diff options
| author | Linus Nordberg <linus@nordu.net> | 2017-03-01 09:37:30 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2017-03-01 09:37:30 +0100 |
| commit | 11fc428f6eb52936bdbde1be5a6cd4e56704bc68 (patch) | |
| tree | f1e1ec4226429ebf1ba0735e611db97d14ba8993 | |
| parent | 8ecfbfa2a57708366763d7adbfcb87f9b0df7d03 (diff) | |
Rename some variable and function names; add a NEWS entry.
| -rw-r--r-- | NEWS.md | 8 | ||||
| -rw-r--r-- | src/plop.erl | 26 | ||||
| -rw-r--r-- | src/sign.erl | 3 | ||||
| -rw-r--r-- | src/signing.erl | 10 | ||||
| -rw-r--r-- | src/storage.erl | 2 |
5 files changed, 26 insertions, 23 deletions
@@ -1,3 +1,11 @@ +# Changes in plop 1.0.1-alpha-dev + +## Features + +- Signing nodes now requires signatures from a configurable number of + storage nodes. This prevents a rouge frontend node from sending out + an SCT for an entry that will never be merged. + # Changes in plop 0.10.1 - 2017-02-11 ## Bug fixes diff --git a/src/plop.erl b/src/plop.erl index 46b402b..7c7ded7 100644 --- a/src/plop.erl +++ b/src/plop.erl @@ -25,10 +25,11 @@ %% API. -export([initsize/0]). -export([get_logid/0, serialise/1, signature_type/1]). --export([add/2, commit/3, sth/0, get/1, get/2, spt/2, +-export([add/2, commit/3, sth/0, get/1, get/2, spt_sig/2, consistency/2, inclusion/2, inclusion_and_entry/2]). -export([generate_timestamp/0, save_sth/1, verify_sth/4]). --export([get_by_leaf_hash/1, entry_for_leafhash/1, spt_from_entry/1, get_spt/1, add_spt/2]). +-export([get_by_leaf_hash/1, entry_for_leafhash/1, spt_data_from_entry/1, + get_spt_sig/1, add_spt_sig/2]). %% API for tests. -export([testing_get_pubkey/0]). @@ -96,14 +97,14 @@ spt_data(Entry) -> {ok, {Module, Function}} = application:get_env(plop, spt_data), Module:Function(Entry). -spt_from_entry(LogEntry) -> +spt_data_from_entry(LogEntry) -> spt_data(unwrap_entry(LogEntry)). -get_spt(Hash) -> +get_spt_sig(Hash) -> perm:getvalue(sptcache, Hash). -add_spt(LeafHash, SPT) -> - ok = perm:addvalue(sptcache, LeafHash, SPT), +add_spt_sig(LeafHash, SPTSig) -> + ok = perm:addvalue(sptcache, LeafHash, SPTSig), perm:commit(sptcache), ok. @@ -122,14 +123,14 @@ add(LogEntry, TreeLeafHash) -> end) end. -commit(TreeLeafHash, EntryHash, SPT) -> +commit(TreeLeafHash, EntryHash, SPTSig) -> Nodes = storage_nodes(), util:spawn_and_wait( fun () -> lists:foreach( fun (URLBase) -> send_storage_entrycommitted(URLBase, EntryHash, - TreeLeafHash, SPT) + TreeLeafHash, SPTSig) end, Nodes) end). @@ -180,11 +181,12 @@ get(Hash) -> {notfetched, LeafHash, unwrap_entry(Entry)} end. -spt(Data, Signatures) -> +spt_sig(Data, StorageSignatures) -> + Sig = sign:sign_sct(Data, StorageSignatures), #signature{algorithm = #sig_and_hash_alg{ hash_alg = sha256, signature_alg = ecdsa}, - signature = sign:sign_sct(Data, Signatures)}. + signature = Sig}. consistency(TreeSizeFirst, TreeSizeSecond) -> TreeSize = db:size(), @@ -279,12 +281,12 @@ send_storage_sendentry(URLBase, LogEntry, TreeLeafHash) -> RequestId = send_http_request(TreeLeafHash, URLBase ++ "sendentry", [{"Content-Type", "text/json"}], list_to_binary(Request)), {RequestId, URLBase}. -send_storage_entrycommitted(URLBase, EntryHash, TreeLeafHash, SPT) -> +send_storage_entrycommitted(URLBase, EntryHash, TreeLeafHash, SPTSig) -> Request = mochijson2:encode( {[{plop_version, 1}, {entryhash, base64:encode(EntryHash)}, {treeleafhash, base64:encode(TreeLeafHash)}, - {timestamp_signature, base64:encode(SPT)} + {timestamp_signature, base64:encode(SPTSig)} ]}), send_http_request(TreeLeafHash, URLBase ++ "entrycommitted", [{"Content-Type", "text/json"}], list_to_binary(Request)). diff --git a/src/sign.erl b/src/sign.erl index f7c7194..63b147c 100644 --- a/src/sign.erl +++ b/src/sign.erl @@ -188,8 +188,7 @@ sign_sct(Data = <<_Version:8, {ok, URLBases} -> Request = {[{plop_version, 1}, {data, base64:encode(Data)}, - {signatures, Signatures} - ]}, + {signatures, Signatures}]}, remote_sign_request([URLBase ++ "sct" || URLBase <- URLBases], Request); undefined -> call(?MODULE, {sign, Data}) diff --git a/src/signing.erl b/src/signing.erl index 5bcd3eb..9cced1b 100644 --- a/src/signing.erl +++ b/src/signing.erl @@ -1,4 +1,4 @@ -%%% Copyright (c) 2014-2015, NORDUnet A/S. +%%% Copyright (c) 2014-2017, NORDUnet A/S. %%% See LICENSE for licensing information. %%% @doc Signing node API @@ -15,12 +15,7 @@ request(post, ?APPURL_PLOP_SIGNING, "sct", Input) -> html("sendentry: bad input:", E); {struct, PropList} -> Data = base64:decode(proplists:get_value(<<"data">>, PropList)), - Signatures = case proplists:get_value(<<"signatures">>, PropList) of - undefined -> - []; - Sigs -> - Sigs - end, + Signatures = proplists:get_value(<<"signatures">>, PropList, []), Result = sign:sign_sct(Data, Signatures), success({[{result, base64:encode(Result)}]}) end; @@ -30,7 +25,6 @@ request(post, ?APPURL_PLOP_SIGNING, "sth", Input) -> html("sendentry: bad input:", E); {struct, PropList} -> Data = base64:decode(proplists:get_value(<<"data">>, PropList)), - Result = sign:sign_sth(Data), success({[{result, base64:encode(Result)}]}) end. diff --git a/src/storage.erl b/src/storage.erl index 489bf91..c64d918 100644 --- a/src/storage.erl +++ b/src/storage.erl @@ -19,7 +19,7 @@ request(post, ?APPURL_PLOP_STORAGE, "sendentry", Input) -> ok = db:add_entry_sync(TreeLeafHash, LogEntry), ok = storagedb:add(TreeLeafHash), - {KeyName, Sig} = http_auth:sign_stored(plop:spt_from_entry(LogEntry)), + {KeyName, Sig} = http_auth:sign_stored(plop:spt_data_from_entry(LogEntry)), success({[{result, <<"ok">>}, {"sig", KeyName ++ ":" ++ base64:encode_to_string(Sig)} ]}) |