Home Explore Help
Sign In
ltulloch
/
lox-extensions
1
1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add update_invite extension

onyinyang 8 months ago
parent
d96b43e924
commit
97c98f180b
2 changed files with 137 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      src/lib.rs
  2. 136 0
      src/proto/update_invite.rs

+ 1 - 0
src/lib.rs
View File 

@@ -42,6 +42,7 @@ pub mod proto {
 
     pub mod open_invite;
 
     pub mod redeem_invite;
 
     pub mod update_cred;
 
+    pub mod update_invite;
 
 }
 
 
 #[cfg(feature = "bridgeauth")]

+ 136 - 0
src/proto/update_invite.rs
View File 

@@ -0,0 +1,136 @@
 
+/*! A module for the protocol for a user to request the issuing of an updated
 
+ * invitation credential after a key rotation has occurred
 
+
 
+
 
+The user presents their current Invitation credential:
 
+- id: revealed
 
+- date: blinded
 
+- bucket: blinded
 
+- blockages: blinded
 
+
 
+and a new Invitation credential to be issued:
 
+- id: jointly chosen by the user and BA
 
+- date: blinded, but proved in ZK that it's the same as in the invitation
 
+  date above
 
+- bucket: blinded, but proved in ZK that it's the same as in the Invitation
 
+  credential above
 
+- blockages: blinded, but proved in ZK that it's the same as in the
 
+  Invitation credential above
 
+
 
+*/
 
+
 
+#[cfg(feature = "bridgeauth")]
 
+use super::super::dup_filter::SeenType;
 
+#[cfg(feature = "bridgeauth")]
 
+use super::super::BridgeAuth;
 
+use super::errors::CredentialError;
 
+use crate::lox_creds::Invitation;
 
+use cmz::*;
 
+use curve25519_dalek::ristretto::RistrettoPoint as G;
 
+use group::Group;
 
+use rand_core::RngCore;
 
+use sha2::Sha512;
 
+
 
+muCMZProtocol! { update_invite,
 
+    I: Invitation { inv_id: R, date: H, bucket: H, blockages: H },
 
+    N: Invitation { inv_id: J, date: H, bucket: H, blockages: H },
 
+    I.date = N.date,
 
+    I.bucket = N.bucket,
 
+    I.blockages = N.blockages,
 
+}
 
+
 
+pub fn request(
 
+    I: Invitation,
 
+    new_pubkeys: CMZPubkey<G>,
 
+) -> Result<(update_invite::Request, update_invite::ClientState), CredentialError> {
 
+    let mut rng = rand::thread_rng();
 
+    cmz_group_init(G::hash_from_bytes::<Sha512>(b"CMZ Generator A"));
 
+
 
+    let N = Invitation::using_pubkey(&new_pubkeys);
 
+    match update_invite::prepare(&mut rng, &I, N) {
 
+        Ok(req_state) => Ok(req_state),
 
+        Err(e) => Err(CredentialError::CMZError(e)),
 
+    }
 
+}
 
+
 
+#[cfg(feature = "bridgeauth")]
 
+impl BridgeAuth {
 
+    pub fn handle_update_invite(
 
+        &mut self,
 
+        req: update_invite::Request,
 
+    ) -> Result<update_invite::Reply, CredentialError> {
 
+        let mut rng = rand::thread_rng();
 
+        // Both of these must be true and should be true after rotate_lox_keys is called
 
+        if self.old_keys.invitation_keys.is_empty() || self.old_filters.invitation_filter.is_empty()
 
+        {
 
+            return Err(CredentialError::CredentialMismatch);
 
+        }
 
+
 
+        let reqbytes = req.as_bytes();
 
+        let recvreq = update_invite::Request::try_from(&reqbytes[..]).unwrap();
 
+        match update_invite::handle(
 
+            &mut rng,
 
+            recvreq,
 
+            |I: &mut Invitation, N: &mut Invitation| {
 
+                // calling this function will automatically use the most recent old private key for
 
+                // verification and the new private key for issuing.
 
+                // Recompute the "error factors" using knowledge of our own
 
+                // (the issuer's) outdated private key instead of knowledge of the
 
+                // hidden attributes
 
+                let old_keys = match self
 
+                    .old_keys
 
+                    .invitation_keys
 
+                    .iter()
 
+                    .find(|x| x.pub_key == *I.get_pubkey())
 
+                {
 
+                    Some(old_keys) => old_keys,
 
+                    None => return Err(CMZError::RevealAttrMissing("Key", "Mismatch")),
 
+                };
 
+                let old_priv_key = old_keys.priv_key.clone();
 
+                I.set_privkey(&old_priv_key);
 
+                N.set_privkey(&self.invitation_priv);
 
+                I.date = N.date;
 
+                I.bucket = N.bucket;
 
+                I.blockages = N.blockages;
 
+                Ok(())
 
+            },
 
+            |I: &Invitation, _N: &Invitation| {
 
+                let index = match self
 
+                    .old_keys
 
+                    .invitation_keys
 
+                    .iter()
 
+                    .position(|x| x.pub_key == *I.get_pubkey())
 
+                {
 
+                    Some(index) => index,
 
+                    None => return Err(CMZError::RevealAttrMissing("Key", "Mismatch")),
 
+                };
 
+                if self
 
+                    .old_filters
 
+                    .invitation_filter
 
+                    .get_mut(index)
 
+                    .unwrap()
 
+                    .filter(&I.inv_id.unwrap())
 
+                    == SeenType::Seen
 
+                {
 
+                    return Err(CMZError::RevealAttrMissing("id", "Credential Expired"));
 
+                }
 
+                Ok(())
 
+            },
 
+        ) {
 
+            Ok((response, (_I_issuer, _N_issuer))) => Ok(response),
 
+            Err(e) => Err(CredentialError::CMZError(e)),
 
+        }
 
+    }
 
+}
 
+
 
+pub fn handle_response(
 
+    state: update_invite::ClientState,
 
+    rep: update_invite::Reply,
 
+) -> Result<Invitation, CMZError> {
 
+    let replybytes = rep.as_bytes();
 
+    let recvreply = update_invite::Reply::try_from(&replybytes[..]).unwrap();
 
+    match state.finalize(recvreply) {
 
+        Ok(cred) => Ok(cred),
 
+        Err(_e) => Err(CMZError::Unknown),
 
+    }
 
+}