feat: Introduce arbitrary batched tokens (#36)

* feat: Introduce arbitrary batched tokens

* Update nom

* Adaptd batched tokens to new API

* Upgrade to 2024 edition

Author: raphaelrobert

.gitignore

@@ -1,3 +1,4 @@
 /target
 /Cargo.lock
 .vscode/
+.DS_Store

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "privacypass"
 version = "0.2.0-pre.0"
-edition = "2021"
+edition = "2024"
 description = "Implementation of Privacy Pass"
 license = "MIT"
 documentation = "https://docs.rs/privacypass"
@@ -20,12 +20,12 @@ categories = ["cryptography", "privacy"]
 async-trait = "0.1.56"
 base64 = "0.22.0"
 generic-array = "0.14.5"
-rand = "0.8.5"
+rand = "0.8"
 serde = "1"
 sha2 = "0.10.2"
-thiserror = "1"
-tls_codec = { version = "0.4.1" }
-tls_codec_derive = "0.4.1"
+thiserror = "2"
+tls_codec = { version = "0.4.2" }
+tls_codec_derive = "0.4.2"
 voprf = { version = "0.5", features = ["serde"] }
 p384 = { version = "0.13.0", default-features = false, features = [
   "hash2curve",
@@ -34,15 +34,17 @@ p384 = { version = "0.13.0", default-features = false, features = [
 blind-rsa-signatures = "0.15.0"
 http = "1"
 typenum = "1.15.0"
-nom = "7"
+nom = "8"
+tokio = { version = "1.20.0", features = ["full"], optional = true }
 
 [features]
 default = []
 kat = ["voprf/danger"]
+test-utils = ["tokio"]
 
 [dev-dependencies]
-privacypass = { path = ".", features = ["kat"] }
-tokio = { version = "1.20.0", features = ["full"] }
+privacypass = { path = ".", features = ["kat", "test-utils"] }
+futures = "0.3"
 criterion = { version = "0.5.0", features = ["async_futures", "async_tokio"] }
 hex = { version = "0.4.3", features = ["serde"] }
 serde_json = "1.0"

benches/batched_p384.rs

@@ -5,7 +5,9 @@ mod batched_memory_stores;
 use criterion::{async_executor::FuturesExecutor, Criterion};
 use tokio::runtime::Runtime;
 
-use privacypass::{auth::authenticate::TokenChallenge, TokenType};
+use privacypass::{
+    auth::authenticate::TokenChallenge, batched_tokens_p384::TokenRequest, TokenType,
+};
 
 async fn create_batched_keypair(
     key_store: batched_memory_stores::MemoryKeyStoreP384,
@@ -62,17 +64,16 @@ pub fn criterion_batched_p384_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client = privacypass::batched_tokens_p384::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenP384,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    (client, challenge)
+                    (public_key, challenge)
                 },
-                |(client, challenge)| {
-                    client.issue_token_request(&challenge, NR).unwrap();
+                |(public_key, challenge)| {
+                    TokenRequest::new(public_key, &challenge, NR).unwrap();
                 },
             );
         },
@@ -89,15 +90,14 @@ pub fn criterion_batched_p384_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client = privacypass::batched_tokens_p384::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenP384,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    let (token_request, _token_states) =
-                        client.issue_token_request(&challenge, NR).unwrap();
+                    let (token_request, _token_state) =
+                        TokenRequest::new(public_key, &challenge, NR).unwrap();
                     (key_store, server, token_request)
                 },
                 |(key_store, server, token_request)| {
@@ -118,25 +118,24 @@ pub fn criterion_batched_p384_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client = privacypass::batched_tokens_p384::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenP384,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    let (token_request, token_states) =
-                        client.issue_token_request(&challenge, NR).unwrap();
+                    let (token_request, token_state) =
+                        TokenRequest::new(public_key, &challenge, NR).unwrap();
                     let token_response = rt.block_on(async {
                         server
                             .issue_token_response(&key_store, token_request)
                             .await
                             .unwrap()
                     });
-                    (client, token_response, token_states)
+                    (token_response, token_state)
                 },
-                |(client, token_response, token_states)| {
-                    client.issue_tokens(&token_response, &token_states).unwrap();
+                |(token_response, token_state)| {
+                    token_response.issue_tokens(&token_state).unwrap();
                 },
             );
         },
@@ -152,22 +151,21 @@ pub fn criterion_batched_p384_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client = privacypass::batched_tokens_p384::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::BatchedTokenP384,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
                 let (token_request, token_state) =
-                    client.issue_token_request(&challenge, NR).unwrap();
+                    TokenRequest::new(public_key, &challenge, NR).unwrap();
                 let token_response = rt.block_on(async {
                     server
                         .issue_token_response(&key_store, token_request)
                         .await
                         .unwrap()
                 });
-                let tokens = client.issue_tokens(&token_response, &token_state).unwrap();
+                let tokens = token_response.issue_tokens(&token_state).unwrap();
                 (key_store, nonce_store, tokens, server)
             },
             |(key_store, nonce_store, tokens, server)| {

benches/batched_ristretto255.rs

@@ -5,7 +5,9 @@ mod batched_memory_stores;
 use criterion::{async_executor::FuturesExecutor, Criterion};
 use tokio::runtime::Runtime;
 
-use privacypass::{auth::authenticate::TokenChallenge, TokenType};
+use privacypass::{
+    auth::authenticate::TokenChallenge, batched_tokens_ristretto255::TokenRequest, TokenType,
+};
 
 async fn create_batched_keypair(
     key_store: batched_memory_stores::MemoryKeyStoreRistretto255,
@@ -62,18 +64,16 @@ pub fn criterion_batched_ristretto255_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client =
-                        privacypass::batched_tokens_ristretto255::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenRistretto255,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    (client, challenge)
+                    (public_key, challenge)
                 },
-                |(client, challenge)| {
-                    client.issue_token_request(&challenge, NR).unwrap();
+                |(public_key, challenge)| {
+                    TokenRequest::new(public_key, &challenge, NR).unwrap();
                 },
             );
         },
@@ -90,16 +90,14 @@ pub fn criterion_batched_ristretto255_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client =
-                        privacypass::batched_tokens_ristretto255::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenRistretto255,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    let (token_request, _token_states) =
-                        client.issue_token_request(&challenge, NR).unwrap();
+                    let (token_request, _token_state) =
+                        TokenRequest::new(public_key, &challenge, NR).unwrap();
                     (key_store, server, token_request)
                 },
                 |(key_store, server, token_request)| {
@@ -120,26 +118,24 @@ pub fn criterion_batched_ristretto255_benchmark(c: &mut Criterion) {
                     let rt = Runtime::new().unwrap();
                     let public_key =
                         rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                    let client =
-                        privacypass::batched_tokens_ristretto255::client::Client::new(public_key);
                     let challenge = TokenChallenge::new(
                         TokenType::BatchedTokenRistretto255,
                         "example.com",
                         None,
                         &["example.com".to_string()],
                     );
-                    let (token_request, token_states) =
-                        client.issue_token_request(&challenge, NR).unwrap();
+                    let (token_request, token_state) =
+                        TokenRequest::new(public_key, &challenge, NR).unwrap();
                     let token_response = rt.block_on(async {
                         server
                             .issue_token_response(&key_store, token_request)
                             .await
                             .unwrap()
                     });
-                    (client, token_response, token_states)
+                    (token_response, token_state)
                 },
-                |(client, token_response, token_states)| {
-                    client.issue_tokens(&token_response, &token_states).unwrap();
+                |(token_response, token_state)| {
+                    token_response.issue_tokens(&token_state).unwrap();
                 },
             );
         },
@@ -155,23 +151,21 @@ pub fn criterion_batched_ristretto255_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client =
-                    privacypass::batched_tokens_ristretto255::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::BatchedTokenRistretto255,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
                 let (token_request, token_state) =
-                    client.issue_token_request(&challenge, NR).unwrap();
+                    TokenRequest::new(public_key, &challenge, NR).unwrap();
                 let token_response = rt.block_on(async {
                     server
                         .issue_token_response(&key_store, token_request)
                         .await
                         .unwrap()
                 });
-                let tokens = client.issue_tokens(&token_response, &token_state).unwrap();
+                let tokens = token_response.issue_tokens(&token_state).unwrap();
                 (key_store, nonce_store, tokens, server)
             },
             |(key_store, nonce_store, tokens, server)| {

benches/private.rs

@@ -1,11 +1,11 @@
-#[path = "../tests/private_memory_stores.rs"]
-mod private_memory_stores;
-
 use criterion::{async_executor::FuturesExecutor, Criterion};
 use generic_array::ArrayLength;
 use tokio::runtime::Runtime;
 
-use privacypass::{auth::authenticate::TokenChallenge, TokenType};
+use privacypass::{
+    auth::authenticate::TokenChallenge, private_tokens::TokenRequest,
+    test_utils::private_memory_stores, TokenType,
+};
 
 async fn create_private_keypair(
     key_store: private_memory_stores::MemoryKeyStore,
@@ -59,17 +59,16 @@ pub fn criterion_private_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client = privacypass::private_tokens::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::PrivateToken,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
-                (client, challenge)
+                (public_key, challenge)
             },
-            |(client, challenge)| {
-                client.issue_token_request(&challenge).unwrap();
+            |(public_key, challenge)| {
+                TokenRequest::new(public_key, &challenge).unwrap();
             },
         );
     });
@@ -83,14 +82,14 @@ pub fn criterion_private_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client = privacypass::private_tokens::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::PrivateToken,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
-                let (token_request, _token_state) = client.issue_token_request(&challenge).unwrap();
+                let (token_request, _token_state) =
+                    TokenRequest::new(public_key, &challenge).unwrap();
                 (key_store, server, token_request)
             },
             |(key_store, server, token_request)| {
@@ -108,24 +107,24 @@ pub fn criterion_private_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client = privacypass::private_tokens::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::PrivateToken,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
-                let (token_request, token_state) = client.issue_token_request(&challenge).unwrap();
+                let (token_request, token_state) =
+                    TokenRequest::new(public_key, &challenge).unwrap();
                 let token_response = rt.block_on(async {
                     server
                         .issue_token_response(&key_store, token_request)
                         .await
                         .unwrap()
                 });
-                (client, token_response, token_state)
+                (token_response, token_state)
             },
-            |(client, token_response, token_state)| {
-                client.issue_token(&token_response, &token_state).unwrap();
+            |(token_response, token_state)| {
+                token_response.issue_token(&token_state).unwrap();
             },
         );
     });
@@ -140,21 +139,21 @@ pub fn criterion_private_benchmark(c: &mut Criterion) {
                 let rt = Runtime::new().unwrap();
                 let public_key =
                     rt.block_on(async { server.create_keypair(&key_store).await.unwrap() });
-                let client = privacypass::private_tokens::client::Client::new(public_key);
                 let challenge = TokenChallenge::new(
                     TokenType::PrivateToken,
                     "example.com",
                     None,
                     &["example.com".to_string()],
                 );
-                let (token_request, token_state) = client.issue_token_request(&challenge).unwrap();
+                let (token_request, token_state) =
+                    TokenRequest::new(public_key, &challenge).unwrap();
                 let token_response = rt.block_on(async {
                     server
                         .issue_token_response(&key_store, token_request)
                         .await
                         .unwrap()
                 });
-                let token = client.issue_token(&token_response, &token_state).unwrap();
+                let token = token_response.issue_token(&token_state).unwrap();
                 (key_store, nonce_store, token, server)
             },
             |(key_store, nonce_store, token, server)| {