Compare commits
No commits in common. "master" and "gc" have entirely different histories.
89
.drone.yml
89
.drone.yml
|
@ -1,14 +1,14 @@
|
||||||
---
|
workspace:
|
||||||
kind: pipeline
|
base: /go
|
||||||
type: docker
|
path: src/cwtch.im/tapir
|
||||||
name: linux-test
|
|
||||||
|
|
||||||
steps:
|
pipeline:
|
||||||
- name: fetch
|
fetch:
|
||||||
image: golang:1.17.5
|
when:
|
||||||
volumes:
|
repo: cwtch.im/tapir
|
||||||
- name: deps
|
branch: master
|
||||||
path: /go
|
event: [ push, pull_request ]
|
||||||
|
image: golang
|
||||||
commands:
|
commands:
|
||||||
- wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/tor
|
- wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/tor
|
||||||
- wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/torrc
|
- wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/torrc
|
||||||
|
@ -16,58 +16,49 @@ steps:
|
||||||
- export GO111MODULE=on
|
- export GO111MODULE=on
|
||||||
- go mod download
|
- go mod download
|
||||||
- go install honnef.co/go/tools/cmd/staticcheck@latest
|
- go install honnef.co/go/tools/cmd/staticcheck@latest
|
||||||
- name: quality
|
quality:
|
||||||
image: golang:1.17.5
|
when:
|
||||||
volumes:
|
repo: cwtch.im/tapir
|
||||||
- name: deps
|
branch: master
|
||||||
path: /go
|
event: [ push, pull_request ]
|
||||||
|
image: golang
|
||||||
commands:
|
commands:
|
||||||
- staticcheck ./...
|
- staticcheck ./...
|
||||||
- name: units-tests
|
units-tests:
|
||||||
image: golang:1.17.5
|
when:
|
||||||
volumes:
|
repo: cwtch.im/tapir
|
||||||
- name: deps
|
branch: master
|
||||||
path: /go
|
event: [ push, pull_request ]
|
||||||
|
image: golang
|
||||||
commands:
|
commands:
|
||||||
- export PATH=`pwd`:$PATH
|
- export PATH=$PATH:/go/src/cwtch.im/tapir
|
||||||
- sh testing/tests.sh
|
- sh testing/tests.sh
|
||||||
- name: integ-test
|
integ-test:
|
||||||
image: golang:1.17.5
|
when:
|
||||||
volumes:
|
repo: cwtch.im/tapir
|
||||||
- name: deps
|
branch: master
|
||||||
path: /go
|
event: [ push, pull_request ]
|
||||||
|
image: golang
|
||||||
commands:
|
commands:
|
||||||
- export PATH=`pwd`:$PATH
|
- export PATH=$PATH:/go/src/cwtch.im/tapir
|
||||||
- go test -race -v git.openprivacy.ca/cwtch.im/tapir/testing
|
- go test -race -v git.openprivacy.ca/cwtch.im/tapir/testing
|
||||||
- name: notify-email
|
notify-email:
|
||||||
image: drillster/drone-email
|
image: drillster/drone-email
|
||||||
host: build.openprivacy.ca
|
host: build.openprivacy.ca
|
||||||
port: 25
|
port: 25
|
||||||
skip_verify: true
|
skip_verify: true
|
||||||
from: drone@openprivacy.ca
|
from: drone@openprivacy.ca
|
||||||
when:
|
when:
|
||||||
|
repo: cwtch.im/tapir
|
||||||
|
branch: master
|
||||||
|
event: [ push, pull_request ]
|
||||||
status: [ failure ]
|
status: [ failure ]
|
||||||
- name: notify-gogs
|
notify-gogs:
|
||||||
image: openpriv/drone-gogs
|
image: openpriv/drone-gogs
|
||||||
pull: if-not-exists
|
|
||||||
when:
|
when:
|
||||||
|
repo: cwtch.im/tapir
|
||||||
|
branch: master
|
||||||
event: pull_request
|
event: pull_request
|
||||||
status: [ success, changed, failure ]
|
status: [ success, changed, failure ]
|
||||||
environment:
|
secrets: [gogs_account_token]
|
||||||
GOGS_ACCOUNT_TOKEN:
|
gogs_url: https://git.openprivacy.ca
|
||||||
from_secret: gogs_account_token
|
|
||||||
settings:
|
|
||||||
gogs_url: https://git.openprivacy.ca
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
# gopath where bin and pkg lives to persist across steps
|
|
||||||
- name: deps
|
|
||||||
temp: {}
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
repo: cwtch.im/tapir
|
|
||||||
branch: master
|
|
||||||
event:
|
|
||||||
- push
|
|
||||||
- pull_request
|
|
||||||
- tag
|
|
||||||
|
|
|
@ -78,8 +78,6 @@ func (powapp *ProofOfWorkApplication) solveChallenge(challenge []byte, prng core
|
||||||
log.Errorf("error completing challenge: %v", err)
|
log.Errorf("error completing challenge: %v", err)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
//lint:ignore SA1019 API this is "deprecated", but without it it will cause an allocation on every single check
|
|
||||||
solution = next.Encode(encodedSolution)
|
solution = next.Encode(encodedSolution)
|
||||||
|
|
||||||
copy(solve[0:], solution[:])
|
copy(solve[0:], solution[:])
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"git.openprivacy.ca/openprivacy/connectivity"
|
"git.openprivacy.ca/openprivacy/connectivity"
|
||||||
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
||||||
"git.openprivacy.ca/openprivacy/log"
|
"git.openprivacy.ca/openprivacy/log"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -77,7 +78,7 @@ func TestTokenBoardApp(t *testing.T) {
|
||||||
builder.WithSocksPort(9059).WithControlPort(9060).WithHashedPassword("tapir-integration-test").Build("./tor/torrc")
|
builder.WithSocksPort(9059).WithControlPort(9060).WithHashedPassword("tapir-integration-test").Build("./tor/torrc")
|
||||||
torDataDir := ""
|
torDataDir := ""
|
||||||
var err error
|
var err error
|
||||||
if torDataDir, err = os.MkdirTemp("./tor/", "data-dir-"); err != nil {
|
if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil {
|
||||||
t.Fatalf("could not create data dir")
|
t.Fatalf("could not create data dir")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
22
go.mod
22
go.mod
|
@ -1,21 +1,13 @@
|
||||||
module git.openprivacy.ca/cwtch.im/tapir
|
module git.openprivacy.ca/cwtch.im/tapir
|
||||||
|
|
||||||
go 1.17
|
go 1.16
|
||||||
|
|
||||||
require (
|
require (
|
||||||
filippo.io/edwards25519 v1.0.0
|
git.openprivacy.ca/openprivacy/connectivity v1.8.3
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.8.6
|
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.3
|
git.openprivacy.ca/openprivacy/log v1.0.3
|
||||||
github.com/gtank/merlin v0.1.1
|
|
||||||
github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c
|
|
||||||
go.etcd.io/bbolt v1.3.6
|
|
||||||
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d
|
|
||||||
)
|
|
||||||
|
|
||||||
require (
|
|
||||||
git.openprivacy.ca/openprivacy/bine v0.0.4 // indirect
|
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b // indirect
|
github.com/gtank/merlin v0.1.1
|
||||||
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect
|
github.com/gtank/ristretto255 v0.1.2
|
||||||
golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect
|
go.etcd.io/bbolt v1.3.4
|
||||||
)
|
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee
|
||||||
|
)
|
50
go.sum
50
go.sum
|
@ -1,10 +1,16 @@
|
||||||
|
filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU=
|
||||||
filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
|
filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
|
||||||
filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
|
|
||||||
filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
|
|
||||||
git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGySR6OBPW+c=
|
git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGySR6OBPW+c=
|
||||||
git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU=
|
git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU=
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.8.6 h1:g74PyDGvpMZ3+K0dXy3mlTJh+e0rcwNk0XF8owzkmOA=
|
git.openprivacy.ca/openprivacy/connectivity v1.6.0 h1:j44Kya3GBH4BDGh0f5JD/eNAb77XiQreIZtzcY8Gn28=
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.8.6/go.mod h1:Hn1gpOx/bRZp5wvCtPQVJPXrfeUH0EGiG/Aoa0vjGLg=
|
git.openprivacy.ca/openprivacy/connectivity v1.6.0/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.1 h1:OjWy+JTAvlrstY8PnGPBp7Ho04JaKHaQ+YdoLwSdaCo=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.1/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.2 h1:uCFnrJXsTh3ne4GcgvamoxomQ6fMishD3C2nQGpgdMY=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.2/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.3 h1:bWM8aQHqHIpobYQcLQ9OsNPoIl+H+4JFWbYGdG0nHlg=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.8.3/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw=
|
||||||
|
git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0=
|
git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0=
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
@ -12,45 +18,41 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/gtank/merlin v0.1.1 h1:eQ90iG7K9pOhtereWsmyRJ6RAwcP4tHTDBHXNg+u5is=
|
github.com/gtank/merlin v0.1.1 h1:eQ90iG7K9pOhtereWsmyRJ6RAwcP4tHTDBHXNg+u5is=
|
||||||
github.com/gtank/merlin v0.1.1/go.mod h1:T86dnYJhcGOh5BjZFCJWTDeTK7XW8uE+E21Cy/bIQ+s=
|
github.com/gtank/merlin v0.1.1/go.mod h1:T86dnYJhcGOh5BjZFCJWTDeTK7XW8uE+E21Cy/bIQ+s=
|
||||||
github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c h1:gkfmnY4Rlt3VINCo4uKdpvngiibQyoENVj5Q88sxXhE=
|
github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc=
|
||||||
github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c/go.mod h1:tDPFhGdt3hJWqtKwx57i9baiB1Cj0yAg22VOPUqm5vY=
|
github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o=
|
||||||
|
github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643 h1:hLDRPB66XQT/8+wG9WsDpiCvZf1yKO7sz7scAjSlBa0=
|
||||||
github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643/go.mod h1:43+3pMjjKimDBf5Kr4ZFNGbLql1zKkbImw+fZbw3geM=
|
github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643/go.mod h1:43+3pMjjKimDBf5Kr4ZFNGbLql1zKkbImw+fZbw3geM=
|
||||||
github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b h1:QrHweqAtyJ9EwCaGHBu1fghwxIPiopAHV06JlXrMHjk=
|
|
||||||
github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b/go.mod h1:xxLb2ip6sSUts3g1irPVHyk/DGslwQsNOo9I7smJfNU=
|
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
|
github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
|
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
|
||||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
|
go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg=
|
||||||
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
|
go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee h1:4yd7jl+vXjalO5ztz6Vc1VADv+S/80LGJmyl1ROJ2AI=
|
||||||
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo=
|
|
||||||
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
|
||||||
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
|
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||||
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
|
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
|
||||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||||
golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM=
|
|
||||||
golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
|
||||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
|
||||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e h1:FDhOuMEY4JVRztM/gsbk+IKUQ8kj74bxZrgw87eMMVc=
|
||||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
|
|
|
@ -25,6 +25,7 @@ type State struct {
|
||||||
Messages []Message
|
Messages []Message
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
const (
|
const (
|
||||||
auditableDataStoreProtocol = "auditable-data-store"
|
auditableDataStoreProtocol = "auditable-data-store"
|
||||||
newMessage = "new-message"
|
newMessage = "new-message"
|
||||||
|
|
|
@ -12,8 +12,8 @@ import (
|
||||||
// Transcript provides a consistent transcript primitive for our protocols
|
// Transcript provides a consistent transcript primitive for our protocols
|
||||||
//
|
//
|
||||||
// We have the following goals:
|
// We have the following goals:
|
||||||
// - Allow sequential proofs over a common transcript (ensuring a single proof cannot be extracted standalone)
|
// - Allow sequential proofs over a common transcript (ensuring a single proof cannot be extracted standalone)
|
||||||
// - be able to produce a human-readable transcript for auditing.
|
// - be able to produce a human-readable transcript for auditing.
|
||||||
//
|
//
|
||||||
// The design of this API was inspired by Merlin: https://docs.rs/crate/merlin/
|
// The design of this API was inspired by Merlin: https://docs.rs/crate/merlin/
|
||||||
type Transcript struct {
|
type Transcript struct {
|
||||||
|
@ -39,7 +39,7 @@ func (t *Transcript) AddToTranscript(label string, b []byte) {
|
||||||
// AddElementToTranscript appends a value to the transcript with the given label
|
// AddElementToTranscript appends a value to the transcript with the given label
|
||||||
// This binds the given data to the label.
|
// This binds the given data to the label.
|
||||||
func (t *Transcript) AddElementToTranscript(label string, element *ristretto.Element) {
|
func (t *Transcript) AddElementToTranscript(label string, element *ristretto.Element) {
|
||||||
t.AddToTranscript(label, element.Bytes())
|
t.AddToTranscript(label, element.Encode([]byte{}))
|
||||||
}
|
}
|
||||||
|
|
||||||
// OutputTranscriptToAudit outputs a human-readable copy of the transcript so far.
|
// OutputTranscriptToAudit outputs a human-readable copy of the transcript so far.
|
||||||
|
@ -74,7 +74,7 @@ func (prng *PRNG) Next(buf []byte, next *ristretto.Scalar) error {
|
||||||
log.Errorf("could not read prng: %v %v", n, err)
|
log.Errorf("could not read prng: %v %v", n, err)
|
||||||
return fmt.Errorf("error fetching complete output from prng: %v", err)
|
return fmt.Errorf("error fetching complete output from prng: %v", err)
|
||||||
}
|
}
|
||||||
next.SetUniformBytes(buf)
|
next.FromUniformBytes(buf)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,8 +89,7 @@ func (t *Transcript) CommitToPRNG(label string) PRNG {
|
||||||
// CommitToGenerator derives a verifiably random generator from the transcript
|
// CommitToGenerator derives a verifiably random generator from the transcript
|
||||||
func (t *Transcript) CommitToGenerator(label string) *ristretto.Element {
|
func (t *Transcript) CommitToGenerator(label string) *ristretto.Element {
|
||||||
c := t.CommitToTranscript(label)
|
c := t.CommitToTranscript(label)
|
||||||
result, _ := new(ristretto.Element).SetUniformBytes(c)
|
return new(ristretto.Element).FromUniformBytes(c)
|
||||||
return result
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// CommitToGenerators derives a set of verifiably random generators from the transcript
|
// CommitToGenerators derives a set of verifiably random generators from the transcript
|
||||||
|
@ -105,6 +104,6 @@ func (t *Transcript) CommitToGenerators(label string, n int) (generators []*rist
|
||||||
func (t *Transcript) CommitToTranscriptScalar(label string) *ristretto.Scalar {
|
func (t *Transcript) CommitToTranscriptScalar(label string) *ristretto.Scalar {
|
||||||
c := t.CommitToTranscript(label)
|
c := t.CommitToTranscript(label)
|
||||||
s := new(ristretto.Scalar)
|
s := new(ristretto.Scalar)
|
||||||
s.SetUniformBytes(c[:])
|
s.FromUniformBytes(c[:])
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// DLEQProof encapsulates a Chaum-Pedersen DLEQ Proof
|
// DLEQProof encapsulates a Chaum-Pedersen DLEQ Proof
|
||||||
// gut In Ernest F. Brickell, editor,CRYPTO’92,volume 740 ofLNCS, pages 89–105. Springer, Heidelberg,August 1993
|
//gut In Ernest F. Brickell, editor,CRYPTO’92,volume 740 ofLNCS, pages 89–105. Springer, Heidelberg,August 1993
|
||||||
type DLEQProof struct {
|
type DLEQProof struct {
|
||||||
C *ristretto.Scalar
|
C *ristretto.Scalar
|
||||||
S *ristretto.Scalar
|
S *ristretto.Scalar
|
||||||
|
@ -16,29 +16,26 @@ type DLEQProof struct {
|
||||||
// DiscreteLogEquivalenceProof constructs a valid DLEQProof for the given parameters and transcript
|
// DiscreteLogEquivalenceProof constructs a valid DLEQProof for the given parameters and transcript
|
||||||
// Given Y = kX & Q = kP
|
// Given Y = kX & Q = kP
|
||||||
// Peggy: t := choose randomly from Zq
|
// Peggy: t := choose randomly from Zq
|
||||||
//
|
// A := tX
|
||||||
// A := tX
|
// B := tP
|
||||||
// B := tP
|
// c := H(transcript(X,Y,P,Q,A,B))
|
||||||
// c := H(transcript(X,Y,P,Q,A,B))
|
// s := (t + ck) mod q
|
||||||
// s := (t + ck) mod q
|
|
||||||
//
|
//
|
||||||
// Sends c,s to Vicky
|
// Sends c,s to Vicky
|
||||||
func DiscreteLogEquivalenceProof(k *ristretto.Scalar, X *ristretto.Element, Y *ristretto.Element, P *ristretto.Element, Q *ristretto.Element, transcript *core.Transcript) DLEQProof {
|
func DiscreteLogEquivalenceProof(k *ristretto.Scalar, X *ristretto.Element, Y *ristretto.Element, P *ristretto.Element, Q *ristretto.Element, transcript *core.Transcript) DLEQProof {
|
||||||
private := make([]byte, 64)
|
private := make([]byte, 64)
|
||||||
rand.Read(private)
|
rand.Read(private)
|
||||||
t, err := new(ristretto.Scalar).SetUniformBytes(private)
|
t := new(ristretto.Scalar)
|
||||||
if err != nil {
|
t.FromUniformBytes(private)
|
||||||
return DLEQProof{ristretto.NewScalar(), ristretto.NewScalar()}
|
|
||||||
}
|
|
||||||
A := new(ristretto.Element).ScalarMult(t, X)
|
A := new(ristretto.Element).ScalarMult(t, X)
|
||||||
B := new(ristretto.Element).ScalarMult(t, P)
|
B := new(ristretto.Element).ScalarMult(t, P)
|
||||||
|
|
||||||
transcript.AddToTranscript(DLEQX, X.Bytes())
|
transcript.AddToTranscript(DLEQX, X.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQY, Y.Bytes())
|
transcript.AddToTranscript(DLEQY, Y.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQP, P.Bytes())
|
transcript.AddToTranscript(DLEQP, P.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQQ, Q.Bytes())
|
transcript.AddToTranscript(DLEQQ, Q.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQA, A.Bytes())
|
transcript.AddToTranscript(DLEQA, A.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQB, B.Bytes())
|
transcript.AddToTranscript(DLEQB, B.Encode(nil))
|
||||||
|
|
||||||
c := transcript.CommitToTranscriptScalar("c")
|
c := transcript.CommitToTranscriptScalar("c")
|
||||||
s := new(ristretto.Scalar).Subtract(t, new(ristretto.Scalar).Multiply(c, k))
|
s := new(ristretto.Scalar).Subtract(t, new(ristretto.Scalar).Multiply(c, k))
|
||||||
|
@ -48,14 +45,12 @@ func DiscreteLogEquivalenceProof(k *ristretto.Scalar, X *ristretto.Element, Y *r
|
||||||
// VerifyDiscreteLogEquivalenceProof verifies the DLEQ for the given parameters and transcript
|
// VerifyDiscreteLogEquivalenceProof verifies the DLEQ for the given parameters and transcript
|
||||||
// Given Y = kX & Q = kP and Proof = (c,s)
|
// Given Y = kX & Q = kP and Proof = (c,s)
|
||||||
// Vicky: X' := sX
|
// Vicky: X' := sX
|
||||||
//
|
// Y' := cY
|
||||||
// Y' := cY
|
// P' := sP
|
||||||
// P' := sP
|
// Q' := cQ
|
||||||
// Q' := cQ
|
// A' = X'+Y' == sX + cY ?= sG + ckG == (s+ck)X == tX == A
|
||||||
// A' = X'+Y' == sX + cY ?= sG + ckG == (s+ck)X == tX == A
|
// B' = P'+Q' == sP + cQ ?= sP + ckP == (s+ck)P == tP == B
|
||||||
// B' = P'+Q' == sP + cQ ?= sP + ckP == (s+ck)P == tP == B
|
// c' := H(transcript(X,Y,P,Q,A',B'))
|
||||||
// c' := H(transcript(X,Y,P,Q,A',B'))
|
|
||||||
//
|
|
||||||
// Tests c ?= c
|
// Tests c ?= c
|
||||||
func VerifyDiscreteLogEquivalenceProof(dleq DLEQProof, X *ristretto.Element, Y *ristretto.Element, P *ristretto.Element, Q *ristretto.Element, transcript *core.Transcript) bool {
|
func VerifyDiscreteLogEquivalenceProof(dleq DLEQProof, X *ristretto.Element, Y *ristretto.Element, P *ristretto.Element, Q *ristretto.Element, transcript *core.Transcript) bool {
|
||||||
|
|
||||||
|
@ -67,12 +62,12 @@ func VerifyDiscreteLogEquivalenceProof(dleq DLEQProof, X *ristretto.Element, Y *
|
||||||
A := new(ristretto.Element).Add(Xs, Yc)
|
A := new(ristretto.Element).Add(Xs, Yc)
|
||||||
B := new(ristretto.Element).Add(Ps, Qc)
|
B := new(ristretto.Element).Add(Ps, Qc)
|
||||||
|
|
||||||
transcript.AddToTranscript(DLEQX, X.Bytes())
|
transcript.AddToTranscript(DLEQX, X.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQY, Y.Bytes())
|
transcript.AddToTranscript(DLEQY, Y.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQP, P.Bytes())
|
transcript.AddToTranscript(DLEQP, P.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQQ, Q.Bytes())
|
transcript.AddToTranscript(DLEQQ, Q.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQA, A.Bytes())
|
transcript.AddToTranscript(DLEQA, A.Encode(nil))
|
||||||
transcript.AddToTranscript(DLEQB, B.Bytes())
|
transcript.AddToTranscript(DLEQB, B.Encode(nil))
|
||||||
|
|
||||||
return transcript.CommitToTranscriptScalar("c").Equal(dleq.C) == 1
|
return transcript.CommitToTranscriptScalar("c").Equal(dleq.C) == 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package privacypass
|
||||||
import (
|
import (
|
||||||
"crypto/hmac"
|
"crypto/hmac"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"git.openprivacy.ca/cwtch.im/tapir/primitives/core"
|
"git.openprivacy.ca/cwtch.im/tapir/primitives/core"
|
||||||
"git.openprivacy.ca/openprivacy/log"
|
"git.openprivacy.ca/openprivacy/log"
|
||||||
|
@ -56,10 +55,10 @@ func (t *Token) GenBlindedToken() BlindedToken {
|
||||||
t.r = new(ristretto.Scalar)
|
t.r = new(ristretto.Scalar)
|
||||||
b := make([]byte, 64)
|
b := make([]byte, 64)
|
||||||
rand.Read(b)
|
rand.Read(b)
|
||||||
t.r.SetUniformBytes(b)
|
t.r.FromUniformBytes(b)
|
||||||
|
|
||||||
Ht := sha3.Sum512(t.t)
|
Ht := sha3.Sum512(t.t)
|
||||||
T, _ := new(ristretto.Element).SetUniformBytes(Ht[:])
|
T := new(ristretto.Element).FromUniformBytes(Ht[:])
|
||||||
P := new(ristretto.Element).ScalarMult(t.r, T)
|
P := new(ristretto.Element).ScalarMult(t.r, T)
|
||||||
return BlindedToken{P}
|
return BlindedToken{P}
|
||||||
}
|
}
|
||||||
|
@ -71,7 +70,7 @@ func (t *Token) unblindSignedToken(token SignedToken) {
|
||||||
|
|
||||||
// SpendToken binds the token with data and then redeems the token
|
// SpendToken binds the token with data and then redeems the token
|
||||||
func (t *Token) SpendToken(data []byte) SpentToken {
|
func (t *Token) SpendToken(data []byte) SpentToken {
|
||||||
key := sha3.Sum256(append(t.t, t.W.Bytes()...))
|
key := sha3.Sum256(append(t.t, t.W.Encode(nil)...))
|
||||||
mac := hmac.New(sha3.New512, key[:])
|
mac := hmac.New(sha3.New512, key[:])
|
||||||
mac.Write(data)
|
mac.Write(data)
|
||||||
return SpentToken{t.t, mac.Sum(nil)}
|
return SpentToken{t.t, mac.Sum(nil)}
|
||||||
|
@ -89,13 +88,13 @@ func GenerateBlindedTokenBatch(num int) (tokens []*Token, blindedTokens []Blinde
|
||||||
// verifyBatchProof verifies a given batch proof (see also UnblindSignedTokenBatch)
|
// verifyBatchProof verifies a given batch proof (see also UnblindSignedTokenBatch)
|
||||||
func verifyBatchProof(dleq DLEQProof, Y *ristretto.Element, blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) bool {
|
func verifyBatchProof(dleq DLEQProof, Y *ristretto.Element, blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) bool {
|
||||||
transcript.NewProtocol(BatchProofProtocol)
|
transcript.NewProtocol(BatchProofProtocol)
|
||||||
transcript.AddToTranscript(BatchProofX, ristretto.NewGeneratorElement().Bytes())
|
transcript.AddToTranscript(BatchProofX, new(ristretto.Element).Base().Encode(nil))
|
||||||
transcript.AddToTranscript(BatchProofY, Y.Bytes())
|
transcript.AddToTranscript(BatchProofY, Y.Encode(nil))
|
||||||
transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens)))
|
transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens)))
|
||||||
transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens)))
|
transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens)))
|
||||||
prng := transcript.CommitToPRNG("w")
|
prng := transcript.CommitToPRNG("w")
|
||||||
M := ristretto.NewIdentityElement()
|
M := new(ristretto.Element).Zero()
|
||||||
Z := ristretto.NewIdentityElement()
|
Z := new(ristretto.Element).Zero()
|
||||||
buf := make([]byte, 64)
|
buf := make([]byte, 64)
|
||||||
c := new(ristretto.Scalar)
|
c := new(ristretto.Scalar)
|
||||||
for i := range blindedTokens {
|
for i := range blindedTokens {
|
||||||
|
@ -107,7 +106,7 @@ func verifyBatchProof(dleq DLEQProof, Y *ristretto.Element, blindedTokens []Blin
|
||||||
M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M)
|
M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M)
|
||||||
Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z)
|
Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z)
|
||||||
}
|
}
|
||||||
return VerifyDiscreteLogEquivalenceProof(dleq, ristretto.NewGeneratorElement(), Y, M, Z, transcript)
|
return VerifyDiscreteLogEquivalenceProof(dleq, new(ristretto.Element).Base(), Y, M, Z, transcript)
|
||||||
}
|
}
|
||||||
|
|
||||||
// UnblindSignedTokenBatch taking in a set of tokens, their blinded & signed counterparts, a server public key (Y), a DLEQ proof and a transcript
|
// UnblindSignedTokenBatch taking in a set of tokens, their blinded & signed counterparts, a server public key (Y), a DLEQ proof and a transcript
|
||||||
|
@ -123,16 +122,3 @@ func UnblindSignedTokenBatch(tokens []*Token, blindedTokens []BlindedToken, sign
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// MarshalJSON - in order to store tokens in a serialized form we need to expose the private, unexported value
|
|
||||||
// `t`. Note that `r` is not needed to spend the token, and as such we effectively destroy it when we serialize.
|
|
||||||
// Ideally, go would let us do this with an annotation, alas.
|
|
||||||
func (t Token) MarshalJSON() ([]byte, error) {
|
|
||||||
return json.Marshal(struct {
|
|
||||||
T []byte `json:"t"`
|
|
||||||
W *ristretto.Element
|
|
||||||
}{
|
|
||||||
T: t.t,
|
|
||||||
W: t.W,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ func TestToken_ConstrainToToken(t *testing.T) {
|
||||||
token2 := new(Token)
|
token2 := new(Token)
|
||||||
blindedToken2 := token2.GenBlindedToken()
|
blindedToken2 := token2.GenBlindedToken()
|
||||||
Ht := sha3.Sum512(token.t)
|
Ht := sha3.Sum512(token.t)
|
||||||
T, _ := new(ristretto255.Element).SetUniformBytes(Ht[:])
|
T := new(ristretto255.Element).FromUniformBytes(Ht[:])
|
||||||
// Constraint forces T = kW to be part of the batch proof
|
// Constraint forces T = kW to be part of the batch proof
|
||||||
// And because the batch proof must prove that *all* inputs share the same key and also checks the servers public key
|
// And because the batch proof must prove that *all* inputs share the same key and also checks the servers public key
|
||||||
// We get a consistency check for almost free.
|
// We get a consistency check for almost free.
|
||||||
|
@ -75,7 +75,7 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
|
||||||
db.Open("tokens.db")
|
db.Open("tokens.db")
|
||||||
|
|
||||||
fakeRand := sha512.Sum512([]byte{})
|
fakeRand := sha512.Sum512([]byte{})
|
||||||
k, _ := ristretto255.NewScalar().SetUniformBytes(fakeRand[:])
|
k := ristretto255.NewScalar().FromUniformBytes(fakeRand[:])
|
||||||
server := NewTokenServerFromStore(k, db)
|
server := NewTokenServerFromStore(k, db)
|
||||||
defer server.Close()
|
defer server.Close()
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,7 @@ func NewTokenServer() *TokenServer {
|
||||||
// unable to generate secure random numbers
|
// unable to generate secure random numbers
|
||||||
panic("unable to generate secure random numbers")
|
panic("unable to generate secure random numbers")
|
||||||
}
|
}
|
||||||
k.SetUniformBytes(b)
|
k.FromUniformBytes(b)
|
||||||
return &TokenServer{k, new(ristretto.Element).ScalarBaseMult(k), make(map[string]bool), nil, sync.Mutex{}}
|
return &TokenServer{k, new(ristretto.Element).ScalarBaseMult(k), make(map[string]bool), nil, sync.Mutex{}}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,10 +92,7 @@ func (ts *TokenServer) SignBlindedTokenBatchWithConstraint(blindedTokens []Blind
|
||||||
signedTokens = append(signedTokens, ts.SignBlindedToken(bt))
|
signedTokens = append(signedTokens, ts.SignBlindedToken(bt))
|
||||||
}
|
}
|
||||||
Ht := sha3.Sum512(constraintToken)
|
Ht := sha3.Sum512(constraintToken)
|
||||||
T, err := new(ristretto.Element).SetUniformBytes(Ht[:])
|
T := new(ristretto.Element).FromUniformBytes(Ht[:])
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
// W == kT
|
// W == kT
|
||||||
W := new(ristretto.Element).ScalarMult(ts.k, T)
|
W := new(ristretto.Element).ScalarMult(ts.k, T)
|
||||||
blindedTokens = append(blindedTokens, BlindedToken{P: T})
|
blindedTokens = append(blindedTokens, BlindedToken{P: T})
|
||||||
|
@ -110,14 +107,14 @@ func (ts *TokenServer) SignBlindedTokenBatchWithConstraint(blindedTokens []Blind
|
||||||
// constructBatchProof construct a batch proof that all the signed tokens have been signed correctly
|
// constructBatchProof construct a batch proof that all the signed tokens have been signed correctly
|
||||||
func (ts *TokenServer) constructBatchProof(blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) (*DLEQProof, error) {
|
func (ts *TokenServer) constructBatchProof(blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) (*DLEQProof, error) {
|
||||||
transcript.NewProtocol(BatchProofProtocol)
|
transcript.NewProtocol(BatchProofProtocol)
|
||||||
transcript.AddToTranscript(BatchProofX, ristretto.NewGeneratorElement().Bytes())
|
transcript.AddToTranscript(BatchProofX, new(ristretto.Element).Base().Encode(nil))
|
||||||
transcript.AddToTranscript(BatchProofY, ts.Y.Bytes())
|
transcript.AddToTranscript(BatchProofY, ts.Y.Encode(nil))
|
||||||
transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens)))
|
transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens)))
|
||||||
transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens)))
|
transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens)))
|
||||||
prng := transcript.CommitToPRNG("w")
|
prng := transcript.CommitToPRNG("w")
|
||||||
|
|
||||||
M := ristretto.NewIdentityElement()
|
M := new(ristretto.Element).Zero()
|
||||||
Z := ristretto.NewIdentityElement()
|
Z := new(ristretto.Element).Zero()
|
||||||
|
|
||||||
buf := make([]byte, 64)
|
buf := make([]byte, 64)
|
||||||
c := new(ristretto.Scalar)
|
c := new(ristretto.Scalar)
|
||||||
|
@ -130,7 +127,7 @@ func (ts *TokenServer) constructBatchProof(blindedTokens []BlindedToken, signedT
|
||||||
M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M)
|
M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M)
|
||||||
Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z)
|
Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z)
|
||||||
}
|
}
|
||||||
proof := DiscreteLogEquivalenceProof(ts.k, ristretto.NewGeneratorElement(), ts.Y, M, Z, transcript)
|
proof := DiscreteLogEquivalenceProof(ts.k, new(ristretto.Element).Base(), ts.Y, M, Z, transcript)
|
||||||
return &proof, nil
|
return &proof, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -149,12 +146,9 @@ func (ts *TokenServer) SpendToken(token SpentToken, data []byte) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Ht := sha3.Sum512(token.T)
|
Ht := sha3.Sum512(token.T)
|
||||||
T, err := new(ristretto.Element).SetUniformBytes(Ht[:])
|
T := new(ristretto.Element).FromUniformBytes(Ht[:])
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
W := new(ristretto.Element).ScalarMult(ts.k, T)
|
W := new(ristretto.Element).ScalarMult(ts.k, T)
|
||||||
key := sha3.Sum256(append(token.T, W.Bytes()...))
|
key := sha3.Sum256(append(token.T, W.Encode(nil)...))
|
||||||
mac := hmac.New(sha3.New512, key[:])
|
mac := hmac.New(sha3.New512, key[:])
|
||||||
mac.Write(data)
|
mac.Write(data)
|
||||||
computedMAC := mac.Sum(nil)
|
computedMAC := mac.Sum(nil)
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
||||||
"git.openprivacy.ca/openprivacy/log"
|
"git.openprivacy.ca/openprivacy/log"
|
||||||
"golang.org/x/crypto/ed25519"
|
"golang.org/x/crypto/ed25519"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
"runtime/pprof"
|
"runtime/pprof"
|
||||||
|
@ -68,7 +69,7 @@ func TestTapir(t *testing.T) {
|
||||||
|
|
||||||
torDataDir := ""
|
torDataDir := ""
|
||||||
var err error
|
var err error
|
||||||
if torDataDir, err = os.MkdirTemp("./tor/", "data-dir-"); err != nil {
|
if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil {
|
||||||
t.Fatalf("could not create data dir")
|
t.Fatalf("could not create data dir")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -142,10 +143,6 @@ func connectclient(t *testing.T, client tapir.Service, key ed25519.PublicKey, gr
|
||||||
conn, _ := client.GetConnection(torProvider.GetTorV3Hostname(key))
|
conn, _ := client.GetConnection(torProvider.GetTorV3Hostname(key))
|
||||||
log.Debugf("Client has Auth: %v", conn.HasCapability(applications.AuthCapability))
|
log.Debugf("Client has Auth: %v", conn.HasCapability(applications.AuthCapability))
|
||||||
|
|
||||||
if conn.HasCapability(applications.AuthCapability) == false {
|
|
||||||
t.Errorf("tapir auth failed")
|
|
||||||
}
|
|
||||||
|
|
||||||
// attempt to send a message that is too long
|
// attempt to send a message that is too long
|
||||||
var long [8195]byte
|
var long [8195]byte
|
||||||
err := conn.Send(long[:])
|
err := conn.Send(long[:])
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
torProvider "git.openprivacy.ca/openprivacy/connectivity/tor"
|
||||||
"git.openprivacy.ca/openprivacy/log"
|
"git.openprivacy.ca/openprivacy/log"
|
||||||
"golang.org/x/crypto/ed25519"
|
"golang.org/x/crypto/ed25519"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"runtime"
|
"runtime"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -29,7 +30,7 @@ func TestTapirMaliciousRemote(t *testing.T) {
|
||||||
|
|
||||||
torDataDir := ""
|
torDataDir := ""
|
||||||
var err error
|
var err error
|
||||||
if torDataDir, err = os.MkdirTemp("./tor/", "data-dir-"); err != nil {
|
if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil {
|
||||||
t.Fatalf("could not create data dir")
|
t.Fatalf("could not create data dir")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,9 @@ package utils
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"filippo.io/edwards25519"
|
|
||||||
"golang.org/x/crypto/curve25519"
|
"golang.org/x/crypto/curve25519"
|
||||||
"golang.org/x/crypto/ed25519"
|
"golang.org/x/crypto/ed25519"
|
||||||
|
"math/big"
|
||||||
)
|
)
|
||||||
|
|
||||||
// EDH implements diffie hellman using curve25519 keys derived from ed25519 keys
|
// EDH implements diffie hellman using curve25519 keys derived from ed25519 keys
|
||||||
|
@ -16,23 +16,68 @@ func EDH(privateKey ed25519.PrivateKey, remotePublicKey ed25519.PublicKey) ([]by
|
||||||
var curve25519priv [32]byte
|
var curve25519priv [32]byte
|
||||||
|
|
||||||
PrivateKeyToCurve25519(&curve25519priv, &privKeyBytes)
|
PrivateKeyToCurve25519(&curve25519priv, &privKeyBytes)
|
||||||
remoteCurve25519pub, err := ed25519PublicKeyToCurve25519New(remotePublicKey)
|
curve25519pub := ed25519PublicKeyToCurve25519(remotePublicKey)
|
||||||
if err != nil {
|
secret, err := curve25519.X25519(curve25519priv[:], curve25519pub[:])
|
||||||
return []byte{}, err
|
|
||||||
}
|
|
||||||
secret, err := curve25519.X25519(curve25519priv[:], remoteCurve25519pub[:])
|
|
||||||
return secret, err
|
return secret, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// reproduced from https://github.com/FiloSottile/age/blob/main/agessh/agessh.go#L190
|
// https://github.com/FiloSottile/age/blob/master/internal/age/ssh.go#L174
|
||||||
func ed25519PublicKeyToCurve25519New(pk ed25519.PublicKey) ([]byte, error) {
|
// Copyright 2019 Google LLC
|
||||||
// See https://blog.filippo.io/using-ed25519-keys-for-encryption and
|
//
|
||||||
// https://pkg.go.dev/filippo.io/edwards25519#Point.BytesMontgomery.
|
//Redistribution and use in source and binary forms, with or without
|
||||||
p, err := new(edwards25519.Point).SetBytes(pk)
|
//modification, are permitted provided that the following conditions are
|
||||||
if err != nil {
|
//met:
|
||||||
return nil, err
|
//
|
||||||
|
// * Redistributions of source code must retain the above copyright
|
||||||
|
//notice, this list of conditions and the following disclaimer.
|
||||||
|
// * Redistributions in binary form must reproduce the above
|
||||||
|
//copyright notice, this list of conditions and the following disclaimer
|
||||||
|
//in the documentation and/or other materials provided with the
|
||||||
|
//distribution.
|
||||||
|
// * Neither the name of Google LLC nor the names of its
|
||||||
|
//contributors may be used to endorse or promote products derived from
|
||||||
|
//this software without specific prior written permission.
|
||||||
|
//
|
||||||
|
//THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
//"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
//LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
//A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
//OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
//SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
//LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
//DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
//THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
//(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
//OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
var curve25519P, _ = new(big.Int).SetString("57896044618658097711785492504343953926634992332820282019728792003956564819949", 10)
|
||||||
|
|
||||||
|
func ed25519PublicKeyToCurve25519(pk ed25519.PublicKey) []byte {
|
||||||
|
// ed25519.PublicKey is a little endian representation of the y-coordinate,
|
||||||
|
// with the most significant bit set based on the sign of the x-coordinate.
|
||||||
|
bigEndianY := make([]byte, ed25519.PublicKeySize)
|
||||||
|
for i, b := range pk {
|
||||||
|
bigEndianY[ed25519.PublicKeySize-i-1] = b
|
||||||
}
|
}
|
||||||
return p.BytesMontgomery(), nil
|
bigEndianY[0] &= 0b0111_1111
|
||||||
|
|
||||||
|
// The Montgomery u-coordinate is derived through the bilinear map
|
||||||
|
//
|
||||||
|
// u = (1 + y) / (1 - y)
|
||||||
|
//
|
||||||
|
// See https://blog.filippo.io/using-ed25519-keys-for-encryption.
|
||||||
|
y := new(big.Int).SetBytes(bigEndianY)
|
||||||
|
denom := big.NewInt(1)
|
||||||
|
denom.ModInverse(denom.Sub(denom, y), curve25519P) // 1 / (1 - y)
|
||||||
|
u := y.Mul(y.Add(y, big.NewInt(1)), denom)
|
||||||
|
u.Mod(u, curve25519P)
|
||||||
|
|
||||||
|
out := make([]byte, curve25519.PointSize)
|
||||||
|
uBytes := u.Bytes()
|
||||||
|
for i, b := range uBytes {
|
||||||
|
out[len(uBytes)-i-1] = b
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// PrivateKeyToCurve25519 converts an ed25519 private key into a corresponding
|
// PrivateKeyToCurve25519 converts an ed25519 private key into a corresponding
|
||||||
|
|
Loading…
Reference in New Issue