Group revamp (#261)

* Revamp `KeGroup` trait

* Update dependencies

* Fix `hash_to_scalar` using `OprfGroup` instead of `KeGroup`

* Relax constraints on associated types of `KeGroup`

* Improve `KeGroup` implementation on `Curve`

* Improve `KeyExchange` trait

* Fix new Clippy 1.59 warnings

.github/workflows/main.yml

@@ -13,13 +13,20 @@ jobs:
       fail-fast: false
       matrix:
         backend_feature:
-          - ristretto255_u64
-          - ristretto255_u32
-          - p256
-          - x25519_u64,ristretto255_u64
+          - --features ristretto255_u64,ristretto255_voprf
+          - --features ristretto255_u32,ristretto255_voprf
+          - 
+          - --features x25519_u64,ristretto255_u64,ristretto255_voprf
+          - --features x25519_u32,ristretto255_u32,ristretto255_voprf
+          - --features x25519_u64
+          - --features x25519_u32
+        frontend_feature:
+          - 
+          - --features slow-hash
+          - --features serde
         toolchain:
           - stable
-          - 1.56.1
+          - 1.57.0
     name: test
     steps:
       - name: Checkout sources
@@ -36,13 +43,13 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --no-default-features --features ${{ matrix.backend_feature }}
+          args: --no-default-features ${{ matrix.backend_feature }} ${{ matrix.frontend_feature }}
 
       - name: Run cargo test with std
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --no-default-features --features std --features ${{ matrix.backend_feature }}
+          args: --no-default-features --features std ${{ matrix.backend_feature }} ${{ matrix.frontend_feature }}
 
   cross-test:
     name: Test on ${{ matrix.target }} (using cross)
@@ -54,43 +61,21 @@ jobs:
           # 32-bit x86
           - i686-unknown-linux-gnu
         backend_feature:
-          - ristretto255_u64
-          - ristretto255_u32
-          - p256
-          - x25519_u64,ristretto255_u64
+          - --features ristretto255_u64,ristretto255_voprf
+          - --features ristretto255_u32,ristretto255_voprf
+          - 
+          - x25519_u64,ristretto255_u64,ristretto255_voprf
+          - x25519_u32,ristretto255_u64,ristretto255_voprf
+          - x25519_u64
+          - x25519_u32
     steps:
       - uses: actions/checkout@v2
       - uses: hecrj/setup-rust-action@v1
       - run: cargo install cross
       # Note: just use `cross` as you would `cargo`, but always
       # pass the `--target=${{ matrix.target }}` arg. (Yes, really).
-      - run: cross test --verbose --target=${{ matrix.target }} --no-default-features --features ${{ matrix.backend_feature }}
-      - run: cross test --verbose --target=${{ matrix.target }} --no-default-features --features std --features ${{ matrix.backend_feature }}
-
-  feature-test:
-    name: Test on ${{ matrix.target }} with ${{ matrix.frontend_feature }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        backend_feature:
-          - ristretto255_u64
-          - ristretto255_u32
-          - p256
-          - ristretto255_u64,p256
-          - x25519_u64,ristretto255_u64
-          - x25519_u32,ristretto255_u32
-          - x25519_u64,p256
-          - x25519_u32,p256
-          - x25519_u64,ristretto255_u64,p256
-        frontend_feature:
-          - slow-hash
-          - serde
-    steps:
-      - uses: actions/checkout@v2
-      - uses: hecrj/setup-rust-action@v1
-      - run: cargo test --verbose --features ${{ matrix.frontend_feature }} --no-default-features --features ${{ matrix.backend_feature }}
-      - run: cargo test --verbose --features ${{ matrix.frontend_feature }},std --no-default-features --features ${{ matrix.backend_feature }}
+      - run: cross test --verbose --target=${{ matrix.target }} --no-default-features ${{ matrix.backend_feature }}
+      - run: cross test --verbose --target=${{ matrix.target }} --no-default-features --features std ${{ matrix.backend_feature }}
 
   simple-login-test:
     runs-on: ubuntu-latest
@@ -99,7 +84,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.56.1
+          - 1.57.0
     name: test simple_login command-line example
     steps:
       - name: install expect
@@ -122,7 +107,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.56.1
+          - 1.57.0
     name: test digital_locker command-line example
     steps:
       - name: install expect
@@ -150,10 +135,13 @@ jobs:
           # for any no_std target
           - thumbv6m-none-eabi
         backend_feature:
-          - ristretto255_u64
-          - ristretto255_u32
-          - p256
-          - x25519_u64,ristretto255_u64
+          - ristretto255_u64,ristretto255_voprf
+          - ristretto255_u32,ristretto255_voprf
+          - 
+          - x25519_u64,ristretto255_u64,ristretto255_voprf
+          - x25519_u32,ristretto255_u32,ristretto255_voprf
+          - x25519_u64
+          - x25519_u32
         frontend_feature:
           - slow-hash
           - serde
@@ -170,10 +158,13 @@ jobs:
       fail-fast: false
       matrix:
         backend_feature:
-          - ristretto255_u64
-          - ristretto255_u32
-          - p256
-          - x25519_u64,ristretto255_u64
+          - --features ristretto255_u64,ristretto255_voprf
+          - --features ristretto255_u32,ristretto255_voprf
+          - 
+          - --features x25519_u64,ristretto255_u64,ristretto255_voprf
+          - --features x25519_u32,ristretto255_u32,ristretto255_voprf
+          - --features x25519_u32
+          - --features x25519_u32
     steps:
       - name: Checkout sources
         uses: actions/checkout@v2
@@ -189,7 +180,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: bench
-          args: --no-default-features --features ${{ matrix.backend_feature }} --no-run
+          args: --no-default-features ${{ matrix.backend_feature }} --no-run
 
   clippy:
     name: cargo clippy
@@ -210,15 +201,15 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: clippy
-          args: --all-targets -- -D warnings
+          args: --all-targets --features slow-hash,std,x25519_u64 -- -D warnings
 
       - name: Run cargo doc
         uses: actions-rs/cargo@v1
         env:
           RUSTDOCFLAGS: -D warnings
         with:
           command: doc
-          args: --no-deps --document-private-items --features p256,slow-hash,std
+          args: --no-deps --document-private-items --features slow-hash,std,x25519_u64
 
   format:
     name: cargo fmt

Cargo.toml

@@ -8,47 +8,27 @@ license = "Apache-2.0 OR MIT"
 name = "opaque-ke"
 readme = "README.md"
 repository = "https://github.com/novifinancial/opaque-ke"
-rust-version = "1.56"
+rust-version = "1.57"
 version = "2.0.0-pre.1"
 
 [features]
-default = ["ristretto255_u64", "serde"]
-p256 = ["p256_", "voprf/p256"]
-ristretto255 = []
-ristretto255_fiat_u32 = [
-  "curve25519-dalek/fiat_u32_backend",
-  "ristretto255",
-  "voprf/ristretto255_fiat_u32",
-]
-ristretto255_fiat_u64 = [
-  "curve25519-dalek/fiat_u64_backend",
-  "ristretto255",
-  "voprf/ristretto255_fiat_u64",
-]
-ristretto255_simd = [
-  "curve25519-dalek/simd_backend",
-  "ristretto255",
-  "voprf/ristretto255_simd",
-]
-ristretto255_u32 = [
-  "curve25519-dalek/u32_backend",
-  "ristretto255",
-  "voprf/ristretto255_u32",
-]
-ristretto255_u64 = [
-  "curve25519-dalek/u64_backend",
-  "ristretto255",
-  "voprf/ristretto255_u64",
-]
+default = ["ristretto255_u64", "ristretto255_voprf", "serde"]
+ristretto255 = ["curve25519-dalek", "voprf/ristretto255"]
+ristretto255_fiat_u32 = ["curve25519-dalek/fiat_u32_backend", "ristretto255"]
+ristretto255_fiat_u64 = ["curve25519-dalek/fiat_u64_backend", "ristretto255"]
+ristretto255_simd = ["curve25519-dalek/simd_backend", "ristretto255"]
+ristretto255_u32 = ["curve25519-dalek/u32_backend", "ristretto255"]
+ristretto255_u64 = ["curve25519-dalek/u64_backend", "ristretto255"]
+ristretto255_voprf = ["ristretto255", "voprf/ristretto255-ciphersuite"]
 serde = ["serde_", "generic-array/serde", "voprf/serde"]
 slow-hash = ["argon2"]
 std = ["getrandom", "rand/std", "rand/std_rng", "voprf/std"]
-x25519 = []
+x25519 = ["curve25519-dalek-3"]
 x25519_fiat_u32 = ["x25519", "x25519-dalek/fiat_u32_backend"]
 x25519_fiat_u64 = ["x25519", "x25519-dalek/fiat_u64_backend"]
 # x25519-dalek isn't properly re-exposing `simd_backend`.
 x25519_simd = [
-  "curve25519-dalek/simd_backend",
+  "curve25519-dalek-3/simd_backend",
   "x25519",
   "x25519-dalek/nightly",
 ]
@@ -60,26 +40,23 @@ argon2 = { version = "0.3", default-features = false, features = [
   "alloc",
 ], optional = true }
 constant_time_eq = "0.1"
-curve25519-dalek = { version = "3", default-features = false, optional = true }
-derive-where = { version = "1.0.0-rc.1", features = ["zeroize"] }
+curve25519-dalek = { version = "=4.0.0-pre.1", default-features = false, optional = true }
+curve25519-dalek-3 = { version = "3", package = "curve25519-dalek", default-features = false, optional = true }
+derive-where = { version = "=1.0.0-rc.3", features = ["zeroize-on-drop"] }
 digest = "0.10"
 displaydoc = { version = "0.2", default-features = false }
+elliptic-curve = { version = "0.12.0-pre.1", features = ["hash2curve", "sec1"] }
 generic-array = "0.14"
 getrandom = { version = "0.2", optional = true }
 hkdf = "0.12"
 hmac = "0.12"
-p256_ = { package = "p256", version = "0.10", default-features = false, features = [
-  "arithmetic",
-], optional = true }
 rand = { version = "0.8", default-features = false }
 serde_ = { version = "1", package = "serde", default-features = false, features = [
   "derive",
 ], optional = true }
 subtle = { version = "2.3", default-features = false }
-voprf = { git = "https://github.com/novifinancial/voprf", rev = "55ef981a3f9a12eddd8c372ffdf51818011343ee", default-features = false, features = [
-  "danger",
-] }
-x25519-dalek = { version = "1", default-features = false, optional = true }
+voprf = { version = "0.3", default-features = false, features = ["danger"] }
+x25519-dalek = { version = "=2.0.0-pre.1", default-features = false, optional = true }
 zeroize = { version = "1", features = ["zeroize_derive"] }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
@@ -93,7 +70,12 @@ criterion = "0.3"
 hex = "0.4"
 json = "0.12"
 lazy_static = "1"
+p256 = { version = "=0.11.0-pre.0", default-features = false, features = [
+  "hash2curve",
+  "voprf",
+] }
 proptest = "1"
+rand = "0.8"
 regex = "1"
 rustyline = "9"
 serde_json = "1"
@@ -102,3 +84,14 @@ sha2 = "0.10"
 [[bench]]
 harness = false
 name = "opaque"
+
+[package.metadata.docs.rs]
+features = ["std", "slow-hash", "x25519_u64"]
+targets = []
+
+[patch.crates-io]
+chacha20 = { git = "https://github.com/RustCrypto/stream-ciphers" }
+chacha20poly1305 = { git = "https://github.com/khonsulabs/aeads", branch = "update-dependencies" }
+derive-where = { git = "https://github.com/ModProg/derive-where" }
+poly1305 = { git = "https://github.com/RustCrypto/universal-hashes" }
+voprf = { git = "https://github.com/khonsulabs/voprf", branch = "v08" }

README.md

@@ -27,7 +27,7 @@ opaque-ke = "0.6.0"
 
 ### Minimum Supported Rust Version
 
-Rust **1.56** or higher.
+Rust **1.57** or higher.
 
 Audit
 -----

benches/opaque.rs

@@ -20,26 +20,24 @@ static SUFFIX: &str = "ristretto255_u32";
 static SUFFIX: &str = "ristretto255_fiat_u64";
 #[cfg(feature = "ristretto255_fiat_u32")]
 static SUFFIX: &str = "ristretto255_fiat_u32";
-#[cfg(all(not(feature = "ristretto255"), feature = "p256"))]
+#[cfg(all(not(feature = "ristretto255")))]
 static SUFFIX: &str = "p256";
 
 struct Default;
 
 #[cfg(feature = "ristretto255")]
 impl CipherSuite for Default {
-    type OprfGroup = curve25519_dalek::ristretto::RistrettoPoint;
-    type KeGroup = curve25519_dalek::ristretto::RistrettoPoint;
+    type OprfGroup = opaque_ke::Ristretto255;
+    type KeGroup = opaque_ke::Ristretto255;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha512;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }
 
 #[cfg(not(feature = "ristretto255"))]
 impl CipherSuite for Default {
-    type OprfGroup = p256_::ProjectivePoint;
-    type KeGroup = p256_::PublicKey;
+    type OprfGroup = p256::NistP256;
+    type KeGroup = p256::NistP256;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha256;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }
 

examples/digital_locker.rs

@@ -49,19 +49,17 @@ struct Default;
 
 #[cfg(feature = "ristretto255")]
 impl CipherSuite for Default {
-    type OprfGroup = curve25519_dalek::ristretto::RistrettoPoint;
-    type KeGroup = curve25519_dalek::ristretto::RistrettoPoint;
+    type OprfGroup = opaque_ke::Ristretto255;
+    type KeGroup = opaque_ke::Ristretto255;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha512;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }
 
 #[cfg(not(feature = "ristretto255"))]
 impl CipherSuite for Default {
-    type OprfGroup = p256_::ProjectivePoint;
-    type KeGroup = p256_::PublicKey;
+    type OprfGroup = p256::NistP256;
+    type KeGroup = p256::NistP256;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha256;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }
 

examples/simple_login.rs

@@ -43,19 +43,17 @@ struct Default;
 
 #[cfg(feature = "ristretto255")]
 impl CipherSuite for Default {
-    type OprfGroup = curve25519_dalek::ristretto::RistrettoPoint;
-    type KeGroup = curve25519_dalek::ristretto::RistrettoPoint;
+    type OprfGroup = opaque_ke::Ristretto255;
+    type KeGroup = opaque_ke::Ristretto255;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha512;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }
 
 #[cfg(not(feature = "ristretto255"))]
 impl CipherSuite for Default {
-    type OprfGroup = p256_::ProjectivePoint;
-    type KeGroup = p256_::PublicKey;
+    type OprfGroup = p256::NistP256;
+    type KeGroup = p256::NistP256;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
-    type Hash = sha2::Sha256;
     type SlowHash = opaque_ke::slow_hash::NoOpHash;
 }