|
@@ -20,6 +20,8 @@ extern crate zkp;
|
|
|
pub mod bridge_table;
|
|
|
pub mod cred;
|
|
|
pub mod dup_filter;
|
|
|
+pub mod migration_table;
|
|
|
+pub mod trust_promotion;
|
|
|
|
|
|
use sha2::Sha512;
|
|
|
|
|
@@ -178,6 +180,10 @@ pub struct BridgeAuth {
|
|
|
migration_priv: IssuerPrivKey,
|
|
|
/// The public key for migration credentials
|
|
|
pub migration_pub: IssuerPubKey,
|
|
|
+ /// The private key for migration key credentials
|
|
|
+ migrationkey_priv: IssuerPrivKey,
|
|
|
+ /// The public key for migration key credentials
|
|
|
+ pub migrationkey_pub: IssuerPubKey,
|
|
|
|
|
|
/// The public key of the BridgeDb issuing open invitations
|
|
|
pub bridgedb_pub: PublicKey,
|
|
@@ -185,10 +191,16 @@ pub struct BridgeAuth {
|
|
|
/// The bridge table
|
|
|
bridge_table: bridge_table::BridgeTable,
|
|
|
|
|
|
+ /// The migration table
|
|
|
+ migration_table: migration_table::MigrationTable,
|
|
|
+
|
|
|
/// Duplicate filter for open invitations
|
|
|
openinv_filter: dup_filter::DupFilter<Scalar>,
|
|
|
/// Duplicate filter for credential ids
|
|
|
id_filter: dup_filter::DupFilter<Scalar>,
|
|
|
+ /// Duplicate filter for trust promotions (from untrusted level 0 to
|
|
|
+ /// trusted level 1)
|
|
|
+ trust_promotion_filter: dup_filter::DupFilter<Scalar>,
|
|
|
|
|
|
/// For testing only: offset of the true time to the simulated time
|
|
|
time_offset: time::Duration,
|
|
@@ -196,19 +208,27 @@ pub struct BridgeAuth {
|
|
|
|
|
|
impl BridgeAuth {
|
|
|
pub fn new(bridgedb_pub: PublicKey) -> Self {
|
|
|
+ // Create the private and public keys for each of the types of
|
|
|
+ // credential, each with the appropriate number of attributes
|
|
|
let lox_priv = IssuerPrivKey::new(6);
|
|
|
let lox_pub = IssuerPubKey::new(&lox_priv);
|
|
|
let migration_priv = IssuerPrivKey::new(3);
|
|
|
let migration_pub = IssuerPubKey::new(&migration_priv);
|
|
|
+ let migrationkey_priv = IssuerPrivKey::new(2);
|
|
|
+ let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
|
|
|
Self {
|
|
|
lox_priv,
|
|
|
lox_pub,
|
|
|
migration_priv,
|
|
|
migration_pub,
|
|
|
+ migrationkey_priv,
|
|
|
+ migrationkey_pub,
|
|
|
bridgedb_pub,
|
|
|
bridge_table: Default::default(),
|
|
|
+ migration_table: Default::default(),
|
|
|
openinv_filter: Default::default(),
|
|
|
id_filter: Default::default(),
|
|
|
+ trust_promotion_filter: Default::default(),
|
|
|
time_offset: time::Duration::zero(),
|
|
|
}
|
|
|
}
|
|
@@ -284,4 +304,48 @@ mod tests {
|
|
|
println!("cred = {:?}", cred);
|
|
|
println!("bucket = {:?}", bucket);
|
|
|
}
|
|
|
+
|
|
|
+ #[test]
|
|
|
+ fn test_trust_promotion() {
|
|
|
+ // Create a BridegDb
|
|
|
+ let bdb = BridgeDb::new(15);
|
|
|
+ // Create a BridgeAuth
|
|
|
+ let mut ba = BridgeAuth::new(bdb.pubkey);
|
|
|
+
|
|
|
+ // Make 15 buckets with one random bridge each
|
|
|
+ for _ in 0..15 {
|
|
|
+ let bucket: [BridgeLine; 3] =
|
|
|
+ [BridgeLine::random(), Default::default(), Default::default()];
|
|
|
+ ba.bridge_table.new_bucket(bucket);
|
|
|
+ }
|
|
|
+ // Make 5 more buckets, each containing 3 of the previously
|
|
|
+ // created bridges
|
|
|
+ for i in 0u32..5 {
|
|
|
+ let iusize = i as usize;
|
|
|
+ let bucket: [BridgeLine; 3] = [
|
|
|
+ ba.bridge_table.buckets[3 * iusize][0],
|
|
|
+ ba.bridge_table.buckets[3 * iusize + 1][0],
|
|
|
+ ba.bridge_table.buckets[3 * iusize + 2][0],
|
|
|
+ ];
|
|
|
+ ba.bridge_table.new_bucket(bucket);
|
|
|
+ // Add the allowed migrations to the migration table
|
|
|
+ ba.migration_table.table.push((3 * i, 15 + i));
|
|
|
+ ba.migration_table.table.push((3 * i + 1, 15 + i));
|
|
|
+ ba.migration_table.table.push((3 * i + 2, 15 + i));
|
|
|
+ }
|
|
|
+ // Create the encrypted bridge table
|
|
|
+ ba.bridge_table.encrypt_table();
|
|
|
+
|
|
|
+ // Issue an open invitation
|
|
|
+ let inv = bdb.invite();
|
|
|
+
|
|
|
+ // Use it to get a Lox credential
|
|
|
+ let (req, state) = open_invite::request(&inv);
|
|
|
+ let resp = ba.handle_open_invite(req).unwrap();
|
|
|
+ let cred =
|
|
|
+ open_invite::handle_response(state, resp, &ba.lox_pub, &ba.migration_pub).unwrap();
|
|
|
+
|
|
|
+ // Time passes
|
|
|
+ ba.advance_days(40);
|
|
|
+ }
|
|
|
}
|