general: implement random nonce

Author: andrewshvv

auth_test.go

@@ -5,7 +5,7 @@ import (
 )
 
 func TestMacaroon(t *testing.T) {
-auth, _ := NewAuth("", NewInMemoryDB([]byte("kek")))
+auth, _ := NewAuth("", NewInMemoryDB([]byte("kek"), MacaroonLifetime))
 
 // Emulate generation token on the server, with the user id taken from other
 // token, for example jwt.

db.go

@@ -1,14 +1,16 @@
 package auth
 
+import (
+"sync"
+"time"
+"fmt"
+)
+
 // DB represent the storage for macaroon application authentication which is
 // needed to keep it secure.
 type DB interface {
-// GetLastNonceByID returns last used nonce by the given user or
-// application id.
-GetLastNonceByID(id uint32) (int64, error)
-
-// PutLastNonceByID assigns new nonce to the given user or applciation id.
-PutLastNonceByID(id uint32, nonce int64) error
+// UseNonce mark the nonce as used by the given user.
+UseNonce(id uint32, nonce int64) bool
 
 // GetRootKey returns last stored root key.
 GetRootKey() ([]byte, error)
@@ -24,43 +26,89 @@ type DB interface {
 // NOTE: If macaroon lifetime becomes bigger enough such schema might become
 // insecure.
 type InMemoryDB struct {
-nonces map[uint32]int64
-rootKey []byte
+nonces map[string]time.Time
+rootKey []byte
+nonceLifetime time.Duration
+
+mutex sync.Mutex
+wg sync.WaitGroup
+quit chan struct{}
 }
 
-func NewInMemoryDB(rootKey []byte) *InMemoryDB {
+func NewInMemoryDB(rootKey []byte, nonceLifetime time.Duration) *InMemoryDB {
 return &InMemoryDB{
-nonces: make(map[uint32]int64),
-rootKey: rootKey,
+nonces: make(map[string]time.Time),
+rootKey: rootKey,
+quit: make(chan struct{}),
+nonceLifetime: nonceLifetime,
 }
 }
 
+func (db *InMemoryDB) StartFlushing() {
+db.wg.Add(1)
+go func() {
+defer db.wg.Done()
+
+for {
+select {
+case <-time.After(db.nonceLifetime):
+case <-db.quit:
+return
+}
+
+db.mutex.Lock()
+
+for key, t := range db.nonces {
+if t.Add(db.nonceLifetime).Before(time.Now()) {
+delete(db.nonces, key)
+}
+}
+
+db.mutex.Unlock()
+}
+}()
+}
+
+func (db *InMemoryDB) StopFlushing() {
+close(db.quit)
+db.wg.Wait()
+}
+
 // Runtime check to ensure that InMemoryDB implements DB.
 var _ DB = (*InMemoryDB)(nil)
 
-func (db InMemoryDB) GetLastNonceByID(id uint32) (int64, error) {
-nonce, ok := db.nonces[id]
-if !ok {
+func (db *InMemoryDB) UseNonce(id uint32, nonce int64) bool {
+db.mutex.Lock()
+defer db.mutex.Unlock()
+
+key := getKey(id, nonce)
+if _, ok := db.nonces[key]; !ok {
 // If service has been shutdown and started faster than macaroon
 // lifetime attacker would have a period of time where he could reuse
 // the stolen macaroon, because in this case db don't have nonce for id
 // and returns zero.
-return 0, nil
+return false
 }
 
-return nonce, nil
+db.nonces[key] = time.Now()
+return true
 }
 
-func (db InMemoryDB) PutLastNonceByID(id uint32, nonce int64) error {
-db.nonces[id] = nonce
-return nil
-}
+func (db *InMemoryDB) GetRootKey() ([]byte, error) {
+db.mutex.Lock()
+defer db.mutex.Unlock()
 
-func (db InMemoryDB) GetRootKey() ([]byte, error) {
 return db.rootKey, nil
 }
 
-func (db InMemoryDB) PutRootKey(rootKey []byte) error {
+func (db *InMemoryDB) PutRootKey(rootKey []byte) error {
+db.mutex.Lock()
+defer db.mutex.Unlock()
+
 db.rootKey = rootKey
 return nil
 }
+
+func getKey(id uint32, nonce int64) string {
+return fmt.Sprintf("%v_%v", id, nonce)
+}

errors.go

@@ -8,7 +8,7 @@ var (
 ErrRepeatedField = errors.Errorf("repeated conditions")
 
 ErrMacaroonExpired = errors.Errorf("macaroon expired")
-ErrNonceRepeated = errors.Errorf("nonce is used already")
+ErrNonceUsed  = errors.Errorf("nonce is used already")
 
 ErrOperNotAllowed = errors.Errorf("operation not allowed")
 )

nonce.go

@@ -82,14 +82,9 @@ func CheckNonce(m *macaroon.Macaroon, id uint32, db DB,
 return err
 }
 
-dbNonce, err := db.GetLastNonceByID(id)
-if err != nil {
-return err
-}
-
-if dbNonce >= macaroonNonce {
-return ErrNonceRepeated
+if db.UseNonce(id, macaroonNonce) {
+return ErrNonceUsed
 }
 
-return db.PutLastNonceByID(id, macaroonNonce)
+return nil
 }

nonce_test.go

@@ -3,6 +3,7 @@ package auth
 import (
 "testing"
 "gopkg.in/macaroon.v2"
+"time"
 )
 
 func TestCheckNonceFunction(t *testing.T) {
@@ -16,7 +17,7 @@ func TestCheckNonceFunction(t *testing.T) {
 // Check that check nonce function fail because macaroon not contains
 // nonce and time constraint/caveat/field.
 {
-db := NewInMemoryDB(rootKey)
+db := NewInMemoryDB(rootKey, MacaroonLifetime)
 
 if err := CheckNonce(m, 1, db, MacaroonLifetime); err == nil {
 t.Fatalf("expected to fail because don't have time and nonce fields"+
@@ -33,7 +34,7 @@ func TestCheckNonceFunction(t *testing.T) {
 // Check that check nonce function fail because macaroon not contains time
 // constraint/caveat/field.
 {
-db := NewInMemoryDB(rootKey)
+db := NewInMemoryDB(rootKey, MacaroonLifetime)
 
 if err := CheckNonce(m, 1, db, MacaroonLifetime); err == nil {
 t.Fatalf("expected to fail because don't have time field: %v", err)
@@ -48,7 +49,7 @@ func TestCheckNonceFunction(t *testing.T) {
 // Check that check nonce function fail because macaroon has expired.
 // working.
 {
-db := NewInMemoryDB(rootKey)
+db := NewInMemoryDB(rootKey, MacaroonLifetime)
 
 if err := CheckNonce(m, 1, db, 0); err != ErrMacaroonExpired {
 t.Fatalf("expected to fail because macaron expired: %v", err)
@@ -58,22 +59,57 @@ func TestCheckNonceFunction(t *testing.T) {
 // Check that check nonce function fail because nonce has been used.
 {
 db := &InMemoryDB{
-nonces: map[uint32]int64{1: nonce},
+nonces: map[string]time.Time{getKey(1, nonce): time.Now()},
 rootKey: rootKey,
 }
 
-if err := CheckNonce(m, 1, db, MacaroonLifetime); err != ErrNonceRepeated {
+if err := CheckNonce(m, 1, db, MacaroonLifetime); err != ErrNonceUsed {
 t.Fatalf("expected to fail because macaron nonce has been used"+
 ": %v", err)
 }
 }
 
 // Check that check nonce function fail because nonce has been used.
 {
-db := NewInMemoryDB(rootKey)
+db := NewInMemoryDB(rootKey, MacaroonLifetime)
 
 if err := CheckNonce(m, 1, db, MacaroonLifetime); err != nil {
-t.Fatalf("unable to check macaroon")
+t.Fatalf("unable to check macaroon: %v", err)
 }
 }
 }
+
+func TestNonceFlush(t *testing.T) {
+rootKey := []byte("kek")
+m, err := macaroon.New(rootKey, nil, "bitlum", macaroon.LatestVersion)
+if err != nil {
+t.Fatalf("unable to create macaron: %v", err)
+}
+
+flushPeriod := time.Millisecond * 50
+db := NewInMemoryDB(rootKey, flushPeriod)
+
+// Pretend that nonce was already used
+nonce := int64(100)
+userID := uint32(1)
+db.nonces = map[string]time.Time{getKey(userID, nonce): time.Now()}
+
+m, err = AddNonce(m, nonce)
+if err != nil {
+t.Fatalf("unable to add nonce: %v", err)
+}
+
+m, err = AddCurrentTime(m)
+if err != nil {
+t.Fatalf("unable to add current time: %v", err)
+}
+
+// Start nonce flushing and wait more than flushing period.
+db.StartFlushing()
+defer db.StopFlushing()
+time.Sleep(2 * flushPeriod)
+
+if err := CheckNonce(m, userID, db, MacaroonLifetime); err != nil {
+t.Fatalf("unable to check macaroon: %v", err)
+}
+}