taler/auditor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added skipping-logic for already signed denoms

Browse Source
This commit is contained in:
Özgür Kesim 2022-01-25 18:39:15 +01:00
parent 2d6022e6b2
commit 8f08005212
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
1 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
cmd/taler-auditor-offline-signing/main.go
View File

@ -86,19 +86,35 @@ type Auditor struct {
} `json:"denomination_keys"` } `json:"denomination_keys"`
} }
func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (e error) { var zeroes = [32]byte{0}
for _, au := range in.Arguments.Auditors { func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (skip map[SHA512Hash]bool, e error) {
var idx = -1
for i, au := range in.Arguments.Auditors {
if au.AuditorUrl == url && au.AuditorPub.Equal(ed25519.PublicKey(local)) { if au.AuditorUrl == url && au.AuditorPub.Equal(ed25519.PublicKey(local)) {
return nil idx = i
break
} else if au.AuditorUrl == url { } else if au.AuditorUrl == url {
return fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub) return nil, fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub)
} else if au.AuditorPub.Equal(ed25519.PublicKey(local)) { } else if au.AuditorPub.Equal(ed25519.PublicKey(local)) {
return fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl) return nil, fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl)
} }
} }
return fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local) if idx == -1 {
return nil, fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local)
}
skip = make(map[SHA512Hash]bool)
for _, key := range in.Arguments.Auditors[idx].DenominationKeys {
if !bytes.Equal(zeroes[:], key.AuditorSig.R) {
// ignore this denom in output, as it has been signed already.
skip[key.DenomPubH] = true
}
}
return skip, nil
} }
type AbsoluteTime struct { type AbsoluteTime struct {
@ -505,6 +521,14 @@ func (h *SHA512Hash) MarshalJSON() ([]byte, error) {
return b, nil return b, nil
} }
func (h SHA512Hash) String() string {
enc, err := crockfordEncode(h[:])
if err != nil {
fmt.Sprintf("[error encoding: %e] %v", err, h[:])
}
return string(enc)
}
func Verify(denom *DenomKey, master *EdDSAPublicKey, sig []byte) bool { func Verify(denom *DenomKey, master *EdDSAPublicKey, sig []byte) bool {
const TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY = 1025 const TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY = 1025
/* /*
@ -645,18 +669,24 @@ func SignDenom(denom *DenomKey, ahash SHA512Hash, master *EdDSAPublicKey, pk *ed
return hash, EdDSASignature{R: sig[:32], S: sig[32:]} return hash, EdDSASignature{R: sig[:32], S: sig[32:]}
} }
func Sign(input *Input, url string, pk ed25519.PrivateKey) ([]SignOperation, error) { func Sign(input *Input, skip map[SHA512Hash]bool, url string, pk ed25519.PrivateKey) ([]SignOperation, error) {
output := make([]SignOperation, len(input.Arguments.Denoms)) output := []SignOperation{}
for i, denom := range input.Arguments.Denoms { for i, denom := range input.Arguments.Denoms {
if !Verify(&denom, &input.Arguments.MasterPublicKey, denom.MasterSig.BinaryMarshal()) { if !Verify(&denom, &input.Arguments.MasterPublicKey, denom.MasterSig.BinaryMarshal()) {
return nil, fmt.Errorf("couldn verify denomination no. %d: %v", i+1, denom.DenomPub) return nil, fmt.Errorf("couldn verify denomination no. %d: %v", i+1, denom.DenomPub)
} }
output[i].Operation = "auditor-sign-denomination-0"
hash, sig := SignDenom(&denom, sha512.Sum512(append([]byte(url), 0)), &input.Arguments.MasterPublicKey, &pk) hash, sig := SignDenom(&denom, sha512.Sum512(append([]byte(url), 0)), &input.Arguments.MasterPublicKey, &pk)
output[i].Arguments.HDenomPub = hash
output[i].Arguments.AuditorSig = sig if skip[hash] {
log.Printf("Skipping denom_pub_h %q as it has been already signed\n", hash)
continue
}
o := SignOperation{Operation: "auditor-sign-denomination-0"}
o.Arguments.HDenomPub = hash
o.Arguments.AuditorSig = sig
output = append(output, o)
} }
return output, nil return output, nil
@ -719,12 +749,13 @@ func main() {
log.Fatal(e) log.Fatal(e)
} }
e = input.checkAuditor(*url, EdDSAPublicKey(pub)) var skip map[SHA512Hash]bool
skip, e = input.checkAuditor(*url, EdDSAPublicKey(pub))
if e != nil { if e != nil {
log.Fatal(e) log.Fatal(e)
} }
output, err := Sign(input, *url, pk) output, err := Sign(input, skip, *url, pk)
if err != nil { if err != nil {
log.Fatalf("error signing: %v", err) log.Fatalf("error signing: %v", err)
} }