vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adds bridge authority and placeholder buckets

This commit is contained in:
onyinyang 2023-01-25 15:34:43 -05:00
parent bb5bdac588
commit 5f2bf5adb7
No known key found for this signature in database
GPG Key ID: 156A6435430C2036
2 changed files with 68 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crates/lox-distributor/Cargo.toml
View File

@ -6,9 +6,11 @@ edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies] [dependencies]
base64 = "0.13"
hyper = "0.13" hyper = "0.13"
hex_fmt = "0.3"
tokio = { version = "0.2", features = ["macros", "signal"] } tokio = { version = "0.2", features = ["macros", "signal"] }
rand = "0.7"
serde = "1" serde = "1"
serde_with = "1.9.1" serde_with = "1.9.1"
serde_json = "1.0.87" serde_json = "1.0.87"

79
crates/lox-distributor/src/main.rs
View File

@ -1,20 +1,21 @@
use std::{ use std::{
convert::Infallible,
net::SocketAddr, net::SocketAddr,
sync::{Arc, Mutex}, sync::{Arc, Mutex},
convert::Infallible,
}; };
use hyper::{ use hyper::{
service::{make_service_fn, service_fn},
header::HeaderValue, header::HeaderValue,
Body, Request, Server, Response, service::{make_service_fn, service_fn},
Body, Request, Response, Server,
}; };
use rand::RngCore;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_with::serde_as;
use serde_json; use serde_json;
use serde_with::serde_as;
use lox::{BridgeDb, OPENINV_LENGTH}; use lox::bridge_table::BridgeLine;
use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH};
#[serde_as] #[serde_as]
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
@ -23,15 +24,66 @@ pub struct Invite {
invite: [u8; OPENINV_LENGTH], invite: [u8; OPENINV_LENGTH],
} }
/// Create a random BridgeLine for testing ONLY. Do not use in production!
/// This was copied directly from lox/src/bridge_table.rs in order
/// to easily initialize a bridgedb/bridgeauth with structurally
/// correct buckets to be used for Lox requests/verifications/responses.
/// In production, existing bridges should be translated into this format
/// in a private function and sorted into buckets (3 bridges/bucket is suggested
/// but experience may suggest something else) in some intelligent way.
pub fn random() -> BridgeLine {
let mut rng = rand::thread_rng();
let mut res: BridgeLine = BridgeLine::default();
// Pick a random 4-byte address
let mut addr: [u8; 4] = [0; 4];
rng.fill_bytes(&mut addr);
// If the leading byte is 224 or more, that's not a valid IPv4
// address. Choose an IPv6 address instead (but don't worry too
// much about it being well formed).
if addr[0] >= 224 {
rng.fill_bytes(&mut res.addr);
} else {
// Store an IPv4 address as a v4-mapped IPv6 address
res.addr[10] = 255;
res.addr[11] = 255;
res.addr[12..16].copy_from_slice(&addr);
};
let ports: [u16; 4] = [443, 4433, 8080, 43079];
let portidx = (rng.next_u32() % 4) as usize;
res.port = ports[portidx];
let mut fingerprint: [u8; 20] = [0; 20];
let mut cert: [u8; 52] = [0; 52];
rng.fill_bytes(&mut fingerprint);
rng.fill_bytes(&mut cert);
let infostr: String = format!(
"obfs4 {} cert={} iat-mode=0",
hex_fmt::HexFmt(fingerprint),
base64::encode_config(cert, base64::STANDARD_NO_PAD)
);
res.info[..infostr.len()].copy_from_slice(infostr.as_bytes());
res
}
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
let num_buckets = 5;
// Create and initialize a new db // Create and initialize a new db and bridgeauth
let mut bridgedb = BridgeDb::new(); let mut bridgedb = BridgeDb::new();
for i in &[1u32, 5, 7, 12, 19, 20, 22] { let mut bridgeauth = BridgeAuth::new(bridgedb.pubkey);
bridgedb.insert_openinv(*i); // Make 3 x num_buckets open invitation bridges, in sets of 3
for _ in 0..num_buckets {
let bucket = [
random(),
random(),
random(),
];
bridgeauth.add_openinv_bridges(bucket, &mut bridgedb);
} }
// Create the encrypted bridge table
bridgeauth.enc_bridge_table();
let db = Arc::new(Mutex::new(bridgedb)); let db = Arc::new(Mutex::new(bridgedb));
let new_service = make_service_fn(move |_conn| { let new_service = make_service_fn(move |_conn| {
@ -39,9 +91,7 @@ async fn main() {
async move { async move {
Ok::<_, Infallible>(service_fn(move |_req: Request<Body>| { Ok::<_, Infallible>(service_fn(move |_req: Request<Body>| {
let db = db.clone(); let db = db.clone();
async move { async move { Ok::<_, Infallible>(generate_invite(db)) }
Ok::<_, Infallible>(generate_invite(db))
}
})) }))
} }
}); });
@ -69,6 +119,7 @@ fn generate_invite(db: Arc<Mutex<lox::BridgeDb>>) -> Response<Body> {
}; };
let token = serde_json::to_string(&invite).unwrap(); let token = serde_json::to_string(&invite).unwrap();
let mut resp = Response::new(Body::from(token)); let mut resp = Response::new(Body::from(token));
resp.headers_mut().insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); resp.headers_mut()
.insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
resp resp
} }