vecna
/
lox
mirror of https://gitlab.torproject.org/vecna/lox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add function to lox_context to create fingerprint maps for TP verification

This commit is contained in:
Vecna 2024-03-15 16:22:43 -04:00
parent 4eba9df7db
commit daeeb3fdea
2 changed files with 52 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
crates/lox-distributor/src/lox_context.rs
View File

@ -4,7 +4,7 @@
use curve25519_dalek::{ristretto::RistrettoBasepointTable, Scalar}; use curve25519_dalek::{ristretto::RistrettoBasepointTable, Scalar};
use hyper::{body::Bytes, header::HeaderValue, Body, Response}; use hyper::{body::Bytes, header::HeaderValue, Body, Response};
use lox_library::{ use lox_library::{
bridge_table::{BridgeLine, EncryptedBucket, MAX_BRIDGES_PER_BUCKET}, bridge_table::{self, BridgeLine, EncryptedBucket, MAX_BRIDGES_PER_BUCKET},
proto::{ proto::{
blockage_migration, check_blockage, issue_invite, level_up, migration, open_invite, blockage_migration, check_blockage, issue_invite, level_up, migration, open_invite,
positive_report, redeem_invite, trust_promotion, positive_report, redeem_invite, trust_promotion,
@ -16,9 +16,10 @@ use serde::{Deserialize, Serialize};
use lox_zkp::ProofError; use lox_zkp::ProofError;
use serde_json::json; use serde_json::json;
use sha1::{Digest, Sha1};
use std::{ use std::{
cmp::Ordering, cmp::Ordering,
collections::{BTreeMap, HashMap}, collections::{BTreeMap, HashMap, HashSet},
ops::DerefMut, ops::DerefMut,
sync::{Arc, Mutex}, sync::{Arc, Mutex},
}; };
@ -342,6 +343,52 @@ impl LoxServerContext {
ba_obj.bridge_update(&bridgeline) ba_obj.bridge_update(&bridgeline)
} }
pub fn generate_bridge_verification_infos(&self) {
let la_obj = self.ba.lock().unwrap();
// Recompute table
let mut tp_bridge_infos = self.tp_bridge_infos.lock().unwrap();
tp_bridge_infos.clear();
// Go through all buckets and all bridges in buckets, map bridge to
// buckets containing it. Note that a bridge may be contained within
// multiple buckets (open invitation buckets and invite-only buckets).
let buckets = &la_obj.bridge_table.buckets;
for id in buckets.keys() {
let bridges = buckets.get(id).unwrap();
let key = la_obj.bridge_table.keys.get(id).unwrap();
let bucket = bridge_table::to_scalar(*id, key);
for bridge in bridges {
if bridge.fingerprint != [0; 20] {
// Get hashed fingerprint
let mut hasher = Sha1::new();
hasher.update(&bridge.fingerprint);
let fingerprint: [u8; 20] = hasher.finalize().into();
// Add bucket to existing entry or add new entry
if tp_bridge_infos.contains_key(&fingerprint) {
tp_bridge_infos
.get_mut(&fingerprint)
.unwrap()
.buckets
.insert(bucket);
} else {
let mut buckets = HashSet::<Scalar>::new();
buckets.insert(bucket);
tp_bridge_infos.insert(
fingerprint,
BridgeVerificationInfo {
bridge_line: *bridge,
buckets: buckets,
pubkey: None, // TODO: add pubkey for signed bridge tokens
},
);
}
}
}
}
}
//#[cfg(test)] //#[cfg(test)]
/// For testing only: manually advance the day by the given number /// For testing only: manually advance the day by the given number
/// of days. /// of days.

62
crates/lox-distributor/src/troll_patrol_handler.rs
View File

@ -57,10 +57,7 @@ mod tests {
}; };
use troll_patrol::{ use troll_patrol::{
bridge_verification_info::BridgeVerificationInfo, bridge_verification_info::BridgeVerificationInfo,
negative_report::{ negative_report::{HashOfBridgeLine, HashOfBucket, NegativeReport, ProofOfBridgeKnowledge},
HashOfBridgeLine, HashOfBucket, NegativeReport, ProofOfBridgeKnowledge,
SerializableNegativeReport,
},
positive_report::{PositiveReport, SerializablePositiveReport}, positive_report::{PositiveReport, SerializablePositiveReport},
BridgeDistributor, BridgeDistributor,
}; };
@ -129,57 +126,6 @@ mod tests {
}; };
Self { context } Self { context }
} }
pub fn generate_bridge_infos(&self) {
// We want to ignore empty bridgelines
let mut hasher = Sha1::new();
hasher.update([0; 20]);
let empty_bridgeline_fingerprint: [u8; 20] = hasher.finalize().into();
let mut lox_auth = self.context.ba.lock().unwrap();
// Recompute table
let mut tp_bridge_infos = self.context.tp_bridge_infos.lock().unwrap();
tp_bridge_infos.clear();
// Go through all buckets and all bridges in buckets, map bridge to
// buckets containing it. Note that a bridge may be contained within
// multiple buckets (open invitaion buckets and invite-only buckets).
let buckets = &lox_auth.bridge_table.buckets;
for id in buckets.keys() {
let bridges = buckets.get(id).unwrap();
let key = lox_auth.bridge_table.keys.get(id).unwrap();
let bucket = bridge_table::to_scalar(*id, key);
for bridge in bridges {
// Get hashed fingerprint
let mut hasher = Sha1::new();
hasher.update(&bridge.fingerprint);
let fingerprint: [u8; 20] = hasher.finalize().into();
if fingerprint != empty_bridgeline_fingerprint {
// Add new entry or add bucket to existing entry
if tp_bridge_infos.contains_key(&fingerprint) {
tp_bridge_infos
.get_mut(&fingerprint)
.unwrap()
.buckets
.insert(bucket);
} else {
let mut buckets = HashSet::<Scalar>::new();
buckets.insert(bucket);
tp_bridge_infos.insert(
fingerprint,
BridgeVerificationInfo {
bridge_line: *bridge,
buckets: buckets,
pubkey: None, // TODO: add pubkey for signed bridge tokens
},
);
}
}
}
}
}
} }
pub fn random() -> BridgeLine { pub fn random() -> BridgeLine {
@ -280,7 +226,6 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_negative_reports() { async fn test_negative_reports() {
let mut th = TestHarness::new(); let mut th = TestHarness::new();
th.generate_bridge_infos();
let tpc = TpClientMock {}; let tpc = TpClientMock {};
let mut Htables = HashMap::<u32, RistrettoBasepointTable>::new(); let mut Htables = HashMap::<u32, RistrettoBasepointTable>::new();
@ -288,7 +233,7 @@ mod tests {
let cred = get_new_credential(&mut th).await; let cred = get_new_credential(&mut th).await;
let cred = level_up(&mut th, &cred).await; let cred = level_up(&mut th, &cred).await;
th.generate_bridge_infos(); th.context.generate_bridge_verification_infos();
let mut ba = th.context.ba.lock().unwrap(); let mut ba = th.context.ba.lock().unwrap();
@ -390,7 +335,6 @@ mod tests {
#[tokio::test] #[tokio::test]
async fn test_positive_reports() { async fn test_positive_reports() {
let mut th = TestHarness::new(); let mut th = TestHarness::new();
th.generate_bridge_infos();
let tpc = TpClientMock {}; let tpc = TpClientMock {};
let mut Htables = HashMap::<u32, RistrettoBasepointTable>::new(); let mut Htables = HashMap::<u32, RistrettoBasepointTable>::new();
@ -400,7 +344,7 @@ mod tests {
let cred = level_up(&mut th, &cred).await; let cred = level_up(&mut th, &cred).await;
let cred = level_up(&mut th, &cred).await; let cred = level_up(&mut th, &cred).await;
th.generate_bridge_infos(); th.context.generate_bridge_verification_infos();
let mut ba = th.context.ba.lock().unwrap(); let mut ba = th.context.ba.lock().unwrap();