Add serde for encrypted migration table

src/migration_table.rs

@@ -15,6 +15,7 @@ use curve25519_dalek::ristretto::CompressedRistretto;
 use ff::PrimeField;
 use group::{WnafBase, WnafScalar};
 use rand::RngCore;
+use serde_with::serde_as;
 use sha2::Digest;
 use sha2::Sha256;
 
@@ -35,6 +36,16 @@ pub const MIGRATION_BYTES: usize = 96;
 /// The size of an encrypted entry in the returned migration table
 pub const ENC_MIGRATION_BYTES: usize = MIGRATION_BYTES + 12 + 16;
 
+/// A table of encrypted Migration credentials; the encryption keys
+/// are formed from the possible values of Qk (the decrypted form of
+/// EncQk)
+#[serde_as]
+#[derive(Deserialize, Serialize)]
+pub struct EncMigrationTable {
+    #[serde_as(as = "Vec<(_,[_; ENC_MIGRATION_BYTES])>")]
+    pub mig_table: HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
+}
+
 /// The type of migration table: TrustUpgrade is for migrations from
 /// untrusted (level 0) 1-bridge buckets to trusted (level 1) 3-bridge
 /// buckets.  Blockage is for migrations that drop you down two levels

src/proto/check_blockage.rs

@@ -37,16 +37,15 @@ use super::errors::CredentialError;
 use super::level_up::MAX_LEVEL;
 use crate::lox_creds::{Lox, Migration, MigrationKey};
 use crate::migration_table;
-use crate::migration_table::ENC_MIGRATION_BYTES;
 #[cfg(feature = "bridgeauth")]
-use crate::migration_table::WNAF_SIZE;
+use crate::migration_table::{EncMigrationTable, WNAF_SIZE};
 use cmz::*;
 use group::Group;
 #[cfg(feature = "bridgeauth")]
 use group::WnafBase;
 use rand::{CryptoRng, RngCore};
+use serde_with::serde_as;
 use sha2::Sha512;
-use std::collections::HashMap;
 
 /// The minimum trust level a Lox credential must have to be allowed to
 /// perform this protocol.
@@ -108,13 +107,7 @@ impl BridgeAuth {
     pub fn handle_check_blockage(
         &mut self,
         req: check_blockage::Request,
-    ) -> Result<
-        (
-            check_blockage::Reply,
-            HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
-        ),
-        CredentialError,
-    > {
+    ) -> Result<(check_blockage::Reply, EncMigrationTable), CredentialError> {
         let mut rng = rand::thread_rng();
         let reqbytes = req.as_bytes();
         let recvreq = check_blockage::Request::try_from(&reqbytes[..]).unwrap();
@@ -156,13 +149,15 @@ impl BridgeAuth {
         ) {
             Ok((response, (L_issuer, M_issuer))) => {
                 let Pktable: WnafBase<G, WNAF_SIZE> = WnafBase::new(M_issuer.MAC.P);
-                let enc_migration_table = self.blockage_migration_table.encrypt_table(
-                    L_issuer.id.unwrap(),
-                    &self.bridge_table,
-                    &Pktable,
-                    &self.migration_priv,
-                    &self.migrationkey_priv,
-                );
+                let enc_migration_table = EncMigrationTable {
+                    mig_table: self.blockage_migration_table.encrypt_table(
+                        L_issuer.id.unwrap(),
+                        &self.bridge_table,
+                        &Pktable,
+                        &self.migration_priv,
+                        &self.migrationkey_priv,
+                    ),
+                };
                 Ok((response, enc_migration_table))
             }
             Err(e) => Err(CredentialError::CMZError(e)),
@@ -174,7 +169,7 @@ pub fn handle_response(
     migration_pubkey: CMZPubkey<G>,
     state: check_blockage::ClientState,
     rep: check_blockage::Reply,
-    enc_migration_table: HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
+    enc_migration_table: EncMigrationTable,
 ) -> Result<Migration, CMZError> {
     let replybytes = rep.as_bytes();
     let recvreply = check_blockage::Reply::try_from(&replybytes[..]).unwrap();
@@ -187,7 +182,7 @@ pub fn handle_response(
         migkey,
         migration_table::MigrationType::Blockage,
         migration_pubkey,
-        &enc_migration_table,
+        &enc_migration_table.mig_table,
     ) {
         Some(cred) => Ok(cred),
         None => Err(CMZError::Unknown),

src/proto/trust_promotion.rs

@@ -35,16 +35,14 @@ use super::super::{scalar_u32, G};
 use super::errors::CredentialError;
 use crate::lox_creds::{Lox, Migration, MigrationKey};
 use crate::migration_table;
-use crate::migration_table::ENC_MIGRATION_BYTES;
 #[cfg(feature = "bridgeauth")]
-use crate::migration_table::WNAF_SIZE;
+use crate::migration_table::{EncMigrationTable, WNAF_SIZE};
 use cmz::*;
 use group::Group;
 #[cfg(feature = "bridgeauth")]
 use group::WnafBase;
 use rand::{CryptoRng, RngCore};
 use sha2::Sha512;
-use std::collections::HashMap;
 
 const SESSION_ID: &[u8] = b"trust_promo";
 
@@ -123,13 +121,7 @@ impl BridgeAuth {
     pub fn handle_trust_promotion(
         &mut self,
         req: trust_promotion::Request,
-    ) -> Result<
-        (
-            trust_promotion::Reply,
-            HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
-        ),
-        CredentialError,
-    > {
+    ) -> Result<(trust_promotion::Reply, EncMigrationTable), CredentialError> {
         let mut rng = rand::thread_rng();
         let reqbytes = req.as_bytes();
         let recvreq = trust_promotion::Request::try_from(&reqbytes[..]).unwrap();
@@ -158,13 +150,15 @@ impl BridgeAuth {
         ) {
             Ok((response, (L_issuer, M_issuer))) => {
                 let Pktable: WnafBase<G, WNAF_SIZE> = WnafBase::new(M_issuer.MAC.P);
-                let enc_migration_table = self.trustup_migration_table.encrypt_table(
-                    L_issuer.id.unwrap(),
-                    &self.bridge_table,
-                    &Pktable,
-                    &self.migration_priv,
-                    &self.migrationkey_priv,
-                );
+                let enc_migration_table = EncMigrationTable {
+                    mig_table: self.trustup_migration_table.encrypt_table(
+                        L_issuer.id.unwrap(),
+                        &self.bridge_table,
+                        &Pktable,
+                        &self.migration_priv,
+                        &self.migrationkey_priv,
+                    ),
+                };
                 Ok((response, enc_migration_table))
             }
             Err(e) => Err(CredentialError::CMZError(e)),
@@ -176,7 +170,7 @@ pub fn handle_response(
     migration_pubkey: CMZPubkey<G>,
     state: trust_promotion::ClientState,
     rep: trust_promotion::Reply,
-    enc_migration_table: HashMap<[u8; 16], [u8; ENC_MIGRATION_BYTES]>,
+    enc_migration_table: EncMigrationTable,
 ) -> Result<Migration, CMZError> {
     let replybytes = rep.as_bytes();
     let recvreply = trust_promotion::Reply::try_from(&replybytes[..]).unwrap();
@@ -188,7 +182,7 @@ pub fn handle_response(
         migkey,
         migration_table::MigrationType::TrustUpgrade,
         migration_pubkey,
-        &enc_migration_table,
+        &enc_migration_table.mig_table,
     ) {
         Some(cred) => Ok(cred),
         None => Err(CMZError::Unknown),