diff --git a/Cargo.lock b/Cargo.lock index 8405525..c1bf0c6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -168,9 +168,9 @@ checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64" -version = "0.22.0" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" @@ -228,9 +228,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" @@ -760,9 +760,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "js-sys", @@ -1170,9 +1170,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.154" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" [[package]] name = "libm" @@ -1206,8 +1206,12 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" name = "lox-distributor" version = "0.1.0" dependencies = [ +<<<<<<< HEAD "array-bytes", "base64 0.22.0", +======= + "base64 0.22.1", +>>>>>>> origin/blockage_migration_test "chrono", "clap", "curve25519-dalek", @@ -1240,7 +1244,7 @@ name = "lox-library" version = "0.1.0" dependencies = [ "aes-gcm", - "base64 0.22.0", + "base64 0.22.1", "bincode", "chrono", "curve25519-dalek", @@ -1291,7 +1295,7 @@ version = "0.1.0" dependencies = [ "chrono", "console_error_panic_hook", - "getrandom 0.2.12", + "getrandom 0.2.15", "js-sys", "julianday", "lazy_static", @@ -1321,7 +1325,7 @@ dependencies = [ name = "lox_utils" version = "0.1.0" dependencies = [ - "base64 0.22.0", + "base64 0.22.1", "chrono", "lox-library 0.1.0", "rand 0.8.5", @@ -1774,9 +1778,9 @@ dependencies = [ [[package]] name = "prometheus" -version = "0.13.3" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "449811d15fbdf5ceb5c1144416066429cf82316e2ec8ce0c1f6f8a02e7bbcf8c" +checksum = "3d33c28a30771f7f96db69893f78b857f7450d7e0237e9c8fc6427a81bae7ed1" dependencies = [ "cfg-if", "fnv", @@ -1928,7 +1932,7 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.12", + "getrandom 0.2.15", ] [[package]] @@ -2273,18 +2277,18 @@ checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "c5e405930b9796f1c00bee880d03fc7e0bb4b9a11afc776885ffe84320da2865" dependencies = [ "proc-macro2", "quote", @@ -2293,9 +2297,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.113" +version = "1.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69801b70b1c3dac963ecb03a364ba0ceda9cf60c71cfe475e99864759c8b8a79" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" dependencies = [ "itoa", "ryu", @@ -2316,11 +2320,11 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.7.0" +version = "3.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee80b0e361bbf88fd2f6e242ccd19cfda072cb0faa6ae694ecee08199938569a" +checksum = "0ad483d2ab0149d5a5ebcd9972a3852711e0153d863bf5a5d0391d28883c4a20" dependencies = [ - "base64 0.21.7", + "base64 0.22.1", "chrono", "hex", "indexmap 1.9.3", @@ -2334,9 +2338,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.7.0" +version = "3.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6561dc161a9224638a31d876ccdfefbc1df91d3f3a8342eddb35f055d48c7655" +checksum = "65569b702f41443e8bc8bbb1c5779bd0450bbe723b56198980e80ec45780bce2" dependencies = [ "darling", "proc-macro2", @@ -2568,18 +2572,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.59" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0126ad08bff79f29fc3ae6a55cc72352056dfff61e3ff8bb7129476d44b23aa" +checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.59" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1cd413b5d558b4c5bf3680e324a6fa5014e7b7c067a51e69dbdf47eb7148b66" +checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524" dependencies = [ "proc-macro2", "quote", @@ -2634,9 +2638,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.36.0" +version = "1.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" +checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" dependencies = [ "backtrace", "bytes", @@ -2709,16 +2713,15 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] diff --git a/crates/lox-library/Cargo.toml b/crates/lox-library/Cargo.toml index 0075670..d9741b6 100644 --- a/crates/lox-library/Cargo.toml +++ b/crates/lox-library/Cargo.toml @@ -24,7 +24,7 @@ serde_with = {version = "3.7.0", features = ["json"]} sha1 = "0.10" sha2 = "0.10" statistical = "1.0.0" -lazy_static = "1" +lazy_static = "1.4.0" hex_fmt = "0.3" aes-gcm = { version = "0.10", features =["aes"]} base64 = "0.22.0" diff --git a/crates/lox-library/src/proto/blockage_migration.rs b/crates/lox-library/src/proto/blockage_migration.rs index 043aec8..4829479 100644 --- a/crates/lox-library/src/proto/blockage_migration.rs +++ b/crates/lox-library/src/proto/blockage_migration.rs @@ -104,9 +104,11 @@ pub struct Response { // The fields for the new Lox credential P: RistrettoPoint, EncQ: (RistrettoPoint, RistrettoPoint), + EncInvRemain: (RistrettoPoint, RistrettoPoint), id_server: Scalar, TId: RistrettoPoint, TBucket: RistrettoPoint, + TInvRemain: RistrettoPoint, TBlockages: RistrettoPoint, // The lox_zkp @@ -153,10 +155,11 @@ define_proof! { blindissue, "Blockage Migration Blind Issuing", (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages, - s, b, tid, tbucket, tblockages), + s, b, tid, tbucket, tinvremain, tblockages), (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain, - Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages, - D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1), + Xblockages, Plevel, Psince, TId, TBucket, TInvRemain, TBlockages, + D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvRemain0, + EncInvRemain1, EncBlockages0, EncBlockages1), (A, B): Xid = (xid*A), Xlevel = (xlevel*A), @@ -170,11 +173,15 @@ define_proof! { TId = (tid*A), TBucket = (b*Xbucket), TBucket = (tbucket*A), + TInvRemain = (b*Xinvremain), + TInvRemain = (tinvremain*A), TBlockages = (b*Xblockages), TBlockages = (tblockages*A), EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 + + tinvremain*EncInvRemain0 + tblockages*EncBlockages0), EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 + + tinvremain*EncInvRemain1 + tblockages*EncBlockages1 + x0*P + xlevel*Plevel + xsince*Psince) } @@ -487,6 +494,12 @@ impl BridgeAuth { // invitations for moving from level i to level i+1) let invremain: Scalar = LEVEL_INVITATIONS[(level - 3) as usize].into(); + let sinvremain = Scalar::random(&mut rng); + let EncInvRemain = ( + &sinvremain * Btable, + &invremain * Btable + sinvremain * req.D, + ); + // Compute the MAC on the visible attributes let b = Scalar::random(&mut rng); let P = &b * Btable; @@ -507,6 +520,9 @@ impl BridgeAuth { let tbucket = self.lox_priv.x[2] * b; let TBucket = &tbucket * Atable; let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1); + let tinvremain = self.lox_priv.x[5] * b; + let TInvRemain = &tinvremain * Atable; + let EncQInvRemain = (tinvremain * EncInvRemain.0, tinvremain * EncInvRemain.1); let tblockages = self.lox_priv.x[6] * b; let TBlockages = &tblockages * Atable; let EncQBlockages = ( @@ -515,8 +531,8 @@ impl BridgeAuth { ); let EncQ = ( - EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0, - EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1, + EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvRemain.0 + EncQBlockages.0, + EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvRemain.1 + EncQBlockages.1, ); let mut transcript = Transcript::new(b"blockage migration issuing"); @@ -537,15 +553,17 @@ impl BridgeAuth { Xblockages: &self.lox_pub.X[6], Plevel: &(trust_level * P), Psince: &(level_since * P), - Pinvremain: &(invremain * P), TId: &TId, TBucket: &TBucket, + TInvRemain: &TInvRemain, TBlockages: &TBlockages, D: &req.D, EncId0: &EncId.0, EncId1: &EncId.1, EncBucket0: &req.EncBucket.0, EncBucket1: &req.EncBucket.1, + EncInvRemain0: &EncInvRemain.0, + EncInvRemain1: &EncInvRemain.1, EncBlockages0: &req.EncBlockages.0, EncBlockages1: &req.EncBlockages.1, x0: &self.lox_priv.x[0], @@ -560,6 +578,7 @@ impl BridgeAuth { b: &b, tid: &tid, tbucket: &tbucket, + tinvremain: &tinvremain, tblockages: &tblockages, }, ) @@ -569,9 +588,11 @@ impl BridgeAuth { level_since, P, EncQ, + EncInvRemain, id_server, TId, TBucket, + TInvRemain, TBlockages, piBlindIssue, }) @@ -613,6 +634,13 @@ pub fn handle_response( // moving from level i to level i+1) let invremain: Scalar = LEVEL_INVITATIONS[(new_level - 1) as usize].into(); + // Decrypt EncInvRemain + let recv_invremain = resp.EncInvRemain.1 - (state.d * resp.EncInvRemain.0); + + if recv_invremain != &invremain * Btable { + return Err(ProofError::VerificationFailure); + } + // Verify the proof let mut transcript = Transcript::new(b"blockage migration issuing"); blindissue::verify_compact( @@ -633,15 +661,17 @@ pub fn handle_response( Xblockages: &lox_pub.X[6].compress(), Plevel: &(state.trust_level * resp.P).compress(), Psince: &(resp.level_since * resp.P).compress(), - Pinvremain: &(invremain * resp.P).compress(), TId: &resp.TId.compress(), TBucket: &resp.TBucket.compress(), + TInvRemain: &resp.TInvRemain.compress(), TBlockages: &resp.TBlockages.compress(), D: &state.D.compress(), EncId0: &EncId.0.compress(), EncId1: &EncId.1.compress(), EncBucket0: &state.EncBucket.0.compress(), EncBucket1: &state.EncBucket.1.compress(), + EncInvRemain0: &resp.EncInvRemain.0.compress(), + EncInvRemain1: &resp.EncInvRemain.1.compress(), EncBlockages0: &state.EncBlockages.0.compress(), EncBlockages1: &state.EncBlockages.1.compress(), }, diff --git a/crates/lox-library/src/tests.rs b/crates/lox-library/src/tests.rs index bd53068..761b0ca 100644 --- a/crates/lox-library/src/tests.rs +++ b/crates/lox-library/src/tests.rs @@ -1391,8 +1391,17 @@ fn test_blockage_migration() { println!("cred3 = {:?}", cred3); assert!(th.ba.verify_lox(&cred3)); + // Time passes + th.advance_days(56); + + // Go up to level 4 + let (_four_perf_stat, cred4) = th.level_up(&cred3); + assert!(scalar_u32(&cred4.trust_level).unwrap() == 4); + println!("cred4 = {:?}", cred4); + assert!(th.ba.verify_lox(&cred4)); + // Get our bridges - let (id, key) = bridge_table::from_scalar(cred3.bucket).unwrap(); + let (id, key) = bridge_table::from_scalar(cred4.bucket).unwrap(); let encbuckets = th.ba.enc_bridge_table(); let bucket = bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap(); @@ -1410,7 +1419,6 @@ fn test_blockage_migration() { // Time passes th.advance_days(1); - let encbuckets2 = th.ba.enc_bridge_table(); let bucket2 = bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap(); @@ -1418,15 +1426,62 @@ fn test_blockage_migration() { assert!(bucket2.1.is_none()); // See about getting a Migration credential for the blockage - let (_block_perf_stat, migration) = th.check_blockage(&cred3); + let (_block_perf_stat, migration) = th.check_blockage(&cred4); println!("migration = {:?}", migration); // Migrate - let (_four_perf_stat, cred4) = th.blockage_migration(&cred3, &migration); + let (_five_perf_stat, cred5) = th.blockage_migration(&cred4, &migration); - println!("cred4 = {:?}", cred4); - assert!(th.ba.verify_lox(&cred4)); + assert!(scalar_u32(&cred5.trust_level).unwrap() == 2); + println!("cred5 = {:?}", cred5); + assert!(th.ba.verify_lox(&cred5)); + + // Time passes + th.advance_days(29); + + // Go up to level 3 + let (_six_perf_stat, cred6) = th.level_up(&cred5); + assert!(scalar_u32(&cred6.trust_level).unwrap() == 3); + println!("cred6 = {:?}", cred6); + assert!(th.ba.verify_lox(&cred6)); + + // Get our bridges + let (id, key) = bridge_table::from_scalar(cred6.bucket).unwrap(); + let encbuckets = th.ba.enc_bridge_table(); + let bucket = + bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap(); + // We should have a Bridge Reachability credential + assert!(bucket.1.is_some()); + + // Oh, no! Two of our bridges are blocked! + th.ba.bridge_blocked(&bucket.0[1], &mut th.bdb); + th.ba.bridge_blocked(&bucket.0[2], &mut th.bdb); + + println!("spares = {:?}", th.ba.bridge_table.spares); + println!("tmig = {:?}", th.ba.trustup_migration_table.table); + println!("bmig = {:?}", th.ba.blockage_migration_table.table); + println!("openinv = {:?}\n", th.bdb.openinv_buckets); + + // Time passes + th.advance_days(1); + let encbuckets2 = th.ba.enc_bridge_table(); + let bucket2 = + bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap(); + // We should no longer have a Bridge Reachability credential + assert!(bucket2.1.is_none()); + + // See about getting a Migration credential for the blockage + let (_block_perf_stat, migration) = th.check_blockage(&cred6); + + println!("migration = {:?}", migration); + + // Migrate + let (_seven_perf_stat, cred7) = th.blockage_migration(&cred6, &migration); + + assert!(scalar_u32(&cred7.trust_level).unwrap() == 1); + println!("cred7 = {:?}", cred7); + assert!(th.ba.verify_lox(&cred7)); } #[test] diff --git a/crates/lox-wasm/Cargo.toml b/crates/lox-wasm/Cargo.toml index e84e5c8..4c1516f 100644 --- a/crates/lox-wasm/Cargo.toml +++ b/crates/lox-wasm/Cargo.toml @@ -15,12 +15,12 @@ readme = "README.md" crate-type = ["cdylib"] [dependencies] -getrandom = { version = "0.2", features = ["js"] } +getrandom = { version = "0.2.14", features = ["js"] } julianday = "1.2.0" lazy_static = "1.4.0" lox-library = { path = "../lox-library", version = "0.1.0" } lox_utils = { path = "../lox-utils", version = "0.1.0" } -wasm-bindgen = "0.2" +wasm-bindgen = "0.2.92" time = "0.3.36" serde_json = "1.0.113"