Commit 9a81dd1d authored by suyanlong's avatar suyanlong

Fixed route verify sign bug

parent 75766a0f
Pipeline #8244 failed with stages
......@@ -5,6 +5,7 @@ import (
"errors"
"strings"
blseth "github.com/herumi/bls-eth-go-binary/bls"
"github.com/meshplus/bitxhub-kit/crypto"
"github.com/sirupsen/logrus"
......@@ -12,6 +13,7 @@ import (
"gitlab.33.cn/link33/sidecar/internal/port"
"gitlab.33.cn/link33/sidecar/internal/repo"
"gitlab.33.cn/link33/sidecar/model/pb"
"gitlab.33.cn/link33/sidecar/pkg/crypto/bls"
)
type router struct {
......@@ -235,24 +237,78 @@ func (r *router) getHub() (port.Port, bool) {
}
func (r *router) isSign(ibtpx *pb.IBTPX) bool {
return ibtpx.Verify(r.privateKey.PublicKey().Verify)
return r.verify(ibtpx)
}
func (r *router) sign(ibtpx *pb.IBTPX) error {
p, ok := r.privateKey.(*bls.PrivateKey)
if ok {
sign := p.SignByte(ibtpx.FrontPart())
if len(ibtpx.RouteSign) > 0 && ibtpx.RouteSign[0] != "" {
var aggSign = bls.Sign{}
if err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0]); err != nil {
return err
}
aggSign.Add(sign)
ibtpx.RouteSign[0] = aggSign.SerializeToHexStr()
} else {
if ibtpx.RouteSign == nil {
ibtpx.RouteSign = make([]string, 1)
}
ibtpx.RouteSign[0] = sign.SerializeToHexStr()
}
//TODO append publicKey
ibtpx.RouteSign = append(ibtpx.RouteSign, p.GetPublicKey().SerializeToHexStr())
} else {
hash := ibtpx.Hash()
sign, err := r.privateKey.Sign(hash.Bytes())
if err != nil {
return err
}
ibtpx.RouteSign = append(ibtpx.RouteSign, string(sign))
}
return nil
}
// hub endorse
func (r *router) isEndorse(ibtpx *pb.IBTPX) bool {
return r.verify(ibtpx)
}
func (r *router) verify(ibtpx *pb.IBTPX) bool {
if p, ok := r.privateKey.(*bls.PrivateKey); ok {
pkStr := p.GetPublicKey().SerializeToHexStr()
if len(ibtpx.RouteSign) > 0 {
for _, val := range ibtpx.RouteSign[1:] {
if val == pkStr {
return true
}
}
}
return false
}
return ibtpx.Verify(r.hubPublicKey.Verify)
}
func (r *router) aggVerify(ibtpx *pb.IBTPX) bool {
aggSign := &bls.Sign{}
if len(ibtpx.RouteSign) > 0 {
err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0])
if err != nil {
return false
}
pks := &blseth.PublicKey{}
for _, val := range ibtpx.RouteSign[1:] {
var pub = &blseth.PublicKey{}
_ = pub.DeserializeHexStr(val)
pks.Add(pub)
}
return aggSign.VerifyByte(pks, ibtpx.FrontPart())
} else {
return false
}
}
func (r *router) HandlerMethod() {}
func (r *router) Single(ids []string) []port.Port {
......
......@@ -16,11 +16,11 @@ func IBTPKey(id string) []byte {
}
func (m *IBTPX) Hash() *types.Hash {
data := m.frontPart()
data := m.FrontPart()
return m.digest(data, m.RouteSign)
}
func (m *IBTPX) frontPart() []byte {
func (m *IBTPX) FrontPart() []byte {
var data []byte
hash := m.Ibtp.Hash()
data = append(data, hash.Bytes()...)
......@@ -45,7 +45,7 @@ func (m *IBTPX) Verify(verify func(digest []byte, sig []byte) (bool, error)) boo
}
func (m *IBTPX) recursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
part := m.frontPart()
part := m.FrontPart()
for i, currentSig := range m.RouteSign {
var d, dig []byte
copy(d, part)
......
package pb
import (
"testing"
blseth "github.com/herumi/bls-eth-go-binary/bls"
"github.com/stretchr/testify/assert"
"gitlab.33.cn/link33/sidecar/pkg/crypto/bls"
)
func TestSign(t *testing.T) {
assert.Nil(t, blseth.Init(blseth.BLS12_381), "bls init")
ibtpx := &IBTPX{
Ibtp: &IBTP{
From: "",
To: "",
Nonce: 100,
Type: 0,
Timestamp: 0,
Proof: nil,
Payload: nil,
Group: nil,
Version: "",
Extra: []byte("TestSign"),
},
Mode: "direct",
RouteSign: nil,
RouteMethod: "single",
RouteMethodArg: nil,
IsValid: false,
Count: 0,
}
assert.NotNil(t, ibtpx)
pk, err := bls.GenerateKeyPair(bls.BlsEth)
assert.Nil(t, err)
assert.NotNil(t, pk)
p, ok := pk.(*bls.PrivateKey)
assert.True(t, ok, "privateKey error")
assert.NotNil(t, p)
assert.False(t, testVerify(p, ibtpx))
assert.Nil(t, testSign(p, ibtpx))
assert.True(t, testVerify(p, ibtpx))
t.Log(ibtpx.RouteSign[0])
//create other private key
otherPrivateKey, err := bls.GenerateKeyPair(bls.BlsEth)
assert.Nil(t, err)
assert.NotNil(t, otherPrivateKey)
op, ok := otherPrivateKey.(*bls.PrivateKey)
assert.True(t, ok, "other privateKey error")
assert.NotNil(t, op)
assert.False(t, testVerify(op, ibtpx))
assert.Nil(t, testSign(op, ibtpx))
t.Log(ibtpx.RouteSign[0])
assert.True(t, testVerify(op, ibtpx))
assert.True(t, testAggVerify(ibtpx))
ibtpx.RouteSign[1], ibtpx.RouteSign[2] = ibtpx.RouteSign[2], ibtpx.RouteSign[1]
assert.True(t, testAggVerify(ibtpx))
ibtpx.RouteSign[1] = "test"
assert.False(t, testAggVerify(ibtpx))
}
func testSign(p *bls.PrivateKey, ibtpx *IBTPX) error {
sign := p.SignByte(ibtpx.FrontPart())
if len(ibtpx.RouteSign) > 0 && ibtpx.RouteSign[0] != "" {
var aggSign = bls.Sign{}
if err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0]); err != nil {
return err
}
aggSign.Add(sign)
ibtpx.RouteSign[0] = aggSign.SerializeToHexStr()
} else {
if ibtpx.RouteSign == nil {
ibtpx.RouteSign = make([]string, 1)
}
ibtpx.RouteSign[0] = sign.SerializeToHexStr()
}
//TODO append publicKey
ibtpx.RouteSign = append(ibtpx.RouteSign, p.GetPublicKey().SerializeToHexStr())
return nil
}
func testVerify(p *bls.PrivateKey, ibtpx *IBTPX) bool {
pkStr := p.GetPublicKey().SerializeToHexStr()
if len(ibtpx.RouteSign) > 0 {
for _, val := range ibtpx.RouteSign[1:] {
if val == pkStr {
return true
}
}
}
return false
}
func testAggVerify(ibtpx *IBTPX) bool {
aggSign := &bls.Sign{}
if len(ibtpx.RouteSign) > 0 {
err := aggSign.DeserializeHexStr(ibtpx.RouteSign[0])
if err != nil {
return false
}
pks := &blseth.PublicKey{}
for _, val := range ibtpx.RouteSign[1:] {
var pub = &blseth.PublicKey{}
_ = pub.DeserializeHexStr(val)
pks.Add(pub)
}
return aggSign.VerifyByte(pks, ibtpx.FrontPart())
} else {
return false
}
}
//1、签名是我签的,防伪证明。
//2、所有的各个不同人的签名又能聚合在一起。压缩签名。(线性压缩)
//3、通过聚合签名(压缩签名),也能验证是我签过名。
//4、签名身份被替换。无法做到抵赖(修改签名本身)。
//5、私自追加签名。无法被感知(串改)。
//6、选择最少的那个。
//解决以上问题,就可以了。
//简单经济模型:
//1、发送者提供资金(起始点);
//2、路由者获得奖励(中间点);
//3、接收者作为结速点(中间点);
//4、中继链裁决方分配(裁决)。
//裁决方案:奖励金额最大、路由节点最少、速度最快方案裁决。
......@@ -6,17 +6,19 @@ import (
"github.com/meshplus/bitxhub-kit/types"
)
type Sign bls.Sign
type Sign = bls.Sign
var BLS_ETH crypto.KeyType = 9
var HashAndMapToSignature = bls.HashAndMapToSignature
func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error){
const BlsEth crypto.KeyType = 9
func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error) {
var sec bls.SecretKey
sec.SetByCSPRNG()
return &PrivateKey{
curve: BLS_ETH,
curve: BlsEth,
SecretKey: &sec,
},nil
}, nil
}
type PrivateKey struct {
......@@ -33,7 +35,7 @@ func (p *PrivateKey) Type() crypto.KeyType {
}
func (p *PrivateKey) Sign(digest []byte) ([]byte, error) {
panic("implement me")
return []byte(p.SecretKey.SignHash(digest).SerializeToHexStr()), nil
}
func (p *PrivateKey) PublicKey() crypto.PublicKey {
......
......@@ -259,18 +259,19 @@ func TestIsSign(t *testing.T) {
var sec bls.SecretKey
sec.SetByCSPRNG()
pub := sec.GetPublicKey()
sign := sec.Sign(m)
sign := sec.SignByte([]byte(m))
var sec1 bls.SecretKey
sec1.SetByCSPRNG()
//pub1 := sec1.GetPublicKey()
sign1 := sec.Sign(m)
pub1 := sec1.GetPublicKey()
sign1 := sec.SignByte([]byte(m))
sign.Add(sign1)
hashPt := bls.HashAndMapToSignature([]byte(m))
hashPt.Add(bls.HashAndMapToSignature([]byte(m)))
assert.True(t, IsSign(sign, hashPt, pub))
assert.False(t, IsSign(sign, hashPt, pub1))
}
func TestAggregateHashes(t *testing.T) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment