diff --git a/src/_zkapauthorizer/controller.py b/src/_zkapauthorizer/controller.py index 2cc84307fa28666abfd65b5ccb62e2832ca6b3f5..368072d73c1de56a8eccd833a9a03ab5d9553a3e 100644 --- a/src/_zkapauthorizer/controller.py +++ b/src/_zkapauthorizer/controller.py @@ -269,15 +269,12 @@ class RistrettoRedeemer(object): in unblinded_tokens ) marshaled_passes = list( - ( - token_preimage.encode_base64(), - sig.encode_base64() - ) - for (token_preimage, sig) - in clients_passes + preimage.encode_base64() + b" " + signature.encode_base64() + for (preimage, signature) + in zip(clients_preimages, clients_signatures) ) return list( - Pass(p) + Pass(p.decode("ascii")) for p in marshaled_passes ) diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py index fb7efcd015b69912793031f61ff04b35e17c61f2..3ff2d7bd6cc0a58ef63bd7ce0964b6ff0fbf6ee5 100644 --- a/src/_zkapauthorizer/tests/test_controller.py +++ b/src/_zkapauthorizer/tests/test_controller.py @@ -280,20 +280,24 @@ def ristretto_verify(signing_key, message, marshaled_passes): :param bytes message: Request binding data which is involved in the generation of the passes to verify. - :param list[bytes] marshaled_passes: The base64-encoded representation of - some passes to verify. XXX Actually it's a two-tuple. Do something - about that ... + :param list[bytes] marshaled_passes: Token preimages and corresponding + message signatures to verify. Each element contains two + space-separated base64 encoded values, the first representing the + preimage and the second representing the signature. :return bool: ``True`` if and only if all of the passes represented by ``marshaled_passes`` pass the Ristretto-defined verification for an exchange using the given signing key and message. """ - servers_passes = list( - ( - TokenPreimage.decode_base64(token_preimage), - VerificationSignature.decode_base64(sig), + def decode(marshaled_pass): + t, s = marshaled_pass.split(u" ") + return ( + TokenPreimage.decode_base64(t.encode("ascii")), + VerificationSignature.decode_base64(s.encode("ascii")), ) - for (token_preimage, sig) + servers_passes = list( + decode(marshaled_pass.text) + for marshaled_pass in marshaled_passes ) servers_unblinded_tokens = list(