WIP

dedis · Mar 3, 2024 · 0ebb5aa · 0ebb5aa
1 parent e9b5816
commit 0ebb5aa
Show file tree

Hide file tree

Showing 13 changed files with 602 additions and 10 deletions.
diff --git a/server/registration/registry/crud/crud.go b/server/registration/registry/crud/crud.go
@@ -168,12 +168,10 @@ func UpdateDocument(w http.ResponseWriter, r *http.Request, db database.Database
 	}
 
 	regData := &registry.RegistrationData{
-		Name:       name,
-		Passport:   passport,
-		Role:       uint(role),
-		Picture:    picData,
-		Hash:       []byte(hash),
-		Registered: registered,
+		Name:     name,
+		Passport: passport,
+		Role:     uint(role),
+		Picture:  picData,
 	}
 
 	err = db.Update(registrationID, regData)

diff --git a/server/registration/registry/registry.go b/server/registration/registry/registry.go
@@ -4,15 +4,22 @@ package registry
 type RegistrationData struct {
 	Name       string `json:"name"`
 	Passport   string `json:"passport"`
-	Role       uint   `json:"role"`
 	Picture    []byte `json:"picture"`
-	Hash       []byte `json:"hash"`
+	Role       uint64 `json:"role"`
 	Registered bool   `json:"registered"`
 }
 
-type DocID []byte
+// EncryptedData contains the above encrypted data for a registration
+// and a flag to indicate if the data has been successfully registered
+type EncryptedData struct {
+	Name       []byte `json:"name"`
+	Passport   []byte `json:"passport"`
+	Picture    []byte `json:"picture"`
+	Role       []byte `json:"role"`
+	Registered []byte `json:"registered"`
+}
 
 // RegistrationID contains the reference to the document in the database
 type RegistrationID struct {
-	ID DocID `json:"doc_id"`
+	ID []byte `json:"doc_id"`
 }
diff --git a/server/scripts/test_registration.sh b/server/scripts/test_registration.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# This script tests the registration process
+
+# send the data to the registration server
+curl -F "name=John Doe" -F "passport=12AB456789" -F "role=0" -F "image=@./test.jpg" -F "registered=false" localhost:3000/document
+
+# send the data to the registration server
+curl -F "name=John Doe" -F "passport=12AB456789" -F "role=0" -F "image=@./test.jpg" -F "registered=false" localhost:3000/document
+
diff --git a/server/test/admin/blockchain.go b/server/test/admin/blockchain.go
@@ -0,0 +1,36 @@
+package admin
+
+import (
+	"net/http"
+
+	"github.com/rs/zerolog/log"
+	"go.dedis.ch/hbt/server/registration/registry"
+	"go.dedis.ch/kyber/v3"
+	"go.dedis.ch/kyber/v3/suites"
+)
+
+const blockchainServer = "localhost:4000"
+
+// suite is the Kyber suite for Pedersen.
+var suite = suites.MustFind("Ed25519")
+
+// BlockchainGetDocs polls the blockchain to get the list of encrypted documents
+// adminPubkey is the public key of the admin and is used for audit purpose
+func BlockchainGetDocIDs(adminPubkey kyber.Point) []registry.RegistrationID {
+	encoded, err := adminPubkey.MarshalBinary()
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	resp, err := http.Get(blockchainServer + "/secret/list?pubkey=" + string(encoded))
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	// Decode the response
+	var data []string
+
+	// TODO: Decode the response and return the list of doc IDs
+}
diff --git a/server/test/admin/database.go b/server/test/admin/database.go
@@ -0,0 +1,82 @@
+package admin
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+
+	"go.dedis.ch/hbt/server/registration/registry"
+)
+
+func RegistrationAdminGetDocument(docid registry.RegistrationID) registry.RegistrationData {
+	resp, err := http.Get("localhost:3000/admin/document?id=" + string(docid.ID))
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	// Decode the response
+	var data registry.RegistrationData
+	err = json.NewDecoder(resp.Body).Decode(&data)
+	if err != nil {
+		log.Error().Msgf("error decoding response: %v", err)
+	}
+
+	return data
+}
+
+func RegistrationAdminUpdateDocument(docid registry.RegistrationID) error {
+	resp, err := http.Get("localhost:3000/admin/document?id=" + string(docid.ID))
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	// Decode the response
+	var data registry.RegistrationData
+	err = json.NewDecoder(resp.Body).Decode(&data)
+	if err != nil {
+		log.Error().Msgf("error decoding response: %v", err)
+	}
+
+	data.Registered = true
+	out, err := json.Marshal(data)
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	req, err := http.NewRequest("PUT", "localhost:3000/admin/document?id="+string(docid.ID),
+		bytes.NewBuffer(out))
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	ctx := context.Background()
+	req = req.WithContext(ctx)
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		log.Error().Msgf("response: %v", resp)
+	}
+
+	defer resp.Body.Close()
+
+	return err
+}
+
+func RegistrationAdminDeleteDocument(docid registry.RegistrationID) error {
+	req, err := http.NewRequest("DELETE", "localhost:3000/admin/document?id="+string(docid.ID), nil)
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	return err
+}
diff --git a/server/test/admin/smc.go b/server/test/admin/smc.go
@@ -0,0 +1 @@
+package admin
diff --git a/server/test/key/asymmetric.go b/server/test/key/asymmetric.go
@@ -0,0 +1,17 @@
+package key
+
+import (
+	"go.dedis.ch/kyber/v3"
+	"go.dedis.ch/kyber/v3/suites"
+)
+
+// NewAsymmetric generates a new kyber V3 asymmetric key pair
+func NewAsymmetric() (kyber.Point, kyber.Scalar) {
+	suite := suites.MustFind("Ed25519")
+
+	// Create a public/private keypair
+	sk := suite.Scalar().Pick(suite.RandomStream())
+	pk := suite.Point().Mul(sk, nil)
+
+	return pk, sk
+}
diff --git a/server/test/key/symetric.go b/server/test/key/symetric.go
@@ -0,0 +1,94 @@
+package key
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"fmt"
+	"io"
+
+	"github.com/rs/zerolog/log"
+)
+
+func NewSymetric(keySize int) []byte {
+	key := make([]byte, keySize)
+	if _, err := rand.Read(key); err != nil {
+		log.Fatal().Msgf("error while generating new symetric key: %v", err)
+	}
+
+	return key
+}
+
+func Encrypt(data []byte, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext := make([]byte, aes.BlockSize+len(data))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext[aes.BlockSize:], data)
+
+	return ciphertext, nil
+}
+
+func Decrypt(ciphertext []byte, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(ciphertext) < aes.BlockSize {
+		return nil, fmt.Errorf("ciphertext too short")
+	}
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(ciphertext, ciphertext)
+
+	return ciphertext, nil
+}
+
+/*
+func main() {
+	// Key size in bytes, AES-256 requires a 32-byte key
+	keySize := 32
+
+	// Generate a random symmetric key
+	key, err := generateRandomKey(keySize)
+	if err != nil {
+		fmt.Println("Error generating key:", err)
+		return
+	}
+
+	// Convert the key to a hex string for storage or transmission
+	hexKey := hex.EncodeToString(key)
+	fmt.Println("Generated Symmetric Key (Hex):", hexKey)
+
+	// Example of how to use the key for encryption and decryption
+	plaintext := "Hello, World!"
+	fmt.Println("Plaintext:", plaintext)
+
+	// Encrypt
+	ciphertext, err := encrypt([]byte(plaintext), key)
+	if err != nil {
+		fmt.Println("Error encrypting:", err)
+		return
+	}
+	fmt.Println("Ciphertext:", ciphertext)
+
+	// Decrypt
+	decryptedPlaintext, err := decrypt(ciphertext, key)
+	if err != nil {
+		fmt.Println("Error decrypting:", err)
+		return
+	}
+	fmt.Println("Decrypted Plaintext:", string(decryptedPlaintext))
+}
+*/
diff --git a/server/test/passport.jpg b/server/test/passport.jpg
diff --git a/server/test/test.go b/server/test/test.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"os"
+
+	"github.com/rs/zerolog/log"
+	"go.dedis.ch/hbt/server/registration/registry"
+	"go.dedis.ch/hbt/server/test/admin"
+	"go.dedis.ch/hbt/server/test/key"
+	"go.dedis.ch/hbt/server/test/user"
+)
+
+const keySize = 32
+
+func main() {
+	// create a secret symmetric key
+	symKey := key.NewSymetric(keySize)
+
+	// PRETEND TO BE A USER
+	// ---------------------------------------------------------
+
+	// create a document and save it encrypted into the database
+	doc := createDocument("John Doe", "12AB456789", 0, "test/passport.jpg")
+	log.Info().Msg("SUCCESS! created new document")
+
+	// add the document to the registry
+	docid := user.RegistrationAdd(doc, symKey)
+	log.Info().Msgf("SUCCESS! added document id: %v", docid)
+
+	// get the SMC pub key
+	smcKey := user.SmcGetKey()
+	log.Info().Msgf("SUCCESS! added document id: %v", docid)
+
+	// add secret = symKey to the blockchain
+	user.BlockchainEncryptAndAddSecret(smcKey, symKey, docid)
+
+	// PRETEND TO BE AN ADMIN
+	// ---------------------------------------------------------
+	// create a new admin asymmetric key pair
+	pk, sk := key.NewAsymmetric()
+
+	// fetch the list of docs from the blockchain
+	docIDs := admin.BlockchainGetDocIDs(pk)
+
+	for _, id := range docIDs {
+		doc := admin.BlockchainGetDocument(id)
+		log.Info().Msgf("document: %v", doc)
+
+		reencrypted := admin.SmcReencryptSecret(pk, id)
+
+		encryptedDoc = admin.registrationGetDocument(id)
+	}
+}
+
+// ---------------------------------------------------------
+// helper functions
+
+// create a document from a picture file
+func createDocument(name, passport string, role uint64, picture string) registry.RegistrationData {
+	// load picture from file named picture
+	picData, err := os.ReadFile(picture)
+	if err != nil {
+		log.Fatal().Msgf("error while reading picture file: %v", err)
+	}
+
+	return registry.RegistrationData{
+		Name:       name,
+		Passport:   passport,
+		Role:       role,
+		Picture:    picData,
+		Registered: false,
+	}
+}
diff --git a/server/test/user/blockchain.go b/server/test/user/blockchain.go
@@ -0,0 +1,34 @@
+package user
+
+import (
+	"net/http"
+	"net/url"
+
+	"github.com/rs/zerolog/log"
+	"go.dedis.ch/hbt/server/registration/registry"
+	"go.dedis.ch/kyber/v3"
+	"go.dedis.ch/kyber/v3/suites"
+)
+
+const blockchainServer = "localhost:4000"
+
+// suite is the Kyber suite for Pedersen.
+var suite = suites.MustFind("Ed25519")
+
+func BlockchainEncryptAndAddSecret(key kyber.Point, secret []byte, id registry.RegistrationID) {
+	// Encrypt the secret
+	encryptedSecret := suite.Point().Mul(suite.Scalar().SetBytes(secret), key)
+
+	// Add the secret to the blockchain
+	resp, err := http.PostForm(blockchainServer+"/secret",
+		url.Values{
+			"secret": {encryptedSecret.String()},
+			"id":     {string(id.ID)},
+		})
+
+	if err != nil {
+		log.Fatal().Msgf("error: %v", err)
+	}
+
+	defer resp.Body.Close()
+}