192 lines
6.0 KiB
Rust
192 lines
6.0 KiB
Rust
use crate::{bridge_info::BridgeInfo, get_date, BridgeDistributor, COUNTRY_CODES};
|
|
|
|
use curve25519_dalek::scalar::Scalar;
|
|
use lox_library::{bridge_table::BridgeLine, cred::Lox};
|
|
|
|
use serde::{Deserialize, Serialize};
|
|
use sha1::{Digest, Sha1};
|
|
use sha3::Sha3_256;
|
|
|
|
#[derive(Debug)]
|
|
pub enum NegativeReportError {
|
|
DateInFuture,
|
|
FailedToDeserialize, // couldn't deserialize to SerializableNegativeReport
|
|
InvalidCountryCode,
|
|
MissingCountryCode,
|
|
}
|
|
|
|
/// A report that the user was unable to connect to the bridge
|
|
#[derive(Eq, PartialEq, Ord, PartialOrd)]
|
|
pub struct NegativeReport {
|
|
/// hashed fingerprint (SHA-1 hash of 20-byte bridge ID)
|
|
pub fingerprint: [u8; 20],
|
|
|
|
/// some way to prove knowledge of bridge
|
|
bridge_pok: ProofOfBridgeKnowledge,
|
|
|
|
/// user's country code
|
|
pub country: String,
|
|
|
|
/// today's Julian date
|
|
pub date: u32,
|
|
|
|
/// the bridge distributor, e.g., Lox, Https, or Moat
|
|
pub distributor: BridgeDistributor,
|
|
}
|
|
|
|
impl NegativeReport {
|
|
pub fn new(
|
|
bridge_id: [u8; 20],
|
|
bridge_pok: ProofOfBridgeKnowledge,
|
|
country: String,
|
|
distributor: BridgeDistributor,
|
|
) -> Self {
|
|
let mut hasher = Sha1::new();
|
|
hasher.update(bridge_id);
|
|
let fingerprint: [u8; 20] = hasher.finalize().into();
|
|
let date = get_date();
|
|
Self {
|
|
fingerprint,
|
|
bridge_pok,
|
|
country,
|
|
date,
|
|
distributor,
|
|
}
|
|
}
|
|
|
|
pub fn from_bridgeline(
|
|
bridgeline: BridgeLine,
|
|
country: String,
|
|
distributor: BridgeDistributor,
|
|
) -> Self {
|
|
let bridge_pok =
|
|
ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(&bridgeline));
|
|
NegativeReport::new(bridgeline.fingerprint, bridge_pok, country, distributor)
|
|
}
|
|
|
|
pub fn from_lox_bucket(bridge_id: [u8; 20], bucket: Scalar, country: String) -> Self {
|
|
let mut hasher = Sha3_256::new();
|
|
hasher.update(bucket.to_bytes());
|
|
let bucket_hash: [u8; 32] = hasher.finalize().into();
|
|
let bridge_pok = ProofOfBridgeKnowledge::HashOfBucket(HashOfBucket { hash: bucket_hash });
|
|
NegativeReport::new(bridge_id, bridge_pok, country, BridgeDistributor::Lox)
|
|
}
|
|
|
|
pub fn from_lox_credential(bridge_id: [u8; 20], cred: Lox, country: String) -> Self {
|
|
NegativeReport::from_lox_bucket(bridge_id, cred.bucket, country)
|
|
}
|
|
|
|
/// Convert report to a serializable version
|
|
pub fn to_serializable_report(self) -> SerializableNegativeReport {
|
|
SerializableNegativeReport {
|
|
fingerprint: self.fingerprint,
|
|
bridge_pok: self.bridge_pok,
|
|
country: self.country,
|
|
date: self.date,
|
|
distributor: self.distributor,
|
|
}
|
|
}
|
|
|
|
/// Serializes the report, eliding the underlying process
|
|
pub fn to_json(self) -> String {
|
|
serde_json::to_string(&self.to_serializable_report()).unwrap()
|
|
}
|
|
|
|
/// Deserializes the report, eliding the underlying process
|
|
pub fn from_json(str: String) -> Result<Self, NegativeReportError> {
|
|
match serde_json::from_str::<SerializableNegativeReport>(&str) {
|
|
Ok(v) => v.to_report(),
|
|
Err(_) => Err(NegativeReportError::FailedToDeserialize),
|
|
}
|
|
}
|
|
|
|
/// Verify the report
|
|
pub fn verify(self, bridge_info: &BridgeInfo) -> bool {
|
|
match self.bridge_pok {
|
|
ProofOfBridgeKnowledge::HashOfBridgeLine(pok) => {
|
|
let hash = HashOfBridgeLine::new(&bridge_info.bridge_line);
|
|
hash == pok
|
|
}
|
|
ProofOfBridgeKnowledge::HashOfBucket(pok) => match bridge_info.bucket {
|
|
Some(b) => {
|
|
let hash = HashOfBucket::new(&b);
|
|
hash == pok
|
|
}
|
|
None => false,
|
|
},
|
|
}
|
|
}
|
|
}
|
|
|
|
/// (De)serializable negative report object which must be consumed by the
|
|
/// checking function before it can be used
|
|
#[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
|
|
pub struct SerializableNegativeReport {
|
|
pub fingerprint: [u8; 20],
|
|
bridge_pok: ProofOfBridgeKnowledge,
|
|
pub country: String,
|
|
pub date: u32,
|
|
pub distributor: BridgeDistributor,
|
|
}
|
|
|
|
impl SerializableNegativeReport {
|
|
pub fn to_report(self) -> Result<NegativeReport, NegativeReportError> {
|
|
if self.country == "" {
|
|
return Err(NegativeReportError::MissingCountryCode);
|
|
}
|
|
if !COUNTRY_CODES.contains(self.country.as_str()) {
|
|
return Err(NegativeReportError::InvalidCountryCode);
|
|
}
|
|
if self.date > get_date().into() {
|
|
return Err(NegativeReportError::DateInFuture);
|
|
}
|
|
Ok(NegativeReport {
|
|
fingerprint: self.fingerprint,
|
|
bridge_pok: self.bridge_pok,
|
|
country: self.country.to_string(),
|
|
date: self.date.try_into().unwrap(),
|
|
distributor: self.distributor,
|
|
})
|
|
}
|
|
}
|
|
|
|
/// Proof that the user knows (and should be able to access) a given bridge
|
|
#[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
|
|
pub enum ProofOfBridgeKnowledge {
|
|
/// Hash of bridge line as proof of knowledge of bridge line
|
|
HashOfBridgeLine(HashOfBridgeLine),
|
|
|
|
/// Hash of bucket ID for Lox user
|
|
HashOfBucket(HashOfBucket),
|
|
}
|
|
|
|
/// Hash of bridge line to prove knowledge of that bridge
|
|
#[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
|
|
pub struct HashOfBridgeLine {
|
|
hash: [u8; 32],
|
|
}
|
|
|
|
impl HashOfBridgeLine {
|
|
pub fn new(bl: &BridgeLine) -> Self {
|
|
let mut hasher = Sha3_256::new();
|
|
hasher.update(bincode::serialize(&bl).unwrap());
|
|
let hash: [u8; 32] = hasher.finalize().into();
|
|
Self { hash }
|
|
}
|
|
}
|
|
|
|
/// Hash of bucket ID to prove knowledge of bridges in that bucket
|
|
#[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
|
|
pub struct HashOfBucket {
|
|
hash: [u8; 32],
|
|
}
|
|
|
|
impl HashOfBucket {
|
|
pub fn new(bucket: &Scalar) -> Self {
|
|
let mut hasher = Sha3_256::new();
|
|
hasher.update(bucket.to_bytes());
|
|
let hash: [u8; 32] = hasher.finalize().into();
|
|
Self { hash }
|
|
}
|
|
}
|