|
|
@@ -57,58 +57,63 @@ impl TestHarness {
|
|
|
!bool::from(cred.MAC.P.is_identity()),
|
|
|
"Lox cred MAC P should not be identity"
|
|
|
);
|
|
|
-
|
|
|
- let Q = (self.ba.lox_priv.x[0]
|
|
|
- + cred.id.unwrap() * self.ba.lox_priv.x[1]
|
|
|
- + cred.bucket.unwrap() * self.ba.lox_priv.x[2]
|
|
|
- + cred.trust_level.unwrap() * self.ba.lox_priv.x[3]
|
|
|
- + cred.level_since.unwrap() * self.ba.lox_priv.x[4]
|
|
|
- + cred.invites_remaining.unwrap() * self.ba.lox_priv.x[5]
|
|
|
- + cred.blockages.unwrap() * self.ba.lox_priv.x[6])
|
|
|
+ let Q = (self.ba.lox_priv.x0
|
|
|
+ + self.ba.lox_priv.xr
|
|
|
+ + cred.id.unwrap() * self.ba.lox_priv.x[0]
|
|
|
+ + cred.bucket.unwrap() * self.ba.lox_priv.x[1]
|
|
|
+ + cred.trust_level.unwrap() * self.ba.lox_priv.x[2]
|
|
|
+ + cred.level_since.unwrap() * self.ba.lox_priv.x[3]
|
|
|
+ + cred.invites_remaining.unwrap() * self.ba.lox_priv.x[4]
|
|
|
+ + cred.blockages.unwrap() * self.ba.lox_priv.x[5])
|
|
|
* cred.MAC.P;
|
|
|
-
|
|
|
assert_eq!(Q, cred.MAC.Q, "Lox MAC Q should match computation");
|
|
|
}
|
|
|
|
|
|
/// Verify the MAC on a Migration credential
|
|
|
- /* pub fn verify_migration(&self, cred: &lox_creds::Migration) {
|
|
|
- if cred.P.is_identity() {
|
|
|
- }
|
|
|
+ pub fn verify_migration(&self, cred: &lox_creds::Migration) {
|
|
|
+ assert!(
|
|
|
+ !bool::from(cred.MAC.P.is_identity()),
|
|
|
+ "Migration cred MAC P should not be identity"
|
|
|
+ );
|
|
|
|
|
|
- let Q = (self.migration_priv.x[0]
|
|
|
- + cred.lox_id * self.migration_priv.x[1]
|
|
|
- + cred.from_bucket * self.migration_priv.x[2]
|
|
|
- + cred.to_bucket * self.migration_priv.x[3])
|
|
|
- * cred.P;
|
|
|
+ let Q = (self.ba.migration_priv.x0
|
|
|
+ + self.ba.migration_priv.xr
|
|
|
+ + cred.lox_id.unwrap() * self.ba.migration_priv.x[0]
|
|
|
+ + cred.from_bucket.unwrap() * self.ba.migration_priv.x[1]
|
|
|
+ + cred.to_bucket.unwrap() * self.ba.migration_priv.x[2])
|
|
|
+ * cred.MAC.P;
|
|
|
|
|
|
- Q == cred.Q
|
|
|
- }
|
|
|
+ assert_eq!(Q, cred.MAC.Q, "Migration MAC Q should match computation");
|
|
|
+ }
|
|
|
|
|
|
- /// Verify the MAC on a Bucket Reachability credential
|
|
|
- pub fn verify_reachability(&self, cred: &lox_creds::BucketReachability) {
|
|
|
- if cred.MAC.P.is_identity() {
|
|
|
- return false;
|
|
|
- }
|
|
|
+ /// Verify the MAC on a Bucket Reachability credential
|
|
|
+ pub fn verify_reachability(&self, cred: &lox_creds::BucketReachability) {
|
|
|
+ assert!(
|
|
|
+ !bool::from(cred.MAC.P.is_identity()),
|
|
|
+ "Reachability cred MAC P should not be identity"
|
|
|
+ );
|
|
|
|
|
|
- let Q = (self.reachability_priv.x[0]
|
|
|
- + cred.date * self.reachability_priv.x[1]
|
|
|
- + cred.bucket * self.reachability_priv.x[2])
|
|
|
- * cred.P;
|
|
|
+ let Q = (self.ba.reachability_priv.x0
|
|
|
+ + self.ba.reachability_priv.xr
|
|
|
+ + cred.date.unwrap() * self.ba.reachability_priv.x[0]
|
|
|
+ + cred.bucket.unwrap() * self.ba.reachability_priv.x[1])
|
|
|
+ * cred.MAC.P;
|
|
|
+
|
|
|
+ assert_eq!(Q, cred.MAC.Q, "Reachability MAC Q should match computation");
|
|
|
+ }
|
|
|
|
|
|
- Q == cred.Q
|
|
|
- }
|
|
|
- */
|
|
|
/// Verify the MAC on a Invitation credential
|
|
|
pub fn verify_invitation(&mut self, cred: &lox_creds::Invitation) {
|
|
|
assert!(
|
|
|
!bool::from(cred.MAC.P.is_identity()),
|
|
|
"Invitation MAC P should not be identity"
|
|
|
);
|
|
|
- let Q = (self.ba.invitation_priv.x[0]
|
|
|
- + cred.inv_id.unwrap() * self.ba.invitation_priv.x[1]
|
|
|
- + cred.date.unwrap() * self.ba.invitation_priv.x[2]
|
|
|
- + cred.bucket.unwrap() * self.ba.invitation_priv.x[3]
|
|
|
- + cred.blockages.unwrap() * self.ba.invitation_priv.x[4])
|
|
|
+ let Q = (self.ba.invitation_priv.x0
|
|
|
+ + self.ba.invitation_priv.xr
|
|
|
+ + cred.inv_id.unwrap() * self.ba.invitation_priv.x[0]
|
|
|
+ + cred.date.unwrap() * self.ba.invitation_priv.x[1]
|
|
|
+ + cred.bucket.unwrap() * self.ba.invitation_priv.x[2]
|
|
|
+ + cred.blockages.unwrap() * self.ba.invitation_priv.x[3])
|
|
|
* cred.MAC.P;
|
|
|
assert_eq!(Q, cred.MAC.Q, "Invitation MAC Q should match");
|
|
|
}
|
