Script updating gh-pages from ceafef6. [ci skip]

cfrg · Sep 21, 2024 · 5c30a90 · 5c30a90
1 parent 96b550c
commit 5c30a90
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 45 deletions.
diff --git a/draft-irtf-cfrg-opaque.html b/draft-irtf-cfrg-opaque.html
@@ -1880,8 +1880,12 @@ <h2 id="name-client-credential-storage-a">
   if client_identity == nil
     client_identity = client_public_key
 
-  Create CleartextCredentials cleartext_credentials with
-    (server_public_key, server_identity, client_identity)
+  cleartext_credentials = CleartextCredentials {
+    server_public_key,
+    server_identity,
+    client_identity
+  }
+
   return cleartext_credentials
 </pre><a href="#section-4-7" class="pilcrow">¶</a>
 </div>
@@ -1902,14 +1906,14 @@ <h4 id="name-envelope-structure">
 <div class="alignLeft art-text artwork" id="section-4.1.1-2">
 <pre>
 struct {
-  uint8 nonce[Nn];
+  uint8 envelope_nonce[Nn];
   uint8 auth_tag[Nm];
 } Envelope;
 </pre><a href="#section-4.1.1-2" class="pilcrow">¶</a>
 </div>
-<p id="section-4.1.1-3">nonce: A randomly-sampled nonce of length <code>Nn</code>, used to protect this <code>Envelope</code>.<a href="#section-4.1.1-3" class="pilcrow">¶</a></p>
+<p id="section-4.1.1-3">envelope_nonce: A randomly-sampled nonce of length <code>Nn</code>, used to protect this <code>Envelope</code>.<a href="#section-4.1.1-3" class="pilcrow">¶</a></p>
 <p id="section-4.1.1-4">auth_tag: An authentication tag protecting the contents of the envelope, covering
-the envelope nonce and <code>CleartextCredentials</code>.<a href="#section-4.1.1-4" class="pilcrow">¶</a></p>
+<code>envelope_nonce</code> and <code>CleartextCredentials</code>.<a href="#section-4.1.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="envelope-creation">
@@ -1960,7 +1964,11 @@ <h4 id="name-envelope-creation">
   auth_tag =
     MAC(auth_key, concat(envelope_nonce, cleartext_credentials))
 
-  Create Envelope envelope with (envelope_nonce, auth_tag)
+  envelope = Envelope {
+    envelope_nonce,
+    auth_tag
+  }
+
   return (envelope, client_public_key, masking_key, export_key)
 </pre><a href="#section-4.1.2-2" class="pilcrow">¶</a>
 </div>
@@ -2175,7 +2183,9 @@ <h4 id="name-createregistrationrequest">
 def CreateRegistrationRequest(password):
   (blind, blinded_element) = Blind(password)
   blinded_message = SerializeElement(blinded_element)
-  Create RegistrationRequest request with blinded_message
+  request = RegistrationRequest {
+    blinded_message
+  }
   return (request, blind)
 </pre><a href="#section-5.2.1-2" class="pilcrow">¶</a>
 </div>
@@ -2220,8 +2230,10 @@ <h4 id="name-createregistrationresponse">
   evaluated_element = BlindEvaluate(oprf_key, blinded_element)
   evaluated_message = SerializeElement(evaluated_element)
 
-  Create RegistrationResponse response with
-   (evaluated_message, server_public_key)
+  response = RegistrationResponse {
+    evaluated_message,
+    server_public_key
+  }
 
   return response
 </pre><a href="#section-5.2.2-2" class="pilcrow">¶</a>
@@ -2266,8 +2278,11 @@ <h4 id="name-finalizeregistrationrequest">
     Store(randomized_password, response.server_public_key,
           server_identity, client_identity)
 
-  Create RegistrationRecord record with
-    (client_public_key, masking_key, envelope)
+  record = RegistrationRecord {
+    client_public_key,
+    masking_key,
+    envelope
+  }
 
   return (record, export_key)
 </pre><a href="#section-5.2.3-2" class="pilcrow">¶</a>
@@ -2549,7 +2564,10 @@ <h4 id="name-generateke2">
                       record.client_public_key, ke1,
                       credential_response)
 
-  Create KE2 ke2 with (credential_response, auth_response)
+  ke2 = KE2 {
+    credential_response,
+    auth_response
+  }
 
   return ke2
 </pre><a href="#section-6.2.2-2" class="pilcrow">¶</a>
@@ -2703,7 +2721,9 @@ <h5 id="name-createcredentialrequest">
 def CreateCredentialRequest(password):
   (blind, blinded_element) = Blind(password)
   blinded_message = SerializeElement(blinded_element)
-  Create CredentialRequest request with blinded_message
+  request = CredentialRequest {
+    blinded_message
+  }
   return (request, blind)
 </pre><a href="#section-6.3.2.1-2" class="pilcrow">¶</a>
 </div>
@@ -2762,8 +2782,11 @@ <h5 id="name-createcredentialresponse">
   masked_response = xor(credential_response_pad,
                         concat(server_public_key, record.envelope))
 
-  Create CredentialResponse response with
-    (evaluated_message, masking_nonce, masked_response)
+  response = CredentialResponse {
+    evaluated_message,
+    masking_nonce,
+    masked_response
+  }
 
   return response
 </pre><a href="#section-6.3.2.2-4" class="pilcrow">¶</a>
@@ -3112,11 +3135,15 @@ <h4 id="name-3dh-client-functions">
   (client_secret, client_public_keyshare) =
     DeriveDiffieHellmanKeyPair(client_keyshare_seed)
 
-  Create AuthRequest auth_request with
-    (client_nonce, client_public_keyshare)
+  auth_request = AuthRequest {
+    client_nonce,
+    client_public_keyshare
+  }
 
-  Create KE1 ke1 with
-    (credential_request, auth_request)
+  ke1 = KE1 {
+    credential_request,
+    auth_request
+  }
 
   state.client_secret = client_secret
   state.ke1 = ke1
@@ -3166,7 +3193,9 @@ <h4 id="name-3dh-client-functions">
   if !ct_equal(ke2.auth_response.server_mac, expected_server_mac),
     raise ServerAuthenticationError
   client_mac = MAC(Km3, Hash(concat(preamble, expected_server_mac)))
-  Create KE3 ke3 with client_mac
+  ke3 = KE3 {
+    client_mac
+  }
   return (ke3, session_key)
 </pre><a href="#section-6.4.3-4" class="pilcrow">¶</a>
 </div>
@@ -3226,8 +3255,11 @@ <h4 id="name-3dh-server-functions">
     MAC(Km3, Hash(concat(preamble, server_mac)))
   state.session_key = session_key
 
-  Create AuthResponse auth_response with
-    (server_nonce, server_public_keyshare, server_mac)
+  auth_response = AuthResponse {
+    server_nonce,
+    server_public_keyshare,
+    server_mac
+  }
 
   return auth_response
 </pre><a href="#section-6.4.4-2" class="pilcrow">¶</a>

diff --git a/draft-irtf-cfrg-opaque.txt b/draft-irtf-cfrg-opaque.txt
@@ -555,8 +555,12 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
   if client_identity == nil
     client_identity = client_public_key
 
-  Create CleartextCredentials cleartext_credentials with
-    (server_public_key, server_identity, client_identity)
+  cleartext_credentials = CleartextCredentials {
+    server_public_key,
+    server_identity,
+    client_identity
+  }
+
   return cleartext_credentials
 
 4.1.  Key Recovery
@@ -571,15 +575,15 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
    The key recovery mechanism defines its Envelope as follows:
 
    struct {
-     uint8 nonce[Nn];
+     uint8 envelope_nonce[Nn];
      uint8 auth_tag[Nm];
    } Envelope;
 
-   nonce: A randomly-sampled nonce of length Nn, used to protect this
-   Envelope.
+   envelope_nonce: A randomly-sampled nonce of length Nn, used to
+   protect this Envelope.
 
    auth_tag: An authentication tag protecting the contents of the
-   envelope, covering the envelope nonce and CleartextCredentials.
+   envelope, covering envelope_nonce and CleartextCredentials.
 
 4.1.2.  Envelope Creation
 
@@ -625,7 +629,11 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
      auth_tag =
        MAC(auth_key, concat(envelope_nonce, cleartext_credentials))
 
-     Create Envelope envelope with (envelope_nonce, auth_tag)
+     envelope = Envelope {
+       envelope_nonce,
+       auth_tag
+     }
+
      return (envelope, client_public_key, masking_key, export_key)
 
 4.1.3.  Envelope Recovery
@@ -808,7 +816,9 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
    def CreateRegistrationRequest(password):
      (blind, blinded_element) = Blind(password)
      blinded_message = SerializeElement(blinded_element)
-     Create RegistrationRequest request with blinded_message
+     request = RegistrationRequest {
+       blinded_message
+     }
      return (request, blind)
 
 5.2.2.  CreateRegistrationResponse
@@ -846,8 +856,10 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
      evaluated_element = BlindEvaluate(oprf_key, blinded_element)
      evaluated_message = SerializeElement(evaluated_element)
 
-     Create RegistrationResponse response with
-      (evaluated_message, server_public_key)
+     response = RegistrationResponse {
+       evaluated_message,
+       server_public_key
+     }
 
      return response
 
@@ -886,8 +898,11 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
        Store(randomized_password, response.server_public_key,
              server_identity, client_identity)
 
-     Create RegistrationRecord record with
-       (client_public_key, masking_key, envelope)
+     record = RegistrationRecord {
+       client_public_key,
+       masking_key,
+       envelope
+     }
 
      return (record, export_key)
 
@@ -1130,7 +1145,10 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
                        record.client_public_key, ke1,
                        credential_response)
 
-   Create KE2 ke2 with (credential_response, auth_response)
+   ke2 = KE2 {
+     credential_response,
+     auth_response
+   }
 
    return ke2
 
@@ -1257,7 +1275,9 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
    def CreateCredentialRequest(password):
      (blind, blinded_element) = Blind(password)
      blinded_message = SerializeElement(blinded_element)
-     Create CredentialRequest request with blinded_message
+     request = CredentialRequest {
+       blinded_message
+     }
      return (request, blind)
 
 6.3.2.2.  CreateCredentialResponse
@@ -1312,8 +1332,11 @@ def CreateCleartextCredentials(server_public_key, client_public_key,
      masked_response = xor(credential_response_pad,
                            concat(server_public_key, record.envelope))
 
-     Create CredentialResponse response with
-       (evaluated_message, masking_nonce, masked_response)
+     response = CredentialResponse {
+       evaluated_message,
+       masking_nonce,
+       masked_response
+     }
 
      return response
 
@@ -1599,11 +1622,15 @@ def Preamble(client_identity, ke1, server_identity, credential_response,
      (client_secret, client_public_keyshare) =
        DeriveDiffieHellmanKeyPair(client_keyshare_seed)
 
-     Create AuthRequest auth_request with
-       (client_nonce, client_public_keyshare)
+     auth_request = AuthRequest {
+       client_nonce,
+       client_public_keyshare
+     }
 
-     Create KE1 ke1 with
-       (credential_request, auth_request)
+     ke1 = KE1 {
+       credential_request,
+       auth_request
+     }
 
      state.client_secret = client_secret
      state.ke1 = ke1
@@ -1651,7 +1678,9 @@ def Preamble(client_identity, ke1, server_identity, credential_response,
    if !ct_equal(ke2.auth_response.server_mac, expected_server_mac),
      raise ServerAuthenticationError
    client_mac = MAC(Km3, Hash(concat(preamble, expected_server_mac)))
-   Create KE3 ke3 with client_mac
+   ke3 = KE3 {
+     client_mac
+   }
    return (ke3, session_key)
 
 6.4.4.  3DH Server Functions
@@ -1705,8 +1734,11 @@ def Preamble(client_identity, ke1, server_identity, credential_response,
        MAC(Km3, Hash(concat(preamble, server_mac)))
      state.session_key = session_key
 
-     Create AuthResponse auth_response with
-       (server_nonce, server_public_keyshare, server_mac)
+     auth_response = AuthResponse {
+       server_nonce,
+       server_public_keyshare,
+       server_mac
+     }
 
      return auth_response