Example #1
0
// CreateIdentity will register a new SkipChain and add it to our list of
// managed identities.
func (s *Service) CreateIdentity(ai *CreateIdentity) (network.Body, onet.ClientError) {
	log.Lvlf3("%s Creating new identity with config %+v", s, ai.Config)
	ids := &Storage{
		Latest: ai.Config,
	}
	log.Lvl3("Creating Root-skipchain")
	var cerr onet.ClientError
	ids.Root, cerr = s.skipchain.CreateRoster(ai.Roster, 2, 10,
		skipchain.VerifyNone, nil)
	if cerr != nil {
		return nil, cerr
	}
	log.Lvl3("Creating Data-skipchain")
	ids.Root, ids.Data, cerr = s.skipchain.CreateData(ids.Root, 2, 10,
		skipchain.VerifyNone, ai.Config)
	if cerr != nil {
		return nil, cerr
	}

	roster := ids.Root.Roster
	replies, err := s.propagateIdentity(roster, &PropagateIdentity{ids}, propagateTimeout)
	if err != nil {
		return nil, onet.NewClientErrorCode(ErrorOnet, err.Error())
	}
	if replies != len(roster.List) {
		log.Warn("Did only get", replies, "out of", len(roster.List))
	}
	log.Lvlf2("New chain is\n%x", []byte(ids.Data.Hash))
	s.save()

	return &CreateIdentityReply{
		Root: ids.Root,
		Data: ids.Data,
	}, nil
}
Example #2
0
func TestService_SetChildrenSkipBlock(t *testing.T) {
	// How many nodes in Root
	nodesRoot := 3

	local := onet.NewLocalTest()
	defer local.CloseAll()
	hosts, el, genService := local.MakeHELS(nodesRoot, skipchainSID)
	service := genService.(*Service)

	// Setting up two chains and linking one to the other
	sbRoot, err := makeGenesisRoster(service, el)
	log.ErrFatal(err)
	sbInter, err := makeGenesisRosterArgs(service, el, sbRoot.Hash, VerifyNone, 1, 1)
	log.ErrFatal(err)
	scsb := &SetChildrenSkipBlock{sbRoot.Hash, sbInter.Hash}
	service.SetChildrenSkipBlock(scsb)
	// Verifying other nodes also got the updated chains
	// Check for the root-chain
	for i, h := range hosts {
		log.Lvlf2("%x", skipchainSID)
		s := local.Services[h.ServerIdentity.ID][skipchainSID].(*Service)
		m, err := s.GetUpdateChain(&GetUpdateChain{sbRoot.Hash})
		log.ErrFatal(err, "Failed in iteration="+strconv.Itoa(i)+":")
		sb := m.(*GetUpdateChainReply)
		log.Lvl2(s.Context)
		if len(sb.Update) != 1 {
			// we expect only the first block
			t.Fatal("There should be only 1 SkipBlock in the update")
		}
		link := sb.Update[0].ChildSL
		if !bytes.Equal(link.Hash, sbInter.Hash) {
			t.Fatal("The child-link doesn't point to our intermediate SkipBlock", i)
		}
		// We need to verify the signature on the child-link, too. This
		// has to be signed by the collective signature of sbRoot.
		if cerr := sbRoot.VerifySignatures(); cerr != nil {
			t.Fatal("Signature on child-link is not valid")
		}
	}

	// And check for the intermediate-chain to be updated
	for _, h := range hosts {
		s := local.Services[h.ServerIdentity.ID][skipchainSID].(*Service)

		m, cerr := s.GetUpdateChain(&GetUpdateChain{sbInter.Hash})
		sb := m.(*GetUpdateChainReply)

		log.ErrFatal(cerr)
		if len(sb.Update) != 1 {
			t.Fatal("There should be only 1 SkipBlock in the update")
		}
		if !bytes.Equal(sb.Update[0].ParentBlockID, sbRoot.Hash) {
			t.Fatal("The intermediate SkipBlock doesn't point to the root")
		}
		if err := sb.Update[0].VerifySignatures(); err != nil {
			t.Fatal("Signature of that SkipBlock doesn't fit")
		}
	}
}
Example #3
0
// bftVerify takes a message and verifies it's valid
func (s *Service) bftVerify(msg []byte, data []byte) bool {
	log.Lvlf4("%s verifying block %x", s.ServerIdentity(), msg)
	s.testVerify = true
	_, sbN, err := network.UnmarshalRegistered(data)
	if err != nil {
		log.Error("Couldn't unmarshal SkipBlock", data)
		return false
	}
	sb := sbN.(*SkipBlock)
	if !sb.Hash.Equal(SkipBlockID(msg)) {
		log.Lvlf2("Data skipBlock different from msg %x %x", msg, sb.Hash)
		return false
	}

	f, ok := s.verifiers[sb.VerifierID]
	if !ok {
		log.Lvlf2("Found no user verification for %x", sb.VerifierID)
		return false
	}
	return f(msg, sb)
}
Example #4
0
// writes the ssh-keys to an 'authorized_keys'-file
func (cfg *ciscConfig) writeAuthorizedKeys(c *cli.Context) {
	var keys []string
	dir, _ := sshDirConfig(c)
	authFile := dir + "/authorized_keys"
	// Make backup
	b, err := ioutil.ReadFile(authFile)
	if err == nil {
		err = ioutil.WriteFile(authFile+".back", b, 0600)
		log.ErrFatal(err)
	}
	log.Info("Made a backup of your", authFile, "before creating new one.")
	for _, f := range cfg.Follow {
		log.Lvlf2("Parsing IC %x", f.ID)
		for _, s := range f.Config.GetIntermediateColumn("ssh", f.DeviceName) {
			pub := f.Config.GetValue("ssh", s, f.DeviceName)
			log.Lvlf2("Value of %s is %s", s, pub)
			log.Info("Writing key for", s, "to authorized_keys")
			keys = append(keys, pub+" "+s+"@"+f.DeviceName)
		}
	}
	err = ioutil.WriteFile(authFile,
		[]byte(strings.Join(keys, "\n")), 0600)
	log.ErrFatal(err)
}
Example #5
0
// Verify-function that will refuse for all calls >= `refuseCount`.
func verifyRefuseMore(m []byte, d []byte) bool {
	c, err := strconv.Atoi(string(d))
	log.ErrFatal(err)
	counter := counters.get(c)
	counter.Lock()
	defer counter.Unlock()
	counter.veriCount++
	if counter.veriCount <= counter.refuseCount {
		log.Lvlf2("Refusing for %d<=%d", counter.veriCount,
			counter.refuseCount)
		return false
	}
	log.Lvl3("Verification called", counter.veriCount, "times")
	log.Lvl3("Ignoring message:", string(m))
	if len(d) == 0 {
		log.Error("Didn't receive correct data")
		return false
	}
	return true
}
Example #6
0
// Verify checks a given collective random string against a protocol transcript.
func (rh *RandHound) Verify(suite abstract.Suite, random []byte, t *Transcript) error {

	rh.mutex.Lock()
	defer rh.mutex.Unlock()

	// Verify SID
	sid, err := rh.sessionID(t.Nodes, t.Faulty, t.Purpose, t.Time, t.CliRand, t.Threshold, t.CliKey, t.Key)
	if err != nil {
		return err
	}

	if !bytes.Equal(t.SID, sid) {
		return fmt.Errorf("Wrong session identifier")
	}

	// Verify I1 signatures
	for _, i1 := range t.I1s {
		if err := verifySchnorr(suite, t.CliKey, i1); err != nil {
			return err
		}
	}

	// Verify R1 signatures
	for src, r1 := range t.R1s {
		var key abstract.Point
		for i := range t.Group {
			for j := range t.Group[i] {
				if src == t.Group[i][j] {
					key = t.Key[i][j]
				}
			}
		}
		if err := verifySchnorr(suite, key, r1); err != nil {
			return err
		}
	}

	// Verify I2 signatures
	for _, i2 := range t.I2s {
		if err := verifySchnorr(suite, t.CliKey, i2); err != nil {
			return err
		}
	}

	// Verify R2 signatures
	for src, r2 := range t.R2s {
		var key abstract.Point
		for i := range t.Group {
			for j := range t.Group[i] {
				if src == t.Group[i][j] {
					key = t.Key[i][j]
				}
			}
		}
		if err := verifySchnorr(suite, key, r2); err != nil {
			return err
		}
	}

	// Verify message hashes HI1 and HI2; it is okay if some messages are
	// missing as long as there are enough to reconstruct the chosen secrets
	for i, msg := range t.I1s {
		for _, j := range t.Group[i] {
			if _, ok := t.R1s[j]; ok {
				if err := verifyMessage(suite, msg, t.R1s[j].HI1); err != nil {
					return err
				}
			} else {
				log.Lvlf2("Couldn't find R1 message of server %v", j)
			}
		}
	}

	for i, msg := range t.I2s {
		if _, ok := t.R2s[i]; ok {
			if err := verifyMessage(suite, msg, t.R2s[i].HI2); err != nil {
				return err
			}
		} else {
			log.Lvlf2("Couldn't find R2 message of server %v", i)
		}
	}

	// Verify that all servers received the same client commitment
	for server, msg := range t.I2s {
		for i := range msg.ChosenSecret {
			for j := range msg.ChosenSecret[i] {
				if int(msg.ChosenSecret[i][j]) != t.ChosenSecret[i][j] {
					return fmt.Errorf("Server %v received wrong client commitment", server)
				}
			}
		}
	}

	H, _ := suite.Point().Pick(nil, suite.Cipher(t.SID))
	rnd := suite.Point().Null()
	for i, group := range t.ChosenSecret {

		for _, src := range group {

			var poly [][]byte
			var encPos []int
			var encShare []abstract.Point
			var encProof []ProofCore
			var X []abstract.Point

			var decPos []int
			var decShare []abstract.Point
			var decProof []ProofCore

			// All R1 messages of the chosen secrets should be there
			if _, ok := t.R1s[src]; !ok {
				return errors.New("R1 message not found")
			}
			r1 := t.R1s[src]

			for j := 0; j < len(r1.EncShare); j++ {

				// Check availability of corresponding R2 messages, skip if not there
				target := r1.EncShare[j].Target
				if _, ok := t.R2s[target]; !ok {
					continue
				}

				// Gather data on encrypted shares
				poly = append(poly, r1.CommitPoly)
				encPos = append(encPos, r1.EncShare[j].Pos)
				encShare = append(encShare, r1.EncShare[j].Val)
				encProof = append(encProof, r1.EncShare[j].Proof)
				X = append(X, t.Key[i][r1.EncShare[j].Pos])

				// Gather data on decrypted shares
				r2 := t.R2s[target]
				for k := 0; k < len(r2.DecShare); k++ {
					if r2.DecShare[k].Source == src {
						decPos = append(decPos, r2.DecShare[k].Pos)
						decShare = append(decShare, r2.DecShare[k].Val)
						decProof = append(decProof, r2.DecShare[k].Proof)
					}
				}
			}

			// Remove encrypted shares that do not have a corresponding decrypted share
			j := 0
			for j < len(decPos) {
				if encPos[j] != decPos[j] {
					poly = append(poly[:j], poly[j+1:]...)
					encPos = append(encPos[:j], encPos[j+1:]...)
					encShare = append(encShare[:j], encShare[j+1:]...)
					encProof = append(encProof[:j], encProof[j+1:]...)
					X = append(X[:j], X[j+1:]...)
				} else {
					j++
				}
			}
			// If all of the first values where equal remove trailing data on encrypted shares
			if len(decPos) < len(encPos) {
				l := len(decPos)
				poly = poly[:l]
				encPos = encPos[:l]
				encShare = encShare[:l]
				encProof = encProof[:l]
				X = X[:l]
			}

			pvss := NewPVSS(suite, H, t.Threshold[i])

			// Recover polynomial commits
			polyCommit, err := pvss.Commits(poly, encPos)
			if err != nil {
				return err
			}

			// Check encryption consistency proofs
			goodEnc, badEnc, err := pvss.Verify(H, X, polyCommit, encShare, encProof)
			if err != nil {
				return err
			}
			_ = goodEnc
			_ = badEnc

			// Remove bad values
			for j := len(badEnc) - 1; j >= 0; j-- {
				k := badEnc[j]
				X = append(X[:k], X[k+1:]...)
				encShare = append(encShare[:k], encShare[k+1:]...)
				decShare = append(decShare[:k], decShare[k+1:]...)
				decProof = append(decProof[:k], decProof[k+1:]...)
			}

			// Check decryption consistency proofs
			goodDec, badDec, err := pvss.Verify(suite.Point().Base(), decShare, X, encShare, decProof)
			if err != nil {
				return err
			}
			_ = goodDec
			_ = badDec

			// Remove bad shares
			for j := len(badDec) - 1; j >= 0; j-- {
				k := badDec[j]
				decPos = append(decPos[:k], decPos[k+1:]...)
				decShare = append(decShare[:k], decShare[k+1:]...)
			}

			// Recover secret and add it to the collective random point
			ps, err := pvss.Recover(decPos, decShare, len(t.Group[i]))
			if err != nil {
				return err
			}
			rnd = rh.Suite().Point().Add(rnd, ps)
		}
	}

	rb, err := rnd.MarshalBinary()
	if err != nil {
		return err
	}

	if !bytes.Equal(random, rb) {
		return errors.New("Bad randomness")
	}

	return nil
}
Example #7
0
// SigningMessage simply set the message to sign for this round
func (c *CoSi) SigningMessage(msg []byte) {
	c.Message = msg
	log.Lvlf2("%s Root will sign message %x", c.Name(), c.Message)
}