|
@@ -79,6 +79,7 @@ pub fn encrypt_cred(
|
|
|
id: &Scalar,
|
|
|
from_bucket: &Scalar,
|
|
|
to_bucket: &Scalar,
|
|
|
+ mig_type: &Scalar,
|
|
|
Pktable: &RistrettoBasepointTable,
|
|
|
migration_priv: &IssuerPrivKey,
|
|
|
migrationkey_priv: &IssuerPrivKey,
|
|
@@ -100,7 +101,8 @@ pub fn encrypt_cred(
|
|
|
* (migration_priv.x[0]
|
|
|
+ migration_priv.x[1] * id
|
|
|
+ migration_priv.x[2] * from_bucket
|
|
|
- + migration_priv.x[3] * to_bucket))
|
|
|
+ + migration_priv.x[3] * to_bucket
|
|
|
+ + migration_priv.x[4] * mig_type))
|
|
|
* Btable;
|
|
|
|
|
|
// Serialize (to_bucket, P, Q)
|
|
@@ -139,7 +141,8 @@ pub fn encrypt_cred(
|
|
|
|
|
|
/// Create an encrypted Migration credential for returning to the user
|
|
|
/// in the trust promotion protocol, given the ids of the from and to
|
|
|
-/// buckets, and using a BridgeTable to get the bucket keys.
|
|
|
+/// buckets, and the migration type, and using a BridgeTable to get the
|
|
|
+/// bucket keys.
|
|
|
///
|
|
|
/// Otherwise the same as encrypt_cred, above, except it returns an
|
|
|
/// Option in case the passed ids were invalid.
|
|
@@ -147,6 +150,7 @@ pub fn encrypt_cred_ids(
|
|
|
id: &Scalar,
|
|
|
from_id: u32,
|
|
|
to_id: u32,
|
|
|
+ mig_type: &Scalar,
|
|
|
bridgetable: &bridge_table::BridgeTable,
|
|
|
Pktable: &RistrettoBasepointTable,
|
|
|
migration_priv: &IssuerPrivKey,
|
|
@@ -159,6 +163,7 @@ pub fn encrypt_cred_ids(
|
|
|
id,
|
|
|
&bridge_table::to_scalar(from_id, fromkey),
|
|
|
&bridge_table::to_scalar(to_id, tokey),
|
|
|
+ mig_type,
|
|
|
Pktable,
|
|
|
migration_priv,
|
|
|
migrationkey_priv,
|
|
@@ -192,6 +197,7 @@ impl MigrationTable {
|
|
|
id,
|
|
|
*from_id,
|
|
|
*to_id,
|
|
|
+ &self.migration_type,
|
|
|
bridgetable,
|
|
|
Pktable,
|
|
|
migration_priv,
|
|
@@ -203,12 +209,14 @@ impl MigrationTable {
|
|
|
}
|
|
|
|
|
|
/// Decrypt an encrypted Migration credential given Qk, the known
|
|
|
-/// attributes id and from_bucket for the Migration credential, and a
|
|
|
-/// HashMap mapping labels to ciphertexts.
|
|
|
+/// attributes id and from_bucket for the Migration credential as well
|
|
|
+/// as the known migration type, and a HashMap mapping labels to
|
|
|
+/// ciphertexts.
|
|
|
pub fn decrypt_cred(
|
|
|
Qk: &RistrettoPoint,
|
|
|
lox_id: &Scalar,
|
|
|
from_bucket: &Scalar,
|
|
|
+ mig_type: MigrationType,
|
|
|
enc_migration_table: &HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
|
|
|
) -> Option<Migration> {
|
|
|
// Compute the hash of (id, from_bucket, Qk)
|
|
@@ -248,5 +256,6 @@ pub fn decrypt_cred(
|
|
|
lox_id: *lox_id,
|
|
|
from_bucket: *from_bucket,
|
|
|
to_bucket,
|
|
|
+ mig_type: mig_type.into(),
|
|
|
})
|
|
|
}
|