Une MAJ de sécurité est nécessaire sur notre version actuelle. Elle sera effectuée lundi 02/08 entre 12h30 et 13h. L'interruption de service devrait durer quelques minutes (probablement moins de 5 minutes).

Commit c420c996 authored by Stephane Glondu's avatar Stephane Glondu
Browse files

If no trustees are set, let the system manage a key

parent 304431ee
......@@ -253,7 +253,7 @@ module Make (D : ELECTION_DATA) (P : WEB_PARAMS) : REGISTRABLE = struct
Lwt_io.write oc tally
)
) >>
return (num_tallied, sha256_b64 tally)
return (num_tallied, sha256_b64 tally, tally)
end
......
......@@ -98,7 +98,7 @@ module type WEB_BALLOT_BOX = sig
val update_files : unit -> unit Lwt.t
val update_cred : old:string -> new_:string -> unit Lwt.t
val compute_encrypted_tally : unit -> (int * string) Lwt.t
val compute_encrypted_tally : unit -> (int * string * string) Lwt.t
(** Computes and writes to disk the encrypted tally. Returns the
number of ballots and the hash of the encrypted tally. *)
end
......@@ -111,7 +111,7 @@ end
module type WEB_ELECTION = sig
include ELECTION_DATA
include WEB_PARAMS
module E : ELECTION with type elt = G.t
module E : ELECTION with type elt = G.t and type 'a m = 'a Lwt.t
module B : WEB_BALLOT_BOX
module Auth : sig
module Services : AUTH_SERVICES
......
......@@ -593,21 +593,19 @@ let () =
if se.se_owner <> u then forbidden () else
let group = Group.of_string se.se_group in
let module G = (val group : GROUP) in
let module M = Election.MakeSimpleMonad (G) in
(* FIXME: KG does not actually need M here *)
let module KG = Election.MakeSimpleDistKeyGen (G) (M) in
let module KG = Election.MakeSimpleDistKeyGen (G) (LwtRandom) in
(* construct election data in memory *)
let () =
lwt public_keys, private_key =
match se.se_public_keys with
| [] -> failwith "trustee public keys are missing"
| _ :: _ -> ()
in
let public_keys =
List.rev_map
(fun (_, r) ->
if !r = "" then failwith "some public keys are missing";
trustee_public_key_of_string G.read !r
) se.se_public_keys
| [] ->
lwt private_key, public_key = KG.generate_and_prove () in
return ([public_key], Some private_key)
| _ :: _ ->
return (List.rev_map
(fun (_, r) ->
if !r = "" then failwith "some public keys are missing";
trustee_public_key_of_string G.read !r
) se.se_public_keys, None)
in
let y = KG.combine (Array.of_list public_keys) in
let template = se.se_questions in
......@@ -658,6 +656,14 @@ let () =
let module W = (val w : REGISTRABLE_ELECTION) in
lwt w = W.register () in
let module W = (val w : WEB_ELECTION) in
(* create file with private key, if any *)
lwt () =
match private_key with
| None -> return ()
| Some x ->
let fname = W.dir / "private_key.json" in
create_file fname (string_of_number x)
in
(* clean up temporary files *)
Lwt_unix.unlink files.f_election >>
Lwt_unix.unlink files.f_metadata >>
......@@ -1101,10 +1107,25 @@ let () =
| `Closed -> return ()
| _ -> forbidden ()
in
lwt nb, hash = W.B.compute_encrypted_tally () in
lwt nb, hash, tally = W.B.compute_encrypted_tally () in
let pks = W.dir / string_of_election_file ESKeys in
let pks = Lwt_io.lines_of_file pks in
let npks = ref 0 in
lwt () = Lwt_stream.junk_while (fun _ -> incr npks; true) pks in
Web_persist.set_election_state uuid_s (`EncryptedTally (!npks, nb, hash)) >>
lwt () =
(* compute partial decryption if the (single) key is known *)
let skfile = W.dir / "private_key.json" in
if !npks = 1 && Sys.file_exists skfile then (
lwt sk = Lwt_io.lines_of_file skfile |> Lwt_stream.to_list in
let sk = match sk with
| [sk] -> number_of_string sk
| _ -> failwith "several private keys are available"
in
let tally = encrypted_tally_of_string W.G.read tally in
lwt pd = W.E.compute_factor tally sk in
let pd = string_of_partial_decryption W.G.write pd in
Web_persist.set_partial_decryptions uuid_s [1, pd]
) else return ()
in
Redirection.send (preapply election_admin (uuid, ())))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment