-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cluster: verify config signatures #1014
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1014 +/- ##
==========================================
- Coverage 54.16% 53.37% -0.80%
==========================================
Files 118 124 +6
Lines 13215 13836 +621
==========================================
+ Hits 7158 7385 +227
- Misses 5030 5404 +374
- Partials 1027 1047 +20
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
if err := lock.Verify(); err != nil && !conf.NoVerify { | ||
return errors.Wrap(err, "cluster lock signature verification failed. Run with --no-verify to bypass verification at own risk") | ||
} else if err != nil && conf.NoVerify { | ||
log.Warn(ctx, "Ignoring failed cluster lock signature verification due to --no-verify flag", err) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if err := lock.Verify(); err != nil && !conf.NoVerify { | |
return errors.Wrap(err, "cluster lock signature verification failed. Run with --no-verify to bypass verification at own risk") | |
} else if err != nil && conf.NoVerify { | |
log.Warn(ctx, "Ignoring failed cluster lock signature verification due to --no-verify flag", err) | |
} | |
err := lock.Verify(); err != nil { | |
if !conf.NoVerify { | |
return errors.Wrap(err, "cluster lock signature verification failed. Run with --no-verify to bypass verification at your own risk") | |
} | |
if conf.NoVerify { | |
log.Warn(ctx, "Ignoring failed cluster lock signature verification due to --no-verify flag", err) | |
} | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not of a fan of this verbose style
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how is this "more" verbose? is there a go guideline that i can read upon?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More lines and more if statements?
} else if !ok { | ||
return false, errors.Wrap(err, "config signature mismatch") | ||
return errors.New("invalid operator config signature", z.Str("operator_address", o.Address)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
return errors.New("invalid operator config signature", z.Str("operator_address", o.Address)) | |
return errors.New("invalid operator config signature", z.Str("operator_address", o.Address), z.Str("config_signature", string(digest[:]))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is the in the definition file, and humans cannot understand hex string in any case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
think about signal to noise, logging more is seldom better. Log only what is actually useful.
} else if !ok { | ||
return false, errors.Wrap(err, "enr signature mismatch") | ||
return errors.New("invalid operator enr signature", z.Str("operator_address", o.Address)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return errors.New("invalid operator enr signature", z.Str("operator_address", o.Address)) | |
return errors.New("invalid operator enr signature", z.Str("operator_address", o.Address), z.Str("enr_signature", string(digest[:]))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same
} else if !ok { | ||
return false, errors.Wrap(err, "config signature mismatch") | ||
return errors.New("invalid operator config signature", z.Str("operator_address", o.Address)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
discussion: should we also log the invalid and valid sigs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
signal to noise, this would be noise
Co-authored-by: Abhishek Kumar <43061995+xenowits@users.noreply.github.com>
cluster/helpers.go
Outdated
@@ -54,6 +58,69 @@ func verifySig(addr string, digest []byte, sig []byte) (bool, error) { | |||
return actual == expect, nil | |||
} | |||
|
|||
// signOperator return the operator with config hash and enr EIP712 signatures by the provided k1 private key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// signOperator return the operator with config hash and enr EIP712 signatures by the provided k1 private key. | |
// signOperator returns the operator with signed config hash and EIP712 signed ENR using the provided k1 private key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did something else
cluster/helpers.go
Outdated
return b, nil | ||
} | ||
|
||
// signEIP712 signs the config hash digest and returns the signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// signEIP712 signs the config hash digest and returns the signature. | |
// signEIP712 signs the message and returns the signature. |
func signEIP712(secret *ecdsa.PrivateKey, address string, message []byte) ([]byte, error) { | ||
const nonce = 0 | ||
|
||
digest, err := digestEIP712(address, message, nonce) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
discussion: is nonce
a required field?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
at the moment yes
if err != nil { | ||
return errors.Wrap(err, "verify lock signature aggregate") | ||
} else if !ok { | ||
return errors.New("invalid lock signature aggregate") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit
if err != nil { | |
return errors.Wrap(err, "verify lock signature aggregate") | |
} else if !ok { | |
return errors.New("invalid lock signature aggregate") | |
} | |
if err != nil { | |
return errors.Wrap(err, "verify lock signature aggregate") | |
} | |
if !ok { | |
return errors.New("invalid lock signature aggregate") | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see it as the same check block, so prefer else to indicate that
tbls/tblsconv/tblsconv.go
Outdated
@@ -86,6 +86,16 @@ func KeyToCore(key *bls_sig.PublicKey) (core.PubKey, error) { | |||
return core.PubKeyFromBytes(b) | |||
} | |||
|
|||
// SigFromBytes converts a bytes into a kryptology bls signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// SigFromBytes converts a bytes into a kryptology bls signature. | |
// SigFromBytes converts secret bytes into a kryptology bls signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did something else
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Adds
--no-verify
flags tocharon run
andcharon dkg
. Verify config otherwise.Note that
charon create cluster
requires--no-verify
since it doesn't sign the generated lock file.category: feature
ticket: #589