[v1] Re-export curve25519-dalek

.github/workflows/main.yml

@@ -4,7 +4,7 @@ on:
     branches:
       - master
   pull_request:
-    types: [opened, repoened, synchronize]
+    types: [opened, reopened, synchronize]
 
 jobs:
   test:
@@ -17,7 +17,7 @@ jobs:
           - u32_backend
         toolchain:
           - stable
-          - 1.51.0
+          - 1.56.0
     name: test
     steps:
       - name: Checkout sources
@@ -87,7 +87,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.51.0
+          - 1.56.0
     name: test simple_login command-line example
     steps:
       - name: install expect
@@ -111,7 +111,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.51.0
+          - 1.56.0
     name: test digital_locker command-line example
     steps:
       - name: install expect

Cargo.toml

@@ -1,23 +1,22 @@
 [package]
-name = "opaque-ke"
-version = "1.2.0"
-repository = "https://github.com/novifinancial/opaque-ke"
-keywords = ["cryptography", "crypto", "opaque", "passwords", "authentication"]
+authors = ["Kevin Lewi <klewi@fb.com>", "François Garillot <fga@fb.com>"]
 categories = ["no-std"]
 description = "An implementation of the OPAQUE password-authenticated key exchange protocol"
-authors = ["Kevin Lewi <klewi@fb.com>", "François Garillot <fga@fb.com>"]
+edition = "2021"
+keywords = ["cryptography", "crypto", "opaque", "passwords", "authentication"]
 license = "MIT"
-edition = "2018"
+name = "opaque-ke"
 readme = "README.md"
-resolver = "2"
+repository = "https://github.com/novifinancial/opaque-ke"
+version = "1.2.0"
 
 [features]
+bench = []
 default = ["u64_backend"]
 slow-hash = ["scrypt"]
 std = ["curve25519-dalek/std", "getrandom", "rand/std", "rand/std_rng"]
-bench = []
-u64_backend = ["curve25519-dalek/u64_backend"]
 u32_backend = ["curve25519-dalek/u32_backend"]
+u64_backend = ["curve25519-dalek/u64_backend"]
 
 [dependencies]
 constant_time_eq = "0.1"
@@ -44,12 +43,12 @@ criterion = "0.3"
 hex = "0.4"
 lazy_static = "1"
 opaque-ke = { path = "", default-features = false, features = ["std"] }
-serde_json = "1"
-sha2 = "0.9"
 proptest = "1"
 rustyline = "8"
+serde_json = "1"
+sha2 = "0.9"
 
 [[bench]]
-name = "oprf"
 harness = false
+name = "oprf"
 required-features = ["bench"]

README.md

@@ -27,7 +27,7 @@ opaque-ke = "1"
 
 ### Minimum Supported Rust Version
 
-Rust **1.51** or higher.
+Rust **1.56** or higher.
 
 Resources
 ---------

examples/digital_locker.rs

@@ -155,7 +155,7 @@ fn open_locker(
     let server_login_start_result = ServerLogin::start(
         &mut server_rng,
         password_file,
-        &server_kp.private(),
+        server_kp.private(),
         CredentialRequest::deserialize(&credential_request_bytes[..]).unwrap(),
         ServerLoginStartParameters::default(),
     )

examples/simple_login.rs

@@ -108,7 +108,7 @@ fn account_login(
     let server_login_start_result = ServerLogin::start(
         &mut server_rng,
         password_file,
-        &server_kp.private(),
+        server_kp.private(),
         CredentialRequest::deserialize(&credential_request_bytes[..]).unwrap(),
         ServerLoginStartParameters::default(),
     )

src/key_exchange/tripledh.rs

@@ -89,12 +89,12 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {
 
         let mut transcript_hasher = D::new()
             .chain(STR_3DH)
-            .chain(&serialize(&id_u, 2)?)
+            .chain(serialize(&id_u, 2)?)
             .chain(&serialized_credential_request[..])
-            .chain(&serialize(&id_s, 2)?)
+            .chain(serialize(&id_s, 2)?)
             .chain(&l2_bytes[..])
             .chain(&server_nonce[..])
-            .chain(&server_e_kp.public().to_arr());
+            .chain(server_e_kp.public().to_arr());
 
         let (session_key, km2, ke2, km3) = derive_3dh_keys::<D, G>(
             TripleDHComponents {
@@ -157,11 +157,11 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {
     ) -> Result<(Vec<u8>, Vec<u8>, Self::KE3Message), ProtocolError> {
         let mut transcript_hasher = D::new()
             .chain(STR_3DH)
-            .chain(&serialize(&id_u, 2)?)
-            .chain(&serialized_credential_request)
-            .chain(&serialize(&id_s, 2)?)
+            .chain(serialize(&id_u, 2)?)
+            .chain(serialized_credential_request)
+            .chain(serialize(&id_s, 2)?)
             .chain(&l2_component[..])
-            .chain(&ke2_message.to_bytes_without_info_or_mac());
+            .chain(ke2_message.to_bytes_without_info_or_mac());
 
         let (session_key, km2, ke2, km3) = derive_3dh_keys::<D, G>(
             TripleDHComponents {
@@ -187,7 +187,7 @@ impl<D: Hash, G: Group> KeyExchange<D, G> for TripleDH {
             ));
         }
 
-        transcript_hasher.update(ke2_message.mac.to_vec());
+        transcript_hasher.update(&ke2_message.mac);
 
         let mut client_mac =
             Hmac::<D>::new_from_slice(&km3).map_err(|_| InternalPakeError::HmacError)?;

src/lib.rs

@@ -759,6 +759,7 @@ mod tests;
 
 // Exports
 
+pub use curve25519_dalek;
 pub use rand;
 
 pub use crate::messages::{

src/opaque.rs

@@ -41,7 +41,7 @@ impl<CS: CipherSuite> ClientRegistration<CS> {
     /// Serialization into bytes
     pub fn serialize(&self) -> Vec<u8> {
         let output: Vec<u8> = [
-            &self.alpha.to_arr().to_vec(),
+            &self.alpha.to_arr(),
             &CS::Group::scalar_as_bytes(&self.token.blind)[..],
             &self.token.data,
         ]
@@ -217,7 +217,7 @@ impl<CS: CipherSuite> ClientRegistration<CS> {
         let (envelope, export_key) = Envelope::<CS::Hash>::seal(
             rng,
             &password_derived_key,
-            &client_static_keypair.private().to_arr().to_vec(),
+            &client_static_keypair.private().to_arr(),
             &r2.server_s_pk,
             optional_ids,
         )?;

src/oprf.rs

@@ -67,7 +67,7 @@ fn finalize_after_unblind<G: GroupWithMapToCurve, H: Hash>(
     let finalize_dst = [STR_VOPRF_FINALIZE, &G::get_context_string(MODE_BASE)?].concat();
     let hash_input = [
         serialize(input, 2)?,
-        serialize(&unblinded_element.to_arr().to_vec(), 2)?,
+        serialize(&unblinded_element.to_arr(), 2)?,
         serialize(&finalize_dst, 2)?,
     ]
     .concat();
@@ -130,7 +130,7 @@ mod tests {
             RistrettoPoint::from_scalar_slice(GenericArray::from_slice(&oprf_key[..])).unwrap();
         let res = point * scalar;
 
-        finalize_after_unblind::<RistrettoPoint, sha2::Sha512>(&input, res).unwrap()
+        finalize_after_unblind::<RistrettoPoint, sha2::Sha512>(input, res).unwrap()
     }
 
     #[test]
@@ -146,7 +146,7 @@ mod tests {
         let beta = evaluate::<RistrettoPoint>(alpha, &oprf_key);
         let res =
             finalize::<RistrettoPoint, sha2::Sha512>(&token.data, &token.blind, beta).unwrap();
-        let res2 = prf(&input[..], &oprf_key.as_bytes());
+        let res2 = prf(&input[..], oprf_key.as_bytes());
         assert_eq!(res, res2);
     }
 

src/serialization/mod.rs

@@ -16,7 +16,7 @@ pub(crate) fn i2osp(input: usize, length: usize) -> Result<Vec<u8>, PakeError> {
     }
 
     if length <= sizeof_usize {
-        return Ok((&input.to_be_bytes()[sizeof_usize - length..]).to_vec());
+        return Ok(input.to_be_bytes()[sizeof_usize - length..].to_vec());
     }
 
     let mut output = alloc::vec![0u8; length];

src/serialization/tests.rs

@@ -136,7 +136,7 @@ fn registration_response_roundtrip() {
 
     let mut input = Vec::new();
     input.extend_from_slice(beta_bytes.as_slice());
-    input.extend_from_slice(&pubkey_bytes.as_slice());
+    input.extend_from_slice(pubkey_bytes.as_slice());
 
     let r2 = RegistrationResponse::<Default>::deserialize(input.as_slice()).unwrap();
     let r2_bytes = r2.serialize();
@@ -200,7 +200,7 @@ fn credential_request_roundtrip() {
 
     let ke1m: Vec<u8> = [
         &client_nonce[..],
-        &serialize(&info.to_vec(), 2).unwrap(),
+        &serialize(info.as_ref(), 2).unwrap(),
         &client_e_kp.public(),
     ]
     .concat();
@@ -261,7 +261,7 @@ fn credential_response_roundtrip() {
     let ke2m: Vec<u8> = [
         &server_nonce[..],
         &server_e_kp.public(),
-        &serialize(&e_info.to_vec(), 2).unwrap(),
+        &serialize(e_info.as_ref(), 2).unwrap(),
         &mac[..],
     ]
     .concat();
@@ -270,7 +270,7 @@ fn credential_response_roundtrip() {
 
     let mut input = Vec::new();
     input.extend_from_slice(pt_bytes.as_slice());
-    input.extend_from_slice(&pubkey_bytes.as_slice());
+    input.extend_from_slice(pubkey_bytes.as_slice());
     input.extend_from_slice(&serialized_envelope);
     input.extend_from_slice(&ke2m[..]);
 
@@ -348,7 +348,7 @@ fn ke1_message_roundtrip() {
 
     let ke1m: Vec<u8> = [
         &client_nonce[..],
-        &serialize(&info.to_vec(), 2).unwrap(),
+        &serialize(info.as_ref(), 2).unwrap(),
         &client_e_kp.public(),
     ]
     .concat();
@@ -374,7 +374,7 @@ fn ke2_message_roundtrip() {
     let ke2m: Vec<u8> = [
         &server_nonce[..],
         &server_e_kp.public(),
-        &serialize(&e_info.to_vec(), 2).unwrap(),
+        &serialize(e_info.as_ref(), 2).unwrap(),
         &mac[..],
     ]
     .concat();
@@ -410,52 +410,52 @@ fn test_i2osp_os2ip(bytes in vec(any::<u8>(), 0..core::mem::size_of::<usize>()))
 
 #[test]
 fn test_nocrash_registration_request(bytes in vec(any::<u8>(), 0..200)) {
-    RegistrationRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =RegistrationRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_registration_response(bytes in vec(any::<u8>(), 0..200)) {
-    RegistrationResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =RegistrationResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_registration_upload(bytes in vec(any::<u8>(), 0..200)) {
-    RegistrationUpload::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =RegistrationUpload::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_credential_request(bytes in vec(any::<u8>(), 0..500)) {
-    CredentialRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =CredentialRequest::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_credential_response(bytes in vec(any::<u8>(), 0..500)) {
-    CredentialResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =CredentialResponse::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_credential_finalization(bytes in vec(any::<u8>(), 0..500)) {
-    CredentialFinalization::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =CredentialFinalization::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_client_registration(bytes in vec(any::<u8>(), 0..700)) {
-    ClientRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =ClientRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_server_registration(bytes in vec(any::<u8>(), 0..700)) {
-    ServerRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =ServerRegistration::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_client_login(bytes in vec(any::<u8>(), 0..700)) {
-    ClientLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =ClientLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 #[test]
 fn test_nocrash_server_login(bytes in vec(any::<u8>(), 0..700)) {
-    ServerLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
+    let _ =ServerLogin::<Default>::deserialize(&bytes[..]).map_or(true, |_| true);
 }
 
 }