Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: compare owner and signer of credential on signature verification #674

Merged
merged 10 commits into from
Nov 2, 2022
Merged

feat: compare owner and signer of credential on signature verification #674

merged 10 commits into from
Nov 2, 2022

Conversation

rflechtner
Copy link
Contributor

@rflechtner rflechtner commented Nov 1, 2022
edited
Loading

fixes KILTProtocol/ticket#1773

Checking whether the signer of a credential is (related to) the owner has is so far not happening as part of verifyPresentation.
This adds this feature to verifyDidSignature, which is called by verifyPresentation.

Note: This cherry-picks a commit (01bf6fd) originally included with #675.

How to test:

Unit tests related to that issue did not exist yet. I added these.

Checklist:

  • I have verified that the code works
  • I have verified that the code is easy to understand
    • If not, I have left a well-balanced amount of inline comments
  • I have left the code in a better state
  • I have documented the changes (where applicable)

@rflechtner rflechtner self-assigned this Nov 1, 2022
ntn-x2
ntn-x2 reviewed Nov 1, 2022
View reviewed changes
Copy link
Member

@ntn-x2 ntn-x2 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we maybe move the logic inside the isSameSubject() function? And modify it to perhaps take a checkType flag, which fails if the subject is the same but the DID is of a different type? Flag false would return true if the subject is the same regardless of the type.

Also I don't think we need directionality in the type check, right? If one is light and one is full, it is always an error, so that could simplify the verification logic a bit?

Like signing something with a light DID when a full DID exist is an error, and signing a DID with a full DID that does not exist is also an error.

@rflechtner
Copy link
Contributor Author

Can we maybe move the logic inside the isSameSubject() function? And modify it to perhaps take a checkType flag, which fails if the subject is the same but the DID is of a different type? Flag false would return true if the subject is the same regardless of the type.

Also I don't think we need directionality in the type check, right? If one is light and one is full, it is always an error, so that could simplify the verification logic a bit?

Like signing something with a light DID when a full DID exist is an error, and signing a DID with a full DID that does not exist is also an error.

I was looking into how this interacts with the isSameSubject function but the check we do here seems really specific to credentials. We have a situation here where we want to allow creds owned by a light did to be signed by the corresponding full did, but not the other way around. That implies directionality, which seems out of scope for isSameSubject.
In fact this check is so specific to this use case, that I even decided against having it as a feature on did signature verification more generally.

arty-name
arty-name approved these changes Nov 1, 2022
View reviewed changes
@rflechtner rflechtner changed the title fix: compare owner and signer of credential on signature verification feat: compare owner and signer of credential on signature verification Nov 2, 2022
@rflechtner
Copy link
Contributor Author

I ended up pulling the logic into verifyDidSignature because #675 requires something similar. What do you think, @ntn-x2 ?

@rflechtner rflechtner mentioned this pull request Nov 2, 2022
Merged
5 tasks
arty-name
arty-name reviewed Nov 2, 2022
View reviewed changes
ntn-x2
ntn-x2 approved these changes Nov 2, 2022
View reviewed changes
Copy link
Member

@ntn-x2 ntn-x2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it!

@rflechtner rflechtner merged commit 02d7b37 into develop Nov 2, 2022
@rflechtner rflechtner deleted the fix-verification branch November 2, 2022 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arty-name arty-name arty-name approved these changes

@ntn-x2 ntn-x2 ntn-x2 approved these changes

Assignees

@rflechtner rflechtner

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rflechtner @arty-name @ntn-x2