Various updates including better key rotation, and key versioning

Author: alxdavids

Makefile

@@ -1,142 +1,57 @@
-# The import path is where your repository can be found.
-# To import subpackages, always prepend the full import path.
-# If you change this, run `make clean`. Read more: https://git.io/vM7zV
-IMPORT_PATH := github.com/privacypass/challenge-bypass-server
-
-# V := 1 # When V is set, print commands and build progress.
-
-# Space separated patterns of packages to skip in list, test, format.
-IGNORED_PACKAGES := /vendor/
-
-.PHONY: all
-all: build
-
-.PHONY: build btd
-build: btd
-
-btd: .GOPATH/.ok
-	$Q go install $(if $V,-v) $(VERSION_FLAGS) $(IMPORT_PATH)/server
-	$Q mv bin/server bin/btd
-
-### Code not in the repository root? Another binary? Add to the path like this.
-# .PHONY: otherbin
-# otherbin: .GOPATH/.ok
-# 	$Q go install $(if $V,-v) $(VERSION_FLAGS) $(IMPORT_PATH)/cmd/otherbin
-
-##### ^^^^^^ EDIT ABOVE ^^^^^^ #####
-
-##### =====> Utility targets <===== #####
-
-.PHONY: clean test list cover format
-
-clean:
-	$Q rm -rf bin .GOPATH
-
-test: .GOPATH/.ok
-	$Q go test $(if $V,-v) -i -race $(allpackages) # install -race libs to speed up next run
-ifndef CI
-	$Q go vet $(allpackages)
-	$Q GODEBUG=cgocheck=2 go test -race $(allpackages)
-else
-	$Q ( go vet $(allpackages); echo $$? ) | \
-	    tee .GOPATH/test/vet.txt | sed '$$ d'; exit $$(tail -1 .GOPATH/test/vet.txt)
-	$Q ( GODEBUG=cgocheck=2 go test -v -race $(allpackages); echo $$? ) | \
-	    tee .GOPATH/test/output.txt | sed '$$ d'; exit $$(tail -1 .GOPATH/test/output.txt)
-endif
-
-list: .GOPATH/.ok
-	@echo $(allpackages)
-
-cover: bin/gocovmerge .GOPATH/.ok
-	@echo "NOTE: make cover does not exit 1 on failure, don't use it to check for tests success!"
-	$Q rm -f .GOPATH/cover/*.out .GOPATH/cover/all.merged
-	$(if $V,@echo "-- go test -coverpkg=./... -coverprofile=.GOPATH/cover/... ./...")
-	@for MOD in $(allpackages); do \
-		go test -coverpkg=`echo $(allpackages)|tr " " ","` \
-			-coverprofile=.GOPATH/cover/unit-`echo $$MOD|tr "/" "_"`.out \
-			$$MOD 2>&1 | grep -v "no packages being tested depend on"; \
+.PHONY: help print build test cover clean distclean package
+
+BOLD      = \033[1m
+UNDERLINE = \033[4m
+BLUE      = \033[36m
+RESET     = \033[0m
+
+VERSION := $(shell git describe --tags --always --dirty="-dev")
+DATE    := $(shell date -u '+%Y-%m-%d-%H%M UTC')
+ARCHS   ?= amd64 arm64
+
+Q ?= @
+
+## Show usage information for this Makefile
+help:
+	@printf "$(BOLD)chl-byp-srv$(RESET)\n\n"
+	@printf "$(UNDERLINE)Available Tasks$(RESET)\n\n"
+	@awk -F \
+		':|##' '/^##/ {c=$$2; getline; printf "$(BLUE)%10s$(RESET) %s\n", $$1, c}' \
+		$(MAKEFILE_LIST)
+	@printf "\n"
+
+## print command
+print-command:
+	$Q@printf "GOARCH=$(ARCH) CGO_ENABLED=1 go build -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' -o bin/chl-byp-srv ./server"
+
+## Build executable
+build:
+	$Q# ARCH is set from `package`.
+	$Q# Alternatively, run `make ARCH=<amd64|arm64> build` to override here.
+	$QGOARCH=$(ARCH) CGO_ENABLED=1 go build \
+		-ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' \
+		-o bin/chl-byp-srv \
+		./server
+
+## Run tests
+test: build
+	PATH="${PATH}:${PWD}/bin" && GOCACHE=off && go test -v -race ./...
+
+## Generate cover report
+cover:
+	$Qmkdir -p .cover
+	$Qrm -f .cover/*.out .cover/all.merged .cover/all.html
+	$Qfor pkg in $$(go list ./...); do \
+		go test -coverprofile=.cover/`echo $$pkg|tr "/" "_"`.out $$pkg; \
 	done
-	$Q ./bin/gocovmerge .GOPATH/cover/*.out > .GOPATH/cover/all.merged
+	$Qecho 'mode: set' > .cover/all.merged
+	$Qgrep -h -v "mode: set" .cover/*.out >> .cover/all.merged
 ifndef CI
-	$Q go tool cover -html .GOPATH/cover/all.merged
+	$Qgo tool cover -html .cover/all.merged
 else
-	$Q go tool cover -html .GOPATH/cover/all.merged -o .GOPATH/cover/all.html
+	$Qgo tool cover -html .cover/all.merged -o .cover/all.html
 endif
-	@echo ""
-	@echo "=====> Total test coverage: <====="
-	@echo ""
-	$Q go tool cover -func .GOPATH/cover/all.merged
-
-format: bin/goimports .GOPATH/.ok
-	$Q find .GOPATH/src/$(IMPORT_PATH)/ -iname \*.go | grep -v \
-	    -e "^$$" $(addprefix -e ,$(IGNORED_PACKAGES)) | xargs ./bin/goimports -w
-
-##### =====> Internals <===== #####
-
-.PHONY: setup
-setup: clean .GOPATH/.ok
-	@if ! grep "/.GOPATH" .gitignore > /dev/null 2>&1; then \
-	    echo "/.GOPATH" >> .gitignore; \
-	    echo "/bin" >> .gitignore; \
-	fi
-	go get -u github.com/FiloSottile/gvt
-	- ./bin/gvt fetch golang.org/x/tools/cmd/goimports
-	- ./bin/gvt fetch github.com/wadey/gocovmerge
-
-VERSION          := $(shell git describe --tags --always --dirty="-dev")
-DATE             := $(shell date -u '+%Y-%m-%d-%H%M UTC')
-VERSION_FLAGS    := -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
 
-# cd into the GOPATH to workaround ./... not following symlinks
-_allpackages = $(shell ( cd $(CURDIR)/.GOPATH/src/$(IMPORT_PATH) && \
-    GOPATH=$(CURDIR)/.GOPATH go list ./... 2>&1 1>&3 | \
-    grep -v -e "^$$" $(addprefix -e ,$(IGNORED_PACKAGES)) 1>&2 ) 3>&1 | \
-    grep -v -e "^$$" $(addprefix -e ,$(IGNORED_PACKAGES)))
-
-# memoize allpackages, so that it's executed only once and only if used
-allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages)
-
-export GOPATH := $(CURDIR)/.GOPATH
-unexport GOBIN
-
-Q := $(if $V,,@)
-
-.GOPATH/.ok:
-	$Q mkdir -p "$(dir .GOPATH/src/$(IMPORT_PATH))"
-	$Q ln -s ../../../.. ".GOPATH/src/$(IMPORT_PATH)"
-	$Q mkdir -p .GOPATH/test .GOPATH/cover
-	$Q mkdir -p bin
-	$Q ln -s ../bin .GOPATH/bin
-	$Q touch $@
-
-.PHONY: bin/gocovmerge bin/goimports
-bin/gocovmerge: .GOPATH/.ok
-	@test -d ./vendor/github.com/wadey/gocovmerge || \
-	    { echo "Vendored gocovmerge not found, try running 'make setup'..."; exit 1; }
-	$Q go install $(IMPORT_PATH)/vendor/github.com/wadey/gocovmerge
-bin/goimports: .GOPATH/.ok
-	@test -d ./vendor/golang.org/x/tools/cmd/goimports || \
-	    { echo "Vendored goimports not found, try running 'make setup'..."; exit 1; }
-	$Q go install $(IMPORT_PATH)/vendor/golang.org/x/tools/cmd/goimports
-
-# Based on https://github.com/cloudflare/hellogopher - v1.1 - MIT License
-#
-# Copyright (c) 2017 Cloudflare
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
+## Clean build files
+clean:
+	$Qrm -rf bin

crypto/batch.go

@@ -20,9 +20,10 @@ import (
 	b64 "encoding/base64"
 	"encoding/json"
 	"errors"
-	"golang.org/x/crypto/sha3"
 	"math/big"
 	"strings"
+
+	"golang.org/x/crypto/sha3"
 )
 
 var (
@@ -63,7 +64,11 @@ func NewBatchProof(hash crypto.Hash, g, h *Point, m []*Point, z []*Point, x *big
 }
 
 func ComputeComposites(hash crypto.Hash, curve elliptic.Curve, G, Y *Point, P, Q []*Point) (*Point, *Point, [][]byte, error) {
-	// seed = H(G, Y, [P], [Qs])
+	if len(P) != len(Q) {
+		return nil, nil, nil, ErrUnequalPointCounts
+	}
+
+	// seed = H(G, Y, [P], [Q])
 	H := hash.New()
 	H.Write(G.Marshal())
 	H.Write(Y.Marshal())

crypto/batch_test.go

@@ -133,13 +133,6 @@ func TestMarshalBatchProof(t *testing.T) {
 	}
 	dleq.G = bp.P.G
 	dleq.H = bp.P.H
-	Mx, My, Zx, Zy := new(big.Int), new(big.Int), new(big.Int), new(big.Int)
-	for i := 0; i < len(bp.M); i++ {
-		cMx, cMy := curve.ScalarMult(bp.M[i].X, bp.M[i].Y, bp.C[i])
-		cZx, cZy := curve.ScalarMult(bp.Z[i].X, bp.Z[i].Y, bp.C[i])
-		Mx, My = curve.Add(cMx, cMy, Mx, My)
-		Zx, Zy = curve.Add(cZx, cZy, Zx, Zy)
-	}
 	dleq.M, dleq.Z = recomputeComposites(curve, bp.M, bp.Z, bp.C)
 	bpUnmarshal := &BatchProof{M: bp.M, Z: bp.Z, C: bp.C, P: dleq}
 	if !bpUnmarshal.Verify() {

crypto/curve.go

@@ -152,22 +152,6 @@ func BatchMarshalPoints(points []*Point) ([][]byte, error) {
 	return data, nil
 }
 
-// We combine the marshaled points with the DLEQ proof
-// This function splits the points and the DLEQ proof for further unmarshaling
-func GetMarshaledPointsAndDleq(data [][]byte) ([][]byte, []byte) {
-	marshaledPoints := make([][]byte, len(data)-1)
-	var batchProof []byte
-	for i, v := range data {
-		if i < len(data)-1 {
-			marshaledPoints[i] = v
-		} else {
-			batchProof = data[i]
-		}
-	}
-
-	return marshaledPoints, batchProof
-}
-
 func NewPoint(curve elliptic.Curve, x, y *big.Int) (*Point, error) {
 	if curve == nil {
 		return nil, ErrUnspecifiedCurve
@@ -232,7 +216,9 @@ func HashToCurve(curve elliptic.Curve, hash crypto.Hash, data []byte) (*Point, e
 	var ctr = make([]byte, 4)
 	var h = hash.New()
 	h.Write([]byte(separator))
-	for i := 0; i < 10; i++ {
+	// Obviously this is bad practise, but increasing this number rules out probabilistic failures.
+	// We should implement the SWU method for encoding bytes to curves in the future.
+	for i := 0; i < 20; i++ {
 		binary.LittleEndian.PutUint32(ctr, uint32(i))
 		h.Write(data)
 		h.Write(ctr)

crypto/dleq.go

@@ -40,8 +40,8 @@ type Proof struct {
 }
 
 type Base64Proof struct {
-	R    string
-	C    string
+	R string
+	C string
 }
 
 func (p *Proof) IsComplete() bool {

crypto/dleq_test.go

@@ -12,6 +12,10 @@ import (
 )
 
 func setup(curve elliptic.Curve) ([]byte, *Point, *Point, error) {
+	// All public keys are going to be generators, so GenerateKey is a handy
+	// test function. However, TESTING ONLY. Maintaining the discrete log
+	// relationship breaks the token scheme. Ideally the generator points
+	// would come from a group PRF or something like Elligator.
 	x, _, _, err := elliptic.GenerateKey(curve, rand.Reader)
 	if err != nil {
 		return nil, nil, nil, err
@@ -31,10 +35,6 @@ func setup(curve elliptic.Curve) ([]byte, *Point, *Point, error) {
 }
 
 func TestValidProof(t *testing.T) {
-	// All public keys are going to be generators, so GenerateKey is a handy
-	// test function. However, TESTING ONLY. Maintaining the discrete log
-	// relationship breaks the token scheme. Ideally the generator points
-	// would come from a group PRF or something like Elligator.
 	curve := elliptic.P256()
 	x, G, M, err := setup(curve)
 	if err != nil {
@@ -84,10 +84,6 @@ func TestValidProof(t *testing.T) {
 }
 
 func TestInvalidProof(t *testing.T) {
-	// All public keys are going to be generators, so GenerateKey is a handy
-	// test function. However, TESTING ONLY. Maintaining the discrete log
-	// relationship breaks the token scheme. Ideally the generator points
-	// would come from a group PRF or something like Elligator.
 	curve := elliptic.P256()
 	x, G, M, err := setup(curve)
 	if err != nil {