diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst
index cf88d3c48de1e9306be711f9260465db41508e44..b3e672fe52b76bc335481ad7adfe4e76d39cb974 100644
--- a/docs/source/configuration.rst
+++ b/docs/source/configuration.rst
@@ -35,6 +35,13 @@ For example::
Note that ``ristretto-issuer-root-url`` must agree with whichever storage servers the client will be configured to interact with.
If the values are not the same, the client will decline to use the storage servers.
+The client can also be configured with the value of a single pass::
+
+ [storageclient.plugins.privatestorageio-zkapauthz-v1]
+ pass-value = 1048576
+
+The value given here must agree with the value servers use in their configuration or the storage service will be unusable.
+
Server
------
@@ -49,6 +56,14 @@ Then also configure the Ristretto-flavored PrivacyPass issuer the server will an
[storageserver.plugins.privatestorageio-zkapauthz-v1]
ristretto-issuer-root-url = https://issuer.example.invalid/
+The value of a single pass in the system can be configured here as well::
+
+ [storageserver.plugins.privatestorageio-zkapauthz-v1]
+ pass-value = 1048576
+
+If no ``pass-value`` is given then a default will be used.
+The value given here must agree with the value clients use in their configuration or the storage service will be unusable.
+
The storage server must also be configured with the path to the Ristretto-flavored PrivacyPass signing key.
To avoid placing secret material in tahoe.cfg,
this configuration is done using a path::
diff --git a/setup.cfg b/setup.cfg
index 51670eea1a8b93fa39c6191b37715f9b166e1c18..371a19b343c204fb576b2c6d8c77d969160d40e3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -33,6 +33,7 @@ packages =
install_requires =
attrs
zope.interface
+ eliot
aniso8601
python-challenge-bypass-ristretto
# Inherit our Twisted dependency from tahoe-lafs so we don't accidentally
diff --git a/src/_zkapauthorizer/_plugin.py b/src/_zkapauthorizer/_plugin.py
index 2ed966d8af44e357e789feb8bfc38bb2b92ef4c4..ee57951537cb0800d74412e9e8579f0a7ac279df 100644
--- a/src/_zkapauthorizer/_plugin.py
+++ b/src/_zkapauthorizer/_plugin.py
@@ -45,6 +45,11 @@ from twisted.internet.defer import (
succeed,
)
+from eliot import (
+ MessageType,
+ Field,
+)
+
from allmydata.interfaces import (
IFoolscapStoragePlugin,
IAnnounceableStorageServer,
@@ -71,7 +76,10 @@ from .model import (
from .resource import (
from_configuration as resource_from_configuration,
)
-
+from .storage_common import (
+ BYTES_PER_PASS,
+ get_configured_pass_value,
+)
from .controller import (
get_redeemer,
)
@@ -83,6 +91,24 @@ from .lease_maintenance import (
_log = Logger()
+PRIVACYPASS_MESSAGE = Field(
+ u"message",
+ unicode,
+ u"The PrivacyPass request-binding data associated with a pass.",
+)
+
+PASS_COUNT = Field(
+ u"count",
+ int,
+ u"A number of passes.",
+)
+
+GET_PASSES = MessageType(
+ u"zkapauthorizer:get-passes",
+ [PRIVACYPASS_MESSAGE, PASS_COUNT],
+ u"Passes are being spent.",
+)
+
@implementer(IAnnounceableStorageServer)
@attr.s
class AnnounceableStorageServer(object):
@@ -134,6 +160,7 @@ class ZKAPAuthorizer(object):
def get_storage_server(self, configuration, get_anonymous_storage_server):
kwargs = configuration.copy()
root_url = kwargs.pop(u"ristretto-issuer-root-url")
+ pass_value = kwargs.pop(u"pass-value", BYTES_PER_PASS)
signing_key = SigningKey.decode_base64(
FilePath(
kwargs.pop(u"ristretto-signing-key-path"),
@@ -144,7 +171,8 @@ class ZKAPAuthorizer(object):
}
storage_server = ZKAPAuthorizerStorageServer(
get_anonymous_storage_server(),
- signing_key,
+ pass_value=pass_value,
+ signing_key=signing_key,
**kwargs
)
return succeed(
@@ -167,9 +195,15 @@ class ZKAPAuthorizer(object):
extract_unblinded_tokens = self._get_store(node_config).extract_unblinded_tokens
def get_passes(message, count):
unblinded_tokens = extract_unblinded_tokens(count)
- return redeemer.tokens_to_passes(message, unblinded_tokens)
+ passes = redeemer.tokens_to_passes(message, unblinded_tokens)
+ GET_PASSES.log(
+ message=message,
+ count=count,
+ )
+ return passes
return ZKAPAuthorizerStorageClient(
+ get_configured_pass_value(node_config),
get_rref,
get_passes,
)
diff --git a/src/_zkapauthorizer/_storage_client.py b/src/_zkapauthorizer/_storage_client.py
index a51fbfd1402c74e0f95ebddbd325e99f7ea076f4..6559b732e6a1bcd67396dea3d561162f2ce31c5c 100644
--- a/src/_zkapauthorizer/_storage_client.py
+++ b/src/_zkapauthorizer/_storage_client.py
@@ -34,7 +34,7 @@ from allmydata.interfaces import (
)
from .storage_common import (
- BYTES_PER_PASS,
+ pass_value_attribute,
required_passes,
allocate_buckets_message,
add_lease_message,
@@ -92,7 +92,7 @@ class ZKAPAuthorizerStorageClient(object):
_expected_remote_interface_name = (
"RIPrivacyPassAuthorizedStorageServer.tahoe.privatestorage.io"
)
-
+ _pass_value = pass_value_attribute()
_get_rref = attr.ib()
_get_passes = attr.ib()
@@ -148,7 +148,7 @@ class ZKAPAuthorizerStorageClient(object):
"allocate_buckets",
self._get_encoded_passes(
allocate_buckets_message(storage_index),
- required_passes(BYTES_PER_PASS, [allocated_size] * len(sharenums)),
+ required_passes(self._pass_value, [allocated_size] * len(sharenums)),
),
storage_index,
renew_secret,
@@ -179,7 +179,7 @@ class ZKAPAuthorizerStorageClient(object):
storage_index,
None,
)).values()
- num_passes = required_passes(BYTES_PER_PASS, share_sizes)
+ num_passes = required_passes(self._pass_value, share_sizes)
# print("Adding lease to {!r} with sizes {} with {} passes".format(
# storage_index,
# share_sizes,
@@ -206,7 +206,7 @@ class ZKAPAuthorizerStorageClient(object):
storage_index,
None,
)).values()
- num_passes = required_passes(BYTES_PER_PASS, share_sizes)
+ num_passes = required_passes(self._pass_value, share_sizes)
returnValue((
yield self._rref.callRemote(
"renew_lease",
@@ -265,6 +265,7 @@ class ZKAPAuthorizerStorageClient(object):
)
# Determine the cost of the new storage for the operation.
required_new_passes = get_required_new_passes_for_mutable_write(
+ self._pass_value,
current_sizes,
tw_vectors,
)
diff --git a/src/_zkapauthorizer/_storage_server.py b/src/_zkapauthorizer/_storage_server.py
index d8c747b451bd1b95ed841ace69094b92e6b2df53..a2d4b9f2c5cce038eff98184ae4859cbde8f8b81 100644
--- a/src/_zkapauthorizer/_storage_server.py
+++ b/src/_zkapauthorizer/_storage_server.py
@@ -86,7 +86,7 @@ from .foolscap import (
RIPrivacyPassAuthorizedStorageServer,
)
from .storage_common import (
- BYTES_PER_PASS,
+ pass_value_attribute,
required_passes,
allocate_buckets_message,
add_lease_message,
@@ -153,6 +153,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
LEASE_PERIOD = timedelta(days=31)
_original = attr.ib(validator=provides(RIStorageServer))
+ _pass_value = pass_value_attribute()
_signing_key = attr.ib(validator=instance_of(SigningKey))
_clock = attr.ib(
validator=provides(IReactorTime),
@@ -217,7 +218,12 @@ class ZKAPAuthorizerStorageServer(Referenceable):
allocate_buckets_message(storage_index),
passes,
)
- check_pass_quantity_for_write(len(valid_passes), sharenums, allocated_size)
+ check_pass_quantity_for_write(
+ self._pass_value,
+ len(valid_passes),
+ sharenums,
+ allocated_size,
+ )
return self._original.remote_allocate_buckets(
storage_index,
@@ -243,6 +249,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
# print("server add_lease({}, {!r})".format(len(passes), storage_index))
valid_passes = self._validate_passes(add_lease_message(storage_index), passes)
check_pass_quantity_for_lease(
+ self._pass_value,
storage_index,
valid_passes,
self._original,
@@ -256,6 +263,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
"""
valid_passes = self._validate_passes(renew_lease_message(storage_index), passes)
check_pass_quantity_for_lease(
+ self._pass_value,
storage_index,
valid_passes,
self._original,
@@ -324,6 +332,7 @@ class ZKAPAuthorizerStorageServer(Referenceable):
renew_leases = True
required_new_passes = get_required_new_passes_for_mutable_write(
+ self._pass_value,
current_sizes,
tw_vectors,
)
@@ -372,23 +381,7 @@ def has_active_lease(storage_server, storage_index, now):
)
-def check_pass_quantity_for_lease(storage_index, valid_passes, storage_server):
- """
- Check that the given number of passes is sufficient to add or renew a
- lease for one period for the given storage index.
- """
- allocated_sizes = dict(
- get_share_sizes(
- storage_server,
- storage_index,
- list(get_all_share_numbers(storage_server, storage_index)),
- ),
- ).values()
- # print("allocated_sizes: {}".format(allocated_sizes))
- check_pass_quantity(len(valid_passes), allocated_sizes)
- # print("Checked out")
-
-def check_pass_quantity(valid_count, share_sizes):
+def check_pass_quantity(pass_value, valid_count, share_sizes):
"""
Check that the given number of passes is sufficient to cover leases for
one period for shares of the given sizes.
@@ -402,14 +395,30 @@ def check_pass_quantity(valid_count, share_sizes):
:return: ``None`` if the given number of passes is sufficient.
"""
- required_pass_count = required_passes(BYTES_PER_PASS, share_sizes)
+ required_pass_count = required_passes(pass_value, share_sizes)
if valid_count < required_pass_count:
raise MorePassesRequired(
valid_count,
required_pass_count,
)
-def check_pass_quantity_for_write(valid_count, sharenums, allocated_size):
+
+def check_pass_quantity_for_lease(pass_value, storage_index, valid_passes, storage_server):
+ """
+ Check that the given number of passes is sufficient to add or renew a
+ lease for one period for the given storage index.
+ """
+ allocated_sizes = dict(
+ get_share_sizes(
+ storage_server,
+ storage_index,
+ list(get_all_share_numbers(storage_server, storage_index)),
+ ),
+ ).values()
+ check_pass_quantity(pass_value, len(valid_passes), allocated_sizes)
+
+
+def check_pass_quantity_for_write(pass_value, valid_count, sharenums, allocated_size):
"""
Determine if the given number of valid passes is sufficient for an
attempted write.
@@ -423,7 +432,7 @@ def check_pass_quantity_for_write(valid_count, sharenums, allocated_size):
:return: ``None`` if the number of valid passes given is sufficient.
"""
- check_pass_quantity(valid_count, [allocated_size] * len(sharenums))
+ check_pass_quantity(pass_value, valid_count, [allocated_size] * len(sharenums))
def get_all_share_paths(storage_server, storage_index):
diff --git a/src/_zkapauthorizer/model.py b/src/_zkapauthorizer/model.py
index 8eb85ee47f3a645f110cd3d5de297a5576303c2f..baff206c28c14931f9d403d47b4938cccb756b10 100644
--- a/src/_zkapauthorizer/model.py
+++ b/src/_zkapauthorizer/model.py
@@ -27,9 +27,6 @@ from json import (
from datetime import (
datetime,
)
-from base64 import (
- b64decode,
-)
from zope.interface import (
Interface,
implementer,
@@ -56,8 +53,15 @@ from ._base64 import (
urlsafe_b64decode,
)
+from .validators import (
+ is_base64_encoded,
+ has_length,
+ greater_than,
+)
+
from .storage_common import (
- BYTES_PER_PASS,
+ pass_value_attribute,
+ get_configured_pass_value,
required_passes,
)
@@ -171,6 +175,8 @@ class VoucherStore(object):
"""
_log = Logger()
+ pass_value = pass_value_attribute()
+
database_path = attr.ib(validator=attr.validators.instance_of(FilePath))
now = attr.ib()
@@ -196,6 +202,7 @@ class VoucherStore(object):
connect=connect,
)
return cls(
+ get_configured_pass_value(node_config),
db_path,
now,
conn,
@@ -504,7 +511,7 @@ class VoucherStore(object):
:return LeaseMaintenance: A new, started lease maintenance object.
"""
- m = LeaseMaintenance(self.now, self._connection)
+ m = LeaseMaintenance(self.pass_value, self.now, self._connection)
m.start()
return m
@@ -548,6 +555,8 @@ class LeaseMaintenance(object):
the ``observe`` and ``finish`` methods to persist state about a lease
maintenance run.
+ :ivar int _pass_value: The value of a single ZKAP in byte-months.
+
:ivar _now: A no-argument callable which returns a datetime giving a time
to use as current.
@@ -558,6 +567,7 @@ class LeaseMaintenance(object):
objects, the database row id that corresponds to the started run.
This is used to make sure future updates go to the right row.
"""
+ _pass_value = pass_value_attribute()
_now = attr.ib()
_connection = attr.ib()
_rowid = attr.ib(default=None)
@@ -584,7 +594,7 @@ class LeaseMaintenance(object):
"""
Record a storage shares of the given sizes.
"""
- count = required_passes(BYTES_PER_PASS, sizes)
+ count = required_passes(self._pass_value, sizes)
cursor.execute(
"""
UPDATE [lease-maintenance-spending]
@@ -627,46 +637,6 @@ class LeaseMaintenanceActivity(object):
# x = store.get_latest_lease_maintenance_activity()
# xs.started, xs.passes_required, xs.finished
-def is_base64_encoded(b64decode=b64decode):
- def validate_is_base64_encoded(inst, attr, value):
- try:
- b64decode(value.encode("ascii"))
- except (TypeError, Error):
- raise TypeError(
- "{name!r} must be base64 encoded unicode, (got {value!r})".format(
- name=attr.name,
- value=value,
- ),
- )
- return validate_is_base64_encoded
-
-def has_length(expected):
- def validate_has_length(inst, attr, value):
- if len(value) != expected:
- raise ValueError(
- "{name!r} must have length {expected}, instead has length {actual}".format(
- name=attr.name,
- expected=expected,
- actual=len(value),
- ),
- )
- return validate_has_length
-
-def greater_than(expected):
- def validate_relation(inst, attr, value):
- if value > expected:
- return None
-
- raise ValueError(
- "{name!r} must be greater than {expected}, instead it was {actual}".format(
- name=attr.name,
- expected=expected,
- actual=value,
- ),
- )
- return validate_relation
-
-
@attr.s(frozen=True)
class UnblindedToken(object):
"""
diff --git a/src/_zkapauthorizer/storage_common.py b/src/_zkapauthorizer/storage_common.py
index 9bf9435e69e5429cf7bdf596d7e1b18fe0472da1..f00997b1c6db9b240eebd7dade935c5c6dc8e917 100644
--- a/src/_zkapauthorizer/storage_common.py
+++ b/src/_zkapauthorizer/storage_common.py
@@ -24,6 +24,12 @@ from base64 import (
b64encode,
)
+import attr
+
+from .validators import (
+ greater_than,
+)
+
def _message_maker(label):
def make_message(storage_index):
return u"{label} {storage_index}".format(
@@ -41,7 +47,22 @@ slot_testv_and_readv_and_writev_message = _message_maker(u"slot_testv_and_readv_
# The number of bytes we're willing to store for a lease period for each pass
# submitted.
-BYTES_PER_PASS = 128 * 1024
+BYTES_PER_PASS = 1024 * 1024
+
+def get_configured_pass_value(node_config):
+ """
+ Determine the configuration-specified value of a single ZKAP.
+
+ If no value is explicitly configured, a default value is returned. The
+ value is read from the **pass-value** option of the ZKAPAuthorizer plugin
+ client section.
+ """
+ section_name = u"storageclient.plugins.privatestorageio-zkapauthz-v1"
+ return int(node_config.get_config(
+ section=section_name,
+ option=u"pass-value",
+ default=BYTES_PER_PASS,
+ ))
def required_passes(bytes_per_pass, share_sizes):
"""
@@ -136,10 +157,13 @@ def get_implied_data_length(data_vector, new_length):
return min(new_length, data_based_size)
-def get_required_new_passes_for_mutable_write(current_sizes, tw_vectors):
+def get_required_new_passes_for_mutable_write(pass_value, current_sizes, tw_vectors):
+ """
+ :param int pass_value: The value of a single pass in byte-months.
+ """
# print("get_required_new_passes_for_mutable_write({}, {})".format(current_sizes, summarize(tw_vectors)))
current_passes = required_passes(
- BYTES_PER_PASS,
+ pass_value,
current_sizes.values(),
)
@@ -155,7 +179,7 @@ def get_required_new_passes_for_mutable_write(current_sizes, tw_vectors):
new_sizes.update()
new_passes = required_passes(
- BYTES_PER_PASS,
+ pass_value,
new_sizes.values(),
)
required_new_passes = new_passes - current_passes
@@ -180,3 +204,14 @@ def summarize(tw_vectors):
for (sharenum, (test_vector, data_vectors, new_length))
in tw_vectors.items()
}
+
+def pass_value_attribute():
+ """
+ Define an attribute for an attrs-based object which can hold a pass value.
+ """
+ return attr.ib(
+ validator=attr.validators.and_(
+ attr.validators.instance_of((int, long)),
+ greater_than(0),
+ ),
+ )
diff --git a/src/_zkapauthorizer/tests/eliot.py b/src/_zkapauthorizer/tests/eliot.py
new file mode 100644
index 0000000000000000000000000000000000000000..710737d948cc4e069d12c265277e95dee569e133
--- /dev/null
+++ b/src/_zkapauthorizer/tests/eliot.py
@@ -0,0 +1,90 @@
+# Copyright 2019 PrivateStorage.io, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Eliot testing helpers.
+"""
+
+from __future__ import (
+ absolute_import,
+)
+
+from functools import (
+ wraps,
+)
+
+from unittest import (
+ SkipTest,
+)
+
+from eliot import (
+ MemoryLogger,
+)
+
+from eliot.testing import (
+ swap_logger,
+ check_for_errors,
+)
+
+# validate_logging and capture_logging copied from Eliot around 1.11. We
+# can't upgrade past 1.7 because we're not Python 3 compatible.
+def validate_logging(assertion, *assertionArgs, **assertionKwargs):
+ def decorator(function):
+ @wraps(function)
+ def wrapper(self, *args, **kwargs):
+ skipped = False
+
+ kwargs["logger"] = logger = MemoryLogger()
+ self.addCleanup(check_for_errors, logger)
+ # TestCase runs cleanups in reverse order, and we want this to
+ # run *before* tracebacks are checked:
+ if assertion is not None:
+ self.addCleanup(
+ lambda: skipped
+ or assertion(self, logger, *assertionArgs, **assertionKwargs)
+ )
+ try:
+ return function(self, *args, **kwargs)
+ except SkipTest:
+ skipped = True
+ raise
+
+ return wrapper
+
+ return decorator
+
+
+def capture_logging(assertion, *assertionArgs, **assertionKwargs):
+ """
+ Capture and validate all logging that doesn't specify a L{Logger}.
+
+ See L{validate_logging} for details on the rest of its behavior.
+ """
+
+ def decorator(function):
+ @validate_logging(assertion, *assertionArgs, **assertionKwargs)
+ @wraps(function)
+ def wrapper(self, *args, **kwargs):
+ logger = kwargs["logger"]
+ previous_logger = swap_logger(logger)
+
+ def cleanup():
+ swap_logger(previous_logger)
+
+ self.addCleanup(cleanup)
+ return function(self, *args, **kwargs)
+
+ return wrapper
+
+ return decorator
diff --git a/src/_zkapauthorizer/tests/test_client_resource.py b/src/_zkapauthorizer/tests/test_client_resource.py
index 48ca9b960f1af29df554136543dd076461960b35..a6a96f9c82a4b9615a58b11a68445c094a92506a 100644
--- a/src/_zkapauthorizer/tests/test_client_resource.py
+++ b/src/_zkapauthorizer/tests/test_client_resource.py
@@ -135,7 +135,6 @@ from ..resource import (
)
from ..storage_common import (
- BYTES_PER_PASS,
required_passes,
)
@@ -578,7 +577,7 @@ class UnblindedTokenTests(TestCase):
total = 0
activity = root.store.start_lease_maintenance()
for sizes in size_observations:
- total += required_passes(BYTES_PER_PASS, sizes)
+ total += required_passes(root.store.pass_value, sizes)
activity.observe(sizes)
activity.finish()
diff --git a/src/_zkapauthorizer/tests/test_model.py b/src/_zkapauthorizer/tests/test_model.py
index 0e5ebd3e971de668d3ca3de36e356d943d62531f..5bd3e3145d12b90a67ef27ce4aaa7dc382864ef4 100644
--- a/src/_zkapauthorizer/tests/test_model.py
+++ b/src/_zkapauthorizer/tests/test_model.py
@@ -69,10 +69,6 @@ from twisted.python.runtime import (
platform,
)
-from ..storage_common import (
- BYTES_PER_PASS,
-)
-
from ..model import (
StoreOpenError,
NotEnoughTokens,
@@ -391,8 +387,11 @@ class LeaseMaintenanceTests(TestCase):
tuples(
# The activity itself, in pass count
integers(min_value=1, max_value=2 ** 16 - 1),
- # Amount by which to trim back the share sizes
- integers(min_value=0, max_value=BYTES_PER_PASS - 1),
+ # Amount by which to trim back the share sizes. This
+ # might exceed the value of a single pass but we don't
+ # know that value yet. We'll map it into a coherent
+ # range with mod inside the test.
+ integers(min_value=0),
),
),
# How much time passes before this activity finishes
@@ -418,8 +417,9 @@ class LeaseMaintenanceTests(TestCase):
passes_required = 0
for (num_passes, trim_size) in sizes:
passes_required += num_passes
+ trim_size %= store.pass_value
x.observe([
- num_passes * BYTES_PER_PASS - trim_size,
+ num_passes * store.pass_value - trim_size,
])
now += finish_delay
x.finish()
diff --git a/src/_zkapauthorizer/tests/test_plugin.py b/src/_zkapauthorizer/tests/test_plugin.py
index 18dcebc3ddaef76e26fbd04386acda5d66503bbe..c45efafb5bf54a9f97a804d0e0a9399f454e69c0 100644
--- a/src/_zkapauthorizer/tests/test_plugin.py
+++ b/src/_zkapauthorizer/tests/test_plugin.py
@@ -41,7 +41,12 @@ from testtools import (
from testtools.matchers import (
Always,
Contains,
+ Equals,
AfterPreprocessing,
+ MatchesAll,
+ HasLength,
+ AllMatch,
+ ContainsDict,
)
from testtools.twistedsupport import (
succeeded,
@@ -79,6 +84,10 @@ from allmydata.client import (
create_client_from_config,
)
+from eliot.testing import (
+ LoggedMessage,
+)
+
from twisted.python.filepath import (
FilePath,
)
@@ -95,6 +104,10 @@ from twisted.plugins.zkapauthorizer import (
storage_server,
)
+from .._plugin import (
+ GET_PASSES,
+)
+
from ..foolscap import (
RIPrivacyPassAuthorizedStorageServer,
)
@@ -108,8 +121,8 @@ from ..controller import (
DummyRedeemer,
)
from ..storage_common import (
- BYTES_PER_PASS,
required_passes,
+ allocate_buckets_message,
)
from .._storage_client import (
IncorrectStorageServerReference,
@@ -143,6 +156,11 @@ from .foolscap import (
DummyReferenceable,
)
+from .eliot import (
+ capture_logging,
+)
+
+
SIGNING_KEY_PATH = FilePath(__file__).sibling(u"testing-signing.key")
@@ -386,18 +404,20 @@ class ClientPluginTests(TestCase):
)
@given(
- tahoe_configs_with_dummy_redeemer,
- datetimes(),
- announcements(),
- vouchers(),
- storage_indexes(),
- lease_renew_secrets(),
- lease_cancel_secrets(),
- sharenum_sets(),
- sizes(),
+ get_config=tahoe_configs_with_dummy_redeemer,
+ now=datetimes(),
+ announcement=announcements(),
+ voucher=vouchers(),
+ storage_index=storage_indexes(),
+ renew_secret=lease_renew_secrets(),
+ cancel_secret=lease_cancel_secrets(),
+ sharenums=sharenum_sets(),
+ size=sizes(),
)
+ @capture_logging(lambda self, logger: logger.validate())
def test_unblinded_tokens_extracted(
self,
+ logger,
get_config,
now,
announcement,
@@ -419,11 +439,12 @@ class ClientPluginTests(TestCase):
)
# Give it enough for the allocate_buckets call below.
- token_count = required_passes(BYTES_PER_PASS, [size] * len(sharenums))
+ token_count = required_passes(store.pass_value, [size] * len(sharenums))
# And few enough redemption groups given the number of tokens.
num_redemption_groups = token_count
store = VoucherStore.from_node_config(node_config, lambda: now)
+ expected_pass_cost =
controller = PaymentController(
store,
DummyRedeemer(),
@@ -460,6 +481,23 @@ class ClientPluginTests(TestCase):
raises(NotEnoughTokens),
)
+ messages = LoggedMessage.of_type(logger.messages, GET_PASSES)
+ self.assertThat(
+ messages,
+ MatchesAll(
+ HasLength(1),
+ AllMatch(
+ AfterPreprocessing(
+ lambda logged_message: logged_message.message,
+ ContainsDict({
+ u"message": Equals(allocate_buckets_message(storage_index)),
+ u"count": Equals(expected_pass_cost),
+ }),
+ ),
+ ),
+ ),
+ )
+
class ClientResourceTests(TestCase):
"""
diff --git a/src/_zkapauthorizer/tests/test_storage_protocol.py b/src/_zkapauthorizer/tests/test_storage_protocol.py
index 713a0c3e862dddfbf803e409898043f0cd562532..f2b9b6895246583018d498422e84ad2265e4eb4c 100644
--- a/src/_zkapauthorizer/tests/test_storage_protocol.py
+++ b/src/_zkapauthorizer/tests/test_storage_protocol.py
@@ -167,6 +167,8 @@ class ShareTests(TestCase):
iteration of the test so far, probably; so make relative comparisons
instead of absolute ones).
"""
+ pass_value = 128 * 1024
+
def setUp(self):
super(ShareTests, self).setUp()
self.canary = LocalReferenceable(None)
@@ -187,10 +189,12 @@ class ShareTests(TestCase):
)
self.server = ZKAPAuthorizerStorageServer(
self.anonymous_storage_server,
+ self.pass_value,
self.signing_key,
)
self.local_remote_server = LocalRemote(self.server)
self.client = ZKAPAuthorizerStorageClient(
+ self.pass_value,
get_rref=lambda: self.local_remote_server,
get_passes=get_passes,
)
diff --git a/src/_zkapauthorizer/tests/test_storage_server.py b/src/_zkapauthorizer/tests/test_storage_server.py
index 55f4402da118c6eac3bf7717a6a690c742c3d835..88ae5a1f1294bc0679787942f7432aa7e08d2291 100644
--- a/src/_zkapauthorizer/tests/test_storage_server.py
+++ b/src/_zkapauthorizer/tests/test_storage_server.py
@@ -92,7 +92,6 @@ from ..api import (
MorePassesRequired,
)
from ..storage_common import (
- BYTES_PER_PASS,
required_passes,
allocate_buckets_message,
add_lease_message,
@@ -107,6 +106,8 @@ class PassValidationTests(TestCase):
"""
Tests for pass validation performed by ``ZKAPAuthorizerStorageServer``.
"""
+ pass_value = 128 * 1024
+
@skipIf(platform.isWindows(), "Storage server is not supported on Windows")
def setUp(self):
super(PassValidationTests, self).setUp()
@@ -119,6 +120,7 @@ class PassValidationTests(TestCase):
self.signing_key = random_signing_key()
self.storage_server = ZKAPAuthorizerStorageServer(
self.anonymous_storage_server,
+ self.pass_value,
self.signing_key,
self.clock,
)
@@ -162,7 +164,7 @@ class PassValidationTests(TestCase):
required_passes = 2
share_nums = {3, 7}
- allocated_size = int((required_passes * BYTES_PER_PASS) / len(share_nums))
+ allocated_size = int((required_passes * self.pass_value) / len(share_nums))
storage_index = b"0123456789"
renew_secret = b"x" * 32
cancel_secret = b"y" * 32
@@ -250,7 +252,7 @@ class PassValidationTests(TestCase):
:param make_data_vector: A one-argument callable. It will be called
with the current length of a slot share. It should return a write
vector which will increase the storage requirements of that slot
- share by at least BYTES_PER_PASS.
+ share by at least ``self.pass_value``.
"""
# hypothesis causes our storage server to be used many times. Clean
# up between iterations.
@@ -266,6 +268,7 @@ class PassValidationTests(TestCase):
# print("test suite")
required_pass_count = get_required_new_passes_for_mutable_write(
+ self.pass_value,
dict.fromkeys(tw_vectors.keys(), 0),
tw_vectors,
)
@@ -355,7 +358,7 @@ class PassValidationTests(TestCase):
test_and_write_vectors_for_shares,
lambda current_length: (
[],
- [(current_length, "x" * BYTES_PER_PASS)],
+ [(current_length, "x" * self.pass_value)],
None,
),
)
@@ -387,7 +390,7 @@ class PassValidationTests(TestCase):
renew_secret, cancel_secret = secrets
- required_count = required_passes(BYTES_PER_PASS, [allocated_size] * len(sharenums))
+ required_count = required_passes(self.pass_value, [allocated_size] * len(sharenums))
# Create some shares at a slot which will require lease renewal.
write_toy_shares(
self.anonymous_storage_server,
@@ -524,6 +527,7 @@ class PassValidationTests(TestCase):
# Create an initial share to toy with.
required_pass_count = get_required_new_passes_for_mutable_write(
+ self.pass_value,
dict.fromkeys(tw_vectors.keys(), 0),
tw_vectors,
)
diff --git a/src/_zkapauthorizer/validators.py b/src/_zkapauthorizer/validators.py
new file mode 100644
index 0000000000000000000000000000000000000000..bd1545144b3a9ed39d10c656ccd9ebbbde549804
--- /dev/null
+++ b/src/_zkapauthorizer/validators.py
@@ -0,0 +1,60 @@
+# Copyright 2019 PrivateStorage.io, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+This module implements validators for ``attrs``-defined attributes.
+"""
+
+from base64 import (
+ b64decode,
+)
+
+def is_base64_encoded(b64decode=b64decode):
+ def validate_is_base64_encoded(inst, attr, value):
+ try:
+ b64decode(value.encode("ascii"))
+ except TypeError:
+ raise TypeError(
+ "{name!r} must be base64 encoded unicode, (got {value!r})".format(
+ name=attr.name,
+ value=value,
+ ),
+ )
+ return validate_is_base64_encoded
+
+def has_length(expected):
+ def validate_has_length(inst, attr, value):
+ if len(value) != expected:
+ raise ValueError(
+ "{name!r} must have length {expected}, instead has length {actual}".format(
+ name=attr.name,
+ expected=expected,
+ actual=len(value),
+ ),
+ )
+ return validate_has_length
+
+def greater_than(expected):
+ def validate_relation(inst, attr, value):
+ if value > expected:
+ return None
+
+ raise ValueError(
+ "{name!r} must be greater than {expected}, instead it was {actual}".format(
+ name=attr.name,
+ expected=expected,
+ actual=value,
+ ),
+ )
+ return validate_relation
diff --git a/zkapauthorizer.nix b/zkapauthorizer.nix
index 5b113d7357028fd3e38017eaf6cf46eb60cee3df..a5e611b4c8879f65aa12c63c968de225a96834ac 100644
--- a/zkapauthorizer.nix
+++ b/zkapauthorizer.nix
@@ -1,6 +1,6 @@
{ lib
, buildPythonPackage, sphinx, git
-, attrs, zope_interface, aniso8601, twisted, tahoe-lafs, challenge-bypass-ristretto, treq
+, attrs, zope_interface, eliot, aniso8601, twisted, tahoe-lafs, challenge-bypass-ristretto, treq
, fixtures, testtools, hypothesis, pyflakes, coverage
, hypothesisProfile ? null
, collectCoverage ? false
@@ -31,6 +31,7 @@ buildPythonPackage rec {
attrs
zope_interface
aniso8601
+ eliot
twisted
tahoe-lafs
challenge-bypass-ristretto