chore!: align to draft 16, update dependencies (#365)

* chore!: align to draft 16, update dependencies

* chore: fix toml formatting

.github/workflows/main.yml

@@ -236,7 +236,7 @@ jobs:
       - name: Install Taplo
         # Adding the --locked flag because of
         # https://github.com/tamasfe/taplo/issues/242
-        run: cargo install taplo-cli --locked 
+        run: cargo install taplo-cli --locked
 
       - name: Checkout sources
         uses: actions/checkout@main
@@ -249,4 +249,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 3.0.0-pre.6 (TBD)
+* Synced implementation with draft-irtf-cfrg-opaque-16
+  * **Breaking: protocol context string changed from `RFCXXXX` to `OPAQUEv1-`**
+* Dropped unmaintained json crate in favor of serde_json
+* Updated dependencies
+
 ## 3.0.0-pre.5 (September 18, 2024)
 * Increased MSRV to 1.74
 * Updated voprf dependency
@@ -15,6 +21,7 @@
 
 ## 3.0.0-pre.2 (March 14, 2023)
 * Updated VOPRF to draft 19
+  * **Breaking: backwards-incompatible changes introduced in OPRF protocol**
 * Added P384 testing support
 * Increased MSRV to 1.65
 * Updating dependencies

Cargo.toml

@@ -9,7 +9,7 @@ name = "opaque-ke"
 readme = "README.md"
 repository = "https://github.com/facebook/opaque-ke"
 rust-version = "1.74"
-version = "3.0.0-pre.5"
+version = "3.0.0-pre.6"
 
 [features]
 argon2 = ["dep:argon2"]
@@ -38,9 +38,9 @@ rand = { version = "0.8", default-features = false }
 serde = { version = "1", default-features = false, features = [
   "derive",
 ], optional = true }
-subtle = { version = "2.3", default-features = false }
+subtle = { version = "2.6", default-features = false }
 voprf = { version = "0.5", default-features = false, features = ["danger"] }
-zeroize = { version = "1.5", features = ["zeroize_derive"] }
+zeroize = { version = "1.8", features = ["zeroize_derive"] }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 getrandom = { version = "0.2", features = ["js"], optional = true }
@@ -50,7 +50,6 @@ bincode = "1"
 chacha20poly1305 = "0.10"
 criterion = "0.5"
 hex = "0.4"
-json = "0.12"
 p256 = { version = "0.13", default-features = false, features = [
   "hash2curve",
   "voprf",

README.md

@@ -1,13 +1,13 @@
 ##  The OPAQUE key exchange protocol ![Build Status](https://github.com/facebook/opaque-ke/workflows/Rust%20CI/badge.svg)
 
-[OPAQUE](https://eprint.iacr.org/2018/163.pdf) is an asymmetric password-authenticated key exchange protocol. It allows a client to authenticate to a server using a password, without ever having to expose the plaintext password to the server.
+[OPAQUE](https://eprint.iacr.org/2018/163.pdf) is an augmented password-authenticated key exchange protocol. It allows a client to authenticate to a server using a password, without ever having to expose the plaintext password to the server.
 
 This implementation is based on the [Internet Draft for OPAQUE](https://github.com/cfrg/draft-irtf-cfrg-opaque).
 
 Background
 ----------
 
-Asymmetric Password Authenticated Key Exchange (aPAKE) protocols are designed to provide password authentication and mutually authenticated key exchange without relying on PKI (except during user/password registration) and without disclosing passwords to servers or other entities other than the client machine.
+Augmented Password Authenticated Key Exchange (aPAKE) protocols are designed to provide password authentication and mutually authenticated key exchange without relying on PKI (except during user/password registration) and without disclosing passwords to servers or other entities other than the client machine.
 
 OPAQUE is a PKI-free aPAKE that is secure against pre-computation attacks and capable of using a secret salt.
 

deny.toml

@@ -9,6 +9,7 @@
 # The values provided in this template are the default values that will be used
 # when any section or field is not specified in your own configuration
 
+[graph]
 # If 1 or more target triples (and optionally, target_features) are specified,
 # only the specified targets will be checked when running `cargo deny check`.
 # This means, if a particular package is only ever used as a target specific
@@ -17,6 +18,7 @@
 # this list would mean the nix crate, as well as any of its exclusive
 # dependencies not shared by any other crates, would be ignored, as the target
 # list here is effectively saying which targets you are building for.
+all-features = true
 targets = [
   # The triple can be any string, but only the target triples built in to
   # rustc (as of 1.40) can be checked against actual config expressions
@@ -35,16 +37,8 @@ targets = [
 db-path = "~/.cargo/advisory-db"
 # The url of the advisory database to use
 db-urls = ["https://github.com/rustsec/advisory-db"]
-# The lint level for security vulnerabilities
-vulnerability = "deny"
-# The lint level for unmaintained crates
-unmaintained = "warn"
 # The lint level for crates that have been yanked from their source registry
 yanked = "warn"
-# The lint level for crates with security notices. Note that as of
-# 2019-12-17 there are no security notice advisories in
-# https://github.com/rustsec/advisory-db
-notice = "deny"
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
@@ -64,47 +58,26 @@ ignore = [
 # More documentation for the licenses section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
 [licenses]
-# The lint level for crates which do not have a detectable license
-unlicensed = "deny"
 # List of explictly allowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
 # [possible values: any SPDX 3.7 short identifier (+ optional exception)].
 allow = [
-  #"MIT",
-  #"Apache-2.0",
+  "MIT",
+  "BSD-3-Clause",
+  "Apache-2.0",
   #"Apache-2.0 WITH LLVM-exception",
 ]
-# List of explictly disallowed licenses
-# See https://spdx.org/licenses/ for list of possible licenses
-# [possible values: any SPDX 3.7 short identifier (+ optional exception)].
-deny = [
-  #"Nokia",
-]
-# Lint level for licenses considered copyleft
-copyleft = "warn"
-# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
-# * both - The license will be approved if it is both OSI-approved *AND* FSF
-# * either - The license will be approved if it is either OSI-approved *OR* FSF
-# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
-# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
-# * neither - This predicate is ignored and the default lint level is used
-allow-osi-fsf-free = "neither"
-# Lint level used when no other predicates are matched
-# 1. License isn't in the allow or deny lists
-# 2. License isn't copyleft
-# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
-default = "allow"
 # The confidence threshold for detecting a license from license text.
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.
 # [possible values: any between 0.0 and 1.0].
-confidence-threshold = 0.8
+confidence-threshold = 0.95
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
   # Each entry is the crate and version constraint, and its specific allow
   # list
-  #{ allow = ["Zlib"], name = "adler32", version = "*" },
+  { allow = ["Unicode-DFS-2016"], name = "unicode-ident", version = "*" },
 ]
 
 # Some crates don't have (easily) machine readable licensing information,

src/key_exchange/tripledh.rs

@@ -38,7 +38,7 @@ use crate::serialization::{Input, UpdateExt};
 ///////////////
 
 pub(crate) type NonceLen = U32;
-static STR_RFC: &[u8] = b"RFCXXXX";
+static STR_CONTEXT: &[u8] = b"OPAQUEv1-";
 static STR_CLIENT_MAC: &[u8] = b"ClientMAC";
 static STR_HANDSHAKE_SECRET: &[u8] = b"HandshakeSecret";
 static STR_SERVER_MAC: &[u8] = b"ServerMAC";
@@ -215,7 +215,7 @@ where
         let server_nonce = generate_nonce::<R>(rng);
 
         let mut transcript_hasher = D::new()
-            .chain(STR_RFC)
+            .chain(STR_CONTEXT)
             .chain_iter(
                 Input::<U2>::from(context)
                     .map_err(ProtocolError::into_custom)?
@@ -278,7 +278,7 @@ where
         context: &[u8],
     ) -> Result<GenerateKe3Result<Self, D, KG>, ProtocolError> {
         let mut transcript_hasher = D::new()
-            .chain(STR_RFC)
+            .chain(STR_CONTEXT)
             .chain_iter(Input::<U2>::from(context)?.iter())
             .chain_iter(id_u)
             .chain_iter(serialized_credential_request)

src/lib.rs

@@ -6,7 +6,7 @@
 // of this source tree. You may select, at your option, one of the above-listed
 // licenses.
 
-//! An implementation of the OPAQUE asymmetric password authentication key
+//! An implementation of the OPAQUE augmented password authentication key
 //! exchange protocol
 //!
 //! Note: This implementation is in sync with [draft-irtf-cfrg-opaque-16](https://datatracker.ietf.org/doc/draft-irtf-cfrg-opaque/16/),