update ci pins and upgraded to go 1.21

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>
bytemare · Oct 9, 2023 · d6b4c8b · d6b4c8b
1 parent b9a8ff5
commit d6b4c8b
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 20 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@92ba55cf0d79a9feb999e9bcef95c952bbbe545a # pin@master
+        uses: golangci/golangci-lint-action@9cb5ef734c83c4a375008f65983ab82f8d416598 # pin@master
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -35,7 +35,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go: [ '1.20', '1.19' ]
+        go: [ '1.21', '1.20' ]
     steps:
       - name: Checkout repo
         uses: actions/checkout@27135e314dd1818f797af1db9dae03a9f045786b # pin@master
@@ -69,13 +69,13 @@ jobs:
 
       # Codecov
       - name: Codecov
-        uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # pin@master
+        uses: codecov/codecov-action@ef2b0df87fbbd2569a553208e78409b1bc2fb469 # pin@master
         with:
           file: .github/coverage.out
 
       # Sonar
       - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@db501078e936e4b4c8773d1bb949ba9ddb7b6b6a # pin@master
+        uses: SonarSource/sonarcloud-github-action@5ee47de3c96f0c1c51b09d2ff1fec0cfeefcf67c # pin@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # pin@master
+        uses: ossf/scorecard-action@54b14e138ebbcc54a5d81dab8f75463a3cd21e12 # pin@master
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # pin@master
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@806182742461562b67788a64410098c9d9b96adb # pin@master
+        uses: snyk/actions/golang@39091e69b560da335383b404e50d65b408f4f812 # pin@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:

diff --git a/examples_test.go b/examples_test.go
@@ -110,7 +110,7 @@ func Example_serverSetup() {
 		log.Fatalln(err)
 	}
 
-	fmt.Println("OPAQUE server values initialized.")
+	fmt.Println("OPAQUE server initialized.")
 
 	// Output: OPAQUE server initialized.
 }

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/bytemare/opaque
 
-go 1.20
+go 1.21
 
 require (
 	github.com/bytemare/crypto v0.5.2
@@ -10,10 +10,10 @@ require (
 
 require (
 	filippo.io/edwards25519 v1.0.0 // indirect
-	filippo.io/nistec v0.0.2 // indirect
+	filippo.io/nistec v0.0.3 // indirect
 	github.com/bytemare/hash2curve v0.2.2 // indirect
 	github.com/bytemare/secp256k1 v0.1.0 // indirect
 	github.com/gtank/ristretto255 v0.1.2 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,7 +1,7 @@
 filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-filippo.io/nistec v0.0.2 h1:/NIXTUimcHIh0E2DsYucHlICvUisgj28/XEnKSEptUs=
-filippo.io/nistec v0.0.2/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
+filippo.io/nistec v0.0.3 h1:h336Je2jRDZdBCLy2fLDUd9E2unG32JLwcJi0JQE9Cw=
+filippo.io/nistec v0.0.3/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
 github.com/bytemare/crypto v0.5.2 h1:ogvfY5mmtrPc5Uhwq4mUEUDnTVig+UEF8gwnNAPaNbU=
 github.com/bytemare/crypto v0.5.2/go.mod h1:kkx4ciRQFWcjMauezZo9SHw4YmqSTolWkfOVVTOXgAY=
 github.com/bytemare/hash v0.1.5 h1:VW+X1YQ2b3chjRFHkRUnO42uclsQjXimdBCPOgIobR4=
@@ -14,7 +14,7 @@ github.com/bytemare/secp256k1 v0.1.0 h1:kjVJ06GAHSa+EJ7Rz1LdVgE0DQWdvUT77tmcGf7e
 github.com/bytemare/secp256k1 v0.1.0/go.mod h1:hzquMsr3GXhVcqL9qFX7GGjmcT5dlQldKrArd7tcXHE=
 github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc=
 github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/internal/ake/3dh.go b/internal/ake/3dh.go
@@ -21,10 +21,10 @@ import (
 
 // KeyGen returns private and public keys in the group.
 func KeyGen(id group.Group) (privateKey, publicKey []byte) {
-	scalar, element := oprf.IDFromGroup(id).
-		DeriveKeyPair(internal.RandomBytes(internal.SeedLength), []byte(tag.DeriveDiffieHellmanKeyPair))
+	scalar := id.NewScalar().Random()
+	point := id.Base().Multiply(scalar)
 
-	return scalar.Encode(), element.Encode()
+	return scalar.Encode(), point.Encode()
 }
 
 func diffieHellman(s *group.Scalar, e *group.Element) *group.Element {