vecna
/
lox-simulation
mirror of https://git-crysp.uwaterloo.ca/vvecna/lox-simulation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
lox-simulation/src/user.rs

683 lines
26 KiB
Rust
Raw Normal View History

Move simulation code from Troll Patrol to its own repo
2024-06-18 07:23:05 -04:00
// User behavior in simulation
use crate::{
bridge::Bridge,
censor::{Censor, Secrecy::*, Totality::*},
config::Config,
};
use anyhow::{anyhow, Result};
use lox_cli::{networking::*, *};
use lox_library::{
bridge_table::BridgeLine, cred::Lox, proto::check_blockage::MIN_TRUST_LEVEL, scalar_u32,
};
use rand::Rng;
use std::{cmp::min, collections::HashMap};
use troll_patrol::{
get_date, negative_report::NegativeReport, positive_report::PositiveReport, BridgeDistributor,
};
use x25519_dalek::PublicKey;
// Helper function to probabilistically return true or false
pub fn event_happens(probability: f64) -> bool {
let mut rng = rand::thread_rng();
let num: f64 = rng.gen_range(0.0..1.0);
num < probability
}
pub struct User {
// Does this user cooperate with a censor?
pub is_censor: bool,
// The user always has a primary credential. If this credential's bucket is
// blocked, the user may replace it or temporarily hold two credentials
// while waiting to migrate from the primary credential.
pub primary_cred: Lox,
secondary_cred: Option<Lox>,
// Does the user submit reports to Troll Patrol?
submits_reports: bool,
// How likely is this user to use bridges on a given day?
prob_use_bridges: f64,
}
impl User {
pub async fn new(config: &Config, is_censor: bool) -> Result<Self> {
let cred = get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await?
.0;
// Probabilistically decide whether this user submits reports
let submits_reports = if is_censor {
false
} else {
event_happens(config.prob_user_submits_reports)
};
// Randomly determine how likely this user is to use bridges on
// a given day
let mut rng = rand::thread_rng();
let prob_use_bridges = rng.gen_range(0.0..=1.0);
Ok(Self {
is_censor,
primary_cred: cred,
secondary_cred: None,
submits_reports: submits_reports,
prob_use_bridges: prob_use_bridges,
})
}
pub async fn trusted_user(config: &Config) -> Result<Self> {
let cred = get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await?
.0;
Ok(Self {
is_censor: false,
primary_cred: cred,
secondary_cred: None,
submits_reports: true,
prob_use_bridges: 1.0,
})
}
// TODO: This should probably return an actual error type
pub async fn invite(
&mut self,
config: &Config,
censor: &mut Censor,
invited_user_is_censor: bool,
) -> Result<Self> {
let etable = get_reachability_credential(&config.la_net).await?;
let (new_cred, invite) = issue_invite(
&config.la_net,
&self.primary_cred,
&etable,
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
get_invitation_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = new_cred;
if self.is_censor {
// Make sure censor has access to each bridge and each
// credential
let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
for bl in bucket {
let fingerprint = bl.get_hashed_fingerprint();
censor.learn_bridge(&fingerprint);
censor.give_lox_cred(&fingerprint, &self.primary_cred);
}
}
let friend_cred = redeem_invite(
&config.la_net,
&invite,
get_lox_pub(&config.la_pubkeys),
get_invitation_pub(&config.la_pubkeys),
)
.await?
.0;
// Calling function decides if the invited user is a censor
let is_censor = invited_user_is_censor;
// Probabilistically decide whether this user submits reports
let submits_reports = if is_censor {
false
} else {
event_happens(config.prob_user_submits_reports)
};
// Randomly determine how likely this user is to use bridges on
// a given day
let mut rng = rand::thread_rng();
let prob_use_bridges = rng.gen_range(0.0..=1.0);
Ok(Self {
is_censor,
primary_cred: friend_cred,
secondary_cred: None,
submits_reports: submits_reports,
prob_use_bridges: prob_use_bridges,
})
}
// Attempt to "connect" to the bridge, returns true if successful.
// Note that this does not involve making a real connection to a
// real bridge. The function is async because the *censor* might
// submit a positive report during this function.
pub fn connect(&self, config: &Config, bridge: &mut Bridge, censor: &Censor) -> bool {
if censor.blocks_bridge(config, &bridge.fingerprint) {
if config.censor_totality == Full
|| config.censor_totality == Partial
&& event_happens(censor.partial_blocking_percent)
{
// If censor tries to hide its censorship, record a
// false connection
if config.censor_secrecy == Hiding {
bridge.connect_total();
}
// Return false because the connection failed
return false;
} else if config.censor_totality == Throttling {
// With some probability, the user connects but gives up
// because there is too much interference. In this case,
// a real connection occurs, but we treat it like a
// false connection from the censor.
if event_happens(config.prob_user_treats_throttling_as_blocking) {
bridge.connect_total();
// Return false because there was interference
// detected in the connection
return false;
}
}
}
// Connection may randomly fail, without censor intervention
let mut connection_fails = true;
// The user retries some number of times
for _ in 0..=config.num_connection_retries {
if !event_happens(config.prob_connection_fails) {
connection_fails = false;
break;
}
}
if connection_fails {
return false;
}
// If we haven't returned yet, the connection succeeded
bridge.connect_real();
true
}
pub async fn get_new_credential(config: &Config) -> Result<(Lox, BridgeLine)> {
get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await
}
pub async fn send_negative_reports(
config: &Config,
reports: Vec<NegativeReport>,
) -> Result<()> {
let date = get_date();
let pubkey = match serde_json::from_slice::<Option<PublicKey>>(
&config
.tp_net
.request("/nrkey".to_string(), serde_json::to_string(&date)?.into())
.await?,
)? {
Some(v) => v,
None => return Err(anyhow!("No available negative report encryption key")),
};
for report in reports {
config
.tp_net
.request(
"/negativereport".to_string(),
bincode::serialize(&report.encrypt(&pubkey))?,
)
.await?;
}
Ok(())
}
pub async fn send_positive_reports(
config: &Config,
reports: Vec<PositiveReport>,
) -> Result<()> {
for report in reports {
config
.tp_net
.request("/positivereport".to_string(), report.to_json().into_bytes())
.await?;
}
Ok(())
}
pub async fn daily_tasks(
&mut self,
config: &Config,
num_users_requesting_invites: u32,
num_censor_invites: u32,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
if self.is_censor {
self.daily_tasks_censor(config, bridges, censor).await
} else {
self.daily_tasks_non_censor(
config,
num_users_requesting_invites,
num_censor_invites,
bridges,
censor,
)
.await
}
}
// User performs daily connection attempts, etc. and returns a
// vector of newly invited friends.
// TODO: The map of bridges and the censor should be Arc<Mutex<>>
// or something so we can parallelize this.
pub async fn daily_tasks_non_censor(
&mut self,
config: &Config,
num_users_requesting_invites: u32,
num_censor_invites: u32,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
// Probabilistically decide if the user should use bridges today
if event_happens(self.prob_use_bridges) {
// Download bucket to see if bridge is still reachable. (We
// assume that this step can be done even if the user can't
// actually talk to the LA.)
let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
let level = match scalar_u32(&self.primary_cred.trust_level) {
Some(v) => v,
None => return Err(anyhow!("Failed to get trust level from credential")),
};
// Make sure each bridge in bucket is in the global bridges set
for bridgeline in bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
let bridge = Bridge::from_bridge_line(&bridgeline);
bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
}
}
}
// Can we level up the main credential?
let can_level_up = reachcred.is_some()
&& (level == 0
&& eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
|| level > 0
&& eligible_for_level_up(&config.la_net, &self.primary_cred).await);
// Can we migrate the main credential?
let can_migrate = reachcred.is_none() && level >= MIN_TRUST_LEVEL;
// Can we level up the secondary credential?
let mut second_level_up = false;
let mut failed = Vec::<BridgeLine>::new();
let mut succeeded = Vec::<BridgeLine>::new();
// Try to connect to each bridge
for i in 0..bucket.len() {
// At level 0, we only have 1 bridge
if bucket[i] != BridgeLine::default() {
if self.connect(
&config,
bridges
.get_mut(&bucket[i].get_hashed_fingerprint())
.unwrap(),
&censor,
) {
succeeded.push(bucket[i]);
} else {
failed.push(bucket[i]);
}
}
}
// If we were not able to connect to any bridges, get a
// second credential
let second_cred = if succeeded.len() < 1 {
if self.secondary_cred.is_some() {
std::mem::replace(&mut self.secondary_cred, None)
} else {
// Get new credential
match Self::get_new_credential(&config).await {
Ok((cred, _bl)) => Some(cred),
Err(e) => {
eprintln!("Failed to get new Lox credential. Error: {}", e);
None
}
}
}
} else {
// If we're able to connect with the primary credential, don't
// keep a secondary one.
None
};
if second_cred.is_some() {
let second_cred = second_cred.as_ref().unwrap();
let (second_bucket, second_reachcred) =
get_bucket(&config.la_net, &second_cred).await?;
for bridgeline in second_bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
bridges.insert(
bridgeline.get_hashed_fingerprint(),
Bridge::from_bridge_line(&bridgeline),
);
}
// Attempt to connect to second cred's bridge
if self.connect(
&config,
bridges
.get_mut(&bridgeline.get_hashed_fingerprint())
.unwrap(),
censor,
) {
succeeded.push(bridgeline);
if second_reachcred.is_some()
&& eligible_for_trust_promotion(&config.la_net, &second_cred).await
{
second_level_up = true;
}
} else {
failed.push(bridgeline);
}
}
}
}
let mut negative_reports = Vec::<NegativeReport>::new();
let mut positive_reports = Vec::<PositiveReport>::new();
if self.submits_reports {
for bridgeline in &failed {
negative_reports.push(NegativeReport::from_bridgeline(
*bridgeline,
config.country.to_string(),
BridgeDistributor::Lox,
));
}
if level >= 3 {
for bridgeline in &succeeded {
// If we haven't received a positive report yet,
// add a record about it with today's date
let bridge = bridges
.get_mut(&bridgeline.get_hashed_fingerprint())
.unwrap();
if bridge.first_positive_report == 0 {
bridge.first_positive_report = get_date();
}
positive_reports.push(
PositiveReport::from_lox_credential(
bridgeline.get_hashed_fingerprint(),
None,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
config.country.to_string(),
)
.unwrap(),
);
}
}
}
// We might restrict these steps to succeeded.len() > 0, but
// we do assume the user can contact the LA somehow, so
// let's just allow it.
if can_level_up {
let cred = if level == 0 {
trust_migration(
&config.la_net,
&self.primary_cred,
&trust_promotion(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?
} else {
level_up(
&config.la_net,
&self.primary_cred,
&reachcred.unwrap(),
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
)
.await?
};
self.primary_cred = cred;
self.secondary_cred = None;
}
// We favor starting over at level 1 to migrating to level
// 1, but if we have a level 4 credential for a bridge that
// hasn't been marked blocked, save the credential so we can
// migrate to a level 2 cred. Note that second_level_up is
// only true if we were unable to connect with bridges from
// our primary credential.
else if second_level_up && (level <= MIN_TRUST_LEVEL || reachcred.is_none()) {
let second_cred = second_cred.as_ref().unwrap();
let cred = trust_migration(
&config.la_net,
&second_cred,
&trust_promotion(
&config.la_net,
&second_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = cred;
self.secondary_cred = None;
} else if can_migrate {
let cred = blockage_migration(
&config.la_net,
&self.primary_cred,
&check_blockage(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = cred;
self.secondary_cred = None;
} else if second_cred.is_some() {
// Couldn't connect with primary credential
if succeeded.len() > 0 {
// Keep the second credential only if it's useful
self.secondary_cred = second_cred;
}
}
if negative_reports.len() > 0 {
Self::send_negative_reports(&config, negative_reports).await?;
}
if positive_reports.len() > 0 {
Self::send_positive_reports(&config, positive_reports).await?;
}
// Invite friends if applicable
let invitations = match scalar_u32(&self.primary_cred.invites_remaining) {
Some(v) => v,
None => 0, // This is probably an error case that should not happen
};
let mut new_friends = Vec::<User>::new();
for _i in 0..min(invitations, num_users_requesting_invites) {
if event_happens(config.prob_user_invites_friend) {
// Invite non-censor friend
match self.invite(&config, censor, false).await {
Ok(friend) => {
// You really shouldn't push your friends,
// especially new ones whose boundaries you
// might not know well.
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
}
// Invite censor users if applicable
let invitations = invitations - new_friends.len() as u32;
for _i in 0..min(invitations, num_censor_invites) {
if event_happens(config.prob_user_invites_friend) {
// Invite non-censor friend
match self.invite(&config, censor, true).await {
Ok(friend) => {
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
}
Ok(new_friends)
} else {
Ok(Vec::<User>::new())
}
}
// User cooperates with censor and performs daily tasks to try to
// learn more bridges.
pub async fn daily_tasks_censor(
&mut self,
config: &Config,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
// Download bucket to see if bridge is still reachable and if we
// have any new bridges
let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
let level = scalar_u32(&self.primary_cred.trust_level).unwrap();
// Make sure each bridge is in global bridges set and known by
// censor
for bridgeline in bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
let bridge = Bridge::from_bridge_line(&bridgeline);
bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
}
censor.learn_bridge(&bridgeline.get_hashed_fingerprint());
}
}
// Censor user tries to level up their primary credential
if reachcred.is_some() {
if level == 0 && eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
|| level > 0 && eligible_for_level_up(&config.la_net, &self.primary_cred).await
{
let new_cred = if level == 0 {
trust_migration(
&config.la_net,
&self.primary_cred,
&trust_promotion(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?
} else {
level_up(
&config.la_net,
&self.primary_cred,
&reachcred.unwrap(),
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
)
.await?
};
self.primary_cred = new_cred;
let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
// Make sure each bridge is in global bridges set and
// known by censor
for bl in bucket {
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
censor.give_lox_cred(&fingerprint, &self.primary_cred);
}
}
} else {
// LA has identified this bucket as blocked. This change
// will not be reverted, so replace the primary credential
// with a new level 0 credential and work on gaining trust
// for that one.
let res = Self::get_new_credential(&config).await;
if res.is_ok() {
let (new_cred, bl) = res.unwrap();
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
// Censor doesn't want new_cred yet
self.primary_cred = new_cred;
} else {
eprintln!("Censor failed to get new credential");
}
}
// Separately from primary credential, censor user requests a
// new secondary credential each day just to block the
// open-entry bridges. This is stored but not reused.
let res = Self::get_new_credential(&config).await;
if res.is_ok() {
let (_new_cred, bl) = res.unwrap();
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
// Censor doesn't want new_cred. User doesn't actually use
// secondary_cred, so don't store it.
} else {
eprintln!("Censor failed to get new credential");
}
// Censor user invites as many censor friends as possible
let invitations = scalar_u32(&self.primary_cred.invites_remaining).unwrap();
let mut new_friends = Vec::<User>::new();
for _ in 0..invitations {
match self.invite(&config, censor, true).await {
Ok(friend) => {
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
Ok(new_friends)
}
}