2023-03-19 14:47:08 -04:00
|
|
|
mod client_net;
|
|
|
|
|
use client_net::net_request;
|
2023-03-05 19:38:04 -05:00
|
|
|
|
2023-03-26 13:00:30 -04:00
|
|
|
use curve25519_dalek::scalar::Scalar;
|
2023-03-19 14:47:08 -04:00
|
|
|
use lox::bridge_table::BridgeLine;
|
|
|
|
|
use lox::bridge_table::ENC_BUCKET_BYTES;
|
|
|
|
|
use lox::proto::*;
|
2023-03-05 19:38:04 -05:00
|
|
|
use lox::IssuerPubKey;
|
|
|
|
|
use lox::OPENINV_LENGTH;
|
2023-03-19 14:47:08 -04:00
|
|
|
use serde::{Deserialize, Serialize};
|
2023-03-05 19:38:04 -05:00
|
|
|
use serde_with::serde_as;
|
|
|
|
|
use std::time::Duration;
|
|
|
|
|
|
2023-03-26 13:00:30 -04:00
|
|
|
// used for testing function
|
|
|
|
|
use std::io::Write;
|
|
|
|
|
|
2023-03-05 19:38:04 -05:00
|
|
|
// From https://gitlab.torproject.org/onyinyang/lox-server/-/blob/main/src/main.rs
|
|
|
|
|
// TODO: Move this to main Lox library?
|
|
|
|
|
#[serde_as]
|
|
|
|
|
#[derive(Serialize, Deserialize)]
|
|
|
|
|
pub struct Invite {
|
|
|
|
|
#[serde_as(as = "[_; OPENINV_LENGTH]")]
|
|
|
|
|
invite: [u8; OPENINV_LENGTH],
|
|
|
|
|
}
|
2023-03-19 14:47:08 -04:00
|
|
|
#[serde_as]
|
|
|
|
|
#[derive(Serialize, Deserialize)]
|
|
|
|
|
pub struct EncBridgeTable {
|
|
|
|
|
#[serde_as(as = "Vec<[_; ENC_BUCKET_BYTES]>")]
|
|
|
|
|
etable: Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
|
|
}
|
2023-03-05 19:38:04 -05:00
|
|
|
|
2023-03-26 13:00:30 -04:00
|
|
|
// These two functions should only be used for testing.
|
|
|
|
|
// This file should probably belong to the client, not the library.
|
|
|
|
|
const TIME_OFFSET_FILENAME: &str = "time_offset.json";
|
|
|
|
|
fn get_time_offset() -> u32 {
|
|
|
|
|
if std::path::Path::new(&TIME_OFFSET_FILENAME).exists() {
|
|
|
|
|
let infile = std::fs::File::open(&TIME_OFFSET_FILENAME).unwrap();
|
|
|
|
|
serde_json::from_reader(infile).unwrap()
|
|
|
|
|
} else {
|
|
|
|
|
0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fn save_time_offset(secs: &u32) {
|
|
|
|
|
let mut outfile =
|
|
|
|
|
std::fs::File::create(&TIME_OFFSET_FILENAME).expect("Failed to create time_offset");
|
|
|
|
|
write!(outfile, "{}", serde_json::to_string(&secs).unwrap())
|
|
|
|
|
.expect("Failed to write to time_offset");
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-05 19:38:04 -05:00
|
|
|
/// Get today's (real or simulated) date
|
|
|
|
|
///
|
|
|
|
|
/// This function is modified from the lox lib.rs
|
|
|
|
|
fn today(time_offset: Duration) -> u32 {
|
|
|
|
|
// We will not encounter negative Julian dates (~6700 years ago)
|
|
|
|
|
// or ones larger than 32 bits
|
|
|
|
|
(time::OffsetDateTime::now_utc().date() + time_offset)
|
|
|
|
|
.julian_day()
|
|
|
|
|
.try_into()
|
|
|
|
|
.unwrap()
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-19 14:47:08 -04:00
|
|
|
// Helper functions to get public keys from vector
|
|
|
|
|
pub fn get_lox_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
|
|
&lox_auth_pubkeys[0]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn get_migration_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
|
|
&lox_auth_pubkeys[1]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn get_migrationkey_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
|
|
&lox_auth_pubkeys[2]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn get_reachability_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
|
|
&lox_auth_pubkeys[3]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn get_invitation_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
|
|
&lox_auth_pubkeys[4]
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-26 13:00:30 -04:00
|
|
|
// Helper function to get credential trust level as i8
|
|
|
|
|
// (Note that this value should only be 0-4)
|
|
|
|
|
pub fn get_cred_trust_level(cred: &lox::cred::Lox) -> i8 {
|
|
|
|
|
let trust_levels: [Scalar; 5] = [
|
|
|
|
|
Scalar::zero(),
|
|
|
|
|
Scalar::one(),
|
|
|
|
|
Scalar::from(2u64),
|
|
|
|
|
Scalar::from(3u64),
|
|
|
|
|
Scalar::from(4u8),
|
|
|
|
|
];
|
|
|
|
|
for i in 0..trust_levels.len() {
|
|
|
|
|
if cred.trust_level == trust_levels[i] {
|
|
|
|
|
return i.try_into().unwrap();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
-1
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-05 19:38:04 -05:00
|
|
|
// Download Lox Auth pubkeys
|
2023-03-12 10:56:29 -04:00
|
|
|
pub async fn get_lox_auth_keys(server_addr: &str) -> Vec<IssuerPubKey> {
|
2023-03-19 14:47:08 -04:00
|
|
|
let resp = net_request(server_addr.to_string() + "/pubkeys", [].to_vec()).await;
|
|
|
|
|
let lox_auth_pubkeys: Vec<IssuerPubKey> = serde_json::from_slice(&resp).unwrap();
|
2023-03-05 19:38:04 -05:00
|
|
|
lox_auth_pubkeys
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-19 14:47:08 -04:00
|
|
|
// Get encrypted bridge table
|
2023-03-25 14:36:04 -04:00
|
|
|
pub async fn get_reachability_credential(server_addr: &str) -> Vec<[u8; ENC_BUCKET_BYTES]> {
|
2023-03-19 14:47:08 -04:00
|
|
|
let resp = net_request(server_addr.to_string() + "/reachability", [].to_vec()).await;
|
2023-03-25 14:36:04 -04:00
|
|
|
let reachability_cred: EncBridgeTable = serde_json::from_slice(&resp).unwrap();
|
|
|
|
|
reachability_cred.etable
|
2023-03-19 14:47:08 -04:00
|
|
|
}
|
|
|
|
|
|
2023-03-05 19:38:04 -05:00
|
|
|
// Get an open invitation
|
2023-03-12 10:56:29 -04:00
|
|
|
pub async fn get_open_invitation(server_addr: &str) -> [u8; OPENINV_LENGTH] {
|
2023-03-19 14:47:08 -04:00
|
|
|
let resp = net_request(server_addr.to_string() + "/invite", [].to_vec()).await;
|
|
|
|
|
let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::<Invite>(&resp).unwrap().invite;
|
2023-03-05 19:38:04 -05:00
|
|
|
open_invite
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get a Lox Credential from an open invitation
|
2023-03-19 14:47:08 -04:00
|
|
|
pub async fn get_lox_credential(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
open_invite: &[u8; OPENINV_LENGTH],
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
) -> (lox::cred::Lox, BridgeLine) {
|
|
|
|
|
let (req, state) = open_invite::request(&open_invite);
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/openreq", encoded_req).await;
|
|
|
|
|
let decoded_resp: open_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let (cred, bridgeline) = open_invite::handle_response(state, decoded_resp, &lox_pub).unwrap();
|
|
|
|
|
(cred, bridgeline)
|
2023-03-05 19:38:04 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get a migration credential to migrate to higher trust
|
2023-03-19 14:47:08 -04:00
|
|
|
pub async fn trust_promotion(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Migration {
|
2023-03-26 13:00:30 -04:00
|
|
|
// FOR TESTING ONLY
|
|
|
|
|
let time_offset = get_time_offset() + 60 * 60 * 24 * 31;
|
|
|
|
|
save_time_offset(&time_offset);
|
|
|
|
|
|
2023-03-19 14:47:08 -04:00
|
|
|
let (req, state) =
|
2023-03-25 14:36:04 -04:00
|
|
|
// trust_promotion::request(&lox_cred, &lox_pub, today(Duration::ZERO)).unwrap();
|
2023-03-26 13:00:30 -04:00
|
|
|
trust_promotion::request(&lox_cred, &lox_pub, today(Duration::from_secs(time_offset.into()))).unwrap(); // FOR TESTING ONLY
|
2023-03-19 14:47:08 -04:00
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
2023-03-25 14:36:04 -04:00
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/trustpromo", encoded_req).await;
|
2023-03-19 14:47:08 -04:00
|
|
|
let decoded_resp: trust_promotion::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let migration_cred = trust_promotion::handle_response(state, decoded_resp).unwrap();
|
2023-03-05 19:38:04 -05:00
|
|
|
migration_cred
|
|
|
|
|
}
|
2023-03-19 14:47:08 -04:00
|
|
|
|
|
|
|
|
// Promote from untrusted (trust level 0) to trusted (trust level 1)
|
|
|
|
|
pub async fn trust_migration(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
migration_cred: &lox::cred::Migration,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
migration_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Lox {
|
|
|
|
|
let (req, state) =
|
|
|
|
|
migration::request(lox_cred, migration_cred, lox_pub, migration_pub).unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/trustmig", encoded_req).await;
|
|
|
|
|
let decoded_resp: migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let cred = migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
|
cred
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Increase trust from at least level 1 to higher levels
|
|
|
|
|
pub async fn level_up(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
reachability_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Lox {
|
|
|
|
|
// Read the bucket in the credential to get today's Bucket
|
|
|
|
|
// Reachability credential
|
|
|
|
|
|
|
|
|
|
let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
|
|
|
|
|
let bucket =
|
|
|
|
|
lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
|
|
|
|
|
let reachcred = bucket.1.unwrap();
|
|
|
|
|
|
2023-03-26 13:00:30 -04:00
|
|
|
// FOR TESTING ONLY
|
|
|
|
|
let time_offset = get_time_offset() + 60 * 60 * 24 * 85;
|
|
|
|
|
save_time_offset(&time_offset);
|
|
|
|
|
|
2023-03-19 14:47:08 -04:00
|
|
|
// Use the Bucket Reachability credential to advance to the next
|
|
|
|
|
// level
|
|
|
|
|
let (req, state) = level_up::request(
|
|
|
|
|
lox_cred,
|
|
|
|
|
&reachcred,
|
|
|
|
|
lox_pub,
|
|
|
|
|
reachability_pub,
|
2023-03-25 14:53:53 -04:00
|
|
|
//today(Duration::ZERO),
|
2023-03-26 13:00:30 -04:00
|
|
|
today(Duration::from_secs(time_offset.into())), // FOR TESTING ONLY
|
2023-03-19 14:47:08 -04:00
|
|
|
)
|
|
|
|
|
.unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/levelup", encoded_req).await;
|
|
|
|
|
let decoded_resp: level_up::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let cred = level_up::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
|
cred
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Request an Invitation credential to give to a friend
|
|
|
|
|
pub async fn issue_invite(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
reachability_pub: &IssuerPubKey,
|
|
|
|
|
invitation_pub: &IssuerPubKey,
|
|
|
|
|
) -> (lox::cred::Lox, lox::cred::Invitation) {
|
|
|
|
|
// Read the bucket in the credential to get today's Bucket
|
|
|
|
|
// Reachability credential
|
|
|
|
|
|
|
|
|
|
let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
|
|
|
|
|
let bucket =
|
|
|
|
|
lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
|
|
|
|
|
let reachcred = bucket.1.unwrap();
|
|
|
|
|
|
|
|
|
|
let (req, state) = issue_invite::request(
|
|
|
|
|
lox_cred,
|
|
|
|
|
&reachcred,
|
|
|
|
|
lox_pub,
|
|
|
|
|
reachability_pub,
|
|
|
|
|
today(Duration::ZERO),
|
|
|
|
|
)
|
|
|
|
|
.unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/issueinvite", encoded_req).await;
|
|
|
|
|
let decoded_resp: issue_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let (cred, invite) =
|
|
|
|
|
issue_invite::handle_response(state, decoded_resp, lox_pub, invitation_pub).unwrap();
|
|
|
|
|
(cred, invite)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Redeem an Invitation credential to start at trust level 1
|
|
|
|
|
pub async fn redeem_invite(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
invite: &lox::cred::Invitation,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
invitation_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Lox {
|
|
|
|
|
let (req, state) =
|
|
|
|
|
redeem_invite::request(invite, invitation_pub, today(Duration::ZERO)).unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/redeem", encoded_req).await;
|
|
|
|
|
let decoded_resp: redeem_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let cred = redeem_invite::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
|
cred
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for a migration credential to move to a new bucket
|
|
|
|
|
pub async fn check_blockage(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Migration {
|
|
|
|
|
let (req, state) = check_blockage::request(lox_cred, lox_pub).unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp = net_request(server_addr.to_string() + "/checkblockage", encoded_req).await;
|
|
|
|
|
let decoded_resp: check_blockage::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let migcred = check_blockage::handle_response(state, decoded_resp).unwrap();
|
|
|
|
|
migcred
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Migrate to a new bucket (must be level >= 3)
|
|
|
|
|
pub async fn blockage_migration(
|
|
|
|
|
server_addr: &str,
|
|
|
|
|
lox_cred: &lox::cred::Lox,
|
|
|
|
|
migcred: &lox::cred::Migration,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
migration_pub: &IssuerPubKey,
|
|
|
|
|
) -> lox::cred::Lox {
|
|
|
|
|
let (req, state) =
|
|
|
|
|
blockage_migration::request(lox_cred, migcred, lox_pub, migration_pub).unwrap();
|
|
|
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
|
|
let encoded_resp =
|
|
|
|
|
net_request(server_addr.to_string() + "/blockagemigration", encoded_req).await;
|
|
|
|
|
let decoded_resp: blockage_migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
|
|
let cred = blockage_migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
|
cred
|
|
|
|
|
}
|
