|
|
@@ -8,31 +8,28 @@ that the credentials contain the bucket attributes, which include both
|
|
|
the id and the bucket decryption key, but the table just contains the
|
|
|
bucket ids.) */
|
|
|
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
-use cmz::CMZPrivkey;
|
|
|
-use cmz::{CMZCredential, CMZPubkey};
|
|
|
+use cmz::*;
|
|
|
use curve25519_dalek::ristretto::CompressedRistretto;
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
-use curve25519_dalek::ristretto::RistrettoBasepointTable;
|
|
|
-use curve25519_dalek::ristretto::RistrettoPoint as G;
|
|
|
-use curve25519_dalek::scalar::Scalar;
|
|
|
-
|
|
|
-use sha2::Digest;
|
|
|
-use sha2::Sha256;
|
|
|
-
|
|
|
+//#[cfg(feature = "bridgeauth")]
|
|
|
use aes_gcm::aead::{generic_array::GenericArray, Aead};
|
|
|
use aes_gcm::{Aes128Gcm, KeyInit};
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
+use ff::PrimeField;
|
|
|
+use group::{WnafBase, WnafScalar};
|
|
|
+use sha2::Digest;
|
|
|
+use sha2::Sha256;
|
|
|
+//#[cfg(feature = "bridgeauth")]
|
|
|
use rand::RngCore;
|
|
|
|
|
|
use std::collections::HashMap;
|
|
|
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
-use serde::{Deserialize, Serialize};
|
|
|
-
|
|
|
+//#[cfg(feature = "bridgeauth")]
|
|
|
#[cfg(feature = "bridgeauth")]
|
|
|
use super::bridge_table;
|
|
|
use super::lox_creds::{Migration, MigrationKey};
|
|
|
+use super::{Scalar, G};
|
|
|
+use serde::{Deserialize, Serialize};
|
|
|
+
|
|
|
+pub const WNAF_SIZE: usize = 6;
|
|
|
|
|
|
/// Each (plaintext) entry in the returned migration table is serialized
|
|
|
/// into this many bytes
|
|
|
@@ -51,7 +48,7 @@ pub enum MigrationType {
|
|
|
Blockage,
|
|
|
}
|
|
|
|
|
|
-impl From<MigrationType> for Scalar {
|
|
|
+impl From<MigrationType> for u128 {
|
|
|
/// Convert a MigrationType into the Scalar value that represents
|
|
|
/// it in the Migration credential
|
|
|
fn from(m: MigrationType) -> Self {
|
|
|
@@ -65,7 +62,7 @@ impl From<MigrationType> for Scalar {
|
|
|
|
|
|
/// The migration table
|
|
|
#[derive(Default, Debug, Serialize, Deserialize)]
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
+//#[cfg(feature = "bridgeauth")]
|
|
|
pub struct MigrationTable {
|
|
|
pub table: HashMap<u32, u32>,
|
|
|
pub migration_type: Scalar,
|
|
|
@@ -83,13 +80,13 @@ pub struct MigrationTable {
|
|
|
/// from_attr_i, Qk_i) and the encrypted Migration credential. H1 and
|
|
|
/// H2 are the first 16 bytes and the second 16 bytes respectively of
|
|
|
/// the SHA256 hash of the input.
|
|
|
-#[cfg(feature = "bridgeauth")]
|
|
|
+//#[cfg(feature = "bridgeauth")]
|
|
|
pub fn encrypt_cred(
|
|
|
id: Scalar,
|
|
|
from_bucket: Scalar,
|
|
|
to_bucket: Scalar,
|
|
|
migration_type: Scalar,
|
|
|
- Pktable: &RistrettoBasepointTable,
|
|
|
+ Pktable: &WnafBase<G, WNAF_SIZE>,
|
|
|
migration_priv: &CMZPrivkey<G>,
|
|
|
migrationkey_priv: &CMZPrivkey<G>,
|
|
|
) -> ([u8; 16], [u8; ENC_MIGRATION_BYTES]) {
|
|
|
@@ -100,10 +97,8 @@ pub fn encrypt_cred(
|
|
|
let mut K = MigrationKey::using_privkey(migrationkey_priv);
|
|
|
K.lox_id = Some(id);
|
|
|
K.from_bucket = Some(from_bucket);
|
|
|
- K.MAC.Q = &(migrationkey_priv.x[0]
|
|
|
- + migrationkey_priv.x[1] * id
|
|
|
- + migrationkey_priv.x[2] * from_bucket)
|
|
|
- * Pktable;
|
|
|
+ let coeff: Scalar = K.compute_MAC_coeff(&migrationkey_priv).unwrap();
|
|
|
+ K.MAC.Q = Pktable * &WnafScalar::new(&coeff);
|
|
|
|
|
|
// Compute a MAC (P, Q) on the Migration credential
|
|
|
let mut M = Migration::using_privkey(migration_priv);
|
|
|
@@ -111,7 +106,7 @@ pub fn encrypt_cred(
|
|
|
M.from_bucket = Some(from_bucket);
|
|
|
M.to_bucket = Some(to_bucket);
|
|
|
M.migration_type = Some(migration_type);
|
|
|
- // let b = Scalar::random(&mut rng);
|
|
|
+ let _ = M.create_MAC(&mut rng, migration_priv);
|
|
|
|
|
|
// Serialize (to_bucket, P, Q)
|
|
|
let mut credbytes: [u8; MIGRATION_BYTES] = [0; MIGRATION_BYTES];
|
|
|
@@ -162,7 +157,7 @@ pub fn encrypt_cred_ids(
|
|
|
to_id: u32,
|
|
|
migration_type: Scalar,
|
|
|
bridgetable: &bridge_table::BridgeTable,
|
|
|
- Pktable: &RistrettoBasepointTable,
|
|
|
+ Pktable: &WnafBase<G, WNAF_SIZE>,
|
|
|
migration_priv: &CMZPrivkey<G>,
|
|
|
migrationkey_priv: &CMZPrivkey<G>,
|
|
|
) -> Option<([u8; 16], [u8; ENC_MIGRATION_BYTES])> {
|
|
|
@@ -186,7 +181,7 @@ impl MigrationTable {
|
|
|
pub fn new(table_type: MigrationType) -> Self {
|
|
|
Self {
|
|
|
table: Default::default(),
|
|
|
- migration_type: table_type.into(),
|
|
|
+ migration_type: Scalar::from_u128(table_type.into()),
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -197,7 +192,7 @@ impl MigrationTable {
|
|
|
&self,
|
|
|
id: Scalar,
|
|
|
bridgetable: &bridge_table::BridgeTable,
|
|
|
- Pktable: &RistrettoBasepointTable,
|
|
|
+ Pktable: &WnafBase<G, WNAF_SIZE>,
|
|
|
migration_priv: &CMZPrivkey<G>,
|
|
|
migrationkey_priv: &CMZPrivkey<G>,
|
|
|
) -> HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]> {
|
|
|
@@ -272,6 +267,6 @@ pub fn decrypt_cred(
|
|
|
M.lox_id = mk_cred.lox_id;
|
|
|
M.from_bucket = mk_cred.from_bucket;
|
|
|
M.to_bucket = Some(to_bucket);
|
|
|
- M.migration_type = Some(migration_type.into());
|
|
|
+ M.migration_type = Some(Scalar::from_u128(migration_type.into()));
|
|
|
Some(M)
|
|
|
}
|
