iang
/
lox


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305
							/*! Unit tests that require access to the testing-only function
BridgeLine::random() or private fields */

use super::bridge_table::BridgeLine;
use super::proto::*;
use super::*;

struct TestHarness {
    bdb: BridgeDb,
    pub ba: BridgeAuth,
}

impl TestHarness {
    fn new() -> Self {
        // Create a BridegDb
        let bdb = BridgeDb::new(15);
        // Create a BridgeAuth
        let mut ba = BridgeAuth::new(bdb.pubkey);

        // Make 15 buckets with one random bridge each
        for _ in 0..15 {
            let bucket: [BridgeLine; 3] =
                [BridgeLine::random(), Default::default(), Default::default()];
            ba.bridge_table.new_bucket(bucket);
        }
        // Make 5 more buckets, each containing 3 of the previously
        // created bridges
        for i in 0u32..5 {
            let iusize = i as usize;
            let bucket: [BridgeLine; 3] = [
                ba.bridge_table.buckets[3 * iusize][0],
                ba.bridge_table.buckets[3 * iusize + 1][0],
                ba.bridge_table.buckets[3 * iusize + 2][0],
            ];
            ba.bridge_table.new_bucket(bucket);
            // Add the allowed migrations to the migration table
            ba.migration_table.table.insert(3 * i, 15 + i);
            ba.migration_table.table.insert(3 * i + 1, 15 + i);
            ba.migration_table.table.insert(3 * i + 2, 15 + i);
        }
        // Create the encrypted bridge table
        ba.enc_bridge_table();

        Self { bdb, ba }
    }

    fn advance_days(&mut self, days: u16) {
        self.ba.advance_days(days);
    }

    fn open_invite(&mut self) -> cred::Lox {
        // Issue an open invitation
        let inv = self.bdb.invite();

        // Use it to get a Lox credential
        let (req, state) = open_invite::request(&inv);
        let resp = self.ba.handle_open_invite(req).unwrap();
        open_invite::handle_response(state, resp, &self.ba.lox_pub).unwrap()
    }

    fn trust_promotion(&mut self, cred: &cred::Lox) -> cred::Migration {
        let (promreq, promstate) =
            trust_promotion::request(&cred, &self.ba.lox_pub, self.ba.today()).unwrap();
        let promresp = self.ba.handle_trust_promotion(promreq).unwrap();
        trust_promotion::handle_response(promstate, promresp).unwrap()
    }

    fn level0_migration(&mut self, loxcred: &cred::Lox, migcred: &cred::Migration) -> cred::Lox {
        let (migreq, migstate) =
            migration::request(loxcred, migcred, &self.ba.lox_pub, &self.ba.migration_pub).unwrap();
        let migresp = self.ba.handle_migration(migreq).unwrap();
        migration::handle_response(migstate, migresp, &self.ba.lox_pub).unwrap()
    }

    fn level_up(&mut self, cred: &cred::Lox) -> cred::Lox {
        // Read the bucket in the credential to get today's Bucket
        // Reachability credential
        let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
        let encbuckets = self.ba.enc_bridge_table();
        let bucket =
            bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
        let reachcred = bucket.1.unwrap();

        // Use the Bucket Reachability credential to advance to the next
        // level
        let (req, state) = level_up::request(
            &cred,
            &reachcred,
            &self.ba.lox_pub,
            &self.ba.reachability_pub,
            self.ba.today(),
        )
        .unwrap();
        let resp = self.ba.handle_level_up(req).unwrap();
        level_up::handle_response(state, resp, &self.ba.lox_pub).unwrap()
    }

    fn issue_invite(&mut self, cred: &cred::Lox) -> (cred::Lox, cred::Invitation) {
        // Read the bucket in the credential to get today's Bucket
        // Reachability credential
        let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
        let encbuckets = self.ba.enc_bridge_table();
        let bucket =
            bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
        let reachcred = bucket.1.unwrap();

        let (req, state) = issue_invite::request(
            &cred,
            &reachcred,
            &self.ba.lox_pub,
            &self.ba.reachability_pub,
            self.ba.today(),
        )
        .unwrap();
        let resp = self.ba.handle_issue_invite(req).unwrap();
        issue_invite::handle_response(state, resp, &self.ba.lox_pub, &self.ba.invitation_pub)
            .unwrap()
    }

    fn redeem_invite(&mut self, inv: &cred::Invitation) -> cred::Lox {
        let (req, state) =
            redeem_invite::request(&inv, &self.ba.invitation_pub, self.ba.today()).unwrap();
        let resp = self.ba.handle_redeem_invite(req).unwrap();
        redeem_invite::handle_response(state, resp, &self.ba.lox_pub).unwrap()
    }
}

#[test]
fn test_open_invite() {
    let mut th = TestHarness::new();

    // Join an untrusted user
    let cred = th.open_invite();

    // Check that we can use the credential to read a bucket
    let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
    let encbuckets = th.ba.enc_bridge_table();
    let bucket =
        bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
    println!("cred = {:?}", cred);
    println!("bucket = {:?}", bucket);
    assert!(bucket.1.is_none());
    assert!(th.ba.verify_lox(&cred));
}

#[test]
fn test_trust_promotion() {
    let mut th = TestHarness::new();

    let cred = th.open_invite();
    assert!(th.ba.verify_lox(&cred));

    // Time passes
    th.advance_days(47);

    let migcred = th.trust_promotion(&cred);
    assert!(th.ba.verify_migration(&migcred));

    // Check that we can use the to_bucket in the Migration credenital
    // to read a bucket
    let (id, key) = bridge_table::from_scalar(migcred.to_bucket).unwrap();
    let encbuckets = th.ba.enc_bridge_table();
    let bucket =
        bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
    println!("bucket = {:?}", bucket);
    assert!(th.ba.verify_reachability(&bucket.1.unwrap()));
}

#[test]
fn test_level0_migration() {
    let mut th = TestHarness::new();

    let cred = th.open_invite();
    assert!(th.ba.verify_lox(&cred));

    // Time passes
    th.advance_days(47);

    let migcred = th.trust_promotion(&cred);
    assert!(th.ba.verify_migration(&migcred));

    let newloxcred = th.level0_migration(&cred, &migcred);

    assert!(th.ba.verify_lox(&newloxcred));
    println!("newloxcred = {:?}", newloxcred);
    // Check that we can use the credenital to read a bucket
    let (id, key) = bridge_table::from_scalar(newloxcred.bucket).unwrap();
    let encbuckets = th.ba.enc_bridge_table();
    let bucket =
        bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
    println!("bucket = {:?}", bucket);
    assert!(th.ba.verify_reachability(&bucket.1.unwrap()));
}

#[test]
fn test_level_up() {
    let mut th = TestHarness::new();

    // Join an untrusted user
    let cred = th.open_invite();

    // Time passes
    th.advance_days(47);

    // Go up to level 1
    let migcred = th.trust_promotion(&cred);
    let cred1 = th.level0_migration(&cred, &migcred);
    assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);

    // Time passes
    th.advance_days(20);

    let cred2 = th.level_up(&cred1);
    assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
    println!("cred2 = {:?}", cred2);
    assert!(th.ba.verify_lox(&cred2));

    // Time passes
    th.advance_days(30);

    let cred3 = th.level_up(&cred2);
    assert!(scalar_u32(&cred3.trust_level).unwrap() == 3);
    println!("cred3 = {:?}", cred3);
    assert!(th.ba.verify_lox(&cred3));

    // Time passes
    th.advance_days(60);

    let cred4 = th.level_up(&cred3);
    assert!(scalar_u32(&cred3.trust_level).unwrap() == 3);
    println!("cred4 = {:?}", cred4);
    assert!(th.ba.verify_lox(&cred4));
}

#[test]
fn test_issue_invite() {
    let mut th = TestHarness::new();

    // Join an untrusted user
    let cred = th.open_invite();

    // Time passes
    th.advance_days(47);

    // Go up to level 1
    let migcred = th.trust_promotion(&cred);
    let cred1 = th.level0_migration(&cred, &migcred);
    assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);

    // Time passes
    th.advance_days(20);

    // Go up to level 2
    let cred2 = th.level_up(&cred1);
    assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
    println!("cred2 = {:?}", cred2);
    assert!(th.ba.verify_lox(&cred2));

    // Issue an invitation
    let (cred2a, invite) = th.issue_invite(&cred2);
    assert!(th.ba.verify_lox(&cred2a));
    assert!(th.ba.verify_invitation(&invite));
    println!("cred2a = {:?}", cred2a);
    println!("invite = {:?}", invite);
}

#[test]
fn test_redeem_invite() {
    let mut th = TestHarness::new();

    // Join an untrusted user
    let cred = th.open_invite();

    // Time passes
    th.advance_days(47);

    // Go up to level 1
    let migcred = th.trust_promotion(&cred);
    let cred1 = th.level0_migration(&cred, &migcred);
    assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);

    // Time passes
    th.advance_days(20);

    // Go up to level 2
    let cred2 = th.level_up(&cred1);
    assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
    println!("cred2 = {:?}", cred2);
    assert!(th.ba.verify_lox(&cred2));

    // Issue an invitation to Bob
    let (cred2a, bob_invite) = th.issue_invite(&cred2);
    assert!(th.ba.verify_lox(&cred2a));
    assert!(th.ba.verify_invitation(&bob_invite));
    println!("cred2a = {:?}", cred2a);
    println!("bob_invite = {:?}", bob_invite);

    // Time passes
    th.advance_days(12);

    // Bob joins the system
    let bob_cred = th.redeem_invite(&bob_invite);
    assert!(th.ba.verify_lox(&bob_cred));
    println!("bob_cred = {:?}", bob_cred);
}