From 4396c2002260f7619d13af45053acc3d284c3cba Mon Sep 17 00:00:00 2001 From: raphaelrobert Date: Fri, 16 May 2025 13:01:27 +0200 Subject: [PATCH 1/2] Move cipher suite --- benches/amortized.rs | 2 +- benches/private.rs | 2 +- src/amortized_tokens/request.rs | 4 ++-- src/amortized_tokens/response.rs | 6 +++-- src/amortized_tokens/server.rs | 6 ++--- src/common/private.rs | 32 +++++++++++++++++++++++++- src/common/store.rs | 4 +++- src/lib.rs | 30 ------------------------ src/private_tokens/request.rs | 4 ++-- src/private_tokens/response.rs | 6 +++-- src/private_tokens/server.rs | 4 ++-- src/test_utils/private_memory_store.rs | 5 +++- tests/amortized_tokens.rs | 3 +-- tests/kat_amortized.rs | 3 +-- tests/kat_generic.rs | 3 ++- tests/kat_private.rs | 3 +-- tests/private_tokens.rs | 3 +-- 17 files changed, 63 insertions(+), 57 deletions(-) diff --git a/benches/amortized.rs b/benches/amortized.rs index 731efa5..1389ac6 100644 --- a/benches/amortized.rs +++ b/benches/amortized.rs @@ -3,11 +3,11 @@ use p384::NistP384; use tokio::runtime::Runtime; use privacypass::{ - PPCipherSuite, amortized_tokens::{ AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedToken, server::Server, }, auth::authenticate::TokenChallenge, + common::private::PPCipherSuite, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; use voprf::Ristretto255; diff --git a/benches/private.rs b/benches/private.rs index 6a31d60..f81b9e2 100644 --- a/benches/private.rs +++ b/benches/private.rs @@ -4,8 +4,8 @@ use p384::NistP384; use tokio::runtime::Runtime; use privacypass::{ - PPCipherSuite, auth::{authenticate::TokenChallenge, authorize::Token}, + common::private::PPCipherSuite, private_tokens::{TokenRequest, TokenResponse, server::Server}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; diff --git a/src/amortized_tokens/request.rs b/src/amortized_tokens/request.rs index c39a3aa..bc7f5e4 100644 --- a/src/amortized_tokens/request.rs +++ b/src/amortized_tokens/request.rs @@ -7,11 +7,11 @@ use typenum::Unsigned; use voprf::{Group, Result, VoprfClient}; use crate::{ - ChallengeDigest, Nonce, PPCipherSuite, TokenInput, TokenType, TruncatedTokenKeyId, + ChallengeDigest, Nonce, TokenInput, TokenType, TruncatedTokenKeyId, auth::authenticate::TokenChallenge, common::{ errors::IssueTokenRequestError, - private::{PublicKey, public_key_to_token_key_id}, + private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, }, truncate_token_key_id, }; diff --git a/src/amortized_tokens/response.rs b/src/amortized_tokens/response.rs index 9c7a49d..1bcf6bb 100644 --- a/src/amortized_tokens/response.rs +++ b/src/amortized_tokens/response.rs @@ -5,9 +5,11 @@ use typenum::Unsigned; use voprf::{EvaluationElement, Group, Proof, Result, VoprfClient}; use crate::{ - PPCipherSuite, auth::authorize::Token, - common::errors::{IssueTokenError, SerializationError}, + common::{ + errors::{IssueTokenError, SerializationError}, + private::PPCipherSuite, + }, }; use super::{AmortizedToken, TokenState}; diff --git a/src/amortized_tokens/server.rs b/src/amortized_tokens/server.rs index c843fd8..4824957 100644 --- a/src/amortized_tokens/server.rs +++ b/src/amortized_tokens/server.rs @@ -7,10 +7,10 @@ use typenum::Unsigned; use voprf::{BlindedElement, Group, Result, VoprfServer, VoprfServerBatchEvaluateFinishResult}; use crate::{ - NonceStore, PPCipherSuite, TokenInput, + NonceStore, TokenInput, common::{ errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError}, - private::{PublicKey, public_key_to_token_key_id}, + private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, store::PrivateKeyStore, }, truncate_token_key_id, @@ -199,7 +199,7 @@ impl Server { #[cfg(test)] mod tests { - use crate::PPCipherSuite; + use crate::common::private::PPCipherSuite; use p384::NistP384; use voprf::{Group, Ristretto255}; diff --git a/src/common/private.rs b/src/common/private.rs index 8e0e260..68d7fbf 100644 --- a/src/common/private.rs +++ b/src/common/private.rs @@ -1,9 +1,39 @@ //! Types that used by private tokens use sha2::{Digest, Sha256}; +use std::fmt::Debug; use voprf::{CipherSuite, Error, Group}; -use crate::{PPCipherSuite, TokenKeyId, TruncatedTokenKeyId, truncate_token_key_id}; +use crate::{TokenKeyId, TokenType, TruncatedTokenKeyId, truncate_token_key_id}; + +/// Trait for a cipher suite that can be used with the Privacy Pass protocol. +pub trait PPCipherSuite: + CipherSuite> + + PartialEq + + Debug + + Clone + + Send + + Sync +{ + /// Returns the token type for the cipher suite. + fn token_type() -> TokenType { + match Self::ID { + "P384-SHA384" => TokenType::PrivateP384, + "ristretto255-SHA512" => TokenType::PrivateRistretto255, + _ => panic!("Unsupported token type"), + } + } +} + +impl PPCipherSuite for C where + C: CipherSuite> + + PartialEq + + Debug + + Clone + + Send + + Sync +{ +} /// Public key alias pub type PublicKey = <::Group as Group>::Elem; diff --git a/src/common/store.rs b/src/common/store.rs index af7a152..91a3a4f 100644 --- a/src/common/store.rs +++ b/src/common/store.rs @@ -2,7 +2,9 @@ use async_trait::async_trait; use voprf::VoprfServer; -use crate::{PPCipherSuite, TruncatedTokenKeyId}; +use crate::TruncatedTokenKeyId; + +use super::private::PPCipherSuite; /// Minimal trait for a key store to store key material on the server-side. Note /// that the store requires inner mutability. diff --git a/src/lib.rs b/src/lib.rs index 3119e1d..665ae5f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -29,40 +29,10 @@ pub mod test_utils; use async_trait::async_trait; use std::fmt::Debug; use tls_codec_derive::{TlsDeserialize, TlsSerialize, TlsSize}; -use voprf::CipherSuite; pub use tls_codec::{Deserialize, Serialize}; pub use voprf::{Group, VoprfServer}; -/// Trait for a cipher suite that can be used with the Privacy Pass protocol. -pub trait PPCipherSuite: - CipherSuite> - + PartialEq - + Debug - + Clone - + Send - + Sync -{ - /// Returns the token type for the cipher suite. - fn token_type() -> TokenType { - match Self::ID { - "P384-SHA384" => TokenType::PrivateP384, - "ristretto255-SHA512" => TokenType::PrivateRistretto255, - _ => panic!("Unsupported token type"), - } - } -} - -impl PPCipherSuite for C where - C: CipherSuite> - + PartialEq - + Debug - + Clone - + Send - + Sync -{ -} - /// Token type #[derive(TlsSize, TlsSerialize, TlsDeserialize, Copy, Clone, Debug, PartialEq, Eq)] #[repr(u16)] diff --git a/src/private_tokens/request.rs b/src/private_tokens/request.rs index 87b067f..aa2b626 100644 --- a/src/private_tokens/request.rs +++ b/src/private_tokens/request.rs @@ -6,11 +6,11 @@ use typenum::Unsigned; use voprf::{Group, Result, VoprfClient}; use crate::{ - ChallengeDigest, Nonce, PPCipherSuite, TokenInput, TokenType, TruncatedTokenKeyId, + ChallengeDigest, Nonce, TokenInput, TokenType, TruncatedTokenKeyId, auth::authenticate::TokenChallenge, common::{ errors::IssueTokenRequestError, - private::{PublicKey, public_key_to_token_key_id}, + private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, }, truncate_token_key_id, }; diff --git a/src/private_tokens/response.rs b/src/private_tokens/response.rs index 469a29f..e2b1b31 100644 --- a/src/private_tokens/response.rs +++ b/src/private_tokens/response.rs @@ -5,9 +5,11 @@ use typenum::Unsigned; use voprf::*; use crate::{ - PPCipherSuite, auth::authorize::Token, - common::errors::{IssueTokenError, SerializationError}, + common::{ + errors::{IssueTokenError, SerializationError}, + private::PPCipherSuite, + }, }; use super::{PrivateToken, request::TokenState}; diff --git a/src/private_tokens/server.rs b/src/private_tokens/server.rs index d5d87c3..2107ce4 100644 --- a/src/private_tokens/server.rs +++ b/src/private_tokens/server.rs @@ -7,11 +7,11 @@ use typenum::Unsigned; use voprf::{BlindedElement, Group, Result, VoprfServer}; use crate::{ - NonceStore, PPCipherSuite, TokenInput, + NonceStore, TokenInput, auth::authorize::Token, common::{ errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError}, - private::{PublicKey, public_key_to_token_key_id}, + private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, store::PrivateKeyStore, }, truncate_token_key_id, diff --git a/src/test_utils/private_memory_store.rs b/src/test_utils/private_memory_store.rs index 78cdd0a..197e223 100644 --- a/src/test_utils/private_memory_store.rs +++ b/src/test_utils/private_memory_store.rs @@ -4,7 +4,10 @@ use std::{collections::HashMap, fmt::Debug}; use tokio::sync::Mutex; use voprf::*; -use crate::{PPCipherSuite, TruncatedTokenKeyId, common::store::PrivateKeyStore}; +use crate::{ + TruncatedTokenKeyId, + common::{private::PPCipherSuite, store::PrivateKeyStore}, +}; /// Private key store that stores keys in memory. pub struct MemoryKeyStoreVoprf { diff --git a/tests/amortized_tokens.rs b/tests/amortized_tokens.rs index b514251..515b87c 100644 --- a/tests/amortized_tokens.rs +++ b/tests/amortized_tokens.rs @@ -1,9 +1,8 @@ use p384::NistP384; use privacypass::{ - PPCipherSuite, amortized_tokens::{AmortizedBatchTokenRequest, server::*}, auth::authenticate::TokenChallenge, - common::errors::RedeemTokenError, + common::{errors::RedeemTokenError, private::PPCipherSuite}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; use voprf::Ristretto255; diff --git a/tests/kat_amortized.rs b/tests/kat_amortized.rs index 5fb3666..9622527 100644 --- a/tests/kat_amortized.rs +++ b/tests/kat_amortized.rs @@ -9,10 +9,9 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait}; use voprf::{Group, Mode, Ristretto255, derive_key}; use privacypass::{ - PPCipherSuite, amortized_tokens::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, server::*}, auth::authenticate::TokenChallenge, - common::private::serialize_public_key, + common::private::{PPCipherSuite, serialize_public_key}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; diff --git a/tests/kat_generic.rs b/tests/kat_generic.rs index ef3d3a4..83ece32 100644 --- a/tests/kat_generic.rs +++ b/tests/kat_generic.rs @@ -8,7 +8,8 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait}; use voprf::Ristretto255; use privacypass::{ - PPCipherSuite, TokenType, + TokenType, + common::private::PPCipherSuite, generic_tokens::{ GenericBatchTokenRequest, GenericBatchTokenResponse, GenericTokenRequest, GenericTokenResponse, OptionalTokenResponse, diff --git a/tests/kat_private.rs b/tests/kat_private.rs index 2fe2528..0c3ce85 100644 --- a/tests/kat_private.rs +++ b/tests/kat_private.rs @@ -9,9 +9,8 @@ use tls_codec::{Deserialize as _, Serialize as TlsSerializeTrait}; use voprf::{Group, Mode, Ristretto255, derive_key}; use privacypass::{ - PPCipherSuite, auth::authenticate::TokenChallenge, - common::private::serialize_public_key, + common::private::{PPCipherSuite, serialize_public_key}, private_tokens::{TokenRequest, TokenResponse, server::*}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; diff --git a/tests/private_tokens.rs b/tests/private_tokens.rs index 9db01cd..b9acee3 100644 --- a/tests/private_tokens.rs +++ b/tests/private_tokens.rs @@ -1,8 +1,7 @@ use p384::NistP384; use privacypass::{ - PPCipherSuite, auth::authenticate::TokenChallenge, - common::errors::RedeemTokenError, + common::{errors::RedeemTokenError, private::PPCipherSuite}, private_tokens::{TokenRequest, server::*}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; From 0fb53c3bc731dcfebc0a4342e701c3ea4eacb986 Mon Sep 17 00:00:00 2001 From: raphaelrobert Date: Fri, 16 May 2025 13:04:13 +0200 Subject: [PATCH 2/2] Rename cipher suite --- benches/amortized.rs | 10 +++++----- benches/private.rs | 10 +++++----- src/amortized_tokens/request.rs | 20 ++++++++++---------- src/amortized_tokens/response.rs | 20 ++++++++++---------- src/amortized_tokens/server.rs | 10 +++++----- src/common/private.rs | 16 ++++++++++------ src/common/store.rs | 4 ++-- src/private_tokens/request.rs | 16 ++++++++-------- src/private_tokens/response.rs | 14 +++++++------- src/private_tokens/server.rs | 6 +++--- src/test_utils/private_memory_store.rs | 10 +++++----- tests/amortized_tokens.rs | 4 ++-- tests/kat_amortized.rs | 8 ++++---- tests/kat_generic.rs | 4 ++-- tests/kat_private.rs | 10 +++++----- tests/private_tokens.rs | 4 ++-- 16 files changed, 85 insertions(+), 81 deletions(-) diff --git a/benches/amortized.rs b/benches/amortized.rs index 1389ac6..707c512 100644 --- a/benches/amortized.rs +++ b/benches/amortized.rs @@ -7,19 +7,19 @@ use privacypass::{ AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedToken, server::Server, }, auth::authenticate::TokenChallenge, - common::private::PPCipherSuite, + common::private::PrivateCipherSuite, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; use voprf::Ristretto255; -async fn create_amortized_keypair( +async fn create_amortized_keypair( key_store: MemoryKeyStoreVoprf, server: Server, ) { let _public_key = server.create_keypair(&key_store).await.unwrap(); } -async fn issue_amortized_token_response( +async fn issue_amortized_token_response( key_store: MemoryKeyStoreVoprf, server: Server, token_request: AmortizedBatchTokenRequest, @@ -30,7 +30,7 @@ async fn issue_amortized_token_response( .unwrap() } -async fn redeem_amortized_token( +async fn redeem_amortized_token( key_store: MemoryKeyStoreVoprf, nonce_store: MemoryNonceStore, token: AmortizedToken, @@ -50,7 +50,7 @@ pub fn criterion_amortized_ristretto255_benchmark(c: &mut Criterion) { flow::(c); } -pub fn flow(c: &mut Criterion) { +pub fn flow(c: &mut Criterion) { const NR: u16 = 100; // Key pair generation c.bench_function( diff --git a/benches/private.rs b/benches/private.rs index f81b9e2..875509c 100644 --- a/benches/private.rs +++ b/benches/private.rs @@ -5,20 +5,20 @@ use tokio::runtime::Runtime; use privacypass::{ auth::{authenticate::TokenChallenge, authorize::Token}, - common::private::PPCipherSuite, + common::private::PrivateCipherSuite, private_tokens::{TokenRequest, TokenResponse, server::Server}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; use voprf::Ristretto255; -async fn create_private_keypair( +async fn create_private_keypair( key_store: MemoryKeyStoreVoprf, server: Server, ) { let _public_key = server.create_keypair(&key_store).await.unwrap(); } -async fn issue_private_token_response( +async fn issue_private_token_response( key_store: MemoryKeyStoreVoprf, server: Server, token_request: TokenRequest, @@ -29,7 +29,7 @@ async fn issue_private_token_response( .unwrap() } -async fn redeem_private_token, CS: PPCipherSuite>( +async fn redeem_private_token, CS: PrivateCipherSuite>( key_store: MemoryKeyStoreVoprf, nonce_store: MemoryNonceStore, token: Token, @@ -49,7 +49,7 @@ pub fn criterion_private_ristretto255_benchmark(c: &mut Criterion) { flow::(c); } -pub fn flow(c: &mut Criterion) { +pub fn flow(c: &mut Criterion) { // Key pair generation c.bench_function( &format!("PRIVATE SERVER ({}): Generate key pair", CS::ID), diff --git a/src/amortized_tokens/request.rs b/src/amortized_tokens/request.rs index bc7f5e4..56489c1 100644 --- a/src/amortized_tokens/request.rs +++ b/src/amortized_tokens/request.rs @@ -11,20 +11,20 @@ use crate::{ auth::authenticate::TokenChallenge, common::{ errors::IssueTokenRequestError, - private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, + private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id}, }, truncate_token_key_id, }; /// State that is kept between the token requests and token responses. -pub struct TokenState { +pub struct TokenState { pub(crate) clients: Vec>, pub(crate) token_inputs: Vec, pub(crate) challenge_digest: ChallengeDigest, pub(crate) public_key: PublicKey, } -impl std::fmt::Debug for TokenState { +impl std::fmt::Debug for TokenState { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { f.debug_struct("TokenState") .field("clients", &self.clients.len()) @@ -43,7 +43,7 @@ impl std::fmt::Debug for TokenState { /// } BlindedElement; /// ``` #[derive(Debug)] -pub struct BlindedElement { +pub struct BlindedElement { pub(crate) _marker: std::marker::PhantomData, pub(crate) blinded_element: Vec, } @@ -58,13 +58,13 @@ pub struct BlindedElement { /// } AmortizedBatchTokenRequest; /// ``` #[derive(Debug, TlsDeserialize, TlsSerialize, TlsSize)] -pub struct AmortizedBatchTokenRequest { +pub struct AmortizedBatchTokenRequest { pub(crate) token_type: TokenType, pub(crate) truncated_token_key_id: TruncatedTokenKeyId, pub(crate) blinded_elements: Vec>, } -impl AmortizedBatchTokenRequest { +impl AmortizedBatchTokenRequest { /// Returns the number of blinded elements #[must_use] pub fn nr(&self) -> usize { @@ -72,7 +72,7 @@ impl AmortizedBatchTokenRequest { } } -impl AmortizedBatchTokenRequest { +impl AmortizedBatchTokenRequest { /// Issue a new token request. /// /// # Errors @@ -178,13 +178,13 @@ impl AmortizedBatchTokenRequest { } } -impl Size for BlindedElement { +impl Size for BlindedElement { fn tls_serialized_len(&self) -> usize { <::ElemLen as Unsigned>::USIZE } } -impl Serialize for BlindedElement { +impl Serialize for BlindedElement { fn tls_serialize( &self, writer: &mut W, @@ -194,7 +194,7 @@ impl Serialize for BlindedElement { } } -impl Deserialize for BlindedElement { +impl Deserialize for BlindedElement { fn tls_deserialize( bytes: &mut R, ) -> std::result::Result diff --git a/src/amortized_tokens/response.rs b/src/amortized_tokens/response.rs index 1bcf6bb..859049f 100644 --- a/src/amortized_tokens/response.rs +++ b/src/amortized_tokens/response.rs @@ -8,7 +8,7 @@ use crate::{ auth::authorize::Token, common::{ errors::{IssueTokenError, SerializationError}, - private::PPCipherSuite, + private::PrivateCipherSuite, }, }; @@ -23,7 +23,7 @@ use super::{AmortizedToken, TokenState}; /// ``` #[derive(Debug, PartialEq)] -pub struct EvaluatedElement { +pub struct EvaluatedElement { pub(crate) _marker: std::marker::PhantomData, pub(crate) evaluated_element: Vec, } @@ -37,13 +37,13 @@ pub struct EvaluatedElement { /// } AmortizedBatchTokenResponse; /// ``` #[derive(Debug)] -pub struct AmortizedBatchTokenResponse { +pub struct AmortizedBatchTokenResponse { pub(crate) _marker: std::marker::PhantomData, pub(crate) evaluated_elements: Vec>, pub(crate) evaluated_proof: Vec, } -impl AmortizedBatchTokenResponse { +impl AmortizedBatchTokenResponse { /// Create a new `TokenResponse` from a byte slice. /// /// # Errors @@ -115,13 +115,13 @@ impl AmortizedBatchTokenResponse { } } -impl Size for EvaluatedElement { +impl Size for EvaluatedElement { fn tls_serialized_len(&self) -> usize { <::ElemLen as Unsigned>::USIZE } } -impl Serialize for EvaluatedElement { +impl Serialize for EvaluatedElement { fn tls_serialize( &self, writer: &mut W, @@ -131,7 +131,7 @@ impl Serialize for EvaluatedElement { } } -impl Deserialize for EvaluatedElement { +impl Deserialize for EvaluatedElement { fn tls_deserialize( bytes: &mut R, ) -> std::result::Result @@ -147,14 +147,14 @@ impl Deserialize for EvaluatedElement { } } -impl Size for AmortizedBatchTokenResponse { +impl Size for AmortizedBatchTokenResponse { fn tls_serialized_len(&self) -> usize { let len = 2 * <::ScalarLen as Unsigned>::USIZE; self.evaluated_elements.tls_serialized_len() + len } } -impl Deserialize for AmortizedBatchTokenResponse { +impl Deserialize for AmortizedBatchTokenResponse { fn tls_deserialize( bytes: &mut R, ) -> std::result::Result @@ -174,7 +174,7 @@ impl Deserialize for AmortizedBatchTokenResponse { } } -impl Serialize for AmortizedBatchTokenResponse { +impl Serialize for AmortizedBatchTokenResponse { fn tls_serialize( &self, writer: &mut W, diff --git a/src/amortized_tokens/server.rs b/src/amortized_tokens/server.rs index 4824957..1788dbc 100644 --- a/src/amortized_tokens/server.rs +++ b/src/amortized_tokens/server.rs @@ -10,7 +10,7 @@ use crate::{ NonceStore, TokenInput, common::{ errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError}, - private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, + private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id}, store::PrivateKeyStore, }, truncate_token_key_id, @@ -20,11 +20,11 @@ use super::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, AmortizedTo /// Server-side component of the batched token issuance protocol. #[derive(Default, Debug)] -pub struct Server { +pub struct Server { _marker: std::marker::PhantomData, } -impl Server { +impl Server { /// Create a new server. The new server does not contain any key material. #[must_use] pub const fn new() -> Self { @@ -199,7 +199,7 @@ impl Server { #[cfg(test)] mod tests { - use crate::common::private::PPCipherSuite; + use crate::common::private::PrivateCipherSuite; use p384::NistP384; use voprf::{Group, Ristretto255}; @@ -215,7 +215,7 @@ mod tests { } #[cfg(test)] - fn key_serialization_cs(pk: ::Elem) + fn key_serialization_cs(pk: ::Elem) where <::Group as voprf::Group>::Elem: std::cmp::PartialEq, <::Group as voprf::Group>::Elem: std::fmt::Debug, diff --git a/src/common/private.rs b/src/common/private.rs index 68d7fbf..e85c005 100644 --- a/src/common/private.rs +++ b/src/common/private.rs @@ -7,7 +7,7 @@ use voprf::{CipherSuite, Error, Group}; use crate::{TokenKeyId, TokenType, TruncatedTokenKeyId, truncate_token_key_id}; /// Trait for a cipher suite that can be used with the Privacy Pass protocol. -pub trait PPCipherSuite: +pub trait PrivateCipherSuite: CipherSuite> + PartialEq + Debug @@ -25,7 +25,7 @@ pub trait PPCipherSuite: } } -impl PPCipherSuite for C where +impl PrivateCipherSuite for C where C: CipherSuite> + PartialEq + Debug @@ -39,13 +39,13 @@ impl PPCipherSuite for C where pub type PublicKey = <::Group as Group>::Elem; /// Convert a public key to a token key ID. -pub fn public_key_to_truncated_token_key_id( +pub fn public_key_to_truncated_token_key_id( public_key: &::Elem, ) -> TruncatedTokenKeyId { truncate_token_key_id(&public_key_to_token_key_id::(public_key)) } -pub(crate) fn public_key_to_token_key_id( +pub(crate) fn public_key_to_token_key_id( public_key: &::Elem, ) -> TokenKeyId { let public_key = serialize_public_key::(*public_key); @@ -55,7 +55,9 @@ pub(crate) fn public_key_to_token_key_id( /// Serializes a public key. #[must_use] -pub fn serialize_public_key(public_key: ::Elem) -> Vec { +pub fn serialize_public_key( + public_key: ::Elem, +) -> Vec { ::serialize_elem(public_key).to_vec() } @@ -64,6 +66,8 @@ pub fn serialize_public_key(public_key: : /// # Errors /// /// This function will return an error if the slice is not a valid public key. -pub fn deserialize_public_key(slice: &[u8]) -> Result, Error> { +pub fn deserialize_public_key( + slice: &[u8], +) -> Result, Error> { ::deserialize_elem(slice) } diff --git a/src/common/store.rs b/src/common/store.rs index 91a3a4f..ca833ed 100644 --- a/src/common/store.rs +++ b/src/common/store.rs @@ -4,14 +4,14 @@ use voprf::VoprfServer; use crate::TruncatedTokenKeyId; -use super::private::PPCipherSuite; +use super::private::PrivateCipherSuite; /// Minimal trait for a key store to store key material on the server-side. Note /// that the store requires inner mutability. #[async_trait] pub trait PrivateKeyStore { /// The cipher suite used for the key store. - type CS: PPCipherSuite; + type CS: PrivateCipherSuite; /// Inserts a keypair with a given `truncated_token_key_id` into the key store. async fn insert( &self, diff --git a/src/private_tokens/request.rs b/src/private_tokens/request.rs index aa2b626..2bc70b0 100644 --- a/src/private_tokens/request.rs +++ b/src/private_tokens/request.rs @@ -10,7 +10,7 @@ use crate::{ auth::authenticate::TokenChallenge, common::{ errors::IssueTokenRequestError, - private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, + private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id}, }, truncate_token_key_id, }; @@ -25,7 +25,7 @@ use crate::{ /// } TokenRequest; /// ``` #[derive(Debug, Clone, PartialEq)] -pub struct TokenRequest { +pub struct TokenRequest { pub(crate) _marker: std::marker::PhantomData, pub(crate) token_type: TokenType, pub(crate) truncated_token_key_id: u8, @@ -33,14 +33,14 @@ pub struct TokenRequest { } /// State that is kept between the token requests and token responses. -pub struct TokenState { +pub struct TokenState { pub(crate) token_input: TokenInput, pub(crate) challenge_digest: ChallengeDigest, pub(crate) client: VoprfClient, pub(crate) public_key: PublicKey, } -impl std::fmt::Debug for TokenState { +impl std::fmt::Debug for TokenState { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { f.debug_struct("TokenState") .field("client", &"client".to_string()) @@ -51,7 +51,7 @@ impl std::fmt::Debug for TokenState { } } -impl TokenRequest { +impl TokenRequest { /// Issue a new token request. /// /// # Errors @@ -123,7 +123,7 @@ impl TokenRequest { } } -impl Size for TokenRequest { +impl Size for TokenRequest { fn tls_serialized_len(&self) -> usize { let len = <::ElemLen as Unsigned>::USIZE; self.token_type.tls_serialized_len() @@ -132,7 +132,7 @@ impl Size for TokenRequest { } } -impl Serialize for TokenRequest { +impl Serialize for TokenRequest { fn tls_serialize( &self, writer: &mut W, @@ -146,7 +146,7 @@ impl Serialize for TokenRequest { } } -impl Deserialize for TokenRequest { +impl Deserialize for TokenRequest { fn tls_deserialize( bytes: &mut R, ) -> std::result::Result diff --git a/src/private_tokens/response.rs b/src/private_tokens/response.rs index e2b1b31..617f3d7 100644 --- a/src/private_tokens/response.rs +++ b/src/private_tokens/response.rs @@ -8,7 +8,7 @@ use crate::{ auth::authorize::Token, common::{ errors::{IssueTokenError, SerializationError}, - private::PPCipherSuite, + private::PrivateCipherSuite, }, }; @@ -23,13 +23,13 @@ use super::{PrivateToken, request::TokenState}; /// } TokenResponse; /// ``` #[derive(Debug, Clone, PartialEq)] -pub struct TokenResponse { +pub struct TokenResponse { pub(crate) _marker: std::marker::PhantomData, pub(crate) evaluate_msg: Vec, pub(crate) evaluate_proof: Vec, } -impl TokenResponse { +impl TokenResponse { /// Create a new `TokenResponse` from a byte slice. /// /// # Errors @@ -46,7 +46,7 @@ impl TokenResponse { } } -impl Size for TokenResponse { +impl Size for TokenResponse { fn tls_serialized_len(&self) -> usize { let len = <::ElemLen as Unsigned>::USIZE; let proof_len = <::ScalarLen as Unsigned>::USIZE; @@ -54,7 +54,7 @@ impl Size for TokenResponse { } } -impl Serialize for TokenResponse { +impl Serialize for TokenResponse { fn tls_serialize( &self, writer: &mut W, @@ -65,7 +65,7 @@ impl Serialize for TokenResponse { } } -impl Deserialize for TokenResponse { +impl Deserialize for TokenResponse { fn tls_deserialize( bytes: &mut R, ) -> std::result::Result @@ -85,7 +85,7 @@ impl Deserialize for TokenResponse { } } -impl TokenResponse { +impl TokenResponse { /// Issue a token. /// /// # Errors diff --git a/src/private_tokens/server.rs b/src/private_tokens/server.rs index 2107ce4..7790a72 100644 --- a/src/private_tokens/server.rs +++ b/src/private_tokens/server.rs @@ -11,7 +11,7 @@ use crate::{ auth::authorize::Token, common::{ errors::{CreateKeypairError, IssueTokenResponseError, RedeemTokenError}, - private::{PPCipherSuite, PublicKey, public_key_to_token_key_id}, + private::{PrivateCipherSuite, PublicKey, public_key_to_token_key_id}, store::PrivateKeyStore, }, truncate_token_key_id, @@ -21,11 +21,11 @@ use super::{TokenRequest, TokenResponse}; /// Server side implementation of Privately Verifiable Token protocol. #[derive(Default, Debug)] -pub struct Server { +pub struct Server { _marker: std::marker::PhantomData, } -impl Server { +impl Server { /// Creates a new server. #[must_use] pub const fn new() -> Self { diff --git a/src/test_utils/private_memory_store.rs b/src/test_utils/private_memory_store.rs index 197e223..ccedb4b 100644 --- a/src/test_utils/private_memory_store.rs +++ b/src/test_utils/private_memory_store.rs @@ -6,16 +6,16 @@ use voprf::*; use crate::{ TruncatedTokenKeyId, - common::{private::PPCipherSuite, store::PrivateKeyStore}, + common::{private::PrivateCipherSuite, store::PrivateKeyStore}, }; /// Private key store that stores keys in memory. -pub struct MemoryKeyStoreVoprf { +pub struct MemoryKeyStoreVoprf { keys: Mutex>>, } #[async_trait] -impl PrivateKeyStore for MemoryKeyStoreVoprf { +impl PrivateKeyStore for MemoryKeyStoreVoprf { type CS = C; async fn insert(&self, truncated_token_key_id: TruncatedTokenKeyId, server: VoprfServer) { @@ -28,7 +28,7 @@ impl PrivateKeyStore for MemoryKeyStoreVoprf { } } -impl Debug for MemoryKeyStoreVoprf { +impl Debug for MemoryKeyStoreVoprf { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { f.debug_struct("MemoryKeyStoreVoprf") .field("keys", &"keys".to_string()) @@ -36,7 +36,7 @@ impl Debug for MemoryKeyStoreVoprf { } } -impl Default for MemoryKeyStoreVoprf { +impl Default for MemoryKeyStoreVoprf { fn default() -> Self { Self { keys: Mutex::new(HashMap::new()), diff --git a/tests/amortized_tokens.rs b/tests/amortized_tokens.rs index 515b87c..f4dda87 100644 --- a/tests/amortized_tokens.rs +++ b/tests/amortized_tokens.rs @@ -2,7 +2,7 @@ use p384::NistP384; use privacypass::{ amortized_tokens::{AmortizedBatchTokenRequest, server::*}, auth::authenticate::TokenChallenge, - common::{errors::RedeemTokenError, private::PPCipherSuite}, + common::{errors::RedeemTokenError, private::PrivateCipherSuite}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; use voprf::Ristretto255; @@ -13,7 +13,7 @@ async fn amortized_tokens() { amortized_tokens_cycle_type::().await; } -async fn amortized_tokens_cycle_type() { +async fn amortized_tokens_cycle_type() { // Number of tokens to issue let nr = 10; diff --git a/tests/kat_amortized.rs b/tests/kat_amortized.rs index 9622527..05b86cc 100644 --- a/tests/kat_amortized.rs +++ b/tests/kat_amortized.rs @@ -11,7 +11,7 @@ use voprf::{Group, Mode, Ristretto255, derive_key}; use privacypass::{ amortized_tokens::{AmortizedBatchTokenRequest, AmortizedBatchTokenResponse, server::*}, auth::authenticate::TokenChallenge, - common::private::{PPCipherSuite, serialize_public_key}, + common::private::{PrivateCipherSuite, serialize_public_key}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; @@ -68,7 +68,7 @@ async fn read_kat_amortized_token() { evaluate_kat::(list).await; */ } -async fn evaluate_kat(list: Vec) { +async fn evaluate_kat(list: Vec) { for vector in list { // Make sure we have the same amount of nonces and blinds assert_eq!(vector.blinds.len(), vector.nonces.len()); @@ -169,7 +169,7 @@ async fn write_kat_amortized_token() { .await; } -async fn write_kat_amortized_token_type(file: &str) { +async fn write_kat_amortized_token_type(file: &str) { let mut elements = Vec::new(); for _ in 0..5 { @@ -187,7 +187,7 @@ async fn write_kat_amortized_token_type(file: &str) { file.write_all(data.as_bytes()).unwrap(); } -async fn generate_kat_amortized_token() -> AmortizedTokenTestVector { +async fn generate_kat_amortized_token() -> AmortizedTokenTestVector { let nr = 5u16; // Server: Instantiate in-memory keystore and nonce store. let key_store = MemoryKeyStoreVoprf::::default(); diff --git a/tests/kat_generic.rs b/tests/kat_generic.rs index 83ece32..936408d 100644 --- a/tests/kat_generic.rs +++ b/tests/kat_generic.rs @@ -9,7 +9,7 @@ use voprf::Ristretto255; use privacypass::{ TokenType, - common::private::PPCipherSuite, + common::private::PrivateCipherSuite, generic_tokens::{ GenericBatchTokenRequest, GenericBatchTokenResponse, GenericTokenRequest, GenericTokenResponse, OptionalTokenResponse, @@ -297,7 +297,7 @@ fn batch_generated_tokens( } } -async fn generate_private_token() +async fn generate_private_token() -> (Issuance, GenericTokenRequest, GenericTokenResponse) { let pv = generate_kat_private_token::().await; diff --git a/tests/kat_private.rs b/tests/kat_private.rs index 0c3ce85..7c0d1d4 100644 --- a/tests/kat_private.rs +++ b/tests/kat_private.rs @@ -10,7 +10,7 @@ use voprf::{Group, Mode, Ristretto255, derive_key}; use privacypass::{ auth::authenticate::TokenChallenge, - common::private::{PPCipherSuite, serialize_public_key}, + common::private::{PrivateCipherSuite, serialize_public_key}, private_tokens::{TokenRequest, TokenResponse, server::*}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; @@ -54,13 +54,13 @@ async fn read_kat_private_token() { // TODO: Add Go KAT vectors } -async fn evaluate_kat(list: Vec) { +async fn evaluate_kat(list: Vec) { for vector in list { evaluate_vector::(vector).await; } } -pub(crate) async fn evaluate_vector(vector: PrivateTokenTestVector) { +pub(crate) async fn evaluate_vector(vector: PrivateTokenTestVector) { // Server: Instantiate in-memory keystore and nonce store. let key_store = MemoryKeyStoreVoprf::::default(); let nonce_store = MemoryNonceStore::default(); @@ -134,7 +134,7 @@ async fn write_kat_private_token() { .await; } -async fn write_kat_private_token_type(file: &str) { +async fn write_kat_private_token_type(file: &str) { let mut elements = Vec::new(); for _ in 0..5 { @@ -152,7 +152,7 @@ async fn write_kat_private_token_type(file: &str) { file.write_all(data.as_bytes()).unwrap(); } -pub(crate) async fn generate_kat_private_token() -> PrivateTokenTestVector { +pub(crate) async fn generate_kat_private_token() -> PrivateTokenTestVector { // Server: Instantiate in-memory keystore and nonce store. let key_store = MemoryKeyStoreVoprf::::default(); let nonce_store = MemoryNonceStore::default(); diff --git a/tests/private_tokens.rs b/tests/private_tokens.rs index b9acee3..c734cc4 100644 --- a/tests/private_tokens.rs +++ b/tests/private_tokens.rs @@ -1,7 +1,7 @@ use p384::NistP384; use privacypass::{ auth::authenticate::TokenChallenge, - common::{errors::RedeemTokenError, private::PPCipherSuite}, + common::{errors::RedeemTokenError, private::PrivateCipherSuite}, private_tokens::{TokenRequest, server::*}, test_utils::{nonce_store::MemoryNonceStore, private_memory_store::MemoryKeyStoreVoprf}, }; @@ -13,7 +13,7 @@ async fn private_tokens_cycle() { private_tokens_cycle_type::().await; } -async fn private_tokens_cycle_type() { +async fn private_tokens_cycle_type() { // Server: Instantiate in-memory keystore and nonce store. let key_store = MemoryKeyStoreVoprf::::default(); let nonce_store = MemoryNonceStore::default();