[INDY-1389] Support Proof of Possession for BLS keys #867
Conversation
INDY-1112: change primeries election procedure for backup instances. …
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
…nto task-1389-bls-proof
Changes: - added test_add_node_with_invalid_key_proof - added test_fail_node_bls_key_validation Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Toktar
changed the title
|
@mikelodder7 would you like to review usage BLS PoP from IndyCrypo in this PR? |
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
…om/Toktar/indy-plenum into task-1389-bls-proof
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
|
@mikelodder7 thank you for your review. No, we are not store the proof of possession and public, privat keys are storing like before. The proof of possession generates in every cases when it need. In the fact, it happens only with generating keys in sending transaction for creating new Node or change a current bls key. |
|
|
||
|
|
||
| @pytest.yield_fixture(scope="function", params=['48', '32', '31', '33']) | ||
| @pytest.yield_fixture(scope="function", params=['30', '32', '31', '22']) |
There was a problem hiding this comment.
Why did we change the params?
| assert sk != pk | ||
| assert bls_verifier.verify_key_proof_of_possession(key_proof, pk) |
There was a problem hiding this comment.
Please add more tests for verification of PoP. Please add tests for negative cases (where verification fails).
plenum/server/pool_req_handler.py
Outdated
| pass | ||
| blskey = request.operation.get(DATA).get(BLS_KEY, None) | ||
| blskey_proof = request.operation.get(DATA).get(BLS_KEY_PROOF, None) | ||
| if request.txn_type == NODE and blskey is not None and ( |
There was a problem hiding this comment.
Please split the condition into a more simple form:
if request.txn_type != NODE:
return
blskey = request.operation.get(DATA).get(BLS_KEY, None)
if blskey is None:
return
blskey_proof = request.operation.get(DATA).get(BLS_KEY_PROOF, None)
if blskey_proof is None:
raise InvalidClientRequest(request.identifier, request.reqId,
"A Proof of possession must be provided with BLS key)
if not self._verify_bls_key_proof_of_possession(blskey_proof,
blskey)):
raise InvalidClientRequest(request.identifier, request.reqId,
"Proof of possession {} is incorrect for BLS key {}".
format(blskey_proof, blskey))
| @@ -28,30 +28,30 @@ def bls_crypto_factory2(tdir_for_func): | |||
|
|
|||
|
|
|||
| def test_create_and_store_bls_keys(bls_crypto_factory): | |||
| pk = bls_crypto_factory.generate_and_store_bls_keys() | |||
| pk, key_proof = bls_crypto_factory.generate_and_store_bls_keys() | |||
| assert pk | |||
| assert isinstance(pk, str) | |||
There was a problem hiding this comment.
Please add assert for key_proof as well
| assert pk | ||
| assert isinstance(pk, str) | ||
|
|
||
|
|
||
| def test_create_bls_keys(bls_crypto_factory): | ||
| sk, pk = bls_crypto_factory.generate_bls_keys() | ||
| sk, pk, key_proof = bls_crypto_factory.generate_bls_keys() | ||
| assert pk | ||
| assert sk | ||
| assert isinstance(sk, str) |
There was a problem hiding this comment.
Please add assert for key_proof as well
| pk3 = bls_crypto_factory.generate_and_store_bls_keys() | ||
| pk1, key_proof1 = bls_crypto_factory.generate_and_store_bls_keys() | ||
| pk2, key_proof2 = bls_crypto_factory.generate_and_store_bls_keys() | ||
| pk3, key_proof3 = bls_crypto_factory.generate_and_store_bls_keys() | ||
| assert pk1 != pk2 != pk3 |
There was a problem hiding this comment.
Please add assert that proofs are different
| @@ -0,0 +1,53 @@ | |||
| import pytest | |||
There was a problem hiding this comment.
Please remove the space from file name
| super().__init__(ledger, state) | ||
| self.domainState = domainState | ||
| self.stateSerializer = pool_state_serializer | ||
| self.bls_crypto_verifier = bls_crypto_verifier | ||
|
|
||
| def doStaticValidation(self, request: Request): |
There was a problem hiding this comment.
Please add unit tests for this method
| assert "BLS key proof {} incorrect for key {}".format(key_proof, bls_key) \ | ||
| in e._excinfo[1].args[0] | ||
|
|
||
| return create_and_start_new_node(looper, new_node_name, tdir, sigseed, |
There was a problem hiding this comment.
Why do we need this line?
| @@ -21,13 +22,22 @@ class PoolRequestHandler(LedgerRequestHandler): | |||
| write_types = {NODE, } | |||
|
|
|||
There was a problem hiding this comment.
We also need checks that a Node can participate in BLS signing only if it has a valid PoP for its key.
We can not enable this right now, since nodes in live pools need to send PoP first.
| @@ -31,6 +31,8 @@ def test_create_and_store_bls_keys(bls_crypto_factory): | |||
| pk, key_proof = bls_crypto_factory.generate_and_store_bls_keys() | |||
| assert pk | |||
| assert isinstance(pk, str) | |||
| assert not bls_crypto_factory.bls_verifier\ | |||
There was a problem hiding this comment.
Why verify should return False here?
|
test this please |
Toktar
force-pushed
the
task-1389-bls-proof
branch
from
60bcf20
to
4c0d047
Compare
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Toktar
changed the title
Toktar
changed the title
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
|
test this please |
|
test this please |
Toktar
changed the title
No description provided.