public async Task <IActionResult> SignPersonFaceVerification([FromBody] BiometricPersonDataForSignatureDto biometricPersonData)
{
byte[] imageSource = Convert.FromBase64String(biometricPersonData.ImageSource);
byte[] imageTarget = Convert.FromBase64String(biometricPersonData.ImageTarget);
byte[] assetId = await _assetsService.GenerateAssetId(AttributesSchemes.ATTR_SCHEME_NAME_PASSPORTPHOTO, biometricPersonData.ImageSource, null).ConfigureAwait(false);
byte[] sourceImageCommitment = biometricPersonData.SourceImageCommitment.HexStringToByteArray();
SurjectionProof surjectionProof = new SurjectionProof
{
AssetCommitments = new byte[][] { biometricPersonData.SourceImageProofCommitment.HexStringToByteArray() },
Rs = new BorromeanRingSignature
{
E = biometricPersonData.SourceImageProofSignatureE.HexStringToByteArray(),
S = new byte[][] { biometricPersonData.SourceImageProofSignatureS.HexStringToByteArray() }
}
};
if (!ConfidentialAssetsHelper.VerifyIssuanceSurjectionProof(surjectionProof, sourceImageCommitment, new byte[][] { assetId }))
{
return(BadRequest("Surjection proofs validation failed"));
}
//byte[] auxBytes = null; // Convert.FromBase64String(biometricPersonData.AuxMessage);
//byte[] msg = new byte[sourceImageCommitment.Length + auxBytes?.Length ?? 0];
//Array.Copy(sourceImageCommitment, 0, msg, 0, sourceImageCommitment.Length);
//if ((auxBytes?.Length ?? 0) > 0)
//{
// Array.Copy(auxBytes, 0, msg, sourceImageCommitment.Length, auxBytes.Length);
//}
bool res = await _facesService.VerifyFaces(imageSource, imageTarget).ConfigureAwait(false);
if (res)
{
Tuple <byte[], byte[]> signRes = _facesService.Sign(sourceImageCommitment);
return(Ok(new BiometricSignedVerificationDto {
PublicKey = signRes.Item1.ToHexString(), Signature = signRes.Item2.ToHexString()
}));
}
return(BadRequest());
}
public RelationProofsValidationResults VerifyRelationProofs(GroupsRelationsProofs relationsProofs, IUtxoClientCryptoService clientCryptoService)
{
//TODO: need to add eligibility proofs
RelationProofsValidationResults validationResults = new RelationProofsValidationResults();
clientCryptoService.DecodeEcdhTuple(relationsProofs.EcdhTuple, relationsProofs.TransactionPublicKey, out byte[] sessionKey, out byte[] imageHash);
RelationProofSession proofSession = _gatewayService.PopRelationProofSession(sessionKey.ToHexString());
byte[] image = Convert.FromBase64String(proofSession.ImageContent);
validationResults.ImageContent = proofSession.ImageContent;
byte[] imageHashFromSession = ConfidentialAssetsHelper.FastHash256(image);
validationResults.IsImageCorrect = imageHashFromSession.Equals32(imageHash);
foreach (var relationEntry in proofSession.RelationEntries)
{
bool isRelationContentMatching = false;
foreach (var relationProof in relationsProofs.RelationProofs)
{
byte[] registrationCommitment = relationProof.RelationProof.AssetCommitments[0];
byte[] groupNameCommitment = _gatewayService.GetEmployeeRecordGroup(relationProof.GroupOwner, registrationCommitment);
bool isRelationProofCorrect = groupNameCommitment != null?ConfidentialAssetsHelper.VerifySurjectionProof(relationProof.RelationProof, relationsProofs.AssetCommitment) : false;
if (isRelationProofCorrect)
{
byte[] relationAssetId = _assetsService.GenerateAssetId(AttributeType.EmployeeGroup, relationProof.GroupOwner.ToHexString() + relationEntry.RelatedAssetName);
if (ConfidentialAssetsHelper.VerifyIssuanceSurjectionProof(relationProof.GroupNameProof, groupNameCommitment, new byte[][] { relationAssetId }))
{
isRelationContentMatching = true;
break;
}
}
}
validationResults.ValidationResults.Add(new RelationProofValidationResult {
RelatedAttributeOwner = relationEntry.RelatedAssetOwnerName, RelatedAttributeContent = relationEntry.RelatedAssetName, IsRelationCorrect = isRelationContentMatching
});
}
return(validationResults);
}
public SignedEcCommitment GenerateDerivedCommitment(long pollId, SelectionCommitmentRequest request)
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
EcPollRecord poll = _dataAccessService.GetEcPoll(pollId);
byte[][] assetIds = poll.Candidates.Select(c => c.AssetId.HexStringToByteArray()).ToArray();
bool res1 = ConfidentialAssetsHelper.VerifySurjectionProof(request.CandidateCommitmentProofs, request.Commitment);
if (!res1)
{
throw new ArgumentException("Verification to candidate commitments failed");
}
foreach (var candidateCommitment in request.CandidateCommitments)
{
bool res2 = ConfidentialAssetsHelper.VerifyIssuanceSurjectionProof(candidateCommitment.IssuanceProof, candidateCommitment.Commitment, assetIds);
if (!res2)
{
throw new ArgumentException($"Verification of candidate's {candidateCommitment.Commitment.ToHexString()} issuance proof failed");
}
}
byte[] ecBlindingFactor = ConfidentialAssetsHelper.GetRandomSeed();
byte[] ecCommitment = ConfidentialAssetsHelper.BlindAssetCommitment(request.Commitment, ecBlindingFactor);
_dataAccessService.AddPollSelection(pollId, ecCommitment.ToHexString(), ecBlindingFactor.ToHexString());
var persistency = _executionContextManager.ResolveStateExecutionServices(poll.AccountId);
var signature = persistency.ClientCryptoService.Sign(ecCommitment);
return(new SignedEcCommitment
{
EcCommitment = ecCommitment,
Signature = signature
});
}
private void ProcessEmployeeRegistrationRequest(EmployeeRegistrationRequest packet)
{
_clientCryptoService.DecodeEcdhTuple(packet.EcdhTuple, packet.TransactionPublicKey, out byte[] blindingFactor, out byte[] assetId, out byte[] issuer, out byte[] payload);
string sessionKey = payload.ToHexString();
List <SpEmployee> spEmployees = _dataAccessService.GetSpEmployees(_accountId, assetId.ToHexString());
bool categoryFound = false;
bool alreadyRegistered = false;
bool categoryProofsCorrect = false;
ulong relationId = 0;
foreach (SpEmployee item in spEmployees)
{
if (item.SpEmployeeGroup != null)
{
categoryFound = true;
}
else
{
continue;
}
if (!string.IsNullOrEmpty(item.RegistrationCommitment) && item.RegistrationCommitment.Equals(packet.AssetCommitment.ToHexString()))
{
alreadyRegistered = true;
break;
}
byte[] groupAssetId = _assetsService.GenerateAssetId(AttributeType.EmployeeGroup, _clientCryptoService.PublicKeys[0].ArraySegment.Array.ToHexString() + item.SpEmployeeGroup.GroupName);
if (ConfidentialAssetsHelper.VerifyIssuanceSurjectionProof(packet.GroupSurjectionProof, packet.GroupCommitment, new byte[][] { groupAssetId }))
{
categoryProofsCorrect = true;
relationId = item.SpEmployeeId;
break;
}
}
if (!categoryFound)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushEmployeeNotRegistered");
return;
}
if (alreadyRegistered)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushRelationAlreadyRegistered");
return;
}
if (!categoryProofsCorrect)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushEmployeeIncorrectRegistration", new { Code = 3, Message = "Group proofs were wrong" });
return;
}
AttributeType attributeType = _assetsService.GetAttributeType(assetId);
bool isEligibilityCorrect = CheckEligibilityProofs(packet.AssetCommitment, packet.EligibilityProof, issuer);
if (!isEligibilityCorrect)
{
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushEmployeeIncorrectRegistration", new { Code = 2, Message = "Eligibility proofs were wrong" }).Wait();
return;
}
IEnumerable <SpIdenitityValidation> spIdenitityValidations = _dataAccessService.GetSpIdenitityValidations(_accountId);
if (!CheckSpIdentityValidations(packet.AssetCommitment, packet.AssociatedProofs, spIdenitityValidations, sessionKey))
{
return;
}
_dataAccessService.SetSpEmployeeRegistrationCommitment(_accountId, relationId, packet.AssetCommitment.ToHexString());
_transactionsService.IssueEmployeeRecord(packet.AssetCommitment, packet.GroupCommitment);
_idenitiesHubContext.Clients.Group(_accountId.ToString(CultureInfo.InvariantCulture)).SendAsync("PushEmployeeUpdate", new EmployeeDto {
AssetId = assetId.ToHexString(), RegistrationCommitment = packet.AssetCommitment.ToHexString()
});
_idenitiesHubContext.Clients.Group(sessionKey).SendAsync("PushEmployeeRegistration", new { Commitment = packet.AssetCommitment.ToHexString() });
}
private async Task CheckAssociatedProof(Memory <byte> rootCommitment, IEnumerable <AttributesByIssuer> associatedAttributes, string schemeName)
{
AttributesByIssuer associatedAttributesForCheck = associatedAttributes.FirstOrDefault(c => c.RootAttribute.SchemeName == schemeName || c.Attributes.Any(a => a.SchemeName == schemeName));
if (associatedAttributesForCheck == null)
{
throw new ValidationProofsWereNotCompleteException(schemeName);
}
//_logger.LogIfDebug(() => $"{nameof(CheckAssociatedProof)}: \r\n{nameof(rootCommitment)}={rootCommitment.ToHexString()}, \r\n{nameof(associatedRootAttribute)}={{0}}");
bool proofToRoot = ConfidentialAssetsHelper.VerifySurjectionProof(associatedAttributesForCheck.RootAttribute.BindingProof, rootCommitment.Span);
if (!proofToRoot)
{
_logger.Error("Proof of binding to Root failed");
throw new ValidationProofFailedException(schemeName);
}
AttributeProofs attributeForCheck;
if (schemeName == associatedAttributesForCheck.RootAttribute.SchemeName)
{
attributeForCheck = associatedAttributesForCheck.RootAttribute;
if (attributeForCheck == null)
{
throw new ValidationProofsWereNotCompleteException(schemeName);
}
}
else
{
attributeForCheck = associatedAttributesForCheck.Attributes.FirstOrDefault(a => a.SchemeName == schemeName);
if (attributeForCheck == null)
{
throw new ValidationProofsWereNotCompleteException(schemeName);
}
// Check binding to the Root Attribute
bool proofToAssociatedRoot = ConfidentialAssetsHelper.VerifySurjectionProof(attributeForCheck.BindingProof, associatedAttributesForCheck.RootAttribute.Commitment.Value.Span);
if (!proofToAssociatedRoot)
{
_logger.Error("Proof of binding to Associated Root failed");
throw new ValidationProofFailedException(schemeName);
}
}
if (attributeForCheck.CommitmentProof.Values?.Any() ?? false)
{
long schemeId = await _assetsService.GetSchemeId(schemeName, associatedAttributesForCheck.Issuer.ToString()).ConfigureAwait(false);
byte[][] assetIds = attributeForCheck.CommitmentProof.Values.Select(v => _assetsService.GenerateAssetId(schemeId, v)).ToArray();
bool proofOfValue = ConfidentialAssetsHelper.VerifyIssuanceSurjectionProof(attributeForCheck.CommitmentProof.SurjectionProof, attributeForCheck.Commitment.Value.Span, assetIds);
if (!proofOfValue)
{
_logger.Error("Proof of value failed");
throw new ValidationProofFailedException(schemeName);
}
}
else
{
bool proofOfValueKnowledge = ConfidentialAssetsHelper.VerifySurjectionProof(attributeForCheck.CommitmentProof.SurjectionProof, attributeForCheck.Commitment.Value.Span);
if (!proofOfValueKnowledge)
{
_logger.Error("Proof of value knowledge failed");
throw new ValidationProofFailedException(schemeName);
}
}
}
