Calypso ocs

authprox/apadmin/main.go

@@ -28,7 +28,7 @@ var cmds = cli.Commands{
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "roster, r",
-				Usage: "the roster of the cothority that hosts the distributed Authentication Proxy",
+				Usage: "the roster of the cothority that hosts the distributed Policy Proxy",
 			},
 			cli.StringFlag{
 				Name:  "type",
@@ -48,7 +48,7 @@ var cmds = cli.Commands{
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "roster, r",
-				Usage: "the roster of the cothority that hosts the distributed Authentication Proxy",
+				Usage: "the roster of the cothority that hosts the distributed Policy Proxy",
 			},
 		},
 		Action: show,

authprox/proto.go

@@ -24,7 +24,7 @@ type EnrollResponse struct {
 }
 
 // SignatureRequest is the request sent to this service to request that
-// the Authentication Proxy check the authentication information and
+// the Policy Proxy check the authentication information and
 // generate a signature connecting some information identifying the
 // holder of the AuthInfo to the message.
 type SignatureRequest struct {

authprox/service.go

@@ -21,7 +21,7 @@ import (
 	bbolt "go.etcd.io/bbolt"
 )
 
-// ServiceName is the name of the Authentication Proxy service.
+// ServiceName is the name of the Policy Proxy service.
 const ServiceName = "AuthProx"
 
 var authProxID onet.ServiceID

blscosi/protocol/protocol.go

@@ -28,7 +28,10 @@ type VerificationFn func(msg, data []byte) bool
 // init is done at startup. It defines every messages that is handled by the network
 // and registers the protocols.
 func init() {
-	GlobalRegisterDefaultProtocols()
+	_, err := onet.GlobalProtocolRegister(DefaultProtocolName, NewDefaultProtocol)
+	log.ErrFatal(err)
+	_, err = onet.GlobalProtocolRegister(DefaultSubProtocolName, NewDefaultSubProtocol)
+	log.ErrFatal(err)
 }
 
 // BlsCosi holds the parameters of the protocol.
@@ -67,13 +70,6 @@ func NewDefaultProtocol(n *onet.TreeNodeInstance) (onet.ProtocolInstance, error)
 	return NewBlsCosi(n, vf, DefaultSubProtocolName, pairing.NewSuiteBn256())
 }
 
-// GlobalRegisterDefaultProtocols is used to register the protocols before use,
-// most likely in an init function.
-func GlobalRegisterDefaultProtocols() {
-	onet.GlobalProtocolRegister(DefaultProtocolName, NewDefaultProtocol)
-	onet.GlobalProtocolRegister(DefaultSubProtocolName, NewDefaultSubProtocol)
-}
-
 // DefaultThreshold computes the minimal threshold authorized using
 // the formula 3f+1
 func DefaultThreshold(n int) int {
@@ -98,16 +94,15 @@ func NewBlsCosi(n *onet.TreeNodeInstance, vf VerificationFn, subProtocolName str
 
 	// the default number of subtree is the square root to
 	// distribute the nodes evenly
-	c.SetNbrSubTree(int(math.Sqrt(float64(nNodes - 1))))
-
-	return c, nil
+	err := c.SetNbrSubTree(int(math.Sqrt(float64(nNodes - 1))))
+	return c, err
 }
 
 // SetNbrSubTree generates N new subtrees that will be used
 // for the protocol
 func (p *BlsCosi) SetNbrSubTree(nbr int) error {
 	if nbr > len(p.Roster().List)-1 {
-		return errors.New("Cannot have more subtrees than nodes")
+		return errors.New("cannot have more subtrees than nodes")
 	}
 	if p.Threshold == 1 || nbr <= 0 {
 		p.subTrees = []*onet.Tree{}
@@ -129,7 +124,10 @@ func (p *BlsCosi) Shutdown() error {
 		for _, subCosi := range p.subProtocols {
 			// we're stopping the root thus it will stop the children
 			// by itself using a broadcasted message
-			subCosi.Shutdown()
+			err := subCosi.Shutdown()
+			if err != nil {
+				log.Error("Error while shutting down", subCosi, err)
+			}
 		}
 		close(p.startChan)
 		close(p.FinalSignature)
@@ -321,7 +319,10 @@ func (p *BlsCosi) collectSignatures() (ResponseMap, error) {
 
 					// restart subprotocol
 					// send stop signal to old protocol
-					subProtocol.HandleStop(StructStop{subProtocol.TreeNode(), Stop{}})
+					err = subProtocol.HandleStop(StructStop{subProtocol.TreeNode(), Stop{}})
+					if err != nil {
+						log.Error("Error while stopping sub-protocol", subProtocol, err)
+					}
 					subProtocol, err = p.startSubProtocol(p.subTrees[i])
 					if err != nil {
 						errChan <- fmt.Errorf("(subprotocol %v) error in restarting of subprotocol: %s", i, err)

blscosi/protocol/sub_protocol.go

@@ -15,10 +15,6 @@ import (
 	"go.dedis.ch/onet/v3/log"
 )
 
-func init() {
-	GlobalRegisterDefaultProtocols()
-}
-
 // sub_protocol is run by each sub-leader and each node once, and n times by
 // the root leader, where n is the number of sub-leader.
 

calypso/api.go

@@ -40,7 +40,7 @@ func NewClient(byzcoin *byzcoin.Client) *Client {
 		cothority.Suite, ServiceName)}
 }
 
-// CreateLTS creates a random LTSID that can be used to reference the LTS group
+// CreateOCS creates a random LTSID that can be used to reference the LTS group
 // created. It first sends a transaction to ByzCoin to spawn a LTS instance,
 // then it asks the Calypso cothority to start the DKG.
 func (c *Client) CreateLTS(ltsRoster *onet.Roster, darcID darc.ID, signers []darc.Signer, counters []uint64) (reply *CreateLTSReply, err error) {
@@ -103,7 +103,7 @@ func (c *Client) Authorise(who *network.ServerIdentity, what skipchain.SkipBlock
 	return nil
 }
 
-// DecryptKey takes as input Read- and Write- Proofs. It verifies that
+// Reencrypt takes as input Read- and Write- Proofs. It verifies that
 // the read/write requests match and then re-encrypts the secret
 // given the public key information of the reader.
 func (c *Client) DecryptKey(dkr *DecryptKey) (reply *DecryptKeyReply, err error) {
@@ -261,7 +261,7 @@ func (c *Client) SpawnDarc(signer darc.Signer, signerCtr uint64,
 }
 
 // RecoverKey is used to recover the secret key once it has been
-// re-encrypted to a given public key by the DecryptKey method
+// re-encrypted to a given public key by the Reencrypt method
 // in the Calypso service. The resulting secret key can be used
 // with a symmetric decryption algorithm to decrypt the data
 // stored in the Data field of the WriteInstance.

calypso/api_test.go

@@ -12,7 +12,7 @@ import (
 	"go.dedis.ch/onet/v3"
 )
 
-// Tests the client function CreateLTS
+// Tests the client function CreateOCS
 func TestClient_CreateLTS(t *testing.T) {
 	l := onet.NewTCPTest(cothority.Suite)
 	_, roster, _ := l.GenTree(3, true)
@@ -37,7 +37,7 @@ func TestClient_CreateLTS(t *testing.T) {
 		require.NoError(t, err)
 	}
 
-	// Invoke CreateLTS
+	// Invoke CreateOCS
 	ltsReply, err := calypsoClient.CreateLTS(roster, d.GetBaseID(), []darc.Signer{signer}, []uint64{1})
 	require.Nil(t, err)
 	require.NotNil(t, ltsReply.ByzCoinID)
@@ -47,7 +47,7 @@ func TestClient_CreateLTS(t *testing.T) {
 
 // TODO(jallen): Write TestClient_Reshare (and add api.go part too, I guess)
 
-// Tests the client api's AddRead, AddWrite, DecryptKey
+// Tests the client api's AddRead, AddWrite, Reencrypt
 func TestClient_Calypso(t *testing.T) {
 	l := onet.NewTCPTest(cothority.Suite)
 	_, roster, _ := l.GenTree(3, true)

calypso/proto.go

@@ -9,6 +9,7 @@ import (
 
 // PROTOSTART
 // type :skipchain.SkipBlockID:bytes
+// type :time.Time:uint64
 // package calypso;
 // import "byzcoin.proto";
 // import "onet.proto";
@@ -38,8 +39,9 @@ type Write struct {
 	// f is the proof - written in uppercase here so it is an exported
 	// field, but in the OCS-paper it's lowercase.
 	F kyber.Scalar
-	// C is the ElGamal parts for the symmetric key material (might also
-	// contain an IV)
+	// C is the ElGamal part for the symmetric key material, at maximum length
+	// of ed25519.Point.EmbedLen * 8 = 240 bits. An eventual IV must be published
+	// in ExtraData, as it is not necessary to be encrypted.
 	C kyber.Point
 	// ExtraData is clear text and application-specific
 	ExtraData []byte `protobuf:"opt"`
@@ -68,7 +70,7 @@ type Authorise struct {
 type AuthoriseReply struct {
 }
 
-// CreateLTS is used to start a DKG and store the private keys in each node.
+// CreateOCS is used to start a DKG and store the private keys in each node.
 // Prior to using this request, the Calypso roster must be recorded on the
 // ByzCoin blockchain in the instance specified by InstanceID.
 type CreateLTS struct {
@@ -96,7 +98,7 @@ type ReshareLTS struct {
 type ReshareLTSReply struct {
 }
 
-// DecryptKey is sent by a reader after he successfully stored a 'Read' request
+// Reencrypt is sent by a reader after he successfully stored a 'Read' request
 // in byzcoin Client.
 type DecryptKey struct {
 	// Read is the proof that he has been accepted to read the secret.

calypso/protocol/ocs_struct.go

@@ -12,7 +12,7 @@ import (
 )
 
 // NameOCS can be used from other packages to refer to this protocol.
-const NameOCS = "OCS"
+const NameOCS = "OCSOld"
 
 func init() {
 	network.RegisterMessages(&Reencrypt{}, &ReencryptReply{})
@@ -40,7 +40,7 @@ type structReencrypt struct {
 	Reencrypt
 }
 
-// ReencryptReply returns the share to re-encrypt from one node
+// MessageReencryptReply returns the share to re-encrypt from one node
 type ReencryptReply struct {
 	Ui *share.PubShare
 	Ei kyber.Scalar

calypso/service.go

@@ -140,7 +140,7 @@ func (s *Service) Authorise(req *Authorise) (*AuthoriseReply, error) {
 	return &AuthoriseReply{}, nil
 }
 
-// CreateLTS takes as input a roster with a list of all nodes that should
+// CreateOCS takes as input a roster with a list of all nodes that should
 // participate in the DKG. Every node will store its private key and wait for
 // decryption requests. The LTSID should be the InstanceID.
 func (s *Service) CreateLTS(req *CreateLTS) (reply *CreateLTSReply, err error) {
@@ -340,7 +340,7 @@ func (s *Service) getLtsRoster(proof *byzcoin.Proof) (*onet.Roster, byzcoin.Inst
 	return &info.Roster, byzcoin.NewInstanceID(instanceID), nil
 }
 
-// DecryptKey takes as an input a Read- and a Write-proof. Proofs contain
+// Reencrypt takes as an input a Read- and a Write-proof. Proofs contain
 // everything necessary to verify that a given instance is correct and
 // stored in ByzCoin.
 // Using the Read and the Write-instance, this method verifies that the

conode/Dockerfile-dev

@@ -10,4 +10,4 @@ COPY exe/conode.Linux.x86_64 ./conode
 
 EXPOSE 7770 7771
 
-CMD "./run_nodes.sh -n 1"
+CMD ["./run_nodes.sh", "-n 1", "-v 2", "-d /conode_data"]

conode/Makefile

@@ -1,5 +1,5 @@
-CONTAINER = conode
-IMAGE_NAME = dedis/$(CONTAINER)
+CONTAINER = ocs
+IMAGE_NAME = c4dt/$(CONTAINER)
 DATA_DIR = $(shell pwd)/conode_data
 GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
 TAG = dev-$(shell date +%y%m%d)
@@ -56,8 +56,8 @@ clean:
 
 verify:
 	GO111MODULE=on go mod verify
-	@echo "Checking for replace in go.mod..."
-	@if GO111MODULE=on go list -m all | grep --quiet '=>'; then exit 1; fi
+	#@echo "Checking for replace in go.mod..."
+	#@if GO111MODULE=on go list -m all | grep --quiet '=>'; then exit 1; fi
 
 # The suffix on conode exe is the result from: echo `uname -s`.`uname -m`
 # so that we can find the right one in the wrapper script.

conode/conode.go

@@ -24,14 +24,7 @@ import (
 	"time"
 
 	"go.dedis.ch/cothority/v3"
-	_ "go.dedis.ch/cothority/v3/authprox"
-	_ "go.dedis.ch/cothority/v3/byzcoin"
-	_ "go.dedis.ch/cothority/v3/byzcoin/contracts"
-	_ "go.dedis.ch/cothority/v3/calypso"
-	_ "go.dedis.ch/cothority/v3/eventlog"
-	_ "go.dedis.ch/cothority/v3/evoting/service"
-	_ "go.dedis.ch/cothority/v3/personhood"
-	_ "go.dedis.ch/cothority/v3/skipchain"
+	_ "go.dedis.ch/cothority/v3/ocs"
 	status "go.dedis.ch/cothority/v3/status/service"
 	"go.dedis.ch/kyber/v3/util/encoding"
 	"go.dedis.ch/kyber/v3/util/key"

darc/proto.go

@@ -77,7 +77,7 @@ type IdentityX509EC struct {
 }
 
 // IdentityProxy holds the info necessary to verify a claim
-// from an external authentication system via an Authentication Proxy.
+// from an external authentication system via an Policy Proxy.
 type IdentityProxy struct {
 	Data   string
 	Public kyber.Point
@@ -120,7 +120,7 @@ type SignerX509EC struct {
 }
 
 // SignerProxy holds the information necessary to verify claims
-// coming from external authentication systems via Authentication Proxies.
+// coming from external authentication systems via Policy Proxies.
 type SignerProxy struct {
 	Data         string
 	Public       kyber.Point

dkg/pedersen/dkg.go

@@ -91,6 +91,9 @@ func NewSharedSecret(gen *dkgpedersen.DistKeyGenerator) (*SharedSecret, *dkgpede
 
 // Start sends the Announce-message to all children
 func (o *Setup) Start() error {
+	if !o.ServerIdentity().ID.Equal(o.Roster().List[0].ID) {
+		return errors.New("cannot do a DKG where the root is not the first node in the roster")
+	}
 	log.Lvl3("Starting Protocol")
 	// 1a - root asks children to send their public key
 	errs := o.Broadcast(&Init{Wait: o.Wait})

eventlog/el/main.go

@@ -643,7 +643,7 @@ func (o *openidCfg) getSigners(cl *eventlog.Client) ([]darc.Signer, error) {
 	n := len(r.List)
 	T := threshold(n)
 
-	// The callback from darc.Sign where we need to go contact the Authentication Proxies.
+	// The callback from darc.Sign where we need to go contact the Policy Proxies.
 	cb := func(msg []byte) ([]byte, error) {
 		tok, err := ts.Token()
 		if err != nil {