Move TBs to protocol/

merkletree/pad.go

@@ -1,6 +1,7 @@
 package merkletree
 
 import (
+	"bytes"
 	"crypto/subtle"
 	"errors"
 
@@ -91,8 +92,7 @@ func (pad *PAD) Update(policies *Policies) {
 }
 
 func (pad *PAD) Set(name string, value []byte) error {
-	index, _ := pad.computePrivateIndex(name, pad.policies.vrfPrivateKey)
-	return pad.tree.Set(index, name, value)
+	return pad.tree.Set(pad.Index(name), name, value)
 }
 
 func (pad *PAD) Lookup(name string) (*AuthenticationPath, error) {
@@ -121,11 +121,13 @@ func (pad *PAD) LatestSTR() *SignedTreeRoot {
 	return pad.latestSTR
 }
 
-func (pad *PAD) TB(name string, value []byte) (*TemporaryBinding, error) {
+func (pad *PAD) Sign(msg ...[]byte) []byte {
+	return pad.signKey.Sign(bytes.Join(msg, nil))
+}
+
+func (pad *PAD) Index(name string) []byte {
 	index, _ := pad.computePrivateIndex(name, pad.policies.vrfPrivateKey)
-	tb := NewTB(pad.signKey, pad.latestSTR.Signature, index, value)
-	err := pad.tree.Set(index, name, value)
-	return tb, err
+	return index
 }
 
 // reshuffle recomputes indices of keys and store them with their values in new
@@ -139,8 +141,7 @@ func (pad *PAD) reshuffle() {
 		panic(err)
 	}
 	pad.tree.visitLeafNodes(func(n *userLeafNode) {
-		newIndex, _ := pad.computePrivateIndex(n.key, pad.policies.vrfPrivateKey)
-		if err := newTree.Set(newIndex, n.key, n.value); err != nil {
+		if err := newTree.Set(pad.Index(n.key), n.key, n.value); err != nil {
 			panic(err)
 		}
 	})

protocol/directory.go

@@ -11,7 +11,7 @@ import (
 type ConiksDirectory struct {
 	pad      *merkletree.PAD
 	useTBs   bool
-	tbs      map[string]*merkletree.TemporaryBinding
+	tbs      map[string]*TemporaryBinding
 	policies *merkletree.Policies
 }
 
@@ -32,7 +32,7 @@ func NewDirectory(epDeadline merkletree.TimeStamp, vrfKey vrf.PrivateKey,
 	d.pad = pad
 	d.useTBs = useTBs
 	if useTBs {
-		d.tbs = make(map[string]*merkletree.TemporaryBinding)
+		d.tbs = make(map[string]*TemporaryBinding)
 	}
 	return d
 }
@@ -57,9 +57,17 @@ func (d *ConiksDirectory) LatestSTR() *merkletree.SignedTreeRoot {
 	return d.pad.LatestSTR()
 }
 
+func (d *ConiksDirectory) NewTB(name string, key []byte) *TemporaryBinding {
+	index := d.pad.Index(name)
+	return &TemporaryBinding{
+		Index:     index,
+		Value:     key,
+		Signature: d.pad.Sign(d.LatestSTR().Signature, index, key),
+	}
+}
+
 func (d *ConiksDirectory) Register(req *RegistrationRequest) (
 	*Response, ErrorCode) {
-
 	// make sure the request is well-formed
 	if len(req.Username) <= 0 || len(req.Key) <= 0 {
 		return NewErrorResponse(ErrorMalformedClientMessage),
@@ -75,26 +83,26 @@ func (d *ConiksDirectory) Register(req *RegistrationRequest) (
 	if bytes.Equal(ap.LookupIndex, ap.Leaf.Index) {
 		return NewRegistrationProof(ap, d.LatestSTR(), nil, ErrorNameExisted)
 	}
+
+	var tb *TemporaryBinding
+
 	if d.useTBs {
 		// also check the temporary bindings array
 		// currently the server allows only one registration/key change per epoch
-		if tb := d.tbs[req.Username]; tb != nil {
+		if tb = d.tbs[req.Username]; tb != nil {
 			return NewRegistrationProof(ap, d.LatestSTR(), tb, ErrorNameExisted)
 		}
+		tb = d.NewTB(req.Username, req.Key)
+	}
 
-		// insert new data to the directory on-the-fly
-		tb, err := d.pad.TB(req.Username, req.Key)
-		if err != nil {
-			return NewErrorResponse(ErrorDirectory), ErrorDirectory
-		}
+	if err = d.pad.Set(req.Username, req.Key); err != nil {
+		return NewErrorResponse(ErrorDirectory), ErrorDirectory
+	}
+
+	if tb != nil {
 		d.tbs[req.Username] = tb
-		return NewRegistrationProof(ap, d.LatestSTR(), tb, Success)
-	} else {
-		if err = d.pad.Set(req.Username, req.Key); err != nil {
-			return NewErrorResponse(ErrorDirectory), ErrorDirectory
-		}
-		return NewRegistrationProof(ap, d.LatestSTR(), nil, Success)
 	}
+	return NewRegistrationProof(ap, d.LatestSTR(), tb, Success)
 }
 
 func (d *ConiksDirectory) KeyLookup(req *KeyLookupRequest) (

protocol/message.go

@@ -67,7 +67,7 @@ type DirectoryResponse interface {
 type DirectoryProof struct {
 	AP  *m.AuthenticationPath
 	STR *m.SignedTreeRoot
-	TB  *m.TemporaryBinding `json:",omitempty"`
+	TB  *TemporaryBinding `json:",omitempty"`
 }
 
 type DirectoryProofs struct {
@@ -83,7 +83,7 @@ var _ DirectoryResponse = (*DirectoryProof)(nil)
 var _ DirectoryResponse = (*DirectoryProofs)(nil)
 
 func NewRegistrationProof(ap *m.AuthenticationPath, str *m.SignedTreeRoot,
-	tb *m.TemporaryBinding, e ErrorCode) (*Response, ErrorCode) {
+	tb *TemporaryBinding, e ErrorCode) (*Response, ErrorCode) {
 	return &Response{
 		Error: e,
 		DirectoryResponse: &DirectoryProof{
@@ -95,7 +95,7 @@ func NewRegistrationProof(ap *m.AuthenticationPath, str *m.SignedTreeRoot,
 }
 
 func NewKeyLookupProof(ap *m.AuthenticationPath, str *m.SignedTreeRoot,
-	tb *m.TemporaryBinding, e ErrorCode) (*Response, ErrorCode) {
+	tb *TemporaryBinding, e ErrorCode) (*Response, ErrorCode) {
 	return &Response{
 		Error: e,
 		DirectoryResponse: &DirectoryProof{

protocol/tb.go

@@ -0,0 +1,7 @@
+package protocol
+
+type TemporaryBinding struct {
+	Index     []byte
+	Value     []byte
+	Signature []byte
+}