Commit a0fcc598 authored by Caro Axel's avatar Caro Axel

Merge branch '220_sign_contract_info' into 'master'

[c][p][t] Add platform seal on signature metadata



See merge request !72
parents 65467f53 859d87ab
Pipeline #1759 passed with stages
package auth
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha512"
"crypto/x509"
"fmt"
)
// SignStructure signs the provided structure with the private key.
// The used protocol is RSA PKCS#1 v1.5 with SHA-512 hash.
// The structure is serialized to a string representation using the fmt package.
func SignStructure(key *rsa.PrivateKey, structure interface{}) ([]byte, error) {
hash, err := hashStruct(structure)
if err != nil {
return nil, err
}
return rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA512, hash)
}
// VerifyStructure verifies the signed message according to the provided structure and certificate.
// See SignStructure for protocol definition.
func VerifyStructure(cert *x509.Certificate, structure interface{}, signed []byte) (bool, error) {
hash, err := hashStruct(structure)
if err != nil {
return false, err
}
err = rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.SHA512, hash, signed)
return err == nil, err
}
func hashStruct(structure interface{}) (hash []byte, err error) {
data := []byte(fmt.Sprintf("%v", structure))
rawHash := sha512.Sum512(data)
hash = rawHash[:]
return
}
package auth
import (
"testing"
"github.com/stretchr/testify/assert"
)
type TestStructure struct {
FieldA int64
FieldB []byte
FieldC *TestStructure
}
func TestSignStructure(t *testing.T) {
key, err := GeneratePrivateKey(1024)
assert.Nil(t, err)
res, err := SignStructure(key, TestStructure{})
assert.Nil(t, err)
assert.True(t, len(res) > 0)
}
func TestVerifyStructure(t *testing.T) {
key, err := GeneratePrivateKey(1024)
assert.Nil(t, err)
selfSigned, err := GetSelfSignedCertificate(1, 0, "", "", "", "test", key)
assert.Nil(t, err)
cert, err := PEMToCertificate(selfSigned)
assert.Nil(t, err)
s := TestStructure{
FieldA: 5,
FieldB: []byte{0x01, 0x02},
FieldC: &TestStructure{},
}
res, _ := SignStructure(key, s)
valid, err := VerifyStructure(cert, s, res)
assert.Nil(t, err)
assert.True(t, valid)
s.FieldB[1] = 0x42
valid, _ = VerifyStructure(cert, s, res)
assert.False(t, valid)
}
......@@ -51,8 +51,8 @@ type Context struct {
ContractDocumentHash []byte `protobuf:"bytes,5,opt,name=contractDocumentHash,proto3" json:"contractDocumentHash,omitempty"`
// / The unique signature attemp ID, as provided by the platform during the ready signal
SignatureUUID string `protobuf:"bytes,6,opt,name=signatureUUID" json:"signatureUUID,omitempty"`
// / The signed metadata hashb, as provided by the platform during the ready signal
SignedHash []byte `protobuf:"bytes,7,opt,name=signedHash,proto3" json:"signedHash,omitempty"`
// / The signed metadata seal, as provided by the platform during the ready signal
Seal []byte `protobuf:"bytes,7,opt,name=seal,proto3" json:"seal,omitempty"`
}
func (m *Context) Reset() { *m = Context{} }
......@@ -263,28 +263,28 @@ var _Client_serviceDesc = grpc.ServiceDesc{
var fileDescriptor0 = []byte{
// 380 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0x5d, 0x4f, 0xc2, 0x30,
0x14, 0xe5, 0x43, 0x18, 0x5c, 0x07, 0x31, 0x0d, 0x0f, 0xcb, 0x8c, 0x06, 0x17, 0x62, 0x88, 0x0f,
0x23, 0xc1, 0x9f, 0x00, 0x26, 0x18, 0x63, 0x62, 0xa6, 0xfc, 0x80, 0xda, 0x15, 0x6d, 0x32, 0xd6,
0xd9, 0x16, 0x03, 0xbf, 0xc1, 0x37, 0x7f, 0xb1, 0xdd, 0x1d, 0x43, 0x88, 0x3c, 0xf8, 0xb2, 0xec,
0xdc, 0x7b, 0x7a, 0xce, 0xbd, 0xa7, 0x85, 0xf3, 0x78, 0xa1, 0xf5, 0x28, 0xff, 0xb0, 0x11, 0xcd,
0xc4, 0x88, 0x25, 0x82, 0xa7, 0x26, 0xcc, 0x94, 0x34, 0x92, 0xd4, 0x6d, 0xc5, 0xbf, 0xd8, 0x31,
0x32, 0x64, 0x64, 0x09, 0x35, 0x0b, 0xa9, 0x96, 0x05, 0x27, 0xf8, 0xaa, 0x81, 0x33, 0x91, 0xa9,
0xe1, 0x6b, 0x43, 0x6e, 0xe0, 0x4c, 0x71, 0x26, 0xb2, 0x5c, 0xe2, 0x81, 0x6f, 0x66, 0x54, 0xbf,
0x7b, 0xd5, 0x7e, 0x75, 0xe8, 0x46, 0x7f, 0xea, 0x64, 0x00, 0x1d, 0xcd, 0xd3, 0x98, 0xab, 0x92,
0x58, 0x43, 0xe2, 0x61, 0x91, 0xf8, 0xd0, 0xd2, 0xfc, 0x63, 0xc5, 0x53, 0xc6, 0xbd, 0x7a, 0xbf,
0x3e, 0xec, 0x44, 0x3b, 0x4c, 0x3c, 0x70, 0xb4, 0x78, 0x4b, 0xb9, 0xd2, 0xde, 0x89, 0x6d, 0xb9,
0x51, 0x09, 0xc9, 0x18, 0x7a, 0xcc, 0x8e, 0xa4, 0x28, 0x33, 0x53, 0xc9, 0x56, 0x4b, 0x6b, 0x8b,
0x16, 0x0d, 0xb4, 0x38, 0xda, 0xc3, 0x79, 0xec, 0x71, 0x6a, 0x56, 0x8a, 0xcf, 0xe7, 0xf7, 0x53,
0xaf, 0x69, 0xc9, 0xed, 0xe8, 0xb0, 0x48, 0x2e, 0x01, 0xd0, 0x24, 0x46, 0x3d, 0x07, 0xf5, 0xf6,
0x2a, 0x01, 0x05, 0xe7, 0x49, 0xc9, 0xa5, 0xd0, 0x9c, 0x5c, 0x83, 0xc3, 0x8a, 0x5c, 0x30, 0x83,
0xd3, 0xb1, 0x1b, 0xda, 0xf8, 0xc2, 0x6d, 0x56, 0x51, 0xd9, 0x24, 0x3d, 0x68, 0x08, 0xbb, 0xf2,
0x1a, 0x03, 0xe8, 0x44, 0x05, 0xc8, 0x97, 0xcb, 0xe8, 0x26, 0x91, 0x34, 0xb6, 0x7b, 0xe7, 0x2e,
0x25, 0x0c, 0x1e, 0xa1, 0xfd, 0x5c, 0xce, 0xf4, 0x6f, 0x93, 0x3d, 0xb9, 0xda, 0xa1, 0xdc, 0x15,
0x34, 0x66, 0x3c, 0x49, 0x64, 0x4e, 0xf9, 0xb4, 0xe1, 0x09, 0x99, 0xa2, 0x54, 0x3b, 0x2a, 0xe1,
0xf8, 0xbb, 0x0a, 0xcd, 0x09, 0xbe, 0x0b, 0x12, 0x82, 0xfb, 0xa2, 0x38, 0x35, 0xe5, 0x92, 0x85,
0xdd, 0x16, 0xf9, 0x5d, 0x44, 0x77, 0x4a, 0x49, 0x35, 0x91, 0x31, 0x0f, 0x2a, 0xf6, 0x26, 0xba,
0xc8, 0xff, 0x9d, 0xb8, 0xe0, 0xec, 0xf0, 0x91, 0x33, 0x03, 0x68, 0x4d, 0x85, 0x66, 0xd2, 0xda,
0x13, 0xc0, 0x2e, 0x0e, 0xe8, 0xef, 0xfd, 0x07, 0x95, 0xd7, 0x26, 0x3e, 0xbf, 0xdb, 0x9f, 0x00,
0x00, 0x00, 0xff, 0xff, 0xb4, 0xf1, 0xe7, 0x80, 0xc1, 0x02, 0x00, 0x00,
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0xed, 0xaa, 0xda, 0x40,
0x10, 0x35, 0x7e, 0x45, 0xa7, 0x51, 0xca, 0xe2, 0x8f, 0x90, 0x52, 0xb0, 0x41, 0x8a, 0xf4, 0x47,
0x04, 0xfb, 0x08, 0x5a, 0xb0, 0x94, 0x42, 0x49, 0xeb, 0x03, 0x6c, 0x37, 0x63, 0xbb, 0x10, 0xb3,
0xe9, 0xee, 0x5a, 0xf4, 0x35, 0xee, 0x0b, 0xdf, 0xbb, 0x99, 0x18, 0xaf, 0x72, 0xfd, 0x71, 0xff,
0x2c, 0x7b, 0x66, 0xce, 0x9e, 0x33, 0x67, 0x58, 0x78, 0x97, 0xed, 0x8c, 0x59, 0x54, 0x87, 0x58,
0xf0, 0x52, 0x2e, 0x44, 0x2e, 0xb1, 0xb0, 0x49, 0xa9, 0x95, 0x55, 0xac, 0xe3, 0x2a, 0xd1, 0xfb,
0x0b, 0xa3, 0x24, 0x46, 0x99, 0x73, 0xbb, 0x53, 0x7a, 0x5f, 0x73, 0xe2, 0x47, 0x0f, 0xfc, 0x95,
0x2a, 0x2c, 0x1e, 0x2d, 0xfb, 0x04, 0x6f, 0x35, 0x0a, 0x59, 0x56, 0x12, 0xdf, 0xf0, 0xb4, 0xe1,
0xe6, 0x6f, 0xe8, 0x4d, 0xbd, 0x79, 0x90, 0xbe, 0xa8, 0xb3, 0x19, 0x8c, 0x0c, 0x16, 0x19, 0xea,
0x86, 0xd8, 0x26, 0xe2, 0x6d, 0x91, 0x45, 0x30, 0x30, 0xf8, 0xef, 0x80, 0x85, 0xc0, 0xb0, 0x33,
0xed, 0xcc, 0x47, 0xe9, 0x05, 0xb3, 0x10, 0x7c, 0x23, 0xff, 0x14, 0xa8, 0x4d, 0xd8, 0x75, 0xad,
0x20, 0x6d, 0x20, 0x5b, 0xc2, 0x44, 0xb8, 0x91, 0x34, 0x17, 0x76, 0xad, 0xc4, 0x61, 0xef, 0x6c,
0xc9, 0xa2, 0x47, 0x16, 0x77, 0x7b, 0x34, 0x8f, 0x7b, 0xce, 0xed, 0x41, 0xe3, 0x76, 0xfb, 0x75,
0x1d, 0xf6, 0x1d, 0x79, 0x98, 0xde, 0x16, 0x19, 0x83, 0xae, 0x41, 0x9e, 0x87, 0x3e, 0x29, 0xd1,
0x3d, 0xe6, 0xe0, 0xff, 0xd0, 0x6a, 0x2f, 0x0d, 0xb2, 0x8f, 0xe0, 0x8b, 0x7a, 0x17, 0x94, 0xfb,
0xcd, 0x32, 0x48, 0xdc, 0xca, 0x92, 0xf3, 0x7e, 0xd2, 0xa6, 0xc9, 0x26, 0xd0, 0x93, 0x2e, 0xe6,
0x91, 0x42, 0x8f, 0xd2, 0x1a, 0x54, 0x81, 0x4a, 0x7e, 0xca, 0x15, 0xcf, 0x5c, 0xd6, 0x4a, 0xbf,
0x81, 0xf1, 0x77, 0x18, 0xfe, 0x6c, 0xe6, 0x78, 0xb5, 0xc9, 0x95, 0x5c, 0xfb, 0x56, 0xee, 0x03,
0xf4, 0x36, 0x98, 0xe7, 0xaa, 0xa2, 0xfc, 0x77, 0x0b, 0x93, 0xaa, 0x20, 0xa9, 0x61, 0xda, 0xc0,
0xe5, 0x83, 0x07, 0xfd, 0x15, 0xfd, 0x05, 0x96, 0x40, 0xf0, 0x4b, 0x23, 0xb7, 0x4d, 0xc8, 0xda,
0xee, 0x8c, 0xa2, 0x31, 0xa1, 0x2f, 0x5a, 0x2b, 0xbd, 0x52, 0x19, 0xc6, 0x2d, 0xb7, 0xfd, 0x31,
0xf1, 0x9f, 0x27, 0xae, 0x39, 0x17, 0x7c, 0xe7, 0xcd, 0x0c, 0x06, 0x6b, 0x69, 0x84, 0x72, 0xf6,
0x0c, 0xa8, 0x4b, 0x03, 0x46, 0x57, 0xf7, 0xb8, 0xf5, 0xbb, 0x4f, 0x5f, 0xee, 0xf3, 0x53, 0x00,
0x00, 0x00, 0xff, 0xff, 0xfe, 0x4f, 0xca, 0xea, 0xb5, 0x02, 0x00, 0x00,
}
......@@ -30,8 +30,8 @@ message Context {
bytes contractDocumentHash = 5;
/// The unique signature attemp ID, as provided by the platform during the ready signal
string signatureUUID = 6;
/// The signed metadata hashb, as provided by the platform during the ready signal
bytes signedHash = 7;
/// The signed metadata seal, as provided by the platform during the ready signal
bytes seal = 7;
}
message Promise {
......
......@@ -21,6 +21,7 @@ func (m *SignatureManager) createContext(from, to uint32) (*cAPI.Context, error)
Signers: m.keyHash,
ContractDocumentHash: []byte(m.contract.File.Hash),
SignatureUUID: m.uuid,
Seal: m.seal,
}, nil
}
......
......@@ -42,6 +42,7 @@ type SignatureManager struct {
keyHash [][]byte
mail string
archives *Archives
seal []byte
// Callbacks
OnSignerStatusUpdate func(mail string, status SignerStatus, data string)
......@@ -215,6 +216,7 @@ func (m *SignatureManager) SendReadySign() (signatureUUID string, err error) {
m.sequence = launch.Sequence
m.uuid = launch.SignatureUuid
m.keyHash = launch.KeyHash
m.seal = launch.Seal
signatureUUID = m.uuid
return
}
......
......@@ -261,12 +261,16 @@ type LaunchSignature struct {
ErrorCode *ErrorCode `protobuf:"bytes,1,opt,name=errorCode" json:"errorCode,omitempty"`
// / The unique signature generated by the platform for this specific signature attempt
SignatureUuid string `protobuf:"bytes,2,opt,name=signatureUuid" json:"signatureUuid,omitempty"`
// / The SHA-512 hash of the contract document
DocumentHash []byte `protobuf:"bytes,3,opt,name=documentHash,proto3" json:"documentHash,omitempty"`
// / A confirmation of client hashes for communication authentication
KeyHash [][]byte `protobuf:"bytes,3,rep,name=keyHash,proto3" json:"keyHash,omitempty"`
KeyHash [][]byte `protobuf:"bytes,4,rep,name=keyHash,proto3" json:"keyHash,omitempty"`
// / The signing sequence generated on-the-fly by the platform
Sequence []uint32 `protobuf:"varint,4,rep,name=sequence" json:"sequence,omitempty"`
// / The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
Hash []byte `protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"`
Sequence []uint32 `protobuf:"varint,5,rep,name=sequence" json:"sequence,omitempty"`
// / The cryptographic object of the signature of this structure (seal and errorCode excepted) by the platform, for data certification.
// / The signature is computed using auth.SignStructure function:
// / PKCS1v15 + SHA512 hash of the string representation of the structure
Seal []byte `protobuf:"bytes,6,opt,name=seal,proto3" json:"seal,omitempty"`
}
func (m *LaunchSignature) Reset() { *m = LaunchSignature{} }
......@@ -616,50 +620,51 @@ var _Platform_serviceDesc = grpc.ServiceDesc{
}
var fileDescriptor0 = []byte{
// 706 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x94, 0x55, 0x5f, 0x6f, 0x12, 0x4b,
0x14, 0x67, 0x81, 0x16, 0x38, 0x14, 0xba, 0x19, 0x7a, 0xef, 0xe5, 0x92, 0xd4, 0x34, 0x13, 0x13,
0x1b, 0x63, 0xa0, 0xc1, 0x44, 0xa3, 0x6f, 0x14, 0x49, 0x5b, 0x53, 0xb1, 0x19, 0x40, 0x13, 0xdf,
0xd6, 0xdd, 0x69, 0x59, 0xcb, 0xfe, 0x71, 0x66, 0x88, 0xe9, 0x9b, 0x1f, 0xc1, 0x6f, 0xe2, 0x8b,
0x9f, 0x4f, 0x9d, 0x99, 0xdd, 0x59, 0x16, 0x24, 0x26, 0xe5, 0x61, 0x99, 0x73, 0xe6, 0xcc, 0xef,
0x9c, 0xf3, 0x9b, 0xf3, 0xdb, 0x85, 0x43, 0xef, 0x9a, 0xf3, 0x9e, 0x7a, 0xc4, 0x3d, 0x27, 0xf6,
0x7b, 0xf1, 0xc2, 0x11, 0xd7, 0x11, 0x0b, 0xba, 0x31, 0x8b, 0x44, 0x84, 0x4a, 0xd2, 0x87, 0x07,
0xb0, 0x4f, 0xe8, 0x8d, 0xcf, 0x05, 0x65, 0x84, 0x7e, 0x5e, 0x52, 0x2e, 0xd0, 0x01, 0xec, 0xd0,
0xc0, 0xf1, 0x17, 0x6d, 0xeb, 0xc8, 0x3a, 0xae, 0x91, 0xc4, 0x40, 0x6d, 0xa8, 0xb0, 0x24, 0xa0,
0x5d, 0xd4, 0x7e, 0x63, 0xe2, 0x1f, 0x16, 0xd4, 0x46, 0x8c, 0x45, 0x6c, 0x18, 0x79, 0x14, 0x3d,
0x82, 0xb2, 0x2b, 0xff, 0xf5, 0xe1, 0x66, 0xbf, 0xd5, 0x95, 0x49, 0xba, 0xd9, 0x6e, 0x57, 0x3d,
0x88, 0x0e, 0x50, 0x80, 0x01, 0xe5, 0xdc, 0xb9, 0xa1, 0x06, 0x30, 0x35, 0xb1, 0x07, 0x65, 0x0d,
0x55, 0x87, 0xca, 0x64, 0x36, 0x1c, 0x8e, 0x26, 0x13, 0xbb, 0x80, 0x00, 0x76, 0x2f, 0xc6, 0xef,
0x06, 0xe4, 0xcc, 0xb6, 0xd4, 0xc6, 0xe9, 0xe0, 0xd5, 0x60, 0x36, 0x3d, 0xb7, 0x8b, 0xca, 0x78,
0x3f, 0x20, 0xe3, 0x8b, 0xf1, 0x99, 0x5d, 0x42, 0x2d, 0x15, 0x35, 0x1d, 0x11, 0x62, 0xff, 0x32,
0x3f, 0x4b, 0x36, 0x54, 0x99, 0x5e, 0xbc, 0x19, 0xbd, 0x9d, 0x4d, 0xed, 0x9f, 0x99, 0x17, 0xbf,
0x80, 0xfa, 0x60, 0x29, 0xe6, 0x7f, 0xef, 0x5a, 0x7a, 0x45, 0x74, 0x4b, 0xc3, 0xb4, 0xc4, 0xc4,
0xc0, 0x27, 0xd0, 0x34, 0xa4, 0x51, 0x6f, 0xc6, 0x29, 0x43, 0x0f, 0x00, 0xdc, 0x85, 0x4f, 0x43,
0x31, 0xa4, 0x4c, 0xa4, 0x10, 0x39, 0x0f, 0xae, 0xc0, 0xce, 0x28, 0x88, 0xc5, 0x1d, 0xfe, 0x02,
0xad, 0xab, 0x88, 0x8b, 0x61, 0x14, 0x0a, 0xe6, 0xb8, 0xc2, 0x64, 0x47, 0x50, 0x9e, 0x3b, 0x7c,
0xae, 0x4f, 0xee, 0x11, 0xbd, 0x46, 0x1d, 0xa8, 0x5e, 0xfb, 0x0b, 0x1a, 0x3a, 0x81, 0x61, 0x28,
0xb3, 0xd1, 0xbf, 0xb0, 0xcb, 0xfd, 0x9b, 0x90, 0xb2, 0x76, 0xe9, 0xa8, 0x24, 0x77, 0x52, 0x4b,
0x91, 0xea, 0x46, 0x41, 0x20, 0xd3, 0xb6, 0xcb, 0x09, 0xa9, 0xa9, 0x89, 0x8f, 0x01, 0x9d, 0xd1,
0x6d, 0x79, 0x97, 0x4b, 0xdf, 0x4b, 0x2b, 0xd6, 0x6b, 0x7c, 0x09, 0x55, 0x13, 0x86, 0x9e, 0x40,
0x8d, 0x9a, 0xcb, 0xd3, 0x41, 0xf5, 0x7e, 0x73, 0xfd, 0x4a, 0xc9, 0x2a, 0x40, 0xa1, 0x7d, 0xe2,
0x51, 0x42, 0x96, 0xec, 0x42, 0xad, 0xf1, 0x18, 0x0e, 0x5e, 0x47, 0x7e, 0x38, 0x91, 0xf5, 0x39,
0x62, 0xc9, 0xa8, 0xc9, 0x8c, 0x61, 0xcf, 0x4d, 0xb3, 0xcc, 0x56, 0x15, 0xac, 0xf9, 0x14, 0x5e,
0x1c, 0xb1, 0x64, 0xe0, 0x1a, 0x44, 0xaf, 0xf1, 0x57, 0x0b, 0x1a, 0x8a, 0x72, 0x59, 0x62, 0x48,
0x5d, 0x41, 0xbd, 0x7b, 0xd6, 0xb8, 0x99, 0xb7, 0xb8, 0x25, 0xef, 0xa1, 0x64, 0x85, 0x6b, 0x6e,
0x15, 0x58, 0x4d, 0x83, 0xa9, 0x9c, 0x44, 0xbb, 0xf1, 0x07, 0x28, 0xeb, 0x4b, 0x97, 0x64, 0xdf,
0xd2, 0xbb, 0xf3, 0xd5, 0xbd, 0x19, 0x73, 0x35, 0x4c, 0xc5, 0xfc, 0x30, 0x35, 0xa1, 0xe8, 0xc7,
0x1a, 0xb4, 0x46, 0xe4, 0x2a, 0x6b, 0xaf, 0x9c, 0x6b, 0xef, 0x19, 0xd8, 0x84, 0x3a, 0xde, 0x9d,
0xe2, 0xeb, 0x1e, 0x54, 0xe1, 0xef, 0x16, 0xec, 0x5f, 0x3a, 0xcb, 0xd0, 0x9d, 0x67, 0x4c, 0xdf,
0x93, 0x98, 0x87, 0xd0, 0xe0, 0xe6, 0x68, 0x8e, 0x99, 0x75, 0x67, 0xbe, 0x67, 0x35, 0x79, 0xb9,
0x9e, 0xe5, 0xb8, 0x72, 0x55, 0x70, 0xe8, 0x52, 0xd9, 0x51, 0x49, 0x76, 0x94, 0xd9, 0xd9, 0x78,
0xef, 0xac, 0xc6, 0xbb, 0xff, 0xad, 0x04, 0xd5, 0xab, 0xf4, 0x8d, 0x84, 0xfa, 0x50, 0x35, 0x8a,
0x42, 0x07, 0xba, 0xc6, 0x8d, 0xb7, 0x52, 0x67, 0xa3, 0x72, 0x5c, 0x40, 0x3d, 0x28, 0x2b, 0x01,
0x23, 0x5b, 0xef, 0xe4, 0xb4, 0xdc, 0x69, 0xad, 0x21, 0x24, 0x12, 0x95, 0x07, 0x1e, 0x03, 0xcc,
0x42, 0x66, 0xd2, 0x40, 0x02, 0xa8, 0x54, 0xb9, 0x05, 0xfc, 0x25, 0xec, 0xe5, 0x75, 0x8a, 0xda,
0x3a, 0x62, 0x8b, 0x74, 0xb7, 0x9c, 0x7d, 0x0e, 0xf5, 0x9c, 0xd4, 0xd0, 0x7f, 0x3a, 0xe0, 0x4f,
0xf1, 0x75, 0x1a, 0x7a, 0xc3, 0x78, 0xe5, 0xc1, 0x53, 0x68, 0xac, 0x69, 0x05, 0xfd, 0xaf, 0x23,
0xb6, 0xe9, 0xa7, 0x83, 0xb2, 0xa9, 0xcc, 0x94, 0x80, 0x0b, 0x27, 0x96, 0x2c, 0xbc, 0x96, 0x0d,
0x10, 0xfa, 0x27, 0x25, 0x62, 0x7d, 0xa0, 0x3a, 0x09, 0xc3, 0x1b, 0xe3, 0x82, 0x0b, 0x1f, 0x77,
0xf5, 0x87, 0xe1, 0xe9, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc5, 0x4c, 0xa0, 0x21, 0x39, 0x06,
0x00, 0x00,
// 723 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x94, 0x55, 0xef, 0x6e, 0xd3, 0x30,
0x10, 0x6f, 0xda, 0xac, 0x7f, 0xae, 0x6b, 0x17, 0xb9, 0x03, 0x42, 0xa5, 0xa1, 0xc9, 0x42, 0x62,
0x42, 0xa8, 0x9d, 0x8a, 0x04, 0x82, 0x6f, 0x5d, 0xa9, 0xb6, 0xa1, 0x51, 0x26, 0xb7, 0x05, 0x89,
0x6f, 0x21, 0xf1, 0xd6, 0xb0, 0x36, 0x29, 0xb1, 0x2b, 0xb4, 0x6f, 0x3c, 0x02, 0x0f, 0xc3, 0x9b,
0xf0, 0x3e, 0x80, 0xed, 0xc4, 0x69, 0x52, 0x2a, 0xa4, 0xf5, 0x43, 0xea, 0x3b, 0x9f, 0x7f, 0x77,
0xf7, 0xf3, 0xfd, 0x12, 0x38, 0xf0, 0xae, 0x18, 0xeb, 0xca, 0xc7, 0xb2, 0xeb, 0x2c, 0xfd, 0xee,
0x72, 0xee, 0xf0, 0xab, 0x30, 0x5a, 0x74, 0x96, 0x51, 0xc8, 0x43, 0x54, 0x12, 0x3e, 0xdc, 0x87,
0x3d, 0x42, 0xaf, 0x7d, 0xc6, 0x69, 0x44, 0xe8, 0xd7, 0x15, 0x65, 0x1c, 0xed, 0xc3, 0x0e, 0x5d,
0x38, 0xfe, 0xdc, 0x36, 0x0e, 0x8d, 0xa3, 0x1a, 0x89, 0x0d, 0x64, 0x43, 0x25, 0x8a, 0x03, 0xec,
0xa2, 0xf2, 0x6b, 0x13, 0xff, 0x34, 0xa0, 0x36, 0x8c, 0xa2, 0x30, 0x1a, 0x84, 0x1e, 0x45, 0x4f,
0xc0, 0x74, 0xc5, 0xbf, 0x3a, 0xdc, 0xec, 0xb5, 0x3a, 0x22, 0x49, 0x27, 0xdd, 0xed, 0xc8, 0x07,
0x51, 0x01, 0x12, 0x70, 0x41, 0x19, 0x73, 0xae, 0xa9, 0x06, 0x4c, 0x4c, 0xec, 0x81, 0xa9, 0xa0,
0xea, 0x50, 0x19, 0x4f, 0x07, 0x83, 0xe1, 0x78, 0x6c, 0x15, 0x10, 0x40, 0xf9, 0x7c, 0xf4, 0xa1,
0x4f, 0x4e, 0x2d, 0x43, 0x6e, 0x9c, 0xf4, 0xdf, 0xf4, 0xa7, 0x93, 0x33, 0xab, 0x28, 0x8d, 0x8f,
0x7d, 0x32, 0x3a, 0x1f, 0x9d, 0x5a, 0x25, 0xd4, 0x92, 0x51, 0x93, 0x21, 0x21, 0xd6, 0x1f, 0xfd,
0x33, 0x44, 0x43, 0x95, 0xc9, 0xf9, 0xbb, 0xe1, 0xfb, 0xe9, 0xc4, 0xfa, 0x9d, 0x7a, 0xf1, 0x2b,
0xa8, 0xf7, 0x57, 0x7c, 0xf6, 0xff, 0xae, 0x85, 0x97, 0x87, 0x37, 0x34, 0x48, 0x4a, 0x8c, 0x0d,
0x7c, 0x0c, 0x4d, 0x4d, 0x1a, 0xf5, 0xa6, 0x8c, 0x46, 0xe8, 0x11, 0x80, 0x3b, 0xf7, 0x69, 0xc0,
0x07, 0x34, 0xe2, 0x09, 0x44, 0xc6, 0x83, 0x2b, 0xb0, 0x33, 0x5c, 0x2c, 0xf9, 0x2d, 0xfe, 0x06,
0xad, 0xcb, 0x90, 0xf1, 0x41, 0x18, 0xf0, 0xc8, 0x71, 0xb9, 0xce, 0x8e, 0xc0, 0x9c, 0x39, 0x6c,
0xa6, 0x4e, 0xee, 0x12, 0xb5, 0x46, 0x6d, 0xa8, 0x5e, 0xf9, 0x73, 0x1a, 0x38, 0x0b, 0xcd, 0x50,
0x6a, 0xa3, 0xfb, 0x50, 0x66, 0xfe, 0x75, 0x40, 0x23, 0xbb, 0x74, 0x58, 0x12, 0x3b, 0x89, 0x25,
0x49, 0x75, 0xc3, 0xc5, 0x42, 0xa4, 0xb5, 0xcd, 0x98, 0xd4, 0xc4, 0xc4, 0x47, 0x80, 0x4e, 0xe9,
0xb6, 0xbc, 0xab, 0x95, 0xef, 0x25, 0x15, 0xab, 0x35, 0xbe, 0x80, 0xaa, 0x0e, 0x43, 0xcf, 0xa0,
0x46, 0xf5, 0xe5, 0xa9, 0xa0, 0x7a, 0xaf, 0x99, 0xbf, 0x52, 0xb2, 0x0e, 0x90, 0x68, 0x5f, 0x58,
0x18, 0x93, 0x25, 0xba, 0x90, 0x6b, 0x3c, 0x82, 0xfd, 0xb7, 0xa1, 0x1f, 0x8c, 0x45, 0x7d, 0x0e,
0x5f, 0x45, 0x54, 0x67, 0xc6, 0xb0, 0xeb, 0x26, 0x59, 0xa6, 0xeb, 0x0a, 0x72, 0x3e, 0x89, 0xb7,
0x0c, 0xa3, 0x78, 0xe0, 0x1a, 0x44, 0xad, 0xf1, 0x77, 0x03, 0x1a, 0x92, 0x72, 0x51, 0x62, 0x40,
0x5d, 0x4e, 0xbd, 0x3b, 0xd6, 0xb8, 0x99, 0xb7, 0xb8, 0x25, 0xef, 0x81, 0x60, 0x85, 0x29, 0x6e,
0x25, 0x58, 0x4d, 0x81, 0xc9, 0x9c, 0x44, 0xb9, 0xf1, 0x27, 0x30, 0xd5, 0xa5, 0x0b, 0xb2, 0x6f,
0xe8, 0xed, 0xd9, 0xfa, 0xde, 0xb4, 0xb9, 0x1e, 0xa6, 0x62, 0x76, 0x98, 0x9a, 0x50, 0xf4, 0x97,
0x0a, 0xb4, 0x46, 0xc4, 0x2a, 0x6d, 0xcf, 0xcc, 0xb4, 0xf7, 0x02, 0x2c, 0x42, 0x1d, 0xef, 0x56,
0xf2, 0x75, 0x07, 0xaa, 0xf0, 0x2f, 0x03, 0xf6, 0x2e, 0x9c, 0x55, 0xe0, 0xce, 0x52, 0xa6, 0xef,
0x48, 0xcc, 0x63, 0x68, 0x30, 0x7d, 0x34, 0xc3, 0x4c, 0xde, 0x29, 0x6b, 0xf1, 0x42, 0x77, 0x25,
0x47, 0x4a, 0x35, 0x5e, 0x52, 0x8d, 0xe7, 0x7c, 0x59, 0x5e, 0x4c, 0x31, 0x9d, 0x19, 0x5e, 0xc4,
0x48, 0x33, 0xd9, 0x54, 0xe0, 0x52, 0x7b, 0x47, 0x6c, 0x35, 0x48, 0x6a, 0x4b, 0x36, 0x18, 0x75,
0xe6, 0x76, 0x39, 0x1e, 0x1e, 0xb9, 0xee, 0xfd, 0x28, 0x41, 0xf5, 0x32, 0x79, 0x6b, 0xa1, 0x1e,
0x54, 0xb5, 0xea, 0xd0, 0xbe, 0xea, 0x63, 0xe3, 0xcd, 0xd5, 0xde, 0xe8, 0x0e, 0x17, 0x50, 0x17,
0x4c, 0x29, 0x72, 0x64, 0xa9, 0x9d, 0x8c, 0xde, 0xdb, 0xad, 0x1c, 0x42, 0x2c, 0x63, 0x71, 0xe0,
0x29, 0xc0, 0x34, 0x88, 0x74, 0x1a, 0x88, 0x01, 0xa5, 0x72, 0xb7, 0x80, 0xbf, 0x86, 0xdd, 0xac,
0x96, 0x91, 0xad, 0x22, 0xb6, 0xc8, 0x7b, 0xcb, 0xd9, 0x97, 0x50, 0xcf, 0xc8, 0x11, 0x3d, 0x50,
0x01, 0xff, 0x0a, 0xb4, 0xdd, 0x50, 0x1b, 0xda, 0x2b, 0x0e, 0x9e, 0x40, 0x23, 0xa7, 0x27, 0xf4,
0x50, 0x45, 0x6c, 0xd3, 0x58, 0x1b, 0xa5, 0x93, 0x9b, 0xaa, 0x05, 0x17, 0x8e, 0x0d, 0x51, 0x78,
0x2d, 0x1d, 0x32, 0x74, 0x2f, 0x21, 0x22, 0x3f, 0x74, 0xed, 0x98, 0xe1, 0x8d, 0x91, 0xc2, 0x85,
0xcf, 0x65, 0xf5, 0xf1, 0x78, 0xfe, 0x37, 0x00, 0x00, 0xff, 0xff, 0xdb, 0xb0, 0xef, 0x13, 0x5d,
0x06, 0x00, 0x00,
}
......@@ -136,10 +136,14 @@ message LaunchSignature {
ErrorCode errorCode = 1;
/// The unique signature generated by the platform for this specific signature attempt
string signatureUuid = 2;
/// The SHA-512 hash of the contract document
bytes documentHash = 3;
/// A confirmation of client hashes for communication authentication
repeated bytes keyHash = 3;
repeated bytes keyHash = 4;
/// The signing sequence generated on-the-fly by the platform
repeated uint32 sequence = 4;
/// The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
bytes hash = 5;
repeated uint32 sequence = 5;
/// The cryptographic object of the signature of this structure (seal and errorCode excepted) by the platform, for data certification.
/// The signature is computed using auth.SignStructure function:
/// PKCS1v15 + SHA512 hash of the string representation of the structure
bytes seal = 6;
}
......@@ -14,10 +14,11 @@ import (
// readySignal is the structure that is transmitted accross goroutines
type readySignal struct {
ready bool // If true, this is the ready signal. If not, this is a new connection signal
data string // Various data (CN or SignatureUUID)
chain [][]byte // Only used to broadcast hash chain (signers hashes in order)
sequence []uint32 // Only used to broadcast signature sequence
ready bool // If true, this is the ready signal. If not, this is a new connection signal
data string // Various data (CN or SignatureUUID)
documentHash []byte // Contract document SHA-512 hash
chain [][]byte // Only used to broadcast hash chain (signers hashes in order)
sequence []uint32 // Only used to broadcast signature sequence
}
// ReadySign is the last job of the platform before the signature can occur.
......@@ -56,6 +57,7 @@ func ReadySign(db *mgdb.MongoManager, rooms *common.WaitingGroupMap, ctx *contex
return &api.LaunchSignature{
ErrorCode: &api.ErrorCode{Code: api.ErrorCode_SUCCESS},
SignatureUuid: s.data,
DocumentHash: s.documentHash,
KeyHash: s.chain,
Sequence: s.sequence,
}
......@@ -110,10 +112,11 @@ func masterReadyRoutine(db *mgdb.MongoManager, rooms *common.WaitingGroupMap, co
ready := FindAndUpdatePendingSigner(cn, &signersReady, &contract.Signers)
if ready {
rooms.Broadcast(roomID, &readySignal{
ready: true,
data: bson.NewObjectId().Hex(),
chain: contract.GetHashChain(),
sequence: GenerateSignSequence(len(contract.Signers)),
ready: true,
data: bson.NewObjectId().Hex(),
documentHash: contract.File.Hash,
chain: contract.GetHashChain(),
sequence: GenerateSignSequence(len(contract.Signers)),
})
work = false
}
......
......@@ -5,8 +5,7 @@ import (
"fmt"
"os"
"github.com/spf13/viper"
"dfss/auth"
"dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/dfssp/common"
......@@ -14,7 +13,7 @@ import (
"dfss/dfssp/user"
"dfss/mgdb"
"dfss/net"
"github.com/spf13/viper"
"golang.org/x/net/context"
"google.golang.org/grpc"
)
......@@ -96,7 +95,20 @@ func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest
if len(cn) == 0 {
return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_BADAUTH}}, nil
}
return contract.ReadySign(s.DB, s.Rooms, &ctx, in), nil
signal := contract.ReadySign(s.DB, s.Rooms, &ctx, in)
if signal.ErrorCode.Code == api.ErrorCode_SUCCESS {
sealedSignal := *signal
sealedSignal.ErrorCode = nil
sealedSignal.Seal = nil
var err error
signal.Seal, err = auth.SignStructure(s.Pid.Pkey, sealedSignal)
if err != nil {
return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_INTERR}}, nil
}
}
return signal, nil
}
// GetServer returns the GRPC server associated with the platform
......
......@@ -29,7 +29,7 @@ func (manager *ArchivesManager) InitializeArchives(promise *cAPI.Promise, signat
present, archives := manager.ContainsSignature(signatureUUID)
if !present {
archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.SignedHash)
archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.Seal)
}
manager.Archives = archives
......
......@@ -23,7 +23,7 @@ var (
signatureUUID string
signatureUUIDBson bson.ObjectId
signedHash []byte
seal []byte
signersEntities []Signer
......@@ -48,7 +48,7 @@ func init() {
signatureUUIDBson = bson.NewObjectId()
signatureUUID = signatureUUIDBson.Hex()
signedHash = []byte{}
seal = []byte{}
signersEntities = make([]Signer, 0)
for _, s := range signers {
......@@ -85,15 +85,15 @@ func TestInitializeArchives(t *testing.T) {
Sequence: sequence,
Signers: signers,
SignatureUUID: signatureUUID,
SignedHash: signedHash,
Seal: seal,
},
}
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
}
arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager.InitializeArchives(promise, signatureUUIDBson, &signersEntities)
arch.Signers = manager.Archives.Signers
......@@ -114,7 +114,7 @@ func TestInitializeArchives(t *testing.T) {
}
func TestContainsSignature(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -138,7 +138,7 @@ func TestContainsSignature(t *testing.T) {
}
func TestHasReceivedAbortToken(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -164,7 +164,7 @@ func TestHasReceivedAbortToken(t *testing.T) {
}
func TestWasContractSigned(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -182,7 +182,7 @@ func TestWasContractSigned(t *testing.T) {
}
func TestHasSignerPromised(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -226,7 +226,7 @@ func TestHasSignerPromised(t *testing.T) {
func TestAddToAbort(t *testing.T) {
// TODO
// Test the abortedIndex field, when promises will be implemented
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -258,7 +258,7 @@ func TestAddToAbort(t *testing.T) {
}
func TestAddToDishonest(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -290,7 +290,7 @@ func TestAddToDishonest(t *testing.T) {
}
func TestAddPromise(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......
package entities
import (
"dfss/dfssc/security"
)
// AuthContainer is global for performance reasons; singleton is not a problem.
// This variable should be loaded by dfsst/server package.
var AuthContainer *security.AuthContainer
......@@ -7,6 +7,7 @@ import (
"crypto/sha512"
"dfss/auth"
cAPI "dfss/dfssc/api"
pAPI "dfss/dfssp/api"
tAPI "dfss/dfsst/api"
"dfss/net"
"golang.org/x/net/context"
......@@ -68,7 +69,7 @@ func IsPromiseSignedByPlatform(promise *cAPI.Promise) (bool, bson.ObjectId, []Si
return false, signatureUUID, nil
}