477 lines
18 KiB
Rust
477 lines
18 KiB
Rust
// User behavior in simulation
|
|
|
|
use crate::{
|
|
get_date,
|
|
negative_report::NegativeReport,
|
|
positive_report::PositiveReport,
|
|
simulation::{
|
|
bridge::Bridge,
|
|
censor::{Censor, Hides::*, Speed::*, Totality::*},
|
|
state::State,
|
|
},
|
|
BridgeDistributor,
|
|
};
|
|
use lox_cli::{networking::*, *};
|
|
use lox_library::{
|
|
bridge_table::BridgeLine, cred::Lox, proto::check_blockage::MIN_TRUST_LEVEL, scalar_u32,
|
|
};
|
|
use rand::Rng;
|
|
use std::collections::HashMap;
|
|
use x25519_dalek::PublicKey;
|
|
|
|
// Helper function to probabilistically return true or false
|
|
pub fn event_happens(probability: f64) -> bool {
|
|
let mut rng = rand::thread_rng();
|
|
let num: f64 = rng.gen_range(0.0..1.0);
|
|
num < probability
|
|
}
|
|
|
|
pub struct User {
|
|
// Does this user cooperate with a censor?
|
|
censor: bool,
|
|
|
|
// 2-character country code
|
|
country: String,
|
|
|
|
// The user always has a primary credential. If this credential's bucket is
|
|
// blocked, the user may replace it or temporarily hold two credentials
|
|
// while waiting to migrate from the primary credential.
|
|
primary_cred: Lox,
|
|
secondary_cred: Option<Lox>,
|
|
|
|
// Does the user submit reports to Troll Patrol?
|
|
submits_reports: bool,
|
|
|
|
// How likely is this user to use bridges on a given day?
|
|
prob_use_bridges: f64,
|
|
}
|
|
|
|
impl User {
|
|
pub async fn new(state: &State) -> Self {
|
|
let cred = get_lox_credential(
|
|
&state.la_net,
|
|
&get_open_invitation(&state.la_net).await,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
)
|
|
.await
|
|
.0;
|
|
|
|
// Probabilistically decide whether this user cooperates with a censor
|
|
let censor = event_happens(state.prob_user_is_censor);
|
|
|
|
// Probabilistically decide whether this user submits reports
|
|
let submits_reports = event_happens(state.prob_user_submits_reports);
|
|
|
|
// Probabilistically decide user's country
|
|
let mut rng = rand::thread_rng();
|
|
let mut num: f64 = rng.gen_range(0.0..1.0);
|
|
let cc = {
|
|
let mut cc = String::default();
|
|
for (country, prob) in &state.probs_user_in_country {
|
|
let prob = *prob;
|
|
if prob < num {
|
|
cc = country.to_string();
|
|
break;
|
|
} else {
|
|
num -= prob;
|
|
}
|
|
}
|
|
cc
|
|
};
|
|
|
|
// Randomly determine how likely this user is to use bridges on
|
|
// a given day
|
|
let prob_use_bridges = rng.gen_range(0.0..=1.0);
|
|
|
|
Self {
|
|
censor: censor,
|
|
country: cc,
|
|
primary_cred: cred,
|
|
secondary_cred: None,
|
|
submits_reports: submits_reports,
|
|
prob_use_bridges: prob_use_bridges,
|
|
}
|
|
}
|
|
|
|
// TODO: This should probably return an actual error type
|
|
pub async fn invite(&mut self, state: &State) -> Result<Self, String> {
|
|
let etable = get_reachability_credential(&state.la_net).await;
|
|
let (new_cred, invite) = issue_invite(
|
|
&state.la_net,
|
|
&self.primary_cred,
|
|
&etable,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
get_reachability_pub(&state.la_pubkeys),
|
|
get_invitation_pub(&state.la_pubkeys),
|
|
)
|
|
.await;
|
|
self.primary_cred = new_cred;
|
|
let friend_cred = redeem_invite(
|
|
&state.la_net,
|
|
&invite,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
get_invitation_pub(&state.la_pubkeys),
|
|
)
|
|
.await
|
|
.0;
|
|
|
|
// Probabilistically decide whether this user cooperates with a censor
|
|
// We do not influence this by the inviting friend's status. Anyone
|
|
// might have friends who are untrustworthy, and censors may invite
|
|
// non-censors to maintain an illusion of trustworthiness. Also, a
|
|
// "censor" user may not be knowingly helping a censor.
|
|
let censor = event_happens(state.prob_user_is_censor);
|
|
|
|
// Probabilistically decide whether this user submits reports
|
|
let submits_reports = event_happens(state.prob_user_submits_reports);
|
|
|
|
// Determine user's country
|
|
let cc = if event_happens(state.prob_friend_in_same_country) {
|
|
self.country.to_string()
|
|
} else {
|
|
// Probabilistically decide user's country
|
|
let mut rng = rand::thread_rng();
|
|
let mut num: f64 = rng.gen_range(0.0..1.0);
|
|
let mut cc = String::default();
|
|
for (country, prob) in &state.probs_user_in_country {
|
|
let prob = *prob;
|
|
if prob < num {
|
|
cc = country.to_string();
|
|
break;
|
|
} else {
|
|
num -= prob;
|
|
}
|
|
}
|
|
cc
|
|
};
|
|
|
|
// Randomly determine how likely this user is to use bridges on
|
|
// a given day
|
|
let mut rng = rand::thread_rng();
|
|
let prob_use_bridges = rng.gen_range(0.0..=1.0);
|
|
|
|
Ok(Self {
|
|
censor: censor,
|
|
country: cc,
|
|
primary_cred: friend_cred,
|
|
secondary_cred: None,
|
|
submits_reports: submits_reports,
|
|
prob_use_bridges: prob_use_bridges,
|
|
})
|
|
}
|
|
|
|
// Attempt to "connect" to the bridge, returns true if successful
|
|
pub fn connect(&self, state: &State, bridge: &mut Bridge, censor: &Censor) -> bool {
|
|
if censor.knows_bridge(&bridge.fingerprint) {
|
|
if censor.speed == Fast
|
|
|| censor.speed == Random && censor.delay_date <= get_date()
|
|
|| censor.speed == Lox && censor.has_lox_cred(&bridge.fingerprint)
|
|
{
|
|
if censor.totality == Full
|
|
|| censor.totality == Partial && event_happens(censor.partial_blocking_percent)
|
|
|| censor.totality == Throttling
|
|
{
|
|
// If censor tries to hide its censorship or
|
|
// throttles rather than actually blocking, record a
|
|
// false connection
|
|
if censor.hides == Hiding || censor.totality == Throttling {
|
|
bridge.connect_total(&self.country);
|
|
}
|
|
|
|
// Return false because the connection failed
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Connection may randomly fail, without censor intervention
|
|
if event_happens(state.prob_connection_fails) {
|
|
return false;
|
|
}
|
|
|
|
// If we haven't returned yet, the connection succeeded
|
|
bridge.connect_real(&self.country);
|
|
true
|
|
}
|
|
|
|
pub async fn send_negative_reports(state: &State, reports: Vec<NegativeReport>) {
|
|
let date = get_date();
|
|
let pubkey = serde_json::from_slice::<Option<PublicKey>>(
|
|
&state
|
|
.tp_net
|
|
.request(
|
|
"/nrkey".to_string(),
|
|
serde_json::to_string(&date).unwrap().into(),
|
|
)
|
|
.await,
|
|
)
|
|
.unwrap()
|
|
.unwrap();
|
|
for report in reports {
|
|
state
|
|
.tp_net
|
|
.request(
|
|
"/negativereport".to_string(),
|
|
bincode::serialize(&report.encrypt(&pubkey)).unwrap(),
|
|
)
|
|
.await;
|
|
}
|
|
}
|
|
|
|
pub async fn send_positive_reports(state: &State, reports: Vec<PositiveReport>) {
|
|
for report in reports {
|
|
state
|
|
.tp_net
|
|
.request("/positivereport".to_string(), report.to_json().into_bytes())
|
|
.await;
|
|
}
|
|
}
|
|
|
|
// User performs daily connection attempts, etc. and returns a
|
|
// vector of newly invited friends and a vector of fingerprints of
|
|
// successfully contacted bridges.
|
|
// TODO: The maps of bridges and censors should be Arc<Mutex<>> or
|
|
// something so we can parallelize this.
|
|
pub async fn daily_tasks(
|
|
&mut self,
|
|
state: &State,
|
|
bridges: &mut HashMap<[u8; 20], Bridge>,
|
|
censors: &mut HashMap<String, Censor>,
|
|
) -> (Vec<User>, Vec<[u8; 20]>) {
|
|
// Probabilistically decide if the user should use bridges today
|
|
if event_happens(self.prob_use_bridges) {
|
|
// Download bucket to see if bridge is still reachable. (We
|
|
// assume that this step can be done even if the user can't
|
|
// actually talk to the LA.)
|
|
let (bucket, reachcred) = get_bucket(&state.la_net, &self.primary_cred).await;
|
|
let level = scalar_u32(&self.primary_cred.trust_level).unwrap();
|
|
|
|
// Make sure each bridge in bucket is in the global bridges set
|
|
for bridgeline in bucket {
|
|
if !bridges.contains_key(&bridgeline.fingerprint) {
|
|
let bridge = Bridge::from_bridge_line(&bridgeline);
|
|
bridges.insert(bridgeline.fingerprint, bridge).unwrap();
|
|
}
|
|
// Also, if this user cooperates with censors, make sure
|
|
// each applicable censor knows about their bridges.
|
|
if self.censor {
|
|
if state.sharing {
|
|
for c in censors.values_mut() {
|
|
if !c.knows_bridge(&bridgeline.fingerprint) {
|
|
c.learn_bridge(&bridgeline.fingerprint);
|
|
}
|
|
}
|
|
} else {
|
|
let censor = censors.get_mut(&self.country).unwrap();
|
|
if !censor.knows_bridge(&bridgeline.fingerprint) {
|
|
censor.learn_bridge(&bridgeline.fingerprint);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Can we level up the main credential?
|
|
let can_level_up = reachcred.is_some()
|
|
&& (level == 0
|
|
&& eligible_for_trust_promotion(&state.la_net, &self.primary_cred).await
|
|
|| level > 0 && eligible_for_level_up(&state.la_net, &self.primary_cred).await);
|
|
|
|
// Can we migrate the main credential?
|
|
let can_migrate = reachcred.is_none() && level >= MIN_TRUST_LEVEL;
|
|
|
|
// Can we level up the secondary credential?
|
|
let mut second_level_up = false;
|
|
|
|
let mut failed = Vec::<BridgeLine>::new();
|
|
let mut succeeded = Vec::<BridgeLine>::new();
|
|
for i in 0..bucket.len() {
|
|
// At level 0, we only have 1 bridge
|
|
if level > 0 || i == 0 {
|
|
if self.connect(
|
|
&state,
|
|
bridges.get_mut(&bucket[i].fingerprint).unwrap(),
|
|
&censors.get(&self.country).unwrap(),
|
|
) {
|
|
succeeded.push(bucket[i]);
|
|
} else {
|
|
failed.push(bucket[i]);
|
|
}
|
|
}
|
|
}
|
|
let second_cred = if succeeded.len() < 1 {
|
|
if self.secondary_cred.is_some() {
|
|
std::mem::replace(&mut self.secondary_cred, None)
|
|
} else {
|
|
// Get new credential
|
|
let cred = get_lox_credential(
|
|
&state.la_net,
|
|
&get_open_invitation(&state.la_net).await,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
)
|
|
.await
|
|
.0;
|
|
Some(cred)
|
|
}
|
|
} else {
|
|
// If we're able to connect with the primary credential, don't
|
|
// keep a secondary one.
|
|
None
|
|
};
|
|
if second_cred.is_some() {
|
|
let second_cred = second_cred.as_ref().unwrap();
|
|
let (second_bucket, second_reachcred) =
|
|
get_bucket(&state.la_net, &second_cred).await;
|
|
if !bridges.contains_key(&second_bucket[0].fingerprint) {
|
|
bridges
|
|
.insert(
|
|
second_bucket[0].fingerprint,
|
|
Bridge::from_bridge_line(&second_bucket[0]),
|
|
)
|
|
.unwrap();
|
|
}
|
|
if self.connect(
|
|
&state,
|
|
bridges.get_mut(&second_bucket[0].fingerprint).unwrap(),
|
|
&censors.get(&self.country).unwrap(),
|
|
) {
|
|
succeeded.push(second_bucket[0]);
|
|
if second_reachcred.is_some()
|
|
&& eligible_for_trust_promotion(&state.la_net, &second_cred).await
|
|
{
|
|
second_level_up = true;
|
|
}
|
|
} else {
|
|
failed.push(second_bucket[0]);
|
|
}
|
|
}
|
|
|
|
let mut negative_reports = Vec::<NegativeReport>::new();
|
|
let mut positive_reports = Vec::<PositiveReport>::new();
|
|
if self.submits_reports {
|
|
for bridge in &failed {
|
|
negative_reports.push(NegativeReport::from_bridgeline(
|
|
*bridge,
|
|
self.country.to_string(),
|
|
BridgeDistributor::Lox,
|
|
));
|
|
}
|
|
if level >= 3 {
|
|
for bridge in &succeeded {
|
|
positive_reports.push(
|
|
PositiveReport::from_lox_credential(
|
|
bridge.fingerprint,
|
|
None,
|
|
&self.primary_cred,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
self.country.to_string(),
|
|
)
|
|
.unwrap(),
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
// We might restrict these steps to succeeded.len() > 0, but
|
|
// we do assume the user can contact the LA somehow, so
|
|
// let's just allow it.
|
|
if can_level_up {
|
|
let cred = level_up(
|
|
&state.la_net,
|
|
&self.primary_cred,
|
|
&reachcred.unwrap(),
|
|
get_lox_pub(&state.la_pubkeys),
|
|
get_reachability_pub(&state.la_pubkeys),
|
|
)
|
|
.await;
|
|
self.primary_cred = cred;
|
|
self.secondary_cred = None;
|
|
|
|
if self.censor {
|
|
// Make sure censor has access to each bridge and
|
|
// each credential
|
|
let censor = censors.get_mut(&self.country).unwrap();
|
|
let (bucket, reachcred) = get_bucket(&state.la_net, &self.primary_cred).await;
|
|
for bl in bucket {
|
|
censor.learn_bridge(&bl.fingerprint);
|
|
censor.give_lox_cred(&bl.fingerprint, &self.primary_cred);
|
|
}
|
|
}
|
|
}
|
|
// We favor starting over at level 1 to migrating
|
|
else if second_level_up {
|
|
let second_cred = second_cred.as_ref().unwrap();
|
|
let cred = trust_migration(
|
|
&state.la_net,
|
|
&second_cred,
|
|
&trust_promotion(&state.la_net, &second_cred, get_lox_pub(&state.la_pubkeys))
|
|
.await,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
get_migration_pub(&state.la_pubkeys),
|
|
)
|
|
.await;
|
|
self.primary_cred = cred;
|
|
self.secondary_cred = None;
|
|
} else if can_migrate {
|
|
let cred = blockage_migration(
|
|
&state.la_net,
|
|
&self.primary_cred,
|
|
&check_blockage(
|
|
&state.la_net,
|
|
&self.primary_cred,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
)
|
|
.await,
|
|
get_lox_pub(&state.la_pubkeys),
|
|
get_migration_pub(&state.la_pubkeys),
|
|
)
|
|
.await;
|
|
self.primary_cred = cred;
|
|
self.secondary_cred = None;
|
|
} else if second_cred.is_some() {
|
|
// Couldn't connect with primary credential
|
|
if succeeded.len() > 0 {
|
|
// Keep the second credential only if it's useful
|
|
self.secondary_cred = second_cred;
|
|
}
|
|
}
|
|
|
|
if negative_reports.len() > 0 {
|
|
Self::send_negative_reports(&state, negative_reports).await;
|
|
}
|
|
if positive_reports.len() > 0 {
|
|
Self::send_positive_reports(&state, positive_reports).await;
|
|
}
|
|
|
|
// Invite friends if applicable
|
|
let invitations = scalar_u32(&self.primary_cred.invites_remaining).unwrap();
|
|
let mut new_friends = Vec::<User>::new();
|
|
for _i in 0..invitations {
|
|
if event_happens(state.prob_user_invites_friend) {
|
|
match self.invite(&state).await {
|
|
Ok(friend) => {
|
|
// You really shouldn't push your friends,
|
|
// especially new ones whose boundaries you
|
|
// might not know well.
|
|
new_friends.push(friend);
|
|
}
|
|
Err(e) => {
|
|
println!("{}", e);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// List of fingerprints we contacted. This should not
|
|
// actually be more than one.
|
|
let mut connections = Vec::<[u8; 20]>::new();
|
|
for bridge in succeeded {
|
|
connections.push(bridge.get_hashed_fingerprint());
|
|
}
|
|
|
|
(new_friends, connections)
|
|
} else {
|
|
(Vec::<User>::new(), Vec::<[u8; 20]>::new())
|
|
}
|
|
}
|
|
}
|