[SVS-2] Add encrypted affidavit to castRequestItem (#208)

* [SVS-2] Add encrypted affidavit to `castRequestItem` * [SVS-2] Add encrypted affidavit to `castRequestItem`, add changes to tests * [SVS-2] Update PoEC test * [SVS-2] Update how attachment is passed * [SVS-2] Update attachment outside CastRequestItem.content * [SVS-2] Add attachment after payload is signed. * [SVS-2] Fixing tests * [SVS-2] Updated test payloads * Update OTP replies for tests * Remove unused payloads * Add TODO comment * Ensure backward-compatibility Co-authored-by: Mateusz Michałowski <[email protected]>
aion-dk · Dec 1, 2022 · d67f0c6 · d67f0c6
1 parent d5c957b
commit d67f0c6
Show file tree

Hide file tree

Showing 21 changed files with 129 additions and 300 deletions.
diff --git a/.env b/.env
@@ -1,5 +1,5 @@
 DBB_URL="http://dbb:3003/"
 VOTER_AUTHORIZER_URL="http://voter-authorizer:3002/"
 CONFERENCE_HOST_URL="http://localhost:3016/"
-OTP_PROVIDER_URL="http://otp-provider:3001/"
+OTP_PROVIDER_URL="http://otp:3001/"
 MAILCATCHER_URL="http://mailcatcher:1080/"
diff --git a/lib/av_client.ts b/lib/av_client.ts
@@ -49,6 +49,8 @@ import { encryptCommitmentOpening, validateCommmitmentOpening } from './av_clien
 import { submitBallotCryptograms } from './av_client/actions/submit_ballot_cryptograms';
 import {AxiosResponse} from "axios";
 import { ProofOfElectionCodes } from "./av_client/crypto/proof_of_election_codes";
+import { dhEncrypt } from "./av_client/crypto/aes";
+import { btoa } from "buffer";
 
 /** @internal */
 export const sjcl = sjclLib;
@@ -343,7 +345,6 @@ export class AVClient implements IAVClient {
       this.privateKey(),
       this.getDbbPublicKey()
     );
-
     this.boardCommitment = boardCommitment;
     this.serverEnvelopes = serverEnvelopes;
 
@@ -382,7 +383,7 @@ export class AVClient implements IAVClient {
    * ```
    * @throws {@link NetworkError | NetworkError } if any request failed to get a response
    */
-    public async castBallot(_affidavit?: Affidavit): Promise<BallotBoxReceipt> {
+    public async castBallot(affidavit?: Affidavit): Promise<BallotBoxReceipt> {
       if(!(this.voterSession)) {
         throw new InvalidStateError('Cannot create cast request cryptograms. Ballot cryptograms not present')
       }
@@ -393,11 +394,26 @@ export class AVClient implements IAVClient {
           content: {}
       };
 
+      let encryptedAffidavit;
+
+      if (affidavit && this.electionConfig && this.electionConfig.castRequestItemAttachmentEncryptionKey) {
+        try {
+          encryptedAffidavit = dhEncrypt(this.electionConfig.castRequestItemAttachmentEncryptionKey, affidavit).toString()
+
+          castRequestItem.content['attachment'] = sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(encryptedAffidavit))
+        } catch (err) {
+          console.error(err)
+        }
+      }
+
       const signedPayload = signPayload(castRequestItem, this.privateKey());
 
+      if (encryptedAffidavit) {
+        signedPayload['attachment'] = `data:text/plain;base64,${btoa(encryptedAffidavit)}`
+      }
+
       const response = (await this.bulletinBoard.submitCastRequest(signedPayload));
       const { castRequest, receipt } = response.data;
-
 
       validatePayload(castRequest, castRequestItem);
       validateReceipt([castRequest], receipt, this.getDbbPublicKey());

diff --git a/lib/av_client/types.ts b/lib/av_client/types.ts
@@ -271,6 +271,9 @@ export interface ElectionConfig {
   // appended data:
   affidavit: AffidavitConfig;
 
+  // NOTE: It's fake until js-client will start using config/latest_config endpoint
+  castRequestItemAttachmentEncryptionKey: string;
+
   services: {
     'voterAuthorizer': VAService,
     'otpProvider': Service

diff --git a/package.json b/package.json
@@ -12,6 +12,7 @@
   "homepage": "https://aion-dk.github.io/js-client/",
   "scripts": {
     "test": "mocha --require ts-node/register/transpile-only --require source-map-support/register --recursive --extension ts ./test/*.test.ts ./test/**/*.test.ts",
+    "test:walkthrough": "mocha --require ts-node/register/transpile-only --require source-map-support/register --recursive --extension ts ./test/walkthrough.test.ts",
     "coverage": "tsc && nyc --reporter=json-summary --reporter=text yarn test",
     "tdd": "mocha --require ts-node/register/transpile-only --require source-map-support/register --extension ts ./test/**/*.test.ts --watch --watch-files test/**/*.ts,lib/**/*.ts",
     "docs": "typedoc --plugin none --out docs --includes test/",

diff --git a/test/replies/benaloh_flow/http_dbb_3003/get__us_configuration.json b/test/replies/benaloh_flow/http_dbb_3003/get__us_configuration.json
@@ -24,7 +24,7 @@
       "otpProvider": {
         "electionContextUuid": "468d1fbb-a53e-42f8-9d43-37be9e72ea7f",
         "publicKey": "02c31776fd23004646a5e6554c7fc3087f1f1f23bcfab791e01256655cfc8b78a5",
-        "url": "http://otp-provider:3001/"
+        "url": "http://otp:3001/"
       }
     },
     "ballotConfigs": {
@@ -135,4 +135,4 @@
     "bcTimeout": 10
   },
   "receipt": "44d417eae17effe4fb2a7573a839acfe95f430498a01cd8e44978d2542364907,726716ae59eb16d9f74af7a0e62022faa2b0d6731f2b5022782f3ce67dd6e880"
-}
+}
diff --git a/...tp_otp-provider_3001/post__authorize.json → ...h_flow/http_otp_3001/post__authorize.json b/...tp_otp-provider_3001/post__authorize.json → ...h_flow/http_otp_3001/post__authorize.json
diff --git a/test/replies/otp_flow/get_2904b00f_5abcbf894df3_58_configuration.json b/test/replies/otp_flow/get_2904b00f_5abcbf894df3_58_configuration.json
diff --git a/test/replies/otp_flow/get_us_configuration.json b/test/replies/otp_flow/get_us_configuration.json
@@ -1,53 +1,56 @@
 {
   "electionConfig": {
-    "dbbPublicKey": "035b71d909318bc8c7f9e3ffc8e39942b721e18ecfa972de644afd178ae006b68e",
-    "encryptionKey": "02df80789b2713ae89c33cb877ce2c2e09b81e33c22d6cfdebc9b352598005661c",
+    "electionTitle": {
+      "en": "Some US Election"
+    },
+    "dbbPublicKey": "03e00c01f8f7601f3ab41e32b11072a1e06d4fb743a382b2de1515f3c11d9ac103",
+    "encryptionKey": "039b810cdd75129ad08422c588b07c2e3458ff6081a93295aecb5708907daa5b3e",
     "thresholdConfig": {
-      "encryptionKey": "02df80789b2713ae89c33cb877ce2c2e09b81e33c22d6cfdebc9b352598005661c",
+      "encryptionKey": "039b810cdd75129ad08422c588b07c2e3458ff6081a93295aecb5708907daa5b3e",
       "threshold": 1,
       "trustees": [
         {
-          "publicKey": "02df80789b2713ae89c33cb877ce2c2e09b81e33c22d6cfdebc9b352598005661c",
-          "id": 4,
+          "publicKey": "039b810cdd75129ad08422c588b07c2e3458ff6081a93295aecb5708907daa5b3e",
+          "id": 1,
           "polynomialCoefficients": []
         }
       ]
     },
     "curveName": "secp256k1",
     "services": {
       "voterAuthorizer": {
-        "electionContextUuid": "189d0f1d-5d2a-4a66-aaae-187b6f1afc73",
-        "publicKey": "02579060d0612d762f21736a30e6f38ba0352377d6d8cce09f95d535c22336381b",
+        "electionContextUuid": "aece3bc0-aeb8-48c5-9d6e-76d1def60207",
+        "publicKey": "0310365b9f30e9b393e606efdd85f98af8e398dedb8909ef19c14117c7759ccf29",
         "url": "http://voter-authorizer:3002/",
         "authorizationMode": "proof-of-identity"
       },
       "otpProvider": {
-        "electionContextUuid": "468d1fbb-a53e-42f8-9d43-37be9e72ea7f",
-        "publicKey": "02c31776fd23004646a5e6554c7fc3087f1f1f23bcfab791e01256655cfc8b78a5",
-        "url": "http://otp-provider:3001/"
+        "electionContextUuid": "7f5a5d64-882c-4562-826b-6f9091615c5b",
+        "publicKey": "02a5c0f01ec0fbb692647484685a1f2b8482c0a62ad93d1d1a972e4f2546ba17c4",
+        "url": "http://otp:3001/"
       }
     },
     "ballotConfigs": {
-      "precinct_4_bedrock": {
-        "reference": "precinct_4_bedrock",
-        "voterGroup": "precinct_4_bedrock",
+      "precinct_3_spaceport": {
+        "reference": "precinct_3_spaceport",
+        "voterGroup": "precinct_3_spaceport",
         "contestReferences": [
           "contest ref 1",
           "contest ref 2"
         ]
       },
-      "precinct_3_spaceport": {
-        "reference": "precinct_3_spaceport",
-        "voterGroup": "precinct_3_spaceport",
+      "precinct_4_bedrock": {
+        "reference": "precinct_4_bedrock",
+        "voterGroup": "precinct_4_bedrock",
         "contestReferences": [
           "contest ref 1",
           "contest ref 2"
         ]
       }
     },
     "contestConfigs": {
-      "contest ref 2": {
-        "reference": "contest ref 2",
+      "contest ref 1": {
+        "reference": "contest ref 1",
         "markingType": {
           "blankSubmission": "disabled",
           "minMarks": 1,
@@ -60,36 +63,29 @@
         },
         "options": [
           {
-            "reference": "option ref 3",
+            "reference": "option ref 1",
             "code": 1,
             "title": {
-              "en": "Option 3"
+              "en": "Option 1"
             }
           },
           {
-            "reference": "option ref 4",
+            "reference": "option ref 2",
             "code": 2,
             "title": {
-              "en": "Option 4"
-            }
-          },
-          {
-            "reference": "option ref 5",
-            "code": 3,
-            "title": {
-              "en": "Option 5"
+              "en": "Option 2"
             }
           }
         ],
         "title": {
-          "en": "Second ballot"
+          "en": "First ballot"
         },
         "resultType": {
           "name": "resultType name not matter right now"
         }
       },
-      "contest ref 1": {
-        "reference": "contest ref 1",
+      "contest ref 2": {
+        "reference": "contest ref 2",
         "markingType": {
           "blankSubmission": "disabled",
           "minMarks": 1,
@@ -102,37 +98,45 @@
         },
         "options": [
           {
-            "reference": "option ref 1",
+            "reference": "option ref 3",
             "code": 1,
             "title": {
-              "en": "Option 1"
+              "en": "Option 3"
             }
           },
           {
-            "reference": "option ref 2",
+            "reference": "option ref 4",
             "code": 2,
             "title": {
-              "en": "Option 2"
+              "en": "Option 4"
+            }
+          },
+          {
+            "reference": "option ref 5",
+            "code": 3,
+            "title": {
+              "en": "Option 5"
             }
           }
         ],
         "title": {
-          "en": "First ballot"
+          "en": "Second ballot"
         },
         "resultType": {
           "name": "resultType name not matter right now"
         }
       }
     },
     "genesisConfig": {
-      "publicKey": "035b71d909318bc8c7f9e3ffc8e39942b721e18ecfa972de644afd178ae006b68e",
+      "publicKey": "03e00c01f8f7601f3ab41e32b11072a1e06d4fb743a382b2de1515f3c11d9ac103",
       "authorizationMode": null,
       "curveName": "secp256k1"
     },
-    "latestConfigAddress": "4222f8d5e6f5f915cf40734d5ca8f24d32d4b2bb7a63013f7edbc67e5c5d0771",
-    "status": "open",
+    "latestConfigAddress": "80cc3dd61a7be05f9f71210e2faf56481f52ba05152a9057ead41450a8fabebb",
+    "status": "scheduled",
     "sessionTimeout": 30,
-    "bcTimeout": 10
+    "bcTimeout": 10,
+    "castRequestItemAttachmentEncryptionKey": "0362fb2a49a54f457e328a35c0dc89be8324435f1c2bdb3ca4438f459040753e5a"
   },
-  "receipt": "44d417eae17effe4fb2a7573a839acfe95f430498a01cd8e44978d2542364907,726716ae59eb16d9f74af7a0e62022faa2b0d6731f2b5022782f3ce67dd6e880"
+  "receipt": "7c17de09762943b2aa99bbfa9c519a7d69ea5cd7375989382584f929fb919d76,7d96b828d21d12ca85f6091eab22b0f0eb2123fabf857b9f623e827a3c5d48dd"
 }
diff --git a/test/replies/otp_flow/post_2904b00f_5abcbf894df3_58_voting_cast.json b/test/replies/otp_flow/post_2904b00f_5abcbf894df3_58_voting_cast.json