-
Notifications
You must be signed in to change notification settings - Fork 4
/
poll.html
164 lines (151 loc) · 6.96 KB
/
poll.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
{% extends "base.html" %}
{% block title %}{{ data.question }}{% endblock %}
{% block content %}
<style>
.hidden {
visibility: hidden;
opacity: 0;
transition: visibility 0s 2s, opacity 2s linear;
}
</style>
<div class="card-group">
<div class="card">
<div class="card-body">
{% with messages = get_flashed_messages() %}
{% if messages %}
<div class="alert alert-danger">
{{ messages[0] }}
</div>
{% endif %}
{% endwith %}
<form action="/" method="POST" onsubmit="return captureForm()">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
<h2 class="card-title">{{ data.question }}</h2>
<ul class="list-group list-group-flush">
<div class="card-header">Candidates</div>
{% for e in data.fields %}
<li class="list-group-item">
<div class="radio">
<label>
<input class="candidate" id="{{ e }}" type="radio" name="field" value="{{ e }}" required> {{ e }}<br>
</label>
</div>
</li>
{% endfor %}
<input required type="email" class="form-control" name="email-for-signing" id="email-for-signing" placeholder="Enter email">
</ul>
<div class="card-body">
<button type="submit" class="btn btn-primary">Vote</button>
<a href="/results" class="btn btn-primary">Results</a>
<a
href="/offline_vote"
class="btn btn-secondary"
data-toggle="tooltip"
data-placement="top"
title="Cast a vote when FrejaEID is offline"
>
Offline vote
</a>
<a href="/ciphertexts" class="btn btn-secondary">Ciphertexts</a>
<a href="/publicKey" class="btn btn-secondary">Public Key</a>
</div>
</form>
</div>
{% if hash %}
<div class="card">
<div class="card-body">
<h5 class="card-title font-weight-bold">Verify hash values</h5>
<p class="card-text">{{ hash }}</p>
</div>
</div>
{% endif %}
{% if vote %}
<details><summary>Raw signature and encrypted vote</summary>
<textarea readonly>{{ vote }}</textarea>
</details>
{% endif %}
<div class="card-footer text-primary">
{{ stats.nvotes }} vote{{ '' if stats.nvotes == 1 else 's' }} so far
</div>
</div>
<div class="card">
<div class="card-body">
<h2 class="card-title">About</h2>
<p class="card-text"> Demo election web interface using the <a
href="https://github.com/kth-tcs/verificatum-vjsc/">Verificatum JavaScript Cryptographic
library</a> for client-side encryption.</p>
<p class="card-text">Encryption must be done with a provided public key which is produced by the <a
href="https://www.verificatum.org/">Verificatum</a> mix network.</p>
<p class="card-text">When the "submit" button is pressed, the form's data is modified
and the
currently selected option is encrypted using the public key and some randomness. The web
server is then unable to decrypt the vote. Instead, the mix network that produced the public
key must jointly decrypt and shuffle the collected votes.</p>
<p class="card-text"><strong>WARNING</strong> this is only for demonstration purposes. Important
safety features are missing. For example, no measures are taken to counter
<em>malleability</em> attacks. For more details, please read the documentation at the official
Verificatum <a href="https://www.verificatum.org/">webpage</a>.</p>
</div>
<div class="card-footer text-muted">
Made for the <a href="https://www.trustfull.proj.kth.se/">Trustfull project</a>
</div>
</div>
</div>
<div class="alert alert-success" id="success" {% if not show_success %} style="display: none;" {% endif %}>
<strong>Success!</strong> Thank you for submitting your vote.
</div>
<script>
window.WASM_PATH = "{{url_for('static', filename='muladd.wasm')}}"
</script>
<script src="{{url_for('static', filename='min-vjsc-1.1.1.js')}}"></script>
<script>
// Hide success alert window
setTimeout(function() {
window.success.className += ' hidden';
}, 1000);
function captureForm() {
for (const candidate of document.getElementsByClassName('candidate')) {
if (candidate.checked) {
var found = false;
{% for e in data.fields %}
found |= candidate.value === "{{ e }}";
{% endfor %}
if (!found) {
console.error("Candidate does not much any expected value");
return false;
}
document.getElementById(candidate.value).value = encrypt(candidate.value);
return true;
}
}
console.error('No candidate selected');
return false;
}
function encrypt(s) {
function initRandomSource() {
const randomSource = new verificatum.crypto.RandomDevice();
const seed = randomSource.getBytes(verificatum.crypto.SHA256PRG.seedLength);
const ret = new verificatum.crypto.SHA256PRG();
ret.setSeed(seed);
return ret;
}
const randomSource = initRandomSource();
const WIDTH = 1; // Depends on vmni configuration
const bt = verificatum.eio.ByteTree.readByteTreeFromByteArray({{data.publicKey}});
console.assert(verificatum.util.byteArrayToAscii(bt.value[0].value[0].value).endsWith('ECqPGroup'));
const keyPGroup = verificatum.arithm.ECqPGroup.fromByteTree(bt.value[0].value[1]);
const fullPublicKey = new verificatum.arithm.PPGroup(keyPGroup, 2).toElement(bt.value[1]);
const eg = new verificatum.crypto.ElGamal(true, keyPGroup, randomSource, 20);
const wpk = eg.widePublicKey(fullPublicKey, WIDTH);
// Encode message
const ascii_bytes = s.split('').map(x => x.charCodeAt(0));
const encoded = wpk.pGroup.project(1).encode(ascii_bytes);
const encrypted = eg.encrypt(wpk, encoded);
// XXX: why?
// In format expected by VMN
const encrypted0 = encrypted.values[0].toByteTree().toByteArray();
const encrypted1 = encrypted.values[1].toByteTree().toByteArray();
return JSON.stringify([encrypted0, encrypted1]);
}
</script>
{% endblock %}