Curve25519 test vectors

daxpedda · daxpedda · commit f3156010d495 · 2023-03-22T00:25:21.000+01:00
diff --git a/src/key_exchange/group/curve25519.rs b/src/key_exchange/group/curve25519.rs
@@ -96,7 +96,7 @@ impl KeGroup for Curve25519 {
         bytes
             .try_into()
             .ok()
-            .and_then(|bytes| Scalar::from_canonical_bytes(bytes).into())
+            .map(Scalar::from_bits_clamped)
             .filter(|scalar| scalar != &Scalar::ZERO)
             .ok_or(InternalError::PointError)
     }
diff --git a/src/tests/opaque_vectors.rs b/src/tests/opaque_vectors.rs
@@ -251,6 +251,242 @@ e60
 
 #### Configuration
 
+~~~
+OPRF: ristretto255-SHA512
+Hash: SHA512
+KSF: Identity
+KDF: HKDF-SHA512
+MAC: HMAC-SHA512
+Group: x25519
+Context: 4f50415155452d504f43
+Nh: 64
+Npk: 32
+Nsk: 32
+Nm: 64
+Nx: 64
+Nok: 32
+~~~
+
+#### Input Values
+
+~~~
+oprf_seed: 886fadc163ea802a5a2d8f92b09a4973b72479449b37bc28910cf7a338
+1db075c36139381df63bfc91c850db0b9cfbec7a62e86d80040a41aa7725bf0e79d5e
+4
+credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
+envelope_nonce: e9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66b
+ee7190de73b
+masking_nonce: 38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80
+f612fdfc6d
+server_private_key: e16f7bacc1c5ac079aa7ef5d558520e31c0008fb9c22baf34
+424789bb5475d73
+server_public_key: ce208cef0acb3d6af19e4f8e283738b6e662f7da3f890848ae
+3f5dedbeb5a46c
+server_nonce: 71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e
+138e3d4a1
+client_nonce: da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb38
+0cae6a6cc
+server_keyshare: e14fc671db2188840ae418af5b2ef633cd515aa3e8a55b6c5562
+26010b2b423d
+client_keyshare: 07c0b31192d46d9a8cd7f547b158ad0b3a5c44a5e5b4cb45dab3
+24a16c4d8e2e
+server_private_keyshare: be39b151a3d647ab4ad6abf9e56dd3a8b9253347dab1
+c3b8c42b135bb2157da7
+client_private_keyshare: 1e01951630bcbb2fe9518bf32425083684eda4cd7b6d
+9829a8529ba3c3419655
+blind_registration: e737625b74b5f00abec2051f8f4d056490e752213daa33540
+6c0d41c9ce44e07
+blind_login: 6ecc102d2e7a7cf49617aad7bbe188556792d4acd60a1a8a8d2b65d4
+b0790308
+~~~
+
+#### Intermediate Values
+
+~~~
+client_public_key: e00843ccbf294ce0994ea9ba0dd9ec49e792ac97f88a330a4d
+061bc81ef1846a
+auth_key: d62fb0c14a9b10e858bd407a23b676286d6107c252660a1df53b21c0643
+7177914ecb74b88eee5415851d03c4c2bfa45f925db50b4c233a61156c3aa76e36984
+randomized_pwd: d3da3e4108c224452af38a2827a4347e807b84079d51565527cb4
+3edcd5354057743fe8a84386b05ffd3bfb0e6f73bd803f07b715743e1421df5ae4252
+3a065c
+envelope: e9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66bee7190
+de73b46388cc2dabd3d3dcbdb1c33d6a35cecd80b8542d09f2d06d6c0ed4971684ae4
+f819f962aa4bc7414a922f4d5b27b5563857c5ad8cc52e8b51d3a3734c2bfdf0
+handshake_secret: 90b4ea390ede606f06ad41581db572a6c2d33cf1a3065aa5fdc
+dae1a0fd8da6ee7db823197fe0eaf543a7915f624386c185d827536bd872ba8d6fe70
+80c0c464
+server_mac_key: 850c08513a9ddbedd23234b815ba9c4509f5d4ab14d19016a2c37
+b15d9322ea209195a5e5d17a3ec84091187761786be6462888d4706bd7bf9bf48a27a
+b58adc
+client_mac_key: cceb75157ee9b20fd6c7eea72301f705eb6fba9844ccb9c9f0dfb
+f9cf11a3ca42cd0c15d98742fa91ed67eb913c37cfcdd070caca846e3491f2fbd8edd
+93c57f
+oprf_key: 62d389bf797495d84ffb60784dbe2abe8b2fb2dfd2e814f820e75df7061
+5e308
+~~~
+
+#### Output Values
+
+~~~
+registration_request: baef8089527412c09114f94f35513b12735e644d953297c
+0b6b94d50dc7c9e49
+registration_response: e273440f6d486f9ec5b976b9bc846b9250d874f3fa7ea1
+69cefdbff8977a9e23ce208cef0acb3d6af19e4f8e283738b6e662f7da3f890848ae3
+f5dedbeb5a46c
+registration_upload: e00843ccbf294ce0994ea9ba0dd9ec49e792ac97f88a330a
+4d061bc81ef1846a8f01d3723d3f302a346080d53b664aadce9b4cb77e374cad3c08c
+713fab1a211f91615b7eef04dff8606acae349928e0f6f35e0e0ab290aff150e9e477
+66e6dee9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66bee7190de73
+b46388cc2dabd3d3dcbdb1c33d6a35cecd80b8542d09f2d06d6c0ed4971684ae4f819
+f962aa4bc7414a922f4d5b27b5563857c5ad8cc52e8b51d3a3734c2bfdf0
+KE1: c4dedb0ba6ed5d965d6f250fbe554cd45cba5dfcce3ce836e4aee778aa3cd44d
+da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb380cae6a6cc07c0b
+31192d46d9a8cd7f547b158ad0b3a5c44a5e5b4cb45dab324a16c4d8e2e
+KE2: 103eb7bdcfd64b98cf0aec56037b404db3893125d99d597d96ac96b68136ea3d
+38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80f612fdfc6dd8f91
+69fa02431ca4a81833f780bfc9b82a07d728b6496ec76e34b2bd6aa23a6d7ac1d3b52
+59ee21b1240732c9ffad74db301fc16f2385ed3626719a6ab0f44e8ae61dcb81d990d
+0477128ab43bbc68ee0b78e1c56c172904d1114ac3f50436a920dbfd222fc88c038f1
+0854873577a84890ddd696659e3da5d947a3f59d583971cd9960ecef2fe0d0f749498
+6fa3d8b2bb01963537e60efb13981e138e3d4a1e14fc671db2188840ae418af5b2ef6
+33cd515aa3e8a55b6c556226010b2b423d596d0186759c4119507bd7171b19a20f70b
+f59ff734a793dad02cbe682bf5ddc63994894a659be2ac8b346138dfad59ea6476904
+c208f8139b96a77533edfccf
+KE3: ae0559211022fe87fb88ab7491781e75faef55673c33b7dc3f99a332dbeb68b7
+caa692d4891bb343f0cda6cb50b3e4614bd9097005f96df44dd4eccb5c665873
+export_key: ac89657e06b31c3ee230f6de240722e42763ba93352f73b0d04893645
+830c54b2503f786d0ca0b058ab59dbc5834ddfbf17071e4818b296cfa9194483400fa
+a8
+session_key: c3c407c25b90f3015750ec2ba380d4728ed609486e4df39998a0895f
+a38886bd28c73cb287fde078630740acc2eb8c0c2694f9011af0f80b6255b2fb78a1b
+0a6
+~~~
+
+### OPAQUE-3DH Real Test Vector 4
+
+#### Configuration
+
+~~~
+OPRF: ristretto255-SHA512
+Hash: SHA512
+KSF: Identity
+KDF: HKDF-SHA512
+MAC: HMAC-SHA512
+Group: x25519
+Context: 4f50415155452d504f43
+Nh: 64
+Npk: 32
+Nsk: 32
+Nm: 64
+Nx: 64
+Nok: 32
+~~~
+
+#### Input Values
+
+~~~
+client_identity: 616c696365
+server_identity: 626f62
+oprf_seed: 886fadc163ea802a5a2d8f92b09a4973b72479449b37bc28910cf7a338
+1db075c36139381df63bfc91c850db0b9cfbec7a62e86d80040a41aa7725bf0e79d5e
+4
+credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
+envelope_nonce: e9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66b
+ee7190de73b
+masking_nonce: 38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80
+f612fdfc6d
+server_private_key: e116b846aedf03eb354eaf85b7c84f8313e787f2d7ce216b5
+21fdddf22eb2d23
+server_public_key: 795491b4475810360c1db0eac148e5b4ae20ba8821e49895c5
+8b3a8489ca7e27
+server_nonce: 71cd9960ecef2fe0d0f7494986fa3d8b2bb01963537e60efb13981e
+138e3d4a1
+client_nonce: da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb38
+0cae6a6cc
+server_keyshare: 024b5155196bc86173855f3af3d5f804dfc5242e3b58d15ab10a
+7e6f7dea053b
+client_keyshare: 02b44cda0c5f6c0c11078ba0cc39413de0dde8d3ec77cb1604ee
+dcb71091d745
+server_private_keyshare: 8274e6020f2a01c3b1f864827ed496e48f606ca47c46
+8e6fe58cfd58e1274c23
+client_private_keyshare: 8c4e7d21a08ef11052970ffa20cbef5fb1260ced4f5a
+602428487e335f48a7f7
+blind_registration: e737625b74b5f00abec2051f8f4d056490e752213daa33540
+6c0d41c9ce44e07
+blind_login: 6ecc102d2e7a7cf49617aad7bbe188556792d4acd60a1a8a8d2b65d4
+b0790308
+~~~
+
+#### Intermediate Values
+
+~~~
+client_public_key: e00843ccbf294ce0994ea9ba0dd9ec49e792ac97f88a330a4d
+061bc81ef1846a
+auth_key: d62fb0c14a9b10e858bd407a23b676286d6107c252660a1df53b21c0643
+7177914ecb74b88eee5415851d03c4c2bfa45f925db50b4c233a61156c3aa76e36984
+randomized_pwd: d3da3e4108c224452af38a2827a4347e807b84079d51565527cb4
+3edcd5354057743fe8a84386b05ffd3bfb0e6f73bd803f07b715743e1421df5ae4252
+3a065c
+envelope: e9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66bee7190
+de73b2f31d1074c499e00d746e9f6ab0d6463859acf4a79e860885f2940aa8ae0cf2b
+cbf5ba1385c373caadc837299f886938c5dc2915b8517180108bd1d82dd3870d
+handshake_secret: 14b6107220f8ffdb6b69a4cbb4389cd02b2ca282db300b634a5
+ce0eb10b551905590fd6ec14806a9a136d50b084008ab5f1acd402cf57f4cbd8e8c7e
+2f2fe2da
+server_mac_key: 9f728d06854621940b9735f472a762fdfd6dfc5738bcde31e8766
+bda89164b37cb00609037b3d8a592f247f9438508aa130a14f9553a06766e7a21253d
+ded99f
+client_mac_key: f040462264ddbcde648f6aa247b409e325401a519431df31f2331
+21a1008fefd1dacf4593e228c5d282cd29fd10c16158885109e10715a415f2af79b9d
+07efcc
+oprf_key: 62d389bf797495d84ffb60784dbe2abe8b2fb2dfd2e814f820e75df7061
+5e308
+~~~
+
+#### Output Values
+
+~~~
+registration_request: baef8089527412c09114f94f35513b12735e644d953297c
+0b6b94d50dc7c9e49
+registration_response: e273440f6d486f9ec5b976b9bc846b9250d874f3fa7ea1
+69cefdbff8977a9e23795491b4475810360c1db0eac148e5b4ae20ba8821e49895c58
+b3a8489ca7e27
+registration_upload: e00843ccbf294ce0994ea9ba0dd9ec49e792ac97f88a330a
+4d061bc81ef1846a8f01d3723d3f302a346080d53b664aadce9b4cb77e374cad3c08c
+713fab1a211f91615b7eef04dff8606acae349928e0f6f35e0e0ab290aff150e9e477
+66e6dee9cc9c5f6c39c6d29d7bc7d4c57ecbd27ab864ee9dc1c3d7ab66bee7190de73
+b2f31d1074c499e00d746e9f6ab0d6463859acf4a79e860885f2940aa8ae0cf2bcbf5
+ba1385c373caadc837299f886938c5dc2915b8517180108bd1d82dd3870d
+KE1: c4dedb0ba6ed5d965d6f250fbe554cd45cba5dfcce3ce836e4aee778aa3cd44d
+da7e07376d6d6f034cfa9bb537d11b8c6b4238c334333d1f0aebb380cae6a6cc02b44
+cda0c5f6c0c11078ba0cc39413de0dde8d3ec77cb1604eedcb71091d745
+KE2: 103eb7bdcfd64b98cf0aec56037b404db3893125d99d597d96ac96b68136ea3d
+38fe59af0df2c79f57b8780278f5ae47355fe1f817119041951c80f612fdfc6d6f8d0
+bc4edb71c96b7027c5b91742199cae23020950906311d572c42e1d5f9edd7ac1d3b52
+59ee21b1240732c9ffad74db301fc16f2385ed3626719a6ab0f44ee3ef400e172d33e
+d5becdd6e3e15fe01bd26c414ffb63f1ec4f8b94fc4d8c6a5a1e1fca30d743c4bdfab
+1030439aabc6b51b316ea2f1c136e4813508946522c471cd9960ecef2fe0d0f749498
+6fa3d8b2bb01963537e60efb13981e138e3d4a1024b5155196bc86173855f3af3d5f8
+04dfc5242e3b58d15ab10a7e6f7dea053b0234f7bdddac8cd4a3245551f4ecbde7f61
+84c6b49ad8ee105b375fbbc9de4c1df0cd197e59ac65cf4372f87da340c0d53e610b4
+96299aba8b5c3a60969380ed
+KE3: c7e4ac9d3f0a50e22b4c5c3d1d9bda363376d6219fffcc6db26f6e4837e78e88
+a2184f15afed4071eb57a8167f2bf03edd79ab4577393f6e1e6b167278f71bf7
+export_key: ac89657e06b31c3ee230f6de240722e42763ba93352f73b0d04893645
+830c54b2503f786d0ca0b058ab59dbc5834ddfbf17071e4818b296cfa9194483400fa
+a8
+session_key: d279fd7afda66e7425e3e959261dd1b3414b13a7f1e3e5d23cc32602
+251147b412fdb30bae32e02fd63b7dc94b6165dd97981c29d998911ac23531c6b2d97
+fb0
+~~~
+
+### OPAQUE-3DH Real Test Vector 5
+
+#### Configuration
+
 ~~~
 OPRF: P256-SHA256
 Hash: SHA256
@@ -352,7 +588,7 @@ session_key: a224790a010afc0a3f37e23c1b7a5cb7f9e73e3d9a924116510d97d8
 0e2a1e0c
 ~~~
 
-### OPAQUE-3DH Real Test Vector 4
+### OPAQUE-3DH Real Test Vector 6
 
 #### Configuration
 
@@ -533,6 +769,74 @@ c9b6e71efc8a89607fd46ed5e7b9bf7cc7dbb997a4fd41194a04bcd0c5d88052e080a
 
 #### Configuration
 
+~~~
+OPRF: ristretto255-SHA512
+Hash: SHA512
+KSF: Identity
+KDF: HKDF-SHA512
+MAC: HMAC-SHA512
+Group: x25519
+Context: 4f50415155452d504f43
+Nh: 64
+Npk: 32
+Nsk: 32
+Nm: 64
+Nx: 64
+Nok: 32
+~~~
+
+#### Input Values
+
+~~~
+client_identity: 616c696365
+server_identity: 626f62
+oprf_seed: 5511622666f94de19ee0d7afd8a26d4ec25b69d75b5651eb509fe0ee86
+c2e75172ef9c7373da3150f433e2cd0ed71f5b10bb5a374593f2a712b887373dcf97e
+e
+credential_identifier: 31323334
+masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
+9e27b6e5a6
+client_private_key: 9e3f2fbd83c4d45d59e0c6b264ef5f5c3f8b8cbfb0685c05e
+dad681577b28a97
+client_public_key: 14a9325ab7f42c2fa3bd28d1c93b4dfd2bbc40ab8b5a0d883b
+042f8ed95b5e14
+server_private_key: cbf0754c32d742f87151a4c9e03dba7aafa91b5650f3a4757
+815a59c4d9f7f1c
+server_public_key: 2f626c79377ee2ad4e2d011973fed7b56e215ef819a6bc6a33
+0d2907c5409867
+server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
+055ae2d12
+server_keyshare: 4621fedfd76fc0ee6e2c17bcd014e4114a7745af21e7993c7d65
+613b0d30011d
+server_private_keyshare: 1c64d12a9b4ed32b81b6f483ae552ae675849aa5ea7f
+4bb8505b981eee5875e5
+masking_key: 7706df4d2de693dd9023d17748b65c021fbc45a237149266c83ec535
+c1cfb6ad3c9aa77e9f2392f4c9d2e7b56c5930a1b0f5243bd82bd33620b5fd7141e12
+2ca
+KE1: b0a26dcaca2230b8f5e4b1bcab9c84b586140221bb8b2848486874b0be448905
+42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0abdfc0
+9cefc765e9ba74244a0c1dff3e2f2420b59ad713268c63b579c3b485e03
+~~~
+
+#### Output Values
+
+~~~
+KE2: 025420ec9ced1ef386877f3d9e06de6494466fcdec047b6e069f87162525bb53
+9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c619e27b6e5a69fa4e
+a182fcba9b0f7d8b7bbbf052764bd6408de97706acd4131875a9dbc8b6918823c748c
+6226769691ff5971ce742ddabdc36121b06bc3e064d0528c07d0edf6676b1dd64518e
+d06dbfbb6e4fa575c0f4af9fd9bfcc497ee7139e29cb707d9f7f015ca57fe18894d12
+efd854a40a06fe9ca8d003b11832efd26a9f8bb0e4e21e10f6eeab2a7a420bf09da9b
+27a4639645622c46358de9cf7ae813055ae2d124621fedfd76fc0ee6e2c17bcd014e4
+114a7745af21e7993c7d65613b0d30011db2625a5d3b2d130f98be727f41e1202a241
+5318ce1247f9679b5f8ec77c9baa170ea45429ea77715c7e92b078a1a4929b143079e
+75c4db3fa54ba3fa5a8a1a9d
+~~~
+
+### OPAQUE-3DH Fake Test Vector 3
+
+#### Configuration
+
 ~~~
 OPRF: P256-SHA256
 Hash: SHA256
diff --git a/src/tests/parser.rs b/src/tests/parser.rs
@@ -35,7 +35,7 @@ fn parse_vector_types(input: &str) -> String {
 
 fn parse_ciphersuites(input: &str) -> String {
     let re = regex::Regex::new(
-        r"# Configuration(.|\n)+?Hash: (?P<hash>.*?)\n(.|\n)*?Group: (?P<group>.*?)\n",
+        r"#### Configuration\n(.|\n)*?OPRF: (?P<oprf>.*?)\n(.|\n)*?Group: (?P<group>.*?)\n",
     )
     .unwrap();
     let mut ciphersuites = vec![];
@@ -46,8 +46,8 @@ fn parse_ciphersuites(input: &str) -> String {
     for caps in re.captures_iter(input) {
         let ciphersuite = format!(
             "{{ \"{}, {}\": {{ {} }} }}",
+            &caps["oprf"],
             &caps["group"],
-            &caps["hash"],
             parse_params(chunks[count])
         );
         ciphersuites.push(ciphersuite);
diff --git a/src/tests/test_opaque_vectors.rs b/src/tests/test_opaque_vectors.rs

Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ impl KeGroup for Curve25519 {`
`96`	`96`	`bytes`
`97`	`97`	`.try_into()`
`98`	`98`	`.ok()`
`99`		`- .and_then(\|bytes\| Scalar::from_canonical_bytes(bytes).into())`
	`99`	`+ .map(Scalar::from_bits_clamped)`
`100`	`100`	`.filter(\|scalar\| scalar != &Scalar::ZERO)`
`101`	`101`	`.ok_or(InternalError::PointError)`
`102`	`102`	`}`