vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add EXPIRY_DATE constant and fixup cloned vectors

This commit is contained in:
onyinyang 2023-07-28 12:27:49 -04:00
parent 93ce3e41b7
commit f52c6f515a
No known key found for this signature in database
GPG Key ID: 156A6435430C2036
4 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crates/lox-distributor/src/request_handler.rs
View File

@ -103,7 +103,6 @@ mod tests {
impl LoxClient for LoxClientMock { impl LoxClient for LoxClientMock {
fn invite(&self) -> Request<Body> { fn invite(&self) -> Request<Body> {
Request::builder() Request::builder()
.method("POST") .method("POST")
.uri("http://localhost/invite") .uri("http://localhost/invite")
@ -111,7 +110,6 @@ mod tests {
.unwrap() .unwrap()
} }
fn reachability(&self) -> Request<Body> { fn reachability(&self) -> Request<Body> {
Request::builder() Request::builder()
.method("POST") .method("POST")
.uri("http://localhost/reachability") .uri("http://localhost/reachability")
@ -120,7 +118,6 @@ mod tests {
} }
fn pubkeys(&self) -> Request<Body> { fn pubkeys(&self) -> Request<Body> {
Request::builder() Request::builder()
.method("POST") .method("POST")
.uri("http://localhost/pubkeys") .uri("http://localhost/pubkeys")

5
crates/lox-library/src/bridge_table.rs
View File

@ -260,11 +260,10 @@ pub struct BridgeTable {
pub recycleable_keys: Vec<u32>, pub recycleable_keys: Vec<u32>,
// We maintain a list of keys that have been blocked (bucket_id: u32), as well as the // We maintain a list of keys that have been blocked (bucket_id: u32), as well as the
// time (julian_date: u32) of their blocking so that they can be repurposed with new // time (julian_date: u32) of their blocking so that they can be repurposed with new
// buckets eventually // buckets after the EXPIRY_DATE
pub blocked_keys: Vec<(u32, u32)>, pub blocked_keys: Vec<(u32, u32)>,
// Similarly, we maintain a list of open entry buckets (bucket_id: u32) and the time they were // Similarly, we maintain a list of open entry buckets (bucket_id: u32) and the time they were
// created (julian_date: u32) so they will be listed as expired after some amount of time // created (julian_date: u32) so they will be listed as expired after the EXPIRY_DATE
// (e.g., 511 days, which is the maximum time an open-invitation credential would still be valid)
// TODO: add open entry buckets to the open_inv_keys only once they have been distributed // TODO: add open entry buckets to the open_inv_keys only once they have been distributed
pub open_inv_keys: Vec<(u32, u32)>, pub open_inv_keys: Vec<(u32, u32)>,
/// The date the buckets were last encrypted to make the encbucket. /// The date the buckets were last encrypted to make the encbucket.

40
crates/lox-library/src/lib.rs
View File

@ -60,6 +60,11 @@ lazy_static! {
dalek_constants::RISTRETTO_BASEPOINT_TABLE; dalek_constants::RISTRETTO_BASEPOINT_TABLE;
} }
// EXPIRY_DATE is set to EXPIRY_DATE days for open-entry and blocked buckets in order to match
// the expiry date for Lox credentials. This particular value (EXPIRY_DATE) is chosen because
// values that are 2^k 1 make range proofs more efficient, but this can be changed to any value
pub const EXPIRY_DATE: u32 = 511;
#[derive(PartialEq, Eq)] #[derive(PartialEq, Eq)]
pub enum ReplaceSuccess { pub enum ReplaceSuccess {
NotFound = 0, NotFound = 0,
@ -664,12 +669,8 @@ impl BridgeAuth {
// This should include buckets that have been blocked for a sufficiently long period // This should include buckets that have been blocked for a sufficiently long period
// that we no longer want to allow migration to, or else, open-entry buckets that // that we no longer want to allow migration to, or else, open-entry buckets that
// have been unblocked long enough to become trusted and who's users' credentials // have been unblocked long enough to become trusted and who's users' credentials
// would have expired (after 511 days) // would have expired (after EXPIRY_DATE)
pub fn clean_up_expired_buckets(&mut self, bdb: &mut BridgeDb) { pub fn clean_up_expired_buckets(&mut self, bdb: &mut BridgeDb) {
// Consider including migration tables and check age of from buckets
// If an open-invitation bucket is more than 511 days old, it should be recycled
// If a blocked bridge is more than 511 (the maximum validity of a credential in days) days old, it should also be recycled
// First check if there are any blocked indexes that are old enough to be replaced // First check if there are any blocked indexes that are old enough to be replaced
self.clean_up_blocked(); self.clean_up_blocked();
// Next do the same for open_invitations buckets // Next do the same for open_invitations buckets
@ -682,14 +683,12 @@ impl BridgeAuth {
.bridge_table .bridge_table
.blocked_keys .blocked_keys
.iter() .iter()
.any(|&x| x.1 + 511 < self.today()) .any(|&x| x.1 + EXPIRY_DATE < self.today())
//Perhaps 511 should be changed to an earlier time
{ {
let blocked_keys_clone = self.bridge_table.blocked_keys.clone(); // If there are expired blockages, separate them from the fresh blockages
// If so, separate them from the fresh blockages let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.blocked_keys
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = blocked_keys_clone .iter()
.into_iter() .partition(|&x| x.1 + EXPIRY_DATE < self.today());
.partition(|&x| x.1 + 511 < self.today());
for item in expired { for item in expired {
let new_item = item.0; let new_item = item.0;
// check each single bridge line and ensure none are still marked as reachable. // check each single bridge line and ensure none are still marked as reachable.
@ -716,6 +715,12 @@ impl BridgeAuth {
self.bridge_table.keys.remove(&new_item); self.bridge_table.keys.remove(&new_item);
//and add them to the recyclable keys //and add them to the recyclable keys
self.bridge_table.recycleable_keys.push(new_item); self.bridge_table.recycleable_keys.push(new_item);
// Remove the expired blocked bucket from the blockage migration table,
// assuming that anyone that has still not attempted to migrate from their
// blocked bridge after the EXPIRY_DATE probably doesn't still need to migrate.
self.blockage_migration_table
.table
.retain(|&k, _| k != new_item);
} }
// Finally, update the blocked_keys vector to only include the fresh keys // Finally, update the blocked_keys vector to only include the fresh keys
self.bridge_table.blocked_keys = fresh self.bridge_table.blocked_keys = fresh
@ -729,14 +734,13 @@ impl BridgeAuth {
.bridge_table .bridge_table
.open_inv_keys .open_inv_keys
.iter() .iter()
.any(|&x| x.1 + 511 < self.today()) .any(|&x| x.1 + EXPIRY_DATE < self.today())
//Perhaps 511 should be changed to an earlier time //Perhaps EXPIRY_DATE should be changed to an earlier time
{ {
let open_inv_keys_clone = self.bridge_table.open_inv_keys.clone();
// If so, separate them from the fresh open invitation indexes // If so, separate them from the fresh open invitation indexes
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = open_inv_keys_clone let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.open_inv_keys
.into_iter() .iter()
.partition(|&x| x.1 + 511 < self.today()); .partition(|&x| x.1 + EXPIRY_DATE < self.today());
for item in expired { for item in expired {
let new_item = item.0; let new_item = item.0;
bdb.remove_openinv(&new_item); bdb.remove_openinv(&new_item);