vecna
/
troll-patrol
mirror of https://git-crysp.uwaterloo.ca/vvecna/troll-patrol.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: vecna:d971e420a2f5c495158520af1d68488910162b68
Branches Tags
vecna:main
vecna:analysis
...
compare: vecna:50ce57765db3335a0bfd933b1aa3c25b88e64497
Branches Tags
vecna:main
vecna:analysis

2 Commits
d971e420a2 ... 50ce57765d

Author SHA1 Message Date
Vecna 50ce57765d Add verify functions for NRs 2024-02-21 03:38:55 -05:00
Vecna 98fe935d7a Check bridge token fields when deserializing 2024-02-21 03:09:34 -05:00
2 changed files with 142 additions and 15 deletions
Show Stats Expand all files Collapse all files

28
src/negative_report.rs
View File

@ -42,7 +42,7 @@ impl NegativeReport {
pub fn from_bridgeline(bridge_id: [u8; 20], bridgeline: BridgeLine, country: String) -> Self { pub fn from_bridgeline(bridge_id: [u8; 20], bridgeline: BridgeLine, country: String) -> Self {
let bridge_pok = let bridge_pok =
ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(bridgeline)); ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(&bridgeline));
NegativeReport::new(bridge_id, bridge_pok, country) NegativeReport::new(bridge_id, bridge_pok, country)
} }
@ -80,6 +80,28 @@ impl NegativeReport {
Err(_) => Err(NegativeReportError::FailedToDeserialize), Err(_) => Err(NegativeReportError::FailedToDeserialize),
} }
} }
/// Verify report if proof of bridge knowledge is bridge line hash
pub fn verify_with_hash_of_bridge_line(self, bl: &BridgeLine) -> bool {
match self.bridge_pok {
ProofOfBridgeKnowledge::HashOfBridgeLine(pok) => {
let hash = HashOfBridgeLine::new(bl);
hash == pok
},
_ => false,
}
}
/// Verify report if proof of bridge knowledge is bucket hash
pub fn verify_with_hash_of_bucket(self, bucket: &Scalar) -> bool {
match self.bridge_pok {
ProofOfBridgeKnowledge::HashOfBucket(pok) => {
let hash = HashOfBucket::new(bucket);
hash == pok
},
_ => false,
}
}
} }
/// (De)serializable negative report object which must be consumed by the /// (De)serializable negative report object which must be consumed by the
@ -125,7 +147,7 @@ pub struct HashOfBridgeLine {
} }
impl HashOfBridgeLine { impl HashOfBridgeLine {
pub fn new(bl: BridgeLine) -> Self { pub fn new(bl: &BridgeLine) -> Self {
let mut hasher = Sha3_256::new(); let mut hasher = Sha3_256::new();
hasher.update(bincode::serialize(&bl).unwrap()); hasher.update(bincode::serialize(&bl).unwrap());
let hash: [u8; 32] = hasher.finalize().into(); let hash: [u8; 32] = hasher.finalize().into();
@ -140,7 +162,7 @@ pub struct HashOfBucket {
} }
impl HashOfBucket { impl HashOfBucket {
pub fn new(bucket: Scalar) -> Self { pub fn new(bucket: &Scalar) -> Self {
let mut hasher = Sha3_256::new(); let mut hasher = Sha3_256::new();
hasher.update(bucket.to_bytes()); hasher.update(bucket.to_bytes());
let hash: [u8; 32] = hasher.finalize().into(); let hash: [u8; 32] = hasher.finalize().into();

129
src/positive_report.rs
View File

@ -1,9 +1,6 @@
// For Lox-related code where points are uppercase and scalars are lowercase // For Lox-related code where points are uppercase and scalars are lowercase
#![allow(non_snake_case)] #![allow(non_snake_case)]
// TODO: Make SerializableBridgeToken, check its fields while deserializing,
// check that its fields match the report's fields while deserializing a report
use crate::{get_date, CONFIG, COUNTRY_CODES}; use crate::{get_date, CONFIG, COUNTRY_CODES};
use curve25519_dalek::Scalar; use curve25519_dalek::Scalar;
@ -17,6 +14,7 @@ use std::option::Option;
pub enum PositiveReportError { pub enum PositiveReportError {
DateInFuture, DateInFuture,
FailedToDeserialize, // couldn't deserialize to SerializablePositiveReport FailedToDeserialize, // couldn't deserialize to SerializablePositiveReport
InvalidBridgeToken,
InvalidCountryCode, InvalidCountryCode,
MissingBridgeToken, MissingBridgeToken,
MissingCountryCode, MissingCountryCode,
@ -72,9 +70,14 @@ impl PositiveReport {
/// Convert report to a serializable version /// Convert report to a serializable version
pub fn to_serializable_report(self) -> SerializablePositiveReport { pub fn to_serializable_report(self) -> SerializablePositiveReport {
let bridge_token = if self.bridge_token.is_none() {
None
} else {
Some(self.bridge_token.unwrap().to_serializable_bridge_token())
};
SerializablePositiveReport { SerializablePositiveReport {
fingerprint: self.fingerprint, fingerprint: self.fingerprint,
bridge_token: self.bridge_token, bridge_token: bridge_token,
lox_proof: self.lox_proof, lox_proof: self.lox_proof,
country: self.country, country: self.country,
date: self.date, date: self.date,
@ -97,7 +100,7 @@ impl PositiveReport {
/// Verify everything except the Lox proof. /// Verify everything except the Lox proof.
/// Parameters: /// Parameters:
/// - The bucket ID for the bucket containing this bridge /// - The bucket ID for the bucket containing this bridge
/// - The bridge verifying key for this bridge /// - The bridge verifying key for this bridge (if bridge token is required)
/// These parameters are assumed to be correct and are NOT checked against /// These parameters are assumed to be correct and are NOT checked against
/// the fingerprint listed in the report. /// the fingerprint listed in the report.
pub fn verify_excluding_lox_proof( pub fn verify_excluding_lox_proof(
@ -114,7 +117,7 @@ impl PositiveReport {
if bridge_key if bridge_key
.unwrap() .unwrap()
.verify( .verify(
&bincode::serialize(&bridge_token.unsigned_bridge_token).unwrap(), &bridge_token.unsigned_bridge_token.to_bincode(),
&bridge_token.sig, &bridge_token.sig,
) )
.is_err() .is_err()
@ -137,7 +140,7 @@ impl PositiveReport {
#[derive(Deserialize, Serialize)] #[derive(Deserialize, Serialize)]
pub struct SerializablePositiveReport { pub struct SerializablePositiveReport {
pub fingerprint: [u8; 20], pub fingerprint: [u8; 20],
bridge_token: Option<BridgeToken>, bridge_token: Option<SerializableBridgeToken>,
lox_proof: lox_pr::Request, lox_proof: lox_pr::Request,
pub country: String, pub country: String,
pub date: u32, pub date: u32,
@ -145,6 +148,7 @@ pub struct SerializablePositiveReport {
impl SerializablePositiveReport { impl SerializablePositiveReport {
pub fn to_report(self) -> Result<PositiveReport, PositiveReportError> { pub fn to_report(self) -> Result<PositiveReport, PositiveReportError> {
// Check that fields are valid
if CONFIG.require_bridge_token && self.bridge_token.is_none() { if CONFIG.require_bridge_token && self.bridge_token.is_none() {
return Err(PositiveReportError::MissingBridgeToken); return Err(PositiveReportError::MissingBridgeToken);
} }
@ -157,9 +161,23 @@ impl SerializablePositiveReport {
if self.date > get_date().into() { if self.date > get_date().into() {
return Err(PositiveReportError::DateInFuture); return Err(PositiveReportError::DateInFuture);
} }
let bridge_token = if self.bridge_token.is_none() {
None
} else {
let bridge_token_unchecked = self.bridge_token.unwrap().to_bridge_token()?;
// Check that bridge token fields match report fields...
// The user may override the bridge's autodetected country code,
// so allow the country code to be different.
if self.fingerprint != bridge_token_unchecked.unsigned_bridge_token.fingerprint
|| self.date != bridge_token_unchecked.unsigned_bridge_token.date
{
return Err(PositiveReportError::InvalidBridgeToken);
}
Some(bridge_token_unchecked)
};
Ok(PositiveReport { Ok(PositiveReport {
fingerprint: self.fingerprint, fingerprint: self.fingerprint,
bridge_token: self.bridge_token, bridge_token: bridge_token,
lox_proof: self.lox_proof, lox_proof: self.lox_proof,
country: self.country, country: self.country,
date: self.date, date: self.date,
@ -168,7 +186,6 @@ impl SerializablePositiveReport {
} }
/// An unsigned token which indicates that the bridge was reached /// An unsigned token which indicates that the bridge was reached
#[derive(Serialize, Deserialize)]
pub struct UnsignedBridgeToken { pub struct UnsignedBridgeToken {
/// hashed fingerprint (SHA-1 hash of 20-byte bridge ID) /// hashed fingerprint (SHA-1 hash of 20-byte bridge ID)
pub fingerprint: [u8; 20], pub fingerprint: [u8; 20],
@ -190,23 +207,111 @@ impl UnsignedBridgeToken {
date, date,
} }
} }
pub fn to_serializable_unsigned_bridge_token(self) -> SerializableUnsignedBridgeToken {
SerializableUnsignedBridgeToken {
fingerprint: self.fingerprint,
country: self.country,
date: self.date,
}
}
/// Serializes the token, eliding the underlying process
pub fn to_bincode(self) -> Vec<u8> {
bincode::serialize(&self.to_serializable_unsigned_bridge_token()).unwrap()
}
/// Deserializes the token, eliding the underlying process
pub fn from_bincode(vec: Vec<u8>) -> Result<Self, PositiveReportError> {
match bincode::deserialize::<SerializableUnsignedBridgeToken>(&vec[..]) {
Ok(v) => v.to_unsigned_bridge_token(),
Err(_) => Err(PositiveReportError::FailedToDeserialize),
}
}
}
/// (De)serializable unsigned bridge token object which must be consumed by the
/// checking function before it can be used
#[derive(Serialize, Deserialize)]
pub struct SerializableUnsignedBridgeToken {
pub fingerprint: [u8; 20],
pub country: String,
pub date: u32,
}
impl SerializableUnsignedBridgeToken {
pub fn to_unsigned_bridge_token(self) -> Result<UnsignedBridgeToken, PositiveReportError> {
if self.country == ""
|| !COUNTRY_CODES.contains(self.country.as_str())
|| self.date > get_date().into()
{
return Err(PositiveReportError::InvalidBridgeToken);
}
Ok(UnsignedBridgeToken {
fingerprint: self.fingerprint,
country: self.country,
date: self.date,
})
}
} }
/// A signed token which indicates that the bridge was reached /// A signed token which indicates that the bridge was reached
#[derive(Serialize, Deserialize)]
pub struct BridgeToken { pub struct BridgeToken {
/// the unsigned version of this token /// the unsigned version of this token
pub unsigned_bridge_token: UnsignedBridgeToken, pub unsigned_bridge_token: UnsignedBridgeToken,
/// signature from bridge's ed25519 key /// signature from bridge's ed25519 key
pub sig: Signature, sig: Signature,
} }
impl BridgeToken { impl BridgeToken {
pub fn new(unsigned_bridge_token: UnsignedBridgeToken, keypair: SigningKey) -> Self { pub fn new(unsigned_bridge_token: UnsignedBridgeToken, keypair: SigningKey) -> Self {
let sig = keypair.sign(&bincode::serialize(&unsigned_bridge_token).unwrap()); let bin = unsigned_bridge_token.to_bincode();
let sig = keypair.sign(&bin);
let unsigned_bridge_token = UnsignedBridgeToken::from_bincode(bin).unwrap();
Self { Self {
unsigned_bridge_token, unsigned_bridge_token,
sig, sig,
} }
} }
/// Convert bridge token to a serializable version
pub fn to_serializable_bridge_token(self) -> SerializableBridgeToken {
SerializableBridgeToken {
unsigned_bridge_token: self
.unsigned_bridge_token
.to_serializable_unsigned_bridge_token(),
sig: self.sig,
}
}
/// Serializes the bridge token, eliding the underlying process
pub fn to_json(self) -> String {
serde_json::to_string(&self.to_serializable_bridge_token()).unwrap()
}
/// Deserializes the bridge token, eliding the underlying process
pub fn from_json(str: String) -> Result<Self, PositiveReportError> {
match serde_json::from_str::<SerializableBridgeToken>(&str) {
Ok(v) => v.to_bridge_token(),
Err(_) => Err(PositiveReportError::InvalidBridgeToken),
}
}
}
/// (De)serializable bridge token object which must be consumed by the
/// checking function before it can be used
#[derive(Serialize, Deserialize)]
pub struct SerializableBridgeToken {
pub unsigned_bridge_token: SerializableUnsignedBridgeToken,
sig: Signature,
}
impl SerializableBridgeToken {
pub fn to_bridge_token(self) -> Result<BridgeToken, PositiveReportError> {
let unsigned_bridge_token = self.unsigned_bridge_token.to_unsigned_bridge_token()?;
Ok(BridgeToken {
unsigned_bridge_token: unsigned_bridge_token,
sig: self.sig,
})
}
} }