vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vecna:fbd1fc29631ee8d6feb34d6466d35599b1644a66
Branches Tags
vecna:main
vecna:blockage_migration_test
vecna:pr-proof
vecna:renovate/thiserror-1.x
vecna:renovate/clap-4.x
vecna:renovate/sha2-0.x
vecna:renovate/serde_with-3.x
vecna:renovate/rand-0.x
vecna:renovate/base64-0.x
vecna:renovate/aes-gcm-0.x
vecna:renovate/tokio-util-0.x
vecna:renovate/tokio-stream-0.x
vecna:renovate/time-0.x
vecna:lox-wasm
vecna:rdsys-backend
vecna:lox-distributor
vecna:lox-library
..
compare: vecna:69f8fdc1e49744d97db65ef56b0528f272363088
Branches Tags
vecna:main
vecna:blockage_migration_test
vecna:pr-proof
vecna:renovate/thiserror-1.x
vecna:renovate/clap-4.x
vecna:renovate/sha2-0.x
vecna:renovate/serde_with-3.x
vecna:renovate/rand-0.x
vecna:renovate/base64-0.x
vecna:renovate/aes-gcm-0.x
vecna:renovate/tokio-util-0.x
vecna:renovate/tokio-stream-0.x
vecna:renovate/time-0.x
vecna:lox-wasm
vecna:rdsys-backend
vecna:lox-distributor
vecna:lox-library

No commits in common. "fbd1fc29631ee8d6feb34d6466d35599b1644a66" and "69f8fdc1e49744d97db65ef56b0528f272363088" have entirely different histories.
fbd1fc2963 ... 69f8fdc1e4

5 changed files with 340 additions and 833 deletions
Show Stats Expand all files Collapse all files

1056
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
crates/lox-library/Cargo.toml
View File

@ -24,7 +24,7 @@ serde_with = {version = "3.7.0", features = ["json"]}
sha1 = "0.10"
sha2 = "0.10"
statistical = "1.0.0"
lazy_static = "1.4.0"
lazy_static = "1"
hex_fmt = "0.3"
aes-gcm = { version = "0.10", features =["aes"]}
base64 = "0.22.0"

44
crates/lox-library/src/proto/blockage_migration.rs
View File

@ -104,11 +104,9 @@ pub struct Response {
// The fields for the new Lox credential
P: RistrettoPoint,
EncQ: (RistrettoPoint, RistrettoPoint),
EncInvRemain: (RistrettoPoint, RistrettoPoint),
id_server: Scalar,
TId: RistrettoPoint,
TBucket: RistrettoPoint,
TInvRemain: RistrettoPoint,
TBlockages: RistrettoPoint,
// The lox_zkp
@ -155,11 +153,10 @@ define_proof! {
blindissue,
"Blockage Migration Blind Issuing",
(x0, x0tilde, xid, xbucket, xlevel, xsince, xinvremain, xblockages,
s, b, tid, tbucket, tinvremain, tblockages),
s, b, tid, tbucket, tblockages),
(P, EncQ0, EncQ1, X0, Xid, Xbucket, Xlevel, Xsince, Xinvremain,
Xblockages, Plevel, Psince, TId, TBucket, TInvRemain, TBlockages,
D, EncId0, EncId1, EncBucket0, EncBucket1, EncInvRemain0,
EncInvRemain1, EncBlockages0, EncBlockages1),
Xblockages, Plevel, Psince, Pinvremain, TId, TBucket, TBlockages,
D, EncId0, EncId1, EncBucket0, EncBucket1, EncBlockages0, EncBlockages1),
(A, B):
Xid = (xid*A),
Xlevel = (xlevel*A),
@ -173,15 +170,11 @@ define_proof! {
TId = (tid*A),
TBucket = (b*Xbucket),
TBucket = (tbucket*A),
TInvRemain = (b*Xinvremain),
TInvRemain = (tinvremain*A),
TBlockages = (b*Xblockages),
TBlockages = (tblockages*A),
EncQ0 = (s*B + tid*EncId0 + tbucket*EncBucket0
+ tinvremain*EncInvRemain0
+ tblockages*EncBlockages0),
EncQ1 = (s*D + tid*EncId1 + tbucket*EncBucket1
+ tinvremain*EncInvRemain1
+ tblockages*EncBlockages1
+ x0*P + xlevel*Plevel + xsince*Psince)
}
@ -494,12 +487,6 @@ impl BridgeAuth {
// invitations for moving from level i to level i+1)
let invremain: Scalar = LEVEL_INVITATIONS[(level - 3) as usize].into();
let sinvremain = Scalar::random(&mut rng);
let EncInvRemain = (
&sinvremain * Btable,
&invremain * Btable + sinvremain * req.D,
);
// Compute the MAC on the visible attributes
let b = Scalar::random(&mut rng);
let P = &b * Btable;
@ -520,9 +507,6 @@ impl BridgeAuth {
let tbucket = self.lox_priv.x[2] * b;
let TBucket = &tbucket * Atable;
let EncQBucket = (tbucket * req.EncBucket.0, tbucket * req.EncBucket.1);
let tinvremain = self.lox_priv.x[5] * b;
let TInvRemain = &tinvremain * Atable;
let EncQInvRemain = (tinvremain * EncInvRemain.0, tinvremain * EncInvRemain.1);
let tblockages = self.lox_priv.x[6] * b;
let TBlockages = &tblockages * Atable;
let EncQBlockages = (
@ -531,8 +515,8 @@ impl BridgeAuth {
);
let EncQ = (
EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQInvRemain.0 + EncQBlockages.0,
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQInvRemain.1 + EncQBlockages.1,
EncQHc.0 + EncQId.0 + EncQBucket.0 + EncQBlockages.0,
EncQHc.1 + EncQId.1 + EncQBucket.1 + EncQBlockages.1,
);
let mut transcript = Transcript::new(b"blockage migration issuing");
@ -553,17 +537,15 @@ impl BridgeAuth {
Xblockages: &self.lox_pub.X[6],
Plevel: &(trust_level * P),
Psince: &(level_since * P),
Pinvremain: &(invremain * P),
TId: &TId,
TBucket: &TBucket,
TInvRemain: &TInvRemain,
TBlockages: &TBlockages,
D: &req.D,
EncId0: &EncId.0,
EncId1: &EncId.1,
EncBucket0: &req.EncBucket.0,
EncBucket1: &req.EncBucket.1,
EncInvRemain0: &EncInvRemain.0,
EncInvRemain1: &EncInvRemain.1,
EncBlockages0: &req.EncBlockages.0,
EncBlockages1: &req.EncBlockages.1,
x0: &self.lox_priv.x[0],
@ -578,7 +560,6 @@ impl BridgeAuth {
b: &b,
tid: &tid,
tbucket: &tbucket,
tinvremain: &tinvremain,
tblockages: &tblockages,
},
)
@ -588,11 +569,9 @@ impl BridgeAuth {
level_since,
P,
EncQ,
EncInvRemain,
id_server,
TId,
TBucket,
TInvRemain,
TBlockages,
piBlindIssue,
})
@ -634,13 +613,6 @@ pub fn handle_response(
// moving from level i to level i+1)
let invremain: Scalar = LEVEL_INVITATIONS[(new_level - 1) as usize].into();
// Decrypt EncInvRemain
let recv_invremain = resp.EncInvRemain.1 - (state.d * resp.EncInvRemain.0);
if recv_invremain != &invremain * Btable {
return Err(ProofError::VerificationFailure);
}
// Verify the proof
let mut transcript = Transcript::new(b"blockage migration issuing");
blindissue::verify_compact(
@ -661,17 +633,15 @@ pub fn handle_response(
Xblockages: &lox_pub.X[6].compress(),
Plevel: &(state.trust_level * resp.P).compress(),
Psince: &(resp.level_since * resp.P).compress(),
Pinvremain: &(invremain * resp.P).compress(),
TId: &resp.TId.compress(),
TBucket: &resp.TBucket.compress(),
TInvRemain: &resp.TInvRemain.compress(),
TBlockages: &resp.TBlockages.compress(),
D: &state.D.compress(),
EncId0: &EncId.0.compress(),
EncId1: &EncId.1.compress(),
EncBucket0: &state.EncBucket.0.compress(),
EncBucket1: &state.EncBucket.1.compress(),
EncInvRemain0: &resp.EncInvRemain.0.compress(),
EncInvRemain1: &resp.EncInvRemain.1.compress(),
EncBlockages0: &state.EncBlockages.0.compress(),
EncBlockages1: &state.EncBlockages.1.compress(),
},

67
crates/lox-library/src/tests.rs
View File

@ -1391,17 +1391,8 @@ fn test_blockage_migration() {
println!("cred3 = {:?}", cred3);
assert!(th.ba.verify_lox(&cred3));
// Time passes
th.advance_days(56);
// Go up to level 4
let (_four_perf_stat, cred4) = th.level_up(&cred3);
assert!(scalar_u32(&cred4.trust_level).unwrap() == 4);
println!("cred4 = {:?}", cred4);
assert!(th.ba.verify_lox(&cred4));
// Get our bridges
let (id, key) = bridge_table::from_scalar(cred4.bucket).unwrap();
let (id, key) = bridge_table::from_scalar(cred3.bucket).unwrap();
let encbuckets = th.ba.enc_bridge_table();
let bucket =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
@ -1419,6 +1410,7 @@ fn test_blockage_migration() {
// Time passes
th.advance_days(1);
let encbuckets2 = th.ba.enc_bridge_table();
let bucket2 =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
@ -1426,62 +1418,15 @@ fn test_blockage_migration() {
assert!(bucket2.1.is_none());
// See about getting a Migration credential for the blockage
let (_block_perf_stat, migration) = th.check_blockage(&cred4);
let (_block_perf_stat, migration) = th.check_blockage(&cred3);
println!("migration = {:?}", migration);
// Migrate
let (_five_perf_stat, cred5) = th.blockage_migration(&cred4, &migration);
let (_four_perf_stat, cred4) = th.blockage_migration(&cred3, &migration);
assert!(scalar_u32(&cred5.trust_level).unwrap() == 2);
println!("cred5 = {:?}", cred5);
assert!(th.ba.verify_lox(&cred5));
// Time passes
th.advance_days(29);
// Go up to level 3
let (_six_perf_stat, cred6) = th.level_up(&cred5);
assert!(scalar_u32(&cred6.trust_level).unwrap() == 3);
println!("cred6 = {:?}", cred6);
assert!(th.ba.verify_lox(&cred6));
// Get our bridges
let (id, key) = bridge_table::from_scalar(cred6.bucket).unwrap();
let encbuckets = th.ba.enc_bridge_table();
let bucket =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets.get(&id).unwrap()).unwrap();
// We should have a Bridge Reachability credential
assert!(bucket.1.is_some());
// Oh, no! Two of our bridges are blocked!
th.ba.bridge_blocked(&bucket.0[1], &mut th.bdb);
th.ba.bridge_blocked(&bucket.0[2], &mut th.bdb);
println!("spares = {:?}", th.ba.bridge_table.spares);
println!("tmig = {:?}", th.ba.trustup_migration_table.table);
println!("bmig = {:?}", th.ba.blockage_migration_table.table);
println!("openinv = {:?}\n", th.bdb.openinv_buckets);
// Time passes
th.advance_days(1);
let encbuckets2 = th.ba.enc_bridge_table();
let bucket2 =
bridge_table::BridgeTable::decrypt_bucket(id, &key, encbuckets2.get(&id).unwrap()).unwrap();
// We should no longer have a Bridge Reachability credential
assert!(bucket2.1.is_none());
// See about getting a Migration credential for the blockage
let (_block_perf_stat, migration) = th.check_blockage(&cred6);
println!("migration = {:?}", migration);
// Migrate
let (_seven_perf_stat, cred7) = th.blockage_migration(&cred6, &migration);
assert!(scalar_u32(&cred7.trust_level).unwrap() == 1);
println!("cred7 = {:?}", cred7);
assert!(th.ba.verify_lox(&cred7));
println!("cred4 = {:?}", cred4);
assert!(th.ba.verify_lox(&cred4));
}
#[test]

4
crates/lox-wasm/Cargo.toml
View File

@ -15,12 +15,12 @@ readme = "README.md"
crate-type = ["cdylib"]
[dependencies]
getrandom = { version = "0.2.14", features = ["js"] }
getrandom = { version = "0.2", features = ["js"] }
julianday = "1.2.0"
lazy_static = "1.4.0"
lox-library = { path = "../lox-library", version = "0.1.0" }
lox_utils = { path = "../lox-utils", version = "0.1.0" }
wasm-bindgen = "0.2.92"
wasm-bindgen = "0.2"
time = "0.3.36"
serde_json = "1.0.113"