Merge pull request facebook#75 from huitseeker/tls

Rebase TLS on master

Author: huitseeker

benches/oprf.rs

@@ -7,12 +7,11 @@
 extern crate criterion;
 
 use criterion::Criterion;
-use curve25519_dalek::edwards::EdwardsPoint;
-use curve25519_dalek::ristretto::RistrettoPoint;
+use curve25519_dalek::{edwards::EdwardsPoint, ristretto::RistrettoPoint};
 use generic_array::arr;
 use opaque_ke::{
     group::Group,
-    oprf::{generate_oprf1_shim, generate_oprf2_shim, generate_oprf3_shim, OprfClientBytes},
+    oprf::{blind_shim, evaluate_shim, unblind_and_finalize_shim},
 };
 use rand::{prelude::ThreadRng, thread_rng};
 use sha2::Sha256;
@@ -21,12 +20,9 @@ fn oprf1(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    c.bench_function("generate_oprf1 with Ristretto", move |b| {
+    c.bench_function("blind with Ristretto", move |b| {
         b.iter(|| {
-            let OprfClientBytes {
-                alpha: _alpha,
-                blinding_factor: _blinding_factor,
-            } = generate_oprf1_shim::<_, RistrettoPoint>(&input[..], None, &mut csprng).unwrap();
+            blind_shim::<_, RistrettoPoint>(&input[..], &mut csprng).unwrap();
         })
     });
 }
@@ -35,12 +31,9 @@ fn oprf1_edwards(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    c.bench_function("generate_oprf1 with Edwards", move |b| {
+    c.bench_function("blind with Edwards", move |b| {
         b.iter(|| {
-            let OprfClientBytes {
-                alpha: _alpha,
-                blinding_factor: _blinding_factor,
-            } = generate_oprf1_shim::<_, EdwardsPoint>(&input[..], None, &mut csprng).unwrap();
+            blind_shim::<_, EdwardsPoint>(&input[..], &mut csprng).unwrap();
         })
     });
 }
@@ -49,19 +42,16 @@ fn oprf2(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    let OprfClientBytes {
-        alpha,
-        blinding_factor: _blinding_factor,
-    } = generate_oprf1_shim::<_, RistrettoPoint>(&input[..], None, &mut csprng).unwrap();
+    let (_, alpha) = blind_shim::<_, RistrettoPoint>(&input[..], &mut csprng).unwrap();
     let salt_bytes = arr![
         u8; 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
         24, 25, 26, 27, 28, 29, 30, 31, 32,
     ];
     let salt = RistrettoPoint::from_scalar_slice(&salt_bytes).unwrap();
 
-    c.bench_function("generate_oprf2 with Ristretto", move |b| {
+    c.bench_function("evaluate with Ristretto", move |b| {
         b.iter(|| {
-            let _beta = generate_oprf2_shim::<RistrettoPoint>(alpha, &salt).unwrap();
+            let _beta = evaluate_shim::<RistrettoPoint>(alpha, &salt).unwrap();
         })
     });
 }
@@ -70,19 +60,16 @@ fn oprf2_edwards(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    let OprfClientBytes {
-        alpha,
-        blinding_factor: _blinding_factor,
-    } = generate_oprf1_shim::<_, EdwardsPoint>(&input[..], None, &mut csprng).unwrap();
+    let (_, alpha) = blind_shim::<_, EdwardsPoint>(&input[..], &mut csprng).unwrap();
     let salt_bytes = arr![
         u8; 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
         24, 25, 26, 27, 28, 29, 30, 31, 32,
     ];
     let salt = RistrettoPoint::from_scalar_slice(&salt_bytes).unwrap();
 
-    c.bench_function("generate_oprf2 with Edwards", move |b| {
+    c.bench_function("evaluate with Edwards", move |b| {
         b.iter(|| {
-            let _beta = generate_oprf2_shim::<EdwardsPoint>(alpha, &salt).unwrap();
+            let _beta = evaluate_shim::<EdwardsPoint>(alpha, &salt).unwrap();
         })
     });
 }
@@ -91,21 +78,17 @@ fn oprf3(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    let OprfClientBytes {
-        alpha,
-        blinding_factor,
-    } = generate_oprf1_shim::<_, RistrettoPoint>(&input[..], None, &mut csprng).unwrap();
+    let (token, alpha) = blind_shim::<_, RistrettoPoint>(&input[..], &mut csprng).unwrap();
     let salt_bytes = arr![
         u8; 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
         24, 25, 26, 27, 28, 29, 30, 31, 32,
     ];
     let salt = RistrettoPoint::from_scalar_slice(&salt_bytes).unwrap();
-    let beta = generate_oprf2_shim::<RistrettoPoint>(alpha, &salt).unwrap();
+    let beta = evaluate_shim::<RistrettoPoint>(alpha, &salt).unwrap();
 
-    c.bench_function("generate_oprf3 with Ristretto", move |b| {
+    c.bench_function("unblind_and_finalize with Ristretto", move |b| {
         b.iter(|| {
-            let _res = generate_oprf3_shim::<RistrettoPoint, Sha256>(input, beta, &blinding_factor)
-                .unwrap();
+            let _res = unblind_and_finalize_shim::<RistrettoPoint, Sha256>(&token, beta).unwrap();
         })
     });
 }
@@ -114,21 +97,17 @@ fn oprf3_edwards(c: &mut Criterion) {
     let mut csprng: ThreadRng = thread_rng();
     let input = b"hunter2";
 
-    let OprfClientBytes {
-        alpha,
-        blinding_factor,
-    } = generate_oprf1_shim::<_, EdwardsPoint>(&input[..], None, &mut csprng).unwrap();
+    let (token, alpha) = blind_shim::<_, EdwardsPoint>(&input[..], &mut csprng).unwrap();
     let salt_bytes = arr![
         u8; 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
         24, 25, 26, 27, 28, 29, 30, 31, 32,
     ];
     let salt = RistrettoPoint::from_scalar_slice(&salt_bytes).unwrap();
-    let beta = generate_oprf2_shim::<EdwardsPoint>(alpha, &salt).unwrap();
+    let beta = evaluate_shim::<EdwardsPoint>(alpha, &salt).unwrap();
 
-    c.bench_function("generate_oprf3 with Edwards", move |b| {
+    c.bench_function("unblind_and_finalize with Edwards", move |b| {
         b.iter(|| {
-            let _res =
-                generate_oprf3_shim::<EdwardsPoint, Sha256>(input, beta, &blinding_factor).unwrap();
+            let _res = unblind_and_finalize_shim::<EdwardsPoint, Sha256>(&token, beta).unwrap();
         })
     });
 }

examples/simple_login.rs

@@ -56,9 +56,8 @@ fn account_registration(
 ) -> Vec<u8> {
     let mut client_rng = OsRng;
     let (r1, client_state) =
-        ClientRegistration::<Default>::start(password.as_bytes(), Some(b"pepper"), &mut client_rng)
-            .unwrap();
-    let r1_bytes = r1.to_bytes();
+        ClientRegistration::<Default>::start(password.as_bytes(), &mut client_rng).unwrap();
+    let r1_bytes = r1.serialize();
 
     // Client sends r1_bytes to server
 
@@ -68,7 +67,7 @@ fn account_registration(
         &mut server_rng,
     )
     .unwrap();
-    let r2_bytes = r2.to_bytes();
+    let r2_bytes = r2.serialize();
 
     // Server sends r2_bytes to client
 
@@ -79,7 +78,7 @@ fn account_registration(
             &mut client_rng,
         )
         .unwrap();
-    let r3_bytes = r3.to_bytes();
+    let r3_bytes = r3.serialize();
 
     // Client sends r3_bytes to server
 
@@ -97,9 +96,8 @@ fn account_login(
 ) -> bool {
     let mut client_rng = OsRng;
     let (l1, client_state) =
-        ClientLogin::<Default>::start(password.as_bytes(), Some(b"pepper"), &mut client_rng)
-            .unwrap();
-    let l1_bytes = l1.to_bytes();
+        ClientLogin::<Default>::start(password.as_bytes(), &mut client_rng).unwrap();
+    let l1_bytes = l1.serialize();
 
     // Client sends l1_bytes to server
 
@@ -112,7 +110,7 @@ fn account_login(
         &mut server_rng,
     )
     .unwrap();
-    let l2_bytes = l2.to_bytes();
+    let l2_bytes = l2.serialize();
 
     // Server sends l2_bytes to client
 
@@ -127,7 +125,7 @@ fn account_login(
         return false;
     }
     let (l3, client_shared_secret, _) = result.unwrap();
-    let l3_bytes = l3.to_bytes();
+    let l3_bytes = l3.serialize();
 
     // Client sends l3_bytes to server
 

src/elligator/field.rs

@@ -7,15 +7,12 @@
 //! Field arithmetic modulo \\(p = 2\^{255} - 19\\), using \\(64\\)-bit
 //! limbs with \\(128\\)-bit products.
 
-use core::fmt::Debug;
-use core::ops::Neg;
-use core::ops::{Add, AddAssign};
-use core::ops::{Mul, MulAssign};
-
-use subtle::Choice;
-use subtle::ConditionallyNegatable;
-use subtle::ConditionallySelectable;
-use subtle::ConstantTimeEq;
+use core::{
+    fmt::Debug,
+    ops::{Add, AddAssign, Mul, MulAssign, Neg},
+};
+
+use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
 
 use zeroize::Zeroize;