Skip to content

Commit

Permalink
Minor improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
J3imip committed Dec 10, 2024
1 parent 0789f9d commit b7b63cd
Show file tree
Hide file tree
Showing 11 changed files with 74 additions and 32 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/actions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ jobs:
- name: Run Build
run: |
. $(werf ci-env github --as-file)
werf export service --tag ghcr.io/rarimo/passport-identity-provider:$GITHUB_SHA
werf export service --tag ghcr.io/rarimo/incognito-light-registrator:$GITHUB_SHA
2 changes: 1 addition & 1 deletion .github/workflows/tag.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,4 @@ jobs:
- name: Run Build
run: |
. $(werf ci-env github --as-file)
werf export service --tag ghcr.io/rarimo/passport-identity-provider:$GITHUB_REF_NAME
werf export service --tag ghcr.io/rarimo/incognito-light-registrator:$GITHUB_REF_NAME
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ config.*.yaml
docs/node_modules
docs/web_deploy
vendor/
docker-compose.yml
41 changes: 41 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
version: "3.3"

services:
##
## Integration services
##

ilr-service:
image: incognito-light-registrator
restart: unless-stopped
environment:
KV_VIPER_FILE: /config.yaml
volumes:
- ./config.docker.yaml:/config.yaml
- ./verification_keys:/verification_keys
- ./masterList.dev.pem:/masterList.dev.pem
entrypoint: sh -c "incognito-light-registrator migrate up && incognito-light-registrator run service"
ports:
- "8300:80"
depends_on:
- ilreg_db

##
## Databases
##
ilreg_db:
image: postgres:latest
restart: unless-stopped
environment:
- POSTGRES_USER=ilr
- POSTGRES_PASSWORD=ilr
- POSTGRES_DB=ilr
- PGDATA=/pgdata
volumes:
- ilreg-data:/pgdata
ports:
- 5433:5432


volumes:
ilreg-data:
1 change: 0 additions & 1 deletion docs/spec/components/schemas/DocumentSod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ required:
- signature
- encapsulated_content
- pem_file
- dg15
properties:
hash_algorithm:
type: string
Expand Down
22 changes: 10 additions & 12 deletions internal/assets/migrations/001_initial.sql
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,21 @@ create table document_sod
id BIGSERIAL not null primary key,
created_at timestamp without time zone not null default current_timestamp,
updated_at timestamp without time zone not null default current_timestamp,
dg15 varchar(512) not null, -- base64 encoded
hash_algorithm smallint not null, -- 0 - sha1, 1 - sha256, 2 - sha384, 3 - sha512
signature_algorithm smallint not null, -- 0 - rsa, 1 - rsapss, 2 - ecdsa, 3 - brainpool
signed_attributes varchar(512) not null, -- hex encoded
encapsulated_content varchar(4096) not null, -- hex encoded
signature varchar(4096) not null, -- hex encoded
aa_signature varchar(4096), -- hex encoded
dg15 varchar(512), -- base64 encoded
hash_algorithm smallint not null, -- 0 - sha1, 1 - sha256, 2 - sha384, 3 - sha512
signature_algorithm smallint not null, -- 0 - rsa, 1 - rsapss, 2 - ecdsa, 3 - brainpool
signed_attributes varchar(512) not null, -- hex encoded
encapsulated_content varchar(4096) not null, -- hex encoded
signature varchar(4096) not null, -- hex encoded
aa_signature varchar(4096), -- hex encoded
pem_file varchar(4096) not null,
error_kind smallint, -- 0 - signed attributes validation failed, 1 - PEM file parsing failed, 2 - PEM file validation failed, 3 - signature verification failed
error varchar(1024), -- error message
hash char(64) not null, -- SHA256 hash used for unique constraint {hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, error_kind, error}
unique (hash)
error_kind smallint, -- 0 - signed attributes validation failed, 1 - PEM file parsing failed, 2 - PEM file validation failed, 3 - signature verification failed
error varchar(1024), -- error message
-- We need to ensure that we won't store the same document with the same error multiple times.
-- Perhaps the same document can fail verification with different errors
hash char(64) not null unique -- SHA256 hash used for unique constraint {hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, error_kind, error}
);


-- +migrate Down

drop table document_sod;
4 changes: 2 additions & 2 deletions internal/data/document_sod.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ import (
type DocumentSODQ interface {
New() DocumentSODQ
Get() (*DocumentSOD, error)
Insert(data DocumentSOD) (*DocumentSOD, error)
Upsert(data DocumentSOD) (*DocumentSOD, error)
ResetFilters() DocumentSODQ
}

type DocumentSOD struct {
ID int64 `db:"id" structs:"-"`
CreatedAt time.Time `db:"created_at" structs:"-"`
UpdatedAt time.Time `db:"updated_at" structs:"-"`
DG15 string `db:"dg15" structs:"dg15"`
DG15 *string `db:"dg15" structs:"dg15"`
HashAlgorigthm types.HashAlgorithm `db:"hash_algorithm" structs:"hash_algorithm"`
SignatureAlgorithm types.SignatureAlgorithm `db:"signature_algorithm" structs:"signature_algorithm"`
SignedAttributes string `db:"signed_attributes" structs:"signed_attributes"`
Expand Down
2 changes: 1 addition & 1 deletion internal/data/postgres/document_sod.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func (q *DocumentSODQ) Select() ([]data.DocumentSOD, error) {
return result, err
}

func (q *DocumentSODQ) Insert(value data.DocumentSOD) (*data.DocumentSOD, error) {
func (q *DocumentSODQ) Upsert(value data.DocumentSOD) (*data.DocumentSOD, error) {
var result data.DocumentSOD
clauses := structs.Map(value)
stmt := sq.Insert(documentSODTableName).SetMap(clauses).Suffix(
Expand Down
22 changes: 15 additions & 7 deletions internal/service/api/handlers/register.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ import (
"gitlab.com/distributed_lab/logan/v3/errors"
)

const (
DG1TruncateLength = 31
)

func Register(w http.ResponseWriter, r *http.Request) {
req, err := requests.NewRegisterRequest(r)
if err != nil {
Expand All @@ -47,7 +51,6 @@ func Register(w http.ResponseWriter, r *http.Request) {
}

documentSOD := data.DocumentSOD{
DG15: truncateHexPrefix(req.Data.Attributes.DocumentSod.Dg15),
HashAlgorigthm: algorithmPair.HashAlgorithm,
SignatureAlgorithm: algorithmPair.SignatureAlgorithm,
SignedAttributes: truncateHexPrefix(req.Data.Attributes.DocumentSod.SignedAttributes),
Expand All @@ -63,6 +66,11 @@ func Register(w http.ResponseWriter, r *http.Request) {
documentSOD.AaSignature = &truncatedAaSignature
}

if req.Data.Attributes.DocumentSod.Dg15 != nil {
truncatedDg15 := truncateHexPrefix(*req.Data.Attributes.DocumentSod.Dg15)
documentSOD.DG15 = &truncatedDg15
}

var response *resources.SignatureResponse
var jsonError []*jsonapi.ErrorObject

Expand All @@ -83,7 +91,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
resultHash.Write([]byte(message))
documentSOD.Hash = hex.EncodeToString(resultHash.Sum(nil))

if _, err := api.DocumentSODQ(r).Insert(documentSOD); err != nil {
if _, err := api.DocumentSODQ(r).Upsert(documentSOD); err != nil {
api.Log(r).WithError(err).Error("failed to insert document SOD")
ape.RenderErr(w, problems.InternalError())
return
Expand Down Expand Up @@ -114,7 +122,7 @@ func Register(w http.ResponseWriter, r *http.Request) {

if err := verifier.VerifyGroth16(
req.Data.Attributes.ZkProof,
cfg.VerificationKeys[types.SHA256],
cfg.VerificationKeys[algorithmPair.HashAlgorithm],
); err != nil {
log.WithError(err).Error("failed to verify zk proof")
jsonError = problems.BadRequest(validation.Errors{
Expand Down Expand Up @@ -183,12 +191,12 @@ func Register(w http.ResponseWriter, r *http.Request) {
}

dg1Truncated := dg1
if len(dg1) > 31 {
// Since circuit is using 31 bits of dg1, we need to truncate it to last 31 bytes
dg1Truncated = dg1[len(dg1)-31:]
if len(dg1) > DG1TruncateLength {
// Since circuit is using DG1TruncateLength bytes of dg1, we need to truncate it to first DG1TruncateLength bytes
dg1Truncated = dg1[len(dg1)-DG1TruncateLength:]
}

if !bytes.Equal(dg1Truncated, proofDg1Decimal.Bytes()) {
if !bytes.Equal(dg1Truncated, proofDg1Decimal.FillBytes(make([]byte, DG1TruncateLength))) {
log.Error("proof contains foreign data group 1")
jsonError = problems.BadRequest(validation.Errors{
"zk_proof": errors.New("proof contains foreign data group 1"),
Expand Down
7 changes: 1 addition & 6 deletions internal/types/signature_algorithm.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"crypto"
"crypto/ecdsa"
"crypto/rsa"
"fmt"
"hash"

"github.com/rarimo/passport-identity-provider/internal/algorithms"
Expand Down Expand Up @@ -44,14 +43,10 @@ func GeneralVerify(publicKey interface{}, hash []byte, signature []byte, algo Al
if !ok {
return ErrInvalidPublicKey{Expected: algo.SignatureAlgorithm}
}

if err := algorithms.VerifyECDSA(hash, signature, ecdsaKey); err != nil {
return fmt.Errorf("failed to verify ECDSA signature with curve %s: %w", ecdsaKey.Curve.Params().Name, err)
}
return algorithms.VerifyECDSA(hash, signature, ecdsaKey)
default:
return errors.New("unsupported signature algorithm")
}
return nil
}

func GeneralHash(algorithm HashAlgorithm) hash.Hash {
Expand Down
2 changes: 1 addition & 1 deletion resources/model_document_sod.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ type DocumentSod struct {
// The active authentication signature
AaSignature *string `json:"aa_signature,omitempty"`
// The Data Group 15, hex string
Dg15 string `json:"dg15"`
Dg15 *string `json:"dg15,omitempty"`
// The encapsulated content, for e.g. 186 bytes-long hex string
EncapsulatedContent string `json:"encapsulated_content"`
// The hash algorithm used to hash the content
Expand Down

0 comments on commit b7b63cd

Please sign in to comment.