Update to draft-04

tanyav2 · tanyav2 · commit fbb530b6116d · 2021-01-20T10:56:47.000-08:00
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 [![Coverage Status](https://coveralls.io/repos//cloudflare/odoh-go/badge.svg?branch=master)](https://coveralls.io//cloudflare/odoh-go?branch=master)
 [![GoDoc](https://godoc.org/.com/cloudflare/odoh-go?status.svg)](https://godoc.org/.com/cloudflare/odoh-go)
 
-This library implements draft -03 of [Oblivious DoH](https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-03). It is based on the original implementation [available here](https://.com/chris-wood/odoh).
+This library implements draft -04 of [Oblivious DoH](https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-04). It is based on the original implementation [available here](https://.com/chris-wood/odoh).
 
 ![protocol overview](odoh-flow.png)
 
diff --git a/go.mod b/go.mod
@@ -2,4 +2,4 @@ module .com/cloudflare/odoh-go
 
 go 1.14
 
-require .com/cisco/go-hpke v0.0.0-20201023221920-2866d2aa0603
+require .com/cisco/go-hpke v0.0.0-20201215202025-9cebdf8f33d4
diff --git a/odoh.go b/odoh.go
@@ -28,11 +28,12 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
+
 	".com/cisco/go-hpke"
 )
 
 const (
-	ODOH_VERSION                    = uint16(0xff03)
+	ODOH_VERSION                    = uint16(0xff04)
 	ODOH_SECRET_LENGTH              = 32
 	ODOH_PADDING_BYTE               = uint8(0)
 	ODOH_LABEL_KEY_ID               = "odoh key id"
@@ -58,7 +59,7 @@ func CreateObliviousDoHConfigContents(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID
 		return ObliviousDoHConfigContents{}, err
 	}
 
-	_, err = suite.KEM.Deserialize(publicKeyBytes)
+	_, err = suite.KEM.DeserializePublicKey(publicKeyBytes)
 	if err != nil {
 		return ObliviousDoHConfigContents{}, err
 	}
@@ -177,7 +178,7 @@ func UnmarshalObliviousDoHConfigContents(buffer []byte) (ObliviousDoHConfigConte
 		return ObliviousDoHConfigContents{}, errors.New(fmt.Sprintf("Unsupported HPKE ciphersuite"))
 	}
 
-	_, err = suite.KEM.Deserialize(publicKeyBytes)
+	_, err = suite.KEM.DeserializePublicKey(publicKeyBytes)
 	if err != nil {
 		return ObliviousDoHConfigContents{}, errors.New(fmt.Sprintf("Invalid HPKE public key bytes"))
 	}
@@ -338,7 +339,7 @@ func CreateKeyPairFromSeed(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID hpke.AEADI
 		return ObliviousDoHKeyPair{}, err
 	}
 
-	configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.Serialize(pk))
+	configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.SerializePublicKey(pk))
 	if err != nil {
 		return ObliviousDoHKeyPair{}, err
 	}
@@ -369,7 +370,7 @@ func CreateKeyPair(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID hpke.AEADID) (Obli
 		return ObliviousDoHKeyPair{}, err
 	}
 
-	configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.Serialize(pk))
+	configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.SerializePublicKey(pk))
 	if err != nil {
 		return ObliviousDoHKeyPair{}, err
 	}
@@ -444,7 +445,7 @@ func (targetKey ObliviousDoHConfigContents) EncryptQuery(query *ObliviousDNSQuer
 		return ObliviousDNSMessage{}, QueryContext{}, err
 	}
 
-	pkR, err := suite.KEM.Deserialize(targetKey.PublicKeyBytes)
+	pkR, err := suite.KEM.DeserializePublicKey(targetKey.PublicKeyBytes)
 	if err != nil {
 		return ObliviousDNSMessage{}, QueryContext{}, err
 	}
diff --git a/odoh_test.go b/odoh_test.go
@@ -214,7 +214,7 @@ func createDefaultSerializedPublicKey(t *testing.T) []byte {
 		t.Fatalf("Failed generating public key")
 	}
 
-	return suite.KEM.Serialize(publicKey)
+	return suite.KEM.SerializePublicKey(publicKey)
 }
 
 func validateSerializedContents(t *testing.T, configContents ObliviousDoHConfigContents, serializedContents []byte) {
@@ -368,7 +368,7 @@ func TestQueryEncryption(t *testing.T) {
 		KemID:          kemID,
 		KdfID:          kdfID,
 		AeadID:         aeadID,
-		PublicKeyBytes: suite.KEM.Serialize(pkR),
+		PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),
 	}
 
 	targetConfig := ObliviousDoHConfig{
@@ -423,7 +423,7 @@ func Test_Sender_ODOHQueryEncryption(t *testing.T) {
 		KemID:          kemID,
 		KdfID:          kdfID,
 		AeadID:         aeadID,
-		PublicKeyBytes: suite.KEM.Serialize(pkR),
+		PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),
 	}
 
 	targetConfig := ObliviousDoHConfig{
@@ -486,7 +486,7 @@ func TestOdohPublicKeyMarshalUnmarshal(t *testing.T) {
 		KemID:          kemID,
 		KdfID:          kdfID,
 		AeadID:         aeadID,
-		PublicKeyBytes: suite.KEM.Serialize(pkR),
+		PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),
 	}
 
 	serializedPublicKey := targetKey.Marshal()
@@ -611,15 +611,15 @@ func mustHex(d []byte) string {
 
 func mustDeserializePub(t *testing.T, suite hpke.CipherSuite, h string, required bool) hpke.KEMPublicKey {
 	pkm := mustUnhex(t, h)
-	pk, err := suite.KEM.Deserialize(pkm)
+	pk, err := suite.KEM.DeserializePublicKey(pkm)
 	if required {
 		fatalOnError(t, err, "Deserialize failed")
 	}
 	return pk
 }
 
 func mustSerializePub(suite hpke.CipherSuite, pub hpke.KEMPublicKey) string {
-	return mustHex(suite.KEM.Serialize(pub))
+	return mustHex(suite.KEM.SerializePublicKey(pub))
 }
 
 ///////
diff --git a/test-vectors.json b/test-vectors.json

Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@ module .com/cloudflare/odoh-go`
`2`	`2`
`3`	`3`	`go 1.14`
`4`	`4`
`5`		`-require .com/cisco/go-hpke v0.0.0-20201023221920-2866d2aa0603`
	`5`	`+require .com/cisco/go-hpke v0.0.0-20201215202025-9cebdf8f33d4`
Original file line number	Diff line number	Diff line change
`@@ -28,11 +28,12 @@ import (`
`28`	`28`	`"encoding/binary"`
`29`	`29`	`"errors"`
`30`	`30`	`"fmt"`
	`31`	`+`
`31`	`32`	`".com/cisco/go-hpke"`
`32`	`33`	`)`
`33`	`34`
`34`	`35`	`const (`
`35`		`-ODOH_VERSION = uint16(0xff03)`
	`36`	`+ODOH_VERSION = uint16(0xff04)`
`36`	`37`	`ODOH_SECRET_LENGTH = 32`
`37`	`38`	`ODOH_PADDING_BYTE = uint8(0)`
`38`	`39`	`ODOH_LABEL_KEY_ID = "odoh key id"`
`@@ -58,7 +59,7 @@ func CreateObliviousDoHConfigContents(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID`
`58`	`59`	`return ObliviousDoHConfigContents{}, err`
`59`	`60`	`}`
`60`	`61`
`61`		`-_, err = suite.KEM.Deserialize(publicKeyBytes)`
	`62`	`+_, err = suite.KEM.DeserializePublicKey(publicKeyBytes)`
`62`	`63`	`if err != nil {`
`63`	`64`	`return ObliviousDoHConfigContents{}, err`
`64`	`65`	`}`
`@@ -177,7 +178,7 @@ func UnmarshalObliviousDoHConfigContents(buffer []byte) (ObliviousDoHConfigConte`
`177`	`178`	`return ObliviousDoHConfigContents{}, errors.New(fmt.Sprintf("Unsupported HPKE ciphersuite"))`
`178`	`179`	`}`
`179`	`180`
`180`		`-_, err = suite.KEM.Deserialize(publicKeyBytes)`
	`181`	`+_, err = suite.KEM.DeserializePublicKey(publicKeyBytes)`
`181`	`182`	`if err != nil {`
`182`	`183`	`return ObliviousDoHConfigContents{}, errors.New(fmt.Sprintf("Invalid HPKE public key bytes"))`
`183`	`184`	`}`
`@@ -338,7 +339,7 @@ func CreateKeyPairFromSeed(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID hpke.AEADI`
`338`	`339`	`return ObliviousDoHKeyPair{}, err`
`339`	`340`	`}`
`340`	`341`
`341`		`-configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.Serialize(pk))`
	`342`	`+configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.SerializePublicKey(pk))`
`342`	`343`	`if err != nil {`
`343`	`344`	`return ObliviousDoHKeyPair{}, err`
`344`	`345`	`}`
`@@ -369,7 +370,7 @@ func CreateKeyPair(kemID hpke.KEMID, kdfID hpke.KDFID, aeadID hpke.AEADID) (Obli`
`369`	`370`	`return ObliviousDoHKeyPair{}, err`
`370`	`371`	`}`
`371`	`372`
`372`		`-configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.Serialize(pk))`
	`373`	`+configContents, err := CreateObliviousDoHConfigContents(kemID, kdfID, aeadID, suite.KEM.SerializePublicKey(pk))`
`373`	`374`	`if err != nil {`
`374`	`375`	`return ObliviousDoHKeyPair{}, err`
`375`	`376`	`}`
`@@ -444,7 +445,7 @@ func (targetKey ObliviousDoHConfigContents) EncryptQuery(query *ObliviousDNSQuer`
`444`	`445`	`return ObliviousDNSMessage{}, QueryContext{}, err`
`445`	`446`	`}`
`446`	`447`
`447`		`-pkR, err := suite.KEM.Deserialize(targetKey.PublicKeyBytes)`
	`448`	`+pkR, err := suite.KEM.DeserializePublicKey(targetKey.PublicKeyBytes)`
`448`	`449`	`if err != nil {`
`449`	`450`	`return ObliviousDNSMessage{}, QueryContext{}, err`
`450`	`451`	`}`
Original file line number	Diff line number	Diff line change
`@@ -214,7 +214,7 @@ func createDefaultSerializedPublicKey(t *testing.T) []byte {`
`214`	`214`	`t.Fatalf("Failed generating public key")`
`215`	`215`	`}`
`216`	`216`
`217`		`-return suite.KEM.Serialize(publicKey)`
	`217`	`+return suite.KEM.SerializePublicKey(publicKey)`
`218`	`218`	`}`
`219`	`219`
`220`	`220`	`func validateSerializedContents(t *testing.T, configContents ObliviousDoHConfigContents, serializedContents []byte) {`
`@@ -368,7 +368,7 @@ func TestQueryEncryption(t *testing.T) {`
`368`	`368`	`KemID: kemID,`
`369`	`369`	`KdfID: kdfID,`
`370`	`370`	`AeadID: aeadID,`
`371`		`-PublicKeyBytes: suite.KEM.Serialize(pkR),`
	`371`	`+PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),`
`372`	`372`	`}`
`373`	`373`
`374`	`374`	`targetConfig := ObliviousDoHConfig{`
`@@ -423,7 +423,7 @@ func Test_Sender_ODOHQueryEncryption(t *testing.T) {`
`423`	`423`	`KemID: kemID,`
`424`	`424`	`KdfID: kdfID,`
`425`	`425`	`AeadID: aeadID,`
`426`		`-PublicKeyBytes: suite.KEM.Serialize(pkR),`
	`426`	`+PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),`
`427`	`427`	`}`
`428`	`428`
`429`	`429`	`targetConfig := ObliviousDoHConfig{`
`@@ -486,7 +486,7 @@ func TestOdohPublicKeyMarshalUnmarshal(t *testing.T) {`
`486`	`486`	`KemID: kemID,`
`487`	`487`	`KdfID: kdfID,`
`488`	`488`	`AeadID: aeadID,`
`489`		`-PublicKeyBytes: suite.KEM.Serialize(pkR),`
	`489`	`+PublicKeyBytes: suite.KEM.SerializePublicKey(pkR),`
`490`	`490`	`}`
`491`	`491`
`492`	`492`	`serializedPublicKey := targetKey.Marshal()`
`@@ -611,15 +611,15 @@ func mustHex(d []byte) string {`
`611`	`611`
`612`	`612`	`func mustDeserializePub(t *testing.T, suite hpke.CipherSuite, h string, required bool) hpke.KEMPublicKey {`
`613`	`613`	`pkm := mustUnhex(t, h)`
`614`		`-pk, err := suite.KEM.Deserialize(pkm)`
	`614`	`+pk, err := suite.KEM.DeserializePublicKey(pkm)`
`615`	`615`	`if required {`
`616`	`616`	`fatalOnError(t, err, "Deserialize failed")`
`617`	`617`	`}`
`618`	`618`	`return pk`
`619`	`619`	`}`
`620`	`620`
`621`	`621`	`func mustSerializePub(suite hpke.CipherSuite, pub hpke.KEMPublicKey) string {`
`622`		`-return mustHex(suite.KEM.Serialize(pub))`
	`622`	`+return mustHex(suite.KEM.SerializePublicKey(pub))`
`623`	`623`	`}`
`624`	`624`
`625`	`625`	`///////`