Commit af61496c authored by Loïck Bonniot's avatar Loïck Bonniot

[c][p][t] Add platform seal on signature metadata

parent 65467f53
Pipeline #1682 passed with stage
package auth
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha512"
"crypto/x509"
"fmt"
)
// SignStructure signs the provided structure with the private key.
// The used protocol is RSA PKCS#1 v1.5 with SHA-512 hash.
// The structure is serialized to a string representation using the fmt package.
func SignStructure(key *rsa.PrivateKey, structure interface{}) ([]byte, error) {
hash, err := hashStruct(structure)
if err != nil {
return nil, err
}
return rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA512, hash)
}
// VerifyStructure verifies the signed message according to the provided structure and certificate.
// See SignStructure for protocol definition.
func VerifyStructure(cert *x509.Certificate, structure interface{}, signed []byte) (bool, error) {
hash, err := hashStruct(structure)
if err != nil {
return false, err
}
err = rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.SHA512, hash, signed)
return err == nil, err
}
func hashStruct(structure interface{}) (hash []byte, err error) {
data := []byte(fmt.Sprintf("%v", structure))
rawHash := sha512.Sum512(data)
hash = rawHash[:]
return
}
package auth
import (
"testing"
"github.com/stretchr/testify/assert"
)
type TestStructure struct {
FieldA int64
FieldB []byte
FieldC *TestStructure
}
func TestSignStructure(t *testing.T) {
key, err := GeneratePrivateKey(1024)
assert.Nil(t, err)
res, err := SignStructure(key, TestStructure{})
assert.Nil(t, err)
assert.True(t, len(res) > 0)
}
func TestVerifyStructure(t *testing.T) {
key, err := GeneratePrivateKey(1024)
assert.Nil(t, err)
selfSigned, err := GetSelfSignedCertificate(1, 0, "", "", "", "test", key)
assert.Nil(t, err)
cert, err := PEMToCertificate(selfSigned)
assert.Nil(t, err)
s := TestStructure{
FieldA: 5,
FieldB: []byte{0x01, 0x02},
FieldC: &TestStructure{},
}
res, _ := SignStructure(key, s)
valid, err := VerifyStructure(cert, s, res)
assert.Nil(t, err)
assert.True(t, valid)
s.FieldB[1] = 0x42
valid, _ = VerifyStructure(cert, s, res)
assert.False(t, valid)
}
......@@ -51,8 +51,8 @@ type Context struct {
ContractDocumentHash []byte `protobuf:"bytes,5,opt,name=contractDocumentHash,proto3" json:"contractDocumentHash,omitempty"`
// / The unique signature attemp ID, as provided by the platform during the ready signal
SignatureUUID string `protobuf:"bytes,6,opt,name=signatureUUID" json:"signatureUUID,omitempty"`
// / The signed metadata hashb, as provided by the platform during the ready signal
SignedHash []byte `protobuf:"bytes,7,opt,name=signedHash,proto3" json:"signedHash,omitempty"`
// / The signed metadata seal, as provided by the platform during the ready signal
Seal []byte `protobuf:"bytes,7,opt,name=seal,proto3" json:"seal,omitempty"`
}
func (m *Context) Reset() { *m = Context{} }
......@@ -263,28 +263,28 @@ var _Client_serviceDesc = grpc.ServiceDesc{
var fileDescriptor0 = []byte{
// 380 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0x5d, 0x4f, 0xc2, 0x30,
0x14, 0xe5, 0x43, 0x18, 0x5c, 0x07, 0x31, 0x0d, 0x0f, 0xcb, 0x8c, 0x06, 0x17, 0x62, 0x88, 0x0f,
0x23, 0xc1, 0x9f, 0x00, 0x26, 0x18, 0x63, 0x62, 0xa6, 0xfc, 0x80, 0xda, 0x15, 0x6d, 0x32, 0xd6,
0xd9, 0x16, 0x03, 0xbf, 0xc1, 0x37, 0x7f, 0xb1, 0xdd, 0x1d, 0x43, 0x88, 0x3c, 0xf8, 0xb2, 0xec,
0xdc, 0x7b, 0x7a, 0xce, 0xbd, 0xa7, 0x85, 0xf3, 0x78, 0xa1, 0xf5, 0x28, 0xff, 0xb0, 0x11, 0xcd,
0xc4, 0x88, 0x25, 0x82, 0xa7, 0x26, 0xcc, 0x94, 0x34, 0x92, 0xd4, 0x6d, 0xc5, 0xbf, 0xd8, 0x31,
0x32, 0x64, 0x64, 0x09, 0x35, 0x0b, 0xa9, 0x96, 0x05, 0x27, 0xf8, 0xaa, 0x81, 0x33, 0x91, 0xa9,
0xe1, 0x6b, 0x43, 0x6e, 0xe0, 0x4c, 0x71, 0x26, 0xb2, 0x5c, 0xe2, 0x81, 0x6f, 0x66, 0x54, 0xbf,
0x7b, 0xd5, 0x7e, 0x75, 0xe8, 0x46, 0x7f, 0xea, 0x64, 0x00, 0x1d, 0xcd, 0xd3, 0x98, 0xab, 0x92,
0x58, 0x43, 0xe2, 0x61, 0x91, 0xf8, 0xd0, 0xd2, 0xfc, 0x63, 0xc5, 0x53, 0xc6, 0xbd, 0x7a, 0xbf,
0x3e, 0xec, 0x44, 0x3b, 0x4c, 0x3c, 0x70, 0xb4, 0x78, 0x4b, 0xb9, 0xd2, 0xde, 0x89, 0x6d, 0xb9,
0x51, 0x09, 0xc9, 0x18, 0x7a, 0xcc, 0x8e, 0xa4, 0x28, 0x33, 0x53, 0xc9, 0x56, 0x4b, 0x6b, 0x8b,
0x16, 0x0d, 0xb4, 0x38, 0xda, 0xc3, 0x79, 0xec, 0x71, 0x6a, 0x56, 0x8a, 0xcf, 0xe7, 0xf7, 0x53,
0xaf, 0x69, 0xc9, 0xed, 0xe8, 0xb0, 0x48, 0x2e, 0x01, 0xd0, 0x24, 0x46, 0x3d, 0x07, 0xf5, 0xf6,
0x2a, 0x01, 0x05, 0xe7, 0x49, 0xc9, 0xa5, 0xd0, 0x9c, 0x5c, 0x83, 0xc3, 0x8a, 0x5c, 0x30, 0x83,
0xd3, 0xb1, 0x1b, 0xda, 0xf8, 0xc2, 0x6d, 0x56, 0x51, 0xd9, 0x24, 0x3d, 0x68, 0x08, 0xbb, 0xf2,
0x1a, 0x03, 0xe8, 0x44, 0x05, 0xc8, 0x97, 0xcb, 0xe8, 0x26, 0x91, 0x34, 0xb6, 0x7b, 0xe7, 0x2e,
0x25, 0x0c, 0x1e, 0xa1, 0xfd, 0x5c, 0xce, 0xf4, 0x6f, 0x93, 0x3d, 0xb9, 0xda, 0xa1, 0xdc, 0x15,
0x34, 0x66, 0x3c, 0x49, 0x64, 0x4e, 0xf9, 0xb4, 0xe1, 0x09, 0x99, 0xa2, 0x54, 0x3b, 0x2a, 0xe1,
0xf8, 0xbb, 0x0a, 0xcd, 0x09, 0xbe, 0x0b, 0x12, 0x82, 0xfb, 0xa2, 0x38, 0x35, 0xe5, 0x92, 0x85,
0xdd, 0x16, 0xf9, 0x5d, 0x44, 0x77, 0x4a, 0x49, 0x35, 0x91, 0x31, 0x0f, 0x2a, 0xf6, 0x26, 0xba,
0xc8, 0xff, 0x9d, 0xb8, 0xe0, 0xec, 0xf0, 0x91, 0x33, 0x03, 0x68, 0x4d, 0x85, 0x66, 0xd2, 0xda,
0x13, 0xc0, 0x2e, 0x0e, 0xe8, 0xef, 0xfd, 0x07, 0x95, 0xd7, 0x26, 0x3e, 0xbf, 0xdb, 0x9f, 0x00,
0x00, 0x00, 0xff, 0xff, 0xb4, 0xf1, 0xe7, 0x80, 0xc1, 0x02, 0x00, 0x00,
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x52, 0xed, 0xaa, 0xda, 0x40,
0x10, 0x35, 0x7e, 0x45, 0xa7, 0x51, 0xca, 0xe2, 0x8f, 0x90, 0x52, 0xb0, 0x41, 0x8a, 0xf4, 0x47,
0x04, 0xfb, 0x08, 0x5a, 0xb0, 0x94, 0x42, 0x49, 0xeb, 0x03, 0x6c, 0x37, 0x63, 0xbb, 0x10, 0xb3,
0xe9, 0xee, 0x5a, 0xf4, 0x35, 0xee, 0x0b, 0xdf, 0xbb, 0x99, 0x18, 0xaf, 0x72, 0xfd, 0x71, 0xff,
0x2c, 0x7b, 0x66, 0xce, 0x9e, 0x33, 0x67, 0x58, 0x78, 0x97, 0xed, 0x8c, 0x59, 0x54, 0x87, 0x58,
0xf0, 0x52, 0x2e, 0x44, 0x2e, 0xb1, 0xb0, 0x49, 0xa9, 0x95, 0x55, 0xac, 0xe3, 0x2a, 0xd1, 0xfb,
0x0b, 0xa3, 0x24, 0x46, 0x99, 0x73, 0xbb, 0x53, 0x7a, 0x5f, 0x73, 0xe2, 0x47, 0x0f, 0xfc, 0x95,
0x2a, 0x2c, 0x1e, 0x2d, 0xfb, 0x04, 0x6f, 0x35, 0x0a, 0x59, 0x56, 0x12, 0xdf, 0xf0, 0xb4, 0xe1,
0xe6, 0x6f, 0xe8, 0x4d, 0xbd, 0x79, 0x90, 0xbe, 0xa8, 0xb3, 0x19, 0x8c, 0x0c, 0x16, 0x19, 0xea,
0x86, 0xd8, 0x26, 0xe2, 0x6d, 0x91, 0x45, 0x30, 0x30, 0xf8, 0xef, 0x80, 0x85, 0xc0, 0xb0, 0x33,
0xed, 0xcc, 0x47, 0xe9, 0x05, 0xb3, 0x10, 0x7c, 0x23, 0xff, 0x14, 0xa8, 0x4d, 0xd8, 0x75, 0xad,
0x20, 0x6d, 0x20, 0x5b, 0xc2, 0x44, 0xb8, 0x91, 0x34, 0x17, 0x76, 0xad, 0xc4, 0x61, 0xef, 0x6c,
0xc9, 0xa2, 0x47, 0x16, 0x77, 0x7b, 0x34, 0x8f, 0x7b, 0xce, 0xed, 0x41, 0xe3, 0x76, 0xfb, 0x75,
0x1d, 0xf6, 0x1d, 0x79, 0x98, 0xde, 0x16, 0x19, 0x83, 0xae, 0x41, 0x9e, 0x87, 0x3e, 0x29, 0xd1,
0x3d, 0xe6, 0xe0, 0xff, 0xd0, 0x6a, 0x2f, 0x0d, 0xb2, 0x8f, 0xe0, 0x8b, 0x7a, 0x17, 0x94, 0xfb,
0xcd, 0x32, 0x48, 0xdc, 0xca, 0x92, 0xf3, 0x7e, 0xd2, 0xa6, 0xc9, 0x26, 0xd0, 0x93, 0x2e, 0xe6,
0x91, 0x42, 0x8f, 0xd2, 0x1a, 0x54, 0x81, 0x4a, 0x7e, 0xca, 0x15, 0xcf, 0x5c, 0xd6, 0x4a, 0xbf,
0x81, 0xf1, 0x77, 0x18, 0xfe, 0x6c, 0xe6, 0x78, 0xb5, 0xc9, 0x95, 0x5c, 0xfb, 0x56, 0xee, 0x03,
0xf4, 0x36, 0x98, 0xe7, 0xaa, 0xa2, 0xfc, 0x77, 0x0b, 0x93, 0xaa, 0x20, 0xa9, 0x61, 0xda, 0xc0,
0xe5, 0x83, 0x07, 0xfd, 0x15, 0xfd, 0x05, 0x96, 0x40, 0xf0, 0x4b, 0x23, 0xb7, 0x4d, 0xc8, 0xda,
0xee, 0x8c, 0xa2, 0x31, 0xa1, 0x2f, 0x5a, 0x2b, 0xbd, 0x52, 0x19, 0xc6, 0x2d, 0xb7, 0xfd, 0x31,
0xf1, 0x9f, 0x27, 0xae, 0x39, 0x17, 0x7c, 0xe7, 0xcd, 0x0c, 0x06, 0x6b, 0x69, 0x84, 0x72, 0xf6,
0x0c, 0xa8, 0x4b, 0x03, 0x46, 0x57, 0xf7, 0xb8, 0xf5, 0xbb, 0x4f, 0x5f, 0xee, 0xf3, 0x53, 0x00,
0x00, 0x00, 0xff, 0xff, 0xfe, 0x4f, 0xca, 0xea, 0xb5, 0x02, 0x00, 0x00,
}
......@@ -30,8 +30,8 @@ message Context {
bytes contractDocumentHash = 5;
/// The unique signature attemp ID, as provided by the platform during the ready signal
string signatureUUID = 6;
/// The signed metadata hashb, as provided by the platform during the ready signal
bytes signedHash = 7;
/// The signed metadata seal, as provided by the platform during the ready signal
bytes seal = 7;
}
message Promise {
......
......@@ -21,6 +21,7 @@ func (m *SignatureManager) createContext(from, to uint32) (*cAPI.Context, error)
Signers: m.keyHash,
ContractDocumentHash: []byte(m.contract.File.Hash),
SignatureUUID: m.uuid,
Seal: m.seal,
}, nil
}
......
......@@ -42,6 +42,7 @@ type SignatureManager struct {
keyHash [][]byte
mail string
archives *Archives
seal []byte
// Callbacks
OnSignerStatusUpdate func(mail string, status SignerStatus, data string)
......@@ -215,6 +216,7 @@ func (m *SignatureManager) SendReadySign() (signatureUUID string, err error) {
m.sequence = launch.Sequence
m.uuid = launch.SignatureUuid
m.keyHash = launch.KeyHash
m.seal = launch.Seal
signatureUUID = m.uuid
return
}
......
......@@ -265,8 +265,10 @@ type LaunchSignature struct {
KeyHash [][]byte `protobuf:"bytes,3,rep,name=keyHash,proto3" json:"keyHash,omitempty"`
// / The signing sequence generated on-the-fly by the platform
Sequence []uint32 `protobuf:"varint,4,rep,name=sequence" json:"sequence,omitempty"`
// / The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
Hash []byte `protobuf:"bytes,5,opt,name=hash,proto3" json:"hash,omitempty"`
// / The cryptographic object of the signature of this structure (hash and errorCode excepted) by the platform, for data certification.
// / The signature is computed using auth.SignStructure function:
// / PKCS1v15 + SHA512 hash of the string representation of the structure
Seal []byte `protobuf:"bytes,5,opt,name=seal,proto3" json:"seal,omitempty"`
}
func (m *LaunchSignature) Reset() { *m = LaunchSignature{} }
......@@ -616,7 +618,7 @@ var _Platform_serviceDesc = grpc.ServiceDesc{
}
var fileDescriptor0 = []byte{
// 706 bytes of a gzipped FileDescriptorProto
// 710 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x94, 0x55, 0x5f, 0x6f, 0x12, 0x4b,
0x14, 0x67, 0x81, 0x16, 0x38, 0x14, 0xba, 0x19, 0x7a, 0xef, 0xe5, 0x92, 0xd4, 0x34, 0x13, 0x13,
0x1b, 0x63, 0xa0, 0xc1, 0x44, 0xa3, 0x6f, 0x14, 0x49, 0x5b, 0x53, 0xb1, 0x19, 0x40, 0x13, 0xdf,
......@@ -651,15 +653,15 @@ var fileDescriptor0 = []byte{
0x1a, 0xb4, 0x46, 0xe4, 0x2a, 0x6b, 0xaf, 0x9c, 0x6b, 0xef, 0x19, 0xd8, 0x84, 0x3a, 0xde, 0x9d,
0xe2, 0xeb, 0x1e, 0x54, 0xe1, 0xef, 0x16, 0xec, 0x5f, 0x3a, 0xcb, 0xd0, 0x9d, 0x67, 0x4c, 0xdf,
0x93, 0x98, 0x87, 0xd0, 0xe0, 0xe6, 0x68, 0x8e, 0x99, 0x75, 0x67, 0xbe, 0x67, 0x35, 0x79, 0xb9,
0x9e, 0xe5, 0xb8, 0x72, 0x55, 0x70, 0xe8, 0x52, 0xd9, 0x51, 0x49, 0x76, 0x94, 0xd9, 0xd9, 0x78,
0xef, 0xac, 0xc6, 0xbb, 0xff, 0xad, 0x04, 0xd5, 0xab, 0xf4, 0x8d, 0x84, 0xfa, 0x50, 0x35, 0x8a,
0x42, 0x07, 0xba, 0xc6, 0x8d, 0xb7, 0x52, 0x67, 0xa3, 0x72, 0x5c, 0x40, 0x3d, 0x28, 0x2b, 0x01,
0x23, 0x5b, 0xef, 0xe4, 0xb4, 0xdc, 0x69, 0xad, 0x21, 0x24, 0x12, 0x95, 0x07, 0x1e, 0x03, 0xcc,
0x42, 0x66, 0xd2, 0x40, 0x02, 0xa8, 0x54, 0xb9, 0x05, 0xfc, 0x25, 0xec, 0xe5, 0x75, 0x8a, 0xda,
0x3a, 0x62, 0x8b, 0x74, 0xb7, 0x9c, 0x7d, 0x0e, 0xf5, 0x9c, 0xd4, 0xd0, 0x7f, 0x3a, 0xe0, 0x4f,
0xf1, 0x75, 0x1a, 0x7a, 0xc3, 0x78, 0xe5, 0xc1, 0x53, 0x68, 0xac, 0x69, 0x05, 0xfd, 0xaf, 0x23,
0xb6, 0xe9, 0xa7, 0x83, 0xb2, 0xa9, 0xcc, 0x94, 0x80, 0x0b, 0x27, 0x96, 0x2c, 0xbc, 0x96, 0x0d,
0x10, 0xfa, 0x27, 0x25, 0x62, 0x7d, 0xa0, 0x3a, 0x09, 0xc3, 0x1b, 0xe3, 0x82, 0x0b, 0x1f, 0x77,
0xf5, 0x87, 0xe1, 0xe9, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc5, 0x4c, 0xa0, 0x21, 0x39, 0x06,
0x00, 0x00,
0x9e, 0xe5, 0xb8, 0x72, 0x55, 0x70, 0xe8, 0x52, 0xd9, 0x51, 0x49, 0x76, 0x94, 0xd9, 0xaa, 0x53,
0x4e, 0x9d, 0x45, 0x7b, 0x27, 0x19, 0x0c, 0xb5, 0xee, 0x7f, 0x2b, 0x41, 0xf5, 0x2a, 0x7d, 0x23,
0xa1, 0x3e, 0x54, 0x8d, 0xa2, 0xd0, 0x81, 0xae, 0x71, 0xe3, 0xad, 0xd4, 0xd9, 0xa8, 0x1c, 0x17,
0x50, 0x0f, 0xca, 0x4a, 0xc0, 0xc8, 0xd6, 0x3b, 0x39, 0x2d, 0x77, 0x5a, 0x6b, 0x08, 0x89, 0x44,
0xe5, 0x81, 0xc7, 0x00, 0xb3, 0x90, 0x99, 0x34, 0x90, 0x00, 0x2a, 0x55, 0x6e, 0x01, 0x7f, 0x09,
0x7b, 0x79, 0x9d, 0xa2, 0xb6, 0x8e, 0xd8, 0x22, 0xdd, 0x2d, 0x67, 0x9f, 0x43, 0x3d, 0x27, 0x35,
0xf4, 0x9f, 0x0e, 0xf8, 0x53, 0x7c, 0x9d, 0x86, 0xde, 0x30, 0x5e, 0x79, 0xf0, 0x14, 0x1a, 0x6b,
0x5a, 0x41, 0xff, 0xeb, 0x88, 0x6d, 0xfa, 0xe9, 0xa0, 0x6c, 0x2a, 0x33, 0x25, 0xe0, 0xc2, 0x89,
0x25, 0x0b, 0xaf, 0x65, 0x03, 0x84, 0xfe, 0x49, 0x89, 0x58, 0x1f, 0xa8, 0x4e, 0xc2, 0xf0, 0xc6,
0xb8, 0xe0, 0xc2, 0xc7, 0x5d, 0xfd, 0x61, 0x78, 0xfa, 0x3b, 0x00, 0x00, 0xff, 0xff, 0xc9, 0x55,
0xd0, 0xdf, 0x39, 0x06, 0x00, 0x00,
}
......@@ -140,6 +140,8 @@ message LaunchSignature {
repeated bytes keyHash = 3;
/// The signing sequence generated on-the-fly by the platform
repeated uint32 sequence = 4;
/// The cryptographic object of the signature of this structure (hash excepted) by the platform, for data certification.
bytes hash = 5;
/// The cryptographic object of the signature of this structure (hash and errorCode excepted) by the platform, for data certification.
/// The signature is computed using auth.SignStructure function:
/// PKCS1v15 + SHA512 hash of the string representation of the structure
bytes seal = 5;
}
......@@ -5,8 +5,7 @@ import (
"fmt"
"os"
"github.com/spf13/viper"
"dfss/auth"
"dfss/dfssp/api"
"dfss/dfssp/authority"
"dfss/dfssp/common"
......@@ -14,7 +13,7 @@ import (
"dfss/dfssp/user"
"dfss/mgdb"
"dfss/net"
"github.com/spf13/viper"
"golang.org/x/net/context"
"google.golang.org/grpc"
)
......@@ -96,7 +95,20 @@ func (s *platformServer) ReadySign(ctx context.Context, in *api.ReadySignRequest
if len(cn) == 0 {
return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_BADAUTH}}, nil
}
return contract.ReadySign(s.DB, s.Rooms, &ctx, in), nil
signal := contract.ReadySign(s.DB, s.Rooms, &ctx, in)
if signal.ErrorCode.Code == api.ErrorCode_SUCCESS {
sealedSignal := *signal
sealedSignal.ErrorCode = nil
sealedSignal.Seal = nil
var err error
signal.Seal, err = auth.SignStructure(s.Pid.Pkey, sealedSignal)
if err != nil {
return &api.LaunchSignature{ErrorCode: &api.ErrorCode{Code: api.ErrorCode_INTERR}}, nil
}
}
return signal, nil
}
// GetServer returns the GRPC server associated with the platform
......
......@@ -29,7 +29,7 @@ func (manager *ArchivesManager) InitializeArchives(promise *cAPI.Promise, signat
present, archives := manager.ContainsSignature(signatureUUID)
if !present {
archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.SignedHash)
archives = NewSignatureArchives(signatureUUID, promise.Context.Sequence, *signers, promise.Context.ContractDocumentHash, promise.Context.Seal)
}
manager.Archives = archives
......
......@@ -23,7 +23,7 @@ var (
signatureUUID string
signatureUUIDBson bson.ObjectId
signedHash []byte
seal []byte
signersEntities []Signer
......@@ -48,7 +48,7 @@ func init() {
signatureUUIDBson = bson.NewObjectId()
signatureUUID = signatureUUIDBson.Hex()
signedHash = []byte{}
seal = []byte{}
signersEntities = make([]Signer, 0)
for _, s := range signers {
......@@ -85,15 +85,15 @@ func TestInitializeArchives(t *testing.T) {
Sequence: sequence,
Signers: signers,
SignatureUUID: signatureUUID,
SignedHash: signedHash,
Seal: seal,
},
}
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
}
arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
arch := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager.InitializeArchives(promise, signatureUUIDBson, &signersEntities)
arch.Signers = manager.Archives.Signers
......@@ -114,7 +114,7 @@ func TestInitializeArchives(t *testing.T) {
}
func TestContainsSignature(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -138,7 +138,7 @@ func TestContainsSignature(t *testing.T) {
}
func TestHasReceivedAbortToken(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -164,7 +164,7 @@ func TestHasReceivedAbortToken(t *testing.T) {
}
func TestWasContractSigned(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -182,7 +182,7 @@ func TestWasContractSigned(t *testing.T) {
}
func TestHasSignerPromised(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -226,7 +226,7 @@ func TestHasSignerPromised(t *testing.T) {
func TestAddToAbort(t *testing.T) {
// TODO
// Test the abortedIndex field, when promises will be implemented
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -258,7 +258,7 @@ func TestAddToAbort(t *testing.T) {
}
func TestAddToDishonest(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......@@ -290,7 +290,7 @@ func TestAddToDishonest(t *testing.T) {
}
func TestAddPromise(t *testing.T) {
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, signedHash)
archives := NewSignatureArchives(signatureUUIDBson, sequence, signersEntities, contractDocumentHash, seal)
manager := &ArchivesManager{
DB: dbManager,
Archives: archives,
......
package entities
import (
"dfss/dfssc/security"
)
// AuthContainer is global for performance reasons; singleton is not a problem.
// This variable should be loaded by dfsst/server package.
var AuthContainer *security.AuthContainer
......@@ -7,6 +7,7 @@ import (
"crypto/sha512"
"dfss/auth"
cAPI "dfss/dfssc/api"
pAPI "dfss/dfssp/api"
tAPI "dfss/dfsst/api"
"dfss/net"
"golang.org/x/net/context"
......@@ -68,7 +69,7 @@ func IsPromiseSignedByPlatform(promise *cAPI.Promise) (bool, bson.ObjectId, []Si
return false, signatureUUID, nil
}
ok = IsPlatformSignedHashValid(promise)
ok = IsPlatformSealValid(promise)
if !ok {
return false, signatureUUID, nil
}
......@@ -137,9 +138,18 @@ func IsSignerHashValid(hash []byte) (bool, *Signer) {
return true, NewSigner(hash)
}
// IsPlatformSignedHashValid : verifies that the specified promise contains the expected information signed by the platform.
func IsPlatformSignedHashValid(promise *cAPI.Promise) bool {
// TODO
// This requires the implementation of promise sending by the clients
return true
// IsPlatformSealValid : verifies that the specified promise contains the expected information signed by the platform.
func IsPlatformSealValid(promise *cAPI.Promise) bool {
if AuthContainer == nil {
return false
}
theoric := pAPI.LaunchSignature{
SignatureUuid: promise.Context.SignatureUUID,
KeyHash: promise.Context.Signers,
Sequence: promise.Context.Sequence,
}
ok, _ := auth.VerifyStructure(AuthContainer.CA, theoric, promise.Context.Seal)
return ok
}
......@@ -32,13 +32,10 @@ func TestIsPromiseSignedByPlatform(t *testing.T) {
valid, sigID, _ = IsPromiseSignedByPlatform(promise)
assert.Equal(t, valid, false)
// TODO
// when 'IsPlatformSignedHashValid' is implemented
promise.Context.Signers = signers
valid, sigID, signerss := IsPromiseSignedByPlatform(promise)
assert.Equal(t, valid, true)
valid, sigID, _ = IsPromiseSignedByPlatform(promise)
assert.Equal(t, valid, false)
assert.Equal(t, sigID, signatureUUIDBson)
assert.Equal(t, len(signerss), len(signers))
}
func TestGetSenderHashFromContext(t *testing.T) {
......@@ -114,18 +111,17 @@ func TestIsSignerHashValid(t *testing.T) {
assert.Equal(t, bytes.Equal(signer.Hash, signers[0]), true)
}
// TO MODIFY WHEN SOURCE FUNCTION WILL BE UPDATED
func TestIsPlatformSignedHashValid(t *testing.T) {
func TestIsPlatformSealValid(t *testing.T) {
promise := &cAPI.Promise{
Context: &cAPI.Context{
ContractDocumentHash: contractDocumentHash,
Sequence: sequence,
Signers: signers,
SignatureUUID: signatureUUID,
SignedHash: signedHash,
Seal: seal,
},
}
b := IsPlatformSignedHashValid(promise)
assert.Equal(t, b, true)
b := IsPlatformSealValid(promise)
assert.Equal(t, b, false)
}
......@@ -24,10 +24,10 @@ func NewSigner(hash []byte) *Signer {
type SignatureArchives struct {
ID bson.ObjectId `key:"_id" bson:"_id"` // Internal id of a SignatureArchives - The unique signature identifier
Sequence []uint32 `key:"sequence" bson:"sequence"` // Signing sequence
Signers []Signer `key:"signers" bson:"signers"` // List of signers
TextHash []byte `key:"textHash" bson:"textHash"` // Small hash of the contract
SignedHash []byte `key:"signedHash" bson:"SignedHash"` // Hash of the above fields, signed by the platform
Sequence []uint32 `key:"sequence" bson:"sequence"` // Signing sequence
Signers []Signer `key:"signers" bson:"signers"` // List of signers
TextHash []byte `key:"textHash" bson:"textHash"` // Small hash of the contract
Seal []byte `key:"seal" bson:"seal"` // Seal provided by the platform to authentify the context
ReceivedPromises []Promise `key:"receivedPromises" bson:"receivedPromises"` // All valid received promises
AbortedSigners []AbortedSigner `key:"abortedSigners" bson:"abortedSigners"` // Signers that were sent an abort token
......@@ -37,14 +37,14 @@ type SignatureArchives struct {
}
// NewSignatureArchives : creates a new SignatureArchives with the specified parameters
func NewSignatureArchives(signatureUUID bson.ObjectId, sequence []uint32, signers []Signer, textHash, signedHash []byte) *SignatureArchives {
func NewSignatureArchives(signatureUUID bson.ObjectId, sequence []uint32, signers []Signer, textHash, seal []byte) *SignatureArchives {
return &SignatureArchives{
ID: signatureUUID,
Sequence: sequence,
Signers: signers,
TextHash: textHash,
SignedHash: signedHash,
Sequence: sequence,
Signers: signers,
TextHash: textHash,
Seal: seal,
ReceivedPromises: make([]Promise, 0),
AbortedSigners: make([]AbortedSigner, 0),
......
......@@ -13,7 +13,6 @@ import (
"dfss/dfsst/resolve"
"dfss/mgdb"
"dfss/net"
"github.com/spf13/viper"
"golang.org/x/net/context"
"google.golang.org/grpc"
......@@ -181,8 +180,8 @@ func (server *ttpServer) Recover(ctx context.Context, in *tAPI.RecoverRequest) (
// GetServer returns the gRPC server.
func GetServer() *grpc.Server {
// We can do that because NewAuthContainer is looking for "file_ca", "file_cert", and "file_key" in viper, which are set by the TTP
auth := security.NewAuthContainer(viper.GetString("password"))
ca, cert, key, err := auth.LoadFiles()
entities.AuthContainer = security.NewAuthContainer(viper.GetString("password"))
ca, cert, key, err := entities.AuthContainer.LoadFiles()
if err != nil {
fmt.Fprintln(os.Stderr, "An error occured during the private key and certificates retrieval:", err)
os.Exit(1)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment