From d096aa135fa15786b33618861f818f80492f8032 Mon Sep 17 00:00:00 2001 From: Daniel Bourdrez <3641580+bytemare@users.noreply.github.com> Date: Wed, 1 May 2024 11:22:40 +0200 Subject: [PATCH] update compliance and ci (#26) Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- .github/CONTRIBUTING.md | 4 ++ .github/ISSUE_TEMPLATE/bug-report.md | 4 +- .github/ISSUE_TEMPLATE/enhancement.md | 24 ++++++++ .github/Makefile | 6 +- .../pull_request_template.md | 4 +- SECURITY.md => .github/SECURITY.md | 0 .github/dependency-review.yml | 27 +++++++++ .github/renovate.json | 2 +- .github/workflows/ci.yml | 57 +++++++++++++++---- .github/workflows/codeql.yml | 17 ++++-- .github/workflows/scorecards.yml | 57 ++++++++++++------- .gitignore | 2 + go.mod | 14 ++--- go.sum | 24 ++++---- oprf.go | 14 ++--- tests/helper_test.go | 2 +- tests/vectors_test.go | 6 +- verifiable.go | 2 +- 18 files changed, 192 insertions(+), 74 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/enhancement.md rename SECURITY.md => .github/SECURITY.md (100%) create mode 100644 .github/dependency-review.yml diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 6f1088f..36952f7 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -30,6 +30,10 @@ Please note that changes that are purely cosmetic and do not add anything substa This project tries to be as Go idiomatic as possible. Conventions from [Effective Go](https://golang.org/doc/effective_go) apply here. Tests use a very opinionated linting configuration that you can use before committing to your changes. +### Governance Model + +This project follows the [Benevolent Dictator Governance Model](http://oss-watch.ac.uk/resources/benevolentdictatorgovernancemodel) where the project owner and lead makes all final decisions. + ### Licence By contributing to this project, you agree that your contributions will be licensed under the project's [License](https://github.com/bytemare/voprf/blob/main/LICENSE). diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 21ff641..915c281 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -16,7 +16,7 @@ A clear and concise description of what the bug is. ### Your setup -**What version/commit of voprf are you using?** +**What version/commit of the project are you using?** **What version of go are you using?** 
@@ -30,7 +30,7 @@ $ go env
-**If relevant, what voprf parameters are you using?** +**If relevant, what parameters or arguments are you using?** ### Reproducing diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md new file mode 100644 index 0000000..8300dba --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.md @@ -0,0 +1,24 @@ +--- +name: "📈 Enhancement" +about: Request or discuss improvements +title: "[Enhancement]" +labels: enhancement +assignees: bytemare + +--- + + + +### Describe the feature + +A clear and concise description of what the enhancement is and what problem it solves. + +**Expected behaviour** + +A clear and concise description of what you expected to happen. + +**Additional context** + +Add any other context about the problem here. diff --git a/.github/Makefile b/.github/Makefile index 16212c1..9730f57 100644 --- a/.github/Makefile +++ b/.github/Makefile @@ -1,10 +1,8 @@ .PHONY: update update: @echo "Updating dependencies..." - @cd ../ && go get -u + @cd ../ && go get -u ./... @go mod tidy - @echo "Updating Github Actions pins..." - @$(foreach file, $(wildcard workflows/*.yml), pin-github-action $(file);) .PHONY: update-linters update-linters: @@ -39,7 +37,7 @@ lint: fmt license .PHONY: test test: @echo "Running all tests ..." - @go test -v -vet=all ../tests + @go test -v -vet=all ../... .PHONY: vectors vectors: diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md index 0c4ba8a..3898f62 100644 --- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md +++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md @@ -8,6 +8,8 @@ + + ### Motivation and Context @@ -26,9 +28,9 @@ ### Checklist: +- [ ] I have read the **CONTRIBUTING** document. - [ ] My code follows the code style of this project. - [ ] My change requires a change to the documentation. - [ ] I have updated the documentation accordingly. -- [ ] I have read the **CONTRIBUTING** document. - [ ] I have added tests to cover my changes. - [ ] All new and existing tests passed. diff --git a/SECURITY.md b/.github/SECURITY.md similarity index 100% rename from SECURITY.md rename to .github/SECURITY.md diff --git a/.github/dependency-review.yml b/.github/dependency-review.yml new file mode 100644 index 0000000..d2488d0 --- /dev/null +++ b/.github/dependency-review.yml @@ -0,0 +1,27 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: block + + - name: 'Checkout Repository' + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - name: 'Dependency Review' + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 diff --git a/.github/renovate.json b/.github/renovate.json index 39a2b6e..d466a32 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,6 +1,6 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base" + "github>bytemare/renovate-config" ] } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 586d5c0..66252d0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,18 +12,29 @@ jobs: name: Lint runs-on: ubuntu-latest steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + objects.githubusercontent.com:443 + proxy.golang.org:443 + raw.githubusercontent.com:443 + - name: Checkout repo - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version-file: ./go.mod # Linting - name: Linting - uses: golangci/golangci-lint-action@2e6adf08a9d304f4ac29fc9cb609dcd6a6e05c40 # pin@master + uses: golangci/golangci-lint-action@692c9c9dba385536b59da68da5aef1775a6f94ea with: version: latest args: --config=./.github/.golangci.yml ./... @@ -35,14 +46,24 @@ jobs: strategy: fail-fast: false matrix: - go: [ '1.21', '1.20' ] + go: [ '1.22', '1.21' ] steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + proxy.golang.org:443 + storage.googleapis.com:443 + sum.golang.org:443 + - name: Checkout repo - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version: ${{ matrix.go }} @@ -54,12 +75,28 @@ jobs: name: Analyze runs-on: ubuntu-latest steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.codecov.io:443 + api.github.com:443 + cli.codecov.io:443 + ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 + github.com:443 + objects.githubusercontent.com:443 + proxy.golang.org:443 + scanner.sonarcloud.io:443 + sonarcloud.io:443 + storage.googleapis.com:443 + - name: Checkout repo - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version-file: ./go.mod @@ -69,7 +106,7 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@bbeaa140357942e4e8d8e15f1cd2f4e612f64c59 # pin@master + uses: codecov/codecov-action@1290bddc8851afa46a03b9a73dd9979a415d4c4f env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: @@ -77,7 +114,7 @@ jobs: # Sonar - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@db501078e936e4b4c8773d1bb949ba9ddb7b6b6a # pin@master + uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d811729..e38eded 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,21 +21,26 @@ jobs: strategy: fail-fast: false - matrix: - go: [ '1.21', '1.20' ] steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 + - name: Checkout repository - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # pin@master + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6f5223db54afb6bccb7b88162896588caa1f611b # pin@master + uses: github/codeql-action/init@4ebadbc7468649cf79b138f45e20d999351f6ed0 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@6f5223db54afb6bccb7b88162896588caa1f611b # pin@master + uses: github/codeql-action/autobuild@4ebadbc7468649cf79b138f45e20d999351f6ed0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6f5223db54afb6bccb7b88162896588caa1f611b # pin@master + uses: github/codeql-action/analyze@4ebadbc7468649cf79b138f45e20d999351f6ed0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 287d3c4..b7c346f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,55 +1,74 @@ -name: Scorecards supply-chain security +name: Scorecard analysis workflow on: + # Only the default branch is supported. + branch_protection_rule: schedule: - - cron: '16 23 * * 2' + # Weekly on Saturdays. + - cron: '30 1 * * 6' push: - branches: [ "main" ] + branches: [ main ] # Declare default permissions as read only. permissions: read-all jobs: analysis: - name: Scorecards analysis + name: Scorecard analysis runs-on: ubuntu-latest permissions: - # Needed to upload the results to code-scanning dashboard. + # Needed if using Code scanning alerts security-events: write - # Needed to publish results and get a badge (see publish_results below). + # Needed for GitHub OIDC token if publish_results is true id-token: write + steps: + - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + api.osv.dev:443 + api.securityscorecards.dev:443 + fulcio.sigstore.dev:443 + github.com:443 + oss-fuzz-build-logs.storage.googleapis.com:443 + rekor.sigstore.dev:443 + tuf-repo-cdn.sigstore.dev:443 + www.bestpractices.dev:443 + - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@master + uses: actions/checkout@8459bc0c7e3759cdf591f513d9f141a95fef0a8f with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@342acf350cd07e41a36da9be2b107614dd1661a3 # pin@master + uses: ossf/scorecard-action@fad9a3cc533bb069b1f01f272f1f630895cd690a with: results_file: results.sarif results_format: sarif + # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional. repo_token: ${{ secrets.SCORECARD_TOKEN }} - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. + # Publish the results for public repositories to enable scorecard badges. For more details, see + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless + # of the value entered here. publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # pin@master + uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68 with: name: SARIF file path: results.sarif retention-days: 5 - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6f5223db54afb6bccb7b88162896588caa1f611b # pin@master + # required for Code scanning alerts + - name: "Upload SARIF results to code scanning" + uses: github/codeql-action/upload-sarif@4ebadbc7468649cf79b138f45e20d999351f6ed0 with: sarif_file: results.sarif diff --git a/.gitignore b/.gitignore index 66fd13c..bbfd2cb 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ # Dependency directories (remove the comment below to include it) # vendor/ + +.idea \ No newline at end of file diff --git a/go.mod b/go.mod index d2ad548..24e6043 100644 --- a/go.mod +++ b/go.mod @@ -1,18 +1,18 @@ module github.com/bytemare/voprf -go 1.21 +go 1.22.2 require ( - github.com/bytemare/crypto v0.5.2 - github.com/bytemare/hash v0.1.7 + github.com/bytemare/crypto v0.6.0 + github.com/bytemare/hash v0.3.0 ) require ( filippo.io/edwards25519 v1.1.0 // indirect filippo.io/nistec v0.0.3 // indirect - github.com/bytemare/hash2curve v0.2.3 // indirect - github.com/bytemare/secp256k1 v0.1.0 // indirect + github.com/bytemare/hash2curve v0.3.0 // indirect + github.com/bytemare/secp256k1 v0.1.2 // indirect github.com/gtank/ristretto255 v0.1.2 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/sys v0.15.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/sys v0.19.0 // indirect ) diff --git a/go.sum b/go.sum index 5075233..110b1a6 100644 --- a/go.sum +++ b/go.sum @@ -2,17 +2,17 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= filippo.io/nistec v0.0.3 h1:h336Je2jRDZdBCLy2fLDUd9E2unG32JLwcJi0JQE9Cw= filippo.io/nistec v0.0.3/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw= -github.com/bytemare/crypto v0.5.2 h1:ogvfY5mmtrPc5Uhwq4mUEUDnTVig+UEF8gwnNAPaNbU= -github.com/bytemare/crypto v0.5.2/go.mod h1:kkx4ciRQFWcjMauezZo9SHw4YmqSTolWkfOVVTOXgAY= -github.com/bytemare/hash v0.1.7 h1:5SqO0vCqefSkbY4UVfjSmUKyadDGoWk8fiXJDpnKE7Q= -github.com/bytemare/hash v0.1.7/go.mod h1:aAUXRjcoavq+IrTSZHPY9nEy8wHmWZk8y4Sbol4XkWU= -github.com/bytemare/hash2curve v0.2.3 h1:/1fbzqtmxu2sth4CWOhQHF2IueTDeJlIPu4mFMPvKsQ= -github.com/bytemare/hash2curve v0.2.3/go.mod h1:AyhJKfHs0s8+thKO+lMKKMm1aGc26GLHNdI1sD6fCSo= -github.com/bytemare/secp256k1 v0.1.0 h1:kjVJ06GAHSa+EJ7Rz1LdVgE0DQWdvUT77tmcGf7epXQ= -github.com/bytemare/secp256k1 v0.1.0/go.mod h1:hzquMsr3GXhVcqL9qFX7GGjmcT5dlQldKrArd7tcXHE= +github.com/bytemare/crypto v0.6.0 h1:wTsJ1jAcCMqDYWP4W2W5wBI36gU9s3nnz1Xmec89n7E= +github.com/bytemare/crypto v0.6.0/go.mod h1:JSO2mlWIuYZHTxeO02xQTf+0tFX9Gue7OsUrEGGYN8Q= +github.com/bytemare/hash v0.3.0 h1:RqFMt3mqpF7UxLdjBrsOZm/2cz0cQiAOnYc9gDLopWE= +github.com/bytemare/hash v0.3.0/go.mod h1:YKOBchL0l8hRLFinVCL8YUKokGNIMhrWEHPHo3EV7/M= +github.com/bytemare/hash2curve v0.3.0 h1:41Npcbc+u/E252A5aCMtxDcz7JPkkX1QzShneTFm4eg= +github.com/bytemare/hash2curve v0.3.0/go.mod h1:itj45U8uqvCtWC0eCswIHVHswXcEHkpFui7gfJdPSfQ= +github.com/bytemare/secp256k1 v0.1.2 h1:aM+p/+0y1h0SZWqS/yzjGPzffVFubJvwLjUgodFEWOo= +github.com/bytemare/secp256k1 v0.1.2/go.mod h1:Pxb9miDs8PTt5mOktvvXiRflvLxI1wdxbXrc6IYsaho= github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc= github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/oprf.go b/oprf.go index 7452b21..0c40301 100644 --- a/oprf.go +++ b/oprf.go @@ -68,12 +68,12 @@ const ( var ( groups = make(map[Ciphersuite]group.Group, nbIDs) - hashes = make(map[Ciphersuite]hash.Hashing, nbIDs) + hashes = make(map[Ciphersuite]hash.Hash, nbIDs) ) func (c Ciphersuite) new(mode Mode) *oprf { return &oprf{ - hash: hashes[c].Get(), + hash: hashes[c].New(), contextString: contextString(mode, c), ciphersuite: c, mode: mode, @@ -109,7 +109,7 @@ func (c Ciphersuite) Group() group.Group { } // Hash returns the hash function identifier used in the cipher suite. -func (c Ciphersuite) Hash() hash.Hashing { +func (c Ciphersuite) Hash() hash.Hash { return hashes[c] } @@ -192,7 +192,7 @@ func (c Ciphersuite) Server(mode Mode, privateKey []byte) (*Server, error) { } type oprf struct { - hash *hash.Hash + hash hash.Hasher ciphersuite Ciphersuite contextString []byte mode Mode @@ -284,10 +284,10 @@ func (o *oprf) hashTranscript(input, info, unblinded []byte) []byte { var h []byte if info == nil { // OPRF and VOPRF - h = o.hash.Hash(encInput, encElement, encDST) + h = o.hash.Hash(0, encInput, encElement, encDST) } else { // POPRF encInfo := lengthPrefixEncode(info) - h = o.hash.Hash(encInput, encInfo, encElement, encDST) + h = o.hash.Hash(0, encInput, encInfo, encElement, encDST) } return h @@ -298,7 +298,7 @@ func (c Ciphersuite) String() string { return string(c) } -func (c Ciphersuite) register(g group.Group, h hash.Hashing) { +func (c Ciphersuite) register(g group.Group, h hash.Hash) { if g.Available() && h.Available() { groups[c] = g hashes[c] = h diff --git a/tests/helper_test.go b/tests/helper_test.go index 0eda225..93e88b4 100644 --- a/tests/helper_test.go +++ b/tests/helper_test.go @@ -34,7 +34,7 @@ type configuration struct { curve elliptic.Curve ciphersuite voprf.Ciphersuite name string - hash hash.Hashing + hash hash.Hash group group.Group } diff --git a/tests/vectors_test.go b/tests/vectors_test.go index 0621886..2d8b208 100644 --- a/tests/vectors_test.go +++ b/tests/vectors_test.go @@ -179,7 +179,7 @@ type vector struct { Mode voprf.Mode `json:"mode"` } -func hashToHash(h string) hash.Identifier { +func hashToHash(h string) hash.Hash { switch h { case "SHA256": return hash.SHA256 @@ -200,7 +200,7 @@ func hashToHash(h string) hash.Identifier { case "BLAKE2XS": return hash.BLAKE2XS default: - return nil + return 0 } } @@ -212,7 +212,7 @@ func (v vector) checkParams(t *testing.T) { // Check hash hID := hashToHash(v.Hash) - if hID == nil { + if hID == 0 { t.Fatalf("invalid hash function %v", v.Hash) } diff --git a/verifiable.go b/verifiable.go index 29094c3..7c3152c 100644 --- a/verifiable.go +++ b/verifiable.go @@ -58,7 +58,7 @@ func (o *oprf) computeComposites(k *group.Scalar, encGk []byte, cs, ds []*group. encSeedDST := lengthPrefixEncode(dst(dstSeed, o.contextString)) // build seed - seed := o.hash.Hash(encGk, encSeedDST) + seed := o.hash.Hash(0, encGk, encSeedDST) encSeed := lengthPrefixEncode(seed) // This means where calling from the server, and can optimize computation of Z, since Zi = sks * Mi