|
|
@@ -94,68 +94,33 @@ impl TestHarness {
|
|
|
/// Verify the two MACs on a Lox credential
|
|
|
pub fn verify_lox(&self, cred: &lox_creds::Lox) {
|
|
|
assert!(
|
|
|
- !bool::from(cred.MAC.P.is_identity()),
|
|
|
- "Lox cred MAC P should not be identity"
|
|
|
+ cred.verify_MAC(&self.ba.lox_priv).is_ok(),
|
|
|
+ "Lox cred's MAC should verify"
|
|
|
);
|
|
|
- let Q = (self.ba.lox_priv.x0
|
|
|
- + self.ba.lox_priv.xr
|
|
|
- + cred.id.unwrap() * self.ba.lox_priv.x[0]
|
|
|
- + cred.bucket.unwrap() * self.ba.lox_priv.x[1]
|
|
|
- + cred.trust_level.unwrap() * self.ba.lox_priv.x[2]
|
|
|
- + cred.level_since.unwrap() * self.ba.lox_priv.x[3]
|
|
|
- + cred.invites_remaining.unwrap() * self.ba.lox_priv.x[4]
|
|
|
- + cred.blockages.unwrap() * self.ba.lox_priv.x[5])
|
|
|
- * cred.MAC.P;
|
|
|
- assert_eq!(Q, cred.MAC.Q, "Lox MAC Q should match computation");
|
|
|
}
|
|
|
|
|
|
/// Verify the MAC on a Migration credential
|
|
|
pub fn verify_migration(&self, cred: &lox_creds::Migration) {
|
|
|
assert!(
|
|
|
- !bool::from(cred.MAC.P.is_identity()),
|
|
|
- "Migration cred MAC P should not be identity"
|
|
|
+ cred.verify_MAC(&self.ba.migration_priv).is_ok(),
|
|
|
+ "Migration cred's MAC should verify"
|
|
|
);
|
|
|
-
|
|
|
- let Q = (self.ba.migration_priv.x0
|
|
|
- + self.ba.migration_priv.xr
|
|
|
- + cred.lox_id.unwrap() * self.ba.migration_priv.x[0]
|
|
|
- + cred.from_bucket.unwrap() * self.ba.migration_priv.x[1]
|
|
|
- + cred.to_bucket.unwrap() * self.ba.migration_priv.x[2])
|
|
|
- * cred.MAC.P;
|
|
|
-
|
|
|
- assert_eq!(Q, cred.MAC.Q, "Migration MAC Q should match computation");
|
|
|
}
|
|
|
|
|
|
/// Verify the MAC on a Bucket Reachability credential
|
|
|
pub fn verify_reachability(&self, cred: &lox_creds::BucketReachability) {
|
|
|
assert!(
|
|
|
- !bool::from(cred.MAC.P.is_identity()),
|
|
|
- "Reachability cred MAC P should not be identity"
|
|
|
+ cred.verify_MAC(&self.ba.reachability_priv).is_ok(),
|
|
|
+ "Reachability cred's MAC should verify"
|
|
|
);
|
|
|
-
|
|
|
- let Q = (self.ba.reachability_priv.x0
|
|
|
- + self.ba.reachability_priv.xr
|
|
|
- + cred.date.unwrap() * self.ba.reachability_priv.x[0]
|
|
|
- + cred.bucket.unwrap() * self.ba.reachability_priv.x[1])
|
|
|
- * cred.MAC.P;
|
|
|
-
|
|
|
- assert_eq!(Q, cred.MAC.Q, "Reachability MAC Q should match computation");
|
|
|
}
|
|
|
|
|
|
/// Verify the MAC on a Invitation credential
|
|
|
pub fn verify_invitation(&mut self, cred: &lox_creds::Invitation) {
|
|
|
assert!(
|
|
|
- !bool::from(cred.MAC.P.is_identity()),
|
|
|
- "Invitation MAC P should not be identity"
|
|
|
+ cred.verify_MAC(&self.ba.invitation_priv).is_ok(),
|
|
|
+ "Invitation cred's MAC should verify"
|
|
|
);
|
|
|
- let Q = (self.ba.invitation_priv.x0
|
|
|
- + self.ba.invitation_priv.xr
|
|
|
- + cred.inv_id.unwrap() * self.ba.invitation_priv.x[0]
|
|
|
- + cred.date.unwrap() * self.ba.invitation_priv.x[1]
|
|
|
- + cred.bucket.unwrap() * self.ba.invitation_priv.x[2]
|
|
|
- + cred.blockages.unwrap() * self.ba.invitation_priv.x[3])
|
|
|
- * cred.MAC.P;
|
|
|
- assert_eq!(Q, cred.MAC.Q, "Invitation MAC Q should match");
|
|
|
}
|
|
|
|
|
|
pub fn open_invite(
|
|
|
@@ -312,6 +277,7 @@ impl TestHarness {
|
|
|
// Oh, no! Two of our bridges are blocked!
|
|
|
self.ba.bridge_blocked(&bucket.0[0], &mut self.bdb);
|
|
|
self.ba.bridge_blocked(&bucket.0[2], &mut self.bdb);
|
|
|
+ self.advance_days(1);
|
|
|
}
|
|
|
|
|
|
pub fn check_blockage(&mut self, rng: &mut (impl CryptoRng + RngCore), cred: Lox) -> Migration {
|
