From 4e7fa6465fe13469280821a7a68e0074cbccc65a Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 19 Sep 2019 10:35:37 -0400
Subject: [PATCH] fix the pass encoding/decoding issues on use/verification

---
 src/_zkapauthorizer/controller.py            | 11 ++++-------
 src/_zkapauthorizer/tests/test_controller.py | 20 ++++++++++++--------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/_zkapauthorizer/controller.py b/src/_zkapauthorizer/controller.py
index 2cc8430..368072d 100644
--- a/src/_zkapauthorizer/controller.py
+++ b/src/_zkapauthorizer/controller.py
@@ -269,15 +269,12 @@ class RistrettoRedeemer(object):
             in unblinded_tokens
         )
         marshaled_passes = list(
-            (
-                token_preimage.encode_base64(),
-                sig.encode_base64()
-            )
-            for (token_preimage, sig)
-            in clients_passes
+            preimage.encode_base64() + b" " + signature.encode_base64()
+            for (preimage, signature)
+            in zip(clients_preimages, clients_signatures)
         )
         return list(
-            Pass(p)
+            Pass(p.decode("ascii"))
             for p
             in marshaled_passes
         )
diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py
index fb7efcd..3ff2d7b 100644
--- a/src/_zkapauthorizer/tests/test_controller.py
+++ b/src/_zkapauthorizer/tests/test_controller.py
@@ -280,20 +280,24 @@ def ristretto_verify(signing_key, message, marshaled_passes):
     :param bytes message: Request binding data which is involved in the
         generation of the passes to verify.
 
-    :param list[bytes] marshaled_passes: The base64-encoded representation of
-        some passes to verify. XXX Actually it's a two-tuple.  Do something
-        about that ...
+    :param list[bytes] marshaled_passes: Token preimages and corresponding
+        message signatures to verify.  Each element contains two
+        space-separated base64 encoded values, the first representing the
+        preimage and the second representing the signature.
 
     :return bool: ``True`` if and only if all of the passes represented by
         ``marshaled_passes`` pass the Ristretto-defined verification for an
         exchange using the given signing key and message.
     """
-    servers_passes = list(
-        (
-            TokenPreimage.decode_base64(token_preimage),
-            VerificationSignature.decode_base64(sig),
+    def decode(marshaled_pass):
+        t, s = marshaled_pass.split(u" ")
+        return (
+            TokenPreimage.decode_base64(t.encode("ascii")),
+            VerificationSignature.decode_base64(s.encode("ascii")),
         )
-        for (token_preimage, sig)
+    servers_passes = list(
+        decode(marshaled_pass.text)
+        for marshaled_pass
         in marshaled_passes
     )
     servers_unblinded_tokens = list(
-- 
GitLab