Removed salt per review with Ben

dfb66f11 · Richard T. Carback III · 4c01ce6a · dfb66f11 · dfb66f11 · dfb66f11
Commit dfb66f11 authored Dec 19, 2021 by Richard T. Carback III
--- a/auth/callback.go
+++ b/auth/callback.go
@@ -100,12 +100,11 @@ func (m *Manager) handleRequest(cmixMsg format.Message,
 	jww.TRACE.Printf("handleRequest PARTNERPUBKEY: %v", partnerPubKey.Bytes())

 	//decrypt the message
-	jww.TRACE.Printf("handleRequest SALT: %v", baseFmt.GetSalt())
 	jww.TRACE.Printf("handleRequest ECRPAYLOAD: %v", baseFmt.GetEcrPayload())
 	jww.TRACE.Printf("handleRequest MAC: %v", cmixMsg.GetMac())

 	success, payload := cAuth.Decrypt(myHistoricalPrivKey,
-		partnerPubKey, baseFmt.GetSalt(), baseFmt.GetEcrPayload(),
+		partnerPubKey, baseFmt.GetEcrPayload(),
 		cmixMsg.GetMac(), grp)

 	if !success {
@@ -283,11 +282,10 @@ func (m *Manager) handleConfirm(cmixMsg format.Message, sr *auth.SentRequest,
 	jww.TRACE.Printf("handleConfirm SRMYPUBKEY: %v", sr.GetMyPubKey().Bytes())

 	// decrypt the payload
-	jww.TRACE.Printf("handleConfirm SALT: %v", baseFmt.GetSalt())
 	jww.TRACE.Printf("handleConfirm ECRPAYLOAD: %v", baseFmt.GetEcrPayload())
 	jww.TRACE.Printf("handleConfirm MAC: %v", cmixMsg.GetMac())
 	success, payload := cAuth.Decrypt(sr.GetMyPrivKey(),
-		partnerPubKey, baseFmt.GetSalt(), baseFmt.GetEcrPayload(),
+		partnerPubKey, baseFmt.GetEcrPayload(),
 		cmixMsg.GetMac(), grp)

 	if !success {

--- a/auth/confirm.go
+++ b/auth/confirm.go
@@ -74,14 +74,6 @@ func ConfirmRequestAuth(partner contact.Contact, rng io.Reader,
 	newSIDHPrivKey.Generate(rng)
 	newSIDHPrivKey.GeneratePublicKey(newSIDHPubKey)

-	//generate salt
-	salt := make([]byte, saltSize)
-	_, err = rng.Read(salt)
-	if err != nil {
-		return 0, errors.Wrap(err, "Failed to generate salt for "+
-			"confirmation")
-	}
-
 	/*construct message*/
 	// we build the payload before we save because it is technically fallible
 	// which can get into a bricked state if it fails
@@ -96,7 +88,7 @@ func ConfirmRequestAuth(partner contact.Contact, rng io.Reader,

 	//encrypt the payload
 	ecrPayload, mac := cAuth.Encrypt(newPrivKey, partner.DhPubKey,
-		salt, ecrFmt.data, grp)
+		ecrFmt.data, grp)

 	//get the fingerprint from the old ownership proof
 	fp := cAuth.MakeOwnershipProofFP(storedContact.OwnershipProof)
@@ -104,7 +96,6 @@ func ConfirmRequestAuth(partner contact.Contact, rng io.Reader,

 	//final construction
 	baseFmt.SetEcrPayload(ecrPayload)
-	baseFmt.SetSalt(salt)
 	baseFmt.SetPubKey(newPubKey)
 	baseFmt.SetSidHPubKey(newSIDHPubKey)


--- a/auth/fmt.go
+++ b/auth/fmt.go
@@ -17,23 +17,20 @@ import (
 )

 //Basic Format//////////////////////////////////////////////////////////////////
-const saltSize = 32
-
 type baseFormat struct {
 	data       []byte
 	pubkey     []byte
 	sidHpubkey []byte
-	salt       []byte
 	ecrPayload []byte
 }

 func newBaseFormat(payloadSize, pubkeySize, sidHPubkeySize int ) baseFormat {
 	// NOTE: sidhPubKey needs an extra byte to hold the variant setting
-	total := pubkeySize + sidHPubkeySize + 1 + saltSize
+	total := pubkeySize + sidHPubkeySize + 1
 	if payloadSize < total {
 		jww.FATAL.Panicf("Size of baseFormat is too small (%d), must be big " +
-			"enough to contain public key (%d) sidHPublicKey (%d + 1) and salt (%d) " +
-			"which totals to %d", payloadSize, pubkeySize, sidHPubkeySize, saltSize,
+			"enough to contain public key (%d) sidHPublicKey (%d + 1) " +
+			"which totals to %d", payloadSize, pubkeySize, sidHPubkeySize,
 			total)
 	}

@@ -58,17 +55,13 @@ func buildBaseFormat(data []byte, pubkeySize, sidHPubkeySize int) baseFormat {
 	end = start + sidHPubkeySize + 1
 	f.sidHpubkey = f.data[start:end]

-	start = end
-	end = start + saltSize
-	f.salt = f.data[start:end]
-
 	start = end
 	f.ecrPayload = f.data[start:]
 	return f
 }

 func unmarshalBaseFormat(b []byte, pubkeySize, sidHPubkeySize int) (baseFormat, error) {
-	if len(b) < pubkeySize+saltSize {
+	if len(b) < pubkeySize {
 		return baseFormat{}, errors.New("Received baseFormat too small")
 	}

@@ -100,18 +93,6 @@ func (f baseFormat) GetSidhPubKey() (*sidh.PublicKey, error) {
 	return pubKey, err
 }

-func (f baseFormat) GetSalt() []byte {
-	return f.salt
-}
-
-func (f baseFormat) SetSalt(salt []byte) {
-	if len(salt) != saltSize {
-		jww.FATAL.Panicf("Salt incorrect size")
-	}
-
-	copy(f.salt, salt)
-}
-
 func (f baseFormat) GetEcrPayload() []byte {
 	return f.ecrPayload
 }

--- a/auth/fmt_test.go
+++ b/auth/fmt_test.go
@@ -20,7 +20,7 @@ import (
 func TestNewBaseFormat(t *testing.T) {
 	// Construct message
 	pubKeySize := 256
-	payloadSize := saltSize + pubKeySize + sidhinterface.PubKeyByteSize + 1
+	payloadSize := pubKeySize + sidhinterface.PubKeyByteSize + 1
 	baseMsg := newBaseFormat(payloadSize, pubKeySize,
 		sidhinterface.PubKeyByteSize)

@@ -32,15 +32,8 @@ func TestNewBaseFormat(t *testing.T) {
 			"\n\tReceived: %v", make([]byte, pubKeySize), baseMsg.pubkey)
 	}

-	if !bytes.Equal(baseMsg.salt, make([]byte, saltSize)) {
-		t.Errorf("NewBaseFormat error: "+
-			"Unexpected salt field in base format."+
-			"\n\tExpected: %v"+
-			"\n\tReceived: %v", make([]byte, saltSize), baseMsg.salt)
-	}
-
 	expectedEcrPayloadSize := payloadSize - (pubKeySize +
-		sidhinterface.PubKeyByteSize + saltSize + 1)
+		sidhinterface.PubKeyByteSize + 1)
 	if !bytes.Equal(baseMsg.ecrPayload, make([]byte, expectedEcrPayloadSize)) {
 		t.Errorf("NewBaseFormat error: "+
 			"Unexpected payload field in base format."+
@@ -48,7 +41,7 @@ func TestNewBaseFormat(t *testing.T) {
 			"\n\tReceived: %v", make([]byte, expectedEcrPayloadSize), baseMsg.ecrPayload)
 	}

-	// Error case, where payload size is less than the public key plus salt
+	// Error case, where payload size is less than the public key 
 	defer func() {
 		if r := recover(); r == nil {
 			t.Error("newBaseFormat() did not panic when the size of " +
@@ -65,7 +58,7 @@ func TestNewBaseFormat(t *testing.T) {
 func TestBaseFormat_SetGetPubKey(t *testing.T) {
 	// Construct message
 	pubKeySize := 256
-	payloadSize := saltSize + pubKeySize + sidhinterface.PubKeyByteSize + 1
+	payloadSize := pubKeySize + sidhinterface.PubKeyByteSize + 1
 	baseMsg := newBaseFormat(payloadSize, pubKeySize,
 		sidhinterface.PubKeyByteSize)

@@ -90,52 +83,17 @@ func TestBaseFormat_SetGetPubKey(t *testing.T) {

 }

-// Set/Get salt tests
-func TestBaseFormat_SetGetSalt(t *testing.T) {
-	// Construct message
-	pubKeySize := 256
-	payloadSize := saltSize + pubKeySize + sidhinterface.PubKeyByteSize + 1
-	baseMsg := newBaseFormat(payloadSize, pubKeySize,
-		sidhinterface.PubKeyByteSize)
-
-	// Test setter
-	salt := newSalt("salt")
-	baseMsg.SetSalt(salt)
-	if !bytes.Equal(salt, baseMsg.salt) {
-		t.Errorf("SetSalt() error: "+
-			"Salt field does not have expected value."+
-			"\n\tExpected: %v\n\tReceived: %v", salt, baseMsg.salt)
-	}
-
-	// Test getter
-	receivedSalt := baseMsg.GetSalt()
-	if !bytes.Equal(salt, receivedSalt) {
-		t.Errorf("GetSalt() error: "+
-			"Salt retrieved does not have expected value."+
-			"\n\tExpected: %v\n\tReceived: %v", salt, receivedSalt)
-	}
-
-	// Test setter error path: Setting salt of incorrect size
-	defer func() {
-		if r := recover(); r == nil {
-			t.Error("SetSalt() did not panic when the size of " +
-				"the salt is smaller than the required salt size.")
-		}
-	}()
-
-	baseMsg.SetSalt([]byte("salt"))
-}

 // Set/Get EcrPayload tests
 func TestBaseFormat_SetGetEcrPayload(t *testing.T) {
 	// Construct message
 	pubKeySize := 256
-	payloadSize := (saltSize + pubKeySize + sidhinterface.PubKeyByteSize) * 2
+	payloadSize := (pubKeySize + sidhinterface.PubKeyByteSize) * 2
 	baseMsg := newBaseFormat(payloadSize, pubKeySize,
 		sidhinterface.PubKeyByteSize)

 	// Test setter
-	ecrPayloadSize := payloadSize - (pubKeySize + saltSize +
+	ecrPayloadSize := payloadSize - (pubKeySize +
 		sidhinterface.PubKeyByteSize + 1)
 	ecrPayload := newPayload(ecrPayloadSize, "ecrPayload")
 	baseMsg.SetEcrPayload(ecrPayload)
@@ -169,15 +127,13 @@ func TestBaseFormat_SetGetEcrPayload(t *testing.T) {
 func TestBaseFormat_MarshalUnmarshal(t *testing.T) {
 	// Construct a fully populated message
 	pubKeySize := 256
-	payloadSize := (saltSize + pubKeySize + sidhinterface.PubKeyByteSize) * 2
+	payloadSize := (pubKeySize + sidhinterface.PubKeyByteSize) * 2
 	baseMsg := newBaseFormat(payloadSize, pubKeySize,
 		sidhinterface.PubKeyByteSize)
-	ecrPayloadSize := payloadSize - (pubKeySize + saltSize +
+	ecrPayloadSize := payloadSize - (pubKeySize +
 		sidhinterface.PubKeyByteSize + 1)
 	ecrPayload := newPayload(ecrPayloadSize, "ecrPayload")
 	baseMsg.SetEcrPayload(ecrPayload)
-	salt := newSalt("salt")
-	baseMsg.SetSalt(salt)
 	grp := getGroup()
 	pubKey := grp.NewInt(25)
 	baseMsg.SetPubKey(pubKey)
@@ -235,7 +191,7 @@ func TestNewEcrFormat(t *testing.T) {
 			"\n\tReceived: %v", make([]byte, payloadSize-ownershipSize), ecrMsg.payload)
 	}

-	// Error case, where payload size is less than the public key plus salt
+	// Error case, where payload size is less than the public key
 	defer func() {
 		if r := recover(); r == nil {
 			t.Error("newEcrFormat() did not panic when the size of " +

--- a/auth/request.go
+++ b/auth/request.go
@@ -90,13 +90,6 @@ func RequestAuth(partner, me contact.Contact, rng io.Reader,
 	msgPayloadBytes := []byte(msgPayload)

 	/*cryptographic generation*/
-	//generate salt
-	salt := make([]byte, saltSize)
-	_, err = rng.Read(salt)
-	if err != nil {
-		return 0, errors.Wrap(err, "Failed to generate salt")
-	}
-
 	var newPrivKey, newPubKey *cyclic.Int
 	var sidHPrivKeyA *sidh.PrivateKey
 	var sidHPubKeyA *sidh.PublicKey
@@ -144,13 +137,12 @@ func RequestAuth(partner, me contact.Contact, rng io.Reader,
 	requestFmt.SetMsgPayload(msgPayloadBytes)
 	ecrFmt.SetOwnership(ownership)
 	ecrPayload, mac := cAuth.Encrypt(newPrivKey, partner.DhPubKey,
-		salt, ecrFmt.data, grp)
+		ecrFmt.data, grp)
 	confirmFp := cAuth.MakeOwnershipProofFP(ownership)
 	requestfp := cAuth.MakeRequestFingerprint(partner.DhPubKey)

 	/*construct message*/
 	baseFmt.SetEcrPayload(ecrPayload)
-	baseFmt.SetSalt(salt)
 	baseFmt.SetSidHPubKey(sidHPubKeyA)
 	baseFmt.SetPubKey(newPubKey)

@@ -164,7 +156,6 @@ func RequestAuth(partner, me contact.Contact, rng io.Reader,
 		Source: partner.ID[:],
 	}, me.ID)

-	jww.TRACE.Printf("RequestAuth SALT: %v", salt)
 	jww.TRACE.Printf("RequestAuth ECRPAYLOAD: %v", baseFmt.GetEcrPayload())
 	jww.TRACE.Printf("RequestAuth MAC: %v", mac)


--- a/auth/utils_test.go
+++ b/auth/utils_test.go
@@ -31,12 +31,6 @@ func randID(rng *rand.Rand, t id.Type) *id.ID {
 	return newID
 }

-func newSalt(s string) []byte {
-	salt := make([]byte, saltSize)
-	copy(salt[:], s)
-	return salt
-}
-
 func newPayload(size int, s string) []byte {
 	b := make([]byte, size)
 	copy(b[:], s)

--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/spf13/viper v1.7.1
 	gitlab.com/elixxir/bloomfilter v0.0.0-20200930191214-10e9ac31b228
 	gitlab.com/elixxir/comms v0.0.4-0.20211215224705-8972e6ae132f
-	gitlab.com/elixxir/crypto v0.0.7-0.20211215224351-7693f65fe1f4
+	gitlab.com/elixxir/crypto v0.0.7-0.20211219201929-667b9e8151f3
 	gitlab.com/elixxir/ekv v0.1.5
 	gitlab.com/elixxir/primitives v0.0.3-0.20211208211148-752546cf2e46
 	gitlab.com/xx_network/comms v0.0.4-0.20211215181459-0918c1141509

--- a/go.sum
+++ b/go.sum
@@ -276,6 +276,8 @@ gitlab.com/elixxir/crypto v0.0.0-20200804182833-984246dea2c4/go.mod h1:ucm9SFKJo
 gitlab.com/elixxir/crypto v0.0.3/go.mod h1:ZNgBOblhYToR4m8tj4cMvJ9UsJAUKq+p0gCp07WQmhA=
 gitlab.com/elixxir/crypto v0.0.7-0.20211215224351-7693f65fe1f4 h1:RVrhPv3lQsw+RT2neZ2P4pEx37s5QUBw2jwUXENcjBI=
 gitlab.com/elixxir/crypto v0.0.7-0.20211215224351-7693f65fe1f4/go.mod h1:SQHmwjgX9taGCbzrtHGbIcZmV5iPielNP7c5wzLCUhM=
+gitlab.com/elixxir/crypto v0.0.7-0.20211219201929-667b9e8151f3 h1:jszPPsyOgl/i0QqhRB+Gk0r1pcn2oSgYRX4i9mJ7+rE=
+gitlab.com/elixxir/crypto v0.0.7-0.20211219201929-667b9e8151f3/go.mod h1:SQHmwjgX9taGCbzrtHGbIcZmV5iPielNP7c5wzLCUhM=
 gitlab.com/elixxir/ekv v0.1.5 h1:R8M1PA5zRU1HVnTyrtwybdABh7gUJSCvt1JZwUSeTzk=
 gitlab.com/elixxir/ekv v0.1.5/go.mod h1:e6WPUt97taFZe5PFLPb1Dupk7tqmDCTQu1kkstqJvw4=
 gitlab.com/elixxir/primitives v0.0.0-20200731184040-494269b53b4d/go.mod h1:OQgUZq7SjnE0b+8+iIAT2eqQF+2IFHn73tOo+aV11mg=

--- a/keyExchange/confirm.go
+++ b/keyExchange/confirm.go
@@ -72,7 +72,7 @@ func handleConfirm(sess *storage.Session, confirmation message.Receive) {
 	if err := confirmedSession.TrySetNegotiationStatus(e2e.Confirmed); err != nil {
 		jww.WARN.Printf("[REKEY] Failed to set the negotiation status for the "+
 			"confirmation of session %s from partner %s. This is expected in "+
-			"some edge cases but could be a sign of an issue if it percists: %s",
+			"some edge cases but could be a sign of an issue if it persists: %s",
 			confirmedSession, partner.GetPartnerID(), err)
 	}