some enhancements

Signed-off-by: bytemare <[email protected]>
bytemare · Apr 30, 2024 · 8ee5937 · 8ee5937
1 parent b2c2ba1
commit 8ee5937
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 54 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -85,6 +85,7 @@ jobs:
             -Dsonar.projectKey=bytemare_opaque
             -Dsonar.go.coverage.reportPaths=.github/coverage.out
             -Dsonar.sources=.
+            -Dsonar.exclusions=examples_test.go
             -Dsonar.test.exclusions=examples_test.go,tests/**
             -Dsonar.coverage.exclusions=examples_test.go,tests/**
             -Dsonar.tests=tests/

diff --git a/internal/ake/3dh.go b/internal/ake/3dh.go
@@ -30,7 +30,7 @@ func KeyGen(id group.Group) (privateKey, publicKey []byte) {
 func diffieHellman(s *group.Scalar, e *group.Element) *group.Element {
 	/*
 		if id == group.Ristretto255Sha512 || id == group.P256Sha256 {
-			b.Multiply(k)
+			e.Copy().Multiply(s)
 		}
 
 		if id == group.Cruve25519 {
@@ -70,15 +70,6 @@ type Options struct {
 }
 
 func (o *Options) init() {
-	/* This is currently unreachable as the callers correctly call this function with non-nil options
-	if options == nil {
-		options = &Options{
-			EphemeralSecretKey: nil,
-			Nonce:              nil,
-			NonceLength:        0,
-		}
-	}
-	*/
 	if o.KeyShareSeed == nil {
 		o.KeyShareSeed = internal.RandomBytes(internal.SeedLength)
 	}

diff --git a/message/credentials.go b/message/credentials.go
@@ -14,15 +14,15 @@ import (
 	"github.com/bytemare/opaque/internal/encoding"
 )
 
-// CredentialRequest represents credential request message.
+// CredentialRequest represents a credential request message.
 type CredentialRequest struct {
 	BlindedMessage *group.Element `json:"blindedMessage"`
 }
 
 // NewCredentialRequest returns a populated CredentialRequest.
-func NewCredentialRequest(message *group.Element) *CredentialRequest {
+func NewCredentialRequest(blindedMessage *group.Element) *CredentialRequest {
 	return &CredentialRequest{
-		BlindedMessage: message,
+		BlindedMessage: blindedMessage,
 	}
 }
 
@@ -31,18 +31,15 @@ func (c *CredentialRequest) Serialize() []byte {
 	return c.BlindedMessage.Encode()
 }
 
-// CredentialResponse represents credential response message.
+// CredentialResponse represents a credential response message.
 type CredentialResponse struct {
 	EvaluatedMessage *group.Element `json:"evaluatedMessage"`
 	MaskingNonce     []byte         `json:"maskingNonce"`
 	MaskedResponse   []byte         `json:"maskedResponse"`
 }
 
 // NewCredentialResponse returns a populated CredentialResponse.
-func NewCredentialResponse(
-	message *group.Element,
-	nonce, response []byte,
-) *CredentialResponse {
+func NewCredentialResponse(message *group.Element, nonce, response []byte) *CredentialResponse {
 	return &CredentialResponse{
 		EvaluatedMessage: message,
 		MaskingNonce:     nonce,

diff --git a/tests/fuzz_test.go b/tests/fuzz_test.go
@@ -30,6 +30,16 @@ const (
 	fmtGotValidInput = "got %q but input is valid"
 )
 
+// skipErrorOnCondition skips the test if we find the expected error in err and cond if false.
+func skipErrorOnCondition(t *testing.T, expected, err error, cond bool, val interface{}) {
+	if strings.Contains(expected.Error(), err.Error()) {
+		if cond {
+			t.Fatalf("got %q but input is valid: %q", err, val)
+		}
+		t.Skip()
+	}
+}
+
 func fuzzTestConfigurationError(t *testing.T, c *opaque.Configuration, err error) {
 	// Errors tested for
 	var (
@@ -41,42 +51,12 @@ func fuzzTestConfigurationError(t *testing.T, c *opaque.Configuration, err error
 		errInvalidAKEid  = errors.New("invalid AKE group id")
 	)
 
-	if strings.Contains(err.Error(), errInvalidKDFid.Error()) {
-		if hash.Hashing(c.KDF).Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidKDFid, c.KDF)
-		}
-		t.Skip()
-	}
-	if strings.Contains(err.Error(), errInvalidMACid.Error()) {
-		if hash.Hashing(c.MAC).Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidMACid, c.MAC)
-		}
-		t.Skip()
-	}
-	if strings.Contains(err.Error(), errInvalidHASHid.Error()) {
-		if hash.Hashing(c.Hash).Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidHASHid, c.Hash)
-		}
-		t.Skip()
-	}
-	if strings.Contains(err.Error(), errInvalidKSFid.Error()) {
-		if c.KSF.Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidKSFid, c.KSF)
-		}
-		t.Skip()
-	}
-	if strings.Contains(err.Error(), errInvalidOPRFid.Error()) {
-		if c.OPRF.OPRF().Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidOPRFid, c.OPRF)
-		}
-		t.Skip()
-	}
-	if strings.Contains(err.Error(), errInvalidAKEid.Error()) {
-		if c.AKE.Group().Available() {
-			t.Fatalf("got %q but input is valid: %q", errInvalidAKEid, c.AKE)
-		}
-		t.Skip()
-	}
+	skipErrorOnCondition(t, err, errInvalidKDFid, hash.Hashing(c.KDF).Available(), c.KDF)
+	skipErrorOnCondition(t, err, errInvalidMACid, hash.Hashing(c.MAC).Available(), c.MAC)
+	skipErrorOnCondition(t, err, errInvalidHASHid, hash.Hashing(c.Hash).Available(), c.Hash)
+	skipErrorOnCondition(t, err, errInvalidKSFid, c.KSF.Available(), c.KSF)
+	skipErrorOnCondition(t, err, errInvalidOPRFid, c.OPRF.OPRF().Available(), c.OPRF)
+	skipErrorOnCondition(t, err, errInvalidAKEid, c.AKE.Group().Available(), c.AKE)
 
 	t.Fatalf("Unrecognized error: %q", err)
 }

diff --git a/tests/testdata/fuzz/FuzzConfiguration/9c7be5871d57b46a b/tests/testdata/fuzz/FuzzConfiguration/9c7be5871d57b46a
@@ -0,0 +1,9 @@
+go test fuzz v1
+[]byte("")
+[]byte("0")
+uint(89)
+uint(5)
+uint(3)
+[]byte("P256-SHA2\x016")
+byte('\x00')
+byte('\x03')