Enable multiple policies type #129
Conversation
cendhu
force-pushed
the
integrate-bundle
branch
9 times, most recently
from
67d33d2 to
28bd138
Compare
api/protoblocktx/block_tx.proto
Outdated
| // A list of signature sets. | ||
| // IMPORTANT: This list MUST be the same size as the namespaces list. | ||
| // The SignatureSet at index i corresponds to the namespace at index i. | ||
| repeated SignatureSet signature_sets = 2; |
There was a problem hiding this comment.
nit: I suggest renaming the field to endorsements and the message to EndorsementSet.
| repeated SignatureSet signature_sets = 2; | |
| repeated EndorsementSet endorsements = 2; |
api/protoblocktx/block_tx.proto
Outdated
| // in the transaction's namespaces list. | ||
| message SignatureSet { | ||
| // The list of individual signatures for the corresponding namespace. | ||
| repeated SignatureWithIdentity signatures_with_identity = 1; |
There was a problem hiding this comment.
nit: I suggest renaming
| repeated SignatureWithIdentity signatures_with_identity = 1; | |
| repeated EndorsementWithIdentity endorsements_with_identity = 1; |
api/protoblocktx/block_tx.proto
Outdated
| // The actual cryptographic signature bytes. | ||
| bytes signature = 1; |
There was a problem hiding this comment.
nit: I suggest renaming
| // The actual cryptographic signature bytes. | |
| bytes signature = 1; | |
| // The actual cryptographic signature bytes. | |
| bytes endorsement = 1; |
|
|
||
| message Identity { | ||
| // The identifier of the associated membership service provider | ||
| string msp_id = 1; |
There was a problem hiding this comment.
minor: Is this field necessary? Can't we infer the MSP from the certificate's issuing CA?
| message NamespacePolicy { | ||
| string scheme = 1; // The scheme for signature verification. | ||
| bytes public_key = 2; // The public key for signature verification. | ||
| string scheme = 1; // The scheme for signature verification. | ||
| bytes policy = 2; // The policy rule. | ||
| PolicyType type = 3; // The type of policy used. | ||
| } |
There was a problem hiding this comment.
minor: The scheme field is not needed for all rules. Only for THRESHOLD_RULE.
We should have a sub message:
message ThresholdPolicy {
string scheme = 1; // The scheme for signature verification.
bytes public_key = 2; // The public key for signature verification.
}Then, this message will be modified as follows:
message NamespacePolicy {
PolicyType type = 1; // The type of policy used.
bytes policy = 2; // The policy rule.
}Alternatively, we can define a different THRESHOLD_RULE per schema: THRESHOLD_ECDSA_RULE, THRESHOLD_BLS_RULE, etc...
In addition, we can also have NONE_RULE for no verification.
service/sidecar/test_exports.go
Outdated
| Namespaces: validTxNamespaces, | ||
| SignatureSets: make([]*protoblocktx.SignatureSet, 2), // Too many signatures. |
There was a problem hiding this comment.
Why did this PR removes the test case of "Not enough signatures."?
| if v.thresholdVerifier == nil { | ||
| return nil | ||
| } | ||
| digest, err := DigestTxNamespace(txID, tx.Namespaces[nsIndex]) |
There was a problem hiding this comment.
nit: To align all the verifiers, I suggest using ASN1MarshalTxNamespace(txID, tx.Namespaces[nsIndex]) and digesting inside the "thresholdVerifier".
Additionally, our THRESHOLD verifiers can also use protoutil.SignedData{}, where the identity is pre-fixed.
api/protoblocktx/block_tx.proto
Outdated
| // A policy that implicitly aggregates the results of policies defined at a lower | ||
| // level in the configuration hierarchy. For example, a MAJORITY rule on the | ||
| // Admins policies of all member organizations. | ||
| HIERARCHICAL_RULE = 2; |
There was a problem hiding this comment.
I'm not sure that implicit meta requires its own category. The policy type is encoded in the policy bytes.
We can have a single rule. E.g., MSP_POLICY_RULE.
cendhu
force-pushed
the
integrate-bundle
branch
2 times, most recently
from
7a06098 to
c357994
Compare
cendhu
force-pushed
the
integrate-bundle
branch
2 times, most recently
from
52ef263 to
c357994
Compare
This commit updates the proto messages to define policy using various rules such as threshold, signature, and hierarchical. Signed-off-by: Senthil Nathan N <[email protected]>
cendhu
force-pushed
the
integrate-bundle
branch
from
c357994 to
3535672
Compare
Type of change
Description
This commit updates the proto messages to define policy using various rules such as threshold, signature, and hierarchical. Further, it integrates the signature rules with the verifier component.
Related issues