|
@@ -20,6 +20,7 @@ use std::{
|
|
|
collections::{BTreeMap, HashMap, HashSet},
|
|
|
sync::{Arc, Mutex},
|
|
|
};
|
|
|
+use x25519_dalek::{PublicKey, StaticSecret};
|
|
|
|
|
|
struct TestHarness {
|
|
|
bdb: BridgeDb,
|
|
@@ -333,6 +334,7 @@ fn test_negative_reports() {
|
|
|
assert!(!invalid_report_5.verify(&bridge_info_2));
|
|
|
|
|
|
// Test that reports with duplicate nonces are rejected
|
|
|
+ // (Also test encryption and decryption.)
|
|
|
|
|
|
// Open test database
|
|
|
let db: Db = sled::open("test_db").unwrap();
|
|
@@ -354,6 +356,24 @@ fn test_negative_reports() {
|
|
|
BridgeDistributor::Lox,
|
|
|
);
|
|
|
|
|
|
+ let valid_report_1_copy_1 = NegativeReport::new(
|
|
|
+ bridges[0].fingerprint,
|
|
|
+ ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(&bridges[0], date, nonce)),
|
|
|
+ "ru".to_string(),
|
|
|
+ date,
|
|
|
+ nonce,
|
|
|
+ BridgeDistributor::Lox,
|
|
|
+ );
|
|
|
+
|
|
|
+ let valid_report_1_copy_2 = NegativeReport::new(
|
|
|
+ bridges[0].fingerprint,
|
|
|
+ ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(&bridges[0], date, nonce)),
|
|
|
+ "ru".to_string(),
|
|
|
+ date,
|
|
|
+ nonce,
|
|
|
+ BridgeDistributor::Lox,
|
|
|
+ );
|
|
|
+
|
|
|
// Report which reuses this nonce
|
|
|
let invalid_report_1 = NegativeReport::new(
|
|
|
bridges[0].fingerprint,
|
|
@@ -410,13 +430,40 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, valid_report_1);
|
|
|
+
|
|
|
+ // Generate key for today
|
|
|
+ let secret = StaticSecret::random_from_rng(&mut rng);
|
|
|
+ let public = PublicKey::from(&secret);
|
|
|
+ let secret_yesterday = StaticSecret::random_from_rng(&mut rng);
|
|
|
+ let public_yesterday = PublicKey::from(&secret_yesterday);
|
|
|
+ assert!(!db.contains_key("nr-keys").unwrap());
|
|
|
+
|
|
|
+ // Fail to add to database because we can't decrypt
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_1_copy_1.encrypt(&public));
|
|
|
+ assert!(!db.contains_key("nrs-to-process").unwrap());
|
|
|
+
|
|
|
+ // Store yesterday's key but not today's
|
|
|
+ let mut nr_keys = BTreeMap::<u32, StaticSecret>::new();
|
|
|
+ nr_keys.insert(date - 1, secret_yesterday);
|
|
|
+ db.insert("nr-keys", bincode::serialize(&nr_keys).unwrap())
|
|
|
+ .unwrap();
|
|
|
+
|
|
|
+ // Fail to add to database because we still can't decrypt
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_1_copy_2.encrypt(&public));
|
|
|
+ assert!(!db.contains_key("nrs-to-process").unwrap());
|
|
|
+
|
|
|
+ // Store today's key
|
|
|
+ nr_keys.insert(date, secret);
|
|
|
+ db.insert("nr-keys", bincode::serialize(&nr_keys).unwrap())
|
|
|
+ .unwrap();
|
|
|
+
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_1.encrypt(&public));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|
|
|
assert_eq!(negative_reports.len(), 1);
|
|
|
|
|
|
- save_negative_report_to_process(&db, invalid_report_1); // no change
|
|
|
+ handle_encrypted_negative_report(&db, invalid_report_1.encrypt(&public)); // no change
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|
|
@@ -428,7 +475,7 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, invalid_report_2); // no change
|
|
|
+ handle_encrypted_negative_report(&db, invalid_report_2.encrypt(&public)); // no change
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
assert!(!nrs_to_process.contains_key(&map_key_2));
|
|
@@ -439,13 +486,13 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date - 1
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, valid_report_2);
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_2.encrypt(&public_yesterday));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_3).unwrap();
|
|
|
assert_eq!(negative_reports.len(), 1);
|
|
|
|
|
|
- save_negative_report_to_process(&db, valid_report_3);
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_3.encrypt(&public));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|
|
@@ -457,6 +504,10 @@ fn test_negative_reports() {
|
|
|
db.clear().unwrap();
|
|
|
assert!(!db.contains_key("nrs-to-process").unwrap());
|
|
|
|
|
|
+ // Re-generate keys and save in database
|
|
|
+ let public = new_negative_report_key(&db, date).unwrap();
|
|
|
+ let public_yesterday = new_negative_report_key(&db, date - 1).unwrap();
|
|
|
+
|
|
|
let mut nonce = [0; 32];
|
|
|
rng.fill_bytes(&mut nonce);
|
|
|
|
|
@@ -522,13 +573,13 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, valid_report_1);
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_1.encrypt(&public));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|
|
|
assert_eq!(negative_reports.len(), 1);
|
|
|
|
|
|
- save_negative_report_to_process(&db, invalid_report_1); // no change
|
|
|
+ handle_encrypted_negative_report(&db, invalid_report_1.encrypt(&public)); // no change
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|
|
@@ -540,7 +591,7 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, invalid_report_2); // no change
|
|
|
+ handle_encrypted_negative_report(&db, invalid_report_2.encrypt(&public)); // no change
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
assert!(!nrs_to_process.contains_key(&map_key_2));
|
|
@@ -551,13 +602,13 @@ fn test_negative_reports() {
|
|
|
"ru".to_string(),
|
|
|
date - 1
|
|
|
);
|
|
|
- save_negative_report_to_process(&db, valid_report_2);
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_2.encrypt(&public_yesterday));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_3).unwrap();
|
|
|
assert_eq!(negative_reports.len(), 1);
|
|
|
|
|
|
- save_negative_report_to_process(&db, valid_report_3);
|
|
|
+ handle_encrypted_negative_report(&db, valid_report_3.encrypt(&public));
|
|
|
let nrs_to_process: BTreeMap<String, Vec<SerializableNegativeReport>> =
|
|
|
bincode::deserialize(&db.get("nrs-to-process").unwrap().unwrap()).unwrap();
|
|
|
let negative_reports = nrs_to_process.get(&map_key_1).unwrap();
|