Skip to content

N
nodemanager
Commit 862c1e78 authored by vicotor's avatar vicotor
Browse files
Options

update for container signature verify

parent f3447317
Hide whitespace changes
Inline Side-by-side
Showing with 75 additions and 44 deletions
nmregister/register.go
View file @ 862c1e78
...@@ -36,6 +36,11 @@ type NMRegister struct { ...@@ -36,6 +36,11 @@ type NMRegister struct {
rw sync.RWMutex rw sync.RWMutex
public ecdsa.PublicKey public ecdsa.PublicKey
quit chan struct{} quit chan struct{}
status string
}
func (s *NMRegister) SetStatus(status string) {
s.status = status
} }
func (s *NMRegister) ServiceType() common.ServiceType { func (s *NMRegister) ServiceType() common.ServiceType {
...@@ -43,7 +48,7 @@ func (s *NMRegister) ServiceType() common.ServiceType { ...@@ -43,7 +48,7 @@ func (s *NMRegister) ServiceType() common.ServiceType {
} }
func (s *NMRegister) Status() string { func (s *NMRegister) Status() string {
return "running" return s.status
} }
func (s *NMRegister) DetailInfo() (json.RawMessage, error) { func (s *NMRegister) DetailInfo() (json.RawMessage, error) {
......
server/node.go
View file @ 862c1e78
...@@ -98,17 +98,6 @@ func (n *Node) Sign(hash []byte) ([]byte, error) { ...@@ -98,17 +98,6 @@ func (n *Node) Sign(hash []byte) ([]byte, error) {
return crypto.Sign(hash, n.privk) return crypto.Sign(hash, n.privk)
} }
func (n *Node) Start() error {
go n.registry.Start()
go n.register.Start()
go n.postLoop()
if err := n.apiStart(); err != nil {
return err
}
return nil
}
func (n *Node) apiStart() error { func (n *Node) apiStart() error {
lis, err := net.Listen("tcp", config.GetConfig().ApiEndpoint()) lis, err := net.Listen("tcp", config.GetConfig().ApiEndpoint())
if err != nil { if err != nil {
...@@ -171,10 +160,27 @@ func (n *Node) postLoop() { ...@@ -171,10 +160,27 @@ func (n *Node) postLoop() {
} }
} }
func (n *Node) Start() error {
go n.registry.Start()
go n.register.Start()
go n.postLoop()
if err := n.apiStart(); err != nil {
return err
}
n.SetStatus("running")
return nil
}
func (n *Node) Stop() { func (n *Node) Stop() {
n.registry.Clear()
n.registry.Stop() n.registry.Stop()
n.register.Stop() n.register.Stop()
n.apiServer.Stop() n.apiServer.Stop()
close(n.taskResultCh) close(n.taskResultCh)
close(n.taskProofCh) close(n.taskProofCh)
} }
func (n *Node) SetStatus(status string) {
n.register.SetStatus(status)
}
server/taskresult.go
View file @ 862c1e78
...@@ -66,24 +66,34 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo ...@@ -66,24 +66,34 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo
} }
go wm.doCallback(task.TaskCallback, taskResponse) go wm.doCallback(task.TaskCallback, taskResponse)
} }
paramHash := crypto.Keccak256Hash(task.TaskParam)
resultHash := crypto.Keccak256Hash(result.TaskResultBody)
{
// verify container_signature and miner_signature
// container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
signature := result.ContainerSignature
if len(signature) == 65 {
signature = signature[:64]
}
pubkey := utils.FromHex(string(task.ContainerPubkey))
if len(pubkey) > 65 {
pubkey = pubkey[:65]
}
//{ verified := crypto.VerifySignature(pubkey, dataHash[:], signature)
// // verify container_signature and miner_signature log.WithFields(log.Fields{
// // container_signature = sign(hash(task_id+hash(task_param)+hash(task_result))) "containerSignatureVerify": verified,
// paramHash := crypto.Keccak256Hash(task.TaskParam) "taskkind": task.TaskKind,
// resultHash := crypto.Keccak256Hash(result.TaskResult) "containerPubkey": string(task.ContainerPubkey),
// dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskUuid), paramHash[:], resultHash[:])) }).Debug("container signature verify")
// containerPubkey, _ := utils.HexToPubkey(hex.EncodeToString(task.ContainerPubkey)) if !verified {
// verified := ecdsa.VerifyASN1(containerPubkey, dataHash[:], result.ContainerSignature) // todo: handle signature verify failed
// if !verified { }
// // todo: handle signature verify failed }
// }
//}
{ {
// verify miner_signature // verify miner_signature
// miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result))) // miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result)))
paramHash := crypto.Keccak256Hash(task.TaskParam)
resultHash := crypto.Keccak256Hash(result.TaskResultBody)
dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:])) dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
signature := result.MinerSignature signature := result.MinerSignature
if len(signature) == 65 { if len(signature) == 65 {
...@@ -104,8 +114,6 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo ...@@ -104,8 +114,6 @@ func (wm *WorkerManager) computeTaskResult(worker *Worker, task *odysseus.TaskCo
//manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time)) //manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time))
now := time.Now().Unix() now := time.Now().Unix()
paramHash := crypto.Keccak256Hash(task.TaskParam)
resultHash := crypto.Keccak256Hash(result.TaskResultBody)
dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:], dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:],
worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()), worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()),
big.NewInt(now).Bytes()) big.NewInt(now).Bytes())
...@@ -163,23 +171,34 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC ...@@ -163,23 +171,34 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC
return nil, errors.New("stdlib to verify failed") return nil, errors.New("stdlib to verify failed")
} }
//{ paramHash := crypto.Keccak256Hash(task.TaskParam)
// // verify container_signature and miner_signature resultHash := crypto.Keccak256Hash(result.TaskResultBody)
// // container_signature = sign(hash(task_id+hash(task_param)+hash(task_result))) {
// paramHash := crypto.Keccak256Hash(task.TaskParam) // verify container_signature and miner_signature
// resultHash := crypto.Keccak256Hash(result.TaskResult) // container_signature = sign(hash(task_id+hash(task_param)+hash(task_result)))
// dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskUuid), paramHash[:], resultHash[:])) dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
// containerPubkey, _ := utils.HexToPubkey(hex.EncodeToString(task.ContainerPubkey)) signature := result.ContainerSignature
// verified := ecdsa.VerifyASN1(containerPubkey, dataHash[:], result.ContainerSignature) if len(signature) == 65 {
// if !verified { signature = signature[:64]
// // todo: handle signature verify failed }
// } pubkey := utils.FromHex(string(task.ContainerPubkey))
//} if len(pubkey) > 65 {
pubkey = pubkey[:65]
}
verified := crypto.VerifySignature(pubkey, dataHash[:], signature)
log.WithFields(log.Fields{
"containerSignatureVerify": verified,
"taskkind": task.TaskKind,
"containerPubkey": string(task.ContainerPubkey),
}).Debug("container signature verify")
if !verified {
// todo: handle signature verify failed
}
}
{ {
// verify miner_signature // verify miner_signature
// miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result))) // miner_signature = sign(hash((task_id+hash(task_param)+hash(task_result)))
paramHash := crypto.Keccak256Hash(task.TaskParam)
resultHash := crypto.Keccak256Hash(result.TaskResultBody)
dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:])) dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:]))
signature := result.MinerSignature signature := result.MinerSignature
if len(signature) == 65 { if len(signature) == 65 {
...@@ -200,8 +219,6 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC ...@@ -200,8 +219,6 @@ func (wm *WorkerManager) standardTaskResult(worker *Worker, task *odysseus.TaskC
now := time.Now().Unix() now := time.Now().Unix()
//manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time)) //manager_signature = sign(hash((task_id+hash(task_param)+hash(task_result)+container_signature+miner_signature+workload+time))
paramHash := crypto.Keccak256Hash(task.TaskParam)
resultHash := crypto.Keccak256Hash(result.TaskResultBody)
dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:], dataHash := crypto.Keccak256Hash(utils.CombineBytes([]byte(result.TaskId), paramHash[:], resultHash[:],
worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()), worker.ProfitAccount().Bytes(), worker.WorkerAccount().Bytes(), result.ContainerSignature, result.MinerSignature, big.NewInt(int64(task.TaskWorkload)).Bytes()),
big.NewInt(now).Bytes()) big.NewInt(now).Bytes())
......
utils/crypto.go
View file @ 862c1e78
...@@ -36,5 +36,8 @@ func HexToPubkey(key string) (*ecdsa.PublicKey, error) { ...@@ -36,5 +36,8 @@ func HexToPubkey(key string) (*ecdsa.PublicKey, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if len(pub) > 65 {
pub = pub[:65]
}
return crypto.UnmarshalPubkey(pub) return crypto.UnmarshalPubkey(pub)
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment