// SignatureRequest treats external request to this service. func (cs *CoSi) SignatureRequest(req *SignatureRequest) (network.Body, onet.ClientError) { if req.Roster.ID == onet.RosterID(uuid.Nil) { req.Roster.ID = onet.RosterID(uuid.NewV4()) } tree := req.Roster.GenerateBinaryTree() tni := cs.NewTreeNodeInstance(tree, tree.Root, cosi.Name) pi, err := cosi.NewProtocol(tni) if err != nil { return nil, onet.NewClientErrorCode(4100, "Couldn't make new protocol: "+err.Error()) } cs.RegisterProtocolInstance(pi) pcosi := pi.(*cosi.CoSi) pcosi.SigningMessage(req.Message) h, err := crypto.HashBytes(network.Suite.Hash(), req.Message) if err != nil { return nil, onet.NewClientErrorCode(4101, "Couldn't hash message: "+err.Error()) } response := make(chan []byte) pcosi.RegisterSignatureHook(func(sig []byte) { response <- sig }) log.Lvl3("Cosi Service starting up root protocol") go pi.Dispatch() go pi.Start() sig := <-response if log.DebugVisible() > 1 { fmt.Printf("%s: Signed a message.\n", time.Now().Format("Mon Jan 2 15:04:05 -0700 MST 2006")) } return &SignatureResponse{ Hash: h, Signature: sig, }, nil }
func verifySignatureHash(b []byte, sig *s.SignatureResponse, el *onet.Roster) error { // We have to hash twice, as the hash in the signature is the hash of the // message sent to be signed publics := entityListToPublics(el) fHash, _ := crypto.HashBytes(network.Suite.Hash(), b) hashHash, _ := crypto.HashBytes(network.Suite.Hash(), fHash) if !bytes.Equal(hashHash, sig.Hash) { return errors.New("You are trying to verify a signature " + "belonging to another file. (The hash provided by the signature " + "doesn't match with the hash of the file.)") } if err := cosi.VerifySignature(network.Suite, publics, fHash, sig.Signature); err != nil { return errors.New("Invalid sig:" + err.Error()) } return nil }
func verifyMessage(suite abstract.Suite, m interface{}, hash1 []byte) error { // Make a copy of the signature x := reflect.ValueOf(m).Elem().FieldByName("Sig") sig := reflect.New(x.Type()).Elem() sig.Set(x) // Reset signature field reflect.ValueOf(m).Elem().FieldByName("Sig").Set(reflect.ValueOf(crypto.SchnorrSig{})) // XXX: hack // Marshal ... mb, err := network.MarshalRegisteredType(m) if err != nil { return err } // ... and hash message hash2, err := crypto.HashBytes(suite.Hash(), mb) if err != nil { return err } // Copy back original signature reflect.ValueOf(m).Elem().FieldByName("Sig").Set(sig) // XXX: hack // Compare hashes if !bytes.Equal(hash1, hash2) { return errors.New("Message has a different hash than the given one") } return nil }
func (rh *RandHound) handleI1(i1 WI1) error { msg := &i1.I1 // Compute hash of the client's message msg.Sig = crypto.SchnorrSig{} // XXX: hack i1b, err := network.MarshalRegisteredType(msg) if err != nil { return err } hi1, err := crypto.HashBytes(rh.Suite().Hash(), i1b) if err != nil { return err } // Find out the server's index (we assume servers are stateless) idx := 0 for i, j := range msg.Group { if msg.Key[i].Equal(rh.Public()) { idx = int(j) break } } // Init PVSS and create shares H, _ := rh.Suite().Point().Pick(nil, rh.Suite().Cipher(msg.SID)) pvss := NewPVSS(rh.Suite(), H, msg.Threshold) idxShare, encShare, encProof, pb, err := pvss.Split(msg.Key, nil) if err != nil { return err } share := make([]Share, len(encShare)) for i := 0; i < len(encShare); i++ { share[i] = Share{ Source: idx, Target: int(msg.Group[i]), Pos: idxShare[i], Val: encShare[i], Proof: encProof[i], } } r1 := &R1{ HI1: hi1, EncShare: share, CommitPoly: pb, } // Sign R1 and store signature in R1.Sig if err := signSchnorr(rh.Suite(), rh.Private(), r1); err != nil { return err } return rh.SendTo(rh.Root(), r1) }
// addSliceToHash hashes the whole SkipBlockFix plus a slice of bytes. // This is used func (sbf *SkipBlockFix) calculateHash() SkipBlockID { b, err := network.MarshalRegisteredType(sbf) if err != nil { log.Panic("Couldn't marshal SkipBlockFix:", err) } h, err := crypto.HashBytes(network.Suite.Hash(), b) if err != nil { log.Panic("Couldn't hash SkipBlockFix:", err) } return h }
func (rh *RandHound) sessionID(nodes int, faulty int, purpose string, time time.Time, rand []byte, threshold []int, clientKey abstract.Point, serverKey [][]abstract.Point) ([]byte, error) { buf := new(bytes.Buffer) if len(threshold) != len(serverKey) { return nil, fmt.Errorf("Non-matching number of group thresholds and keys") } if err := binary.Write(buf, binary.LittleEndian, uint32(nodes)); err != nil { return nil, err } if err := binary.Write(buf, binary.LittleEndian, uint32(faulty)); err != nil { return nil, err } if _, err := buf.WriteString(purpose); err != nil { return nil, err } t, err := time.MarshalBinary() if err != nil { return nil, err } if _, err := buf.Write(t); err != nil { return nil, err } if _, err := buf.Write(rand); err != nil { return nil, err } cb, err := clientKey.MarshalBinary() if err != nil { return nil, err } if _, err := buf.Write(cb); err != nil { return nil, err } for _, t := range threshold { if err := binary.Write(buf, binary.LittleEndian, uint32(t)); err != nil { return nil, err } } for _, gk := range serverKey { for _, k := range gk { kb, err := k.MarshalBinary() if err != nil { return nil, err } if _, err := buf.Write(kb); err != nil { return nil, err } } } return crypto.HashBytes(rh.Suite().Hash(), buf.Bytes()) }
func (rh *RandHound) handleI2(i2 WI2) error { msg := &i2.I2 // Compute hash of the client's message msg.Sig = crypto.SchnorrSig{} // XXX: hack i2b, err := network.MarshalRegisteredType(msg) if err != nil { return err } hi2, err := crypto.HashBytes(rh.Suite().Hash(), i2b) if err != nil { return err } // Prepare data n := len(msg.EncShare) X := make([]abstract.Point, n) encShare := make([]abstract.Point, n) encProof := make([]ProofCore, n) for i := 0; i < n; i++ { X[i] = rh.Public() encShare[i] = msg.EncShare[i].Val encProof[i] = msg.EncShare[i].Proof } // Init PVSS and verify encryption consistency proof H, _ := rh.Suite().Point().Pick(nil, rh.Suite().Cipher(msg.SID)) pvss := NewPVSS(rh.Suite(), H, 0) good, bad, err := pvss.Verify(H, X, msg.PolyCommit, encShare, encProof) if err != nil { return err } // Remove bad shares for i := len(bad) - 1; i >= 0; i-- { j := bad[i] encShare = append(encShare[:j], encShare[j+1:]...) } // Decrypt good shares decShare, decProof, err := pvss.Reveal(rh.Private(), encShare) if err != nil { return err } share := make([]Share, len(encShare)) for i := 0; i < len(encShare); i++ { X[i] = rh.Public() j := good[i] share[i] = Share{ Source: msg.EncShare[j].Source, Target: msg.EncShare[j].Target, Pos: msg.EncShare[j].Pos, Val: decShare[i], Proof: decProof[i], } } r2 := &R2{ HI2: hi2, DecShare: share, } // Sign R2 and store signature in R2.Sig if err := signSchnorr(rh.Suite(), rh.Private(), r2); err != nil { return err } return rh.SendTo(rh.Root(), r2) }