Fix Cargo.lock

Merge changes to fix blockage migration
Re-merge tests, test going from levels 4 -> 2 -> 3 -> 1
2024-05-26 14:34:55 -04:00 · 2024-05-26 14:27:56 -04:00 · 2024-05-26 14:10:38 -04:00 · 2024-05-26 14:07:14 -04:00 · 2024-05-26 12:55:51 -04:00 · 2024-05-26 11:34:44 -04:00
5 changed files with 837 additions and 344 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/crates/lox-library/Cargo.toml
+++ b/crates/lox-library/Cargo.toml
@ -24,7 +24,7 @@ serde_with = {version = "3.7.0", features = ["json"]}
 sha1 = "0.10"
 sha2 = "0.10"
 statistical = "1.0.0"
-lazy_static = "1"
+lazy_static = "1.4.0"
 hex_fmt = "0.3"
 aes-gcm = { version = "0.10", features =["aes"]}
 base64 = "0.22.0"
--- a/crates/lox-library/src/proto/blockage_migration.rs
+++ b/crates/lox-library/src/proto/blockage_migration.rs
@ -104,9 +104,11 @@ pub struct Response {
    // The fields for the new Lox credential
    P: RistrettoPoint,
    EncQ: (RistrettoPoint, RistrettoPoint),
+    EncInvRemain: (RistrettoPoint, RistrettoPoint),
    id_server: Scalar,
    TId: RistrettoPoint,
    TBucket: RistrettoPoint,
+    TInvRemain: RistrettoPoint,
    TBlockages: RistrettoPoint,

    // The lox_zkp
@ -153,10 +155,11 @@ define_proof! {
    blindissue,
    "Blockage Migration Blind Issuing",
    (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages,
-     s, b, tid, tbucket, tblockages),
+     s, b, tid, tbucket, tinvremain, tblockages),
    (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
-    Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages,
-     D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1),
+    Xblockages, Plevel, Psince, TId, TBucket, TInvRemain, TBlockages,
+     D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvRemain0,
+     EncInvRemain1, EncBlockages0, EncBlockages1),
    (A, B):
    Xid = (xid*A),
    Xlevel = (xlevel*A),
@ -170,11 +173,15 @@ define_proof! {
    TId = (tid*A),
    TBucket = (b*Xbucket),
    TBucket = (tbucket*A),
+    TInvRemain = (b*Xinvremain),
+    TInvRemain = (tinvremain*A),
    TBlockages = (b*Xblockages),
    TBlockages = (tblockages*A),
    EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0
+        + tinvremain*EncInvRemain0
        + tblockages*EncBlockages0),
    EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
+        + tinvremain*EncInvRemain1
         + tblockages*EncBlockages1
        + x0*P + xlevel*Plevel + xsince*Psince)
 }
@ -487,6 +494,12 @@ impl BridgeAuth {
        // invitations for moving from level i to level i+1)
        let invremain: Scalar = LEVEL_INVITATIONS[(level - 3) as usize].into();

+        let sinvremain = Scalar::random(&mut rng);
+        let EncInvRemain = (
+            &sinvremain * Btable,
+            &invremain * Btable + sinvremain * req.D,
+        );
+
        // Compute the MAC on the visible attributes
        let b = Scalar::random(&mut rng);
        let P = &b * Btable;
@ -507,6 +520,9 @@ impl BridgeAuth {
        let tbucket = self.lox_priv.x[2] * b;
        let TBucket = &tbucket * Atable;
        let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1);
+        let tinvremain = self.lox_priv.x[5] * b;
+        let TInvRemain = &tinvremain * Atable;
+        let EncQInvRemain = (tinvremain * EncInvRemain.0, tinvremain * EncInvRemain.1);
        let tblockages = self.lox_priv.x[6] * b;
        let TBlockages = &tblockages * Atable;
        let EncQBlockages = (
@ -515,8 +531,8 @@ impl BridgeAuth {
        );

        let EncQ = (
-            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0,
-            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1,
+            EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvRemain.0 + EncQBlockages.0,
+            EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvRemain.1 + EncQBlockages.1,
        );

        let mut transcript = Transcript::new(b"blockage migration issuing");
@ -537,15 +553,17 @@ impl BridgeAuth {
                Xblockages: &self.lox_pub.X[6],
                Plevel: &(trust_level * P),
                Psince: &(level_since * P),
-                Pinvremain: &(invremain * P),
                TId: &TId,
                TBucket: &TBucket,
+                TInvRemain: &TInvRemain,
                TBlockages: &TBlockages,
                D: &req.D,
                EncId0: &EncId.0,
                EncId1: &EncId.1,
                EncBucket0: &req.EncBucket.0,
                EncBucket1: &req.EncBucket.1,
+                EncInvRemain0: &EncInvRemain.0,
+                EncInvRemain1: &EncInvRemain.1,
                EncBlockages0: &req.EncBlockages.0,
                EncBlockages1: &req.EncBlockages.1,
                x0: &self.lox_priv.x[0],
@ -560,6 +578,7 @@ impl BridgeAuth {
                b: &b,
                tid: &tid,
                tbucket: &tbucket,
+                tinvremain: &tinvremain,
                tblockages: &tblockages,
            },
        )
@ -569,9 +588,11 @@ impl BridgeAuth {
            level_since,
            P,
            EncQ,
+            EncInvRemain,
            id_server,
            TId,
            TBucket,
+            TInvRemain,
            TBlockages,
            piBlindIssue,
        })
@ -613,6 +634,13 @@ pub fn handle_response(
    // moving from level i to level i+1)
    let invremain: Scalar = LEVEL_INVITATIONS[(new_level - 1) as usize].into();

+    // Decrypt EncInvRemain
+    let recv_invremain = resp.EncInvRemain.1 - (state.d * resp.EncInvRemain.0);
+
+    if recv_invremain != &invremain * Btable {
+        return Err(ProofError::VerificationFailure);
+    }
+
    // Verify the proof
    let mut transcript = Transcript::new(b"blockage migration issuing");
    blindissue::verify_compact(
@ -633,15 +661,17 @@ pub fn handle_response(
            Xblockages: &lox_pub.X[6].compress(),
            Plevel: &(state.trust_level * resp.P).compress(),
            Psince: &(resp.level_since * resp.P).compress(),
-            Pinvremain: &(invremain * resp.P).compress(),
            TId: &resp.TId.compress(),
            TBucket: &resp.TBucket.compress(),
+            TInvRemain: &resp.TInvRemain.compress(),
            TBlockages: &resp.TBlockages.compress(),
            D: &state.D.compress(),
            EncId0: &EncId.0.compress(),
            EncId1: &EncId.1.compress(),
            EncBucket0: &state.EncBucket.0.compress(),
            EncBucket1: &state.EncBucket.1.compress(),
+            EncInvRemain0: &resp.EncInvRemain.0.compress(),
+            EncInvRemain1: &resp.EncInvRemain.1.compress(),
            EncBlockages0: &state.EncBlockages.0.compress(),
            EncBlockages1: &state.EncBlockages.1.compress(),
        },
--- a/crates/lox-library/src/tests.rs
+++ b/crates/lox-library/src/tests.rs
@ -1391,8 +1391,17 @@ fn test_blockage_migration() {
    println!("cred3 = {:?}", cred3);
    assert!(th.ba.verify_lox(&cred3));

+    // Time passes
+    th.advance_days(56);
+
+    // Go up to level 4
+    let (_four_perf_stat, cred4) = th.level_up(&cred3);
+    assert!(scalar_u32(&cred4.trust_level).unwrap() == 4);
+    println!("cred4 = {:?}", cred4);
+    assert!(th.ba.verify_lox(&cred4));
+
    // Get our bridges
-    let (id, key) = bridge_table::from_scalar(cred3.bucket).unwrap();
+    let (id, key) = bridge_table::from_scalar(cred4.bucket).unwrap();
    let encbuckets = th.ba.enc_bridge_table();
    let bucket =
        bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
@ -1410,7 +1419,6 @@ fn test_blockage_migration() {

    // Time passes
    th.advance_days(1);
-
    let encbuckets2 = th.ba.enc_bridge_table();
    let bucket2 =
        bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
@ -1418,15 +1426,62 @@ fn test_blockage_migration() {
    assert!(bucket2.1.is_none());

    // See about getting a Migration credential for the blockage
-    let (_block_perf_stat, migration) = th.check_blockage(&cred3);
+    let (_block_perf_stat, migration) = th.check_blockage(&cred4);

    println!("migration = {:?}", migration);

    // Migrate
-    let (_four_perf_stat, cred4) = th.blockage_migration(&cred3, &migration);
+    let (_five_perf_stat, cred5) = th.blockage_migration(&cred4, &migration);

-    println!("cred4 = {:?}", cred4);
-    assert!(th.ba.verify_lox(&cred4));
+    assert!(scalar_u32(&cred5.trust_level).unwrap() == 2);
+    println!("cred5 = {:?}", cred5);
+    assert!(th.ba.verify_lox(&cred5));
+
+    // Time passes
+    th.advance_days(29);
+
+    // Go up to level 3
+    let (_six_perf_stat, cred6) = th.level_up(&cred5);
+    assert!(scalar_u32(&cred6.trust_level).unwrap() == 3);
+    println!("cred6 = {:?}", cred6);
+    assert!(th.ba.verify_lox(&cred6));
+
+    // Get our bridges
+    let (id, key) = bridge_table::from_scalar(cred6.bucket).unwrap();
+    let encbuckets = th.ba.enc_bridge_table();
+    let bucket =
+        bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
+    // We should have a Bridge Reachability credential
+    assert!(bucket.1.is_some());
+
+    // Oh, no!  Two of our bridges are blocked!
+    th.ba.bridge_blocked(&bucket.0[1], &mut th.bdb);
+    th.ba.bridge_blocked(&bucket.0[2], &mut th.bdb);
+
+    println!("spares = {:?}", th.ba.bridge_table.spares);
+    println!("tmig = {:?}", th.ba.trustup_migration_table.table);
+    println!("bmig = {:?}", th.ba.blockage_migration_table.table);
+    println!("openinv = {:?}\n", th.bdb.openinv_buckets);
+
+    // Time passes
+    th.advance_days(1);
+    let encbuckets2 = th.ba.enc_bridge_table();
+    let bucket2 =
+        bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
+    // We should no longer have a Bridge Reachability credential
+    assert!(bucket2.1.is_none());
+
+    // See about getting a Migration credential for the blockage
+    let (_block_perf_stat, migration) = th.check_blockage(&cred6);
+
+    println!("migration = {:?}", migration);
+
+    // Migrate
+    let (_seven_perf_stat, cred7) = th.blockage_migration(&cred6, &migration);
+
+    assert!(scalar_u32(&cred7.trust_level).unwrap() == 1);
+    println!("cred7 = {:?}", cred7);
+    assert!(th.ba.verify_lox(&cred7));
 }

 #[test]
--- a/crates/lox-wasm/Cargo.toml
+++ b/crates/lox-wasm/Cargo.toml
@ -15,12 +15,12 @@ readme = "README.md"
 crate-type = ["cdylib"]

 [dependencies]
-getrandom = { version = "0.2", features = ["js"] }
+getrandom = { version = "0.2.14", features = ["js"] }
 julianday = "1.2.0"
 lazy_static = "1.4.0"
 lox-library = { path = "../lox-library", version = "0.1.0" }
 lox_utils = { path = "../lox-utils", version = "0.1.0" }
-wasm-bindgen = "0.2"
+wasm-bindgen = "0.2.92"
 time = "0.3.36"
 serde_json = "1.0.113"
Author	SHA1	Message	Date
Vecna	fbd1fc2963	Fix Cargo.lock	2024-05-26 14:34:55 -04:00
Vecna	7bca0f3417	Merge changes to fix blockage migration	2024-05-26 14:27:56 -04:00
Vecna	1864f0ca83	Re-merge tests, test going from levels 4 -> 2 -> 3 -> 1	2024-05-26 14:10:38 -04:00
Vecna	3bd99e9fbd	Encrypt invites_remaining during blockage migration Reverts `ed72b05347`	2024-05-26 14:07:14 -04:00
Vecna	59358787eb	Break into two tests	2024-05-26 12:55:51 -04:00
Vecna	47e0cf9f69	Demo blockage migration from level 4 cred failing	2024-05-26 11:34:44 -04:00
Renovate Bot	005957795c	Update Rust crate serde_json to v1.0.117 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-09 10:48:35 -04:00
Renovate Bot	fd18b1ec8c	Update Rust crate serde to v1.0.201	2024-05-08 00:34:49 +00:00
Renovate Bot	922f8bbaff	Update Rust crate thiserror to v1.0.60 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:18:37 -04:00
Renovate Bot	21500d9758	Update Rust crate prometheus to v0.13.4 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:17:46 -04:00
Renovate Bot	04a7937ff0	Update Rust crate tokio to v1.37.0 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:16:59 -04:00
Renovate Bot	6e9e577326	Update Rust crate bytes to v1.6.0 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:16:05 -04:00
Renovate Bot	ffb4fd282f	Update Rust crate base64 to v0.22.1 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:15:23 -04:00
Renovate Bot	329733f228	Update Rust crate serde to v1.0.200 Signed-off-by: Cecylia Bocovich <cohosh@torproject.org>	2024-05-07 18:14:02 -04:00
Renovate Bot	9e7a43da64	Update Rust crate tokio-util to v0.7.11	2024-05-06 14:44:54 +00:00
Renovate Bot	37be8d0468	Update Rust crate getrandom to v0.2.15	2024-05-06 13:04:52 +00:00
meskio	32ebd31935	Merge remote-tracking branches 'origin/mr/172' and 'origin/mr/174'	2024-05-06 12:31:35 +02:00
Renovate Bot	00aeace98a	Update Rust crate serde_with to v3.8.1	2024-05-04 14:05:18 +00:00
Renovate Bot	04b3e2d2fa	Update Rust crate serde_json to v1.0.116	2024-05-04 13:50:57 +00:00
Renovate Bot	a9fd4ef867	Update Rust crate wasm-bindgen to 0.2.92	2024-04-30 09:08:38 +00:00
meskio	993f03f90e	Merge remote-tracking branches 'origin/mr/164' and 'origin/mr/163'	2024-04-30 10:53:13 +02:00
Renovate Bot	79df7eb8c8	Update Rust crate lazy_static to 1.4.0	2024-04-29 10:35:21 +00:00
Renovate Bot	c0b9723b3d	Update Rust crate getrandom to 0.2.14	2024-04-29 10:35:16 +00:00