|
@@ -0,0 +1,40 @@
|
|
|
+/*! The various credentials used by the system. In each case, (P,Q)
|
|
|
+ * forms the MAC on the credential. This MAC is verifiable only by the
|
|
|
+ * issuing party, or if the issuing party issues a zero-knowledge proof
|
|
|
+ * of its correctness (as it does at issuing time). */
|
|
|
+
|
|
|
+use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
+use curve25519_dalek::scalar::Scalar;
|
|
|
+
|
|
|
+/// A migration credential. This credential authorizes the holder of
|
|
|
+/// the Lox credential with the given id to switch from bucket
|
|
|
+/// from_bucket to bucket to_bucket.
|
|
|
+pub struct Migration {
|
|
|
+ pub P: RistrettoPoint,
|
|
|
+ pub Q: RistrettoPoint,
|
|
|
+ pub lox_id: Scalar,
|
|
|
+ pub from_bucket: Scalar,
|
|
|
+ pub to_bucket: Scalar,
|
|
|
+}
|
|
|
+
|
|
|
+/// The main user credential in the Lox system. Its id is jointly
|
|
|
+/// generated by the user and the BA (bridge authority), but known only
|
|
|
+/// to the user. The level_since date is the Julian date of when this
|
|
|
+/// user was changed to the current trust level. (P_noopmigration,
|
|
|
+/// Q_noopmigration) are the MAC on the implicit no-op migration
|
|
|
+/// credential formed by the attributes (id, bucket, bucket), which
|
|
|
+/// authorizes the user to switch from its current bucket to the same
|
|
|
+/// bucket (i.e., a no-op). This can be useful for hiding from the BA
|
|
|
+/// whether or not the user is performing a bucket migration.
|
|
|
+pub struct Lox {
|
|
|
+ pub P: RistrettoPoint,
|
|
|
+ pub Q: RistrettoPoint,
|
|
|
+ pub id: Scalar,
|
|
|
+ pub bucket: Scalar,
|
|
|
+ pub trust_level: Scalar,
|
|
|
+ pub level_since: Scalar,
|
|
|
+ pub invites_remaining: Scalar,
|
|
|
+ pub invites_issued: Scalar,
|
|
|
+ pub P_noopmigration: RistrettoPoint,
|
|
|
+ pub Q_noopmigration: RistrettoPoint,
|
|
|
+}
|