lox_cli/src/client_lib.rs

mod client_net;
use client_net::net_request;

use lox::bridge_table::BridgeLine;
use lox::bridge_table::ENC_BUCKET_BYTES;
use lox::proto::*;
use lox::IssuerPubKey;
use lox::OPENINV_LENGTH;
use serde::{Deserialize, Serialize};
use serde_with::serde_as;
use std::time::Duration;

// From https://gitlab.torproject.org/onyinyang/lox-server/-/blob/main/src/main.rs
// TODO: Move this to main Lox library?
#[serde_as]
#[derive(Serialize, Deserialize)]
pub struct Invite {
    #[serde_as(as = "[_; OPENINV_LENGTH]")]
    invite: [u8; OPENINV_LENGTH],
}
#[serde_as]
#[derive(Serialize, Deserialize)]
pub struct EncBridgeTable {
    #[serde_as(as = "Vec<[_; ENC_BUCKET_BYTES]>")]
    etable: Vec<[u8; ENC_BUCKET_BYTES]>,
}

/// Get today's (real or simulated) date
///
/// This function is modified from the lox lib.rs
fn today(time_offset: Duration) -> u32 {
    // We will not encounter negative Julian dates (~6700 years ago)
    // or ones larger than 32 bits
    (time::OffsetDateTime::now_utc().date() + time_offset)
        .julian_day()
        .try_into()
        .unwrap()
}

// Helper functions to get public keys from vector
pub fn get_lox_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
    &lox_auth_pubkeys[0]
}

pub fn get_migration_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
    &lox_auth_pubkeys[1]
}

pub fn get_migrationkey_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
    &lox_auth_pubkeys[2]
}

pub fn get_reachability_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
    &lox_auth_pubkeys[3]
}

pub fn get_invitation_pub(lox_auth_pubkeys: &Vec<IssuerPubKey>) -> &IssuerPubKey {
    &lox_auth_pubkeys[4]
}

// Download Lox Auth pubkeys
pub async fn get_lox_auth_keys(server_addr: &str) -> Vec<IssuerPubKey> {
    let resp = net_request(server_addr.to_string() + "/pubkeys", [].to_vec()).await;
    let lox_auth_pubkeys: Vec<IssuerPubKey> = serde_json::from_slice(&resp).unwrap();
    lox_auth_pubkeys
}

// Get encrypted bridge table
pub async fn get_reachability_credential(server_addr: &str) -> Vec<[u8; ENC_BUCKET_BYTES]> {
    let resp = net_request(server_addr.to_string() + "/reachability", [].to_vec()).await;
    let reachability_cred: EncBridgeTable = serde_json::from_slice(&resp).unwrap();
    reachability_cred.etable
}

// Get an open invitation
pub async fn get_open_invitation(server_addr: &str) -> [u8; OPENINV_LENGTH] {
    let resp = net_request(server_addr.to_string() + "/invite", [].to_vec()).await;
    let open_invite: [u8; OPENINV_LENGTH] = serde_json::from_slice::<Invite>(&resp).unwrap().invite;
    open_invite
}

// Get a Lox Credential from an open invitation
pub async fn get_lox_credential(
    server_addr: &str,
    open_invite: &[u8; OPENINV_LENGTH],
    lox_pub: &IssuerPubKey,
) -> (lox::cred::Lox, BridgeLine) {
    let (req, state) = open_invite::request(&open_invite);
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/openreq", encoded_req).await;
    let decoded_resp: open_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let (cred, bridgeline) = open_invite::handle_response(state, decoded_resp, &lox_pub).unwrap();
    (cred, bridgeline)
}

// Get a migration credential to migrate to higher trust
pub async fn trust_promotion(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    lox_pub: &IssuerPubKey,
) -> lox::cred::Migration {
    let (req, state) =
//        trust_promotion::request(&lox_cred, &lox_pub, today(Duration::ZERO)).unwrap();
        trust_promotion::request(&lox_cred, &lox_pub, today(Duration::from_secs(60 * 60 * 24 * 31))).unwrap(); // FOR TESTING ONLY
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/trustpromo", encoded_req).await;
    let decoded_resp: trust_promotion::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let migration_cred = trust_promotion::handle_response(state, decoded_resp).unwrap();
    migration_cred
}

// Promote from untrusted (trust level 0) to trusted (trust level 1)
pub async fn trust_migration(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    migration_cred: &lox::cred::Migration,
    lox_pub: &IssuerPubKey,
    migration_pub: &IssuerPubKey,
) -> lox::cred::Lox {
    let (req, state) =
        migration::request(lox_cred, migration_cred, lox_pub, migration_pub).unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/trustmig", encoded_req).await;
    let decoded_resp: migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let cred = migration::handle_response(state, decoded_resp, lox_pub).unwrap();
    cred
}

// Increase trust from at least level 1 to higher levels
pub async fn level_up(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
    lox_pub: &IssuerPubKey,
    reachability_pub: &IssuerPubKey,
) -> lox::cred::Lox {
    // Read the bucket in the credential to get today's Bucket
    // Reachability credential

    let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
    let bucket =
        lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
    let reachcred = bucket.1.unwrap();

    // Use the Bucket Reachability credential to advance to the next
    // level
    let (req, state) = level_up::request(
        lox_cred,
        &reachcred,
        lox_pub,
        reachability_pub,
        //today(Duration::ZERO),

        // The following line adds 31 days (from initial trust migration)
        // plus 85 days for first level up.
        // The server's testing code keeps track of time added as the
        // program runs. This should be adapted to do that as well.
        today(Duration::from_secs(60 * 60 * 24 * (31 + 85))), // FOR TESTING ONLY
    )
    .unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/levelup", encoded_req).await;
    let decoded_resp: level_up::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let cred = level_up::handle_response(state, decoded_resp, lox_pub).unwrap();
    cred
}

// Request an Invitation credential to give to a friend
pub async fn issue_invite(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    encbuckets: &Vec<[u8; ENC_BUCKET_BYTES]>,
    lox_pub: &IssuerPubKey,
    reachability_pub: &IssuerPubKey,
    invitation_pub: &IssuerPubKey,
) -> (lox::cred::Lox, lox::cred::Invitation) {
    // Read the bucket in the credential to get today's Bucket
    // Reachability credential

    let (id, key) = lox::bridge_table::from_scalar(lox_cred.bucket).unwrap();
    let bucket =
        lox::bridge_table::BridgeTable::decrypt_bucket(id, &key, &encbuckets[id as usize]).unwrap();
    let reachcred = bucket.1.unwrap();

    let (req, state) = issue_invite::request(
        lox_cred,
        &reachcred,
        lox_pub,
        reachability_pub,
        today(Duration::ZERO),
    )
    .unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/issueinvite", encoded_req).await;
    let decoded_resp: issue_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let (cred, invite) =
        issue_invite::handle_response(state, decoded_resp, lox_pub, invitation_pub).unwrap();
    (cred, invite)
}

// Redeem an Invitation credential to start at trust level 1
pub async fn redeem_invite(
    server_addr: &str,
    invite: &lox::cred::Invitation,
    lox_pub: &IssuerPubKey,
    invitation_pub: &IssuerPubKey,
) -> lox::cred::Lox {
    let (req, state) =
        redeem_invite::request(invite, invitation_pub, today(Duration::ZERO)).unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/redeem", encoded_req).await;
    let decoded_resp: redeem_invite::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let cred = redeem_invite::handle_response(state, decoded_resp, lox_pub).unwrap();
    cred
}

// Check for a migration credential to move to a new bucket
pub async fn check_blockage(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    lox_pub: &IssuerPubKey,
) -> lox::cred::Migration {
    let (req, state) = check_blockage::request(lox_cred, lox_pub).unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp = net_request(server_addr.to_string() + "/checkblockage", encoded_req).await;
    let decoded_resp: check_blockage::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let migcred = check_blockage::handle_response(state, decoded_resp).unwrap();
    migcred
}

// Migrate to a new bucket (must be level >= 3)
pub async fn blockage_migration(
    server_addr: &str,
    lox_cred: &lox::cred::Lox,
    migcred: &lox::cred::Migration,
    lox_pub: &IssuerPubKey,
    migration_pub: &IssuerPubKey,
) -> lox::cred::Lox {
    let (req, state) =
        blockage_migration::request(lox_cred, migcred, lox_pub, migration_pub).unwrap();
    let encoded_req: Vec<u8> = serde_json::to_vec(&req).unwrap();
    let encoded_resp =
        net_request(server_addr.to_string() + "/blockagemigration", encoded_req).await;
    let decoded_resp: blockage_migration::Response = serde_json::from_slice(&encoded_resp).unwrap();
    let cred = blockage_migration::handle_response(state, decoded_resp, lox_pub).unwrap();
    cred
}