2021-04-26 22:44:59 -04:00
|
|
|
/*! Implementation of a new style of bridge authority for Tor that
|
|
|
|
|
allows users to invite other users, while protecting the social graph
|
|
|
|
|
from the bridge authority itself.
|
|
|
|
|
|
|
|
|
|
We use CMZ14 credentials (GGM version, which is more efficient, but
|
|
|
|
|
makes a stronger security assumption): "Algebraic MACs and
|
|
|
|
|
Keyed-Verification Anonymous Credentials" (Chase, Meiklejohn, and
|
|
|
|
|
Zaverucha, CCS 2014)
|
|
|
|
|
|
|
|
|
|
The notation follows that of the paper "Hyphae: Social Secret Sharing"
|
|
|
|
|
(Lovecruft and de Valence, 2017), Section 4. */
|
|
|
|
|
|
|
|
|
|
// We really want points to be capital letters and scalars to be
|
|
|
|
|
// lowercase letters
|
|
|
|
|
#![allow(non_snake_case)]
|
|
|
|
|
|
|
|
|
|
#[macro_use]
|
|
|
|
|
extern crate zkp;
|
|
|
|
|
|
2021-04-27 13:00:18 -04:00
|
|
|
pub mod bridge_table;
|
2021-04-28 13:36:04 -04:00
|
|
|
pub mod cred;
|
2021-04-27 08:53:22 -04:00
|
|
|
pub mod dup_filter;
|
2021-04-29 15:18:54 -04:00
|
|
|
pub mod migration_table;
|
2021-04-27 08:53:22 -04:00
|
|
|
|
2021-04-26 22:44:59 -04:00
|
|
|
use sha2::Sha512;
|
|
|
|
|
|
|
|
|
|
use curve25519_dalek::constants as dalek_constants;
|
|
|
|
|
use curve25519_dalek::ristretto::RistrettoBasepointTable;
|
|
|
|
|
use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
|
|
use curve25519_dalek::scalar::Scalar;
|
2021-04-30 16:24:42 -04:00
|
|
|
#[cfg(test)]
|
|
|
|
|
use curve25519_dalek::traits::IsIdentity;
|
2023-07-19 10:30:35 -04:00
|
|
|
use rand::rngs::OsRng;
|
|
|
|
|
use rand::Rng;
|
|
|
|
|
use std::collections::HashMap;
|
|
|
|
|
use std::convert::{TryFrom, TryInto};
|
2021-04-26 22:44:59 -04:00
|
|
|
|
|
|
|
|
use ed25519_dalek::{Keypair, PublicKey, Signature, SignatureError, Signer, Verifier};
|
2021-04-29 18:22:06 -04:00
|
|
|
use subtle::ConstantTimeEq;
|
2021-04-26 22:44:59 -04:00
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
use std::collections::HashSet;
|
|
|
|
|
|
|
|
|
|
use bridge_table::{
|
2023-06-20 20:04:17 -04:00
|
|
|
BridgeLine, BridgeTable, EncryptedBucket, MAX_BRIDGES_PER_BUCKET, MIN_BUCKET_REACHABILITY,
|
2021-05-05 13:58:43 -04:00
|
|
|
};
|
|
|
|
|
use migration_table::{MigrationTable, MigrationType};
|
|
|
|
|
|
2021-04-26 22:44:59 -04:00
|
|
|
use lazy_static::lazy_static;
|
|
|
|
|
|
2022-11-22 19:15:09 -05:00
|
|
|
use serde::{Deserialize, Serialize};
|
2022-11-13 11:33:57 -05:00
|
|
|
|
2021-04-26 22:44:59 -04:00
|
|
|
lazy_static! {
|
|
|
|
|
pub static ref CMZ_A: RistrettoPoint =
|
|
|
|
|
RistrettoPoint::hash_from_bytes::<Sha512>(b"CMZ Generator A");
|
|
|
|
|
pub static ref CMZ_B: RistrettoPoint = dalek_constants::RISTRETTO_BASEPOINT_POINT;
|
|
|
|
|
pub static ref CMZ_A_TABLE: RistrettoBasepointTable = RistrettoBasepointTable::create(&CMZ_A);
|
|
|
|
|
pub static ref CMZ_B_TABLE: RistrettoBasepointTable =
|
|
|
|
|
dalek_constants::RISTRETTO_BASEPOINT_TABLE;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-16 13:56:30 -04:00
|
|
|
#[derive(PartialEq, Eq)]
|
|
|
|
|
pub enum ReplaceSuccess {
|
|
|
|
|
NotFound = 0,
|
|
|
|
|
NotReplaced = 1,
|
|
|
|
|
Replaced = 2,
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-13 11:33:57 -05:00
|
|
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
2021-04-26 22:44:59 -04:00
|
|
|
pub struct IssuerPrivKey {
|
|
|
|
|
x0tilde: Scalar,
|
|
|
|
|
x: Vec<Scalar>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl IssuerPrivKey {
|
|
|
|
|
/// Create an IssuerPrivKey for credentials with the given number of
|
|
|
|
|
/// attributes.
|
|
|
|
|
pub fn new(n: u16) -> IssuerPrivKey {
|
|
|
|
|
let mut rng = rand::thread_rng();
|
|
|
|
|
let x0tilde = Scalar::random(&mut rng);
|
|
|
|
|
let mut x: Vec<Scalar> = Vec::with_capacity((n + 1) as usize);
|
|
|
|
|
|
|
|
|
|
// Set x to a vector of n+1 random Scalars
|
|
|
|
|
x.resize_with((n + 1) as usize, || Scalar::random(&mut rng));
|
|
|
|
|
|
|
|
|
|
IssuerPrivKey { x0tilde, x }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-13 11:33:57 -05:00
|
|
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
2021-04-26 22:44:59 -04:00
|
|
|
pub struct IssuerPubKey {
|
|
|
|
|
X: Vec<RistrettoPoint>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl IssuerPubKey {
|
|
|
|
|
/// Create an IssuerPubKey from the corresponding IssuerPrivKey
|
|
|
|
|
pub fn new(privkey: &IssuerPrivKey) -> IssuerPubKey {
|
|
|
|
|
let Atable: &RistrettoBasepointTable = &CMZ_A_TABLE;
|
|
|
|
|
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
|
|
|
|
|
let n_plus_one = privkey.x.len();
|
|
|
|
|
let mut X: Vec<RistrettoPoint> = Vec::with_capacity(n_plus_one);
|
|
|
|
|
|
|
|
|
|
// The first element is a special case; it is
|
|
|
|
|
// X[0] = x0tilde*A + x[0]*B
|
|
|
|
|
X.push(&privkey.x0tilde * Atable + &privkey.x[0] * Btable);
|
|
|
|
|
|
|
|
|
|
// The other elements (1 through n) are X[i] = x[i]*A
|
2021-06-05 13:36:09 -04:00
|
|
|
X.extend(privkey.x.iter().skip(1).map(|xi| xi * Atable));
|
|
|
|
|
|
2021-04-26 22:44:59 -04:00
|
|
|
IssuerPubKey { X }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The BridgeDb. This will typically be a singleton object. The
|
|
|
|
|
/// BridgeDb's role is simply to issue signed "open invitations" to
|
|
|
|
|
/// people who are not yet part of the system.
|
2022-11-14 13:56:13 -05:00
|
|
|
#[derive(Debug, Serialize, Deserialize)]
|
2021-04-26 22:44:59 -04:00
|
|
|
pub struct BridgeDb {
|
|
|
|
|
/// The keypair for signing open invitations
|
|
|
|
|
keypair: Keypair,
|
|
|
|
|
/// The public key for verifying open invitations
|
|
|
|
|
pub pubkey: PublicKey,
|
2021-05-05 13:58:43 -04:00
|
|
|
/// The set of open-invitation buckets
|
|
|
|
|
openinv_buckets: HashSet<u32>,
|
2021-04-26 22:44:59 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// An open invitation is a [u8; OPENINV_LENGTH] where the first 32
|
|
|
|
|
/// bytes are the serialization of a random Scalar (the invitation id),
|
|
|
|
|
/// the next 4 bytes are a little-endian bucket number, and the last
|
|
|
|
|
/// SIGNATURE_LENGTH bytes are the signature on the first 36 bytes.
|
|
|
|
|
pub const OPENINV_LENGTH: usize = 32 // the length of the random
|
|
|
|
|
// invitation id (a Scalar)
|
|
|
|
|
+ 4 // the length of the u32 for the bucket number
|
|
|
|
|
+ ed25519_dalek::SIGNATURE_LENGTH; // the length of the signature
|
|
|
|
|
|
|
|
|
|
impl BridgeDb {
|
|
|
|
|
/// Create the BridgeDb.
|
2021-05-05 13:58:43 -04:00
|
|
|
pub fn new() -> Self {
|
2021-04-26 22:44:59 -04:00
|
|
|
let mut csprng = OsRng {};
|
|
|
|
|
let keypair = Keypair::generate(&mut csprng);
|
|
|
|
|
let pubkey = keypair.public;
|
2021-04-28 13:36:04 -04:00
|
|
|
Self {
|
2021-04-26 22:44:59 -04:00
|
|
|
keypair,
|
|
|
|
|
pubkey,
|
2021-05-05 13:58:43 -04:00
|
|
|
openinv_buckets: Default::default(),
|
2021-04-26 22:44:59 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
/// Insert an open-invitation bucket into the set
|
|
|
|
|
pub fn insert_openinv(&mut self, bucket: u32) {
|
|
|
|
|
self.openinv_buckets.insert(bucket);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Remove an open-invitation bucket from the set
|
|
|
|
|
pub fn remove_openinv(&mut self, bucket: u32) {
|
|
|
|
|
self.openinv_buckets.remove(&bucket);
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-26 22:44:59 -04:00
|
|
|
/// Produce an open invitation. In this example code, we just
|
|
|
|
|
/// choose a random open-invitation bucket.
|
|
|
|
|
pub fn invite(&self) -> [u8; OPENINV_LENGTH] {
|
|
|
|
|
let mut res: [u8; OPENINV_LENGTH] = [0; OPENINV_LENGTH];
|
|
|
|
|
let mut rng = rand::thread_rng();
|
|
|
|
|
// Choose a random invitation id (a Scalar) and serialize it
|
|
|
|
|
let id = Scalar::random(&mut rng);
|
|
|
|
|
res[0..32].copy_from_slice(&id.to_bytes());
|
2021-05-05 13:58:43 -04:00
|
|
|
// Choose a random bucket number (from the set of open
|
|
|
|
|
// invitation buckets) and serialize it
|
|
|
|
|
let openinv_vec: Vec<&u32> = self.openinv_buckets.iter().collect();
|
|
|
|
|
let bucket_num = *openinv_vec[rng.gen_range(0, openinv_vec.len())];
|
2021-04-26 22:44:59 -04:00
|
|
|
res[32..(32 + 4)].copy_from_slice(&bucket_num.to_le_bytes());
|
|
|
|
|
// Sign the first 36 bytes and serialize it
|
|
|
|
|
let sig = self.keypair.sign(&res[0..(32 + 4)]);
|
|
|
|
|
res[(32 + 4)..].copy_from_slice(&sig.to_bytes());
|
|
|
|
|
res
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Verify an open invitation. Returns the invitation id and the
|
|
|
|
|
/// bucket number if the signature checked out. It is up to the
|
|
|
|
|
/// caller to then check that the invitation id has not been used
|
|
|
|
|
/// before.
|
|
|
|
|
pub fn verify(
|
|
|
|
|
invitation: [u8; OPENINV_LENGTH],
|
|
|
|
|
pubkey: PublicKey,
|
|
|
|
|
) -> Result<(Scalar, u32), SignatureError> {
|
|
|
|
|
// Pull out the signature and verify it
|
|
|
|
|
let sig = Signature::try_from(&invitation[(32 + 4)..])?;
|
|
|
|
|
pubkey.verify(&invitation[0..(32 + 4)], &sig)?;
|
|
|
|
|
// The signature passed. Pull out the bucket number and then
|
|
|
|
|
// the invitation id
|
|
|
|
|
let bucket = u32::from_le_bytes(invitation[32..(32 + 4)].try_into().unwrap());
|
|
|
|
|
match Scalar::from_canonical_bytes(invitation[0..32].try_into().unwrap()) {
|
|
|
|
|
// It should never happen that there's a valid signature on
|
|
|
|
|
// an invalid serialization of a Scalar, but check anyway.
|
|
|
|
|
None => Err(SignatureError::new()),
|
|
|
|
|
Some(s) => Ok((s, bucket)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-04-28 13:36:04 -04:00
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
impl Default for BridgeDb {
|
|
|
|
|
fn default() -> Self {
|
|
|
|
|
Self::new()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-28 13:36:04 -04:00
|
|
|
/// The bridge authority. This will typically be a singleton object.
|
2022-11-22 19:15:09 -05:00
|
|
|
#[derive(Debug, Serialize, Deserialize)]
|
2021-04-28 13:36:04 -04:00
|
|
|
pub struct BridgeAuth {
|
|
|
|
|
/// The private key for the main Lox credential
|
|
|
|
|
lox_priv: IssuerPrivKey,
|
|
|
|
|
/// The public key for the main Lox credential
|
|
|
|
|
pub lox_pub: IssuerPubKey,
|
|
|
|
|
/// The private key for migration credentials
|
|
|
|
|
migration_priv: IssuerPrivKey,
|
|
|
|
|
/// The public key for migration credentials
|
|
|
|
|
pub migration_pub: IssuerPubKey,
|
2021-04-29 15:18:54 -04:00
|
|
|
/// The private key for migration key credentials
|
|
|
|
|
migrationkey_priv: IssuerPrivKey,
|
|
|
|
|
/// The public key for migration key credentials
|
|
|
|
|
pub migrationkey_pub: IssuerPubKey,
|
2021-05-01 17:12:03 -04:00
|
|
|
/// The private key for bucket reachability credentials
|
|
|
|
|
reachability_priv: IssuerPrivKey,
|
|
|
|
|
/// The public key for bucket reachability credentials
|
|
|
|
|
pub reachability_pub: IssuerPubKey,
|
2021-05-03 19:05:42 -04:00
|
|
|
/// The private key for invitation credentials
|
|
|
|
|
invitation_priv: IssuerPrivKey,
|
|
|
|
|
/// The public key for invitation credentials
|
|
|
|
|
pub invitation_pub: IssuerPubKey,
|
2021-04-28 13:36:04 -04:00
|
|
|
|
|
|
|
|
/// The public key of the BridgeDb issuing open invitations
|
|
|
|
|
pub bridgedb_pub: PublicKey,
|
|
|
|
|
|
2021-04-28 18:31:47 -04:00
|
|
|
/// The bridge table
|
2023-02-09 16:24:43 -05:00
|
|
|
pub bridge_table: BridgeTable,
|
2021-04-28 18:31:47 -04:00
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
/// The migration tables
|
|
|
|
|
trustup_migration_table: MigrationTable,
|
|
|
|
|
blockage_migration_table: MigrationTable,
|
2021-04-29 15:18:54 -04:00
|
|
|
|
2021-04-28 13:36:04 -04:00
|
|
|
/// Duplicate filter for open invitations
|
|
|
|
|
openinv_filter: dup_filter::DupFilter<Scalar>,
|
2021-05-04 17:48:15 -04:00
|
|
|
/// Duplicate filter for Lox credential ids
|
2021-04-28 13:36:04 -04:00
|
|
|
id_filter: dup_filter::DupFilter<Scalar>,
|
2021-05-04 17:48:15 -04:00
|
|
|
/// Duplicate filter for Invitation credential ids
|
|
|
|
|
inv_id_filter: dup_filter::DupFilter<Scalar>,
|
2021-04-29 15:18:54 -04:00
|
|
|
/// Duplicate filter for trust promotions (from untrusted level 0 to
|
|
|
|
|
/// trusted level 1)
|
|
|
|
|
trust_promotion_filter: dup_filter::DupFilter<Scalar>,
|
2021-04-28 13:36:04 -04:00
|
|
|
|
|
|
|
|
/// For testing only: offset of the true time to the simulated time
|
2022-11-22 19:15:09 -05:00
|
|
|
#[serde(skip)]
|
2021-04-28 13:36:04 -04:00
|
|
|
time_offset: time::Duration,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl BridgeAuth {
|
|
|
|
|
pub fn new(bridgedb_pub: PublicKey) -> Self {
|
2021-04-29 15:18:54 -04:00
|
|
|
// Create the private and public keys for each of the types of
|
|
|
|
|
// credential, each with the appropriate number of attributes
|
2021-04-28 13:36:04 -04:00
|
|
|
let lox_priv = IssuerPrivKey::new(6);
|
|
|
|
|
let lox_pub = IssuerPubKey::new(&lox_priv);
|
2021-05-05 15:25:32 -04:00
|
|
|
let migration_priv = IssuerPrivKey::new(4);
|
2021-04-28 13:36:04 -04:00
|
|
|
let migration_pub = IssuerPubKey::new(&migration_priv);
|
2021-04-29 15:18:54 -04:00
|
|
|
let migrationkey_priv = IssuerPrivKey::new(2);
|
|
|
|
|
let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
|
2021-05-01 17:12:03 -04:00
|
|
|
let reachability_priv = IssuerPrivKey::new(2);
|
|
|
|
|
let reachability_pub = IssuerPubKey::new(&reachability_priv);
|
2021-05-03 19:05:42 -04:00
|
|
|
let invitation_priv = IssuerPrivKey::new(4);
|
|
|
|
|
let invitation_pub = IssuerPubKey::new(&invitation_priv);
|
2021-04-28 13:36:04 -04:00
|
|
|
Self {
|
|
|
|
|
lox_priv,
|
|
|
|
|
lox_pub,
|
|
|
|
|
migration_priv,
|
|
|
|
|
migration_pub,
|
2021-04-29 15:18:54 -04:00
|
|
|
migrationkey_priv,
|
|
|
|
|
migrationkey_pub,
|
2021-05-01 17:12:03 -04:00
|
|
|
reachability_priv,
|
|
|
|
|
reachability_pub,
|
2021-05-03 19:05:42 -04:00
|
|
|
invitation_priv,
|
|
|
|
|
invitation_pub,
|
2021-04-28 13:36:04 -04:00
|
|
|
bridgedb_pub,
|
2021-04-28 18:31:47 -04:00
|
|
|
bridge_table: Default::default(),
|
2021-05-05 13:58:43 -04:00
|
|
|
trustup_migration_table: MigrationTable::new(MigrationType::TrustUpgrade),
|
|
|
|
|
blockage_migration_table: MigrationTable::new(MigrationType::Blockage),
|
2021-04-28 13:36:04 -04:00
|
|
|
openinv_filter: Default::default(),
|
|
|
|
|
id_filter: Default::default(),
|
2021-05-04 17:48:15 -04:00
|
|
|
inv_id_filter: Default::default(),
|
2021-04-29 15:18:54 -04:00
|
|
|
trust_promotion_filter: Default::default(),
|
2023-06-07 15:34:55 -04:00
|
|
|
time_offset: time::Duration::ZERO,
|
2021-04-28 13:36:04 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
/// Insert a set of open invitation bridges.
|
|
|
|
|
///
|
|
|
|
|
/// Each of the bridges will be given its own open invitation
|
|
|
|
|
/// bucket, and the BridgeDb will be informed. A single bucket
|
|
|
|
|
/// containing all of the bridges will also be created, with a trust
|
|
|
|
|
/// upgrade migration from each of the single-bridge buckets.
|
|
|
|
|
pub fn add_openinv_bridges(
|
|
|
|
|
&mut self,
|
|
|
|
|
bridges: [BridgeLine; MAX_BRIDGES_PER_BUCKET],
|
|
|
|
|
bdb: &mut BridgeDb,
|
|
|
|
|
) {
|
2023-06-22 17:07:14 -04:00
|
|
|
let bnum = self.bridge_table.new_bucket(&bridges);
|
2021-05-05 13:58:43 -04:00
|
|
|
let mut single = [BridgeLine::default(); MAX_BRIDGES_PER_BUCKET];
|
|
|
|
|
for b in bridges.iter() {
|
|
|
|
|
single[0] = *b;
|
|
|
|
|
let snum = self.bridge_table.new_bucket(&single);
|
|
|
|
|
bdb.insert_openinv(snum);
|
|
|
|
|
self.trustup_migration_table.table.insert(snum, bnum);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Insert a hot spare bucket of bridges
|
|
|
|
|
pub fn add_spare_bucket(&mut self, bucket: [BridgeLine; MAX_BRIDGES_PER_BUCKET]) {
|
2023-06-22 17:07:14 -04:00
|
|
|
let bnum = self.bridge_table.new_bucket(&bucket);
|
2021-05-05 13:58:43 -04:00
|
|
|
self.bridge_table.spares.insert(bnum);
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-03 11:47:11 -04:00
|
|
|
pub fn sync_table(&mut self) {
|
|
|
|
|
|
|
|
|
|
// Create a hashtable (?) of bridges in the lox distributor from new resources
|
|
|
|
|
// accept the hashtable and recreate the bridge table from the hash table here
|
|
|
|
|
// using existing reachable bridges, other table checks and placements from existing bridge table
|
|
|
|
|
// If bridges are in reachable bridges, put them in the table with their Vec
|
|
|
|
|
// How to check for bridges that aren't there/are extra?
|
|
|
|
|
// After going through the update, make sure bridges in the table are the same and deal with discrepencies
|
|
|
|
|
// This will be the bad/annoying part
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-10 20:26:08 -04:00
|
|
|
pub fn allocate_bridges(
|
|
|
|
|
&mut self,
|
|
|
|
|
distributor_bridges: &mut Vec<BridgeLine>,
|
|
|
|
|
bdb: &mut BridgeDb,
|
|
|
|
|
) {
|
2023-05-15 18:57:23 -04:00
|
|
|
while let Some(bridge) = distributor_bridges.pop() {
|
|
|
|
|
self.bridge_table.unallocated_bridges.push(bridge);
|
2023-05-08 19:44:36 -04:00
|
|
|
}
|
|
|
|
|
while self.bridge_table.unallocated_bridges.len() >= MAX_BRIDGES_PER_BUCKET {
|
|
|
|
|
let mut bucket = [BridgeLine::default(); MAX_BRIDGES_PER_BUCKET];
|
2023-06-16 12:27:40 -04:00
|
|
|
for bridge in bucket.iter_mut() {
|
|
|
|
|
*bridge = self.bridge_table.unallocated_bridges.pop().unwrap();
|
2023-05-08 19:44:36 -04:00
|
|
|
}
|
|
|
|
|
self.add_openinv_bridges(bucket, bdb);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-23 11:00:10 -04:00
|
|
|
// Update the details of a bridge in the bridge table. This assumes that the IP and Port
|
|
|
|
|
// of a given bridge remains the same and thus can be updated.
|
|
|
|
|
// First we must retrieve the list of reachable bridges, then we must search for any matching our partial key
|
2023-03-27 12:36:57 -04:00
|
|
|
// which will include the IP and Port. Then we can replace the original bridge with the updated bridge
|
|
|
|
|
// Returns true if the bridge has successfully updated
|
2023-03-23 11:00:10 -04:00
|
|
|
pub fn bridge_update(&mut self, bridge: &BridgeLine) -> bool {
|
|
|
|
|
let mut res: bool = false; //default False to assume that update failed
|
2023-04-03 11:47:11 -04:00
|
|
|
//Needs to be updated since bridge will only match on some fields.
|
2023-03-27 12:36:57 -04:00
|
|
|
|
2023-03-23 13:21:04 -04:00
|
|
|
let reachable_bridges = self.bridge_table.reachable.clone();
|
|
|
|
|
for reachable_bridge in reachable_bridges {
|
2023-04-04 18:39:28 -04:00
|
|
|
if reachable_bridge.0.uid_fingerprint == bridge.uid_fingerprint {
|
2023-03-23 13:21:04 -04:00
|
|
|
println!(
|
|
|
|
|
"Bridge from table: {:?} has same IP and Port as bridge {:?}!",
|
|
|
|
|
reachable_bridge.0, bridge
|
|
|
|
|
);
|
2023-03-27 12:36:57 -04:00
|
|
|
// Now we must remove the old bridge from the table and insert the new bridge in its place
|
|
|
|
|
// i.e., in the same bucket and with the same permissions.
|
|
|
|
|
let positions = self.bridge_table.reachable.get(&reachable_bridge.0);
|
|
|
|
|
if let Some(v) = positions {
|
|
|
|
|
for (bucketnum, offset) in v.iter() {
|
|
|
|
|
println!("Bucket num: {:?} and offset: {:?}", bucketnum, offset);
|
2023-06-20 17:49:41 -04:00
|
|
|
let mut bridgelines = match self.bridge_table.buckets.get(bucketnum) {
|
2023-06-16 11:02:13 -04:00
|
|
|
Some(bridgelines) => *bridgelines,
|
2023-06-20 17:07:51 -04:00
|
|
|
None => return res,
|
2023-06-16 11:02:13 -04:00
|
|
|
};
|
2023-06-20 17:07:51 -04:00
|
|
|
assert!(bridgelines[*offset] == reachable_bridge.0);
|
2023-06-16 11:02:13 -04:00
|
|
|
bridgelines[*offset] = *bridge;
|
|
|
|
|
self.bridge_table.buckets.insert(*bucketnum, bridgelines);
|
|
|
|
|
let bridgelines = match self.bridge_table.buckets.get(bucketnum) {
|
|
|
|
|
Some(bridgelines) => *bridgelines,
|
2023-06-20 17:07:51 -04:00
|
|
|
None => return res,
|
2023-06-16 11:02:13 -04:00
|
|
|
};
|
2023-06-20 17:07:51 -04:00
|
|
|
assert!(bridgelines[*offset] != reachable_bridge.0);
|
2023-03-23 13:21:04 -04:00
|
|
|
}
|
2023-04-03 11:47:11 -04:00
|
|
|
res = true;
|
|
|
|
|
} else {
|
|
|
|
|
return res;
|
2023-03-23 13:21:04 -04:00
|
|
|
}
|
2023-03-27 12:36:57 -04:00
|
|
|
// We must also remove the old bridge from the reachable bridges table
|
|
|
|
|
// and add the new bridge
|
|
|
|
|
self.bridge_table.reachable.remove(&reachable_bridge.0);
|
|
|
|
|
self.bridge_table
|
|
|
|
|
.reachable
|
|
|
|
|
.insert(*bridge, reachable_bridge.1);
|
2023-04-03 11:47:11 -04:00
|
|
|
return res;
|
2023-03-23 11:00:10 -04:00
|
|
|
}
|
2023-03-23 13:21:04 -04:00
|
|
|
}
|
2023-05-04 18:10:50 -04:00
|
|
|
// If this is returned, we assume that the bridge wasn't found in the bridge table
|
|
|
|
|
// and therefore should be treated as a "new bridge"
|
|
|
|
|
res
|
|
|
|
|
}
|
2023-04-04 18:39:28 -04:00
|
|
|
|
2023-05-04 18:10:50 -04:00
|
|
|
pub fn bridge_replace(
|
|
|
|
|
&mut self,
|
|
|
|
|
bridge: &BridgeLine,
|
|
|
|
|
available_bridge: Option<&BridgeLine>,
|
2023-06-16 13:56:30 -04:00
|
|
|
) -> ReplaceSuccess {
|
|
|
|
|
let mut res = ReplaceSuccess::NotFound;
|
2023-05-04 18:10:50 -04:00
|
|
|
let reachable_bridges = &self.bridge_table.reachable.clone();
|
2023-06-16 13:56:30 -04:00
|
|
|
match reachable_bridges.get(bridge) {
|
|
|
|
|
Some(positions) => {
|
|
|
|
|
if let Some(replacement) = available_bridge {
|
|
|
|
|
for (bucketnum, offset) in positions.iter() {
|
2023-06-20 20:04:17 -04:00
|
|
|
let mut bridgelines = match self.bridge_table.buckets.get(bucketnum) {
|
2023-06-16 11:02:13 -04:00
|
|
|
Some(bridgelines) => *bridgelines,
|
|
|
|
|
None => return ReplaceSuccess::NotFound,
|
|
|
|
|
};
|
|
|
|
|
assert!(bridgelines[*offset] == *bridge);
|
|
|
|
|
bridgelines[*offset] = *replacement;
|
|
|
|
|
self.bridge_table.buckets.insert(*bucketnum, bridgelines);
|
2023-06-16 13:56:30 -04:00
|
|
|
// Remove the bridge from the reachable bridges and add new bridge
|
|
|
|
|
self.bridge_table
|
|
|
|
|
.reachable
|
|
|
|
|
.insert(*replacement, positions.clone());
|
|
|
|
|
// Remove the bridge from the bucket
|
|
|
|
|
self.bridge_table.reachable.remove(bridge);
|
2023-05-04 18:10:50 -04:00
|
|
|
}
|
2023-06-16 11:02:13 -04:00
|
|
|
res = ReplaceSuccess::Replaced
|
2023-06-16 13:56:30 -04:00
|
|
|
} else if !self.bridge_table.unallocated_bridges.is_empty() {
|
|
|
|
|
let replacement = &self.bridge_table.unallocated_bridges.pop().unwrap();
|
|
|
|
|
for (bucketnum, offset) in positions.iter() {
|
2023-06-20 20:04:17 -04:00
|
|
|
let mut bridgelines = match self.bridge_table.buckets.get(bucketnum) {
|
2023-06-16 11:02:13 -04:00
|
|
|
Some(bridgelines) => *bridgelines,
|
2023-06-20 17:07:51 -04:00
|
|
|
// This should not happen if the rest of the function is correct, we can assume unwrap will succeed
|
|
|
|
|
None => return ReplaceSuccess::NotReplaced,
|
2023-06-16 11:02:13 -04:00
|
|
|
};
|
|
|
|
|
assert!(bridgelines[*offset] == *bridge);
|
|
|
|
|
bridgelines[*offset] = *replacement;
|
|
|
|
|
self.bridge_table.buckets.insert(*bucketnum, bridgelines);
|
2023-06-16 13:56:30 -04:00
|
|
|
self.bridge_table
|
|
|
|
|
.reachable
|
|
|
|
|
.insert(*replacement, positions.clone());
|
|
|
|
|
// Remove the bridge from the bucket
|
|
|
|
|
self.bridge_table.reachable.remove(bridge);
|
|
|
|
|
}
|
|
|
|
|
res = ReplaceSuccess::Replaced
|
|
|
|
|
} else if !self.bridge_table.spares.is_empty() {
|
|
|
|
|
// Get the first spare and remove it from the spares set.
|
|
|
|
|
let spare = *self.bridge_table.spares.iter().next().unwrap();
|
|
|
|
|
self.bridge_table.spares.remove(&spare);
|
|
|
|
|
// Get the actual bridges from the spare bucket
|
2023-06-20 17:07:51 -04:00
|
|
|
let spare_bucket = match self.bridge_table.buckets.remove(&spare) {
|
|
|
|
|
Some(spare_bucket) => spare_bucket,
|
|
|
|
|
// This should not happen if the rest of the functions are correct, we can assume unwrap will succeed
|
|
|
|
|
None => return ReplaceSuccess::NotReplaced,
|
|
|
|
|
};
|
|
|
|
|
// Remove the spare bucket uid from the keys map
|
|
|
|
|
self.bridge_table.keys.remove(&spare);
|
2023-06-16 13:56:30 -04:00
|
|
|
let mut replacement: &BridgeLine = &BridgeLine::default();
|
|
|
|
|
// Make the first spare the replacement bridge, add the others to the set of
|
|
|
|
|
// unallocated_bridges
|
|
|
|
|
for spare_bridge in spare_bucket.iter() {
|
|
|
|
|
if replacement.port > 0 {
|
|
|
|
|
self.bridge_table.unallocated_bridges.push(*spare_bridge);
|
|
|
|
|
// Mark bucket as unreachable while it is unallocated
|
|
|
|
|
self.bridge_table.reachable.remove(spare_bridge);
|
|
|
|
|
} else {
|
|
|
|
|
replacement = spare_bridge;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for (bucketnum, offset) in positions.iter() {
|
2023-06-22 17:07:14 -04:00
|
|
|
let mut bridgelines = match self.bridge_table.buckets.get(bucketnum) {
|
2023-06-20 17:07:51 -04:00
|
|
|
Some(bridgelines) => *bridgelines,
|
|
|
|
|
None => return ReplaceSuccess::NotReplaced,
|
|
|
|
|
};
|
|
|
|
|
assert!(bridgelines[*offset] == *bridge);
|
|
|
|
|
bridgelines[*offset] = *replacement;
|
|
|
|
|
self.bridge_table.buckets.insert(*bucketnum, bridgelines);
|
2023-06-16 13:56:30 -04:00
|
|
|
self.bridge_table
|
|
|
|
|
.reachable
|
|
|
|
|
.insert(*replacement, positions.clone());
|
|
|
|
|
// Remove the bridge from the bucket
|
|
|
|
|
self.bridge_table.reachable.remove(bridge);
|
|
|
|
|
}
|
|
|
|
|
res = ReplaceSuccess::Replaced
|
|
|
|
|
} else {
|
|
|
|
|
// If there are no available bridges that can be assigned here, the only thing
|
|
|
|
|
// that can be done is return an indication that updating the gone bridge
|
|
|
|
|
// didn't work.
|
|
|
|
|
// In this case, we do not mark the bridge as unreachable or remove it from the
|
|
|
|
|
// reachable bridges so that we can still find it when a new bridge does become available
|
|
|
|
|
res = ReplaceSuccess::NotReplaced
|
2023-05-10 20:26:08 -04:00
|
|
|
}
|
2023-05-04 18:10:50 -04:00
|
|
|
}
|
2023-06-16 13:56:30 -04:00
|
|
|
None => return res,
|
|
|
|
|
};
|
2023-06-22 17:07:14 -04:00
|
|
|
res
|
2023-03-20 12:33:26 -04:00
|
|
|
}
|
|
|
|
|
|
2021-05-05 13:58:43 -04:00
|
|
|
/// Mark a bridge as unreachable
|
|
|
|
|
///
|
|
|
|
|
/// This bridge will be removed from each of the buckets that
|
|
|
|
|
/// contains it. If any of those are open-invitation buckets, the
|
|
|
|
|
/// trust upgrade migration for that bucket will be removed and the
|
|
|
|
|
/// BridgeDb will be informed to stop handing out that bridge. If
|
|
|
|
|
/// any of those are trusted buckets where the number of reachable
|
|
|
|
|
/// bridges has fallen below the threshold, a blockage migration
|
|
|
|
|
/// from that bucket to a spare bucket will be added, and the spare
|
|
|
|
|
/// bucket will be removed from the list of hot spares. In
|
|
|
|
|
/// addition, if the blocked bucket was the _target_ of a blockage
|
|
|
|
|
/// migration, change the target to the new (formerly spare) bucket.
|
|
|
|
|
/// Returns true if sucessful, or false if it needed a hot spare but
|
|
|
|
|
/// there was none available.
|
|
|
|
|
pub fn bridge_unreachable(&mut self, bridge: &BridgeLine, bdb: &mut BridgeDb) -> bool {
|
|
|
|
|
let mut res: bool = true;
|
2023-05-10 20:26:08 -04:00
|
|
|
if self.bridge_table.unallocated_bridges.contains(bridge) {
|
|
|
|
|
let index = self
|
|
|
|
|
.bridge_table
|
|
|
|
|
.unallocated_bridges
|
|
|
|
|
.iter()
|
|
|
|
|
.position(|&b| b == *bridge)
|
|
|
|
|
.unwrap();
|
|
|
|
|
self.bridge_table.unallocated_bridges.remove(index);
|
|
|
|
|
res = true;
|
|
|
|
|
} else {
|
|
|
|
|
let positions = self.bridge_table.reachable.get(bridge);
|
|
|
|
|
if let Some(v) = positions {
|
|
|
|
|
for (bucketnum, offset) in v.iter() {
|
|
|
|
|
// Count how many bridges in this bucket are reachable
|
2023-06-22 17:07:14 -04:00
|
|
|
let mut bucket = match self.bridge_table.buckets.get(bucketnum) {
|
2023-06-20 20:04:17 -04:00
|
|
|
Some(bridgelines) => *bridgelines,
|
|
|
|
|
None => return false,
|
|
|
|
|
};
|
2023-06-20 17:49:41 -04:00
|
|
|
let numreachable = bucket
|
2023-05-10 20:26:08 -04:00
|
|
|
.iter()
|
|
|
|
|
.filter(|br| self.bridge_table.reachable.get(br).is_some())
|
|
|
|
|
.count();
|
2021-05-05 13:58:43 -04:00
|
|
|
|
2023-05-10 20:26:08 -04:00
|
|
|
// Remove the bridge from the bucket
|
2023-06-20 17:49:41 -04:00
|
|
|
assert!(bucket[*offset] == *bridge);
|
|
|
|
|
bucket[*offset] = BridgeLine::default();
|
2021-05-05 13:58:43 -04:00
|
|
|
|
2023-05-10 20:26:08 -04:00
|
|
|
// Is this bucket an open-invitation bucket?
|
|
|
|
|
if bdb.openinv_buckets.contains(bucketnum) {
|
|
|
|
|
bdb.openinv_buckets.remove(bucketnum);
|
|
|
|
|
self.trustup_migration_table.table.remove(bucketnum);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Does this removal cause the bucket to go below the
|
|
|
|
|
// threshold?
|
|
|
|
|
if numreachable != MIN_BUCKET_REACHABILITY {
|
|
|
|
|
// No
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This bucket is now unreachable. Get a spare bucket
|
|
|
|
|
if self.bridge_table.spares.is_empty() {
|
|
|
|
|
// Uh, oh. No spares available. Just delete any
|
|
|
|
|
// migrations leading to this bucket.
|
|
|
|
|
res = false;
|
|
|
|
|
self.trustup_migration_table
|
|
|
|
|
.table
|
|
|
|
|
.retain(|_, &mut v| v != *bucketnum);
|
|
|
|
|
self.blockage_migration_table
|
|
|
|
|
.table
|
|
|
|
|
.retain(|_, &mut v| v != *bucketnum);
|
|
|
|
|
} else {
|
|
|
|
|
// Get the first spare and remove it from the spares
|
|
|
|
|
// set.
|
|
|
|
|
let spare = *self.bridge_table.spares.iter().next().unwrap();
|
|
|
|
|
self.bridge_table.spares.remove(&spare);
|
|
|
|
|
// Add a blockage migration from this bucket to the spare
|
|
|
|
|
self.blockage_migration_table
|
|
|
|
|
.table
|
|
|
|
|
.insert(*bucketnum, spare);
|
|
|
|
|
// Remove any trust upgrade migrations to this
|
|
|
|
|
// bucket
|
|
|
|
|
self.trustup_migration_table
|
|
|
|
|
.table
|
|
|
|
|
.retain(|_, &mut v| v != *bucketnum);
|
|
|
|
|
// Change any blockage migrations with this bucket
|
|
|
|
|
// as the destination to the spare
|
|
|
|
|
for (_, v) in self.blockage_migration_table.table.iter_mut() {
|
|
|
|
|
if *v == *bucketnum {
|
|
|
|
|
*v = spare;
|
|
|
|
|
}
|
2021-05-05 13:58:43 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-05-10 20:26:08 -04:00
|
|
|
self.bridge_table.reachable.remove(bridge);
|
2021-05-05 13:58:43 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 21:24:32 -04:00
|
|
|
#[cfg(test)]
|
2021-04-28 13:36:04 -04:00
|
|
|
/// For testing only: manually advance the day by 1 day
|
|
|
|
|
pub fn advance_day(&mut self) {
|
|
|
|
|
self.time_offset += time::Duration::days(1);
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-09 16:24:43 -05:00
|
|
|
//#[cfg(test)]
|
2021-04-28 13:36:04 -04:00
|
|
|
/// For testing only: manually advance the day by the given number
|
|
|
|
|
/// of days
|
|
|
|
|
pub fn advance_days(&mut self, days: u16) {
|
|
|
|
|
self.time_offset += time::Duration::days(days.into());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Get today's (real or simulated) date
|
2023-02-09 16:24:43 -05:00
|
|
|
pub fn today(&self) -> u32 {
|
2021-04-28 18:31:47 -04:00
|
|
|
// We will not encounter negative Julian dates (~6700 years ago)
|
2021-05-01 15:33:45 -04:00
|
|
|
// or ones larger than 32 bits
|
2021-04-28 18:31:47 -04:00
|
|
|
(time::OffsetDateTime::now_utc().date() + self.time_offset)
|
2023-06-07 15:34:55 -04:00
|
|
|
.to_julian_day()
|
2021-04-28 18:31:47 -04:00
|
|
|
.try_into()
|
|
|
|
|
.unwrap()
|
2021-04-28 13:36:04 -04:00
|
|
|
}
|
2021-04-29 21:24:32 -04:00
|
|
|
|
2021-05-01 17:12:03 -04:00
|
|
|
/// Get a reference to the encrypted bridge table.
|
|
|
|
|
///
|
|
|
|
|
/// Be sure to call this function when you want the latest version
|
|
|
|
|
/// of the table, since it will put fresh Bucket Reachability
|
|
|
|
|
/// credentials in the buckets each day.
|
2023-07-19 10:30:35 -04:00
|
|
|
pub fn enc_bridge_table(&mut self) -> &HashMap<u32, EncryptedBucket> {
|
2021-05-01 17:12:03 -04:00
|
|
|
let today = self.today();
|
|
|
|
|
if self.bridge_table.date_last_enc != today {
|
|
|
|
|
self.bridge_table
|
|
|
|
|
.encrypt_table(today, &self.reachability_priv);
|
|
|
|
|
}
|
|
|
|
|
&self.bridge_table.encbuckets
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 21:24:32 -04:00
|
|
|
#[cfg(test)]
|
2021-04-30 16:24:42 -04:00
|
|
|
/// Verify the two MACs on a Lox credential
|
2021-04-29 21:24:32 -04:00
|
|
|
pub fn verify_lox(&self, cred: &cred::Lox) -> bool {
|
2021-05-03 14:13:13 -04:00
|
|
|
if cred.P.is_identity() {
|
2021-04-30 16:24:42 -04:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 21:24:32 -04:00
|
|
|
let Q = (self.lox_priv.x[0]
|
|
|
|
|
+ cred.id * self.lox_priv.x[1]
|
|
|
|
|
+ cred.bucket * self.lox_priv.x[2]
|
|
|
|
|
+ cred.trust_level * self.lox_priv.x[3]
|
|
|
|
|
+ cred.level_since * self.lox_priv.x[4]
|
|
|
|
|
+ cred.invites_remaining * self.lox_priv.x[5]
|
2021-05-03 14:27:11 -04:00
|
|
|
+ cred.blockages * self.lox_priv.x[6])
|
2021-04-29 21:24:32 -04:00
|
|
|
* cred.P;
|
2021-04-30 16:24:42 -04:00
|
|
|
|
2021-05-03 14:14:17 -04:00
|
|
|
Q == cred.Q
|
2021-04-29 21:24:32 -04:00
|
|
|
}
|
2021-04-30 13:30:20 -04:00
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
/// Verify the MAC on a Migration credential
|
|
|
|
|
pub fn verify_migration(&self, cred: &cred::Migration) -> bool {
|
2021-04-30 16:24:42 -04:00
|
|
|
if cred.P.is_identity() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-30 13:30:20 -04:00
|
|
|
let Q = (self.migration_priv.x[0]
|
|
|
|
|
+ cred.lox_id * self.migration_priv.x[1]
|
|
|
|
|
+ cred.from_bucket * self.migration_priv.x[2]
|
|
|
|
|
+ cred.to_bucket * self.migration_priv.x[3])
|
|
|
|
|
* cred.P;
|
2021-05-03 14:14:17 -04:00
|
|
|
|
|
|
|
|
Q == cred.Q
|
2021-04-30 13:30:20 -04:00
|
|
|
}
|
2021-05-01 17:12:03 -04:00
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
/// Verify the MAC on a Bucket Reachability credential
|
|
|
|
|
pub fn verify_reachability(&self, cred: &cred::BucketReachability) -> bool {
|
|
|
|
|
if cred.P.is_identity() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let Q = (self.reachability_priv.x[0]
|
|
|
|
|
+ cred.date * self.reachability_priv.x[1]
|
|
|
|
|
+ cred.bucket * self.reachability_priv.x[2])
|
|
|
|
|
* cred.P;
|
2021-05-03 14:14:17 -04:00
|
|
|
|
|
|
|
|
Q == cred.Q
|
2021-05-01 17:12:03 -04:00
|
|
|
}
|
2021-05-03 19:05:42 -04:00
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
/// Verify the MAC on a Invitation credential
|
|
|
|
|
pub fn verify_invitation(&self, cred: &cred::Invitation) -> bool {
|
|
|
|
|
if cred.P.is_identity() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let Q = (self.invitation_priv.x[0]
|
|
|
|
|
+ cred.inv_id * self.invitation_priv.x[1]
|
|
|
|
|
+ cred.date * self.invitation_priv.x[2]
|
|
|
|
|
+ cred.bucket * self.invitation_priv.x[3]
|
|
|
|
|
+ cred.blockages * self.invitation_priv.x[4])
|
|
|
|
|
* cred.P;
|
|
|
|
|
|
|
|
|
|
Q == cred.Q
|
|
|
|
|
}
|
2021-04-28 13:36:04 -04:00
|
|
|
}
|
2021-04-28 15:42:16 -04:00
|
|
|
|
2021-04-29 18:22:06 -04:00
|
|
|
/// Try to extract a u64 from a Scalar
|
|
|
|
|
pub fn scalar_u64(s: &Scalar) -> Option<u64> {
|
|
|
|
|
// Check that the top 24 bytes of the Scalar are 0
|
|
|
|
|
let sbytes = s.as_bytes();
|
|
|
|
|
if sbytes[8..].ct_eq(&[0u8; 24]).unwrap_u8() == 0 {
|
|
|
|
|
return None;
|
|
|
|
|
}
|
|
|
|
|
Some(u64::from_le_bytes(sbytes[..8].try_into().unwrap()))
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-01 15:33:45 -04:00
|
|
|
/// Try to extract a u32 from a Scalar
|
|
|
|
|
pub fn scalar_u32(s: &Scalar) -> Option<u32> {
|
|
|
|
|
// Check that the top 28 bytes of the Scalar are 0
|
|
|
|
|
let sbytes = s.as_bytes();
|
|
|
|
|
if sbytes[4..].ct_eq(&[0u8; 28]).unwrap_u8() == 0 {
|
|
|
|
|
return None;
|
|
|
|
|
}
|
|
|
|
|
Some(u32::from_le_bytes(sbytes[..4].try_into().unwrap()))
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 18:22:06 -04:00
|
|
|
/// Double a Scalar
|
|
|
|
|
pub fn scalar_dbl(s: &Scalar) -> Scalar {
|
|
|
|
|
s + s
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-29 21:24:32 -04:00
|
|
|
/// Double a RistrettoPoint
|
|
|
|
|
pub fn pt_dbl(P: &RistrettoPoint) -> RistrettoPoint {
|
|
|
|
|
P + P
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-01 15:21:50 -04:00
|
|
|
/// The protocol modules.
|
|
|
|
|
///
|
|
|
|
|
/// Each protocol lives in a submodule. Each submodule defines structs
|
|
|
|
|
/// for Request (the message from the client to the bridge authority),
|
|
|
|
|
/// State (the state held by the client while waiting for the reply),
|
|
|
|
|
/// and Response (the message from the bridge authority to the client).
|
|
|
|
|
/// Each submodule defines functions request, which produces a (Request,
|
|
|
|
|
/// State) pair, and handle_response, which consumes a State and a
|
|
|
|
|
/// Response. It also adds a handle_* function to the BridgeAuth struct
|
|
|
|
|
/// that consumes a Request and produces a Result<Response, ProofError>.
|
|
|
|
|
pub mod proto {
|
2021-05-05 18:21:09 -04:00
|
|
|
pub mod blockage_migration;
|
2021-05-05 16:28:56 -04:00
|
|
|
pub mod check_blockage;
|
2021-05-03 19:05:42 -04:00
|
|
|
pub mod issue_invite;
|
2021-05-01 22:25:32 -04:00
|
|
|
pub mod level_up;
|
2021-05-01 15:21:50 -04:00
|
|
|
pub mod migration;
|
|
|
|
|
pub mod open_invite;
|
2021-05-04 15:47:37 -04:00
|
|
|
pub mod redeem_invite;
|
2021-05-01 15:21:50 -04:00
|
|
|
pub mod trust_promotion;
|
|
|
|
|
}
|
2021-04-28 18:48:52 -04:00
|
|
|
|
2021-04-29 16:12:53 -04:00
|
|
|
// Unit tests
|
2021-04-28 18:48:52 -04:00
|
|
|
#[cfg(test)]
|
2021-04-29 16:12:53 -04:00
|
|
|
mod tests;
|
