Commit 75766a0f authored by suyanlong's avatar suyanlong

Add route path bls sign function

parent ffb576dd
Pipeline #8236 failed with stages
......@@ -235,7 +235,7 @@ func (r *router) getHub() (port.Port, bool) {
}
func (r *router) isSign(ibtpx *pb.IBTPX) bool {
return ibtpx.RecursiveVerify(r.privateKey.PublicKey().Verify)
return ibtpx.Verify(r.privateKey.PublicKey().Verify)
}
func (r *router) sign(ibtpx *pb.IBTPX) error {
......@@ -250,7 +250,7 @@ func (r *router) sign(ibtpx *pb.IBTPX) error {
// hub endorse
func (r *router) isEndorse(ibtpx *pb.IBTPX) bool {
return ibtpx.RecursiveVerify(r.hubPublicKey.Verify)
return ibtpx.Verify(r.hubPublicKey.Verify)
}
func (r *router) HandlerMethod() {}
......
......@@ -40,7 +40,11 @@ func (m *IBTPX) digest(part []byte, signs []string) *types.Hash {
return types.NewHash(s[:])
}
func (m *IBTPX) RecursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
func (m *IBTPX) Verify(verify func(digest []byte, sig []byte) (bool, error)) bool {
return m.recursiveVerify(verify)
}
func (m *IBTPX) recursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
part := m.frontPart()
for i, currentSig := range m.RouteSign {
var d, dig []byte
......
......@@ -28,11 +28,13 @@ const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
type IBTPX struct {
Ibtp *IBTP `protobuf:"bytes,1,opt,name=ibtp,proto3" json:"ibtp,omitempty"`
// route mode
Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
// 路由节点签名路径,主要是对data hash签名,主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法,聚合签名。
RouteSign []string `protobuf:"bytes,3,rep,name=routeSign,proto3" json:"routeSign,omitempty"`
RouteMethod string `protobuf:"bytes,4,opt,name=routeMethod,proto3" json:"routeMethod,omitempty"`
RouteMethodArg []string `protobuf:"bytes,5,rep,name=routeMethodArg,proto3" json:"routeMethodArg,omitempty"`
IsValid bool `protobuf:"varint,6,opt,name=IsValid,proto3" json:"IsValid,omitempty"`
Count int32 `protobuf:"varint,7,opt,name=count,proto3" json:"count,omitempty"`
}
func (m *IBTPX) Reset() { *m = IBTPX{} }
......@@ -118,6 +120,13 @@ func (m *IBTPX) GetIsValid() bool {
return false
}
func (m *IBTPX) GetCount() int32 {
if m != nil {
return m.Count
}
return 0
}
func init() {
proto.RegisterType((*IBTPX)(nil), "pb.IBTPX")
}
......@@ -125,20 +134,21 @@ func init() {
func init() { proto.RegisterFile("ibtpx.proto", fileDescriptor_8402d80e061d514a) }
var fileDescriptor_8402d80e061d514a = []byte{
// 203 bytes of a gzipped FileDescriptorProto
// 221 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0xce, 0x4c, 0x2a, 0x29,
0xa8, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2a, 0x48, 0x92, 0xe2, 0x02, 0x09, 0x40,
0xf8, 0x4a, 0xbb, 0x19, 0xb9, 0x58, 0x3d, 0x9d, 0x42, 0x02, 0x22, 0x84, 0x64, 0xb8, 0x58, 0x40,
0xf8, 0x4a, 0x17, 0x19, 0xb9, 0x58, 0x3d, 0x9d, 0x42, 0x02, 0x22, 0x84, 0x64, 0xb8, 0x58, 0x40,
0xe2, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0xdc, 0x46, 0x1c, 0x7a, 0x05, 0x49, 0x7a, 0x20, 0x89, 0x20,
0xb0, 0xa8, 0x90, 0x10, 0x17, 0x4b, 0x6e, 0x7e, 0x4a, 0xaa, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x67,
0x10, 0x98, 0x2d, 0x24, 0xc3, 0xc5, 0x59, 0x94, 0x5f, 0x5a, 0x92, 0x1a, 0x9c, 0x99, 0x9e, 0x27,
0xc1, 0xac, 0xc0, 0xac, 0xc1, 0x19, 0x84, 0x10, 0x10, 0x52, 0xe0, 0xe2, 0x06, 0x73, 0x7c, 0x53,
0x4b, 0x32, 0xf2, 0x53, 0x24, 0x58, 0xc0, 0x1a, 0x91, 0x85, 0x84, 0xd4, 0xb8, 0xf8, 0x90, 0xb8,
0x8e, 0x45, 0xe9, 0x12, 0xac, 0x60, 0x43, 0xd0, 0x44, 0x85, 0x24, 0xb8, 0xd8, 0x3d, 0x8b, 0xc3,
0x12, 0x73, 0x32, 0x53, 0x24, 0xd8, 0x14, 0x18, 0x35, 0x38, 0x82, 0x60, 0x5c, 0x27, 0x89, 0x13,
0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86,
0x0b, 0x8f, 0xe5, 0x18, 0x6e, 0x3c, 0x96, 0x63, 0x48, 0x62, 0x03, 0x7b, 0xcf, 0x18, 0x10, 0x00,
0x00, 0xff, 0xff, 0x30, 0xe4, 0x04, 0x14, 0xfd, 0x00, 0x00, 0x00,
0x12, 0x73, 0x32, 0x53, 0x24, 0xd8, 0x14, 0x18, 0x35, 0x38, 0x82, 0x60, 0x5c, 0x21, 0x11, 0x2e,
0xd6, 0xe4, 0xfc, 0xd2, 0xbc, 0x12, 0x09, 0x76, 0x05, 0x46, 0x0d, 0xd6, 0x20, 0x08, 0xc7, 0x49,
0xe2, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf0, 0x58,
0x8e, 0xe1, 0xc2, 0x63, 0x39, 0x86, 0x1b, 0x8f, 0xe5, 0x18, 0x92, 0xd8, 0xc0, 0x9e, 0x36, 0x06,
0x04, 0x00, 0x00, 0xff, 0xff, 0x3b, 0xda, 0x87, 0xb3, 0x13, 0x01, 0x00, 0x00,
}
func (m *IBTPX) Marshal() (dAtA []byte, err error) {
......@@ -161,6 +171,11 @@ func (m *IBTPX) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i
var l int
_ = l
if m.Count != 0 {
i = encodeVarintIbtpx(dAtA, i, uint64(m.Count))
i--
dAtA[i] = 0x38
}
if m.IsValid {
i--
if m.IsValid {
......@@ -263,6 +278,9 @@ func (m *IBTPX) Size() (n int) {
if m.IsValid {
n += 2
}
if m.Count != 0 {
n += 1 + sovIbtpx(uint64(m.Count))
}
return n
}
......@@ -487,6 +505,25 @@ func (m *IBTPX) Unmarshal(dAtA []byte) error {
}
}
m.IsValid = bool(v != 0)
case 7:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Count", wireType)
}
m.Count = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowIbtpx
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Count |= int32(b&0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipIbtpx(dAtA[iNdEx:])
......
......@@ -8,12 +8,13 @@ import "ibtp.proto";
message IBTPX {
IBTP ibtp = 1;
// route mode
string mode = 2; // dirct、relay
repeated string routeSign =
3; //路由节点签名路径,主要是对data hash签名,主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法,聚合签名。
string mode = 2; // dirct、relay
// 路由节点签名路径,主要是对data hash签名,主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法,聚合签名。
repeated string routeSign = 3;
string routeMethod = 4; // single、multicast、broadcast、
repeated string routeMethodArg = 5; //路由节点,默认第一个节点。或者转发消息。
bool IsValid = 6;
int32 count = 7;
}
// 若目的地址to不在路由表中,则使用如下规则,即routeRule如下值时。
// method:single、multicast、broadcast、随机选择、最快速度、官方节点、开源节点、nat节点。
......
......@@ -2,14 +2,73 @@ package bls
import (
"github.com/herumi/bls-eth-go-binary/bls"
"github.com/meshplus/bitxhub-kit/crypto"
"github.com/meshplus/bitxhub-kit/types"
)
type Sign = bls.Sign
type Sign bls.Sign
type SecretKey = bls.SecretKey
var BLS_ETH crypto.KeyType = 9
type PublicKey = bls.PublicKey
func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error){
var sec bls.SecretKey
sec.SetByCSPRNG()
return &PrivateKey{
curve: BLS_ETH,
SecretKey: &sec,
},nil
}
type PublicKeys = bls.PublicKeys
type PrivateKey struct {
curve crypto.KeyType
*bls.SecretKey
}
type ID = bls.ID
func (p *PrivateKey) Bytes() ([]byte, error) {
return p.Serialize(), nil
}
func (p *PrivateKey) Type() crypto.KeyType {
return p.curve
}
func (p *PrivateKey) Sign(digest []byte) ([]byte, error) {
panic("implement me")
}
func (p *PrivateKey) PublicKey() crypto.PublicKey {
return &PublicKey{
curve: p.curve,
PublicKey: p.GetPublicKey(),
}
}
type PublicKey struct {
curve crypto.KeyType
*bls.PublicKey
}
func (p *PublicKey) Bytes() ([]byte, error) {
return p.Serialize(), nil
}
func (p *PublicKey) Type() crypto.KeyType {
return p.curve
}
func (p *PublicKey) Address() (*types.Address, error) {
panic("implement me")
}
func (p *PublicKey) Verify(digest []byte, sig []byte) (bool, error) {
var sign bls.Sign
err := sign.DeserializeHexStr(string(sig))
if err != nil {
return false, err
}
return sign.VerifyHash(p.PublicKey, digest), nil
}
func IsSign(aggSign *bls.Sign, aggDataSign *bls.Sign, selfKey *bls.PublicKey) bool {
return bls.VerifyPairing(aggSign, aggDataSign, selfKey)
}
package bls
import (
"crypto/ed25519"
"crypto/sha256"
"crypto/sha512"
"encoding/hex"
"fmt"
"testing"
"unsafe"
"github.com/herumi/bls-eth-go-binary/bls"
"github.com/stretchr/testify/assert"
)
func TestGetSafePublicKey(t *testing.T) {
......@@ -12,7 +18,7 @@ func TestGetSafePublicKey(t *testing.T) {
t.Fatalf("Init")
}
var sec SecretKey
var sec bls.SecretKey
pub, err := sec.GetSafePublicKey()
if pub != nil || err == nil {
t.Fatalf("sec must be zero")
......@@ -32,11 +38,11 @@ func TestEthDraft07(t *testing.T) {
}
func ethSignOneTest(t *testing.T, secHex string, msgHex string, sigHex string) {
var sec SecretKey
var sec bls.SecretKey
if sec.DeserializeHexStr(secHex) != nil {
t.Fatalf("bad sec")
}
var sig Sign
var sig bls.Sign
if sig.DeserializeHexStr(sigHex) != nil {
t.Logf("bad sig %v\n", sigHex)
return
......@@ -66,7 +72,7 @@ func blsAggregateVerifyNoCheckTestOne(t *testing.T, n int) {
if !bls.AreAllMsgDifferent(msgs) {
t.Fatalf("bad msgs")
}
var aggSig Sign
var aggSig bls.Sign
aggSig.Aggregate(sigs)
if !aggSig.AggregateVerifyNoCheck(pubs, msgs) {
t.Fatalf("bad AggregateVerifyNoCheck 1")
......@@ -77,13 +83,13 @@ func blsAggregateVerifyNoCheckTestOne(t *testing.T, n int) {
}
}
func makeMultiSig(n int) (pubs []PublicKey, sigs []Sign, msgs []byte) {
func makeMultiSig(n int) (pubs []bls.PublicKey, sigs []bls.Sign, msgs []byte) {
msgSize := 32
pubs = make([]PublicKey, n)
sigs = make([]Sign, n)
pubs = make([]bls.PublicKey, n)
sigs = make([]bls.Sign, n)
msgs = make([]byte, n*msgSize)
for i := 0; i < n; i++ {
var sec SecretKey
var sec bls.SecretKey
sec.SetByCSPRNG()
pubs[i] = *sec.GetPublicKey()
msgs[msgSize*i] = byte(i)
......@@ -91,3 +97,292 @@ func makeMultiSig(n int) (pubs []PublicKey, sigs []Sign, msgs []byte) {
}
return pubs, sigs, msgs
}
func TestMultiVerify(t *testing.T) {
pubs, sigs, msgs := makeMultiSig(5)
t.Log(msgs)
for _, pub := range pubs {
t.Log(pub.SerializeToHexStr())
}
for _, sig := range sigs {
t.Log(sig.SerializeToHexStr())
}
assert.True(t, bls.MultiVerify(sigs, pubs, msgs))
}
func TestBlsAggregateVerify(t *testing.T) {
m := "test"
var sec bls.SecretKey
sec.SetByCSPRNG()
t.Log(sec.GetPop().SerializeToHexStr())
pub := sec.GetPublicKey()
sign := sec.Sign(m)
t.Log(sec.SerializeToHexStr())
t.Log(pub.SerializeToHexStr())
t.Log(sign.SerializeToHexStr())
assert.True(t, sign.Verify(pub, m))
t.Log(sec.GetPop().SerializeToHexStr())
var sec1 bls.SecretKey
sec1.SetByCSPRNG()
pub1 := sec1.GetPublicKey()
sign1 := sec1.Sign(m)
t.Log(sec1.SerializeToHexStr())
t.Log(pub1.SerializeToHexStr())
t.Log(sign1.SerializeToHexStr())
assert.True(t, sign1.Verify(pub1, m))
sign.Add(sign1)
pub.Add(pub1)
t.Log(pub.SerializeToHexStr())
t.Log(sign.SerializeToHexStr())
pub.Add(pub1)
t.Log(pub.SerializeToHexStr())
sign.Add(sign1)
t.Log(sign.SerializeToHexStr())
var sec3 bls.SecretKey
sec3.SetByCSPRNG()
pub3 := sec3.GetPublicKey()
sign3 := sec3.GetPop()
t.Log(sign.VerifyPop(pub))
t.Log(sign.VerifyPop(pub1))
t.Log(sign.VerifyPop(pub3))
t.Log(sign1.VerifyPop(pub1))
t.Log(sign3.VerifyPop(pub3))
assert.True(t, sign.Verify(pub, m))
//assert.True(t, sign.VerifyPop(pub1))
t.Log(sec.GetPop().SerializeToHexStr())
t.Log(sec.GetPop().SerializeToHexStr())
assert.False(t, sec.GetPop().VerifyPop(pub1))
assert.False(t, sec.GetPop().VerifyPop(pub))
//assert.True(t,sec.GetPop().VerifyPop(pub))
assert.True(t, sec1.GetPop().VerifyPop(pub1)) //Verify self public key
assert.False(t, sign.Verify(pub1, m))
assert.False(t, sign.Verify(sec.GetPublicKey(), m))
t.Log("=========: ", sign1.VerifyPop(pub1))
t.Log(bls.HashAndMapToSignature([]byte(m)).SerializeToHexStr())
t.Log(bls.HashAndMapToSignature([]byte(m)).SerializeToHexStr())
pub33 := bls.DHKeyExchange(&sec3, pub3)
t.Log(pub33.SerializeToHexStr())
t.Log(pub3.SerializeToHexStr())
assert.False(t, pub33.IsEqual(pub3))
}
func TestDHKeyExchange(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
var sec1 bls.SecretKey
sec1.SetByCSPRNG()
pub1 := sec1.GetPublicKey()
out := bls.DHKeyExchange(&sec1, pub)
out1 := bls.DHKeyExchange(&sec, pub1)
assert.True(t, out1.IsEqual(&out))
}
func TestRead(t *testing.T) {
pk := ed25519.NewKeyFromSeed([]byte("test1231231321122222222221212121"))
t.Log(string(pk.Seed()))
t.Log(string(pk))
}
func TestPop(t *testing.T) {
t.Log("testPop")
var sec bls.SecretKey
sec.SetByCSPRNG()
pop := sec.GetPop()
if !pop.VerifyPop(sec.GetPublicKey()) {
t.Errorf("Valid Pop does not verify")
}
sec.SetByCSPRNG()
if pop.VerifyPop(sec.GetPublicKey()) {
t.Errorf("Invalid Pop verifies")
}
}
func TestPairing(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
m := "abc"
sig1 := sec.Sign(m)
sig2 := bls.HashAndMapToSignature([]byte(m))
if !bls.VerifyPairing(sig1, sig2, pub) {
t.Errorf("VerifyPairing")
}
}
func TestAggregate(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
msgTbl := []string{"abc", "def", "123"}
n := len(msgTbl)
sigVec := make([]*bls.Sign, n)
for i := 0; i < n; i++ {
m := msgTbl[i]
sigVec[i] = sec.Sign(m)
}
aggSign := sigVec[0]
for i := 1; i < n; i++ {
aggSign.Add(sigVec[i])
}
hashPt := bls.HashAndMapToSignature([]byte(msgTbl[0]))
for i := 1; i < n; i++ {
hashPt.Add(bls.HashAndMapToSignature([]byte(msgTbl[i])))
}
if !bls.VerifyPairing(aggSign, hashPt, pub) {
t.Errorf("aggregate2")
}
}
func TestIsSign(t *testing.T) {
m := "test"
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
sign := sec.Sign(m)
var sec1 bls.SecretKey
sec1.SetByCSPRNG()
//pub1 := sec1.GetPublicKey()
sign1 := sec.Sign(m)
sign.Add(sign1)
hashPt := bls.HashAndMapToSignature([]byte(m))
hashPt.Add(bls.HashAndMapToSignature([]byte(m)))
assert.True(t, IsSign(sign, hashPt, pub))
}
func TestAggregateHashes(t *testing.T) {
n := 1000
pubVec := make([]bls.PublicKey, n)
sigVec := make([]*bls.Sign, n)
h := make([][]byte, n)
for i := 0; i < n; i++ {
sec := new(bls.SecretKey)
sec.SetByCSPRNG()
pubVec[i] = *sec.GetPublicKey()
m := fmt.Sprintf("abc-%d", i)
h[i] = Hash([]byte(m))
sigVec[i] = sec.SignHash(h[i])
}
// aggregate sig
sig := sigVec[0]
for i := 1; i < n; i++ {
sig.Add(sigVec[i])
}
if !sig.VerifyAggregateHashes(pubVec, h) {
t.Errorf("sig.VerifyAggregateHashes")
}
}
func Hash(buf []byte) []byte {
if bls.GetOpUnitSize() == 4 {
d := sha256.Sum256([]byte(buf))
return d[:]
}
// use SHA512 if bitSize > 256
d := sha512.Sum512([]byte(buf))
return d[:]
}
func TestHash(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
m := "abc"
h := Hash([]byte(m))
sig1 := sec.Sign(m)
sig2 := sec.SignHash(h)
t.Log(sig1.SerializeToHexStr())
t.Log(sig2.SerializeToHexStr())
//TODO fix bug?
if sig1.IsEqual(sig2) {
t.Errorf("SignHash")
}
if !sig1.Verify(pub, m) {
t.Errorf("sig1.Verify")
}
if !sig2.VerifyHash(pub, h) {
t.Errorf("sig2.VerifyHash")
}
}
func TestCast(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
{
x := *bls.CastFromSecretKey(&sec)
sec2 := *bls.CastToSecretKey(&x)
if !sec.IsEqual(&sec2) {
t.Error("sec is not equal")
}
}
var pub bls.Sign
var g2 bls.G2
if unsafe.Sizeof(pub) != unsafe.Sizeof(g2) {
return
}
pub = *sec.GetPop()
g2 = *bls.CastFromSign(&pub)
bls.G2Add(&g2, &g2, &g2)
pub.Add(&pub)
if !pub.IsEqual(bls.CastToSign(&g2)) {
t.Error("pub not equal")
}
sig := sec.Sign("abc")
g2 = *bls.CastFromSign(sig)
bls.G2Add(&g2, &g2, &g2)
sig.Add(sig)
if !sig.IsEqual(bls.CastToSign(&g2)) {
t.Error("sig not equal")
}
}
func TestZero(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
sig := sec.Sign("abc")
if sec.IsZero() {
t.Fatal("sec is zero")
}
if pub.IsZero() {
t.Fatal("pub is zero")
}
if sig.IsZero() {
t.Fatal("sig is zero")
}
sec.SetDecString("0")
pub = sec.GetPublicKey()
sig = sec.Sign("abc")
if !sec.IsZero() {
t.Fatal("sec is not zero")
}
if !pub.IsZero() {
t.Fatal("pub is not zero")
}
if !sig.IsZero() {
t.Fatal("sig is not zero")
}
}
package crypto
// PrivateKey represents a private key that can be used to
// generate a public key and sign data
type PrivateKey interface {
// Sign signs digest using key k.
Sign(digest []byte) ([]byte, error)
// Return a public key paired with this private key
PublicKey() PublicKey
}
// PublicKey is a public key that can be used to verify data
// signed with the corresponding private key
type PublicKey interface {
// Verify that 'sig' is the signed hash of 'data'
Verify(digest []byte, sig []byte) (bool, error)
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment