Fix signature verification in mempool #727
Conversation
austinabell
requested review from
ansermino,
dutterbutter and
ec2
as code owners
austinabell
requested review from
RajarupanSampanthan,
StaticallyTypedAnxiety and
timvermeulen
| msg.signature() | ||
| .verify(umsg.as_slice(), msg.from()) | ||
| .map_err(Error::Other)?; | ||
| msg.verify().map_err(Error::Other)?; |
There was a problem hiding this comment.
Should this error type be InvalidFromAddr rather than Other? It seems the verify fn would fail if the from address is not the correct address which seems more of an InvalidFromAddr error type.
There was a problem hiding this comment.
That's not the only error that can happen with signature validation. You also lose the error message for no benefit.
Side note, I don't like the error type in this crate, would be nice to improve later.
|
I don't get why you moved |
The reason is because filecoin proofs is brought into the dependency tree of messages and it makes it unusable by others using published crate for no benefit to us (because proofs dependency only works on certain targets). Idea is just to keep the message crate lean, and separating proofs logic by a feature was not something I was eager to do now, since there was no need. |
Summary of changes
Changes introduced in this pull request:
new_from_partsnew_from_partsfunction to not verify, because it's a good sanity check for a bit, but it probably should be removed later as there is no need for it to verify.The issue was that message Cbor was being signed, not the message cid bytes. The only borked usage was in the mempool, which is why we didn't run into this yet. I could have sworn I commented to change this, but I guess I didn't follow up.
These interfaces can definitely be cleaned up (especially in the mempool), but I'm just going to keep scope small for this PR
Reference issue to close (if applicable)
Closes #725
Other information and links