From 8f08005212aab6e8b35265cbc01bfbe6217750b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Tue, 25 Jan 2022 18:39:15 +0100 Subject: [PATCH] added skipping-logic for already signed denoms --- cmd/taler-auditor-offline-signing/main.go | 59 +++++++++++++++++------ 1 file changed, 45 insertions(+), 14 deletions(-) diff --git a/cmd/taler-auditor-offline-signing/main.go b/cmd/taler-auditor-offline-signing/main.go index fdb632a..b4e0384 100644 --- a/cmd/taler-auditor-offline-signing/main.go +++ b/cmd/taler-auditor-offline-signing/main.go @@ -86,19 +86,35 @@ type Auditor struct { } `json:"denomination_keys"` } -func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (e error) { +var zeroes = [32]byte{0} - for _, au := range in.Arguments.Auditors { +func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (skip map[SHA512Hash]bool, e error) { + var idx = -1 + + for i, au := range in.Arguments.Auditors { if au.AuditorUrl == url && au.AuditorPub.Equal(ed25519.PublicKey(local)) { - return nil + idx = i + break } else if au.AuditorUrl == url { - return fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub) + return nil, fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub) } else if au.AuditorPub.Equal(ed25519.PublicKey(local)) { - return fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl) + return nil, fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl) } } - return fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local) + if idx == -1 { + return nil, fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local) + } + + skip = make(map[SHA512Hash]bool) + for _, key := range in.Arguments.Auditors[idx].DenominationKeys { + if !bytes.Equal(zeroes[:], key.AuditorSig.R) { + // ignore this denom in output, as it has been signed already. + skip[key.DenomPubH] = true + } + } + + return skip, nil } type AbsoluteTime struct { @@ -505,6 +521,14 @@ func (h *SHA512Hash) MarshalJSON() ([]byte, error) { return b, nil } +func (h SHA512Hash) String() string { + enc, err := crockfordEncode(h[:]) + if err != nil { + fmt.Sprintf("[error encoding: %e] %v", err, h[:]) + } + return string(enc) +} + func Verify(denom *DenomKey, master *EdDSAPublicKey, sig []byte) bool { const TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY = 1025 /* @@ -645,18 +669,24 @@ func SignDenom(denom *DenomKey, ahash SHA512Hash, master *EdDSAPublicKey, pk *ed return hash, EdDSASignature{R: sig[:32], S: sig[32:]} } -func Sign(input *Input, url string, pk ed25519.PrivateKey) ([]SignOperation, error) { +func Sign(input *Input, skip map[SHA512Hash]bool, url string, pk ed25519.PrivateKey) ([]SignOperation, error) { - output := make([]SignOperation, len(input.Arguments.Denoms)) + output := []SignOperation{} for i, denom := range input.Arguments.Denoms { if !Verify(&denom, &input.Arguments.MasterPublicKey, denom.MasterSig.BinaryMarshal()) { return nil, fmt.Errorf("couldn verify denomination no. %d: %v", i+1, denom.DenomPub) } - output[i].Operation = "auditor-sign-denomination-0" - hash, sig := SignDenom(&denom, sha512.Sum512(append([]byte(url), 0)), &input.Arguments.MasterPublicKey, &pk) - output[i].Arguments.HDenomPub = hash - output[i].Arguments.AuditorSig = sig + + if skip[hash] { + log.Printf("Skipping denom_pub_h %q as it has been already signed\n", hash) + continue + } + + o := SignOperation{Operation: "auditor-sign-denomination-0"} + o.Arguments.HDenomPub = hash + o.Arguments.AuditorSig = sig + output = append(output, o) } return output, nil @@ -719,12 +749,13 @@ func main() { log.Fatal(e) } - e = input.checkAuditor(*url, EdDSAPublicKey(pub)) + var skip map[SHA512Hash]bool + skip, e = input.checkAuditor(*url, EdDSAPublicKey(pub)) if e != nil { log.Fatal(e) } - output, err := Sign(input, *url, pk) + output, err := Sign(input, skip, *url, pk) if err != nil { log.Fatalf("error signing: %v", err) }