|
@@ -1,10 +1,12 @@
|
|
|
-mod hyper_client_net;
|
|
|
-use hyper_client_net::net_request;
|
|
|
+mod client_net;
|
|
|
+use client_net::net_request;
|
|
|
|
|
|
+use lox::bridge_table::BridgeLine;
|
|
|
+use lox::bridge_table::ENC_BUCKET_BYTES;
|
|
|
+use lox::proto::*;
|
|
|
use lox::IssuerPubKey;
|
|
|
use lox::OPENINV_LENGTH;
|
|
|
-use lox::proto::*;
|
|
|
-use serde::{Serialize, Deserialize};
|
|
|
+use serde::{Deserialize, Serialize};
|
|
|
use serde_with::serde_as;
|
|
|
use std::time::Duration;
|
|
|
|
|
@@ -16,6 +18,12 @@ pub struct Invite {
|
|
|
#[serde_as(as = "[_; OPENINV_LENGTH]")]
|
|
|
invite: [u8; OPENINV_LENGTH],
|
|
|
}
|
|
|
+#[serde_as]
|
|
|
+#[derive(Serialize, Deserialize)]
|
|
|
+pub struct EncBridgeTable {
|
|
|
+ #[serde_as(as = "Vec<[_; ENC_BUCKET_BYTES]>")]
|
|
|
+ etable: Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
+}
|
|
|
|
|
|
/// Get today's (real or simulated) date
|
|
|
///
|
|
@@ -29,37 +37,204 @@ fn today(time_offset: Duration) -> u32 {
|
|
|
.unwrap()
|
|
|
}
|
|
|
|
|
|
+// Helper functions to get public keys from vector
|
|
|
+pub fn get_lox_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
+ &lox_auth_pubkeys[0]
|
|
|
+}
|
|
|
+
|
|
|
+pub fn get_migration_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
+ &lox_auth_pubkeys[1]
|
|
|
+}
|
|
|
+
|
|
|
+pub fn get_migrationkey_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
+ &lox_auth_pubkeys[2]
|
|
|
+}
|
|
|
+
|
|
|
+pub fn get_reachability_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
+ &lox_auth_pubkeys[3]
|
|
|
+}
|
|
|
+
|
|
|
+pub fn get_invitation_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
|
|
|
+ &lox_auth_pubkeys[4]
|
|
|
+}
|
|
|
+
|
|
|
// Download Lox Auth pubkeys
|
|
|
pub async fn get_lox_auth_keys(server_addr: &str) -> Vec<IssuerPubKey> {
|
|
|
- let lox_auth_pubkeys_resp = net_request(server_addr.to_string() + "/pubkeys", [].to_vec()).await;
|
|
|
- let lox_auth_pubkeys: Vec<IssuerPubKey> = serde_json::from_slice(&lox_auth_pubkeys_resp).unwrap();
|
|
|
+ let resp = net_request(server_addr.to_string() + "/pubkeys", [].to_vec()).await;
|
|
|
+ let lox_auth_pubkeys: Vec<IssuerPubKey> = serde_json::from_slice(&resp).unwrap();
|
|
|
lox_auth_pubkeys
|
|
|
}
|
|
|
|
|
|
+// Get encrypted bridge table
|
|
|
+pub async fn get_reachability_credential(server_addr: &str) -> EncBridgeTable {
|
|
|
+ let resp = net_request(server_addr.to_string() + "/reachability", [].to_vec()).await;
|
|
|
+ let reachability_cred = serde_json::from_slice(&resp).unwrap();
|
|
|
+ reachability_cred
|
|
|
+}
|
|
|
+
|
|
|
// Get an open invitation
|
|
|
pub async fn get_open_invitation(server_addr: &str) -> [u8; OPENINV_LENGTH] {
|
|
|
- let open_invite_resp = net_request(server_addr.to_string() + "/invite", [].to_vec()).await;
|
|
|
- let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::<Invite>(&open_invite_resp).unwrap().invite;
|
|
|
+ let resp = net_request(server_addr.to_string() + "/invite", [].to_vec()).await;
|
|
|
+ let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::<Invite>(&resp).unwrap().invite;
|
|
|
open_invite
|
|
|
}
|
|
|
|
|
|
// Get a Lox Credential from an open invitation
|
|
|
-pub async fn get_lox_credential(server_addr: &str, open_invite: [u8; OPENINV_LENGTH], lox_pub: IssuerPubKey) -> lox::cred::Lox {
|
|
|
- let (open_inv_req, state) = open_invite::request(&open_invite);
|
|
|
- let encoded_open_inv_req: Vec<u8> = serde_json::to_vec(&open_inv_req).unwrap();
|
|
|
- let encoded_open_inv_resp = net_request(server_addr.to_string() + "/openreq", encoded_open_inv_req).await;
|
|
|
- let decoded_open_inv_resp: open_invite::Response = serde_json::from_slice(&encoded_open_inv_resp).unwrap();
|
|
|
- let (cred, bridgeline) = open_invite::handle_response(state, decoded_open_inv_resp, &lox_pub).unwrap();
|
|
|
- cred
|
|
|
- // TODO: Also return the bridgeline
|
|
|
+pub async fn get_lox_credential(
|
|
|
+ server_addr: &str,
|
|
|
+ open_invite: &[u8; OPENINV_LENGTH],
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+) -> (lox::cred::Lox, BridgeLine) {
|
|
|
+ let (req, state) = open_invite::request(&open_invite);
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/openreq", encoded_req).await;
|
|
|
+ let decoded_resp: open_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let (cred, bridgeline) = open_invite::handle_response(state, decoded_resp, &lox_pub).unwrap();
|
|
|
+ (cred, bridgeline)
|
|
|
}
|
|
|
|
|
|
// Get a migration credential to migrate to higher trust
|
|
|
-pub async fn trust_promotion(server_addr: &str, lox_cred: lox::cred::Lox, lox_pub: IssuerPubKey) -> lox::cred::Migration {
|
|
|
- let (prom_req, state) = trust_promotion::request(&lox_cred, &lox_pub, today(Duration::ZERO)).unwrap();
|
|
|
- let encoded_prom_req: Vec<u8> = serde_json::to_vec(&prom_req).unwrap();
|
|
|
- let encoded_prom_resp = net_request(server_addr.to_string() + "/promreq", encoded_prom_req).await;
|
|
|
- let decoded_prom_resp: trust_promotion::Response = serde_json::from_slice(&encoded_prom_resp).unwrap();
|
|
|
- let migration_cred = trust_promotion::handle_response(state, decoded_prom_resp).unwrap();
|
|
|
+pub async fn trust_promotion(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Migration {
|
|
|
+ let (req, state) =
|
|
|
+ trust_promotion::request(&lox_cred, &lox_pub, today(Duration::ZERO)).unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/promreq", encoded_req).await;
|
|
|
+ let decoded_resp: trust_promotion::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let migration_cred = trust_promotion::handle_response(state, decoded_resp).unwrap();
|
|
|
migration_cred
|
|
|
}
|
|
|
+
|
|
|
+// Promote from untrusted (trust level 0) to trusted (trust level 1)
|
|
|
+pub async fn trust_migration(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ migration_cred: &lox::cred::Migration,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+ migration_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Lox {
|
|
|
+ let (req, state) =
|
|
|
+ migration::request(lox_cred, migration_cred, lox_pub, migration_pub).unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/trustmig", encoded_req).await;
|
|
|
+ let decoded_resp: migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let cred = migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
+ cred
|
|
|
+}
|
|
|
+
|
|
|
+// Increase trust from at least level 1 to higher levels
|
|
|
+pub async fn level_up(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+ reachability_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Lox {
|
|
|
+ // Read the bucket in the credential to get today's Bucket
|
|
|
+ // Reachability credential
|
|
|
+
|
|
|
+ let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
|
|
|
+ let bucket =
|
|
|
+ lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
|
|
|
+ let reachcred = bucket.1.unwrap();
|
|
|
+
|
|
|
+ // Use the Bucket Reachability credential to advance to the next
|
|
|
+ // level
|
|
|
+ let (req, state) = level_up::request(
|
|
|
+ lox_cred,
|
|
|
+ &reachcred,
|
|
|
+ lox_pub,
|
|
|
+ reachability_pub,
|
|
|
+ today(Duration::ZERO),
|
|
|
+ )
|
|
|
+ .unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/levelup", encoded_req).await;
|
|
|
+ let decoded_resp: level_up::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let cred = level_up::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
+ cred
|
|
|
+}
|
|
|
+
|
|
|
+// Request an Invitation credential to give to a friend
|
|
|
+pub async fn issue_invite(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+ reachability_pub: &IssuerPubKey,
|
|
|
+ invitation_pub: &IssuerPubKey,
|
|
|
+) -> (lox::cred::Lox, lox::cred::Invitation) {
|
|
|
+ // Read the bucket in the credential to get today's Bucket
|
|
|
+ // Reachability credential
|
|
|
+
|
|
|
+ let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
|
|
|
+ let bucket =
|
|
|
+ lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
|
|
|
+ let reachcred = bucket.1.unwrap();
|
|
|
+
|
|
|
+ let (req, state) = issue_invite::request(
|
|
|
+ lox_cred,
|
|
|
+ &reachcred,
|
|
|
+ lox_pub,
|
|
|
+ reachability_pub,
|
|
|
+ today(Duration::ZERO),
|
|
|
+ )
|
|
|
+ .unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/issueinvite", encoded_req).await;
|
|
|
+ let decoded_resp: issue_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let (cred, invite) =
|
|
|
+ issue_invite::handle_response(state, decoded_resp, lox_pub, invitation_pub).unwrap();
|
|
|
+ (cred, invite)
|
|
|
+}
|
|
|
+
|
|
|
+// Redeem an Invitation credential to start at trust level 1
|
|
|
+pub async fn redeem_invite(
|
|
|
+ server_addr: &str,
|
|
|
+ invite: &lox::cred::Invitation,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+ invitation_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Lox {
|
|
|
+ let (req, state) =
|
|
|
+ redeem_invite::request(invite, invitation_pub, today(Duration::ZERO)).unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/redeem", encoded_req).await;
|
|
|
+ let decoded_resp: redeem_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let cred = redeem_invite::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
+ cred
|
|
|
+}
|
|
|
+
|
|
|
+// Check for a migration credential to move to a new bucket
|
|
|
+pub async fn check_blockage(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Migration {
|
|
|
+ let (req, state) = check_blockage::request(lox_cred, lox_pub).unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp = net_request(server_addr.to_string() + "/checkblockage", encoded_req).await;
|
|
|
+ let decoded_resp: check_blockage::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let migcred = check_blockage::handle_response(state, decoded_resp).unwrap();
|
|
|
+ migcred
|
|
|
+}
|
|
|
+
|
|
|
+// Migrate to a new bucket (must be level >= 3)
|
|
|
+pub async fn blockage_migration(
|
|
|
+ server_addr: &str,
|
|
|
+ lox_cred: &lox::cred::Lox,
|
|
|
+ migcred: &lox::cred::Migration,
|
|
|
+ lox_pub: &IssuerPubKey,
|
|
|
+ migration_pub: &IssuerPubKey,
|
|
|
+) -> lox::cred::Lox {
|
|
|
+ let (req, state) =
|
|
|
+ blockage_migration::request(lox_cred, migcred, lox_pub, migration_pub).unwrap();
|
|
|
+ let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
|
|
|
+ let encoded_resp =
|
|
|
+ net_request(server_addr.to_string() + "/blockagemigration", encoded_req).await;
|
|
|
+ let decoded_resp: blockage_migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
|
|
|
+ let cred = blockage_migration::handle_response(state, decoded_resp, lox_pub).unwrap();
|
|
|
+ cred
|
|
|
+}
|