753e192e152766989770688aa90486ef031",
+      "server_public_keyshare": "41f55f0bef355cfb34ccd468fdacad75865ee7efef95f4cb6c25d477f7205026"
     },
     "intermediates": {
       "auth_key": "7e880ab484f750e80e6f839d975aff476070ce65066d85ea62523d1d5764739d91307fac47186a4ab935e6a5c7f70cb47faa9473311947502c022cc67ae9440c",
@@ -217,7 +217,7 @@
       "handshake_secret": "f5b8fa77a67e638114899eca80c3549aa2c8e277a3412bccbe0a7e3943a5798d1e5ede2a847144759b17eb253f2f65efcccf82fe7b5f26e17175713dbe845786",
       "masking_key": "6d23c6ed818882f9bdfdcf91389fcbc0b7a3faf92bd0bd6be4a1e7730277b694fc7c6ba327fbe786af18487688e0f7c148bbd54dc2fc80c28e7a976d9ef53c35",
       "oprf_key": "62ef7f7d9506a14600c34f642aaf6ef8019cc82a6755db4fded5248ea146030a",
-      "randomized_pwd": "3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963fbb2e1",
+      "randomized_password": "3a602c295a9c323d9362fe286f104567ed6862b25dbe30fada844f19e41cf40047424b7118e15dc2c1a815a70fea5c8de6c30aa61440cd4b4b5e8f3963fbb2e1",
       "server_mac_key": "a8cdc5647342743be8ae6fc51e7105651b16bcb5fe4913834e7c2139dbc06d84c75215e7e84e1785f431c925844eb8c9c0d14959239422368166f41485e7847a"
     },
     "outputs": {
@@ -414,11 +414,11 @@
       "masking_nonce": "9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c619e27b6e5a6",
       "oprf_seed": "66e650652a8266b2205f31fdd68adeb739a05b5e650b19e7edc75e734a1296d6088188ca46c31ae8ccbd42a52ed338c06e53645387a7efbc94b6a0449526155e",
       "server_identity": "626f62",
-      "server_keyshare": "2d9055eb8f83e1b497370adad5cc2a417bf9be436a792def0c7b7ccb92b9e275",
       "server_nonce": "1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813055ae2d12",
       "server_private_key": "30fbe7e830be1fe8d2187c97414e3826040cbe49b893b64229bab5e85a588846",
       "server_private_keyshare": "300b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc5b4f6b62df07f7842",
-      "server_public_key": "78b3040047ff26572a7619617601a61b9c81899bee92f00cfcaa5eed96863555"
+      "server_public_key": "78b3040047ff26572a7619617601a61b9c81899bee92f00cfcaa5eed96863555",
+      "server_public_keyshare": "2d9055eb8f83e1b497370adad5cc2a417bf9be436a792def0c7b7ccb92b9e275"
     },
     "intermediates": {},
     "outputs": {
