Add a migration type attribute to the Migration credential
This commit is contained in:
Ian Goldberg
parent
0664dd7b45
commit
27773123a3
|
|
@ -10,7 +10,11 @@ use curve25519_dalek::scalar::Scalar;
|
||||||
/// A migration credential.
|
/// A migration credential.
|
||||||
///
|
///
|
||||||
/// This credential authorizes the holder of the Lox credential with the
|
/// This credential authorizes the holder of the Lox credential with the
|
||||||
/// given id to switch from bucket from_bucket to bucket to_bucket.
|
/// given id to switch from bucket from_bucket to bucket to_bucket. The
|
||||||
|
/// mig_type attribute is 0 for trust upgrade migrations (moving from a
|
||||||
|
/// 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1 for
|
||||||
|
/// blockage migrations (moving buckets because the from_bucket has been
|
||||||
|
/// blocked).
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct Migration {
|
pub struct Migration {
|
||||||
pub P: RistrettoPoint,
|
pub P: RistrettoPoint,
|
||||||
|
|
@ -18,6 +22,7 @@ pub struct Migration {
|
||||||
pub lox_id: Scalar,
|
pub lox_id: Scalar,
|
||||||
pub from_bucket: Scalar,
|
pub from_bucket: Scalar,
|
||||||
pub to_bucket: Scalar,
|
pub to_bucket: Scalar,
|
||||||
|
pub mig_type: Scalar,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The main user credential in the Lox system.
|
/// The main user credential in the Lox system.
|
||||||
|
|
|
||||||
|
|
@ -249,7 +249,7 @@ impl BridgeAuth {
|
||||||
// credential, each with the appropriate number of attributes
|
// credential, each with the appropriate number of attributes
|
||||||
let lox_priv = IssuerPrivKey::new(6);
|
let lox_priv = IssuerPrivKey::new(6);
|
||||||
let lox_pub = IssuerPubKey::new(&lox_priv);
|
let lox_pub = IssuerPubKey::new(&lox_priv);
|
||||||
let migration_priv = IssuerPrivKey::new(3);
|
let migration_priv = IssuerPrivKey::new(4);
|
||||||
let migration_pub = IssuerPubKey::new(&migration_priv);
|
let migration_pub = IssuerPubKey::new(&migration_priv);
|
||||||
let migrationkey_priv = IssuerPrivKey::new(2);
|
let migrationkey_priv = IssuerPrivKey::new(2);
|
||||||
let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
|
let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
|
||||||
|
|
@ -297,7 +297,6 @@ impl BridgeAuth {
|
||||||
single[0] = *b;
|
single[0] = *b;
|
||||||
let snum = self.bridge_table.new_bucket(&single);
|
let snum = self.bridge_table.new_bucket(&single);
|
||||||
bdb.insert_openinv(snum);
|
bdb.insert_openinv(snum);
|
||||||
println!("Adding {} -> {}", snum, bnum);
|
|
||||||
self.trustup_migration_table.table.insert(snum, bnum);
|
self.trustup_migration_table.table.insert(snum, bnum);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -79,6 +79,7 @@ pub fn encrypt_cred(
|
||||||
id: &Scalar,
|
id: &Scalar,
|
||||||
from_bucket: &Scalar,
|
from_bucket: &Scalar,
|
||||||
to_bucket: &Scalar,
|
to_bucket: &Scalar,
|
||||||
|
mig_type: &Scalar,
|
||||||
Pktable: &RistrettoBasepointTable,
|
Pktable: &RistrettoBasepointTable,
|
||||||
migration_priv: &IssuerPrivKey,
|
migration_priv: &IssuerPrivKey,
|
||||||
migrationkey_priv: &IssuerPrivKey,
|
migrationkey_priv: &IssuerPrivKey,
|
||||||
|
|
@ -100,7 +101,8 @@ pub fn encrypt_cred(
|
||||||
* (migration_priv.x[0]
|
* (migration_priv.x[0]
|
||||||
+ migration_priv.x[1] * id
|
+ migration_priv.x[1] * id
|
||||||
+ migration_priv.x[2] * from_bucket
|
+ migration_priv.x[2] * from_bucket
|
||||||
+ migration_priv.x[3] * to_bucket))
|
+ migration_priv.x[3] * to_bucket
|
||||||
|
+ migration_priv.x[4] * mig_type))
|
||||||
* Btable;
|
* Btable;
|
||||||
|
|
||||||
// Serialize (to_bucket, P, Q)
|
// Serialize (to_bucket, P, Q)
|
||||||
|
|
@ -139,7 +141,8 @@ pub fn encrypt_cred(
|
||||||
|
|
||||||
/// Create an encrypted Migration credential for returning to the user
|
/// Create an encrypted Migration credential for returning to the user
|
||||||
/// in the trust promotion protocol, given the ids of the from and to
|
/// in the trust promotion protocol, given the ids of the from and to
|
||||||
/// buckets, and using a BridgeTable to get the bucket keys.
|
/// buckets, and the migration type, and using a BridgeTable to get the
|
||||||
|
/// bucket keys.
|
||||||
///
|
///
|
||||||
/// Otherwise the same as encrypt_cred, above, except it returns an
|
/// Otherwise the same as encrypt_cred, above, except it returns an
|
||||||
/// Option in case the passed ids were invalid.
|
/// Option in case the passed ids were invalid.
|
||||||
|
|
@ -147,6 +150,7 @@ pub fn encrypt_cred_ids(
|
||||||
id: &Scalar,
|
id: &Scalar,
|
||||||
from_id: u32,
|
from_id: u32,
|
||||||
to_id: u32,
|
to_id: u32,
|
||||||
|
mig_type: &Scalar,
|
||||||
bridgetable: &bridge_table::BridgeTable,
|
bridgetable: &bridge_table::BridgeTable,
|
||||||
Pktable: &RistrettoBasepointTable,
|
Pktable: &RistrettoBasepointTable,
|
||||||
migration_priv: &IssuerPrivKey,
|
migration_priv: &IssuerPrivKey,
|
||||||
|
|
@ -159,6 +163,7 @@ pub fn encrypt_cred_ids(
|
||||||
id,
|
id,
|
||||||
&bridge_table::to_scalar(from_id, fromkey),
|
&bridge_table::to_scalar(from_id, fromkey),
|
||||||
&bridge_table::to_scalar(to_id, tokey),
|
&bridge_table::to_scalar(to_id, tokey),
|
||||||
|
mig_type,
|
||||||
Pktable,
|
Pktable,
|
||||||
migration_priv,
|
migration_priv,
|
||||||
migrationkey_priv,
|
migrationkey_priv,
|
||||||
|
|
@ -192,6 +197,7 @@ impl MigrationTable {
|
||||||
id,
|
id,
|
||||||
*from_id,
|
*from_id,
|
||||||
*to_id,
|
*to_id,
|
||||||
|
&self.migration_type,
|
||||||
bridgetable,
|
bridgetable,
|
||||||
Pktable,
|
Pktable,
|
||||||
migration_priv,
|
migration_priv,
|
||||||
|
|
@ -203,12 +209,14 @@ impl MigrationTable {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt an encrypted Migration credential given Qk, the known
|
/// Decrypt an encrypted Migration credential given Qk, the known
|
||||||
/// attributes id and from_bucket for the Migration credential, and a
|
/// attributes id and from_bucket for the Migration credential as well
|
||||||
/// HashMap mapping labels to ciphertexts.
|
/// as the known migration type, and a HashMap mapping labels to
|
||||||
|
/// ciphertexts.
|
||||||
pub fn decrypt_cred(
|
pub fn decrypt_cred(
|
||||||
Qk: &RistrettoPoint,
|
Qk: &RistrettoPoint,
|
||||||
lox_id: &Scalar,
|
lox_id: &Scalar,
|
||||||
from_bucket: &Scalar,
|
from_bucket: &Scalar,
|
||||||
|
mig_type: MigrationType,
|
||||||
enc_migration_table: &HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
|
enc_migration_table: &HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
|
||||||
) -> Option<Migration> {
|
) -> Option<Migration> {
|
||||||
// Compute the hash of (id, from_bucket, Qk)
|
// Compute the hash of (id, from_bucket, Qk)
|
||||||
|
|
@ -248,5 +256,6 @@ pub fn decrypt_cred(
|
||||||
lox_id: *lox_id,
|
lox_id: *lox_id,
|
||||||
from_bucket: *from_bucket,
|
from_bucket: *from_bucket,
|
||||||
to_bucket,
|
to_bucket,
|
||||||
|
mig_type: mig_type.into(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -542,7 +542,13 @@ pub fn handle_response(state: State, resp: Response) -> Result<cred::Migration,
|
||||||
let Qk = resp.EncQk.1 - (state.d * resp.EncQk.0);
|
let Qk = resp.EncQk.1 - (state.d * resp.EncQk.0);
|
||||||
|
|
||||||
// Use Qk to locate and decrypt the Migration credential
|
// Use Qk to locate and decrypt the Migration credential
|
||||||
match migration_table::decrypt_cred(&Qk, &state.id, &state.bucket, &resp.enc_migration_table) {
|
match migration_table::decrypt_cred(
|
||||||
|
&Qk,
|
||||||
|
&state.id,
|
||||||
|
&state.bucket,
|
||||||
|
migration_table::MigrationType::TrustUpgrade,
|
||||||
|
&resp.enc_migration_table,
|
||||||
|
) {
|
||||||
Some(m) => Ok(m),
|
Some(m) => Ok(m),
|
||||||
None => Err(ProofError::VerificationFailure),
|
None => Err(ProofError::VerificationFailure),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue