From 15665dcfb49751d6611ad9bff4d24bbca06af047 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Mon, 12 Aug 2024 14:37:16 +0200 Subject: [PATCH] cleanup deserializer Signed-off-by: Angelo De Caro --- integration/ports.go | 8 ++ .../zkatdlog/crypto/audit/auditor_test.go | 2 +- .../crypto/validator/validator_test.go | 2 +- .../core/zkatdlog/nogh/driver/deserializer.go | 7 +- .../identity/msp/idemix/deserializer.go | 113 +++++------------- .../identity/msp/idemix/msp/deserializer.go | 17 +-- token/services/identity/msp/idemix/msp/id.go | 36 +++--- .../services/identity/msp/idemix/provider.go | 6 +- 8 files changed, 78 insertions(+), 113 deletions(-) diff --git a/integration/ports.go b/integration/ports.go index 16b329cce..eef652552 100755 --- a/integration/ports.go +++ b/integration/ports.go @@ -43,6 +43,11 @@ var ( CommType: fsc.WebSocket, ReplicationFactor: token.None, } + WebSocketWithReplication = &InfrastructureType{ + Label: ginkgo.Label("replicas"), + CommType: fsc.WebSocket, + ReplicationFactor: 3, + } LibP2PNoReplication = &InfrastructureType{ Label: ginkgo.Label("libp2p"), CommType: fsc.LibP2P, @@ -55,6 +60,9 @@ var ( LibP2PNoReplicationOnly = []*InfrastructureType{ LibP2PNoReplication, } + WebSocketWithReplicationOnly = []*InfrastructureType{ + WebSocketWithReplication, + } AllTestTypes = []*InfrastructureType{ WebSocketNoReplication, diff --git a/token/core/zkatdlog/crypto/audit/auditor_test.go b/token/core/zkatdlog/crypto/audit/auditor_test.go index 7a496b71a..c5b6eae68 100644 --- a/token/core/zkatdlog/crypto/audit/auditor_test.go +++ b/token/core/zkatdlog/crypto/audit/auditor_test.go @@ -50,7 +50,7 @@ var _ = Describe("Auditor", func() { Expect(err).NotTo(HaveOccurred()) pp, err = crypto.Setup(32, ipk, math.FP256BN_AMCL) Expect(err).NotTo(HaveOccurred()) - des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL) + des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL) Expect(err).NotTo(HaveOccurred()) auditor = audit.NewAuditor(flogging.MustGetLogger("auditor"), des, pp.PedersenGenerators, nil, fakeSigningIdentity, math.Curves[pp.Curve]) fakeSigningIdentity.SignReturns([]byte("auditor-signature"), nil) diff --git a/token/core/zkatdlog/crypto/validator/validator_test.go b/token/core/zkatdlog/crypto/validator/validator_test.go index 095c9bdc0..5540c13dd 100644 --- a/token/core/zkatdlog/crypto/validator/validator_test.go +++ b/token/core/zkatdlog/crypto/validator/validator_test.go @@ -73,7 +73,7 @@ var _ = Describe("validator", func() { c := math.Curves[pp.Curve] asigner, _ := prepareECDSASigner() - des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL) + des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL) Expect(err).NotTo(HaveOccurred()) auditor = audit.NewAuditor(flogging.MustGetLogger("auditor"), des, pp.PedersenGenerators, pp.IdemixIssuerPK, asigner, c) araw, err := asigner.Serialize() diff --git a/token/core/zkatdlog/nogh/driver/deserializer.go b/token/core/zkatdlog/nogh/driver/deserializer.go index edcb06bfa..5e14f39ec 100644 --- a/token/core/zkatdlog/nogh/driver/deserializer.go +++ b/token/core/zkatdlog/nogh/driver/deserializer.go @@ -30,7 +30,12 @@ func NewDeserializer(pp *crypto.PublicParams) (*Deserializer, error) { if pp == nil { return nil, errors.New("failed to get deserializer: nil public parameters") } - idemixDes, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, pp.IdemixCurveID) + idemixDes, err := idemix.NewEidNymRhNymDeserializer( + &schema.DefaultManager{}, + "", + pp.IdemixIssuerPK, + pp.IdemixCurveID, + ) if err != nil { return nil, errors.Wrapf(err, "failed getting idemix deserializer for passed public params [%d]", pp.IdemixCurveID) } diff --git a/token/services/identity/msp/idemix/deserializer.go b/token/services/identity/msp/idemix/deserializer.go index a0ebacc43..d05d36021 100644 --- a/token/services/identity/msp/idemix/deserializer.go +++ b/token/services/identity/msp/idemix/deserializer.go @@ -22,41 +22,24 @@ type Deserializer struct { *msp2.Deserializer } -// NewDeserializer returns a new deserializer for the idemix ExpectEidNymRhNym verification strategy -func NewDeserializer( +// NewEidNymRhNymDeserializer returns a new deserializer that expects EID and RH Nyms identities. +// The returned deserializer checks the validly of the deserialized identities. +func NewEidNymRhNymDeserializer( sm SchemaManager, schema string, ipk []byte, curveID math.CurveID, ) (*Deserializer, error) { - logger.Debugf("new deserialized for dlog idemix") cryptoProvider, err := msp2.NewBCCSPWithDummyKeyStore(curveID, curveID == math.BLS12_381_BBS) if err != nil { return nil, errors.WithMessagef(err, "failed to instantiate crypto provider for curve [%d]", curveID) } - return NewDeserializerWithProvider(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider) + return NewDeserializer(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider) } -// NewDeserializerWithProvider returns a new serialized for the passed arguments -func NewDeserializerWithProvider( - sm SchemaManager, - schema string, - ipk []byte, - verType csp.VerificationType, - nymEID []byte, - cryptoProvider csp.BCCSP, -) (*Deserializer, error) { - return NewDeserializerWithBCCSP( - sm, - schema, - ipk, - verType, - nymEID, - cryptoProvider, - ) -} - -func NewDeserializerWithBCCSP( +// NewDeserializer returns a new deserializer for the passed arguments. +// The returned deserializer checks the validly of the deserialized identities. +func NewDeserializer( sm SchemaManager, schema string, ipk []byte, @@ -67,20 +50,21 @@ func NewDeserializerWithBCCSP( logger.Debugf("Setting up Idemix-based MSP instance") // Import Issuer Public Key + if len(ipk) == 0 { + return nil, errors.Errorf("no issuer public key provided") + } var issuerPublicKey csp.Key - if len(ipk) != 0 { - // get the opts from the schema manager - opts, err := sm.PublicKeyImportOpts(schema) - if err != nil { - return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema) - } - issuerPublicKey, err = cryptoProvider.KeyImport( - ipk, - opts, - ) - if err != nil { - return nil, err - } + // get the opts from the schema manager + opts, err := sm.PublicKeyImportOpts(schema) + if err != nil { + return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema) + } + issuerPublicKey, err = cryptoProvider.KeyImport( + ipk, + opts, + ) + if err != nil { + return nil, err } return &Deserializer{ @@ -97,7 +81,7 @@ func NewDeserializerWithBCCSP( } func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier, error) { - identity, err := d.Deserialize(raw, true) + identity, err := d.Deserialize(raw) if err != nil { return nil, err } @@ -111,8 +95,16 @@ func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier }, nil } +func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) { + return d.Deserializer.DeserializeAuditInfo(raw) +} + +func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) { + return d.Deserializer.DeserializeAuditInfo(raw) +} + func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byte) (driver.Verifier, error) { - identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, true, nymEID) + identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, nymEID) if err != nil { return nil, err } @@ -126,49 +118,6 @@ func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byt }, nil } -func (d *Deserializer) DeserializeSigner(raw []byte) (driver.Signer, error) { - return nil, errors.New("not supported") -} - -func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) { - return d.Deserializer.DeserializeAuditInfo(raw) -} - -func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) { - return d.Deserializer.DeserializeAuditInfo(raw) -} - -func (d *Deserializer) GetOwnerAuditInfo(raw []byte, p driver.AuditInfoProvider) ([][]byte, error) { - auditInfo, err := p.GetAuditInfo(raw) - if err != nil { - return nil, errors.Wrapf(err, "failed getting audit info for recipient identity [%s]", driver.Identity(raw).String()) - } - return [][]byte{auditInfo}, nil -} - -func (d *Deserializer) Info(raw []byte, auditInfo []byte) (string, error) { - r, err := d.Deserialize(raw, false) - if err != nil { - return "", err - } - - eid := "" - if len(auditInfo) != 0 { - ai, err := msp2.DeserializeAuditInfo(auditInfo) - if err != nil { - return "", err - } - ai.SchemaManager = d.Deserializer.SchemaManager - ai.Schema = d.Deserializer.Schema - if err := ai.Match(raw); err != nil { - return "", err - } - eid = ai.EnrollmentID() - } - - return fmt.Sprintf("MSP.Idemix: [%s][%s][%s][%s][%s]", eid, driver.Identity(raw).UniqueID(), r.SerializedIdentity.Mspid, r.OU.OrganizationalUnitIdentifier, r.Role.Role.String()), nil -} - func (d *Deserializer) String() string { return fmt.Sprintf("Idemix with IPK [%s]", hash.Hashable(d.Ipk).String()) } diff --git a/token/services/identity/msp/idemix/msp/deserializer.go b/token/services/identity/msp/idemix/msp/deserializer.go index 3ea2831b7..d1d95cb6f 100644 --- a/token/services/identity/msp/idemix/msp/deserializer.go +++ b/token/services/identity/msp/idemix/msp/deserializer.go @@ -36,11 +36,11 @@ type Deserializer struct { Schema string } -func (d *Deserializer) Deserialize(raw []byte, checkValidity bool) (*DeserializedIdentity, error) { - return d.DeserializeAgainstNymEID(raw, checkValidity, nil) +func (d *Deserializer) Deserialize(raw []byte) (*DeserializedIdentity, error) { + return d.DeserializeAgainstNymEID(raw, nil) } -func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool, nymEID []byte) (*DeserializedIdentity, error) { +func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, nymEID []byte) (*DeserializedIdentity, error) { si := &m.SerializedIdentity{} err := proto.Unmarshal(raw, si) if err != nil { @@ -56,6 +56,11 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool, return nil, errors.Errorf("unable to deserialize idemix identity: pseudonym is invalid") } + // match schema + if serialized.Schema != d.Schema { + return nil, errors.Errorf("unable to deserialize idemix identity: schema does not match [%s]!=[%s]", serialized.Schema, d.Schema) + } + // Import NymPublicKey var rawNymPublicKey []byte rawNymPublicKey = append(rawNymPublicKey, serialized.NymX...) @@ -110,10 +115,8 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool, if err != nil { return nil, errors.Wrap(err, "cannot deserialize") } - if checkValidity { - if err := id.Validate(); err != nil { - return nil, errors.Wrap(err, "cannot deserialize, invalid identity") - } + if err := id.Validate(); err != nil { + return nil, errors.Wrap(err, "cannot deserialize, invalid identity") } return &DeserializedIdentity{ diff --git a/token/services/identity/msp/idemix/msp/id.go b/token/services/identity/msp/idemix/msp/id.go index fa6a10d61..57661dd0e 100644 --- a/token/services/identity/msp/idemix/msp/id.go +++ b/token/services/identity/msp/idemix/msp/id.go @@ -44,7 +44,7 @@ type SchemaManager interface { type Identity struct { NymPublicKey bccsp.Key - Idemix *Deserializer + Deserializer *Deserializer ID *msp.IdentityIdentifier Role *m.MSPRole OU *m.OrganizationUnit @@ -59,7 +59,7 @@ type Identity struct { } func NewIdentity( - idemix *Deserializer, + deserializer *Deserializer, NymPublicKey bccsp.Key, role *m.MSPRole, ou *m.OrganizationUnit, @@ -69,7 +69,7 @@ func NewIdentity( Schema string, ) (*Identity, error) { id := &Identity{} - id.Idemix = idemix + id.Deserializer = deserializer id.NymPublicKey = NymPublicKey id.Role = role id.OU = ou @@ -83,7 +83,7 @@ func NewIdentity( return nil, errors.Wrapf(err, "failed to marshal nym public key") } id.ID = &msp.IdentityIdentifier{ - Mspid: idemix.Name, + Mspid: deserializer.Name, Id: bytes.NewBuffer(raw).String(), } @@ -105,12 +105,12 @@ func (id *Identity) GetIdentifier() *msp.IdentityIdentifier { } func (id *Identity) GetMSPIdentifier() string { - return id.Idemix.Name + return id.Deserializer.Name } func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier { // we use the (serialized) public key of this MSP as the CertifiersIdentifier - certifiersIdentifier, err := id.Idemix.IssuerPublicKey.Bytes() + certifiersIdentifier, err := id.Deserializer.IssuerPublicKey.Bytes() if err != nil { logger.Errorf("Failed to marshal ipk in GetOrganizationalUnits: %s", err) return nil @@ -121,7 +121,7 @@ func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier { func (id *Identity) Validate() error { // logger.Debugf("Validating identity %+v", id) - if id.GetMSPIdentifier() != id.Idemix.Name { + if id.GetMSPIdentifier() != id.Deserializer.Name { return errors.Errorf("the supplied identity does not belong to this msp") } return id.verifyProof() @@ -132,9 +132,9 @@ func (id *Identity) Verify(msg []byte, sig []byte) error { if err != nil { return err } - opts.IssuerPK = id.Idemix.IssuerPublicKey + opts.IssuerPK = id.Deserializer.IssuerPublicKey - _, err = id.Idemix.Csp.Verify( + _, err = id.Deserializer.Csp.Verify( id.NymPublicKey, sig, msg, @@ -189,10 +189,10 @@ func (id *Identity) Serialize() ([]byte, error) { func (id *Identity) verifyProof() error { // Verify signature var metadata *bccsp.IdemixSignerMetadata - if len(id.Idemix.NymEID) != 0 { + if len(id.Deserializer.NymEID) != 0 { metadata = &bccsp.IdemixSignerMetadata{ - EidNym: id.Idemix.NymEID, - RhNym: id.Idemix.RhNym, + EidNym: id.Deserializer.NymEID, + RhNym: id.Deserializer.RhNym, } } @@ -200,13 +200,13 @@ func (id *Identity) verifyProof() error { if err != nil { return errors.Wrapf(err, "could obtain signer opts for schema '%s'", id.Schema) } - opts.Epoch = id.Idemix.Epoch + opts.Epoch = id.Deserializer.Epoch opts.VerificationType = id.VerificationType opts.Metadata = metadata - opts.RevocationPublicKey = id.Idemix.RevocationPK + opts.RevocationPublicKey = id.Deserializer.RevocationPK - valid, err := id.Idemix.Csp.Verify( - id.Idemix.IssuerPublicKey, + valid, err := id.Deserializer.Csp.Verify( + id.Deserializer.IssuerPublicKey, id.AssociationProof, nil, opts, @@ -233,9 +233,9 @@ func (id *SigningIdentity) Sign(msg []byte) ([]byte, error) { return nil, err } opts.Nym = id.NymKey - opts.IssuerPK = id.Idemix.IssuerPublicKey + opts.IssuerPK = id.Deserializer.IssuerPublicKey - sig, err := id.Idemix.Csp.Sign( + sig, err := id.Deserializer.Csp.Sign( id.UserKey, msg, opts, diff --git a/token/services/identity/msp/idemix/provider.go b/token/services/identity/msp/idemix/provider.go index 027193050..8191b1b32 100644 --- a/token/services/identity/msp/idemix/provider.go +++ b/token/services/identity/msp/idemix/provider.go @@ -322,7 +322,7 @@ func (p *Provider) IsRemote() bool { } func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) { - r, err := p.Deserialize(raw, true) + r, err := p.Deserialize(raw) if err != nil { return nil, err } @@ -331,7 +331,7 @@ func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) { } func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) { - r, err := p.Deserialize(raw, true) + r, err := p.Deserialize(raw) if err != nil { return nil, err } @@ -360,7 +360,7 @@ func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) { } func (p *Provider) Info(raw []byte, auditInfo []byte) (string, error) { - r, err := p.Deserialize(raw, true) + r, err := p.Deserialize(raw) if err != nil { return "", err }