Remove proto from commitments package

[gdbelvin]

In order to make mobile bindings possible, we need to remove protobuf
references from verification interfaces.

Part of #715 #713
Closes #717

[AMarcedone]

Despite being better than before (as it does not depend on protobuf), this function is still not gobind friendly, as it returns 3 outputs. To be "visible" from Java, functions need to return only one output (plus an optional second one which needs to be of type error).

[gdbelvin]

To fix this, I've created a GenCommitmentKey function.

[gdbelvin]

Would it be easier to return a struct, or should those be avoided as well?

…

On Mon, Jul 31, 2017 at 9:11 PM Antonio Marcedone ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In core/crypto/commitments/commitments.go <#716 (comment)> : > } // Commit makes a cryptographic commitment under a specific userID to data. -func Commit(userID, appID string, data []byte) ([]byte, *tpb.Committed, error) { +func Commit(userID, appID string, data []byte) (commitment, nonce []byte, err error) { Despite being better than before (as it does not depend on protobuf), this function is still not gobind friendly, as it returns 3 outputs. To be "visible" from Java, functions need to return only one output (plus an optional second one which needs to be of type error). — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#716 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAMHTtdtBcs6JDNA_6HeKrvuGaZyg30vks5sTjUMgaJpZM4Oof3M> .

[AMarcedone]

A struct would work (as long as its members are of gobind friendly types such as []byte).
I am not sure what is best from a design perspective, but my original idea was to leave the interface as it currently is and add some simple gobind friendly wrappers that internally call the original proto based interfaces. I think it is worth discussing this face to face tomorrow.

[gdbelvin]

Sounds good

…

On Mon, Jul 31, 2017 at 9:26 PM Antonio Marcedone ***@***.***> wrote: A struct would work (as long as its members are of gobind friendly types such as []byte). I am not sure what is best from a design perspective, but my original idea was to leave the interface as it currently is and add some simple gobind friendly wrappers that internally call the original proto based interfaces. I think it is worth discussing this face to face tomorrow. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#716 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAMHTkDCfBjf7Xi8f9cB7o18_Qe6IjTFks5sTjhbgaJpZM4Oof3M> .

[AMarcedone]

Here is a concrete example of the interface I was thinking about (the B prefix is meant to indicate the goBind friendly version of a function)
AMarcedone@6579ef0

[codecov-io]

Codecov Report

Merging #716 into master will increase coverage by 0.68%.
The diff coverage is 32%.

@@            Coverage Diff             @@
##           master     #716      +/-   ##
==========================================
+ Coverage   47.97%   48.66%   +0.68%     
==========================================
  Files          30       30              
  Lines        2491     2503      +12     
==========================================
+ Hits         1195     1218      +23     
+ Misses       1106     1088      -18     
- Partials      190      197       +7

Impacted Files	Coverage Δ
core/keyserver/validate.go	36.53% <0%> (ø)	⬆️
core/client/kt/requests.go	0% <0%> (ø)	⬆️
core/keyserver/keyserver.go	0% <0%> (ø)	⬆️
core/client/kt/verify.go	51.35% <15.38%> (+32.68%)	⬆️
core/crypto/commitments/commitments.go	73.07% <63.63%> (-15.82%)	⬇️
impl/sql/commitments/sql.go	48.67% <63.63%> (+1.88%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7c0bbc7...611caad. Read the comment docs.

[cesarghali]

Thanks for the PR. I have few comments below.

[cesarghali]

This might make people go look for VerifyCommitment function which does not exist anymore. Please consider changing the error message.

[gdbelvin]

done

[cesarghali]

Can we add tests to the other functions in verify.go?

[gdbelvin]

Good idea. I've added a test for VerifyGetEntyrResponse

[cesarghali]

We might want to elaborate a bit more on this. GenCommitmentKey should be kept secret, that's correct, but it's sent over to the server as part of the request. Maybe we should explain why it's OK for the server to know this key.

[gdbelvin]

done

[cesarghali]

Consider using a fixed nonce to make the test repeatable.

[gdbelvin]

done

[cesarghali]

Same here.

[gdbelvin]

done

[gdbelvin]

Added tests and cleaned up. PTAL.

[cesarghali]

Up to you: What do you think about expressing this as a hexa string and then convert to byte before using it? It'll be shorter. Same applies below.

[gdbelvin]

That's true, but makes the test vectors harder to regenerate with log.Printf("%#v")

[cesarghali]

👍