Removed use of coconut in validator-api and gateway

This commit is contained in:
Jędrzej Stuczyński
2021-09-28 10:55:14 +01:00
parent e891c68158
commit 2d1961b8be
22 changed files with 613 additions and 581 deletions
-3
View File
@@ -48,9 +48,6 @@ nymsphinx = { path="../common/nymsphinx" }
topology = { path="../common/topology" }
validator-client = { path="../common/client-libs/validator-client", features = ["nymd-client"] }
version-checker = { path="../common/version-checker" }
coconut-interface = { path = "../common/coconut-interface" }
credentials = { path = "../common/credentials" }
[build-dependencies]
tokio = { version = "1.4", features = ["rt-multi-thread", "macros"] }
-85
View File
@@ -1,85 +0,0 @@
// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use coconut_interface::{
elgamal::PublicKey, Attribute, BlindSignRequest, BlindSignRequestBody, BlindedSignature,
BlindedSignatureResponse, KeyPair, Parameters, VerificationKeyResponse,
};
use config::defaults::VALIDATOR_API_VERSION;
use getset::{CopyGetters, Getters};
use rocket::fairing::AdHoc;
use rocket::serde::json::Json;
use rocket::State;
#[derive(Getters, CopyGetters, Debug)]
pub(crate) struct InternalSignRequest {
// Total number of parameters to generate for
#[getset(get_copy)]
total_params: u32,
#[getset(get)]
public_attributes: Vec<Attribute>,
#[getset(get)]
public_key: PublicKey,
#[getset(get)]
blind_sign_request: BlindSignRequest,
}
impl InternalSignRequest {
pub fn new(
total_params: u32,
public_attributes: Vec<Attribute>,
public_key: PublicKey,
blind_sign_request: BlindSignRequest,
) -> InternalSignRequest {
InternalSignRequest {
total_params,
public_attributes,
public_key,
blind_sign_request,
}
}
pub fn stage(key_pair: KeyPair) -> AdHoc {
AdHoc::on_ignite("Internal Sign Request Stage", |rocket| async {
rocket.manage(key_pair).mount(
// this format! is so ugly...
format!("/{}", VALIDATOR_API_VERSION),
routes![post_blind_sign, get_verification_key],
)
})
}
}
fn blind_sign(request: InternalSignRequest, key_pair: &KeyPair) -> BlindedSignature {
let params = Parameters::new(request.total_params()).unwrap();
coconut_interface::blind_sign(
&params,
&key_pair.secret_key(),
request.public_key(),
request.blind_sign_request(),
request.public_attributes(),
)
.unwrap()
}
#[post("/blind_sign", data = "<blind_sign_request_body>")]
// Until we have serialization and deserialization traits we'll be using a crutch
pub async fn post_blind_sign(
blind_sign_request_body: Json<BlindSignRequestBody>,
key_pair: &State<KeyPair>,
) -> Json<BlindedSignatureResponse> {
debug!("{:?}", blind_sign_request_body);
let internal_request = InternalSignRequest::new(
*blind_sign_request_body.total_params(),
blind_sign_request_body.public_attributes(),
blind_sign_request_body.public_key().clone(),
blind_sign_request_body.blind_sign_request().clone(),
);
let blinded_signature = blind_sign(internal_request, key_pair);
Json(BlindedSignatureResponse::new(blinded_signature))
}
#[get("/verification_key")]
pub async fn get_verification_key(key_pair: &State<KeyPair>) -> Json<VerificationKeyResponse> {
Json(VerificationKeyResponse::new(key_pair.verification_key()))
}
+1 -14
View File
@@ -2,7 +2,6 @@
// SPDX-License-Identifier: Apache-2.0
use crate::config::template::config_template;
use coconut_interface::{Base58, KeyPair};
use config::defaults::{
default_api_endpoints, DEFAULT_EPOCH_LENGTH, DEFAULT_FIRST_EPOCH_START,
DEFAULT_MIXNET_CONTRACT_ADDRESS,
@@ -80,9 +79,6 @@ pub struct Base {
/// Address of the validator contract managing the network
mixnet_contract_address: String,
// Avoid breaking derives for now
keypair_bs58: String,
}
impl Default for Base {
@@ -92,7 +88,6 @@ impl Default for Base {
.parse()
.expect("default local validator is malformed!"),
mixnet_contract_address: DEFAULT_MIXNET_CONTRACT_ADDRESS.to_string(),
keypair_bs58: String::default(),
}
}
}
@@ -254,10 +249,6 @@ impl Config {
Config::default()
}
pub fn keypair(&self) -> KeyPair {
KeyPair::try_from_bs58(self.base.keypair_bs58.clone()).unwrap()
}
pub fn with_network_monitor_enabled(mut self, enabled: bool) -> Self {
self.network_monitor.enabled = enabled;
self
@@ -298,11 +289,6 @@ impl Config {
self
}
pub fn with_keypair<S: Into<String>>(mut self, keypair_bs58: S) -> Self {
self.base.keypair_bs58 = keypair_bs58.into();
self
}
pub fn with_custom_validator_apis(mut self, validator_api_urls: Vec<Url>) -> Self {
self.network_monitor.all_validator_apis = validator_api_urls;
self
@@ -391,6 +377,7 @@ impl Config {
self.node_status_api.database_path.clone()
}
#[allow(dead_code)]
pub fn get_all_validator_api_endpoints(&self) -> Vec<Url> {
self.network_monitor.all_validator_apis.clone()
}
+1 -18
View File
@@ -16,7 +16,6 @@ use ::config::{defaults::DEFAULT_VALIDATOR_API_PORT, NymConfig};
use anyhow::Result;
use cache::ValidatorCache;
use clap::{App, Arg, ArgMatches};
use coconut::InternalSignRequest;
use log::{info, warn};
use rocket::fairing::AdHoc;
use rocket::http::Method;
@@ -32,7 +31,6 @@ use url::Url;
use validator_client::nymd::SigningNymdClient;
pub(crate) mod cache;
mod coconut;
pub(crate) mod config;
mod network_monitor;
mod node_status_api;
@@ -49,7 +47,6 @@ const DETAILED_REPORT_ARG: &str = "detailed-report";
const MIXNET_CONTRACT_ARG: &str = "mixnet-contract";
const MNEMONIC_ARG: &str = "mnemonic";
const WRITE_CONFIG_ARG: &str = "save-config";
const KEYPAIR_ARG: &str = "keypair";
const NYMD_VALIDATOR_ARG: &str = "nymd-validator";
const EPOCH_LENGTH_ARG: &str = "epoch-length";
@@ -133,12 +130,6 @@ fn parse_args<'a>() -> ArgMatches<'a> {
.long(WRITE_CONFIG_ARG)
.short("w")
)
.arg(
Arg::with_name(KEYPAIR_ARG)
.help("Path to the secret key file")
.takes_value(true)
.long(KEYPAIR_ARG)
)
.arg(
Arg::with_name(FIRST_REWARDING_EPOCH_ARG)
.help("Datetime specifying beginning of the first rewarding epoch of this length. It must be a valid rfc3339 datetime.")
@@ -264,13 +255,6 @@ fn override_config(mut config: Config, matches: &ArgMatches) -> Config {
if matches.is_present(DETAILED_REPORT_ARG) {
config = config.with_detailed_network_monitor_report(true)
}
if let Some(keypair_path) = matches.value_of(KEYPAIR_ARG) {
let keypair_bs58 = std::fs::read_to_string(keypair_path)
.unwrap()
.trim()
.to_string();
config = config.with_keypair(keypair_bs58)
}
if matches.is_present(WRITE_CONFIG_ARG) {
info!("Saving the configuration to a file");
@@ -382,8 +366,7 @@ async fn setup_rocket(config: &Config, liftoff_notify: Arc<Notify>) -> Result<Ro
let rocket = rocket::custom(rocket_config)
.attach(setup_cors()?)
.attach(setup_liftoff_notify(liftoff_notify))
.attach(ValidatorCache::stage())
.attach(InternalSignRequest::stage(config.keypair()));
.attach(ValidatorCache::stage());
// see if we should start up network monitor and if so, attach the node status api
if config.get_network_monitor_enabled() {
-36
View File
@@ -15,9 +15,6 @@ use crate::network_monitor::monitor::summary_producer::SummaryProducer;
use crate::network_monitor::monitor::Monitor;
use crate::network_monitor::tested_network::TestedNetwork;
use crate::storage::NodeStatusStorage;
use coconut_interface::Credential;
use credentials::bandwidth::prepare_for_spending;
use credentials::obtain_aggregate_verification_key;
use crypto::asymmetric::{encryption, identity};
use futures::channel::mpsc;
use log::info;
@@ -90,14 +87,10 @@ impl<'a> NetworkMonitorBuilder<'a> {
*encryption_keypair.public_key(),
);
let bandwidth_credential =
TEMPORARY_obtain_bandwidth_credential(self.config, identity_keypair.public_key()).await;
let packet_sender = new_packet_sender(
self.config,
gateway_status_update_sender,
Arc::clone(&identity_keypair),
bandwidth_credential,
self.config.get_gateway_sending_rate(),
);
@@ -161,44 +154,15 @@ fn new_packet_preparer(
)
}
// SECURITY:
// this implies we are re-using the same credential for all gateways all the time (which unfortunately is true!)
#[allow(non_snake_case)]
async fn TEMPORARY_obtain_bandwidth_credential(
config: &Config,
identity: &identity::PublicKey,
) -> Credential {
info!("Trying to obtain bandwidth credential...");
let validators = config.get_all_validator_api_endpoints();
let verification_key = obtain_aggregate_verification_key(&validators)
.await
.expect("could not obtain aggregate verification key of ALL validators");
let bandwidth_credential =
credentials::bandwidth::obtain_signature(&identity.to_bytes(), &validators)
.await
.expect("failed to obtain bandwidth credential!");
prepare_for_spending(
&identity.to_bytes(),
&bandwidth_credential,
&verification_key,
)
.expect("failed to prepare bandwidth credential for spending!")
}
fn new_packet_sender(
config: &Config,
gateways_status_updater: GatewayClientUpdateSender,
local_identity: Arc<identity::KeyPair>,
bandwidth_credential: Credential,
max_sending_rate: usize,
) -> PacketSender {
PacketSender::new(
gateways_status_updater,
local_identity,
bandwidth_credential,
config.get_gateway_response_timeout(),
config.get_gateway_connection_timeout(),
config.get_max_concurrent_gateway_clients(),
@@ -2,7 +2,6 @@
// SPDX-License-Identifier: Apache-2.0
use crate::network_monitor::monitor::receiver::{GatewayClientUpdate, GatewayClientUpdateSender};
use coconut_interface::Credential;
use crypto::asymmetric::identity::{self, PUBLIC_KEY_LENGTH};
use futures::channel::mpsc;
use futures::stream::{self, FuturesUnordered, StreamExt};
@@ -63,15 +62,6 @@ struct FreshGatewayClientData {
gateways_status_updater: GatewayClientUpdateSender,
local_identity: Arc<identity::KeyPair>,
gateway_response_timeout: Duration,
// I guess in the future this struct will require aggregated verification key and....
// ... something for obtaining actual credential
// TODO:
// SECURITY:
// since currently we have no double spending protection, just to get things running
// we're re-using the same credential for all gateways all the time. THIS IS VERY BAD!!
bandwidth_credential: Credential,
}
pub(crate) struct PacketSender {
@@ -93,7 +83,6 @@ impl PacketSender {
pub(crate) fn new(
gateways_status_updater: GatewayClientUpdateSender,
local_identity: Arc<identity::KeyPair>,
bandwidth_credential: Credential,
gateway_response_timeout: Duration,
gateway_connection_timeout: Duration,
max_concurrent_clients: usize,
@@ -105,7 +94,6 @@ impl PacketSender {
gateways_status_updater,
local_identity,
gateway_response_timeout,
bandwidth_credential,
}),
gateway_connection_timeout,
max_concurrent_clients,
@@ -137,7 +125,6 @@ impl PacketSender {
message_sender,
ack_sender,
fresh_gateway_client_data.gateway_response_timeout,
fresh_gateway_client_data.bandwidth_credential.clone(),
),
(message_receiver, ack_receiver),
)