|
|
@@ -1,106 +1,87 @@
|
|
|
-/*! The various credentials used by the system.
|
|
|
+// The various credentials used by the system.
|
|
|
|
|
|
-In each case, (P,Q) forms the MAC on the credential. This MAC is
|
|
|
-verifiable only by the issuing party, or if the issuing party issues a
|
|
|
-zero-knowledge proof of its correctness (as it does at issuing time).*/
|
|
|
+use cmz::{CMZMac, CMZ};
|
|
|
+use curve25519_dalek::ristretto::RistrettoPoint as G;
|
|
|
+use group::Group;
|
|
|
|
|
|
-use curve25519_dalek::ristretto::RistrettoPoint;
|
|
|
-use curve25519_dalek::scalar::Scalar;
|
|
|
-use serde::{Deserialize, Serialize};
|
|
|
-
|
|
|
-/// A migration credential.
|
|
|
-///
|
|
|
-/// This credential authorizes the holder of the Lox credential with the
|
|
|
-/// given id to switch from bucket from_bucket to bucket to_bucket. The
|
|
|
-/// migration_type attribute is 0 for trust upgrade migrations (moving
|
|
|
-/// from a 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1
|
|
|
-/// for blockage migrations (moving buckets because the from_bucket has
|
|
|
-/// been blocked).
|
|
|
-#[derive(Debug, CMZ, Serialize, Deserialize)]
|
|
|
+// A migration credential.
|
|
|
+//
|
|
|
+// This credential authorizes the holder of the Lox credential with the
|
|
|
+// given id to switch from bucket from_bucket to bucket to_bucket. The
|
|
|
+// migration_type attribute is 0 for trust upgrade migrations (moving
|
|
|
+// from a 1-bridge untrusted bucket to a 3-bridge trusted bucket) and 1
|
|
|
+// for blockage migrations (moving buckets because the from_bucket has
|
|
|
+// been blocked).
|
|
|
// Annotated to "M"
|
|
|
-pub struct Migration {
|
|
|
- pub P: RistrettoPoint,
|
|
|
- pub Q: RistrettoPoint,
|
|
|
- pub lox_id: Scalar,
|
|
|
- pub from_bucket: Scalar,
|
|
|
- pub to_bucket: Scalar,
|
|
|
- pub migration_type: Scalar,
|
|
|
+CMZ! { Migration<G>:
|
|
|
+ lox_id,
|
|
|
+ from_bucket,
|
|
|
+ to_bucket,
|
|
|
+ migration_type
|
|
|
}
|
|
|
|
|
|
-/// The main user credential in the Lox system.
|
|
|
-///
|
|
|
-/// Its id is jointly generated by the user and the BA (bridge
|
|
|
-/// authority), but known only to the user. The level_since date is the
|
|
|
-/// Julian date of when this user was changed to the current trust
|
|
|
-/// level.
|
|
|
-#[derive(Debug, CMZ, Serialize, Deserialize)]
|
|
|
+// The main user credential in the Lox system.
|
|
|
+//
|
|
|
+// Its id is jointly generated by the user and the BA (bridge
|
|
|
+// authority), but known only to the user. The level_since date is the
|
|
|
+// Julian date of when this user was changed to the current trust
|
|
|
+// level.
|
|
|
// Annotated to "L"
|
|
|
-pub struct Lox {
|
|
|
- pub P: RistrettoPoint,
|
|
|
- pub Q: RistrettoPoint,
|
|
|
- pub id: Scalar,
|
|
|
- pub bucket: Scalar,
|
|
|
- pub trust_level: Scalar,
|
|
|
- pub level_since: Scalar,
|
|
|
- pub invites_remaining: Scalar,
|
|
|
- pub blockages: Scalar,
|
|
|
+CMZ! { Lox:
|
|
|
+ id,
|
|
|
+ bucket,
|
|
|
+ trust_level,
|
|
|
+ level_since,
|
|
|
+ invites_remaining,
|
|
|
+ blockages
|
|
|
}
|
|
|
|
|
|
-/// The migration key credential.
|
|
|
-///
|
|
|
-/// This credential is never actually instantiated. It is an implicit
|
|
|
-/// credential on attributes lox_id and from_bucket. This credential
|
|
|
-/// type does have an associated private and public key, however. The
|
|
|
-/// idea is that if a user proves (in zero knowledge) that their Lox
|
|
|
-/// credential entitles them to migrate from one bucket to another, the
|
|
|
-/// BA will issue a (blinded, so the BA will not know the values of the
|
|
|
-/// attributes or of Q) MAC on this implicit credential. The Q value
|
|
|
-/// will then be used (actually, a hash of lox_id, from_bucket, and Q)
|
|
|
-/// to encrypt the to_bucket, P, and Q fields of a Migration credential.
|
|
|
-/// That way, people entitled to migrate buckets can receive a Migration
|
|
|
-/// credential with their new bucket, without the BA learning either
|
|
|
-/// their old or new buckets.
|
|
|
-#[derive(Debug, CMZ, Serialize, Deserialize)]
|
|
|
+// The migration key credential.
|
|
|
+//
|
|
|
+// This credential is never actually instantiated. It is an implicit
|
|
|
+// credential on attributes lox_id and from_bucket. This credential
|
|
|
+// type does have an associated private and public key, however. The
|
|
|
+// idea is that if a user proves (in zero knowledge) that their Lox
|
|
|
+// credential entitles them to migrate from one bucket to another, the
|
|
|
+// BA will issue a (blinded, so the BA will not know the values of the
|
|
|
+// attributes or of Q) MAC on this implicit credential. The Q value
|
|
|
+// will then be used (actually, a hash of lox_id, from_bucket, and Q)
|
|
|
+// to encrypt the to_bucket, P, and Q fields of a Migration credential.
|
|
|
+// That way, people entitled to migrate buckets can receive a Migration
|
|
|
+// credential with their new bucket, without the BA learning either
|
|
|
+// their old or new buckets.
|
|
|
// Annotated to "K"
|
|
|
-pub struct MigrationKey {
|
|
|
- pub P: RistrettoPoint,
|
|
|
- pub Q: RistrettoPoint,
|
|
|
- pub lox_id: Scalar,
|
|
|
- pub from_bucket: Scalar,
|
|
|
+CMZ! { MigrationKey:
|
|
|
+ lox_id,
|
|
|
+ from_bucket
|
|
|
}
|
|
|
|
|
|
-/// The Bucket Reachability credential.
|
|
|
-///
|
|
|
-/// Each day, a credential of this type is put in each bucket that has
|
|
|
-/// at least a (configurable) threshold number of bridges that have not
|
|
|
-/// been blocked as of the given date. Users can present this
|
|
|
-/// credential (in zero knowledge) with today's date to prove that the
|
|
|
-/// bridges in their bucket have not been blocked, in order to gain a
|
|
|
-/// trust level.
|
|
|
+// The Bucket Reachability credential.
|
|
|
+//
|
|
|
+// Each day, a credential of this type is put in each bucket that has
|
|
|
+// at least a (configurable) threshold number of bridges that have not
|
|
|
+// been blocked as of the given date. Users can present this
|
|
|
+// credential (in zero knowledge) with today's date to prove that the
|
|
|
+// bridges in their bucket have not been blocked, in order to gain a
|
|
|
+// trust level.
|
|
|
// Annotated to "B"
|
|
|
-#[derive(Debug, CMZ, Serialize, Deserialize)]
|
|
|
-pub struct BucketReachability {
|
|
|
- pub P: RistrettoPoint,
|
|
|
- pub Q: RistrettoPoint,
|
|
|
- pub date: Scalar,
|
|
|
- pub bucket: Scalar,
|
|
|
+CMZ! { BucketReachability:
|
|
|
+ date,
|
|
|
+ bucket
|
|
|
}
|
|
|
|
|
|
-/// The Invitation credential.
|
|
|
-///
|
|
|
-/// These credentials allow a Lox user (the inviter) of sufficient trust
|
|
|
-/// (level 2 or higher) to invite someone else (the invitee) to join the
|
|
|
-/// system. The invitee ends up at trust level 1, in the _same bucket_
|
|
|
-/// as the inviter, and inherits the inviter's blockages count (so that
|
|
|
-/// you can't clear your blockages count simply by inviting yourself).
|
|
|
-/// Invitations expire after some amount of time.
|
|
|
-#[derive(Debug, CMZ, Serialize, Deserialize)]
|
|
|
+// The Invitation credential.
|
|
|
+//
|
|
|
+// These credentials allow a Lox user (the inviter) of sufficient trust
|
|
|
+// (level 2 or higher) to invite someone else (the invitee) to join the
|
|
|
+// system. The invitee ends up at trust level 1, in the _same bucket_
|
|
|
+// as the inviter, and inherits the inviter's blockages count (so that
|
|
|
+// you can't clear your blockages count simply by inviting yourself).
|
|
|
+// Invitations expire after some amount of time.
|
|
|
// Annotated to "I"
|
|
|
-pub struct Invitation {
|
|
|
- pub P: RistrettoPoint,
|
|
|
- pub Q: RistrettoPoint,
|
|
|
- pub inv_id: Scalar,
|
|
|
- pub date: Scalar,
|
|
|
- pub bucket: Scalar,
|
|
|
- pub blockages: Scalar,
|
|
|
+CMZ! { Invitation:
|
|
|
+ inv_id,
|
|
|
+ date,
|
|
|
+ bucket,
|
|
|
+ blockages
|
|
|
}
|
