added skipping-logic for already signed denoms

This commit is contained in:
Özgür Kesim 2022-01-25 18:39:15 +01:00
parent 2d6022e6b2
commit 8f08005212
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7

View File

@ -86,19 +86,35 @@ type Auditor struct {
} `json:"denomination_keys"`
}
func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (e error) {
var zeroes = [32]byte{0}
for _, au := range in.Arguments.Auditors {
func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (skip map[SHA512Hash]bool, e error) {
var idx = -1
for i, au := range in.Arguments.Auditors {
if au.AuditorUrl == url && au.AuditorPub.Equal(ed25519.PublicKey(local)) {
return nil
idx = i
break
} else if au.AuditorUrl == url {
return fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub)
return nil, fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub)
} else if au.AuditorPub.Equal(ed25519.PublicKey(local)) {
return fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl)
return nil, fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl)
}
}
return fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local)
if idx == -1 {
return nil, fmt.Errorf("No such auditor found! URL: %q, PubKey: %v\n", url, local)
}
skip = make(map[SHA512Hash]bool)
for _, key := range in.Arguments.Auditors[idx].DenominationKeys {
if !bytes.Equal(zeroes[:], key.AuditorSig.R) {
// ignore this denom in output, as it has been signed already.
skip[key.DenomPubH] = true
}
}
return skip, nil
}
type AbsoluteTime struct {
@ -505,6 +521,14 @@ func (h *SHA512Hash) MarshalJSON() ([]byte, error) {
return b, nil
}
func (h SHA512Hash) String() string {
enc, err := crockfordEncode(h[:])
if err != nil {
fmt.Sprintf("[error encoding: %e] %v", err, h[:])
}
return string(enc)
}
func Verify(denom *DenomKey, master *EdDSAPublicKey, sig []byte) bool {
const TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY = 1025
/*
@ -645,18 +669,24 @@ func SignDenom(denom *DenomKey, ahash SHA512Hash, master *EdDSAPublicKey, pk *ed
return hash, EdDSASignature{R: sig[:32], S: sig[32:]}
}
func Sign(input *Input, url string, pk ed25519.PrivateKey) ([]SignOperation, error) {
func Sign(input *Input, skip map[SHA512Hash]bool, url string, pk ed25519.PrivateKey) ([]SignOperation, error) {
output := make([]SignOperation, len(input.Arguments.Denoms))
output := []SignOperation{}
for i, denom := range input.Arguments.Denoms {
if !Verify(&denom, &input.Arguments.MasterPublicKey, denom.MasterSig.BinaryMarshal()) {
return nil, fmt.Errorf("couldn verify denomination no. %d: %v", i+1, denom.DenomPub)
}
output[i].Operation = "auditor-sign-denomination-0"
hash, sig := SignDenom(&denom, sha512.Sum512(append([]byte(url), 0)), &input.Arguments.MasterPublicKey, &pk)
output[i].Arguments.HDenomPub = hash
output[i].Arguments.AuditorSig = sig
if skip[hash] {
log.Printf("Skipping denom_pub_h %q as it has been already signed\n", hash)
continue
}
o := SignOperation{Operation: "auditor-sign-denomination-0"}
o.Arguments.HDenomPub = hash
o.Arguments.AuditorSig = sig
output = append(output, o)
}
return output, nil
@ -719,12 +749,13 @@ func main() {
log.Fatal(e)
}
e = input.checkAuditor(*url, EdDSAPublicKey(pub))
var skip map[SHA512Hash]bool
skip, e = input.checkAuditor(*url, EdDSAPublicKey(pub))
if e != nil {
log.Fatal(e)
}
output, err := Sign(input, *url, pk)
output, err := Sign(input, skip, *url, pk)
if err != nil {
log.Fatalf("error signing: %v", err)
}