Skip to content

S
sidecar
Commit 9a81dd1d authored by suyanlong's avatar suyanlong
Browse files
Options

Fixed route verify sign bug

parent 75766a0f
Pipeline #8244 failed with stages
      Hide whitespace changes
      Inline Side-by-side
      Showing with 209 additions and 18 deletions
      internal/router/router.go
      View file @ 9a81dd1d
      ......@@ -5,6 +5,7 @@ import (
      "errors"
      "strings"
      blseth "github.com/herumi/bls-eth-go-binary/bls"
      "github.com/meshplus/bitxhub-kit/crypto"
      "github.com/sirupsen/logrus"
      ......@@ -12,6 +13,7 @@ import (
      "gitlab.33.cn/link33/sidecar/internal/port"
      "gitlab.33.cn/link33/sidecar/internal/repo"
      "gitlab.33.cn/link33/sidecar/model/pb"
      "gitlab.33.cn/link33/sidecar/pkg/crypto/bls"
      )
      type router struct {
      ......@@ -235,24 +237,78 @@ func (r *router) getHub() (port.Port, bool) {
      }
      func (r *router) isSign(ibtpx *pb.IBTPX) bool {
      return ibtpx.Verify(r.privateKey.PublicKey().Verify)
      return r.verify(ibtpx)
      }
      func (r *router) sign(ibtpx *pb.IBTPX) error {
      hash := ibtpx.Hash()
      sign, err := r.privateKey.Sign(hash.Bytes())
      if err != nil {
      return err
      p, ok := r.privateKey.(*bls.PrivateKey)
      if ok {
      sign := p.SignByte(ibtpx.FrontPart())
      if len(ibtpx.RouteSign) > 0 && ibtpx.RouteSign[0] != "" {
      var aggSign = bls.Sign{}
      if err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0]); err != nil {
      return err
      }
      aggSign.Add(sign)
      ibtpx.RouteSign[0] = aggSign.SerializeToHexStr()
      } else {
      if ibtpx.RouteSign == nil {
      ibtpx.RouteSign = make([]string, 1)
      }
      ibtpx.RouteSign[0] = sign.SerializeToHexStr()
      }
      //TODO append publicKey
      ibtpx.RouteSign = append(ibtpx.RouteSign, p.GetPublicKey().SerializeToHexStr())
      } else {
      hash := ibtpx.Hash()
      sign, err := r.privateKey.Sign(hash.Bytes())
      if err != nil {
      return err
      }
      ibtpx.RouteSign = append(ibtpx.RouteSign, string(sign))
      }
      ibtpx.RouteSign = append(ibtpx.RouteSign, string(sign))
      return nil
      }
      // hub endorse
      func (r *router) isEndorse(ibtpx *pb.IBTPX) bool {
      return r.verify(ibtpx)
      }
      func (r *router) verify(ibtpx *pb.IBTPX) bool {
      if p, ok := r.privateKey.(*bls.PrivateKey); ok {
      pkStr := p.GetPublicKey().SerializeToHexStr()
      if len(ibtpx.RouteSign) > 0 {
      for _, val := range ibtpx.RouteSign[1:] {
      if val == pkStr {
      return true
      }
      }
      }
      return false
      }
      return ibtpx.Verify(r.hubPublicKey.Verify)
      }
      func (r *router) aggVerify(ibtpx *pb.IBTPX) bool {
      aggSign := &bls.Sign{}
      if len(ibtpx.RouteSign) > 0 {
      err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0])
      if err != nil {
      return false
      }
      pks := &blseth.PublicKey{}
      for _, val := range ibtpx.RouteSign[1:] {
      var pub = &blseth.PublicKey{}
      _ = pub.DeserializeHexStr(val)
      pks.Add(pub)
      }
      return aggSign.VerifyByte(pks, ibtpx.FrontPart())
      } else {
      return false
      }
      }
      func (r *router) HandlerMethod() {}
      func (r *router) Single(ids []string) []port.Port {
      ......
      model/pb/ibtpx.go
      View file @ 9a81dd1d
      ......@@ -16,11 +16,11 @@ func IBTPKey(id string) []byte {
      }
      func (m *IBTPX) Hash() *types.Hash {
      data := m.frontPart()
      data := m.FrontPart()
      return m.digest(data, m.RouteSign)
      }
      func (m *IBTPX) frontPart() []byte {
      func (m *IBTPX) FrontPart() []byte {
      var data []byte
      hash := m.Ibtp.Hash()
      data = append(data, hash.Bytes()...)
      ......@@ -45,7 +45,7 @@ func (m *IBTPX) Verify(verify func(digest []byte, sig []byte) (bool, error)) boo
      }
      func (m *IBTPX) recursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
      part := m.frontPart()
      part := m.FrontPart()
      for i, currentSig := range m.RouteSign {
      var d, dig []byte
      copy(d, part)
      ......
      model/pb/ibtpx_test.go 0 → 100644
      View file @ 9a81dd1d
      package pb
      import (
      "testing"
      blseth "github.com/herumi/bls-eth-go-binary/bls"
      "github.com/stretchr/testify/assert"
      "gitlab.33.cn/link33/sidecar/pkg/crypto/bls"
      )
      func TestSign(t *testing.T) {
      assert.Nil(t, blseth.Init(blseth.BLS12_381), "bls init")
      ibtpx := &IBTPX{
      Ibtp: &IBTP{
      From: "",
      To: "",
      Nonce: 100,
      Type: 0,
      Timestamp: 0,
      Proof: nil,
      Payload: nil,
      Group: nil,
      Version: "",
      Extra: []byte("TestSign"),
      },
      Mode: "direct",
      RouteSign: nil,
      RouteMethod: "single",
      RouteMethodArg: nil,
      IsValid: false,
      Count: 0,
      }
      assert.NotNil(t, ibtpx)
      pk, err := bls.GenerateKeyPair(bls.BlsEth)
      assert.Nil(t, err)
      assert.NotNil(t, pk)
      p, ok := pk.(*bls.PrivateKey)
      assert.True(t, ok, "privateKey error")
      assert.NotNil(t, p)
      assert.False(t, testVerify(p, ibtpx))
      assert.Nil(t, testSign(p, ibtpx))
      assert.True(t, testVerify(p, ibtpx))
      t.Log(ibtpx.RouteSign[0])
      //create other private key
      otherPrivateKey, err := bls.GenerateKeyPair(bls.BlsEth)
      assert.Nil(t, err)
      assert.NotNil(t, otherPrivateKey)
      op, ok := otherPrivateKey.(*bls.PrivateKey)
      assert.True(t, ok, "other privateKey error")
      assert.NotNil(t, op)
      assert.False(t, testVerify(op, ibtpx))
      assert.Nil(t, testSign(op, ibtpx))
      t.Log(ibtpx.RouteSign[0])
      assert.True(t, testVerify(op, ibtpx))
      assert.True(t, testAggVerify(ibtpx))
      ibtpx.RouteSign[1], ibtpx.RouteSign[2] = ibtpx.RouteSign[2], ibtpx.RouteSign[1]
      assert.True(t, testAggVerify(ibtpx))
      ibtpx.RouteSign[1] = "test"
      assert.False(t, testAggVerify(ibtpx))
      }
      func testSign(p *bls.PrivateKey, ibtpx *IBTPX) error {
      sign := p.SignByte(ibtpx.FrontPart())
      if len(ibtpx.RouteSign) > 0 && ibtpx.RouteSign[0] != "" {
      var aggSign = bls.Sign{}
      if err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0]); err != nil {
      return err
      }
      aggSign.Add(sign)
      ibtpx.RouteSign[0] = aggSign.SerializeToHexStr()
      } else {
      if ibtpx.RouteSign == nil {
      ibtpx.RouteSign = make([]string, 1)
      }
      ibtpx.RouteSign[0] = sign.SerializeToHexStr()
      }
      //TODO append publicKey
      ibtpx.RouteSign = append(ibtpx.RouteSign, p.GetPublicKey().SerializeToHexStr())
      return nil
      }
      func testVerify(p *bls.PrivateKey, ibtpx *IBTPX) bool {
      pkStr := p.GetPublicKey().SerializeToHexStr()
      if len(ibtpx.RouteSign) > 0 {
      for _, val := range ibtpx.RouteSign[1:] {
      if val == pkStr {
      return true
      }
      }
      }
      return false
      }
      func testAggVerify(ibtpx *IBTPX) bool {
      aggSign := &bls.Sign{}
      if len(ibtpx.RouteSign) > 0 {
      err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0])
      if err != nil {
      return false
      }
      pks := &blseth.PublicKey{}
      for _, val := range ibtpx.RouteSign[1:] {
      var pub = &blseth.PublicKey{}
      _ = pub.DeserializeHexStr(val)
      pks.Add(pub)
      }
      return aggSign.VerifyByte(pks, ibtpx.FrontPart())
      } else {
      return false
      }
      }
      //1、签名是我签的,防伪证明。
      //2、所有的各个不同人的签名又能聚合在一起。压缩签名。(线性压缩)
      //3、通过聚合签名(压缩签名),也能验证是我签过名。
      //4、签名身份被替换。无法做到抵赖(修改签名本身)。
      //5、私自追加签名。无法被感知(串改)。
      //6、选择最少的那个。
      //解决以上问题,就可以了。
      //简单经济模型:
      //1、发送者提供资金(起始点);
      //2、路由者获得奖励(中间点);
      //3、接收者作为结速点(中间点);
      //4、中继链裁决方分配(裁决)。
      //裁决方案:奖励金额最大、路由节点最少、速度最快方案裁决。
      pkg/crypto/bls/bls.go
      View file @ 9a81dd1d
      ......@@ -6,17 +6,19 @@ import (
      "github.com/meshplus/bitxhub-kit/types"
      )
      type Sign bls.Sign
      type Sign = bls.Sign
      var BLS_ETH crypto.KeyType = 9
      var HashAndMapToSignature = bls.HashAndMapToSignature
      func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error){
      const BlsEth crypto.KeyType = 9
      func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error) {
      var sec bls.SecretKey
      sec.SetByCSPRNG()
      return &PrivateKey{
      curve: BLS_ETH,
      curve: BlsEth,
      SecretKey: &sec,
      },nil
      }, nil
      }
      type PrivateKey struct {
      ......@@ -33,7 +35,7 @@ func (p *PrivateKey) Type() crypto.KeyType {
      }
      func (p *PrivateKey) Sign(digest []byte) ([]byte, error) {
      panic("implement me")
      return []byte(p.SecretKey.SignHash(digest).SerializeToHexStr()), nil
      }
      func (p *PrivateKey) PublicKey() crypto.PublicKey {
      ......
      pkg/crypto/bls/bls_test.go
      View file @ 9a81dd1d
      ......@@ -259,18 +259,19 @@ func TestIsSign(t *testing.T) {
      var sec bls.SecretKey
      sec.SetByCSPRNG()
      pub := sec.GetPublicKey()
      sign := sec.Sign(m)
      sign := sec.SignByte([]byte(m))
      var sec1 bls.SecretKey
      sec1.SetByCSPRNG()
      //pub1 := sec1.GetPublicKey()
      sign1 := sec.Sign(m)
      pub1 := sec1.GetPublicKey()
      sign1 := sec.SignByte([]byte(m))
      sign.Add(sign1)
      hashPt := bls.HashAndMapToSignature([]byte(m))
      hashPt.Add(bls.HashAndMapToSignature([]byte(m)))
      assert.True(t, IsSign(sign, hashPt, pub))
      assert.False(t, IsSign(sign, hashPt, pub1))
      }
      func TestAggregateHashes(t *testing.T) {
      ......
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment