Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix time drift between client and server when redeeming v3 #711

Merged
merged 1 commit into from
May 29, 2024
Merged

fix: fix time drift between client and server when redeeming v3 #711

merged 1 commit into from
May 29, 2024

Conversation

pavelbrm
Copy link

@pavelbrm pavelbrm commented May 22, 2024
edited
Loading

This PR adds a 1 hour leeway to the check for issuer v3 signing key, as occasionally clients might fail if requests come through around the time of key rotation.

It also fixes a bug in the v3 redemption handler where issuer expiry check would never work – it mistakenly required the expiry time be both zero and after now at the same time, which was clearly a mistake (as anywhere else that check requires the time to not be zero).

Additionally, the PR offers small refactors to improve readability and maintainability, as well as some test coverage.

For more details, please see the linked issue.

@pavelbrm pavelbrm self-assigned this May 22, 2024
@pavelbrm pavelbrm requested review from Sneagan and evq May 23, 2024 06:55
pavelbrm
pavelbrm commented May 27, 2024
View reviewed changes
btd/issuer.go Show resolved Hide resolved
pavelbrm
pavelbrm commented May 27, 2024
View reviewed changes
model/issuer_test.go Outdated Show resolved Hide resolved
@github-actions github-actions bot deleted a comment from pavelbrm May 28, 2024
@github-actions GitHub Actions
Copy link

[puLL-Merge] - brave-intl/challenge-bypass-server@711

Description

This PR introduces a number of changes related to token issuance and redemption with V3 issuers. The main changes include:

  • Modify the VerifyTokenRedemption function in btd/issuer.go to iterate through signing keys and properly handle metrics.
  • Update kafka/signed_token_redeem_handler.go to check if an issuer has expired using a new HasExpired method.
  • Add several new methods to the Issuer and IssuerKeys types in model/issuer.go and model/issuer_keys.go to support finding active signing keys for a V3 issuer at a given time.
  • Refactor the blindedTokenRedeemHandlerV3 method in server/tokens.go to use the new Issuer methods to validate the issuer and find the appropriate signing keys.
  • Add a number of unit tests for the new Issuer and IssuerKeys methods.

The motivation seems to be to improve the token issuance and redemption flow for V3 issuers, by making the code clearer and adding more robust validation around issuer expiration and signing key selection.

Changes

Changes

btd/issuer.go

  • Refactor VerifyTokenRedemption to iterate through keys using index
  • Derive unblinded token and shared key separately, handling metrics for each
  • Compare server signature to client signature and break loop if valid

kafka/signed_token_redeem_handler.go

  • Use new HasExpired method to check if issuer is expired
  • Minor formatting changes

model/issuer.go

  • Add HasExpired(now time.Time) method to check if issuer is expired
  • Add FindSigningKeys(now time.Time) method to find active signing keys for a V3 issuer
  • Add private findActiveKeys method to find keys active at a given time, with some leeway
  • Add parseSigningKeys helper to convert IssuerKeys to crypto.SigningKey

model/issuer_keys.go

  • Add isActiveV3(now time.Time, lw time.Duration) method to check if key is active at a time with some leeway
  • Add isValidV3() method to validate a V3 key
  • Add package-private isTimeWithin helper

model/*_test.go

  • Add unit tests for the new Issuer and IssuerKeys methods

server/issuers.go

  • Minor refactor to use ExpiresAtTime helper

server/tokens.go

  • Refactor blindedTokenRedeemHandlerV3 to use new Issuer methods for validation and key finding
  • Add isEmpty() method to blindedTokenRedeemRequest

server/tokens_test.go

  • Add unit test for blindedTokenRedeemRequest.isEmpty()

Overall, the changes look good and well-tested. Using the new Issuer methods helps simplify the redemption handler logic. Let me know if you have any other questions!

pavelbrm
pavelbrm commented May 28, 2024
View reviewed changes
model/issuer_test.go
},

{
name: "evq_strict_b_leeway_a",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@evq This test case and the case below it are the two we discussed last week.

@pavelbrm pavelbrm merged commit 4d26b63 into master May 29, 2024
5 checks passed
@pavelbrm pavelbrm deleted the fix-time-drift branch May 29, 2024 04:40
@pavelbrm pavelbrm mentioned this pull request May 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evq evq evq approved these changes

@Sneagan Sneagan Sneagan approved these changes

Assignees

@pavelbrm pavelbrm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pavelbrm @Sneagan @evq