From 83686d9c8018f0eb895f9b210a69c2d1d51da0fa Mon Sep 17 00:00:00 2001
From: armfazh <armfazh@cloudflare.com>
Date: Fri, 28 Jun 2024 14:42:48 -0700
Subject: [PATCH] Adds inputs necessary for reproducing the fake test vectors.

---
 README.md                 |  2 +-
 draft-irtf-cfrg-opaque.md | 16 ++++++++++++++++
 poc/test_opaque_ake.sage  |  3 +++
 poc/vectors/formatted.txt | 15 +++++++++++++++
 poc/vectors/vectors.json  |  9 +++++++++
 5 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d6123828..16be5be5 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ This requires that you have the necessary software installed.  See
 | [opaque](https://github.com/bytemare/opaque/)                                   | Go       | main    | N/A          |
 | [libopaque](https://github.com/stef/libopaque)                                  | C        | main    | N/A          |
 | [ecc](https://github.com/aldenml/ecc)                                           | C        | main    | N/A          |
-| [opaque-ts](https://github.com/cloudflare/opaque-ts)                            | TypeScript | v07   | [voprf-ts](https://github.com/cloudflare/voprf-ts) |
+| [opaque-ts](https://github.com/cloudflare/opaque-ts)                            | TypeScript | main  | [voprf-ts](https://github.com/cloudflare/voprf-ts) |
 
 ## Contributing
 
diff --git a/draft-irtf-cfrg-opaque.md b/draft-irtf-cfrg-opaque.md
index 235e4621..d5757f22 100644
--- a/draft-irtf-cfrg-opaque.md
+++ b/draft-irtf-cfrg-opaque.md
@@ -3199,6 +3199,7 @@ oprf_seed: 743fc168d1f826ad43738933e5adb23da6fb95f95a1b069f0daa0522d0
 a78b617f701fc6aa46d3e7981e70de7765dfcd6b1e13e3369a582eb8dc456b10aa53b
 0
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: 2b98980aa95ab53a0f39f0291903d2fdf04b00c167f081416
@@ -3211,10 +3212,14 @@ server_public_key: 825f832667480f08b0c9069da5083ac4d0e9ee31b49c4e0310
 031fea04d52966
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd
+7a284806
 masking_key: 39ebd51f0e39a07a1c2d2431995b0399bca9996c5d10014d6ebab445
 3dc10ce5cef38ed3df6e56bfff40c2d8dd4671c2b4cf63c3d54860f31fe40220d690b
 b71
@@ -3267,6 +3272,7 @@ oprf_seed: 66e650652a8266b2205f31fdd68adeb739a05b5e650b19e7edc75e734a
 1296d6088188ca46c31ae8ccbd42a52ed338c06e53645387a7efbc94b6a0449526155
 e
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: 288bf63470199221847bb035d99f96531adf8badd14cb1571
@@ -3279,10 +3285,14 @@ server_public_key: 78b3040047ff26572a7619617601a61b9c81899bee92f00cfc
 aa5eed96863555
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd
+7a284806
 masking_key: 79ad2621b0757a447dff7108a8ae20a068ce67872095620f415ea611
 c9dcc04972fa359538cd2fd6528775ca775487b2b56db642049b8a90526b975a38484
 c6a
@@ -3334,6 +3344,7 @@ server_identity: 626f62
 oprf_seed: bb1cd59e16ac09bc0cb6d528541695d7eba2239b1613a3db3ade77b362
 80f725
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: d423b87899fc61d014fc8330a4e26190fcfa470a3afe59243
@@ -3346,10 +3357,14 @@ server_public_key: 0221e034c0e202fe883dcfc96802a7624166fed4cfcab4ae30
 cf5f3290d01c88bf
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 324143d1fd6e9ac764b8c573f074c17d4b1bf1295861dd2cb98ca88a
+e9661e94
 masking_key: caecc6ccb4cae27cb54d8f3a1af1bac52a3d53107ce08497cdd362b1
 992e4e5e
 KE1: 0396875da2b4f7749bba411513aea02dc514a48d169d8a9531bd61d3af3fa9ba
@@ -3369,3 +3384,4 @@ efe3fe82d149e84049e259bb5b33d6a2ff3b25e4bfb7eff0962821e10f6eeab2a7a42
 13b843cd566efae996cd0016cffdcc24ee2bc937d026f80144878749a69565b433c10
 40aff67e94f79345de888a877422b9bbe21ec329
 ~~~
+
diff --git a/poc/test_opaque_ake.sage b/poc/test_opaque_ake.sage
index a4e0a5e8..d9a0e21f 100644
--- a/poc/test_opaque_ake.sage
+++ b/poc/test_opaque_ake.sage
@@ -237,16 +237,19 @@ def run_test_vector(params, seed):
             inputs["server_identity"] = to_hex(server_identity)
         inputs["oprf_seed"] = to_hex(oprf_seed)
         inputs["credential_identifier"] = to_hex(credential_identifier)
+        inputs["password"] = to_hex(password)
         inputs["client_private_key"] = to_hex(fake_client_private_key_bytes)
         inputs["client_public_key"] = to_hex(fake_client_public_key_bytes)
         inputs["server_private_key"] = to_hex(server_private_key_bytes)
         inputs["server_public_key"] = to_hex(server_public_key_bytes)
+        inputs["client_nonce"] = to_hex(client_kex.client_nonce)
         inputs["server_nonce"] = to_hex(server_kex.server_nonce)
         inputs["client_keyshare_seed"] = to_hex(client_kex.client_keyshare_seed)
         inputs["server_keyshare_seed"] = to_hex(server_kex.server_keyshare_seed)
         inputs["masking_key"] = to_hex(fake_masking_key)
         inputs["masking_nonce"] = to_hex(server_kex.masking_nonce)
         inputs["KE1"] = to_hex(ke1)
+        inputs["blind_login"] = to_hex(config.oprf_suite.group.serialize_scalar(client_kex.cred_metadata))
 
         # Protocol outputs
         outputs["KE2"] = to_hex(ke2)
diff --git a/poc/vectors/formatted.txt b/poc/vectors/formatted.txt
index 029da626..5e936bab 100644
--- a/poc/vectors/formatted.txt
+++ b/poc/vectors/formatted.txt
@@ -691,6 +691,7 @@ oprf_seed: 743fc168d1f826ad43738933e5adb23da6fb95f95a1b069f0daa0522d0
 a78b617f701fc6aa46d3e7981e70de7765dfcd6b1e13e3369a582eb8dc456b10aa53b
 0
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: 2b98980aa95ab53a0f39f0291903d2fdf04b00c167f081416
@@ -703,10 +704,14 @@ server_public_key: 825f832667480f08b0c9069da5083ac4d0e9ee31b49c4e0310
 031fea04d52966
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd
+7a284806
 masking_key: 39ebd51f0e39a07a1c2d2431995b0399bca9996c5d10014d6ebab445
 3dc10ce5cef38ed3df6e56bfff40c2d8dd4671c2b4cf63c3d54860f31fe40220d690b
 b71
@@ -759,6 +764,7 @@ oprf_seed: 66e650652a8266b2205f31fdd68adeb739a05b5e650b19e7edc75e734a
 1296d6088188ca46c31ae8ccbd42a52ed338c06e53645387a7efbc94b6a0449526155
 e
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: 288bf63470199221847bb035d99f96531adf8badd14cb1571
@@ -771,10 +777,14 @@ server_public_key: 78b3040047ff26572a7619617601a61b9c81899bee92f00cfc
 aa5eed96863555
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd
+7a284806
 masking_key: 79ad2621b0757a447dff7108a8ae20a068ce67872095620f415ea611
 c9dcc04972fa359538cd2fd6528775ca775487b2b56db642049b8a90526b975a38484
 c6a
@@ -826,6 +836,7 @@ server_identity: 626f62
 oprf_seed: bb1cd59e16ac09bc0cb6d528541695d7eba2239b1613a3db3ade77b362
 80f725
 credential_identifier: 31323334
+password: 436f7272656374486f72736542617474657279537461706c65
 masking_nonce: 9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c61
 9e27b6e5a6
 client_private_key: d423b87899fc61d014fc8330a4e26190fcfa470a3afe59243
@@ -838,10 +849,14 @@ server_public_key: 0221e034c0e202fe883dcfc96802a7624166fed4cfcab4ae30
 cf5f3290d01c88bf
 server_nonce: 1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813
 055ae2d12
+client_nonce: 42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376b
+d2d9cfd0a
 client_keyshare_seed: a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276
 d1e15bdeb4c355e94
 server_keyshare_seed: 360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc
 5b4f6b62df07f78c2
+blind_login: 324143d1fd6e9ac764b8c573f074c17d4b1bf1295861dd2cb98ca88a
+e9661e94
 masking_key: caecc6ccb4cae27cb54d8f3a1af1bac52a3d53107ce08497cdd362b1
 992e4e5e
 KE1: 0396875da2b4f7749bba411513aea02dc514a48d169d8a9531bd61d3af3fa9ba
diff --git a/poc/vectors/vectors.json b/poc/vectors/vectors.json
index 4f5caea0..b9daf52a 100644
--- a/poc/vectors/vectors.json
+++ b/poc/vectors/vectors.json
@@ -355,14 +355,17 @@
     },
     "inputs": {
       "KE1": "b0a26dcaca2230b8f5e4b1bcab9c84b586140221bb8b2848486874b0be44890542d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0ab641d7f20a245a09f1d4dbb6e301661af7f352beb0791d055e48d3645232f77f",
+      "blind_login": "941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd7a284806",
       "client_identity": "616c696365",
       "client_keyshare_seed": "a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276d1e15bdeb4c355e94",
+      "client_nonce": "42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0a",
       "client_private_key": "2b98980aa95ab53a0f39f0291903d2fdf04b00c167f0814169922df873002409",
       "client_public_key": "84f43f9492e19c22d8bdaa4447cc3d4db1cdb5427a9f852c4707921212c36251",
       "credential_identifier": "31323334",
       "masking_key": "39ebd51f0e39a07a1c2d2431995b0399bca9996c5d10014d6ebab4453dc10ce5cef38ed3df6e56bfff40c2d8dd4671c2b4cf63c3d54860f31fe40220d690bb71",
       "masking_nonce": "9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c619e27b6e5a6",
       "oprf_seed": "743fc168d1f826ad43738933e5adb23da6fb95f95a1b069f0daa0522d0a78b617f701fc6aa46d3e7981e70de7765dfcd6b1e13e3369a582eb8dc456b10aa53b0",
+      "password": "436f7272656374486f72736542617474657279537461706c65",
       "server_identity": "626f62",
       "server_keyshare_seed": "360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc5b4f6b62df07f78c2",
       "server_nonce": "1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813055ae2d12",
@@ -394,14 +397,17 @@
     },
     "inputs": {
       "KE1": "b0a26dcaca2230b8f5e4b1bcab9c84b586140221bb8b2848486874b0be44890542d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0ac059b7ba2aec863933ae48816360c7a9022e83d822704f3b0b86c0502a66e574",
+      "blind_login": "941e66e98aa88cb92cdd615829f11b4b7dc174f073c5b864c79a6efd7a284806",
       "client_identity": "616c696365",
       "client_keyshare_seed": "a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276d1e15bdeb4c355e94",
+      "client_nonce": "42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0a",
       "client_private_key": "288bf63470199221847bb035d99f96531adf8badd14cb1571b48f7a506649660",
       "client_public_key": "3c64a3153854cc9f0c23aab3c1a19106ec8bab4730736d1d003880a1d5a59005",
       "credential_identifier": "31323334",
       "masking_key": "79ad2621b0757a447dff7108a8ae20a068ce67872095620f415ea611c9dcc04972fa359538cd2fd6528775ca775487b2b56db642049b8a90526b975a38484c6a",
       "masking_nonce": "9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c619e27b6e5a6",
       "oprf_seed": "66e650652a8266b2205f31fdd68adeb739a05b5e650b19e7edc75e734a1296d6088188ca46c31ae8ccbd42a52ed338c06e53645387a7efbc94b6a0449526155e",
+      "password": "436f7272656374486f72736542617474657279537461706c65",
       "server_identity": "626f62",
       "server_keyshare_seed": "360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc5b4f6b62df07f78c2",
       "server_nonce": "1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813055ae2d12",
@@ -433,14 +439,17 @@
     },
     "inputs": {
       "KE1": "0396875da2b4f7749bba411513aea02dc514a48d169d8a9531bd61d3af3fa9baae42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0a02147a6583983cc9973b5082db5f5070890cb373d70f7ac1b41ed2305361009784",
+      "blind_login": "324143d1fd6e9ac764b8c573f074c17d4b1bf1295861dd2cb98ca88ae9661e94",
       "client_identity": "616c696365",
       "client_keyshare_seed": "a270dc715dc2b4612bc7864312a05c3e9788ee1bad1f276d1e15bdeb4c355e94",
+      "client_nonce": "42d4e61ed3f8d64cdd3b9d153343eca15b9b0d5e388232793c6376bd2d9cfd0a",
       "client_private_key": "d423b87899fc61d014fc8330a4e26190fcfa470a3afe5924324294af7dbbc1dd",
       "client_public_key": "03b81708eae026a9370616c22e1e8542fe9dbebd36ce8a2661b708e9628f4a57fc",
       "credential_identifier": "31323334",
       "masking_key": "caecc6ccb4cae27cb54d8f3a1af1bac52a3d53107ce08497cdd362b1992e4e5e",
       "masking_nonce": "9c035896a043e70f897d87180c543e7a063b83c1bb728fbd189c619e27b6e5a6",
       "oprf_seed": "bb1cd59e16ac09bc0cb6d528541695d7eba2239b1613a3db3ade77b36280f725",
+      "password": "436f7272656374486f72736542617474657279537461706c65",
       "server_identity": "626f62",
       "server_keyshare_seed": "360b0937f47d45f6123a4d8f0d0c0814b6120d840ebb8bc5b4f6b62df07f78c2",
       "server_nonce": "1e10f6eeab2a7a420bf09da9b27a4639645622c46358de9cf7ae813055ae2d12",