// I guess if you really want to try a Verify that might fail and catch // the exception, then the AssumeValidSecret won't happen in that case. public void Verify(TParams theParams, Secret secret) { RawVerifyWrapper(theParams, secret); // I'm not sure this is necessary; hopefully it won't hurt. VProgram_API.Assert(secret.secretValue != null); VProgram_API.AssumeValidSecret(secret.secretValue, theParams, GetReaders(theParams)); }
public PayloadSecret <TMessage> Generate(TMessage message, Entity currentPrincipal) { var readers = GetReaders(message); // None of these checks are really the business of the vProgram, and // in particular, !message.active will be a contradiction. if (!VProgram_API.InVProgram) { if (currentPrincipal != Signer) { throw new Exception("Misconfiguration: current principal is signing a message " + "but is not the designated signer for this secret generator."); } // XXX Would it be more consistent to make the message nondet instead? if (!message.active) { throw new InvalidOperationException("Cannot sign a message without an active SymT"); } if (!readers.Contains(currentPrincipal)) { throw new Exception("Misconfiguration: secret generated by a principal not on its reader list."); } } var secretValue = RawGenerateWrapper(message); VProgram_API.AssumeValidSecret(secretValue, message, readers); return(new PayloadSecret <TMessage> { theParams = message, secretValue = secretValue, knownReaders = readers }); }
// TODO: In the real SVX API, currentPrincipal should be an ambient // variable of some kind (maybe not global if we want to run tests that // simulate multiple principals in the same process). public Secret Generate(TParams theParams, Entity currentPrincipal) { var readers = GetReaders(theParams); if (!VProgram_API.InVProgram) { if (!readers.Contains(currentPrincipal)) { throw new Exception("Misconfiguration: secret generated by a principal not on its reader list."); } } var secretValue = RawGenerateWrapper(theParams); VProgram_API.AssumeValidSecret(secretValue, theParams, readers); return(new Secret { secretValue = secretValue, knownReaders = readers }); }