From fa93c4598fb142da58af7a4ac415610cd434f070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=99drzej=20Stuczy=C5=84ski?= Date: Mon, 12 Feb 2024 16:56:55 +0000 Subject: [PATCH] removing redundant epoch_id field --- .../client-libs/gateway-client/src/client.rs | 5 +-- common/credentials-interface/src/lib.rs | 3 ++ .../src/coconut/bandwidth/issued.rs | 9 +++--- gateway/gateway-requests/src/models.rs | 31 +++++++------------ gateway/gateway-requests/src/types.rs | 9 +++--- .../connection_handler/authenticated.rs | 8 ++--- .../websocket/connection_handler/coconut.rs | 5 ++- .../nym-api-requests/src/coconut/models.rs | 7 ----- nym-api/src/coconut/api_routes/mod.rs | 2 +- 9 files changed, 32 insertions(+), 47 deletions(-) diff --git a/common/client-libs/gateway-client/src/client.rs b/common/client-libs/gateway-client/src/client.rs index 87e9fa758a..2a9750e7a1 100644 --- a/common/client-libs/gateway-client/src/client.rs +++ b/common/client-libs/gateway-client/src/client.rs @@ -25,7 +25,6 @@ use nym_gateway_requests::{ use nym_network_defaults::{REMAINING_BANDWIDTH_THRESHOLD, TOKENS_TO_BURN}; use nym_sphinx::forwarding::packet::MixPacket; use nym_task::TaskClient; -use nym_validator_client::nym_api::EpochId; use nym_validator_client::nyxd::contract_traits::DkgQueryClient; use rand::rngs::OsRng; use std::convert::TryFrom; @@ -527,14 +526,12 @@ impl GatewayClient { async fn claim_coconut_bandwidth( &mut self, credential: CredentialSpendingData, - epoch_id: EpochId, ) -> Result<(), GatewayClientError> { let mut rng = OsRng; let iv = IV::new_random(&mut rng); let msg = ClientControlRequest::new_enc_coconut_bandwidth_credential_v2( credential, - epoch_id, self.shared_key.as_ref().unwrap(), iv, ) @@ -587,7 +584,7 @@ impl GatewayClient { .prepare_bandwidth_credential() .await?; - self.claim_coconut_bandwidth(prepared_credential.data, prepared_credential.epoch_id) + self.claim_coconut_bandwidth(prepared_credential.data) .await?; self.bandwidth_controller .as_ref() diff --git a/common/credentials-interface/src/lib.rs b/common/credentials-interface/src/lib.rs index f2be1ef70f..7acc98499c 100644 --- a/common/credentials-interface/src/lib.rs +++ b/common/credentials-interface/src/lib.rs @@ -92,6 +92,9 @@ pub struct CredentialSpendingData { pub public_attributes_plain: Vec, pub typ: CredentialType, + + /// The (DKG) epoch id under which the credential has been issued so that the verifier could use correct verification key for validation. + pub epoch_id: u64, } impl CredentialSpendingData { diff --git a/common/credentials/src/coconut/bandwidth/issued.rs b/common/credentials/src/coconut/bandwidth/issued.rs index 753f5434d2..8354408533 100644 --- a/common/credentials/src/coconut/bandwidth/issued.rs +++ b/common/credentials/src/coconut/bandwidth/issued.rs @@ -14,9 +14,9 @@ use nym_credentials_interface::prove_bandwidth_credential; use nym_credentials_interface::{ Parameters, PrivateAttribute, PublicAttribute, Signature, VerificationKey, }; +use nym_validator_client::nym_api::EpochId; use serde::{Deserialize, Serialize}; use zeroize::{Zeroize, ZeroizeOnDrop}; -use nym_validator_client::nym_api::EpochId; pub const CURRENT_SERIALIZATION_REVISION: u8 = 1; @@ -92,9 +92,9 @@ pub struct IssuedBandwidthCredential { /// type of the bandwdith credential hashed onto a scalar #[serde(with = "scalar_serde_helper")] type_prehashed: PublicAttribute, - + /// Specifies the (DKG) epoch id when this credential has been issued - epoch_id: EpochId + epoch_id: EpochId, } impl IssuedBandwidthCredential { @@ -104,7 +104,7 @@ impl IssuedBandwidthCredential { signature: Signature, variant_data: BandwidthCredentialIssuedDataVariant, type_prehashed: PublicAttribute, - epoch_id: EpochId + epoch_id: EpochId, ) -> Self { IssuedBandwidthCredential { serial_number, @@ -172,6 +172,7 @@ impl IssuedBandwidthCredential { verify_credential_request, public_attributes_plain: self.get_plain_public_attributes(), typ: self.typ(), + epoch_id: self.epoch_id, }) } } diff --git a/gateway/gateway-requests/src/models.rs b/gateway/gateway-requests/src/models.rs index 93407363bd..a250612508 100644 --- a/gateway/gateway-requests/src/models.rs +++ b/gateway/gateway-requests/src/models.rs @@ -22,7 +22,7 @@ pub struct OldV1Credential { } // attempt to convert the old request type into the new variant -impl TryFrom for CredentialSpendingWithEpoch { +impl TryFrom for CredentialSpendingRequest { type Error = GatewayRequestsError; fn try_from(value: OldV1Credential) -> Result { @@ -35,14 +35,14 @@ impl TryFrom for CredentialSpendingWithEpoch { let typ = value.voucher_info.parse()?; let public_attributes_plain = vec![value.voucher_value.to_string(), value.voucher_info]; - Ok(CredentialSpendingWithEpoch { + Ok(CredentialSpendingRequest { data: CredentialSpendingData { embedded_private_attributes, verify_credential_request: value.theta, public_attributes_plain, typ, + epoch_id: value.epoch_id, }, - epoch_id: value.epoch_id, }) } } @@ -106,13 +106,9 @@ impl OldV1Credential { } #[derive(Debug, Serialize, Deserialize, PartialEq, Eq)] -pub struct CredentialSpendingWithEpoch { +pub struct CredentialSpendingRequest { /// The cryptographic material required for spending the underlying credential. pub data: CredentialSpendingData, - - /// The (DKG) epoch id under which the credential has been issued so that the verifier - /// could use correct verification key for validation. - pub epoch_id: u64, } // just a helper macro for checking required length and advancing the buffer @@ -132,9 +128,9 @@ macro_rules! ensure_len_and_advance { }}; } -impl CredentialSpendingWithEpoch { - pub fn new(data: CredentialSpendingData, epoch_id: u64) -> Self { - CredentialSpendingWithEpoch { data, epoch_id } +impl CredentialSpendingRequest { + pub fn new(data: CredentialSpendingData) -> Self { + CredentialSpendingRequest { data } } pub fn matches_blinded_serial_number( @@ -183,7 +179,7 @@ impl CredentialSpendingWithEpoch { bytes.extend_from_slice(&typ_len); bytes.extend_from_slice(typ_bytes); - bytes.extend_from_slice(&self.epoch_id.to_be_bytes()); + bytes.extend_from_slice(&self.data.epoch_id.to_be_bytes()); bytes } @@ -227,14 +223,14 @@ impl CredentialSpendingWithEpoch { let epoch_id_bytes = ensure_len_and_advance!(b, 8); let epoch_id = u64::from_be_bytes(epoch_id_bytes.try_into().unwrap()); - Ok(CredentialSpendingWithEpoch { + Ok(CredentialSpendingRequest { data: CredentialSpendingData { embedded_private_attributes, verify_credential_request: theta, public_attributes_plain, typ, + epoch_id, }, - epoch_id, }) } } @@ -332,13 +328,10 @@ mod tests { .prepare_for_spending(keypair.verification_key()) .unwrap(); - let with_epoch = CredentialSpendingWithEpoch { - data: spending, - epoch_id: 42, - }; + let with_epoch = CredentialSpendingRequest { data: spending }; let bytes = with_epoch.to_bytes(); - let recovered = CredentialSpendingWithEpoch::try_from_bytes(&bytes).unwrap(); + let recovered = CredentialSpendingRequest::try_from_bytes(&bytes).unwrap(); assert_eq!(with_epoch, recovered); } diff --git a/gateway/gateway-requests/src/types.rs b/gateway/gateway-requests/src/types.rs index 0165a40c6d..cc85d408c6 100644 --- a/gateway/gateway-requests/src/types.rs +++ b/gateway/gateway-requests/src/types.rs @@ -3,7 +3,7 @@ use crate::authentication::encrypted_address::EncryptedAddressBytes; use crate::iv::IV; -use crate::models::{CredentialSpendingWithEpoch, OldV1Credential}; +use crate::models::{CredentialSpendingRequest, OldV1Credential}; use crate::registration::handshake::SharedKeys; use crate::{GatewayMacSize, CURRENT_PROTOCOL_VERSION}; use log::error; @@ -190,11 +190,10 @@ impl ClientControlRequest { pub fn new_enc_coconut_bandwidth_credential_v2( credential: CredentialSpendingData, - epoch_id: u64, shared_key: &SharedKeys, iv: IV, ) -> Self { - let cred = CredentialSpendingWithEpoch::new(credential, epoch_id); + let cred = CredentialSpendingRequest::new(credential); let serialized_credential = cred.to_bytes(); let enc_credential = shared_key.encrypt_and_tag(&serialized_credential, Some(iv.inner())); @@ -208,9 +207,9 @@ impl ClientControlRequest { enc_credential: Vec, shared_key: &SharedKeys, iv: IV, - ) -> Result { + ) -> Result { let credential_bytes = shared_key.decrypt_tagged(&enc_credential, Some(iv.inner()))?; - CredentialSpendingWithEpoch::try_from_bytes(&credential_bytes) + CredentialSpendingRequest::try_from_bytes(&credential_bytes) .map_err(|_| GatewayRequestsError::MalformedEncryption) } } diff --git a/gateway/src/node/client_handling/websocket/connection_handler/authenticated.rs b/gateway/src/node/client_handling/websocket/connection_handler/authenticated.rs index 0f4bd0d7d6..de56f78413 100644 --- a/gateway/src/node/client_handling/websocket/connection_handler/authenticated.rs +++ b/gateway/src/node/client_handling/websocket/connection_handler/authenticated.rs @@ -22,7 +22,7 @@ use futures::{ use log::*; use nym_credentials::coconut::bandwidth::{bandwidth_credential_params, CredentialType}; use nym_credentials_interface::CoconutError; -use nym_gateway_requests::models::CredentialSpendingWithEpoch; +use nym_gateway_requests::models::CredentialSpendingRequest; use nym_gateway_requests::{ iv::{IVConversionError, IV}, types::{BinaryRequest, ServerResponse}, @@ -220,12 +220,12 @@ where async fn handle_bandwidth_request( &mut self, - credential: CredentialSpendingWithEpoch, + credential: CredentialSpendingRequest, ) -> Result { let aggregated_verification_key = self .inner .coconut_verifier - .verification_key(credential.epoch_id) + .verification_key(credential.data.epoch_id) .await?; if !credential.data.validate_type_attribute() { @@ -251,7 +251,7 @@ where let api_clients = self .inner .coconut_verifier - .api_clients(credential.epoch_id) + .api_clients(credential.data.epoch_id) .await?; self.inner diff --git a/gateway/src/node/client_handling/websocket/connection_handler/coconut.rs b/gateway/src/node/client_handling/websocket/connection_handler/coconut.rs index db4ec9ee6c..d013f8fda7 100644 --- a/gateway/src/node/client_handling/websocket/connection_handler/coconut.rs +++ b/gateway/src/node/client_handling/websocket/connection_handler/coconut.rs @@ -4,7 +4,7 @@ use super::authenticated::RequestHandlingError; use log::*; use nym_credentials_interface::VerificationKey; -use nym_gateway_requests::models::CredentialSpendingWithEpoch; +use nym_gateway_requests::models::CredentialSpendingRequest; use nym_validator_client::coconut::all_coconut_api_clients; use nym_validator_client::nym_api::EpochId; use nym_validator_client::nyxd::contract_traits::{MultisigQueryClient, NymContractsProvider}; @@ -180,7 +180,7 @@ impl CoconutVerifier { pub async fn release_bandwidth_voucher_funds( &self, api_clients: &[CoconutApiClient], - credential: CredentialSpendingWithEpoch, + credential: CredentialSpendingRequest, ) -> Result<(), RequestHandlingError> { if !credential.data.typ.is_voucher() { unimplemented!() @@ -230,7 +230,6 @@ impl CoconutVerifier { let req = nym_api_requests::coconut::VerifyCredentialBody::new( credential.data, - credential.epoch_id, proposal_id, self.address.clone(), ); diff --git a/nym-api/nym-api-requests/src/coconut/models.rs b/nym-api/nym-api-requests/src/coconut/models.rs index aae0bc9ea0..aaa980cc5a 100644 --- a/nym-api/nym-api-requests/src/coconut/models.rs +++ b/nym-api/nym-api-requests/src/coconut/models.rs @@ -17,10 +17,6 @@ pub struct VerifyCredentialBody { /// The cryptographic material required for spending the underlying credential. pub credential_data: CredentialSpendingData, - /// The (DKG) epoch id under which the credential has been issued so that the verifier - /// could use correct verification key for validation. - pub epoch_id: u64, - /// Multisig proposal for releasing funds for the provided bandwidth credential pub proposal_id: u64, @@ -31,13 +27,11 @@ pub struct VerifyCredentialBody { impl VerifyCredentialBody { pub fn new( credential_data: CredentialSpendingData, - epoch_id: u64, proposal_id: u64, gateway_cosmos_addr: AccountId, ) -> VerifyCredentialBody { VerifyCredentialBody { credential_data, - epoch_id, proposal_id, gateway_cosmos_addr, } @@ -68,7 +62,6 @@ pub struct BlindSignRequestBody { /// Signature on the inner sign request and the tx hash pub signature: identity::Signature, - // public_attributes: Vec, pub public_attributes_plain: Vec, } diff --git a/nym-api/src/coconut/api_routes/mod.rs b/nym-api/src/coconut/api_routes/mod.rs index df8300746e..013f600897 100644 --- a/nym-api/src/coconut/api_routes/mod.rs +++ b/nym-api/src/coconut/api_routes/mod.rs @@ -239,8 +239,8 @@ pub async fn verify_bandwidth_credential( state: &RocketState, ) -> Result> { let proposal_id = verify_credential_body.proposal_id; - let epoch_id = verify_credential_body.epoch_id; let credential_data = &verify_credential_body.credential_data; + let epoch_id = credential_data.epoch_id; let theta = &credential_data.verify_credential_request; let voucher_value: u64 = if credential_data.typ.is_voucher() {