Merge branch 'Nigel/ClientAuthentication' into 'release'

Nigel/client authentication See merge request elixxir/comms!259

Merge branch 'Nigel/ClientAuthentication' into 'release'
26b69d6a · Josh Brooks · 3f285460 · d7e56e0b · 26b69d6a · 26b69d6a
Commit 26b69d6a authored Aug 3, 2020 by Josh Brooks
--- a/client/gateway.go
+++ b/client/gateway.go
@@ -20,7 +20,7 @@ import (
 )

 // Client -> Gateway Send Function
-func (c *Comms) SendPutMessage(host *connect.Host, message *pb.Slot) error {
+func (c *Comms) SendPutMessage(host *connect.Host, message *pb.GatewaySlot) (*pb.GatewaySlotResponse, error) {
 	// Create the Send Function
 	f := func(conn *grpc.ClientConn) (*any.Any, error) {
 		// Set up the context
@@ -28,17 +28,25 @@ func (c *Comms) SendPutMessage(host *connect.Host, message *pb.Slot) error {
 		defer cancel()

 		// Send the message
-		_, err := pb.NewGatewayClient(conn).PutMessage(ctx, message)
+		resultMsg, err := pb.NewGatewayClient(conn).PutMessage(ctx, message)
 		if err != nil {
 			err = errors.New(err.Error())
+			return nil, errors.New(err.Error())
+
 		}
-		return nil, err
+		return ptypes.MarshalAny(resultMsg)
 	}

 	// Execute the Send function
 	jww.DEBUG.Printf("Sending Put message: %+v", message)
-	_, err := c.Send(host, f)
-	return err
+	resultMsg, err := c.Send(host, f)
+	if err != nil {
+		return nil, err
+	}
+
+	result := &pb.GatewaySlotResponse{}
+
+	return result, ptypes.UnmarshalAny(resultMsg, result)
 }

 // Client -> Gateway Send Function

--- a/client/gateway_test.go
+++ b/client/gateway_test.go
@@ -30,7 +30,7 @@ func TestSendPutMessage(t *testing.T) {
 		t.Errorf("Unable to call NewHost: %+v", err)
 	}

-	err = c.SendPutMessage(host, &pb.Slot{})
+	_, err = c.SendPutMessage(host, &pb.GatewaySlot{})
 	if err != nil {
 		t.Errorf("PutMessage: Error received: %s", err)
 	}

--- a/gateway/endpoint.go
+++ b/gateway/endpoint.go
@@ -78,7 +78,7 @@ func (g *Comms) GetMessage(ctx context.Context, msg *pb.ClientRequest) (
 }

 // Receives a single message from a client
-func (g *Comms) PutMessage(ctx context.Context, msg *pb.Slot) (*messages.Ack,
+func (g *Comms) PutMessage(ctx context.Context, msg *pb.GatewaySlot) (*pb.GatewaySlotResponse,
 	error) {

 	// Get peer information from context
@@ -88,9 +88,12 @@ func (g *Comms) PutMessage(ctx context.Context, msg *pb.Slot) (*messages.Ack,
 	}

 	// Upload a message to the cMix Gateway at the peer's IP address
-	err = g.handler.PutMessage(msg, addr)
+	returnMsg, err := g.handler.PutMessage(msg, addr)
+	if err != nil {
+		returnMsg = &pb.GatewaySlotResponse{}

-	return &messages.Ack{}, err
+	}
+	return returnMsg, err
 }

 // Pass-through for Registration Nonce Communication

--- a/gateway/handler.go
+++ b/gateway/handler.go
@@ -27,7 +27,7 @@ type Handler interface {
 	// Returns the message matching the given parameters to the client
 	GetMessage(userID *id.ID, msgID string, ipAddress string) (*pb.Slot, error)
 	// Upload a message to the cMix Gateway
-	PutMessage(message *pb.Slot, ipAddress string) error
+	PutMessage(message *pb.GatewaySlot, ipAddress string) (*pb.GatewaySlotResponse, error)
 	// Pass-through for Registration Nonce Communication
 	RequestNonce(message *pb.NonceRequest, ipAddress string) (*pb.Nonce, error)
 	// Pass-through for Registration Nonce Confirmation
@@ -87,7 +87,7 @@ type implementationFunctions struct {
 	// Returns the message matching the given parameters to the client
 	GetMessage func(userID *id.ID, msgID string, ipAddress string) (*pb.Slot, error)
 	// Upload a message to the cMix Gateway
-	PutMessage func(message *pb.Slot, ipAddress string) error
+	PutMessage func(message *pb.GatewaySlot, ipAddress string) (*pb.GatewaySlotResponse, error)
 	// Pass-through for Registration Nonce Communication
 	RequestNonce func(message *pb.NonceRequest, ipAddress string) (*pb.Nonce, error)
 	// Pass-through for Registration Nonce Confirmation
@@ -122,9 +122,9 @@ func NewImplementation() *Implementation {
 				warn(um)
 				return &pb.Slot{}, nil
 			},
-			PutMessage: func(message *pb.Slot, ipAddress string) error {
+			PutMessage: func(message *pb.GatewaySlot, ipAddress string) (*pb.GatewaySlotResponse, error) {
 				warn(um)
-				return nil
+				return new(pb.GatewaySlotResponse), nil
 			},
 			RequestNonce: func(message *pb.NonceRequest, ipAddress string) (*pb.Nonce, error) {
 				warn(um)
@@ -159,7 +159,7 @@ func (s *Implementation) GetMessage(userID *id.ID, msgID string, ipAddress strin
 }

 // Upload a message to the cMix Gateway
-func (s *Implementation) PutMessage(message *pb.Slot, ipAddress string) error {
+func (s *Implementation) PutMessage(message *pb.GatewaySlot, ipAddress string) (*pb.GatewaySlotResponse, error) {
 	return s.Functions.PutMessage(message, ipAddress)
 }


--- a/go.mod
+++ b/go.mod
@@ -7,9 +7,10 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/jwalterweatherman v1.1.0
 	github.com/stretchr/testify v1.6.1 // indirect
-	gitlab.com/elixxir/crypto v0.0.0-20200707005343-97f868cbd930
-	gitlab.com/elixxir/primitives v0.0.0-20200706165052-9fe7a4fb99a3
-	gitlab.com/xx_network/comms v0.0.0-20200730220144-eea32e8b696d
+	gitlab.com/elixxir/crypto v0.0.0-20200721213839-b026955c55c0
+	gitlab.com/elixxir/primitives v0.0.0-20200731184040-494269b53b4d
+	gitlab.com/xx_network/collections/ring v0.0.0-00010101000000-000000000000
+	gitlab.com/xx_network/comms v0.0.0-20200731231107-9e020daf0013
 	golang.org/x/crypto v0.0.0-20200707235045-ab33eee955e0 // indirect
 	golang.org/x/net v0.0.0-20200707034311-ab3426394381
 	golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect

--- a/go.sum
+++ b/go.sum
@@ -48,13 +48,23 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/zeebo/assert v0.0.0-20181109011804-10f827ce2ed6/go.mod h1:yssERNPivllc1yU3BvpjYI5BUW+zglcz6QWqeVRL5t0=
+github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/blake3 v0.0.4/go.mod h1:YOZo8A49yNqM0X/Y+JmDUZshJWLt1laHsNSn5ny2i34=
+github.com/zeebo/pcg v0.0.0-20181207190024-3cdc6b625a05/go.mod h1:Gr+78ptB0MwXxm//LBaEvBiaXY7hXJ6KGe2V32X2F6E=
 gitlab.com/elixxir/comms v0.0.0-20200707210150-b8ebd0951d23/go.mod h1:OsWMZ1O/R9fOkm+PoHnR3rkXfFtipGoPs73FuKuurHY=
 gitlab.com/elixxir/crypto v0.0.0-20200707005343-97f868cbd930 h1:9qzfwyR12OYgn3j30qcHZHHVfWshWnH54lcAHppEROQ=
 gitlab.com/elixxir/crypto v0.0.0-20200707005343-97f868cbd930/go.mod h1:LHBAaEf48a0/AjU118rjoworH0LgXifhAqmNX3ZRvME=
+gitlab.com/elixxir/crypto v0.0.0-20200721213839-b026955c55c0 h1:bXpAX607nE2edN7ei8CIAcHuD0kJxDdGFusK51qlxN4=
+gitlab.com/elixxir/crypto v0.0.0-20200721213839-b026955c55c0/go.mod h1:LHBAaEf48a0/AjU118rjoworH0LgXifhAqmNX3ZRvME=
 gitlab.com/elixxir/primitives v0.0.0-20200706165052-9fe7a4fb99a3 h1:GTfflZBNLeBq3UApYog0J3+hytdkoRsDduGQji2wyEU=
 gitlab.com/elixxir/primitives v0.0.0-20200706165052-9fe7a4fb99a3/go.mod h1:OQgUZq7SjnE0b+8+iIAT2eqQF+2IFHn73tOo+aV11mg=
-gitlab.com/xx_network/comms v0.0.0-20200730220144-eea32e8b696d h1:P4ceawldsxuwQ6LZHnUnemtiOJI9/QquYi8QkFuUbtI=
-gitlab.com/xx_network/comms v0.0.0-20200730220144-eea32e8b696d/go.mod h1:76OCijGBxYOBV5Kt7z6K7vNg3n9I57aCQMmI8GTpoEM=
+gitlab.com/elixxir/primitives v0.0.0-20200731184040-494269b53b4d h1:OKWTmYN5q8XVHo8JXThIH0TCuvl/fLXR7MGVacpqfRg=
+gitlab.com/elixxir/primitives v0.0.0-20200731184040-494269b53b4d/go.mod h1:OQgUZq7SjnE0b+8+iIAT2eqQF+2IFHn73tOo+aV11mg=
+gitlab.com/xx_network/collections/ring.git v0.0.1 h1:3JLw2pgaOm57WWtjw6dvqvbud4DtoKxwYjEA95hNwgE=
+gitlab.com/xx_network/collections/ring.git v0.0.1/go.mod h1:M61MlPiyB23ni0L1DJ8QErcUjOcnKEfbCpl75vE7Ej0=
+gitlab.com/xx_network/comms v0.0.0-20200731231107-9e020daf0013 h1:sis9BdA5VNXUAamga/tpr4qHcJ01qugbMt6wBmaGyJ4=
+gitlab.com/xx_network/comms v0.0.0-20200731231107-9e020daf0013/go.mod h1:ECW83bFGaOzZMM8axIWX6BsYpXakiM0Zf4Snp7H9+yI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
@@ -79,6 +89,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -111,6 +122,7 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=

--- a/mixmessages/google/protobuf/any.proto
+++ b/mixmessages/google/protobuf/any.proto
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+
+package google.protobuf;
+
+option csharp_namespace = "Google.Protobuf.WellKnownTypes";
+option go_package = "github.com/golang/protobuf/ptypes/any";
+option java_package = "com.google.protobuf";
+option java_outer_classname = "AnyProto";
+option java_multiple_files = true;
+option objc_class_prefix = "GPB";
+
+// `Any` contains an arbitrary serialized protocol buffer message along with a
+// URL that describes the type of the serialized message.
+//
+// Protobuf library provides support to pack/unpack Any values in the form
+// of utility functions or additional generated methods of the Any type.
+//
+// Example 1: Pack and unpack a message in C++.
+//
+//     Foo foo = ...;
+//     Any any;
+//     any.PackFrom(foo);
+//     ...
+//     if (any.UnpackTo(&foo)) {
+//       ...
+//     }
+//
+// Example 2: Pack and unpack a message in Java.
+//
+//     Foo foo = ...;
+//     Any any = Any.pack(foo);
+//     ...
+//     if (any.is(Foo.class)) {
+//       foo = any.unpack(Foo.class);
+//     }
+//
+//  Example 3: Pack and unpack a message in Python.
+//
+//     foo = Foo(...)
+//     any = Any()
+//     any.Pack(foo)
+//     ...
+//     if any.Is(Foo.DESCRIPTOR):
+//       any.Unpack(foo)
+//       ...
+//
+//  Example 4: Pack and unpack a message in Go
+//
+//      foo := &pb.Foo{...}
+//      any, err := ptypes.MarshalAny(foo)
+//      ...
+//      foo := &pb.Foo{}
+//      if err := ptypes.UnmarshalAny(any, foo); err != nil {
+//        ...
+//      }
+//
+// The pack methods provided by protobuf library will by default use
+// 'type.googleapis.com/full.type.name' as the type URL and the unpack
+// methods only use the fully qualified type name after the last '/'
+// in the type URL, for example "foo.bar.com/x/y.z" will yield type
+// name "y.z".
+//
+//
+// JSON
+// ====
+// The JSON representation of an `Any` value uses the regular
+// representation of the deserialized, embedded message, with an
+// additional field `@type` which contains the type URL. Example:
+//
+//     package google.profile;
+//     message Person {
+//       string first_name = 1;
+//       string last_name = 2;
+//     }
+//
+//     {
+//       "@type": "type.googleapis.com/google.profile.Person",
+//       "firstName": <string>,
+//       "lastName": <string>
+//     }
+//
+// If the embedded message type is well-known and has a custom JSON
+// representation, that representation will be embedded adding a field
+// `value` which holds the custom JSON in addition to the `@type`
+// field. Example (for message [google.protobuf.Duration][]):
+//
+//     {
+//       "@type": "type.googleapis.com/google.protobuf.Duration",
+//       "value": "1.212s"
+//     }
+//
+message Any {
+    // A URL/resource name that uniquely identifies the type of the serialized
+    // protocol buffer message. This string must contain at least
+    // one "/" character. The last segment of the URL's path must represent
+    // the fully qualified name of the type (as in
+    // `path/google.protobuf.Duration`). The name should be in a canonical form
+    // (e.g., leading "." is not accepted).
+    //
+    // In practice, teams usually precompile into the binary all types that they
+    // expect it to use in the context of Any. However, for URLs which use the
+    // scheme `http`, `https`, or no scheme, one can optionally set up a type
+    // server that maps type URLs to message definitions as follows:
+    //
+    // * If no scheme is provided, `https` is assumed.
+    // * An HTTP GET on the URL must yield a [google.protobuf.Type][]
+    //   value in binary format, or produce an error.
+    // * Applications are allowed to cache lookup results based on the
+    //   URL, or have them precompiled into a binary to avoid any
+    //   lookup. Therefore, binary compatibility needs to be preserved
+    //   on changes to types. (Use versioned type names to manage
+    //   breaking changes.)
+    //
+    // Note: this functionality is not currently available in the official
+    // protobuf release, and it is not used for type URLs beginning with
+    // type.googleapis.com.
+    //
+    // Schemes other than `http`, `https` (or the empty scheme) might be
+    // used with implementation specific semantics.
+    //
+    string type_url = 1;
+
+    // Must be a valid serialized protocol buffer of the above specified type.
+    bytes value = 2;
+}
\ No newline at end of file
--- a/mixmessages/mixmessages.pb.go
+++ b/mixmessages/mixmessages.pb.go
--- a/mixmessages/mixmessages.proto
+++ b/mixmessages/mixmessages.proto
@@ -153,7 +153,7 @@ service Gateway {
    }

    // PutMessage on the cMix Gateway
-    rpc PutMessage (Slot) returns (messages.Ack) {
+    rpc PutMessage (GatewaySlot) returns (GatewaySlotResponse) {
    }

    // RequestNonce returns a Nonce to the user
@@ -219,6 +219,20 @@ message GatewayPollResponse {
    repeated string NewMessageIDs = 4; // Empty if no update needed
 }

+// Client -> Gateway authentication message
+message GatewaySlot{
+    Slot Message = 1;
+    uint64 RoundID = 2;
+    bytes MAC = 3;
+}
+
+// Gateway -> Client authentication response
+message GatewaySlotResponse{
+    bool accepted = 1;
+    uint64 RoundID = 2;
+}
+
+
 // REGISTRATION MESSAGE SERVICE ------------------------------------------------

 // Registration service definition
@@ -331,7 +345,8 @@ message RequestRegistrationConfirmation {
 // RegistrationConfirmation returning proof of registration
 message RegistrationConfirmation {
    messages.RSASignature ClientSignedByServer = 1;
-    string Error = 2;
+    bytes ClientGatewayKey = 2;
+    string Error = 3;
 }

 // Unified Server->Permissioning polling message

--- a/network/slotDigest.go
+++ b/network/slotDigest.go
+///////////////////////////////////////////////////////////////////////////////
+// Copyright © 2020 xx network SEZC                                          //
+//                                                                           //
+// Use of this source code is governed by a license that can be found in the //
+// LICENSE file                                                              //
+///////////////////////////////////////////////////////////////////////////////
+package network
+
+import (
+	"encoding/binary"
+	"gitlab.com/elixxir/comms/mixmessages"
+)
+
+// GenerateSlotDigest serializes the gateway slot message for the
+// client to hash
+func GenerateSlotDigest(gatewaySlot *mixmessages.GatewaySlot) []byte {
+
+	var gatewaySlotDigest []byte
+	gatewaySlotDigest = append(gatewaySlotDigest, gatewaySlot.Message.SenderID...)
+	gatewaySlotDigest = append(gatewaySlotDigest, gatewaySlot.Message.PayloadA...)
+	gatewaySlotDigest = append(gatewaySlotDigest, gatewaySlot.Message.PayloadB...)
+
+	for _, kmac := range gatewaySlot.Message.KMACs {
+		gatewaySlotDigest = append(gatewaySlotDigest, kmac...)
+	}
+
+	roundIdBytes := make([]byte, 8)
+	binary.BigEndian.PutUint64(roundIdBytes, gatewaySlot.RoundID)
+
+	gatewaySlotDigest = append(gatewaySlotDigest, roundIdBytes...)
+
+	return gatewaySlotDigest
+
+}
--- a/network/slotDigest_test.go
+++ b/network/slotDigest_test.go
+package network
+
+import (
+	"encoding/binary"
+	"gitlab.com/elixxir/comms/mixmessages"
+	"reflect"
+	"testing"
+)
+
+// Tests that GenerateSlotDigest outputs a byte slice the length of the sum
+// of its serialized components. Also checks if output matches precanned data
+func TestGenerateSlotDigest(t *testing.T) {
+	senderID := []byte("senderId")
+	payloadA := []byte("payloadA")
+	payloadB := []byte("payloadB")
+	roundId := uint64(11420)
+	kmacs := [][]byte{[]byte("kmac1"), []byte("kmac2")}
+
+	// Craft message 1
+	msg := &mixmessages.Slot{
+		PayloadA: payloadA,
+		PayloadB: payloadB,
+		KMACs:    kmacs,
+		SenderID: senderID,
+	}
+
+	gwSlot := &mixmessages.GatewaySlot{
+		Message: msg,
+		RoundID: roundId,
+	}
+
+	gwDigest := GenerateSlotDigest(gwSlot)
+
+	roundIdBytes := make([]byte, 8)
+	binary.BigEndian.PutUint64(roundIdBytes, roundId)
+
+	expectedLen := len(senderID) + len(payloadA) + len(payloadB) + len(roundIdBytes)
+	for _, kmac := range kmacs {
+		expectedLen += len(kmac)
+	}
+
+	if len(gwDigest) != expectedLen {
+		t.Errorf("GenerateSlotDigest failed length test."+
+			"\n\tExpected length: %v"+
+			"\n\tReceived length: %v", expectedLen, len(gwDigest))
+	}
+
+	if !reflect.DeepEqual(gwDigest, precannedGatewayDigest) {
+		t.Errorf("GenerateSlotDigest did not match expected."+
+			"\n\tExpected: %v"+
+			"\n\tReceived: %v", precannedGatewayDigest, gwDigest)
+	}
+
+}
+
+// Test that GenerateSlotDigest generates the same output with the same input
+func TestGenerateSlotDigest_Consistency(t *testing.T) {
+	senderID := []byte("senderId")
+	payloadA := []byte("payloadA")
+	payloadB := []byte("payloadB")
+	roundId := uint64(42)
+	kmacs := [][]byte{[]byte("kmac1"), []byte("kmac2")}
+
+	// Craft message 1
+	msg := &mixmessages.Slot{
+		PayloadA: payloadA,
+		PayloadB: payloadB,
+		KMACs:    kmacs,
+		SenderID: senderID,
+	}
+
+	gwSlot := &mixmessages.GatewaySlot{
+		Message: msg,
+		RoundID: roundId,
+	}
+
+	gwDigest1 := GenerateSlotDigest(gwSlot)
+	gwDigest2 := GenerateSlotDigest(gwSlot)
+
+	if !reflect.DeepEqual(gwDigest1, gwDigest2) {
+		t.Errorf("GenerateSlotDigest outputted different results with identical input."+
+			"\n\tPrimary output: %v"+
+			"\n\tSecondary output: %v", gwDigest1, gwDigest2)
+	}
+
+}
+
+// Tests that GenerateSlotDigest produces different output with different input
+func TestGenerateSlotDigest_Inconsistency(t *testing.T) {
+	senderID := []byte("senderId")
+	payloadA := []byte("payloadA")
+	payloadB := []byte("payloadB")
+	roundId := uint64(42)
+	kmacs := [][]byte{[]byte("kmac1"), []byte("kmac2")}
+
+	// Craft message 1
+	msg1 := &mixmessages.Slot{
+		PayloadA: payloadA,
+		PayloadB: payloadB,
+		KMACs:    kmacs,
+		SenderID: senderID,
+	}
+
+	gwSlot1 := &mixmessages.GatewaySlot{
+		Message: msg1,
+		RoundID: roundId,
+	}
+
+	// Craft message 2 with swapped payloads
+	msg2 := &mixmessages.Slot{
+		PayloadA: payloadB,
+		PayloadB: payloadA,
+		KMACs:    kmacs,
+		SenderID: senderID,
+	}
+
+	gwSlot2 := &mixmessages.GatewaySlot{
+		Message: msg2,
+		RoundID: roundId,
+	}
+
+	// Generate slot digest
+	gwDigest1 := GenerateSlotDigest(gwSlot1)
+	gwDigest2 := GenerateSlotDigest(gwSlot2)
+
+	if reflect.DeepEqual(gwDigest1, gwDigest2) {
+		t.Errorf("GenerateSlotDigest outputted identical results with different input."+
+			"\n\tPrimary output: %v"+
+			"\n\tSecondary output: %v", gwDigest1, gwDigest2)
+	}
+}
+
+var precannedGatewayDigest = []byte{115, 101, 110, 100, 101, 114, 73, 100, 112, 97, 121, 108, 111, 97, 100, 65, 112, 97, 121, 108, 111, 97, 100, 66, 107, 109, 97, 99, 49, 107, 109, 97, 99, 50, 0, 0, 0, 0, 0, 0, 44, 156}
--- a/node/endpoint.go
+++ b/node/endpoint.go
@@ -212,7 +212,7 @@ func (s *Comms) ConfirmRegistration(ctx context.Context,
 	}

 	// Obtain signed client public key by passing to server
-	signature, err := s.handler.ConfirmRegistration(userID,
+	signature, clientGwKey, err := s.handler.ConfirmRegistration(userID,
 		regConfirmRequest.NonceSignedByClient.Signature, authState)

 	// Obtain the error message, if any
@@ -227,6 +227,7 @@ func (s *Comms) ConfirmRegistration(ctx context.Context,
 			Signature: signature,
 		},
 		Error:            errMsg,
+		ClientGatewayKey: clientGwKey,
 	}, err
 }


--- a/node/handler.go
+++ b/node/handler.go
@@ -84,7 +84,7 @@ type Handler interface {
 		RSASignedByRegistration, DHSignedByClientRSA []byte, auth *connect.Auth) ([]byte, []byte, error)

 	// Server interface for ConfirmNonceMessage
-	ConfirmRegistration(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, error)
+	ConfirmRegistration(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, []byte, error)

 	// PostPrecompResult interface to finalize both payloads' precomps
 	PostPrecompResult(roundID uint64, slots []*mixmessages.Slot, auth *connect.Auth) error
@@ -126,7 +126,7 @@ type implementationFunctions struct {
 	RequestNonce func(salt []byte, RSAPubKey string, DHPubKey,
 		RSASigFromReg, RSASigDH []byte, auth *connect.Auth) ([]byte, []byte, error)
 	// Server interface for ConfirmNonceMessage
-	ConfirmRegistration func(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, error)
+	ConfirmRegistration func(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, []byte, error)

 	// PostPrecompResult interface to finalize both payloads' precomputations
 	PostPrecompResult func(roundID uint64,
@@ -201,9 +201,9 @@ func NewImplementation() *Implementation {
 				warn(um)
 				return nil, nil, nil
 			},
-			ConfirmRegistration: func(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, error) {
+			ConfirmRegistration: func(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, []byte, error) {
 				warn(um)
-				return nil, nil
+				return nil, nil, nil
 			},
 			PostPrecompResult: func(roundID uint64,
 				slots []*mixmessages.Slot, auth *connect.Auth) error {
@@ -271,7 +271,7 @@ func (s *Implementation) RequestNonce(salt []byte, RSAPubKey string, DHPubKey,
 }

 // Server interface for ConfirmNonceMessage
-func (s *Implementation) ConfirmRegistration(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, error) {
+func (s *Implementation) ConfirmRegistration(UserID *id.ID, Signature []byte, auth *connect.Auth) ([]byte, []byte, error) {
 	return s.Functions.ConfirmRegistration(UserID, Signature, auth)
 }