vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add EXPIRY_DATE constant and fixup cloned vectors

This commit is contained in:
onyinyang 2023-07-28 12:27:49 -04:00
parent 93ce3e41b7
commit f52c6f515a
No known key found for this signature in database
GPG Key ID: 156A6435430C2036
4 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crates/lox-distributor/src/request_handler.rs
View File

@ -103,7 +103,6 @@ mod tests {
impl LoxClient for LoxClientMock {
fn invite(&self) -> Request<Body> {
Request::builder()
.method("POST")
.uri("http://localhost/invite")
@ -111,7 +110,6 @@ mod tests {
.unwrap()
}
fn reachability(&self) -> Request<Body> {
Request::builder()
.method("POST")
.uri("http://localhost/reachability")
@ -120,7 +118,6 @@ mod tests {
}
fn pubkeys(&self) -> Request<Body> {
Request::builder()
.method("POST")
.uri("http://localhost/pubkeys")

5
crates/lox-library/src/bridge_table.rs
View File

@ -260,11 +260,10 @@ pub struct BridgeTable {
pub recycleable_keys: Vec<u32>,
// We maintain a list of keys that have been blocked (bucket_id: u32), as well as the
// time (julian_date: u32) of their blocking so that they can be repurposed with new
// buckets eventually
// buckets after the EXPIRY_DATE
pub blocked_keys: Vec<(u32, u32)>,
// Similarly, we maintain a list of open entry buckets (bucket_id: u32) and the time they were
// created (julian_date: u32) so they will be listed as expired after some amount of time
// (e.g., 511 days, which is the maximum time an open-invitation credential would still be valid)
// created (julian_date: u32) so they will be listed as expired after the EXPIRY_DATE
// TODO: add open entry buckets to the open_inv_keys only once they have been distributed
pub open_inv_keys: Vec<(u32, u32)>,
/// The date the buckets were last encrypted to make the encbucket.

40
crates/lox-library/src/lib.rs
View File

@ -60,6 +60,11 @@ lazy_static! {
dalek_constants::RISTRETTO_BASEPOINT_TABLE;
}
// EXPIRY_DATE is set to EXPIRY_DATE days for open-entry and blocked buckets in order to match
// the expiry date for Lox credentials. This particular value (EXPIRY_DATE) is chosen because
// values that are 2^k 1 make range proofs more efficient, but this can be changed to any value
pub const EXPIRY_DATE: u32 = 511;
#[derive(PartialEq, Eq)]
pub enum ReplaceSuccess {
NotFound = 0,
@ -664,12 +669,8 @@ impl BridgeAuth {
// This should include buckets that have been blocked for a sufficiently long period
// that we no longer want to allow migration to, or else, open-entry buckets that
// have been unblocked long enough to become trusted and who's users' credentials
// would have expired (after 511 days)
// would have expired (after EXPIRY_DATE)
pub fn clean_up_expired_buckets(&mut self, bdb: &mut BridgeDb) {
// Consider including migration tables and check age of from buckets
// If an open-invitation bucket is more than 511 days old, it should be recycled
// If a blocked bridge is more than 511 (the maximum validity of a credential in days) days old, it should also be recycled
// First check if there are any blocked indexes that are old enough to be replaced
self.clean_up_blocked();
// Next do the same for open_invitations buckets
@ -682,14 +683,12 @@ impl BridgeAuth {
.bridge_table
.blocked_keys
.iter()
.any(|&x| x.1 + 511 < self.today())
//Perhaps 511 should be changed to an earlier time
.any(|&x| x.1 + EXPIRY_DATE < self.today())
{
let blocked_keys_clone = self.bridge_table.blocked_keys.clone();
// If so, separate them from the fresh blockages
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = blocked_keys_clone
.into_iter()
.partition(|&x| x.1 + 511 < self.today());
// If there are expired blockages, separate them from the fresh blockages
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.blocked_keys
.iter()
.partition(|&x| x.1 + EXPIRY_DATE < self.today());
for item in expired {
let new_item = item.0;
// check each single bridge line and ensure none are still marked as reachable.
@ -716,6 +715,12 @@ impl BridgeAuth {
self.bridge_table.keys.remove(&new_item);
//and add them to the recyclable keys
self.bridge_table.recycleable_keys.push(new_item);
// Remove the expired blocked bucket from the blockage migration table,
// assuming that anyone that has still not attempted to migrate from their
// blocked bridge after the EXPIRY_DATE probably doesn't still need to migrate.
self.blockage_migration_table
.table
.retain(|&k, _| k != new_item);
}
// Finally, update the blocked_keys vector to only include the fresh keys
self.bridge_table.blocked_keys = fresh
@ -729,14 +734,13 @@ impl BridgeAuth {
.bridge_table
.open_inv_keys
.iter()
.any(|&x| x.1 + 511 < self.today())
//Perhaps 511 should be changed to an earlier time
.any(|&x| x.1 + EXPIRY_DATE < self.today())
//Perhaps EXPIRY_DATE should be changed to an earlier time
{
let open_inv_keys_clone = self.bridge_table.open_inv_keys.clone();
// If so, separate them from the fresh open invitation indexes
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = open_inv_keys_clone
.into_iter()
.partition(|&x| x.1 + 511 < self.today());
let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.open_inv_keys
.iter()
.partition(|&x| x.1 + EXPIRY_DATE < self.today());
for item in expired {
let new_item = item.0;
bdb.remove_openinv(&new_item);