|
@@ -38,13 +38,13 @@ and a new Lox credential to be issued:
|
|
|
|
|
|
|
|
*/
|
|
*/
|
|
|
|
|
|
|
|
-use super::super::scalar_u32;
|
|
|
|
|
-use super::errors::CredentialError;
|
|
|
|
|
use crate::lox_creds::{BucketReachability, Lox};
|
|
use crate::lox_creds::{BucketReachability, Lox};
|
|
|
|
|
+use super::super::scalar_u32;
|
|
|
use cmz::*;
|
|
use cmz::*;
|
|
|
use curve25519_dalek::ristretto::RistrettoPoint as G;
|
|
use curve25519_dalek::ristretto::RistrettoPoint as G;
|
|
|
use ff::PrimeField;
|
|
use ff::PrimeField;
|
|
|
use rand_core::RngCore;
|
|
use rand_core::RngCore;
|
|
|
|
|
+use super::errors::CredentialError;
|
|
|
use sha2::Sha512;
|
|
use sha2::Sha512;
|
|
|
|
|
|
|
|
/// The maximum trust level in the system. A user can run this level
|
|
/// The maximum trust level in the system. A user can run this level
|
|
@@ -74,7 +74,7 @@ pub const LEVEL_INVITATIONS: [u32; MAX_LEVEL + 1] = [0, 2, 4, 6, 8];
|
|
|
// one or more bits to the ZKP.
|
|
// one or more bits to the ZKP.
|
|
|
pub const MAX_BLOCKAGES: [u32; MAX_LEVEL + 1] = [0, 4, 3, 2, 2];
|
|
pub const MAX_BLOCKAGES: [u32; MAX_LEVEL + 1] = [0, 4, 3, 2, 2];
|
|
|
|
|
|
|
|
-CMZProtocol! { level_up<credential_expiry, eligibility_max_age, invitations, max_blockage>,
|
|
|
|
|
|
|
+CMZProtocol! { level_up<credential_expiry, eligibility_max_age, max_blockage>,
|
|
|
[ L: Lox { id: R, bucket: H, trust_level: R, level_since: H, invites_remaining: H, blockages: H },
|
|
[ L: Lox { id: R, bucket: H, trust_level: R, level_since: H, invites_remaining: H, blockages: H },
|
|
|
B: BucketReachability { date: R, bucket: H } ],
|
|
B: BucketReachability { date: R, bucket: H } ],
|
|
|
N: Lox {id: J, bucket: H, trust_level: R, level_since: S, invites_remaining: I, blockages: H },
|
|
N: Lox {id: J, bucket: H, trust_level: R, level_since: S, invites_remaining: I, blockages: H },
|
|
@@ -85,18 +85,14 @@ CMZProtocol! { level_up<credential_expiry, eligibility_max_age, invitations, max
|
|
|
B.bucket = L.bucket,
|
|
B.bucket = L.bucket,
|
|
|
N.bucket = L.bucket,
|
|
N.bucket = L.bucket,
|
|
|
N.trust_level = L.trust_level+1,
|
|
N.trust_level = L.trust_level+1,
|
|
|
- N.invites_remaining = invitations,
|
|
|
|
|
N.blockages = L.blockages,
|
|
N.blockages = L.blockages,
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-pub fn request(
|
|
|
|
|
- L: Lox,
|
|
|
|
|
- B: BucketReachability,
|
|
|
|
|
- pubkeys: CMZPubkey<G>,
|
|
|
|
|
- today: u32,
|
|
|
|
|
-) -> Result<(level_up::Request, level_up::ClientState), CredentialError> {
|
|
|
|
|
|
|
+pub fn request(L: Lox, B: BucketReachability, pubkeys: CMZPubkey<G>, today: u32) -> Result<(level_up::Request, level_up::ClientState), CredentialError> {
|
|
|
let mut rng = rand::thread_rng();
|
|
let mut rng = rand::thread_rng();
|
|
|
- cmz_group_init(G::hash_from_bytes::<Sha512>(b"CMZ Generator A"));
|
|
|
|
|
|
|
+ cmz_group_init(G::hash_from_bytes::<Sha512>(
|
|
|
|
|
+ b"CMZ Generator A",
|
|
|
|
|
+ ));
|
|
|
|
|
|
|
|
// Ensure the credential can be correctly shown: it must be the case
|
|
// Ensure the credential can be correctly shown: it must be the case
|
|
|
// that level_since + LEVEL_INTERVAL[level] <= today.
|
|
// that level_since + LEVEL_INTERVAL[level] <= today.
|
|
@@ -186,15 +182,14 @@ pub fn request(
|
|
|
trust_level
|
|
trust_level
|
|
|
};
|
|
};
|
|
|
|
|
|
|
|
- let credential_expiry = today - LEVEL_INTERVAL[trust_level as usize] + 511;
|
|
|
|
|
- let eligibility_max_age = today - LEVEL_INTERVAL[trust_level as usize];
|
|
|
|
|
|
|
+ let eligibility_max_age = today - (LEVEL_INTERVAL[trust_level as usize]);
|
|
|
|
|
|
|
|
let mut N = Lox::using_pubkey(&pubkeys);
|
|
let mut N = Lox::using_pubkey(&pubkeys);
|
|
|
|
|
+ N.invites_remaining = Some(LEVEL_INVITATIONS[new_level as usize].into());
|
|
|
let params = level_up::Params {
|
|
let params = level_up::Params {
|
|
|
- credential_expiry: level_up::Scalar::from_u128(credential_expiry.into()),
|
|
|
|
|
- eligibility_max_age: level_up::Scalar::from_u128(eligibility_max_age.into()),
|
|
|
|
|
- invitations: level_up::Scalar::from_u128(LEVEL_INVITATIONS[new_level as usize].into()),
|
|
|
|
|
- max_blockage: level_up::Scalar::from_u128(MAX_BLOCKAGES[new_level as usize].into()),
|
|
|
|
|
|
|
+ credential_expiry: (eligibility_max_age-511).into(),
|
|
|
|
|
+ eligibility_max_age: eligibility_max_age.into(),
|
|
|
|
|
+ max_blockage: MAX_BLOCKAGES[new_level as usize].into(),
|
|
|
};
|
|
};
|
|
|
|
|
|
|
|
match level_up::prepare(&mut rng, &L, &B, N, ¶ms) {
|
|
match level_up::prepare(&mut rng, &L, &B, N, ¶ms) {
|
|
@@ -202,3 +197,45 @@ pub fn request(
|
|
|
Err(e) => Err(CredentialError::CMZError(e)),
|
|
Err(e) => Err(CredentialError::CMZError(e)),
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+impl BridgeAuth {
|
|
|
|
|
+
|
|
|
|
|
+ pub fn handle_level_up(&mut self, req: level_up::Request) -> Result<level_up::Reply,
|
|
|
|
|
+CredentialError> {
|
|
|
|
|
+ let mut rng = rand::thread_rng();
|
|
|
|
|
+ let reqbytes = req.as_bytes();
|
|
|
|
|
+ let recvreq = level_up::Request::try_from(&reqbytes[..]).unwrap();
|
|
|
|
|
+ let (response, (_L_issuer, _B_isser, _N_issuer)) =
|
|
|
|
|
+ level_up::handle(&mut rng, recvreq,
|
|
|
|
|
+ |L: &mut Lox, B: &mut BucketReachability, N: &mut Lox| {
|
|
|
|
|
+ // The trust level has to be at least 1
|
|
|
|
|
+ let trust_level: u32 = match scalar_u32(&L.trust_level.unwrap()) {
|
|
|
|
|
+ Some(v) => v,
|
|
|
|
|
+ None => {
|
|
|
|
|
+ return Err(CMZError::RevealAttrMissing(
|
|
|
|
|
+ "trust_level",
|
|
|
|
|
+ "could not be converted to u32",
|
|
|
|
|
+ ))
|
|
|
|
|
+ }
|
|
|
|
|
+ };
|
|
|
|
|
+ let eligibility_max_age: u32 = self.today() - LEVEL_INTERVAL[trust_level as usize];
|
|
|
|
|
+ Ok(level_up::Params {
|
|
|
|
|
+ credential_expiry: (eligibility_max_age-511).into(),
|
|
|
|
|
+ eligibility_max_age: eligibility_max_age.into(),
|
|
|
|
|
+ max_blockage: MAX_BLOCKAGES[(trust_level + 1) as usize].into(),
|
|
|
|
|
+ })
|
|
|
|
|
+ },
|
|
|
|
|
+ |L: &Lox, B: &BucketReachability, N: &Lox| {
|
|
|
|
|
+ Ok(())
|
|
|
|
|
+ }
|
|
|
|
|
+ ).unwrap();
|
|
|
|
|
+ Ok(response)
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+pub fn handle_response(state: level_up::ClientState, rep: level_up::Reply) -> Result<Lox, ProofError> {
|
|
|
|
|
+ match cmz_finalize(client_state, response_message) {
|
|
|
|
|
+ Ok(Vec<Credential>) => Ok(Vec<Credential>),
|
|
|
|
|
+ Err(e) => ProofError(e),
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
