123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195 |
- use crate::{
- bridge_verification_info::BridgeVerificationInfo, get_date, BridgeDistributor, COUNTRY_CODES,
- };
- use curve25519_dalek::scalar::Scalar;
- use lox_library::{bridge_table::BridgeLine, cred::Lox};
- use serde::{Deserialize, Serialize};
- use sha1::{Digest, Sha1};
- use sha3::Sha3_256;
- #[derive(Debug)]
- pub enum NegativeReportError {
- DateInFuture,
- FailedToDeserialize, // couldn't deserialize to SerializableNegativeReport
- InvalidCountryCode,
- MissingCountryCode,
- }
- /// A report that the user was unable to connect to the bridge
- #[derive(Eq, PartialEq, Ord, PartialOrd)]
- pub struct NegativeReport {
- /// hashed fingerprint (SHA-1 hash of 20-byte bridge ID)
- pub fingerprint: [u8; 20],
- /// some way to prove knowledge of bridge
- bridge_pok: ProofOfBridgeKnowledge,
- /// user's country code
- pub country: String,
- /// today's Julian date
- pub date: u32,
- /// the bridge distributor, e.g., Lox, Https, or Moat
- pub distributor: BridgeDistributor,
- }
- impl NegativeReport {
- pub fn new(
- bridge_id: [u8; 20],
- bridge_pok: ProofOfBridgeKnowledge,
- country: String,
- distributor: BridgeDistributor,
- ) -> Self {
- let mut hasher = Sha1::new();
- hasher.update(bridge_id);
- let fingerprint: [u8; 20] = hasher.finalize().into();
- let date = get_date();
- Self {
- fingerprint,
- bridge_pok,
- country,
- date,
- distributor,
- }
- }
- pub fn from_bridgeline(
- bridgeline: BridgeLine,
- country: String,
- distributor: BridgeDistributor,
- ) -> Self {
- let bridge_pok =
- ProofOfBridgeKnowledge::HashOfBridgeLine(HashOfBridgeLine::new(&bridgeline));
- NegativeReport::new(bridgeline.fingerprint, bridge_pok, country, distributor)
- }
- pub fn from_lox_bucket(bridge_id: [u8; 20], bucket: Scalar, country: String) -> Self {
- let mut hasher = Sha3_256::new();
- hasher.update(bucket.to_bytes());
- let bucket_hash: [u8; 32] = hasher.finalize().into();
- let bridge_pok = ProofOfBridgeKnowledge::HashOfBucket(HashOfBucket { hash: bucket_hash });
- NegativeReport::new(bridge_id, bridge_pok, country, BridgeDistributor::Lox)
- }
- pub fn from_lox_credential(bridge_id: [u8; 20], cred: Lox, country: String) -> Self {
- NegativeReport::from_lox_bucket(bridge_id, cred.bucket, country)
- }
- /// Convert report to a serializable version
- pub fn to_serializable_report(self) -> SerializableNegativeReport {
- SerializableNegativeReport {
- fingerprint: self.fingerprint,
- bridge_pok: self.bridge_pok,
- country: self.country,
- date: self.date,
- distributor: self.distributor,
- }
- }
- /// Serializes the report, eliding the underlying process
- pub fn to_json(self) -> String {
- serde_json::to_string(&self.to_serializable_report()).unwrap()
- }
- /// Deserializes the report, eliding the underlying process
- pub fn from_json(str: String) -> Result<Self, NegativeReportError> {
- match serde_json::from_str::<SerializableNegativeReport>(&str) {
- Ok(v) => v.to_report(),
- Err(_) => Err(NegativeReportError::FailedToDeserialize),
- }
- }
- /// Verify the report
- pub fn verify(self, bridge_info: &BridgeVerificationInfo) -> bool {
- match self.bridge_pok {
- ProofOfBridgeKnowledge::HashOfBridgeLine(pok) => {
- let hash = HashOfBridgeLine::new(&bridge_info.bridge_line);
- hash == pok
- }
- ProofOfBridgeKnowledge::HashOfBucket(pok) => {
- for b in &bridge_info.buckets {
- let hash = HashOfBucket::new(&b);
- if hash == pok {
- return true;
- }
- }
- false
- }
- }
- }
- }
- /// (De)serializable negative report object which must be consumed by the
- /// checking function before it can be used
- #[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
- pub struct SerializableNegativeReport {
- pub fingerprint: [u8; 20],
- bridge_pok: ProofOfBridgeKnowledge,
- pub country: String,
- pub date: u32,
- pub distributor: BridgeDistributor,
- }
- impl SerializableNegativeReport {
- pub fn to_report(self) -> Result<NegativeReport, NegativeReportError> {
- if self.country == "" {
- return Err(NegativeReportError::MissingCountryCode);
- }
- if !COUNTRY_CODES.contains(self.country.as_str()) {
- return Err(NegativeReportError::InvalidCountryCode);
- }
- if self.date > get_date().into() {
- return Err(NegativeReportError::DateInFuture);
- }
- Ok(NegativeReport {
- fingerprint: self.fingerprint,
- bridge_pok: self.bridge_pok,
- country: self.country.to_string(),
- date: self.date.try_into().unwrap(),
- distributor: self.distributor,
- })
- }
- }
- /// Proof that the user knows (and should be able to access) a given bridge
- #[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
- pub enum ProofOfBridgeKnowledge {
- /// Hash of bridge line as proof of knowledge of bridge line
- HashOfBridgeLine(HashOfBridgeLine),
- /// Hash of bucket ID for Lox user
- HashOfBucket(HashOfBucket),
- }
- /// Hash of bridge line to prove knowledge of that bridge
- #[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
- pub struct HashOfBridgeLine {
- hash: [u8; 32],
- }
- impl HashOfBridgeLine {
- pub fn new(bl: &BridgeLine) -> Self {
- let mut hasher = Sha3_256::new();
- hasher.update(bincode::serialize(&bl).unwrap());
- let hash: [u8; 32] = hasher.finalize().into();
- Self { hash }
- }
- }
- /// Hash of bucket ID to prove knowledge of bridges in that bucket
- #[derive(Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
- pub struct HashOfBucket {
- hash: [u8; 32],
- }
- impl HashOfBucket {
- pub fn new(bucket: &Scalar) -> Self {
- let mut hasher = Sha3_256::new();
- hasher.update(bucket.to_bytes());
- let hash: [u8; 32] = hasher.finalize().into();
- Self { hash }
- }
- }
|