def _cannot_erroneously_mutate_state(
self,
tally: CiphertextTally,
ballot: SubmittedBallot,
state_to_test: BallotBoxState,
) -> bool:
input_state = ballot.state
ballot.state = state_to_test
# remove the first selection
first_contest = ballot.contests[0]
first_selection = first_contest.ballot_selections[0]
ballot.contests[0].ballot_selections.remove(first_selection)
self.assertIsNone(tally_ballot(ballot, tally))
self.assertFalse(tally.append(ballot))
# Verify accumulation fails if the selection count does not match
if ballot.state == BallotBoxState.CAST:
first_tally = tally.contests[first_contest.object_id]
self.assertFalse(
first_tally.accumulate_contest(
ballot.contests[0].ballot_selections))
# pylint: disable=protected-access
_key, bad_accumulation = first_tally._accumulate_selections(
first_selection.object_id,
first_tally.selections[first_selection.object_id],
ballot.contests[0].ballot_selections,
)
self.assertIsNone(bad_accumulation)
ballot.contests[0].ballot_selections.insert(0, first_selection)
# modify the contest description hash
first_contest_hash = ballot.contests[0].description_hash
ballot.contests[0].description_hash = ONE_MOD_Q
self.assertIsNone(tally_ballot(ballot, tally))
self.assertFalse(tally.append(ballot))
ballot.contests[0].description_hash = first_contest_hash
# modify a contest object id
first_contest_object_id = ballot.contests[0].object_id
ballot.contests[0].object_id = "a-bad-object-id"
self.assertIsNone(tally_ballot(ballot, tally))
self.assertFalse(tally.append(ballot))
ballot.contests[0].object_id = first_contest_object_id
# modify a selection object id
first_contest_selection_object_id = (
ballot.contests[0].ballot_selections[0].object_id)
ballot.contests[0].ballot_selections[
0].object_id = "another-bad-object-id"
self.assertIsNone(tally_ballot(ballot, tally))
self.assertFalse(tally.append(ballot))
# Verify accumulation fails if the selection object id does not match
if ballot.state == BallotBoxState.CAST:
self.assertFalse(tally.contests[
ballot.contests[0].object_id].accumulate_contest(
ballot.contests[0].ballot_selections))
ballot.contests[0].ballot_selections[
0].object_id = first_contest_selection_object_id
# modify the ballot's hash
first_ballot_hash = ballot.manifest_hash
ballot.manifest_hash = ONE_MOD_Q
self.assertIsNone(tally_ballot(ballot, tally))
self.assertFalse(tally.append(ballot))
ballot.manifest_hash = first_ballot_hash
ballot.state = input_state
return True
def test_tally_ballot_invalid_input_fails(
self, everything: ELECTIONS_AND_BALLOTS_TUPLE_TYPE):
# Arrange
metadata, ballots, secret_key, context = everything
# encrypt each ballot
store = BallotStore()
seed_hash = EncryptionDevice("Location").get_hash()
for ballot in ballots:
encrypted_ballot = encrypt_ballot(ballot, metadata, context,
seed_hash)
seed_hash = encrypted_ballot.tracking_hash
self.assertIsNotNone(encrypted_ballot)
# add to the ballot store
store.set(
encrypted_ballot.object_id,
from_ciphertext_ballot(encrypted_ballot, BallotBoxState.CAST),
)
subject = CiphertextTally("my-tally", metadata, context)
# act
cached_ballots = store.all()
first_ballot = cached_ballots[0]
first_ballot.state = BallotBoxState.UNKNOWN
# verify an UNKNOWN state ballot fails
self.assertIsNone(tally_ballot(first_ballot, subject))
self.assertFalse(subject.append(first_ballot))
# cast a ballot
first_ballot.state = BallotBoxState.CAST
self.assertTrue(subject.append(first_ballot))
# try to append a spoiled ballot
first_ballot.state = BallotBoxState.SPOILED
self.assertFalse(subject.append(first_ballot))
# Verify accumulation fails if the selection collection is empty
if first_ballot.state == BallotBoxState.CAST:
self.assertFalse(
subject.cast[first_ballot.object_id].elgamal_accumulate([]))
# pop the cast ballot
subject._cast_ballot_ids.pop()
# reset to cast
first_ballot.state = BallotBoxState.CAST
self.assertTrue(
self._cannot_erroneously_mutate_state(subject, first_ballot,
BallotBoxState.CAST))
self.assertTrue(
self._cannot_erroneously_mutate_state(subject, first_ballot,
BallotBoxState.SPOILED))
self.assertTrue(
self._cannot_erroneously_mutate_state(subject, first_ballot,
BallotBoxState.UNKNOWN))
# verify a spoiled ballot cannot be added twice
first_ballot.state = BallotBoxState.SPOILED
self.assertTrue(subject.append(first_ballot))
self.assertFalse(subject.append(first_ballot))
# verify an already spoiled ballot cannot be cast
first_ballot.state = BallotBoxState.CAST
self.assertFalse(subject.append(first_ballot))
# pop the spoiled ballot
subject.spoiled_ballots.pop(first_ballot.object_id)
# verify a cast ballot cannot be added twice
first_ballot.state = BallotBoxState.CAST
self.assertTrue(subject.append(first_ballot))
self.assertFalse(subject.append(first_ballot))
# verify an already cast ballot cannot be spoiled
first_ballot.state = BallotBoxState.SPOILED
self.assertFalse(subject.append(first_ballot))
def test_tally_ballot_invalid_input_fails(
self, everything: ELECTIONS_AND_BALLOTS_TUPLE_TYPE):
# Arrange
(
_election_description,
internal_manifest,
ballots,
_secret_key,
context,
) = everything
# encrypt each ballot
store = DataStore()
encryption_seed = ElectionFactory.get_encryption_device().get_hash()
for ballot in ballots:
encrypted_ballot = encrypt_ballot(ballot, internal_manifest,
context, encryption_seed)
encryption_seed = encrypted_ballot.code
self.assertIsNotNone(encrypted_ballot)
# add to the ballot store
store.set(
encrypted_ballot.object_id,
from_ciphertext_ballot(encrypted_ballot, BallotBoxState.CAST),
)
tally = CiphertextTally("my-tally", internal_manifest, context)
# act
cached_ballots = store.all()
first_ballot = cached_ballots[0]
first_ballot.state = BallotBoxState.UNKNOWN
# verify an UNKNOWN state ballot fails
self.assertIsNone(tally_ballot(first_ballot, tally))
self.assertFalse(tally.append(first_ballot))
# cast a ballot
first_ballot.state = BallotBoxState.CAST
self.assertTrue(tally.append(first_ballot))
# try to append a spoiled ballot
first_ballot.state = BallotBoxState.SPOILED
self.assertFalse(tally.append(first_ballot))
# Verify accumulation fails if the selection collection is empty
if first_ballot.state == BallotBoxState.CAST:
self.assertFalse(
tally.contests[first_ballot.object_id].accumulate_contest([]))
# pylint: disable=protected-access
# pop the cast ballot
tally._cast_ballot_ids.pop()
# reset to cast
first_ballot.state = BallotBoxState.CAST
self.assertTrue(
self._cannot_erroneously_mutate_state(tally, first_ballot,
BallotBoxState.CAST))
self.assertTrue(
self._cannot_erroneously_mutate_state(tally, first_ballot,
BallotBoxState.SPOILED))
self.assertTrue(
self._cannot_erroneously_mutate_state(tally, first_ballot,
BallotBoxState.UNKNOWN))
# verify a cast ballot cannot be added twice
first_ballot.state = BallotBoxState.CAST
self.assertTrue(tally.append(first_ballot))
self.assertFalse(tally.append(first_ballot))
# verify an already submitted ballot cannot be changed or readded
first_ballot.state = BallotBoxState.SPOILED
self.assertFalse(tally.append(first_ballot))
def add_ballot(self, ballot: dict):
ciphertext_ballot = deserialize(ballot, CiphertextBallot)
# TODO: remove the dependency of multiprocessing
tally_ballot(
from_ciphertext_ballot(ciphertext_ballot, BallotBoxState.CAST),
self.context.tally)