[WIP] Use shamir reveal token instead of bytes.

libparsec/crates/protocol/schema/authenticated_cmds/shamir_create_shared_recovery_device.json5

@@ -47,7 +47,7 @@
                         // This token is split into shares, hence it acts as a proof the claimer
                         // asking for the `ciphered_data` had it identity confirmed by the recipients.
                         "name": "reveal_token",
-                        "type": "Bytes"
+                        "type": "ShamirRevealToken"
                     },
                     {
                         // The Shamir recovery setup provided as a `ShamirRecoveryBriefCertificate`.

libparsec/crates/protocol/tests/authenticated_cmds/v4/shamir_recovery_setup.rs

@@ -3,6 +3,7 @@
 
 use libparsec_protocol::authenticated_cmds::v4::shamir_recovery_setup::ShamirRecoverySetup;
 use libparsec_tests_lite::prelude::*;
+use libparsec_types::ShamirRevealToken;
 
 use super::authenticated_cmds;
 
@@ -70,7 +71,8 @@ pub fn req() {
         setup: Some(ShamirRecoverySetup {
             brief: "brief".into(),
             ciphered_data: "ciphered_data".into(),
-            reveal_token: "reveal_token".into(),
+            reveal_token: ShamirRevealToken::from_hex("0563ff98-846c-4dbf-9e0a-1cc2f6fbb149")
+                .unwrap(),
             shares: vec!["shares".into()],
         }),
     };
@@ -79,8 +81,8 @@ pub fn req() {
     let raw = hex!(
         "82a3636d64b57368616d69725f7265636f766572795f7365747570a5736574757084a56272"
         "696566c4056272696566ad63697068657265645f64617461c40d63697068657265645f6461"
-        "7461ac72657665616c5f746f6b656ec40c72657665616c5f746f6b656ea673686172657391"
-        "c406736861726573"
+        "7461ac72657665616c5f746f6b656ed8020563ff98846c4dbf9e0a1cc2f6fbb149a6736861"
+        "72657391c406736861726573"
     );
     let data = authenticated_cmds::AnyCmdReq::load(&raw).unwrap();
     p_assert_eq!(data, expected);

libparsec/crates/serialization_format/src/protocol_python_bindings.rs

@@ -816,6 +816,7 @@ fn quote_type_as_fn_getter_ret_type(ty: &FieldType) -> TokenStream {
         FieldType::OrganizationID => quote! { crate::ids::OrganizationID },
         FieldType::UserID => quote! { crate::ids::UserID },
         FieldType::VlobID => quote! { crate::ids::VlobID },
+        FieldType::ShamirRevealToken => quote! { crate::token::ShamirRevealToken },
         FieldType::EnrollmentID => quote! { crate::ids::EnrollmentID },
         FieldType::SequesterServiceID => quote! { crate::ids::SequesterServiceID },
         FieldType::DeviceLabel => quote! { crate::ids::DeviceLabel },
@@ -933,6 +934,9 @@ fn quote_type_as_fn_getter_conversion(field_path: &TokenStream, ty: &FieldType)
         FieldType::OrganizationID => quote! { crate::ids::OrganizationID(#field_path.to_owned()) },
         FieldType::UserID => quote! { crate::ids::UserID(#field_path.to_owned()) },
         FieldType::VlobID => quote! { crate::ids::VlobID(#field_path.to_owned()) },
+        FieldType::ShamirRevealToken => {
+            quote! { crate::token::ShamirRevealToken(#field_path.to_owned()) }
+        }
         FieldType::EnrollmentID => quote! { crate::ids::EnrollmentID(#field_path.to_owned()) },
         FieldType::SequesterServiceID => {
             quote! { crate::ids::SequesterServiceID(#field_path.to_owned()) }
@@ -1042,6 +1046,7 @@ fn quote_type_as_fn_new_param(ty: &FieldType) -> TokenStream {
         FieldType::OrganizationID => quote! { crate::ids::OrganizationID },
         FieldType::UserID => quote! { crate::ids::UserID },
         FieldType::VlobID => quote! { crate::ids::VlobID },
+        FieldType::ShamirRevealToken => quote! { crate::token::ShamirRevealToken },
         FieldType::EnrollmentID => quote! { crate::ids::EnrollmentID },
         FieldType::SequesterServiceID => quote! { crate::ids::SequesterServiceID },
         FieldType::DeviceLabel => quote! { crate::ids::DeviceLabel },
@@ -1166,6 +1171,7 @@ fn internal_quote_field_as_fn_new_conversion(field_name: &Ident, ty: &FieldType)
         | FieldType::OrganizationID
         | FieldType::UserID
         | FieldType::VlobID
+        | FieldType::ShamirRevealToken
         | FieldType::EnrollmentID
         | FieldType::SequesterServiceID
         | FieldType::DeviceLabel

libparsec/crates/serialization_format/src/types.rs

@@ -229,6 +229,7 @@ generate_field_type_enum!(
     OrganizationID => libparsec_types::OrganizationID,
     UserID => libparsec_types::UserID,
     VlobID => libparsec_types::VlobID,
+    ShamirRevealToken => libparsec_types::ShamirRevealToken,
     EnrollmentID => libparsec_types::EnrollmentID,
     SequesterServiceID => libparsec_types::SequesterServiceID,
     DeviceLabel => libparsec_types::DeviceLabel,

libparsec/crates/testbed/src/template/crc_hash.rs

@@ -173,6 +173,7 @@ macro_rules! impl_crc_hash_for_uuid_based {
 }
 
 impl_crc_hash_for_uuid_based!(VlobID);
+impl_crc_hash_for_uuid_based!(ShamirRevealToken);
 impl_crc_hash_for_uuid_based!(BlockID);
 impl_crc_hash_for_uuid_based!(ChunkID);
 impl_crc_hash_for_uuid_based!(SequesterServiceID);

libparsec/crates/types/src/id.rs

@@ -211,6 +211,7 @@ new_uuid_type!(pub BlockID);
 new_uuid_type!(pub ChunkID);
 new_uuid_type!(pub SequesterServiceID);
 new_uuid_type!(pub EnrollmentID);
+
 impl_from_maybe!(std::collections::HashSet<VlobID>);
 
 // ChunkID are often created from file BlockID, so conversion is useful

libparsec/crates/types/src/token.rs

@@ -132,6 +132,7 @@ macro_rules! new_token_type {
 
 new_token_type!(BootstrapToken);
 new_token_type!(InvitationToken);
+new_token_type!(ShamirRevealToken);
 
 #[cfg(test)]
 #[path = "../tests/unit/token.rs"]

server/parsec/_parsec.pyi

@@ -66,6 +66,7 @@ from parsec._parsec_pyi.ids import (
     InvitationToken,
     OrganizationID,
     SequesterServiceID,
+    ShamirRevealToken,
     UserID,
     VlobID,
 )
@@ -152,6 +153,7 @@ __all__ = [
     "EnrollmentID",
     "BootstrapToken",
     "InvitationToken",
+    "ShamirRevealToken",
     # Addrs
     "ParsecAddr",
     "ParsecActionAddr",

server/parsec/_parsec_pyi/ids.pyi

@@ -214,3 +214,20 @@ class BootstrapToken:
     def int(self) -> int: ...
     @property
     def hyphenated(self) -> str: ...
+
+class ShamirRevealToken:
+    def __hash__(self) -> int: ...
+    @classmethod
+    def from_bytes(cls, bytes: bytes) -> ShamirRevealToken: ...
+    @classmethod
+    def from_hex(cls, hex: str) -> ShamirRevealToken: ...
+    @classmethod
+    def new(cls) -> ShamirRevealToken: ...
+    @property
+    def bytes(self) -> bytes: ...
+    @property
+    def hex(self) -> str: ...
+    @property
+    def int(self) -> int: ...
+    @property
+    def hyphenated(self) -> str: ...

server/parsec/_parsec_pyi/protocol/authenticated_cmds/v4/shamir_recovery_setup.pyi

@@ -4,14 +4,20 @@
 
 from __future__ import annotations
 
+from parsec._parsec import ShamirRevealToken
+
 class ShamirRecoverySetup:
     def __init__(
-        self, ciphered_data: bytes, reveal_token: bytes, brief: bytes, shares: list[bytes]
+        self,
+        ciphered_data: bytes,
+        reveal_token: ShamirRevealToken,
+        brief: bytes,
+        shares: list[bytes],
     ) -> None: ...
     @property
     def ciphered_data(self) -> bytes: ...
     @property
-    def reveal_token(self) -> bytes: ...
+    def reveal_token(self) -> ShamirRevealToken: ...
     @property
     def brief(self) -> bytes: ...
     @property

server/parsec/components/memory/datamodel.py

@@ -28,6 +28,7 @@
     SequesterServiceCertificate,
     SequesterServiceID,
     ShamirRecoveryBriefCertificate,
+    ShamirRevealToken,
     UserCertificate,
     UserID,
     UserProfile,
@@ -409,7 +410,7 @@ class MemoryShamirSetup:
     # The token the claimer should provide to get access to `ciphered_data`.
     # This token is split into shares, hence it acts as a proof the claimer
     # asking for the `ciphered_data` had it identity confirmed by the recipients.
-    reveal_token: bytes
+    reveal_token: ShamirRevealToken
     # The Shamir recovery setup provided as a `ShamirRecoveryBriefCertificate`.
     # It contains the threshold for the quorum and the shares recipients.
     # This field has a certain level of duplication with the "shares" below,

server/src/lib.rs

@@ -72,6 +72,7 @@ fn entrypoint(py: Python, m: &PyModule) -> PyResult<()> {
     m.add_class::<UserID>()?;
     m.add_class::<BootstrapToken>()?;
     m.add_class::<InvitationToken>()?;
+    m.add_class::<ShamirRevealToken>()?;
 
     // Time
     m.add_class::<DateTime>()?;

server/src/token.rs

@@ -62,3 +62,15 @@ crate::binding_utils::gen_py_wrapper_class_for_id!(
     __hash__,
 );
 gen_token!(InvitationToken);
+
+crate::binding_utils::gen_py_wrapper_class_for_id!(
+    ShamirRevealToken,
+    libparsec_types::ShamirRevealToken,
+    __repr__,
+    __copy__,
+    __deepcopy__,
+    __str__,
+    __richcmp__ eq,
+    __hash__,
+);
+gen_token!(ShamirRevealToken);

server/tests/api_v4/authenticated/test_shamir_recovery_setup.py

@@ -6,6 +6,7 @@
     DateTime,
     ShamirRecoveryBriefCertificate,
     ShamirRecoveryShareCertificate,
+    ShamirRevealToken,
     authenticated_cmds,
 )
 from tests.common import CoolorgRpcClients
@@ -28,7 +29,7 @@ async def test_authenticated_shamir_recovery_setup_ok(
 
     setup = authenticated_cmds.v4.shamir_recovery_setup.ShamirRecoverySetup(
         b"abc",
-        b"def",
+        ShamirRevealToken(),
         brief.dump_and_sign(coolorg.alice.signing_key),
         [share.dump_and_sign(coolorg.alice.signing_key)],
     )
@@ -56,7 +57,7 @@ async def test_authenticated_shamir_recovery_setup_invalid_data(
     if with_postgresql:
         pytest.skip("TODO: postgre not implemented yet")
     setup = authenticated_cmds.v4.shamir_recovery_setup.ShamirRecoverySetup(
-        bytes("abc", "utf-8"), bytes("def", "utf-8"), bytes("ijk", "utf-8"), [bytes("lmn", "utf-8")]
+        bytes("abc", "utf-8"), ShamirRevealToken(), bytes("ijk", "utf-8"), [bytes("lmn", "utf-8")]
     )
     rep = await coolorg.alice.shamir_recovery_setup(setup)
     assert rep == authenticated_cmds.v4.shamir_recovery_setup.RepInvalidData()