vecna
/
troll-patrol
mirror of https://git-crysp.uwaterloo.ca/vvecna/troll-patrol.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move simulation code to its own repo

This commit is contained in:
Vecna 2024-06-18 07:27:13 -04:00
parent 7573c70dda
commit dc7531689c
7 changed files with 1 additions and 1569 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.toml
View File

@ -24,7 +24,6 @@ hyper-rustls = "0.26.0"
hyper-util = { version = "0.1", features = ["full"] } hyper-util = { version = "0.1", features = ["full"] }
julianday = "1.2.0" julianday = "1.2.0"
lazy_static = "1" lazy_static = "1"
lox_cli = { git = "https://git-crysp.uwaterloo.ca/vvecna/lox_cli.git", version = "0.1", optional = true }
lox-library = { git = "https://gitlab.torproject.org/vecna/lox.git", version = "0.1.0" } lox-library = { git = "https://gitlab.torproject.org/vecna/lox.git", version = "0.1.0" }
memory-stats = { version = "1.0.0", optional = true } memory-stats = { version = "1.0.0", optional = true }
nalgebra = "0.29" nalgebra = "0.29"
@ -47,8 +46,4 @@ base64 = "0.21.7"
faketime = "0.2" faketime = "0.2"
[features] [features]
simulation = ["faketime", "lox_cli", "memory-stats"] simulation = ["faketime", "memory-stats"]
[[bin]]
name = "simulation"
required-features = ["simulation"]

513
src/bin/simulation.rs
View File

@ -1,513 +0,0 @@
// Before running this, run:
// 1. rdsys
// 2. lox-distributor
// 3. troll-patrol with the feature "simulation"
use troll_patrol::{
extra_info::ExtraInfo,
get_date, increment_simulated_date, set_simulated_date,
simulation::{
bridge::Bridge,
censor::{self, Censor},
config::Config as SConfig,
extra_infos_server,
user::User,
},
};
use clap::Parser;
use lox_cli::{networking::*, *};
use lox_library::proto::{level_up::LEVEL_INTERVAL, trust_promotion::UNTRUSTED_INTERVAL};
use memory_stats::memory_stats;
use rand::{prelude::SliceRandom, Rng};
use serde::Deserialize;
use std::{
collections::{HashMap, HashSet},
fs::File,
io::BufReader,
path::PathBuf,
time::Duration,
};
use tokio::{spawn, time::sleep};
#[derive(Parser, Debug)]
#[command(author, version, about, long_about = None)]
struct Args {
/// Name/path of the configuration file
#[arg(short, long, default_value = "simulation_config.json")]
config: PathBuf,
}
#[derive(Debug, Deserialize)]
pub struct Config {
pub la_port: u16,
pub la_test_port: u16,
pub tp_port: u16,
pub tp_test_port: u16,
pub censor_secrecy: censor::Secrecy,
pub censor_speed: censor::Speed,
pub censor_event_duration: u32,
pub censor_totality: censor::Totality,
pub censor_partial_blocking_percent: f64,
pub country: String,
pub min_new_users_per_day: u32,
pub max_new_users_per_day: u32,
// How many days to simulate
pub num_days: u32,
// We start with this many level 4 users
pub num_initial_trusted_users: u32,
pub one_positive_report_per_cred: bool,
pub prob_censor_gets_invite: f64,
pub prob_connection_fails: f64,
pub prob_user_invites_friend: f64,
pub prob_user_is_censor: f64,
pub prob_user_submits_reports: f64,
pub prob_user_treats_throttling_as_blocking: f64,
}
#[tokio::main]
pub async fn main() {
let args: Args = Args::parse();
let config: Config = serde_json::from_reader(BufReader::new(
File::open(&args.config).expect("Could not read config file"),
))
.expect("Reading config file from JSON failed");
let la_net = HyperNet {
hostname: format!("http://localhost:{}", config.la_port),
};
let la_net_test = HyperNet {
hostname: format!("http://localhost:{}", config.la_test_port),
};
let tp_net = HyperNet {
hostname: format!("http://localhost:{}", config.tp_port),
};
let tp_net_test = HyperNet {
hostname: format!("http://localhost:{}", config.tp_test_port),
};
let extra_infos_net = HyperNet {
hostname: "http://localhost:8004".to_string(),
};
let la_pubkeys = get_lox_auth_keys(&la_net).await.unwrap();
let sconfig = SConfig {
la_pubkeys,
la_net,
tp_net,
censor_secrecy: config.censor_secrecy,
censor_speed: config.censor_speed,
censor_event_duration: config.censor_event_duration,
censor_totality: config.censor_totality,
censor_partial_blocking_percent: config.censor_partial_blocking_percent,
country: config.country,
one_positive_report_per_cred: config.one_positive_report_per_cred,
prob_censor_gets_invite: config.prob_censor_gets_invite,
prob_connection_fails: config.prob_connection_fails,
prob_user_invites_friend: config.prob_user_invites_friend,
prob_user_is_censor: config.prob_user_is_censor,
prob_user_submits_reports: config.prob_user_submits_reports,
prob_user_treats_throttling_as_blocking: config.prob_user_treats_throttling_as_blocking,
};
let mut rng = rand::thread_rng();
// Set up censor
let mut censor = Censor::new(&sconfig);
// Set up bridges (no bridges yet)
let mut bridges = HashMap::<[u8; 20], Bridge>::new();
// Set up users
let mut users = Vec::<User>::new();
if config.num_initial_trusted_users > 0 {
// Add some number of trusted users initially
for _ in 0..config.num_initial_trusted_users {
let new_user = User::trusted_user(&sconfig).await;
if new_user.is_ok() {
users.push(new_user.unwrap());
}
}
// Level trusted users up to level 4
// Advance LA's time
let result = la_net_test
.request(
"/advancedays".to_string(),
serde_json::to_string(&(UNTRUSTED_INTERVAL as u16))
.unwrap()
.into(),
)
.await;
if result.is_ok() {
result.unwrap();
} else {
eprintln!("Failed to advance time for LA");
}
// Advance simulated time
set_simulated_date(get_date() + UNTRUSTED_INTERVAL);
for user in &mut users {
let migcred = trust_promotion(
&sconfig.la_net,
&user.primary_cred,
get_lox_pub(&sconfig.la_pubkeys),
)
.await;
if migcred.is_ok() {
let new_cred = trust_migration(
&sconfig.la_net,
&user.primary_cred,
&migcred.unwrap(),
get_lox_pub(&sconfig.la_pubkeys),
get_migration_pub(&sconfig.la_pubkeys),
)
.await;
if new_cred.is_ok() {
user.primary_cred = new_cred.unwrap();
}
}
}
for i in 1..LEVEL_INTERVAL.len() - 2 {
// Advance LA's time
let result = la_net_test
.request(
"/advancedays".to_string(),
serde_json::to_string(&(LEVEL_INTERVAL[i] as u16))
.unwrap()
.into(),
)
.await;
if result.is_ok() {
result.unwrap();
} else {
eprintln!("Failed to advance time for LA");
}
// Advance simulated time
set_simulated_date(get_date() + LEVEL_INTERVAL[i]);
for user in &mut users {
let reachcred_res = get_bucket(&sconfig.la_net, &user.primary_cred).await;
if reachcred_res.is_ok() {
let reachcred = reachcred_res.unwrap().1;
if reachcred.is_some() {
let new_cred = level_up(
&sconfig.la_net,
&user.primary_cred,
&reachcred.unwrap(),
get_lox_pub(&sconfig.la_pubkeys),
get_reachability_pub(&sconfig.la_pubkeys),
)
.await;
if new_cred.is_ok() {
user.primary_cred = new_cred.unwrap();
} else {
eprintln!("Failed to level up trusted user's credential at start");
}
} else {
eprintln!("Failed to level up trusted user's credential at start");
}
}
}
}
// Advance LA's time to tomorrow
let result = la_net_test
.request(
"/advancedays".to_string(),
serde_json::to_string(&(1 as u16)).unwrap().into(),
)
.await;
if result.is_ok() {
result.unwrap();
} else {
eprintln!("Failed to advance time for LA");
}
// Advance simulated time to tomorrow
increment_simulated_date();
}
// Set up extra-infos server
spawn(async move {
extra_infos_server::server().await;
});
sleep(Duration::from_millis(1)).await;
let mut false_neg = 0;
let mut false_pos = 0;
let mut true_neg = 0;
let mut true_pos = 0;
// Track memory use during simulation
let mut max_physical_mem = 0;
let mut max_virtual_mem = 0;
// Main loop
for day in 1..=config.num_days {
println!("Starting day {} of the simulation", day);
println!(
" We have {} users and {} bridges",
users.len(),
bridges.len()
);
println!(
" The censor has learned {} bridges",
censor.known_bridges.len()
);
println!(" Accuracy thus far:");
println!(" True Positives: {}", true_pos);
println!(" True Negatives: {}", true_neg);
println!(" False Positives: {}", false_pos);
println!(" False Negatives: {}", false_neg);
if let Some(usage) = memory_stats() {
if usage.physical_mem > max_physical_mem {
max_physical_mem = usage.physical_mem;
}
if usage.virtual_mem > max_virtual_mem {
max_virtual_mem = usage.virtual_mem;
}
} else {
println!("Failed to get the current memory usage");
}
// USER TASKS
// Number of users who want to join today
let mut num_users_requesting_invites: u32 =
rng.gen_range(config.min_new_users_per_day..=config.max_new_users_per_day);
// How many of the new users are censors?
let mut num_new_censor_users = 0;
for _ in 0..num_users_requesting_invites {
let num: f64 = rng.gen_range(0.0..1.0);
if num < config.prob_user_is_censor {
num_new_censor_users += 1;
num_users_requesting_invites -= 1;
}
}
// Determine whether each new censor user can get an invite from
// an existing trusted user or needs to join via open-entry
// invite. Note: We still favor honest users by giving them
// invites *first*. This means if only a small number of invites
// are available, the censor may still not get invited.
let mut num_censor_invitations = 0;
for _ in 0..num_new_censor_users {
let num: f64 = rng.gen_range(0.0..1.0);
if num < config.prob_censor_gets_invite {
num_censor_invitations += 1;
num_new_censor_users -= 1;
}
}
let mut new_users = Vec::<User>::new();
// Shuffle users so they act in a random order
users.shuffle(&mut rng);
// Users do daily actions
for user in &mut users {
let invited_friends = user
.daily_tasks(
&sconfig,
num_users_requesting_invites,
num_censor_invitations,
&mut bridges,
&mut censor,
)
.await;
if invited_friends.is_ok() {
let mut invited_friends = invited_friends.unwrap();
if invited_friends.len() > 0 {
if !user.is_censor {
// Censors always invite as many censor friends
// as possible. Honest users may invite honest
// friends, or they may accidentally invite
// censor friends.
for inv_friend in &invited_friends {
if inv_friend.is_censor {
num_censor_invitations -= 1;
} else {
num_users_requesting_invites -= 1;
}
}
}
// If this user invited any friends, add them to the
// list of users
new_users.append(&mut invited_friends);
}
}
}
// Add new users
users.append(&mut new_users);
// If any users couldn't get invites, they join with open-entry
// invitations
for _ in 0..num_users_requesting_invites {
let user = User::new(&sconfig, false).await;
if user.is_ok() {
users.push(user.unwrap());
} else {
eprintln!("Failed to create new user.");
}
}
// If any censor users couldn't get invites, they also join with
// open-entry invitations
for _ in 0..(num_new_censor_users + num_censor_invitations) {
let user = User::new(&sconfig, true).await;
if user.is_ok() {
users.push(user.unwrap());
} else {
eprintln!("Failed to create new censor user.");
}
}
// CENSOR TASKS
censor.end_of_day_tasks(&sconfig, &mut bridges).await;
// BRIDGE TASKS
let mut new_extra_infos = HashSet::<ExtraInfo>::new();
for (_, bridge) in bridges.iter_mut() {
// Bridge reports its connections for the day
new_extra_infos.insert(bridge.gen_extra_info(&sconfig.country));
// Bridge resets for tomorrow
bridge.reset_for_tomorrow();
}
// Publish all the bridges' extra-infos for today
let result = extra_infos_net
.request(
"/add".to_string(),
serde_json::to_string(&new_extra_infos).unwrap().into(),
)
.await;
if result.is_ok() {
result.unwrap();
} else {
eprintln!("Failed to publish new extra-infos");
}
// TROLL PATROL TASKS
let new_blockages_resp = tp_net_test.request("/update".to_string(), vec![]).await;
let new_blockages = match new_blockages_resp {
Ok(resp) => match serde_json::from_slice(&resp) {
Ok(new_blockages) => new_blockages,
Err(e) => {
eprintln!("Failed to deserialize new blockages, error: {}", e);
HashMap::<String, HashSet<String>>::new()
}
},
Err(e) => {
eprintln!(
"Failed to get new blockages from Troll Patrol, error: {}",
e
);
HashMap::<String, HashSet<String>>::new()
}
};
// Since we have only one censor, just convert to a set of bridges
let mut blocked_bridges = HashSet::<[u8; 20]>::new();
for (bridge, ccs) in new_blockages {
let fingerprint = array_bytes::hex2array(bridge).unwrap();
if ccs.contains(&sconfig.country) {
blocked_bridges.insert(fingerprint);
}
}
for (fingerprint, bridge) in &mut bridges {
let detected_blocked = blocked_bridges.contains(fingerprint);
// If this is the first day Troll Patrol has determined this
// bridge is blocked, note that for stats
if detected_blocked && bridge.first_detected_blocked == 0 {
bridge.first_detected_blocked = get_date();
}
// Check if censor actually blocks this bridge
let really_blocked = censor.blocks_bridge(&sconfig, fingerprint);
if really_blocked && bridge.first_blocked == 0 {
bridge.first_blocked = get_date();
}
if detected_blocked && really_blocked {
true_pos += 1;
} else if detected_blocked {
false_pos += 1;
} else if really_blocked {
false_neg += 1;
} else {
true_neg += 1;
}
}
// LOX AUTHORITY TASKS
// Advance LA's time to tomorrow
let result = la_net_test
.request(
"/advancedays".to_string(),
serde_json::to_string(&(1 as u16)).unwrap().into(),
)
.await;
if result.is_ok() {
result.unwrap();
} else {
eprintln!("Failed to advance time for LA");
}
// SIMULATION TASKS
// Advance simulated time to tomorrow
increment_simulated_date();
}
// Print various information about the simulation run
println!(
"\nSimulation ended with {} users and {} bridges",
users.len(),
bridges.len()
);
println!("The censor learned {} bridges", censor.known_bridges.len());
println!(
"\nMaximum physical memory usage during simulation: {}",
max_physical_mem
);
println!(
"Maximum virtual memory usage during simulation: {}\n",
max_virtual_mem
);
println!("True Positives: {}", true_pos);
println!("True Negatives: {}", true_neg);
println!("False Positives: {}", false_pos);
println!("False Negatives: {}", false_neg);
println!("\nFull stats per bridge:");
println!(
"Fingerprint,first_distributed,first_blocked,first_detected_blocked,first_positive_report"
);
for (fingerprint, bridge) in bridges {
println!(
"{},{},{},{},{}",
array_bytes::bytes2hex("", fingerprint),
bridge.first_distributed,
bridge.first_blocked,
bridge.first_detected_blocked,
bridge.first_positive_report
);
}
}

9
src/lib.rs
View File

@ -27,15 +27,6 @@ pub mod negative_report;
pub mod positive_report; pub mod positive_report;
pub mod request_handler; pub mod request_handler;
#[cfg(feature = "simulation")]
pub mod simulation {
pub mod bridge;
pub mod censor;
pub mod config;
pub mod extra_infos_server;
pub mod user;
}
#[cfg(test)] #[cfg(test)]
pub mod simulation { pub mod simulation {
pub mod extra_infos_server; pub mod extra_infos_server;

84
src/simulation/bridge.rs
View File

@ -1,84 +0,0 @@
use crate::{extra_info::ExtraInfo, get_date};
use lox_library::bridge_table::BridgeLine;
use std::collections::BTreeMap;
// The Bridge struct only tracks data for today
pub struct Bridge {
pub fingerprint: [u8; 20],
// The following four values are Julian dates used to track
// accuracy of the Troll Patrol system. A value of 0 is used to
// indicate this event *has not happened yet*. Note that 0 is not a
// date we will ever encounter.
// Date the bridge was first distributed to a user, i.e., the date
// we created this Bridge object
pub first_distributed: u32,
// First date a censor blocked this bridge
pub first_blocked: u32,
// First date Troll Patrol detected that this bridge was blocked
// (whether or not it was correct)
pub first_detected_blocked: u32,
// First date Troll Patrol received a positive report for this
// bridge (for identifying stage three)
pub first_positive_report: u32,
pub real_connections: u32,
pub total_connections: u32,
}
impl Bridge {
pub fn new(fingerprint: &[u8; 20]) -> Self {
Self {
fingerprint: *fingerprint,
first_distributed: get_date(),
first_blocked: 0,
first_detected_blocked: 0,
first_positive_report: 0,
real_connections: 0,
total_connections: 0,
}
}
pub fn from_bridge_line(bridgeline: &BridgeLine) -> Self {
Self::new(&bridgeline.get_hashed_fingerprint())
}
pub fn connect_real(&mut self) {
self.real_connections += 1;
self.total_connections += 1;
}
pub fn connect_total(&mut self) {
self.total_connections += 1;
}
// Let the censor simulate a bunch of connections at once
pub fn censor_flood(&mut self, num_connections: u32) {
self.total_connections += num_connections;
}
// Generate an extra-info report for today
pub fn gen_extra_info(&self, country: &str) -> ExtraInfo {
let mut bridge_ips = BTreeMap::<String, u32>::new();
// Round up to a multiple of 8
let rounded_connection_count =
self.total_connections + 7 - (self.total_connections + 7) % 8;
//let rounded_connection_count = (self.total_connections + 7) / 8 * 8;
bridge_ips.insert(country.to_string(), rounded_connection_count);
ExtraInfo {
nickname: String::from("simulation-bridge"),
fingerprint: self.fingerprint,
date: get_date(),
bridge_ips,
}
}
pub fn reset_for_tomorrow(&mut self) {
self.real_connections = 0;
self.total_connections = 0;
}
}

251
src/simulation/censor.rs
View File

@ -1,251 +0,0 @@
use crate::{
get_date,
simulation::{bridge::Bridge, config::Config},
PositiveReport,
};
use lox_cli::{get_lox_pub, networking::Networking};
use lox_library::{cred::Lox, scalar_u32};
use rand::Rng;
use serde::Deserialize;
use std::{
cmp::min,
collections::{HashMap, HashSet},
};
pub struct Censor {
pub known_bridges: HashSet<[u8; 20]>,
// We don't actually implement the technical restriction to prevent
// one Lox credential from being used to submit many reports, so we
// just implement this as a map of bridge fingerprint to (most
// recent Lox credential for this bridge, count of unique level 3+
// credentials we have for this bridge).
pub lox_credentials: HashMap<[u8; 20], (Lox, u32)>,
// If censor implements random blocking, this is the date when it
// will start blocking all the bridges it knows.
pub delay_date: u32,
// If censor implements partial blocking, what percent of
// connections are blocked?
pub partial_blocking_percent: f64,
}
impl Censor {
pub fn new(config: &Config) -> Self {
let mut rng = rand::thread_rng();
let delay_date = if config.censor_speed == Speed::Random {
let num: u32 = rng.gen_range(1..365);
get_date() + num
} else {
0
};
let partial_blocking_percent = if config.censor_totality == Totality::Partial {
config.censor_partial_blocking_percent
} else {
1.0
};
Censor {
known_bridges: HashSet::<[u8; 20]>::new(),
lox_credentials: HashMap::<[u8; 20], (Lox, u32)>::new(),
delay_date: delay_date,
partial_blocking_percent: partial_blocking_percent,
}
}
pub fn knows_bridge(&self, fingerprint: &[u8; 20]) -> bool {
self.known_bridges.contains(fingerprint)
}
pub fn blocks_bridge(&self, config: &Config, fingerprint: &[u8; 20]) -> bool {
self.knows_bridge(fingerprint)
&& (config.censor_speed == Speed::Fast
|| config.censor_speed == Speed::Lox && self.has_lox_cred(fingerprint)
|| config.censor_speed == Speed::Random && self.delay_date <= get_date())
}
pub fn learn_bridge(&mut self, fingerprint: &[u8; 20]) {
self.known_bridges.insert(*fingerprint);
}
pub fn has_lox_cred(&self, fingerprint: &[u8; 20]) -> bool {
self.lox_credentials.contains_key(fingerprint)
&& self.lox_credentials.get(fingerprint).unwrap().1 > 0
}
pub fn give_lox_cred(&mut self, fingerprint: &[u8; 20], cred: &Lox) {
// We only need one level 3+ credential per bridge. (This will
// change if we restrict positive reports to one per bridge per
// credential.)
if scalar_u32(&cred.trust_level).unwrap() >= 3 {
// We want to clone the credential, but that's not allowed,
// so we're going to serialize it and then deserialize it.
let cloned_cred = bincode::deserialize(&bincode::serialize(&cred).unwrap()).unwrap();
// Insert the new credential and add to the count of unique
// credentials we have. We assume that a duplicate
// credential will never be given. If we don't want to make
// this assumption, we could change the count from a u32 to
// a set of credential IDs and get the count as its length.
let count = match self.lox_credentials.get(fingerprint) {
Some((_cred, count)) => *count,
None => 0,
};
self.lox_credentials
.insert(*fingerprint, (cloned_cred, count + 1));
}
}
// Censor sends a positive report for the given bridge. Returns true
// if successful, false otherwise.
pub async fn send_positive_report(&self, config: &Config, fingerprint: &[u8; 20]) -> bool {
// If we don't have an appropriate Lox credential, we can't send
// a report. Return false.
if !self.has_lox_cred(fingerprint) {
return false;
}
let (cred, _) = &self.lox_credentials.get(fingerprint).unwrap();
let pr = PositiveReport::from_lox_credential(
*fingerprint,
None,
cred,
get_lox_pub(&config.la_pubkeys),
config.country.clone(),
)
.unwrap();
if config
.tp_net
.request("/positivereport".to_string(), pr.to_json().into_bytes())
.await
.is_err()
{
// failed to send positive report
return false;
}
true
}
// Make a bunch of connections and submit positive reports if possible
async fn flood(&self, config: &Config, bridges: &mut HashMap<[u8; 20], Bridge>) {
// Only do this if Flooding censor
if config.censor_secrecy == Secrecy::Flooding {
for fingerprint in &self.known_bridges {
// Only do this if we're blocking the bridge
if config.censor_speed == Speed::Fast
|| config.censor_speed == Speed::Lox && self.has_lox_cred(fingerprint)
|| config.censor_speed == Speed::Random && self.delay_date <= get_date()
{
let bridge = bridges.get_mut(fingerprint).unwrap();
// A large number
let num_connections = 30000;
// Make a bunch of connections to the bridge
bridge.censor_flood(num_connections);
// If we have a lv3+ credential, submit a bunch of
// positive reports
if self.has_lox_cred(fingerprint) {
let (_cred, cred_count) =
&self.lox_credentials.get(&bridge.fingerprint).unwrap();
let num_prs = if config.one_positive_report_per_cred {
*cred_count
} else {
30000
};
for _ in 0..num_prs {
self.send_positive_report(config, &bridge.fingerprint).await;
}
}
}
}
}
}
// Send one positive report per connection we blocked
async fn send_positive_reports(
&self,
config: &Config,
bridges: &mut HashMap<[u8; 20], Bridge>,
) {
// Only do this if Hiding censor. Flooding censors should use
// flood() instead.
if config.censor_secrecy == Secrecy::Hiding {
for fingerprint in &self.known_bridges {
// Only do this if we're blocking the bridge
if self.blocks_bridge(config, fingerprint) && self.has_lox_cred(fingerprint) {
let bridge = bridges.get_mut(fingerprint).unwrap();
// We may be restricted to one positive report per
// credential
let num_reports_to_send = if config.one_positive_report_per_cred {
min(
bridge.total_connections - bridge.real_connections,
self.lox_credentials.get(fingerprint).unwrap().1,
)
} else {
bridge.total_connections - bridge.real_connections
};
for _ in 0..num_reports_to_send {
self.send_positive_report(config, fingerprint).await;
}
}
}
}
}
fn recompute_delay(&mut self, config: &Config) {
// Only do this if Random censor
if config.censor_speed == Speed::Random
&& self.delay_date + config.censor_event_duration <= get_date()
{
// Compute new delay date
self.delay_date = {
let mut rng = rand::thread_rng();
let num: u32 = rng.gen_range(1..365);
get_date() + num
}
}
}
pub async fn end_of_day_tasks(
&mut self,
config: &Config,
bridges: &mut HashMap<[u8; 20], Bridge>,
) {
if config.censor_secrecy == Secrecy::Flooding
&& !(config.censor_speed == Speed::Random && self.delay_date <= get_date())
{
self.flood(config, bridges).await;
} else if config.censor_secrecy == Secrecy::Hiding
&& !(config.censor_speed == Speed::Random && self.delay_date <= get_date())
{
self.send_positive_reports(config, bridges).await;
}
self.recompute_delay(config);
}
}
#[derive(Clone, Copy, Debug, Deserialize, PartialEq)]
pub enum Speed {
Fast,
Lox,
Random,
}
#[derive(Clone, Copy, Debug, Deserialize, PartialEq)]
pub enum Secrecy {
Overt,
Hiding,
Flooding,
}
#[derive(Clone, Copy, Debug, Deserialize, PartialEq)]
pub enum Totality {
Full,
Partial,
Throttling,
}

30
src/simulation/config.rs
View File

@ -1,30 +0,0 @@
use crate::simulation::censor;
use lox_cli::networking::*;
use lox_library::IssuerPubKey;
pub struct Config {
pub la_pubkeys: Vec<IssuerPubKey>,
pub la_net: HyperNet,
pub tp_net: HyperNet,
// Define censor behavior
pub censor_secrecy: censor::Secrecy,
pub censor_speed: censor::Speed,
pub censor_event_duration: u32,
pub censor_totality: censor::Totality,
pub censor_partial_blocking_percent: f64,
// We model only one country at a time because Lox assumes censors
// share information with each other.
pub country: String,
pub one_positive_report_per_cred: bool,
// Probability that a censor-cooperating user can convince an honest
// user to give them an invite.
pub prob_censor_gets_invite: f64,
// Probability that a connection randomly fails, even though censor
// does not block the bridge
pub prob_connection_fails: f64,
pub prob_user_invites_friend: f64,
pub prob_user_is_censor: f64,
pub prob_user_submits_reports: f64,
pub prob_user_treats_throttling_as_blocking: f64,
}

676
src/simulation/user.rs
View File

@ -1,676 +0,0 @@
// User behavior in simulation
use crate::{
get_date,
negative_report::NegativeReport,
positive_report::PositiveReport,
simulation::{
bridge::Bridge,
censor::{Censor, Secrecy::*, Totality::*},
config::Config,
},
BridgeDistributor,
};
use anyhow::{anyhow, Result};
use lox_cli::{networking::*, *};
use lox_library::{
bridge_table::BridgeLine, cred::Lox, proto::check_blockage::MIN_TRUST_LEVEL, scalar_u32,
};
use rand::Rng;
use std::{cmp::min, collections::HashMap};
use x25519_dalek::PublicKey;
// Helper function to probabilistically return true or false
pub fn event_happens(probability: f64) -> bool {
let mut rng = rand::thread_rng();
let num: f64 = rng.gen_range(0.0..1.0);
num < probability
}
pub struct User {
// Does this user cooperate with a censor?
pub is_censor: bool,
// The user always has a primary credential. If this credential's bucket is
// blocked, the user may replace it or temporarily hold two credentials
// while waiting to migrate from the primary credential.
pub primary_cred: Lox,
secondary_cred: Option<Lox>,
// Does the user submit reports to Troll Patrol?
submits_reports: bool,
// How likely is this user to use bridges on a given day?
prob_use_bridges: f64,
}
impl User {
pub async fn new(config: &Config, is_censor: bool) -> Result<Self> {
let cred = get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await?
.0;
// Probabilistically decide whether this user submits reports
let submits_reports = if is_censor {
false
} else {
event_happens(config.prob_user_submits_reports)
};
// Randomly determine how likely this user is to use bridges on
// a given day
let mut rng = rand::thread_rng();
let prob_use_bridges = rng.gen_range(0.0..=1.0);
Ok(Self {
is_censor,
primary_cred: cred,
secondary_cred: None,
submits_reports: submits_reports,
prob_use_bridges: prob_use_bridges,
})
}
pub async fn trusted_user(config: &Config) -> Result<Self> {
let cred = get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await?
.0;
Ok(Self {
is_censor: false,
primary_cred: cred,
secondary_cred: None,
submits_reports: true,
prob_use_bridges: 1.0,
})
}
// TODO: This should probably return an actual error type
pub async fn invite(
&mut self,
config: &Config,
censor: &mut Censor,
invited_user_is_censor: bool,
) -> Result<Self> {
let etable = get_reachability_credential(&config.la_net).await?;
let (new_cred, invite) = issue_invite(
&config.la_net,
&self.primary_cred,
&etable,
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
get_invitation_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = new_cred;
if self.is_censor {
// Make sure censor has access to each bridge and each
// credential
let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
for bl in bucket {
let fingerprint = bl.get_hashed_fingerprint();
censor.learn_bridge(&fingerprint);
censor.give_lox_cred(&fingerprint, &self.primary_cred);
}
}
let friend_cred = redeem_invite(
&config.la_net,
&invite,
get_lox_pub(&config.la_pubkeys),
get_invitation_pub(&config.la_pubkeys),
)
.await?
.0;
// Calling function decides if the invited user is a censor
let is_censor = invited_user_is_censor;
// Probabilistically decide whether this user submits reports
let submits_reports = if is_censor {
false
} else {
event_happens(config.prob_user_submits_reports)
};
// Randomly determine how likely this user is to use bridges on
// a given day
let mut rng = rand::thread_rng();
let prob_use_bridges = rng.gen_range(0.0..=1.0);
Ok(Self {
is_censor,
primary_cred: friend_cred,
secondary_cred: None,
submits_reports: submits_reports,
prob_use_bridges: prob_use_bridges,
})
}
// Attempt to "connect" to the bridge, returns true if successful.
// Note that this does not involve making a real connection to a
// real bridge. The function is async because the *censor* might
// submit a positive report during this function.
pub fn connect(&self, config: &Config, bridge: &mut Bridge, censor: &Censor) -> bool {
if censor.blocks_bridge(config, &bridge.fingerprint) {
if config.censor_totality == Full
|| config.censor_totality == Partial
&& event_happens(censor.partial_blocking_percent)
{
// If censor tries to hide its censorship, record a
// false connection
if config.censor_secrecy == Hiding {
bridge.connect_total();
}
// Return false because the connection failed
return false;
} else if config.censor_totality == Throttling {
// With some probability, the user connects but gives up
// because there is too much interference. In this case,
// a real connection occurs, but we treat it like a
// false connection from the censor.
if event_happens(config.prob_user_treats_throttling_as_blocking) {
bridge.connect_total();
// Return false because there was interference
// detected in the connection
return false;
}
}
}
// Connection may randomly fail, without censor intervention
if event_happens(config.prob_connection_fails) {
return false;
}
// If we haven't returned yet, the connection succeeded
bridge.connect_real();
true
}
pub async fn get_new_credential(config: &Config) -> Result<(Lox, BridgeLine)> {
get_lox_credential(
&config.la_net,
&get_open_invitation(&config.la_net).await?,
get_lox_pub(&config.la_pubkeys),
)
.await
}
pub async fn send_negative_reports(
config: &Config,
reports: Vec<NegativeReport>,
) -> Result<()> {
let date = get_date();
let pubkey = match serde_json::from_slice::<Option<PublicKey>>(
&config
.tp_net
.request("/nrkey".to_string(), serde_json::to_string(&date)?.into())
.await?,
)? {
Some(v) => v,
None => return Err(anyhow!("No available negative report encryption key")),
};
for report in reports {
config
.tp_net
.request(
"/negativereport".to_string(),
bincode::serialize(&report.encrypt(&pubkey))?,
)
.await?;
}
Ok(())
}
pub async fn send_positive_reports(
config: &Config,
reports: Vec<PositiveReport>,
) -> Result<()> {
for report in reports {
config
.tp_net
.request("/positivereport".to_string(), report.to_json().into_bytes())
.await?;
}
Ok(())
}
pub async fn daily_tasks(
&mut self,
config: &Config,
num_users_requesting_invites: u32,
num_censor_invites: u32,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
if self.is_censor {
self.daily_tasks_censor(config, bridges, censor).await
} else {
self.daily_tasks_non_censor(
config,
num_users_requesting_invites,
num_censor_invites,
bridges,
censor,
)
.await
}
}
// User performs daily connection attempts, etc. and returns a
// vector of newly invited friends.
// TODO: The map of bridges and the censor should be Arc<Mutex<>>
// or something so we can parallelize this.
pub async fn daily_tasks_non_censor(
&mut self,
config: &Config,
num_users_requesting_invites: u32,
num_censor_invites: u32,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
// Probabilistically decide if the user should use bridges today
if event_happens(self.prob_use_bridges) {
// Download bucket to see if bridge is still reachable. (We
// assume that this step can be done even if the user can't
// actually talk to the LA.)
let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
let level = match scalar_u32(&self.primary_cred.trust_level) {
Some(v) => v,
None => return Err(anyhow!("Failed to get trust level from credential")),
};
// Make sure each bridge in bucket is in the global bridges set
for bridgeline in bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
let bridge = Bridge::from_bridge_line(&bridgeline);
bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
}
}
}
// Can we level up the main credential?
let can_level_up = reachcred.is_some()
&& (level == 0
&& eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
|| level > 0
&& eligible_for_level_up(&config.la_net, &self.primary_cred).await);
// Can we migrate the main credential?
let can_migrate = reachcred.is_none() && level >= MIN_TRUST_LEVEL;
// Can we level up the secondary credential?
let mut second_level_up = false;
let mut failed = Vec::<BridgeLine>::new();
let mut succeeded = Vec::<BridgeLine>::new();
// Try to connect to each bridge
for i in 0..bucket.len() {
// At level 0, we only have 1 bridge
if bucket[i] != BridgeLine::default() {
if self.connect(
&config,
bridges
.get_mut(&bucket[i].get_hashed_fingerprint())
.unwrap(),
&censor,
) {
succeeded.push(bucket[i]);
} else {
failed.push(bucket[i]);
}
}
}
// If we were not able to connect to any bridges, get a
// second credential
let second_cred = if succeeded.len() < 1 {
if self.secondary_cred.is_some() {
std::mem::replace(&mut self.secondary_cred, None)
} else {
// Get new credential
match Self::get_new_credential(&config).await {
Ok((cred, _bl)) => Some(cred),
Err(e) => {
eprintln!("Failed to get new Lox credential. Error: {}", e);
None
}
}
}
} else {
// If we're able to connect with the primary credential, don't
// keep a secondary one.
None
};
if second_cred.is_some() {
let second_cred = second_cred.as_ref().unwrap();
let (second_bucket, second_reachcred) =
get_bucket(&config.la_net, &second_cred).await?;
for bridgeline in second_bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
bridges.insert(
bridgeline.get_hashed_fingerprint(),
Bridge::from_bridge_line(&bridgeline),
);
}
// Attempt to connect to second cred's bridge
if self.connect(
&config,
bridges
.get_mut(&bridgeline.get_hashed_fingerprint())
.unwrap(),
censor,
) {
succeeded.push(bridgeline);
if second_reachcred.is_some()
&& eligible_for_trust_promotion(&config.la_net, &second_cred).await
{
second_level_up = true;
}
} else {
failed.push(bridgeline);
}
}
}
}
let mut negative_reports = Vec::<NegativeReport>::new();
let mut positive_reports = Vec::<PositiveReport>::new();
if self.submits_reports {
for bridgeline in &failed {
negative_reports.push(NegativeReport::from_bridgeline(
*bridgeline,
config.country.to_string(),
BridgeDistributor::Lox,
));
}
if level >= 3 {
for bridgeline in &succeeded {
// If we haven't received a positive report yet,
// add a record about it with today's date
let bridge = bridges
.get_mut(&bridgeline.get_hashed_fingerprint())
.unwrap();
if bridge.first_positive_report == 0 {
bridge.first_positive_report = get_date();
}
positive_reports.push(
PositiveReport::from_lox_credential(
bridgeline.get_hashed_fingerprint(),
None,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
config.country.to_string(),
)
.unwrap(),
);
}
}
}
// We might restrict these steps to succeeded.len() > 0, but
// we do assume the user can contact the LA somehow, so
// let's just allow it.
if can_level_up {
let cred = if level == 0 {
trust_migration(
&config.la_net,
&self.primary_cred,
&trust_promotion(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?
} else {
level_up(
&config.la_net,
&self.primary_cred,
&reachcred.unwrap(),
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
)
.await?
};
self.primary_cred = cred;
self.secondary_cred = None;
}
// We favor starting over at level 1 to migrating to level
// 1, but if we have a level 4 credential for a bridge that
// hasn't been marked blocked, save the credential so we can
// migrate to a level 2 cred. Note that second_level_up is
// only true if we were unable to connect with bridges from
// our primary credential.
else if second_level_up && (level <= MIN_TRUST_LEVEL || reachcred.is_none()) {
let second_cred = second_cred.as_ref().unwrap();
let cred = trust_migration(
&config.la_net,
&second_cred,
&trust_promotion(
&config.la_net,
&second_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = cred;
self.secondary_cred = None;
} else if can_migrate {
let cred = blockage_migration(
&config.la_net,
&self.primary_cred,
&check_blockage(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?;
self.primary_cred = cred;
self.secondary_cred = None;
} else if second_cred.is_some() {
// Couldn't connect with primary credential
if succeeded.len() > 0 {
// Keep the second credential only if it's useful
self.secondary_cred = second_cred;
}
}
if negative_reports.len() > 0 {
Self::send_negative_reports(&config, negative_reports).await?;
}
if positive_reports.len() > 0 {
Self::send_positive_reports(&config, positive_reports).await?;
}
// Invite friends if applicable
let invitations = match scalar_u32(&self.primary_cred.invites_remaining) {
Some(v) => v,
None => 0, // This is probably an error case that should not happen
};
let mut new_friends = Vec::<User>::new();
for _i in 0..min(invitations, num_users_requesting_invites) {
if event_happens(config.prob_user_invites_friend) {
// Invite non-censor friend
match self.invite(&config, censor, false).await {
Ok(friend) => {
// You really shouldn't push your friends,
// especially new ones whose boundaries you
// might not know well.
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
}
// Invite censor users if applicable
let invitations = invitations - new_friends.len() as u32;
for _i in 0..min(invitations, num_censor_invites) {
if event_happens(config.prob_user_invites_friend) {
// Invite non-censor friend
match self.invite(&config, censor, true).await {
Ok(friend) => {
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
}
Ok(new_friends)
} else {
Ok(Vec::<User>::new())
}
}
// User cooperates with censor and performs daily tasks to try to
// learn more bridges.
pub async fn daily_tasks_censor(
&mut self,
config: &Config,
bridges: &mut HashMap<[u8; 20], Bridge>,
censor: &mut Censor,
) -> Result<Vec<User>> {
// Download bucket to see if bridge is still reachable and if we
// have any new bridges
let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
let level = scalar_u32(&self.primary_cred.trust_level).unwrap();
// Make sure each bridge is in global bridges set and known by
// censor
for bridgeline in bucket {
if bridgeline != BridgeLine::default() {
if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
let bridge = Bridge::from_bridge_line(&bridgeline);
bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
}
censor.learn_bridge(&bridgeline.get_hashed_fingerprint());
}
}
// Censor user tries to level up their primary credential
if reachcred.is_some() {
if level == 0 && eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
|| level > 0 && eligible_for_level_up(&config.la_net, &self.primary_cred).await
{
let new_cred = if level == 0 {
trust_migration(
&config.la_net,
&self.primary_cred,
&trust_promotion(
&config.la_net,
&self.primary_cred,
get_lox_pub(&config.la_pubkeys),
)
.await?,
get_lox_pub(&config.la_pubkeys),
get_migration_pub(&config.la_pubkeys),
)
.await?
} else {
level_up(
&config.la_net,
&self.primary_cred,
&reachcred.unwrap(),
get_lox_pub(&config.la_pubkeys),
get_reachability_pub(&config.la_pubkeys),
)
.await?
};
self.primary_cred = new_cred;
let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
// Make sure each bridge is in global bridges set and
// known by censor
for bl in bucket {
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
censor.give_lox_cred(&fingerprint, &self.primary_cred);
}
}
} else {
// LA has identified this bucket as blocked. This change
// will not be reverted, so replace the primary credential
// with a new level 0 credential and work on gaining trust
// for that one.
let res = Self::get_new_credential(&config).await;
if res.is_ok() {
let (new_cred, bl) = res.unwrap();
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
// Censor doesn't want new_cred yet
self.primary_cred = new_cred;
} else {
eprintln!("Censor failed to get new credential");
}
}
// Separately from primary credential, censor user requests a
// new secondary credential each day just to block the
// open-entry bridges. This is stored but not reused.
let res = Self::get_new_credential(&config).await;
if res.is_ok() {
let (_new_cred, bl) = res.unwrap();
let fingerprint = bl.get_hashed_fingerprint();
if !bridges.contains_key(&fingerprint) {
let bridge = Bridge::from_bridge_line(&bl);
bridges.insert(fingerprint, bridge);
}
censor.learn_bridge(&fingerprint);
// Censor doesn't want new_cred. User doesn't actually use
// secondary_cred, so don't store it.
} else {
eprintln!("Censor failed to get new credential");
}
// Censor user invites as many censor friends as possible
let invitations = scalar_u32(&self.primary_cred.invites_remaining).unwrap();
let mut new_friends = Vec::<User>::new();
for _ in 0..invitations {
match self.invite(&config, censor, true).await {
Ok(friend) => {
new_friends.push(friend);
}
Err(e) => {
println!("{}", e);
}
}
}
Ok(new_friends)
}
}