123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676 |
- // User behavior in simulation
- use crate::{
- get_date,
- negative_report::NegativeReport,
- positive_report::PositiveReport,
- simulation::{
- bridge::Bridge,
- censor::{Censor, Secrecy::*, Totality::*},
- config::Config,
- },
- BridgeDistributor,
- };
- use anyhow::{anyhow, Result};
- use lox_cli::{networking::*, *};
- use lox_library::{
- bridge_table::BridgeLine, cred::Lox, proto::check_blockage::MIN_TRUST_LEVEL, scalar_u32,
- };
- use rand::Rng;
- use std::{cmp::min, collections::HashMap};
- use x25519_dalek::PublicKey;
- // Helper function to probabilistically return true or false
- pub fn event_happens(probability: f64) -> bool {
- let mut rng = rand::thread_rng();
- let num: f64 = rng.gen_range(0.0..1.0);
- num < probability
- }
- pub struct User {
- // Does this user cooperate with a censor?
- pub is_censor: bool,
- // The user always has a primary credential. If this credential's bucket is
- // blocked, the user may replace it or temporarily hold two credentials
- // while waiting to migrate from the primary credential.
- pub primary_cred: Lox,
- secondary_cred: Option<Lox>,
- // Does the user submit reports to Troll Patrol?
- submits_reports: bool,
- // How likely is this user to use bridges on a given day?
- prob_use_bridges: f64,
- }
- impl User {
- pub async fn new(config: &Config, is_censor: bool) -> Result<Self> {
- let cred = get_lox_credential(
- &config.la_net,
- &get_open_invitation(&config.la_net).await?,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?
- .0;
- // Probabilistically decide whether this user submits reports
- let submits_reports = if is_censor {
- false
- } else {
- event_happens(config.prob_user_submits_reports)
- };
- // Randomly determine how likely this user is to use bridges on
- // a given day
- let mut rng = rand::thread_rng();
- let prob_use_bridges = rng.gen_range(0.0..=1.0);
- Ok(Self {
- is_censor,
- primary_cred: cred,
- secondary_cred: None,
- submits_reports: submits_reports,
- prob_use_bridges: prob_use_bridges,
- })
- }
- pub async fn trusted_user(config: &Config) -> Result<Self> {
- let cred = get_lox_credential(
- &config.la_net,
- &get_open_invitation(&config.la_net).await?,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?
- .0;
- Ok(Self {
- is_censor: false,
- primary_cred: cred,
- secondary_cred: None,
- submits_reports: true,
- prob_use_bridges: 1.0,
- })
- }
- // TODO: This should probably return an actual error type
- pub async fn invite(
- &mut self,
- config: &Config,
- censor: &mut Censor,
- invited_user_is_censor: bool,
- ) -> Result<Self> {
- let etable = get_reachability_credential(&config.la_net).await?;
- let (new_cred, invite) = issue_invite(
- &config.la_net,
- &self.primary_cred,
- &etable,
- get_lox_pub(&config.la_pubkeys),
- get_reachability_pub(&config.la_pubkeys),
- get_invitation_pub(&config.la_pubkeys),
- )
- .await?;
- self.primary_cred = new_cred;
- if self.is_censor {
- // Make sure censor has access to each bridge and each
- // credential
- let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
- for bl in bucket {
- let fingerprint = bl.get_hashed_fingerprint();
- censor.learn_bridge(&fingerprint);
- censor.give_lox_cred(&fingerprint, &self.primary_cred);
- }
- }
- let friend_cred = redeem_invite(
- &config.la_net,
- &invite,
- get_lox_pub(&config.la_pubkeys),
- get_invitation_pub(&config.la_pubkeys),
- )
- .await?
- .0;
- // Calling function decides if the invited user is a censor
- let is_censor = invited_user_is_censor;
- // Probabilistically decide whether this user submits reports
- let submits_reports = if is_censor {
- false
- } else {
- event_happens(config.prob_user_submits_reports)
- };
- // Randomly determine how likely this user is to use bridges on
- // a given day
- let mut rng = rand::thread_rng();
- let prob_use_bridges = rng.gen_range(0.0..=1.0);
- Ok(Self {
- is_censor,
- primary_cred: friend_cred,
- secondary_cred: None,
- submits_reports: submits_reports,
- prob_use_bridges: prob_use_bridges,
- })
- }
- // Attempt to "connect" to the bridge, returns true if successful.
- // Note that this does not involve making a real connection to a
- // real bridge. The function is async because the *censor* might
- // submit a positive report during this function.
- pub fn connect(&self, config: &Config, bridge: &mut Bridge, censor: &Censor) -> bool {
- if censor.blocks_bridge(config, &bridge.fingerprint) {
- if config.censor_totality == Full
- || config.censor_totality == Partial
- && event_happens(censor.partial_blocking_percent)
- {
- // If censor tries to hide its censorship, record a
- // false connection
- if config.censor_secrecy == Hiding {
- bridge.connect_total();
- }
- // Return false because the connection failed
- return false;
- } else if config.censor_totality == Throttling {
- // With some probability, the user connects but gives up
- // because there is too much interference. In this case,
- // a real connection occurs, but we treat it like a
- // false connection from the censor.
- if event_happens(config.prob_user_treats_throttling_as_blocking) {
- bridge.connect_total();
- // Return false because there was interference
- // detected in the connection
- return false;
- }
- }
- }
- // Connection may randomly fail, without censor intervention
- if event_happens(config.prob_connection_fails) {
- return false;
- }
- // If we haven't returned yet, the connection succeeded
- bridge.connect_real();
- true
- }
- pub async fn get_new_credential(config: &Config) -> Result<(Lox, BridgeLine)> {
- get_lox_credential(
- &config.la_net,
- &get_open_invitation(&config.la_net).await?,
- get_lox_pub(&config.la_pubkeys),
- )
- .await
- }
- pub async fn send_negative_reports(
- config: &Config,
- reports: Vec<NegativeReport>,
- ) -> Result<()> {
- let date = get_date();
- let pubkey = match serde_json::from_slice::<Option<PublicKey>>(
- &config
- .tp_net
- .request("/nrkey".to_string(), serde_json::to_string(&date)?.into())
- .await?,
- )? {
- Some(v) => v,
- None => return Err(anyhow!("No available negative report encryption key")),
- };
- for report in reports {
- config
- .tp_net
- .request(
- "/negativereport".to_string(),
- bincode::serialize(&report.encrypt(&pubkey))?,
- )
- .await?;
- }
- Ok(())
- }
- pub async fn send_positive_reports(
- config: &Config,
- reports: Vec<PositiveReport>,
- ) -> Result<()> {
- for report in reports {
- config
- .tp_net
- .request("/positivereport".to_string(), report.to_json().into_bytes())
- .await?;
- }
- Ok(())
- }
- pub async fn daily_tasks(
- &mut self,
- config: &Config,
- num_users_requesting_invites: u32,
- num_censor_invites: u32,
- bridges: &mut HashMap<[u8; 20], Bridge>,
- censor: &mut Censor,
- ) -> Result<Vec<User>> {
- if self.is_censor {
- self.daily_tasks_censor(config, bridges, censor).await
- } else {
- self.daily_tasks_non_censor(
- config,
- num_users_requesting_invites,
- num_censor_invites,
- bridges,
- censor,
- )
- .await
- }
- }
- // User performs daily connection attempts, etc. and returns a
- // vector of newly invited friends.
- // TODO: The map of bridges and the censor should be Arc<Mutex<>>
- // or something so we can parallelize this.
- pub async fn daily_tasks_non_censor(
- &mut self,
- config: &Config,
- num_users_requesting_invites: u32,
- num_censor_invites: u32,
- bridges: &mut HashMap<[u8; 20], Bridge>,
- censor: &mut Censor,
- ) -> Result<Vec<User>> {
- // Probabilistically decide if the user should use bridges today
- if event_happens(self.prob_use_bridges) {
- // Download bucket to see if bridge is still reachable. (We
- // assume that this step can be done even if the user can't
- // actually talk to the LA.)
- let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
- let level = match scalar_u32(&self.primary_cred.trust_level) {
- Some(v) => v,
- None => return Err(anyhow!("Failed to get trust level from credential")),
- };
- // Make sure each bridge in bucket is in the global bridges set
- for bridgeline in bucket {
- if bridgeline != BridgeLine::default() {
- if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
- let bridge = Bridge::from_bridge_line(&bridgeline);
- bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
- }
- }
- }
- // Can we level up the main credential?
- let can_level_up = reachcred.is_some()
- && (level == 0
- && eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
- || level > 0
- && eligible_for_level_up(&config.la_net, &self.primary_cred).await);
- // Can we migrate the main credential?
- let can_migrate = reachcred.is_none() && level >= MIN_TRUST_LEVEL;
- // Can we level up the secondary credential?
- let mut second_level_up = false;
- let mut failed = Vec::<BridgeLine>::new();
- let mut succeeded = Vec::<BridgeLine>::new();
- // Try to connect to each bridge
- for i in 0..bucket.len() {
- // At level 0, we only have 1 bridge
- if bucket[i] != BridgeLine::default() {
- if self.connect(
- &config,
- bridges
- .get_mut(&bucket[i].get_hashed_fingerprint())
- .unwrap(),
- &censor,
- ) {
- succeeded.push(bucket[i]);
- } else {
- failed.push(bucket[i]);
- }
- }
- }
- // If we were not able to connect to any bridges, get a
- // second credential
- let second_cred = if succeeded.len() < 1 {
- if self.secondary_cred.is_some() {
- std::mem::replace(&mut self.secondary_cred, None)
- } else {
- // Get new credential
- match Self::get_new_credential(&config).await {
- Ok((cred, _bl)) => Some(cred),
- Err(e) => {
- eprintln!("Failed to get new Lox credential. Error: {}", e);
- None
- }
- }
- }
- } else {
- // If we're able to connect with the primary credential, don't
- // keep a secondary one.
- None
- };
- if second_cred.is_some() {
- let second_cred = second_cred.as_ref().unwrap();
- let (second_bucket, second_reachcred) =
- get_bucket(&config.la_net, &second_cred).await?;
- for bridgeline in second_bucket {
- if bridgeline != BridgeLine::default() {
- if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
- bridges.insert(
- bridgeline.get_hashed_fingerprint(),
- Bridge::from_bridge_line(&bridgeline),
- );
- }
- // Attempt to connect to second cred's bridge
- if self.connect(
- &config,
- bridges
- .get_mut(&bridgeline.get_hashed_fingerprint())
- .unwrap(),
- censor,
- ) {
- succeeded.push(bridgeline);
- if second_reachcred.is_some()
- && eligible_for_trust_promotion(&config.la_net, &second_cred).await
- {
- second_level_up = true;
- }
- } else {
- failed.push(bridgeline);
- }
- }
- }
- }
- let mut negative_reports = Vec::<NegativeReport>::new();
- let mut positive_reports = Vec::<PositiveReport>::new();
- if self.submits_reports {
- for bridgeline in &failed {
- negative_reports.push(NegativeReport::from_bridgeline(
- *bridgeline,
- config.country.to_string(),
- BridgeDistributor::Lox,
- ));
- }
- if level >= 3 {
- for bridgeline in &succeeded {
- // If we haven't received a positive report yet,
- // add a record about it with today's date
- let bridge = bridges
- .get_mut(&bridgeline.get_hashed_fingerprint())
- .unwrap();
- if bridge.first_positive_report == 0 {
- bridge.first_positive_report = get_date();
- }
- positive_reports.push(
- PositiveReport::from_lox_credential(
- bridgeline.get_hashed_fingerprint(),
- None,
- &self.primary_cred,
- get_lox_pub(&config.la_pubkeys),
- config.country.to_string(),
- )
- .unwrap(),
- );
- }
- }
- }
- // We might restrict these steps to succeeded.len() > 0, but
- // we do assume the user can contact the LA somehow, so
- // let's just allow it.
- if can_level_up {
- let cred = if level == 0 {
- trust_migration(
- &config.la_net,
- &self.primary_cred,
- &trust_promotion(
- &config.la_net,
- &self.primary_cred,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?,
- get_lox_pub(&config.la_pubkeys),
- get_migration_pub(&config.la_pubkeys),
- )
- .await?
- } else {
- level_up(
- &config.la_net,
- &self.primary_cred,
- &reachcred.unwrap(),
- get_lox_pub(&config.la_pubkeys),
- get_reachability_pub(&config.la_pubkeys),
- )
- .await?
- };
- self.primary_cred = cred;
- self.secondary_cred = None;
- }
- // We favor starting over at level 1 to migrating to level
- // 1, but if we have a level 4 credential for a bridge that
- // hasn't been marked blocked, save the credential so we can
- // migrate to a level 2 cred. Note that second_level_up is
- // only true if we were unable to connect with bridges from
- // our primary credential.
- else if second_level_up && (level <= MIN_TRUST_LEVEL || reachcred.is_none()) {
- let second_cred = second_cred.as_ref().unwrap();
- let cred = trust_migration(
- &config.la_net,
- &second_cred,
- &trust_promotion(
- &config.la_net,
- &second_cred,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?,
- get_lox_pub(&config.la_pubkeys),
- get_migration_pub(&config.la_pubkeys),
- )
- .await?;
- self.primary_cred = cred;
- self.secondary_cred = None;
- } else if can_migrate {
- let cred = blockage_migration(
- &config.la_net,
- &self.primary_cred,
- &check_blockage(
- &config.la_net,
- &self.primary_cred,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?,
- get_lox_pub(&config.la_pubkeys),
- get_migration_pub(&config.la_pubkeys),
- )
- .await?;
- self.primary_cred = cred;
- self.secondary_cred = None;
- } else if second_cred.is_some() {
- // Couldn't connect with primary credential
- if succeeded.len() > 0 {
- // Keep the second credential only if it's useful
- self.secondary_cred = second_cred;
- }
- }
- if negative_reports.len() > 0 {
- Self::send_negative_reports(&config, negative_reports).await?;
- }
- if positive_reports.len() > 0 {
- Self::send_positive_reports(&config, positive_reports).await?;
- }
- // Invite friends if applicable
- let invitations = match scalar_u32(&self.primary_cred.invites_remaining) {
- Some(v) => v,
- None => 0, // This is probably an error case that should not happen
- };
- let mut new_friends = Vec::<User>::new();
- for _i in 0..min(invitations, num_users_requesting_invites) {
- if event_happens(config.prob_user_invites_friend) {
- // Invite non-censor friend
- match self.invite(&config, censor, false).await {
- Ok(friend) => {
- // You really shouldn't push your friends,
- // especially new ones whose boundaries you
- // might not know well.
- new_friends.push(friend);
- }
- Err(e) => {
- println!("{}", e);
- }
- }
- }
- }
- // Invite censor users if applicable
- let invitations = invitations - new_friends.len() as u32;
- for _i in 0..min(invitations, num_censor_invites) {
- if event_happens(config.prob_user_invites_friend) {
- // Invite non-censor friend
- match self.invite(&config, censor, true).await {
- Ok(friend) => {
- new_friends.push(friend);
- }
- Err(e) => {
- println!("{}", e);
- }
- }
- }
- }
- Ok(new_friends)
- } else {
- Ok(Vec::<User>::new())
- }
- }
- // User cooperates with censor and performs daily tasks to try to
- // learn more bridges.
- pub async fn daily_tasks_censor(
- &mut self,
- config: &Config,
- bridges: &mut HashMap<[u8; 20], Bridge>,
- censor: &mut Censor,
- ) -> Result<Vec<User>> {
- // Download bucket to see if bridge is still reachable and if we
- // have any new bridges
- let (bucket, reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
- let level = scalar_u32(&self.primary_cred.trust_level).unwrap();
- // Make sure each bridge is in global bridges set and known by
- // censor
- for bridgeline in bucket {
- if bridgeline != BridgeLine::default() {
- if !bridges.contains_key(&bridgeline.get_hashed_fingerprint()) {
- let bridge = Bridge::from_bridge_line(&bridgeline);
- bridges.insert(bridgeline.get_hashed_fingerprint(), bridge);
- }
- censor.learn_bridge(&bridgeline.get_hashed_fingerprint());
- }
- }
- // Censor user tries to level up their primary credential
- if reachcred.is_some() {
- if level == 0 && eligible_for_trust_promotion(&config.la_net, &self.primary_cred).await
- || level > 0 && eligible_for_level_up(&config.la_net, &self.primary_cred).await
- {
- let new_cred = if level == 0 {
- trust_migration(
- &config.la_net,
- &self.primary_cred,
- &trust_promotion(
- &config.la_net,
- &self.primary_cred,
- get_lox_pub(&config.la_pubkeys),
- )
- .await?,
- get_lox_pub(&config.la_pubkeys),
- get_migration_pub(&config.la_pubkeys),
- )
- .await?
- } else {
- level_up(
- &config.la_net,
- &self.primary_cred,
- &reachcred.unwrap(),
- get_lox_pub(&config.la_pubkeys),
- get_reachability_pub(&config.la_pubkeys),
- )
- .await?
- };
- self.primary_cred = new_cred;
- let (bucket, _reachcred) = get_bucket(&config.la_net, &self.primary_cred).await?;
- // Make sure each bridge is in global bridges set and
- // known by censor
- for bl in bucket {
- let fingerprint = bl.get_hashed_fingerprint();
- if !bridges.contains_key(&fingerprint) {
- let bridge = Bridge::from_bridge_line(&bl);
- bridges.insert(fingerprint, bridge);
- }
- censor.learn_bridge(&fingerprint);
- censor.give_lox_cred(&fingerprint, &self.primary_cred);
- }
- }
- } else {
- // LA has identified this bucket as blocked. This change
- // will not be reverted, so replace the primary credential
- // with a new level 0 credential and work on gaining trust
- // for that one.
- let res = Self::get_new_credential(&config).await;
- if res.is_ok() {
- let (new_cred, bl) = res.unwrap();
- let fingerprint = bl.get_hashed_fingerprint();
- if !bridges.contains_key(&fingerprint) {
- let bridge = Bridge::from_bridge_line(&bl);
- bridges.insert(fingerprint, bridge);
- }
- censor.learn_bridge(&fingerprint);
- // Censor doesn't want new_cred yet
- self.primary_cred = new_cred;
- } else {
- eprintln!("Censor failed to get new credential");
- }
- }
- // Separately from primary credential, censor user requests a
- // new secondary credential each day just to block the
- // open-entry bridges. This is stored but not reused.
- let res = Self::get_new_credential(&config).await;
- if res.is_ok() {
- let (_new_cred, bl) = res.unwrap();
- let fingerprint = bl.get_hashed_fingerprint();
- if !bridges.contains_key(&fingerprint) {
- let bridge = Bridge::from_bridge_line(&bl);
- bridges.insert(fingerprint, bridge);
- }
- censor.learn_bridge(&fingerprint);
- // Censor doesn't want new_cred. User doesn't actually use
- // secondary_cred, so don't store it.
- } else {
- eprintln!("Censor failed to get new credential");
- }
- // Censor user invites as many censor friends as possible
- let invitations = scalar_u32(&self.primary_cred.invites_remaining).unwrap();
- let mut new_friends = Vec::<User>::new();
- for _ in 0..invitations {
- match self.invite(&config, censor, true).await {
- Ok(friend) => {
- new_friends.push(friend);
- }
- Err(e) => {
- println!("{}", e);
- }
- }
- }
- Ok(new_friends)
- }
- }
|