mirror/libsignal
0
0
Fork 0
mirror of https://github.com/signalapp/libsignal.git synced 2024-09-20 03:52:17 +02:00
Code

Remove deprecated PniCredential

Browse Source
This commit is contained in:
Jordan Rose 2023-04-17 16:57:30 -07:00
parent 5fef0c3c6e
commit bf984c7b54
37 changed files with 9 additions and 2215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
java/client/src/test/java/org/signal/libsignal/zkgroup/integrationtests/ZkGroupTest.java
View File

@ -30,10 +30,6 @@ import org.signal.libsignal.zkgroup.groups.UuidCiphertext;
import org.signal.libsignal.zkgroup.profiles.ClientZkProfileOperations;
import org.signal.libsignal.zkgroup.profiles.ExpiringProfileKeyCredential;
import org.signal.libsignal.zkgroup.profiles.ExpiringProfileKeyCredentialResponse;
import org.signal.libsignal.zkgroup.profiles.PniCredential;
import org.signal.libsignal.zkgroup.profiles.PniCredentialPresentation;
import org.signal.libsignal.zkgroup.profiles.PniCredentialRequestContext;
import org.signal.libsignal.zkgroup.profiles.PniCredentialResponse;
import org.signal.libsignal.zkgroup.profiles.ProfileKey;
import org.signal.libsignal.zkgroup.profiles.ProfileKeyCommitment;
import org.signal.libsignal.zkgroup.profiles.ProfileKeyCredential;
@ -87,9 +83,6 @@ private static final byte[] profileKeyPresentationResultV1 = Hex.fromStringConde
private static final byte[] profileKeyPresentationResultV2 = Hex.fromStringCondensedAssert(
"01e0f49cef4f25c31d1bfdc4a328fd508d2222b6decee2a253cf71e8821e97cc3f86824f79b1884b43c67f854717b1a47f56c8ff50a1c07fddbf4f6e857027d548583b54079dd61d54cdd39cd4acae5f8b3bbfa2bb6b3502b69b36da77addddc145ef254a16f2baec1e3d7e8dc80730bc608fcd0e4d8cfef3330a496380c7ac648686b9c5b914d0a77ee84848aa970b2404450179b4022eef003387f6bdbcba30344cadfd5e3f1677caa2c785f4fefe042a1b2adf4f4b8fa6023e41d704bda901d3a697904770ac46e0e304cf19f91ce9ab0ed1ccad8a6febd72313455f139b9222e9a30a2265c6cd22ee5b907fc95967417a0d8ca338a5ee4d51bba78039c314e4001000000000000749d54772b8137e570157c068a5cfebb464b6c1133c72d9abfda72db421cd00561ac4eecb94313c6912013e32c322ea36743b01814fe919ca84b9aea9c78b10ba021506f7ad8c6625e87e07ce32b559036af6b67e2c0383a643cb93cdc2b9800e90588a18fcc449cd466c28c6db73507d8282dd00808b5927fee3336ed0a2202dfb1e176fece6a4104caa2a866c475209967638ea2f1466847da7301a77b9007dfb332a30e9bbfae8a8398165ec9dd4778214e0d6ed35a34071bdf3b3b19510ff2a617bc53eb0e6b0ddc501db027bb47e4f4127d7a0104945f3d3dc7ec1741038b9b80e2c7f131c519ee26ffcb7cb9d3556cd35a12bef1d4b376fc513197ba00ce8f012a0b374164222ba79a39e74e150813474ca6f87ba705c0f06e7b7068039c5edd9dd1a5ab6793ac211989907686b45650221187d4d59ae492679f3b4308765de9df4cfa5487f360e29e99343e91811baec331c4680985e608ca5d408e21725c6aa1b61d5a8b48d75f4aaa9a3cbe88d3e0f1a54319081f77c72c8f52547448c03ab4afbf6b8fb0e126c037a0ad4094600dd0e0634d76f88c21087f3cfb485a89bc1e3abc4c95041d1d170eccf02933ec5393d4be1dc573f83c33d3b9a746");
private static final byte[] pniPresentationResultV2 = Hex.fromStringCondensedAssert(
"01f887f403db1a80fa04043413233f56bf6c53bb078c16d24df93a219d7785696856d8f197a01c6e223d4aceed1d60b90b713f4556ab39403b84c51d724ca9aa44886d73be15fcebc933f835fc0f3210f8d7b8fa7940bf9069d50dc4ba83da8a0ed86d6c33cd99a25fe46906d655a7fec5fee500527a56ea5689d1765396907b153a86e40eb27b8120661dfe59bb17af1024ebd697c2c36c46f3a85f8dc6f92761b29c84256847b5f420386ac41d6d81f8e65a195f2ab7003c0fc22fd969870e2c5c4ad4a9de38a8bde73509c41e85accef59db69930972b1c3fcb9c9abd4c884a3e91b4c25b8fde3b5cac7c55442f996b3fd3712110c7dd71c847be552122b947402136b1c16fe18acba2e6a277dc57172ac79d189246060d50db1a7dc531d075ec9414f86e31a1b0406ce173b09c1eabbef2de117749b3c512499d5f91e4694e4001000000000000769c0c6c310ed2b8f4a1d1e6b853d83f5da8136e36605fd631979cc618d0e102cc82e9056d2031379de3e57c04530b20617d0b2418b8950c8a2394355c6d400f0e4f69b75942032067382ae244870f5859a35782cb81b1106c5aae58df1f110dbf761c3a52ad5e3a872f385c3056bf2be3d67826cf33bc743c1c25eed0eda20f21de773906657b26e09cf388da2333db60f768865e2405f4df4f48b640295e027625678a810dbf8111918f7b127fd9fb0b332531ec52069b98abf95bb4ae7307d96b9d50b6e734ff8af92d2c8417919795a46b97df7a692df4ea9b63810ef70dca68693bbec7e1f52409430da61cac9249ca02216a77b1f08e5951a50783ca088fa5992b5ecaf1413dfe45f9ef23b3c120994118b325763d66e60c9647cc380248a9da79e46c17b6bb03a23c3987cea86ac158d45b78f1f9b923472521ecb30e765de9df4cfa5487f360e29e99343e91811baec331c4680985e608ca5d408e21725c6aa1b61d5a8b48d75f4aaa9a3cbe88d3e0f1a54319081f77c72c8f525474fe74409060615679fc115473683d63abd9ced46c7f2ad736046de5a2c7d2522f122895597049cfd7cc5beb6dc72aa990ae9a62ec8e256a1cbf5f3f284233bb0748c03ab4afbf6b8fb0e126c037a0ad4094600dd0e0634d76f88c21087f3cfb485a89bc1e3abc4c95041d1d170eccf02933ec5393d4be1dc573f83c33d3b9a746");
// 32 bytes of 0xFF is an invalid Ristretto point, so this should invalidate all the
// the serialized zkgroup structures, since almost everything contains a Ristretto point
private static final byte[] makeBadArray(byte[] a) {
@ -882,89 +875,6 @@ private static final byte[] pniPresentationResultV2 = Hex.fromStringCondensedAss
}
}
@Test @SuppressWarnings("deprecation")
public void testPniIntegration() throws VerificationFailedException, InvalidInputException, UnsupportedEncodingException {
UUID aci = TEST_UUID;
UUID pni = TEST_UUID_1;
// Generate keys (client's are per-group, server's are not)
// ---
// SERVER
ServerSecretParams serverSecretParams = ServerSecretParams.generate(createSecureRandom(TEST_ARRAY_32));
ServerPublicParams serverPublicParams = serverSecretParams.getPublicParams();
ServerZkProfileOperations serverZkProfile = new ServerZkProfileOperations(serverSecretParams);
// CLIENT
GroupMasterKey masterKey = new GroupMasterKey(TEST_ARRAY_32_1);
GroupSecretParams groupSecretParams = GroupSecretParams.deriveFromMasterKey(masterKey);
assertArrayEquals(groupSecretParams.getMasterKey().serialize(), masterKey.serialize());
GroupPublicParams groupPublicParams = groupSecretParams.getPublicParams();
ClientZkProfileOperations clientZkProfileCipher = new ClientZkProfileOperations(serverPublicParams);
ProfileKey profileKey = new ProfileKey(TEST_ARRAY_32_1);
ProfileKeyCommitment profileKeyCommitment = profileKey.getCommitment(aci);
// Create context and request
PniCredentialRequestContext context = clientZkProfileCipher.createPniCredentialRequestContext(createSecureRandom(TEST_ARRAY_32_3), aci, pni, profileKey);
ProfileKeyCredentialRequest request = context.getRequest();
// SERVER
PniCredentialResponse response = serverZkProfile.issuePniCredential(createSecureRandom(TEST_ARRAY_32_4), request, aci, pni, profileKeyCommitment);
// CLIENT
// Gets stored profile credential
ClientZkGroupCipher clientZkGroupCipher = new ClientZkGroupCipher(groupSecretParams);
PniCredential pniCredential = clientZkProfileCipher.receivePniCredential(context, response);
PniCredentialPresentation presentation = clientZkProfileCipher.createPniCredentialPresentation(createSecureRandom(TEST_ARRAY_32_5), groupSecretParams, pniCredential);
assertEquals(presentation.serialize()[0], 1); // Check V2
assertEquals(presentation.getVersion(), PniCredentialPresentation.Version.V2);
assertArrayEquals(presentation.serialize(), pniPresentationResultV2);
// Verify presentation
serverZkProfile.verifyPniCredentialPresentation(groupPublicParams, presentation);
UuidCiphertext aciCiphertextRecv = presentation.getAciCiphertext();
assertArrayEquals(clientZkGroupCipher.encryptUuid(aci).serialize(), aciCiphertextRecv.serialize());
UuidCiphertext pniCiphertextRecv = presentation.getPniCiphertext();
assertArrayEquals(clientZkGroupCipher.encryptUuid(pni).serialize(), pniCiphertextRecv.serialize());
try {
byte[] temp = presentation.serialize();
temp[2]++; // We need a bad presentation that passes deserializaton, this seems to work
PniCredentialPresentation presentationTemp = new PniCredentialPresentation(temp);
serverZkProfile.verifyPniCredentialPresentation(groupPublicParams, presentationTemp);
throw new AssertionError("verifyPniCredentialPresentation should fail 1");
} catch (VerificationFailedException e) {
// expected
}
try {
byte[] temp = presentation.serialize();
temp[0] = 0; // This interprets a V2 as V1, so should fail
PniCredentialPresentation presentationTemp = new PniCredentialPresentation(temp);
serverZkProfile.verifyPniCredentialPresentation(groupPublicParams, presentationTemp);
throw new AssertionError("verifyPniCredentialPresentation should fail 2");
} catch (InvalidInputException e) {
// expected
}
try {
byte[] temp = presentation.serialize();
temp[0] = 40; // This interprets a V2 as a non-existent version, so should fail
PniCredentialPresentation presentationTemp = new PniCredentialPresentation(temp);
serverZkProfile.verifyPniCredentialPresentation(groupPublicParams, presentationTemp);
throw new AssertionError("verifyPniCredentialPresentation should fail 3");
} catch (InvalidInputException e) {
// expected
}
}
@Test
public void testServerSignatures() throws VerificationFailedException {
ServerSecretParams serverSecretParams = ServerSecretParams.generate(createSecureRandom(TEST_ARRAY_32));

17
java/shared/java/org/signal/libsignal/internal/Native.java
View File

@ -225,18 +225,6 @@ public final class Native {
public static native byte[] PlaintextContent_GetBody(long obj);
public static native byte[] PlaintextContent_GetSerialized(long obj);
public static native void PniCredentialPresentation_CheckValidContents(byte[] presentationBytes);
public static native byte[] PniCredentialPresentation_GetAciCiphertext(byte[] presentationBytes);
public static native byte[] PniCredentialPresentation_GetPniCiphertext(byte[] presentationBytes);
public static native byte[] PniCredentialPresentation_GetProfileKeyCiphertext(byte[] presentationBytes);
public static native void PniCredentialRequestContext_CheckValidContents(byte[] buffer);
public static native byte[] PniCredentialRequestContext_GetRequest(byte[] context);
public static native void PniCredentialResponse_CheckValidContents(byte[] buffer);
public static native void PniCredential_CheckValidContents(byte[] buffer);
public static native void PreKeyBundle_Destroy(long handle);
public static native int PreKeyBundle_GetDeviceId(long obj);
public static native long PreKeyBundle_GetIdentityKey(long p);
@ -369,8 +357,6 @@ public final class Native {
public static native byte[] ServerPublicParams_CreateAuthCredentialPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] groupSecretParams, byte[] authCredential);
public static native byte[] ServerPublicParams_CreateAuthCredentialWithPniPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] groupSecretParams, byte[] authCredential);
public static native byte[] ServerPublicParams_CreateExpiringProfileKeyCredentialPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] groupSecretParams, byte[] profileKeyCredential);
public static native byte[] ServerPublicParams_CreatePniCredentialPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] groupSecretParams, byte[] pniCredential);
public static native byte[] ServerPublicParams_CreatePniCredentialRequestContextDeterministic(byte[] serverPublicParams, byte[] randomness, UUID aci, UUID pni, byte[] profileKey);
public static native byte[] ServerPublicParams_CreateProfileKeyCredentialPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] groupSecretParams, byte[] profileKeyCredential);
public static native byte[] ServerPublicParams_CreateProfileKeyCredentialRequestContextDeterministic(byte[] serverPublicParams, byte[] randomness, UUID uuid, byte[] profileKey);
public static native byte[] ServerPublicParams_CreateReceiptCredentialPresentationDeterministic(byte[] serverPublicParams, byte[] randomness, byte[] receiptCredential);
@ -378,7 +364,6 @@ public final class Native {
public static native byte[] ServerPublicParams_ReceiveAuthCredential(byte[] params, UUID uuid, int redemptionTime, byte[] response);
public static native byte[] ServerPublicParams_ReceiveAuthCredentialWithPni(byte[] params, UUID aci, UUID pni, long redemptionTime, byte[] response);
public static native byte[] ServerPublicParams_ReceiveExpiringProfileKeyCredential(byte[] serverPublicParams, byte[] requestContext, byte[] response, long currentTimeInSeconds);
public static native byte[] ServerPublicParams_ReceivePniCredential(byte[] serverPublicParams, byte[] requestContext, byte[] response);
public static native byte[] ServerPublicParams_ReceiveProfileKeyCredential(byte[] serverPublicParams, byte[] requestContext, byte[] response);
public static native byte[] ServerPublicParams_ReceiveReceiptCredential(byte[] serverPublicParams, byte[] requestContext, byte[] response);
public static native void ServerPublicParams_VerifySignature(byte[] serverPublicParams, byte[] message, byte[] notarySignature);
@ -389,12 +374,10 @@ public final class Native {
public static native byte[] ServerSecretParams_IssueAuthCredentialDeterministic(byte[] serverSecretParams, byte[] randomness, UUID uuid, int redemptionTime);
public static native byte[] ServerSecretParams_IssueAuthCredentialWithPniDeterministic(byte[] serverSecretParams, byte[] randomness, UUID aci, UUID pni, long redemptionTime);
public static native byte[] ServerSecretParams_IssueExpiringProfileKeyCredentialDeterministic(byte[] serverSecretParams, byte[] randomness, byte[] request, UUID uuid, byte[] commitment, long expirationInSeconds);
public static native byte[] ServerSecretParams_IssuePniCredentialDeterministic(byte[] serverSecretParams, byte[] randomness, byte[] request, UUID aci, UUID pni, byte[] commitment);
public static native byte[] ServerSecretParams_IssueProfileKeyCredentialDeterministic(byte[] serverSecretParams, byte[] randomness, byte[] request, UUID uuid, byte[] commitment);
public static native byte[] ServerSecretParams_IssueReceiptCredentialDeterministic(byte[] serverSecretParams, byte[] randomness, byte[] request, long receiptExpirationTime, long receiptLevel);
public static native byte[] ServerSecretParams_SignDeterministic(byte[] params, byte[] randomness, byte[] message);
public static native void ServerSecretParams_VerifyAuthCredentialPresentation(byte[] serverSecretParams, byte[] groupPublicParams, byte[] presentationBytes, long currentTimeInSeconds);
public static native void ServerSecretParams_VerifyPniCredentialPresentation(byte[] serverSecretParams, byte[] groupPublicParams, byte[] presentationBytes);
public static native void ServerSecretParams_VerifyProfileKeyCredentialPresentation(byte[] serverSecretParams, byte[] groupPublicParams, byte[] presentationBytes, long currentTimeInSeconds);
public static native void ServerSecretParams_VerifyReceiptCredentialPresentation(byte[] serverSecretParams, byte[] presentation);

68
java/shared/java/org/signal/libsignal/zkgroup/profiles/ClientZkProfileOperations.java
View File

@ -41,31 +41,6 @@ public class ClientZkProfileOperations {
}
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialRequestContext createPniCredentialRequestContext(UUID aci, UUID pni, ProfileKey profileKey) {
return createPniCredentialRequestContext(new SecureRandom(), aci, pni, profileKey);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialRequestContext createPniCredentialRequestContext(SecureRandom secureRandom, UUID aci, UUID pni, ProfileKey profileKey) {
byte[] random = new byte[RANDOM_LENGTH];
secureRandom.nextBytes(random);
byte[] newContents = Native.ServerPublicParams_CreatePniCredentialRequestContextDeterministic(serverPublicParams.getInternalContentsForJNI(), random, aci, pni, profileKey.getInternalContentsForJNI());
try {
return new PniCredentialRequestContext(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public ProfileKeyCredential receiveProfileKeyCredential(ProfileKeyCredentialRequestContext profileKeyCredentialRequestContext, ProfileKeyCredentialResponse profileKeyCredentialResponse) throws VerificationFailedException {
if (profileKeyCredentialResponse == null) {
throw new VerificationFailedException();
@ -98,24 +73,6 @@ public class ClientZkProfileOperations {
}
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredential receivePniCredential(PniCredentialRequestContext requestContext, PniCredentialResponse response) throws VerificationFailedException {
if (response == null) {
throw new VerificationFailedException();
}
byte[] newContents = Native.ServerPublicParams_ReceivePniCredential(serverPublicParams.getInternalContentsForJNI(), requestContext.getInternalContentsForJNI(), response.getInternalContentsForJNI());
try {
return new PniCredential(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public ProfileKeyCredentialPresentation createProfileKeyCredentialPresentation(GroupSecretParams groupSecretParams, ProfileKeyCredential profileKeyCredential) {
return createProfileKeyCredentialPresentation(new SecureRandom(), groupSecretParams, profileKeyCredential);
}
@ -150,29 +107,4 @@ public class ClientZkProfileOperations {
}
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialPresentation createPniCredentialPresentation(GroupSecretParams groupSecretParams, PniCredential credential) {
return createPniCredentialPresentation(new SecureRandom(), groupSecretParams, credential);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialPresentation createPniCredentialPresentation(SecureRandom secureRandom, GroupSecretParams groupSecretParams, PniCredential credential) {
byte[] random = new byte[RANDOM_LENGTH];
secureRandom.nextBytes(random);
byte[] newContents = Native.ServerPublicParams_CreatePniCredentialPresentationDeterministic(serverPublicParams.getInternalContentsForJNI(), random, groupSecretParams.getInternalContentsForJNI(), credential.getInternalContentsForJNI());
try {
return new PniCredentialPresentation(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
}

17
java/shared/java/org/signal/libsignal/zkgroup/profiles/PniCredential.java
View File

@ -1,17 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
package org.signal.libsignal.zkgroup.profiles;
import org.signal.libsignal.zkgroup.InvalidInputException;
import org.signal.libsignal.zkgroup.internal.ByteArray;
import org.signal.libsignal.internal.Native;
public final class PniCredential extends ByteArray {
public PniCredential(byte[] contents) throws InvalidInputException {
super(contents);
Native.PniCredential_CheckValidContents(contents);
}
}

63
java/shared/java/org/signal/libsignal/zkgroup/profiles/PniCredentialPresentation.java
View File

@ -1,63 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
package org.signal.libsignal.zkgroup.profiles;
import org.signal.libsignal.zkgroup.InvalidInputException;
import org.signal.libsignal.zkgroup.groups.ProfileKeyCiphertext;
import org.signal.libsignal.zkgroup.groups.UuidCiphertext;
import org.signal.libsignal.zkgroup.internal.ByteArray;
import org.signal.libsignal.internal.Native;
public final class PniCredentialPresentation extends ByteArray {
public enum Version {V1, V2, UNKNOWN};
public PniCredentialPresentation(byte[] contents) throws InvalidInputException {
super(contents);
Native.PniCredentialPresentation_CheckValidContents(contents);
}
public UuidCiphertext getAciCiphertext() {
byte[] newContents = Native.PniCredentialPresentation_GetAciCiphertext(contents);
try {
return new UuidCiphertext(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public UuidCiphertext getPniCiphertext() {
byte[] newContents = Native.PniCredentialPresentation_GetPniCiphertext(contents);
try {
return new UuidCiphertext(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public ProfileKeyCiphertext getProfileKeyCiphertext() {
byte[] newContents = Native.PniCredentialPresentation_GetProfileKeyCiphertext(contents);
try {
return new ProfileKeyCiphertext(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public Version getVersion() {
if (this.contents[0] == 0) {
return Version.V1;
} else if (this.contents[0] == 1) {
return Version.V2;
} else {
return Version.UNKNOWN;
}
}
}

27
java/shared/java/org/signal/libsignal/zkgroup/profiles/PniCredentialRequestContext.java
View File

@ -1,27 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
package org.signal.libsignal.zkgroup.profiles;
import org.signal.libsignal.zkgroup.InvalidInputException;
import org.signal.libsignal.zkgroup.internal.ByteArray;
import org.signal.libsignal.internal.Native;
public final class PniCredentialRequestContext extends ByteArray {
public PniCredentialRequestContext(byte[] contents) throws InvalidInputException {
super(contents);
Native.PniCredentialRequestContext_CheckValidContents(contents);
}
public ProfileKeyCredentialRequest getRequest() {
byte[] newContents = Native.PniCredentialRequestContext_GetRequest(contents);
try {
return new ProfileKeyCredentialRequest(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
}

17
java/shared/java/org/signal/libsignal/zkgroup/profiles/PniCredentialResponse.java
View File

@ -1,17 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
package org.signal.libsignal.zkgroup.profiles;
import org.signal.libsignal.zkgroup.InvalidInputException;
import org.signal.libsignal.zkgroup.internal.ByteArray;
import org.signal.libsignal.internal.Native;
public final class PniCredentialResponse extends ByteArray {
public PniCredentialResponse(byte[] contents) throws InvalidInputException {
super(contents);
Native.PniCredentialResponse_CheckValidContents(contents);
}
}

32
java/shared/java/org/signal/libsignal/zkgroup/profiles/ServerZkProfileOperations.java
View File

@ -67,31 +67,6 @@ public class ServerZkProfileOperations {
}
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialResponse issuePniCredential(ProfileKeyCredentialRequest request, UUID aci, UUID pni, ProfileKeyCommitment profileKeyCommitment) throws VerificationFailedException {
return issuePniCredential(new SecureRandom(), request, aci, pni, profileKeyCommitment);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public PniCredentialResponse issuePniCredential(SecureRandom secureRandom, ProfileKeyCredentialRequest request, UUID aci, UUID pni, ProfileKeyCommitment profileKeyCommitment) throws VerificationFailedException {
byte[] random = new byte[RANDOM_LENGTH];
secureRandom.nextBytes(random);
byte[] newContents = Native.ServerSecretParams_IssuePniCredentialDeterministic(serverSecretParams.getInternalContentsForJNI(), random, request.getInternalContentsForJNI(), aci, pni, profileKeyCommitment.getInternalContentsForJNI());
try {
return new PniCredentialResponse(newContents);
} catch (InvalidInputException e) {
throw new AssertionError(e);
}
}
public void verifyProfileKeyCredentialPresentation(GroupPublicParams groupPublicParams, ProfileKeyCredentialPresentation profileKeyCredentialPresentation) throws VerificationFailedException {
verifyProfileKeyCredentialPresentation(groupPublicParams, profileKeyCredentialPresentation, Instant.now());
}
@ -100,11 +75,4 @@ public class ServerZkProfileOperations {
Native.ServerSecretParams_VerifyProfileKeyCredentialPresentation(serverSecretParams.getInternalContentsForJNI(), groupPublicParams.getInternalContentsForJNI(), profileKeyCredentialPresentation.getInternalContentsForJNI(), now.getEpochSecond());
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential.
*/
@Deprecated
public void verifyPniCredentialPresentation(GroupPublicParams groupPublicParams, PniCredentialPresentation presentation) throws VerificationFailedException {
Native.ServerSecretParams_VerifyPniCredentialPresentation(serverSecretParams.getInternalContentsForJNI(), groupPublicParams.getInternalContentsForJNI(), presentation.getInternalContentsForJNI());
}
}

16
node/Native.d.ts vendored
View File

@ -108,14 +108,6 @@ export function PlaintextContent_Deserialize(data: Buffer): PlaintextContent;
export function PlaintextContent_FromDecryptionErrorMessage(m: Wrapper<DecryptionErrorMessage>): PlaintextContent;
export function PlaintextContent_GetBody(obj: Wrapper<PlaintextContent>): Buffer;
export function PlaintextContent_Serialize(obj: Wrapper<PlaintextContent>): Buffer;
export function PniCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
export function PniCredentialPresentation_GetAciCiphertext(presentationBytes: Buffer): Serialized<UuidCiphertext>;
export function PniCredentialPresentation_GetPniCiphertext(presentationBytes: Buffer): Serialized<UuidCiphertext>;
export function PniCredentialPresentation_GetProfileKeyCiphertext(presentationBytes: Buffer): Serialized<ProfileKeyCiphertext>;
export function PniCredentialRequestContext_CheckValidContents(buffer: Buffer): void;
export function PniCredentialRequestContext_GetRequest(context: Serialized<PniCredentialRequestContext>): Serialized<ProfileKeyCredentialRequest>;
export function PniCredentialResponse_CheckValidContents(buffer: Buffer): void;
export function PniCredential_CheckValidContents(buffer: Buffer): void;
export function PreKeyBundle_GetDeviceId(obj: Wrapper<PreKeyBundle>): number;
export function PreKeyBundle_GetIdentityKey(p: Wrapper<PreKeyBundle>): PublicKey;
export function PreKeyBundle_GetPreKeyId(obj: Wrapper<PreKeyBundle>): number | null;
@ -228,8 +220,6 @@ export function ServerPublicParams_CheckValidContents(buffer: Buffer): void;
export function ServerPublicParams_CreateAuthCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, authCredential: Serialized<AuthCredential>): Buffer;
export function ServerPublicParams_CreateAuthCredentialWithPniPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, authCredential: Serialized<AuthCredentialWithPni>): Buffer;
export function ServerPublicParams_CreateExpiringProfileKeyCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, profileKeyCredential: Serialized<ExpiringProfileKeyCredential>): Buffer;
export function ServerPublicParams_CreatePniCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, pniCredential: Serialized<PniCredential>): Buffer;
export function ServerPublicParams_CreatePniCredentialRequestContextDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, aci: Uuid, pni: Uuid, profileKey: Serialized<ProfileKey>): Serialized<PniCredentialRequestContext>;
export function ServerPublicParams_CreateProfileKeyCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, profileKeyCredential: Serialized<ProfileKeyCredential>): Buffer;
export function ServerPublicParams_CreateProfileKeyCredentialRequestContextDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, uuid: Uuid, profileKey: Serialized<ProfileKey>): Serialized<ProfileKeyCredentialRequestContext>;
export function ServerPublicParams_CreateReceiptCredentialPresentationDeterministic(serverPublicParams: Serialized<ServerPublicParams>, randomness: Buffer, receiptCredential: Serialized<ReceiptCredential>): Serialized<ReceiptCredentialPresentation>;
@ -237,7 +227,6 @@ export function ServerPublicParams_CreateReceiptCredentialRequestContextDetermin
export function ServerPublicParams_ReceiveAuthCredential(params: Serialized<ServerPublicParams>, uuid: Uuid, redemptionTime: number, response: Serialized<AuthCredentialResponse>): Serialized<AuthCredential>;
export function ServerPublicParams_ReceiveAuthCredentialWithPni(params: Serialized<ServerPublicParams>, aci: Uuid, pni: Uuid, redemptionTime: Timestamp, response: Serialized<AuthCredentialWithPniResponse>): Serialized<AuthCredentialWithPni>;
export function ServerPublicParams_ReceiveExpiringProfileKeyCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ProfileKeyCredentialRequestContext>, response: Serialized<ExpiringProfileKeyCredentialResponse>, currentTimeInSeconds: Timestamp): Serialized<ExpiringProfileKeyCredential>;
export function ServerPublicParams_ReceivePniCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<PniCredentialRequestContext>, response: Serialized<PniCredentialResponse>): Serialized<PniCredential>;
export function ServerPublicParams_ReceiveProfileKeyCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ProfileKeyCredentialRequestContext>, response: Serialized<ProfileKeyCredentialResponse>): Serialized<ProfileKeyCredential>;
export function ServerPublicParams_ReceiveReceiptCredential(serverPublicParams: Serialized<ServerPublicParams>, requestContext: Serialized<ReceiptCredentialRequestContext>, response: Serialized<ReceiptCredentialResponse>): Serialized<ReceiptCredential>;
export function ServerPublicParams_VerifySignature(serverPublicParams: Serialized<ServerPublicParams>, message: Buffer, notarySignature: Buffer): void;
@ -247,12 +236,10 @@ export function ServerSecretParams_GetPublicParams(params: Serialized<ServerSecr
export function ServerSecretParams_IssueAuthCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, uuid: Uuid, redemptionTime: number): Serialized<AuthCredentialResponse>;
export function ServerSecretParams_IssueAuthCredentialWithPniDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, aci: Uuid, pni: Uuid, redemptionTime: Timestamp): Serialized<AuthCredentialWithPniResponse>;
export function ServerSecretParams_IssueExpiringProfileKeyCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, uuid: Uuid, commitment: Serialized<ProfileKeyCommitment>, expirationInSeconds: Timestamp): Serialized<ExpiringProfileKeyCredentialResponse>;
export function ServerSecretParams_IssuePniCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, aci: Uuid, pni: Uuid, commitment: Serialized<ProfileKeyCommitment>): Serialized<PniCredentialResponse>;
export function ServerSecretParams_IssueProfileKeyCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ProfileKeyCredentialRequest>, uuid: Uuid, commitment: Serialized<ProfileKeyCommitment>): Serialized<ProfileKeyCredentialResponse>;
export function ServerSecretParams_IssueReceiptCredentialDeterministic(serverSecretParams: Serialized<ServerSecretParams>, randomness: Buffer, request: Serialized<ReceiptCredentialRequest>, receiptExpirationTime: Timestamp, receiptLevel: Buffer): Serialized<ReceiptCredentialResponse>;
export function ServerSecretParams_SignDeterministic(params: Serialized<ServerSecretParams>, randomness: Buffer, message: Buffer): Buffer;
export function ServerSecretParams_VerifyAuthCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer, currentTimeInSeconds: Timestamp): void;
export function ServerSecretParams_VerifyPniCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer): void;
export function ServerSecretParams_VerifyProfileKeyCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, groupPublicParams: Serialized<GroupPublicParams>, presentationBytes: Buffer, currentTimeInSeconds: Timestamp): void;
export function ServerSecretParams_VerifyReceiptCredentialPresentation(serverSecretParams: Serialized<ServerSecretParams>, presentation: Serialized<ReceiptCredentialPresentation>): void;
export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, ctx: null): Promise<void>;
@ -314,9 +301,6 @@ interface GroupPublicParams { readonly __type: unique symbol; }
interface GroupSecretParams { readonly __type: unique symbol; }
interface HsmEnclaveClient { readonly __type: unique symbol; }
interface PlaintextContent { readonly __type: unique symbol; }
interface PniCredential { readonly __type: unique symbol; }
interface PniCredentialRequestContext { readonly __type: unique symbol; }
interface PniCredentialResponse { readonly __type: unique symbol; }
interface PreKeyBundle { readonly __type: unique symbol; }
interface PreKeyRecord { readonly __type: unique symbol; }
interface PreKeySignalMessage { readonly __type: unique symbol; }

87
node/ts/test/ZKGroup-test.ts
View File

@ -74,10 +74,6 @@ describe('ZKGroup', () => {
'01e0f49cef4f25c31d1bfdc4a328fd508d2222b6decee2a253cf71e8821e97cc3f86824f79b1884b43c67f854717b1a47f56c8ff50a1c07fddbf4f6e857027d548583b54079dd61d54cdd39cd4acae5f8b3bbfa2bb6b3502b69b36da77addddc145ef254a16f2baec1e3d7e8dc80730bc608fcd0e4d8cfef3330a496380c7ac648686b9c5b914d0a77ee84848aa970b2404450179b4022eef003387f6bdbcba30344cadfd5e3f1677caa2c785f4fefe042a1b2adf4f4b8fa6023e41d704bda901d3a697904770ac46e0e304cf19f91ce9ab0ed1ccad8a6febd72313455f139b9222e9a30a2265c6cd22ee5b907fc95967417a0d8ca338a5ee4d51bba78039c314e4001000000000000749d54772b8137e570157c068a5cfebb464b6c1133c72d9abfda72db421cd00561ac4eecb94313c6912013e32c322ea36743b01814fe919ca84b9aea9c78b10ba021506f7ad8c6625e87e07ce32b559036af6b67e2c0383a643cb93cdc2b9800e90588a18fcc449cd466c28c6db73507d8282dd00808b5927fee3336ed0a2202dfb1e176fece6a4104caa2a866c475209967638ea2f1466847da7301a77b9007dfb332a30e9bbfae8a8398165ec9dd4778214e0d6ed35a34071bdf3b3b19510ff2a617bc53eb0e6b0ddc501db027bb47e4f4127d7a0104945f3d3dc7ec1741038b9b80e2c7f131c519ee26ffcb7cb9d3556cd35a12bef1d4b376fc513197ba00ce8f012a0b374164222ba79a39e74e150813474ca6f87ba705c0f06e7b7068039c5edd9dd1a5ab6793ac211989907686b45650221187d4d59ae492679f3b4308765de9df4cfa5487f360e29e99343e91811baec331c4680985e608ca5d408e21725c6aa1b61d5a8b48d75f4aaa9a3cbe88d3e0f1a54319081f77c72c8f52547448c03ab4afbf6b8fb0e126c037a0ad4094600dd0e0634d76f88c21087f3cfb485a89bc1e3abc4c95041d1d170eccf02933ec5393d4be1dc573f83c33d3b9a746'
);
const pniPresentationResult = hexToBuffer(
'01f887f403db1a80fa04043413233f56bf6c53bb078c16d24df93a219d7785696856d8f197a01c6e223d4aceed1d60b90b713f4556ab39403b84c51d724ca9aa44886d73be15fcebc933f835fc0f3210f8d7b8fa7940bf9069d50dc4ba83da8a0ed86d6c33cd99a25fe46906d655a7fec5fee500527a56ea5689d1765396907b153a86e40eb27b8120661dfe59bb17af1024ebd697c2c36c46f3a85f8dc6f92761b29c84256847b5f420386ac41d6d81f8e65a195f2ab7003c0fc22fd969870e2c5c4ad4a9de38a8bde73509c41e85accef59db69930972b1c3fcb9c9abd4c884a3e91b4c25b8fde3b5cac7c55442f996b3fd3712110c7dd71c847be552122b947402136b1c16fe18acba2e6a277dc57172ac79d189246060d50db1a7dc531d075ec9414f86e31a1b0406ce173b09c1eabbef2de117749b3c512499d5f91e4694e4001000000000000769c0c6c310ed2b8f4a1d1e6b853d83f5da8136e36605fd631979cc618d0e102cc82e9056d2031379de3e57c04530b20617d0b2418b8950c8a2394355c6d400f0e4f69b75942032067382ae244870f5859a35782cb81b1106c5aae58df1f110dbf761c3a52ad5e3a872f385c3056bf2be3d67826cf33bc743c1c25eed0eda20f21de773906657b26e09cf388da2333db60f768865e2405f4df4f48b640295e027625678a810dbf8111918f7b127fd9fb0b332531ec52069b98abf95bb4ae7307d96b9d50b6e734ff8af92d2c8417919795a46b97df7a692df4ea9b63810ef70dca68693bbec7e1f52409430da61cac9249ca02216a77b1f08e5951a50783ca088fa5992b5ecaf1413dfe45f9ef23b3c120994118b325763d66e60c9647cc380248a9da79e46c17b6bb03a23c3987cea86ac158d45b78f1f9b923472521ecb30e765de9df4cfa5487f360e29e99343e91811baec331c4680985e608ca5d408e21725c6aa1b61d5a8b48d75f4aaa9a3cbe88d3e0f1a54319081f77c72c8f525474fe74409060615679fc115473683d63abd9ced46c7f2ad736046de5a2c7d2522f122895597049cfd7cc5beb6dc72aa990ae9a62ec8e256a1cbf5f3f284233bb0748c03ab4afbf6b8fb0e126c037a0ad4094600dd0e0634d76f88c21087f3cfb485a89bc1e3abc4c95041d1d170eccf02933ec5393d4be1dc573f83c33d3b9a746'
);
it('testAuthIntegration', () => {
const uuid = toUUID(TEST_ARRAY_16);
const redemptionTime = 123456;
@ -444,89 +440,6 @@ describe('ZKGroup', () => {
);
});
it('testPniIntegration', () => {
const aci = toUUID(TEST_ARRAY_16);
const pni = toUUID(TEST_ARRAY_16_1);
// Generate keys (client's are per-group, server's are not)
// ---
// SERVER
const serverSecretParams =
ServerSecretParams.generateWithRandom(TEST_ARRAY_32);
const serverPublicParams = serverSecretParams.getPublicParams();
const serverZkProfile = new ServerZkProfileOperations(serverSecretParams);
// CLIENT
const masterKey = new GroupMasterKey(TEST_ARRAY_32_1);
const groupSecretParams = GroupSecretParams.deriveFromMasterKey(masterKey);
assertArrayEquals(
groupSecretParams.getMasterKey().serialize(),
masterKey.serialize()
);
const groupPublicParams = groupSecretParams.getPublicParams();
const clientZkProfileCipher = new ClientZkProfileOperations(
serverPublicParams
);
const profileKey = new ProfileKey(TEST_ARRAY_32_1);
const profileKeyCommitment = profileKey.getCommitment(aci);
// Create context and request
const context =
clientZkProfileCipher.createPniCredentialRequestContextWithRandom(
TEST_ARRAY_32_3,
aci,
pni,
profileKey
);
const request = context.getRequest();
// SERVER
const response = serverZkProfile.issuePniCredentialWithRandom(
TEST_ARRAY_32_4,
request,
aci,
pni,
profileKeyCommitment
);
// CLIENT
// Gets stored profile credential
const clientZkGroupCipher = new ClientZkGroupCipher(groupSecretParams);
const pniCredential = clientZkProfileCipher.receivePniCredential(
context,
response
);
const presentation =
clientZkProfileCipher.createPniCredentialPresentationWithRandom(
TEST_ARRAY_32_5,
groupSecretParams,
pniCredential
);
assertArrayEquals(presentation.serialize(), pniPresentationResult);
// Verify presentation
serverZkProfile.verifyPniCredentialPresentation(
groupPublicParams,
presentation
);
const aciCiphertextRecv = presentation.getAciCiphertext();
assertArrayEquals(
clientZkGroupCipher.encryptUuid(aci).serialize(),
aciCiphertextRecv.serialize()
);
const pniCiphertextRecv = presentation.getPniCiphertext();
assertArrayEquals(
clientZkGroupCipher.encryptUuid(pni).serialize(),
pniCiphertextRecv.serialize()
);
});
it('testServerSignatures', () => {
const serverSecretParams =
ServerSecretParams.generateWithRandom(TEST_ARRAY_32);

5
node/ts/zkgroup/index.ts
View File

@ -46,11 +46,6 @@ export { default as ProfileKeyVersion } from './profiles/ProfileKeyVersion';
export { default as ExpiringProfileKeyCredential } from './profiles/ExpiringProfileKeyCredential';
export { default as ExpiringProfileKeyCredentialResponse } from './profiles/ExpiringProfileKeyCredentialResponse';
export { default as PniCredential } from './profiles/PniCredential';
export { default as PniCredentialPresentation } from './profiles/PniCredentialPresentation';
export { default as PniCredentialRequestContext } from './profiles/PniCredentialRequestContext';
export { default as PniCredentialResponse } from './profiles/PniCredentialResponse';
// Receipts
export { default as ClientZkReceiptOperations } from './receipts/ClientZkReceiptOperations';
export { default as ServerZkReceiptOperations } from './receipts/ServerZkReceiptOperations';

92
node/ts/zkgroup/profiles/ClientZkProfileOperations.ts
View File

@ -13,10 +13,6 @@ import GroupSecretParams from '../groups/GroupSecretParams';
import ExpiringProfileKeyCredential from './ExpiringProfileKeyCredential';
import ExpiringProfileKeyCredentialResponse from './ExpiringProfileKeyCredentialResponse';
import PniCredential from './PniCredential';
import PniCredentialPresentation from './PniCredentialPresentation';
import PniCredentialRequestContext from './PniCredentialRequestContext';
import PniCredentialResponse from './PniCredentialResponse';
import ProfileKey from './ProfileKey';
import ProfileKeyCredential from './ProfileKeyCredential';
import ProfileKeyCredentialPresentation from './ProfileKeyCredentialPresentation';
@ -60,44 +56,6 @@ export default class ClientZkProfileOperations {
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
createPniCredentialRequestContext(
aci: UUIDType,
pni: UUIDType,
profileKey: ProfileKey
): PniCredentialRequestContext {
const random = randomBytes(RANDOM_LENGTH);
return this.createPniCredentialRequestContextWithRandom(
random,
aci,
pni,
profileKey
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
createPniCredentialRequestContextWithRandom(
random: Buffer,
aci: UUIDType,
pni: UUIDType,
profileKey: ProfileKey
): PniCredentialRequestContext {
return new PniCredentialRequestContext(
Native.ServerPublicParams_CreatePniCredentialRequestContextDeterministic(
this.serverPublicParams.getContents(),
random,
fromUUID(aci),
fromUUID(pni),
profileKey.getContents()
)
);
}
receiveProfileKeyCredential(
profileKeyCredentialRequestContext: ProfileKeyCredentialRequestContext,
profileKeyCredentialResponse: ProfileKeyCredentialResponse
@ -126,22 +84,6 @@ export default class ClientZkProfileOperations {
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
receivePniCredential(
requestContext: PniCredentialRequestContext,
response: PniCredentialResponse
): PniCredential {
return new PniCredential(
Native.ServerPublicParams_ReceivePniCredential(
this.serverPublicParams.getContents(),
requestContext.getContents(),
response.getContents()
)
);
}
createProfileKeyCredentialPresentation(
groupSecretParams: GroupSecretParams,
profileKeyCredential: ProfileKeyCredential
@ -197,38 +139,4 @@ export default class ClientZkProfileOperations {
)
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
createPniCredentialPresentation(
groupSecretParams: GroupSecretParams,
credential: PniCredential
): PniCredentialPresentation {
const random = randomBytes(RANDOM_LENGTH);
return this.createPniCredentialPresentationWithRandom(
random,
groupSecretParams,
credential
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
createPniCredentialPresentationWithRandom(
random: Buffer,
groupSecretParams: GroupSecretParams,
credential: PniCredential
): PniCredentialPresentation {
return new PniCredentialPresentation(
Native.ServerPublicParams_CreatePniCredentialPresentationDeterministic(
this.serverPublicParams.getContents(),
random,
groupSecretParams.getContents(),
credential.getContents()
)
);
}
}

15
node/ts/zkgroup/profiles/PniCredential.ts
View File

@ -1,15 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import ByteArray from '../internal/ByteArray';
import * as Native from '../../../Native';
export default class PniCredential extends ByteArray {
private readonly __type?: never;
constructor(contents: Buffer) {
super(contents, Native.PniCredential_CheckValidContents);
}
}

35
node/ts/zkgroup/profiles/PniCredentialPresentation.ts
View File

@ -1,35 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import ByteArray from '../internal/ByteArray';
import * as Native from '../../../Native';
import UuidCiphertext from '../groups/UuidCiphertext';
import ProfileKeyCiphertext from '../groups/ProfileKeyCiphertext';
export default class PniCredentialPresentation extends ByteArray {
private readonly __type?: never;
constructor(contents: Buffer) {
super(contents, Native.PniCredentialPresentation_CheckValidContents);
}
getAciCiphertext(): UuidCiphertext {
return new UuidCiphertext(
Native.PniCredentialPresentation_GetAciCiphertext(this.contents)
);
}
getPniCiphertext(): UuidCiphertext {
return new UuidCiphertext(
Native.PniCredentialPresentation_GetPniCiphertext(this.contents)
);
}
getProfileKeyCiphertext(): ProfileKeyCiphertext {
return new ProfileKeyCiphertext(
Native.PniCredentialPresentation_GetProfileKeyCiphertext(this.contents)
);
}
}

22
node/ts/zkgroup/profiles/PniCredentialRequestContext.ts
View File

@ -1,22 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import ByteArray from '../internal/ByteArray';
import * as Native from '../../../Native';
import ProfileKeyCredentialRequest from './ProfileKeyCredentialRequest';
export default class PniCredentialRequestContext extends ByteArray {
private readonly __type?: never;
constructor(contents: Buffer) {
super(contents, Native.PniCredentialRequestContext_CheckValidContents);
}
getRequest(): ProfileKeyCredentialRequest {
return new ProfileKeyCredentialRequest(
Native.PniCredentialRequestContext_GetRequest(this.contents)
);
}
}

15
node/ts/zkgroup/profiles/PniCredentialResponse.ts
View File

@ -1,15 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import ByteArray from '../internal/ByteArray';
import * as Native from '../../../Native';
export default class PniCredentialResponse extends ByteArray {
private readonly __type?: never;
constructor(contents: Buffer) {
super(contents, Native.PniCredentialResponse_CheckValidContents);
}
}

58
node/ts/zkgroup/profiles/ServerZkProfileOperations.ts
View File

@ -11,8 +11,6 @@ import ServerSecretParams from '../ServerSecretParams';
import GroupPublicParams from '../groups/GroupPublicParams';
import ExpiringProfileKeyCredentialResponse from './ExpiringProfileKeyCredentialResponse';
import PniCredentialPresentation from './PniCredentialPresentation';
import PniCredentialResponse from './PniCredentialResponse';
import ProfileKeyCommitment from './ProfileKeyCommitment';
import ProfileKeyCredentialPresentation from './ProfileKeyCredentialPresentation';
import ProfileKeyCredentialResponse from './ProfileKeyCredentialResponse';
@ -95,48 +93,6 @@ export default class ServerZkProfileOperations {
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
issuePniCredential(
profileKeyCredentialRequest: ProfileKeyCredentialRequest,
aci: UUIDType,
pni: UUIDType,
profileKeyCommitment: ProfileKeyCommitment
): PniCredentialResponse {
const random = randomBytes(RANDOM_LENGTH);
return this.issuePniCredentialWithRandom(
random,
profileKeyCredentialRequest,
aci,
pni,
profileKeyCommitment
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
issuePniCredentialWithRandom(
random: Buffer,
profileKeyCredentialRequest: ProfileKeyCredentialRequest,
aci: UUIDType,
pni: UUIDType,
profileKeyCommitment: ProfileKeyCommitment
): PniCredentialResponse {
return new PniCredentialResponse(
Native.ServerSecretParams_IssuePniCredentialDeterministic(
this.serverSecretParams.getContents(),
random,
profileKeyCredentialRequest.getContents(),
fromUUID(aci),
fromUUID(pni),
profileKeyCommitment.getContents()
)
);
}
verifyProfileKeyCredentialPresentation(
groupPublicParams: GroupPublicParams,
profileKeyCredentialPresentation: ProfileKeyCredentialPresentation,
@ -149,18 +105,4 @@ export default class ServerZkProfileOperations {
Math.floor(now.getTime() / 1000)
);
}
/**
* @deprecated Superseded by AuthCredentialWithPni + ProfileKeyCredential
*/
verifyPniCredentialPresentation(
groupPublicParams: GroupPublicParams,
presentation: PniCredentialPresentation
): void {
Native.ServerSecretParams_VerifyPniCredentialPresentation(
this.serverSecretParams.getContents(),
groupPublicParams.getContents(),
presentation.getContents()
);
}
}

127
rust/bridge/shared/src/zkgroup.rs
View File

@ -57,9 +57,6 @@ fixed_length_serializable!(ExpiringProfileKeyCredentialResponse);
fixed_length_serializable!(GroupMasterKey);
fixed_length_serializable!(GroupPublicParams);
fixed_length_serializable!(GroupSecretParams);
fixed_length_serializable!(PniCredential);
fixed_length_serializable!(PniCredentialRequestContext);
fixed_length_serializable!(PniCredentialResponse);
fixed_length_serializable!(ProfileKey);
fixed_length_serializable!(ProfileKeyCiphertext);
fixed_length_serializable!(ProfileKeyCommitment);
@ -301,25 +298,6 @@ fn ServerPublicParams_CreateProfileKeyCredentialRequestContextDeterministic(
.into()
}
#[bridge_fn]
#[allow(deprecated)]
fn ServerPublicParams_CreatePniCredentialRequestContextDeterministic(
server_public_params: Serialized<ServerPublicParams>,
randomness: &[u8; RANDOMNESS_LEN],
aci: Uuid,
pni: Uuid,
profile_key: Serialized<ProfileKey>,
) -> Serialized<PniCredentialRequestContext> {
server_public_params
.create_pni_credential_request_context(
*randomness,
*aci.as_bytes(),
*pni.as_bytes(),
profile_key.into_inner(),
)
.into()
}
#[bridge_fn]
fn ServerPublicParams_ReceiveProfileKeyCredential(
server_public_params: Serialized<ServerPublicParams>,
@ -347,18 +325,6 @@ fn ServerPublicParams_ReceiveExpiringProfileKeyCredential(
.into())
}
#[bridge_fn]
#[allow(deprecated)]
fn ServerPublicParams_ReceivePniCredential(
server_public_params: Serialized<ServerPublicParams>,
request_context: Serialized<PniCredentialRequestContext>,
response: Serialized<PniCredentialResponse>,
) -> Result<Serialized<PniCredential>, ZkGroupVerificationFailure> {
Ok(server_public_params
.receive_pni_credential(&request_context, &response)?
.into())
}
#[bridge_fn]
fn ServerPublicParams_CreateProfileKeyCredentialPresentationDeterministic(
server_public_params: Serialized<ServerPublicParams>,
@ -393,22 +359,6 @@ fn ServerPublicParams_CreateExpiringProfileKeyCredentialPresentationDeterministi
.expect("can serialize")
}
#[bridge_fn]
#[allow(deprecated)]
fn ServerPublicParams_CreatePniCredentialPresentationDeterministic(
server_public_params: Serialized<ServerPublicParams>,
randomness: &[u8; RANDOMNESS_LEN],
group_secret_params: Serialized<GroupSecretParams>,
pni_credential: Serialized<PniCredential>,
) -> Vec<u8> {
bincode::serialize(&server_public_params.create_pni_credential_presentation(
*randomness,
group_secret_params.into_inner(),
pni_credential.into_inner(),
))
.expect("can serialize")
}
#[bridge_fn]
fn ServerPublicParams_CreateReceiptCredentialRequestContextDeterministic(
server_public_params: Serialized<ServerPublicParams>,
@ -526,27 +476,6 @@ fn ServerSecretParams_IssueExpiringProfileKeyCredentialDeterministic(
.into())
}
#[bridge_fn]
#[allow(deprecated)]
fn ServerSecretParams_IssuePniCredentialDeterministic(
server_secret_params: Serialized<ServerSecretParams>,
randomness: &[u8; RANDOMNESS_LEN],
request: Serialized<ProfileKeyCredentialRequest>,
aci: Uuid,
pni: Uuid,
commitment: Serialized<ProfileKeyCommitment>,
) -> Result<Serialized<PniCredentialResponse>, ZkGroupVerificationFailure> {
Ok(server_secret_params
.issue_pni_credential(
*randomness,
&request,
*aci.as_bytes(),
*pni.as_bytes(),
commitment.into_inner(),
)?
.into())
}
#[bridge_fn_void]
fn ServerSecretParams_VerifyProfileKeyCredentialPresentation(
server_secret_params: Serialized<ServerSecretParams>,
@ -563,19 +492,6 @@ fn ServerSecretParams_VerifyProfileKeyCredentialPresentation(
)
}
#[bridge_fn_void]
#[allow(deprecated)]
fn ServerSecretParams_VerifyPniCredentialPresentation(
server_secret_params: Serialized<ServerSecretParams>,
group_public_params: Serialized<GroupPublicParams>,
presentation_bytes: &[u8],
) -> Result<(), ZkGroupVerificationFailure> {
let presentation = AnyPniCredentialPresentation::new(presentation_bytes)
.expect("should have been parsed previously");
server_secret_params
.verify_pni_credential_presentation(group_public_params.into_inner(), &presentation)
}
#[bridge_fn]
fn ServerSecretParams_IssueReceiptCredentialDeterministic(
server_secret_params: Serialized<ServerSecretParams>,
@ -670,14 +586,6 @@ fn ProfileKeyCredentialRequestContext_GetRequest(
context.get_request().into()
}
// FIXME: bridge_get
#[bridge_fn]
fn PniCredentialRequestContext_GetRequest(
context: Serialized<PniCredentialRequestContext>,
) -> Serialized<ProfileKeyCredentialRequest> {
context.get_request().into()
}
// FIXME: bridge_get
#[bridge_fn]
fn ExpiringProfileKeyCredential_GetExpirationTime(
@ -722,41 +630,6 @@ fn ProfileKeyCredentialPresentation_GetStructurallyValidV1PresentationBytes(
presentation.to_structurally_valid_v1_presentation_bytes()
}
#[bridge_fn_void]
fn PniCredentialPresentation_CheckValidContents(
presentation_bytes: &[u8],
) -> Result<(), ZkGroupDeserializationFailure> {
AnyPniCredentialPresentation::new(presentation_bytes)?;
Ok(())
}
#[bridge_fn]
fn PniCredentialPresentation_GetAciCiphertext(
presentation_bytes: &[u8],
) -> Serialized<UuidCiphertext> {
let presentation = AnyPniCredentialPresentation::new(presentation_bytes)
.expect("should have been parsed previously");
presentation.get_aci_ciphertext().into()
}
#[bridge_fn]
fn PniCredentialPresentation_GetPniCiphertext(
presentation_bytes: &[u8],
) -> Serialized<UuidCiphertext> {
let presentation = AnyPniCredentialPresentation::new(presentation_bytes)
.expect("should have been parsed previously");
presentation.get_pni_ciphertext().into()
}
#[bridge_fn]
fn PniCredentialPresentation_GetProfileKeyCiphertext(
presentation_bytes: &[u8],
) -> Serialized<ProfileKeyCiphertext> {
let presentation = AnyPniCredentialPresentation::new(presentation_bytes)
.expect("should have been parsed previously");
presentation.get_profile_key_ciphertext().into()
}
// FIXME: bridge_get
#[bridge_fn]
fn ReceiptCredentialRequestContext_GetRequest(

8
rust/zkgroup/src/api/profiles.rs
View File

@ -5,10 +5,6 @@
pub mod expiring_profile_key_credential;
pub mod expiring_profile_key_credential_response;
pub mod pni_credential;
pub mod pni_credential_presentation;
pub mod pni_credential_request_context;
pub mod pni_credential_response;
pub mod profile_key;
pub mod profile_key_commitment;
pub mod profile_key_credential;
@ -20,10 +16,6 @@ pub mod profile_key_version;
pub use expiring_profile_key_credential::ExpiringProfileKeyCredential;
pub use expiring_profile_key_credential_response::ExpiringProfileKeyCredentialResponse;
pub use pni_credential::PniCredential;
pub use pni_credential_presentation::{AnyPniCredentialPresentation, PniCredentialPresentationV2};
pub use pni_credential_request_context::PniCredentialRequestContext;
pub use pni_credential_response::PniCredentialResponse;
pub use profile_key::ProfileKey;
pub use profile_key_commitment::ProfileKeyCommitment;
pub use profile_key_credential::ProfileKeyCredential;

17
rust/zkgroup/src/api/profiles/pni_credential.rs
View File

@ -1,17 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
use crate::common::simple_types::*;
use crate::crypto;
use serde::{Deserialize, Serialize};
#[derive(Copy, Clone, Serialize, Deserialize)]
pub struct PniCredential {
pub(crate) reserved: ReservedBytes,
pub(crate) credential: crypto::credentials::PniCredential,
pub(crate) aci_bytes: UidBytes,
pub(crate) pni_bytes: UidBytes,
pub(crate) profile_key_bytes: ProfileKeyBytes,
}

101
rust/zkgroup/src/api/profiles/pni_credential_presentation.rs
View File

@ -1,101 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
use crate::common::constants::*;
use crate::common::errors::*;
use crate::common::simple_types::*;
use crate::{api, crypto};
use serde::{Deserialize, Serialize, Serializer};
#[derive(Serialize, Deserialize)]
pub struct PniCredentialPresentationV2 {
pub(crate) version: ReservedBytes,
pub(crate) proof: crypto::proofs::PniCredentialPresentationProofV2,
pub(crate) aci_enc_ciphertext: crypto::uid_encryption::Ciphertext,
pub(crate) pni_enc_ciphertext: crypto::uid_encryption::Ciphertext,
pub(crate) profile_key_enc_ciphertext: crypto::profile_key_encryption::Ciphertext,
}
impl PniCredentialPresentationV2 {
pub fn get_aci_ciphertext(&self) -> api::groups::UuidCiphertext {
api::groups::UuidCiphertext {
reserved: Default::default(),
ciphertext: self.aci_enc_ciphertext,
}
}
pub fn get_pni_ciphertext(&self) -> api::groups::UuidCiphertext {
api::groups::UuidCiphertext {
reserved: Default::default(),
ciphertext: self.pni_enc_ciphertext,
}
}
pub fn get_profile_key_ciphertext(&self) -> api::groups::ProfileKeyCiphertext {
api::groups::ProfileKeyCiphertext {
reserved: Default::default(),
ciphertext: self.profile_key_enc_ciphertext,
}
}
}
pub enum AnyPniCredentialPresentation {
V2(PniCredentialPresentationV2),
}
impl AnyPniCredentialPresentation {
pub fn new(presentation_bytes: &[u8]) -> Result<Self, ZkGroupDeserializationFailure> {
match presentation_bytes[0] {
PRESENTATION_VERSION_1 => {
// No longer supported.
Err(ZkGroupDeserializationFailure)
}
PRESENTATION_VERSION_2 => {
match bincode::deserialize::<PniCredentialPresentationV2>(presentation_bytes) {
Ok(presentation) => Ok(AnyPniCredentialPresentation::V2(presentation)),
Err(_) => Err(ZkGroupDeserializationFailure),
}
}
_ => Err(ZkGroupDeserializationFailure),
}
}
pub fn get_aci_ciphertext(&self) -> api::groups::UuidCiphertext {
match self {
AnyPniCredentialPresentation::V2(presentation_v2) => {
presentation_v2.get_aci_ciphertext()
}
}
}
pub fn get_pni_ciphertext(&self) -> api::groups::UuidCiphertext {
match self {
AnyPniCredentialPresentation::V2(presentation_v2) => {
presentation_v2.get_pni_ciphertext()
}
}
}
pub fn get_profile_key_ciphertext(&self) -> api::groups::ProfileKeyCiphertext {
match self {
AnyPniCredentialPresentation::V2(presentation_v2) => {
presentation_v2.get_profile_key_ciphertext()
}
}
}
}
impl Serialize for AnyPniCredentialPresentation {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
match self {
AnyPniCredentialPresentation::V2(presentation_v2) => {
presentation_v2.serialize(serializer)
}
}
}
}

35
rust/zkgroup/src/api/profiles/pni_credential_request_context.rs
View File

@ -1,35 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
use crate::common::simple_types::*;
use crate::{api, crypto};
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
pub struct PniCredentialRequestContext {
pub(crate) reserved: ReservedBytes,
pub(crate) aci_bytes: UidBytes,
pub(crate) pni_bytes: UidBytes,
pub(crate) profile_key_bytes: ProfileKeyBytes,
pub(crate) key_pair: crypto::profile_key_credential_request::KeyPair,
pub(crate) ciphertext_with_secret_nonce:
crypto::profile_key_credential_request::CiphertextWithSecretNonce,
pub(crate) proof: crypto::proofs::ProfileKeyCredentialRequestProof,
}
impl PniCredentialRequestContext {
// This is correct: PniCredentialRequestContext and ProfileKeyCredentialRequestContext share a
// request type.
pub fn get_request(&self) -> api::profiles::ProfileKeyCredentialRequest {
let ciphertext = self.ciphertext_with_secret_nonce.get_ciphertext();
let public_key = self.key_pair.get_public_key();
api::profiles::ProfileKeyCredentialRequest {
reserved: Default::default(),
public_key,
ciphertext,
proof: self.proof.clone(),
}
}
}

15
rust/zkgroup/src/api/profiles/pni_credential_response.rs
View File

@ -1,15 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
use crate::common::simple_types::*;
use crate::crypto;
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
pub struct PniCredentialResponse {
pub(crate) reserved: ReservedBytes,
pub(crate) blinded_credential: crypto::credentials::BlindedPniCredential,
pub(crate) proof: crypto::proofs::PniCredentialIssuanceProof,
}

209
rust/zkgroup/src/api/server_params.rs
View File

@ -21,7 +21,10 @@ pub struct ServerSecretParams {
sig_key_pair: crypto::signature::KeyPair,
receipt_credentials_key_pair:
crypto::credentials::KeyPair<crypto::credentials::ReceiptCredential>,
// Now unused
pni_credentials_key_pair: crypto::credentials::KeyPair<crypto::credentials::PniCredential>,
expiring_profile_key_credentials_key_pair:
crypto::credentials::KeyPair<crypto::credentials::ExpiringProfileKeyCredential>,
auth_credentials_with_pni_key_pair:
@ -35,7 +38,10 @@ pub struct ServerPublicParams {
pub(crate) profile_key_credentials_public_key: crypto::credentials::PublicKey,
sig_public_key: crypto::signature::PublicKey,
receipt_credentials_public_key: crypto::credentials::PublicKey,
// Now unused
pni_credentials_public_key: crypto::credentials::PublicKey,
expiring_profile_key_credentials_public_key: crypto::credentials::PublicKey,
auth_credentials_with_pni_public_key: crypto::credentials::PublicKey,
}
@ -312,49 +318,6 @@ impl ServerSecretParams {
Ok(())
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn verify_pni_credential_presentation(
&self,
group_public_params: api::groups::GroupPublicParams,
presentation: &api::profiles::AnyPniCredentialPresentation,
) -> Result<(), ZkGroupVerificationFailure> {
let credentials_key_pair = self.pni_credentials_key_pair;
let uid_enc_public_key = group_public_params.uid_enc_public_key;
let profile_key_enc_public_key = group_public_params.profile_key_enc_public_key;
match presentation {
api::profiles::AnyPniCredentialPresentation::V2(presentation_v2) => {
presentation_v2.proof.verify(
credentials_key_pair,
presentation_v2.aci_enc_ciphertext,
uid_enc_public_key,
presentation_v2.profile_key_enc_ciphertext,
profile_key_enc_public_key,
presentation_v2.pni_enc_ciphertext,
)
}
}
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn verify_pni_credential_presentation_v2(
&self,
group_public_params: api::groups::GroupPublicParams,
presentation: &api::profiles::PniCredentialPresentationV2,
) -> Result<(), ZkGroupVerificationFailure> {
let credentials_key_pair = self.pni_credentials_key_pair;
let uid_enc_public_key = group_public_params.uid_enc_public_key;
let profile_key_enc_public_key = group_public_params.profile_key_enc_public_key;
presentation.proof.verify(
credentials_key_pair,
presentation.aci_enc_ciphertext,
uid_enc_public_key,
presentation.profile_key_enc_ciphertext,
profile_key_enc_public_key,
presentation.pni_enc_ciphertext,
)
}
pub fn issue_profile_key_credential(
&self,
randomness: RandomnessBytes,
@ -450,54 +413,6 @@ impl ServerSecretParams {
})
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn issue_pni_credential(
&self,
randomness: RandomnessBytes,
request: &api::profiles::ProfileKeyCredentialRequest,
uid_bytes: UidBytes,
pni_bytes: UidBytes,
commitment: api::profiles::ProfileKeyCommitment,
) -> Result<api::profiles::PniCredentialResponse, ZkGroupVerificationFailure> {
let mut sho = Sho::new(
b"Signal_ZKGroup_20211111_Random_ServerSecretParams_IssuePniCredential",
&randomness,
);
request.proof.verify(
request.public_key,
request.ciphertext,
commitment.commitment,
)?;
let uid = crypto::uid_struct::UidStruct::new(uid_bytes);
let pni = crypto::uid_struct::UidStruct::new(pni_bytes);
let blinded_credential_with_secret_nonce =
self.pni_credentials_key_pair.create_blinded_pni_credential(
uid,
pni,
request.public_key,
request.ciphertext,
&mut sho,
);
let proof = crypto::proofs::PniCredentialIssuanceProof::new(
self.pni_credentials_key_pair,
request.public_key,
request.ciphertext,
blinded_credential_with_secret_nonce,
uid,
pni,
&mut sho,
);
Ok(api::profiles::PniCredentialResponse {
reserved: Default::default(),
blinded_credential: blinded_credential_with_secret_nonce.get_blinded_pni_credential(),
proof,
})
}
pub fn issue_receipt_credential(
&self,
randomness: RandomnessBytes,
@ -727,30 +642,6 @@ impl ServerPublicParams {
}
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn create_pni_credential_request_context(
&self,
randomness: RandomnessBytes,
aci_bytes: UidBytes,
pni_bytes: UidBytes,
profile_key: api::profiles::ProfileKey,
) -> api::profiles::PniCredentialRequestContext {
// We want to provide an encryption of the profile key and prove that it matches the
// ProfileKeyCommitment in *exactly* the same way as a non-PNI request, so just invoke that
// and then add the PNI to the result.
let profile_key_request_context =
self.create_profile_key_credential_request_context(randomness, aci_bytes, profile_key);
api::profiles::PniCredentialRequestContext {
reserved: Default::default(),
aci_bytes,
pni_bytes,
profile_key_bytes: profile_key_request_context.profile_key_bytes,
key_pair: profile_key_request_context.key_pair,
ciphertext_with_secret_nonce: profile_key_request_context.ciphertext_with_secret_nonce,
proof: profile_key_request_context.proof,
}
}
pub fn receive_profile_key_credential(
&self,
context: &api::profiles::ProfileKeyCredentialRequestContext,
@ -815,34 +706,6 @@ impl ServerPublicParams {
})
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn receive_pni_credential(
&self,
context: &api::profiles::PniCredentialRequestContext,
response: &api::profiles::PniCredentialResponse,
) -> Result<api::profiles::PniCredential, ZkGroupVerificationFailure> {
response.proof.verify(
self.pni_credentials_public_key,
context.key_pair.get_public_key(),
context.aci_bytes,
context.pni_bytes,
context.ciphertext_with_secret_nonce.get_ciphertext(),
response.blinded_credential,
)?;
let credential = context
.key_pair
.decrypt_blinded_pni_credential(response.blinded_credential);
Ok(api::profiles::PniCredential {
reserved: Default::default(),
credential,
aci_bytes: context.aci_bytes,
pni_bytes: context.pni_bytes,
profile_key_bytes: context.profile_key_bytes,
})
}
pub fn create_profile_key_credential_presentation(
&self,
randomness: RandomnessBytes,
@ -941,66 +804,6 @@ impl ServerPublicParams {
}
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn create_pni_credential_presentation(
&self,
randomness: RandomnessBytes,
group_secret_params: api::groups::GroupSecretParams,
pni_credential: api::profiles::PniCredential,
) -> api::profiles::AnyPniCredentialPresentation {
#[allow(deprecated)]
let presentation_v2 = self.create_pni_credential_presentation_v2(
randomness,
group_secret_params,
pni_credential,
);
api::profiles::AnyPniCredentialPresentation::V2(presentation_v2)
}
#[deprecated = "superseded by AuthCredentialWithPni + ProfileKeyCredential"]
pub fn create_pni_credential_presentation_v2(
&self,
randomness: RandomnessBytes,
group_secret_params: api::groups::GroupSecretParams,
pni_credential: api::profiles::PniCredential,
) -> api::profiles::PniCredentialPresentationV2 {
let mut sho = Sho::new(
b"Signal_ZKGroup_20220120_Random_ServerPublicParams_CreatePniCredentialPresentationV2",
&randomness,
);
let uid_enc_key_pair = group_secret_params.uid_enc_key_pair;
let profile_key_enc_key_pair = group_secret_params.profile_key_enc_key_pair;
let credentials_public_key = self.pni_credentials_public_key;
let aci_ciphertext = group_secret_params.encrypt_uuid(pni_credential.aci_bytes);
let pni_ciphertext = group_secret_params.encrypt_uuid(pni_credential.pni_bytes);
let profile_key_ciphertext = group_secret_params
.encrypt_profile_key_bytes(pni_credential.profile_key_bytes, pni_credential.aci_bytes);
let proof = crypto::proofs::PniCredentialPresentationProofV2::new(
uid_enc_key_pair,
profile_key_enc_key_pair,
credentials_public_key,
pni_credential.credential,
aci_ciphertext.ciphertext,
pni_ciphertext.ciphertext,
profile_key_ciphertext.ciphertext,
pni_credential.aci_bytes,
pni_credential.pni_bytes,
pni_credential.profile_key_bytes,
&mut sho,
);
api::profiles::PniCredentialPresentationV2 {
version: [PRESENTATION_VERSION_2],
proof,
aci_enc_ciphertext: aci_ciphertext.ciphertext,
pni_enc_ciphertext: pni_ciphertext.ciphertext,
profile_key_enc_ciphertext: profile_key_ciphertext.ciphertext,
}
}
pub fn create_receipt_credential_request_context(
&self,
randomness: RandomnessBytes,

4
rust/zkgroup/src/common/constants.rs
View File

@ -23,10 +23,6 @@ pub const AUTH_CREDENTIAL_PRESENTATION_V2_LEN: usize = 461;
pub const AUTH_CREDENTIAL_RESPONSE_LEN: usize = 361;
pub const AUTH_CREDENTIAL_WITH_PNI_LEN: usize = 265;
pub const AUTH_CREDENTIAL_WITH_PNI_RESPONSE_LEN: usize = 425;
pub const PNI_CREDENTIAL_LEN: usize = 161;
pub const PNI_CREDENTIAL_PRESENTATION_V2_LEN: usize = 841;
pub const PNI_CREDENTIAL_REQUEST_CONTEXT_LEN: usize = 489;
pub const PNI_CREDENTIAL_RESPONSE_LEN: usize = 521;
pub const PROFILE_KEY_LEN: usize = 32;
pub const PROFILE_KEY_CIPHERTEXT_LEN: usize = 65;
pub const PROFILE_KEY_COMMITMENT_LEN: usize = 97;

56
rust/zkgroup/src/crypto/credentials.rs
View File

@ -193,28 +193,13 @@ pub struct BlindedExpiringProfileKeyCredential {
pub(crate) S2: RistrettoPoint,
}
/// Unused, kept only because ServerSecretParams contains a KeyPair<PniCredential>.
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct PniCredential {
pub(crate) t: Scalar,
pub(crate) U: RistrettoPoint,
pub(crate) V: RistrettoPoint,
}
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct BlindedPniCredentialWithSecretNonce {
pub(crate) rprime: Scalar,
pub(crate) t: Scalar,
pub(crate) U: RistrettoPoint,
pub(crate) S1: RistrettoPoint,
pub(crate) S2: RistrettoPoint,
}
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct BlindedPniCredential {
pub(crate) t: Scalar,
pub(crate) U: RistrettoPoint,
pub(crate) S1: RistrettoPoint,
pub(crate) S2: RistrettoPoint,
}
#[derive(Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct ReceiptCredential {
@ -531,34 +516,6 @@ impl KeyPair<ExpiringProfileKeyCredential> {
}
}
impl KeyPair<PniCredential> {
pub fn create_blinded_pni_credential(
&self,
uid: uid_struct::UidStruct,
pni: uid_struct::UidStruct,
public_key: profile_key_credential_request::PublicKey,
ciphertext: profile_key_credential_request::Ciphertext,
sho: &mut Sho,
) -> BlindedPniCredentialWithSecretNonce {
let M = [uid.M1, uid.M2];
let (t, U, Vprime) = self.credential_core(&M, sho);
let Vprime_with_pni = Vprime + (self.y[5] * pni.M1) + (self.y[6] * pni.M2);
let rprime = sho.get_scalar();
let R1 = rprime * RISTRETTO_BASEPOINT_POINT;
let R2 = rprime * public_key.Y + Vprime_with_pni;
let S1 = R1 + (self.y[3] * ciphertext.D1) + (self.y[4] * ciphertext.E1);
let S2 = R2 + (self.y[3] * ciphertext.D2) + (self.y[4] * ciphertext.E2);
BlindedPniCredentialWithSecretNonce {
rprime,
t,
U,
S1,
S2,
}
}
}
impl KeyPair<ReceiptCredential> {
pub fn create_blinded_receipt_credential(
&self,
@ -612,17 +569,6 @@ impl BlindedExpiringProfileKeyCredentialWithSecretNonce {
}
}
impl BlindedPniCredentialWithSecretNonce {
pub fn get_blinded_pni_credential(&self) -> BlindedPniCredential {
BlindedPniCredential {
t: self.t,
U: self.U,
S1: self.S1,
S2: self.S2,
}
}
}
impl BlindedReceiptCredentialWithSecretNonce {
pub fn get_blinded_receipt_credential(&self) -> BlindedReceiptCredential {
BlindedReceiptCredential {

16
rust/zkgroup/src/crypto/profile_key_credential_request.rs
View File

@ -7,8 +7,8 @@
use crate::common::sho::*;
use crate::crypto::credentials::{
BlindedExpiringProfileKeyCredential, BlindedPniCredential, BlindedProfileKeyCredential,
ExpiringProfileKeyCredential, PniCredential, ProfileKeyCredential,
BlindedExpiringProfileKeyCredential, BlindedProfileKeyCredential, ExpiringProfileKeyCredential,
ProfileKeyCredential,
};
use crate::crypto::profile_key_struct;
use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
@ -106,18 +106,6 @@ impl KeyPair {
V,
}
}
pub fn decrypt_blinded_pni_credential(
&self,
blinded_pni_credential: BlindedPniCredential,
) -> PniCredential {
let V = blinded_pni_credential.S2 - self.y * blinded_pni_credential.S1;
PniCredential {
t: blinded_pni_credential.t,
U: blinded_pni_credential.U,
V,
}
}
}
impl CiphertextWithSecretNonce {

402
rust/zkgroup/src/crypto/proofs.rs
View File

@ -48,11 +48,6 @@ pub struct ExpiringProfileKeyCredentialIssuanceProof {
poksho_proof: Vec<u8>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct PniCredentialIssuanceProof {
poksho_proof: Vec<u8>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct ReceiptCredentialIssuanceProof {
poksho_proof: Vec<u8>,
@ -125,21 +120,6 @@ pub struct ExpiringProfileKeyCredentialPresentationProof {
poksho_proof: Vec<u8>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct PniCredentialPresentationProofV2 {
C_x0: RistrettoPoint,
C_x1: RistrettoPoint,
C_y1: RistrettoPoint,
C_y2: RistrettoPoint,
C_y3: RistrettoPoint,
C_y4: RistrettoPoint,
C_y5: RistrettoPoint,
C_y6: RistrettoPoint,
C_V: RistrettoPoint,
C_z: RistrettoPoint,
poksho_proof: Vec<u8>,
}
#[derive(Serialize, Deserialize, Clone)]
pub struct ReceiptCredentialPresentationProof {
C_x0: RistrettoPoint,
@ -741,151 +721,6 @@ impl ExpiringProfileKeyCredentialIssuanceProof {
}
}
impl PniCredentialIssuanceProof {
pub fn get_poksho_statement() -> poksho::Statement {
let mut st = poksho::Statement::new();
st.add("C_W", &[("w", "G_w"), ("wprime", "G_wprime")]);
st.add(
"G_V-I",
&[
("x0", "G_x0"),
("x1", "G_x1"),
("y1", "G_y1"),
("y2", "G_y2"),
("y3", "G_y3"),
("y4", "G_y4"),
("y5", "G_y5"),
("y6", "G_y6"),
],
);
st.add("S1", &[("y3", "D1"), ("y4", "E1"), ("rprime", "G")]);
st.add(
"S2",
&[
("y3", "D2"),
("y4", "E2"),
("rprime", "Y"),
("w", "G_w"),
("x0", "U"),
("x1", "tU"),
("y1", "M1"),
("y2", "M2"),
("y5", "M5"),
("y6", "M6"),
],
);
st
}
pub fn new(
key_pair: credentials::KeyPair<credentials::PniCredential>,
request_public_key: profile_key_credential_request::PublicKey,
request: profile_key_credential_request::Ciphertext,
blinded_credential: credentials::BlindedPniCredentialWithSecretNonce,
uid: uid_struct::UidStruct,
pni: uid_struct::UidStruct,
sho: &mut Sho,
) -> Self {
let credentials_system = credentials::SystemParams::get_hardcoded();
let mut scalar_args = poksho::ScalarArgs::new();
scalar_args.add("w", key_pair.w);
scalar_args.add("wprime", key_pair.wprime);
scalar_args.add("x0", key_pair.x0);
scalar_args.add("x1", key_pair.x1);
scalar_args.add("y1", key_pair.y[1]);
scalar_args.add("y2", key_pair.y[2]);
scalar_args.add("y3", key_pair.y[3]);
scalar_args.add("y4", key_pair.y[4]);
scalar_args.add("y5", key_pair.y[5]);
scalar_args.add("y6", key_pair.y[6]);
scalar_args.add("rprime", blinded_credential.rprime);
let mut point_args = poksho::PointArgs::new();
point_args.add("C_W", key_pair.C_W);
point_args.add("G_w", credentials_system.G_w);
point_args.add("G_wprime", credentials_system.G_wprime);
point_args.add("G_V-I", credentials_system.G_V - key_pair.I);
point_args.add("G_x0", credentials_system.G_x0);
point_args.add("G_x1", credentials_system.G_x1);
point_args.add("G_y1", credentials_system.G_y[1]);
point_args.add("G_y2", credentials_system.G_y[2]);
point_args.add("G_y3", credentials_system.G_y[3]);
point_args.add("G_y4", credentials_system.G_y[4]);
point_args.add("G_y5", credentials_system.G_y[5]);
point_args.add("G_y6", credentials_system.G_y[6]);
point_args.add("S1", blinded_credential.S1);
point_args.add("D1", request.D1);
point_args.add("E1", request.E1);
point_args.add("S2", blinded_credential.S2);
point_args.add("D2", request.D2);
point_args.add("E2", request.E2);
point_args.add("Y", request_public_key.Y);
point_args.add("U", blinded_credential.U);
point_args.add("tU", blinded_credential.t * blinded_credential.U);
point_args.add("M1", uid.M1);
point_args.add("M2", uid.M2);
point_args.add("M5", pni.M1);
point_args.add("M6", pni.M2);
let poksho_proof = Self::get_poksho_statement()
.prove(
&scalar_args,
&point_args,
&[],
&sho.squeeze(RANDOMNESS_LEN)[..],
)
.unwrap();
Self { poksho_proof }
}
pub fn verify(
&self,
credentials_public_key: credentials::PublicKey,
request_public_key: profile_key_credential_request::PublicKey,
uid_bytes: UidBytes,
pni_bytes: UidBytes,
request: profile_key_credential_request::Ciphertext,
blinded_credential: credentials::BlindedPniCredential,
) -> Result<(), ZkGroupVerificationFailure> {
let credentials_system = credentials::SystemParams::get_hardcoded();
let uid = uid_struct::UidStruct::new(uid_bytes);
let pni = uid_struct::UidStruct::new(pni_bytes);
let mut point_args = poksho::PointArgs::new();
point_args.add("C_W", credentials_public_key.C_W);
point_args.add("G_w", credentials_system.G_w);
point_args.add("G_wprime", credentials_system.G_wprime);
point_args.add("G_V-I", credentials_system.G_V - credentials_public_key.I);
point_args.add("G_x0", credentials_system.G_x0);
point_args.add("G_x1", credentials_system.G_x1);
point_args.add("G_y1", credentials_system.G_y[1]);
point_args.add("G_y2", credentials_system.G_y[2]);
point_args.add("G_y3", credentials_system.G_y[3]);
point_args.add("G_y4", credentials_system.G_y[4]);
point_args.add("G_y5", credentials_system.G_y[5]);
point_args.add("G_y6", credentials_system.G_y[6]);
point_args.add("S1", blinded_credential.S1);
point_args.add("D1", request.D1);
point_args.add("E1", request.E1);
point_args.add("S2", blinded_credential.S2);
point_args.add("D2", request.D2);
point_args.add("E2", request.E2);
point_args.add("Y", request_public_key.Y);
point_args.add("U", blinded_credential.U);
point_args.add("tU", blinded_credential.t * blinded_credential.U);
point_args.add("M1", uid.M1);
point_args.add("M2", uid.M2);
point_args.add("M5", pni.M1);
point_args.add("M6", pni.M2);
match Self::get_poksho_statement().verify_proof(&self.poksho_proof, &point_args, &[]) {
Err(_) => Err(ZkGroupVerificationFailure),
Ok(_) => Ok(()),
}
}
}
impl ReceiptCredentialIssuanceProof {
pub fn get_poksho_statement() -> poksho::Statement {
let mut st = poksho::Statement::new();
@ -1781,243 +1616,6 @@ impl ExpiringProfileKeyCredentialPresentationProof {
}
}
impl PniCredentialPresentationProofV2 {
pub fn get_poksho_statement() -> poksho::Statement {
let mut st = poksho::Statement::new();
st.add("C_z", &[("z", "G_z")]);
st.add("Z", &[("z", "I")]);
st.add("C_x1", &[("t", "C_x0"), ("z0", "G_x0"), ("z", "G_x1")]);
st.add(
"A+B",
&[
("a1", "G_a1"),
("a2", "G_a2"),
("b1", "G_b1"),
("b2", "G_b2"),
],
);
st.add("C_y2-E_A2", &[("z", "G_y2"), ("a2", "-E_A1")]);
st.add("E_A1", &[("a1", "C_y1"), ("z1", "G_y1")]);
st.add("C_y4-E_B2", &[("z", "G_y4"), ("b2", "-E_B1")]);
st.add("E_B1", &[("b1", "C_y3"), ("z2", "G_y3")]);
st.add("C_y6-E_C2", &[("z", "G_y6"), ("a2", "-E_C1")]);
st.add("E_C1", &[("a1", "C_y5"), ("z1", "G_y5")]);
st.add("0", &[("z1", "I"), ("a1", "Z")]);
st.add("0", &[("z2", "I"), ("b1", "Z")]);
st
}
#[allow(clippy::too_many_arguments)]
pub fn new(
uid_enc_key_pair: uid_encryption::KeyPair,
profile_key_enc_key_pair: profile_key_encryption::KeyPair,
credentials_public_key: credentials::PublicKey,
credential: credentials::PniCredential,
uid_ciphertext: uid_encryption::Ciphertext,
pni_ciphertext: uid_encryption::Ciphertext,
profile_key_ciphertext: profile_key_encryption::Ciphertext,
uid_bytes: UidBytes,
pni_bytes: UidBytes,
profile_key_bytes: ProfileKeyBytes,
sho: &mut Sho,
) -> Self {
let credentials_system = credentials::SystemParams::get_hardcoded();
let uid_system = uid_encryption::SystemParams::get_hardcoded();
let profile_key_system = profile_key_encryption::SystemParams::get_hardcoded();
let uid = uid_struct::UidStruct::new(uid_bytes);
let profile_key = profile_key_struct::ProfileKeyStruct::new(profile_key_bytes, uid_bytes);
let pni = uid_struct::UidStruct::new(pni_bytes);
let z = sho.get_scalar();
let C_y1 = z * credentials_system.G_y[1] + uid.M1;
let C_y2 = z * credentials_system.G_y[2] + uid.M2;
let C_y3 = z * credentials_system.G_y[3] + profile_key.M3;
let C_y4 = z * credentials_system.G_y[4] + profile_key.M4;
let C_y5 = z * credentials_system.G_y[5] + pni.M1;
let C_y6 = z * credentials_system.G_y[6] + pni.M2;
let C_x0 = z * credentials_system.G_x0 + credential.U;
let C_V = z * credentials_system.G_V + credential.V;
let C_x1 = z * credentials_system.G_x1 + credential.t * credential.U;
let C_z = z * credentials_system.G_z;
let z0 = -z * credential.t;
let z1 = -z * uid_enc_key_pair.a1;
let z2 = -z * profile_key_enc_key_pair.b1;
let I = credentials_public_key.I;
let Z = z * I;
// Scalars listed in order of stmts for debugging
let mut scalar_args = poksho::ScalarArgs::new();
scalar_args.add("z", z);
scalar_args.add("t", credential.t);
scalar_args.add("z0", z0);
scalar_args.add("a1", uid_enc_key_pair.a1);
scalar_args.add("a2", uid_enc_key_pair.a2);
scalar_args.add("b1", profile_key_enc_key_pair.b1);
scalar_args.add("b2", profile_key_enc_key_pair.b2);
scalar_args.add("z1", z1);
scalar_args.add("z2", z2);
// Points listed in order of stmts for debugging
let mut point_args = poksho::PointArgs::new();
point_args.add("C_z", C_z);
point_args.add("G_z", credentials_system.G_z);
point_args.add("Z", Z);
point_args.add("I", I);
point_args.add("C_x1", C_x1);
point_args.add("C_x0", C_x0);
point_args.add("G_x0", credentials_system.G_x0);
point_args.add("G_x1", credentials_system.G_x1);
point_args.add("A+B", uid_enc_key_pair.A + profile_key_enc_key_pair.B);
point_args.add("G_a1", uid_system.G_a1);
point_args.add("G_a2", uid_system.G_a2);
point_args.add("G_b1", profile_key_system.G_b1);
point_args.add("G_b2", profile_key_system.G_b2);
point_args.add("C_y2-E_A2", C_y2 - uid_ciphertext.E_A2);
point_args.add("G_y2", credentials_system.G_y[2]);
point_args.add("-E_A1", -uid_ciphertext.E_A1);
point_args.add("E_A1", uid_ciphertext.E_A1);
point_args.add("C_y1", C_y1);
point_args.add("G_y1", credentials_system.G_y[1]);
point_args.add("C_y4-E_B2", C_y4 - profile_key_ciphertext.E_B2);
point_args.add("G_y4", credentials_system.G_y[4]);
point_args.add("-E_B1", -profile_key_ciphertext.E_B1);
point_args.add("E_B1", profile_key_ciphertext.E_B1);
point_args.add("C_y3", C_y3);
point_args.add("G_y3", credentials_system.G_y[3]);
point_args.add("C_y6-E_C2", C_y6 - pni_ciphertext.E_A2);
point_args.add("G_y6", credentials_system.G_y[6]);
point_args.add("-E_C1", -pni_ciphertext.E_A1);
point_args.add("E_C1", pni_ciphertext.E_A1);
point_args.add("C_y5", C_y5);
point_args.add("G_y5", credentials_system.G_y[5]);
point_args.add("0", RistrettoPoint::identity());
let poksho_proof = Self::get_poksho_statement()
.prove(
&scalar_args,
&point_args,
&[],
&sho.squeeze(RANDOMNESS_LEN)[..],
)
.unwrap();
Self {
C_y1,
C_y2,
C_y3,
C_y4,
C_y5,
C_y6,
C_x0,
C_x1,
C_V,
C_z,
poksho_proof,
}
}
pub fn verify(
&self,
credentials_key_pair: credentials::KeyPair<credentials::PniCredential>,
uid_ciphertext: uid_encryption::Ciphertext,
uid_enc_public_key: uid_encryption::PublicKey,
profile_key_ciphertext: profile_key_encryption::Ciphertext,
profile_key_enc_public_key: profile_key_encryption::PublicKey,
pni_ciphertext: uid_encryption::Ciphertext,
) -> Result<(), ZkGroupVerificationFailure> {
let uid_enc_system = uid_encryption::SystemParams::get_hardcoded();
let profile_key_enc_system = profile_key_encryption::SystemParams::get_hardcoded();
let credentials_system = credentials::SystemParams::get_hardcoded();
let Self {
C_x0,
C_x1,
C_y1,
C_y2,
C_y3,
C_y4,
C_y5,
C_y6,
C_V,
C_z,
poksho_proof,
} = self;
let credentials::KeyPair {
W,
x0,
x1,
y: OneBased([y1, y2, y3, y4, y5, y6]),
I,
..
} = credentials_key_pair;
let Z = C_V
- W
- (x0 * C_x0)
- (x1 * C_x1)
- (y1 * C_y1)
- (y2 * C_y2)
- (y3 * C_y3)
- (y4 * C_y4)
- (y5 * C_y5)
- (y6 * C_y6);
// Points listed in order of stmts for debugging
let mut point_args = poksho::PointArgs::new();
point_args.add("C_z", *C_z);
point_args.add("G_z", credentials_system.G_z);
point_args.add("Z", Z);
point_args.add("I", I);
point_args.add("C_x1", *C_x1);
point_args.add("C_x0", *C_x0);
point_args.add("G_x0", credentials_system.G_x0);
point_args.add("G_x1", credentials_system.G_x1);
point_args.add("A+B", uid_enc_public_key.A + profile_key_enc_public_key.B);
point_args.add("G_a1", uid_enc_system.G_a1);
point_args.add("G_a2", uid_enc_system.G_a2);
point_args.add("G_b1", profile_key_enc_system.G_b1);
point_args.add("G_b2", profile_key_enc_system.G_b2);
point_args.add("C_y2-E_A2", C_y2 - uid_ciphertext.E_A2);
point_args.add("G_y2", credentials_system.G_y[2]);
point_args.add("-E_A1", -uid_ciphertext.E_A1);
point_args.add("E_A1", uid_ciphertext.E_A1);
point_args.add("C_y1", *C_y1);
point_args.add("G_y1", credentials_system.G_y[1]);
point_args.add("C_y4-E_B2", C_y4 - profile_key_ciphertext.E_B2);
point_args.add("G_y4", credentials_system.G_y[4]);
point_args.add("-E_B1", -profile_key_ciphertext.E_B1);
point_args.add("E_B1", profile_key_ciphertext.E_B1);
point_args.add("C_y3", *C_y3);
point_args.add("G_y3", credentials_system.G_y[3]);
point_args.add("C_y6-E_C2", C_y6 - pni_ciphertext.E_A2);
point_args.add("G_y6", credentials_system.G_y[6]);
point_args.add("-E_C1", -pni_ciphertext.E_A1);
point_args.add("E_C1", pni_ciphertext.E_A1);
point_args.add("C_y5", *C_y5);
point_args.add("G_y5", credentials_system.G_y[5]);
point_args.add("0", RistrettoPoint::identity());
match Self::get_poksho_statement().verify_proof(poksho_proof, &point_args, &[]) {
Err(_) => Err(ZkGroupVerificationFailure),
Ok(_) => Ok(()),
}
}
}
impl ReceiptCredentialPresentationProof {
pub fn get_poksho_statement() -> poksho::Statement {
let mut st = poksho::Statement::new();

218
rust/zkgroup/tests/integration_tests.rs
View File

@ -269,118 +269,6 @@ pub const PROFILE_KEY_CREDENTIAL_PRESENTATION_V3_RESULT: &[u8] = &[
0x00,
];
pub const PNI_CREDENTIAL_PRESENTATION_V1: &[u8] = &[
0x00, 0xfe, 0xcc, 0x5f, 0x71, 0xd4, 0x0d, 0xbd, 0x45, 0x91, 0x2d, 0x0d, 0xe9, 0xc1, 0xed, 0x03,
0x3c, 0x7e, 0xb1, 0xc4, 0x75, 0x5e, 0x19, 0xcb, 0x62, 0x41, 0xed, 0xe6, 0xa6, 0xa9, 0x9f, 0x65,
0x54, 0x5e, 0x87, 0x0a, 0x80, 0x68, 0x54, 0xc5, 0x00, 0x0d, 0x43, 0x6d, 0xb6, 0x01, 0xa8, 0x9f,
0x72, 0xb9, 0xb3, 0x99, 0xf0, 0xef, 0xa2, 0x77, 0x47, 0x37, 0x16, 0xe8, 0xbc, 0x20, 0xc9, 0x84,
0x76, 0x62, 0x50, 0x93, 0x75, 0x55, 0x60, 0x4f, 0x2d, 0x2f, 0xcd, 0xd2, 0x63, 0xc6, 0x0f, 0x2f,
0x72, 0xb5, 0xa0, 0x4d, 0x9b, 0xbb, 0xc6, 0xf9, 0x5c, 0x78, 0x08, 0x5f, 0x81, 0xaa, 0xf0, 0x7d,
0x33, 0x16, 0xa2, 0xdb, 0xd1, 0xef, 0x85, 0xbb, 0x64, 0x2d, 0x5d, 0xa6, 0xd0, 0x0d, 0x03, 0xfe,
0xd8, 0x09, 0x72, 0x76, 0xbf, 0x17, 0xa1, 0x13, 0xa4, 0x40, 0x18, 0xd7, 0x73, 0xc9, 0x11, 0x6c,
0x33, 0xac, 0x86, 0x83, 0x7d, 0x4f, 0x5c, 0x41, 0xfb, 0x70, 0x15, 0x3f, 0x3d, 0x65, 0x5c, 0x0b,
0x68, 0x98, 0x2f, 0xae, 0x01, 0x11, 0x34, 0x60, 0xdb, 0x75, 0xea, 0x70, 0x99, 0xef, 0x7e, 0x91,
0x0c, 0xbe, 0x0b, 0xd6, 0x06, 0x87, 0x0d, 0xf5, 0x55, 0x22, 0xf9, 0xd0, 0xb1, 0xbe, 0xe1, 0xb1,
0xab, 0x2f, 0x3b, 0x9c, 0xd3, 0x56, 0x3a, 0x42, 0x26, 0x84, 0xeb, 0xcf, 0xdb, 0x1f, 0xda, 0xda,
0x27, 0xac, 0xb4, 0xd4, 0x8c, 0x7d, 0xb9, 0xc6, 0xb1, 0x38, 0x9c, 0x67, 0x42, 0xa8, 0xf8, 0x25,
0x7b, 0xb7, 0x0f, 0x54, 0x30, 0xfe, 0xb4, 0xa4, 0x38, 0x00, 0x7f, 0xb3, 0x3e, 0x79, 0x10, 0xda,
0x3b, 0x9a, 0x09, 0x97, 0xd7, 0xd3, 0x5c, 0x6c, 0x93, 0xa8, 0xd4, 0x59, 0x49, 0xd0, 0x1f, 0x88,
0xb4, 0x97, 0xc8, 0x22, 0xb0, 0x12, 0x7b, 0x3f, 0xc5, 0x7c, 0xfa, 0xee, 0x90, 0xbc, 0xf7, 0xd4,
0x19, 0x14, 0xf6, 0xf0, 0xf8, 0xfa, 0x0a, 0xcd, 0x82, 0xe0, 0x04, 0xca, 0xaa, 0xd1, 0xc9, 0xfe,
0xec, 0x2f, 0xb6, 0x7f, 0x58, 0x93, 0x6a, 0xe7, 0xa9, 0x2a, 0x28, 0x5d, 0xc1, 0x5b, 0x23, 0x48,
0x6a, 0x02, 0x72, 0xe8, 0x64, 0xf3, 0xae, 0x97, 0x69, 0xd6, 0x50, 0xfd, 0xd0, 0x89, 0x87, 0x39,
0xad, 0x28, 0xe2, 0x59, 0xe8, 0xda, 0xe7, 0x39, 0x07, 0xca, 0xa8, 0xff, 0x69, 0xa5, 0x3a, 0x85,
0x1e, 0x40, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf2, 0x6c, 0x70, 0x4b, 0x8d, 0xaf, 0x38,
0xa4, 0x64, 0x81, 0x0e, 0xca, 0x85, 0x89, 0x54, 0x15, 0x21, 0xe0, 0x53, 0x22, 0x1d, 0xd8, 0x30,
0x86, 0x6b, 0xf7, 0x7d, 0xa0, 0x25, 0xcd, 0xc2, 0x04, 0x1e, 0x33, 0xf7, 0x3e, 0x42, 0xc7, 0x03,
0x87, 0x70, 0x9a, 0xcb, 0xac, 0x0d, 0xf4, 0x6d, 0x01, 0x55, 0xe6, 0xbf, 0x6f, 0x79, 0x52, 0xdd,
0xc3, 0x28, 0x9a, 0x16, 0xca, 0x68, 0x2e, 0x74, 0x0d, 0xf7, 0x40, 0x3c, 0xc1, 0x2c, 0xbe, 0x0c,
0xd5, 0x4a, 0x7b, 0x0d, 0xe0, 0x8e, 0xec, 0x4f, 0x7c, 0xdc, 0xe5, 0x29, 0x96, 0x88, 0x0e, 0xf5,
0xdb, 0x74, 0xbc, 0xc4, 0xe8, 0xe7, 0x8d, 0x62, 0x0d, 0xa4, 0xd2, 0x1f, 0xf1, 0x37, 0xb2, 0x9d,
0xf3, 0xa1, 0xa0, 0x8d, 0x14, 0xb9, 0x22, 0x4c, 0x91, 0xef, 0x05, 0xa1, 0xac, 0x0a, 0x7c, 0xfe,
0x14, 0x2b, 0x22, 0x78, 0x53, 0xc9, 0x0b, 0xb9, 0x0d, 0xb0, 0xcf, 0x3d, 0x63, 0x11, 0x56, 0x0e,
0x49, 0xca, 0x52, 0x98, 0x3f, 0x9e, 0xfc, 0x54, 0xec, 0xb6, 0x1f, 0x55, 0x2d, 0x6a, 0x85, 0x08,
0x88, 0x71, 0xef, 0x4d, 0x0f, 0x58, 0x62, 0xdd, 0x04, 0xaf, 0xf9, 0x3f, 0xd9, 0x7b, 0x78, 0x16,
0x18, 0x1d, 0x38, 0xbc, 0xb3, 0x0f, 0x71, 0xea, 0xeb, 0x9e, 0xff, 0x2b, 0xa6, 0x30, 0x91, 0x6e,
0xac, 0x35, 0x5f, 0x45, 0x70, 0x3a, 0x8c, 0x78, 0x0e, 0x85, 0x79, 0xb2, 0x79, 0x3d, 0x4f, 0xb7,
0x2e, 0x00, 0x1d, 0x15, 0xe2, 0x3b, 0xed, 0xcb, 0x3c, 0x82, 0x7f, 0xc5, 0x59, 0xef, 0x7a, 0xdb,
0x6d, 0xa2, 0xec, 0x33, 0x29, 0x1b, 0x86, 0xbf, 0x0d, 0xb2, 0xad, 0x4a, 0x3a, 0x0c, 0xb9, 0x23,
0x3d, 0x3a, 0xf9, 0x67, 0xd9, 0x30, 0x15, 0x05, 0xb8, 0x8d, 0x15, 0x7b, 0x34, 0x36, 0xae, 0x61,
0x22, 0x69, 0x67, 0x18, 0xd8, 0x12, 0xb2, 0x70, 0x02, 0xcd, 0xce, 0x4c, 0x80, 0x76, 0x10, 0xf2,
0xde, 0x7c, 0xec, 0x4a, 0x03, 0x93, 0x3d, 0xa6, 0x4a, 0x63, 0x19, 0xea, 0xb4, 0xac, 0x06, 0x30,
0xc9, 0x9d, 0x0e, 0x62, 0x77, 0x99, 0x74, 0xe8, 0x03, 0x8f, 0xf5, 0x05, 0x32, 0x75, 0x37, 0x8c,
0x1b, 0x41, 0xdd, 0x7b, 0xb5, 0xf8, 0xf4, 0xc1, 0x1d, 0xaa, 0x4c, 0xd1, 0x9f, 0xde, 0xc4, 0xd0,
0x22, 0x28, 0x50, 0xc6, 0x06, 0x85, 0x7c, 0x99, 0x0e, 0x76, 0x5d, 0xe9, 0xdf, 0x4c, 0xfa, 0x54,
0x87, 0xf3, 0x60, 0xe2, 0x9e, 0x99, 0x34, 0x3e, 0x91, 0x81, 0x1b, 0xae, 0xc3, 0x31, 0xc4, 0x68,
0x09, 0x85, 0xe6, 0x08, 0xca, 0x5d, 0x40, 0x8e, 0x21, 0x72, 0x5c, 0x6a, 0xa1, 0xb6, 0x1d, 0x5a,
0x8b, 0x48, 0xd7, 0x5f, 0x4a, 0xaa, 0x9a, 0x3c, 0xbe, 0x88, 0xd3, 0xe0, 0xf1, 0xa5, 0x43, 0x19,
0x08, 0x1f, 0x77, 0xc7, 0x2c, 0x8f, 0x52, 0x54, 0x74, 0xfe, 0x74, 0x40, 0x90, 0x60, 0x61, 0x56,
0x79, 0xfc, 0x11, 0x54, 0x73, 0x68, 0x3d, 0x63, 0xab, 0xd9, 0xce, 0xd4, 0x6c, 0x7f, 0x2a, 0xd7,
0x36, 0x04, 0x6d, 0xe5, 0xa2, 0xc7, 0xd2, 0x52, 0x2f, 0x12, 0x28, 0x95, 0x59, 0x70, 0x49, 0xcf,
0xd7, 0xcc, 0x5b, 0xeb, 0x6d, 0xc7, 0x2a, 0xa9, 0x90, 0xae, 0x9a, 0x62, 0xec, 0x8e, 0x25, 0x6a,
0x1c, 0xbf, 0x5f, 0x3f, 0x28, 0x42, 0x33, 0xbb, 0x07, 0x48, 0xc0, 0x3a, 0xb4, 0xaf, 0xbf, 0x6b,
0x8f, 0xb0, 0xe1, 0x26, 0xc0, 0x37, 0xa0, 0xad, 0x40, 0x94, 0x60, 0x0d, 0xd0, 0xe0, 0x63, 0x4d,
0x76, 0xf8, 0x8c, 0x21, 0x08, 0x7f, 0x3c, 0xfb, 0x48, 0x5a, 0x89, 0xbc, 0x1e, 0x3a, 0xbc, 0x4c,
0x95, 0x04, 0x1d, 0x1d, 0x17, 0x0e, 0xcc, 0xf0, 0x29, 0x33, 0xec, 0x53, 0x93, 0xd4, 0xbe, 0x1d,
0xc5, 0x73, 0xf8, 0x3c, 0x33, 0xd3, 0xb9, 0xa7, 0x46,
];
pub const PNI_CREDENTIAL_PRESENTATION_V2_RESULT: [u8; zkgroup::PNI_CREDENTIAL_PRESENTATION_V2_LEN] = [
0x01, 0xf8, 0x87, 0xf4, 0x03, 0xdb, 0x1a, 0x80, 0xfa, 0x04, 0x04, 0x34, 0x13, 0x23, 0x3f, 0x56,
0xbf, 0x6c, 0x53, 0xbb, 0x07, 0x8c, 0x16, 0xd2, 0x4d, 0xf9, 0x3a, 0x21, 0x9d, 0x77, 0x85, 0x69,
0x68, 0x56, 0xd8, 0xf1, 0x97, 0xa0, 0x1c, 0x6e, 0x22, 0x3d, 0x4a, 0xce, 0xed, 0x1d, 0x60, 0xb9,
0x0b, 0x71, 0x3f, 0x45, 0x56, 0xab, 0x39, 0x40, 0x3b, 0x84, 0xc5, 0x1d, 0x72, 0x4c, 0xa9, 0xaa,
0x44, 0x88, 0x6d, 0x73, 0xbe, 0x15, 0xfc, 0xeb, 0xc9, 0x33, 0xf8, 0x35, 0xfc, 0x0f, 0x32, 0x10,
0xf8, 0xd7, 0xb8, 0xfa, 0x79, 0x40, 0xbf, 0x90, 0x69, 0xd5, 0x0d, 0xc4, 0xba, 0x83, 0xda, 0x8a,
0x0e, 0xd8, 0x6d, 0x6c, 0x33, 0xcd, 0x99, 0xa2, 0x5f, 0xe4, 0x69, 0x06, 0xd6, 0x55, 0xa7, 0xfe,
0xc5, 0xfe, 0xe5, 0x00, 0x52, 0x7a, 0x56, 0xea, 0x56, 0x89, 0xd1, 0x76, 0x53, 0x96, 0x90, 0x7b,
0x15, 0x3a, 0x86, 0xe4, 0x0e, 0xb2, 0x7b, 0x81, 0x20, 0x66, 0x1d, 0xfe, 0x59, 0xbb, 0x17, 0xaf,
0x10, 0x24, 0xeb, 0xd6, 0x97, 0xc2, 0xc3, 0x6c, 0x46, 0xf3, 0xa8, 0x5f, 0x8d, 0xc6, 0xf9, 0x27,
0x61, 0xb2, 0x9c, 0x84, 0x25, 0x68, 0x47, 0xb5, 0xf4, 0x20, 0x38, 0x6a, 0xc4, 0x1d, 0x6d, 0x81,
0xf8, 0xe6, 0x5a, 0x19, 0x5f, 0x2a, 0xb7, 0x00, 0x3c, 0x0f, 0xc2, 0x2f, 0xd9, 0x69, 0x87, 0x0e,
0x2c, 0x5c, 0x4a, 0xd4, 0xa9, 0xde, 0x38, 0xa8, 0xbd, 0xe7, 0x35, 0x09, 0xc4, 0x1e, 0x85, 0xac,
0xce, 0xf5, 0x9d, 0xb6, 0x99, 0x30, 0x97, 0x2b, 0x1c, 0x3f, 0xcb, 0x9c, 0x9a, 0xbd, 0x4c, 0x88,
0x4a, 0x3e, 0x91, 0xb4, 0xc2, 0x5b, 0x8f, 0xde, 0x3b, 0x5c, 0xac, 0x7c, 0x55, 0x44, 0x2f, 0x99,
0x6b, 0x3f, 0xd3, 0x71, 0x21, 0x10, 0xc7, 0xdd, 0x71, 0xc8, 0x47, 0xbe, 0x55, 0x21, 0x22, 0xb9,
0x47, 0x40, 0x21, 0x36, 0xb1, 0xc1, 0x6f, 0xe1, 0x8a, 0xcb, 0xa2, 0xe6, 0xa2, 0x77, 0xdc, 0x57,
0x17, 0x2a, 0xc7, 0x9d, 0x18, 0x92, 0x46, 0x06, 0x0d, 0x50, 0xdb, 0x1a, 0x7d, 0xc5, 0x31, 0xd0,
0x75, 0xec, 0x94, 0x14, 0xf8, 0x6e, 0x31, 0xa1, 0xb0, 0x40, 0x6c, 0xe1, 0x73, 0xb0, 0x9c, 0x1e,
0xab, 0xbe, 0xf2, 0xde, 0x11, 0x77, 0x49, 0xb3, 0xc5, 0x12, 0x49, 0x9d, 0x5f, 0x91, 0xe4, 0x69,
0x4e, 0x40, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x76, 0x9c, 0x0c, 0x6c, 0x31, 0x0e, 0xd2,
0xb8, 0xf4, 0xa1, 0xd1, 0xe6, 0xb8, 0x53, 0xd8, 0x3f, 0x5d, 0xa8, 0x13, 0x6e, 0x36, 0x60, 0x5f,
0xd6, 0x31, 0x97, 0x9c, 0xc6, 0x18, 0xd0, 0xe1, 0x02, 0xcc, 0x82, 0xe9, 0x05, 0x6d, 0x20, 0x31,
0x37, 0x9d, 0xe3, 0xe5, 0x7c, 0x04, 0x53, 0x0b, 0x20, 0x61, 0x7d, 0x0b, 0x24, 0x18, 0xb8, 0x95,
0x0c, 0x8a, 0x23, 0x94, 0x35, 0x5c, 0x6d, 0x40, 0x0f, 0x0e, 0x4f, 0x69, 0xb7, 0x59, 0x42, 0x03,
0x20, 0x67, 0x38, 0x2a, 0xe2, 0x44, 0x87, 0x0f, 0x58, 0x59, 0xa3, 0x57, 0x82, 0xcb, 0x81, 0xb1,
0x10, 0x6c, 0x5a, 0xae, 0x58, 0xdf, 0x1f, 0x11, 0x0d, 0xbf, 0x76, 0x1c, 0x3a, 0x52, 0xad, 0x5e,
0x3a, 0x87, 0x2f, 0x38, 0x5c, 0x30, 0x56, 0xbf, 0x2b, 0xe3, 0xd6, 0x78, 0x26, 0xcf, 0x33, 0xbc,
0x74, 0x3c, 0x1c, 0x25, 0xee, 0xd0, 0xed, 0xa2, 0x0f, 0x21, 0xde, 0x77, 0x39, 0x06, 0x65, 0x7b,
0x26, 0xe0, 0x9c, 0xf3, 0x88, 0xda, 0x23, 0x33, 0xdb, 0x60, 0xf7, 0x68, 0x86, 0x5e, 0x24, 0x05,
0xf4, 0xdf, 0x4f, 0x48, 0xb6, 0x40, 0x29, 0x5e, 0x02, 0x76, 0x25, 0x67, 0x8a, 0x81, 0x0d, 0xbf,
0x81, 0x11, 0x91, 0x8f, 0x7b, 0x12, 0x7f, 0xd9, 0xfb, 0x0b, 0x33, 0x25, 0x31, 0xec, 0x52, 0x06,
0x9b, 0x98, 0xab, 0xf9, 0x5b, 0xb4, 0xae, 0x73, 0x07, 0xd9, 0x6b, 0x9d, 0x50, 0xb6, 0xe7, 0x34,
0xff, 0x8a, 0xf9, 0x2d, 0x2c, 0x84, 0x17, 0x91, 0x97, 0x95, 0xa4, 0x6b, 0x97, 0xdf, 0x7a, 0x69,
0x2d, 0xf4, 0xea, 0x9b, 0x63, 0x81, 0x0e, 0xf7, 0x0d, 0xca, 0x68, 0x69, 0x3b, 0xbe, 0xc7, 0xe1,
0xf5, 0x24, 0x09, 0x43, 0x0d, 0xa6, 0x1c, 0xac, 0x92, 0x49, 0xca, 0x02, 0x21, 0x6a, 0x77, 0xb1,
0xf0, 0x8e, 0x59, 0x51, 0xa5, 0x07, 0x83, 0xca, 0x08, 0x8f, 0xa5, 0x99, 0x2b, 0x5e, 0xca, 0xf1,
0x41, 0x3d, 0xfe, 0x45, 0xf9, 0xef, 0x23, 0xb3, 0xc1, 0x20, 0x99, 0x41, 0x18, 0xb3, 0x25, 0x76,
0x3d, 0x66, 0xe6, 0x0c, 0x96, 0x47, 0xcc, 0x38, 0x02, 0x48, 0xa9, 0xda, 0x79, 0xe4, 0x6c, 0x17,
0xb6, 0xbb, 0x03, 0xa2, 0x3c, 0x39, 0x87, 0xce, 0xa8, 0x6a, 0xc1, 0x58, 0xd4, 0x5b, 0x78, 0xf1,
0xf9, 0xb9, 0x23, 0x47, 0x25, 0x21, 0xec, 0xb3, 0x0e, 0x76, 0x5d, 0xe9, 0xdf, 0x4c, 0xfa, 0x54,
0x87, 0xf3, 0x60, 0xe2, 0x9e, 0x99, 0x34, 0x3e, 0x91, 0x81, 0x1b, 0xae, 0xc3, 0x31, 0xc4, 0x68,
0x09, 0x85, 0xe6, 0x08, 0xca, 0x5d, 0x40, 0x8e, 0x21, 0x72, 0x5c, 0x6a, 0xa1, 0xb6, 0x1d, 0x5a,
0x8b, 0x48, 0xd7, 0x5f, 0x4a, 0xaa, 0x9a, 0x3c, 0xbe, 0x88, 0xd3, 0xe0, 0xf1, 0xa5, 0x43, 0x19,
0x08, 0x1f, 0x77, 0xc7, 0x2c, 0x8f, 0x52, 0x54, 0x74, 0xfe, 0x74, 0x40, 0x90, 0x60, 0x61, 0x56,
0x79, 0xfc, 0x11, 0x54, 0x73, 0x68, 0x3d, 0x63, 0xab, 0xd9, 0xce, 0xd4, 0x6c, 0x7f, 0x2a, 0xd7,
0x36, 0x04, 0x6d, 0xe5, 0xa2, 0xc7, 0xd2, 0x52, 0x2f, 0x12, 0x28, 0x95, 0x59, 0x70, 0x49, 0xcf,
0xd7, 0xcc, 0x5b, 0xeb, 0x6d, 0xc7, 0x2a, 0xa9, 0x90, 0xae, 0x9a, 0x62, 0xec, 0x8e, 0x25, 0x6a,
0x1c, 0xbf, 0x5f, 0x3f, 0x28, 0x42, 0x33, 0xbb, 0x07, 0x48, 0xc0, 0x3a, 0xb4, 0xaf, 0xbf, 0x6b,
0x8f, 0xb0, 0xe1, 0x26, 0xc0, 0x37, 0xa0, 0xad, 0x40, 0x94, 0x60, 0x0d, 0xd0, 0xe0, 0x63, 0x4d,
0x76, 0xf8, 0x8c, 0x21, 0x08, 0x7f, 0x3c, 0xfb, 0x48, 0x5a, 0x89, 0xbc, 0x1e, 0x3a, 0xbc, 0x4c,
0x95, 0x04, 0x1d, 0x1d, 0x17, 0x0e, 0xcc, 0xf0, 0x29, 0x33, 0xec, 0x53, 0x93, 0xd4, 0xbe, 0x1d,
0xc5, 0x73, 0xf8, 0x3c, 0x33, 0xd3, 0xb9, 0xa7, 0x46,
];
#[test]
fn test_integration_auth() {
let server_secret_params = zkgroup::ServerSecretParams::generate(zkgroup::TEST_ARRAY_32);
@ -873,112 +761,6 @@ fn test_integration_expiring_profile() {
profile_key_credential_response_bytes.copy_from_slice(&bincode::serialize(&response).unwrap());
}
#[test]
#[allow(deprecated)]
fn test_integration_pni() {
// SERVER
let server_secret_params = zkgroup::ServerSecretParams::generate(zkgroup::TEST_ARRAY_32);
let server_public_params = server_secret_params.get_public_params();
// CLIENT
let master_key = zkgroup::groups::GroupMasterKey::new(zkgroup::TEST_ARRAY_32_1);
let group_secret_params =
zkgroup::groups::GroupSecretParams::derive_from_master_key(master_key);
let group_public_params = group_secret_params.get_public_params();
let aci = zkgroup::TEST_ARRAY_16;
let pni = zkgroup::TEST_ARRAY_16_1;
let profile_key =
zkgroup::profiles::ProfileKey::create(zkgroup::common::constants::TEST_ARRAY_32_1);
let profile_key_commitment = profile_key.get_commitment(aci);
// Create context and request
let randomness = zkgroup::TEST_ARRAY_32_3;
let context = server_public_params.create_pni_credential_request_context(
randomness,
aci,
pni,
profile_key,
);
let request = context.get_request();
// SERVER
let randomness = zkgroup::TEST_ARRAY_32_4;
let response = server_secret_params
.issue_pni_credential(randomness, &request, aci, pni, profile_key_commitment)
.unwrap();
// CLIENT
// Gets stored profile credential
let pni_credential = server_public_params
.receive_pni_credential(&context, &response)
.unwrap();
// Create presentation
let randomness = zkgroup::TEST_ARRAY_32_5;
let presentation_v2 = server_public_params.create_pni_credential_presentation_v2(
randomness,
group_secret_params,
pni_credential,
);
let presentation_any = server_public_params.create_pni_credential_presentation(
randomness,
group_secret_params,
pni_credential,
);
let presentation_v2_bytes = &bincode::serialize(&presentation_v2).unwrap();
let presentation_any_bytes = &bincode::serialize(&presentation_any).unwrap();
//for b in presentation_bytes.iter() {
// print!("0x{:02x}, ", b);
//}
assert!(PNI_CREDENTIAL_PRESENTATION_V2_RESULT[..] == presentation_v2_bytes[..]);
assert!(PNI_CREDENTIAL_PRESENTATION_V2_RESULT[..] == presentation_any_bytes[..]);
let presentation_v2_parsed =
zkgroup::profiles::AnyPniCredentialPresentation::new(presentation_v2_bytes).unwrap();
server_secret_params
.verify_pni_credential_presentation(group_public_params, &presentation_v2_parsed)
.unwrap();
server_secret_params
.verify_pni_credential_presentation_v2(group_public_params, &presentation_v2)
.unwrap();
// test encoding
// these tests will also discover if the serialized sizes change,
// necessitating an update to the LEN constants
let mut pni_credential_bytes = [0u8; zkgroup::common::constants::PNI_CREDENTIAL_LEN];
let mut pni_credential_presentation_v2_bytes =
[0u8; zkgroup::common::constants::PNI_CREDENTIAL_PRESENTATION_V2_LEN];
let mut pni_credential_request_context_bytes =
[0u8; zkgroup::common::constants::PNI_CREDENTIAL_REQUEST_CONTEXT_LEN];
let mut pni_credential_response_bytes =
[0u8; zkgroup::common::constants::PNI_CREDENTIAL_RESPONSE_LEN];
pni_credential_bytes.copy_from_slice(&bincode::serialize(&pni_credential).unwrap());
pni_credential_presentation_v2_bytes
.copy_from_slice(&bincode::serialize(&presentation_v2).unwrap());
pni_credential_request_context_bytes.copy_from_slice(&bincode::serialize(&context).unwrap());
pni_credential_response_bytes.copy_from_slice(&bincode::serialize(&response).unwrap());
}
#[test]
fn test_pni_credential_presentation_v1_is_rejected() {
assert!(
zkgroup::profiles::AnyPniCredentialPresentation::new(PNI_CREDENTIAL_PRESENTATION_V1)
.is_err()
);
}
#[test]
fn test_server_sigs() {
let server_secret_params =

55
swift/Sources/LibSignalClient/zkgroup/ClientZkProfileOperations.swift
View File

@ -32,28 +32,6 @@ public class ClientZkProfileOperations {
}
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func createPniCredentialRequestContext(aci: UUID, pni: UUID, profileKey: ProfileKey) throws -> PniCredentialRequestContext {
return try createPniCredentialRequestContext(randomness: Randomness.generate(), aci: aci, pni: pni, profileKey: profileKey)
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func createPniCredentialRequestContext(randomness: Randomness, aci: UUID, pni: UUID, profileKey: ProfileKey) throws -> PniCredentialRequestContext {
return try serverPublicParams.withUnsafePointerToSerialized { serverPublicParams in
try randomness.withUnsafePointerToBytes { randomness in
try withUnsafePointer(to: aci.uuid) { aci in
try withUnsafePointer(to: pni.uuid) { pni in
try profileKey.withUnsafePointerToSerialized { profileKey in
try invokeFnReturningSerialized {
signal_server_public_params_create_pni_credential_request_context_deterministic($0, serverPublicParams, randomness, aci, pni, profileKey)
}
}
}
}
}
}
}
public func receiveProfileKeyCredential(profileKeyCredentialRequestContext: ProfileKeyCredentialRequestContext, profileKeyCredentialResponse: ProfileKeyCredentialResponse) throws -> ProfileKeyCredential {
return try serverPublicParams.withUnsafePointerToSerialized { serverPublicParams in
try profileKeyCredentialRequestContext.withUnsafePointerToSerialized { requestContext in
@ -82,19 +60,6 @@ public class ClientZkProfileOperations {
}
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func receivePniCredential(requestContext: PniCredentialRequestContext, response: PniCredentialResponse) throws -> PniCredential {
return try serverPublicParams.withUnsafePointerToSerialized { serverPublicParams in
try requestContext.withUnsafePointerToSerialized { requestContext in
try response.withUnsafePointerToSerialized { response in
try invokeFnReturningSerialized {
signal_server_public_params_receive_pni_credential($0, serverPublicParams, requestContext, response)
}
}
}
}
}
public func createProfileKeyCredentialPresentation(groupSecretParams: GroupSecretParams, profileKeyCredential: ProfileKeyCredential) throws -> ProfileKeyCredentialPresentation {
return try createProfileKeyCredentialPresentation(randomness: Randomness.generate(), groupSecretParams: groupSecretParams, profileKeyCredential: profileKeyCredential)
}
@ -131,24 +96,4 @@ public class ClientZkProfileOperations {
}
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func createPniCredentialPresentation(groupSecretParams: GroupSecretParams, credential: PniCredential) throws -> PniCredentialPresentation {
return try createPniCredentialPresentation(randomness: Randomness.generate(), groupSecretParams: groupSecretParams, credential: credential)
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func createPniCredentialPresentation(randomness: Randomness, groupSecretParams: GroupSecretParams, credential: PniCredential) throws -> PniCredentialPresentation {
return try serverPublicParams.withUnsafePointerToSerialized { serverPublicParams in
try randomness.withUnsafePointerToBytes { randomness in
try groupSecretParams.withUnsafePointerToSerialized { groupSecretParams in
try credential.withUnsafePointerToSerialized { credential in
try invokeFnReturningVariableLengthSerialized {
signal_server_public_params_create_pni_credential_presentation_deterministic($0, serverPublicParams, randomness, groupSecretParams, credential)
}
}
}
}
}
}
}

13
swift/Sources/LibSignalClient/zkgroup/PniCredential.swift
View File

@ -1,13 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
import SignalFfi
public class PniCredential: ByteArray {
public required init(contents: [UInt8]) throws {
try super.init(contents, checkValid: signal_pni_credential_check_valid_contents)
}
}

39
swift/Sources/LibSignalClient/zkgroup/PniCredentialPresentation.swift
View File

@ -1,39 +0,0 @@
//
// Copyright 2020-2022 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
import SignalFfi
public class PniCredentialPresentation: ByteArray {
public required init(contents: [UInt8]) throws {
try super.init(contents, checkValid: signal_pni_credential_presentation_check_valid_contents)
}
public func getAciCiphertext() throws -> UuidCiphertext {
return try withUnsafeBorrowedBuffer { buffer in
try invokeFnReturningSerialized {
signal_pni_credential_presentation_get_aci_ciphertext($0, buffer)
}
}
}
public func getPniCiphertext() throws -> UuidCiphertext {
return try withUnsafeBorrowedBuffer { buffer in
try invokeFnReturningSerialized {
signal_pni_credential_presentation_get_pni_ciphertext($0, buffer)
}
}
}
public func getProfileKeyCiphertext() throws -> ProfileKeyCiphertext {
return try withUnsafeBorrowedBuffer { buffer in
try invokeFnReturningSerialized {
signal_pni_credential_presentation_get_profile_key_ciphertext($0, buffer)
}
}
}
}

23
swift/Sources/LibSignalClient/zkgroup/PniCredentialRequestContext.swift
View File

@ -1,23 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
import SignalFfi
public class PniCredentialRequestContext: ByteArray {
public required init(contents: [UInt8]) throws {
try super.init(contents, checkValid: signal_pni_credential_request_context_check_valid_contents)
}
public func getRequest() throws -> ProfileKeyCredentialRequest {
return try withUnsafePointerToSerialized { contents in
try invokeFnReturningSerialized {
signal_pni_credential_request_context_get_request($0, contents)
}
}
}
}

13
swift/Sources/LibSignalClient/zkgroup/PniCredentialResponse.swift
View File

@ -1,13 +0,0 @@
//
// Copyright 2021 Signal Messenger, LLC.
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
import SignalFfi
public class PniCredentialResponse: ByteArray {
public required init(contents: [UInt8]) throws {
try super.init(contents, checkValid: signal_pni_credential_response_check_valid_contents)
}
}

35
swift/Sources/LibSignalClient/zkgroup/ServerZkProfileOperations.swift
View File

@ -54,30 +54,6 @@ public class ServerZkProfileOperations {
}
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func issuePniCredential(profileKeyCredentialRequest: ProfileKeyCredentialRequest, aci: UUID, pni: UUID, profileKeyCommitment: ProfileKeyCommitment) throws -> PniCredentialResponse {
return try issuePniCredential(randomness: Randomness.generate(), profileKeyCredentialRequest: profileKeyCredentialRequest, aci: aci, pni: pni, profileKeyCommitment: profileKeyCommitment)
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func issuePniCredential(randomness: Randomness, profileKeyCredentialRequest: ProfileKeyCredentialRequest, aci: UUID, pni: UUID, profileKeyCommitment: ProfileKeyCommitment) throws -> PniCredentialResponse {
return try serverSecretParams.withUnsafePointerToSerialized { serverSecretParams in
try randomness.withUnsafePointerToBytes { randomness in
try profileKeyCredentialRequest.withUnsafePointerToSerialized { request in
try withUnsafePointer(to: aci.uuid) { aci in
try withUnsafePointer(to: pni.uuid) { pni in
try profileKeyCommitment.withUnsafePointerToSerialized { commitment in
try invokeFnReturningSerialized {
signal_server_secret_params_issue_pni_credential_deterministic($0, serverSecretParams, randomness, request, aci, pni, commitment)
}
}
}
}
}
}
}
}
public func verifyProfileKeyCredentialPresentation(
groupPublicParams: GroupPublicParams,
profileKeyCredentialPresentation: ProfileKeyCredentialPresentation,
@ -92,15 +68,4 @@ public class ServerZkProfileOperations {
}
}
@available(*, deprecated, message: "superseded by AuthCredentialWithPni + ProfileKeyCredential")
public func verifyPniCredentialPresentation(groupPublicParams: GroupPublicParams, presentation: PniCredentialPresentation) throws {
try serverSecretParams.withUnsafePointerToSerialized { serverSecretParams in
try groupPublicParams.withUnsafePointerToSerialized { groupPublicParams in
try presentation.withUnsafeBorrowedBuffer { presentation in
try checkError(signal_server_secret_params_verify_pni_credential_presentation(serverSecretParams, groupPublicParams, presentation))
}
}
}
}
}

58
swift/Sources/SignalFfi/signal_ffi.h
View File

@ -50,14 +50,6 @@ SPDX-License-Identifier: AGPL-3.0-only
#define SignalAUTH_CREDENTIAL_WITH_PNI_RESPONSE_LEN 425
#define SignalPNI_CREDENTIAL_LEN 161
#define SignalPNI_CREDENTIAL_PRESENTATION_V2_LEN 841
#define SignalPNI_CREDENTIAL_REQUEST_CONTEXT_LEN 489
#define SignalPNI_CREDENTIAL_RESPONSE_LEN 521
#define SignalPROFILE_KEY_LEN 32
#define SignalPROFILE_KEY_CIPHERTEXT_LEN 65
@ -1110,12 +1102,6 @@ SignalFfiError *signal_group_public_params_check_valid_contents(SignalBorrowedBu
SignalFfiError *signal_group_secret_params_check_valid_contents(SignalBorrowedBuffer buffer);
SignalFfiError *signal_pni_credential_check_valid_contents(SignalBorrowedBuffer buffer);
SignalFfiError *signal_pni_credential_request_context_check_valid_contents(SignalBorrowedBuffer buffer);
SignalFfiError *signal_pni_credential_response_check_valid_contents(SignalBorrowedBuffer buffer);
SignalFfiError *signal_profile_key_check_valid_contents(SignalBorrowedBuffer buffer);
SignalFfiError *signal_profile_key_ciphertext_check_valid_contents(SignalBorrowedBuffer buffer);
@ -1236,13 +1222,6 @@ SignalFfiError *signal_server_public_params_create_profile_key_credential_reques
const uint8_t (*uuid)[16],
const unsigned char (*profile_key)[SignalPROFILE_KEY_LEN]);
SignalFfiError *signal_server_public_params_create_pni_credential_request_context_deterministic(unsigned char (*out)[SignalPNI_CREDENTIAL_REQUEST_CONTEXT_LEN],
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
const uint8_t (*aci)[16],
const uint8_t (*pni)[16],
const unsigned char (*profile_key)[SignalPROFILE_KEY_LEN]);
SignalFfiError *signal_server_public_params_receive_profile_key_credential(unsigned char (*out)[SignalPROFILE_KEY_CREDENTIAL_LEN],
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const unsigned char (*request_context)[SignalPROFILE_KEY_CREDENTIAL_REQUEST_CONTEXT_LEN],
@ -1254,11 +1233,6 @@ SignalFfiError *signal_server_public_params_receive_expiring_profile_key_credent
const unsigned char (*response)[SignalEXPIRING_PROFILE_KEY_CREDENTIAL_RESPONSE_LEN],
uint64_t current_time_in_seconds);
SignalFfiError *signal_server_public_params_receive_pni_credential(unsigned char (*out)[SignalPNI_CREDENTIAL_LEN],
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const unsigned char (*request_context)[SignalPNI_CREDENTIAL_REQUEST_CONTEXT_LEN],
const unsigned char (*response)[SignalPNI_CREDENTIAL_RESPONSE_LEN]);
SignalFfiError *signal_server_public_params_create_profile_key_credential_presentation_deterministic(SignalOwnedBuffer *out,
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
@ -1271,12 +1245,6 @@ SignalFfiError *signal_server_public_params_create_expiring_profile_key_credenti
const unsigned char (*group_secret_params)[SignalGROUP_SECRET_PARAMS_LEN],
const unsigned char (*profile_key_credential)[SignalEXPIRING_PROFILE_KEY_CREDENTIAL_LEN]);
SignalFfiError *signal_server_public_params_create_pni_credential_presentation_deterministic(SignalOwnedBuffer *out,
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
const unsigned char (*group_secret_params)[SignalGROUP_SECRET_PARAMS_LEN],
const unsigned char (*pni_credential)[SignalPNI_CREDENTIAL_LEN]);
SignalFfiError *signal_server_public_params_create_receipt_credential_request_context_deterministic(unsigned char (*out)[SignalRECEIPT_CREDENTIAL_REQUEST_CONTEXT_LEN],
const unsigned char (*server_public_params)[SignalSERVER_PUBLIC_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
@ -1325,23 +1293,11 @@ SignalFfiError *signal_server_secret_params_issue_expiring_profile_key_credentia
const unsigned char (*commitment)[SignalPROFILE_KEY_COMMITMENT_LEN],
uint64_t expiration_in_seconds);
SignalFfiError *signal_server_secret_params_issue_pni_credential_deterministic(unsigned char (*out)[SignalPNI_CREDENTIAL_RESPONSE_LEN],
const unsigned char (*server_secret_params)[SignalSERVER_SECRET_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
const unsigned char (*request)[SignalPROFILE_KEY_CREDENTIAL_REQUEST_LEN],
const uint8_t (*aci)[16],
const uint8_t (*pni)[16],
const unsigned char (*commitment)[SignalPROFILE_KEY_COMMITMENT_LEN]);
SignalFfiError *signal_server_secret_params_verify_profile_key_credential_presentation(const unsigned char (*server_secret_params)[SignalSERVER_SECRET_PARAMS_LEN],
const unsigned char (*group_public_params)[SignalGROUP_PUBLIC_PARAMS_LEN],
SignalBorrowedBuffer presentation_bytes,
uint64_t current_time_in_seconds);
SignalFfiError *signal_server_secret_params_verify_pni_credential_presentation(const unsigned char (*server_secret_params)[SignalSERVER_SECRET_PARAMS_LEN],
const unsigned char (*group_public_params)[SignalGROUP_PUBLIC_PARAMS_LEN],
SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_server_secret_params_issue_receipt_credential_deterministic(unsigned char (*out)[SignalRECEIPT_CREDENTIAL_RESPONSE_LEN],
const unsigned char (*server_secret_params)[SignalSERVER_SECRET_PARAMS_LEN],
const uint8_t (*randomness)[SignalRANDOMNESS_LEN],
@ -1373,9 +1329,6 @@ SignalFfiError *signal_auth_credential_presentation_get_redemption_time(uint64_t
SignalFfiError *signal_profile_key_credential_request_context_get_request(unsigned char (*out)[SignalPROFILE_KEY_CREDENTIAL_REQUEST_LEN],
const unsigned char (*context)[SignalPROFILE_KEY_CREDENTIAL_REQUEST_CONTEXT_LEN]);
SignalFfiError *signal_pni_credential_request_context_get_request(unsigned char (*out)[SignalPROFILE_KEY_CREDENTIAL_REQUEST_LEN],
const unsigned char (*context)[SignalPNI_CREDENTIAL_REQUEST_CONTEXT_LEN]);
SignalFfiError *signal_expiring_profile_key_credential_get_expiration_time(uint64_t *out,
const unsigned char (*credential)[SignalEXPIRING_PROFILE_KEY_CREDENTIAL_LEN]);
@ -1387,17 +1340,6 @@ SignalFfiError *signal_profile_key_credential_presentation_get_uuid_ciphertext(u
SignalFfiError *signal_profile_key_credential_presentation_get_profile_key_ciphertext(unsigned char (*out)[SignalPROFILE_KEY_CIPHERTEXT_LEN],
SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_pni_credential_presentation_check_valid_contents(SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_pni_credential_presentation_get_aci_ciphertext(unsigned char (*out)[SignalUUID_CIPHERTEXT_LEN],
SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_pni_credential_presentation_get_pni_ciphertext(unsigned char (*out)[SignalUUID_CIPHERTEXT_LEN],
SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_pni_credential_presentation_get_profile_key_ciphertext(unsigned char (*out)[SignalPROFILE_KEY_CIPHERTEXT_LEN],
SignalBorrowedBuffer presentation_bytes);
SignalFfiError *signal_receipt_credential_request_context_get_request(unsigned char (*out)[SignalRECEIPT_CREDENTIAL_REQUEST_LEN],
const unsigned char (*request_context)[SignalRECEIPT_CREDENTIAL_REQUEST_CONTEXT_LEN]);

104
swift/Tests/LibSignalClientTests/ZKGroupTests.swift
View File

@ -116,61 +116,6 @@ class ZKGroupTests: TestCaseBase {
0x95, 0x04, 0x1d, 0x1d, 0x17, 0x0e, 0xcc, 0xf0, 0x29, 0x33, 0xec, 0x53, 0x93, 0xd4, 0xbe, 0x1d,
0xc5, 0x73, 0xf8, 0x3c, 0x33, 0xd3, 0xb9, 0xa7, 0x46]
let pniPresentationResult: [UInt8] = [
0x01, 0xf8, 0x87, 0xf4, 0x03, 0xdb, 0x1a, 0x80, 0xfa, 0x04, 0x04, 0x34, 0x13, 0x23, 0x3f, 0x56,
0xbf, 0x6c, 0x53, 0xbb, 0x07, 0x8c, 0x16, 0xd2, 0x4d, 0xf9, 0x3a, 0x21, 0x9d, 0x77, 0x85, 0x69,
0x68, 0x56, 0xd8, 0xf1, 0x97, 0xa0, 0x1c, 0x6e, 0x22, 0x3d, 0x4a, 0xce, 0xed, 0x1d, 0x60, 0xb9,
0x0b, 0x71, 0x3f, 0x45, 0x56, 0xab, 0x39, 0x40, 0x3b, 0x84, 0xc5, 0x1d, 0x72, 0x4c, 0xa9, 0xaa,
0x44, 0x88, 0x6d, 0x73, 0xbe, 0x15, 0xfc, 0xeb, 0xc9, 0x33, 0xf8, 0x35, 0xfc, 0x0f, 0x32, 0x10,
0xf8, 0xd7, 0xb8, 0xfa, 0x79, 0x40, 0xbf, 0x90, 0x69, 0xd5, 0x0d, 0xc4, 0xba, 0x83, 0xda, 0x8a,
0x0e, 0xd8, 0x6d, 0x6c, 0x33, 0xcd, 0x99, 0xa2, 0x5f, 0xe4, 0x69, 0x06, 0xd6, 0x55, 0xa7, 0xfe,
0xc5, 0xfe, 0xe5, 0x00, 0x52, 0x7a, 0x56, 0xea, 0x56, 0x89, 0xd1, 0x76, 0x53, 0x96, 0x90, 0x7b,
0x15, 0x3a, 0x86, 0xe4, 0x0e, 0xb2, 0x7b, 0x81, 0x20, 0x66, 0x1d, 0xfe, 0x59, 0xbb, 0x17, 0xaf,
0x10, 0x24, 0xeb, 0xd6, 0x97, 0xc2, 0xc3, 0x6c, 0x46, 0xf3, 0xa8, 0x5f, 0x8d, 0xc6, 0xf9, 0x27,
0x61, 0xb2, 0x9c, 0x84, 0x25, 0x68, 0x47, 0xb5, 0xf4, 0x20, 0x38, 0x6a, 0xc4, 0x1d, 0x6d, 0x81,
0xf8, 0xe6, 0x5a, 0x19, 0x5f, 0x2a, 0xb7, 0x00, 0x3c, 0x0f, 0xc2, 0x2f, 0xd9, 0x69, 0x87, 0x0e,
0x2c, 0x5c, 0x4a, 0xd4, 0xa9, 0xde, 0x38, 0xa8, 0xbd, 0xe7, 0x35, 0x09, 0xc4, 0x1e, 0x85, 0xac,
0xce, 0xf5, 0x9d, 0xb6, 0x99, 0x30, 0x97, 0x2b, 0x1c, 0x3f, 0xcb, 0x9c, 0x9a, 0xbd, 0x4c, 0x88,
0x4a, 0x3e, 0x91, 0xb4, 0xc2, 0x5b, 0x8f, 0xde, 0x3b, 0x5c, 0xac, 0x7c, 0x55, 0x44, 0x2f, 0x99,
0x6b, 0x3f, 0xd3, 0x71, 0x21, 0x10, 0xc7, 0xdd, 0x71, 0xc8, 0x47, 0xbe, 0x55, 0x21, 0x22, 0xb9,
0x47, 0x40, 0x21, 0x36, 0xb1, 0xc1, 0x6f, 0xe1, 0x8a, 0xcb, 0xa2, 0xe6, 0xa2, 0x77, 0xdc, 0x57,
0x17, 0x2a, 0xc7, 0x9d, 0x18, 0x92, 0x46, 0x06, 0x0d, 0x50, 0xdb, 0x1a, 0x7d, 0xc5, 0x31, 0xd0,
0x75, 0xec, 0x94, 0x14, 0xf8, 0x6e, 0x31, 0xa1, 0xb0, 0x40, 0x6c, 0xe1, 0x73, 0xb0, 0x9c, 0x1e,
0xab, 0xbe, 0xf2, 0xde, 0x11, 0x77, 0x49, 0xb3, 0xc5, 0x12, 0x49, 0x9d, 0x5f, 0x91, 0xe4, 0x69,
0x4e, 0x40, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x76, 0x9c, 0x0c, 0x6c, 0x31, 0x0e, 0xd2,
0xb8, 0xf4, 0xa1, 0xd1, 0xe6, 0xb8, 0x53, 0xd8, 0x3f, 0x5d, 0xa8, 0x13, 0x6e, 0x36, 0x60, 0x5f,
0xd6, 0x31, 0x97, 0x9c, 0xc6, 0x18, 0xd0, 0xe1, 0x02, 0xcc, 0x82, 0xe9, 0x05, 0x6d, 0x20, 0x31,
0x37, 0x9d, 0xe3, 0xe5, 0x7c, 0x04, 0x53, 0x0b, 0x20, 0x61, 0x7d, 0x0b, 0x24, 0x18, 0xb8, 0x95,
0x0c, 0x8a, 0x23, 0x94, 0x35, 0x5c, 0x6d, 0x40, 0x0f, 0x0e, 0x4f, 0x69, 0xb7, 0x59, 0x42, 0x03,
0x20, 0x67, 0x38, 0x2a, 0xe2, 0x44, 0x87, 0x0f, 0x58, 0x59, 0xa3, 0x57, 0x82, 0xcb, 0x81, 0xb1,
0x10, 0x6c, 0x5a, 0xae, 0x58, 0xdf, 0x1f, 0x11, 0x0d, 0xbf, 0x76, 0x1c, 0x3a, 0x52, 0xad, 0x5e,
0x3a, 0x87, 0x2f, 0x38, 0x5c, 0x30, 0x56, 0xbf, 0x2b, 0xe3, 0xd6, 0x78, 0x26, 0xcf, 0x33, 0xbc,
0x74, 0x3c, 0x1c, 0x25, 0xee, 0xd0, 0xed, 0xa2, 0x0f, 0x21, 0xde, 0x77, 0x39, 0x06, 0x65, 0x7b,
0x26, 0xe0, 0x9c, 0xf3, 0x88, 0xda, 0x23, 0x33, 0xdb, 0x60, 0xf7, 0x68, 0x86, 0x5e, 0x24, 0x05,
0xf4, 0xdf, 0x4f, 0x48, 0xb6, 0x40, 0x29, 0x5e, 0x02, 0x76, 0x25, 0x67, 0x8a, 0x81, 0x0d, 0xbf,
0x81, 0x11, 0x91, 0x8f, 0x7b, 0x12, 0x7f, 0xd9, 0xfb, 0x0b, 0x33, 0x25, 0x31, 0xec, 0x52, 0x06,
0x9b, 0x98, 0xab, 0xf9, 0x5b, 0xb4, 0xae, 0x73, 0x07, 0xd9, 0x6b, 0x9d, 0x50, 0xb6, 0xe7, 0x34,
0xff, 0x8a, 0xf9, 0x2d, 0x2c, 0x84, 0x17, 0x91, 0x97, 0x95, 0xa4, 0x6b, 0x97, 0xdf, 0x7a, 0x69,
0x2d, 0xf4, 0xea, 0x9b, 0x63, 0x81, 0x0e, 0xf7, 0x0d, 0xca, 0x68, 0x69, 0x3b, 0xbe, 0xc7, 0xe1,
0xf5, 0x24, 0x09, 0x43, 0x0d, 0xa6, 0x1c, 0xac, 0x92, 0x49, 0xca, 0x02, 0x21, 0x6a, 0x77, 0xb1,
0xf0, 0x8e, 0x59, 0x51, 0xa5, 0x07, 0x83, 0xca, 0x08, 0x8f, 0xa5, 0x99, 0x2b, 0x5e, 0xca, 0xf1,
0x41, 0x3d, 0xfe, 0x45, 0xf9, 0xef, 0x23, 0xb3, 0xc1, 0x20, 0x99, 0x41, 0x18, 0xb3, 0x25, 0x76,
0x3d, 0x66, 0xe6, 0x0c, 0x96, 0x47, 0xcc, 0x38, 0x02, 0x48, 0xa9, 0xda, 0x79, 0xe4, 0x6c, 0x17,
0xb6, 0xbb, 0x03, 0xa2, 0x3c, 0x39, 0x87, 0xce, 0xa8, 0x6a, 0xc1, 0x58, 0xd4, 0x5b, 0x78, 0xf1,
0xf9, 0xb9, 0x23, 0x47, 0x25, 0x21, 0xec, 0xb3, 0x0e, 0x76, 0x5d, 0xe9, 0xdf, 0x4c, 0xfa, 0x54,
0x87, 0xf3, 0x60, 0xe2, 0x9e, 0x99, 0x34, 0x3e, 0x91, 0x81, 0x1b, 0xae, 0xc3, 0x31, 0xc4, 0x68,
0x09, 0x85, 0xe6, 0x08, 0xca, 0x5d, 0x40, 0x8e, 0x21, 0x72, 0x5c, 0x6a, 0xa1, 0xb6, 0x1d, 0x5a,
0x8b, 0x48, 0xd7, 0x5f, 0x4a, 0xaa, 0x9a, 0x3c, 0xbe, 0x88, 0xd3, 0xe0, 0xf1, 0xa5, 0x43, 0x19,
0x08, 0x1f, 0x77, 0xc7, 0x2c, 0x8f, 0x52, 0x54, 0x74, 0xfe, 0x74, 0x40, 0x90, 0x60, 0x61, 0x56,
0x79, 0xfc, 0x11, 0x54, 0x73, 0x68, 0x3d, 0x63, 0xab, 0xd9, 0xce, 0xd4, 0x6c, 0x7f, 0x2a, 0xd7,
0x36, 0x04, 0x6d, 0xe5, 0xa2, 0xc7, 0xd2, 0x52, 0x2f, 0x12, 0x28, 0x95, 0x59, 0x70, 0x49, 0xcf,
0xd7, 0xcc, 0x5b, 0xeb, 0x6d, 0xc7, 0x2a, 0xa9, 0x90, 0xae, 0x9a, 0x62, 0xec, 0x8e, 0x25, 0x6a,
0x1c, 0xbf, 0x5f, 0x3f, 0x28, 0x42, 0x33, 0xbb, 0x07, 0x48, 0xc0, 0x3a, 0xb4, 0xaf, 0xbf, 0x6b,
0x8f, 0xb0, 0xe1, 0x26, 0xc0, 0x37, 0xa0, 0xad, 0x40, 0x94, 0x60, 0x0d, 0xd0, 0xe0, 0x63, 0x4d,
0x76, 0xf8, 0x8c, 0x21, 0x08, 0x7f, 0x3c, 0xfb, 0x48, 0x5a, 0x89, 0xbc, 0x1e, 0x3a, 0xbc, 0x4c,
0x95, 0x04, 0x1d, 0x1d, 0x17, 0x0e, 0xcc, 0xf0, 0x29, 0x33, 0xec, 0x53, 0x93, 0xd4, 0xbe, 0x1d,
0xc5, 0x73, 0xf8, 0x3c, 0x33, 0xd3, 0xb9, 0xa7, 0x46]
let serverSignatureResult: [UInt8] = [ 0x87, 0xd3, 0x54, 0x56, 0x4d, 0x35,
0xef, 0x91, 0xed, 0xba, 0x85, 0x1e, 0x08, 0x15, 0x61, 0x2e, 0x86, 0x4c, 0x22,
0x7a, 0x04, 0x71, 0xd5, 0x0c, 0x27, 0x06, 0x98, 0x60, 0x44, 0x06, 0xd0, 0x03,
@ -398,55 +343,6 @@ class ZKGroupTests: TestCaseBase {
XCTAssertEqual(uuidCiphertext.serialize(), uuidCiphertextRecv.serialize())
}
@available(*, deprecated)
func testPniIntegration() throws {
let aci: UUID = TEST_ARRAY_16
let pni: UUID = TEST_ARRAY_16_1
// Generate keys (client's are per-group, server's are not)
// ---
// SERVER
let serverSecretParams = try ServerSecretParams.generate(randomness: TEST_ARRAY_32)
let serverPublicParams = try serverSecretParams.getPublicParams()
let serverZkProfile = ServerZkProfileOperations(serverSecretParams: serverSecretParams)
// CLIENT
let masterKey = try GroupMasterKey(contents: TEST_ARRAY_32_1)
let groupSecretParams = try GroupSecretParams.deriveFromMasterKey(groupMasterKey: masterKey)
XCTAssertEqual(try groupSecretParams.getMasterKey().serialize(), masterKey.serialize())
let groupPublicParams = try groupSecretParams.getPublicParams()
let clientZkProfileCipher = ClientZkProfileOperations(serverPublicParams: serverPublicParams)
let profileKey = try ProfileKey(contents: TEST_ARRAY_32_1)
let profileKeyCommitment = try profileKey.getCommitment(uuid: aci)
// Create context and request
let context = try clientZkProfileCipher.createPniCredentialRequestContext(randomness: TEST_ARRAY_32_3, aci: aci, pni: pni, profileKey: profileKey)
let request = try context.getRequest()
// SERVER
let response = try serverZkProfile.issuePniCredential(randomness: TEST_ARRAY_32_4, profileKeyCredentialRequest: request, aci: aci, pni: pni, profileKeyCommitment: profileKeyCommitment)
// CLIENT
// Gets stored profile credential
let clientZkGroupCipher = ClientZkGroupCipher(groupSecretParams: groupSecretParams)
let pniCredential = try clientZkProfileCipher.receivePniCredential(requestContext: context, response: response)
let presentation = try clientZkProfileCipher.createPniCredentialPresentation(randomness: TEST_ARRAY_32_5, groupSecretParams: groupSecretParams, credential: pniCredential)
XCTAssertEqual(presentation.serialize(), pniPresentationResult)
// Verify presentation
try serverZkProfile.verifyPniCredentialPresentation(groupPublicParams: groupPublicParams, presentation: presentation)
let aciCiphertextRecv = try presentation.getAciCiphertext()
XCTAssertEqual(try clientZkGroupCipher.encryptUuid(uuid: aci).serialize(), aciCiphertextRecv.serialize())
let pniCiphertextRecv = try presentation.getPniCiphertext()
XCTAssertEqual(try clientZkGroupCipher.encryptUuid(uuid: pni).serialize(), pniCiphertextRecv.serialize())
}
func testServerSignatures() throws {
let serverSecretParams = try ServerSecretParams.generate(randomness: TEST_ARRAY_32)
let serverPublicParams = try serverSecretParams.getPublicParams()