Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core/consensus: add message signing #517

Merged
merged 2 commits into from
May 11, 2022
Merged

core/consensus: add message signing #517

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5ce4025
core/consensus: add message signing
corverroos May 11, 2022
edfc608
cleanup
corverroos May 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions core/consensus/msg.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
package consensus

import (
"crypto/ecdsa"

"github.com/ethereum/go-ethereum/crypto"
ssz "github.com/ferranbt/fastssz"
"google.golang.org/protobuf/proto"

Expand Down Expand Up @@ -131,4 +134,41 @@ func hashProto(msg proto.Message) ([32]byte, error) {
return hash, nil
}

// verifyMsgSig returns true if the message with signed by the pubkey.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// verifyMsgSig returns true if the message with signed by the pubkey.
// verifyMsgSig returns true if the message was signed by the same priv key.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

func verifyMsgSig(msg *pbv1.QBFTMsg, pubkey *ecdsa.PublicKey) (bool, error) {
clone := proto.Clone(msg).(*pbv1.QBFTMsg)
clone.Signature = nil

hash, err := hashProto(clone)
if err != nil {
return false, err
}

actual, err := crypto.SigToPub(hash[:], msg.Signature)
if err != nil {
return false, errors.Wrap(err, "sig to pub")
}

return pubkey.Equal(actual), nil
}

// signMsg signs the proto message with the private key.
func signMsg(msg *pbv1.QBFTMsg, privkey *ecdsa.PrivateKey) (*pbv1.QBFTMsg, error) {
msg.Signature = nil

hash, err := hashProto(msg)
if err != nil {
return nil, err
}

sig, err := crypto.Sign(hash[:], privkey)
if err != nil {
return nil, errors.Wrap(err, "sign")
}

msg.Signature = sig

return msg, nil
}

var _ qbft.Msg[core.Duty, [32]byte] = msg{} // Interface assertion
45 changes: 32 additions & 13 deletions core/consensus/msg_internal_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,29 +20,19 @@ import (
"math/rand"
"testing"

"github.com/ethereum/go-ethereum/crypto"
"github.com/stretchr/testify/require"

"github.com/obolnetwork/charon/core"
pbv1 "github.com/obolnetwork/charon/core/corepb/v1"
"github.com/obolnetwork/charon/testutil"
)

//go:generate go test . -update -clean

func TestHashProto(t *testing.T) {
rand.Seed(0)

duty := testutil.RandomAttestationDuty(t)
data := testutil.RandomAttestationData()
unsigned, err := core.EncodeAttesterUnsignedData(&core.AttestationData{
Data: *data,
Duty: *duty,
})
require.NoError(t, err)

set := core.UnsignedDataSet{
testutil.RandomCorePubKey(t): unsigned,
}

set := testutil.RandomUnsignedDataSet(t)
testutil.RequireGoldenJSON(t, set)

setPB := core.UnsignedDataSetToProto(set)
Expand All @@ -54,3 +44,32 @@ func TestHashProto(t *testing.T) {
hex.EncodeToString(hash[:]),
)
}

func TestSigning(t *testing.T) {
privkey, err := crypto.GenerateKey()
require.NoError(t, err)

msg := &pbv1.QBFTMsg{
Type: rand.Int63(),
Duty: core.DutyToProto(core.Duty{Type: core.DutyType(rand.Int()), Slot: rand.Int63()}),
PeerIdx: rand.Int63(),
Round: rand.Int63(),
Value: core.UnsignedDataSetToProto(testutil.RandomUnsignedDataSet(t)),
PreparedRound: rand.Int63(),
PreparedValue: core.UnsignedDataSetToProto(testutil.RandomUnsignedDataSet(t)),
Signature: nil,
}

signed, err := signMsg(msg, privkey)
require.NoError(t, err)

ok, err := verifyMsgSig(signed, &privkey.PublicKey)
require.NoError(t, err)
require.True(t, ok)

privkey2, err := crypto.GenerateKey()
require.NoError(t, err)
ok, err = verifyMsgSig(signed, &privkey2.PublicKey)
require.NoError(t, err)
require.False(t, ok)
}
36 changes: 23 additions & 13 deletions core/corepb/v1/consensus.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions core/corepb/v1/consensus.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ message QBFTMsg {
core.corepb.v1.UnsignedDataSet value = 5;
int64 prepared_round = 6;
core.corepb.v1.UnsignedDataSet prepared_value = 7;
bytes signature = 8;
}

message ConsensusMsg {
Expand Down
16 changes: 16 additions & 0 deletions testutil/random.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,3 +360,19 @@ func RandomENR(t *testing.T, random io.Reader) (*ecdsa.PrivateKey, enr.Record) {

return p2pKey, r
}

func RandomUnsignedDataSet(t *testing.T) core.UnsignedDataSet {
t.Helper()

duty := RandomAttestationDuty(t)
data := RandomAttestationData()
unsigned, err := core.EncodeAttesterUnsignedData(&core.AttestationData{
Data: *data,
Duty: *duty,
})
require.NoError(t, err)

return core.UnsignedDataSet{
RandomCorePubKey(t): unsigned,
}
}