List of usage examples for org.bouncycastle.crypto.prng SP800SecureRandomBuilder SP800SecureRandomBuilder
public SP800SecureRandomBuilder(SecureRandom entropySource, boolean predictionResistant)
From source file:com.vvote.verifier.component.ballotGen.BallotGenerationVerifier.java
License:Open Source License
/** * Verifies the fiat shamir calculation//from w ww . j a va 2s . com * * @return true if the fiat shamir calculation matches that which is * included in the ballot submit response message for the current * commit */ public boolean verifyFiatShamirCalculation() { logger.info( "Starting Verification of the Fiat Shamir signature which determines the ballots chosen for auditing by each PoD Printer"); final int ballotsToGenerate = this.getDataStore().getBallotGenerationConfig().getBallotsToGenerate(); final int ballotsToAudit = this.getDataStore().getBallotGenerationConfig().getBallotsToAudit(); List<String> serialNumbers = null; BallotAuditCommit auditCommit = null; boolean verified = true; String currentBoothId = null; for (CommitIdentifier identifier : this.getDataStore().getAuditData().keySet()) { logger.info("Verifying the Fiat-Shamir signature for commitment with identifier: {}", identifier); serialNumbers = new ArrayList<String>( this.getDataStore().getGeneratedCiphers().get(identifier).getCommittedBallotsSerialNumbers()); // need to sort the serial numbers to make sure they are in a // 'default' // state i.e. in order Collections.sort(serialNumbers, new BallotSerialNumberComparator()); // check generation size if (serialNumbers.size() != ballotsToGenerate) { logger.error( "The number of ballots generated ({}) doesn't match the number of ballots requested for generation ({})", serialNumbers.size(), ballotsToGenerate); resultsLogger.error( "The number of ballots generated ({}) doesn't match the number of ballots requested for generation ({})", serialNumbers.size(), ballotsToGenerate); return false; } auditCommit = this.getDataStore().getAuditData().get(identifier); currentBoothId = auditCommit.getMessage().getBoothID(); // verify sig is created properly: try { if (!verifySignatureMatches(identifier, auditCommit)) { verified = false; } } catch (NoSuchAlgorithmException | NoSuchProviderException | FileHashException e) { logger.error("The Fiat Shamir signature couldn't be calculated. Check the supplied data", e); resultsLogger.error("The Fiat Shamir signature couldn't be calculated. Check the supplied data", e); return false; } logger.info( "Fiat shamir signature was recalculated and matches what was included in the BallotSubmitResponse message for printer: {}", currentBoothId); logger.info( "Verifying that the ballots chosen for auditing were correctly chosen for commitment with identifier: {}", identifier); final byte[] fiatShamirSig = Utils.decodeBase64Data(auditCommit.getResponse().getFiatShamir()); // use fiat shamir sig as the seed for the deterministic random bit // generator FixedSecureRandom fixedSecureRandom = new FixedSecureRandom(fiatShamirSig); SP800SecureRandomBuilder randomBuilder = new SP800SecureRandomBuilder(fixedSecureRandom, false); randomBuilder.setPersonalizationString(auditCommit.getResponse().getPeerID().getBytes()); SP800SecureRandom sp800SecureRandom = randomBuilder.buildHash(new SHA256Digest(), null, false); Collections.shuffle(serialNumbers, sp800SecureRandom); ArrayList<String> serialNumbersToAudit = new ArrayList<String>(); for (int i = 0; i < ballotsToAudit; i++) { serialNumbersToAudit.add(serialNumbers.get(i)); } if (serialNumbersToAudit.size() != ballotsToAudit) { logger.error( "The number of serial numbers calculated for auditing does not match the number of serial numbers requested for auditing for commitment with identifier: {}", identifier); resultsLogger.error( "The number of serial numbers calculated for auditing does not match the number of serial numbers requested for auditing for commitment with identifier: {}", identifier); verified = false; } if (auditCommit.getRandomnessCommitmentSerialNumbers().size() != ballotsToAudit) { logger.error( "The number of serial numbers included in the audit file doesn't match the number of serial numbers requested for auditing for commitment with identifier: {}", identifier); resultsLogger.error( "The number of serial numbers included in the audit file doesn't match the number of serial numbers requested for auditing for commitment with identifier: {}", identifier); verified = false; } if (!auditCommit.getRandomnessCommitmentSerialNumbers().containsAll(serialNumbersToAudit)) { logger.error( "The serial numbers included in the audit file do not match the serial numbers requested for auditing calculated using the fiat shamir signature for commitment with identifier: {}", identifier); resultsLogger.error( "The serial numbers included in the audit file do not match the serial numbers requested for auditing calculated using the fiat shamir signature for commitment with identifier: {}", identifier); verified = false; } logger.debug( "Successfully verified that the serial numbers of ballots for auditing were correctly chosen using the Fiat shamir signature for commitment with identifier: {}", identifier); resultsLogger.info( "Serial numbers for auditing were checked successfully using the Fiat shamir signature for commitment with identifier: {}", identifier); } logger.debug( "Successfully verified the Fiat Shamir signatures were used to choose the required number of ballots for auditing"); resultsLogger.info( "Successfully verified the Fiat Shamir signatures were used to choose the required number of ballots for auditing"); return verified; }