Revert #170

coniks-sys · Jun 8, 2017 · 5d21f7c · 5d21f7c
1 parent d6c4cdc
commit 5d21f7c
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 61 deletions.
diff --git a/protocol/auditor.go b/protocol/auditor.go
diff --git a/protocol/consistencychecks.go b/protocol/consistencychecks.go
@@ -7,6 +7,7 @@ package protocol
 
 import (
 	"bytes"
+	"reflect"
 
 	"github.com/coniks-sys/coniks-go/crypto/sign"
 	m "github.com/coniks-sys/coniks-go/merkletree"
@@ -24,7 +25,8 @@ import (
 // subsequent responses from the ConiksDirectory to any
 // client request.
 type ConsistencyChecks struct {
-	*auditorState
+	// SavedSTR stores the latest verified signed tree root.
+	SavedSTR *DirSTR
 	// Bindings stores all the verified name-to-key bindings.
 	Bindings map[string][]byte
 	// RegEpoch keeps the registration epoch of each user.
@@ -38,6 +40,8 @@ type ConsistencyChecks struct {
 	// extensions settings
 	useTBs bool
 	TBs    map[string]*TemporaryBinding
+
+	signKey sign.PublicKey
 }
 
 // NewCC creates an instance of ConsistencyChecks using
@@ -50,11 +54,12 @@ func NewCC(savedSTR *DirSTR, signKey sign.PublicKey, regs map[string]uint64,
 		panic("[coniks] Currently the server is forced to use TBs")
 	}
 	cc := &ConsistencyChecks{
-		auditorState: newAuditorState(signKey, savedSTR),
-		Bindings:     make(map[string][]byte),
-		RegEpoch:     regs,
-		oldSTR:       savedSTR,
-		useTBs:       useTBs,
+		SavedSTR: savedSTR,
+		Bindings: make(map[string][]byte),
+		useTBs:   useTBs,
+		signKey:  signKey,
+		RegEpoch: regs,
+		oldSTR:   savedSTR,
 	}
 	if len(regs) == 0 {
 		cc.RegEpoch = make(map[string]uint64)
@@ -168,6 +173,34 @@ func (cc *ConsistencyChecks) updateSTR(requestType int, msg *Response) error {
 	return nil
 }
 
+// verifySTR checks whether the received STR is the same with
+// the SavedSTR using reflect.DeepEqual().
+// FIXME: check whether the STR was issued on time and whatnot.
+// Maybe it has something to do w/ #81 and client transitioning between epochs.
+// Try to verify w/ what's been saved
+func (cc *ConsistencyChecks) verifySTR(str *DirSTR) error {
+	if reflect.DeepEqual(cc.SavedSTR, str) {
+		return nil
+	}
+	return CheckBadSTR
+}
+
+// verifySTRConsistency checks the consistency between 2 snapshots.
+// It uses the pinned signing key in cc
+// to verify the STR's signature and should not verify
+// the hash chain using the STR stored in cc.
+func (cc *ConsistencyChecks) verifySTRConsistency(savedSTR, str *DirSTR) error {
+	// verify STR's signature
+	if !cc.signKey.Verify(str.Serialize(), str.Signature) {
+		return CheckBadSignature
+	}
+	if str.VerifyHashChain(savedSTR) {
+		return nil
+	}
+	// TODO: verify the directory's policies as well. See #115
+	return CheckBadSTR
+}
+
 func (cc *ConsistencyChecks) checkConsistency(requestType int, msg *Response,
 	uname string, key []byte) ErrorCode {
 	var err error