diff --git a/auth/signature.go b/auth/signature.go new file mode 100644 index 0000000000000000000000000000000000000000..b74fa2c3d61da403de436ca587aa88f34212090a --- /dev/null +++ b/auth/signature.go @@ -0,0 +1,41 @@ +package auth + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha512" + "crypto/x509" + "fmt" +) + +// SignStructure signs the provided structure with the private key. +// The used protocol is RSA PKCS#1 v1.5 with SHA-512 hash. +// The structure is serialized to a string representation using the fmt package. +func SignStructure(key *rsa.PrivateKey, structure interface{}) ([]byte, error) { + hash, err := hashStruct(structure) + if err != nil { + return nil, err + } + + return rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA512, hash) +} + +// VerifyStructure verifies the signed message according to the provided structure and certificate. +// See SignStructure for protocol definition. +func VerifyStructure(cert *x509.Certificate, structure interface{}, signed []byte) (bool, error) { + hash, err := hashStruct(structure) + if err != nil { + return false, err + } + + err = rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.SHA512, hash, signed) + return err == nil, err +} + +func hashStruct(structure interface{}) (hash []byte, err error) { + data := []byte(fmt.Sprintf("%v", structure)) + rawHash := sha512.Sum512(data) + hash = rawHash[:] + return +} diff --git a/auth/signature_test.go b/auth/signature_test.go new file mode 100644 index 0000000000000000000000000000000000000000..f7192a08b699a8e369ba557297d95771414cb1e3 --- /dev/null +++ b/auth/signature_test.go @@ -0,0 +1,47 @@ +package auth + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +type TestStructure struct { + FieldA int64 + FieldB []byte + FieldC *TestStructure +} + +func TestSignStructure(t *testing.T) { + key, err := GeneratePrivateKey(1024) + assert.Nil(t, err) + + res, err := SignStructure(key, TestStructure{}) + assert.Nil(t, err) + assert.True(t, len(res) > 0) +} + +func TestVerifyStructure(t *testing.T) { + key, err := GeneratePrivateKey(1024) + assert.Nil(t, err) + + selfSigned, err := GetSelfSignedCertificate(1, 0, "", "", "", "test", key) + assert.Nil(t, err) + cert, err := PEMToCertificate(selfSigned) + assert.Nil(t, err) + + s := TestStructure{ + FieldA: 5, + FieldB: []byte{0x01, 0x02}, + FieldC: &TestStructure{}, + } + + res, _ := SignStructure(key, s) + valid, err := VerifyStructure(cert, s, res) + assert.Nil(t, err) + assert.True(t, valid) + + s.FieldB[1] = 0x42 + valid, _ = VerifyStructure(cert, s, res) + assert.False(t, valid) +} diff --git a/dfssc/api/client.pb.go b/dfssc/api/client.pb.go index 4d9b2e63505d5c9449544e01af7803a89113fa3b..8deff0a44d0953f10793927f9db1ab24c6666deb 100644 --- a/dfssc/api/client.pb.go +++ b/dfssc/api/client.pb.go @@ -51,8 +51,8 @@ type Context struct { ContractDocumentHash []byte `protobuf:"bytes,5,opt,name=contractDocumentHash,proto3" json:"contractDocumentHash,omitempty"` // / The unique signature attemp ID, as provided by the platform during the ready signal SignatureUUID string `protobuf:"bytes,6,opt,name=signatureUUID" json:"signatureUUID,omitempty"` - // / The signed metadata hashb, as provided by the platform during the ready signal - SignedHash []byte `protobuf:"bytes,7,opt,name=signedHash,proto3" json:"signedHash,omitempty"` + // / The signed metadata seal, as provided by the platform during the ready signal + Seal []byte `protobuf:"bytes,7,opt,name=seal,proto3" json:"seal,omitempty"` } func (m *Context) Reset() { *m = Context{} } @@ -263,28 +263,28 @@ var _Client_serviceDesc = grpc.ServiceDesc{ var fileDescriptor0 = []byte{ // 380 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0x5d, 0x4f, 0xc2, 0x30, - 0x14, 0xe5, 0x43, 0x18, 0x5c, 0x07, 0x31, 0x0d, 0x0f, 0xcb, 0x8c, 0x06, 0x17, 0x62, 0x88, 0x0f, - 0x23, 0xc1, 0x9f, 0x00, 0x26, 0x18, 0x63, 0x62, 0xa6, 0xfc, 0x80, 0xda, 0x15, 0x6d, 0x32, 0xd6, - 0xd9, 0x16, 0x03, 0xbf, 0xc1, 0x37, 0x7f, 0xb1, 0xdd, 0x1d, 0x43, 0x88, 0x3c, 0xf8, 0xb2, 0xec, - 0xdc, 0x7b, 0x7a, 0xce, 0xbd, 0xa7, 0x85, 0xf3, 0x78, 0xa1, 0xf5, 0x28, 0xff, 0xb0, 0x11, 0xcd, - 0xc4, 0x88, 0x25, 0x82, 0xa7, 0x26, 0xcc, 0x94, 0x34, 0x92, 0xd4, 0x6d, 0xc5, 0xbf, 0xd8, 0x31, - 0x32, 0x64, 0x64, 0x09, 0x35, 0x0b, 0xa9, 0x96, 0x05, 0x27, 0xf8, 0xaa, 0x81, 0x33, 0x91, 0xa9, - 0xe1, 0x6b, 0x43, 0x6e, 0xe0, 0x4c, 0x71, 0x26, 0xb2, 0x5c, 0xe2, 0x81, 0x6f, 0x66, 0x54, 0xbf, - 0x7b, 0xd5, 0x7e, 0x75, 0xe8, 0x46, 0x7f, 0xea, 0x64, 0x00, 0x1d, 0xcd, 0xd3, 0x98, 0xab, 0x92, - 0x58, 0x43, 0xe2, 0x61, 0x91, 0xf8, 0xd0, 0xd2, 0xfc, 0x63, 0xc5, 0x53, 0xc6, 0xbd, 0x7a, 0xbf, - 0x3e, 0xec, 0x44, 0x3b, 0x4c, 0x3c, 0x70, 0xb4, 0x78, 0x4b, 0xb9, 0xd2, 0xde, 0x89, 0x6d, 0xb9, - 0x51, 0x09, 0xc9, 0x18, 0x7a, 0xcc, 0x8e, 0xa4, 0x28, 0x33, 0x53, 0xc9, 0x56, 0x4b, 0x6b, 0x8b, - 0x16, 0x0d, 0xb4, 0x38, 0xda, 0xc3, 0x79, 0xec, 0x71, 0x6a, 0x56, 0x8a, 0xcf, 0xe7, 0xf7, 0x53, - 0xaf, 0x69, 0xc9, 0xed, 0xe8, 0xb0, 0x48, 0x2e, 0x01, 0xd0, 0x24, 0x46, 0x3d, 0x07, 0xf5, 0xf6, - 0x2a, 0x01, 0x05, 0xe7, 0x49, 0xc9, 0xa5, 0xd0, 0x9c, 0x5c, 0x83, 0xc3, 0x8a, 0x5c, 0x30, 0x83, - 0xd3, 0xb1, 0x1b, 0xda, 0xf8, 0xc2, 0x6d, 0x56, 0x51, 0xd9, 0x24, 0x3d, 0x68, 0x08, 0xbb, 0xf2, - 0x1a, 0x03, 0xe8, 0x44, 0x05, 0xc8, 0x97, 0xcb, 0xe8, 0x26, 0x91, 0x34, 0xb6, 0x7b, 0xe7, 0x2e, - 0x25, 0x0c, 0x1e, 0xa1, 0xfd, 0x5c, 0xce, 0xf4, 0x6f, 0x93, 0x3d, 0xb9, 0xda, 0xa1, 0xdc, 0x15, - 0x34, 0x66, 0x3c, 0x49, 0x64, 0x4e, 0xf9, 0xb4, 0xe1, 0x09, 0x99, 0xa2, 0x54, 0x3b, 0x2a, 0xe1, - 0xf8, 0xbb, 0x0a, 0xcd, 0x09, 0xbe, 0x0b, 0x12, 0x82, 0xfb, 0xa2, 0x38, 0x35, 0xe5, 0x92, 0x85, - 0xdd, 0x16, 0xf9, 0x5d, 0x44, 0x77, 0x4a, 0x49, 0x35, 0x91, 0x31, 0x0f, 0x2a, 0xf6, 0x26, 0xba, - 0xc8, 0xff, 0x9d, 0xb8, 0xe0, 0xec, 0xf0, 0x91, 0x33, 0x03, 0x68, 0x4d, 0x85, 0x66, 0xd2, 0xda, - 0x13, 0xc0, 0x2e, 0x0e, 0xe8, 0xef, 0xfd, 0x07, 0x95, 0xd7, 0x26, 0x3e, 0xbf, 0xdb, 0x9f, 0x00, - 0x00, 0x00, 0xff, 0xff, 0xb4, 0xf1, 0xe7, 0x80, 0xc1, 0x02, 0x00, 0x00, + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0xed, 0xaa, 0xda, 0x40, + 0x10, 0x35, 0x7e, 0x45, 0xa7, 0x51, 0xca, 0xe2, 0x8f, 0x90, 0x52, 0xb0, 0x41, 0x8a, 0xf4, 0x47, + 0x04, 0xfb, 0x08, 0x5a, 0xb0, 0x94, 0x42, 0x49, 0xeb, 0x03, 0x6c, 0x37, 0x63, 0xbb, 0x10, 0xb3, + 0xe9, 0xee, 0x5a, 0xf4, 0x35, 0xee, 0x0b, 0xdf, 0xbb, 0x99, 0x18, 0xaf, 0x72, 0xfd, 0x71, 0xff, + 0x2c, 0x7b, 0x66, 0xce, 0x9e, 0x33, 0x67, 0x58, 0x78, 0x97, 0xed, 0x8c, 0x59, 0x54, 0x87, 0x58, + 0xf0, 0x52, 0x2e, 0x44, 0x2e, 0xb1, 0xb0, 0x49, 0xa9, 0x95, 0x55, 0xac, 0xe3, 0x2a, 0xd1, 0xfb, + 0x0b, 0xa3, 0x24, 0x46, 0x99, 0x73, 0xbb, 0x53, 0x7a, 0x5f, 0x73, 0xe2, 0x47, 0x0f, 0xfc, 0x95, + 0x2a, 0x2c, 0x1e, 0x2d, 0xfb, 0x04, 0x6f, 0x35, 0x0a, 0x59, 0x56, 0x12, 0xdf, 0xf0, 0xb4, 0xe1, + 0xe6, 0x6f, 0xe8, 0x4d, 0xbd, 0x79, 0x90, 0xbe, 0xa8, 0xb3, 0x19, 0x8c, 0x0c, 0x16, 0x19, 0xea, + 0x86, 0xd8, 0x26, 0xe2, 0x6d, 0x91, 0x45, 0x30, 0x30, 0xf8, 0xef, 0x80, 0x85, 0xc0, 0xb0, 0x33, + 0xed, 0xcc, 0x47, 0xe9, 0x05, 0xb3, 0x10, 0x7c, 0x23, 0xff, 0x14, 0xa8, 0x4d, 0xd8, 0x75, 0xad, + 0x20, 0x6d, 0x20, 0x5b, 0xc2, 0x44, 0xb8, 0x91, 0x34, 0x17, 0x76, 0xad, 0xc4, 0x61, 0xef, 0x6c, + 0xc9, 0xa2, 0x47, 0x16, 0x77, 0x7b, 0x34, 0x8f, 0x7b, 0xce, 0xed, 0x41, 0xe3, 0x76, 0xfb, 0x75, + 0x1d, 0xf6, 0x1d, 0x79, 0x98, 0xde, 0x16, 0x19, 0x83, 0xae, 0x41, 0x9e, 0x87, 0x3e, 0x29, 0xd1, + 0x3d, 0xe6, 0xe0, 0xff, 0xd0, 0x6a, 0x2f, 0x0d, 0xb2, 0x8f, 0xe0, 0x8b, 0x7a, 0x17, 0x94, 0xfb, + 0xcd, 0x32, 0x48, 0xdc, 0xca, 0x92, 0xf3, 0x7e, 0xd2, 0xa6, 0xc9, 0x26, 0xd0, 0x93, 0x2e, 0xe6, + 0x91, 0x42, 0x8f, 0xd2, 0x1a, 0x54, 0x81, 0x4a, 0x7e, 0xca, 0x15, 0xcf, 0x5c, 0xd6, 0x4a, 0xbf, + 0x81, 0xf1, 0x77, 0x18, 0xfe, 0x6c, 0xe6, 0x78, 0xb5, 0xc9, 0x95, 0x5c, 0xfb, 0x56, 0xee, 0x03, + 0xf4, 0x36, 0x98, 0xe7, 0xaa, 0xa2, 0xfc, 0x77, 0x0b, 0x93, 0xaa, 0x20, 0xa9, 0x61, 0xda, 0xc0, + 0xe5, 0x83, 0x07, 0xfd, 0x15, 0xfd, 0x05, 0x96, 0x40, 0xf0, 0x4b, 0x23, 0xb7, 0x4d, 0xc8, 0xda, + 0xee, 0x8c, 0xa2, 0x31, 0xa1, 0x2f, 0x5a, 0x2b, 0xbd, 0x52, 0x19, 0xc6, 0x2d, 0xb7, 0xfd, 0x31, + 0xf1, 0x9f, 0x27, 0xae, 0x39, 0x17, 0x7c, 0xe7, 0xcd, 0x0c, 0x06, 0x6b, 0x69, 0x84, 0x72, 0xf6, + 0x0c, 0xa8, 0x4b, 0x03, 0x46, 0x57, 0xf7, 0xb8, 0xf5, 0xbb, 0x4f, 0x5f, 0xee, 0xf3, 0x53, 0x00, + 0x00, 0x00, 0xff, 0xff, 0xfe, 0x4f, 0xca, 0xea, 0xb5, 0x02, 0x00, 0x00, } diff --git a/dfssc/api/client.proto b/dfssc/api/client.proto index a86605cc9f72bb7ff7423a1675adc45da2fe0ac5..79b5382725956d38de0fb584fa6f706a39792e71 100644 --- a/dfssc/api/client.proto +++ b/dfssc/api/client.proto @@ -30,8 +30,8 @@ message Context { bytes contractDocumentHash = 5; /// The unique signature attemp ID, as provided by the platform during the ready signal string signatureUUID = 6; - /// The signed metadata hashb, as provided by the platform during the ready signal - bytes signedHash = 7; + /// The signed metadata seal, as provided by the platform during the ready signal + bytes seal = 7; } message Promise { diff --git a/dfssc/sign/promises.go b/dfssc/sign/promises.go index d085bc7b0ace246962e8bf0979bc224b7c7b0112..0acd5860888f0cba9e260466af88997adf7492a9 100644 --- a/dfssc/sign/promises.go +++ b/dfssc/sign/promises.go @@ -21,6 +21,7 @@ func (m *SignatureManager) createContext(from, to uint32) (*cAPI.Context, error) Signers: m.keyHash, ContractDocumentHash: []byte(m.contract.File.Hash), SignatureUUID: m.uuid, + Seal: m.seal, }, nil } diff --git a/dfssc/sign/starter.go b/dfssc/sign/starter.go index d6cdf997ae69493d05e40672dc421d3d89bc3563..081c6096de5d85c68d65a0936f6d0fdd94381a56 100644 --- a/dfssc/sign/starter.go +++ b/dfssc/sign/starter.go @@ -42,6 +42,7 @@ type SignatureManager struct { keyHash [][]byte mail string archives *Archives + seal []byte // Callbacks OnSignerStatusUpdate func(mail string, status SignerStatus, data string) @@ -215,6 +216,7 @@ func (m *SignatureManager) SendReadySign() (signatureUUID string, err error) { m.sequence = launch.Sequence m.uuid = launch.SignatureUuid m.keyHash = launch.KeyHash + m.seal = launch.Seal signatureUUID = m.uuid return } diff --git a/dfssp/api/platform.pb.go b/dfssp/api/platform.pb.go index c168ebb2142a614c1649777e12f9145a4b0b3937..b93699dc40715d6daf437ed923fb36ff02f042a8 100644 --- a/dfssp/api/platform.pb.go +++ b/dfssp/api/platform.pb.go @@ -261,12 +261,16 @@ type LaunchSignature struct { ErrorCode *ErrorCode `protobuf:"bytes,1,opt,name=errorCode" json:"errorCode,omitempty"` // / The unique signature generated by the platform for this specific signature attempt SignatureUuid string `protobuf:"bytes,2,opt,name=signatureUuid" json:"signatureUuid,omitempty"` + // / The SHA-512 hash of the contract document + DocumentHash []byte `protobuf:"bytes,3,opt,name=documentHash,proto3" json:"documentHash,omitempty"` // / A confirmation of client hashes for communication authentication - KeyHash [][]byte `protobuf:"bytes,3,rep,name=keyHash,proto3" json:"keyHash,omitempty"` + KeyHash [][]byte `protobuf:"bytes,4,rep,name=keyHash,proto3" json:"keyHash,omitempty"` // / The signing sequence generated on-the-fly by the platform - Sequence []uint32 `protobuf:"varint,4,rep,name=sequence" json:"sequence,omitempty"` - // / The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification. - Hash []byte `protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"` + Sequence []uint32 `protobuf:"varint,5,rep,name=sequence" json:"sequence,omitempty"` + // / The cryptographic object of the signature of this structure (seal and errorCode excepted) by the platform, for data certification. + // / The signature is computed using auth.SignStructure function: + // / PKCS1v15 + SHA512 hash of the string representation of the structure + Seal []byte `protobuf:"bytes,6,opt,name=seal,proto3" json:"seal,omitempty"` } func (m *LaunchSignature) Reset() { *m = LaunchSignature{} } @@ -616,50 +620,51 @@ var _Platform_serviceDesc = grpc.ServiceDesc{ } var fileDescriptor0 = []byte{ - // 706 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x94, 0x55, 0x5f, 0x6f, 0x12, 0x4b, - 0x14, 0x67, 0x81, 0x16, 0x38, 0x14, 0xba, 0x19, 0x7a, 0xef, 0xe5, 0x92, 0xd4, 0x34, 0x13, 0x13, - 0x1b, 0x63, 0xa0, 0xc1, 0x44, 0xa3, 0x6f, 0x14, 0x49, 0x5b, 0x53, 0xb1, 0x19, 0x40, 0x13, 0xdf, - 0xd6, 0xdd, 0x69, 0x59, 0xcb, 0xfe, 0x71, 0x66, 0x88, 0xe9, 0x9b, 0x1f, 0xc1, 0x6f, 0xe2, 0x8b, - 0x9f, 0x4f, 0x9d, 0x99, 0xdd, 0x59, 0x16, 0x24, 0x26, 0xe5, 0x61, 0x99, 0x73, 0xe6, 0xcc, 0xef, - 0x9c, 0xf3, 0x9b, 0xf3, 0xdb, 0x85, 0x43, 0xef, 0x9a, 0xf3, 0x9e, 0x7a, 0xc4, 0x3d, 0x27, 0xf6, - 0x7b, 0xf1, 0xc2, 0x11, 0xd7, 0x11, 0x0b, 0xba, 0x31, 0x8b, 0x44, 0x84, 0x4a, 0xd2, 0x87, 0x07, - 0xb0, 0x4f, 0xe8, 0x8d, 0xcf, 0x05, 0x65, 0x84, 0x7e, 0x5e, 0x52, 0x2e, 0xd0, 0x01, 0xec, 0xd0, - 0xc0, 0xf1, 0x17, 0x6d, 0xeb, 0xc8, 0x3a, 0xae, 0x91, 0xc4, 0x40, 0x6d, 0xa8, 0xb0, 0x24, 0xa0, - 0x5d, 0xd4, 0x7e, 0x63, 0xe2, 0x1f, 0x16, 0xd4, 0x46, 0x8c, 0x45, 0x6c, 0x18, 0x79, 0x14, 0x3d, - 0x82, 0xb2, 0x2b, 0xff, 0xf5, 0xe1, 0x66, 0xbf, 0xd5, 0x95, 0x49, 0xba, 0xd9, 0x6e, 0x57, 0x3d, - 0x88, 0x0e, 0x50, 0x80, 0x01, 0xe5, 0xdc, 0xb9, 0xa1, 0x06, 0x30, 0x35, 0xb1, 0x07, 0x65, 0x0d, - 0x55, 0x87, 0xca, 0x64, 0x36, 0x1c, 0x8e, 0x26, 0x13, 0xbb, 0x80, 0x00, 0x76, 0x2f, 0xc6, 0xef, - 0x06, 0xe4, 0xcc, 0xb6, 0xd4, 0xc6, 0xe9, 0xe0, 0xd5, 0x60, 0x36, 0x3d, 0xb7, 0x8b, 0xca, 0x78, - 0x3f, 0x20, 0xe3, 0x8b, 0xf1, 0x99, 0x5d, 0x42, 0x2d, 0x15, 0x35, 0x1d, 0x11, 0x62, 0xff, 0x32, - 0x3f, 0x4b, 0x36, 0x54, 0x99, 0x5e, 0xbc, 0x19, 0xbd, 0x9d, 0x4d, 0xed, 0x9f, 0x99, 0x17, 0xbf, - 0x80, 0xfa, 0x60, 0x29, 0xe6, 0x7f, 0xef, 0x5a, 0x7a, 0x45, 0x74, 0x4b, 0xc3, 0xb4, 0xc4, 0xc4, - 0xc0, 0x27, 0xd0, 0x34, 0xa4, 0x51, 0x6f, 0xc6, 0x29, 0x43, 0x0f, 0x00, 0xdc, 0x85, 0x4f, 0x43, - 0x31, 0xa4, 0x4c, 0xa4, 0x10, 0x39, 0x0f, 0xae, 0xc0, 0xce, 0x28, 0x88, 0xc5, 0x1d, 0xfe, 0x02, - 0xad, 0xab, 0x88, 0x8b, 0x61, 0x14, 0x0a, 0xe6, 0xb8, 0xc2, 0x64, 0x47, 0x50, 0x9e, 0x3b, 0x7c, - 0xae, 0x4f, 0xee, 0x11, 0xbd, 0x46, 0x1d, 0xa8, 0x5e, 0xfb, 0x0b, 0x1a, 0x3a, 0x81, 0x61, 0x28, - 0xb3, 0xd1, 0xbf, 0xb0, 0xcb, 0xfd, 0x9b, 0x90, 0xb2, 0x76, 0xe9, 0xa8, 0x24, 0x77, 0x52, 0x4b, - 0x91, 0xea, 0x46, 0x41, 0x20, 0xd3, 0xb6, 0xcb, 0x09, 0xa9, 0xa9, 0x89, 0x8f, 0x01, 0x9d, 0xd1, - 0x6d, 0x79, 0x97, 0x4b, 0xdf, 0x4b, 0x2b, 0xd6, 0x6b, 0x7c, 0x09, 0x55, 0x13, 0x86, 0x9e, 0x40, - 0x8d, 0x9a, 0xcb, 0xd3, 0x41, 0xf5, 0x7e, 0x73, 0xfd, 0x4a, 0xc9, 0x2a, 0x40, 0xa1, 0x7d, 0xe2, - 0x51, 0x42, 0x96, 0xec, 0x42, 0xad, 0xf1, 0x18, 0x0e, 0x5e, 0x47, 0x7e, 0x38, 0x91, 0xf5, 0x39, - 0x62, 0xc9, 0xa8, 0xc9, 0x8c, 0x61, 0xcf, 0x4d, 0xb3, 0xcc, 0x56, 0x15, 0xac, 0xf9, 0x14, 0x5e, - 0x1c, 0xb1, 0x64, 0xe0, 0x1a, 0x44, 0xaf, 0xf1, 0x57, 0x0b, 0x1a, 0x8a, 0x72, 0x59, 0x62, 0x48, - 0x5d, 0x41, 0xbd, 0x7b, 0xd6, 0xb8, 0x99, 0xb7, 0xb8, 0x25, 0xef, 0xa1, 0x64, 0x85, 0x6b, 0x6e, - 0x15, 0x58, 0x4d, 0x83, 0xa9, 0x9c, 0x44, 0xbb, 0xf1, 0x07, 0x28, 0xeb, 0x4b, 0x97, 0x64, 0xdf, - 0xd2, 0xbb, 0xf3, 0xd5, 0xbd, 0x19, 0x73, 0x35, 0x4c, 0xc5, 0xfc, 0x30, 0x35, 0xa1, 0xe8, 0xc7, - 0x1a, 0xb4, 0x46, 0xe4, 0x2a, 0x6b, 0xaf, 0x9c, 0x6b, 0xef, 0x19, 0xd8, 0x84, 0x3a, 0xde, 0x9d, - 0xe2, 0xeb, 0x1e, 0x54, 0xe1, 0xef, 0x16, 0xec, 0x5f, 0x3a, 0xcb, 0xd0, 0x9d, 0x67, 0x4c, 0xdf, - 0x93, 0x98, 0x87, 0xd0, 0xe0, 0xe6, 0x68, 0x8e, 0x99, 0x75, 0x67, 0xbe, 0x67, 0x35, 0x79, 0xb9, - 0x9e, 0xe5, 0xb8, 0x72, 0x55, 0x70, 0xe8, 0x52, 0xd9, 0x51, 0x49, 0x76, 0x94, 0xd9, 0xd9, 0x78, - 0xef, 0xac, 0xc6, 0xbb, 0xff, 0xad, 0x04, 0xd5, 0xab, 0xf4, 0x8d, 0x84, 0xfa, 0x50, 0x35, 0x8a, - 0x42, 0x07, 0xba, 0xc6, 0x8d, 0xb7, 0x52, 0x67, 0xa3, 0x72, 0x5c, 0x40, 0x3d, 0x28, 0x2b, 0x01, - 0x23, 0x5b, 0xef, 0xe4, 0xb4, 0xdc, 0x69, 0xad, 0x21, 0x24, 0x12, 0x95, 0x07, 0x1e, 0x03, 0xcc, - 0x42, 0x66, 0xd2, 0x40, 0x02, 0xa8, 0x54, 0xb9, 0x05, 0xfc, 0x25, 0xec, 0xe5, 0x75, 0x8a, 0xda, - 0x3a, 0x62, 0x8b, 0x74, 0xb7, 0x9c, 0x7d, 0x0e, 0xf5, 0x9c, 0xd4, 0xd0, 0x7f, 0x3a, 0xe0, 0x4f, - 0xf1, 0x75, 0x1a, 0x7a, 0xc3, 0x78, 0xe5, 0xc1, 0x53, 0x68, 0xac, 0x69, 0x05, 0xfd, 0xaf, 0x23, - 0xb6, 0xe9, 0xa7, 0x83, 0xb2, 0xa9, 0xcc, 0x94, 0x80, 0x0b, 0x27, 0x96, 0x2c, 0xbc, 0x96, 0x0d, - 0x10, 0xfa, 0x27, 0x25, 0x62, 0x7d, 0xa0, 0x3a, 0x09, 0xc3, 0x1b, 0xe3, 0x82, 0x0b, 0x1f, 0x77, - 0xf5, 0x87, 0xe1, 0xe9, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc5, 0x4c, 0xa0, 0x21, 0x39, 0x06, - 0x00, 0x00, + // 723 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x94, 0x55, 0xef, 0x6e, 0xd3, 0x30, + 0x10, 0x6f, 0xda, 0xac, 0x7f, 0xae, 0x6b, 0x17, 0xb9, 0x03, 0x42, 0xa5, 0xa1, 0xc9, 0x42, 0x62, + 0x42, 0xa8, 0x9d, 0x8a, 0x04, 0x82, 0x6f, 0x5d, 0xa9, 0xb6, 0xa1, 0x51, 0x26, 0xb7, 0x05, 0x89, + 0x6f, 0x21, 0xf1, 0xd6, 0xb0, 0x36, 0x29, 0xb1, 0x2b, 0xb4, 0x6f, 0x3c, 0x02, 0x0f, 0xc3, 0x9b, + 0xf0, 0x3e, 0x80, 0xed, 0xc4, 0x69, 0x52, 0x2a, 0xa4, 0xf5, 0x43, 0xea, 0x3b, 0x9f, 0x7f, 0x77, + 0xf7, 0xf3, 0xfd, 0x12, 0x38, 0xf0, 0xae, 0x18, 0xeb, 0xca, 0xc7, 0xb2, 0xeb, 0x2c, 0xfd, 0xee, + 0x72, 0xee, 0xf0, 0xab, 0x30, 0x5a, 0x74, 0x96, 0x51, 0xc8, 0x43, 0x54, 0x12, 0x3e, 0xdc, 0x87, + 0x3d, 0x42, 0xaf, 0x7d, 0xc6, 0x69, 0x44, 0xe8, 0xd7, 0x15, 0x65, 0x1c, 0xed, 0xc3, 0x0e, 0x5d, + 0x38, 0xfe, 0xdc, 0x36, 0x0e, 0x8d, 0xa3, 0x1a, 0x89, 0x0d, 0x64, 0x43, 0x25, 0x8a, 0x03, 0xec, + 0xa2, 0xf2, 0x6b, 0x13, 0xff, 0x34, 0xa0, 0x36, 0x8c, 0xa2, 0x30, 0x1a, 0x84, 0x1e, 0x45, 0x4f, + 0xc0, 0x74, 0xc5, 0xbf, 0x3a, 0xdc, 0xec, 0xb5, 0x3a, 0x22, 0x49, 0x27, 0xdd, 0xed, 0xc8, 0x07, + 0x51, 0x01, 0x12, 0x70, 0x41, 0x19, 0x73, 0xae, 0xa9, 0x06, 0x4c, 0x4c, 0xec, 0x81, 0xa9, 0xa0, + 0xea, 0x50, 0x19, 0x4f, 0x07, 0x83, 0xe1, 0x78, 0x6c, 0x15, 0x10, 0x40, 0xf9, 0x7c, 0xf4, 0xa1, + 0x4f, 0x4e, 0x2d, 0x43, 0x6e, 0x9c, 0xf4, 0xdf, 0xf4, 0xa7, 0x93, 0x33, 0xab, 0x28, 0x8d, 0x8f, + 0x7d, 0x32, 0x3a, 0x1f, 0x9d, 0x5a, 0x25, 0xd4, 0x92, 0x51, 0x93, 0x21, 0x21, 0xd6, 0x1f, 0xfd, + 0x33, 0x44, 0x43, 0x95, 0xc9, 0xf9, 0xbb, 0xe1, 0xfb, 0xe9, 0xc4, 0xfa, 0x9d, 0x7a, 0xf1, 0x2b, + 0xa8, 0xf7, 0x57, 0x7c, 0xf6, 0xff, 0xae, 0x85, 0x97, 0x87, 0x37, 0x34, 0x48, 0x4a, 0x8c, 0x0d, + 0x7c, 0x0c, 0x4d, 0x4d, 0x1a, 0xf5, 0xa6, 0x8c, 0x46, 0xe8, 0x11, 0x80, 0x3b, 0xf7, 0x69, 0xc0, + 0x07, 0x34, 0xe2, 0x09, 0x44, 0xc6, 0x83, 0x2b, 0xb0, 0x33, 0x5c, 0x2c, 0xf9, 0x2d, 0xfe, 0x06, + 0xad, 0xcb, 0x90, 0xf1, 0x41, 0x18, 0xf0, 0xc8, 0x71, 0xb9, 0xce, 0x8e, 0xc0, 0x9c, 0x39, 0x6c, + 0xa6, 0x4e, 0xee, 0x12, 0xb5, 0x46, 0x6d, 0xa8, 0x5e, 0xf9, 0x73, 0x1a, 0x38, 0x0b, 0xcd, 0x50, + 0x6a, 0xa3, 0xfb, 0x50, 0x66, 0xfe, 0x75, 0x40, 0x23, 0xbb, 0x74, 0x58, 0x12, 0x3b, 0x89, 0x25, + 0x49, 0x75, 0xc3, 0xc5, 0x42, 0xa4, 0xb5, 0xcd, 0x98, 0xd4, 0xc4, 0xc4, 0x47, 0x80, 0x4e, 0xe9, + 0xb6, 0xbc, 0xab, 0x95, 0xef, 0x25, 0x15, 0xab, 0x35, 0xbe, 0x80, 0xaa, 0x0e, 0x43, 0xcf, 0xa0, + 0x46, 0xf5, 0xe5, 0xa9, 0xa0, 0x7a, 0xaf, 0x99, 0xbf, 0x52, 0xb2, 0x0e, 0x90, 0x68, 0x5f, 0x58, + 0x18, 0x93, 0x25, 0xba, 0x90, 0x6b, 0x3c, 0x82, 0xfd, 0xb7, 0xa1, 0x1f, 0x8c, 0x45, 0x7d, 0x0e, + 0x5f, 0x45, 0x54, 0x67, 0xc6, 0xb0, 0xeb, 0x26, 0x59, 0xa6, 0xeb, 0x0a, 0x72, 0x3e, 0x89, 0xb7, + 0x0c, 0xa3, 0x78, 0xe0, 0x1a, 0x44, 0xad, 0xf1, 0x77, 0x03, 0x1a, 0x92, 0x72, 0x51, 0x62, 0x40, + 0x5d, 0x4e, 0xbd, 0x3b, 0xd6, 0xb8, 0x99, 0xb7, 0xb8, 0x25, 0xef, 0x81, 0x60, 0x85, 0x29, 0x6e, + 0x25, 0x58, 0x4d, 0x81, 0xc9, 0x9c, 0x44, 0xb9, 0xf1, 0x27, 0x30, 0xd5, 0xa5, 0x0b, 0xb2, 0x6f, + 0xe8, 0xed, 0xd9, 0xfa, 0xde, 0xb4, 0xb9, 0x1e, 0xa6, 0x62, 0x76, 0x98, 0x9a, 0x50, 0xf4, 0x97, + 0x0a, 0xb4, 0x46, 0xc4, 0x2a, 0x6d, 0xcf, 0xcc, 0xb4, 0xf7, 0x02, 0x2c, 0x42, 0x1d, 0xef, 0x56, + 0xf2, 0x75, 0x07, 0xaa, 0xf0, 0x2f, 0x03, 0xf6, 0x2e, 0x9c, 0x55, 0xe0, 0xce, 0x52, 0xa6, 0xef, + 0x48, 0xcc, 0x63, 0x68, 0x30, 0x7d, 0x34, 0xc3, 0x4c, 0xde, 0x29, 0x6b, 0xf1, 0x42, 0x77, 0x25, + 0x47, 0x4a, 0x35, 0x5e, 0x52, 0x8d, 0xe7, 0x7c, 0x59, 0x5e, 0x4c, 0x31, 0x9d, 0x19, 0x5e, 0xc4, + 0x48, 0x33, 0xd9, 0x54, 0xe0, 0x52, 0x7b, 0x47, 0x6c, 0x35, 0x48, 0x6a, 0x4b, 0x36, 0x18, 0x75, + 0xe6, 0x76, 0x39, 0x1e, 0x1e, 0xb9, 0xee, 0xfd, 0x28, 0x41, 0xf5, 0x32, 0x79, 0x6b, 0xa1, 0x1e, + 0x54, 0xb5, 0xea, 0xd0, 0xbe, 0xea, 0x63, 0xe3, 0xcd, 0xd5, 0xde, 0xe8, 0x0e, 0x17, 0x50, 0x17, + 0x4c, 0x29, 0x72, 0x64, 0xa9, 0x9d, 0x8c, 0xde, 0xdb, 0xad, 0x1c, 0x42, 0x2c, 0x63, 0x71, 0xe0, + 0x29, 0xc0, 0x34, 0x88, 0x74, 0x1a, 0x88, 0x01, 0xa5, 0x72, 0xb7, 0x80, 0xbf, 0x86, 0xdd, 0xac, + 0x96, 0x91, 0xad, 0x22, 0xb6, 0xc8, 0x7b, 0xcb, 0xd9, 0x97, 0x50, 0xcf, 0xc8, 0x11, 0x3d, 0x50, + 0x01, 0xff, 0x0a, 0xb4, 0xdd, 0x50, 0x1b, 0xda, 0x2b, 0x0e, 0x9e, 0x40, 0x23, 0xa7, 0x27, 0xf4, + 0x50, 0x45, 0x6c, 0xd3, 0x58, 0x1b, 0xa5, 0x93, 0x9b, 0xaa, 0x05, 0x17, 0x8e, 0x0d, 0x51, 0x78, + 0x2d, 0x1d, 0x32, 0x74, 0x2f, 0x21, 0x22, 0x3f, 0x74, 0xed, 0x98, 0xe1, 0x8d, 0x91, 0xc2, 0x85, + 0xcf, 0x65, 0xf5, 0xf1, 0x78, 0xfe, 0x37, 0x00, 0x00, 0xff, 0xff, 0xdb, 0xb0, 0xef, 0x13, 0x5d, + 0x06, 0x00, 0x00, } diff --git a/dfssp/api/platform.proto b/dfssp/api/platform.proto index 4d67765bbbf3d26cf2cbcf603e38d776a5fe1421..2bc364fe90dba61fae9030104e4642d895477f4a 100644 --- a/dfssp/api/platform.proto +++ b/dfssp/api/platform.proto @@ -136,10 +136,14 @@ message LaunchSignature { ErrorCode errorCode = 1; /// The unique signature generated by the platform for this specific signature attempt string signatureUuid = 2; + /// The SHA-512 hash of the contract document + bytes documentHash = 3; /// A confirmation of client hashes for communication authentication - repeated bytes keyHash = 3; + repeated bytes keyHash = 4; /// The signing sequence generated on-the-fly by the platform - repeated uint32 sequence = 4; - /// The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification. - bytes hash = 5; + repeated uint32 sequence = 5; + /// The cryptographic object of the signature of this structure (seal and errorCode excepted) by the platform, for data certification. + /// The signature is computed using auth.SignStructure function: + /// PKCS1v15 + SHA512 hash of the string representation of the structure + bytes seal = 6; } diff --git a/dfssp/contract/ready.go b/dfssp/contract/ready.go index 206e25b855abe7d30bd1bd011bb1d1f744b9aa1b..97c65566aa4a23e9dd6bf0b9e4cab578b9401a83 100644 --- a/dfssp/contract/ready.go +++ b/dfssp/contract/ready.go @@ -14,10 +14,11 @@ import ( // readySignal is the structure that is transmitted accross goroutines type readySignal struct { - ready bool // If true, this is the ready signal. If not, this is a new connection signal - data string // Various data (CN or SignatureUUID) - chain [][]byte // Only used to broadcast hash chain (signers hashes in order) - sequence []uint32 // Only used to broadcast signature sequence + ready bool // If true, this is the ready signal. If not, this is a new connection signal + data string // Various data (CN or SignatureUUID) + documentHash []byte // Contract document SHA-512 hash + chain [][]byte // Only used to broadcast hash chain (signers hashes in order) + sequence []uint32 // Only used to broadcast signature sequence } // ReadySign is the last job of the platform before the signature can occur. @@ -56,6 +57,7 @@ func ReadySign(db *mgdb.MongoManager, rooms *common.WaitingGroupMap, ctx *contex return &api.LaunchSignature{ ErrorCode: &api.ErrorCode{Code: api.ErrorCode_SUCCESS}, SignatureUuid: s.data, + DocumentHash: s.documentHash, KeyHash: s.chain, Sequence: s.sequence, } @@ -110,10 +112,11 @@ func masterReadyRoutine(db *mgdb.MongoManager, rooms *common.WaitingGroupMap, co ready := FindAndUpdatePendingSigner(cn, &signersReady, &contract.Signers) if ready { rooms.Broadcast(roomID, &readySignal{ - ready: true, - data: bson.NewObjectId().Hex(), - chain: contract.GetHashChain(), - sequence: GenerateSignSequence(len(contract.Signers)), + ready: true, + data: bson.NewObjectId().Hex(), + documentHash: contract.File.Hash, + chain: contract.GetHashChain(), + sequence: GenerateSignSequence(len(contract.Signers)), }) work = false } diff --git a/dfssp/server/server.go b/dfssp/server/server.go index 4d1097ff80ca3c8ac9da7a6e69698f00ff1d65d9..b47bad748462fb3a5b95a3c0d49745b6aae9b389 100644 --- a/dfssp/server/server.go +++ b/dfssp/server/server.go @@ -5,8 +5,7 @@ import ( "fmt" "os" - "github.com/spf13/viper" - + "dfss/auth" "dfss/dfssp/api" "dfss/dfssp/authority" "dfss/dfssp/common" @@ -14,7 +13,7 @@ import ( "dfss/dfssp/user" "dfss/mgdb" "dfss/net" - + "github.com/spf13/viper" "golang.org/x/net/context" "google.golang.org/grpc" ) @@ -96,7 +95,20 @@ func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest if len(cn) == 0 { return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_BADAUTH}}, nil } - return contract.ReadySign(s.DB, s.Rooms, &ctx, in), nil + + signal := contract.ReadySign(s.DB, s.Rooms, &ctx, in) + if signal.ErrorCode.Code == api.ErrorCode_SUCCESS { + sealedSignal := *signal + sealedSignal.ErrorCode = nil + sealedSignal.Seal = nil + var err error + signal.Seal, err = auth.SignStructure(s.Pid.Pkey, sealedSignal) + if err != nil { + return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_INTERR}}, nil + } + } + + return signal, nil } // GetServer returns the GRPC server associated with the platform diff --git a/dfsst/entities/archivesManager.go b/dfsst/entities/archivesManager.go index a8036773ff07fbf97a81c29fd3580faca600de00..a26b6a025b01bcf0d4e7534a004254239761dd8a 100644 --- a/dfsst/entities/archivesManager.go +++ b/dfsst/entities/archivesManager.go @@ -29,7 +29,7 @@ func (manager *ArchivesManager) InitializeArchives(promise *cAPI.Promise, signat present, archives := manager.ContainsSignature(signatureUUID) if !present { - archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.SignedHash) + archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.Seal) } manager.Archives = archives diff --git a/dfsst/entities/archivesManager_test.go b/dfsst/entities/archivesManager_test.go index 93cc51e5ce2a136abb992b8751f409e5fb2f1856..6f74c4720822fb5ccc682e118f260d558589dc74 100644 --- a/dfsst/entities/archivesManager_test.go +++ b/dfsst/entities/archivesManager_test.go @@ -23,7 +23,7 @@ var ( signatureUUID string signatureUUIDBson bson.ObjectId - signedHash []byte + seal []byte signersEntities []Signer @@ -48,7 +48,7 @@ func init() { signatureUUIDBson = bson.NewObjectId() signatureUUID = signatureUUIDBson.Hex() - signedHash = []byte{} + seal = []byte{} signersEntities = make([]Signer, 0) for _, s := range signers { @@ -85,15 +85,15 @@ func TestInitializeArchives(t *testing.T) { Sequence: sequence, Signers: signers, SignatureUUID: signatureUUID, - SignedHash: signedHash, + Seal: seal, }, } - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, } - arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager.InitializeArchives(promise, signatureUUIDBson, &signersEntities) arch.Signers = manager.Archives.Signers @@ -114,7 +114,7 @@ func TestInitializeArchives(t *testing.T) { } func TestContainsSignature(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -138,7 +138,7 @@ func TestContainsSignature(t *testing.T) { } func TestHasReceivedAbortToken(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -164,7 +164,7 @@ func TestHasReceivedAbortToken(t *testing.T) { } func TestWasContractSigned(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -182,7 +182,7 @@ func TestWasContractSigned(t *testing.T) { } func TestHasSignerPromised(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -226,7 +226,7 @@ func TestHasSignerPromised(t *testing.T) { func TestAddToAbort(t *testing.T) { // TODO // Test the abortedIndex field, when promises will be implemented - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -258,7 +258,7 @@ func TestAddToAbort(t *testing.T) { } func TestAddToDishonest(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, @@ -290,7 +290,7 @@ func TestAddToDishonest(t *testing.T) { } func TestAddPromise(t *testing.T) { - archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash) + archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal) manager := &ArchivesManager{ DB: dbManager, Archives: archives, diff --git a/dfsst/entities/authContainer.go b/dfsst/entities/authContainer.go new file mode 100644 index 0000000000000000000000000000000000000000..e3ecc02ba874d653ecc5677f27be1c8e69488726 --- /dev/null +++ b/dfsst/entities/authContainer.go @@ -0,0 +1,9 @@ +package entities + +import ( + "dfss/dfssc/security" +) + +// AuthContainer is global for performance reasons; singleton is not a problem. +// This variable should be loaded by dfsst/server package. +var AuthContainer *security.AuthContainer diff --git a/dfsst/entities/check_request.go b/dfsst/entities/check_request.go index e486d49680fd00faebab4215372346118d150d04..8e439747c4d877543f03fc643d308a82acce5d30 100644 --- a/dfsst/entities/check_request.go +++ b/dfsst/entities/check_request.go @@ -7,6 +7,7 @@ import ( "crypto/sha512" "dfss/auth" cAPI "dfss/dfssc/api" + pAPI "dfss/dfssp/api" tAPI "dfss/dfsst/api" "dfss/net" "golang.org/x/net/context" @@ -68,7 +69,7 @@ func IsPromiseSignedByPlatform(promise *cAPI.Promise) (bool, bson.ObjectId, []Si return false, signatureUUID, nil } - ok = IsPlatformSignedHashValid(promise) + ok = IsPlatformSealValid(promise) if !ok { return false, signatureUUID, nil } @@ -137,9 +138,19 @@ func IsSignerHashValid(hash []byte) (bool, *Signer) { return true, NewSigner(hash) } -// IsPlatformSignedHashValid : verifies that the specified promise contains the expected information signed by the platform. -func IsPlatformSignedHashValid(promise *cAPI.Promise) bool { - // TODO - // This requires the implementation of promise sending by the clients - return true +// IsPlatformSealValid : verifies that the specified promise contains the expected information signed by the platform. +func IsPlatformSealValid(promise *cAPI.Promise) bool { + if AuthContainer == nil { + return false + } + + theoric := pAPI.LaunchSignature{ + SignatureUuid: promise.Context.SignatureUUID, + DocumentHash: promise.Context.ContractDocumentHash, + KeyHash: promise.Context.Signers, + Sequence: promise.Context.Sequence, + } + + ok, _ := auth.VerifyStructure(AuthContainer.CA, theoric, promise.Context.Seal) + return ok } diff --git a/dfsst/entities/check_request_test.go b/dfsst/entities/check_request_test.go index f0e1716c75261418dde86572dce8270b06294c90..c9f5cb3edd11063d7539ac353108657856102e27 100644 --- a/dfsst/entities/check_request_test.go +++ b/dfsst/entities/check_request_test.go @@ -32,13 +32,10 @@ func TestIsPromiseSignedByPlatform(t *testing.T) { valid, sigID, _ = IsPromiseSignedByPlatform(promise) assert.Equal(t, valid, false) - // TODO - // when 'IsPlatformSignedHashValid' is implemented promise.Context.Signers = signers - valid, sigID, signerss := IsPromiseSignedByPlatform(promise) - assert.Equal(t, valid, true) + valid, sigID, _ = IsPromiseSignedByPlatform(promise) + assert.Equal(t, valid, false) assert.Equal(t, sigID, signatureUUIDBson) - assert.Equal(t, len(signerss), len(signers)) } func TestGetSenderHashFromContext(t *testing.T) { @@ -114,18 +111,17 @@ func TestIsSignerHashValid(t *testing.T) { assert.Equal(t, bytes.Equal(signer.Hash, signers[0]), true) } -// TO MODIFY WHEN SOURCE FUNCTION WILL BE UPDATED -func TestIsPlatformSignedHashValid(t *testing.T) { +func TestIsPlatformSealValid(t *testing.T) { promise := &cAPI.Promise{ Context: &cAPI.Context{ ContractDocumentHash: contractDocumentHash, Sequence: sequence, Signers: signers, SignatureUUID: signatureUUID, - SignedHash: signedHash, + Seal: seal, }, } - b := IsPlatformSignedHashValid(promise) - assert.Equal(t, b, true) + b := IsPlatformSealValid(promise) + assert.Equal(t, b, false) } diff --git a/dfsst/entities/signatureArchives.go b/dfsst/entities/signatureArchives.go index 1f34fcbf97f43187f9257f0c08057756ee3296ab..80accc3a7bf6ec21204e6061bdb23654239d99b1 100644 --- a/dfsst/entities/signatureArchives.go +++ b/dfsst/entities/signatureArchives.go @@ -24,10 +24,10 @@ func NewSigner(hash []byte) *Signer { type SignatureArchives struct { ID bson.ObjectId `key:"_id" bson:"_id"` // Internal id of a SignatureArchives - The unique signature identifier - Sequence []uint32 `key:"sequence" bson:"sequence"` // Signing sequence - Signers []Signer `key:"signers" bson:"signers"` // List of signers - TextHash []byte `key:"textHash" bson:"textHash"` // Small hash of the contract - SignedHash []byte `key:"signedHash" bson:"SignedHash"` // Hash of the above fields, signed by the platform + Sequence []uint32 `key:"sequence" bson:"sequence"` // Signing sequence + Signers []Signer `key:"signers" bson:"signers"` // List of signers + TextHash []byte `key:"textHash" bson:"textHash"` // Small hash of the contract + Seal []byte `key:"seal" bson:"seal"` // Seal provided by the platform to authentify the context ReceivedPromises []Promise `key:"receivedPromises" bson:"receivedPromises"` // All valid received promises AbortedSigners []AbortedSigner `key:"abortedSigners" bson:"abortedSigners"` // Signers that were sent an abort token @@ -37,14 +37,14 @@ type SignatureArchives struct { } // NewSignatureArchives : creates a new SignatureArchives with the specified parameters -func NewSignatureArchives(signatureUUID bson.ObjectId, sequence []uint32, signers []Signer, textHash, signedHash []byte) *SignatureArchives { +func NewSignatureArchives(signatureUUID bson.ObjectId, sequence []uint32, signers []Signer, textHash, seal []byte) *SignatureArchives { return &SignatureArchives{ ID: signatureUUID, - Sequence: sequence, - Signers: signers, - TextHash: textHash, - SignedHash: signedHash, + Sequence: sequence, + Signers: signers, + TextHash: textHash, + Seal: seal, ReceivedPromises: make([]Promise, 0), AbortedSigners: make([]AbortedSigner, 0), diff --git a/dfsst/server/server.go b/dfsst/server/server.go index d6fd98e0a3800fa7183ee3db6d6c93aa101c0039..77baab3cc25c2fee1caf1eadccfce3acbb5289f6 100644 --- a/dfsst/server/server.go +++ b/dfsst/server/server.go @@ -13,7 +13,6 @@ import ( "dfss/dfsst/resolve" "dfss/mgdb" "dfss/net" - "github.com/spf13/viper" "golang.org/x/net/context" "google.golang.org/grpc" @@ -181,8 +180,8 @@ func (server *ttpServer) Recover(ctx context.Context, in *tAPI.RecoverRequest) ( // GetServer returns the gRPC server. func GetServer() *grpc.Server { // We can do that because NewAuthContainer is looking for "file_ca", "file_cert", and "file_key" in viper, which are set by the TTP - auth := security.NewAuthContainer(viper.GetString("password")) - ca, cert, key, err := auth.LoadFiles() + entities.AuthContainer = security.NewAuthContainer(viper.GetString("password")) + ca, cert, key, err := entities.AuthContainer.LoadFiles() if err != nil { fmt.Fprintln(os.Stderr, "An error occured during the private key and certificates retrieval:", err) os.Exit(1)