vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove noop migration credentials

This commit is contained in:
Ian Goldberg 2021-05-03 14:13:13 -04:00
parent ecef59392b
commit 15e9a1a72a
6 changed files with 16 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crates/lox-library/src/cred.rs
View File

@ -25,12 +25,7 @@ pub struct Migration {
/// Its id is jointly generated by the user and the BA (bridge
/// authority), but known only to the user. The level_since date is the
/// Julian date of when this user was changed to the current trust
/// level. (P_noopmigration, Q_noopmigration) are the MAC on the
/// implicit no-op migration credential formed by the attributes (id,
/// bucket, bucket), which authorizes the user to switch from its
/// current bucket to the same bucket (i.e., a no-op). This can be
/// useful for hiding from the BA whether or not the user is performing
/// a bucket migration.
/// level.
#[derive(Debug)]
pub struct Lox {
pub P: RistrettoPoint,
@ -41,8 +36,6 @@ pub struct Lox {
pub level_since: Scalar,
pub invites_remaining: Scalar,
pub invites_issued: Scalar,
pub P_noopmigration: RistrettoPoint,
pub Q_noopmigration: RistrettoPoint,
}
/// The migration key credential.

10
crates/lox-library/src/lib.rs
View File

@ -283,7 +283,7 @@ impl BridgeAuth {
#[cfg(test)]
/// Verify the two MACs on a Lox credential
pub fn verify_lox(&self, cred: &cred::Lox) -> bool {
if cred.P.is_identity() || cred.P_noopmigration.is_identity() {
if cred.P.is_identity() {
return false;
}
@ -296,13 +296,7 @@ impl BridgeAuth {
+ cred.invites_issued * self.lox_priv.x[6])
* cred.P;
let Q_noopmigration = (self.migration_priv.x[0]
+ cred.id * self.migration_priv.x[1]
+ cred.bucket * self.migration_priv.x[2]
+ cred.bucket * self.migration_priv.x[3])
* cred.P_noopmigration;
return Q == cred.Q && Q_noopmigration == cred.Q_noopmigration;
return Q == cred.Q;
}
#[cfg(test)]

87
crates/lox-library/src/proto/level_up.rs
View File

@ -143,12 +143,6 @@ pub struct Response {
TBucket: RistrettoPoint,
TInvIssued: RistrettoPoint,
// The fields for the implicit noop migration ("nm") credential
P_nm: RistrettoPoint,
EncQ_nm: (RistrettoPoint, RistrettoPoint),
TId_nm: RistrettoPoint,
TBucket_nm: RistrettoPoint,
// The ZKP
piBlindIssue: CompactProof,
}
@ -211,12 +205,9 @@ define_proof! {
blindissue,
"Level Upgrade Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xinvissued,
s, b, tid, tbucket, tinvissued,
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
s, b, tid, tbucket, tinvissued),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
Xinvissued, Plevel, Psince, Pinvremain, TId, TBucket, TInvIssued,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
TId_nm, TBucket_nm,
D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvIssued0, EncInvIssued1),
(A, B):
Xid = (xid*A),
@ -237,18 +228,7 @@ define_proof! {
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + tinvissued*EncInvIssued0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
+ tinvissued*EncInvIssued1 + x0*P + xlevel*Plevel + xsince*Psince
+ xinvremain*Pinvremain),
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
TBucket_nm = (tbucket_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
+ xinvremain*Pinvremain)
}
pub fn request(
@ -782,30 +762,6 @@ impl BridgeAuth {
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvIssued.1,
);
// Now the no-op migration credential
// Compute the MAC on the visible attributes (none here)
let b_nm = Scalar::random(&mut rng);
let P_nm = &b_nm * Btable;
let QHc_nm = (self.migration_priv.x[0]) * P_nm;
// El Gamal encrypt it to the public key req.D
let s_nm = Scalar::random(&mut rng);
let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
// Homomorphically compute the part of the MAC corresponding to
// the blinded attributes
let tid_nm = self.migration_priv.x[1] * b_nm;
let TId_nm = &tid_nm * Atable;
let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
let TBucket_nm = &tbucket_nm * Atable;
let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
let EncQ_nm = (
EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
);
let mut transcript = Transcript::new(b"level upgrade issuing");
let piBlindIssue = blindissue::prove_compact(
&mut transcript,
@ -828,15 +784,6 @@ impl BridgeAuth {
TId: &TId,
TBucket: &TBucket,
TInvIssued: &TInvIssued,
P_nm: &P_nm,
EncQ0_nm: &EncQ_nm.0,
EncQ1_nm: &EncQ_nm.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
TId_nm: &TId_nm,
TBucket_nm: &TBucket_nm,
D: &req.D,
EncId0: &EncId.0,
EncId1: &EncId.1,
@ -857,15 +804,6 @@ impl BridgeAuth {
tid: &tid,
tbucket: &tbucket,
tinvissued: &tinvissued,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_nm,
b_nm: &b_nm,
tid_nm: &tid_nm,
tbucket_nm: &tbucket_nm,
},
)
.0;
@ -878,10 +816,6 @@ impl BridgeAuth {
TId,
TBucket,
TInvIssued,
P_nm,
EncQ_nm,
TId_nm,
TBucket_nm,
piBlindIssue,
})
}
@ -893,13 +827,12 @@ pub fn handle_response(
state: State,
resp: Response,
lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_nm.is_identity() {
if resp.P.is_identity() {
return Err(ProofError::VerificationFailure);
}
@ -935,15 +868,6 @@ pub fn handle_response(
TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(),
TInvIssued: &resp.TInvIssued.compress(),
P_nm: &resp.P_nm.compress(),
EncQ0_nm: &resp.EncQ_nm.0.compress(),
EncQ1_nm: &resp.EncQ_nm.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
TId_nm: &resp.TId_nm.compress(),
TBucket_nm: &resp.TBucket_nm.compress(),
D: &state.D.compress(),
EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(),
@ -957,9 +881,6 @@ pub fn handle_response(
// Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_nm
let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
Ok(cred::Lox {
P: resp.P,
Q,
@ -969,7 +890,5 @@ pub fn handle_response(
level_since: resp.level_since,
invites_remaining: state.invremain,
invites_issued: state.invissued,
P_noopmigration: resp.P_nm,
Q_noopmigration: Q_nm,
})
}

87
crates/lox-library/src/proto/migration.rs
View File

@ -92,12 +92,6 @@ pub struct Response {
TId: RistrettoPoint,
TBucket: RistrettoPoint,
// The fields for the implicit noop migration ("nm") credential
P_nm: RistrettoPoint,
EncQ_nm: (RistrettoPoint, RistrettoPoint),
TId_nm: RistrettoPoint,
TBucket_nm: RistrettoPoint,
// The ZKP
piBlindIssue: CompactProof,
}
@ -133,11 +127,8 @@ define_proof! {
define_proof! {
blindissue,
"Migration Blind Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket,
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm, tbucket_nm),
(x0, x0tilde, xid, xbucket, xlevel, xsince, s, b, tid, tbucket),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Plevel, Psince, TId, TBucket,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
TId_nm, TBucket_nm,
D, EncId0, EncId1, EncBucket0, EncBucket1),
(A, B):
Xid = (xid*A),
@ -151,18 +142,7 @@ define_proof! {
TBucket = (b*Xbucket),
TBucket = (tbucket*A),
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince),
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
TBucket_nm = (b_nm*Xfrom_nm + b_nm*Xto_nm),
TBucket_nm = (tbucket_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0 + tbucket_nm*EncBucket0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + tbucket_nm*EncBucket1 + x0_nm*P_nm)
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + x0*P + xlevel*Plevel + xsince*Psince)
}
pub fn request(
@ -441,30 +421,6 @@ impl BridgeAuth {
EncQHc.1 + EncQId.1 + EncQBucket.1,
);
// Now the no-op migration credential
// Compute the MAC on the visible attributes (none here)
let b_nm = Scalar::random(&mut rng);
let P_nm = &b_nm * Btable;
let QHc_nm = (self.migration_priv.x[0]) * P_nm;
// El Gamal encrypt it to the public key req.D
let s_nm = Scalar::random(&mut rng);
let EncQHc_nm = (&s_nm * Btable, QHc_nm + s_nm * req.D);
// Homomorphically compute the part of the MAC corresponding to
// the blinded attributes
let tid_nm = self.migration_priv.x[1] * b_nm;
let TId_nm = &tid_nm * Atable;
let EncQId_nm = (tid_nm * EncId.0, tid_nm * EncId.1);
let tbucket_nm = (self.migration_priv.x[2] + self.migration_priv.x[3]) * b_nm;
let TBucket_nm = &tbucket_nm * Atable;
let EncQBucket_nm = (tbucket_nm * req.EncBucket.0, tbucket_nm * req.EncBucket.1);
let EncQ_nm = (
EncQHc_nm.0 + EncQId_nm.0 + EncQBucket_nm.0,
EncQHc_nm.1 + EncQId_nm.1 + EncQBucket_nm.1,
);
let mut transcript = Transcript::new(b"migration issuing");
let piBlindIssue = blindissue::prove_compact(
&mut transcript,
@ -483,15 +439,6 @@ impl BridgeAuth {
Psince: &(level_since * P),
TId: &TId,
TBucket: &TBucket,
P_nm: &P_nm,
EncQ0_nm: &EncQ_nm.0,
EncQ1_nm: &EncQ_nm.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
TId_nm: &TId_nm,
TBucket_nm: &TBucket_nm,
D: &req.D,
EncId0: &EncId.0,
EncId1: &EncId.1,
@ -507,15 +454,6 @@ impl BridgeAuth {
b: &b,
tid: &tid,
tbucket: &tbucket,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_nm,
b_nm: &b_nm,
tid_nm: &tid_nm,
tbucket_nm: &tbucket_nm,
},
)
.0;
@ -527,10 +465,6 @@ impl BridgeAuth {
id_server,
TId,
TBucket,
P_nm,
EncQ_nm,
TId_nm,
TBucket_nm,
piBlindIssue,
})
}
@ -542,13 +476,12 @@ pub fn handle_response(
state: State,
resp: Response,
lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_nm.is_identity() {
if resp.P.is_identity() {
return Err(ProofError::VerificationFailure);
}
@ -581,15 +514,6 @@ pub fn handle_response(
Psince: &(resp.level_since * resp.P).compress(),
TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(),
P_nm: &resp.P_nm.compress(),
EncQ0_nm: &resp.EncQ_nm.0.compress(),
EncQ1_nm: &resp.EncQ_nm.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
TId_nm: &resp.TId_nm.compress(),
TBucket_nm: &resp.TBucket_nm.compress(),
D: &state.D.compress(),
EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(),
@ -601,9 +525,6 @@ pub fn handle_response(
// Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_nm
let Q_nm = resp.EncQ_nm.1 - (state.d * resp.EncQ_nm.0);
Ok(cred::Lox {
P: resp.P,
Q,
@ -613,7 +534,5 @@ pub fn handle_response(
level_since: resp.level_since,
invites_remaining: Scalar::zero(),
invites_issued: Scalar::zero(),
P_noopmigration: resp.P_nm,
Q_noopmigration: Q_nm,
})
}

83
crates/lox-library/src/proto/open_invite.rs
View File

@ -54,9 +54,6 @@ pub struct Response {
TId: RistrettoPoint,
bucket: Scalar,
level_since: Scalar,
P_noopmigration: RistrettoPoint,
EncQ_noopmigration: (RistrettoPoint, RistrettoPoint),
TId_noopmigration: RistrettoPoint,
piBlindIssue: CompactProof,
}
@ -76,11 +73,8 @@ define_proof! {
define_proof! {
blindissue,
"Open Invitation Blind Issuing",
(x0, x0tilde, xid, xbucket, xsince, s, b, tid,
x0_nm, x0tilde_nm, xid_nm, xfrom_nm, xto_nm, s_nm, b_nm, tid_nm),
(x0, x0tilde, xid, xbucket, xsince, s, b, tid),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xsince, Pbucket, Psince, TId,
P_nm, EncQ0_nm, EncQ1_nm, X0_nm, Xid_nm, Xfrom_nm, Xto_nm,
Pbucket_nm, TId_nm,
D, EncId0, EncId1),
(A, B) :
Xid = (xid*A),
@ -91,16 +85,7 @@ define_proof! {
TId = (b*Xid),
TId = (tid*A),
EncQ0 = (s*B + tid*EncId0),
EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince),
Xid_nm = (xid_nm*A),
Xfrom_nm = (xfrom_nm*A),
Xto_nm = (xto_nm*A),
X0_nm = (x0_nm*B + x0tilde_nm*A),
P_nm = (b_nm*B),
TId_nm = (b_nm*Xid_nm),
TId_nm = (tid_nm*A),
EncQ0_nm = (s_nm*B + tid_nm*EncId0),
EncQ1_nm = (s_nm*D + tid_nm*EncId1 + x0_nm*P_nm + xfrom_nm*Pbucket_nm + xto_nm*Pbucket_nm)
EncQ1 = (s*D + tid*EncId1 + x0*P + xbucket*Pbucket + xsince*Psince)
}
/// Submit an open invitation issued by the BridgeDb to receive your
@ -229,33 +214,6 @@ impl BridgeAuth {
let EncQ = (EncQHc.0 + EncQId.0, EncQHc.1 + EncQId.1);
// Now the no-op migration credential
// Compute the MAC on the visible attributes
let b_noopmigration = Scalar::random(&mut rng);
let P_noopmigration = &b_noopmigration * Btable;
let QHc_noopmigration = (self.migration_priv.x[0]
+ self.migration_priv.x[2] * bucket
+ self.migration_priv.x[3] * bucket)
* P_noopmigration;
// El Gamal encrypt it to the public key req.D
let s_noopmigration = Scalar::random(&mut rng);
let EncQHc_noopmigration = (
&s_noopmigration * Btable,
QHc_noopmigration + s_noopmigration * req.D,
);
// Homomorphically compute the part of the MAC corresponding to
// the blinded id attribute
let tid_noopmigration = self.migration_priv.x[1] * b_noopmigration;
let TId_noopmigration = &tid_noopmigration * Atable;
let EncQId_noopmigration = (tid_noopmigration * EncId.0, tid_noopmigration * EncId.1);
let EncQ_noopmigration = (
EncQHc_noopmigration.0 + EncQId_noopmigration.0,
EncQHc_noopmigration.1 + EncQId_noopmigration.1,
);
let mut transcript = Transcript::new(b"open invite issuing");
let piBlindIssue = blindissue::prove_compact(
&mut transcript,
@ -272,15 +230,6 @@ impl BridgeAuth {
Pbucket: &(bucket * P),
Psince: &(level_since * P),
TId: &TId,
P_nm: &P_noopmigration,
EncQ0_nm: &EncQ_noopmigration.0,
EncQ1_nm: &EncQ_noopmigration.1,
X0_nm: &self.migration_pub.X[0],
Xid_nm: &self.migration_pub.X[1],
Xfrom_nm: &self.migration_pub.X[2],
Xto_nm: &self.migration_pub.X[3],
Pbucket_nm: &(bucket * P_noopmigration),
TId_nm: &TId_noopmigration,
D: &req.D,
EncId0: &EncId.0,
EncId1: &EncId.1,
@ -292,14 +241,6 @@ impl BridgeAuth {
s: &s,
b: &b,
tid: &tid,
x0_nm: &self.migration_priv.x[0],
x0tilde_nm: &self.migration_priv.x0tilde,
xid_nm: &self.migration_priv.x[1],
xfrom_nm: &self.migration_priv.x[2],
xto_nm: &self.migration_priv.x[3],
s_nm: &s_noopmigration,
b_nm: &b_noopmigration,
tid_nm: &tid_noopmigration,
},
)
.0;
@ -311,9 +252,6 @@ impl BridgeAuth {
TId,
bucket,
level_since,
P_noopmigration,
EncQ_noopmigration,
TId_noopmigration,
piBlindIssue,
})
}
@ -325,13 +263,12 @@ pub fn handle_response(
state: State,
resp: Response,
lox_pub: &IssuerPubKey,
migration_pub: &IssuerPubKey,
) -> Result<cred::Lox, ProofError> {
let A: &RistrettoPoint = &CMZ_A;
let B: &RistrettoPoint = &CMZ_B;
let Btable: &RistrettoBasepointTable = &CMZ_B_TABLE;
if resp.P.is_identity() || resp.P_noopmigration.is_identity() {
if resp.P.is_identity() {
return Err(ProofError::VerificationFailure);
}
@ -361,15 +298,6 @@ pub fn handle_response(
Pbucket: &(resp.bucket * resp.P).compress(),
Psince: &(resp.level_since * resp.P).compress(),
TId: &resp.TId.compress(),
P_nm: &resp.P_noopmigration.compress(),
EncQ0_nm: &resp.EncQ_noopmigration.0.compress(),
EncQ1_nm: &resp.EncQ_noopmigration.1.compress(),
X0_nm: &migration_pub.X[0].compress(),
Xid_nm: &migration_pub.X[1].compress(),
Xfrom_nm: &migration_pub.X[2].compress(),
Xto_nm: &migration_pub.X[3].compress(),
Pbucket_nm: &(resp.bucket * resp.P_noopmigration).compress(),
TId_nm: &resp.TId_noopmigration.compress(),
D: &state.D.compress(),
EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(),
@ -379,9 +307,6 @@ pub fn handle_response(
// Decrypt EncQ
let Q = resp.EncQ.1 - (state.d * resp.EncQ.0);
// Decrypt EncQ_noopmigration
let Q_noopmigration = resp.EncQ_noopmigration.1 - (state.d * resp.EncQ_noopmigration.0);
Ok(cred::Lox {
P: resp.P,
Q,
@ -391,7 +316,5 @@ pub fn handle_response(
level_since: resp.level_since,
invites_remaining: Scalar::zero(),
invites_issued: Scalar::zero(),
P_noopmigration: resp.P_noopmigration,
Q_noopmigration,
})
}

9
crates/lox-library/src/tests.rs
View File

@ -36,7 +36,7 @@ fn test_open_invite() {
// Use it to get a Lox credential
let (req, state) = open_invite::request(&inv);
let resp = ba.handle_open_invite(req).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
// Check that we can use the credential to read a bucket
let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
@ -89,7 +89,7 @@ fn trust_promotion(bdb: &BridgeDb, ba: &mut BridgeAuth) -> (cred::Lox, cred::Mig
// Use it to get a Lox credential
let (req, state) = open_invite::request(&inv);
let resp = ba.handle_open_invite(req).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
let cred = open_invite::handle_response(state, resp, &ba.lox_pub).unwrap();
assert!(ba.verify_lox(&cred));
// Time passes
@ -125,8 +125,7 @@ fn level0_migration(bdb: &BridgeDb, ba: &mut BridgeAuth) -> cred::Lox {
let (migreq, migstate) =
migration::request(&loxcred, &migcred, &ba.lox_pub, &ba.migration_pub).unwrap();
let migresp = ba.handle_migration(migreq).unwrap();
let newloxcred =
migration::handle_response(migstate, migresp, &ba.lox_pub, &ba.migration_pub).unwrap();
let newloxcred = migration::handle_response(migstate, migresp, &ba.lox_pub).unwrap();
newloxcred
}
@ -167,7 +166,7 @@ fn level_up(ba: &mut BridgeAuth, cred: &cred::Lox) -> cred::Lox {
)
.unwrap();
let resp = ba.handle_level_up(req).unwrap();
let cred = level_up::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
let cred = level_up::handle_response(state, resp, &ba.lox_pub).unwrap();
cred
}