Another Grand Ecash Squasheroo
add offline ecash library minor changes in coconut benchmarks add ecash smart contract change contract traits from coconut to ecash first wave of andrew's suggestion first wave of andrew's suggestion second wave of andrew's suggestion for ecash lib andrew's suggestion for ecash contract licensing commit safety comments for most unwraps more unwrap handling change chrono crate for time latest cargo lock error revamp small visibility fix small fix remove indexedmap from contract + some tweaks add cw2 version in ecash contract remove envryption key from contract change types from coconut to ecash types adapt api model for credential issuance adapt issued credential storage on API add signatures cache on API change API routes for new blind signing modify issued_credential table add issuance logic client-side credential and signature storage client side utils for credential issuance first wave of fix some of andrew's suggestions remove encryption key from deposit freepass issuance client side freepass issuance API side andrew's suggested fixes other suggested fix adapt change from PR below allow offline verification flag credential spending models credential spending models for client credential preperation for the client credential preperation for the client credential storage for spending on client bloom filter for API spent credential storage on validators API route for spending online and offline ecash API routes in the client lib credential storage on gateway ecash verifier to replace coconut verifier accept credentials on gateway bandwidth expiration for gateways client ask for more bandwidth if it runs out credential import adapt nym validator rewarder and sdk fix tests api tests and add constants cargo fmt and lock and small test fix cargo fmt and lock and small test fix cargo lock move stuff where they belong in ecash and static parameters move some constants, error handling and phase out time crate error revamp part 2 secret key by ref instead of clone change l in wallet and v visibility rework payinfo rework monster tuples fix expiration date signature cloning minor fixes final bits and bobs fixes final bits and bobs fixes rename l accessor to tickets_spent wave of fixes second wave of fixes change hash domain value removed benchmark flag remove useless stringification in storage nuke Bandwidth voucher change timestamps to offsetdatetime key name change post-rebase fixes update nym-connect 'time' dep due to broken semver upload ecash contract to the build server make wasm zknym-lib compile but it won't work properly just yet make wasm zknym-lib compile but it won't work properly just yet fix typo in ecash contract deps make sure to use 0.1.0 sphinx packet optimise pairings in 'check_vk_pairing' derive serde for ecash types simplified g1 tuple byte conversion further optimise the pairing unified signature type + renamed nym-api coconut module to ecash using bincode serialiser for more complex binary types using multimiller loop instead of rayon for verifying coin indices signatures batching signature verification wherever possible feature-locked rayon clippy refactor ecash contract a bit + introduce deposit storage reworked find_proposal_id various minor fixed add offline_zk_nyms to nym-node everywhere add missing #query change test value to fit new serialization optimised deposits storage removed duplicate decompression code using deposit_id instead of transaction hash removed freepasses split up ecash handling unified shared state fixed deposit_id parsing log recovered deposit id removed online verification add detailed build info to ecash contract fixed deserialisation of deposit amount received from nyxd queries changed deposit to only persist attached pubkey first iteration of split of verification and redemption basic tool for setting up new network expanded the tool with the option to bypass DKG rename + init network without DKG setting up locally running apis ecash key migration more local functionalities wip fixing sql schemas gateway immediately submitting redemption proposal and getting it passed if valid most of the gateway logic for split redemption with error recovery fixed gateway not persisting ecash signers simplify creation of compatible client create properly serialised ecash key from the beginning rebuild missing tickets and proposals on startup stop ticket issuance during DKG transition fixing build issues split out ecash storage on nym-api side master-verification-key route caching all the signatures and keys implemented aggregated routes for nym-apis swagger UI for ecash endpoints added explicit annotation for index and expiration signatures revamped client ticketbook storage save all recovery information in the same underlying storage wrapper for bloomfilter being more aggressive with marking tickets as used ensure client has correct signatures before making deposit fix deserialisation of AggregatedExpirationDateSignatureResponse + add ticketbook table split nym-api ecash routes handlers into multiple files fixed deserialisation of encoded expiration date add tt_gamma1 to challenge and change naming for paper consistency rotating double spending bloomfilter nym-api test fixes + make sure to insert initial BF params fixed ecash benchmark code updated contract schema updated CI to not upload gateway/mixnode binaries ticket bandwidth revocation added default deserialisation for zk nym config post-rebase fixes
This commit is contained in:
committed by
Jędrzej Stuczyński
parent
fd1d437211
commit
2d2121b331
@@ -1,87 +1,117 @@
|
||||
// Copyright 2023 - Nym Technologies SA <contact@nymtech.net>
|
||||
// Copyright 2023-2024 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::error::BandwidthControllerError;
|
||||
use nym_credential_storage::models::StorableIssuedCredential;
|
||||
use crate::utils::{get_coin_index_signatures, get_expiration_date_signatures};
|
||||
use log::info;
|
||||
use nym_credential_storage::storage::Storage;
|
||||
use nym_credentials::coconut::bandwidth::{CredentialType, IssuanceBandwidthCredential};
|
||||
use nym_credentials::coconut::utils::obtain_aggregate_signature;
|
||||
use nym_crypto::asymmetric::{encryption, identity};
|
||||
use nym_validator_client::coconut::all_coconut_api_clients;
|
||||
use nym_validator_client::nyxd::contract_traits::CoconutBandwidthSigningClient;
|
||||
use nym_credentials::ecash::bandwidth::IssuanceTicketBook;
|
||||
use nym_credentials::ecash::utils::obtain_aggregate_wallet;
|
||||
use nym_credentials::IssuedTicketBook;
|
||||
use nym_crypto::asymmetric::identity;
|
||||
use nym_ecash_time::{ecash_default_expiration_date, Date};
|
||||
use nym_validator_client::coconut::all_ecash_api_clients;
|
||||
use nym_validator_client::nym_api::EpochId;
|
||||
use nym_validator_client::nyxd::contract_traits::DkgQueryClient;
|
||||
use nym_validator_client::nyxd::Coin;
|
||||
use nym_validator_client::nyxd::contract_traits::EcashSigningClient;
|
||||
use nym_validator_client::nyxd::cosmwasm_client::ToSingletonContractData;
|
||||
use nym_validator_client::EcashApiClient;
|
||||
use rand::rngs::OsRng;
|
||||
use state::State;
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
pub mod state;
|
||||
|
||||
pub async fn deposit<C>(client: &C, amount: Coin) -> Result<State, BandwidthControllerError>
|
||||
pub async fn make_deposit<C>(
|
||||
client: &C,
|
||||
client_id: &[u8],
|
||||
expiration: Option<Date>,
|
||||
) -> Result<IssuanceTicketBook, BandwidthControllerError>
|
||||
where
|
||||
C: CoconutBandwidthSigningClient + Sync,
|
||||
C: EcashSigningClient + Sync,
|
||||
{
|
||||
let mut rng = OsRng;
|
||||
let signing_key = identity::PrivateKey::new(&mut rng);
|
||||
let encryption_key = encryption::PrivateKey::new(&mut rng);
|
||||
let expiration = expiration.unwrap_or_else(ecash_default_expiration_date);
|
||||
|
||||
let tx_hash = client
|
||||
.deposit(
|
||||
amount.clone(),
|
||||
CredentialType::Voucher.to_string(),
|
||||
signing_key.public_key().to_base58_string(),
|
||||
encryption_key.public_key().to_base58_string(),
|
||||
None,
|
||||
)
|
||||
.await?
|
||||
.transaction_hash;
|
||||
let result = client
|
||||
.make_ticketbook_deposit(signing_key.public_key().to_base58_string(), None)
|
||||
.await?;
|
||||
|
||||
let voucher =
|
||||
IssuanceBandwidthCredential::new_voucher(amount, tx_hash, signing_key, encryption_key);
|
||||
let deposit_id = result.parse_singleton_u32_contract_data()?;
|
||||
|
||||
let state = State { voucher };
|
||||
info!("our ticketbook deposit has been stored under id {deposit_id}");
|
||||
|
||||
Ok(state)
|
||||
Ok(IssuanceTicketBook::new_with_expiration(
|
||||
deposit_id,
|
||||
client_id,
|
||||
signing_key,
|
||||
expiration,
|
||||
))
|
||||
}
|
||||
|
||||
pub async fn get_bandwidth_voucher<C, St>(
|
||||
state: &State,
|
||||
pub async fn query_and_persist_required_global_signatures<S>(
|
||||
storage: &S,
|
||||
epoch_id: EpochId,
|
||||
expiration_date: Date,
|
||||
apis: Vec<EcashApiClient>,
|
||||
) -> Result<(), BandwidthControllerError>
|
||||
where
|
||||
S: Storage,
|
||||
<S as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
log::info!("Getting expiration date signatures");
|
||||
// this will also persist the signatures in the storage if they were not there already
|
||||
get_expiration_date_signatures(storage, epoch_id, expiration_date, apis.clone()).await?;
|
||||
|
||||
log::info!("Getting coin indices signatures");
|
||||
// this will also persist the signatures in the storage if they were not there already
|
||||
get_coin_index_signatures(storage, epoch_id, apis).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub async fn get_ticket_book<C, St>(
|
||||
issuance_data: &IssuanceTicketBook,
|
||||
client: &C,
|
||||
storage: &St,
|
||||
) -> Result<(), BandwidthControllerError>
|
||||
apis: Option<Vec<EcashApiClient>>,
|
||||
) -> Result<IssuedTicketBook, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Send + Sync,
|
||||
St: Storage,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
// temporary
|
||||
assert!(state.voucher.typ().is_voucher());
|
||||
|
||||
let epoch_id = client.get_current_epoch().await?.epoch_id;
|
||||
let threshold = client
|
||||
.get_current_epoch_threshold()
|
||||
.await?
|
||||
.ok_or(BandwidthControllerError::NoThreshold)?;
|
||||
|
||||
let coconut_api_clients = all_coconut_api_clients(client, epoch_id).await?;
|
||||
|
||||
let signature =
|
||||
obtain_aggregate_signature(&state.voucher, &coconut_api_clients, threshold).await?;
|
||||
let issued = state.voucher.to_issued_credential(signature, epoch_id);
|
||||
|
||||
// make sure the data gets zeroized after persisting it
|
||||
let credential_data = Zeroizing::new(issued.pack_v1());
|
||||
let storable = StorableIssuedCredential {
|
||||
serialization_revision: issued.current_serialization_revision(),
|
||||
credential_data: credential_data.as_ref(),
|
||||
credential_type: issued.typ().to_string(),
|
||||
epoch_id: epoch_id
|
||||
.try_into()
|
||||
.expect("our epoch is has run over u32::MAX!"),
|
||||
let apis = match apis {
|
||||
Some(apis) => apis,
|
||||
None => all_ecash_api_clients(client, epoch_id).await?,
|
||||
};
|
||||
|
||||
log::info!("Querying wallet signatures");
|
||||
let wallet = obtain_aggregate_wallet(issuance_data, &apis, threshold).await?;
|
||||
info!("managed to obtain sufficient number of partial signatures!");
|
||||
|
||||
log::info!("Getting expiration date signatures");
|
||||
// this will also persist the signatures in the storage if they were not there already
|
||||
get_expiration_date_signatures(
|
||||
storage,
|
||||
epoch_id,
|
||||
issuance_data.expiration_date(),
|
||||
apis.clone(),
|
||||
)
|
||||
.await?;
|
||||
|
||||
log::info!("Getting coin indices signatures");
|
||||
// this will also persist the signatures in the storage if they were not there already
|
||||
get_coin_index_signatures(storage, epoch_id, apis).await?;
|
||||
|
||||
let issued = issuance_data.to_issued_ticketbook(wallet, epoch_id);
|
||||
|
||||
info!("persisting the ticketbook into the storage...");
|
||||
storage
|
||||
.insert_issued_credential(storable)
|
||||
.insert_issued_ticketbook(&issued)
|
||||
.await
|
||||
.map_err(|err| BandwidthControllerError::CredentialStorageError(Box::new(err)))
|
||||
.map_err(|err| BandwidthControllerError::CredentialStorageError(Box::new(err)))?;
|
||||
Ok(issued)
|
||||
}
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
// Copyright 2022-2024 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use nym_credentials::coconut::bandwidth::IssuanceBandwidthCredential;
|
||||
|
||||
pub struct State {
|
||||
pub voucher: IssuanceBandwidthCredential,
|
||||
}
|
||||
|
||||
impl State {
|
||||
pub fn new(voucher: IssuanceBandwidthCredential) -> Self {
|
||||
State { voucher }
|
||||
}
|
||||
}
|
||||
@@ -1,12 +1,12 @@
|
||||
// Copyright 2023 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use nym_coconut::CoconutError;
|
||||
use nym_credential_storage::error::StorageError;
|
||||
use nym_credentials::error::Error as CredentialsError;
|
||||
use nym_credentials_interface::CompactEcashError;
|
||||
use nym_crypto::asymmetric::encryption::KeyRecoveryError;
|
||||
use nym_crypto::asymmetric::identity::Ed25519RecoveryError;
|
||||
use nym_validator_client::coconut::CoconutApiError;
|
||||
use nym_validator_client::coconut::EcashApiError;
|
||||
use nym_validator_client::error::ValidatorClientError;
|
||||
use thiserror::Error;
|
||||
|
||||
@@ -16,7 +16,7 @@ pub enum BandwidthControllerError {
|
||||
Nyxd(#[from] nym_validator_client::nyxd::error::NyxdError),
|
||||
|
||||
#[error("coconut api query failure: {0}")]
|
||||
CoconutApiError(#[from] CoconutApiError),
|
||||
CoconutApiError(#[from] EcashApiError),
|
||||
|
||||
#[error("There was a credential storage error - {0}")]
|
||||
CredentialStorageError(Box<dyn std::error::Error + Send + Sync>),
|
||||
@@ -28,8 +28,8 @@ pub enum BandwidthControllerError {
|
||||
#[error(transparent)]
|
||||
StorageError(#[from] StorageError),
|
||||
|
||||
#[error("Coconut error - {0}")]
|
||||
CoconutError(#[from] CoconutError),
|
||||
#[error("Ecash error - {0}")]
|
||||
EcashError(#[from] CompactEcashError),
|
||||
|
||||
#[error("Validator client error - {0}")]
|
||||
ValidatorError(#[from] ValidatorClientError),
|
||||
@@ -51,4 +51,15 @@ pub enum BandwidthControllerError {
|
||||
|
||||
#[error("can't handle recovering storage with revision {stored}. {expected} was expected")]
|
||||
UnsupportedCredentialStorageRevision { stored: u8, expected: u8 },
|
||||
|
||||
#[error("did not receive a valid response for aggregated data ({typ}) from ANY nym-api")]
|
||||
ExhaustedApiQueries { typ: String },
|
||||
}
|
||||
|
||||
impl BandwidthControllerError {
|
||||
pub fn credential_storage_error(
|
||||
source: impl std::error::Error + Send + Sync + 'static,
|
||||
) -> Self {
|
||||
BandwidthControllerError::CredentialStorageError(Box::new(source))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,16 +1,24 @@
|
||||
// Copyright 2021-2024 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#![warn(clippy::expect_used)]
|
||||
#![warn(clippy::unwrap_used)]
|
||||
#![warn(clippy::todo)]
|
||||
#![warn(clippy::dbg_macro)]
|
||||
|
||||
use crate::error::BandwidthControllerError;
|
||||
use crate::utils::stored_credential_to_issued_bandwidth;
|
||||
use log::{debug, error, warn};
|
||||
use crate::utils::{
|
||||
get_aggregate_verification_key, get_coin_index_signatures, get_expiration_date_signatures,
|
||||
ApiClientsWrapper,
|
||||
};
|
||||
use log::error;
|
||||
use nym_credential_storage::models::RetrievedTicketbook;
|
||||
use nym_credential_storage::storage::Storage;
|
||||
use nym_credentials::coconut::bandwidth::issued::BandwidthCredentialIssuedDataVariant;
|
||||
use nym_credentials::coconut::bandwidth::CredentialSpendingData;
|
||||
use nym_credentials::coconut::utils::obtain_aggregate_verification_key;
|
||||
use nym_credentials::IssuedBandwidthCredential;
|
||||
use nym_credentials_interface::VerificationKey;
|
||||
use nym_validator_client::coconut::all_coconut_api_clients;
|
||||
use nym_credentials::ecash::bandwidth::CredentialSpendingData;
|
||||
use nym_credentials_interface::{
|
||||
AnnotatedCoinIndexSignature, AnnotatedExpirationDateSignature, NymPayInfo, VerificationKeyAuth,
|
||||
};
|
||||
use nym_ecash_time::Date;
|
||||
use nym_validator_client::nym_api::EpochId;
|
||||
use nym_validator_client::nyxd::contract_traits::DkgQueryClient;
|
||||
|
||||
@@ -35,13 +43,20 @@ pub struct PreparedCredential {
|
||||
/// could use correct verification key for validation.
|
||||
pub epoch_id: EpochId,
|
||||
|
||||
/// The database id of the stored credential.
|
||||
pub credential_id: i64,
|
||||
/// Auxiliary metadata associated with the withdrawn credential
|
||||
pub metadata: PreparedCredentialMetadata,
|
||||
}
|
||||
|
||||
pub struct RetrievedCredential {
|
||||
pub credential: IssuedBandwidthCredential,
|
||||
pub credential_id: i64,
|
||||
#[derive(Copy, Clone)]
|
||||
pub struct PreparedCredentialMetadata {
|
||||
/// The database id of the stored credential.
|
||||
pub ticketbook_id: i64,
|
||||
|
||||
/// The number of tickets withdrawn in this credential
|
||||
pub tickets_withdrawn: u32,
|
||||
|
||||
/// The amount of tickets used INCLUDING those tickets that JUST got withdrawn
|
||||
pub used_tickets: u32,
|
||||
}
|
||||
|
||||
impl<C, St: Storage> BandwidthController<C, St> {
|
||||
@@ -50,111 +65,155 @@ impl<C, St: Storage> BandwidthController<C, St> {
|
||||
}
|
||||
|
||||
/// Tries to retrieve one of the stored, unused credentials that hasn't yet expired.
|
||||
/// It marks any retrieved intermediate credentials as expired.
|
||||
pub async fn get_next_usable_credential(
|
||||
pub async fn get_next_usable_ticketbook(
|
||||
&self,
|
||||
gateway_id: &str,
|
||||
) -> Result<RetrievedCredential, BandwidthControllerError>
|
||||
tickets: u32,
|
||||
) -> Result<RetrievedTicketbook, BandwidthControllerError>
|
||||
where
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
loop {
|
||||
let Some(maybe_next) = self
|
||||
.storage
|
||||
.get_next_unspent_credential(gateway_id)
|
||||
.await
|
||||
.map_err(|err| BandwidthControllerError::CredentialStorageError(Box::new(err)))?
|
||||
else {
|
||||
return Err(BandwidthControllerError::NoCredentialsAvailable);
|
||||
};
|
||||
let id = maybe_next.id;
|
||||
let Some(ticketbook) = self
|
||||
.storage
|
||||
.get_next_unspent_usable_ticketbook(tickets)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?
|
||||
else {
|
||||
return Err(BandwidthControllerError::NoCredentialsAvailable);
|
||||
};
|
||||
|
||||
// try to deserialize it
|
||||
let valid_credential = match stored_credential_to_issued_bandwidth(maybe_next) {
|
||||
// check if it has already expired
|
||||
Ok(credential) => match credential.variant_data() {
|
||||
BandwidthCredentialIssuedDataVariant::Voucher(_) => {
|
||||
debug!("credential {id} is a bandwidth voucher");
|
||||
credential
|
||||
}
|
||||
BandwidthCredentialIssuedDataVariant::FreePass(freepass_info) => {
|
||||
debug!("credential {id} is a free pass");
|
||||
if freepass_info.expired() {
|
||||
warn!("the free pass (id: {id}) has already expired! The expiration was set to {}", freepass_info.expiry_date());
|
||||
self.storage.mark_expired(id).await.map_err(|err| {
|
||||
BandwidthControllerError::CredentialStorageError(Box::new(err))
|
||||
})?;
|
||||
continue;
|
||||
}
|
||||
credential
|
||||
}
|
||||
},
|
||||
Err(err) => {
|
||||
error!("failed to deserialize credential with id {id}: {err}. it may need to be manually removed from the storage");
|
||||
return Err(err);
|
||||
}
|
||||
};
|
||||
return Ok(RetrievedCredential {
|
||||
credential: valid_credential,
|
||||
credential_id: id,
|
||||
});
|
||||
}
|
||||
Ok(ticketbook)
|
||||
}
|
||||
|
||||
pub fn storage(&self) -> &St {
|
||||
&self.storage
|
||||
pub async fn attempt_revert_ticket_usage(
|
||||
&self,
|
||||
info: PreparedCredentialMetadata,
|
||||
) -> Result<bool, BandwidthControllerError>
|
||||
where
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
self.storage
|
||||
.attempt_revert_ticketbook_withdrawal(
|
||||
info.ticketbook_id,
|
||||
info.used_tickets,
|
||||
info.tickets_withdrawn,
|
||||
)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)
|
||||
}
|
||||
|
||||
async fn get_aggregate_verification_key(
|
||||
&self,
|
||||
epoch_id: EpochId,
|
||||
) -> Result<VerificationKey, BandwidthControllerError>
|
||||
apis: &mut ApiClientsWrapper,
|
||||
) -> Result<VerificationKeyAuth, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
let coconut_api_clients = all_coconut_api_clients(&self.client, epoch_id).await?;
|
||||
Ok(obtain_aggregate_verification_key(&coconut_api_clients)?)
|
||||
let ecash_apis = apis.get_or_init(epoch_id, &self.client).await?;
|
||||
get_aggregate_verification_key(&self.storage, epoch_id, ecash_apis).await
|
||||
}
|
||||
|
||||
pub async fn prepare_bandwidth_credential(
|
||||
async fn get_coin_index_signatures(
|
||||
&self,
|
||||
gateway_id: &str,
|
||||
epoch_id: EpochId,
|
||||
apis: &mut ApiClientsWrapper,
|
||||
) -> Result<Vec<AnnotatedCoinIndexSignature>, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
let ecash_apis = apis.get_or_init(epoch_id, &self.client).await?;
|
||||
get_coin_index_signatures(&self.storage, epoch_id, ecash_apis).await
|
||||
}
|
||||
|
||||
async fn get_expiration_date_signatures(
|
||||
&self,
|
||||
epoch_id: EpochId,
|
||||
expiration_date: Date,
|
||||
apis: &mut ApiClientsWrapper,
|
||||
) -> Result<Vec<AnnotatedExpirationDateSignature>, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
let ecash_apis = apis.get_or_init(epoch_id, &self.client).await?;
|
||||
get_expiration_date_signatures(&self.storage, epoch_id, expiration_date, ecash_apis).await
|
||||
}
|
||||
|
||||
async fn prepare_ecash_ticket_inner(
|
||||
&self,
|
||||
provider_pk: [u8; 32],
|
||||
tickets_to_spend: u32,
|
||||
mut retrieved_ticketbook: RetrievedTicketbook,
|
||||
) -> Result<CredentialSpendingData, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
let epoch_id = retrieved_ticketbook.ticketbook.epoch_id();
|
||||
let expiration_date = retrieved_ticketbook.ticketbook.expiration_date();
|
||||
let mut api_clients = Default::default();
|
||||
|
||||
let verification_key = self
|
||||
.get_aggregate_verification_key(epoch_id, &mut api_clients)
|
||||
.await?;
|
||||
let expiration_signatures = self
|
||||
.get_expiration_date_signatures(epoch_id, expiration_date, &mut api_clients)
|
||||
.await?;
|
||||
let coin_indices_signatures = self
|
||||
.get_coin_index_signatures(epoch_id, &mut api_clients)
|
||||
.await?;
|
||||
|
||||
let pay_info = NymPayInfo::generate(provider_pk);
|
||||
|
||||
let spend_request = retrieved_ticketbook.ticketbook.prepare_for_spending(
|
||||
&verification_key,
|
||||
pay_info.into(),
|
||||
&coin_indices_signatures,
|
||||
&expiration_signatures,
|
||||
tickets_to_spend as u64,
|
||||
)?;
|
||||
Ok(spend_request)
|
||||
}
|
||||
|
||||
pub async fn prepare_ecash_ticket(
|
||||
&self,
|
||||
provider_pk: [u8; 32],
|
||||
tickets_to_spend: u32,
|
||||
) -> Result<PreparedCredential, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
let retrieved_credential = self.get_next_usable_credential(gateway_id).await?;
|
||||
let retrieved_ticketbook = self.get_next_usable_ticketbook(tickets_to_spend).await?;
|
||||
|
||||
let epoch_id = retrieved_credential.credential.epoch_id();
|
||||
let credential_id = retrieved_credential.credential_id;
|
||||
let ticketbook_id = retrieved_ticketbook.ticketbook_id;
|
||||
let epoch_id = retrieved_ticketbook.ticketbook.epoch_id();
|
||||
|
||||
let verification_key = self.get_aggregate_verification_key(epoch_id).await?;
|
||||
let used_tickets =
|
||||
retrieved_ticketbook.ticketbook.spent_tickets() as u32 + tickets_to_spend;
|
||||
let metadata = PreparedCredentialMetadata {
|
||||
ticketbook_id,
|
||||
tickets_withdrawn: tickets_to_spend,
|
||||
used_tickets,
|
||||
};
|
||||
|
||||
let spend_request = retrieved_credential
|
||||
.credential
|
||||
.prepare_for_spending(&verification_key)?;
|
||||
|
||||
Ok(PreparedCredential {
|
||||
data: spend_request,
|
||||
epoch_id,
|
||||
credential_id,
|
||||
})
|
||||
}
|
||||
|
||||
pub async fn consume_credential(
|
||||
&self,
|
||||
id: i64,
|
||||
gateway_id: &str,
|
||||
) -> Result<(), BandwidthControllerError>
|
||||
where
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
self.storage
|
||||
.consume_coconut_credential(id, gateway_id)
|
||||
match self
|
||||
.prepare_ecash_ticket_inner(provider_pk, tickets_to_spend, retrieved_ticketbook)
|
||||
.await
|
||||
.map_err(|err| BandwidthControllerError::CredentialStorageError(Box::new(err)))
|
||||
{
|
||||
Ok(data) => Ok(PreparedCredential {
|
||||
data,
|
||||
epoch_id,
|
||||
metadata,
|
||||
}),
|
||||
Err(err) => {
|
||||
error!("failed to prepare credential spending request. attempting to revert withdrawal...");
|
||||
self.attempt_revert_ticket_usage(metadata).await?;
|
||||
Err(err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,21 +2,180 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::error::BandwidthControllerError;
|
||||
use nym_credential_storage::models::StoredIssuedCredential;
|
||||
use nym_credentials::coconut::bandwidth::issued::CURRENT_SERIALIZATION_REVISION;
|
||||
use nym_credentials::coconut::bandwidth::IssuedBandwidthCredential;
|
||||
use log::warn;
|
||||
use nym_credential_storage::storage::Storage;
|
||||
use nym_credentials_interface::{
|
||||
AnnotatedCoinIndexSignature, AnnotatedExpirationDateSignature, VerificationKeyAuth,
|
||||
};
|
||||
use nym_ecash_time::Date;
|
||||
use nym_validator_client::coconut::all_ecash_api_clients;
|
||||
use nym_validator_client::nym_api::EpochId;
|
||||
use nym_validator_client::nyxd::contract_traits::DkgQueryClient;
|
||||
use nym_validator_client::EcashApiClient;
|
||||
use rand::prelude::SliceRandom;
|
||||
use rand::thread_rng;
|
||||
use std::fmt::Display;
|
||||
use std::future::Future;
|
||||
|
||||
pub fn stored_credential_to_issued_bandwidth(
|
||||
cred: StoredIssuedCredential,
|
||||
) -> Result<IssuedBandwidthCredential, BandwidthControllerError> {
|
||||
if cred.serialization_revision != CURRENT_SERIALIZATION_REVISION {
|
||||
return Err(
|
||||
BandwidthControllerError::UnsupportedCredentialStorageRevision {
|
||||
stored: cred.serialization_revision,
|
||||
expected: CURRENT_SERIALIZATION_REVISION,
|
||||
},
|
||||
);
|
||||
// it really doesn't need the RwLock because it's never moved across tasks,
|
||||
// but we need all the Send/Sync action
|
||||
#[derive(Default)]
|
||||
pub(crate) struct ApiClientsWrapper(Option<Vec<EcashApiClient>>);
|
||||
|
||||
impl ApiClientsWrapper {
|
||||
pub(crate) async fn get_or_init<C>(
|
||||
&mut self,
|
||||
epoch_id: EpochId,
|
||||
dkg_client: &C,
|
||||
) -> Result<Vec<EcashApiClient>, BandwidthControllerError>
|
||||
where
|
||||
C: DkgQueryClient + Sync + Send,
|
||||
{
|
||||
if let Some(cached) = &self.0 {
|
||||
return Ok(cached.clone());
|
||||
}
|
||||
|
||||
let clients = all_ecash_api_clients(dkg_client, epoch_id).await?;
|
||||
|
||||
// technically we don't have to be cloning all the clients here, but it's way simpler than
|
||||
// dealing with locking and whatnot given the performance penalty is negligible
|
||||
self.0 = Some(clients.clone());
|
||||
Ok(clients)
|
||||
}
|
||||
|
||||
Ok(IssuedBandwidthCredential::unpack_v1(&cred.credential_data)?)
|
||||
}
|
||||
|
||||
pub(crate) async fn query_random_apis_until_success<F, T, U, E>(
|
||||
mut apis: Vec<EcashApiClient>,
|
||||
f: F,
|
||||
typ: impl Into<String>,
|
||||
) -> Result<T, BandwidthControllerError>
|
||||
where
|
||||
F: Fn(EcashApiClient) -> U,
|
||||
U: Future<Output = Result<T, E>>,
|
||||
E: Display,
|
||||
{
|
||||
// try apis in pseudorandom way to remove any bias towards the first registered dealer
|
||||
apis.shuffle(&mut thread_rng());
|
||||
|
||||
for api in apis {
|
||||
let disp = api.to_string();
|
||||
match f(api).await {
|
||||
Ok(res) => return Ok(res),
|
||||
Err(err) => {
|
||||
warn!("failed to obtain valid response from API {disp}: {err}")
|
||||
}
|
||||
}
|
||||
}
|
||||
Err(BandwidthControllerError::ExhaustedApiQueries { typ: typ.into() })
|
||||
}
|
||||
|
||||
pub(crate) async fn get_aggregate_verification_key<St>(
|
||||
storage: &St,
|
||||
epoch_id: EpochId,
|
||||
ecash_apis: Vec<EcashApiClient>,
|
||||
) -> Result<VerificationKeyAuth, BandwidthControllerError>
|
||||
where
|
||||
St: Storage,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
if let Some(stored) = storage
|
||||
.get_master_verification_key(epoch_id)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?
|
||||
{
|
||||
return Ok(stored);
|
||||
};
|
||||
|
||||
let master_vk = query_random_apis_until_success(
|
||||
ecash_apis,
|
||||
|api| async move { api.api_client.master_verification_key(Some(epoch_id)).await },
|
||||
format!("aggregated verification key for epoch {epoch_id}"),
|
||||
)
|
||||
.await?
|
||||
.key;
|
||||
|
||||
// store the retrieved key
|
||||
storage
|
||||
.insert_master_verification_key(epoch_id, &master_vk)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?;
|
||||
|
||||
Ok(master_vk)
|
||||
}
|
||||
|
||||
pub(crate) async fn get_coin_index_signatures<St>(
|
||||
storage: &St,
|
||||
epoch_id: EpochId,
|
||||
ecash_apis: Vec<EcashApiClient>,
|
||||
) -> Result<Vec<AnnotatedCoinIndexSignature>, BandwidthControllerError>
|
||||
where
|
||||
St: Storage,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
if let Some(stored) = storage
|
||||
.get_coin_index_signatures(epoch_id)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?
|
||||
{
|
||||
return Ok(stored);
|
||||
};
|
||||
|
||||
let index_sigs = query_random_apis_until_success(
|
||||
ecash_apis,
|
||||
|api| async move {
|
||||
api.api_client
|
||||
.global_coin_indices_signatures(Some(epoch_id))
|
||||
.await
|
||||
},
|
||||
format!("aggregated coin index signatures for epoch {epoch_id}"),
|
||||
)
|
||||
.await?
|
||||
.signatures;
|
||||
|
||||
// store the retrieved key
|
||||
storage
|
||||
.insert_coin_index_signatures(epoch_id, &index_sigs)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?;
|
||||
|
||||
Ok(index_sigs)
|
||||
}
|
||||
|
||||
pub(crate) async fn get_expiration_date_signatures<St>(
|
||||
storage: &St,
|
||||
epoch_id: EpochId,
|
||||
expiration_date: Date,
|
||||
ecash_apis: Vec<EcashApiClient>,
|
||||
) -> Result<Vec<AnnotatedExpirationDateSignature>, BandwidthControllerError>
|
||||
where
|
||||
St: Storage,
|
||||
<St as Storage>::StorageError: Send + Sync + 'static,
|
||||
{
|
||||
if let Some(stored) = storage
|
||||
.get_expiration_date_signatures(expiration_date)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?
|
||||
{
|
||||
return Ok(stored);
|
||||
};
|
||||
|
||||
let expiration_sigs = query_random_apis_until_success(
|
||||
ecash_apis,
|
||||
|api| async move {
|
||||
api.api_client
|
||||
.global_expiration_date_signatures(Some(expiration_date))
|
||||
.await
|
||||
},
|
||||
format!("aggregated coin index signatures for date {expiration_date}"),
|
||||
)
|
||||
.await?
|
||||
.signatures;
|
||||
|
||||
// store the retrieved key
|
||||
storage
|
||||
.insert_expiration_date_signatures(epoch_id, expiration_date, &expiration_sigs)
|
||||
.await
|
||||
.map_err(BandwidthControllerError::credential_storage_error)?;
|
||||
|
||||
Ok(expiration_sigs)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user