Don't store server key in token database, make TokenServer responsible for database closure.

2021-05-05 12:03:08 -07:00 · 2021-05-05 12:03:08 -07:00 · c47e478e01
parent 98ff3244c0
commit c47e478e01
4 changed files with 18 additions and 19 deletions
--- a/primitives/privacypass/token_test.go
+++ b/primitives/privacypass/token_test.go
@ -1,6 +1,7 @@
 package privacypass

 import (
+	"crypto/sha512"
 	"git.openprivacy.ca/cwtch.im/tapir/persistence"
 	"git.openprivacy.ca/cwtch.im/tapir/primitives/core"
 	"git.openprivacy.ca/openprivacy/log"
@ -67,8 +68,11 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
 	log.SetLevel(log.LevelDebug)
 	db := new(persistence.BoltPersistence)
 	db.Open("tokens.db")
-	defer db.Close()
-	server := NewTokenServerFromStore(db)
+
+	fakeRand := sha512.Sum512([]byte{})
+	k := ristretto255.NewScalar().FromUniformBytes(fakeRand[:])
+	server := NewTokenServerFromStore(k, db)
+	defer server.Close()

 	clientTranscript := core.NewTranscript("privacyPass")
 	serverTranscript := core.NewTranscript("privacyPass")
@ -98,4 +102,5 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
 	if verified {
 		t.Errorf("Something went wrong, the proof passed with wrong transcript: %s", wrongTranscript.OutputTranscriptToAudit())
 	}
+
 }
--- a/primitives/privacypass/tokenserver.go
+++ b/primitives/privacypass/tokenserver.go
@ -28,7 +28,6 @@ type SignedBatchWithProof struct {
 }

 const tokenBucket = "tokens"
-const keyBucket = "keys"

 // NewTokenServer generates a new TokenServer (used mostly for testing with ephemeral instances)
 func NewTokenServer() *TokenServer {
@ -44,29 +43,25 @@ func NewTokenServer() *TokenServer {
 }

 // NewTokenServerFromStore generates a new TokenServer backed by a persistence service.
-func NewTokenServerFromStore(persistenceService persistence.Service) *TokenServer {
+func NewTokenServerFromStore(k *ristretto.Scalar, persistenceService persistence.Service) *TokenServer {
 	tokenServer := NewTokenServer()
 	persistenceService.Setup([]string{tokenBucket})
-	persistenceService.Setup([]string{keyBucket})
-	exists, err := persistenceService.Check(keyBucket, "k")
-	if err != nil {
-		panic(err)
-	}
-	// if we don't have a stored k then save the one we have generated
-	// otherwise use the k we have stored
-	if !exists {
-		persistenceService.Persist(keyBucket, "k", tokenServer.k)
-	} else {
-		persistenceService.Load(keyBucket, "k", tokenServer.k)

-		// recalculate public key from stored k
+	// recalculate public key from k
+	tokenServer.k = k
 	tokenServer.Y = new(ristretto.Element).ScalarBaseMult(tokenServer.k)
-	}

 	tokenServer.persistanceService = persistenceService
 	return tokenServer
 }

+// Close ensures that the database is properly closed...
+func (ts *TokenServer) Close() {
+	ts.mutex.Lock()
+	defer ts.mutex.Unlock()
+	ts.persistanceService.Close()
+}
+
 // SignBlindedToken calculates kP for the given BlindedToken P
 func (ts *TokenServer) SignBlindedToken(bt BlindedToken) SignedToken {
 	Q := new(ristretto.Element).ScalarMult(ts.k, bt.P)
--- a/scratch/main.go
+++ b/scratch/main.go
--- a/service.go
+++ b/service.go
@ -12,7 +12,6 @@ import (
 	"sync"
 )

-
 // ServiceMetrics outlines higher level information about the service e.g. counts of connections
 type ServiceMetrics struct {
 	ConnectionCount int