Files
nym/common/credentials/src/token/bandwidth.rs
T
Bogdan-Ștefan Neacşu 10bf70b22b Feature/bandwidth token (#832)
* Remove check for bandwidth for incoming packets

We should only accunt for packets that the client inputs to the mixnet

* Introduce BandwidthController for both types of bandwidth creds

* Add some non-coconut token bandwidth handling

* Use thiserror for gateway-client lib

* Add error handling

* Unable to build for wasm for now

* Fix wasm strange error

* Disable non-coconut credentials for wasm client

* Check for status and throw the error up

* Send encrypted token cred from client

* Gateway receive message and signature validation

* Put the correct amount of tokens that were burned

* [ci skip] Generate TS types

* Eth endpoint and secret key as config parameters

* Add eth_endpoint config argument for gateway

* Update test as well

* Separate panicable code from the safe one

* Move some bandwidth controller panics up the call stack

* Save contract corresponding to the eth endpoint

* Fix template

* Pass the web3 interface as well

* Made event reads possible in gateway

* Add checks for event data

* Cosmos contract for double spending prevention

* Add workflow for the new contract

* Add validator rest URL to config

* Rename eth_events to erc20_bridge

* Pass cosmos mnemonic as well, and put the nymd client in ERC20Bridge

* Call cosmos contract for final verification

* Ask for config parameters in cli

* Fix various stuff

* Increase timeout to allow gateway to check the two chains

* Put some logs for the new flow

* Set consumed bandwidth invariantly of coconut feature

* Fix clippy error

* Add non-coconut checks

* Use 2018 rust instead of 2021

* More verbose nymd error

* Explicitly specify TOKENS_TO_BURN constant

* Put eth burn function in a constant

* Replace to_vec & append with iter & chain

* Test for (de)serialization of TokenCredential

* Minor rename

* Separate credential creation from bandwidth claiming

* Switch from panics to errors when claiming coconut bandwidth

* Another append changed to chain

* Update QA cosmos contract address

* Simplify build/test/clippy separation on coconut feature

* Fix bad features arg positioning

* Use the start_after in cosmos contract query

* Set a limit in line with a range on cosmos queries

* Added unit tests for new cosmos contract

* Fix bandwidth_remaining comparation

* Get remaining bandwidth from gateway

* Add contract build flag

* Add a useful info log

* Use a more robust eth depth for release builds

* Include recipt logs in error message

* Fix clippy for tests

* Use Arc instead of clone

* Rename as_bytes to to_bytes

* Make signature verification in contract more verbose

* Missed rename of paging constant

* Fix gateway start with coconut enabled

* Rename function to claim_token

* Simplify nymd client setup

* Check with block buffer on gateway as well

* Update comment of double spending protection

* Correct contract address

* Backup the keypairs used for buying tokens, in case of error cases

* Don't take any chances with the gateway timeout

* [ci skip] Generate TS types

* Updated cosmos contract to latest QA address

* Add cli options for eth

* Update network monitor timeout value as well

Co-authored-by: neacsu <neacsu@users.noreply.github.com>
2021-11-10 14:53:56 +02:00

141 lines
4.5 KiB
Rust

// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use crypto::asymmetric::identity::{PublicKey, Signature, PUBLIC_KEY_LENGTH, SIGNATURE_LENGTH};
use crate::error::Error;
use std::convert::TryInto;
#[cfg(not(feature = "coconut"))]
pub struct TokenCredential {
verification_key: PublicKey,
gateway_identity: PublicKey,
bandwidth: u64,
signature: Signature,
}
#[cfg(not(feature = "coconut"))]
impl TokenCredential {
pub fn new(
verification_key: PublicKey,
gateway_identity: PublicKey,
bandwidth: u64,
signature: Signature,
) -> Self {
TokenCredential {
verification_key,
gateway_identity,
bandwidth,
signature,
}
}
pub fn verification_key(&self) -> PublicKey {
self.verification_key
}
pub fn gateway_identity(&self) -> PublicKey {
self.gateway_identity
}
pub fn bandwidth(&self) -> u64 {
self.bandwidth
}
pub fn signature_bytes(&self) -> [u8; 64] {
self.signature.to_bytes()
}
pub fn verify_signature(&self) -> bool {
let message: Vec<u8> = self
.verification_key
.to_bytes()
.iter()
.chain(self.gateway_identity.to_bytes().iter())
.copied()
.collect();
self.verification_key
.verify(&message, &self.signature)
.is_ok()
}
pub fn to_bytes(&self) -> Vec<u8> {
self.verification_key
.to_bytes()
.iter()
.chain(self.gateway_identity.to_bytes().iter())
.chain(self.bandwidth.to_be_bytes().iter())
.chain(self.signature.to_bytes().iter())
.copied()
.collect()
}
pub fn from_bytes(b: &[u8]) -> Result<Self, Error> {
if b.len() != 2 * PUBLIC_KEY_LENGTH + 8 + SIGNATURE_LENGTH {
return Err(Error::BandwidthCredentialError);
}
let verification_key = PublicKey::from_bytes(&b[..PUBLIC_KEY_LENGTH])
.map_err(|_| Error::BandwidthCredentialError)?;
let gateway_identity = PublicKey::from_bytes(&b[PUBLIC_KEY_LENGTH..2 * PUBLIC_KEY_LENGTH])
.map_err(|_| Error::BandwidthCredentialError)?;
let bandwidth = u64::from_be_bytes(
b[2 * PUBLIC_KEY_LENGTH..2 * PUBLIC_KEY_LENGTH + 8]
.try_into()
// unwrapping is safe because we know we have 8 bytes
.unwrap(),
);
let signature = Signature::from_bytes(&b[2 * PUBLIC_KEY_LENGTH + 8..])
.map_err(|_| Error::BandwidthCredentialError)?;
Ok(TokenCredential {
verification_key,
gateway_identity,
bandwidth,
signature,
})
}
}
#[cfg(test)]
mod tests {
use super::*;
#[cfg(not(feature = "coconut"))]
#[test]
fn token_serde() {
// pre-generated, valid values
let verification_key = PublicKey::from_bytes(&[
103, 105, 71, 177, 149, 245, 26, 32, 73, 121, 76, 50, 94, 88, 119, 231, 91, 229, 167,
56, 39, 62, 185, 39, 83, 246, 153, 27, 17, 155, 109, 73,
])
.unwrap();
let gateway_identity = PublicKey::from_bytes(&[
37, 113, 137, 189, 157, 82, 35, 2, 187, 136, 61, 119, 98, 5, 245, 82, 46, 124, 67, 45,
165, 255, 53, 222, 185, 252, 6, 148, 128, 15, 206, 19,
])
.unwrap();
let signature = Signature::from_bytes(&[
117, 251, 162, 217, 57, 2, 50, 210, 206, 81, 236, 90, 74, 201, 69, 237, 240, 247, 214,
158, 220, 89, 235, 222, 85, 134, 73, 73, 8, 60, 25, 39, 183, 28, 83, 193, 31, 174, 25,
24, 38, 215, 205, 228, 159, 135, 35, 4, 171, 59, 100, 157, 12, 249, 77, 52, 143, 4, 32,
28, 147, 70, 182, 14,
])
.unwrap();
let credential = TokenCredential::new(verification_key, gateway_identity, 1024, signature);
let serialized_credential = credential.to_bytes();
let deserialized_credential = TokenCredential::from_bytes(&serialized_credential).unwrap();
assert_eq!(
credential.verification_key,
deserialized_credential.verification_key
);
assert_eq!(
credential.gateway_identity,
deserialized_credential.gateway_identity
);
assert_eq!(credential.bandwidth, deserialized_credential.bandwidth);
assert_eq!(
credential.signature.to_bytes(),
deserialized_credential.signature.to_bytes()
);
}
}