diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 21273b993..643e2304f 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -15,6 +15,7 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi - [crypto] [\#5214] Change `GenPrivKeySecp256k1` to `GenPrivKeyFromSecret` to be consistent with other keys - [state] [\#5191](https://github.com/tendermint/tendermint/pull/5191) Add `State.InitialHeight` field to record initial block height, must be `1` (not `0`) to start from 1 (@erikgrinaker) - [state] `LoadStateFromDBOrGenesisFile()` and `LoadStateFromDBOrGenesisDoc()` no longer saves the state in the database if not found, the genesis state is simply returned (@erikgrinaker) + - [crypto] \#5236 `VerifyBytes` is now `VerifySignature` on the `crypto.PubKey` interface. ### FEATURES: diff --git a/consensus/state.go b/consensus/state.go index 29662a890..b1c64f9a4 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -1708,7 +1708,9 @@ func (cs *State) defaultSetProposal(proposal *types.Proposal) error { p := proposal.ToProto() // Verify signature - if !cs.Validators.GetProposer().PubKey.VerifyBytes(types.ProposalSignBytes(cs.state.ChainID, p), proposal.Signature) { + if !cs.Validators.GetProposer().PubKey.VerifySignature( + types.ProposalSignBytes(cs.state.ChainID, p), proposal.Signature, + ) { return ErrInvalidProposalSignature } diff --git a/crypto/crypto.go b/crypto/crypto.go index 765632f71..9a341f9ac 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -22,7 +22,7 @@ func AddressHash(bz []byte) Address { type PubKey interface { Address() Address Bytes() []byte - VerifyBytes(msg []byte, sig []byte) bool + VerifySignature(msg []byte, sig []byte) bool Equals(PubKey) bool Type() string } diff --git a/crypto/ed25519/ed25519.go b/crypto/ed25519/ed25519.go index 19bb3f062..b7318043a 100644 --- a/crypto/ed25519/ed25519.go +++ b/crypto/ed25519/ed25519.go @@ -145,7 +145,7 @@ func (pubKey PubKey) Bytes() []byte { return []byte(pubKey) } -func (pubKey PubKey) VerifyBytes(msg []byte, sig []byte) bool { +func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool { // make sure we use the same algorithm to sign if len(sig) != SignatureSize { return false diff --git a/crypto/ed25519/ed25519_test.go b/crypto/ed25519/ed25519_test.go index 6fe2c0946..8c48847c0 100644 --- a/crypto/ed25519/ed25519_test.go +++ b/crypto/ed25519/ed25519_test.go @@ -20,11 +20,11 @@ func TestSignAndValidateEd25519(t *testing.T) { require.Nil(t, err) // Test the signature - assert.True(t, pubKey.VerifyBytes(msg, sig)) + assert.True(t, pubKey.VerifySignature(msg, sig)) // Mutate the signature, just one bit. // TODO: Replace this with a much better fuzzer, tendermint/ed25519/issues/10 sig[7] ^= byte(0x01) - assert.False(t, pubKey.VerifyBytes(msg, sig)) + assert.False(t, pubKey.VerifySignature(msg, sig)) } diff --git a/crypto/internal/benchmarking/bench.go b/crypto/internal/benchmarking/bench.go index c325462a1..b74b901db 100644 --- a/crypto/internal/benchmarking/bench.go +++ b/crypto/internal/benchmarking/bench.go @@ -57,7 +57,7 @@ func BenchmarkVerification(b *testing.B, priv crypto.PrivKey) { } b.ResetTimer() for i := 0; i < b.N; i++ { - pub.VerifyBytes(message, signature) + pub.VerifySignature(message, signature) } } diff --git a/crypto/secp256k1/secp256k1_cgo.go b/crypto/secp256k1/secp256k1_cgo.go index 844e40e84..e44899fb5 100644 --- a/crypto/secp256k1/secp256k1_cgo.go +++ b/crypto/secp256k1/secp256k1_cgo.go @@ -18,6 +18,6 @@ func (privKey PrivKey) Sign(msg []byte) ([]byte, error) { return rs, nil } -func (pubKey PubKey) VerifyBytes(msg []byte, sig []byte) bool { +func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool { return secp256k1.VerifySignature(pubKey[:], crypto.Sha256(msg), sig) } diff --git a/crypto/secp256k1/secp256k1_nocgo.go b/crypto/secp256k1/secp256k1_nocgo.go index 06f8db9e3..29e5d36b7 100644 --- a/crypto/secp256k1/secp256k1_nocgo.go +++ b/crypto/secp256k1/secp256k1_nocgo.go @@ -30,7 +30,7 @@ func (privKey PrivKey) Sign(msg []byte) ([]byte, error) { // VerifyBytes verifies a signature of the form R || S. // It rejects signatures which are not in lower-S form. -func (pubKey PubKey) VerifyBytes(msg []byte, sigStr []byte) bool { +func (pubKey PubKey) VerifySignature(msg []byte, sigStr []byte) bool { if len(sigStr) != 64 { return false } diff --git a/crypto/secp256k1/secp256k1_nocgo_test.go b/crypto/secp256k1/secp256k1_nocgo_test.go index 17cb75815..4c2c856e1 100644 --- a/crypto/secp256k1/secp256k1_nocgo_test.go +++ b/crypto/secp256k1/secp256k1_nocgo_test.go @@ -22,14 +22,14 @@ func TestSignatureVerificationAndRejectUpperS(t *testing.T) { require.False(t, sig.S.Cmp(secp256k1halfN) > 0) pub := priv.PubKey() - require.True(t, pub.VerifyBytes(msg, sigStr)) + require.True(t, pub.VerifySignature(msg, sigStr)) // malleate: sig.S.Sub(secp256k1.S256().CurveParams.N, sig.S) require.True(t, sig.S.Cmp(secp256k1halfN) > 0) malSigStr := serializeSig(sig) - require.False(t, pub.VerifyBytes(msg, malSigStr), + require.False(t, pub.VerifySignature(msg, malSigStr), "VerifyBytes incorrect with malleated & invalid S. sig=%v, key=%v", sig, priv, diff --git a/crypto/secp256k1/secp256k1_test.go b/crypto/secp256k1/secp256k1_test.go index c6316eb25..869773a19 100644 --- a/crypto/secp256k1/secp256k1_test.go +++ b/crypto/secp256k1/secp256k1_test.go @@ -55,12 +55,12 @@ func TestSignAndValidateSecp256k1(t *testing.T) { sig, err := privKey.Sign(msg) require.Nil(t, err) - assert.True(t, pubKey.VerifyBytes(msg, sig)) + assert.True(t, pubKey.VerifySignature(msg, sig)) // Mutate the signature, just one bit. sig[3] ^= byte(0x01) - assert.False(t, pubKey.VerifyBytes(msg, sig)) + assert.False(t, pubKey.VerifySignature(msg, sig)) } // This test is intended to justify the removal of calls to the underlying library diff --git a/crypto/sr25519/pubkey.go b/crypto/sr25519/pubkey.go index 89b9cdcc7..87805cacb 100644 --- a/crypto/sr25519/pubkey.go +++ b/crypto/sr25519/pubkey.go @@ -31,7 +31,7 @@ func (pubKey PubKey) Bytes() []byte { return []byte(pubKey) } -func (pubKey PubKey) VerifyBytes(msg []byte, sig []byte) bool { +func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool { // make sure we use the same algorithm to sign if len(sig) != SignatureSize { return false diff --git a/crypto/sr25519/sr25519_test.go b/crypto/sr25519/sr25519_test.go index 62cf564a9..1efe31cad 100644 --- a/crypto/sr25519/sr25519_test.go +++ b/crypto/sr25519/sr25519_test.go @@ -20,12 +20,12 @@ func TestSignAndValidateSr25519(t *testing.T) { require.Nil(t, err) // Test the signature - assert.True(t, pubKey.VerifyBytes(msg, sig)) - assert.True(t, pubKey.VerifyBytes(msg, sig)) + assert.True(t, pubKey.VerifySignature(msg, sig)) + assert.True(t, pubKey.VerifySignature(msg, sig)) // Mutate the signature, just one bit. // TODO: Replace this with a much better fuzzer, tendermint/ed25519/issues/10 sig[7] ^= byte(0x01) - assert.False(t, pubKey.VerifyBytes(msg, sig)) + assert.False(t, pubKey.VerifySignature(msg, sig)) } diff --git a/p2p/conn/secret_connection.go b/p2p/conn/secret_connection.go index d53cf0635..041224772 100644 --- a/p2p/conn/secret_connection.go +++ b/p2p/conn/secret_connection.go @@ -170,7 +170,7 @@ func MakeSecretConnection(conn io.ReadWriteCloser, locPrivKey crypto.PrivKey) (* if _, ok := remPubKey.(ed25519.PubKey); !ok { return nil, fmt.Errorf("expected ed25519 pubkey, got %T", remPubKey) } - if !remPubKey.VerifyBytes(challenge[:], remSignature) { + if !remPubKey.VerifySignature(challenge[:], remSignature) { return nil, errors.New("challenge verification failed") } diff --git a/rpc/client/evidence_test.go b/rpc/client/evidence_test.go index 9924fe5db..d2fe0b645 100644 --- a/rpc/client/evidence_test.go +++ b/rpc/client/evidence_test.go @@ -145,7 +145,7 @@ func TestBroadcastEvidence_DuplicateVoteEvidence(t *testing.T) { pk, err := cryptoenc.PubKeyFromProto(v.PubKey) require.NoError(t, err) - require.EqualValues(t, rawpub, pk.Bytes(), "Stored PubKey not equal with expected, value %v", string(qres.Value)) + require.EqualValues(t, rawpub, pk, "Stored PubKey not equal with expected, value %v", string(qres.Value)) require.Equal(t, int64(9), v.Power, "Stored Power not equal with expected, value %v", string(qres.Value)) for _, fake := range fakes { diff --git a/tools/tm-signer-harness/internal/test_harness.go b/tools/tm-signer-harness/internal/test_harness.go index ab8d197b1..54b04bdad 100644 --- a/tools/tm-signer-harness/internal/test_harness.go +++ b/tools/tm-signer-harness/internal/test_harness.go @@ -247,7 +247,7 @@ func (th *TestHarness) TestSignProposal() error { return err } // now validate the signature on the proposal - if sck.VerifyBytes(propBytes, prop.Signature) { + if sck.VerifySignature(propBytes, prop.Signature) { th.logger.Info("Successfully validated proposal signature") } else { th.logger.Error("FAILED: Proposal signature validation failed") @@ -298,7 +298,7 @@ func (th *TestHarness) TestSignVote() error { } // now validate the signature on the proposal - if sck.VerifyBytes(voteBytes, vote.Signature) { + if sck.VerifySignature(voteBytes, vote.Signature) { th.logger.Info("Successfully validated vote signature", "type", voteType) } else { th.logger.Error("FAILED: Vote signature validation failed", "type", voteType) diff --git a/types/evidence.go b/types/evidence.go index d54195daa..c250d4c3a 100644 --- a/types/evidence.go +++ b/types/evidence.go @@ -290,10 +290,10 @@ func (dve *DuplicateVoteEvidence) Verify(chainID string, pubKey crypto.PubKey) e va := dve.VoteA.ToProto() vb := dve.VoteB.ToProto() // Signatures must be valid - if !pubKey.VerifyBytes(VoteSignBytes(chainID, va), dve.VoteA.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, va), dve.VoteA.Signature) { return fmt.Errorf("verifying VoteA: %w", ErrVoteInvalidSignature) } - if !pubKey.VerifyBytes(VoteSignBytes(chainID, vb), dve.VoteB.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, vb), dve.VoteB.Signature) { return fmt.Errorf("verifying VoteB: %w", ErrVoteInvalidSignature) } @@ -724,7 +724,7 @@ func (e *LunaticValidatorEvidence) Verify(chainID string, pubKey crypto.PubKey) } v := e.Vote.ToProto() - if !pubKey.VerifyBytes(VoteSignBytes(chainID, v), e.Vote.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, v), e.Vote.Signature) { return errors.New("invalid signature") } @@ -948,10 +948,10 @@ func (e *PotentialAmnesiaEvidence) Verify(chainID string, pubKey crypto.PubKey) vb := e.VoteB.ToProto() // Signatures must be valid - if !pubKey.VerifyBytes(VoteSignBytes(chainID, va), e.VoteA.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, va), e.VoteA.Signature) { return fmt.Errorf("verifying VoteA: %w", ErrVoteInvalidSignature) } - if !pubKey.VerifyBytes(VoteSignBytes(chainID, vb), e.VoteB.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, vb), e.VoteB.Signature) { return fmt.Errorf("verifying VoteB: %w", ErrVoteInvalidSignature) } @@ -1145,7 +1145,7 @@ func (e *ProofOfLockChange) ValidateVotes(valSet *ValidatorSet, chainID string) if bytes.Equal(validator.Address, vote.ValidatorAddress) { exists = true v := vote.ToProto() - if !validator.PubKey.VerifyBytes(VoteSignBytes(chainID, v), vote.Signature) { + if !validator.PubKey.VerifySignature(VoteSignBytes(chainID, v), vote.Signature) { return fmt.Errorf("cannot verify vote (from validator: %d) against signature: %v", vote.ValidatorIndex, vote.Signature) } diff --git a/types/proposal_test.go b/types/proposal_test.go index 10b6bd192..71d4d62cc 100644 --- a/types/proposal_test.go +++ b/types/proposal_test.go @@ -71,7 +71,7 @@ func TestProposalVerifySignature(t *testing.T) { prop.Signature = p.Signature // verify the same proposal - valid := pubKey.VerifyBytes(signBytes, prop.Signature) + valid := pubKey.VerifySignature(signBytes, prop.Signature) require.True(t, valid) // serialize, deserialize and verify again.... @@ -90,7 +90,7 @@ func TestProposalVerifySignature(t *testing.T) { // verify the transmitted proposal newSignBytes := ProposalSignBytes("test_chain_id", pb) require.Equal(t, string(signBytes), string(newSignBytes)) - valid = pubKey.VerifyBytes(newSignBytes, np.Signature) + valid = pubKey.VerifySignature(newSignBytes, np.Signature) require.True(t, valid) } @@ -118,7 +118,7 @@ func BenchmarkProposalVerifySignature(b *testing.B) { require.NoError(b, err) for i := 0; i < b.N; i++ { - pubKey.VerifyBytes(ProposalSignBytes("test_chain_id", pbp), testProposal.Signature) + pubKey.VerifySignature(ProposalSignBytes("test_chain_id", pbp), testProposal.Signature) } } diff --git a/types/protobuf_test.go b/types/protobuf_test.go index f845e99b4..fa8889b89 100644 --- a/types/protobuf_test.go +++ b/types/protobuf_test.go @@ -84,12 +84,12 @@ func TestABCIEvidence(t *testing.T) { type pubKeyEddie struct{} -func (pubKeyEddie) Address() Address { return []byte{} } -func (pubKeyEddie) Bytes() []byte { return []byte{} } -func (pubKeyEddie) VerifyBytes(msg []byte, sig []byte) bool { return false } -func (pubKeyEddie) Equals(crypto.PubKey) bool { return false } -func (pubKeyEddie) String() string { return "" } -func (pubKeyEddie) Type() string { return "pubKeyEddie" } +func (pubKeyEddie) Address() Address { return []byte{} } +func (pubKeyEddie) Bytes() []byte { return []byte{} } +func (pubKeyEddie) VerifySignature(msg []byte, sig []byte) bool { return false } +func (pubKeyEddie) Equals(crypto.PubKey) bool { return false } +func (pubKeyEddie) String() string { return "" } +func (pubKeyEddie) Type() string { return "pubKeyEddie" } func TestABCIValidatorFromPubKeyAndPower(t *testing.T) { pubkey := ed25519.GenPrivKey().PubKey() diff --git a/types/validator_set.go b/types/validator_set.go index 1d8c0b756..533d0e1ed 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -688,7 +688,7 @@ func (vals *ValidatorSet) VerifyCommit(chainID string, blockID BlockID, // Validate signature. voteSignBytes := commit.VoteSignBytes(chainID, int32(idx)) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { + if !val.PubKey.VerifySignature(voteSignBytes, commitSig.Signature) { return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) } // Good! @@ -746,7 +746,7 @@ func (vals *ValidatorSet) VerifyCommitLight(chainID string, blockID BlockID, // Validate signature. voteSignBytes := commit.VoteSignBytes(chainID, int32(idx)) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { + if !val.PubKey.VerifySignature(voteSignBytes, commitSig.Signature) { return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) } @@ -807,7 +807,7 @@ func (vals *ValidatorSet) VerifyCommitLightTrusting(chainID string, commit *Comm // Validate signature. voteSignBytes := commit.VoteSignBytes(chainID, int32(idx)) - if !val.PubKey.VerifyBytes(voteSignBytes, commitSig.Signature) { + if !val.PubKey.VerifySignature(voteSignBytes, commitSig.Signature) { return fmt.Errorf("wrong signature (#%d): %X", idx, commitSig.Signature) } diff --git a/types/vote.go b/types/vote.go index 0f8ea9a18..aff0b1730 100644 --- a/types/vote.go +++ b/types/vote.go @@ -149,7 +149,7 @@ func (vote *Vote) Verify(chainID string, pubKey crypto.PubKey) error { return ErrVoteInvalidValidatorAddress } v := vote.ToProto() - if !pubKey.VerifyBytes(VoteSignBytes(chainID, v), vote.Signature) { + if !pubKey.VerifySignature(VoteSignBytes(chainID, v), vote.Signature) { return ErrVoteInvalidSignature } return nil diff --git a/types/vote_test.go b/types/vote_test.go index f0fdd2edd..64e6f20fa 100644 --- a/types/vote_test.go +++ b/types/vote_test.go @@ -161,7 +161,7 @@ func TestVoteVerifySignature(t *testing.T) { require.NoError(t, err) // verify the same vote - valid := pubkey.VerifyBytes(VoteSignBytes("test_chain_id", v), v.Signature) + valid := pubkey.VerifySignature(VoteSignBytes("test_chain_id", v), v.Signature) require.True(t, valid) // serialize, deserialize and verify again.... @@ -174,7 +174,7 @@ func TestVoteVerifySignature(t *testing.T) { // verify the transmitted vote newSignBytes := VoteSignBytes("test_chain_id", precommit) require.Equal(t, string(signBytes), string(newSignBytes)) - valid = pubkey.VerifyBytes(newSignBytes, precommit.Signature) + valid = pubkey.VerifySignature(newSignBytes, precommit.Signature) require.True(t, valid) }