123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452 |
- /*! Unit tests that require access to the testing-only function
- BridgeLine::random() or private fields */
- use super::bridge_table::BridgeLine;
- use super::proto::*;
- use super::*;
- struct TestHarness {
- bdb: BridgeDb,
- pub ba: BridgeAuth,
- }
- impl TestHarness {
- fn new() -> Self {
- // Create a BridegDb
- let mut bdb = BridgeDb::new();
- // Create a BridgeAuth
- let mut ba = BridgeAuth::new(bdb.pubkey);
- // Make 15 open invitation bridges, in 5 sets of 3
- for _ in 0..5 {
- let bucket = [
- BridgeLine::random(),
- BridgeLine::random(),
- BridgeLine::random(),
- ];
- ba.add_openinv_bridges(bucket, &mut bdb);
- }
- // Add 5 more hot spare buckets
- for _ in 0..5 {
- let bucket = [
- BridgeLine::random(),
- BridgeLine::random(),
- BridgeLine::random(),
- ];
- ba.add_spare_bucket(bucket);
- }
- // Create the encrypted bridge table
- ba.enc_bridge_table();
- Self { bdb, ba }
- }
- fn advance_days(&mut self, days: u16) {
- self.ba.advance_days(days);
- }
- fn open_invite(&mut self) -> (usize, usize, (cred::Lox, bridge_table::BridgeLine)) {
- // Issue an open invitation
- let inv = self.bdb.invite();
- // Use it to get a Lox credential
- let (req, state) = open_invite::request(&inv);
- let encoded: Vec<u8> = bincode::serialize(&req).unwrap();
- let req_len = encoded.len();
- let decoded: open_invite::Request = bincode::deserialize(&encoded[..]).unwrap();
- let resp = self.ba.handle_open_invite(decoded).unwrap();
- let encoded_resp: Vec<u8> = bincode::serialize(&resp).unwrap();
- let resp_len = encoded_resp.len();
- let decode_resp: open_invite::Response = bincode::deserialize(&encoded_resp[..]).unwrap();
- return (
- req_len,
- resp_len,
- (open_invite::handle_response(state, decode_resp, &self.ba.lox_pub).unwrap()),
- );
- }
- fn trust_promotion(&mut self, cred: &cred::Lox) -> cred::Migration {
- let (promreq, promstate) =
- trust_promotion::request(&cred, &self.ba.lox_pub, self.ba.today()).unwrap();
- let promresp = self.ba.handle_trust_promotion(promreq).unwrap();
- trust_promotion::handle_response(promstate, promresp).unwrap()
- }
- fn level0_migration(&mut self, loxcred: &cred::Lox, migcred: &cred::Migration) -> cred::Lox {
- let (migreq, migstate) =
- migration::request(loxcred, migcred, &self.ba.lox_pub, &self.ba.migration_pub).unwrap();
- let migresp = self.ba.handle_migration(migreq).unwrap();
- migration::handle_response(migstate, migresp, &self.ba.lox_pub).unwrap()
- }
- fn level_up(&mut self, cred: &cred::Lox) -> cred::Lox {
- // Read the bucket in the credential to get today's Bucket
- // Reachability credential
- let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
- let encbuckets = self.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- let reachcred = bucket.1.unwrap();
- // Use the Bucket Reachability credential to advance to the next
- // level
- let (req, state) = level_up::request(
- &cred,
- &reachcred,
- &self.ba.lox_pub,
- &self.ba.reachability_pub,
- self.ba.today(),
- )
- .unwrap();
- let resp = self.ba.handle_level_up(req).unwrap();
- level_up::handle_response(state, resp, &self.ba.lox_pub).unwrap()
- }
- fn issue_invite(&mut self, cred: &cred::Lox) -> (cred::Lox, cred::Invitation) {
- // Read the bucket in the credential to get today's Bucket
- // Reachability credential
- let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
- let encbuckets = self.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- let reachcred = bucket.1.unwrap();
- let (req, state) = issue_invite::request(
- &cred,
- &reachcred,
- &self.ba.lox_pub,
- &self.ba.reachability_pub,
- self.ba.today(),
- )
- .unwrap();
- let resp = self.ba.handle_issue_invite(req).unwrap();
- issue_invite::handle_response(state, resp, &self.ba.lox_pub, &self.ba.invitation_pub)
- .unwrap()
- }
- fn redeem_invite(&mut self, inv: &cred::Invitation) -> cred::Lox {
- let (req, state) =
- redeem_invite::request(&inv, &self.ba.invitation_pub, self.ba.today()).unwrap();
- let resp = self.ba.handle_redeem_invite(req).unwrap();
- redeem_invite::handle_response(state, resp, &self.ba.lox_pub).unwrap()
- }
- fn check_blockage(&mut self, cred: &cred::Lox) -> cred::Migration {
- let (req, state) = check_blockage::request(&cred, &self.ba.lox_pub).unwrap();
- let resp = self.ba.handle_check_blockage(req).unwrap();
- check_blockage::handle_response(state, resp).unwrap()
- }
- fn blockage_migration(&mut self, cred: &cred::Lox, mig: &cred::Migration) -> cred::Lox {
- let (req, state) =
- blockage_migration::request(&cred, &mig, &self.ba.lox_pub, &self.ba.migration_pub)
- .unwrap();
- let resp = self.ba.handle_blockage_migration(req).unwrap();
- blockage_migration::handle_response(state, resp, &self.ba.lox_pub).unwrap()
- }
- }
- #[test]
- fn test_open_invite() {
- let mut th = TestHarness::new();
- // Join an untrusted user
- let (ser_req, ser_resp, (cred, bridgeline)) = th.open_invite();
- // Check that we can use the credential to read a bucket
- let (id, key) = bridge_table::from_scalar(cred.bucket).unwrap();
- let encbuckets = th.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- println!("Request size = {:?}", ser_req);
- println!("Response size = {:?}", ser_resp);
- println!("cred = {:?}", cred);
- println!("bucket = {:?}", bucket);
- println!("bridgeline = {:?}", bridgeline);
- assert!(bucket.1.is_none());
- assert!(th.ba.verify_lox(&cred));
- assert!(bridgeline == bucket.0[0]);
- }
- #[test]
- fn test_trust_promotion() {
- let mut th = TestHarness::new();
- let cred = th.open_invite().2 .0;
- assert!(th.ba.verify_lox(&cred));
- // Time passes
- th.advance_days(47);
- let migcred = th.trust_promotion(&cred);
- assert!(th.ba.verify_migration(&migcred));
- // Check that we can use the to_bucket in the Migration credenital
- // to read a bucket
- let (id, key) = bridge_table::from_scalar(migcred.to_bucket).unwrap();
- let encbuckets = th.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- println!("bucket = {:?}", bucket);
- assert!(th.ba.verify_reachability(&bucket.1.unwrap()));
- }
- #[test]
- fn test_level0_migration() {
- let mut th = TestHarness::new();
- let cred = th.open_invite().2 .0;
- assert!(th.ba.verify_lox(&cred));
- // Time passes
- th.advance_days(47);
- let migcred = th.trust_promotion(&cred);
- assert!(th.ba.verify_migration(&migcred));
- let newloxcred = th.level0_migration(&cred, &migcred);
- assert!(th.ba.verify_lox(&newloxcred));
- println!("newloxcred = {:?}", newloxcred);
- // Check that we can use the credenital to read a bucket
- let (id, key) = bridge_table::from_scalar(newloxcred.bucket).unwrap();
- let encbuckets = th.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- println!("bucket = {:?}", bucket);
- assert!(th.ba.verify_reachability(&bucket.1.unwrap()));
- }
- #[test]
- fn test_level_up() {
- let mut th = TestHarness::new();
- // Join an untrusted user
- let cred = th.open_invite().2 .0;
- // Time passes
- th.advance_days(47);
- // Go up to level 1
- let migcred = th.trust_promotion(&cred);
- let cred1 = th.level0_migration(&cred, &migcred);
- assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);
- // Time passes
- th.advance_days(20);
- let cred2 = th.level_up(&cred1);
- assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
- println!("cred2 = {:?}", cred2);
- assert!(th.ba.verify_lox(&cred2));
- // Time passes
- th.advance_days(30);
- let cred3 = th.level_up(&cred2);
- assert!(scalar_u32(&cred3.trust_level).unwrap() == 3);
- println!("cred3 = {:?}", cred3);
- assert!(th.ba.verify_lox(&cred3));
- // Time passes
- th.advance_days(60);
- let cred4 = th.level_up(&cred3);
- assert!(scalar_u32(&cred3.trust_level).unwrap() == 3);
- println!("cred4 = {:?}", cred4);
- assert!(th.ba.verify_lox(&cred4));
- }
- #[test]
- fn test_issue_invite() {
- let mut th = TestHarness::new();
- // Join an untrusted user
- let cred = th.open_invite().2 .0;
- // Time passes
- th.advance_days(47);
- // Go up to level 1
- let migcred = th.trust_promotion(&cred);
- let cred1 = th.level0_migration(&cred, &migcred);
- assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);
- // Time passes
- th.advance_days(20);
- // Go up to level 2
- let cred2 = th.level_up(&cred1);
- assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
- println!("cred2 = {:?}", cred2);
- assert!(th.ba.verify_lox(&cred2));
- // Issue an invitation
- let (cred2a, invite) = th.issue_invite(&cred2);
- assert!(th.ba.verify_lox(&cred2a));
- assert!(th.ba.verify_invitation(&invite));
- println!("cred2a = {:?}", cred2a);
- println!("invite = {:?}", invite);
- }
- #[test]
- fn test_redeem_invite() {
- let mut th = TestHarness::new();
- // Join an untrusted user
- let cred = th.open_invite().2 .0;
- // Time passes
- th.advance_days(47);
- // Go up to level 1
- let migcred = th.trust_promotion(&cred);
- let cred1 = th.level0_migration(&cred, &migcred);
- assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);
- // Time passes
- th.advance_days(20);
- // Go up to level 2
- let cred2 = th.level_up(&cred1);
- assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
- println!("cred2 = {:?}", cred2);
- assert!(th.ba.verify_lox(&cred2));
- // Issue an invitation to Bob
- let (cred2a, bob_invite) = th.issue_invite(&cred2);
- assert!(th.ba.verify_lox(&cred2a));
- assert!(th.ba.verify_invitation(&bob_invite));
- println!("cred2a = {:?}", cred2a);
- println!("bob_invite = {:?}", bob_invite);
- // Time passes
- th.advance_days(12);
- // Bob joins the system
- let bob_cred = th.redeem_invite(&bob_invite);
- assert!(th.ba.verify_lox(&bob_cred));
- println!("bob_cred = {:?}", bob_cred);
- }
- #[test]
- fn test_mark_unreachable() {
- let mut th = TestHarness::new();
- println!("spares = {:?}", th.ba.bridge_table.spares);
- println!("tmig = {:?}", th.ba.trustup_migration_table.table);
- println!("bmig = {:?}", th.ba.blockage_migration_table.table);
- println!("openinv = {:?}\n", th.bdb.openinv_buckets);
- // Mark a bridge in an untrusted bucket as unreachable
- let b6 = th.ba.bridge_table.buckets[6][0];
- th.ba.bridge_unreachable(&b6, &mut th.bdb);
- println!("spares = {:?}", th.ba.bridge_table.spares);
- println!("tmig = {:?}", th.ba.trustup_migration_table.table);
- println!("bmig = {:?}", th.ba.blockage_migration_table.table);
- println!("openinv = {:?}\n", th.bdb.openinv_buckets);
- // Mark another bridge grouped to the same trusted bucket as
- // unreachable
- let b7 = th.ba.bridge_table.buckets[7][0];
- th.ba.bridge_unreachable(&b7, &mut th.bdb);
- println!("spares = {:?}", th.ba.bridge_table.spares);
- println!("tmig = {:?}", th.ba.trustup_migration_table.table);
- println!("bmig = {:?}", th.ba.blockage_migration_table.table);
- println!("openinv = {:?}\n", th.bdb.openinv_buckets);
- // That will have introduced a blockage migration. Get the target
- let target: u32 = *th
- .ba
- .blockage_migration_table
- .table
- .iter()
- .next()
- .unwrap()
- .1;
- // Block two of the bridges in that target bucket
- let bt1 = th.ba.bridge_table.buckets[target as usize][1];
- let bt2 = th.ba.bridge_table.buckets[target as usize][2];
- th.ba.bridge_unreachable(&bt1, &mut th.bdb);
- th.ba.bridge_unreachable(&bt2, &mut th.bdb);
- println!("spares = {:?}", th.ba.bridge_table.spares);
- println!("tmig = {:?}", th.ba.trustup_migration_table.table);
- println!("bmig = {:?}", th.ba.blockage_migration_table.table);
- println!("openinv = {:?}\n", th.bdb.openinv_buckets);
- }
- #[test]
- fn test_blockage_migration() {
- let mut th = TestHarness::new();
- // Join an untrusted user
- let cred = th.open_invite().2 .0;
- // Time passes
- th.advance_days(47);
- // Go up to level 1
- let migcred = th.trust_promotion(&cred);
- let cred1 = th.level0_migration(&cred, &migcred);
- assert!(scalar_u32(&cred1.trust_level).unwrap() == 1);
- // Time passes
- th.advance_days(20);
- // Go up to level 2
- let cred2 = th.level_up(&cred1);
- assert!(scalar_u32(&cred2.trust_level).unwrap() == 2);
- println!("cred2 = {:?}", cred2);
- assert!(th.ba.verify_lox(&cred2));
- // Time passes
- th.advance_days(29);
- // Go up to level 3
- let cred3 = th.level_up(&cred2);
- assert!(scalar_u32(&cred3.trust_level).unwrap() == 3);
- println!("cred3 = {:?}", cred3);
- assert!(th.ba.verify_lox(&cred3));
- // Get our bridges
- let (id, key) = bridge_table::from_scalar(cred3.bucket).unwrap();
- let encbuckets = th.ba.enc_bridge_table();
- let bucket =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
- // We should have a Bridge Reachability credential
- assert!(bucket.1.is_some());
- // Oh, no! Two of our bridges are blocked!
- th.ba.bridge_unreachable(&bucket.0[0], &mut th.bdb);
- th.ba.bridge_unreachable(&bucket.0[2], &mut th.bdb);
- println!("spares = {:?}", th.ba.bridge_table.spares);
- println!("tmig = {:?}", th.ba.trustup_migration_table.table);
- println!("bmig = {:?}", th.ba.blockage_migration_table.table);
- println!("openinv = {:?}\n", th.bdb.openinv_buckets);
- // Time passes
- th.advance_days(1);
- let encbuckets2 = th.ba.enc_bridge_table();
- let bucket2 =
- bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets2[id as usize]).unwrap();
- // We should no longer have a Bridge Reachability credential
- assert!(bucket2.1.is_none());
- // See about getting a Migration credential for the blockage
- let migration = th.check_blockage(&cred3);
- println!("migration = {:?}", migration);
- // Migrate
- let cred4 = th.blockage_migration(&cred3, &migration);
- println!("cred4 = {:?}", cred4);
- assert!(th.ba.verify_lox(&cred4));
- }
|