From a50dc8877ee8df2127e5069fc7370e49ee39c6a2 Mon Sep 17 00:00:00 2001 From: hitenjain14 Date: Mon, 28 Oct 2024 12:52:52 +0530 Subject: [PATCH 1/2] add signing pub key --- .../blobbercore/allocation/entity.go | 5 ++- .../allocation/file_changer_base.go | 5 ++- .../allocation/file_changer_update.go | 2 + .../allocation/file_changer_upload.go | 2 + .../blobbercore/allocation/protocol.go | 2 +- .../blobbercore/allocation/workers.go | 3 ++ .../0chain.net/blobbercore/allocation/zcn.go | 2 + .../blobbercore/challenge/protocol.go | 6 ++- .../handler/file_command_update.go | 10 ++++- .../handler/file_command_upload.go | 10 ++++- .../0chain.net/blobbercore/reference/ref.go | 4 ++ code/go/0chain.net/core/encryption/keys.go | 36 +++++++++++++++-- code/go/0chain.net/core/transaction/entity.go | 29 +++++++------- .../storage/challenge_handler.go | 40 ++++++++++++------- .../validatorcore/storage/models.go | 33 +++++++++------ goose/migrations/1730098482_session_key.sql | 7 ++++ 16 files changed, 142 insertions(+), 54 deletions(-) create mode 100644 goose/migrations/1730098482_session_key.sql diff --git a/code/go/0chain.net/blobbercore/allocation/entity.go b/code/go/0chain.net/blobbercore/allocation/entity.go index 74a223be5..30fece0e5 100644 --- a/code/go/0chain.net/blobbercore/allocation/entity.go +++ b/code/go/0chain.net/blobbercore/allocation/entity.go @@ -62,8 +62,9 @@ type Allocation struct { TimeUnit time.Duration `gorm:"column:time_unit;not null;default:172800000000000"` StartTime common.Timestamp `gorm:"column:start_time;not null"` // Ending and cleaning - CleanedUp bool `gorm:"column:cleaned_up;not null;default:false"` - Finalized bool `gorm:"column:finalized;not null;default:false"` + CleanedUp bool `gorm:"column:cleaned_up;not null;default:false"` + Finalized bool `gorm:"column:finalized;not null;default:false"` + OwnerSigningPublicKey string `gorm:"column:owner_signing_public_key;size:512;not null" json:"owner_signing_public_key"` // FileOptions to define file restrictions on an allocation for third-parties // default 00000000 for all crud operations suggesting only owner has the below listed abilities. diff --git a/code/go/0chain.net/blobbercore/allocation/file_changer_base.go b/code/go/0chain.net/blobbercore/allocation/file_changer_base.go index 1d86e30d1..20345b565 100644 --- a/code/go/0chain.net/blobbercore/allocation/file_changer_base.go +++ b/code/go/0chain.net/blobbercore/allocation/file_changer_base.go @@ -52,8 +52,9 @@ type BaseFileChanger struct { EncryptedKeyPoint string `json:"encrypted_key_point,omitempty"` CustomMeta string `json:"custom_meta,omitempty"` - ChunkSize int64 `json:"chunk_size,omitempty"` // the size of achunk. 64*1024 is default - IsFinal bool `json:"is_final,omitempty"` // current chunk is last or not + ChunkSize int64 `json:"chunk_size,omitempty"` // the size of achunk. 64*1024 is default + IsFinal bool `json:"is_final,omitempty"` // current chunk is last or not + SignatureVersion int `json:"signature_version,omitempty"` ChunkStartIndex int `json:"chunk_start_index,omitempty"` // start index of chunks. ChunkEndIndex int `json:"chunk_end_index,omitempty"` // end index of chunks. all chunks MUST be uploaded one by one because of CompactMerkleTree diff --git a/code/go/0chain.net/blobbercore/allocation/file_changer_update.go b/code/go/0chain.net/blobbercore/allocation/file_changer_update.go index 590d25d60..a1b918f00 100644 --- a/code/go/0chain.net/blobbercore/allocation/file_changer_update.go +++ b/code/go/0chain.net/blobbercore/allocation/file_changer_update.go @@ -106,6 +106,7 @@ func (nf *UpdateFileChanger) ApplyChange(ctx context.Context, rootRef *reference fileRef.ChunkSize = nf.ChunkSize fileRef.IsPrecommit = true fileRef.FilestoreVersion = filestore.VERSION + fileRef.SignatureVersion = nf.SignatureVersion return rootRef, nil } @@ -173,6 +174,7 @@ func (nf *UpdateFileChanger) ApplyChangeV2(ctx context.Context, allocationRoot, PathLevel: len(strings.Split(strings.TrimRight(nf.Path, "/"), "/")), NumBlocks: int64(math.Ceil(float64(nf.Size*1.0) / float64(nf.ChunkSize))), NumUpdates: refResult.NumUpdates + 1, + SignatureVersion: nf.SignatureVersion, } nf.storageVersion = 1 newFile.FileMetaHash = encryption.Hash(newFile.GetFileMetaHashDataV2()) diff --git a/code/go/0chain.net/blobbercore/allocation/file_changer_upload.go b/code/go/0chain.net/blobbercore/allocation/file_changer_upload.go index 59936dd10..4acb713c7 100644 --- a/code/go/0chain.net/blobbercore/allocation/file_changer_upload.go +++ b/code/go/0chain.net/blobbercore/allocation/file_changer_upload.go @@ -130,6 +130,7 @@ func (nf *UploadFileChanger) applyChange(ctx context.Context, rootRef *reference HashToBeComputed: true, IsPrecommit: true, FilestoreVersion: filestore.VERSION, + SignatureVersion: nf.SignatureVersion, } fileID, ok := fileIDMeta[newFile.Path] @@ -197,6 +198,7 @@ func (nf *UploadFileChanger) ApplyChangeV2(ctx context.Context, allocationRoot, PathLevel: len(strings.Split(strings.TrimRight(nf.Path, "/"), "/")), NumBlocks: int64(math.Ceil(float64(nf.Size*1.0) / float64(nf.ChunkSize))), NumUpdates: 1, + SignatureVersion: nf.SignatureVersion, } nf.storageVersion = 1 newFile.FileMetaHash = encryption.Hash(newFile.GetFileMetaHashDataV2()) diff --git a/code/go/0chain.net/blobbercore/allocation/protocol.go b/code/go/0chain.net/blobbercore/allocation/protocol.go index d7c53fd0e..386a05485 100644 --- a/code/go/0chain.net/blobbercore/allocation/protocol.go +++ b/code/go/0chain.net/blobbercore/allocation/protocol.go @@ -110,8 +110,8 @@ func FetchAllocationFromEventsDB(ctx context.Context, allocationID string, alloc a.TimeUnit = sa.TimeUnit a.FileOptions = sa.FileOptions a.StartTime = sa.StartTime - // Only for testing purpose a.StorageVersion = uint8(sa.StorageVersion) + a.OwnerSigningPublicKey = sa.OwnerSigningPublicKey m := map[string]interface{}{ "allocation_id": a.ID, diff --git a/code/go/0chain.net/blobbercore/allocation/workers.go b/code/go/0chain.net/blobbercore/allocation/workers.go index cf70769db..3eb535869 100644 --- a/code/go/0chain.net/blobbercore/allocation/workers.go +++ b/code/go/0chain.net/blobbercore/allocation/workers.go @@ -246,6 +246,7 @@ func updateAllocationInDB(ctx context.Context, a *Allocation, sa *transaction.St a.Tx = sa.Tx a.OwnerID = sa.OwnerID a.OwnerPublicKey = sa.OwnerPublicKey + a.OwnerSigningPublicKey = sa.OwnerSigningPublicKey // // update fields a.Expiration = sa.Expiration @@ -263,6 +264,7 @@ func updateAllocationInDB(ctx context.Context, a *Allocation, sa *transaction.St updateMap["finalized"] = a.Finalized updateMap["file_options"] = a.FileOptions updateMap["blobber_size"] = a.BlobberSize + updateMap["owner_signing_public_key"] = a.OwnerSigningPublicKey updateOption := func(alloc *Allocation) { alloc.Tx = a.Tx @@ -273,6 +275,7 @@ func updateAllocationInDB(ctx context.Context, a *Allocation, sa *transaction.St alloc.Finalized = a.Finalized alloc.FileOptions = a.FileOptions alloc.BlobberSize = a.BlobberSize + alloc.OwnerSigningPublicKey = a.OwnerSigningPublicKey } // update terms diff --git a/code/go/0chain.net/blobbercore/allocation/zcn.go b/code/go/0chain.net/blobbercore/allocation/zcn.go index c5d419ecf..f2f7cb1d0 100644 --- a/code/go/0chain.net/blobbercore/allocation/zcn.go +++ b/code/go/0chain.net/blobbercore/allocation/zcn.go @@ -52,6 +52,8 @@ func SyncAllocation(allocationId string) (*Allocation, error) { alloc.Finalized = sa.Finalized alloc.TimeUnit = sa.TimeUnit alloc.FileOptions = sa.FileOptions + alloc.StorageVersion = uint8(sa.StorageVersion) + alloc.OwnerSigningPublicKey = sa.OwnerSigningPublicKey // related terms terms := make([]*Terms, 0, len(sa.BlobberDetails)) diff --git a/code/go/0chain.net/blobbercore/challenge/protocol.go b/code/go/0chain.net/blobbercore/challenge/protocol.go index 71e7a2adf..53540e827 100644 --- a/code/go/0chain.net/blobbercore/challenge/protocol.go +++ b/code/go/0chain.net/blobbercore/challenge/protocol.go @@ -5,13 +5,14 @@ import ( "encoding/hex" "encoding/json" "errors" - "github.com/0chain/blobber/code/go/0chain.net/core/transaction" - coreTxn "github.com/0chain/gosdk/core/transaction" "math/rand" "strings" "sync" "time" + "github.com/0chain/blobber/code/go/0chain.net/core/transaction" + coreTxn "github.com/0chain/gosdk/core/transaction" + "github.com/0chain/blobber/code/go/0chain.net/blobbercore/allocation" "github.com/0chain/blobber/code/go/0chain.net/blobbercore/datastore" "github.com/0chain/blobber/code/go/0chain.net/blobbercore/filestore" @@ -366,6 +367,7 @@ func (cr *ChallengeEntity) getPostDataV2(ctx context.Context, allocationObj *all FixedMerkleRoot: ref.FixedMerkleRoot, Size: ref.Size, FileMetaHash: ref.FileMetaHash, + SignatureVersion: ref.SignatureVersion, } postData["meta"] = metaRef } diff --git a/code/go/0chain.net/blobbercore/handler/file_command_update.go b/code/go/0chain.net/blobbercore/handler/file_command_update.go index 9d8e8d5b2..7b35854d1 100644 --- a/code/go/0chain.net/blobbercore/handler/file_command_update.go +++ b/code/go/0chain.net/blobbercore/handler/file_command_update.go @@ -155,7 +155,15 @@ func (cmd *UpdateFileCommand) ProcessContent(ctx context.Context, allocationObj hashData := fmt.Sprintf("%s:%s:%s:%s", cmd.fileChanger.ActualHash, cmd.fileChanger.ValidationRoot, cmd.fileChanger.FixedMerkleRoot, node.Self.ID) hash = encryption.Hash(hashData) } - verify, err := encryption.Verify(allocationObj.OwnerPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + var ( + err error + verify bool + ) + if cmd.fileChanger.SignatureVersion == reference.SignatureV2 { + verify, err = encryption.VerifyEd25519(allocationObj.OwnerSigningPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + } else { + verify, err = encryption.Verify(allocationObj.OwnerPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + } if err != nil || !verify { logging.Logger.Error("UpdateFileCommand.VerifySignature", zap.Error(err)) return result, common.NewError("update_error", "Failed to verify validation root signature. ") diff --git a/code/go/0chain.net/blobbercore/handler/file_command_upload.go b/code/go/0chain.net/blobbercore/handler/file_command_upload.go index 3c62526c9..279e67701 100644 --- a/code/go/0chain.net/blobbercore/handler/file_command_upload.go +++ b/code/go/0chain.net/blobbercore/handler/file_command_upload.go @@ -167,7 +167,15 @@ func (cmd *UploadFileCommand) ProcessContent(ctx context.Context, allocationObj hashData := fmt.Sprintf("%s:%s:%s:%s", cmd.fileChanger.ActualHash, cmd.fileChanger.ValidationRoot, cmd.fileChanger.FixedMerkleRoot, node.Self.ID) hash = encryption.Hash(hashData) } - verify, err := encryption.Verify(allocationObj.OwnerPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + var ( + err error + verify bool + ) + if cmd.fileChanger.SignatureVersion == reference.SignatureV2 { + verify, err = encryption.VerifyEd25519(allocationObj.OwnerSigningPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + } else { + verify, err = encryption.Verify(allocationObj.OwnerPublicKey, cmd.fileChanger.ValidationRootSignature, hash) + } if err != nil || !verify { logging.Logger.Error("UploadFileCommand.VerifySignature", zap.Error(err)) return result, common.NewError("upload_error", "Failed to verify validation root signature. ") diff --git a/code/go/0chain.net/blobbercore/reference/ref.go b/code/go/0chain.net/blobbercore/reference/ref.go index 13aa4c47d..8c3cc0709 100644 --- a/code/go/0chain.net/blobbercore/reference/ref.go +++ b/code/go/0chain.net/blobbercore/reference/ref.go @@ -28,6 +28,7 @@ const ( DIR_LIST_TAG = "dirlist" FILE_LIST_TAG = "filelist" + SignatureV2 = 1 ) var ( @@ -91,6 +92,7 @@ type Ref struct { NumUpdates int64 `gorm:"column:num_of_updates" json:"num_of_updates"` NumBlockDownloads int64 `gorm:"column:num_of_block_downloads" json:"num_of_block_downloads"` FilestoreVersion int `gorm:"column:filestore_version" json:"-"` + SignatureVersion int `gorm:"column:signature_version" json:"signature_version" filelist:"signature_version"` IsEmpty bool `gorm:"-" dirlist:"is_empty"` HashToBeComputed bool `gorm:"-"` prevID int64 `gorm:"-"` @@ -148,6 +150,7 @@ type PaginatedRef struct { //Gorm smart select fields. EncryptedKey string `gorm:"column:encrypted_key" json:"encrypted_key,omitempty"` EncryptedKeyPoint string `gorm:"column:encrypted_key_point" json:"encrypted_key_point,omitempty"` FileMetaHash string `gorm:"column:file_meta_hash;size:64;not null" dirlist:"file_meta_hash" filelist:"file_meta_hash"` + SignatureVersion int `gorm:"column:signature_version" json:"signature_version,omitempty" filelist:"signature_version"` CreatedAt common.Timestamp `gorm:"column:created_at" json:"created_at,omitempty"` UpdatedAt common.Timestamp `gorm:"column:updated_at" json:"updated_at,omitempty"` @@ -166,6 +169,7 @@ type RefMeta struct { FixedMerkleRoot string `json:"fixed_merkle_root"` Size int64 `json:"size"` FileMetaHash string `json:"file_meta_hash"` + SignatureVersion int `json:"signature_version"` } // GetReferenceLookup hash(allocationID + ":" + path) diff --git a/code/go/0chain.net/core/encryption/keys.go b/code/go/0chain.net/core/encryption/keys.go index bb652f1bf..e07ea647d 100644 --- a/code/go/0chain.net/core/encryption/keys.go +++ b/code/go/0chain.net/core/encryption/keys.go @@ -2,6 +2,8 @@ package encryption import ( "bufio" + "crypto/ed25519" + "encoding/hex" "io" "strings" @@ -13,8 +15,10 @@ import ( "github.com/herumi/bls-go-binary/bls" ) -/*ReadKeys - reads a publicKey and a privateKey from a Reader. -They are assumed to be in two separate lines one followed by the other*/ +/* +ReadKeys - reads a publicKey and a privateKey from a Reader. +They are assumed to be in two separate lines one followed by the other +*/ func ReadKeys(reader io.Reader) (publicKey, privateKey, publicIp, port string) { scanner := bufio.NewScanner(reader) scanner.Scan() @@ -44,14 +48,38 @@ func Verify(publicKey, signature, hash string) (bool, error) { return false, common.NewError("invalid_signature_scheme", "Invalid signature scheme. Please check configuration") } +// VerifyEd25519 - verify the signature using the public key +func VerifyEd25519(publicKey, signature, hash string) (bool, error) { + if len(publicKey) == 0 { + return false, common.NewError("invalid_public_key", "Invalid public key") + } + if len(signature) == 0 { + return false, common.NewError("invalid_signature", "Invalid signature") + } + sig, err := hex.DecodeString(signature) + if err != nil { + return false, err + } + pub, err := hex.DecodeString(publicKey) + if err != nil { + return false, err + } + msg, err := hex.DecodeString(hash) + if err != nil { + return false, err + } + return ed25519.Verify(pub, msg, sig), nil +} + // If input is normal herumi/bls public key, it returns it immmediately. -// So this is completely backward compatible with herumi/bls. +// +// So this is completely backward compatible with herumi/bls. +// // If input is MIRACL public key, convert it to herumi/bls public key. // // This is an example of the raw public key we expect from MIRACL var miraclExamplePK = `0418a02c6bd223ae0dfda1d2f9a3c81726ab436ce5e9d17c531ff0a385a13a0b491bdfed3a85690775ee35c61678957aaba7b1a1899438829f1dc94248d87ed36817f6dfafec19bfa87bf791a4d694f43fec227ae6f5a867490e30328cac05eaff039ac7dfc3364e851ebd2631ea6f1685609fc66d50223cc696cb59ff2fee47ac` -// // This is an example of the same MIRACL public key serialized with ToString(). // pk ([1bdfed3a85690775ee35c61678957aaba7b1a1899438829f1dc94248d87ed368,18a02c6bd223ae0dfda1d2f9a3c81726ab436ce5e9d17c531ff0a385a13a0b49],[039ac7dfc3364e851ebd2631ea6f1685609fc66d50223cc696cb59ff2fee47ac,17f6dfafec19bfa87bf791a4d694f43fec227ae6f5a867490e30328cac05eaff]) func MiraclToHerumiPK(pk string) string { diff --git a/code/go/0chain.net/core/transaction/entity.go b/code/go/0chain.net/core/transaction/entity.go index a204d3f70..0bc02005b 100644 --- a/code/go/0chain.net/core/transaction/entity.go +++ b/code/go/0chain.net/core/transaction/entity.go @@ -53,20 +53,21 @@ type BlobberAllocation struct { } type StorageAllocation struct { - ID string `json:"id"` - Tx string `json:"tx"` - OwnerPublicKey string `json:"owner_public_key"` - OwnerID string `json:"owner_id"` - Size int64 `json:"size"` - UsedSize int64 `json:"used_size"` - Expiration common.Timestamp `json:"expiration_date"` - BlobberDetails []*BlobberAllocation `json:"blobber_details"` - Finalized bool `json:"finalized"` - TimeUnit time.Duration `json:"time_unit"` - WritePool uint64 `json:"write_pool"` - FileOptions uint16 `json:"file_options"` - StartTime common.Timestamp `json:"start_time"` - StorageVersion int `json:"storage_version"` + ID string `json:"id"` + Tx string `json:"tx"` + OwnerPublicKey string `json:"owner_public_key"` + OwnerID string `json:"owner_id"` + Size int64 `json:"size"` + UsedSize int64 `json:"used_size"` + Expiration common.Timestamp `json:"expiration_date"` + BlobberDetails []*BlobberAllocation `json:"blobber_details"` + Finalized bool `json:"finalized"` + TimeUnit time.Duration `json:"time_unit"` + WritePool uint64 `json:"write_pool"` + FileOptions uint16 `json:"file_options"` + StartTime common.Timestamp `json:"start_time"` + StorageVersion int `json:"storage_version"` + OwnerSigningPublicKey string `json:"owner_signing_public_key"` DataShards int64 `json:"data_shards"` ParityShards int64 `json:"parity_shards"` diff --git a/code/go/0chain.net/validatorcore/storage/challenge_handler.go b/code/go/0chain.net/validatorcore/storage/challenge_handler.go index d4c8b4bf9..448db4e3d 100644 --- a/code/go/0chain.net/validatorcore/storage/challenge_handler.go +++ b/code/go/0chain.net/validatorcore/storage/challenge_handler.go @@ -4,7 +4,6 @@ import ( "context" "encoding/hex" "encoding/json" - "github.com/0chain/gosdk/zboxcore/sdk" "io" "net/http" "strings" @@ -14,6 +13,7 @@ import ( "github.com/0chain/blobber/code/go/0chain.net/core/common" "github.com/0chain/blobber/code/go/0chain.net/core/logging" "github.com/0chain/blobber/code/go/0chain.net/core/node" + "github.com/0chain/blobber/code/go/0chain.net/core/transaction" "go.uber.org/zap" "golang.org/x/crypto/sha3" @@ -42,14 +42,12 @@ func challengeHandler(ctx context.Context, r *http.Request) (interface{}, error) time.Sleep(1 * time.Second) - sdkAlloc, err := sdk.GetAllocation(challengeObj.AllocationID) + allocationObj, err := requestAllocation(challengeObj.AllocationID) if err != nil { logging.Logger.Error("Error getting allocation from chain", zap.String("allocation_id", challengeObj.AllocationID), zap.Error(err)) return nil, common.NewError("invalid_parameters", "Allocation could not be verified. "+err.Error()) } - allocationObj := sdkAllocToBlobberAlloc(sdkAlloc) - err = challengeRequest.VerifyChallenge(challengeObj, allocationObj) if err != nil { updateStats(false) @@ -61,17 +59,31 @@ func challengeHandler(ctx context.Context, r *http.Request) (interface{}, error) return ValidValidationTicket(challengeObj, challengeRequest.ChallengeID, challengeHash) } -func sdkAllocToBlobberAlloc(sdkAlloc *sdk.Allocation) *Allocation { - return &Allocation{ - ID: sdkAlloc.ID, - DataShards: sdkAlloc.DataShards, - ParityShards: sdkAlloc.ParityShards, - Size: sdkAlloc.Size, - Owner: sdkAlloc.Owner, - OwnerPublicKey: sdkAlloc.OwnerPublicKey, - UsedSize: sdkAlloc.Stats.UsedSize, - Expiration: common.Timestamp(sdkAlloc.Expiration), +func requestAllocation(allocID string) (allocation *Allocation, err error) { + var b []byte + b, err = transaction.MakeSCRestAPICall( + transaction.STORAGE_CONTRACT_ADDRESS, + "/allocation", + map[string]string{"allocation": allocID}) + if err != nil { + return + } + sa := new(transaction.StorageAllocation) + err = json.Unmarshal(b, sa) + if err != nil { + return + } + allocation = &Allocation{ + ID: sa.ID, + DataShards: sa.DataShards, + ParityShards: sa.ParityShards, + Size: sa.Size, + Expiration: sa.Expiration, + Owner: sa.OwnerID, + OwnerPublicKey: sa.OwnerPublicKey, + OwnerSigningPublicKey: sa.OwnerSigningPublicKey, } + return } func NewChallengeRequest(r *http.Request) (*ChallengeRequest, string, error) { diff --git a/code/go/0chain.net/validatorcore/storage/models.go b/code/go/0chain.net/validatorcore/storage/models.go index f8b6af7b3..7ec1031b5 100644 --- a/code/go/0chain.net/validatorcore/storage/models.go +++ b/code/go/0chain.net/validatorcore/storage/models.go @@ -59,6 +59,7 @@ type RefMeta struct { FixedMerkleRoot string `json:"fixed_merkle_root"` Size int64 `json:"size"` FileMetaHash string `json:"file_meta_hash"` + SignatureVersion int `json:"signature_version"` } func (rm *RefMeta) GetFileMetaHashData(allocationID string) string { @@ -285,14 +286,15 @@ func (op *ObjectPath) Verify(allocationID string, challengeRand int64) error { } type Allocation struct { - ID string `json:"id"` - DataShards int `json:"data_shards"` - ParityShards int `json:"parity_shards"` - Size int64 `json:"size"` - UsedSize int64 `json:"used_size"` - Expiration common.Timestamp `json:"expiration_date"` - Owner string `json:"owner_id"` - OwnerPublicKey string `json:"owner_public_key"` + ID string `json:"id"` + DataShards int64 `json:"data_shards"` + ParityShards int64 `json:"parity_shards"` + Size int64 `json:"size"` + UsedSize int64 `json:"used_size"` + Expiration common.Timestamp `json:"expiration_date"` + Owner string `json:"owner_id"` + OwnerPublicKey string `json:"owner_public_key"` + OwnerSigningPublicKey string `json:"owner_signing_public_key"` } type ChallengeProof struct { @@ -322,7 +324,7 @@ func (cr *ChallengeRequest) verifyBlockNum(challengeObj *Challenge) error { } func (cr *ChallengeRequest) VerifyChallenge(challengeObj *Challenge, allocationObj *Allocation) error { - logging.Logger.Info("Verifying object path", zap.String("challenge_id", challengeObj.ID), zap.Int64("seed", challengeObj.RandomNumber), zap.Int("storage_version", cr.StorageVersion)) + logging.Logger.Info("Verifying object path", zap.String("challenge_id", challengeObj.ID), zap.Int64("seed", challengeObj.RandomNumber), zap.Int("storage_version", cr.StorageVersion), zap.String("owner_public_key", allocationObj.OwnerPublicKey)) if cr.ObjPath != nil && cr.StorageVersion == 0 { err := cr.ObjPath.Verify(challengeObj.AllocationID, challengeObj.RandomNumber) if err != nil { @@ -343,7 +345,7 @@ func (cr *ChallengeRequest) VerifyChallenge(challengeObj *Challenge, allocationO return common.NewError("write_marker_validation_failed", "Write marker timestamp does not match with challenge timestamp") } for i := 1; i < len(cr.WriteMarkers); i++ { - err = cr.WriteMarkers[i].WM.Verify(allocationObj.ID, cr.WriteMarkers[i].WM.AllocationRoot, cr.WriteMarkers[i].ClientPublicKey) + err = cr.WriteMarkers[i].WM.Verify(allocationObj.ID, cr.WriteMarkers[i].WM.AllocationRoot, allocationObj.OwnerPublicKey) if err != nil { return err } @@ -359,7 +361,7 @@ func (cr *ChallengeRequest) VerifyChallenge(challengeObj *Challenge, allocationO if len(cr.ObjectProof) == 0 && latestWM.ChainSize == 0 { return nil } - err = cr.verifyObjectProof(latestWM, challengeObj.BlobberID, cr.WriteMarkers[len(cr.WriteMarkers)-1].ClientPublicKey, challengeObj.RandomNumber) + err = cr.verifyObjectProof(latestWM, challengeObj.BlobberID, allocationObj.OwnerPublicKey, allocationObj.OwnerSigningPublicKey, challengeObj.RandomNumber) if err != nil { logging.Logger.Error("Failed to verify object proof", zap.String("challenge_id", challengeObj.ID), zap.Error(err)) return err @@ -445,7 +447,7 @@ func (vt *ValidationTicket) Sign() error { return err } -func (cr *ChallengeRequest) verifyObjectProof(latestWM *writemarker.WriteMarker, blobberID, ownerPublicKey string, challengeRand int64) error { +func (cr *ChallengeRequest) verifyObjectProof(latestWM *writemarker.WriteMarker, blobberID, ownerPublicKey, ownerSigningPublicKey string, challengeRand int64) error { if len(cr.ObjectProof) == 0 { return common.NewError("invalid_object_proof", "Object proof is missing") } @@ -481,7 +483,12 @@ func (cr *ChallengeRequest) verifyObjectProof(latestWM *writemarker.WriteMarker, // verify fixed merkle root hashData := fmt.Sprintf("%s:%s:%s:%s", cr.Meta.ActualFileHash, cr.Meta.ValidationRoot, cr.Meta.FixedMerkleRoot, blobberID) validationRootHash := encryption.Hash(hashData) - verify, err := encryption.Verify(ownerPublicKey, cr.Meta.ValidationRootSignature, validationRootHash) + var verify bool + if cr.Meta.SignatureVersion == 1 { + verify, err = encryption.VerifyEd25519(ownerSigningPublicKey, cr.Meta.ValidationRootSignature, validationRootHash) + } else { + verify, err = encryption.Verify(ownerPublicKey, cr.Meta.ValidationRootSignature, validationRootHash) + } if err != nil { logging.Logger.Error("Failed to verify the validation root signature", zap.Error(err), zap.String("validation_root", cr.Meta.ValidationRoot), zap.String("validation_root_signature", cr.Meta.ValidationRootSignature), zap.String("owner_public_key", ownerPublicKey)) return common.NewError("invalid_object_proof", "Failed to verify the validation root signature. "+err.Error()) diff --git a/goose/migrations/1730098482_session_key.sql b/goose/migrations/1730098482_session_key.sql new file mode 100644 index 000000000..9d6f76bd7 --- /dev/null +++ b/goose/migrations/1730098482_session_key.sql @@ -0,0 +1,7 @@ +-- +goose Up +-- +goose StatementBegin +ALTER TABLE allocations ADD COLUMN owner_signing_public_key character varying(512); + +ALTER TABLE reference_objects ADD COLUMN signature_version smallint; + +-- +goose StatementEnd \ No newline at end of file From 2dbc98518c80956c9f392d7464b49b6d5d220fd2 Mon Sep 17 00:00:00 2001 From: hitenjain14 Date: Mon, 28 Oct 2024 16:12:50 +0530 Subject: [PATCH 2/2] fix ut --- code/go/0chain.net/validatorcore/storage/models_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/code/go/0chain.net/validatorcore/storage/models_test.go b/code/go/0chain.net/validatorcore/storage/models_test.go index 221053cdb..149bd1928 100644 --- a/code/go/0chain.net/validatorcore/storage/models_test.go +++ b/code/go/0chain.net/validatorcore/storage/models_test.go @@ -572,6 +572,7 @@ func TestChallengeRequest_VerifyChallenge(t *testing.T) { RandomNumber: int64(1), AllocationID: "2", }, + alloc: &storage.Allocation{}, wantErr: true, wantErrMsg: "Invalid write marker", }, @@ -612,6 +613,7 @@ func TestChallengeRequest_VerifyChallenge(t *testing.T) { RandomNumber: int64(1), AllocationID: "1", }, + alloc: &storage.Allocation{}, wantErr: true, wantErrMsg: "Invalid write marker", },