Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: verify particle signatures [NET-539] #1811

Merged
merged 12 commits into from
Oct 11, 2023
Merged

feat: verify particle signatures [NET-539] #1811

merged 12 commits into from
Oct 11, 2023

Conversation

justprosh
Copy link
Member

Description

Verify particle signatures and drop incorrectly signed ones.

Motivation

Particle signatures are crucial for security and authentication.

Proposed Changes

  • drop incorrectly signed particles
  • particle signature is a concatenation of:
    • id as bytes
    • timestamp u64 as little-endian bytes
    • ttl u32 as little-endian bytes
    • script as bytes

Checklist

  • The code follows the project's coding conventions and style guidelines.
  • All tests related to the changes have passed successfully.
  • Documentation has been updated to reflect the changes (if applicable).
  • All new and existing unit tests have passed.
  • I have self-reviewed my code and ensured its quality.
  • I have added/updated necessary comments to aid understanding.

Reviewer Checklist

  • Code has been reviewed for quality and adherence to guidelines.
  • Tests have been reviewed and are sufficient to validate the changes.
  • Documentation has been reviewed and is up to date.
  • Any questions or concerns have been addressed.

@linear
Copy link

linear bot commented Sep 25, 2023

NET-539 Drop particles with incorrect signatures

kmd-fl
kmd-fl approved these changes Sep 26, 2023
View reviewed changes
aquamarine/src/error.rs Show resolved Hide resolved
@justprosh justprosh added the e2e Run e2e workflow label Sep 26, 2023
@folex
Copy link
Member

folex commented Sep 27, 2023

Can you check on the ed25519 exploit, please? https://github.com/MystenLabs/ed25519-unsafe-libs/tree/main/ed25519-chalkias-exploit

Check if it applies to us on current setup, and follow their recommendation regarding using verify_strict. https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#method.verify_strict

@folex folex self-requested a review September 27, 2023 00:35
@justprosh justprosh mentioned this pull request Sep 28, 2023
Merged
@justprosh justprosh enabled auto-merge (squash) October 2, 2023 20:07
folex
folex reviewed Oct 4, 2023
View reviewed changes
aquamarine/src/error.rs Outdated Show resolved Hide resolved
folex
folex reviewed Oct 4, 2023
View reviewed changes
script-storage/Cargo.toml Outdated Show resolved Hide resolved
@CLAassistant
Copy link

CLAassistant commented Oct 11, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@justprosh justprosh merged commit 188d833 into master Oct 11, 2023
14 checks passed
@justprosh justprosh deleted the particle-signature-verification branch October 11, 2023 15:36
@fluencebot fluencebot mentioned this pull request Oct 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@folex folex folex approved these changes

@github-actions github-actions[bot] github-actions left review comments

@gurinderu gurinderu gurinderu approved these changes

@kmd-fl kmd-fl kmd-fl approved these changes

@mikevoronov mikevoronov Awaiting requested review from mikevoronov

Assignees
No one assigned
Labels
e2e Run e2e workflow
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@justprosh @folex @CLAassistant @gurinderu @kmd-fl @akim-bow