Revert "[FABJ-394] Signature-based whitelisting"

This reverts commit 5f3a0c4.

Reason for revert: breaks merge build

Change-Id: Ida7dd1a35c41d1c5aac3060c79fdb06b8decf165
Signed-off-by: Andrew Coleman <andrew_coleman@uk.ibm.com>

src/main/java/org/hyperledger/fabric/sdk/idemix/IdemixCredRequest.java

@@ -18,6 +18,7 @@
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Base64;
 

src/main/java/org/hyperledger/fabric/sdk/idemix/IdemixSignature.java

@@ -120,24 +120,18 @@ public IdemixSignature(IdemixCredential c, BIG sk, IdemixPseudonym pseudonym, Id
             rAttrs[i] = IdemixUtils.randModOrder(rng);
         }
 
-        // Compute revocation contribution
-        RevocationProver prover = RevocationProver.getProver(revocationAlgorithm);
+        // Compute non-revoked proof
+        NonRevocationProver prover = NonRevocationProver.getNonRevocationProver(revocationAlgorithm);
         int hiddenRHIndex = Ints.indexOf(hiddenIndices, rhIndex);
         if (hiddenRHIndex < 0) {
             // rhIndex is not present, set to last index position
             hiddenRHIndex = hiddenIndices.length;
         }
-        byte[] revocationFSContribution = prover.getFSContribution(
-                BIG.fromBytes(c.getAttrs()[rhIndex]),
-                rAttrs[hiddenRHIndex],
-                cri
-        );
-        if (revocationFSContribution == null) {
+        byte[] nonRevokedProofHashData = prover.getFSContribution(BIG.fromBytes(c.getAttrs()[rhIndex]), rAttrs[hiddenRHIndex], cri);
+        if (nonRevokedProofHashData == null) {
             throw new RuntimeException("Failed to compute non-revoked proof");
         }
 
-//        System.out.println(Arrays.toString(revocationFSContribution));
-
         ECP t1 = aPrime.mul2(re, ipk.getHRand(), rR2);
         ECP t2 = PAIR.G1mul(ipk.getHRand(), rSPrime);
         t2.add(bPrime.mul2(rR3, ipk.getHsk(), rsk));
@@ -162,7 +156,6 @@ public IdemixSignature(IdemixCredential c, BIG sk, IdemixPseudonym pseudonym, Id
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(aBar));
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(bPrime));
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(pseudonym.getNym()));
-        proofData = IdemixUtils.append(proofData, revocationFSContribution);
         proofData = IdemixUtils.append(proofData, ipk.getHash());
         proofData = IdemixUtils.append(proofData, disclosure);
         proofData = IdemixUtils.append(proofData, msg);
@@ -270,6 +263,12 @@ public boolean verify(boolean[] disclosure, IdemixIssuerPublicKey ipk, byte[] ms
             throw new IllegalArgumentException("Attribute " + rhIndex + " is disclosed but also used a revocation handle attribute, which should remain hidden");
         }
 
+        // Verify EpochPK
+        if (!RevocationAuthority.verifyEpochPK(revPk, this.revocationPk, this.revocationPKSig, epoch, revocationAlgorithm)) {
+            // Signature is based on an invalid revocation epoch public key
+            return false;
+        }
+
         FP12 temp1 = PAIR.ate(ipk.getW(), aPrime);
         FP12 temp2 = PAIR.ate(IdemixUtils.genG2, aBar);
         temp2.inverse();
@@ -307,19 +306,18 @@ public boolean verify(boolean[] disclosure, IdemixIssuerPublicKey ipk, byte[] ms
         ECP t3 = ipk.getHsk().mul2(proofSSk, ipk.getHRand(), proofSRNym);
         t3.sub(nym.mul(proofC));
 
-        // Involve the revocation verifier
-        RevocationVerifier revocationVerifier = RevocationVerifier.getVerifier(revocationAlgorithm);
+        // Check with non-revoked-verifier
+        NonRevocationVerifier nonRevokedVerifier = NonRevocationVerifier.getNonRevocationVerifier(revocationAlgorithm);
         int hiddenRHIndex = Ints.indexOf(hiddenIndices, rhIndex);
         if (hiddenRHIndex < 0) {
             // rhIndex is not present, set to last index position
             hiddenRHIndex = hiddenIndices.length;
         }
         BIG proofSRh = proofSAttrs[hiddenRHIndex];
-        byte[] revocationFSContribution = revocationVerifier.recomputeFSContribution(this.nonRevocationProof, proofC, IdemixUtils.transformFromProto(this.revocationPk), proofSRh);
-        if (revocationFSContribution == null) {
+        byte[] nonRevokedProofBytes = nonRevokedVerifier.recomputeFSContribution(this.nonRevocationProof, proofC, IdemixUtils.transformFromProto(this.revocationPk), proofSRh);
+        if (nonRevokedProofBytes == null) {
             return false;
         }
-//        System.out.println(Arrays.toString(revocationFSContribution));
 
         // create proofData such that it can contain the sign label, 7 elements in G1 (each of size 2*FIELD_BYTES+1),
         // the ipk hash, the disclosure array, and the message
@@ -332,7 +330,6 @@ public boolean verify(boolean[] disclosure, IdemixIssuerPublicKey ipk, byte[] ms
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(aBar));
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(bPrime));
         proofData = IdemixUtils.append(proofData, IdemixUtils.ecpToBytes(nym));
-        proofData = IdemixUtils.append(proofData, revocationFSContribution);
         proofData = IdemixUtils.append(proofData, ipk.getHash());
         proofData = IdemixUtils.append(proofData, disclosure);
         proofData = IdemixUtils.append(proofData, msg);
@@ -344,21 +341,7 @@ public boolean verify(boolean[] disclosure, IdemixIssuerPublicKey ipk, byte[] ms
         finalProofData = IdemixUtils.append(finalProofData, IdemixUtils.bigToBytes(nonce));
 
         byte[] hashedProofData = IdemixUtils.bigToBytes(IdemixUtils.hashModOrder(finalProofData));
-        if (!Arrays.equals(IdemixUtils.bigToBytes(proofC), hashedProofData)) {
-//            System.out.println("invalid proof");
-            return false;
-        }
-
-        // Check revocation
-        // - Epoch
-        if (this.epoch != epoch) {
-//            System.out.println("different epoch");
-            return false;
-        }
-
-        // - EpochPk
-        RevocationAuthority ra = new RevocationAuthority(revPk);
-        return ra.verifyEpochPK(this.revocationPk, this.revocationPKSig, epoch, revocationAlgorithm);
+        return Arrays.equals(IdemixUtils.bigToBytes(proofC), hashedProofData);
     }
 
     /**

src/main/java/org/hyperledger/fabric/sdk/idemix/IdemixUtils.java

@@ -19,6 +19,8 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.List;
 
 import com.google.protobuf.ByteString;
 import org.apache.milagro.amcl.FP256BN.BIG;
@@ -150,9 +152,6 @@ static byte[] ecpToBytes(ECP2 e) {
      * @return a new byte[] of data + toAppend
      */
     static byte[] append(byte[] data, byte[] toAppend) {
-        if (toAppend.length == 0) {
-            return data;
-        }
 
         ByteArrayOutputStream stream = new ByteArrayOutputStream();
         try {

src/main/java/org/hyperledger/fabric/sdk/idemix/RevocationProver.java → src/main/java/org/hyperledger/fabric/sdk/idemix/NonRevocationProver.java

@@ -19,26 +19,24 @@
 import org.hyperledger.fabric.protos.idemix.Idemix;
 
 /**
- * A RevocationProver is a prover that can prove that an identity mixer credential is not revoked.
- * For every RevocationAlgorithm, there will be an instantiation of RevocationProver.
+ * A NonRevocationProver is a prover that can prove that an identity mixer credential is not revoked.
+ * For every RevocationAlgorithm, there will be an instantiation of NonRevocationProver.
  */
-interface RevocationProver {
+interface NonRevocationProver {
 
     /**
      * This method provides a concrete non-revocation for a given Revocation algorithm
      *
      * @param algorithm Revocation mechanism to use
-     * @return A concrete RevocationProver for the given revocation mechanism
+     * @return A concrete NonRevocationProver for the given revocation mechanism
      */
-    static RevocationProver getProver(RevocationAlgorithm algorithm) {
+    static NonRevocationProver getNonRevocationProver(RevocationAlgorithm algorithm) {
         if (algorithm == null) {
             throw new IllegalArgumentException("Revocation algorithm cannot be null");
         }
         switch (algorithm) {
             case ALG_NO_REVOCATION:
-                return new NopRevocationProver();
-            case ALG_PLAIN_SIGNATURE:
-                return new PlainSigRevocationProver();
+                return new NopNonRevocationProver();
             default:
                 // Revocation algorithm not supported
                 throw new IllegalArgumentException("Revocation algorithm " + algorithm.name() + " not supported");

src/main/java/org/hyperledger/fabric/sdk/idemix/RevocationVerifier.java → src/main/java/org/hyperledger/fabric/sdk/idemix/NonRevocationVerifier.java

@@ -21,25 +21,23 @@
 import org.hyperledger.fabric.protos.idemix.Idemix;
 
 /**
- * A RevocationProver is a prover that can prove that an identity mixer credential is not revoked.
- * For every RevocationAlgorithm, there will be an instantiation of RevocationProver.
+ * A NonRevocationProver is a prover that can prove that an identity mixer credential is not revoked.
+ * For every RevocationAlgorithm, there will be an instantiation of NonRevocationProver.
  */
-interface RevocationVerifier {
+interface NonRevocationVerifier {
     /**
      * This method provides a non-revocation verifier depending on the Revocation algorithm
      *
      * @param algorithm Revocation mechanism to use
-     * @return RevocationVerifier or null if not allowed
+     * @return NonRevocationVerifier or null if not allowed
      */
-    static RevocationVerifier getVerifier(RevocationAlgorithm algorithm) {
+    static NonRevocationVerifier getNonRevocationVerifier(RevocationAlgorithm algorithm) {
         if (algorithm == null) {
             throw new IllegalArgumentException("Revocation algorithm cannot be null");
         }
         switch (algorithm) {
             case ALG_NO_REVOCATION:
-                return new NopRevocationVerifier();
-            case ALG_PLAIN_SIGNATURE:
-                return new PlainSignRevocationVerifier();
+                return new NopNonRevocationVerifier();
             default:
                 // Revocation algorithm not supported
                 throw new Error("Revocation algorithm " + algorithm.name() + " not supported");

src/main/java/org/hyperledger/fabric/sdk/idemix/NopRevocationProver.java → src/main/java/org/hyperledger/fabric/sdk/idemix/NopNonRevocationProver.java

@@ -19,9 +19,9 @@
 import org.hyperledger.fabric.protos.idemix.Idemix;
 
 /**
- * NopRevocationProver is a concrete RevocationProver for RevocationAlgorithm "ALG_NO_REVOCATION"
+ * NopNonRevocationProver is a concrete NonRevocationProver for RevocationAlgorithm "ALG_NO_REVOCATION"
  */
-class NopRevocationProver implements RevocationProver {
+class NopNonRevocationProver implements NonRevocationProver {
     private final byte[] empty = new byte[0];
 
     public byte[] getFSContribution(BIG rh, BIG rRh, Idemix.CredentialRevocationInformation cri) {

src/main/java/org/hyperledger/fabric/sdk/idemix/NopRevocationVerifier.java → src/main/java/org/hyperledger/fabric/sdk/idemix/NopNonRevocationVerifier.java

@@ -20,11 +20,10 @@
 import org.hyperledger.fabric.protos.idemix.Idemix;
 
 /**
- * NopRevocationVerifier is a concrete RevocationVerifier for RevocationAlgorithm "ALG_NO_REVOCATION"
+ * NopNonRevocationVerifier is a concrete NonRevocationVerifier for RevocationAlgorithm "ALG_NO_REVOCATION"
  */
-class NopRevocationVerifier implements RevocationVerifier {
+class NopNonRevocationVerifier implements NonRevocationVerifier {
     private final byte[] empty = new byte[0];
-
     public byte[] recomputeFSContribution(Idemix.NonRevocationProof proof, BIG challenge, ECP2 epochPK, BIG proofSRh) {
         return empty;
     }