vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vecna:fbd1fc29631ee8d6feb34d6466d35599b1644a66
Branches Tags
vecna:main
vecna:blockage_migration_test
vecna:pr-proof
vecna:renovate/thiserror-1.x
vecna:renovate/clap-4.x
vecna:renovate/sha2-0.x
vecna:renovate/serde_with-3.x
vecna:renovate/rand-0.x
vecna:renovate/base64-0.x
vecna:renovate/aes-gcm-0.x
vecna:renovate/tokio-util-0.x
vecna:renovate/tokio-stream-0.x
vecna:renovate/time-0.x
vecna:lox-wasm
vecna:rdsys-backend
vecna:lox-distributor
vecna:lox-library
..
compare: vecna:69f8fdc1e49744d97db65ef56b0528f272363088
Branches Tags
vecna:main
vecna:blockage_migration_test
vecna:pr-proof
vecna:renovate/thiserror-1.x
vecna:renovate/clap-4.x
vecna:renovate/sha2-0.x
vecna:renovate/serde_with-3.x
vecna:renovate/rand-0.x
vecna:renovate/base64-0.x
vecna:renovate/aes-gcm-0.x
vecna:renovate/tokio-util-0.x
vecna:renovate/tokio-stream-0.x
vecna:renovate/time-0.x
vecna:lox-wasm
vecna:rdsys-backend
vecna:lox-distributor
vecna:lox-library

No commits in common. "fbd1fc29631ee8d6feb34d6466d35599b1644a66" and "69f8fdc1e49744d97db65ef56b0528f272363088" have entirely different histories.
fbd1fc2963 ... 69f8fdc1e4

5 changed files with 340 additions and 833 deletions
Show Stats Expand all files Collapse all files

1056
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
crates/lox-library/Cargo.toml
View File

@ -24,7 +24,7 @@ serde_with = {version = "3.7.0", features = ["json"]}
sha1 = "0.10" sha1 = "0.10"
sha2 = "0.10" sha2 = "0.10"
statistical = "1.0.0" statistical = "1.0.0"
lazy_static = "1.4.0" lazy_static = "1"
hex_fmt = "0.3" hex_fmt = "0.3"
aes-gcm = { version = "0.10", features =["aes"]} aes-gcm = { version = "0.10", features =["aes"]}
base64 = "0.22.0" base64 = "0.22.0"

44
crates/lox-library/src/proto/blockage_migration.rs
View File

@ -104,11 +104,9 @@ pub struct Response {
// The fields for the new Lox credential // The fields for the new Lox credential
P: RistrettoPoint, P: RistrettoPoint,
EncQ: (RistrettoPoint, RistrettoPoint), EncQ: (RistrettoPoint, RistrettoPoint),
EncInvRemain: (RistrettoPoint, RistrettoPoint),
id_server: Scalar, id_server: Scalar,
TId: RistrettoPoint, TId: RistrettoPoint,
TBucket: RistrettoPoint, TBucket: RistrettoPoint,
TInvRemain: RistrettoPoint,
TBlockages: RistrettoPoint, TBlockages: RistrettoPoint,
// The lox_zkp // The lox_zkp
@ -155,11 +153,10 @@ define_proof! {
blindissue, blindissue,
"Blockage Migration Blind Issuing", "Blockage Migration Blind Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages, (x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages,
s, b, tid, tbucket, tinvremain, tblockages), s, b, tid, tbucket, tblockages),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain, (P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
Xblockages, Plevel, Psince, TId, TBucket, TInvRemain, TBlockages, Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages,
D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvRemain0, D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1),
EncInvRemain1, EncBlockages0, EncBlockages1),
(A, B): (A, B):
Xid = (xid*A), Xid = (xid*A),
Xlevel = (xlevel*A), Xlevel = (xlevel*A),
@ -173,15 +170,11 @@ define_proof! {
TId = (tid*A), TId = (tid*A),
TBucket = (b*Xbucket), TBucket = (b*Xbucket),
TBucket = (tbucket*A), TBucket = (tbucket*A),
TInvRemain = (b*Xinvremain),
TInvRemain = (tinvremain*A),
TBlockages = (b*Xblockages), TBlockages = (b*Xblockages),
TBlockages = (tblockages*A), TBlockages = (tblockages*A),
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0 EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0
+ tinvremain*EncInvRemain0
+ tblockages*EncBlockages0), + tblockages*EncBlockages0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1 EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
+ tinvremain*EncInvRemain1
+ tblockages*EncBlockages1 + tblockages*EncBlockages1
+ x0*P + xlevel*Plevel + xsince*Psince) + x0*P + xlevel*Plevel + xsince*Psince)
} }
@ -494,12 +487,6 @@ impl BridgeAuth {
// invitations for moving from level i to level i+1) // invitations for moving from level i to level i+1)
let invremain: Scalar = LEVEL_INVITATIONS[(level - 3) as usize].into(); let invremain: Scalar = LEVEL_INVITATIONS[(level - 3) as usize].into();
let sinvremain = Scalar::random(&mut rng);
let EncInvRemain = (
&sinvremain * Btable,
&invremain * Btable + sinvremain * req.D,
);
// Compute the MAC on the visible attributes // Compute the MAC on the visible attributes
let b = Scalar::random(&mut rng); let b = Scalar::random(&mut rng);
let P = &b * Btable; let P = &b * Btable;
@ -520,9 +507,6 @@ impl BridgeAuth {
let tbucket = self.lox_priv.x[2] * b; let tbucket = self.lox_priv.x[2] * b;
let TBucket = &tbucket * Atable; let TBucket = &tbucket * Atable;
let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1); let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1);
let tinvremain = self.lox_priv.x[5] * b;
let TInvRemain = &tinvremain * Atable;
let EncQInvRemain = (tinvremain * EncInvRemain.0, tinvremain * EncInvRemain.1);
let tblockages = self.lox_priv.x[6] * b; let tblockages = self.lox_priv.x[6] * b;
let TBlockages = &tblockages * Atable; let TBlockages = &tblockages * Atable;
let EncQBlockages = ( let EncQBlockages = (
@ -531,8 +515,8 @@ impl BridgeAuth {
); );
let EncQ = ( let EncQ = (
EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvRemain.0 + EncQBlockages.0, EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0,
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvRemain.1 + EncQBlockages.1, EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1,
); );
let mut transcript = Transcript::new(b"blockage migration issuing"); let mut transcript = Transcript::new(b"blockage migration issuing");
@ -553,17 +537,15 @@ impl BridgeAuth {
Xblockages: &self.lox_pub.X[6], Xblockages: &self.lox_pub.X[6],
Plevel: &(trust_level * P), Plevel: &(trust_level * P),
Psince: &(level_since * P), Psince: &(level_since * P),
Pinvremain: &(invremain * P),
TId: &TId, TId: &TId,
TBucket: &TBucket, TBucket: &TBucket,
TInvRemain: &TInvRemain,
TBlockages: &TBlockages, TBlockages: &TBlockages,
D: &req.D, D: &req.D,
EncId0: &EncId.0, EncId0: &EncId.0,
EncId1: &EncId.1, EncId1: &EncId.1,
EncBucket0: &req.EncBucket.0, EncBucket0: &req.EncBucket.0,
EncBucket1: &req.EncBucket.1, EncBucket1: &req.EncBucket.1,
EncInvRemain0: &EncInvRemain.0,
EncInvRemain1: &EncInvRemain.1,
EncBlockages0: &req.EncBlockages.0, EncBlockages0: &req.EncBlockages.0,
EncBlockages1: &req.EncBlockages.1, EncBlockages1: &req.EncBlockages.1,
x0: &self.lox_priv.x[0], x0: &self.lox_priv.x[0],
@ -578,7 +560,6 @@ impl BridgeAuth {
b: &b, b: &b,
tid: &tid, tid: &tid,
tbucket: &tbucket, tbucket: &tbucket,
tinvremain: &tinvremain,
tblockages: &tblockages, tblockages: &tblockages,
}, },
) )
@ -588,11 +569,9 @@ impl BridgeAuth {
level_since, level_since,
P, P,
EncQ, EncQ,
EncInvRemain,
id_server, id_server,
TId, TId,
TBucket, TBucket,
TInvRemain,
TBlockages, TBlockages,
piBlindIssue, piBlindIssue,
}) })
@ -634,13 +613,6 @@ pub fn handle_response(
// moving from level i to level i+1) // moving from level i to level i+1)
let invremain: Scalar = LEVEL_INVITATIONS[(new_level - 1) as usize].into(); let invremain: Scalar = LEVEL_INVITATIONS[(new_level - 1) as usize].into();
// Decrypt EncInvRemain
let recv_invremain = resp.EncInvRemain.1 - (state.d * resp.EncInvRemain.0);
if recv_invremain != &invremain * Btable {
return Err(ProofError::VerificationFailure);
}
// Verify the proof // Verify the proof
let mut transcript = Transcript::new(b"blockage migration issuing"); let mut transcript = Transcript::new(b"blockage migration issuing");
blindissue::verify_compact( blindissue::verify_compact(
@ -661,17 +633,15 @@ pub fn handle_response(
Xblockages: &lox_pub.X[6].compress(), Xblockages: &lox_pub.X[6].compress(),
Plevel: &(state.trust_level * resp.P).compress(), Plevel: &(state.trust_level * resp.P).compress(),
Psince: &(resp.level_since * resp.P).compress(), Psince: &(resp.level_since * resp.P).compress(),
Pinvremain: &(invremain * resp.P).compress(),
TId: &resp.TId.compress(), TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(), TBucket: &resp.TBucket.compress(),
TInvRemain: &resp.TInvRemain.compress(),
TBlockages: &resp.TBlockages.compress(), TBlockages: &resp.TBlockages.compress(),
D: &state.D.compress(), D: &state.D.compress(),
EncId0: &EncId.0.compress(), EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(), EncId1: &EncId.1.compress(),
EncBucket0: &state.EncBucket.0.compress(), EncBucket0: &state.EncBucket.0.compress(),
EncBucket1: &state.EncBucket.1.compress(), EncBucket1: &state.EncBucket.1.compress(),
EncInvRemain0: &resp.EncInvRemain.0.compress(),
EncInvRemain1: &resp.EncInvRemain.1.compress(),
EncBlockages0: &state.EncBlockages.0.compress(), EncBlockages0: &state.EncBlockages.0.compress(),
EncBlockages1: &state.EncBlockages.1.compress(), EncBlockages1: &state.EncBlockages.1.compress(),
}, },

67
crates/lox-library/src/tests.rs
View File

@ -1391,17 +1391,8 @@ fn test_blockage_migration() {
println!("cred3 = {:?}", cred3); println!("cred3 = {:?}", cred3);
assert!(th.ba.verify_lox(&cred3)); assert!(th.ba.verify_lox(&cred3));
// Time passes
th.advance_days(56);
// Go up to level 4
let (_four_perf_stat, cred4) = th.level_up(&cred3);
assert!(scalar_u32(&cred4.trust_level).unwrap() == 4);
println!("cred4 = {:?}", cred4);
assert!(th.ba.verify_lox(&cred4));
// Get our bridges // Get our bridges
let (id, key) = bridge_table::from_scalar(cred4.bucket).unwrap(); let (id, key) = bridge_table::from_scalar(cred3.bucket).unwrap();
let encbuckets = th.ba.enc_bridge_table(); let encbuckets = th.ba.enc_bridge_table();
let bucket = let bucket =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap(); bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
@ -1419,6 +1410,7 @@ fn test_blockage_migration() {
// Time passes // Time passes
th.advance_days(1); th.advance_days(1);
let encbuckets2 = th.ba.enc_bridge_table(); let encbuckets2 = th.ba.enc_bridge_table();
let bucket2 = let bucket2 =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap(); bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
@ -1426,62 +1418,15 @@ fn test_blockage_migration() {
assert!(bucket2.1.is_none()); assert!(bucket2.1.is_none());
// See about getting a Migration credential for the blockage // See about getting a Migration credential for the blockage
let (_block_perf_stat, migration) = th.check_blockage(&cred4); let (_block_perf_stat, migration) = th.check_blockage(&cred3);
println!("migration = {:?}", migration); println!("migration = {:?}", migration);
// Migrate // Migrate
let (_five_perf_stat, cred5) = th.blockage_migration(&cred4, &migration); let (_four_perf_stat, cred4) = th.blockage_migration(&cred3, &migration);
assert!(scalar_u32(&cred5.trust_level).unwrap() == 2); println!("cred4 = {:?}", cred4);
println!("cred5 = {:?}", cred5); assert!(th.ba.verify_lox(&cred4));
assert!(th.ba.verify_lox(&cred5));
// Time passes
th.advance_days(29);
// Go up to level 3
let (_six_perf_stat, cred6) = th.level_up(&cred5);
assert!(scalar_u32(&cred6.trust_level).unwrap() == 3);
println!("cred6 = {:?}", cred6);
assert!(th.ba.verify_lox(&cred6));
// Get our bridges
let (id, key) = bridge_table::from_scalar(cred6.bucket).unwrap();
let encbuckets = th.ba.enc_bridge_table();
let bucket =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
// We should have a Bridge Reachability credential
assert!(bucket.1.is_some());
// Oh, no! Two of our bridges are blocked!
th.ba.bridge_blocked(&bucket.0[1], &mut th.bdb);
th.ba.bridge_blocked(&bucket.0[2], &mut th.bdb);
println!("spares = {:?}", th.ba.bridge_table.spares);
println!("tmig = {:?}", th.ba.trustup_migration_table.table);
println!("bmig = {:?}", th.ba.blockage_migration_table.table);
println!("openinv = {:?}\n", th.bdb.openinv_buckets);
// Time passes
th.advance_days(1);
let encbuckets2 = th.ba.enc_bridge_table();
let bucket2 =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
// We should no longer have a Bridge Reachability credential
assert!(bucket2.1.is_none());
// See about getting a Migration credential for the blockage
let (_block_perf_stat, migration) = th.check_blockage(&cred6);
println!("migration = {:?}", migration);
// Migrate
let (_seven_perf_stat, cred7) = th.blockage_migration(&cred6, &migration);
assert!(scalar_u32(&cred7.trust_level).unwrap() == 1);
println!("cred7 = {:?}", cred7);
assert!(th.ba.verify_lox(&cred7));
} }
#[test] #[test]

4
crates/lox-wasm/Cargo.toml
View File

@ -15,12 +15,12 @@ readme = "README.md"
crate-type = ["cdylib"] crate-type = ["cdylib"]
[dependencies] [dependencies]
getrandom = { version = "0.2.14", features = ["js"] } getrandom = { version = "0.2", features = ["js"] }
julianday = "1.2.0" julianday = "1.2.0"
lazy_static = "1.4.0" lazy_static = "1.4.0"
lox-library = { path = "../lox-library", version = "0.1.0" } lox-library = { path = "../lox-library", version = "0.1.0" }
lox_utils = { path = "../lox-utils", version = "0.1.0" } lox_utils = { path = "../lox-utils", version = "0.1.0" }
wasm-bindgen = "0.2.92" wasm-bindgen = "0.2"
time = "0.3.36" time = "0.3.36"
serde_json = "1.0.113" serde_json = "1.0.113"