Files
nym/common/credentials/src/token/bandwidth.rs
T
Bogdan-Ștefan Neacşu 9e8f550e6d Feature/signature on deposit (#1151)
* Add placeholder client for implementing coconut interactions

* Add db for persistance

* Add nymd client

* Add new coconut-bandwidth contract

* Call deposit function

* Introduce error handling

* Call the old flow of getting a signature

* List available tx hashes

* Add signed req in body

* Save signature received

* Add event generation

* Checks in validator-api

* Fail with error instead of panic in validator-api route

* Fix contract address and small bug

* Add file db for storing previous signatures

* Encrypt and store data in validator-api

* Decrypt the received signature

* Remove tx hashes after getting credentials

* Small listing changes in client

* Change response so that it easier to serialize

* Error message is sent to client for display

* Remove already signed error and return the previous sig

* Merge signature with deposit data in client

* Entrypoint for getting the encrypted signature

* Refactor blinding stuff so that it can be backed up

* Backed up the blind sign request

* Client can re-request the encrypted signature shares

* Update crypto features

* Fix clippy

* Activate instantiate test and remove unused code

* Add tx tests

* Add verification key endpoint test

* Voucher consistency test

* Test for some errors and a race condition on blind signing

* Refactor and add client trait for enabling better testing env

* Test some more of blind sign

* Finished testing all extract_encryption_key paths

* Split into function test and endpoint test

* Test for correct signature

* Test for state functions

* Remove print

* Test blind_sign endpoint

* Test for cached signature endpoint

* Stricter types in voucher

* Rename signature with partial_bandwidth_credential

* Extra route levels

* Length check and remove some unused code from coconut interface

* Renamed coconut-bandwidth common crate

* Renamed verification_key to identity_key

* Use const instead of hardcoded values

* Use type aliases for crypto algorithms

* Remove unused mods, until needed

* Remove unneeded unwrap

* Fix some coconut issues that were blocking the wasm client build

* Move from sled to existing sql database

* Update tests for new db type

* Fix wasm for coconut too

* Remove sled from dependencies
2022-03-29 15:03:38 +03:00

138 lines
4.4 KiB
Rust

// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use crypto::asymmetric::identity::{PublicKey, Signature, PUBLIC_KEY_LENGTH, SIGNATURE_LENGTH};
use crate::error::Error;
use std::convert::TryInto;
pub struct TokenCredential {
verification_key: PublicKey,
gateway_identity: PublicKey,
bandwidth: u64,
signature: Signature,
}
impl TokenCredential {
pub fn new(
verification_key: PublicKey,
gateway_identity: PublicKey,
bandwidth: u64,
signature: Signature,
) -> Self {
TokenCredential {
verification_key,
gateway_identity,
bandwidth,
signature,
}
}
pub fn verification_key(&self) -> PublicKey {
self.verification_key
}
pub fn gateway_identity(&self) -> PublicKey {
self.gateway_identity
}
pub fn bandwidth(&self) -> u64 {
self.bandwidth
}
pub fn signature_bytes(&self) -> [u8; 64] {
self.signature.to_bytes()
}
pub fn verify_signature(&self) -> bool {
let message: Vec<u8> = self
.verification_key
.to_bytes()
.iter()
.chain(self.gateway_identity.to_bytes().iter())
.copied()
.collect();
self.verification_key
.verify(&message, &self.signature)
.is_ok()
}
pub fn to_bytes(&self) -> Vec<u8> {
self.verification_key
.to_bytes()
.iter()
.chain(self.gateway_identity.to_bytes().iter())
.chain(self.bandwidth.to_be_bytes().iter())
.chain(self.signature.to_bytes().iter())
.copied()
.collect()
}
pub fn from_bytes(b: &[u8]) -> Result<Self, Error> {
if b.len() != 2 * PUBLIC_KEY_LENGTH + 8 + SIGNATURE_LENGTH {
return Err(Error::BandwidthCredentialError);
}
let verification_key = PublicKey::from_bytes(&b[..PUBLIC_KEY_LENGTH])
.map_err(|_| Error::BandwidthCredentialError)?;
let gateway_identity = PublicKey::from_bytes(&b[PUBLIC_KEY_LENGTH..2 * PUBLIC_KEY_LENGTH])
.map_err(|_| Error::BandwidthCredentialError)?;
let bandwidth = u64::from_be_bytes(
b[2 * PUBLIC_KEY_LENGTH..2 * PUBLIC_KEY_LENGTH + 8]
.try_into()
// unwrapping is safe because we know we have 8 bytes
.unwrap(),
);
let signature = Signature::from_bytes(&b[2 * PUBLIC_KEY_LENGTH + 8..])
.map_err(|_| Error::BandwidthCredentialError)?;
Ok(TokenCredential {
verification_key,
gateway_identity,
bandwidth,
signature,
})
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn token_serde() {
// pre-generated, valid values
let verification_key = PublicKey::from_bytes(&[
103, 105, 71, 177, 149, 245, 26, 32, 73, 121, 76, 50, 94, 88, 119, 231, 91, 229, 167,
56, 39, 62, 185, 39, 83, 246, 153, 27, 17, 155, 109, 73,
])
.unwrap();
let gateway_identity = PublicKey::from_bytes(&[
37, 113, 137, 189, 157, 82, 35, 2, 187, 136, 61, 119, 98, 5, 245, 82, 46, 124, 67, 45,
165, 255, 53, 222, 185, 252, 6, 148, 128, 15, 206, 19,
])
.unwrap();
let signature = Signature::from_bytes(&[
117, 251, 162, 217, 57, 2, 50, 210, 206, 81, 236, 90, 74, 201, 69, 237, 240, 247, 214,
158, 220, 89, 235, 222, 85, 134, 73, 73, 8, 60, 25, 39, 183, 28, 83, 193, 31, 174, 25,
24, 38, 215, 205, 228, 159, 135, 35, 4, 171, 59, 100, 157, 12, 249, 77, 52, 143, 4, 32,
28, 147, 70, 182, 14,
])
.unwrap();
let credential = TokenCredential::new(verification_key, gateway_identity, 1024, signature);
let serialized_credential = credential.to_bytes();
let deserialized_credential = TokenCredential::from_bytes(&serialized_credential).unwrap();
assert_eq!(
credential.verification_key,
deserialized_credential.verification_key
);
assert_eq!(
credential.gateway_identity,
deserialized_credential.gateway_identity
);
assert_eq!(credential.bandwidth, deserialized_credential.bandwidth);
assert_eq!(
credential.signature.to_bytes(),
deserialized_credential.signature.to_bytes()
);
}
}