220 lines
9.5 KiB
HTML

{% extends 'base.html' %}
{#
Eos - Verifiable elections
Copyright © 2017-18 RunasSudo (Yingtong Li)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% block title %}Ballot auditor{% endblock %}
{% block content %}
<h2>Ballot auditor</h2>
<div class="ui form">
<div class="field">
<label for="audit_election_url">Election URL</label>
<input id="audit_election_url" placeholder="https://example.com/01234567-89ab-cdef-ghij-klmnopqrstuv" type="text">
</div>
<div class="ui error message" id="audit_error_load">
<p>There was an error loading the election data. Please check the election URL and try again. If the problem persists, contact the election administrator.</p>
<p class="techdetails"></p>
</div>
<div class="field">
<label for="audit_ballot">Ballot data</label>
<textarea id="audit_ballot" placeholder='{"type": "eos.base.election.AuditBallot", "value": …}'></textarea>
</div>
<button class="ui primary button" onclick="loadElection();">Audit ballot</button>
</div>
<div class="ui hidden warning message" id="audit_contents">
<div class="header">Ballot contents</div>
<div id="audit_contents_inner"></div>
</div>
<div class="ui hidden negative message" id="audit_not_yet_cast">
<p>Your vote has <span class="superem">not</span> yet been cast. If you are satisfied with your ballot, you must return to the voting booth by closing this page and following the instructions.</p>
</div>
<div class="ui hidden message" id="audit_result">
<div class="header">Audit result</div>
<div id="audit_result_inner"></div>
</div>
{% endblock %}
{% block basecontent %}
{{ super() }}
<script src="{{ url_for('static', filename='js/eosjs.js') }}"></script>
<script>
var election = null;
var auditBallot = null;
function loadElection() {
$.ajax({ url: $("#audit_election_url").val(), dataType: "text" })
.done(function(data) {
try {
election = eosjs.eos.core.objects.__all__.EosObject.deserialise_and_unwrap(eosjs.eos.core.objects.__all__.EosObject.from_json(data), null);
} catch (err) {
loadError(err);
throw err;
}
electionLoaded();
})
.fail(function(xhr, status, err) {
loadError(err);
throw err;
});
}
function electionLoaded() {
$("#audit_error_load").removeClass("visible");
// Audit ballot
var auditResult = document.querySelector("#audit_result");
auditResult.className = "ui message";
var auditResultInner = document.querySelector("#audit_result_inner");
auditResultInner.innerHTML = '<p>Auditing your ballot… Please wait.</p>';
try {
var result = doAuditBallot(auditResult, auditResultInner);
if (result) {
auditResult.className = "ui success message";
} else {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> <b>The ballot has not been correctly prepared.</b></p>';
auditResult.className = "ui error message";
}
} catch (err) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Unknown error: ' + err + '</p>';
auditResultInner.innerHTML += '<p><i class="remove icon"></i> <b>The ballot has not been correctly prepared.</b></p>';
auditResult.className = "ui error message";
throw err;
} finally {
document.querySelector("#audit_not_yet_cast").className = "ui negative message";
}
}
function doAuditBallot(auditResult, auditResultInner) {
auditBallot = eosjs.eos.core.objects.__all__.EosObject.deserialise_and_unwrap(eosjs.eos.core.objects.__all__.EosObject.from_json($("#audit_ballot").val()));
//auditResultInner.innerHTML += '<p><i class="checkmark icon"></i> Data is in ballot format.</p>';
if (!eosjs.isinstance(auditBallot, eosjs.eos.base.election.__all__.Ballot)) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: The data is not in ballot format.</p>';
return false;
}
if (!auditBallot.answers || !auditBallot.answers.__len__ || auditBallot.answers.__len__() === 0) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: The data is not in audit ballot format.</p>';
return false;
}
auditResultInner.innerHTML += '<p><i class="checkmark icon"></i> The data is in audit ballot format.</p>';
if (auditBallot.election_id !== election._id) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: The ballot corresponds to a different election.</p>';
return false;
}
auditResultInner.innerHTML += '<p><i class="checkmark icon"></i> The ballot election ID is correct.</p>';
if (auditBallot.election_hash !== eosjs.eos.core.hashing.__all__.SHA256().update_obj(election).hash_as_b64()) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: The ballot corresponds to a different election.</p>';
return false;
}
auditResultInner.innerHTML += '<p><i class="checkmark icon"></i> The ballot election hash is correct.</p>';
for (var questionNum = 0; questionNum < auditBallot.encrypted_answers.__len__(); questionNum++) {
auditResultInner.innerHTML += '<p><i class="info circle icon"></i> Question number ' + (questionNum + 1) + ':</p>';
// Compute expected plaintexts
var pt = eosjs.eos.core.objects.__all__.EosObject.to_json(eosjs.eos.core.objects.__all__.EosObject.serialise_and_wrap(auditBallot.answers.__getitem__(questionNum)));
var bs = eosjs.eos.psr.bitstream.__all__.BitStream();
bs.write_string(pt);
bs.multiple_of(election.public_key.nbits(), true);
var messages = [];
function callback(val) {
messages.push(val);
}
bs.map(callback, election.public_key.nbits());
var encryptedAnswer = auditBallot.encrypted_answers.__getitem__(questionNum);
for (var blockNum = 0; blockNum < encryptedAnswer.blocks.__len__(); blockNum++) {
var block = encryptedAnswer.blocks.__getitem__(blockNum);
// TODO: Implement this in Python
if (!block.randomness) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: Block ' + blockNum + ' ciphertext is not a valid audit ciphertext.</p>';
return false;
}
if (!block.is_signature_valid()) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: Block ' + blockNum + ' signature is not valid.</p>';
return false;
}
if (block.randomness.__lt__(eosjs.eos.core.bigint.__all__.ONE) || block.randomness.__gt__(election.public_key.group.p.__sub__(eosjs.eos.core.bigint.__all__.TWO))) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: Block ' + blockNum + ' randomness is not valid.</p>';
return false;
}
if (!block.is_randomness_valid()) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: Block ' + blockNum + ' randomness does not match ciphertext.</p>';
return false;
}
if (!block.m0.__eq__(election.public_key.message_to_m0(messages[blockNum]))) {
auditResultInner.innerHTML += '<p><i class="remove icon"></i> Error: Block ' + blockNum + ' plaintext does not match claimed plaintext.</p>';
return false;
}
}
auditResultInner.innerHTML += '<p><i class="checkmark icon"></i> Question number ' + (questionNum + 1) + ' passed validation.</p>';
}
// Passed validation
var auditContents = document.querySelector("#audit_contents");
auditContents.className = "ui warning message";
var auditContentsInner = document.querySelector("#audit_contents_inner");
auditContentsInner.innerHTML = '';
auditContentsInner.innerHTML += '<p><i class="info circle icon"></i> <b>Please check that the following details match your intended selections:</b></p>';
for (var questionNum = 0; questionNum < auditBallot.encrypted_answers.__len__(); questionNum++) {
auditContentsInner.innerHTML += '<p><i class="icon"></i> Question ' + (questionNum + 1) + ': ' + election.questions.__getitem__(questionNum).pretty_answer(auditBallot.answers.__getitem__(questionNum)) + '</p>';
}
auditContentsInner.innerHTML += '<p><i class="info circle icon"></i> <b>Please check that the ballot fingerprint you recorded matches the following computed ballot fingerprint: <span class="hash">' + eosjs.eos.core.hashing.__all__.SHA256().update_obj(auditBallot).hash_as_b64() + '</span>.</b></p>';
auditContentsInner.innerHTML += '<p><i class="checkmark icon"></i> If the selections are correct, and the ballot fingerprint matches, then the ballot has been prepared correctly.</p>';
return true;
}
function loadError(err) {
if (err) {
$("#audit_error_load .techdetails").text("Technical details: " + err);
$("#audit_error_load .techdetails").show();
} else {
$("#audit_error_load .techdetails").hide();
}
$("#audit_error_load").addClass("visible");
}
if (location.search.indexOf("electionUrl=") >= 0) {
var electionUrl = (location.search.split('electionUrl=')[1]||'').split('&')[0];
$("#audit_election_url").val(electionUrl);
}
</script>
{% endblock %}