Merge pull request #341 from hypersign-protocol/client-spec-bug

Fix: `clientSpec` needs to specified for every signature
hypersign-protocol · Mar 17, 2023 · 3b82617 · 3b82617
2 parents d27d001 + f5c504c
commit 3b82617
Show file tree

Hide file tree

Showing 27 changed files with 663 additions and 415 deletions.
diff --git a/proto/ssi/v1/clientSpec.proto b/proto/ssi/v1/clientSpec.proto
@@ -0,0 +1,9 @@
+syntax = "proto3";
+package hypersignprotocol.hidnode.ssi;
+
+option go_package = "github.com/hypersign-protocol/hid-node/x/ssi/types";
+
+message ClientSpec {
+    string type = 1;
+    string adr036SignerAddress = 2;
+}
diff --git a/proto/ssi/v1/did.proto b/proto/ssi/v1/did.proto
@@ -3,10 +3,12 @@ package hypersignprotocol.hidnode.ssi;
 
 option go_package = "github.com/hypersign-protocol/hid-node/x/ssi/types";
 
+import "ssi/v1/clientSpec.proto";
+
 message Did {
   repeated string context = 1;
   string id = 2;
-  repeated string controller = 3; // DID Controller Spec: https://www.w3.org/TR/did-core/#did-controller
+  repeated string controller = 3;
   repeated string alsoKnownAs = 4;
   repeated VerificationMethod verificationMethod = 5;
   repeated string authentication = 6;
@@ -41,6 +43,7 @@ message Service {
 message SignInfo {
   string verification_method_id = 1;
   string signature = 2;
+  ClientSpec clientSpec = 3;
 }
 
 message DidDocumentState {

diff --git a/proto/ssi/v1/genesis.proto b/proto/ssi/v1/genesis.proto
@@ -2,7 +2,6 @@ syntax = "proto3";
 package hypersignprotocol.hidnode.ssi;
 
 import "gogoproto/gogo.proto";
-// this line is used by starport scaffolding # genesis/proto/import
 
 option go_package = "github.com/hypersign-protocol/hid-node/x/ssi/types";
 

diff --git a/proto/ssi/v1/query.proto b/proto/ssi/v1/query.proto
@@ -101,5 +101,3 @@ message QueryDidDocumentsResponse {
   uint64 totalDidCount = 1;
   repeated QueryDidDocumentResponse didDocList = 2;
 }
-
-// this line is used by starport scaffolding # 3
diff --git a/proto/ssi/v1/tx.proto b/proto/ssi/v1/tx.proto
@@ -1,13 +1,12 @@
 syntax = "proto3";
 package hypersignprotocol.hidnode.ssi;
 
-// this line is used by starport scaffolding # proto/tx/import
-
 option go_package = "github.com/hypersign-protocol/hid-node/x/ssi/types";
 
 import "ssi/v1/schema.proto";
 import "ssi/v1/did.proto";
 import "ssi/v1/credential.proto";
+import "ssi/v1/clientSpec.proto";
 
 // Msg defines the Msg service.
 service Msg {
@@ -16,14 +15,12 @@ service Msg {
   rpc CreateSchema(MsgCreateSchema) returns (MsgCreateSchemaResponse);
   rpc DeactivateDID(MsgDeactivateDID) returns (MsgDeactivateDIDResponse);
   rpc RegisterCredentialStatus(MsgRegisterCredentialStatus) returns (MsgRegisterCredentialStatusResponse);
-// this line is used by starport scaffolding # proto/tx/rpc
 }
 
 message MsgCreateDID {
   Did didDocString = 1;
   repeated SignInfo signatures = 2;
   string creator = 3;
-  string clientSpec = 4;
 }
 
 message MsgCreateDIDResponse {
@@ -35,7 +32,6 @@ message MsgUpdateDID {
   string version_id = 2;
   repeated SignInfo signatures = 3;
   string creator = 4;
-  string clientSpec = 5;
 }
 
 message MsgUpdateDIDResponse {
@@ -46,7 +42,7 @@ message MsgCreateSchema {
   string creator = 1;
   SchemaDocument schemaDoc = 2;
   SchemaProof schemaProof = 3;
-  string clientSpec = 4;
+  ClientSpec clientSpec = 4;
 }
 
 message MsgCreateSchemaResponse {
@@ -58,7 +54,6 @@ message MsgDeactivateDID {
   string didId = 2;
   string version_id = 3;
   repeated SignInfo signatures = 4;
-  string clientSpec = 5;
 }
 
 message MsgDeactivateDIDResponse {
@@ -69,11 +64,9 @@ message MsgRegisterCredentialStatus {
   string creator = 1;
   CredentialStatus credentialStatus = 2;
   CredentialProof proof = 3;
-  string clientSpec = 4;
+  ClientSpec clientSpec = 4;
 }
 
 message MsgRegisterCredentialStatusResponse {
   uint64 id = 1;
 }
-
-// this line is used by starport scaffolding # proto/tx/message
diff --git a/x/ssi/client/cli/query.go b/x/ssi/client/cli/query.go
@@ -22,7 +22,6 @@ func GetQueryCmd(queryRoute string) *cobra.Command {
 	cmd.AddCommand(CmdGetSchema())
 	cmd.AddCommand(CmdResolveDID())
 	cmd.AddCommand(CmdGetCredentialStatus())
-	// this line is used by starport scaffolding # 1
 
 	return cmd
 }
diff --git a/x/ssi/client/cli/tx.go b/x/ssi/client/cli/tx.go
@@ -23,7 +23,6 @@ func GetTxCmd() *cobra.Command {
 	cmd.AddCommand(CmdCreateSchema())
 	cmd.AddCommand(CmdDeactivateDID())
 	cmd.AddCommand(CmdRegisterCredentialStatus())
-	// this line is used by starport scaffolding # 1
 
 	return cmd
 }
diff --git a/x/ssi/client/cli/tx_ssi.go b/x/ssi/client/cli/tx_ssi.go
@@ -128,6 +128,9 @@ func CmdCreateSchema() *cobra.Command {
 				SchemaDoc:   &schemaDoc,
 				SchemaProof: &schemaProof,
 				Creator:     clientCtx.GetFromAddress().String(),
+				ClientSpec: &types.ClientSpec{
+					Type: "",
+				},
 			}
 
 			if err := msg.ValidateBasic(); err != nil {
@@ -224,6 +227,9 @@ func CmdRegisterCredentialStatus() *cobra.Command {
 				CredentialStatus: &credentialStatus,
 				Proof:            &proof,
 				Creator:          clientCtx.GetFromAddress().String(),
+				ClientSpec: &types.ClientSpec{
+					Type: "",
+				},
 			}
 
 			if err := msg.ValidateBasic(); err != nil {

diff --git a/x/ssi/client/cli/tx_utils.go b/x/ssi/client/cli/tx_utils.go
@@ -109,6 +109,9 @@ func getSignatures(cmd *cobra.Command, message []byte, cmdArgs []string) ([]*typ
 		// Get the VM Ids
 		signInfoList = append(signInfoList, &types.SignInfo{
 			VerificationMethodId: didSigningElementsList[i].VerificationMethodId,
+			ClientSpec: &types.ClientSpec{
+				Type: "",
+			},
 		})
 
 		// Sign based on the Signing Algorithm

diff --git a/x/ssi/handler.go b/x/ssi/handler.go
@@ -31,7 +31,6 @@ func NewHandler(k keeper.Keeper) sdk.Handler {
 		case *types.MsgRegisterCredentialStatus:
 			res, err := msgServer.RegisterCredentialStatus(sdk.WrapSDKContext(ctx), msg)
 			return sdk.WrapServiceResult(ctx, res, err)
-			// this line is used by starport scaffolding # 1
 		default:
 			errMsg := fmt.Sprintf("unrecognized %s message type: %T", types.ModuleName, msg)
 			return nil, sdkerrors.Wrap(sdkerrors.ErrUnknownRequest, errMsg)

diff --git a/x/ssi/keeper/msg_server.go b/x/ssi/keeper/msg_server.go
@@ -48,7 +48,7 @@ func (k msgServer) checkControllerPresenceInState(
 // every verification method of every controller needs to be valid
 func (k msgServer) formMustControllerVmListMap(ctx sdk.Context,
 	controllers []string, verificationMethods []*types.VerificationMethod,
-	inputSignMap map[string]string,
+	inputSignMap map[string]*types.SignInfo,
 ) (map[string][]*types.ExtendedVerificationMethod, error) {
 	var controllerMap map[string][]*types.ExtendedVerificationMethod = map[string][]*types.ExtendedVerificationMethod{}
 	var vmMap map[string]*types.VerificationMethod = map[string]*types.VerificationMethod{}
@@ -110,7 +110,7 @@ func (k msgServer) formMustControllerVmListMap(ctx sdk.Context,
 // atleast one verification method of any controller needs to be valid
 func (k msgServer) formAnyControllerVmListMap(ctx sdk.Context,
 	controllers []string, verificationMethods []*types.VerificationMethod,
-	inputSignMap map[string]string,
+	inputSignMap map[string]*types.SignInfo,
 ) (map[string][]*types.ExtendedVerificationMethod, error) {
 	var controllerMap map[string][]*types.ExtendedVerificationMethod = map[string][]*types.ExtendedVerificationMethod{}
 	var vmMap map[string]*types.VerificationMethod = map[string]*types.VerificationMethod{}
@@ -174,7 +174,7 @@ func (k msgServer) getControllerVmFromState(ctx sdk.Context, verificationMethodI
 }
 
 // VerifyDocumentProof verifies the proof of a SSI Document
-func (k msgServer) VerifyDocumentProof(ctx sdk.Context, docBytes []byte, inputDocProof types.SSIProofInterface) error {
+func (k msgServer) VerifyDocumentProof(ctx sdk.Context, ssiMsg types.SsiMsg, inputDocProof types.SSIProofInterface, clientSpec *types.ClientSpec) error {
 	// Get DID Document from State
 	schemaProofVmId := inputDocProof.GetVerificationMethod()
 	didId, _ := types.SplitDidUrl(schemaProofVmId)
@@ -208,7 +208,12 @@ func (k msgServer) VerifyDocumentProof(ctx sdk.Context, docBytes []byte, inputDo
 	}
 
 	// Verify signature
-	err = verification.VerifyDocumentProofSignature(docBytes, schemaVm, inputDocProof.GetProofValue())
+	signInfo := &types.SignInfo{
+		VerificationMethodId: inputDocProof.GetVerificationMethod(),
+		Signature:            inputDocProof.GetProofValue(),
+		ClientSpec:           clientSpec,
+	}
+	err = verification.VerifyDocumentProofSignature(ssiMsg, schemaVm, signInfo)
 	if err != nil {
 		return err
 	}
@@ -217,11 +222,11 @@ func (k msgServer) VerifyDocumentProof(ctx sdk.Context, docBytes []byte, inputDo
 }
 
 // makeSignatureMap converts []SignInfo to map
-func makeSignatureMap(inputSignatures []*types.SignInfo) map[string]string {
-	var signMap map[string]string = map[string]string{}
+func makeSignatureMap(inputSignatures []*types.SignInfo) map[string]*types.SignInfo {
+	var signMap map[string]*types.SignInfo = map[string]*types.SignInfo{}
 
 	for _, sign := range inputSignatures {
-		signMap[sign.VerificationMethodId] = sign.Signature
+		signMap[sign.VerificationMethodId] = sign
 	}
 
 	return signMap

diff --git a/x/ssi/keeper/msg_server_create_did.go b/x/ssi/keeper/msg_server_create_did.go
@@ -55,20 +55,8 @@ func (k msgServer) CreateDID(goCtx context.Context, msg *types.MsgCreateDID) (*t
 		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
 	}
 
-	// ClientSpec check
-	clientSpecOpts := types.ClientSpecOpts{
-		ClientSpecType: msg.ClientSpec,
-		SSIDoc:         msgDidDocument,
-		SignerAddress:  msg.Creator,
-	}
-	var didDocBytes []byte
-	didDocBytes, err = getClientSpecDocBytes(clientSpecOpts)
-	if err != nil {
-		return nil, sdkerrors.Wrapf(types.ErrInvalidClientSpecType, err.Error())
-	}
-
 	// Verify Signatures
-	err = verification.VerifySignatureOfEveryController(didDocBytes, requiredVmMap)
+	err = verification.VerifySignatureOfEveryController(msgDidDocument, requiredVmMap)
 	if err != nil {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidSignature, err.Error())
 	}

diff --git a/x/ssi/keeper/msg_server_credential.go b/x/ssi/keeper/msg_server_credential.go
@@ -18,6 +18,7 @@ func (k msgServer) RegisterCredentialStatus(goCtx context.Context, msg *types.Ms
 
 	msgCredStatus := msg.GetCredentialStatus()
 	msgCredProof := msg.GetProof()
+	msgCredClientSpec := msg.GetClientSpec()
 
 	credId := msgCredStatus.GetClaim().GetId()
 
@@ -86,20 +87,8 @@ func (k msgServer) RegisterCredentialStatus(goCtx context.Context, msg *types.Ms
 			return nil, sdkerrors.Wrapf(types.ErrInvalidCredentialHash, "supported hashing algorithms: sha256")
 		}
 
-		// ClientSpec check
-		clientSpecOpts := types.ClientSpecOpts{
-			ClientSpecType: msg.ClientSpec,
-			SSIDoc:         msgCredStatus,
-			SignerAddress:  msg.Creator,
-		}
-
-		credDocBytes, err := getClientSpecDocBytes(clientSpecOpts)
-		if err != nil {
-			return nil, sdkerrors.Wrapf(types.ErrInvalidClientSpecType, err.Error())
-		}
-
 		// Verify Signature
-		err = k.VerifyDocumentProof(ctx, credDocBytes, msgCredProof)
+		err = k.VerifyDocumentProof(ctx, msgCredStatus, msgCredProof, msgCredClientSpec)
 		if err != nil {
 			return nil, sdkerrors.Wrapf(types.ErrInvalidSignature, err.Error())
 		}
@@ -129,6 +118,7 @@ func (k msgServer) RegisterCredentialStatus(goCtx context.Context, msg *types.Ms
 func (k msgServer) updateCredentialStatus(ctx sdk.Context, msg *types.MsgRegisterCredentialStatus) (*types.Credential, error) {
 	msgNewCredStatus := msg.CredentialStatus
 	msgNewCredProof := msg.Proof
+	msgNewCredClientSpec := msg.ClientSpec
 
 	credId := msgNewCredStatus.GetClaim().GetId()
 
@@ -277,20 +267,8 @@ func (k msgServer) updateCredentialStatus(ctx sdk.Context, msg *types.MsgRegiste
 		}
 	}
 
-	// ClientSpec check
-	clientSpecOpts := types.ClientSpecOpts{
-		ClientSpecType: msg.ClientSpec,
-		SSIDoc:         msgNewCredStatus,
-		SignerAddress:  msg.Creator,
-	}
-
-	credDocBytes, err := getClientSpecDocBytes(clientSpecOpts)
-	if err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidClientSpecType, err.Error())
-	}
-
 	// Verify Signature
-	err = k.VerifyDocumentProof(ctx, credDocBytes, msgNewCredProof)
+	err = k.VerifyDocumentProof(ctx, msgNewCredStatus, msgNewCredProof, msgNewCredClientSpec)
 	if err != nil {
 		return nil, sdkerrors.Wrap(types.ErrInvalidSignature, err.Error())
 	}

diff --git a/x/ssi/keeper/msg_server_deactivate_did.go b/x/ssi/keeper/msg_server_deactivate_did.go
@@ -63,20 +63,8 @@ func (k msgServer) DeactivateDID(goCtx context.Context, msg *types.MsgDeactivate
 		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
 	}
 
-	// Get Client Spec
-	clientSpecOpts := types.ClientSpecOpts{
-		ClientSpecType: msg.ClientSpec,
-		SSIDoc:         didDocument,
-		SignerAddress:  msg.Creator,
-	}
-	var didDocBytes []byte
-	didDocBytes, err = getClientSpecDocBytes(clientSpecOpts)
-	if err != nil {
-		return nil, sdkerrors.Wrapf(types.ErrInvalidClientSpecType, err.Error())
-	}
-
 	// Signature Verification
-	err = verification.VerifySignatureOfAnyController(didDocBytes, controllerMap)
+	err = verification.VerifySignatureOfAnyController(didDocument, controllerMap)
 	if err != nil {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidSignature, err.Error())
 	}

diff --git a/x/ssi/keeper/msg_server_schema.go b/x/ssi/keeper/msg_server_schema.go
@@ -17,6 +17,7 @@ func (k msgServer) CreateSchema(goCtx context.Context, msg *types.MsgCreateSchem
 	schemaDoc := msg.GetSchemaDoc()
 	schemaProof := msg.GetSchemaProof()
 	schemaID := schemaDoc.GetId()
+	schemaClientSpec := msg.GetClientSpec()
 
 	chainNamespace := k.GetChainNamespace(&ctx)
 	// Get the Did Document of Schema's Author
@@ -62,20 +63,8 @@ func (k msgServer) CreateSchema(goCtx context.Context, msg *types.MsgCreateSchem
 		return nil, sdkerrors.Wrapf(types.ErrInvalidDate, "created date provided shouldn't be greater than the current block time")
 	}
 
-	// ClientSpec check
-	clientSpecOpts := types.ClientSpecOpts{
-		ClientSpecType: msg.ClientSpec,
-		SSIDoc:         schemaDoc,
-		SignerAddress:  msg.Creator,
-	}
-
-	schemaDocBytes, err := getClientSpecDocBytes(clientSpecOpts)
-	if err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidClientSpecType, err.Error())
-	}
-
 	// Signature check
-	if err := k.VerifyDocumentProof(ctx, schemaDocBytes, schemaProof); err != nil {
+	if err := k.VerifyDocumentProof(ctx, schemaDoc, schemaProof, schemaClientSpec); err != nil {
 		return nil, sdkerrors.Wrap(types.ErrInvalidClientSpecType, err.Error())
 	}
 

diff --git a/x/ssi/keeper/msg_server_update_did.go b/x/ssi/keeper/msg_server_update_did.go
@@ -82,24 +82,12 @@ func (k msgServer) UpdateDID(goCtx context.Context, msg *types.MsgUpdateDID) (*t
 		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
 	}
 
-	// ClientSpec Opts
-	clientSpecOpts := types.ClientSpecOpts{
-		ClientSpecType: msg.ClientSpec,
-		SSIDoc:         msgDidDocument,
-		SignerAddress:  msg.Creator,
-	}
-	var didDocBytes []byte
-	didDocBytes, err = getClientSpecDocBytes(clientSpecOpts)
-	if err != nil {
-		return nil, sdkerrors.Wrapf(types.ErrInvalidClientSpecType, err.Error())
-	}
-
 	// Signature Verification
-	if err := verification.VerifySignatureOfEveryController(didDocBytes, requiredVmMap); err != nil {
+	if err := verification.VerifySignatureOfEveryController(msgDidDocument, requiredVmMap); err != nil {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidSignature, err.Error())
 	}
 
-	if err := verification.VerifySignatureOfAnyController(didDocBytes, optionalVmMap); err != nil {
+	if err := verification.VerifySignatureOfAnyController(msgDidDocument, optionalVmMap); err != nil {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidSignature, err.Error())
 	}
 

diff --git a/x/ssi/module.go b/x/ssi/module.go
@@ -6,8 +6,6 @@ import (
 	"fmt"
 	"log"
 
-	// this line is used by starport scaffolding # 1
-
 	"github.com/gorilla/mux"
 	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"github.com/spf13/cobra"