// CreateIdentity will register a new SkipChain and add it to our list of
// managed identities.
func (s *Service) CreateIdentity(ai *CreateIdentity) (network.Body, onet.ClientError) {
log.Lvlf3("%s Creating new identity with config %+v", s, ai.Config)
ids := &Storage{
Latest: ai.Config,
}
log.Lvl3("Creating Root-skipchain")
var cerr onet.ClientError
ids.Root, cerr = s.skipchain.CreateRoster(ai.Roster, 2, 10,
skipchain.VerifyNone, nil)
if cerr != nil {
return nil, cerr
}
log.Lvl3("Creating Data-skipchain")
ids.Root, ids.Data, cerr = s.skipchain.CreateData(ids.Root, 2, 10,
skipchain.VerifyNone, ai.Config)
if cerr != nil {
return nil, cerr
}
roster := ids.Root.Roster
replies, err := s.propagateIdentity(roster, &PropagateIdentity{ids}, propagateTimeout)
if err != nil {
return nil, onet.NewClientErrorCode(ErrorOnet, err.Error())
}
if replies != len(roster.List) {
log.Warn("Did only get", replies, "out of", len(roster.List))
}
log.Lvlf2("New chain is\n%x", []byte(ids.Data.Hash))
s.save()
return &CreateIdentityReply{
Root: ids.Root,
Data: ids.Data,
}, nil
}
func TestService_SetChildrenSkipBlock(t *testing.T) {
// How many nodes in Root
nodesRoot := 3
local := onet.NewLocalTest()
defer local.CloseAll()
hosts, el, genService := local.MakeHELS(nodesRoot, skipchainSID)
service := genService.(*Service)
// Setting up two chains and linking one to the other
sbRoot, err := makeGenesisRoster(service, el)
log.ErrFatal(err)
sbInter, err := makeGenesisRosterArgs(service, el, sbRoot.Hash, VerifyNone, 1, 1)
log.ErrFatal(err)
scsb := &SetChildrenSkipBlock{sbRoot.Hash, sbInter.Hash}
service.SetChildrenSkipBlock(scsb)
// Verifying other nodes also got the updated chains
// Check for the root-chain
for i, h := range hosts {
log.Lvlf2("%x", skipchainSID)
s := local.Services[h.ServerIdentity.ID][skipchainSID].(*Service)
m, err := s.GetUpdateChain(&GetUpdateChain{sbRoot.Hash})
log.ErrFatal(err, "Failed in iteration="+strconv.Itoa(i)+":")
sb := m.(*GetUpdateChainReply)
log.Lvl2(s.Context)
if len(sb.Update) != 1 {
// we expect only the first block
t.Fatal("There should be only 1 SkipBlock in the update")
}
link := sb.Update[0].ChildSL
if !bytes.Equal(link.Hash, sbInter.Hash) {
t.Fatal("The child-link doesn't point to our intermediate SkipBlock", i)
}
// We need to verify the signature on the child-link, too. This
// has to be signed by the collective signature of sbRoot.
if cerr := sbRoot.VerifySignatures(); cerr != nil {
t.Fatal("Signature on child-link is not valid")
}
}
// And check for the intermediate-chain to be updated
for _, h := range hosts {
s := local.Services[h.ServerIdentity.ID][skipchainSID].(*Service)
m, cerr := s.GetUpdateChain(&GetUpdateChain{sbInter.Hash})
sb := m.(*GetUpdateChainReply)
log.ErrFatal(cerr)
if len(sb.Update) != 1 {
t.Fatal("There should be only 1 SkipBlock in the update")
}
if !bytes.Equal(sb.Update[0].ParentBlockID, sbRoot.Hash) {
t.Fatal("The intermediate SkipBlock doesn't point to the root")
}
if err := sb.Update[0].VerifySignatures(); err != nil {
t.Fatal("Signature of that SkipBlock doesn't fit")
}
}
}
// bftVerify takes a message and verifies it's valid
func (s *Service) bftVerify(msg []byte, data []byte) bool {
log.Lvlf4("%s verifying block %x", s.ServerIdentity(), msg)
s.testVerify = true
_, sbN, err := network.UnmarshalRegistered(data)
if err != nil {
log.Error("Couldn't unmarshal SkipBlock", data)
return false
}
sb := sbN.(*SkipBlock)
if !sb.Hash.Equal(SkipBlockID(msg)) {
log.Lvlf2("Data skipBlock different from msg %x %x", msg, sb.Hash)
return false
}
f, ok := s.verifiers[sb.VerifierID]
if !ok {
log.Lvlf2("Found no user verification for %x", sb.VerifierID)
return false
}
return f(msg, sb)
}
// writes the ssh-keys to an 'authorized_keys'-file
func (cfg *ciscConfig) writeAuthorizedKeys(c *cli.Context) {
var keys []string
dir, _ := sshDirConfig(c)
authFile := dir + "/authorized_keys"
// Make backup
b, err := ioutil.ReadFile(authFile)
if err == nil {
err = ioutil.WriteFile(authFile+".back", b, 0600)
log.ErrFatal(err)
}
log.Info("Made a backup of your", authFile, "before creating new one.")
for _, f := range cfg.Follow {
log.Lvlf2("Parsing IC %x", f.ID)
for _, s := range f.Config.GetIntermediateColumn("ssh", f.DeviceName) {
pub := f.Config.GetValue("ssh", s, f.DeviceName)
log.Lvlf2("Value of %s is %s", s, pub)
log.Info("Writing key for", s, "to authorized_keys")
keys = append(keys, pub+" "+s+"@"+f.DeviceName)
}
}
err = ioutil.WriteFile(authFile,
[]byte(strings.Join(keys, "\n")), 0600)
log.ErrFatal(err)
}
// Verify-function that will refuse for all calls >= `refuseCount`.
func verifyRefuseMore(m []byte, d []byte) bool {
c, err := strconv.Atoi(string(d))
log.ErrFatal(err)
counter := counters.get(c)
counter.Lock()
defer counter.Unlock()
counter.veriCount++
if counter.veriCount <= counter.refuseCount {
log.Lvlf2("Refusing for %d<=%d", counter.veriCount,
counter.refuseCount)
return false
}
log.Lvl3("Verification called", counter.veriCount, "times")
log.Lvl3("Ignoring message:", string(m))
if len(d) == 0 {
log.Error("Didn't receive correct data")
return false
}
return true
}
// Verify checks a given collective random string against a protocol transcript.
func (rh *RandHound) Verify(suite abstract.Suite, random []byte, t *Transcript) error {
rh.mutex.Lock()
defer rh.mutex.Unlock()
// Verify SID
sid, err := rh.sessionID(t.Nodes, t.Faulty, t.Purpose, t.Time, t.CliRand, t.Threshold, t.CliKey, t.Key)
if err != nil {
return err
}
if !bytes.Equal(t.SID, sid) {
return fmt.Errorf("Wrong session identifier")
}
// Verify I1 signatures
for _, i1 := range t.I1s {
if err := verifySchnorr(suite, t.CliKey, i1); err != nil {
return err
}
}
// Verify R1 signatures
for src, r1 := range t.R1s {
var key abstract.Point
for i := range t.Group {
for j := range t.Group[i] {
if src == t.Group[i][j] {
key = t.Key[i][j]
}
}
}
if err := verifySchnorr(suite, key, r1); err != nil {
return err
}
}
// Verify I2 signatures
for _, i2 := range t.I2s {
if err := verifySchnorr(suite, t.CliKey, i2); err != nil {
return err
}
}
// Verify R2 signatures
for src, r2 := range t.R2s {
var key abstract.Point
for i := range t.Group {
for j := range t.Group[i] {
if src == t.Group[i][j] {
key = t.Key[i][j]
}
}
}
if err := verifySchnorr(suite, key, r2); err != nil {
return err
}
}
// Verify message hashes HI1 and HI2; it is okay if some messages are
// missing as long as there are enough to reconstruct the chosen secrets
for i, msg := range t.I1s {
for _, j := range t.Group[i] {
if _, ok := t.R1s[j]; ok {
if err := verifyMessage(suite, msg, t.R1s[j].HI1); err != nil {
return err
}
} else {
log.Lvlf2("Couldn't find R1 message of server %v", j)
}
}
}
for i, msg := range t.I2s {
if _, ok := t.R2s[i]; ok {
if err := verifyMessage(suite, msg, t.R2s[i].HI2); err != nil {
return err
}
} else {
log.Lvlf2("Couldn't find R2 message of server %v", i)
}
}
// Verify that all servers received the same client commitment
for server, msg := range t.I2s {
for i := range msg.ChosenSecret {
for j := range msg.ChosenSecret[i] {
if int(msg.ChosenSecret[i][j]) != t.ChosenSecret[i][j] {
return fmt.Errorf("Server %v received wrong client commitment", server)
}
}
}
}
H, _ := suite.Point().Pick(nil, suite.Cipher(t.SID))
rnd := suite.Point().Null()
for i, group := range t.ChosenSecret {
for _, src := range group {
var poly [][]byte
var encPos []int
var encShare []abstract.Point
var encProof []ProofCore
var X []abstract.Point
var decPos []int
var decShare []abstract.Point
var decProof []ProofCore
// All R1 messages of the chosen secrets should be there
if _, ok := t.R1s[src]; !ok {
return errors.New("R1 message not found")
}
r1 := t.R1s[src]
for j := 0; j < len(r1.EncShare); j++ {
// Check availability of corresponding R2 messages, skip if not there
target := r1.EncShare[j].Target
if _, ok := t.R2s[target]; !ok {
continue
}
// Gather data on encrypted shares
poly = append(poly, r1.CommitPoly)
encPos = append(encPos, r1.EncShare[j].Pos)
encShare = append(encShare, r1.EncShare[j].Val)
encProof = append(encProof, r1.EncShare[j].Proof)
X = append(X, t.Key[i][r1.EncShare[j].Pos])
// Gather data on decrypted shares
r2 := t.R2s[target]
for k := 0; k < len(r2.DecShare); k++ {
if r2.DecShare[k].Source == src {
decPos = append(decPos, r2.DecShare[k].Pos)
decShare = append(decShare, r2.DecShare[k].Val)
decProof = append(decProof, r2.DecShare[k].Proof)
}
}
}
// Remove encrypted shares that do not have a corresponding decrypted share
j := 0
for j < len(decPos) {
if encPos[j] != decPos[j] {
poly = append(poly[:j], poly[j+1:]...)
encPos = append(encPos[:j], encPos[j+1:]...)
encShare = append(encShare[:j], encShare[j+1:]...)
encProof = append(encProof[:j], encProof[j+1:]...)
X = append(X[:j], X[j+1:]...)
} else {
j++
}
}
// If all of the first values where equal remove trailing data on encrypted shares
if len(decPos) < len(encPos) {
l := len(decPos)
poly = poly[:l]
encPos = encPos[:l]
encShare = encShare[:l]
encProof = encProof[:l]
X = X[:l]
}
pvss := NewPVSS(suite, H, t.Threshold[i])
// Recover polynomial commits
polyCommit, err := pvss.Commits(poly, encPos)
if err != nil {
return err
}
// Check encryption consistency proofs
goodEnc, badEnc, err := pvss.Verify(H, X, polyCommit, encShare, encProof)
if err != nil {
return err
}
_ = goodEnc
_ = badEnc
// Remove bad values
for j := len(badEnc) - 1; j >= 0; j-- {
k := badEnc[j]
X = append(X[:k], X[k+1:]...)
encShare = append(encShare[:k], encShare[k+1:]...)
decShare = append(decShare[:k], decShare[k+1:]...)
decProof = append(decProof[:k], decProof[k+1:]...)
}
// Check decryption consistency proofs
goodDec, badDec, err := pvss.Verify(suite.Point().Base(), decShare, X, encShare, decProof)
if err != nil {
return err
}
_ = goodDec
_ = badDec
// Remove bad shares
for j := len(badDec) - 1; j >= 0; j-- {
k := badDec[j]
decPos = append(decPos[:k], decPos[k+1:]...)
decShare = append(decShare[:k], decShare[k+1:]...)
}
// Recover secret and add it to the collective random point
ps, err := pvss.Recover(decPos, decShare, len(t.Group[i]))
if err != nil {
return err
}
rnd = rh.Suite().Point().Add(rnd, ps)
}
}
rb, err := rnd.MarshalBinary()
if err != nil {
return err
}
if !bytes.Equal(random, rb) {
return errors.New("Bad randomness")
}
return nil
}
// SigningMessage simply set the message to sign for this round
func (c *CoSi) SigningMessage(msg []byte) {
c.Message = msg
log.Lvlf2("%s Root will sign message %x", c.Name(), c.Message)
}
