vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add request handling for encrypted bridge table and level up

This commit is contained in:
onyinyang 2023-02-23 01:00:53 -05:00
parent 47748c0491
commit bd8eb7dcbd
No known key found for this signature in database
GPG Key ID: 156A6435430C2036
2 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crates/lox-distributor/Cargo.toml
View File

@ -11,7 +11,7 @@ hyper = "0.13"
hex_fmt = "0.3" hex_fmt = "0.3"
tokio = { version = "0.2", features = ["macros", "signal"] } tokio = { version = "0.2", features = ["macros", "signal"] }
rand = "0.7" rand = "0.7"
serde = "1" serde = { version = "1.0", features = ["derive"] }
serde_with = "1.9.1" serde_with = "1.9.1"
serde_json = "1.0.87" serde_json = "1.0.87"
time = "0.2" time = "0.2"

59
crates/lox-distributor/src/main.rs
View File

@ -12,11 +12,12 @@ use hyper::{
service::{make_service_fn, service_fn}, service::{make_service_fn, service_fn},
Body, Method, Request, Response, Server, StatusCode, Body, Method, Request, Response, Server, StatusCode,
}; };
use lox::bridge_table::BridgeLine; use lox::bridge_table::{BridgeLine, ENC_BUCKET_BYTES};
use lox::proto; use lox::proto;
use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH}; use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH};
use rand::RngCore; use rand::RngCore;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json; use serde_json;
use serde_with::serde_as; use serde_with::serde_as;
@ -27,6 +28,13 @@ pub struct Invite {
invite: [u8; OPENINV_LENGTH], invite: [u8; OPENINV_LENGTH],
} }
#[serde_as]
#[derive(Serialize, Deserialize)]
pub struct EncBridgeTable {
#[serde_as(as = "Vec<[_; ENC_BUCKET_BYTES]>")]
etable: Vec<[u8; ENC_BUCKET_BYTES]>,
}
/// Create a random BridgeLine for testing ONLY. Do not use in production! /// Create a random BridgeLine for testing ONLY. Do not use in production!
/// This was copied directly from lox/src/bridge_table.rs in order /// This was copied directly from lox/src/bridge_table.rs in order
/// to easily initialize a bridgedb/lox_auth with structurally /// to easily initialize a bridgedb/lox_auth with structurally
@ -90,7 +98,9 @@ async fn handle(
.unwrap()), .unwrap()),
_ => match (req.method(), req.uri().path()) { _ => match (req.method(), req.uri().path()) {
(&Method::GET, "/invite") => Ok::<_, Infallible>(generate_invite(context.db)), (&Method::GET, "/invite") => Ok::<_, Infallible>(generate_invite(context.db)),
(&Method::GET, "/reachability") => Ok::<_, Infallible>(send_reachability_cred(context.ba)), (&Method::GET, "/reachability") => {
Ok::<_, Infallible>(send_reachability_cred(context.ba))
}
(&Method::GET, "/pubkeys") => Ok::<_, Infallible>(send_keys(context.ba)), (&Method::GET, "/pubkeys") => Ok::<_, Infallible>(send_keys(context.ba)),
(&Method::POST, "/openreq") => Ok::<_, Infallible>({ (&Method::POST, "/openreq") => Ok::<_, Infallible>({
let bytes = body::to_bytes(req.into_body()).await.unwrap(); let bytes = body::to_bytes(req.into_body()).await.unwrap();
@ -104,6 +114,10 @@ async fn handle(
let bytes = body::to_bytes(req.into_body()).await.unwrap(); let bytes = body::to_bytes(req.into_body()).await.unwrap();
verify_and_send_trust_migration(bytes, context.ba) verify_and_send_trust_migration(bytes, context.ba)
}), }),
(&Method::POST, "/levelup") => Ok::<_, Infallible>({
let bytes = body::to_bytes(req.into_body()).await.unwrap();
verify_and_send_level_up(bytes, context.ba)
}),
_ => { _ => {
// Return 404 not found response. // Return 404 not found response.
Ok(Response::builder() Ok(Response::builder()
@ -128,11 +142,16 @@ fn generate_invite(db: Arc<Mutex<lox::BridgeDb>>) -> Response<Body> {
resp resp
} }
// Return the serialized encrypted bridge table
fn send_reachability_cred(ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> { fn send_reachability_cred(ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> {
let ba_obj = ba.lock().unwrap(); let mut ba_obj = ba.lock().unwrap();
let mut resp = Response::new(Body::from(serde_json::to_string(&ba_obj.reachability_pub).unwrap())); ba_obj.advance_days(85); // FOR TESTING ONLY
resp.headers_mut().insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); println!("Today's date according to server: {}", ba_obj.today());
let enc_table = ba_obj.enc_bridge_table().clone();
let etable = EncBridgeTable { etable: enc_table };
let mut resp = Response::new(Body::from(serde_json::to_string(&etable).unwrap()));
resp.headers_mut()
.insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
resp resp
} }
@ -159,31 +178,37 @@ fn verify_and_send_open_cred(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Resp
let mut ba_obj = ba.lock().unwrap(); let mut ba_obj = ba.lock().unwrap();
let response = ba_obj.handle_open_invite(req).unwrap(); let response = ba_obj.handle_open_invite(req).unwrap();
let open_invite_resp_str = serde_json::to_string(&response).unwrap(); let open_invite_resp_str = serde_json::to_string(&response).unwrap();
let mut resp = Response::new(Body::from(open_invite_resp_str)); prepare_header(open_invite_resp_str)
resp.headers_mut()
.insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
resp
} }
fn verify_and_send_trust_promo(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> { fn verify_and_send_trust_promo(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> {
let req: proto::trust_promotion::Request = serde_json::from_slice(&request).unwrap(); let req: proto::trust_promotion::Request = serde_json::from_slice(&request).unwrap();
let mut ba_obj = ba.lock().unwrap(); let mut ba_obj = ba.lock().unwrap();
ba_obj.advance_days(31); ba_obj.advance_days(31); // FOR TESTING ONLY
println!("Today's date according to server: {}", ba_obj.today()); println!("Today's date according to server: {}", ba_obj.today());
let response = ba_obj.handle_trust_promotion(req).unwrap(); let response = ba_obj.handle_trust_promotion(req).unwrap();
let trust_promo_resp_str = serde_json::to_string(&response).unwrap(); let trust_promo_resp_str = serde_json::to_string(&response).unwrap();
let mut resp = Response::new(Body::from(trust_promo_resp_str)); prepare_header(trust_promo_resp_str)
resp.headers_mut()
.insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
resp
} }
fn verify_and_send_trust_migration(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> { fn verify_and_send_trust_migration(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> {
let req: proto::migration::Request = serde_json::from_slice(&request).unwrap(); let req: proto::migration::Request = serde_json::from_slice(&request).unwrap();
let mut ba_obj = ba.lock().unwrap(); let mut ba_obj = ba.lock().unwrap();
let response = ba_obj.handle_migration(req).unwrap(); let response = ba_obj.handle_migration(req).unwrap();
let trust_migration_resp_str = serde_json::to_string(&response).unwrap(); let resp_str = serde_json::to_string(&response).unwrap();
let mut resp = Response::new(Body::from(trust_migration_resp_str)); prepare_header(resp_str)
}
fn verify_and_send_level_up(request: Bytes, ba: Arc<Mutex<BridgeAuth>>) -> Response<Body> {
let req: proto::level_up::Request = serde_json::from_slice(&request).unwrap();
let mut ba_obj = ba.lock().unwrap();
let response = ba_obj.handle_level_up(req).unwrap();
let level_up_resp_str = serde_json::to_string(&response).unwrap();
prepare_header(level_up_resp_str)
}
fn prepare_header(response: String) -> Response<Body> {
let mut resp = Response::new(Body::from(response));
resp.headers_mut() resp.headers_mut()
.insert("Access-Control-Allow-Origin", HeaderValue::from_static("*")); .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
resp resp