def test_create_and_store_bls_keys(bls_crypto_factory):
pk, key_proof = bls_crypto_factory.generate_and_store_bls_keys()
assert pk
assert isinstance(pk, str)
assert bls_crypto_factory.create_bls_crypto_verifier() \
.verify_key_proof_of_possession(IndyCryptoBlsUtils.bls_from_str(key_proof, cls=ProofOfPossession),
IndyCryptoBlsUtils.bls_from_str(pk, cls=VerKey))
def _verify_bls_key_proof_of_possession(self, key_proof, pk):
if self.bls_crypto_verifier is None:
return True
key_proof_bls = IndyCryptoBlsUtils.bls_from_str(key_proof, cls=ProofOfPossession)
pk_bls = IndyCryptoBlsUtils.bls_from_str(pk, cls=VerKey)
return self.bls_crypto_verifier.verify_key_proof_of_possession(key_proof_bls,
pk_bls)
def test_get_key_for_old_root_keys_changed(bls_key_register_ledger,
pool_node_txns,
txnPoolNodeSet,
node,
looper,
sdk_wallet_steward,
sdk_pool_handle):
old_bls_key = get_payload_data(pool_node_txns[0])[DATA][BLS_KEY]
new_bls_key, key_proof = init_bls_keys(node.keys_dir, node.name)
old_pool_root_hash = node.poolManager.state.committedHeadHash
# change BLS keys
sdk_change_bls_key(looper, txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=new_bls_key,
new_key_proof=key_proof)
new_pool_root_hash = node.poolManager.state.committedHeadHash
assert old_pool_root_hash != new_pool_root_hash
# get old and new keys
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
old_pool_root_hash)
assert bls_key
assert IndyCryptoBlsUtils.bls_to_str(bls_key) == old_bls_key
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
new_pool_root_hash)
assert bls_key
assert IndyCryptoBlsUtils.bls_to_str(bls_key) == new_bls_key
def test_verify_multi_signature_invalid_short_pk(bls_signer1, bls_signer2,
bls_verifier, message):
pk1 = bls_signer1.pk
pk2 = bls_signer2.pk
sigs = []
sigs.append(bls_signer1.sign(message))
sigs.append(bls_signer2.sign(message))
multi_sig = bls_verifier.create_multi_sig(sigs)
for invalid_pk in invalid_pks(
invalid_short_values(IndyCryptoBlsUtils.bls_to_str(pk2))):
pks = [pk1, invalid_pk]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
for invalid_pk in invalid_pks(
invalid_short_values(IndyCryptoBlsUtils.bls_to_str(pk1))):
pks = [invalid_pk, pk2]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
for invalid_pk1, invalid_pk2 in zip(
invalid_pks(
invalid_short_values(IndyCryptoBlsUtils.bls_to_str(pk1))),
invalid_pks(
invalid_short_values(IndyCryptoBlsUtils.bls_to_str(pk2)))):
pks = [invalid_pk1, invalid_pk2]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
def _create_bls_crypto_signer(self, sk: str, pk: str,
group_params: GroupParams):
sk_bls = IndyCryptoBlsUtils.bls_from_str(sk,
cls=SignKey) # type: SignKey
pk_bls = IndyCryptoBlsUtils.bls_from_str(pk,
cls=VerKey) # type: VerKey
return BlsCryptoSignerIndyCrypto(sk=sk_bls,
pk=pk_bls,
params=group_params)
def test_create_bls_crypto_multiple_times(bls_crypto_factory):
pk1, _ = bls_crypto_factory.generate_and_store_bls_keys()
bls_crypto_signer1 = bls_crypto_factory.create_bls_crypto_signer_from_saved_keys() # type: BlsCryptoSignerIndyCrypto
assert pk1 == IndyCryptoBlsUtils.bls_to_str(bls_crypto_signer1.pk)
pk2, _ = bls_crypto_factory.generate_and_store_bls_keys()
bls_crypto_signer2 = bls_crypto_factory.create_bls_crypto_signer_from_saved_keys() # type: BlsCryptoSignerIndyCrypto
assert pk2 == IndyCryptoBlsUtils.bls_to_str(bls_crypto_signer2.pk)
pk3, _ = bls_crypto_factory.generate_and_store_bls_keys()
bls_crypto_signer3 = bls_crypto_factory.create_bls_crypto_signer_from_saved_keys() # type: BlsCryptoSignerIndyCrypto
assert pk3 == IndyCryptoBlsUtils.bls_to_str(bls_crypto_signer3.pk)
def test_verify_invalid_short_pk(bls_signer1, bls_verifier, message):
pk = bls_signer1.pk
sig = bls_signer1.sign(message)
for invalid_pk in invalid_pks(
invalid_short_values(IndyCryptoBlsUtils.bls_to_str(pk))):
assert not bls_verifier.verify_sig(sig, message, invalid_pk)
def _load_keys_for_root(self):
keys = {}
for _, txn in self._ledger.getAllTxn():
if get_type(txn) != NODE:
continue
data = get_payload_data(txn)[DATA]
node_name = data[ALIAS]
if not config.VALIDATE_BLS_SIGNATURE_WITHOUT_KEY_PROOF and \
data.get(BLS_KEY_PROOF, None) is None:
logger.warning(
"{} has no proof of possession for BLS public key.".format(
node_name))
keys[node_name] = None
continue
key_str = data.get(BLS_KEY, None)
if key_str is None:
keys[node_name] = None
continue
key_bls = IndyCryptoBlsUtils.bls_from_str(key_str, cls=VerKey)
keys[node_name] = key_bls
return keys
def test_create_bls_crypto(bls_crypto_factory):
pk, _ = bls_crypto_factory.generate_and_store_bls_keys()
bls_crypto_signer = bls_crypto_factory.create_bls_crypto_signer_from_saved_keys() # type: BlsCryptoSignerIndyCrypto
assert bls_crypto_signer
assert isinstance(bls_crypto_signer, BlsCryptoSigner)
assert bls_crypto_signer._sk
assert bls_crypto_signer.pk
assert pk == IndyCryptoBlsUtils.bls_to_str(bls_crypto_signer.pk)
def test_verify_non_base_58_pk_multi_signature(bls_signer1, bls_signer2, bls_verifier, message):
pk1 = bls_signer1.pk
pk2 = bls_signer2.pk
sigs = []
sigs.append(bls_signer1.sign(message))
sigs.append(bls_signer2.sign(message))
multi_sig = bls_verifier.create_multi_sig(sigs)
pks = [pk1, IndyCryptoBlsUtils.bls_from_str('Incorrect pk 1', cls=VerKey)]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
pks = [IndyCryptoBlsUtils.bls_from_str('Incorrect pk 1', cls=VerKey), pk2]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
pks = [IndyCryptoBlsUtils.bls_from_str('Incorrect pk 1', cls=VerKey),
IndyCryptoBlsUtils.bls_from_str('Incorrect pk 2', cls=VerKey)]
assert not bls_verifier.verify_multi_sig(multi_sig, message, pks)
def check_bls_key(blskey, node, nodes, add_wrong=False):
'''
Check that each node has the same and correct blskey for this node
'''
keys = set()
for n in nodes:
keys.add(
IndyCryptoBlsUtils.bls_to_str(
n.bls_bft.bls_key_register.get_key_by_name(node.name)))
assert len(keys) == 1
if not add_wrong:
assert blskey == next(iter(keys))
# check that this node has correct blskey
if not add_wrong:
assert node.bls_bft.can_sign_bls()
assert blskey == IndyCryptoBlsUtils.bls_to_str(
node.bls_bft.bls_crypto_signer.pk)
else:
assert not node.bls_bft.can_sign_bls()
def _validate_signature(self, sender, bls_sig, pre_prepare: PrePrepare):
pool_root_hash = self._get_pool_root_hash(pre_prepare, serialize=False)
sender_node = self.get_node_name(sender)
pk = self._bls_bft.bls_key_register.get_key_by_name(
sender_node, pool_root_hash)
if not pk:
return False
pool_root_hash_ser = self._get_pool_root_hash(pre_prepare)
message = self._create_multi_sig_value_for_pre_prepare(
pre_prepare, pool_root_hash_ser)
result = self._bls_bft.bls_crypto_verifier.verify_sig(
bls_sig, message.as_single_value(), pk)
if not result:
logger.info("Incorrect bls signature {} in commit for "
"{} public key: '{}' and message: '{}' from "
"pre-prepare: {}".format(
bls_sig, sender, IndyCryptoBlsUtils.bls_to_str(pk),
message, pre_prepare))
return result
def _load_keys_for_root(self, pool_state_root_hash):
self._current_bls_keys = {}
for data in self._node.write_manager.get_all_node_data_for_root_hash(
pool_state_root_hash):
node_name = data[ALIAS]
if BLS_KEY not in data:
continue
if not self._node.poolManager.config.VALIDATE_BLS_SIGNATURE_WITHOUT_KEY_PROOF and \
data.get(BLS_KEY_PROOF, None) is None:
logger.warning("{} has no proof of possession for BLS public key.".format(node_name))
self._current_bls_keys[node_name] = None
continue
key_str = data.get(BLS_KEY, None)
if key_str is None:
self._current_bls_keys[node_name] = None
continue
key_bls = IndyCryptoBlsUtils.bls_from_str(key_str, cls=VerKey)
self._current_bls_keys[node_name] = key_bls
def test_verify_non_base58_pk(bls_signer1, bls_verifier, message):
sig = bls_signer1.sign('Hello!')
assert not bls_verifier.verify_sig(
sig, message, IndyCryptoBlsUtils.bls_pk_from_str('Incorrect pk 1'))
def bls_key(self):
bls_key = self._node.bls_bft.bls_key_register.get_key_by_name(
self._node.name)
if bls_key is not None:
bls_key = IndyCryptoBlsUtils.bls_to_str(bls_key)
return bls_key
def generate_bls_keys(self, seed=None) -> (str, str, str):
sk, pk, key_proof = self._generate_raw_bls_keys(seed)
return IndyCryptoBlsUtils.bls_to_str(
sk), IndyCryptoBlsUtils.bls_to_str(
pk), IndyCryptoBlsUtils.bls_to_str(key_proof)
def test_verify_non_base58_sig_and_pk(bls_verifier, message):
assert not bls_verifier.verify_sig(
'Incorrect Signature 1', message,
IndyCryptoBlsUtils.bls_pk_from_str('Incorrect pk 1'))
def test_get_key_for_current_root_explicitly(bls_key_register_ledger, txnPoolNodeSet, pool_node_txns):
for i in range(nodeCount):
bls_key = bls_key_register_ledger.get_key_by_name(txnPoolNodeSet[i].name,
bls_key_register_ledger.get_pool_root_hash_committed())
assert bls_key
assert IndyCryptoBlsUtils.bls_to_str(bls_key) == get_payload_data(pool_node_txns[i])[DATA][BLS_KEY]
def invalid_pks(invalid_vals):
return [IndyCryptoBlsUtils.bls_pk_from_str(val) for val in invalid_vals]
def get_current_bls_keys(node):
bls_keys_raw_dict = node.master_replica._bls_bft_replica._bls_bft.bls_key_register._current_bls_keys
return {
node_nane: IndyCryptoBlsUtils.bls_to_str(bls_key_raw)
for node_nane, bls_key_raw in bls_keys_raw_dict.items()
}
def test_validator_info_file_bls_field_valid(info, node):
assert info['Node_info']['BLS_key'] == IndyCryptoBlsUtils.bls_to_str(node.bls_bft.bls_crypto_signer.pk)