mod client_net; use client_net::net_request; use curve25519_dalek::scalar::Scalar; use lox::bridge_table::BridgeLine; use lox::bridge_table::ENC_BUCKET_BYTES; use lox::proto::*; use lox::IssuerPubKey; use lox::OPENINV_LENGTH; use serde::{Deserialize, Serialize}; use serde_with::serde_as; use std::time::Duration; // used for testing function use std::io::Write; // From https://gitlab.torproject.org/onyinyang/lox-server/-/blob/main/src/main.rs // TODO: Move this to main Lox library? #[serde_as] #[derive(Serialize, Deserialize)] pub struct Invite { #[serde_as(as = "[_; OPENINV_LENGTH]")] invite: [u8; OPENINV_LENGTH], } #[serde_as] #[derive(Serialize, Deserialize)] pub struct EncBridgeTable { #[serde_as(as = "Vec<[_; ENC_BUCKET_BYTES]>")] etable: Vec<[u8; ENC_BUCKET_BYTES]>, } // These two functions should only be used for testing. // This file should probably belong to the client, not the library. const TIME_OFFSET_FILENAME: &str = "time_offset.json"; fn get_time_offset() -> u32 { if std::path::Path::new(&TIME_OFFSET_FILENAME).exists() { let infile = std::fs::File::open(&TIME_OFFSET_FILENAME).unwrap(); serde_json::from_reader(infile).unwrap() } else { 0 } } fn save_time_offset(secs: &u32) { let mut outfile = std::fs::File::create(&TIME_OFFSET_FILENAME).expect("Failed to create time_offset"); write!(outfile, "{}", serde_json::to_string(&secs).unwrap()) .expect("Failed to write to time_offset"); } /// Get today's (real or simulated) date /// /// This function is modified from the lox lib.rs fn today(time_offset: Duration) -> u32 { // We will not encounter negative Julian dates (~6700 years ago) // or ones larger than 32 bits (time::OffsetDateTime::now_utc().date() + time_offset) .julian_day() .try_into() .unwrap() } // Helper functions to get public keys from vector pub fn get_lox_pub(lox_auth_pubkeys: &Vec) -> &IssuerPubKey { &lox_auth_pubkeys[0] } pub fn get_migration_pub(lox_auth_pubkeys: &Vec) -> &IssuerPubKey { &lox_auth_pubkeys[1] } pub fn get_migrationkey_pub(lox_auth_pubkeys: &Vec) -> &IssuerPubKey { &lox_auth_pubkeys[2] } pub fn get_reachability_pub(lox_auth_pubkeys: &Vec) -> &IssuerPubKey { &lox_auth_pubkeys[3] } pub fn get_invitation_pub(lox_auth_pubkeys: &Vec) -> &IssuerPubKey { &lox_auth_pubkeys[4] } // Helper function to get credential trust level as i8 // (Note that this value should only be 0-4) pub fn get_cred_trust_level(cred: &lox::cred::Lox) -> i8 { let trust_levels: [Scalar; 5] = [ Scalar::zero(), Scalar::one(), Scalar::from(2u64), Scalar::from(3u64), Scalar::from(4u8), ]; for i in 0..trust_levels.len() { if cred.trust_level == trust_levels[i] { return i.try_into().unwrap(); } } -1 } // Download Lox Auth pubkeys pub async fn get_lox_auth_keys(server_addr: &str) -> Vec { let resp = net_request(server_addr.to_string() + "/pubkeys", [].to_vec()).await; let lox_auth_pubkeys: Vec = serde_json::from_slice(&resp).unwrap(); lox_auth_pubkeys } // Get encrypted bridge table pub async fn get_reachability_credential(server_addr: &str) -> Vec<[u8; ENC_BUCKET_BYTES]> { let resp = net_request(server_addr.to_string() + "/reachability", [].to_vec()).await; let reachability_cred: EncBridgeTable = serde_json::from_slice(&resp).unwrap(); reachability_cred.etable } // Get an open invitation pub async fn get_open_invitation(server_addr: &str) -> [u8; OPENINV_LENGTH] { let resp = net_request(server_addr.to_string() + "/invite", [].to_vec()).await; let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::(&resp).unwrap().invite; open_invite } // Get a Lox Credential from an open invitation pub async fn get_lox_credential( server_addr: &str, open_invite: &[u8; OPENINV_LENGTH], lox_pub: &IssuerPubKey, ) -> (lox::cred::Lox, BridgeLine) { let (req, state) = open_invite::request(&open_invite); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/openreq", encoded_req).await; let decoded_resp: open_invite::Response = serde_json::from_slice(&encoded_resp).unwrap(); let (cred, bridgeline) = open_invite::handle_response(state, decoded_resp, &lox_pub).unwrap(); (cred, bridgeline) } // Get a migration credential to migrate to higher trust pub async fn trust_promotion( server_addr: &str, lox_cred: &lox::cred::Lox, lox_pub: &IssuerPubKey, ) -> lox::cred::Migration { // FOR TESTING ONLY let time_offset = get_time_offset() + 60 * 60 * 24 * 31; save_time_offset(&time_offset); let (req, state) = // trust_promotion::request(&lox_cred, &lox_pub, today(Duration::ZERO)).unwrap(); trust_promotion::request(&lox_cred, &lox_pub, today(Duration::from_secs(time_offset.into()))).unwrap(); // FOR TESTING ONLY let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/trustpromo", encoded_req).await; let decoded_resp: trust_promotion::Response = serde_json::from_slice(&encoded_resp).unwrap(); let migration_cred = trust_promotion::handle_response(state, decoded_resp).unwrap(); migration_cred } // Promote from untrusted (trust level 0) to trusted (trust level 1) pub async fn trust_migration( server_addr: &str, lox_cred: &lox::cred::Lox, migration_cred: &lox::cred::Migration, lox_pub: &IssuerPubKey, migration_pub: &IssuerPubKey, ) -> lox::cred::Lox { let (req, state) = migration::request(lox_cred, migration_cred, lox_pub, migration_pub).unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/trustmig", encoded_req).await; let decoded_resp: migration::Response = serde_json::from_slice(&encoded_resp).unwrap(); let cred = migration::handle_response(state, decoded_resp, lox_pub).unwrap(); cred } // Increase trust from at least level 1 to higher levels pub async fn level_up( server_addr: &str, lox_cred: &lox::cred::Lox, encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>, lox_pub: &IssuerPubKey, reachability_pub: &IssuerPubKey, ) -> lox::cred::Lox { // Read the bucket in the credential to get today's Bucket // Reachability credential let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap(); let bucket = lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap(); let reachcred = bucket.1.unwrap(); // FOR TESTING ONLY let time_offset = get_time_offset() + 60 * 60 * 24 * 85; save_time_offset(&time_offset); // Use the Bucket Reachability credential to advance to the next // level let (req, state) = level_up::request( lox_cred, &reachcred, lox_pub, reachability_pub, //today(Duration::ZERO), today(Duration::from_secs(time_offset.into())), // FOR TESTING ONLY ) .unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/levelup", encoded_req).await; let decoded_resp: level_up::Response = serde_json::from_slice(&encoded_resp).unwrap(); let cred = level_up::handle_response(state, decoded_resp, lox_pub).unwrap(); cred } // Request an Invitation credential to give to a friend pub async fn issue_invite( server_addr: &str, lox_cred: &lox::cred::Lox, encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>, lox_pub: &IssuerPubKey, reachability_pub: &IssuerPubKey, invitation_pub: &IssuerPubKey, ) -> (lox::cred::Lox, lox::cred::Invitation) { // Read the bucket in the credential to get today's Bucket // Reachability credential let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap(); let bucket = lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap(); let reachcred = bucket.1.unwrap(); let (req, state) = issue_invite::request( lox_cred, &reachcred, lox_pub, reachability_pub, today(Duration::ZERO), ) .unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/issueinvite", encoded_req).await; let decoded_resp: issue_invite::Response = serde_json::from_slice(&encoded_resp).unwrap(); let (cred, invite) = issue_invite::handle_response(state, decoded_resp, lox_pub, invitation_pub).unwrap(); (cred, invite) } // Redeem an Invitation credential to start at trust level 1 pub async fn redeem_invite( server_addr: &str, invite: &lox::cred::Invitation, lox_pub: &IssuerPubKey, invitation_pub: &IssuerPubKey, ) -> lox::cred::Lox { let (req, state) = redeem_invite::request(invite, invitation_pub, today(Duration::ZERO)).unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/redeem", encoded_req).await; let decoded_resp: redeem_invite::Response = serde_json::from_slice(&encoded_resp).unwrap(); let cred = redeem_invite::handle_response(state, decoded_resp, lox_pub).unwrap(); cred } // Check for a migration credential to move to a new bucket pub async fn check_blockage( server_addr: &str, lox_cred: &lox::cred::Lox, lox_pub: &IssuerPubKey, ) -> lox::cred::Migration { let (req, state) = check_blockage::request(lox_cred, lox_pub).unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/checkblockage", encoded_req).await; let decoded_resp: check_blockage::Response = serde_json::from_slice(&encoded_resp).unwrap(); let migcred = check_blockage::handle_response(state, decoded_resp).unwrap(); migcred } // Migrate to a new bucket (must be level >= 3) pub async fn blockage_migration( server_addr: &str, lox_cred: &lox::cred::Lox, migcred: &lox::cred::Migration, lox_pub: &IssuerPubKey, migration_pub: &IssuerPubKey, ) -> lox::cred::Lox { let (req, state) = blockage_migration::request(lox_cred, migcred, lox_pub, migration_pub).unwrap(); let encoded_req: Vec = serde_json::to_vec(&req).unwrap(); let encoded_resp = net_request(server_addr.to_string() + "/blockagemigration", encoded_req).await; let decoded_resp: blockage_migration::Response = serde_json::from_slice(&encoded_resp).unwrap(); let cred = blockage_migration::handle_response(state, decoded_resp, lox_pub).unwrap(); cred }