/* Verifies that a PolicyApproveMessage has been properly constructed.
*
* Arguments:
* su = the suite that the insurer's public key was derived from.
* insuredKey = the public key of the insured or the client
* insurerKey = the public key of the insurer or "trustee"
*
* Returns:
* whether or not the message is valid.
*/
func (msg *PolicyApprovedMessage) verifyCertificate(su abstract.Suite,
insuredKey abstract.Point) bool {
set := anon.Set{msg.PubKey}
_, err := anon.Verify(su, msg.Message, set, nil, msg.Signature)
correctMsg := msg.PubKey.String() + " insures " + insuredKey.String()
return err == nil && correctMsg == string(msg.Message)
}
// verifyHost will anaylze the systempacket information and verify the signature
// It will return a ACK properly initialized with the right codes in it.
func verifyHost(pubKeyFile string) (net.Conn, Ack) {
// get the right public key
pub, host, err := cliutils.ReadPubKey(suite, pubKeyFile)
if err != nil {
dbg.Fatal("Could not read the public key from the file:", err)
}
dbg.Lvl1("Public key file read")
// Then get a connection
conn, err := net.Dial("tcp", host)
if err != nil {
dbg.Fatal("Error when getting the connection to the host:", err)
}
dbg.Lvl1("Verifier connected to the host. Validation in progress...")
// Get the system packet message
var sys SystemPacket
if err = suite.Read(conn, &sys); err != nil {
dbg.Fatal("Error when reading the system packet message from host:", err)
}
// Get the signature length first
var length int
if err := suite.Read(conn, &length); err != nil {
dbg.Fatal("Could not read length of the signature ...")
}
// Get the signature
sig := make([]byte, length)
if err := suite.Read(conn, &sig); err != nil {
dbg.Fatal("Error reading the signature:", err)
}
// First, encode the sys packet
var b bytes.Buffer
if err := suite.Write(&b, sys); err != nil {
dbg.Fatal("Error when encoding the syspacket to be verified:", err)
}
X := make([]abstract.Point, 1)
X[0] = pub
// Verify signature
var ack Ack
ack.Type = TYPE_SYS
ack.Code = SYS_EXIT
if _, err := anon.Verify(suite, b.Bytes(), anon.Set(X), nil, sig); err != nil {
// Wrong signature
ack.Code = SYS_WRONG_SIG
dbg.Lvl1("WARNING: signature provided is wrong.")
} else {
// verfiy SystemPacket itself
ack.Code = SYS_OK
dbg.Lvl1("Host's signature verified and system seems healty. OK")
}
return conn, ack
}
/* An internal helper function, verifies a signature is from a given insurer.
*
* Arguments
* i = the index of the insurer in the insurers list
* sig = the signature object containing the signature
* msg = the message that was signed
*
* Return
* an error if the signature is malformed, nil otherwise.
*/
func (p *Deal) verifySignature(i int, sig *signature, msg []byte) error {
if i < 0 || i >= p.n {
return errors.New("Invalid index. Expected 0 <= i < n")
}
if sig.signature == nil {
return errors.New("Nil signature")
}
set := anon.Set{p.insurers[i]}
_, err := anon.Verify(sig.suite, msg, set, nil, sig.signature)
return err
}
func (s *shuffler) getSignOffs(state *stateVector) error {
replies := make(chan *signature)
for i := 1; i < s.N; i++ {
go func(id int) {
port := 8080 + (id % s.N)
addr := fmt.Sprintf("localhost:%d", port)
rwc, err := net.Dial("tcp", addr)
if err != nil {
replies <- nil
return
}
defer rwc.Close()
bc := &ByteConn{rwc, make([]byte, 1)}
if err = protobuf.Write(bc, state); err != nil {
replies <- nil
return
}
rwc.(*net.TCPConn).CloseWrite()
var sig signature
if err = protobuf.Read(bc, &sig); err != nil {
replies <- nil
return
}
replies <- &sig
}(i)
}
sigs := make([][]byte, s.N)
sig, err := s.signStateVector(state)
if err != nil {
return err
}
sigs[0] = sig
for i := 0; i < s.N-1; i++ {
reply := <-replies
if reply != nil {
X := s.HH[reply.Id]
bytes, _ := protobuf.Encode(state)
_, err := anon.Verify(s.suite, bytes, anon.Set{X}, nil, reply.S)
if err != nil {
return err
}
sigs[reply.Id] = reply.S
}
}
fmt.Println("Got all signatures.")
return s.checkKeys(state.States[len(state.States)-1])
}
