ltulloch
/
lox-extensions


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387
							/*! A module for the protocol for the user to increase their trust level
(from a level at least 1; use the trust promotion protocol to go from
untrusted (level 0) to minimally trusted (level 1).

They are allowed to do this as long as some amount of time (depending on
their current level) has elapsed since their last level change, and they
have a Bucket Reachability credential for their current bucket and
today's date.  (Such credentials are placed daily in the encrypted
bridge table.)

The user presents their current Lox credential:
- id: revealed
- bucket: blinded
- trust_level: revealed, and must be at least 1
- level_since: blinded, but proved in ZK that it's at least the
  appropriate number of days ago
- invites_remaining: blinded
- blockages: blinded, but proved in ZK that it's at most the appropriate
  blockage limit for the target trust level

and a Bucket Reachability credential:
- date: revealed to be today
- bucket: blinded, but proved in ZK that it's the same as in the Lox
  credential above

and a new Lox credential to be issued:

- id: jointly chosen by the user and BA
- bucket: blinded, but proved in ZK that it's the same as in the Lox
  credential above
- trust_level: revealed to be one more than the trust level above
- level_since: today
- invites_remaining: revealed to be the number of invites for the new
  level (note that the invites_remaining from the previous credential
  are _not_ carried over)
- blockages: blinded, but proved in ZK that it's the same as in the
  Lox credential above

*/
#[cfg(feature = "bridgeauth")]
use super::super::dup_filter::SeenType;
#[cfg(feature = "bridgeauth")]
use super::super::BridgeAuth;
use super::super::{scalar_u32, Scalar, G};
use super::errors::CredentialError;
use crate::lox_creds::{BucketReachability, Lox};
use cmz::*;
use group::Group;
use rand::{CryptoRng, RngCore};
use sha2::Sha512;

const SESSION_ID: &[u8] = b"level_up";

/// The maximum trust level in the system.  A user can run this level
/// upgrade protocol when they're already at the max level; they will
/// get a fresh invites_remaining batch, and reset their level_since
/// field to today's date, but will remain in the max level.
pub const MAX_LEVEL: usize = 4;

/// LEVEL_INTERVAL\[i\] for i >= 1 is the minimum number of days a user
/// must be at trust level i before advancing to level i+1 (or as above,
/// remain at level i if i == MAX_LEVEL).  Note that the
/// LEVEL_INTERVAL\[0\] entry is a dummy; the trust_promotion protocol
/// is used instead of this one to move from level 0 to level 1.
pub const LEVEL_INTERVAL: [u32; MAX_LEVEL + 1] = [0, 14, 28, 56, 84];

/// LEVEL_INVITATIONS\[i\] for i >= 1 is the number of invitations a
/// user will be eligible to issue upon advancing from level i to level
/// i+1.  Again the LEVEL_INVITATIONS\[0\] entry is a dummy, as for
/// LEVEL_INTERVAL.
pub const LEVEL_INVITATIONS: [u32; MAX_LEVEL + 1] = [0, 2, 4, 6, 8];

/// MAX_BLOCKAGES\[i\] for i >= 1 is the maximum number of bucket
/// blockages this credential is allowed to have recorded in order to
/// advance from level i to level i+1.  Again the LEVEL_INVITATIONS\[0\]
/// entry is a dummy, as for LEVEL_INTERVAL.
// If you change this to have a number greater than 7, you need to add
// one or more bits to the ZKP.
pub const MAX_BLOCKAGES: [u32; MAX_LEVEL + 1] = [0, 4, 3, 2, 2];

muCMZProtocol! { level_up<credential_expiry, eligibility_max_age, max_blockage, today>,
    [ L: Lox { id: R, bucket: H, trust_level: R, level_since: H, invites_remaining: H, blockages: H },
    B: BucketReachability { date: R, bucket: H } ],
    N: Lox {id: J, bucket: H, trust_level: R, level_since: S, invites_remaining: I, blockages: H },
    (credential_expiry..=eligibility_max_age).contains(L.level_since),
    (0..=max_blockage).contains(L.blockages),
    B.date = today,
    B.bucket = L.bucket,
    N.bucket = L.bucket,
    N.trust_level = L.trust_level + 1,
    N.blockages = L.blockages,
}

pub fn request(
    rng: &mut (impl CryptoRng + RngCore),
    L: Lox,
    B: BucketReachability,
    pubkeys: CMZPubkey<G>,
    today: u32,
) -> Result<(level_up::Request, level_up::ClientState), CredentialError> {
    cmz_group_init(G::hash_from_bytes::<Sha512>(b"CMZ Generator A"));
    // Ensure the credential can be correctly shown: it must be the case
    // that level_since + LEVEL_INTERVAL[level] <= today.
    let level_since: u32 = match scalar_u32(&L.level_since.unwrap()) {
        Some(v) => v,
        None => {
            return Err(CredentialError::InvalidField(
                String::from("level_since"),
                String::from("could not be converted to u32"),
            ))
        }
    };
    // The trust level has to be at least 1
    let trust_level: u32 = match scalar_u32(&L.trust_level.unwrap()) {
        Some(v) => v,
        None => {
            return Err(CredentialError::InvalidField(
                String::from("trust_level"),
                String::from("could not be converted to u32"),
            ))
        }
    };
    if trust_level < 1 || (trust_level as usize) > MAX_LEVEL {
        return Err(CredentialError::InvalidField(
            String::from("trust_level"),
            format!("level {:?} not in range", trust_level),
        ));
    }
    // The trust level has to be no higher than the highest level
    let level_interval: u32 = match LEVEL_INTERVAL.get(trust_level as usize) {
        Some(&v) => v,
        None => {
            return Err(CredentialError::InvalidField(
                String::from("trust_level"),
                format!("level {:?} not in range", trust_level),
            ))
        }
    };
    if level_since + level_interval > today {
        return Err(CredentialError::TimeThresholdNotMet(
            level_since + level_interval - today,
        ));
    }
    // The credential can't be _too_ old
    let diffdays = today - (level_since + level_interval);
    if diffdays > 511 {
        return Err(CredentialError::CredentialExpired);
    }
    // The current number of blockages
    let blockages = match scalar_u32(&L.blockages.unwrap()) {
        Some(v) => v,
        None => {
            return Err(CredentialError::InvalidField(
                String::from("blockages"),
                String::from("could not be converted to u32"),
            ))
        }
    };
    if blockages > MAX_BLOCKAGES[trust_level as usize] {
        return Err(CredentialError::ExceededBlockagesThreshold);
    }
    // The buckets in the Lox and Bucket Reachability credentials have
    // to match
    if L.bucket.is_some_and(|b| b != B.bucket.unwrap()) {
        return Err(CredentialError::CredentialMismatch);
    }
    // The Bucket Reachability credential has to be dated today
    let reach_date: u32 = match scalar_u32(&B.date.unwrap()) {
        Some(v) => v,
        None => {
            return Err(CredentialError::InvalidField(
                String::from("date"),
                String::from("could not be converted to u32"),
            ))
        }
    };
    if reach_date != today {
        return Err(CredentialError::InvalidField(
            String::from("date"),
            String::from("reachability credential must be generated today"),
        ));
    }
    // The new trust level
    let new_level = if (trust_level as usize) < MAX_LEVEL {
        trust_level + 1
    } else {
        trust_level
    };
    let mut N = Lox::using_pubkey(&pubkeys);
    N.id = Some(Scalar::random(rng));
    N.bucket = L.bucket;
    N.trust_level = Some(new_level.into());
    N.level_since = Some(today.into());
    N.invites_remaining = Some(LEVEL_INVITATIONS[trust_level as usize].into());
    N.blockages = L.blockages;
    let eligibility_max_age = today - (LEVEL_INTERVAL[trust_level as usize]);

    let params = level_up::Params {
        credential_expiry: (eligibility_max_age - 511).into(),
        eligibility_max_age: eligibility_max_age.into(),
        max_blockage: MAX_BLOCKAGES[new_level as usize].into(),
        today: today.into(),
    };
    match level_up::prepare(rng, SESSION_ID, &L, &B, N, &params) {
        Ok(req_state) => Ok(req_state),
        Err(e) => Err(CredentialError::CMZError(e)),
    }
}

#[cfg(feature = "bridgeauth")]
impl BridgeAuth {
    pub fn handle_level_up(
        &mut self,
        req: level_up::Request,
    ) -> Result<level_up::Reply, CredentialError> {
        let mut rng = rand::thread_rng();
        let reqbytes = req.as_bytes();
        let recvreq = level_up::Request::try_from(&reqbytes[..]).unwrap();
        let today = self.today();
        match level_up::handle(
            &mut rng,
            SESSION_ID,
            recvreq,
            |L: &mut Lox, B: &mut BucketReachability, N: &mut Lox| {
                let trust_level: u32 = match scalar_u32(&L.trust_level.unwrap()) {
                    Some(v) if v as usize >= 1 && v as usize <= MAX_LEVEL => v,
                    _ => {
                        // This error should be improved i.e., InvalidAttr and the type
                        // with a description
                        return Err(CMZError::RevealAttrMissing(
                            "trust_level",
                            "Could not be converted to u32 or value not in range",
                        ));
                    }
                };
                let eligibility_max_age: u32 = today - LEVEL_INTERVAL[trust_level as usize];
                L.set_privkey(&self.lox_priv);
                B.set_privkey(&self.reachability_priv);
                N.set_privkey(&self.lox_priv);
                N.trust_level = Some((trust_level + 1).into());
                N.level_since = Some(today.into());
                N.invites_remaining = Some(LEVEL_INVITATIONS[trust_level as usize].into());
                Ok(level_up::Params {
                    credential_expiry: (eligibility_max_age - 511).into(),
                    eligibility_max_age: eligibility_max_age.into(),
                    max_blockage: MAX_BLOCKAGES[(trust_level + 1) as usize].into(),
                    today: today.into(),
                })
            },
            |L: &Lox, _B: &BucketReachability, _N: &Lox| {
                if self.id_filter.filter(&L.id.unwrap()) == SeenType::Seen {
                    return Err(CMZError::RevealAttrMissing("id", ""));
                }
                Ok(())
            },
        ) {
            Ok((response, (_L_issuer, _B_isser, _N_issuer))) => Ok(response),
            Err(e) => Err(CredentialError::CMZError(e)),
        }
    }
}

pub fn handle_response(
    state: level_up::ClientState,
    rep: level_up::Reply,
) -> Result<Lox, CMZError> {
    let replybytes = rep.as_bytes();
    let recvreply = level_up::Reply::try_from(&replybytes[..]).unwrap();
    match state.finalize(recvreply) {
        Ok(cred) => Ok(cred),
        Err(_e) => Err(CMZError::Unknown),
    }
}

#[cfg(all(test, feature = "bridgeauth"))]
mod tests {
    use super::*;
    use crate::bridge_table;
    use crate::mock_auth::TestHarness;
    use crate::proto::{
        level_up::{self, LEVEL_INTERVAL},
        migration, open_invite,
        trust_promotion::{self, UNTRUSTED_INTERVAL},
    };

    #[test]
    fn test_level_up() {
        let mut th = TestHarness::new();
        let rng = &mut rand::thread_rng();
        let open_invitation_request = open_invite::request(rng, th.ba.lox_pub.clone());
        assert!(
            open_invitation_request.is_ok(),
            "Open invitation request should succeed"
        );
        let (request, client_state) = open_invitation_request.unwrap();
        let invite = th.bdb.invite();
        let open_invitation_response = th.ba.open_invitation(request, &invite.unwrap());
        assert!(
            open_invitation_response.is_ok(),
            "Open invitation response from server should succeed"
        );
        let (response, _) = open_invitation_response.unwrap();
        let creds = open_invite::handle_response(client_state, response);
        println!("{}", th.ba.today());
        assert!(creds.is_ok(), "Handle response should succeed");
        th.advance_days((UNTRUSTED_INTERVAL + 1).try_into().unwrap());
        println!("{}", th.ba.today());
        let lox_cred = creds.unwrap();
        let trust_promo_request = trust_promotion::request(
            rng,
            lox_cred.clone(),
            th.ba.migrationkey_pub.clone(),
            th.ba.today(),
        );
        assert!(
            trust_promo_request.is_ok(),
            "Trust Promotion request should succeed"
        );
        let (tp_request, tp_client_state) = trust_promo_request.unwrap();
        let trust_promo_response = th.ba.handle_trust_promotion(tp_request);
        assert!(
            trust_promo_response.is_ok(),
            "Trust promotion response from server should succeed"
        );
        let (response, enc) = trust_promo_response.unwrap();
        let mig_cred = trust_promotion::handle_response(
            th.ba.migration_pub.clone(),
            tp_client_state,
            response,
            enc,
        );
        assert!(mig_cred.is_ok(), "Handle response should succeed");
        let migration_request = migration::request(
            rng,
            lox_cred.clone(),
            mig_cred.unwrap(),
            th.ba.lox_pub.clone(),
        );
        assert!(
            migration_request.is_ok(),
            "Migration request should succeed"
        );
        let (mig_request, mig_client_state) = migration_request.unwrap();
        let migration_response = th.ba.handle_migration(mig_request);
        assert!(
            migration_response.is_ok(),
            "Migration response from server should succeed"
        );
        let response = migration_response.unwrap();
        let mut cred = migration::handle_response(mig_client_state, response);
        assert!(cred.is_ok(), "Handle response should succeed");
        let lox_cred = cred.unwrap();
        let trust_level: u32 = scalar_u32(&lox_cred.clone().trust_level.unwrap()).unwrap();
        th.advance_days(LEVEL_INTERVAL[trust_level as usize] + 1);
        let (id, key) = bridge_table::from_scalar(lox_cred.bucket.unwrap()).unwrap();
        let encbuckets = th.ba.enc_bridge_table().clone();
        let reach_pub = th.ba.reachability_pub.clone();
        let bucket = bridge_table::BridgeTable::decrypt_bucket(
            id,
            &key,
            encbuckets.get(&id).unwrap(),
            &reach_pub,
        )
        .unwrap();

        let reachcred = bucket.1.unwrap();

        let level_up_request = level_up::request(
            rng,
            lox_cred.clone(),
            reachcred,
            th.ba.lox_pub.clone(),
            th.ba.today(),
        );
        assert!(level_up_request.is_ok(), "Level up request should succeed");
        let (level_up_request, level_up_client_state) = level_up_request.unwrap();
        let level_up_response = th.ba.handle_level_up(level_up_request);
        assert!(
            level_up_response.is_ok(),
            "Level up response from server should succeed"
        );
        let response = level_up_response.unwrap();
        cred = level_up::handle_response(level_up_client_state, response);
        assert!(cred.is_ok(), "Handle response should succeed");
        th.verify_lox(&cred.unwrap());
    }
}