Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mpcs
dfss
Commits
af61496c
Commit
af61496c
authored
May 17, 2016
by
Loïck Bonniot
Browse files
[c][p][t] Add platform seal on signature metadata
parent
65467f53
Pipeline
#1682
passed with stage
Changes
16
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
auth/signature.go
0 → 100644
View file @
af61496c
package
auth
import
(
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha512"
"crypto/x509"
"fmt"
)
// SignStructure signs the provided structure with the private key.
// The used protocol is RSA PKCS#1 v1.5 with SHA-512 hash.
// The structure is serialized to a string representation using the fmt package.
func
SignStructure
(
key
*
rsa
.
PrivateKey
,
structure
interface
{})
([]
byte
,
error
)
{
hash
,
err
:=
hashStruct
(
structure
)
if
err
!=
nil
{
return
nil
,
err
}
return
rsa
.
SignPKCS1v15
(
rand
.
Reader
,
key
,
crypto
.
SHA512
,
hash
)
}
// VerifyStructure verifies the signed message according to the provided structure and certificate.
// See SignStructure for protocol definition.
func
VerifyStructure
(
cert
*
x509
.
Certificate
,
structure
interface
{},
signed
[]
byte
)
(
bool
,
error
)
{
hash
,
err
:=
hashStruct
(
structure
)
if
err
!=
nil
{
return
false
,
err
}
err
=
rsa
.
VerifyPKCS1v15
(
cert
.
PublicKey
.
(
*
rsa
.
PublicKey
),
crypto
.
SHA512
,
hash
,
signed
)
return
err
==
nil
,
err
}
func
hashStruct
(
structure
interface
{})
(
hash
[]
byte
,
err
error
)
{
data
:=
[]
byte
(
fmt
.
Sprintf
(
"%v"
,
structure
))
rawHash
:=
sha512
.
Sum512
(
data
)
hash
=
rawHash
[
:
]
return
}
auth/signature_test.go
0 → 100644
View file @
af61496c
package
auth
import
(
"testing"
"github.com/stretchr/testify/assert"
)
type
TestStructure
struct
{
FieldA
int64
FieldB
[]
byte
FieldC
*
TestStructure
}
func
TestSignStructure
(
t
*
testing
.
T
)
{
key
,
err
:=
GeneratePrivateKey
(
1024
)
assert
.
Nil
(
t
,
err
)
res
,
err
:=
SignStructure
(
key
,
TestStructure
{})
assert
.
Nil
(
t
,
err
)
assert
.
True
(
t
,
len
(
res
)
>
0
)
}
func
TestVerifyStructure
(
t
*
testing
.
T
)
{
key
,
err
:=
GeneratePrivateKey
(
1024
)
assert
.
Nil
(
t
,
err
)
selfSigned
,
err
:=
GetSelfSignedCertificate
(
1
,
0
,
""
,
""
,
""
,
"test"
,
key
)
assert
.
Nil
(
t
,
err
)
cert
,
err
:=
PEMToCertificate
(
selfSigned
)
assert
.
Nil
(
t
,
err
)
s
:=
TestStructure
{
FieldA
:
5
,
FieldB
:
[]
byte
{
0x01
,
0x02
},
FieldC
:
&
TestStructure
{},
}
res
,
_
:=
SignStructure
(
key
,
s
)
valid
,
err
:=
VerifyStructure
(
cert
,
s
,
res
)
assert
.
Nil
(
t
,
err
)
assert
.
True
(
t
,
valid
)
s
.
FieldB
[
1
]
=
0x42
valid
,
_
=
VerifyStructure
(
cert
,
s
,
res
)
assert
.
False
(
t
,
valid
)
}
dfssc/api/client.pb.go
View file @
af61496c
...
...
@@ -51,8 +51,8 @@ type Context struct {
ContractDocumentHash
[]
byte
`protobuf:"bytes,5,opt,name=contractDocumentHash,proto3" json:"contractDocumentHash,omitempty"`
// / The unique signature attemp ID, as provided by the platform during the ready signal
SignatureUUID
string
`protobuf:"bytes,6,opt,name=signatureUUID" json:"signatureUUID,omitempty"`
// / The signed metadata
hashb
, as provided by the platform during the ready signal
S
ignedHash
[]
byte
`protobuf:"bytes,7,opt,name=s
ignedHash
,proto3" json:"s
ignedHash
,omitempty"`
// / The signed metadata
seal
, as provided by the platform during the ready signal
S
eal
[]
byte
`protobuf:"bytes,7,opt,name=s
eal
,proto3" json:"s
eal
,omitempty"`
}
func
(
m
*
Context
)
Reset
()
{
*
m
=
Context
{}
}
...
...
@@ -263,28 +263,28 @@ var _Client_serviceDesc = grpc.ServiceDesc{
var
fileDescriptor0
=
[]
byte
{
// 380 bytes of a gzipped FileDescriptorProto
0x1f
,
0x8b
,
0x08
,
0x00
,
0x00
,
0x09
,
0x6e
,
0x88
,
0x02
,
0xff
,
0x8c
,
0x52
,
0x
5
d
,
0x
4f
,
0x
c2
,
0x
3
0
,
0x1
4
,
0xe5
,
0x
4
3
,
0x
18
,
0x5
c
,
0x
0
7
,
0x
3
1
,
0x
0d
,
0x
0
f
,
0x
cb
,
0x
8c
,
0x0
6
,
0x1
7
,
0x
62
,
0x
88
,
0x
0f
,
0x
23
,
0xc1
,
0x
9
f
,
0x0
0
,
0x
26
,
0x
18
,
0x
63
,
0x
6
2
,
0x
a6
,
0x
fc
,
0x
8
0
,
0x
da
,
0x
15
,
0x6
d
,
0x
32
,
0x
d6
,
0x
d
9
,
0x
16
,
0x
03
,
0x
b
f
,
0x
c1
,
0x
37
,
0x
7f
,
0xb1
,
0xd
d
,
0x
1d
,
0x
43
,
0x
88
,
0x
3c
,
0xf
8
,
0x
b2
,
0x
ec
,
0x
d
c
,
0x7b
,
0x
7a
,
0xce
,
0x
bd
,
0x
a7
,
0x
85
,
0x
f3
,
0x78
,
0x
a1
,
0x
f5
,
0x
2
8
,
0x
ff
,
0x
b0
,
0x
11
,
0x
cd
,
0x
c4
,
0x88
,
0x
2
5
,
0x
8
2
,
0x
a7
,
0x2
6
,
0x
cc
,
0x
94
,
0x
3
4
,
0x9
2
,
0x
d4
,
0x
6d
,
0xc
5
,
0x
bf
,
0x
d8
,
0x
3
1
,
0x3
2
,
0x
6
4
,
0x
6
4
,
0x
0
9
,
0x3
5
,
0x
0
b
,
0x
a9
,
0x
96
,
0x
0
5
,
0x
2
7
,
0x
f8
,
0x
aa
,
0x
81
,
0x33
,
0x
91
,
0x
a
9
,
0x
e1
,
0x
6b
,
0x
43
,
0x
6e
,
0x
e0
,
0x4
c
,
0x
71
,
0x
26
,
0x
b2
,
0x5
c
,
0x
e2
,
0x
8
1
,
0x
6
f
,
0x
66
,
0x
5
4
,
0x
bf
,
0x
7b
,
0x
d5
,
0x
7
e
,
0x
75
,
0x
e8
,
0x
46
,
0x
7f
,
0xe
a
,
0x
64
,
0x
00
,
0x1
d
,
0xc
d
,
0x
d3
,
0x
98
,
0x
ab
,
0x
92
,
0x
5
8
,
0x
43
,
0xe2
,
0x6
1
,
0x91
,
0x
f8
,
0x
d
0
,
0x
d2
,
0xf
c
,
0x
63
,
0x
c5
,
0x5
3
,
0xc
6
,
0xb
d
,
0x7a
,
0x
bf
,
0x
3
e
,
0x
e
c
,
0x4
4
,
0x
3b
,
0x
4c
,
0x3
c
,
0x
7
0
,
0x
b4
,
0x
78
,
0x
4b
,
0x
b9
,
0x
d2
,
0xd
e
,
0x8
9
,
0x
6d
,
0x
b9
,
0x
51
,
0x09
,
0x
c9
,
0x
18
,
0x
7a
,
0xc
c
,
0x
8e
,
0x
a4
,
0x
28
,
0x3
3
,
0x
53
,
0x
c9
,
0x
56
,
0x4
b
,
0x6
b
,
0x
8b
,
0x
16
,
0x
0d
,
0x
b
4
,
0x
38
,
0x
da
,
0x
c3
,
0x
79
,
0x
ec
,
0x7
1
,
0x
6a
,
0x
56
,
0x
8a
,
0x
cf
,
0x
e
7
,
0xf
7
,
0x5
3
,
0x
af
,
0x6
9
,
0x
c9
,
0x
ed
,
0x
e
8
,
0x
b0
,
0x
48
,
0x
2e
,
0x
01
,
0x
d0
,
0x
2
4
,
0x
46
,
0x
3d
,
0x
07
,
0x
f5
,
0x
f6
,
0x
2a
,
0x
01
,
0x0
5
,
0x
e7
,
0x
49
,
0x
c9
,
0x
a5
,
0x
d
0
,
0x
9c
,
0x
5c
,
0x
83
,
0x
c3
,
0x
8
a
,
0x
5c
,
0x
30
,
0x
83
,
0xd
3
,
0x
b1
,
0x
1b
,
0xd
a
,
0x
f8
,
0x
c
2
,
0x
6d
,
0x56
,
0x
51
,
0xd
9
,
0x
24
,
0x
3d
,
0x6
8
,
0x0
8
,
0x
bb
,
0x
f
2
,
0x1
a
,
0x
03
,
0x
e
8
,
0x
44
,
0x
05
,
0x
c8
,
0x
97
,
0x
cb
,
0xe
8
,
0x
26
,
0x
9
1
,
0x
34
,
0x
b6
,
0x
7b
,
0x
e7
,
0x
2e
,
0x
25
,
0x
0c
,
0x
1e
,
0x
a
1
,
0xf
d
,
0x
5
c
,
0x
c
e
,
0x
f4
,
0x
6f
,
0x9
3
,
0x
3d
,
0x
b9
,
0x
da
,
0x
a1
,
0x
dc
,
0x
15
,
0x
3
4
,
0x
6
6
,
0x
3c
,
0x
49
,
0x
64
,
0x
4e
,
0xf
9
,
0x
b4
,
0x
e1
,
0x
0
9
,
0x
99
,
0x
a
2
,
0x
54
,
0x
3b
,
0x
2
a
,
0x
e1
,
0x
f8
,
0x
bb
,
0x0
a
,
0x
c
d
,
0x
09
,
0x
be
,
0x0
b
,
0x
12
,
0x
82
,
0xf
b
,
0x
a2
,
0x3
8
,
0x
35
,
0x
e5
,
0x
92
,
0x
85
,
0x
dd
,
0x
16
,
0x
f9
,
0x
5d
,
0x
44
,
0x
77
,
0x
4
a
,
0x
49
,
0x
35
,
0x
91
,
0x
3
1
,
0x
0f
,
0x2
a
,
0x
f6
,
0x
26
,
0x
ba
,
0x
c8
,
0x
f
f
,
0x
9d
,
0x
b8
,
0x
e0
,
0x
ec
,
0x
f0
,
0x
91
,
0x
33
,
0x0
3
,
0x6
8
,
0x
4d
,
0x
85
,
0x
66
,
0x
d
2
,
0x
da
,
0x
13
,
0x
c0
,
0x
2e
,
0x0
e
,
0x
e8
,
0x
ef
,
0xf
d
,
0x
07
,
0x
9
5
,
0x
d7
,
0x
26
,
0x
3e
,
0x
bf
,
0x
db
,
0x
9f
,
0x00
,
0x00
,
0x00
,
0xff
,
0xff
,
0x
b4
,
0xf
1
,
0x
e7
,
0x
80
,
0x
c1
,
0x02
,
0x00
,
0x00
,
0x1f
,
0x8b
,
0x08
,
0x00
,
0x00
,
0x09
,
0x6e
,
0x88
,
0x02
,
0xff
,
0x8c
,
0x52
,
0x
e
d
,
0x
aa
,
0x
da
,
0x
4
0
,
0x1
0
,
0x3
5
,
0x
7e
,
0x
4
5
,
0x
a
7
,
0x
5
1
,
0x
ca
,
0x
e2
,
0x8
f
,
0x
90
,
0x
52
,
0x
b
0
,
0x
4
1
,
0x
8a
,
0x
f4
,
0x
47
,
0x
04
,
0xf
b
,
0x0
8
,
0x
5a
,
0x
b0
,
0x
94
,
0x
4
2
,
0x
49
,
0x
eb
,
0x0
3
,
0x
6c
,
0x
37
,
0x6
3
,
0x
bb
,
0x10
,
0x
b3
,
0x
e
9
,
0x
ee
,
0x
5a
,
0xf
4
,
0x
35
,
0x
ee
,
0x
0b
,
0xd
f
,
0x
bb
,
0x
99
,
0x
18
,
0xaf
,
0x
72
,
0xf
d
,
0x
71
,
0x
ff
,
0x
2
c
,
0x7b
,
0x
66
,
0xce
,
0x
9e
,
0x
33
,
0x
67
,
0x
58
,
0x78
,
0x
97
,
0x
ed
,
0x8
c
,
0x
59
,
0x
54
,
0x
87
,
0x
58
,
0x
f0
,
0x5
2
,
0x2
e
,
0x
44
,
0x2
e
,
0x
b1
,
0x
b0
,
0x4
9
,
0x
a
9
,
0x
95
,
0x
55
,
0x
a
c
,
0x
e3
,
0x
2a
,
0x
d
1
,
0xfb
,
0x
0b
,
0xa
3
,
0x
2
4
,
0x4
6
,
0x
9
9
,
0x
7
3
,
0x
b
b
,
0x
53
,
0x
7a
,
0x5
f
,
0x7
3
,
0x
e2
,
0x
47
,
0x
0f
,
0x
fc
,
0x9
5
,
0x
2a
,
0x
2c
,
0x
1e
,
0x
2d
,
0x
fb
,
0x
0
4
,
0x
6f
,
0x
35
,
0x
0a
,
0x5
9
,
0x
56
,
0x1
2
,
0x
d
f
,
0x
f0
,
0x
b
4
,
0x
e1
,
0x
e6
,
0x
6f
,
0xe
8
,
0x
4d
,
0x
bd
,
0x
79
,
0x
90
,
0x
b
e
,
0x
a8
,
0x
b3
,
0x1
9
,
0x
8
c
,
0x
0c
,
0x
16
,
0x
19
,
0x
ea
,
0x8
6
,
0x
d8
,
0x26
,
0xe2
,
0x6
d
,
0x91
,
0x
45
,
0x
3
0
,
0x
30
,
0xf
8
,
0x
ef
,
0x
80
,
0x
8
5
,
0xc
0
,
0xb
0
,
0x
33
,
0xe
d
,
0x
c
c
,
0x4
7
,
0x
e9
,
0x
05
,
0x
b
3
,
0x
1
0
,
0x
7c
,
0x
23
,
0x
ff
,
0x
14
,
0x
a8
,
0x
4
d
,
0x
d
8
,
0x
75
,
0x
ad
,
0x
20
,
0x
6d
,
0x
20
,
0x
5b
,
0xc
2
,
0x
44
,
0x
b8
,
0x
91
,
0x3
4
,
0x
17
,
0x
76
,
0x
ad
,
0x
c
4
,
0x6
1
,
0xef
,
0x
6c
,
0x
c9
,
0x
a2
,
0x4
7
,
0x
16
,
0x
77
,
0x
7b
,
0x
34
,
0x
8f
,
0x7
b
,
0x
ce
,
0x
ed
,
0x
41
,
0x
e3
,
0x7
6
,
0xf
b
,
0x
7
5
,
0x
1d
,
0x
f
6
,
0x
1d
,
0x
79
,
0x
9
8
,
0x
de
,
0x
16
,
0x
19
,
0x
83
,
0x
ae
,
0x4
1
,
0x
9e
,
0x
87
,
0x
3e
,
0x
29
,
0x
d1
,
0x
3d
,
0x
e6
,
0x
e
0
,
0x
ff
,
0x
d0
,
0x
6a
,
0x
2f
,
0x0
d
,
0x
b2
,
0x
8f
,
0x
e0
,
0x
8b
,
0x
7
a
,
0x
17
,
0x
94
,
0x
fb
,
0x
c
d
,
0x
32
,
0x
48
,
0xd
c
,
0x
ca
,
0x
9
2
,
0x
f3
,
0x
7e
,
0xd
2
,
0x
a6
,
0x
c9
,
0x
2
6
,
0x
d
0
,
0x
93
,
0x2
e
,
0xe6
,
0x
9
1
,
0x
42
,
0x8
f
,
0x
d2
,
0x
1a
,
0x
54
,
0x
81
,
0x
4a
,
0x
7
e
,
0x
ca
,
0x1
5
,
0x
cf
,
0x
5c
,
0x
d6
,
0x
4a
,
0x
bf
,
0x
81
,
0x
f1
,
0x
77
,
0x1
8
,
0xf
e
,
0x
6
c
,
0xe
6
,
0x
78
,
0x
b5
,
0x
c
9
,
0x
95
,
0x
5c
,
0x
fb
,
0x
56
,
0x
ee
,
0x
03
,
0x
f
4
,
0x
3
6
,
0x
98
,
0x
e7
,
0x
aa
,
0x
a2
,
0xf
c
,
0x
77
,
0x
0b
,
0x9
3
,
0x
aa
,
0x2
0
,
0x
a9
,
0x
61
,
0x
d
a
,
0x
c0
,
0x
e5
,
0x
83
,
0x0
7
,
0x
f
d
,
0x
15
,
0x
fd
,
0x0
5
,
0x
96
,
0x
40
,
0xf
0
,
0x
4b
,
0x
2
3
,
0x
b7
,
0x
4d
,
0x
c8
,
0x
da
,
0x
ee
,
0x
8c
,
0x
a2
,
0x
31
,
0x
a1
,
0x
2f
,
0x
5
a
,
0x
2b
,
0x
bd
,
0x
52
,
0x1
9
,
0x
c6
,
0x2
d
,
0x
b7
,
0x
fd
,
0x
31
,
0x
f1
,
0x
9
f
,
0x
27
,
0x
ae
,
0x
39
,
0x
17
,
0x
7c
,
0x
e7
,
0x
cd
,
0x0
c
,
0x
0
6
,
0x
6b
,
0x
69
,
0x
84
,
0x
7
2
,
0x
f6
,
0x
0c
,
0x
a8
,
0x
4b
,
0x0
3
,
0x
46
,
0x
57
,
0xf
7
,
0x
b8
,
0x
f
5
,
0x
bb
,
0x
4f
,
0x
5f
,
0x
ee
,
0x
f3
,
0x
53
,
0x00
,
0x00
,
0x00
,
0xff
,
0xff
,
0x
fe
,
0x
4
f
,
0x
ca
,
0x
ea
,
0x
b5
,
0x02
,
0x00
,
0x00
,
}
dfssc/api/client.proto
View file @
af61496c
...
...
@@ -30,8 +30,8 @@ message Context {
bytes
contractDocumentHash
=
5
;
/// The unique signature attemp ID, as provided by the platform during the ready signal
string
signatureUUID
=
6
;
/// The signed metadata
hashb
, as provided by the platform during the ready signal
bytes
s
ignedHash
=
7
;
/// The signed metadata
seal
, as provided by the platform during the ready signal
bytes
s
eal
=
7
;
}
message
Promise
{
...
...
dfssc/sign/promises.go
View file @
af61496c
...
...
@@ -21,6 +21,7 @@ func (m *SignatureManager) createContext(from, to uint32) (*cAPI.Context, error)
Signers
:
m
.
keyHash
,
ContractDocumentHash
:
[]
byte
(
m
.
contract
.
File
.
Hash
),
SignatureUUID
:
m
.
uuid
,
Seal
:
m
.
seal
,
},
nil
}
...
...
dfssc/sign/starter.go
View file @
af61496c
...
...
@@ -42,6 +42,7 @@ type SignatureManager struct {
keyHash
[][]
byte
mail
string
archives
*
Archives
seal
[]
byte
// Callbacks
OnSignerStatusUpdate
func
(
mail
string
,
status
SignerStatus
,
data
string
)
...
...
@@ -215,6 +216,7 @@ func (m *SignatureManager) SendReadySign() (signatureUUID string, err error) {
m
.
sequence
=
launch
.
Sequence
m
.
uuid
=
launch
.
SignatureUuid
m
.
keyHash
=
launch
.
KeyHash
m
.
seal
=
launch
.
Seal
signatureUUID
=
m
.
uuid
return
}
...
...
dfssp/api/platform.pb.go
View file @
af61496c
...
...
@@ -265,8 +265,10 @@ type LaunchSignature struct {
KeyHash
[][]
byte
`protobuf:"bytes,3,rep,name=keyHash,proto3" json:"keyHash,omitempty"`
// / The signing sequence generated on-the-fly by the platform
Sequence
[]
uint32
`protobuf:"varint,4,rep,name=sequence" json:"sequence,omitempty"`
// / The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
Hash
[]
byte
`protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"`
// / The cryptographic object of the signature of this structure (hash and errorCode excepted) by the platform, for data certification.
// / The signature is computed using auth.SignStructure function:
// / PKCS1v15 + SHA512 hash of the string representation of the structure
Seal
[]
byte
`protobuf:"bytes,5,opt,name=seal,proto3" json:"seal,omitempty"`
}
func
(
m
*
LaunchSignature
)
Reset
()
{
*
m
=
LaunchSignature
{}
}
...
...
@@ -616,7 +618,7 @@ var _Platform_serviceDesc = grpc.ServiceDesc{
}
var
fileDescriptor0
=
[]
byte
{
// 70
6
bytes of a gzipped FileDescriptorProto
// 7
1
0 bytes of a gzipped FileDescriptorProto
0x1f
,
0x8b
,
0x08
,
0x00
,
0x00
,
0x09
,
0x6e
,
0x88
,
0x02
,
0xff
,
0x94
,
0x55
,
0x5f
,
0x6f
,
0x12
,
0x4b
,
0x14
,
0x67
,
0x81
,
0x16
,
0x38
,
0x14
,
0xba
,
0x19
,
0x7a
,
0xef
,
0xe5
,
0x92
,
0xd4
,
0x34
,
0x13
,
0x13
,
0x1b
,
0x63
,
0xa0
,
0xc1
,
0x44
,
0xa3
,
0x6f
,
0x14
,
0x49
,
0x5b
,
0x53
,
0xb1
,
0x19
,
0x40
,
0x13
,
0xdf
,
...
...
@@ -651,15 +653,15 @@ var fileDescriptor0 = []byte{
0x1a
,
0xb4
,
0x46
,
0xe4
,
0x2a
,
0x6b
,
0xaf
,
0x9c
,
0x6b
,
0xef
,
0x19
,
0xd8
,
0x84
,
0x3a
,
0xde
,
0x9d
,
0xe2
,
0xeb
,
0x1e
,
0x54
,
0xe1
,
0xef
,
0x16
,
0xec
,
0x5f
,
0x3a
,
0xcb
,
0xd0
,
0x9d
,
0x67
,
0x4c
,
0xdf
,
0x93
,
0x98
,
0x87
,
0xd0
,
0xe0
,
0xe6
,
0x68
,
0x8e
,
0x99
,
0x75
,
0x67
,
0xbe
,
0x67
,
0x35
,
0x79
,
0xb9
,
0x9e
,
0xe5
,
0xb8
,
0x72
,
0x55
,
0x70
,
0xe8
,
0x52
,
0xd9
,
0x51
,
0x49
,
0x76
,
0x94
,
0xd9
,
0x
d9
,
0x
78
,
0xe
f
,
0x
ac
,
0x
c6
,
0x
b
b
,
0x
ff
,
0x
ad
,
0x0
4
,
0x
d
5
,
0x
ab
,
0xf
4
,
0x
8d
,
0x
8
4
,
0xf
a
,
0x
50
,
0x
35
,
0x
8a
,
0x
42
,
0x07
,
0x
ba
,
0x
c6
,
0x8d
,
0x
b7
,
0x
52
,
0x
67
,
0xa
3
,
0x7
2
,
0x
5c
,
0x4
0
,
0x
3
d
,
0x
2
8
,
0x
2b
,
0x
0
1
,
0x
23
,
0x
5b
,
0x
ef
,
0x
e
4
,
0x
b4
,
0x
d
c
,
0x6
9
,
0x
ad
,
0x
21
,
0x2
4
,
0x
12
,
0x
9
5
,
0x
07
,
0x
1e
,
0x
03
,
0x
cc
,
0x
42
,
0x
66
,
0x
d2
,
0x
4
0
,
0x0
2
,
0x
a8
,
0x
5
4
,
0x
b
9
,
0x0
5
,
0x
fc
,
0x
2
5
,
0xe
c
,
0x
e5
,
0x7
5
,
0x
8a
,
0xda
,
0x
3a
,
0x
62
,
0x
8b
,
0x
74
,
0xb
7
,
0x
9c
,
0x
7
d
,
0x
0e
,
0x
f5
,
0x
9c
,
0x
d4
,
0x
d0
,
0x
7f
,
0x3
a
,
0x
e0
,
0x
4f
,
0xf
1
,
0x
75
,
0x
1a
,
0x
7a
,
0x
c
3
,
0x7
8
,
0x
e5
,
0x
c1
,
0x
53
,
0x
68
,
0x
ac
,
0x
6
9
,
0x0
5
,
0x
fd
,
0xa
f
,
0x
23
,
0x
b6
,
0x
e9
,
0x
a7
,
0x
83
,
0x
b2
,
0x
a9
,
0x
cc
,
0x9
4
,
0x
8
0
,
0x
0b
,
0x2
7
,
0x
96
,
0x2
c
,
0x
bc
,
0x
96
,
0x
0d
,
0x
10
,
0x
fa
,
0x
27
,
0x
2
5
,
0x
62
,
0x
7d
,
0x
a0
,
0x
3a
,
0x
0
9
,
0x
c3
,
0x1
b
,
0x
e3
,
0x
82
,
0x
0b
,
0x
1
f
,
0x
77
,
0x
f5
,
0x
87
,
0x
e1
,
0x
e9
,
0x
ef
,
0x
00
,
0x
00
,
0x
00
,
0xf
f
,
0x
ff
,
0x
c5
,
0x
4c
,
0x
a0
,
0x
21
,
0x
3
9
,
0x
06
,
0x00
,
0x00
,
0x9e
,
0xe5
,
0xb8
,
0x72
,
0x55
,
0x70
,
0xe8
,
0x52
,
0xd9
,
0x51
,
0x49
,
0x76
,
0x94
,
0xd9
,
0x
aa
,
0x
53
,
0x
4
e
,
0x
9d
,
0x
45
,
0x
7
b
,
0x
27
,
0x
19
,
0x0
c
,
0x
b
5
,
0x
ee
,
0x
7
f
,
0x
2b
,
0x4
1
,
0xf
5
,
0x
2a
,
0x
7d
,
0x
23
,
0x
a1
,
0x
3e
,
0x
54
,
0x8d
,
0x
a2
,
0x
d0
,
0x
81
,
0xa
e
,
0x7
1
,
0x
e3
,
0x
ad
,
0xd
4
,
0xd
9
,
0x
a
8
,
0x
1c
,
0x1
7
,
0x
50
,
0x
0f
,
0x
ca
,
0x4
a
,
0x
c0
,
0xc
8
,
0x
d
6
,
0x
3b
,
0x
39
,
0x2
d
,
0x
77
,
0x5
a
,
0x
6b
,
0x
08
,
0x
89
,
0x
44
,
0x
e5
,
0x
81
,
0x
c7
,
0x0
0
,
0xb3
,
0x
9
0
,
0x
99
,
0x
3
4
,
0x9
0
,
0x0
0
,
0x
2a
,
0x
5
5
,
0x
6
e
,
0x
01
,
0x7
f
,
0x
09
,
0x
7b
,
0x
79
,
0x
9d
,
0x
a2
,
0xb
6
,
0x
8e
,
0xd
8
,
0x
22
,
0x
dd
,
0x
2d
,
0x
67
,
0x
9f
,
0x
43
,
0x3
d
,
0x
27
,
0x
35
,
0xf
4
,
0x
9f
,
0x
0e
,
0x
f8
,
0x
5
3
,
0x7
c
,
0x
9d
,
0x
86
,
0x
de
,
0x
30
,
0x
5e
,
0x
7
9
,
0x
f
0
,
0x
14
,
0x
1
a
,
0x
6b
,
0x
5a
,
0x
41
,
0x
ff
,
0x
eb
,
0x
88
,
0x
6d
,
0x
fa
,
0x
e
9
,
0x
a
0
,
0x
6c
,
0x2
a
,
0x
33
,
0x2
5
,
0x
e0
,
0x
c2
,
0x
89
,
0x
25
,
0x
0b
,
0x
af
,
0x
6
5
,
0x
03
,
0x
84
,
0x
fe
,
0x
49
,
0x
8
9
,
0x
58
,
0x1
f
,
0x
a8
,
0x
4e
,
0x
c2
,
0xf
0
,
0x
c6
,
0x
b8
,
0x
e0
,
0x
c2
,
0x
c7
,
0x
5d
,
0x
fd
,
0x
61
,
0x
78
,
0xf
a
,
0x
3b
,
0x
00
,
0x
00
,
0x
ff
,
0x
ff
,
0x
c
9
,
0x
55
,
0xd0
,
0xdf
,
0x39
,
0x06
,
0x00
,
0x00
,
}
dfssp/api/platform.proto
View file @
af61496c
...
...
@@ -140,6 +140,8 @@ message LaunchSignature {
repeated
bytes
keyHash
=
3
;
/// The signing sequence generated on-the-fly by the platform
repeated
uint32
sequence
=
4
;
/// The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
bytes
hash
=
5
;
/// The cryptographic object of the signature of this structure (hash and errorCode excepted) by the platform, for data certification.
/// The signature is computed using auth.SignStructure function:
/// PKCS1v15 + SHA512 hash of the string representation of the structure
bytes
seal
=
5
;
}
dfssp/server/server.go
View file @
af61496c
...
...
@@ -5,8 +5,7 @@ import (
"fmt"
"os"
"github.com/spf13/viper"
"dfss/auth"
"dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/dfssp/common"
...
...
@@ -14,7 +13,7 @@ import (
"dfss/dfssp/user"
"dfss/mgdb"
"dfss/net"
"github.com/spf13/viper"
"golang.org/x/net/context"
"google.golang.org/grpc"
)
...
...
@@ -96,7 +95,20 @@ func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest
if
len
(
cn
)
==
0
{
return
&
api
.
LaunchSignature
{
ErrorCode
:
&
api
.
ErrorCode
{
Code
:
api
.
ErrorCode_BADAUTH
}},
nil
}
return
contract
.
ReadySign
(
s
.
DB
,
s
.
Rooms
,
&
ctx
,
in
),
nil
signal
:=
contract
.
ReadySign
(
s
.
DB
,
s
.
Rooms
,
&
ctx
,
in
)
if
signal
.
ErrorCode
.
Code
==
api
.
ErrorCode_SUCCESS
{
sealedSignal
:=
*
signal
sealedSignal
.
ErrorCode
=
nil
sealedSignal
.
Seal
=
nil
var
err
error
signal
.
Seal
,
err
=
auth
.
SignStructure
(
s
.
Pid
.
Pkey
,
sealedSignal
)
if
err
!=
nil
{
return
&
api
.
LaunchSignature
{
ErrorCode
:
&
api
.
ErrorCode
{
Code
:
api
.
ErrorCode_INTERR
}},
nil
}
}
return
signal
,
nil
}
// GetServer returns the GRPC server associated with the platform
...
...
dfsst/entities/archivesManager.go
View file @
af61496c
...
...
@@ -29,7 +29,7 @@ func (manager *ArchivesManager) InitializeArchives(promise *cAPI.Promise, signat
present
,
archives
:=
manager
.
ContainsSignature
(
signatureUUID
)
if
!
present
{
archives
=
NewSignatureArchives
(
signatureUUID
,
promise
.
Context
.
Sequence
,
*
signers
,
promise
.
Context
.
ContractDocumentHash
,
promise
.
Context
.
S
ignedHash
)
archives
=
NewSignatureArchives
(
signatureUUID
,
promise
.
Context
.
Sequence
,
*
signers
,
promise
.
Context
.
ContractDocumentHash
,
promise
.
Context
.
S
eal
)
}
manager
.
Archives
=
archives
...
...
dfsst/entities/archivesManager_test.go
View file @
af61496c
...
...
@@ -23,7 +23,7 @@ var (
signatureUUID
string
signatureUUIDBson
bson
.
ObjectId
s
ignedHash
[]
byte
s
eal
[]
byte
signersEntities
[]
Signer
...
...
@@ -48,7 +48,7 @@ func init() {
signatureUUIDBson
=
bson
.
NewObjectId
()
signatureUUID
=
signatureUUIDBson
.
Hex
()
s
ignedHash
=
[]
byte
{}
s
eal
=
[]
byte
{}
signersEntities
=
make
([]
Signer
,
0
)
for
_
,
s
:=
range
signers
{
...
...
@@ -85,15 +85,15 @@ func TestInitializeArchives(t *testing.T) {
Sequence
:
sequence
,
Signers
:
signers
,
SignatureUUID
:
signatureUUID
,
S
ignedHash
:
signedHash
,
S
eal
:
seal
,
},
}
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
}
arch
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
arch
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
.
InitializeArchives
(
promise
,
signatureUUIDBson
,
&
signersEntities
)
arch
.
Signers
=
manager
.
Archives
.
Signers
...
...
@@ -114,7 +114,7 @@ func TestInitializeArchives(t *testing.T) {
}
func
TestContainsSignature
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -138,7 +138,7 @@ func TestContainsSignature(t *testing.T) {
}
func
TestHasReceivedAbortToken
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -164,7 +164,7 @@ func TestHasReceivedAbortToken(t *testing.T) {
}
func
TestWasContractSigned
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -182,7 +182,7 @@ func TestWasContractSigned(t *testing.T) {
}
func
TestHasSignerPromised
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -226,7 +226,7 @@ func TestHasSignerPromised(t *testing.T) {
func
TestAddToAbort
(
t
*
testing
.
T
)
{
// TODO
// Test the abortedIndex field, when promises will be implemented
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -258,7 +258,7 @@ func TestAddToAbort(t *testing.T) {
}
func
TestAddToDishonest
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
@@ -290,7 +290,7 @@ func TestAddToDishonest(t *testing.T) {
}
func
TestAddPromise
(
t
*
testing
.
T
)
{
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
ignedHash
)
archives
:=
NewSignatureArchives
(
signatureUUIDBson
,
sequence
,
signersEntities
,
contractDocumentHash
,
s
eal
)
manager
:=
&
ArchivesManager
{
DB
:
dbManager
,
Archives
:
archives
,
...
...
dfsst/entities/authContainer.go
0 → 100644
View file @
af61496c
package
entities
import
(
"dfss/dfssc/security"
)
// AuthContainer is global for performance reasons; singleton is not a problem.
// This variable should be loaded by dfsst/server package.
var
AuthContainer
*
security
.
AuthContainer
dfsst/entities/check_request.go
View file @
af61496c
...
...
@@ -7,6 +7,7 @@ import (
"crypto/sha512"
"dfss/auth"
cAPI
"dfss/dfssc/api"
pAPI
"dfss/dfssp/api"
tAPI
"dfss/dfsst/api"
"dfss/net"
"golang.org/x/net/context"
...
...
@@ -68,7 +69,7 @@ func IsPromiseSignedByPlatform(promise *cAPI.Promise) (bool, bson.ObjectId, []Si
return
false
,
signatureUUID
,
nil
}
ok
=
IsPlatformS
ignedHash
Valid
(
promise
)
ok
=
IsPlatformS
eal
Valid
(
promise
)
if
!
ok
{
return
false
,
signatureUUID
,
nil
}
...
...
@@ -137,9 +138,18 @@ func IsSignerHashValid(hash []byte) (bool, *Signer) {
return
true
,
NewSigner
(
hash
)
}
// IsPlatformSignedHashValid : verifies that the specified promise contains the expected information signed by the platform.
func
IsPlatformSignedHashValid
(
promise
*
cAPI
.
Promise
)
bool
{
// TODO
// This requires the implementation of promise sending by the clients
return
true
// IsPlatformSealValid : verifies that the specified promise contains the expected information signed by the platform.
func
IsPlatformSealValid
(
promise
*
cAPI
.
Promise
)
bool
{
if
AuthContainer
==
nil
{
return
false
}
theoric
:=
pAPI
.
LaunchSignature
{
SignatureUuid
:
promise
.
Context
.
SignatureUUID
,
KeyHash
:
promise
.
Context
.
Signers
,
Sequence
:
promise
.
Context
.
Sequence
,
}
ok
,
_
:=
auth
.
VerifyStructure
(
AuthContainer
.
CA
,
theoric
,
promise
.
Context
.
Seal
)
return
ok
}
dfsst/entities/check_request_test.go
View file @
af61496c
...
...
@@ -32,13 +32,10 @@ func TestIsPromiseSignedByPlatform(t *testing.T) {
valid
,
sigID
,
_
=
IsPromiseSignedByPlatform
(
promise
)
assert
.
Equal
(
t
,
valid
,
false
)
// TODO
// when 'IsPlatformSignedHashValid' is implemented
promise
.
Context
.
Signers
=
signers
valid
,
sigID
,
signerss
:
=
IsPromiseSignedByPlatform
(
promise
)
assert
.
Equal
(
t
,
valid
,
tru
e
)
valid
,
sigID
,
_
=
IsPromiseSignedByPlatform
(
promise
)
assert
.
Equal
(
t
,
valid
,
fals
e
)
assert
.
Equal
(
t
,
sigID
,
signatureUUIDBson
)
assert
.
Equal
(
t
,
len
(
signerss
),
len
(
signers
))
}
func
TestGetSenderHashFromContext
(
t
*
testing
.
T
)
{
...
...
@@ -114,18 +111,17 @@ func TestIsSignerHashValid(t *testing.T) {
assert
.
Equal
(
t
,
bytes
.
Equal
(
signer
.
Hash
,
signers
[
0
]),
true
)
}
// TO MODIFY WHEN SOURCE FUNCTION WILL BE UPDATED
func
TestIsPlatformSignedHashValid
(
t
*
testing
.
T
)
{
func
TestIsPlatformSealValid
(
t
*
testing
.
T
)
{
promise
:=
&
cAPI
.
Promise
{
Context
:
&
cAPI
.
Context
{
ContractDocumentHash
:
contractDocumentHash
,
Sequence
:
sequence
,
Signers
:
signers
,
SignatureUUID
:
signatureUUID
,
S
ignedHash
:
signedHash
,
S
eal
:
seal
,
},
}
b
:=
IsPlatformS
ignedHash
Valid
(
promise
)
assert
.
Equal
(
t
,
b
,
tru
e
)
b
:=
IsPlatformS
eal
Valid
(
promise
)
assert
.
Equal
(
t
,
b
,
fals
e
)
}
dfsst/entities/signatureArchives.go
View file @
af61496c
...
...
@@ -24,10 +24,10 @@ func NewSigner(hash []byte) *Signer {
type
SignatureArchives
struct
{
ID
bson
.
ObjectId
`key:"_id" bson:"_id"`
// Internal id of a SignatureArchives - The unique signature identifier
Sequence
[]
uint32
`key:"sequence" bson:"sequence"`
// Signing sequence
Signers
[]
Signer
`key:"signers" bson:"signers"`
// List of signers
TextHash
[]
byte
`key:"textHash" bson:"textHash"`
// Small hash of the contract
S
ignedHash
[]
byte
`key:"s
ignedHash" bson:"SignedHash"`
// Hash of the above fields, signed by the platform
Sequence
[]
uint32
`key:"sequence" bson:"sequence"`
// Signing sequence
Signers
[]
Signer
`key:"signers" bson:"signers"`
// List of signers
TextHash
[]
byte
`key:"textHash" bson:"textHash"`
// Small hash of the contract
S
eal
[]
byte
`key:"s
eal" bson:"seal"`
// Seal provided by the platform to authentify the context
ReceivedPromises
[]
Promise
`key:"receivedPromises" bson:"receivedPromises"`
// All valid received promises
AbortedSigners
[]
AbortedSigner
`key:"abortedSigners" bson:"abortedSigners"`
// Signers that were sent an abort token
...
...
@@ -37,14 +37,14 @@ type SignatureArchives struct {
}
// NewSignatureArchives : creates a new SignatureArchives with the specified parameters
func
NewSignatureArchives
(
signatureUUID
bson
.
ObjectId
,
sequence
[]
uint32
,
signers
[]
Signer
,
textHash
,
s
ignedHash
[]
byte
)
*
SignatureArchives
{
func
NewSignatureArchives
(
signatureUUID
bson
.
ObjectId
,
sequence
[]
uint32
,
signers
[]
Signer
,
textHash
,
s
eal
[]
byte
)
*
SignatureArchives
{
return
&
SignatureArchives
{
ID
:
signatureUUID
,
Sequence
:
sequence
,
Signers
:
signers
,
TextHash
:
textHash
,
S
ignedHash
:
signedHash
,
Sequence
:
sequence
,
Signers
:
signers
,
TextHash
:
textHash
,
S
eal
:
seal
,
ReceivedPromises
:
make
([]
Promise
,
0
),
AbortedSigners
:
make
([]
AbortedSigner
,
0
),
...
...
dfsst/server/server.go
View file @
af61496c
...
...
@@ -13,7 +13,6 @@ import (
"dfss/dfsst/resolve"
"dfss/mgdb"
"dfss/net"
"github.com/spf13/viper"
"golang.org/x/net/context"
"google.golang.org/grpc"
...
...
@@ -181,8 +180,8 @@ func (server *ttpServer) Recover(ctx context.Context, in *tAPI.RecoverRequest) (
// GetServer returns the gRPC server.
func
GetServer
()
*
grpc
.
Server
{
// We can do that because NewAuthContainer is looking for "file_ca", "file_cert", and "file_key" in viper, which are set by the TTP
auth
:
=
security
.
NewAuthContainer
(
viper
.
GetString
(
"password"
))
ca
,
cert
,
key
,
err
:=
auth
.
LoadFiles
()
entities
.
AuthContainer
=
security
.
NewAuthContainer
(
viper
.
GetString
(
"password"
))
ca
,
cert
,
key
,
err
:=
entities
.
AuthContainer
.
LoadFiles
()
if
err
!=
nil
{
fmt
.
Fprintln
(
os
.
Stderr
,
"An error occured during the private key and certificates retrieval:"
,
err
)
os
.
Exit
(
1
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment