-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[INDY-1389] Support Proof of Possession for BLS keys #867
Conversation
INDY-1112: change primeries election procedure for backup instances. …
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
…nto task-1389-bls-proof
Changes: - added test_add_node_with_invalid_key_proof - added test_fail_node_bls_key_validation Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
@mikelodder7 would you like to review usage BLS PoP from IndyCrypo in this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we storing an aggregated public key that includes the proof of possession?
Its hard to tell if that's the case with these changes.
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
…om/Toktar/indy-plenum into task-1389-bls-proof
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
@mikelodder7 thank you for your review. No, we are not store the proof of possession and public, privat keys are storing like before. The proof of possession generates in every cases when it need. In the fact, it happens only with generating keys in sending transaction for creating new Node or change a current bls key. |
|
||
|
||
@pytest.yield_fixture(scope="function", params=['48', '32', '31', '33']) | ||
@pytest.yield_fixture(scope="function", params=['30', '32', '31', '22']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did we change the params?
assert sk != pk | ||
assert bls_verifier.verify_key_proof_of_possession(key_proof, pk) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add more tests for verification of PoP. Please add tests for negative cases (where verification fails).
plenum/server/pool_req_handler.py
Outdated
pass | ||
blskey = request.operation.get(DATA).get(BLS_KEY, None) | ||
blskey_proof = request.operation.get(DATA).get(BLS_KEY_PROOF, None) | ||
if request.txn_type == NODE and blskey is not None and ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please split the condition into a more simple form:
if request.txn_type != NODE:
return
blskey = request.operation.get(DATA).get(BLS_KEY, None)
if blskey is None:
return
blskey_proof = request.operation.get(DATA).get(BLS_KEY_PROOF, None)
if blskey_proof is None:
raise InvalidClientRequest(request.identifier, request.reqId,
"A Proof of possession must be provided with BLS key)
if not self._verify_bls_key_proof_of_possession(blskey_proof,
blskey)):
raise InvalidClientRequest(request.identifier, request.reqId,
"Proof of possession {} is incorrect for BLS key {}".
format(blskey_proof, blskey))
@@ -28,30 +28,30 @@ def bls_crypto_factory2(tdir_for_func): | |||
|
|||
|
|||
def test_create_and_store_bls_keys(bls_crypto_factory): | |||
pk = bls_crypto_factory.generate_and_store_bls_keys() | |||
pk, key_proof = bls_crypto_factory.generate_and_store_bls_keys() | |||
assert pk | |||
assert isinstance(pk, str) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add assert for key_proof
as well
assert pk | ||
assert isinstance(pk, str) | ||
|
||
|
||
def test_create_bls_keys(bls_crypto_factory): | ||
sk, pk = bls_crypto_factory.generate_bls_keys() | ||
sk, pk, key_proof = bls_crypto_factory.generate_bls_keys() | ||
assert pk | ||
assert sk | ||
assert isinstance(sk, str) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add assert for key_proof
as well
pk3 = bls_crypto_factory.generate_and_store_bls_keys() | ||
pk1, key_proof1 = bls_crypto_factory.generate_and_store_bls_keys() | ||
pk2, key_proof2 = bls_crypto_factory.generate_and_store_bls_keys() | ||
pk3, key_proof3 = bls_crypto_factory.generate_and_store_bls_keys() | ||
assert pk1 != pk2 != pk3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add assert that proofs are different
@@ -0,0 +1,53 @@ | |||
import pytest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the space from file name
super().__init__(ledger, state) | ||
self.domainState = domainState | ||
self.stateSerializer = pool_state_serializer | ||
self.bls_crypto_verifier = bls_crypto_verifier | ||
|
||
def doStaticValidation(self, request: Request): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add unit tests for this method
assert "BLS key proof {} incorrect for key {}".format(key_proof, bls_key) \ | ||
in e._excinfo[1].args[0] | ||
|
||
return create_and_start_new_node(looper, new_node_name, tdir, sigseed, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this line?
@@ -21,13 +22,22 @@ class PoolRequestHandler(LedgerRequestHandler): | |||
write_types = {NODE, } | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also need checks that a Node can participate in BLS signing only if it has a valid PoP for its key.
We can not enable this right now, since nodes in live pools need to send PoP first.
@@ -31,6 +31,8 @@ def test_create_and_store_bls_keys(bls_crypto_factory): | |||
pk, key_proof = bls_crypto_factory.generate_and_store_bls_keys() | |||
assert pk | |||
assert isinstance(pk, str) | |||
assert not bls_crypto_factory.bls_verifier\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why verify should return False here?
test this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I believe it’s validating the proof of possession when registering a new key
60bcf20
to
4c0d047
Compare
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
test this please |
test this please |
No description provided.