session: add WithPrivacy to Session type

Author: ellemouton

session/interface.go

@@ -46,22 +46,23 @@ type FeaturesConfig map[string][]byte
 
 // Session is a struct representing a long-term Terminal Connect session.
 type Session struct {
-	ID              ID
-	Label           string
-	State           State
-	Type            Type
-	Expiry          time.Time
-	CreatedAt       time.Time
-	RevokedAt       time.Time
-	ServerAddr      string
-	DevServer       bool
-	MacaroonRootKey uint64
-	MacaroonRecipe  *MacaroonRecipe
-	PairingSecret   [mailbox.NumPassphraseEntropyBytes]byte
-	LocalPrivateKey *btcec.PrivateKey
-	LocalPublicKey  *btcec.PublicKey
-	RemotePublicKey *btcec.PublicKey
-	FeatureConfig   *FeaturesConfig
+	ID                ID
+	Label             string
+	State             State
+	Type              Type
+	Expiry            time.Time
+	CreatedAt         time.Time
+	RevokedAt         time.Time
+	ServerAddr        string
+	DevServer         bool
+	MacaroonRootKey   uint64
+	MacaroonRecipe    *MacaroonRecipe
+	PairingSecret     [mailbox.NumPassphraseEntropyBytes]byte
+	LocalPrivateKey   *btcec.PrivateKey
+	LocalPublicKey    *btcec.PublicKey
+	RemotePublicKey   *btcec.PublicKey
+	FeatureConfig     *FeaturesConfig
+	WithPrivacyMapper bool
 }
 
 // MacaroonBaker is a function type for baking a super macaroon.
@@ -71,7 +72,7 @@ type MacaroonBaker func(ctx context.Context, rootKeyID uint64,
 // NewSession creates a new session with the given user-defined parameters.
 func NewSession(label string, typ Type, expiry time.Time, serverAddr string,
 	devServer bool, perms []bakery.Op, caveats []macaroon.Caveat,
-	featureConfig FeaturesConfig) (*Session, error) {
+	featureConfig FeaturesConfig, privacy bool) (*Session, error) {
 
 	_, pairingSecret, err := mailbox.NewPassphraseEntropy()
 	if err != nil {
@@ -89,19 +90,20 @@ func NewSession(label string, typ Type, expiry time.Time, serverAddr string,
 	macRootKey := NewSuperMacaroonRootKeyID(macRootKeyBase)
 
 	sess := &Session{
-		ID:              macRootKeyBase,
-		Label:           label,
-		State:           StateCreated,
-		Type:            typ,
-		Expiry:          expiry,
-		CreatedAt:       time.Now(),
-		ServerAddr:      serverAddr,
-		DevServer:       devServer,
-		MacaroonRootKey: macRootKey,
-		PairingSecret:   pairingSecret,
-		LocalPrivateKey: privateKey,
-		LocalPublicKey:  pubKey,
-		RemotePublicKey: nil,
+		ID:                macRootKeyBase,
+		Label:             label,
+		State:             StateCreated,
+		Type:              typ,
+		Expiry:            expiry,
+		CreatedAt:         time.Now(),
+		ServerAddr:        serverAddr,
+		DevServer:         devServer,
+		MacaroonRootKey:   macRootKey,
+		PairingSecret:     pairingSecret,
+		LocalPrivateKey:   privateKey,
+		LocalPublicKey:    pubKey,
+		RemotePublicKey:   nil,
+		WithPrivacyMapper: privacy,
 	}
 
 	if perms != nil || caveats != nil {

session/tlv.go

@@ -26,7 +26,7 @@ const (
 	typeMacaroonRecipe  tlv.Type = 12
 	typeCreatedAt       tlv.Type = 13
 	typeFeaturesConfig  tlv.Type = 14
-	typeReservedNum2    tlv.Type = 15
+	typeWithPrivacy     tlv.Type = 15
 	typeRevokedAt       tlv.Type = 16
 
 	// typeMacaroon is no longer used, but we leave it defined for backwards
@@ -65,12 +65,17 @@ func SerializeSession(w io.Writer, session *Session) error {
 		privateKey    = session.LocalPrivateKey.Serialize()
 		createdAt     = uint64(session.CreatedAt.Unix())
 		revokedAt     uint64
+		withPrivacy   = uint8(0)
 	)
 
 	if !session.RevokedAt.IsZero() {
 		revokedAt = uint64(session.RevokedAt.Unix())
 	}
 
+	if session.WithPrivacyMapper {
+		withPrivacy = 1
+	}
+
 	if session.DevServer {
 		devServer = 1
 	}
@@ -130,7 +135,9 @@ func SerializeSession(w io.Writer, session *Session) error {
 	}
 
 	tlvRecords = append(
-		tlvRecords, tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
+		tlvRecords,
+		tlv.MakePrimitiveRecord(typeWithPrivacy, &withPrivacy),
+		tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
 	)
 
 	tlvStream, err := tlv.NewStream(tlvRecords...)
@@ -145,13 +152,13 @@ func SerializeSession(w io.Writer, session *Session) error {
 // the data to be encoded in the tlv format.
 func DeserializeSession(r io.Reader) (*Session, error) {
 	var (
-		session                      = &Session{}
-		label, serverAddr            []byte
-		pairingSecret, privateKey    []byte
-		state, typ, devServer        uint8
-		expiry, createdAt, revokedAt uint64
-		macRecipe                    MacaroonRecipe
-		featureConfig                FeaturesConfig
+		session                        = &Session{}
+		label, serverAddr              []byte
+		pairingSecret, privateKey      []byte
+		state, typ, devServer, privacy uint8
+		expiry, createdAt, revokedAt   uint64
+		macRecipe                      MacaroonRecipe
+		featureConfig                  FeaturesConfig
 	)
 	tlvStream, err := tlv.NewStream(
 		tlv.MakePrimitiveRecord(typeLabel, &label),
@@ -177,6 +184,7 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 			typeFeaturesConfig, &featureConfig, nil,
 			featureConfigEncoder, featureConfigDecoder,
 		),
+		tlv.MakePrimitiveRecord(typeWithPrivacy, &privacy),
 		tlv.MakePrimitiveRecord(typeRevokedAt, &revokedAt),
 	)
 	if err != nil {
@@ -196,6 +204,7 @@ func DeserializeSession(r io.Reader) (*Session, error) {
 	session.CreatedAt = time.Unix(int64(createdAt), 0)
 	session.ServerAddr = string(serverAddr)
 	session.DevServer = devServer == 1
+	session.WithPrivacyMapper = privacy == 1
 
 	if revokedAt != 0 {
 		session.RevokedAt = time.Unix(int64(revokedAt), 0)

session/tlv_test.go

@@ -87,7 +87,7 @@ func TestSerializeDeserializeSession(t *testing.T) {
 				test.name, test.sessType,
 				time.Date(99999, 1, 1, 0, 0, 0, 0, time.UTC),
 				"foo.bar.baz:1234", true, test.perms,
-				test.caveats, test.featureConfig,
+				test.caveats, test.featureConfig, true,
 			)
 			require.NoError(t, err)
 

session_rpcserver.go

@@ -249,7 +249,7 @@ func (s *sessionRpcServer) AddSession(_ context.Context,
 
 	sess, err := session.NewSession(
 		req.Label, typ, expiry, req.MailboxServerAddr, req.DevServer,
-		uniquePermissions, caveats, nil,
+		uniquePermissions, caveats, nil, false,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new session: %v", err)