/protocol organizational refactor

TODO:

* Use auditor.Auditor in /client and /auditlog

client/coniksclient/internal/cmd/run.go

@@ -10,6 +10,7 @@ import (
  "github.com/coniks-sys/coniks-go/client"
  "github.com/coniks-sys/coniks-go/keyserver/testutil"
  p "github.com/coniks-sys/coniks-go/protocol"
+ pclient "github.com/coniks-sys/coniks-go/protocol/client"
  "github.com/spf13/cobra"
  "golang.org/x/crypto/ssh/terminal"
 )
@@ -46,7 +47,7 @@ func init() {
 func run(cmd *cobra.Command) {
  isDebugging, _ := strconv.ParseBool(cmd.Flag("debug").Value.String())
  conf := loadConfigOrExit(cmd)
- cc := p.NewCC(nil, true, conf.SigningPubKey)
+ cc := pclient.New(nil, true, conf.SigningPubKey)
 
  state, err := terminal.MakeRaw(int(os.Stdin.Fd()))
  if err != nil {
@@ -109,7 +110,7 @@ func run(cmd *cobra.Command) {
  }
 }
 
-func register(cc *p.ConsistencyChecks, conf *client.Config, name string, key string) string {
+func register(cc *pclient.ConsistencyChecks, conf *client.Config, name string, key string) string {
  req, err := client.CreateRegistrationMsg(name, []byte(key))
  if err != nil {
  return ("Couldn't marshal registration request!")
@@ -167,7 +168,7 @@ func register(cc *p.ConsistencyChecks, conf *client.Config, name string, key str
  return ""
 }
 
-func keyLookup(cc *p.ConsistencyChecks, conf *client.Config, name string) string {
+func keyLookup(cc *pclient.ConsistencyChecks, conf *client.Config, name string) string {
  req, err := client.CreateKeyLookupMsg(name)
  if err != nil {
  return ("Couldn't marshal key lookup request!")

client/encoding_test.go

@@ -7,6 +7,7 @@ import (
 
  "github.com/coniks-sys/coniks-go/keyserver"
  "github.com/coniks-sys/coniks-go/protocol"
+ "github.com/coniks-sys/coniks-go/protocol/directory"
 )
 
 func TestUnmarshalErrorResponse(t *testing.T) {
@@ -36,7 +37,7 @@ func TestUnmarshalMalformedErrorResponse(t *testing.T) {
 }
 
 func TestUnmarshalSampleMessage(t *testing.T) {
- d, _ := protocol.NewTestDirectory(t, true)
+ d, _ := directory.NewTestDirectory(t, true)
  res, _ := d.Register(&protocol.RegistrationRequest{
  Username: "alice",
  Key: []byte("key")})

keyserver/server.go

@@ -16,6 +16,7 @@ import (
  "github.com/coniks-sys/coniks-go/crypto/sign"
  "github.com/coniks-sys/coniks-go/crypto/vrf"
  "github.com/coniks-sys/coniks-go/protocol"
+ "github.com/coniks-sys/coniks-go/protocol/directory"
  "github.com/coniks-sys/coniks-go/utils"
 )
 
@@ -84,7 +85,7 @@ type ConiksServer struct {
  logger *utils.Logger
 
  sync.RWMutex
- dir *protocol.ConiksDirectory
+ dir *directory.ConiksDirectory
 
  stop chan struct{}
  waitStop sync.WaitGroup
@@ -145,7 +146,7 @@ func NewConiksServer(conf *ServerConfig) *ConiksServer {
  // create server instance
  server := new(ConiksServer)
  server.logger = utils.NewLogger(conf.Logger)
- server.dir = protocol.NewDirectory(
+ server.dir = directory.New(
  conf.Policies.EpochDeadline,
  conf.Policies.vrfKey,
  conf.Policies.signKey,

protocol/auditlog.go → protocol/auditlog/auditlog.go

@@ -3,17 +3,19 @@
 // An audit log is a mirror of many CONIKS key directories' STR history,
 // allowing CONIKS clients to audit the CONIKS directories.
 
-package protocol
+package auditlog
 
 import (
  "github.com/coniks-sys/coniks-go/crypto"
  "github.com/coniks-sys/coniks-go/crypto/sign"
+ p "github.com/coniks-sys/coniks-go/protocol"
+ "github.com/coniks-sys/coniks-go/protocol/auditor"
 )
 
 type directoryHistory struct {
- *AudState
+ *auditor.AudState
  addr string
- snapshots map[uint64]*DirSTR
+ snapshots map[uint64]*p.DirSTR
 }
 
 // A ConiksAuditLog maintains the histories
@@ -27,20 +29,22 @@ type directoryHistory struct {
 type ConiksAuditLog map[[crypto.HashSizeByte]byte]*directoryHistory
 
 // caller validates that initSTR is for epoch 0.
-func newDirectoryHistory(addr string, signKey sign.PublicKey, initSTR *DirSTR) *directoryHistory {
- a := NewAuditor(signKey, initSTR)
+func newDirectoryHistory(addr string,
+ signKey sign.PublicKey,
+ initSTR *p.DirSTR) *directoryHistory {
+ a := auditor.New(signKey, initSTR)
  h := &directoryHistory{
  AudState: a,
  addr: addr,
- snapshots: make(map[uint64]*DirSTR),
+ snapshots: make(map[uint64]*p.DirSTR),
  }
  h.updateVerifiedSTR(initSTR)
  return h
 }
 
-// updateVerifiedSTR inserts the latest verified STR into a directory history;
-// assumes the STRs have been validated by the caller.
-func (h *directoryHistory) updateVerifiedSTR(newVerified *DirSTR) {
+// updateVerifiedSTR inserts the latest verified STR into a directory
+// history; assumes the STRs have been validated by the caller.
+func (h *directoryHistory) updateVerifiedSTR(newVerified *p.DirSTR) {
  h.Update(newVerified)
  h.snapshots[newVerified.Epoch] = newVerified
 }
@@ -63,7 +67,7 @@ func (h *directoryHistory) insertRange(snaps []*DirSTR) {
 // finally updates the snapshots if the checks pass.
 // Audit() is called when an auditor receives new STRs
 // from a specific directory.
-func (h *directoryHistory) Audit(msg *Response) error {
+func (h *directoryHistory) Audit(msg *p.Response) error {
  if err := msg.validate(); err != nil {
  return err
  }
@@ -86,10 +90,10 @@ func (h *directoryHistory) Audit(msg *Response) error {
  return nil
 }
 
-// NewAuditLog constructs a new ConiksAuditLog. It creates an empty
+// New constructs a new ConiksAuditLog. It creates an empty
 // log; the auditor will add an entry for each CONIKS directory
 // the first time it observes an STR for that directory.
-func NewAuditLog() ConiksAuditLog {
+func New() ConiksAuditLog {
  return make(map[[crypto.HashSizeByte]byte]*directoryHistory)
 }
 
@@ -120,21 +124,21 @@ func (l ConiksAuditLog) get(dirInitHash [crypto.HashSizeByte]byte) (*directoryHi
 // InitHistory() returns an ErrAuditLog if the auditor attempts to create
 // a new history for a known directory, and nil otherwise.
 func (l ConiksAuditLog) InitHistory(addr string, signKey sign.PublicKey,
- snaps []*DirSTR) error {
+ snaps []*p.DirSTR) error {
  // make sure we're getting an initial STR at the very least
  if len(snaps) < 1 || snaps[0].Epoch != 0 {
  // FIXME: This should be a more generic "malformed error"
- return ErrMalformedDirectoryMessage
+ return p.ErrMalformedDirectoryMessage
  }
 
  // compute the hash of the initial STR
- dirInitHash := ComputeDirectoryIdentity(snaps[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(snaps[0])
 
  // error if we want to create a new entry for a directory
  // we already know
  h, ok := l.get(dirInitHash)
  if ok {
- return ErrAuditLog
+ return p.ErrAuditLog
  }
 
  // create the new directory history
@@ -169,25 +173,25 @@ func (l ConiksAuditLog) InitHistory(addr string, signKey sign.PublicKey,
 // If the auditor doesn't have any history entries for the requested CONIKS
 // directory, GetObservedSTRs() returns a
 // message.NewErrorResponse(ReqUnknownDirectory) tuple.
-func (l ConiksAuditLog) GetObservedSTRs(req *AuditingRequest) (*Response,
- ErrorCode) {
+func (l ConiksAuditLog) GetObservedSTRs(req *p.AuditingRequest) (*p.Response,
+ p.ErrorCode) {
  // make sure we have a history for the requested directory in the log
  h, ok := l.get(req.DirInitSTRHash)
  if !ok {
- return NewErrorResponse(ReqUnknownDirectory), ReqUnknownDirectory
+ return p.NewErrorResponse(p.ReqUnknownDirectory), p.ReqUnknownDirectory
  }
 
  // make sure the request is well-formed
  if req.EndEpoch > h.VerifiedSTR().Epoch || req.StartEpoch > req.EndEpoch {
- return NewErrorResponse(ErrMalformedClientMessage),
- ErrMalformedClientMessage
+ return p.NewErrorResponse(p.ErrMalformedClientMessage),
+ p.ErrMalformedClientMessage
  }
 
- var strs []*DirSTR
+ var strs []*p.DirSTR
  for ep := req.StartEpoch; ep <= req.EndEpoch; ep++ {
  str := h.snapshots[ep]
  strs = append(strs, str)
  }
 
- return NewSTRHistoryRange(strs)
+ return p.NewSTRHistoryRange(strs)
 }

protocol/auditlog_test.go → protocol/auditlog/auditlog_test.go

@@ -1,8 +1,11 @@
-package protocol
+package auditlog
 
 import (
- "github.com/coniks-sys/coniks-go/crypto"
  "testing"
+
+ "github.com/coniks-sys/coniks-go/crypto"
+ . "github.com/coniks-sys/coniks-go/protocol"
+ "github.com/coniks-sys/coniks-go/protocol/auditor"
 )
 
 func TestInsertEmptyHistory(t *testing.T) {
@@ -15,7 +18,7 @@ func TestUpdateHistory(t *testing.T) {
  d, aud, hist := NewTestAuditLog(t, 0)
 
  // update the directory so we can update the audit log
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
  d.Update()
  h, _ := aud.get(dirInitHash)
  resp, _ := NewSTRHistoryRange([]*DirSTR{d.LatestSTR()})
@@ -68,7 +71,7 @@ func TestAuditLogBadEpochRange(t *testing.T) {
  }
 
  // compute the hash of the initial STR for later lookups
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
  h, _ := aud.get(dirInitHash)
 
  err1 := h.Audit(resp)
@@ -89,7 +92,7 @@ func TestGetLatestObservedSTR(t *testing.T) {
  d, aud, hist := NewTestAuditLog(t, 0)
 
  // compute the hash of the initial STR for later lookups
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
 
  res, err := aud.GetObservedSTRs(&AuditingRequest{
  DirInitSTRHash: dirInitHash,
@@ -113,7 +116,7 @@ func TestGetObservedSTRInEpoch(t *testing.T) {
  _, aud, hist := NewTestAuditLog(t, 10)
 
  // compute the hash of the initial STR for later lookups
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
 
  res, err := aud.GetObservedSTRs(&AuditingRequest{
  DirInitSTRHash: dirInitHash,
@@ -141,7 +144,7 @@ func TestGetObservedSTRMultipleEpochs(t *testing.T) {
  d, aud, hist := NewTestAuditLog(t, 1)
 
  // compute the hash of the initial STR for later lookups
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
 
  // first AuditingRequest
  res, err := aud.GetObservedSTRs(&AuditingRequest{
@@ -222,7 +225,7 @@ func TestGetObservedSTRMalformed(t *testing.T) {
  _, aud, hist := NewTestAuditLog(t, 10)
 
  // compute the hash of the initial STR for later lookups
- dirInitHash := ComputeDirectoryIdentity(hist[0])
+ dirInitHash := auditor.ComputeDirectoryIdentity(hist[0])
 
  // also test the epoch range
  _, err := aud.GetObservedSTRs(&AuditingRequest{

protocol/auditlog/testutil.go

@@ -0,0 +1,35 @@
+package auditlog
+
+import (
+ "testing"
+
+ p "github.com/coniks-sys/coniks-go/protocol"
+ "github.com/coniks-sys/coniks-go/protocol/directory"
+)
+
+// NewTestAuditLog creates a ConiksAuditLog and corresponding
+// ConiksDirectory used for testing auditor-side CONIKS operations.
+// The new audit log can be initialized with the number of epochs
+// indicating the length of the directory history with which to
+// initialize the log; if numEpochs > 0, the history contains numEpochs+1
+// STRs as it always includes the STR after the last directory update
+func NewTestAuditLog(t *testing.T, numEpochs int) (
+ *directory.ConiksDirectory, ConiksAuditLog, []*p.DirSTR) {
+ d, pk := directory.NewTestDirectory(t, true)
+ aud := New()
+
+ var hist []*p.DirSTR
+ for ep := 0; ep < numEpochs; ep++ {
+ hist = append(hist, d.LatestSTR())
+ d.Update()
+ }
+ // always include the actual latest STR
+ hist = append(hist, d.LatestSTR())
+
+ err := aud.Insert("test-server", pk, hist)
+ if err != nil {
+ t.Fatalf("Error inserting a new history with %d STRs", numEpochs+1)
+ }
+
+ return d, aud, hist
+}