Browse Source

Don't store server key in token database, make TokenServer responsible for database closure.

pull/35/head
Sarah Jamie Lewis 1 year ago
parent
commit
c47e478e01
  1. 9
      primitives/privacypass/token_test.go
  2. 27
      primitives/privacypass/tokenserver.go
  3. 0
      scratch/main.go
  4. 1
      service.go

9
primitives/privacypass/token_test.go

@ -1,6 +1,7 @@
package privacypass
import (
"crypto/sha512"
"git.openprivacy.ca/cwtch.im/tapir/persistence"
"git.openprivacy.ca/cwtch.im/tapir/primitives/core"
"git.openprivacy.ca/openprivacy/log"
@ -67,8 +68,11 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
log.SetLevel(log.LevelDebug)
db := new(persistence.BoltPersistence)
db.Open("tokens.db")
defer db.Close()
server := NewTokenServerFromStore(db)
fakeRand := sha512.Sum512([]byte{})
k := ristretto255.NewScalar().FromUniformBytes(fakeRand[:])
server := NewTokenServerFromStore(k, db)
defer server.Close()
clientTranscript := core.NewTranscript("privacyPass")
serverTranscript := core.NewTranscript("privacyPass")
@ -98,4 +102,5 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
if verified {
t.Errorf("Something went wrong, the proof passed with wrong transcript: %s", wrongTranscript.OutputTranscriptToAudit())
}
}

27
primitives/privacypass/tokenserver.go

@ -28,7 +28,6 @@ type SignedBatchWithProof struct {
}
const tokenBucket = "tokens"
const keyBucket = "keys"
// NewTokenServer generates a new TokenServer (used mostly for testing with ephemeral instances)
func NewTokenServer() *TokenServer {
@ -44,29 +43,25 @@ func NewTokenServer() *TokenServer {
}
// NewTokenServerFromStore generates a new TokenServer backed by a persistence service.
func NewTokenServerFromStore(persistenceService persistence.Service) *TokenServer {
func NewTokenServerFromStore(k *ristretto.Scalar, persistenceService persistence.Service) *TokenServer {
tokenServer := NewTokenServer()
persistenceService.Setup([]string{tokenBucket})
persistenceService.Setup([]string{keyBucket})
exists, err := persistenceService.Check(keyBucket, "k")
if err != nil {
panic(err)
}
// if we don't have a stored k then save the one we have generated
// otherwise use the k we have stored
if !exists {
persistenceService.Persist(keyBucket, "k", tokenServer.k)
} else {
persistenceService.Load(keyBucket, "k", tokenServer.k)
// recalculate public key from stored k
tokenServer.Y = new(ristretto.Element).ScalarBaseMult(tokenServer.k)
}
// recalculate public key from k
tokenServer.k = k
tokenServer.Y = new(ristretto.Element).ScalarBaseMult(tokenServer.k)
tokenServer.persistanceService = persistenceService
return tokenServer
}
// Close ensures that the database is properly closed...
func (ts *TokenServer) Close() {
ts.mutex.Lock()
defer ts.mutex.Unlock()
ts.persistanceService.Close()
}
// SignBlindedToken calculates kP for the given BlindedToken P
func (ts *TokenServer) SignBlindedToken(bt BlindedToken) SignedToken {
Q := new(ristretto.Element).ScalarMult(ts.k, bt.P)

0
scratch/main.go

1
service.go

@ -12,7 +12,6 @@ import (
"sync"
)
// ServiceMetrics outlines higher level information about the service e.g. counts of connections
type ServiceMetrics struct {
ConnectionCount int

Loading…
Cancel
Save