Skip to content

Commit

Permalink
Use single generic verifySTRConsistency to be used by client and auditor
Browse files Browse the repository at this point in the history
  • Loading branch information
@masomel
masomel committed Feb 16, 2017
1 parent 3cd61f1 commit 6577d92
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 25 deletions.
20 changes: 1 addition & 19 deletions protocol/auditlog.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func (l *ConiksAuditLog) Update(addr string, newSTR *m.SignedTreeRoot) error {

h := l.histories[addr]

if err := h.verifySTRConsistency(newSTR); err != nil {
if err := verifySTRConsistency(h.signKey, h.latestSTR, newSTR); err != nil {
return err
}

Expand All @@ -110,24 +110,6 @@ func (l *ConiksAuditLog) Update(addr string, newSTR *m.SignedTreeRoot) error {
return nil
}

// verifySTRConsistency checks the consistency between 2 snapshots.
// It uses the pinned signing key in the directory history
// to verify the STR's signature and verifies
// the hash chain using the latestSTR stored in the history.
// TODO: dedup this: write generic verifySTRConsistency
func (h *directoryHistory) verifySTRConsistency(str *m.SignedTreeRoot) error {
// verify STR's signature
if !h.signKey.Verify(str.Serialize(), str.Signature) {
return CheckBadSignature
}
if str.VerifyHashChain(h.latestSTR) {
return nil
}

// TODO: verify the directory's policies as well. See #115
return CheckBadSTR
}

// GetObservedSTR gets the observed STR for the CONIKS directory address indicated
// in the AuditingRequest req received from a CONIKS client from the auditor's latest
// directory history entry, and returns a tuple of the form
Expand Down
15 changes: 9 additions & 6 deletions protocol/consistencychecks.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ func (cc *ConsistencyChecks) updateSTR(requestType int, msg *Response) error {
return nil
}
// Otherwise, expect that we've entered a new epoch
if err := cc.verifySTRConsistency(cc.SavedSTR, str); err != nil {
if err := verifySTRConsistency(cc.signKey, cc.SavedSTR, str); err != nil {
return err
}

Expand All @@ -140,12 +140,15 @@ func (cc *ConsistencyChecks) verifySTR(str *m.SignedTreeRoot) error {
}

// verifySTRConsistency checks the consistency between 2 snapshots.
// It uses the pinned signing key in cc
// to verify the STR's signature and should not verify
// the hash chain using the STR stored in cc.
func (cc *ConsistencyChecks) verifySTRConsistency(savedSTR, str *m.SignedTreeRoot) error {
// It uses the signing key signKey to verify the STR's signature.
// The signKey param either comes from a client's
// pinned signing key in cc, or an auditor's pinned signing key
// in its history.
// In the case of a client-side consistency check, verifySTRConsistency()
// should not verify the hash chain using the STR stored in cc.
func verifySTRConsistency(signKey sign.PublicKey, savedSTR, str *m.SignedTreeRoot) error {
// verify STR's signature
if !cc.signKey.Verify(str.Serialize(), str.Signature) {
if !signKey.Verify(str.Serialize(), str.Signature) {
return CheckBadSignature
}
if str.VerifyHashChain(savedSTR) {
Expand Down

0 comments on commit 6577d92

Please sign in to comment.