311 lines
12 KiB
Rust
311 lines
12 KiB
Rust
use async_trait::async_trait;
|
|
use curve25519_dalek::scalar::Scalar;
|
|
use lox_library::bridge_table::from_scalar;
|
|
use lox_library::bridge_table::BridgeLine;
|
|
use lox_library::bridge_table::BridgeTable;
|
|
use lox_library::bridge_table::EncryptedBucket;
|
|
use lox_library::bridge_table::MAX_BRIDGES_PER_BUCKET;
|
|
use lox_library::proto::*;
|
|
use lox_library::scalar_u32;
|
|
use lox_library::IssuerPubKey;
|
|
use lox_library::OPENINV_LENGTH;
|
|
use lox_utils::EncBridgeTable;
|
|
use lox_utils::Invite;
|
|
use serde::{Deserialize, Serialize};
|
|
use serde_with::serde_as;
|
|
use std::collections::HashMap;
|
|
use std::time::Duration;
|
|
|
|
// used for testing function
|
|
use std::io::Write;
|
|
|
|
// provides a generic way to make network requests
|
|
#[async_trait]
|
|
pub trait Networking {
|
|
async fn request(&self, endpoint: String, body: Vec<u8>) -> Vec<u8>;
|
|
}
|
|
|
|
// Helper functions to get public keys from vector
|
|
pub fn get_lox_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
&lox_auth_pubkeys[0]
|
|
}
|
|
|
|
pub fn get_migration_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
&lox_auth_pubkeys[1]
|
|
}
|
|
|
|
pub fn get_migrationkey_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
&lox_auth_pubkeys[2]
|
|
}
|
|
|
|
pub fn get_reachability_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
&lox_auth_pubkeys[3]
|
|
}
|
|
|
|
pub fn get_invitation_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
&lox_auth_pubkeys[4]
|
|
}
|
|
|
|
// Helper function to get credential trust level as i8
|
|
// (Note that this value should only be 0-4)
|
|
pub fn get_cred_trust_level(cred: &lox_library::cred::Lox) -> i8 {
|
|
let trust_levels: [Scalar; 5] = [
|
|
Scalar::zero(),
|
|
Scalar::one(),
|
|
Scalar::from(2u64),
|
|
Scalar::from(3u64),
|
|
Scalar::from(4u8),
|
|
];
|
|
for i in 0..trust_levels.len() {
|
|
if cred.trust_level == trust_levels[i] {
|
|
return i.try_into().unwrap();
|
|
}
|
|
}
|
|
-1
|
|
}
|
|
|
|
// Helper function to check if credential is eligible for
|
|
// promotion from level 0 to 1
|
|
pub async fn eligible_for_trust_promotion(
|
|
net: &dyn Networking,
|
|
cred: &lox_library::cred::Lox,
|
|
) -> bool {
|
|
let level_since: u32 = match scalar_u32(&cred.level_since) {
|
|
Some(v) => v,
|
|
None => return false,
|
|
};
|
|
get_cred_trust_level(cred) == 0
|
|
&& level_since + trust_promotion::UNTRUSTED_INTERVAL <= get_today(net).await
|
|
}
|
|
|
|
// Helper function to check if credential is eligible for
|
|
// level up from level 1+
|
|
pub async fn eligible_for_level_up(net: &dyn Networking, cred: &lox_library::cred::Lox) -> bool {
|
|
let level_since: u32 = match scalar_u32(&cred.level_since) {
|
|
Some(v) => v,
|
|
None => return false,
|
|
};
|
|
let trust_level: usize = get_cred_trust_level(cred).try_into().unwrap();
|
|
trust_level > 0
|
|
&& level_since + lox_library::proto::level_up::LEVEL_INTERVAL[trust_level]
|
|
<= get_today(net).await
|
|
}
|
|
|
|
// Get current date from Lox Auth
|
|
pub async fn get_today(net: &dyn Networking) -> u32 {
|
|
let resp = net.request("/today".to_string(), [].to_vec()).await;
|
|
let today: u32 = serde_json::from_slice(&resp).unwrap();
|
|
today
|
|
}
|
|
|
|
// Download Lox Auth pubkeys
|
|
pub async fn get_lox_auth_keys(net: &dyn Networking) -> Vec<IssuerPubKey> {
|
|
let resp = net.request("/pubkeys".to_string(), [].to_vec()).await;
|
|
let lox_auth_pubkeys: Vec<IssuerPubKey> = serde_json::from_slice(&resp).unwrap();
|
|
lox_auth_pubkeys
|
|
}
|
|
|
|
// Get encrypted bridge table
|
|
pub async fn get_reachability_credential(net: &dyn Networking) -> HashMap<u32, EncryptedBucket> {
|
|
let resp = net.request("/reachability".to_string(), [].to_vec()).await;
|
|
let reachability_cred: EncBridgeTable = serde_json::from_slice(&resp).unwrap();
|
|
reachability_cred.etable
|
|
}
|
|
|
|
// Get encrypted bridge table from BridgeDB and decrypt our entry
|
|
pub async fn get_bucket(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
) -> [BridgeLine; MAX_BRIDGES_PER_BUCKET] {
|
|
let encbuckets = get_reachability_credential(net).await;
|
|
let (id, key) = from_scalar(lox_cred.bucket).unwrap();
|
|
let encbucket = match encbuckets.get(&id) {
|
|
Some(encbucket) => encbucket,
|
|
None => panic!("Provided ID not found"),
|
|
};
|
|
BridgeTable::decrypt_bucket(id, &key, &encbucket).unwrap().0
|
|
}
|
|
|
|
// Get an open invitation
|
|
pub async fn get_open_invitation(net: &dyn Networking) -> [u8; OPENINV_LENGTH] {
|
|
let resp = net.request("/invite".to_string(), [].to_vec()).await;
|
|
let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::<Invite>(&resp).unwrap().invite;
|
|
open_invite
|
|
}
|
|
|
|
// Get a Lox Credential from an open invitation
|
|
pub async fn get_lox_credential(
|
|
net: &dyn Networking,
|
|
open_invite: &[u8; OPENINV_LENGTH],
|
|
lox_pub: &IssuerPubKey,
|
|
) -> (lox_library::cred::Lox, BridgeLine) {
|
|
let (req, state) = open_invite::request(&open_invite);
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/openreq".to_string(), encoded_req).await;
|
|
let decoded_resp: open_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let (cred, bridgeline) = open_invite::handle_response(state, decoded_resp, &lox_pub).unwrap();
|
|
(cred, bridgeline)
|
|
}
|
|
|
|
// Get a migration credential to migrate to higher trust
|
|
pub async fn trust_promotion(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
lox_pub: &IssuerPubKey,
|
|
) -> lox_library::cred::Migration {
|
|
let (req, state) = trust_promotion::request(&lox_cred, &lox_pub, get_today(net).await).unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/trustpromo".to_string(), encoded_req).await;
|
|
let decoded_resp: trust_promotion::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let migration_cred = trust_promotion::handle_response(state, decoded_resp).unwrap();
|
|
migration_cred
|
|
}
|
|
|
|
// Promote from untrusted (trust level 0) to trusted (trust level 1)
|
|
pub async fn trust_migration(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
migration_cred: &lox_library::cred::Migration,
|
|
lox_pub: &IssuerPubKey,
|
|
migration_pub: &IssuerPubKey,
|
|
) -> lox_library::cred::Lox {
|
|
let (req, state) =
|
|
migration::request(lox_cred, migration_cred, lox_pub, migration_pub).unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/trustmig".to_string(), encoded_req).await;
|
|
let decoded_resp: migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let cred = migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
cred
|
|
}
|
|
|
|
// Increase trust from at least level 1 to higher levels
|
|
pub async fn level_up(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
encbuckets: &HashMap<u32, EncryptedBucket>,
|
|
lox_pub: &IssuerPubKey,
|
|
reachability_pub: &IssuerPubKey,
|
|
) -> (lox_library::cred::Lox, [BridgeLine; MAX_BRIDGES_PER_BUCKET]) {
|
|
// Read the bucket in the credential to get today's Bucket
|
|
// Reachability credential
|
|
let (id, key) = from_scalar(lox_cred.bucket).unwrap();
|
|
let bucket = BridgeTable::decrypt_bucket(id, &key, &encbuckets.get(&id).unwrap()).unwrap();
|
|
let reachcred = bucket.1.unwrap();
|
|
|
|
// Use the Bucket Reachability credential to advance to the next
|
|
// level
|
|
let (req, state) = level_up::request(
|
|
lox_cred,
|
|
&reachcred,
|
|
lox_pub,
|
|
reachability_pub,
|
|
get_today(net).await,
|
|
)
|
|
.unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/levelup".to_string(), encoded_req).await;
|
|
let decoded_resp: level_up::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let cred = level_up::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
// Get bucket
|
|
let (id, key) = from_scalar(lox_cred.bucket).unwrap();
|
|
let bucket = BridgeTable::decrypt_bucket(id, &key, &encbuckets.get(&id).unwrap()).unwrap();
|
|
|
|
(cred, bucket.0)
|
|
}
|
|
|
|
// Request an Invitation credential to give to a friend
|
|
pub async fn issue_invite(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
encbuckets: &HashMap<u32, EncryptedBucket>,
|
|
lox_pub: &IssuerPubKey,
|
|
reachability_pub: &IssuerPubKey,
|
|
invitation_pub: &IssuerPubKey,
|
|
) -> (lox_library::cred::Lox, lox_library::cred::Invitation) {
|
|
// Read the bucket in the credential to get today's Bucket
|
|
// Reachability credential
|
|
|
|
let (id, key) = from_scalar(lox_cred.bucket).unwrap();
|
|
let bucket = BridgeTable::decrypt_bucket(id, &key, &encbuckets.get(&id).unwrap()).unwrap();
|
|
let reachcred = bucket.1.unwrap();
|
|
|
|
let (req, state) = issue_invite::request(
|
|
lox_cred,
|
|
&reachcred,
|
|
lox_pub,
|
|
reachability_pub,
|
|
get_today(net).await,
|
|
)
|
|
.unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/issueinvite".to_string(), encoded_req).await;
|
|
let decoded_resp: issue_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let (cred, invite) =
|
|
issue_invite::handle_response(state, decoded_resp, lox_pub, invitation_pub).unwrap();
|
|
(cred, invite)
|
|
}
|
|
|
|
// Redeem an Invitation credential to start at trust level 1
|
|
pub async fn redeem_invite(
|
|
net: &dyn Networking,
|
|
invite: &lox_library::cred::Invitation,
|
|
lox_pub: &IssuerPubKey,
|
|
invitation_pub: &IssuerPubKey,
|
|
) -> (lox_library::cred::Lox, [BridgeLine; MAX_BRIDGES_PER_BUCKET]) {
|
|
let (req, state) =
|
|
redeem_invite::request(invite, invitation_pub, get_today(net).await).unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/redeem".to_string(), encoded_req).await;
|
|
let decoded_resp: redeem_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let cred = redeem_invite::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
|
let bucket = get_bucket(net, &cred).await;
|
|
(cred, bucket)
|
|
}
|
|
|
|
// Check for a migration credential to move to a new bucket
|
|
pub async fn check_blockage(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
lox_pub: &IssuerPubKey,
|
|
) -> lox_library::cred::Migration {
|
|
let (req, state) = check_blockage::request(lox_cred, lox_pub).unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net.request("/checkblockage".to_string(), encoded_req).await;
|
|
let decoded_resp: check_blockage::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let migcred = check_blockage::handle_response(state, decoded_resp).unwrap();
|
|
migcred
|
|
}
|
|
|
|
// Migrate to a new bucket (must be level >= 3)
|
|
pub async fn blockage_migration(
|
|
net: &dyn Networking,
|
|
lox_cred: &lox_library::cred::Lox,
|
|
migcred: &lox_library::cred::Migration,
|
|
lox_pub: &IssuerPubKey,
|
|
migration_pub: &IssuerPubKey,
|
|
) -> lox_library::cred::Lox {
|
|
let (req, state) =
|
|
blockage_migration::request(lox_cred, migcred, lox_pub, migration_pub).unwrap();
|
|
let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
let encoded_resp = net
|
|
.request("/blockagemigration".to_string(), encoded_req)
|
|
.await;
|
|
let decoded_resp: blockage_migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
let cred = blockage_migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
cred
|
|
}
|
|
|
|
// Advance days on server (ONLY FOR TESTING)
|
|
pub async fn advance_days(net: &dyn Networking, days: u16) -> u32 {
|
|
let resp = net
|
|
.request(
|
|
"/advancedays".to_string(),
|
|
serde_json::to_vec(&days).unwrap(),
|
|
)
|
|
.await;
|
|
let today: u32 = serde_json::from_slice(&resp).unwrap();
|
|
today
|
|
}
|