2024-02-20 17:12:34 -05:00
|
|
|
// For Lox-related code where points are uppercase and scalars are lowercase
|
|
|
|
|
#![allow(non_snake_case)]
|
2024-02-07 18:35:53 -05:00
|
|
|
|
2024-02-20 17:12:34 -05:00
|
|
|
use crate::{get_date, CONFIG, COUNTRY_CODES};
|
|
|
|
|
|
2024-02-26 18:00:43 -05:00
|
|
|
use curve25519_dalek::{RistrettoPoint, Scalar};
|
2024-02-20 17:12:34 -05:00
|
|
|
use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
|
2024-02-07 18:35:53 -05:00
|
|
|
use lox_library::{cred::Lox, proto::positive_report as lox_pr, IssuerPubKey};
|
|
|
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
|
use sha1::{Digest, Sha1};
|
2024-02-26 18:00:43 -05:00
|
|
|
use sha2::Sha512;
|
2024-02-07 18:35:53 -05:00
|
|
|
use std::option::Option;
|
|
|
|
|
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub enum PositiveReportError {
|
|
|
|
|
DateInFuture,
|
|
|
|
|
FailedToDeserialize, // couldn't deserialize to SerializablePositiveReport
|
2024-02-21 03:09:34 -05:00
|
|
|
InvalidBridgeToken,
|
2024-02-07 18:35:53 -05:00
|
|
|
InvalidCountryCode,
|
2024-02-26 18:00:43 -05:00
|
|
|
InvalidLoxProof,
|
2024-02-07 18:35:53 -05:00
|
|
|
MissingBridgeToken,
|
|
|
|
|
MissingCountryCode,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// A report that the user was able to connect to the bridge
|
|
|
|
|
pub struct PositiveReport {
|
|
|
|
|
/// hashed fingerprint (SHA-1 hash of 20-byte bridge ID)
|
|
|
|
|
pub fingerprint: [u8; 20],
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// token from the bridge indicating it was reached
|
|
|
|
|
bridge_token: Option<BridgeToken>,
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
// proof of Lox cred with level >= 3 and this bridge
|
|
|
|
|
lox_proof: lox_pr::Request,
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// user's country code, may be an empty string
|
|
|
|
|
pub country: String,
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// today's Julian date
|
|
|
|
|
pub date: u32,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl PositiveReport {
|
|
|
|
|
pub fn new(
|
|
|
|
|
bridge_id: [u8; 20],
|
|
|
|
|
bridge_token: Option<BridgeToken>,
|
|
|
|
|
lox_proof: lox_pr::Request,
|
|
|
|
|
country: String,
|
|
|
|
|
) -> Self {
|
|
|
|
|
if CONFIG.require_bridge_token && bridge_token.is_none() {
|
|
|
|
|
panic!("Bridge tokens are required for positive reports.");
|
|
|
|
|
}
|
|
|
|
|
let mut hasher = Sha1::new();
|
|
|
|
|
hasher.update(bridge_id);
|
|
|
|
|
let fingerprint: [u8; 20] = hasher.finalize().into();
|
|
|
|
|
let date = get_date();
|
|
|
|
|
Self {
|
|
|
|
|
fingerprint,
|
|
|
|
|
bridge_token,
|
|
|
|
|
lox_proof,
|
|
|
|
|
country,
|
|
|
|
|
date,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn from_lox_credential(
|
|
|
|
|
bridge_id: [u8; 20],
|
|
|
|
|
bridge_token: Option<BridgeToken>,
|
|
|
|
|
lox_cred: &Lox,
|
|
|
|
|
lox_pub: &IssuerPubKey,
|
|
|
|
|
country: String,
|
|
|
|
|
) -> Self {
|
|
|
|
|
let lox_proof = lox_pr::request(lox_cred, lox_pub).unwrap();
|
|
|
|
|
PositiveReport::new(bridge_id, bridge_token, lox_proof, country)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Convert report to a serializable version
|
|
|
|
|
pub fn to_serializable_report(self) -> SerializablePositiveReport {
|
2024-02-21 03:09:34 -05:00
|
|
|
let bridge_token = if self.bridge_token.is_none() {
|
|
|
|
|
None
|
|
|
|
|
} else {
|
|
|
|
|
Some(self.bridge_token.unwrap().to_serializable_bridge_token())
|
|
|
|
|
};
|
2024-02-07 18:35:53 -05:00
|
|
|
SerializablePositiveReport {
|
|
|
|
|
fingerprint: self.fingerprint,
|
2024-02-21 03:09:34 -05:00
|
|
|
bridge_token: bridge_token,
|
2024-02-07 18:35:53 -05:00
|
|
|
lox_proof: self.lox_proof,
|
|
|
|
|
country: self.country,
|
|
|
|
|
date: self.date,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Serializes the report, eliding the underlying process
|
|
|
|
|
pub fn to_json(self) -> String {
|
|
|
|
|
serde_json::to_string(&self.to_serializable_report()).unwrap()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Deserializes the report, eliding the underlying process
|
|
|
|
|
pub fn from_json(str: String) -> Result<Self, PositiveReportError> {
|
|
|
|
|
match serde_json::from_str::<SerializablePositiveReport>(&str) {
|
|
|
|
|
Ok(v) => v.to_report(),
|
|
|
|
|
Err(_) => Err(PositiveReportError::FailedToDeserialize),
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-02-20 17:12:34 -05:00
|
|
|
|
|
|
|
|
/// Verify everything except the Lox proof.
|
|
|
|
|
/// Parameters:
|
|
|
|
|
/// - The bucket ID for the bucket containing this bridge
|
2024-02-21 03:09:34 -05:00
|
|
|
/// - The bridge verifying key for this bridge (if bridge token is required)
|
2024-02-20 17:12:34 -05:00
|
|
|
/// These parameters are assumed to be correct and are NOT checked against
|
|
|
|
|
/// the fingerprint listed in the report.
|
|
|
|
|
pub fn verify_excluding_lox_proof(
|
|
|
|
|
self,
|
|
|
|
|
bucket: Scalar,
|
|
|
|
|
bridge_key: Option<VerifyingKey>,
|
|
|
|
|
) -> bool {
|
|
|
|
|
// Verify bridge token
|
|
|
|
|
if CONFIG.require_bridge_token {
|
|
|
|
|
let bridge_token = self.bridge_token.unwrap();
|
|
|
|
|
if bridge_key.is_none() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if bridge_key
|
|
|
|
|
.unwrap()
|
|
|
|
|
.verify(
|
2024-02-21 03:09:34 -05:00
|
|
|
&bridge_token.unsigned_bridge_token.to_bincode(),
|
2024-02-20 17:12:34 -05:00
|
|
|
&bridge_token.sig,
|
|
|
|
|
)
|
|
|
|
|
.is_err()
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// Verify knowledge of bucket ID
|
2024-02-26 18:00:43 -05:00
|
|
|
let H = RistrettoPoint::hash_from_bytes::<Sha512>(
|
|
|
|
|
format!("{}{}", lox_pr::H_GENERATOR_STRING, self.lox_proof.date).as_bytes(),
|
|
|
|
|
);
|
2024-02-20 17:12:34 -05:00
|
|
|
let BP = self.lox_proof.BP;
|
|
|
|
|
if bucket * H != BP {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
true
|
|
|
|
|
}
|
2024-02-07 18:35:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// (De)serializable positive report object which must be consumed by the
|
|
|
|
|
/// checking function before it can be used
|
|
|
|
|
#[derive(Deserialize, Serialize)]
|
|
|
|
|
pub struct SerializablePositiveReport {
|
|
|
|
|
pub fingerprint: [u8; 20],
|
2024-02-21 03:09:34 -05:00
|
|
|
bridge_token: Option<SerializableBridgeToken>,
|
2024-02-07 18:35:53 -05:00
|
|
|
lox_proof: lox_pr::Request,
|
|
|
|
|
pub country: String,
|
|
|
|
|
pub date: u32,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl SerializablePositiveReport {
|
|
|
|
|
pub fn to_report(self) -> Result<PositiveReport, PositiveReportError> {
|
2024-02-21 03:09:34 -05:00
|
|
|
// Check that fields are valid
|
2024-02-07 18:35:53 -05:00
|
|
|
if CONFIG.require_bridge_token && self.bridge_token.is_none() {
|
|
|
|
|
return Err(PositiveReportError::MissingBridgeToken);
|
|
|
|
|
}
|
|
|
|
|
if self.country == "" {
|
|
|
|
|
return Err(PositiveReportError::MissingCountryCode);
|
|
|
|
|
}
|
|
|
|
|
if !COUNTRY_CODES.contains(self.country.as_str()) {
|
|
|
|
|
return Err(PositiveReportError::InvalidCountryCode);
|
|
|
|
|
}
|
2024-02-26 18:00:43 -05:00
|
|
|
let date: u32 = get_date().into();
|
|
|
|
|
if self.date > date {
|
2024-02-07 18:35:53 -05:00
|
|
|
return Err(PositiveReportError::DateInFuture);
|
|
|
|
|
}
|
2024-02-26 18:00:43 -05:00
|
|
|
if self.lox_proof.date != date {
|
|
|
|
|
return Err(PositiveReportError::InvalidLoxProof);
|
|
|
|
|
}
|
2024-02-21 03:09:34 -05:00
|
|
|
let bridge_token = if self.bridge_token.is_none() {
|
|
|
|
|
None
|
|
|
|
|
} else {
|
|
|
|
|
let bridge_token_unchecked = self.bridge_token.unwrap().to_bridge_token()?;
|
|
|
|
|
// Check that bridge token fields match report fields...
|
|
|
|
|
// The user may override the bridge's autodetected country code,
|
|
|
|
|
// so allow the country code to be different.
|
|
|
|
|
if self.fingerprint != bridge_token_unchecked.unsigned_bridge_token.fingerprint
|
|
|
|
|
|| self.date != bridge_token_unchecked.unsigned_bridge_token.date
|
|
|
|
|
{
|
|
|
|
|
return Err(PositiveReportError::InvalidBridgeToken);
|
|
|
|
|
}
|
|
|
|
|
Some(bridge_token_unchecked)
|
|
|
|
|
};
|
2024-02-07 18:35:53 -05:00
|
|
|
Ok(PositiveReport {
|
|
|
|
|
fingerprint: self.fingerprint,
|
2024-02-21 03:09:34 -05:00
|
|
|
bridge_token: bridge_token,
|
2024-02-07 18:35:53 -05:00
|
|
|
lox_proof: self.lox_proof,
|
|
|
|
|
country: self.country,
|
|
|
|
|
date: self.date,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// An unsigned token which indicates that the bridge was reached
|
|
|
|
|
pub struct UnsignedBridgeToken {
|
|
|
|
|
/// hashed fingerprint (SHA-1 hash of 20-byte bridge ID)
|
|
|
|
|
pub fingerprint: [u8; 20],
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// client's country code
|
|
|
|
|
pub country: String,
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// today's Julian date
|
|
|
|
|
pub date: u32,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl UnsignedBridgeToken {
|
|
|
|
|
pub fn new(bridge_id: [u8; 20], country: String) -> Self {
|
|
|
|
|
let mut hasher = Sha1::new();
|
|
|
|
|
hasher.update(bridge_id);
|
|
|
|
|
let fingerprint: [u8; 20] = hasher.finalize().into();
|
|
|
|
|
let date = get_date();
|
|
|
|
|
Self {
|
|
|
|
|
fingerprint,
|
|
|
|
|
country,
|
|
|
|
|
date,
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-02-21 03:09:34 -05:00
|
|
|
|
|
|
|
|
pub fn to_serializable_unsigned_bridge_token(self) -> SerializableUnsignedBridgeToken {
|
|
|
|
|
SerializableUnsignedBridgeToken {
|
|
|
|
|
fingerprint: self.fingerprint,
|
|
|
|
|
country: self.country,
|
|
|
|
|
date: self.date,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Serializes the token, eliding the underlying process
|
|
|
|
|
pub fn to_bincode(self) -> Vec<u8> {
|
|
|
|
|
bincode::serialize(&self.to_serializable_unsigned_bridge_token()).unwrap()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Deserializes the token, eliding the underlying process
|
|
|
|
|
pub fn from_bincode(vec: Vec<u8>) -> Result<Self, PositiveReportError> {
|
|
|
|
|
match bincode::deserialize::<SerializableUnsignedBridgeToken>(&vec[..]) {
|
|
|
|
|
Ok(v) => v.to_unsigned_bridge_token(),
|
|
|
|
|
Err(_) => Err(PositiveReportError::FailedToDeserialize),
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-02-07 18:35:53 -05:00
|
|
|
}
|
|
|
|
|
|
2024-02-21 03:09:34 -05:00
|
|
|
/// (De)serializable unsigned bridge token object which must be consumed by the
|
|
|
|
|
/// checking function before it can be used
|
2024-02-07 18:35:53 -05:00
|
|
|
#[derive(Serialize, Deserialize)]
|
2024-02-21 03:09:34 -05:00
|
|
|
pub struct SerializableUnsignedBridgeToken {
|
|
|
|
|
pub fingerprint: [u8; 20],
|
|
|
|
|
pub country: String,
|
|
|
|
|
pub date: u32,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl SerializableUnsignedBridgeToken {
|
|
|
|
|
pub fn to_unsigned_bridge_token(self) -> Result<UnsignedBridgeToken, PositiveReportError> {
|
|
|
|
|
if self.country == ""
|
|
|
|
|
|| !COUNTRY_CODES.contains(self.country.as_str())
|
|
|
|
|
|| self.date > get_date().into()
|
|
|
|
|
{
|
|
|
|
|
return Err(PositiveReportError::InvalidBridgeToken);
|
|
|
|
|
}
|
|
|
|
|
Ok(UnsignedBridgeToken {
|
|
|
|
|
fingerprint: self.fingerprint,
|
|
|
|
|
country: self.country,
|
|
|
|
|
date: self.date,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// A signed token which indicates that the bridge was reached
|
2024-02-07 18:35:53 -05:00
|
|
|
pub struct BridgeToken {
|
|
|
|
|
/// the unsigned version of this token
|
|
|
|
|
pub unsigned_bridge_token: UnsignedBridgeToken,
|
2024-02-25 17:42:30 -05:00
|
|
|
|
2024-02-07 18:35:53 -05:00
|
|
|
/// signature from bridge's ed25519 key
|
2024-02-21 03:09:34 -05:00
|
|
|
sig: Signature,
|
2024-02-07 18:35:53 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl BridgeToken {
|
|
|
|
|
pub fn new(unsigned_bridge_token: UnsignedBridgeToken, keypair: SigningKey) -> Self {
|
2024-02-21 03:09:34 -05:00
|
|
|
let bin = unsigned_bridge_token.to_bincode();
|
|
|
|
|
let sig = keypair.sign(&bin);
|
|
|
|
|
let unsigned_bridge_token = UnsignedBridgeToken::from_bincode(bin).unwrap();
|
2024-02-07 18:35:53 -05:00
|
|
|
Self {
|
|
|
|
|
unsigned_bridge_token,
|
|
|
|
|
sig,
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-02-21 03:09:34 -05:00
|
|
|
|
|
|
|
|
/// Convert bridge token to a serializable version
|
|
|
|
|
pub fn to_serializable_bridge_token(self) -> SerializableBridgeToken {
|
|
|
|
|
SerializableBridgeToken {
|
|
|
|
|
unsigned_bridge_token: self
|
|
|
|
|
.unsigned_bridge_token
|
|
|
|
|
.to_serializable_unsigned_bridge_token(),
|
|
|
|
|
sig: self.sig,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Serializes the bridge token, eliding the underlying process
|
|
|
|
|
pub fn to_json(self) -> String {
|
|
|
|
|
serde_json::to_string(&self.to_serializable_bridge_token()).unwrap()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Deserializes the bridge token, eliding the underlying process
|
|
|
|
|
pub fn from_json(str: String) -> Result<Self, PositiveReportError> {
|
|
|
|
|
match serde_json::from_str::<SerializableBridgeToken>(&str) {
|
|
|
|
|
Ok(v) => v.to_bridge_token(),
|
|
|
|
|
Err(_) => Err(PositiveReportError::InvalidBridgeToken),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// (De)serializable bridge token object which must be consumed by the
|
|
|
|
|
/// checking function before it can be used
|
|
|
|
|
#[derive(Serialize, Deserialize)]
|
|
|
|
|
pub struct SerializableBridgeToken {
|
|
|
|
|
pub unsigned_bridge_token: SerializableUnsignedBridgeToken,
|
|
|
|
|
sig: Signature,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl SerializableBridgeToken {
|
|
|
|
|
pub fn to_bridge_token(self) -> Result<BridgeToken, PositiveReportError> {
|
|
|
|
|
let unsigned_bridge_token = self.unsigned_bridge_token.to_unsigned_bridge_token()?;
|
|
|
|
|
Ok(BridgeToken {
|
|
|
|
|
unsigned_bridge_token: unsigned_bridge_token,
|
|
|
|
|
sig: self.sig,
|
|
|
|
|
})
|
|
|
|
|
}
|
2024-02-07 18:35:53 -05:00
|
|
|
}
|
