Add API capability.

IACR · Oct 12, 2023 · 7049c4d · 7049c4d
1 parent 6fc0296
commit 7049c4d
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 8 deletions.
diff --git a/iacr/api/papers.php b/iacr/api/papers.php
@@ -1,5 +1,6 @@
 <?php
 require "lib.php";
+require "util.php";
 
 global $Opt;
 
@@ -10,7 +11,7 @@
 }
 $msg = $Opt['shortName'] . ':' . $Opt['iacrType'];
 
-if (!validate_hmac($_GET['auth'], $msg)) {
+if (!hash_equals(get_hmac($msg), $_GET['auth'])) {
   showError('Bad auth token');
   exit;
 }
@@ -38,6 +39,9 @@
       $paper['authors'][] = $name;
       $paper['affiliations'][] = $author->affiliation;
     }
+    if ($Opt['iacrType'] == 'cic') {
+      $paper['paperid'] = iacr_paperid($paper['paperId']);
+    }
     unset($paper['authorInformation']);
   }
 
@@ -48,6 +52,12 @@
                 'venue' => $Opt['iacrType'],
                 'year' => $Opt['year'],
                 'acceptedPapers' => $papers);
+  if (array_key_exists('volume', $Opt)) {
+    $data['volume'] = strval($Opt['volume']);
+  }
+  if (array_key_exists('issue', $Opt)) {
+    $data['issue'] = strval($Opt['issue']);
+  }
   echo json_encode($data, JSON_PRETTY_PRINT);
   $db = null;
 } catch (PDOException $e) {

diff --git a/iacr/api/util.php b/iacr/api/util.php
@@ -0,0 +1,33 @@
+<?php
+
+require __DIR__ ."/../../conf/options.php";
+
+// The iacr_paperid should be globally unique across all hotcrp instances. It should be short,
+// because it is hashed to create the DOI for the paper. It should not be parsed to extract
+// other elements like the volume number.
+
+function iacr_paperid($paperId) {
+  global $Opt;
+  $suffix = strval($Opt['volume']) . '_' . strval($Opt['issue']) . '_' . strval($paperId);
+  switch ($Opt['iacrType']) {
+    case 'cic':
+      return 'cc' . $suffix;
+    case 'tches':
+      return 'tc' . $suffix;
+    case 'tosc':
+      return 'to' . $suffix;
+    case 'crypto':
+      return 'cr' . $suffix;
+    case 'eurocrypt':
+      return 'eu' . $suffix;
+    case 'asiacrypt':
+      return 'as' . $suffix;
+    case 'tcc':
+      return 'tc' . $suffix;
+    case 'pkc':
+      return 'pk' . $suffix;
+    default:
+      return $Opt['iacrType'] . $suffix;
+  }
+}
+?>
diff --git a/iacr/includes/papertable.php b/iacr/includes/papertable.php
@@ -6,6 +6,9 @@
 // form. Options have a "iacrSetting" field in their json, which is serialized along with
 // other fields.
 //
+
+require __DIR__ . "/../api/util.php"; // for iacr_paperid
+
 class IACRSetting {
   const COPYRIGHT = 'copyright';
   const FINAL_PAPER = 'final_paper';
@@ -79,15 +82,17 @@ function echo_iacr_button(PaperOption $opt, Conf $conf, $paperId) {
       break;
     case IACRSetting::FINAL_PAPER:
       if ($conf->opt['iacrType'] == 'cic') {
+        $dbname = $conf->opt['dbName'];
         try {
           $db = new PDO("mysql:host=localhost;dbname=$dbname;charset=utf8",
                         $conf->opt['dbUser'],
                         $conf->opt['dbPassword']);
           $sql = "SELECT timeSubmitted FROM Paper WHERE paperId=:paperId";
           $stmt = $db->prepare($sql);
-          $stmt->bindParam(':paperId', $paperId);
-          $stmt->execute();
-          $timeSubmitted = $stmt->fetch(PDO::FETCH_ASSOC)['timeSubmitted'];
+          $res = $stmt->bindParam(':paperId', $paperId, PDO::PARAM_INT);
+          $res = $stmt->execute();
+          $row = $stmt->fetch(PDO::FETCH_ASSOC);
+          $timeSubmitted = $row['timeSubmitted'];
           $submitted = date('Y-m-d H:m:s', $timeSubmitted);
           // This is an approximation to acceptance timestamp. The actual acceptance date is apparently
           // only stored in the ActionLog as an ill-defined action. We simply look for the last acceptance decision
@@ -103,11 +108,13 @@ function echo_iacr_button(PaperOption $opt, Conf $conf, $paperId) {
           $accepted = 'error';
           error_log('unable to fetch accepted and submitted: ' . $e->message());
         }
-        $paperid = 'cic' . strval($conf->opt['volume']) . '_' . strval($conf->opt['issue']) . '_' . strval($paperId);
-        $authmsg = $paperid . 'candidate' . $submitted . $accepted;
-        $auth = hash_hmac('sha256', $authmsg, $conf->opt['hotcrp_shared_key']);
-        $querydata = array('paperid' => $paperid,
+        $iacr_paperid = iacr_paperid($paperId);
+        $authmsg = $iacr_paperid . 'candidate' . $submitted . $accepted;
+        $auth = hash_hmac('sha256', $authmsg, $conf->opt['publish_shared_key']);
+        $querydata = array('paperid' => $iacr_paperid,
                            'auth' => $auth,
+                           'issue' => $conf->opt['issue'],
+                           'volume' => $conf->opt['volume'],
                            'version' => 'candidate',
                            'submitted' => $submitted,
                            'accepted' => $accepted,