beaconcrypt 0.3.1__tar.gz → 0.3.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.github/workflows/python.yml +5 -0
  2. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/Cargo.lock +1 -1
  3. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/Cargo.toml +1 -1
  4. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/PKG-INFO +1 -1
  5. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/README.md +1 -1
  6. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/beaconcrypt_test.go +26 -6
  7. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/pyproject.toml +4 -0
  8. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/lib.rs +2 -2
  9. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/pqxdh.rs +10 -9
  10. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/tests/test_encryption.py +9 -5
  11. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/tests/test_registration.py +2 -1
  12. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.cargo/config.toml +0 -0
  13. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.github/workflows/go.yml +0 -0
  14. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.github/workflows/release.yml +0 -0
  15. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.github/workflows/rust.yml +0 -0
  16. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/.gitignore +0 -0
  17. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/LICENSE +0 -0
  18. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/beaconcrypt.go +0 -0
  19. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/bindings.h +0 -0
  20. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/build.rs +0 -0
  21. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/clippy.toml +0 -0
  22. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/doc/protocol.md +0 -0
  23. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/doc/rationale.md +0 -0
  24. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/doc/threat_model.md +0 -0
  25. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/go.mod +0 -0
  26. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/rustfmt.toml +0 -0
  27. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/beacon.rs +0 -0
  28. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/cnsa2.rs +0 -0
  29. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/error.rs +0 -0
  30. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/schema/cryptoframe.capnp +0 -0
  31. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/schema/phase1.capnp +0 -0
  32. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/schema/phase2.capnp +0 -0
  33. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/schema/protogram.capnp +0 -0
  34. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/server.rs +0 -0
  35. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/src/shared.rs +0 -0
  36. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/tests/beacon.rs +0 -0
  37. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/tests/server.rs +0 -0
  38. {beaconcrypt-0.3.1 → beaconcrypt-0.3.4}/uv.lock +0 -0
@@ -31,6 +31,11 @@ jobs:
31
31
  run: |
32
32
  sudo apt install capnproto
33
33
 
34
+ - name: Run Python tests
35
+ run: |
36
+ uv run --group dev maturin develop --bindings pyo3 --features pybinds
37
+ uv run --group dev pytest tests
38
+
34
39
  - name: Build source distribution
35
40
  run: uvx maturin sdist --out dist
36
41
 
@@ -84,7 +84,7 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
84
84
 
85
85
  [[package]]
86
86
  name = "beaconcrypt"
87
- version = "0.3.1"
87
+ version = "0.3.4"
88
88
  dependencies = [
89
89
  "capnp",
90
90
  "capnpc",
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "beaconcrypt"
3
- version = "0.3.1"
3
+ version = "0.3.4"
4
4
  edition = "2024"
5
5
  license-file = "LICENSE"
6
6
  readme = "README.md"
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: beaconcrypt
3
- Version: 0.3.1
3
+ Version: 0.3.4
4
4
  Classifier: Programming Language :: Rust
5
5
  Classifier: Programming Language :: Python :: Implementation :: CPython
6
6
  Classifier: Programming Language :: Python :: Implementation :: PyPy
@@ -57,7 +57,7 @@ The reference implementation has two profiles: `PQXDH` and `CNSA2`. Profiles are
57
57
  ## Usage
58
58
  The reference implementation is a library that can currently be used either from rust or through C FFI. The C interface is currently not tested.
59
59
 
60
- From rust, usage is mostly just instanciating `CryptoProvider` objects. When using the C FFI, the library creates a global `CryptoProvider` object, whose methods are wrapped by the various functions in the interface.
60
+ From rust, usage is mostly just instanciating `CryptoProvider` objects. When using the C FFI, the library creates a global `CryptoProvider` object, whose methods are wrapped by the various functions in the interface. Look at tests for examples.
61
61
 
62
62
  # Copyright
63
63
  This work is dedicated to the public domain.
@@ -58,7 +58,11 @@ func newBeacon(t *testing.T, serverPK []byte) *Beacon {
58
58
 
59
59
  func TestRegister(t *testing.T) {
60
60
  server := newServer(t)
61
- beacon := newBeacon(t, nil)
61
+ serverPK, err := server.IdentityPK()
62
+ if err != nil {
63
+ t.Fatal(err)
64
+ }
65
+ beacon := newBeacon(t, serverPK)
62
66
 
63
67
  if registerBeacon(t, server, beacon) == nil {
64
68
  t.Fatal("expected registration to return initial message")
@@ -67,8 +71,12 @@ func TestRegister(t *testing.T) {
67
71
 
68
72
  func TestEncryptToMultiple(t *testing.T) {
69
73
  server := newServer(t)
70
- b1 := newBeacon(t, nil)
71
- b2 := newBeacon(t, nil)
74
+ serverPK, err := server.IdentityPK()
75
+ if err != nil {
76
+ t.Fatal(err)
77
+ }
78
+ b1 := newBeacon(t, serverPK)
79
+ b2 := newBeacon(t, serverPK)
72
80
  message := bytes.Repeat([]byte{0x01}, 32)
73
81
 
74
82
  b1Initial := registerBeacon(t, server, b1)
@@ -92,7 +100,11 @@ func TestEncryptToMultiple(t *testing.T) {
92
100
 
93
101
  func TestEncryptMultiple(t *testing.T) {
94
102
  server := newServer(t)
95
- b1 := newBeacon(t, nil)
103
+ serverPK, err := server.IdentityPK()
104
+ if err != nil {
105
+ t.Fatal(err)
106
+ }
107
+ b1 := newBeacon(t, serverPK)
96
108
  message := bytes.Repeat([]byte{0x01}, 32)
97
109
 
98
110
  registerBeacon(t, server, b1)
@@ -112,7 +124,11 @@ func TestEncryptMultiple(t *testing.T) {
112
124
 
113
125
  func TestDecryptMultiple(t *testing.T) {
114
126
  server := newServer(t)
115
- beacon := newBeacon(t, nil)
127
+ serverPK, err := server.IdentityPK()
128
+ if err != nil {
129
+ t.Fatal(err)
130
+ }
131
+ beacon := newBeacon(t, serverPK)
116
132
  message := bytes.Repeat([]byte{0x01}, 32)
117
133
 
118
134
  registerBeacon(t, server, beacon)
@@ -143,7 +159,11 @@ func TestDecryptMultiple(t *testing.T) {
143
159
 
144
160
  func TestDecryptMultipleSigned(t *testing.T) {
145
161
  server := newServer(t)
146
- beacon := newBeacon(t, nil)
162
+ serverPK, err := server.IdentityPK()
163
+ if err != nil {
164
+ t.Fatal(err)
165
+ }
166
+ beacon := newBeacon(t, serverPK)
147
167
  message := bytes.Repeat([]byte{0x01}, 32)
148
168
 
149
169
  registerBeacon(t, server, beacon)
@@ -12,6 +12,10 @@ classifiers = [
12
12
  ]
13
13
  dynamic = ["version"]
14
14
 
15
+ [tool.maturin]
16
+ bindings = "pyo3"
17
+ features = ["pybinds"]
18
+
15
19
  [dependency-groups]
16
20
  dev = [
17
21
  "black>=26.5.1",
@@ -475,9 +475,9 @@ pub mod beaconcrypt_py {
475
475
  #[pymethods]
476
476
  impl Beacon {
477
477
  #[new]
478
- fn new(server_kid: u64, server_id_pk: Option<&[u8]>) -> Self {
478
+ fn new(server_kid: u64, server_id_pk: &[u8]) -> Self {
479
479
  Self {
480
- _0: BeaconCryptPqxdh::new(true, server_kid, server_id_pk, None),
480
+ _0: BeaconCryptPqxdh::new(true, server_kid, Some(server_id_pk), None),
481
481
  }
482
482
  }
483
483
 
@@ -143,7 +143,7 @@ impl CryptoProvider for BeaconCryptPqxdh {
143
143
  let signed = crypto_sign::sign(data, self.identity_sk()).ok()?;
144
144
  builder.set_data(&signed);
145
145
  let mut buffer = vec![];
146
- capnp::serialize_packed::write_message(&mut buffer, t_builder.borrow_inner()).unwrap();
146
+ capnp::serialize_packed::write_message(&mut buffer, t_builder.borrow_inner()).ok()?;
147
147
  Some(buffer)
148
148
  }
149
149
 
@@ -315,7 +315,7 @@ impl ProviderBeacon for BeaconCryptPqxdh {
315
315
  bundle.set_pq_key(&pq_sig);
316
316
 
317
317
  let mut buffer = vec![];
318
- capnp::serialize::write_message(&mut buffer, msg.borrow_inner()).unwrap();
318
+ capnp::serialize::write_message(&mut buffer, msg.borrow_inner()).ok()?;
319
319
  Some(buffer)
320
320
  }
321
321
 
@@ -331,6 +331,9 @@ impl ProviderBeacon for BeaconCryptPqxdh {
331
331
  crypto_kx::PublicKey::from_bytes(response.get_ephemeral_key().ok()?).ok()?;
332
332
  let server_id =
333
333
  crypto_sign::PublicKey::from_bytes(response.get_identity_key().ok()?).ok()?;
334
+ if server_id != self.server_id()?.clone() {
335
+ return None;
336
+ }
334
337
  let server_kex_id = crypto_sign::ed25519_pk_to_curve25519(&server_id).ok()?;
335
338
  let beacon_kex_id = crypto_sign::ed25519_sk_to_curve25519(self.identity_sk()).ok()?;
336
339
  let shared_secret =
@@ -353,7 +356,6 @@ impl ProviderBeacon for BeaconCryptPqxdh {
353
356
  let derived_secret = derive_root_key(dh1, dh2, dh3, dh4, shared_secret).ok()?;
354
357
  self.delete_onetime_keypair();
355
358
 
356
- self.add_server_pk(server_id.clone());
357
359
  self.set_identity_kid(response.get_key_id());
358
360
  let id = self.identity_pk().clone();
359
361
  self.set_associated_data(build_additional_data(server_id, id));
@@ -372,17 +374,16 @@ impl ProviderBeacon for BeaconCryptPqxdh {
372
374
  #[cfg(feature = "server")]
373
375
  impl ProviderServer for BeaconCryptPqxdh {
374
376
  fn get_shared_secret(&mut self, buffer: &[u8]) -> Option<RegistrationOutput> {
375
- let reader = capnp::serialize::read_message(buffer, ReaderOptions::new()).unwrap();
377
+ let reader = capnp::serialize::read_message(buffer, ReaderOptions::new()).ok()?;
376
378
  let typed_reader = TypedReader::<_, phase1_capnp::init_kex::Owned>::new(reader);
377
- let registration = typed_reader.get().unwrap();
379
+ let registration = typed_reader.get().ok()?;
378
380
 
379
381
  let decoded_beacon_id = decode_sign(registration.get_identity_key().ok()?).ok()?;
380
382
  let remote_id = crypto_sign::PublicKey::from_bytes(&decoded_beacon_id).ok()?;
381
- let pq_verified = crypto_sign::verify(registration.get_pq_key().ok()?, &remote_id).unwrap();
382
- let prekey_verified =
383
- crypto_sign::verify(registration.get_pre_key().ok()?, &remote_id).unwrap();
383
+ let pq_verified = crypto_sign::verify(registration.get_pq_key().ok()?, &remote_id)?;
384
+ let prekey_verified = crypto_sign::verify(registration.get_pre_key().ok()?, &remote_id)?;
384
385
  let onetime_verified =
385
- crypto_sign::verify(registration.get_one_time_key().ok()?, &remote_id).unwrap();
386
+ crypto_sign::verify(registration.get_one_time_key().ok()?, &remote_id)?;
386
387
 
387
388
  let beacon_prekey =
388
389
  crypto_kx::PublicKey::from_bytes(&decode_kem(&prekey_verified).ok()?).ok()?;
@@ -18,8 +18,9 @@ def register_beacon(
18
18
 
19
19
  def test_encrypt_to_multiple():
20
20
  server = BeaconCryptServer(0, None)
21
- b1 = BeaconCryptBeacon(0, None)
22
- b2 = BeaconCryptBeacon(0, None)
21
+ server_pk = server.id_pk()
22
+ b1 = BeaconCryptBeacon(0, server_pk)
23
+ b2 = BeaconCryptBeacon(0, server_pk)
23
24
  message = bytes(0x1 * 32)
24
25
 
25
26
  b1_initial = register_beacon(server, b1)
@@ -33,7 +34,8 @@ def test_encrypt_to_multiple():
33
34
 
34
35
  def test_encrypt_multiple():
35
36
  server = BeaconCryptServer(0, None)
36
- b1 = BeaconCryptBeacon(0, None)
37
+ server_pk = server.id_pk()
38
+ b1 = BeaconCryptBeacon(0, server_pk)
37
39
  message = bytes(0x1 * 32)
38
40
 
39
41
  _ = register_beacon(server, b1)
@@ -45,7 +47,8 @@ def test_encrypt_multiple():
45
47
 
46
48
  def test_decrypt_multiple():
47
49
  server = BeaconCryptServer(0, None)
48
- beacon = BeaconCryptBeacon(0, None)
50
+ server_pk = server.id_pk()
51
+ beacon = BeaconCryptBeacon(0, server_pk)
49
52
  message = bytes(0x1 * 32)
50
53
 
51
54
  _ = register_beacon(server, beacon)
@@ -61,7 +64,8 @@ def test_decrypt_multiple():
61
64
 
62
65
  def test_decrypt_multiple_signed():
63
66
  server = BeaconCryptServer(0, None)
64
- beacon = BeaconCryptBeacon(0, None)
67
+ server_pk = server.id_pk()
68
+ beacon = BeaconCryptBeacon(0, server_pk)
65
69
  message = bytes(0x1 * 32)
66
70
 
67
71
  _ = register_beacon(server, beacon)
@@ -18,6 +18,7 @@ def register_beacon(
18
18
 
19
19
  def test_register():
20
20
  server = BeaconCryptServer(0, None)
21
- beacon = BeaconCryptBeacon(0, None)
21
+ server_pk = server.id_pk()
22
+ beacon = BeaconCryptBeacon(0, server_pk)
22
23
 
23
24
  assert register_beacon(server, beacon) is not None
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes