Home Explore Help
Sign In
iang
/
lox
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add a migration type attribute to the Migration credential

Ian Goldberg 3 years ago
parent
0e5876a939
commit
5f71cd501c
4 changed files with 27 additions and 8 deletions
Split View Show Diff Stats
  1. 6 1
      src/cred.rs
  2. 1 2
      src/lib.rs
  3. 13 4
      src/migration_table.rs
  4. 7 1
      src/proto/trust_promotion.rs

+ 6 - 1
src/cred.rs
View File 

@@ -10,7 +10,11 @@ use curve25519_dalek::scalar::Scalar;
 
 /// A migration credential.
 
 ///
 
 /// This credential authorizes the holder of the Lox credential with the
 
-/// given id to switch from bucket from_bucket to bucket to_bucket.
 
+/// given id to switch from bucket from_bucket to bucket to_bucket.  The
 
+/// mig_type attribute is 0 for trust upgrade migrations (moving from a
 
+/// 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1 for
 
+/// blockage migrations (moving buckets because the from_bucket has been
 
+/// blocked).
 
 #[derive(Debug)]
 
 pub struct Migration {
 
     pub P: RistrettoPoint,
 
@@ -18,6 +22,7 @@ pub struct Migration {
 
     pub lox_id: Scalar,
 
     pub from_bucket: Scalar,
 
     pub to_bucket: Scalar,
 
+    pub mig_type: Scalar,
 
 }
 
 
 /// The main user credential in the Lox system.

+ 1 - 2
src/lib.rs
View File 

@@ -249,7 +249,7 @@ impl BridgeAuth {
 
         // credential, each with the appropriate number of attributes
 
         let lox_priv = IssuerPrivKey::new(6);
 
         let lox_pub = IssuerPubKey::new(&lox_priv);
 
-        let migration_priv = IssuerPrivKey::new(3);
 
+        let migration_priv = IssuerPrivKey::new(4);
 
         let migration_pub = IssuerPubKey::new(&migration_priv);
 
         let migrationkey_priv = IssuerPrivKey::new(2);
 
         let migrationkey_pub = IssuerPubKey::new(&migrationkey_priv);
 
@@ -297,7 +297,6 @@ impl BridgeAuth {
 
             single[0] = *b;
 
             let snum = self.bridge_table.new_bucket(&single);
 
             bdb.insert_openinv(snum);
 
-            println!("Adding {} -> {}", snum, bnum);
 
             self.trustup_migration_table.table.insert(snum, bnum);
 
         }
 
     }

+ 13 - 4
src/migration_table.rs
View File 

@@ -79,6 +79,7 @@ pub fn encrypt_cred(
 
     id: &Scalar,
 
     from_bucket: &Scalar,
 
     to_bucket: &Scalar,
 
+    mig_type: &Scalar,
 
     Pktable: &RistrettoBasepointTable,
 
     migration_priv: &IssuerPrivKey,
 
     migrationkey_priv: &IssuerPrivKey,
 
@@ -100,7 +101,8 @@ pub fn encrypt_cred(
 
         * (migration_priv.x[0]
 
             + migration_priv.x[1] * id
 
             + migration_priv.x[2] * from_bucket
 
-            + migration_priv.x[3] * to_bucket))
 
+            + migration_priv.x[3] * to_bucket
 
+            + migration_priv.x[4] * mig_type))
 
         * Btable;
 
 
     // Serialize (to_bucket, P, Q)
 
@@ -139,7 +141,8 @@ pub fn encrypt_cred(
 
 
 /// Create an encrypted Migration credential for returning to the user
 
 /// in the trust promotion protocol, given the ids of the from and to
 
-/// buckets, and using a BridgeTable to get the bucket keys.
 
+/// buckets, and the migration type, and using a BridgeTable to get the
 
+/// bucket keys.
 
 ///
 
 /// Otherwise the same as encrypt_cred, above, except it returns an
 
 /// Option in case the passed ids were invalid.
 
@@ -147,6 +150,7 @@ pub fn encrypt_cred_ids(
 
     id: &Scalar,
 
     from_id: u32,
 
     to_id: u32,
 
+    mig_type: &Scalar,
 
     bridgetable: &bridge_table::BridgeTable,
 
     Pktable: &RistrettoBasepointTable,
 
     migration_priv: &IssuerPrivKey,
 
@@ -159,6 +163,7 @@ pub fn encrypt_cred_ids(
 
         id,
 
         &bridge_table::to_scalar(from_id, fromkey),
 
         &bridge_table::to_scalar(to_id, tokey),
 
+        mig_type,
 
         Pktable,
 
         migration_priv,
 
         migrationkey_priv,
 
@@ -192,6 +197,7 @@ impl MigrationTable {
 
                     id,
 
                     *from_id,
 
                     *to_id,
 
+                    &self.migration_type,
 
                     bridgetable,
 
                     Pktable,
 
                     migration_priv,
 
@@ -203,12 +209,14 @@ impl MigrationTable {
 
 }
 
 
 /// Decrypt an encrypted Migration credential given Qk, the known
 
-/// attributes id and from_bucket for the Migration credential, and a
 
-/// HashMap mapping labels to ciphertexts.
 
+/// attributes id and from_bucket for the Migration credential as well
 
+/// as the known migration type, and a HashMap mapping labels to
 
+/// ciphertexts.
 
 pub fn decrypt_cred(
 
     Qk: &RistrettoPoint,
 
     lox_id: &Scalar,
 
     from_bucket: &Scalar,
 
+    mig_type: MigrationType,
 
     enc_migration_table: &HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
 
 ) -> Option<Migration> {
 
     // Compute the hash of (id, from_bucket, Qk)
 
@@ -248,5 +256,6 @@ pub fn decrypt_cred(
 
         lox_id: *lox_id,
 
         from_bucket: *from_bucket,
 
         to_bucket,
 
+        mig_type: mig_type.into(),
 
     })
 
 }

+ 7 - 1
src/proto/trust_promotion.rs
View File 

@@ -542,7 +542,13 @@ pub fn handle_response(state: State, resp: Response) -> Result<cred::Migration,
 
     let Qk = resp.EncQk.1 - (state.d * resp.EncQk.0);
 
 
     // Use Qk to locate and decrypt the Migration credential
 
-    match migration_table::decrypt_cred(&Qk, &state.id, &state.bucket, &resp.enc_migration_table) {
 
+    match migration_table::decrypt_cred(
 
+        &Qk,
 
+        &state.id,
 
+        &state.bucket,
 
+        migration_table::MigrationType::TrustUpgrade,
 
+        &resp.enc_migration_table,
 
+    ) {
 
         Some(m) => Ok(m),
 
         None => Err(ProofError::VerificationFailure),
 
     }