Refactor and add tests (#29)

* run license check before linter * refactor test files * fix forgotten group identifier in messages for serialization and added runtime test to fail * move some things around * add tests, rework fake credentials, refine examples, add licence headers * don't check for identity point on deserialization as it's now integrated in Decode() Signed-off-by: bytemare <[email protected]>
bytemare · Apr 4, 2022 · d51f93e · d51f93e
1 parent 90c2e04
commit d51f93e
Show file tree

Hide file tree

Showing 21 changed files with 1,645 additions and 1,117 deletions.
diff --git a/client.go b/client.go
@@ -74,7 +74,11 @@ func (c *Client) buildPRK(evaluation *group.Point) []byte {
 // RegistrationInit returns a RegistrationRequest message blinding the given password.
 func (c *Client) RegistrationInit(password []byte) *message.RegistrationRequest {
  m := c.OPRF.Blind(password)
- return &message.RegistrationRequest{BlindedMessage: m}
+
+ return &message.RegistrationRequest{
+ C: c.conf.OPRF,
+ BlindedMessage: m,
+ }
 }
 
 // RegistrationFinalizeWithNonce returns a RegistrationRecord message given the identities, server's
@@ -120,6 +124,7 @@ func (c *Client) registrationFinalize(
  )
 
  return &message.RegistrationRecord{
+ G: c.conf.Group,
  PublicKey: clientPublicKey,
  MaskingKey: maskingKey,
  Envelope: envelope.Serialize(),
@@ -130,7 +135,10 @@ func (c *Client) registrationFinalize(
 // clientInfo is optional client information sent in clear, and only authenticated in KE3.
 func (c *Client) LoginInit(password []byte) *message.KE1 {
  m := c.OPRF.Blind(password)
- credReq := &message.CredentialRequest{BlindedMessage: m}
+ credReq := &message.CredentialRequest{
+ C: c.conf.OPRF,
+ BlindedMessage: m,
+ }
  ke1 := c.Ake.Start(c.conf.Group)
  ke1.CredentialRequest = credReq
  c.Ake.Ke1 = ke1.Serialize()

diff --git a/deserializer.go b/deserializer.go
@@ -10,6 +10,7 @@ package opaque
 
 import (
  "errors"
+ "log"
 
  "github.com/bytemare/crypto/group"
 
@@ -44,10 +45,6 @@ func (d *Deserializer) RegistrationRequest(registrationRequest []byte) (*message
  return nil, errInvalidBlindedData
  }
 
- if blindedMessage.IsIdentity() {
- return nil, errInvalidBlindedData
- }
-
  return &message.RegistrationRequest{C: d.conf.OPRF, BlindedMessage: blindedMessage}, nil
 }
 
@@ -69,19 +66,11 @@ func (d *Deserializer) RegistrationResponse(registrationResponse []byte) (*messa
  return nil, errInvalidEvaluatedData
  }
 
- if evaluatedMessage.IsIdentity() {
- return nil, errInvalidEvaluatedData
- }
-
  pks, err := d.conf.Group.NewElement().Decode(registrationResponse[d.conf.OPRFPointLength:])
  if err != nil {
  return nil, errInvalidServerPK
  }
 
- if pks.IsIdentity() {
- return nil, errInvalidServerPK
- }
-
  return &message.RegistrationResponse{
  C: d.conf.OPRF,
  G: d.conf.Group,
@@ -110,10 +99,6 @@ func (d *Deserializer) RegistrationRecord(record []byte) (*message.RegistrationR
  return nil, errInvalidClientPK
  }
 
- if pku.IsIdentity() {
- return nil, errInvalidClientPK
- }
-
  return &message.RegistrationRecord{
  G: d.conf.Group,
  PublicKey: pku,
@@ -131,10 +116,6 @@ func (d *Deserializer) deserializeCredentialResponse(
  return nil, errInvalidEvaluatedData
  }
 
- if data.IsIdentity() {
- return nil, errInvalidEvaluatedData
- }
-
  return &message.CredentialResponse{
  C: d.conf.OPRF,
  EvaluatedMessage: data,
@@ -158,22 +139,15 @@ func (d *Deserializer) KE1(ke1 []byte) (*message.KE1, error) {
  return nil, errInvalidBlindedData
  }
 
- if blindedMessage.IsIdentity() {
- return nil, errInvalidBlindedData
- }
-
  nonceU := ke1[d.conf.OPRFPointLength : d.conf.OPRFPointLength+d.conf.NonceLen]
 
  epku, err := d.conf.Group.NewElement().Decode(ke1[d.conf.OPRFPointLength+d.conf.NonceLen:])
  if err != nil {
  return nil, errInvalidClientEPK
  }
 
- if epku.IsIdentity() {
- return nil, errInvalidClientEPK
- }
-
  return &message.KE1{
+ G: d.conf.Group,
  CredentialRequest: &message.CredentialRequest{
  C: d.conf.OPRF,
  BlindedMessage: blindedMessage,
@@ -217,11 +191,10 @@ func (d *Deserializer) KE2(ke2 []byte) (*message.KE2, error) {
  return nil, errInvalidServerEPK
  }
 
- if epks.IsIdentity() {
- return nil, errInvalidServerEPK
- }
+ log.Printf("group %v", d.conf.Group)
 
  return &message.KE2{
+ G: d.conf.Group,
  CredentialResponse: cresp,
  NonceS: nonceS,
  EpkS: epks,