Skip to content

Commit

Permalink
cleanup deserializer
Browse files Browse the repository at this point in the history
Signed-off-by: Angelo De Caro <[email protected]>
  • Loading branch information
adecaro committed Aug 12, 2024
1 parent beb9738 commit 15665dc
Show file tree
Hide file tree
Showing 8 changed files with 78 additions and 113 deletions.
8 changes: 8 additions & 0 deletions integration/ports.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ var (
CommType: fsc.WebSocket,
ReplicationFactor: token.None,
}
WebSocketWithReplication = &InfrastructureType{

Check failure on line 46 in integration/ports.go

View workflow job for this annotation

GitHub Actions / lint

other declaration of WebSocketWithReplication (typecheck)

Check failure on line 46 in integration/ports.go

View workflow job for this annotation

GitHub Actions / lint

other declaration of WebSocketWithReplication) (typecheck)

Check failure on line 46 in integration/ports.go

View workflow job for this annotation

GitHub Actions / lint

other declaration of WebSocketWithReplication) (typecheck)
Label: ginkgo.Label("replicas"),
CommType: fsc.WebSocket,
ReplicationFactor: 3,
}
LibP2PNoReplication = &InfrastructureType{
Label: ginkgo.Label("libp2p"),
CommType: fsc.LibP2P,
Expand All @@ -55,6 +60,9 @@ var (
LibP2PNoReplicationOnly = []*InfrastructureType{
LibP2PNoReplication,
}
WebSocketWithReplicationOnly = []*InfrastructureType{
WebSocketWithReplication,
}

AllTestTypes = []*InfrastructureType{
WebSocketNoReplication,
Expand Down
2 changes: 1 addition & 1 deletion token/core/zkatdlog/crypto/audit/auditor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ var _ = Describe("Auditor", func() {
Expect(err).NotTo(HaveOccurred())
pp, err = crypto.Setup(32, ipk, math.FP256BN_AMCL)
Expect(err).NotTo(HaveOccurred())
des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
Expect(err).NotTo(HaveOccurred())
auditor = audit.NewAuditor(flogging.MustGetLogger("auditor"), des, pp.PedersenGenerators, nil, fakeSigningIdentity, math.Curves[pp.Curve])
fakeSigningIdentity.SignReturns([]byte("auditor-signature"), nil)
Expand Down
2 changes: 1 addition & 1 deletion token/core/zkatdlog/crypto/validator/validator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ var _ = Describe("validator", func() {
c := math.Curves[pp.Curve]

asigner, _ := prepareECDSASigner()
des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
Expect(err).NotTo(HaveOccurred())
auditor = audit.NewAuditor(flogging.MustGetLogger("auditor"), des, pp.PedersenGenerators, pp.IdemixIssuerPK, asigner, c)
araw, err := asigner.Serialize()
Expand Down
7 changes: 6 additions & 1 deletion token/core/zkatdlog/nogh/driver/deserializer.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,12 @@ func NewDeserializer(pp *crypto.PublicParams) (*Deserializer, error) {
if pp == nil {
return nil, errors.New("failed to get deserializer: nil public parameters")
}
idemixDes, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, pp.IdemixCurveID)
idemixDes, err := idemix.NewEidNymRhNymDeserializer(
&schema.DefaultManager{},
"",
pp.IdemixIssuerPK,
pp.IdemixCurveID,
)
if err != nil {
return nil, errors.Wrapf(err, "failed getting idemix deserializer for passed public params [%d]", pp.IdemixCurveID)
}
Expand Down
113 changes: 31 additions & 82 deletions token/services/identity/msp/idemix/deserializer.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,41 +22,24 @@ type Deserializer struct {
*msp2.Deserializer
}

// NewDeserializer returns a new deserializer for the idemix ExpectEidNymRhNym verification strategy
func NewDeserializer(
// NewEidNymRhNymDeserializer returns a new deserializer that expects EID and RH Nyms identities.
// The returned deserializer checks the validly of the deserialized identities.
func NewEidNymRhNymDeserializer(
sm SchemaManager,
schema string,
ipk []byte,
curveID math.CurveID,
) (*Deserializer, error) {
logger.Debugf("new deserialized for dlog idemix")
cryptoProvider, err := msp2.NewBCCSPWithDummyKeyStore(curveID, curveID == math.BLS12_381_BBS)
if err != nil {
return nil, errors.WithMessagef(err, "failed to instantiate crypto provider for curve [%d]", curveID)
}
return NewDeserializerWithProvider(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider)
return NewDeserializer(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider)
}

// NewDeserializerWithProvider returns a new serialized for the passed arguments
func NewDeserializerWithProvider(
sm SchemaManager,
schema string,
ipk []byte,
verType csp.VerificationType,
nymEID []byte,
cryptoProvider csp.BCCSP,
) (*Deserializer, error) {
return NewDeserializerWithBCCSP(
sm,
schema,
ipk,
verType,
nymEID,
cryptoProvider,
)
}

func NewDeserializerWithBCCSP(
// NewDeserializer returns a new deserializer for the passed arguments.
// The returned deserializer checks the validly of the deserialized identities.
func NewDeserializer(
sm SchemaManager,
schema string,
ipk []byte,
Expand All @@ -67,20 +50,21 @@ func NewDeserializerWithBCCSP(
logger.Debugf("Setting up Idemix-based MSP instance")

// Import Issuer Public Key
if len(ipk) == 0 {
return nil, errors.Errorf("no issuer public key provided")
}
var issuerPublicKey csp.Key
if len(ipk) != 0 {
// get the opts from the schema manager
opts, err := sm.PublicKeyImportOpts(schema)
if err != nil {
return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema)
}
issuerPublicKey, err = cryptoProvider.KeyImport(
ipk,
opts,
)
if err != nil {
return nil, err
}
// get the opts from the schema manager
opts, err := sm.PublicKeyImportOpts(schema)
if err != nil {
return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema)
}
issuerPublicKey, err = cryptoProvider.KeyImport(
ipk,
opts,
)
if err != nil {
return nil, err
}

return &Deserializer{
Expand All @@ -97,7 +81,7 @@ func NewDeserializerWithBCCSP(
}

func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier, error) {
identity, err := d.Deserialize(raw, true)
identity, err := d.Deserialize(raw)
if err != nil {
return nil, err
}
Expand All @@ -111,8 +95,16 @@ func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier
}, nil
}

func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) {
return d.Deserializer.DeserializeAuditInfo(raw)
}

func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) {
return d.Deserializer.DeserializeAuditInfo(raw)
}

func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byte) (driver.Verifier, error) {
identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, true, nymEID)
identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, nymEID)
if err != nil {
return nil, err
}
Expand All @@ -126,49 +118,6 @@ func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byt
}, nil
}

func (d *Deserializer) DeserializeSigner(raw []byte) (driver.Signer, error) {
return nil, errors.New("not supported")
}

func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) {
return d.Deserializer.DeserializeAuditInfo(raw)
}

func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) {
return d.Deserializer.DeserializeAuditInfo(raw)
}

func (d *Deserializer) GetOwnerAuditInfo(raw []byte, p driver.AuditInfoProvider) ([][]byte, error) {
auditInfo, err := p.GetAuditInfo(raw)
if err != nil {
return nil, errors.Wrapf(err, "failed getting audit info for recipient identity [%s]", driver.Identity(raw).String())
}
return [][]byte{auditInfo}, nil
}

func (d *Deserializer) Info(raw []byte, auditInfo []byte) (string, error) {
r, err := d.Deserialize(raw, false)
if err != nil {
return "", err
}

eid := ""
if len(auditInfo) != 0 {
ai, err := msp2.DeserializeAuditInfo(auditInfo)
if err != nil {
return "", err
}
ai.SchemaManager = d.Deserializer.SchemaManager
ai.Schema = d.Deserializer.Schema
if err := ai.Match(raw); err != nil {
return "", err
}
eid = ai.EnrollmentID()
}

return fmt.Sprintf("MSP.Idemix: [%s][%s][%s][%s][%s]", eid, driver.Identity(raw).UniqueID(), r.SerializedIdentity.Mspid, r.OU.OrganizationalUnitIdentifier, r.Role.Role.String()), nil
}

func (d *Deserializer) String() string {
return fmt.Sprintf("Idemix with IPK [%s]", hash.Hashable(d.Ipk).String())
}
Expand Down
17 changes: 10 additions & 7 deletions token/services/identity/msp/idemix/msp/deserializer.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ type Deserializer struct {
Schema string
}

func (d *Deserializer) Deserialize(raw []byte, checkValidity bool) (*DeserializedIdentity, error) {
return d.DeserializeAgainstNymEID(raw, checkValidity, nil)
func (d *Deserializer) Deserialize(raw []byte) (*DeserializedIdentity, error) {
return d.DeserializeAgainstNymEID(raw, nil)
}

func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool, nymEID []byte) (*DeserializedIdentity, error) {
func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, nymEID []byte) (*DeserializedIdentity, error) {
si := &m.SerializedIdentity{}
err := proto.Unmarshal(raw, si)
if err != nil {
Expand All @@ -56,6 +56,11 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool,
return nil, errors.Errorf("unable to deserialize idemix identity: pseudonym is invalid")
}

// match schema
if serialized.Schema != d.Schema {
return nil, errors.Errorf("unable to deserialize idemix identity: schema does not match [%s]!=[%s]", serialized.Schema, d.Schema)
}

// Import NymPublicKey
var rawNymPublicKey []byte
rawNymPublicKey = append(rawNymPublicKey, serialized.NymX...)
Expand Down Expand Up @@ -110,10 +115,8 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool,
if err != nil {
return nil, errors.Wrap(err, "cannot deserialize")
}
if checkValidity {
if err := id.Validate(); err != nil {
return nil, errors.Wrap(err, "cannot deserialize, invalid identity")
}
if err := id.Validate(); err != nil {
return nil, errors.Wrap(err, "cannot deserialize, invalid identity")
}

return &DeserializedIdentity{
Expand Down
36 changes: 18 additions & 18 deletions token/services/identity/msp/idemix/msp/id.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ type SchemaManager interface {

type Identity struct {
NymPublicKey bccsp.Key
Idemix *Deserializer
Deserializer *Deserializer
ID *msp.IdentityIdentifier
Role *m.MSPRole
OU *m.OrganizationUnit
Expand All @@ -59,7 +59,7 @@ type Identity struct {
}

func NewIdentity(
idemix *Deserializer,
deserializer *Deserializer,
NymPublicKey bccsp.Key,
role *m.MSPRole,
ou *m.OrganizationUnit,
Expand All @@ -69,7 +69,7 @@ func NewIdentity(
Schema string,
) (*Identity, error) {
id := &Identity{}
id.Idemix = idemix
id.Deserializer = deserializer
id.NymPublicKey = NymPublicKey
id.Role = role
id.OU = ou
Expand All @@ -83,7 +83,7 @@ func NewIdentity(
return nil, errors.Wrapf(err, "failed to marshal nym public key")
}
id.ID = &msp.IdentityIdentifier{
Mspid: idemix.Name,
Mspid: deserializer.Name,
Id: bytes.NewBuffer(raw).String(),
}

Expand All @@ -105,12 +105,12 @@ func (id *Identity) GetIdentifier() *msp.IdentityIdentifier {
}

func (id *Identity) GetMSPIdentifier() string {
return id.Idemix.Name
return id.Deserializer.Name
}

func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier {
// we use the (serialized) public key of this MSP as the CertifiersIdentifier
certifiersIdentifier, err := id.Idemix.IssuerPublicKey.Bytes()
certifiersIdentifier, err := id.Deserializer.IssuerPublicKey.Bytes()
if err != nil {
logger.Errorf("Failed to marshal ipk in GetOrganizationalUnits: %s", err)
return nil
Expand All @@ -121,7 +121,7 @@ func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier {

func (id *Identity) Validate() error {
// logger.Debugf("Validating identity %+v", id)
if id.GetMSPIdentifier() != id.Idemix.Name {
if id.GetMSPIdentifier() != id.Deserializer.Name {
return errors.Errorf("the supplied identity does not belong to this msp")
}
return id.verifyProof()
Expand All @@ -132,9 +132,9 @@ func (id *Identity) Verify(msg []byte, sig []byte) error {
if err != nil {
return err
}
opts.IssuerPK = id.Idemix.IssuerPublicKey
opts.IssuerPK = id.Deserializer.IssuerPublicKey

_, err = id.Idemix.Csp.Verify(
_, err = id.Deserializer.Csp.Verify(
id.NymPublicKey,
sig,
msg,
Expand Down Expand Up @@ -189,24 +189,24 @@ func (id *Identity) Serialize() ([]byte, error) {
func (id *Identity) verifyProof() error {
// Verify signature
var metadata *bccsp.IdemixSignerMetadata
if len(id.Idemix.NymEID) != 0 {
if len(id.Deserializer.NymEID) != 0 {
metadata = &bccsp.IdemixSignerMetadata{
EidNym: id.Idemix.NymEID,
RhNym: id.Idemix.RhNym,
EidNym: id.Deserializer.NymEID,
RhNym: id.Deserializer.RhNym,
}
}

opts, err := id.SchemaManager.SignerOpts(id.Schema, id.OU, id.Role)
if err != nil {
return errors.Wrapf(err, "could obtain signer opts for schema '%s'", id.Schema)
}
opts.Epoch = id.Idemix.Epoch
opts.Epoch = id.Deserializer.Epoch
opts.VerificationType = id.VerificationType
opts.Metadata = metadata
opts.RevocationPublicKey = id.Idemix.RevocationPK
opts.RevocationPublicKey = id.Deserializer.RevocationPK

valid, err := id.Idemix.Csp.Verify(
id.Idemix.IssuerPublicKey,
valid, err := id.Deserializer.Csp.Verify(
id.Deserializer.IssuerPublicKey,
id.AssociationProof,
nil,
opts,
Expand All @@ -233,9 +233,9 @@ func (id *SigningIdentity) Sign(msg []byte) ([]byte, error) {
return nil, err
}
opts.Nym = id.NymKey
opts.IssuerPK = id.Idemix.IssuerPublicKey
opts.IssuerPK = id.Deserializer.IssuerPublicKey

sig, err := id.Idemix.Csp.Sign(
sig, err := id.Deserializer.Csp.Sign(
id.UserKey,
msg,
opts,
Expand Down
6 changes: 3 additions & 3 deletions token/services/identity/msp/idemix/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ func (p *Provider) IsRemote() bool {
}

func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) {
r, err := p.Deserialize(raw, true)
r, err := p.Deserialize(raw)
if err != nil {
return nil, err
}
Expand All @@ -331,7 +331,7 @@ func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) {
}

func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) {
r, err := p.Deserialize(raw, true)
r, err := p.Deserialize(raw)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -360,7 +360,7 @@ func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) {
}

func (p *Provider) Info(raw []byte, auditInfo []byte) (string, error) {
r, err := p.Deserialize(raw, true)
r, err := p.Deserialize(raw)
if err != nil {
return "", err
}
Expand Down

0 comments on commit 15665dc

Please sign in to comment.