Make crypto vars more consistent wrt paper

secret_handshake/crypto.py

@@ -111,7 +111,7 @@ class SHSServerCrypto(SHSCryptoBase):
     def clean(self, new_ephemeral_key=None):
         super(SHSServerCrypto, self).clean(new_ephemeral_key=new_ephemeral_key)
         self.hello = None
-        self.local_lterm_shared = None
+        self.b_alice = None
 
 
 class SHSClientCrypto(SHSCryptoBase):
@@ -129,38 +129,37 @@ class SHSClientCrypto(SHSCryptoBase):
 
     def verify_server_challenge(self, data):
         """Verify the correctness of challenge sent from the server."""
-        # TODO: use super.verify_challenge and add extra logic
+        assert super(SHSClientCrypto, self).verify_challenge(data)
-        return super(SHSClientCrypto, self).verify_challenge(data)
-
-    def generate_client_auth(self):
-        """Generate box[K|a*b|a*B](H)"""
         curve_pkey = self.remote_pub_key.to_curve25519_public_key()
 
-        # remote_lterm_shared is (a * B)
+        # a_bob is (a * B)
-        remote_lterm_shared = crypto_scalarmult(bytes(self.local_ephemeral_key), bytes(curve_pkey))
+        a_bob = crypto_scalarmult(bytes(self.local_ephemeral_key), bytes(curve_pkey))
-        self.remote_lterm_shared = remote_lterm_shared
+        self.a_bob = a_bob
-
         # this shall be hash(K | a * b | a * B)
-        box_secret = hashlib.sha256(self.application_key + self.shared_secret + remote_lterm_shared).digest()
+        self.box_secret = hashlib.sha256(self.application_key + self.shared_secret + a_bob).digest()
 
         # and message_to_box will correspond to H = sign(A)[K | Bp | hash(a * b)] | Ap
         signed_message = self.local_key.sign(self.application_key + bytes(self.remote_pub_key) + self.shared_hash)
         message_to_box = signed_message.signature + bytes(self.local_key.verify_key)
-        self.client_auth = message_to_box
+        self.hello = message_to_box
+        return True
+
+    def generate_client_auth(self):
+        """Generate box[K|a*b|a*B](H)"""
 
         nonce = b"\x00" * 24
         # return box(K | a * b | a * B)[H]
-        return crypto_box_afternm(message_to_box, nonce, box_secret)
+        return crypto_box_afternm(self.hello, nonce, self.box_secret)
 
     def verify_server_accept(self, data):
         """Verify that the server's accept message is sane"""
         curve_lkey = self.local_key.to_curve25519_private_key()
-        # local_lterm_shared is (A * b)
+        # b_alice is (A * b)
-        local_lterm_shared = crypto_scalarmult(bytes(curve_lkey), self.remote_ephemeral_key)
+        b_alice = crypto_scalarmult(bytes(curve_lkey), self.remote_ephemeral_key)
-        self.local_lterm_shared = local_lterm_shared
+        self.b_alice = b_alice
         # this is hash(K | a * b | a * B | A * b)
-        self.box_secret = hashlib.sha256(self.application_key + self.shared_secret + self.remote_lterm_shared +
+        self.box_secret = hashlib.sha256(self.application_key + self.shared_secret + self.a_bob +
-                                         local_lterm_shared).digest()
+                                         b_alice).digest()
 
         nonce = b"\x00" * 24
 
@@ -172,10 +171,10 @@ class SHSClientCrypto(SHSCryptoBase):
 
         # we should have received sign(B)[K | H | hash(a * b)]
         # let's see if that signature can verify the reconstructed data on our side
-        self.remote_pub_key.verify(self.application_key + self.client_auth + self.shared_hash, signature)
+        self.remote_pub_key.verify(self.application_key + self.hello + self.shared_hash, signature)
         return True
 
     def clean(self, new_ephemeral_key=None):
         super(SHSClientCrypto, self).clean(new_ephemeral_key=new_ephemeral_key)
-        self.remote_lterm_shared = None
+        self.a_bob = None
-        self.local_lterm_shared = None
+        self.b_alice = None