Adds ake.Server Serde methods

[everyCTO]

This is an implementation of the request in #7. Please refer to that discussion for background.

Changes in tests/opaque_test.go are from the discussion and are not meant to make any material change to the test.

The focus of this PR is adding two new methods to ake.Server:

// SerializeState will return a []byte with the given capacity containing
// internal state of the Server.
func (s *Server) SerializeState(size int) []byte

// DeserializeState will set internal state onto the server. `size` should the
// output of internal.Parameters.MAC.Size()
func (s *Server) DeserializeState(data []byte, size int) error

Example usage from the modified test:

// serialize the state to be persisted elsewhere
state = server.Ake.SerializeState(server.MAC.Size())

// retrieve serialized state and deserialize onto server
err := server.Ake.DeserializeState(state, server.MAC.Size())

[bytemare]

Thank you ! Nice addition, indeed. I also like the formatting in the test function, it's much better.

I left some comments and suggestions. Do you think you can address them or would you prefer me to do it?

Also, I pushed some changes that might break some things, I fear that a rebase from the main branch is necessary.

[everyCTO]

Thank you ! Nice addition, indeed. I also like the formatting in the test function, it's much better.

😄

I left some comments and suggestions. Do you think you can address them or would you prefer me to do it?

I'd be happy to address them.

Also, I pushed some changes that might break some things, I fear that a rebase from the main branch is necessary.

No problem. I'll rebase.

[everyCTO]

rebased and pushed. I'll incorporate the suggested changes and push again.

[bytemare]

I just pushed some changes that should simplify the configuration and its usage a bit, but I don't think it impacts your changes

[everyCTO]

Updated to incorporate feedback.

[everyCTO]

It turns out, for my use case, it's useful to have an accessor for the expected MAC. Without it, I would first need to fetch the server's serialized state from a database, rehydrate it using DeserializeAKEState, call Finish, and then make another call to the database to persist an authenticated session.

I do already have SessionKey, so I could theoretically determine the expected MAC by trimming off SessionKey as a suffix from the output of SerializeState; what's left is the MAC. But that's breaking the abstraction.

By adding this accessor, I can make a single call to the database (in a transaction) to assert that the MAC I have from the client matches the expected MAC, and persist an authenticated session.

[bytemare]

One more thing, and I think we're good to go !

Can you add relevant tests in failling_test.go?

[everyCTO]

I see some linting complaints when I run golangci-lint locally:

$ golangci-lint run --config=./.github/.golangci.yml ./...
WARN [runner] The linter 'scopelint' is deprecated due to: The repository of the linter has been deprecated by the owner. Use 'exportloopref' instead.
WARN [runner] The linter 'maligned' is deprecated due to: The repository of the linter has been archived by the owner. Use govet 'fieldalignment' instead.
internal/ake/server.go:92:18: Comment should end in a period (godot)
// internal state
                 ^
server.go:185:77: Comment should end in a period (godot)
// SetAKEState sets the interal state of the AKE server from the given bytes
                                                                            ^
server.go:195:9: Comment should end in a period (godot)
// bytes
        ^
internal/ake/server.go:100:2: return statements should not be cuddled if block has more than two lines (wsl)
        return nil
        ^
internal/ake/server.go:95:10: err113: do not define dynamic errors, use wrapped static errors instead: "errors.New(\"existing state is not empty\")" (goerr113)
                return errors.New("existing state is not empty")
                       ^
server.go:188:10: err113: do not define dynamic errors, use wrapped static errors instead: "errors.New(\"invalid state length\")" (goerr113)
                return errors.New("invalid state length")
                       ^

Should I address those? some of them are from areas of the code base that are not changing in this PR. Happy to address either way.

[bytemare]

I see some linting complaints when I run golangci-lint locally:

...

Should I address those? some of them are from areas of the code base that are not changing in this PR. Happy to address either way.

I excluded some linters from running in the internal packages, as there is a lot of code that is still subject to change, and I don't consider some results as a priority (e.g. variables and functions that are not exported outside OPAQUE don't need to be included in the external documentation).

But if you're motivated to address them, go for it! )

[everyCTO]

I excluded some linters from running in the internal packages, as there is a lot of code that is still subject to change, and I don't consider some results as a priority (e.g. variables and functions that are not exported outside OPAQUE don't need to be included in the external documentation).

But if you're motivated to address them, go for it! )

Makes sense. I might circle back to that in a later PR.

For now, it looks like all of the CI checks are happy except for Snyk, which is asking for a refreshed auth token.

[bytemare]

Yeah, let's not care about that right now

[bytemare]

Thank you for your contribution ❤️

[bytemare]

Hey @everyCTO,

FYI I took some time to add the comments to the internal package. Your linter should now complain a bit less :) I also extended the test you added to include the case of an existing state for the server.