-
Notifications
You must be signed in to change notification settings - Fork 44
/
verifier.go
73 lines (61 loc) · 2.7 KB
/
verifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package types
import (
"bytes"
"cosmossdk.io/errors"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
ethcrypto "github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/crypto/secp256k1"
"github.com/prysmaticlabs/prysm/crypto/bls"
gnfderrors "github.com/bnb-chain/greenfield/types/errors"
)
func VerifySignature(sigAccAddress sdk.AccAddress, sigHash []byte, sig []byte) error {
if len(sig) != ethcrypto.SignatureLength {
return errors.Wrapf(sdkerrors.ErrorInvalidSigner, "signature length (actual: %d) doesn't match typical [R||S||V] signature 65 bytes", len(sig))
}
if sig[ethcrypto.RecoveryIDOffset] == 27 || sig[ethcrypto.RecoveryIDOffset] == 28 {
sig[ethcrypto.RecoveryIDOffset] -= 27
}
pubKeyBytes, err := secp256k1.RecoverPubkey(sigHash, sig)
if err != nil {
return errors.Wrap(err, "failed to recover delegated fee payer from sig")
}
ecPubKey, err := ethcrypto.UnmarshalPubkey(pubKeyBytes)
if err != nil {
return errors.Wrap(err, "failed to unmarshal recovered fee payer pubkey")
}
pubKeyAddr := ethcrypto.PubkeyToAddress(*ecPubKey)
if !bytes.Equal(pubKeyAddr.Bytes(), sigAccAddress.Bytes()) {
return errors.Wrapf(sdkerrors.ErrInvalidPubKey, "pubkey %s is different from approval pubkey %s", pubKeyAddr, sigAccAddress)
}
recoveredSignerAcc := sdk.AccAddress(pubKeyAddr.Bytes())
if !recoveredSignerAcc.Equals(sigAccAddress) {
return errors.Wrapf(sdkerrors.ErrorInvalidSigner, "failed to verify delegated fee payer %s signature", recoveredSignerAcc)
}
// VerifySignature of ethsecp256k1 accepts 64 byte signature [R||S]
// WARNING! Under NO CIRCUMSTANCES try to use pubKey.VerifySignature there
if !secp256k1.VerifySignature(pubKeyBytes, sigHash, sig[:len(sig)-1]) {
return errors.Wrap(sdkerrors.ErrorInvalidSigner, "unable to verify signer signature of EIP712 typed data")
}
return nil
}
func VerifyBlsSignature(blsPubKey bls.PublicKey, sigHash [32]byte, blsSig []byte) error {
sig, err := bls.SignatureFromBytes(blsSig)
if err != nil {
return errors.Wrapf(gnfderrors.ErrInvalidBlsSignature, "BLS signature conversion failed: %v", err)
}
if !sig.Verify(blsPubKey, sigHash[:]) {
return errors.Wrapf(gnfderrors.ErrInvalidBlsSignature, "signature verification failed")
}
return nil
}
func VerifyBlsAggSignature(blsPubKeys []bls.PublicKey, sigHash [32]byte, blsAggSig []byte) error {
aggSig, err := bls.SignatureFromBytes(blsAggSig)
if err != nil {
return errors.Wrapf(gnfderrors.ErrInvalidBlsSignature, "BLS signature conversion failed: %v", err)
}
if !aggSig.FastAggregateVerify(blsPubKeys[:], sigHash) {
return errors.Wrapf(gnfderrors.ErrInvalidBlsSignature, "aggregated signature verification failed")
}
return nil
}