Removed use of coconut in validator-api and gateway
This commit is contained in:
@@ -48,9 +48,6 @@ nymsphinx = { path="../common/nymsphinx" }
|
||||
topology = { path="../common/topology" }
|
||||
validator-client = { path="../common/client-libs/validator-client", features = ["nymd-client"] }
|
||||
version-checker = { path="../common/version-checker" }
|
||||
coconut-interface = { path = "../common/coconut-interface" }
|
||||
credentials = { path = "../common/credentials" }
|
||||
|
||||
|
||||
[build-dependencies]
|
||||
tokio = { version = "1.4", features = ["rt-multi-thread", "macros"] }
|
||||
|
||||
@@ -1,85 +0,0 @@
|
||||
// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use coconut_interface::{
|
||||
elgamal::PublicKey, Attribute, BlindSignRequest, BlindSignRequestBody, BlindedSignature,
|
||||
BlindedSignatureResponse, KeyPair, Parameters, VerificationKeyResponse,
|
||||
};
|
||||
use config::defaults::VALIDATOR_API_VERSION;
|
||||
use getset::{CopyGetters, Getters};
|
||||
use rocket::fairing::AdHoc;
|
||||
use rocket::serde::json::Json;
|
||||
use rocket::State;
|
||||
|
||||
#[derive(Getters, CopyGetters, Debug)]
|
||||
pub(crate) struct InternalSignRequest {
|
||||
// Total number of parameters to generate for
|
||||
#[getset(get_copy)]
|
||||
total_params: u32,
|
||||
#[getset(get)]
|
||||
public_attributes: Vec<Attribute>,
|
||||
#[getset(get)]
|
||||
public_key: PublicKey,
|
||||
#[getset(get)]
|
||||
blind_sign_request: BlindSignRequest,
|
||||
}
|
||||
|
||||
impl InternalSignRequest {
|
||||
pub fn new(
|
||||
total_params: u32,
|
||||
public_attributes: Vec<Attribute>,
|
||||
public_key: PublicKey,
|
||||
blind_sign_request: BlindSignRequest,
|
||||
) -> InternalSignRequest {
|
||||
InternalSignRequest {
|
||||
total_params,
|
||||
public_attributes,
|
||||
public_key,
|
||||
blind_sign_request,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn stage(key_pair: KeyPair) -> AdHoc {
|
||||
AdHoc::on_ignite("Internal Sign Request Stage", |rocket| async {
|
||||
rocket.manage(key_pair).mount(
|
||||
// this format! is so ugly...
|
||||
format!("/{}", VALIDATOR_API_VERSION),
|
||||
routes![post_blind_sign, get_verification_key],
|
||||
)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
fn blind_sign(request: InternalSignRequest, key_pair: &KeyPair) -> BlindedSignature {
|
||||
let params = Parameters::new(request.total_params()).unwrap();
|
||||
coconut_interface::blind_sign(
|
||||
¶ms,
|
||||
&key_pair.secret_key(),
|
||||
request.public_key(),
|
||||
request.blind_sign_request(),
|
||||
request.public_attributes(),
|
||||
)
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
#[post("/blind_sign", data = "<blind_sign_request_body>")]
|
||||
// Until we have serialization and deserialization traits we'll be using a crutch
|
||||
pub async fn post_blind_sign(
|
||||
blind_sign_request_body: Json<BlindSignRequestBody>,
|
||||
key_pair: &State<KeyPair>,
|
||||
) -> Json<BlindedSignatureResponse> {
|
||||
debug!("{:?}", blind_sign_request_body);
|
||||
let internal_request = InternalSignRequest::new(
|
||||
*blind_sign_request_body.total_params(),
|
||||
blind_sign_request_body.public_attributes(),
|
||||
blind_sign_request_body.public_key().clone(),
|
||||
blind_sign_request_body.blind_sign_request().clone(),
|
||||
);
|
||||
let blinded_signature = blind_sign(internal_request, key_pair);
|
||||
Json(BlindedSignatureResponse::new(blinded_signature))
|
||||
}
|
||||
|
||||
#[get("/verification_key")]
|
||||
pub async fn get_verification_key(key_pair: &State<KeyPair>) -> Json<VerificationKeyResponse> {
|
||||
Json(VerificationKeyResponse::new(key_pair.verification_key()))
|
||||
}
|
||||
@@ -2,7 +2,6 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::config::template::config_template;
|
||||
use coconut_interface::{Base58, KeyPair};
|
||||
use config::defaults::{
|
||||
default_api_endpoints, DEFAULT_EPOCH_LENGTH, DEFAULT_FIRST_EPOCH_START,
|
||||
DEFAULT_MIXNET_CONTRACT_ADDRESS,
|
||||
@@ -80,9 +79,6 @@ pub struct Base {
|
||||
|
||||
/// Address of the validator contract managing the network
|
||||
mixnet_contract_address: String,
|
||||
|
||||
// Avoid breaking derives for now
|
||||
keypair_bs58: String,
|
||||
}
|
||||
|
||||
impl Default for Base {
|
||||
@@ -92,7 +88,6 @@ impl Default for Base {
|
||||
.parse()
|
||||
.expect("default local validator is malformed!"),
|
||||
mixnet_contract_address: DEFAULT_MIXNET_CONTRACT_ADDRESS.to_string(),
|
||||
keypair_bs58: String::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -254,10 +249,6 @@ impl Config {
|
||||
Config::default()
|
||||
}
|
||||
|
||||
pub fn keypair(&self) -> KeyPair {
|
||||
KeyPair::try_from_bs58(self.base.keypair_bs58.clone()).unwrap()
|
||||
}
|
||||
|
||||
pub fn with_network_monitor_enabled(mut self, enabled: bool) -> Self {
|
||||
self.network_monitor.enabled = enabled;
|
||||
self
|
||||
@@ -298,11 +289,6 @@ impl Config {
|
||||
self
|
||||
}
|
||||
|
||||
pub fn with_keypair<S: Into<String>>(mut self, keypair_bs58: S) -> Self {
|
||||
self.base.keypair_bs58 = keypair_bs58.into();
|
||||
self
|
||||
}
|
||||
|
||||
pub fn with_custom_validator_apis(mut self, validator_api_urls: Vec<Url>) -> Self {
|
||||
self.network_monitor.all_validator_apis = validator_api_urls;
|
||||
self
|
||||
@@ -391,6 +377,7 @@ impl Config {
|
||||
self.node_status_api.database_path.clone()
|
||||
}
|
||||
|
||||
#[allow(dead_code)]
|
||||
pub fn get_all_validator_api_endpoints(&self) -> Vec<Url> {
|
||||
self.network_monitor.all_validator_apis.clone()
|
||||
}
|
||||
|
||||
@@ -16,7 +16,6 @@ use ::config::{defaults::DEFAULT_VALIDATOR_API_PORT, NymConfig};
|
||||
use anyhow::Result;
|
||||
use cache::ValidatorCache;
|
||||
use clap::{App, Arg, ArgMatches};
|
||||
use coconut::InternalSignRequest;
|
||||
use log::{info, warn};
|
||||
use rocket::fairing::AdHoc;
|
||||
use rocket::http::Method;
|
||||
@@ -32,7 +31,6 @@ use url::Url;
|
||||
use validator_client::nymd::SigningNymdClient;
|
||||
|
||||
pub(crate) mod cache;
|
||||
mod coconut;
|
||||
pub(crate) mod config;
|
||||
mod network_monitor;
|
||||
mod node_status_api;
|
||||
@@ -49,7 +47,6 @@ const DETAILED_REPORT_ARG: &str = "detailed-report";
|
||||
const MIXNET_CONTRACT_ARG: &str = "mixnet-contract";
|
||||
const MNEMONIC_ARG: &str = "mnemonic";
|
||||
const WRITE_CONFIG_ARG: &str = "save-config";
|
||||
const KEYPAIR_ARG: &str = "keypair";
|
||||
const NYMD_VALIDATOR_ARG: &str = "nymd-validator";
|
||||
|
||||
const EPOCH_LENGTH_ARG: &str = "epoch-length";
|
||||
@@ -133,12 +130,6 @@ fn parse_args<'a>() -> ArgMatches<'a> {
|
||||
.long(WRITE_CONFIG_ARG)
|
||||
.short("w")
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name(KEYPAIR_ARG)
|
||||
.help("Path to the secret key file")
|
||||
.takes_value(true)
|
||||
.long(KEYPAIR_ARG)
|
||||
)
|
||||
.arg(
|
||||
Arg::with_name(FIRST_REWARDING_EPOCH_ARG)
|
||||
.help("Datetime specifying beginning of the first rewarding epoch of this length. It must be a valid rfc3339 datetime.")
|
||||
@@ -264,13 +255,6 @@ fn override_config(mut config: Config, matches: &ArgMatches) -> Config {
|
||||
if matches.is_present(DETAILED_REPORT_ARG) {
|
||||
config = config.with_detailed_network_monitor_report(true)
|
||||
}
|
||||
if let Some(keypair_path) = matches.value_of(KEYPAIR_ARG) {
|
||||
let keypair_bs58 = std::fs::read_to_string(keypair_path)
|
||||
.unwrap()
|
||||
.trim()
|
||||
.to_string();
|
||||
config = config.with_keypair(keypair_bs58)
|
||||
}
|
||||
|
||||
if matches.is_present(WRITE_CONFIG_ARG) {
|
||||
info!("Saving the configuration to a file");
|
||||
@@ -382,8 +366,7 @@ async fn setup_rocket(config: &Config, liftoff_notify: Arc<Notify>) -> Result<Ro
|
||||
let rocket = rocket::custom(rocket_config)
|
||||
.attach(setup_cors()?)
|
||||
.attach(setup_liftoff_notify(liftoff_notify))
|
||||
.attach(ValidatorCache::stage())
|
||||
.attach(InternalSignRequest::stage(config.keypair()));
|
||||
.attach(ValidatorCache::stage());
|
||||
|
||||
// see if we should start up network monitor and if so, attach the node status api
|
||||
if config.get_network_monitor_enabled() {
|
||||
|
||||
@@ -15,9 +15,6 @@ use crate::network_monitor::monitor::summary_producer::SummaryProducer;
|
||||
use crate::network_monitor::monitor::Monitor;
|
||||
use crate::network_monitor::tested_network::TestedNetwork;
|
||||
use crate::storage::NodeStatusStorage;
|
||||
use coconut_interface::Credential;
|
||||
use credentials::bandwidth::prepare_for_spending;
|
||||
use credentials::obtain_aggregate_verification_key;
|
||||
use crypto::asymmetric::{encryption, identity};
|
||||
use futures::channel::mpsc;
|
||||
use log::info;
|
||||
@@ -90,14 +87,10 @@ impl<'a> NetworkMonitorBuilder<'a> {
|
||||
*encryption_keypair.public_key(),
|
||||
);
|
||||
|
||||
let bandwidth_credential =
|
||||
TEMPORARY_obtain_bandwidth_credential(self.config, identity_keypair.public_key()).await;
|
||||
|
||||
let packet_sender = new_packet_sender(
|
||||
self.config,
|
||||
gateway_status_update_sender,
|
||||
Arc::clone(&identity_keypair),
|
||||
bandwidth_credential,
|
||||
self.config.get_gateway_sending_rate(),
|
||||
);
|
||||
|
||||
@@ -161,44 +154,15 @@ fn new_packet_preparer(
|
||||
)
|
||||
}
|
||||
|
||||
// SECURITY:
|
||||
// this implies we are re-using the same credential for all gateways all the time (which unfortunately is true!)
|
||||
#[allow(non_snake_case)]
|
||||
async fn TEMPORARY_obtain_bandwidth_credential(
|
||||
config: &Config,
|
||||
identity: &identity::PublicKey,
|
||||
) -> Credential {
|
||||
info!("Trying to obtain bandwidth credential...");
|
||||
let validators = config.get_all_validator_api_endpoints();
|
||||
|
||||
let verification_key = obtain_aggregate_verification_key(&validators)
|
||||
.await
|
||||
.expect("could not obtain aggregate verification key of ALL validators");
|
||||
|
||||
let bandwidth_credential =
|
||||
credentials::bandwidth::obtain_signature(&identity.to_bytes(), &validators)
|
||||
.await
|
||||
.expect("failed to obtain bandwidth credential!");
|
||||
|
||||
prepare_for_spending(
|
||||
&identity.to_bytes(),
|
||||
&bandwidth_credential,
|
||||
&verification_key,
|
||||
)
|
||||
.expect("failed to prepare bandwidth credential for spending!")
|
||||
}
|
||||
|
||||
fn new_packet_sender(
|
||||
config: &Config,
|
||||
gateways_status_updater: GatewayClientUpdateSender,
|
||||
local_identity: Arc<identity::KeyPair>,
|
||||
bandwidth_credential: Credential,
|
||||
max_sending_rate: usize,
|
||||
) -> PacketSender {
|
||||
PacketSender::new(
|
||||
gateways_status_updater,
|
||||
local_identity,
|
||||
bandwidth_credential,
|
||||
config.get_gateway_response_timeout(),
|
||||
config.get_gateway_connection_timeout(),
|
||||
config.get_max_concurrent_gateway_clients(),
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::network_monitor::monitor::receiver::{GatewayClientUpdate, GatewayClientUpdateSender};
|
||||
use coconut_interface::Credential;
|
||||
use crypto::asymmetric::identity::{self, PUBLIC_KEY_LENGTH};
|
||||
use futures::channel::mpsc;
|
||||
use futures::stream::{self, FuturesUnordered, StreamExt};
|
||||
@@ -63,15 +62,6 @@ struct FreshGatewayClientData {
|
||||
gateways_status_updater: GatewayClientUpdateSender,
|
||||
local_identity: Arc<identity::KeyPair>,
|
||||
gateway_response_timeout: Duration,
|
||||
|
||||
// I guess in the future this struct will require aggregated verification key and....
|
||||
// ... something for obtaining actual credential
|
||||
|
||||
// TODO:
|
||||
// SECURITY:
|
||||
// since currently we have no double spending protection, just to get things running
|
||||
// we're re-using the same credential for all gateways all the time. THIS IS VERY BAD!!
|
||||
bandwidth_credential: Credential,
|
||||
}
|
||||
|
||||
pub(crate) struct PacketSender {
|
||||
@@ -93,7 +83,6 @@ impl PacketSender {
|
||||
pub(crate) fn new(
|
||||
gateways_status_updater: GatewayClientUpdateSender,
|
||||
local_identity: Arc<identity::KeyPair>,
|
||||
bandwidth_credential: Credential,
|
||||
gateway_response_timeout: Duration,
|
||||
gateway_connection_timeout: Duration,
|
||||
max_concurrent_clients: usize,
|
||||
@@ -105,7 +94,6 @@ impl PacketSender {
|
||||
gateways_status_updater,
|
||||
local_identity,
|
||||
gateway_response_timeout,
|
||||
bandwidth_credential,
|
||||
}),
|
||||
gateway_connection_timeout,
|
||||
max_concurrent_clients,
|
||||
@@ -137,7 +125,6 @@ impl PacketSender {
|
||||
message_sender,
|
||||
ack_sender,
|
||||
fresh_gateway_client_data.gateway_response_timeout,
|
||||
fresh_gateway_client_data.bandwidth_credential.clone(),
|
||||
),
|
||||
(message_receiver, ack_receiver),
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user