Merge pull request hyperledger-labs#48 from hyperledger-labs/f-33

idemix signer deserializer should check that the nym key matches the secret key hyperledger-labs#33
mbwhite · Jun 25, 2021 · 4f1be05 · 4f1be05
2 parents f55afe1 + b98611d
commit 4f1be05
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 4 deletions.
diff --git a/platform/fabric/core/generic/msp/idemix/idemix.go b/platform/fabric/core/generic/msp/idemix/idemix.go
@@ -11,12 +11,13 @@ import (
 	"strconv"
 
 	"github.com/golang/protobuf/proto"
-	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging"
 	m "github.com/hyperledger/fabric-protos-go/msp"
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/msp"
 	"github.com/pkg/errors"
 
+	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging"
+
 	"github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/csp"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/csp/idemix"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/csp/idemix/bridge"
@@ -402,13 +403,22 @@ func (p *provider) DeserializeSigner(raw []byte) (driver.Signer, error) {
 		return nil, errors.Wrap(err, "cannot find nym secret key")
 	}
 
-	return &signingIdentity{
+	si := &signingIdentity{
 		identity:     r.id,
 		Cred:         p.conf.Signer.Cred,
 		UserKey:      p.userKey,
 		NymKey:       nymKey,
 		enrollmentId: p.conf.Signer.EnrollmentId,
-	}, nil
+	}
+	msg := []byte("hello world!!!")
+	sigma, err := si.Sign(msg)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed generating verification signature")
+	}
+	if err := si.Verify(msg, sigma); err != nil {
+		return nil, errors.Wrap(err, "failed verifying verification signature")
+	}
+	return si, nil
 }
 
 func (p *provider) Info(raw []byte, auditInfo []byte) (string, error) {

diff --git a/platform/fabric/core/generic/msp/idemix/idemix_test.go b/platform/fabric/core/generic/msp/idemix/idemix_test.go
@@ -152,7 +152,7 @@ func TestAudit(t *testing.T) {
 	assert.NotNil(t, id)
 	assert.NotNil(t, audit)
 
-	id2, audit2, err := p.Identity()
+	id2, audit2, err := p2.Identity()
 	assert.NoError(t, err)
 	assert.NotNil(t, id2)
 	assert.NotNil(t, audit2)
@@ -167,3 +167,61 @@ func TestAudit(t *testing.T) {
 	assert.NoError(t, auditInfo.Match(id2))
 	assert.Error(t, auditInfo.Match(id))
 }
+
+func TestProvider_DeserializeSigner(t *testing.T) {
+	registry := registry2.New()
+	registry.RegisterService(&fakeProv{typ: "memory"})
+
+	kvss, err := kvs.New("memory", "", registry)
+	assert.NoError(t, err)
+	assert.NoError(t, registry.RegisterService(kvss))
+	sigService := sig2.NewSignService(registry, nil)
+	assert.NoError(t, registry.RegisterService(sigService))
+
+	config, err := msp2.GetLocalMspConfigWithType("./testdata/sameissuer/idemix", nil, "idemix", "idemix")
+	assert.NoError(t, err)
+	p, err := idemix2.NewProvider(config, registry)
+	assert.NoError(t, err)
+	assert.NotNil(t, p)
+
+	config, err = msp2.GetLocalMspConfigWithType("./testdata/sameissuer/idemix2", nil, "idemix", "idemix")
+	assert.NoError(t, err)
+	p2, err := idemix2.NewProvider(config, registry)
+	assert.NoError(t, err)
+	assert.NotNil(t, p2)
+
+	id, _, err := p.Identity()
+	assert.NoError(t, err)
+
+	id2, _, err := p2.Identity()
+	assert.NoError(t, err)
+
+	// This must work
+	signer, err := p.DeserializeSigner(id)
+	assert.NoError(t, err)
+	verifier, err := p.DeserializeVerifier(id)
+	assert.NoError(t, err)
+	msg := []byte("Hello World!!!")
+	sigma, err := signer.Sign(msg)
+	assert.NoError(t, err)
+	assert.NoError(t, verifier.Verify(msg, sigma))
+
+	// Try to deserialize id2 with provider for id, must fail
+	signer, err = p.DeserializeSigner(id2)
+	assert.Error(t, err)
+	verifier, err = p.DeserializeVerifier(id2)
+	assert.NoError(t, err)
+
+	// this must work
+	des, err := sig2.NewMultiplexDeserializer(registry)
+	assert.NoError(t, err)
+	des.AddDeserializer(p)
+	des.AddDeserializer(p2)
+	signer, err = des.DeserializeSigner(id)
+	assert.NoError(t, err)
+	verifier, err = des.DeserializeVerifier(id)
+	assert.NoError(t, err)
+	sigma, err = signer.Sign(msg)
+	assert.NoError(t, err)
+	assert.NoError(t, verifier.Verify(msg, sigma))
+}
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/msp/IssuerPublicKey b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/msp/IssuerPublicKey
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/msp/RevocationPublicKey b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/msp/RevocationPublicKey
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUvyZcTtq+2+UzsKTElqAW/fugMoZwtfY
+kPpIwrjJbIHfOEvuyeGKNkvQbW8tCwFIQyDSLOKffaimGUDaftqdRPbzvpLXe28d
+jEBxo6tQa9BNzqnybKqJJtg7ceNMVD30
+-----END PUBLIC KEY-----
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/user/SignerConfig b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix/user/SignerConfig
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/msp/IssuerPublicKey b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/msp/IssuerPublicKey
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/msp/RevocationPublicKey b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/msp/RevocationPublicKey
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUvyZcTtq+2+UzsKTElqAW/fugMoZwtfY
+kPpIwrjJbIHfOEvuyeGKNkvQbW8tCwFIQyDSLOKffaimGUDaftqdRPbzvpLXe28d
+jEBxo6tQa9BNzqnybKqJJtg7ceNMVD30
+-----END PUBLIC KEY-----
diff --git a/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/user/SignerConfig b/platform/fabric/core/generic/msp/idemix/testdata/sameissuer/idemix2/user/SignerConfig