merged collectiveSigning.go

Author: ineiti

app/conode/server.go

@@ -339,11 +339,11 @@ func (s *Server) Run(role string) {
 // AnnounceFunc will keep the timestamp generated for this round
 func (s *Server) AnnounceFunc() sign.AnnounceFunc {
 	return func(am *sign.AnnouncementMessage) {
-		t := time.Time{}
-		if err := t.UnmarshalBinary(am.Message); err != nil {
+		var t int64
+		if err := binary.Read(bytes.NewBuffer(am.Message), binary.LittleEndian, &t); err != nil {
 			dbg.Lvl1("Unmashaling timestamp has failed")
 		}
-		s.Timestamp = t.Unix()
+		s.Timestamp = t
 	}
 }
 
@@ -408,15 +408,8 @@ func (s *Server) AggregateCommits(view int) []byte {
 
 	// pull out to be Merkle Tree leaves
 	s.Leaves = make([]hashid.HashId, 0)
-	buf := new(bytes.Buffer)
-	if err := binary.Write(buf, binary.LittleEndian, s.Timestamp); err != nil {
-		dbg.Lvl2("Timestamp have not been marshalled ! ", err)
-	}
-	bbuf := buf.Bytes()
 	for _, msg := range Queue[PROCESSING] {
-		// append timestamp on the msg
-		leaf := append(msg.Tsm.Sreq.Val, bbuf...)
-		s.Leaves = append(s.Leaves, hashid.HashId(leaf))
+		s.Leaves = append(s.Leaves, hashid.HashId(msg.Tsm.Sreq.Val))
 	}
 	s.mux.Unlock()
 

app/conode/stamp/stamp.go

@@ -69,6 +69,8 @@ type SignatureFile struct {
 	Challenge string
 	// The signature response
 	Response  string
+	// The aggregated commitment used for signing
+	Commitment string
 }
 
 // Our crypto-suite used in the program
@@ -259,34 +261,65 @@ func VerifySignature(file, sigFile string) bool {
 // Message is your own hash, and reply contains the inclusion proof + signature
 // on the aggregated message
 func verifySignature(message hashid.HashId, reply *defs.StampReply) bool {
+	// First check if the challenge is ok
+	if err := verifyChallenge(suite, reply); err != nil {
+		dbg.Lvl1("Challenge-check : FAILED (", err, ")")
+		return false
+	}
+	dbg.Lvl1("Challenge-check : OK")
+	// Then check if the signature is ok
 	sig := defs.BasicSignature{
 		Chall: reply.SigBroad.C,
 		Resp:  reply.SigBroad.R0_hat,
 	}
 	public, _ := cliutils.ReadPub64(suite, strings.NewReader(conf.AggPubKey))
-	if err := SchnorrVerify(suite, reply.MerkleRoot, public, sig); err != nil {
+	// Incorporate the timestamp in the message since the verification process
+	// is done by reconstructing the challenge
+	var b bytes.Buffer
+	if err := binary.Write(&b, binary.LittleEndian, reply.Timestamp); err != nil {
+		dbg.Lvl1("Error marshaling the timestamp for signature verification")
+	}
+	msg := append(b.Bytes(), []byte(reply.MerkleRoot)...)
+	if err := SchnorrVerify(suite, msg, public, sig); err != nil {
 		dbg.Lvl1("Signature-check : FAILED (", err, ")")
 		return false
 	}
 	dbg.Lvl1("Signature-check : OK")
 
-	// Verify inclusion proof
-	// First, concat the timestamp to the message
-	buf := []byte(message)
-	bt := new(bytes.Buffer)
-	if err := binary.Write(bt, binary.LittleEndian, reply.Timestamp); err != nil {
-		dbg.Fatal("Timestamp have not been appended to the message. Abort")
-	}
-	messageConcat := append(buf, bt.Bytes()...)
-	// Then check the proof
-	if !proof.CheckProof(suite.Hash, reply.MerkleRoot, hashid.HashId(messageConcat), reply.Prf) {
+	// finally check the proof
+	if !proof.CheckProof(suite.Hash, reply.MerkleRoot, hashid.HashId(message), reply.Prf) {
 		dbg.Lvl1("Inclusion-check : FAILED")
 		return false
 	}
 	dbg.Lvl1("Inclusion-check : OK")
 	return true
 }
 
+// verifyChallenge will recontstruct the challenge in order to see if any of the
+// components of the challenge has been spoofed or not. It may be a different
+// timestamp .
+func verifyChallenge(suite abstract.Suite, reply *defs.StampReply) error {
+
+	// marshal the V
+	pbuf, err := reply.SigBroad.V0_hat.MarshalBinary()
+	if err != nil {
+		return err
+	}
+	c := suite.Cipher(pbuf)
+	// concat timestamp and merkle root
+	var b bytes.Buffer
+	if err := binary.Write(&b, binary.LittleEndian, reply.Timestamp); err != nil {
+		return err
+	}
+	cbuf := append(b.Bytes(), reply.MerkleRoot...)
+	c.Message(nil, nil, cbuf)
+	challenge := suite.Secret().Pick(c)
+	if challenge.Equal(reply.SigBroad.C) {
+		return nil
+	}
+	return errors.New("Challenge reconstructed is not equal to the one given ><")
+}
+
 // A simple verification of a schnorr signature given the message
 //TAKEN FROM SIG_TEST from abstract
 func SchnorrVerify(suite abstract.Suite, message []byte, publicKey abstract.Point, sig defs.BasicSignature) error {
@@ -322,24 +355,29 @@ func WriteSignatureFile(nameSig, file string, hash []byte, stamp *defs.StampRepl
 	for _, pr := range stamp.Prf {
 		p = append(p, base64.StdEncoding.EncodeToString(pr))
 	}
-	// Write challenge and response part
+	// Write challenge and response + commitment part
 	var bufChall bytes.Buffer
 	var bufResp bytes.Buffer
+	var bufCommit bytes.Buffer
 	if err := cliutils.WriteSecret64(suite, &bufChall, stamp.SigBroad.C); err != nil {
 		dbg.Fatal("Could not write secret challenge :", err)
 	}
 	if err := cliutils.WriteSecret64(suite, &bufResp, stamp.SigBroad.R0_hat); err != nil {
 		dbg.Fatal("Could not write secret response : ", err)
 	}
+	if err := cliutils.WritePub64(suite, &bufCommit, stamp.SigBroad.V0_hat); err != nil {
+		dbg.Fatal("Could not write aggregated commitment : ", err)
+	}
 	// Signature file struct containing everything needed
 	sigStr := &SignatureFile{
-		Name:      file,
-		Timestamp: stamp.Timestamp,
-		Hash:      base64.StdEncoding.EncodeToString(hash),
-		Proof:     p,
-		Root:      base64.StdEncoding.EncodeToString(stamp.MerkleRoot),
-		Challenge: bufChall.String(),
-		Response:  bufResp.String(),
+		Name:       file,
+		Timestamp:  stamp.Timestamp,
+		Hash:       base64.StdEncoding.EncodeToString(hash),
+		Proof:      p,
+		Root:       base64.StdEncoding.EncodeToString(stamp.MerkleRoot),
+		Challenge:  bufChall.String(),
+		Response:   bufResp.String(),
+		Commitment: bufCommit.String(),
 	}
 
 	// Print to the screen, and write to file
@@ -382,7 +420,11 @@ func ReadSignatureFile(name string) ([]byte, *defs.StampReply, error) {
 	if err != nil {
 		dbg.Fatal("Could not read secret challenge : ", err)
 	}
-	reply.SigBroad.C, err = cliutils.ReadSecret64(suite, strings.NewReader(sigStr.Challenge))
+	if reply.SigBroad.C, err = cliutils.ReadSecret64(suite, strings.NewReader(sigStr.Challenge)); err != nil {
+		dbg.Fatal("Could not read the aggregate commitment :", err)
+	}
+	reply.SigBroad.V0_hat, err = cliutils.ReadPub64(suite, strings.NewReader(sigStr.Commitment))
+
 	return hash, reply, err
 
 }

deploy/platform/deterlab.go

@@ -39,48 +39,48 @@ import (
 
 type Deterlab struct {
 	// The login on the platform
-	Login        string
+	Login string
 	// The outside host on the platform
-	Host         string
+	Host string
 	// The name of the project
-	Project      string
+	Project string
 	// Name of the Experiment - also name of hosts
-	Experiment   string
+	Experiment string
 	// Directory of applications
-	AppDir       string
+	AppDir string
 	// Directory where everything is copied into
-	DeployDir    string
+	DeployDir string
 	// Directory for building
-	BuildDir     string
+	BuildDir string
 	// Working directory of deterlab
-	DeterDir     string
+	DeterDir string
 	// Where the main logging machine resides
 	MasterLogger string
 	// DNS-resolvable names
-	Phys         []string
+	Phys []string
 	// VLAN-IP names
-	Virt         []string
+	Virt []string
 
 	// Which app to run
-	App          string
+	App string
 	// Number of machines
-	Machines     int
+	Machines int
 	// Number of loggers
-	Loggers      int
+	Loggers int
 	// Number of Rounds
-	Rounds       int
+	Rounds int
 	// Channel to communication stopping of experiment
-	sshDeter     chan string
+	sshDeter chan string
 	// Whether the simulation is started
-	started      bool
+	started bool
 	// Debugging-level: 0 is none - 5 is everything
-	Debug        int
+	Debug int
 
 	// All hostnames used concatenated with the port
-	Hostnames    []string
+	Hostnames []string
 
 	// Testing the connection?
-	TestConnect  bool
+	TestConnect bool
 }
 
 func (d *Deterlab) Configure() {
@@ -145,7 +145,7 @@ func (d *Deterlab) Build(build string) error {
 				// go won't compile on an absolute path so we need to
 				// convert it to a relative one
 				src_rel, _ := filepath.Rel(d.DeterDir, src)
-				out, err := cliutils.Build("./" + src_rel, dest, "386", "freebsd")
+				out, err := cliutils.Build("./"+src_rel, dest, "386", "freebsd")
 				if err != nil {
 					cliutils.KillGo()
 					dbg.Lvl1(out)
@@ -159,7 +159,7 @@ func (d *Deterlab) Build(build string) error {
 			// deter has an amd64, linux architecture
 			src_rel, _ := filepath.Rel(d.DeterDir, src)
 			dbg.Lvl3("Relative-path is", src, src_rel, d.DeterDir)
-			out, err := cliutils.Build("./" + src_rel, dest, "amd64", "linux")
+			out, err := cliutils.Build("./"+src_rel, dest, "amd64", "linux")
 			if err != nil {
 				cliutils.KillGo()
 				dbg.Lvl1(out)
@@ -294,22 +294,22 @@ func (d *Deterlab) Deploy(rc RunConfig) error {
 	*/
 
 	// copy the webfile-directory of the logserver to the remote directory
-	err := exec.Command("cp", "-a", d.DeterDir + "/logserver/webfiles",
-		d.DeterDir + "/cothority.conf", d.DeployDir).Run()
+	err := exec.Command("cp", "-a", d.DeterDir+"/logserver/webfiles",
+		d.DeterDir+"/cothority.conf", d.DeployDir).Run()
 	if err != nil {
 		dbg.Fatal("error copying webfiles:", err)
 	}
 	build, err := ioutil.ReadDir(d.BuildDir)
 	for _, file := range build {
-		err = exec.Command("cp", d.BuildDir + "/" + file.Name(), d.DeployDir).Run()
+		err = exec.Command("cp", d.BuildDir+"/"+file.Name(), d.DeployDir).Run()
 		if err != nil {
 			dbg.Fatal("error copying build-file:", err)
 		}
 	}
 
 	dbg.Lvl1("Copying over to", d.Login, "@", d.Host)
 	// Copy everything over to deterlabs
-	err = cliutils.Rsync(d.Login, d.Host, d.DeployDir + "/", "remote/")
+	err = cliutils.Rsync(d.Login, d.Host, d.DeployDir+"/", "remote/")
 	if err != nil {
 		dbg.Fatal(err)
 	}
@@ -333,7 +333,7 @@ func (d *Deterlab) Start() error {
 		"-t",
 		fmt.Sprintf("%s@%s", d.Login, d.Host),
 		"-L",
-		"8081:" + d.MasterLogger + ":10000")
+		"8081:"+d.MasterLogger+":10000")
 	err = cmd.Start()
 	if err != nil {
 		dbg.Fatal("failed to setup portforwarding for logging server")
@@ -399,13 +399,13 @@ func (d *Deterlab) createHosts() error {
 	d.Phys = make([]string, 0, num_servers)
 	d.Virt = make([]string, 0, num_servers)
 	for i := 1; i <= num_servers; i++ {
-		d.Phys = append(d.Phys, fmt.Sprintf("server-%d.%s.%s", i - 1, d.Experiment, name))
+		d.Phys = append(d.Phys, fmt.Sprintf("server-%d.%s.%s", i-1, d.Experiment, name))
 		d.Virt = append(d.Virt, fmt.Sprintf("%s%d", ip, i))
 	}
 
 	// only take the machines we need
-	d.Phys = d.Phys[:nmachs + nloggers]
-	d.Virt = d.Virt[:nmachs + nloggers]
+	d.Phys = d.Phys[:nmachs+nloggers]
+	d.Virt = d.Virt[:nmachs+nloggers]
 	d.MasterLogger = d.Phys[0]
 
 	return nil
@@ -419,7 +419,7 @@ func (d *Deterlab) LoadAndCheckDeterlabVars() {
 	deter := Deterlab{}
 	err := app.ReadTomlConfig(&deter, "deter.toml", d.DeterDir)
 	d.Host, d.Login, d.Project, d.Experiment, d.Loggers =
-	deter.Host, deter.Login, deter.Project, deter.Experiment, deter.Loggers
+		deter.Host, deter.Login, deter.Project, deter.Experiment, deter.Loggers
 
 	if err != nil {
 		dbg.Lvl1("Couldn't read config-file - asking for default values")
@@ -430,15 +430,15 @@ func (d *Deterlab) LoadAndCheckDeterlabVars() {
 	}
 
 	if d.Login == "" {
-		d.Login = readString("Please enter the login-name on " + d.Host, "")
+		d.Login = readString("Please enter the login-name on "+d.Host, "")
 	}
 
 	if d.Project == "" {
 		d.Project = readString("Please enter the project on deterlab", "SAFER")
 	}
 
 	if d.Experiment == "" {
-		d.Experiment = readString("Please enter the Experiment on " + d.Project, "Dissent-CS")
+		d.Experiment = readString("Please enter the Experiment on "+d.Project, "Dissent-CS")
 	}
 
 	if d.Loggers == 0 {

lib/coconet/networkMessg.go

@@ -1,6 +1,7 @@
 package coconet
 
 import (
+	dbg "github.com/dedis/cothority/lib/debug_lvl"
 	"github.com/dedis/protobuf"
 )
 
@@ -15,5 +16,6 @@ func (nm *NetworkMessg) MarshalBinary() ([]byte, error) {
 }
 
 func (nm *NetworkMessg) UnmarshalBinary(data []byte) error {
+	dbg.Print("UnmarshalBinary : ", len(data), " bytes")
 	return protobuf.Decode(data, nm)
 }

lib/coconet/tcpconn.go

@@ -3,10 +3,8 @@ package coconet
 import (
 	"encoding/json"
 	"errors"
-	"math/rand"
 	"net"
 	"sync"
-	"time"
 	//"runtime/debug"
 
 	dbg "github.com/dedis/cothority/lib/debug_lvl"
@@ -158,9 +156,9 @@ func (tc *TCPConn) GetData(bum BinaryUnmarshaler) error {
 	dec := tc.dec
 	tc.encLock.Unlock()
 
-	if Latency != 0 {
-		time.Sleep(time.Duration(rand.Intn(Latency)) * time.Millisecond)
-	}
+	//if Latency != 0 {
+	//	time.Sleep(time.Duration(rand.Intn(Latency)) * time.Millisecond)
+	//}
 	err := dec.Decode(bum)
 	if err != nil {
 		if IsTemporary(err) {
@@ -169,7 +167,7 @@ func (tc *TCPConn) GetData(bum BinaryUnmarshaler) error {
 		}
 		// if it is an irrecoverable error
 		// close the channel and return that it has been closed
-		if err != io.EOF && err.Error() != "read tcp4"{
+		if err != io.EOF && err.Error() != "read tcp4" {
 			dbg.Lvl2("Couldn't decode packet at", tc.name, "error:", err)
 		} else {
 			dbg.Lvl3("Closing connection by EOF: ", err)